summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
committercvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
commit86c49b31af735796dfde37aa29473a30d36367db (patch)
treee9a354a92a348338fe2b361e2eda703cae23cfab /src/lib/libssl
parent19d5fe348e8926bac4521c5807aa64c45b8f7a41 (diff)
downloadopenbsd-OPENBSD_6_0_BASE.tar.gz
openbsd-OPENBSD_6_0_BASE.tar.bz2
openbsd-OPENBSD_6_0_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_6_0_BASE'.OPENBSD_6_0_BASE
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/LICENSE133
-rw-r--r--src/lib/libssl/bio_ssl.c581
-rw-r--r--src/lib/libssl/bs_ber.c268
-rw-r--r--src/lib/libssl/bs_cbb.c442
-rw-r--r--src/lib/libssl/bs_cbs.c511
-rw-r--r--src/lib/libssl/bytestring.h511
-rw-r--r--src/lib/libssl/d1_both.c1374
-rw-r--r--src/lib/libssl/d1_clnt.c724
-rw-r--r--src/lib/libssl/d1_enc.c212
-rw-r--r--src/lib/libssl/d1_lib.c468
-rw-r--r--src/lib/libssl/d1_meth.c112
-rw-r--r--src/lib/libssl/d1_pkt.c1477
-rw-r--r--src/lib/libssl/d1_srtp.c473
-rw-r--r--src/lib/libssl/d1_srvr.c751
-rw-r--r--src/lib/libssl/doc/BIO_f_ssl.3479
-rw-r--r--src/lib/libssl/doc/SSL_CIPHER_get_name.3196
-rw-r--r--src/lib/libssl/doc/SSL_COMP_add_compression_method.368
-rw-r--r--src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.345
-rw-r--r--src/lib/libssl/doc/SSL_CTX_add_session.390
-rw-r--r--src/lib/libssl/doc/SSL_CTX_ctrl.349
-rw-r--r--src/lib/libssl/doc/SSL_CTX_flush_sessions.357
-rw-r--r--src/lib/libssl/doc/SSL_CTX_free.353
-rw-r--r--src/lib/libssl/doc/SSL_CTX_get_ex_new_index.370
-rw-r--r--src/lib/libssl/doc/SSL_CTX_get_verify_mode.373
-rw-r--r--src/lib/libssl/doc/SSL_CTX_load_verify_locations.3161
-rw-r--r--src/lib/libssl/doc/SSL_CTX_new.3111
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sess_number.3104
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.355
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3159
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sessions.335
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_cert_store.380
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3112
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_cipher_list.382
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3132
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3143
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.395
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3196
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_info_callback.3167
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3105
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_mode.3126
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_msg_callback.3135
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_options.3395
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.368
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3115
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3143
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_session_id_context.3105
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_ssl_version.381
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_timeout.365
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3235
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3231
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_verify.3415
-rw-r--r--src/lib/libssl/doc/SSL_CTX_use_certificate.3336
-rw-r--r--src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3110
-rw-r--r--src/lib/libssl/doc/SSL_SESSION_free.384
-rw-r--r--src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.380
-rw-r--r--src/lib/libssl/doc/SSL_SESSION_get_time.398
-rw-r--r--src/lib/libssl/doc/SSL_accept.3103
-rw-r--r--src/lib/libssl/doc/SSL_alert_type_string.3193
-rw-r--r--src/lib/libssl/doc/SSL_clear.392
-rw-r--r--src/lib/libssl/doc/SSL_connect.3102
-rw-r--r--src/lib/libssl/doc/SSL_do_handshake.3101
-rw-r--r--src/lib/libssl/doc/SSL_free.367
-rw-r--r--src/lib/libssl/doc/SSL_get_SSL_CTX.328
-rw-r--r--src/lib/libssl/doc/SSL_get_ciphers.368
-rw-r--r--src/lib/libssl/doc/SSL_get_client_CA_list.361
-rw-r--r--src/lib/libssl/doc/SSL_get_current_cipher.352
-rw-r--r--src/lib/libssl/doc/SSL_get_default_timeout.336
-rw-r--r--src/lib/libssl/doc/SSL_get_error.3169
-rw-r--r--src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.365
-rw-r--r--src/lib/libssl/doc/SSL_get_ex_new_index.376
-rw-r--r--src/lib/libssl/doc/SSL_get_fd.346
-rw-r--r--src/lib/libssl/doc/SSL_get_peer_cert_chain.347
-rw-r--r--src/lib/libssl/doc/SSL_get_peer_certificate.353
-rw-r--r--src/lib/libssl/doc/SSL_get_psk_identity.344
-rw-r--r--src/lib/libssl/doc/SSL_get_rbio.345
-rw-r--r--src/lib/libssl/doc/SSL_get_session.397
-rw-r--r--src/lib/libssl/doc/SSL_get_verify_result.349
-rw-r--r--src/lib/libssl/doc/SSL_get_version.335
-rw-r--r--src/lib/libssl/doc/SSL_library_init.354
-rw-r--r--src/lib/libssl/doc/SSL_load_client_CA_file.353
-rw-r--r--src/lib/libssl/doc/SSL_new.341
-rw-r--r--src/lib/libssl/doc/SSL_pending.344
-rw-r--r--src/lib/libssl/doc/SSL_read.3193
-rw-r--r--src/lib/libssl/doc/SSL_rstate_string.355
-rw-r--r--src/lib/libssl/doc/SSL_session_reused.332
-rw-r--r--src/lib/libssl/doc/SSL_set_bio.351
-rw-r--r--src/lib/libssl/doc/SSL_set_connect_state.371
-rw-r--r--src/lib/libssl/doc/SSL_set_fd.373
-rw-r--r--src/lib/libssl/doc/SSL_set_session.368
-rw-r--r--src/lib/libssl/doc/SSL_set_shutdown.388
-rw-r--r--src/lib/libssl/doc/SSL_set_verify_result.342
-rw-r--r--src/lib/libssl/doc/SSL_shutdown.3204
-rw-r--r--src/lib/libssl/doc/SSL_state_string.357
-rw-r--r--src/lib/libssl/doc/SSL_want.3103
-rw-r--r--src/lib/libssl/doc/SSL_write.3175
-rw-r--r--src/lib/libssl/doc/d2i_SSL_SESSION.3129
-rw-r--r--src/lib/libssl/doc/openssl.cnf348
-rw-r--r--src/lib/libssl/doc/openssl.txt1254
-rw-r--r--src/lib/libssl/doc/ssl.31319
-rw-r--r--src/lib/libssl/doc/standards.txt285
-rw-r--r--src/lib/libssl/dtls1.h245
-rw-r--r--src/lib/libssl/pqueue.c201
-rw-r--r--src/lib/libssl/pqueue.h89
-rw-r--r--src/lib/libssl/s23_clnt.c480
-rw-r--r--src/lib/libssl/s23_lib.c132
-rw-r--r--src/lib/libssl/s23_pkt.c116
-rw-r--r--src/lib/libssl/s23_srvr.c514
-rw-r--r--src/lib/libssl/s3_both.c743
-rw-r--r--src/lib/libssl/s3_cbc.c656
-rw-r--r--src/lib/libssl/s3_clnt.c2635
-rw-r--r--src/lib/libssl/s3_lib.c2859
-rw-r--r--src/lib/libssl/s3_pkt.c1391
-rw-r--r--src/lib/libssl/s3_srvr.c2692
-rw-r--r--src/lib/libssl/shlib_version3
-rw-r--r--src/lib/libssl/srtp.h142
-rw-r--r--src/lib/libssl/ssl.h2382
-rw-r--r--src/lib/libssl/ssl2.h153
-rw-r--r--src/lib/libssl/ssl23.h82
-rw-r--r--src/lib/libssl/ssl3.h617
-rw-r--r--src/lib/libssl/ssl_algs.c131
-rw-r--r--src/lib/libssl/ssl_asn1.c691
-rw-r--r--src/lib/libssl/ssl_cert.c722
-rw-r--r--src/lib/libssl/ssl_ciph.c1798
-rw-r--r--src/lib/libssl/ssl_err.c615
-rw-r--r--src/lib/libssl/ssl_err2.c72
-rw-r--r--src/lib/libssl/ssl_lib.c3062
-rw-r--r--src/lib/libssl/ssl_locl.h847
-rw-r--r--src/lib/libssl/ssl_rsa.c751
-rw-r--r--src/lib/libssl/ssl_sess.c1099
-rw-r--r--src/lib/libssl/ssl_stat.c801
-rw-r--r--src/lib/libssl/ssl_txt.c187
-rw-r--r--src/lib/libssl/t1_clnt.c237
-rw-r--r--src/lib/libssl/t1_enc.c1419
-rw-r--r--src/lib/libssl/t1_lib.c2404
-rw-r--r--src/lib/libssl/t1_meth.c235
-rw-r--r--src/lib/libssl/t1_reneg.c286
-rw-r--r--src/lib/libssl/t1_srvr.c238
-rw-r--r--src/lib/libssl/test/CAss.cnf76
-rw-r--r--src/lib/libssl/test/CAssdh.cnf24
-rw-r--r--src/lib/libssl/test/CAssdsa.cnf23
-rw-r--r--src/lib/libssl/test/CAssrsa.cnf24
-rw-r--r--src/lib/libssl/test/CAtsa.cnf163
-rw-r--r--src/lib/libssl/test/P1ss.cnf37
-rw-r--r--src/lib/libssl/test/P2ss.cnf45
-rw-r--r--src/lib/libssl/test/Sssdsa.cnf27
-rw-r--r--src/lib/libssl/test/Sssrsa.cnf26
-rw-r--r--src/lib/libssl/test/Uss.cnf36
-rw-r--r--src/lib/libssl/test/VMSca-response.11
-rw-r--r--src/lib/libssl/test/VMSca-response.22
-rwxr-xr-xsrc/lib/libssl/test/asn1test.c23
-rw-r--r--src/lib/libssl/test/bctest111
-rw-r--r--src/lib/libssl/test/cms-examples.pl409
-rw-r--r--src/lib/libssl/test/cms-test.pl459
-rw-r--r--src/lib/libssl/test/methtest.c105
-rw-r--r--src/lib/libssl/test/pkcs7-1.pem15
-rw-r--r--src/lib/libssl/test/pkcs7.pem54
-rw-r--r--src/lib/libssl/test/pkits-test.pl949
-rw-r--r--src/lib/libssl/test/r160test.c57
-rw-r--r--src/lib/libssl/test/smcont.txt1
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa1.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa2.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa3.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsap.pem9
-rw-r--r--src/lib/libssl/test/smime-certs/smroot.pem30
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa1.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa2.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa3.pem31
-rw-r--r--src/lib/libssl/test/tcrl78
-rw-r--r--src/lib/libssl/test/test.cnf88
-rw-r--r--src/lib/libssl/test/test_aesni69
-rwxr-xr-xsrc/lib/libssl/test/test_padlock64
-rw-r--r--src/lib/libssl/test/testca51
-rw-r--r--src/lib/libssl/test/testcrl.pem16
-rw-r--r--src/lib/libssl/test/testenc54
-rw-r--r--src/lib/libssl/test/testgen44
-rw-r--r--src/lib/libssl/test/testp7.pem46
-rw-r--r--src/lib/libssl/test/testreq2.pem7
-rw-r--r--src/lib/libssl/test/testrsa.pem9
-rw-r--r--src/lib/libssl/test/testsid.pem12
-rw-r--r--src/lib/libssl/test/testss163
-rw-r--r--src/lib/libssl/test/testssl178
-rw-r--r--src/lib/libssl/test/testsslproxy10
-rw-r--r--src/lib/libssl/test/testtsa238
-rw-r--r--src/lib/libssl/test/testx509.pem10
-rw-r--r--src/lib/libssl/test/times113
-rw-r--r--src/lib/libssl/test/tpkcs748
-rw-r--r--src/lib/libssl/test/tpkcs7d41
-rw-r--r--src/lib/libssl/test/treq83
-rw-r--r--src/lib/libssl/test/trsa83
-rw-r--r--src/lib/libssl/test/tsid78
-rw-r--r--src/lib/libssl/test/tx50978
-rw-r--r--src/lib/libssl/test/v3-cert1.pem16
-rw-r--r--src/lib/libssl/test/v3-cert2.pem16
-rw-r--r--src/lib/libssl/tls1.h758
194 files changed, 0 insertions, 57223 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index 892e14a450..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,133 +0,0 @@
1
2 LibReSSL files are retained under the copyright of the authors. New
3 additions are ISC licensed as per OpenBSD's normal licensing policy,
4 or are placed in the public domain.
5
6 The OpenSSL code is distributed under the terms of the original OpenSSL
7 licenses which follow:
8
9 LICENSE ISSUES
10 ==============
11
12 The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
13 the OpenSSL License and the original SSLeay license apply to the toolkit.
14 See below for the actual license texts. In case of any license issues
15 related to OpenSSL please contact openssl-core@openssl.org.
16
17 OpenSSL License
18 ---------------
19
20/* ====================================================================
21 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 *
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the following disclaimer.
29 *
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in
32 * the documentation and/or other materials provided with the
33 * distribution.
34 *
35 * 3. All advertising materials mentioning features or use of this
36 * software must display the following acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
39 *
40 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
41 * endorse or promote products derived from this software without
42 * prior written permission. For written permission, please contact
43 * openssl-core@openssl.org.
44 *
45 * 5. Products derived from this software may not be called "OpenSSL"
46 * nor may "OpenSSL" appear in their names without prior written
47 * permission of the OpenSSL Project.
48 *
49 * 6. Redistributions of any form whatsoever must retain the following
50 * acknowledgment:
51 * "This product includes software developed by the OpenSSL Project
52 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
55 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
57 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
58 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
59 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
60 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
61 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
63 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
64 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
65 * OF THE POSSIBILITY OF SUCH DAMAGE.
66 * ====================================================================
67 *
68 * This product includes cryptographic software written by Eric Young
69 * (eay@cryptsoft.com). This product includes software written by Tim
70 * Hudson (tjh@cryptsoft.com).
71 *
72 */
73
74 Original SSLeay License
75 -----------------------
76
77/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
78 * All rights reserved.
79 *
80 * This package is an SSL implementation written
81 * by Eric Young (eay@cryptsoft.com).
82 * The implementation was written so as to conform with Netscapes SSL.
83 *
84 * This library is free for commercial and non-commercial use as long as
85 * the following conditions are aheared to. The following conditions
86 * apply to all code found in this distribution, be it the RC4, RSA,
87 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
88 * included with this distribution is covered by the same copyright terms
89 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
90 *
91 * Copyright remains Eric Young's, and as such any Copyright notices in
92 * the code are not to be removed.
93 * If this package is used in a product, Eric Young should be given attribution
94 * as the author of the parts of the library used.
95 * This can be in the form of a textual message at program startup or
96 * in documentation (online or textual) provided with the package.
97 *
98 * Redistribution and use in source and binary forms, with or without
99 * modification, are permitted provided that the following conditions
100 * are met:
101 * 1. Redistributions of source code must retain the copyright
102 * notice, this list of conditions and the following disclaimer.
103 * 2. Redistributions in binary form must reproduce the above copyright
104 * notice, this list of conditions and the following disclaimer in the
105 * documentation and/or other materials provided with the distribution.
106 * 3. All advertising materials mentioning features or use of this software
107 * must display the following acknowledgement:
108 * "This product includes cryptographic software written by
109 * Eric Young (eay@cryptsoft.com)"
110 * The word 'cryptographic' can be left out if the rouines from the library
111 * being used are not cryptographic related :-).
112 * 4. If you include any Windows specific code (or a derivative thereof) from
113 * the apps directory (application code) you must include an acknowledgement:
114 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
115 *
116 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
117 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
118 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
119 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
120 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
121 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
122 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
123 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
124 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
125 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
126 * SUCH DAMAGE.
127 *
128 * The licence and distribution terms for any publically available version or
129 * derivative of this code cannot be changed. i.e. this code cannot simply be
130 * copied and put under another distribution licence
131 * [including the GNU Public Licence.]
132 */
133
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index 6ddbb008e6..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,581 +0,0 @@
1/* $OpenBSD: bio_ssl.c,v 1.22 2015/09/29 18:08:57 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <errno.h>
60#include <stdio.h>
61#include <stdlib.h>
62#include <string.h>
63
64#include <openssl/bio.h>
65#include <openssl/crypto.h>
66#include <openssl/err.h>
67#include <openssl/ssl.h>
68
69static int ssl_write(BIO *h, const char *buf, int num);
70static int ssl_read(BIO *h, char *buf, int size);
71static int ssl_puts(BIO *h, const char *str);
72static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
73static int ssl_new(BIO *h);
74static int ssl_free(BIO *data);
75static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
76typedef struct bio_ssl_st {
77 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates;
80 unsigned long renegotiate_count;
81 unsigned long byte_count;
82 unsigned long renegotiate_timeout;
83 time_t last_time;
84} BIO_SSL;
85
86static BIO_METHOD methods_sslp = {
87 .type = BIO_TYPE_SSL,
88 .name = "ssl",
89 .bwrite = ssl_write,
90 .bread = ssl_read,
91 .bputs = ssl_puts,
92 .ctrl = ssl_ctrl,
93 .create = ssl_new,
94 .destroy = ssl_free,
95 .callback_ctrl = ssl_callback_ctrl,
96};
97
98BIO_METHOD *
99BIO_f_ssl(void)
100{
101 return (&methods_sslp);
102}
103
104static int
105ssl_new(BIO *bi)
106{
107 BIO_SSL *bs;
108
109 bs = calloc(1, sizeof(BIO_SSL));
110 if (bs == NULL) {
111 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
112 return (0);
113 }
114 bi->init = 0;
115 bi->ptr = (char *)bs;
116 bi->flags = 0;
117 return (1);
118}
119
120static int
121ssl_free(BIO *a)
122{
123 BIO_SSL *bs;
124
125 if (a == NULL)
126 return (0);
127 bs = (BIO_SSL *)a->ptr;
128 if (bs->ssl != NULL)
129 SSL_shutdown(bs->ssl);
130 if (a->shutdown) {
131 if (a->init && (bs->ssl != NULL))
132 SSL_free(bs->ssl);
133 a->init = 0;
134 a->flags = 0;
135 }
136 free(a->ptr);
137 return (1);
138}
139
140static int
141ssl_read(BIO *b, char *out, int outl)
142{
143 int ret = 1;
144 BIO_SSL *sb;
145 SSL *ssl;
146 int retry_reason = 0;
147 int r = 0;
148
149 if (out == NULL)
150 return (0);
151 sb = (BIO_SSL *)b->ptr;
152 ssl = sb->ssl;
153
154 BIO_clear_retry_flags(b);
155
156 ret = SSL_read(ssl, out, outl);
157
158 switch (SSL_get_error(ssl, ret)) {
159 case SSL_ERROR_NONE:
160 if (ret <= 0)
161 break;
162 if (sb->renegotiate_count > 0) {
163 sb->byte_count += ret;
164 if (sb->byte_count > sb->renegotiate_count) {
165 sb->byte_count = 0;
166 sb->num_renegotiates++;
167 SSL_renegotiate(ssl);
168 r = 1;
169 }
170 }
171 if ((sb->renegotiate_timeout > 0) && (!r)) {
172 time_t tm;
173
174 tm = time(NULL);
175 if (tm > sb->last_time + sb->renegotiate_timeout) {
176 sb->last_time = tm;
177 sb->num_renegotiates++;
178 SSL_renegotiate(ssl);
179 }
180 }
181
182 break;
183 case SSL_ERROR_WANT_READ:
184 BIO_set_retry_read(b);
185 break;
186 case SSL_ERROR_WANT_WRITE:
187 BIO_set_retry_write(b);
188 break;
189 case SSL_ERROR_WANT_X509_LOOKUP:
190 BIO_set_retry_special(b);
191 retry_reason = BIO_RR_SSL_X509_LOOKUP;
192 break;
193 case SSL_ERROR_WANT_ACCEPT:
194 BIO_set_retry_special(b);
195 retry_reason = BIO_RR_ACCEPT;
196 break;
197 case SSL_ERROR_WANT_CONNECT:
198 BIO_set_retry_special(b);
199 retry_reason = BIO_RR_CONNECT;
200 break;
201 case SSL_ERROR_SYSCALL:
202 case SSL_ERROR_SSL:
203 case SSL_ERROR_ZERO_RETURN:
204 default:
205 break;
206 }
207
208 b->retry_reason = retry_reason;
209 return (ret);
210}
211
212static int
213ssl_write(BIO *b, const char *out, int outl)
214{
215 int ret, r = 0;
216 int retry_reason = 0;
217 SSL *ssl;
218 BIO_SSL *bs;
219
220 if (out == NULL)
221 return (0);
222 bs = (BIO_SSL *)b->ptr;
223 ssl = bs->ssl;
224
225 BIO_clear_retry_flags(b);
226
227/* ret=SSL_do_handshake(ssl);
228 if (ret > 0) */
229 ret = SSL_write(ssl, out, outl);
230
231 switch (SSL_get_error(ssl, ret)) {
232 case SSL_ERROR_NONE:
233 if (ret <= 0)
234 break;
235 if (bs->renegotiate_count > 0) {
236 bs->byte_count += ret;
237 if (bs->byte_count > bs->renegotiate_count) {
238 bs->byte_count = 0;
239 bs->num_renegotiates++;
240 SSL_renegotiate(ssl);
241 r = 1;
242 }
243 }
244 if ((bs->renegotiate_timeout > 0) && (!r)) {
245 time_t tm;
246
247 tm = time(NULL);
248 if (tm > bs->last_time + bs->renegotiate_timeout) {
249 bs->last_time = tm;
250 bs->num_renegotiates++;
251 SSL_renegotiate(ssl);
252 }
253 }
254 break;
255 case SSL_ERROR_WANT_WRITE:
256 BIO_set_retry_write(b);
257 break;
258 case SSL_ERROR_WANT_READ:
259 BIO_set_retry_read(b);
260 break;
261 case SSL_ERROR_WANT_X509_LOOKUP:
262 BIO_set_retry_special(b);
263 retry_reason = BIO_RR_SSL_X509_LOOKUP;
264 break;
265 case SSL_ERROR_WANT_CONNECT:
266 BIO_set_retry_special(b);
267 retry_reason = BIO_RR_CONNECT;
268 case SSL_ERROR_SYSCALL:
269 case SSL_ERROR_SSL:
270 default:
271 break;
272 }
273
274 b->retry_reason = retry_reason;
275 return (ret);
276}
277
278static long
279ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
280{
281 SSL **sslp, *ssl;
282 BIO_SSL *bs;
283 BIO *dbio, *bio;
284 long ret = 1;
285
286 bs = (BIO_SSL *)b->ptr;
287 ssl = bs->ssl;
288 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
289 return (0);
290 switch (cmd) {
291 case BIO_CTRL_RESET:
292 SSL_shutdown(ssl);
293
294 if (ssl->handshake_func == ssl->method->ssl_connect)
295 SSL_set_connect_state(ssl);
296 else if (ssl->handshake_func == ssl->method->ssl_accept)
297 SSL_set_accept_state(ssl);
298
299 SSL_clear(ssl);
300
301 if (b->next_bio != NULL)
302 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
303 else if (ssl->rbio != NULL)
304 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
305 else
306 ret = 1;
307 break;
308 case BIO_CTRL_INFO:
309 ret = 0;
310 break;
311 case BIO_C_SSL_MODE:
312 if (num) /* client mode */
313 SSL_set_connect_state(ssl);
314 else
315 SSL_set_accept_state(ssl);
316 break;
317 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
318 ret = bs->renegotiate_timeout;
319 if (num < 60)
320 num = 5;
321 bs->renegotiate_timeout = (unsigned long)num;
322 bs->last_time = time(NULL);
323 break;
324 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
325 ret = bs->renegotiate_count;
326 if ((long)num >=512)
327 bs->renegotiate_count = (unsigned long)num;
328 break;
329 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
330 ret = bs->num_renegotiates;
331 break;
332 case BIO_C_SET_SSL:
333 if (ssl != NULL) {
334 ssl_free(b);
335 if (!ssl_new(b))
336 return 0;
337 }
338 b->shutdown = (int)num;
339 ssl = (SSL *)ptr;
340 ((BIO_SSL *)b->ptr)->ssl = ssl;
341 bio = SSL_get_rbio(ssl);
342 if (bio != NULL) {
343 if (b->next_bio != NULL)
344 BIO_push(bio, b->next_bio);
345 b->next_bio = bio;
346 CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
347 }
348 b->init = 1;
349 break;
350 case BIO_C_GET_SSL:
351 if (ptr != NULL) {
352 sslp = (SSL **)ptr;
353 *sslp = ssl;
354 } else
355 ret = 0;
356 break;
357 case BIO_CTRL_GET_CLOSE:
358 ret = b->shutdown;
359 break;
360 case BIO_CTRL_SET_CLOSE:
361 b->shutdown = (int)num;
362 break;
363 case BIO_CTRL_WPENDING:
364 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
365 break;
366 case BIO_CTRL_PENDING:
367 ret = SSL_pending(ssl);
368 if (ret == 0)
369 ret = BIO_pending(ssl->rbio);
370 break;
371 case BIO_CTRL_FLUSH:
372 BIO_clear_retry_flags(b);
373 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
374 BIO_copy_next_retry(b);
375 break;
376 case BIO_CTRL_PUSH:
377 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
378 SSL_set_bio(ssl, b->next_bio, b->next_bio);
379 CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
380 }
381 break;
382 case BIO_CTRL_POP:
383 /* Only detach if we are the BIO explicitly being popped */
384 if (b == ptr) {
385 /* Shouldn't happen in practice because the
386 * rbio and wbio are the same when pushed.
387 */
388 if (ssl->rbio != ssl->wbio)
389 BIO_free_all(ssl->wbio);
390 if (b->next_bio != NULL)
391 CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
392 ssl->wbio = NULL;
393 ssl->rbio = NULL;
394 }
395 break;
396 case BIO_C_DO_STATE_MACHINE:
397 BIO_clear_retry_flags(b);
398
399 b->retry_reason = 0;
400 ret = (int)SSL_do_handshake(ssl);
401
402 switch (SSL_get_error(ssl, (int)ret)) {
403 case SSL_ERROR_WANT_READ:
404 BIO_set_flags(b,
405 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
406 break;
407 case SSL_ERROR_WANT_WRITE:
408 BIO_set_flags(b,
409 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
410 break;
411 case SSL_ERROR_WANT_CONNECT:
412 BIO_set_flags(b,
413 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
414 b->retry_reason = b->next_bio->retry_reason;
415 break;
416 default:
417 break;
418 }
419 break;
420 case BIO_CTRL_DUP:
421 dbio = (BIO *)ptr;
422 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
423 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
424 ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
425 ((BIO_SSL *)dbio->ptr)->renegotiate_count =
426 ((BIO_SSL *)b->ptr)->renegotiate_count;
427 ((BIO_SSL *)dbio->ptr)->byte_count =
428 ((BIO_SSL *)b->ptr)->byte_count;
429 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
430 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
431 ((BIO_SSL *)dbio->ptr)->last_time =
432 ((BIO_SSL *)b->ptr)->last_time;
433 ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
434 break;
435 case BIO_C_GET_FD:
436 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
437 break;
438 case BIO_CTRL_SET_CALLBACK:
439 {
440 ret = 0;
441 }
442 break;
443 case BIO_CTRL_GET_CALLBACK:
444 {
445 void (**fptr)(const SSL *xssl, int type, int val);
446
447 fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
448 *fptr = SSL_get_info_callback(ssl);
449 }
450 break;
451 default:
452 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
453 break;
454 }
455 return (ret);
456}
457
458static long
459ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
460{
461 SSL *ssl;
462 BIO_SSL *bs;
463 long ret = 1;
464
465 bs = (BIO_SSL *)b->ptr;
466 ssl = bs->ssl;
467 switch (cmd) {
468 case BIO_CTRL_SET_CALLBACK:
469 {
470 /* FIXME: setting this via a completely different prototype
471 seems like a crap idea */
472 SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);
473 }
474 break;
475 default:
476 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
477 break;
478 }
479 return (ret);
480}
481
482static int
483ssl_puts(BIO *bp, const char *str)
484{
485 int n, ret;
486
487 n = strlen(str);
488 ret = BIO_write(bp, str, n);
489 return (ret);
490}
491
492BIO *
493BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
494{
495 BIO *ret = NULL, *buf = NULL, *ssl = NULL;
496
497 if ((buf = BIO_new(BIO_f_buffer())) == NULL)
498 goto err;
499 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
500 goto err;
501 if ((ret = BIO_push(buf, ssl)) == NULL)
502 goto err;
503 return (ret);
504
505err:
506 BIO_free(buf);
507 BIO_free(ssl);
508 return (NULL);
509}
510
511BIO *
512BIO_new_ssl_connect(SSL_CTX *ctx)
513{
514 BIO *ret = NULL, *con = NULL, *ssl = NULL;
515
516 if ((con = BIO_new(BIO_s_connect())) == NULL)
517 goto err;
518 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
519 goto err;
520 if ((ret = BIO_push(ssl, con)) == NULL)
521 goto err;
522 return (ret);
523
524err:
525 BIO_free(con);
526 BIO_free(ssl);
527 return (NULL);
528}
529
530BIO *
531BIO_new_ssl(SSL_CTX *ctx, int client)
532{
533 BIO *ret;
534 SSL *ssl;
535
536 if ((ret = BIO_new(BIO_f_ssl())) == NULL)
537 goto err;
538 if ((ssl = SSL_new(ctx)) == NULL)
539 goto err;
540
541 if (client)
542 SSL_set_connect_state(ssl);
543 else
544 SSL_set_accept_state(ssl);
545
546 BIO_set_ssl(ret, ssl, BIO_CLOSE);
547 return (ret);
548
549err:
550 BIO_free(ret);
551 return (NULL);
552}
553
554int
555BIO_ssl_copy_session_id(BIO *t, BIO *f)
556{
557 t = BIO_find_type(t, BIO_TYPE_SSL);
558 f = BIO_find_type(f, BIO_TYPE_SSL);
559 if ((t == NULL) || (f == NULL))
560 return (0);
561 if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
562 (((BIO_SSL *)f->ptr)->ssl == NULL))
563 return (0);
564 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl);
565 return (1);
566}
567
568void
569BIO_ssl_shutdown(BIO *b)
570{
571 SSL *s;
572
573 while (b != NULL) {
574 if (b->method->type == BIO_TYPE_SSL) {
575 s = ((BIO_SSL *)b->ptr)->ssl;
576 SSL_shutdown(s);
577 break;
578 }
579 b = b->next_bio;
580 }
581}
diff --git a/src/lib/libssl/bs_ber.c b/src/lib/libssl/bs_ber.c
deleted file mode 100644
index 6e945a0246..0000000000
--- a/src/lib/libssl/bs_ber.c
+++ /dev/null
@@ -1,268 +0,0 @@
1/* $OpenBSD: bs_ber.c,v 1.8 2015/06/21 16:10:45 doug Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <string.h>
18
19#include <openssl/opensslconf.h>
20
21#include "bytestring.h"
22
23/*
24 * kMaxDepth is a just a sanity limit. The code should be such that the length
25 * of the input being processes always decreases. None the less, a very large
26 * input could otherwise cause the stack to overflow.
27 */
28static const unsigned int kMaxDepth = 2048;
29
30/* Non-strict version that allows a relaxed DER with indefinite form. */
31static int
32cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
33 size_t *out_header_len)
34{
35 return cbs_get_any_asn1_element_internal(cbs, out,
36 out_tag, out_header_len, 0);
37}
38
39/*
40 * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets
41 * |*indefinite_found| depending on whether an indefinite length element was
42 * found. The value of |orig_in| is not modified.
43 *
44 * Returns one on success (i.e. |*indefinite_found| was set) and zero on error.
45 */
46static int
47cbs_find_indefinite(const CBS *orig_in, char *indefinite_found,
48 unsigned int depth)
49{
50 CBS in;
51
52 if (depth > kMaxDepth)
53 return 0;
54
55 CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in));
56
57 while (CBS_len(&in) > 0) {
58 CBS contents;
59 unsigned int tag;
60 size_t header_len;
61
62 if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag,
63 &header_len))
64 return 0;
65
66 /* Indefinite form not allowed by DER. */
67 if (CBS_len(&contents) == header_len && header_len > 0 &&
68 CBS_data(&contents)[header_len - 1] == 0x80) {
69 *indefinite_found = 1;
70 return 1;
71 }
72 if (tag & CBS_ASN1_CONSTRUCTED) {
73 if (!CBS_skip(&contents, header_len) ||
74 !cbs_find_indefinite(&contents, indefinite_found,
75 depth + 1))
76 return 0;
77 }
78 }
79
80 *indefinite_found = 0;
81 return 1;
82}
83
84/*
85 * is_primitive_type returns true if |tag| likely a primitive type. Normally
86 * one can just test the "constructed" bit in the tag but, in BER, even
87 * primitive tags can have the constructed bit if they have indefinite
88 * length.
89 */
90static char
91is_primitive_type(unsigned int tag)
92{
93 return (tag & 0xc0) == 0 &&
94 (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) &&
95 (tag & 0x1f) != (CBS_ASN1_SET & 0x1f);
96}
97
98/*
99 * is_eoc returns true if |header_len| and |contents|, as returned by
100 * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC)
101 * value.
102 */
103static char
104is_eoc(size_t header_len, CBS *contents)
105{
106 return header_len == 2 && CBS_mem_equal(contents, "\x00\x00", 2);
107}
108
109/*
110 * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow
111 * indefinite form) from |in| and writes definite form DER data to |out|. If
112 * |squash_header| is set then the top-level of elements from |in| will not
113 * have their headers written. This is used when concatenating the fragments of
114 * an indefinite length, primitive value. If |looking_for_eoc| is set then any
115 * EOC elements found will cause the function to return after consuming it.
116 * It returns one on success and zero on error.
117 */
118static int
119cbs_convert_indefinite(CBS *in, CBB *out, char squash_header,
120 char looking_for_eoc, unsigned int depth)
121{
122 if (depth > kMaxDepth)
123 return 0;
124
125 while (CBS_len(in) > 0) {
126 CBS contents;
127 unsigned int tag;
128 size_t header_len;
129 CBB *out_contents, out_contents_storage;
130
131 if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag,
132 &header_len))
133 return 0;
134
135 out_contents = out;
136
137 if (CBS_len(&contents) == header_len) {
138 if (is_eoc(header_len, &contents))
139 return looking_for_eoc;
140
141 if (header_len > 0 &&
142 CBS_data(&contents)[header_len - 1] == 0x80) {
143 /*
144 * This is an indefinite length element. If
145 * it's a SEQUENCE or SET then we just need to
146 * write the out the contents as normal, but
147 * with a concrete length prefix.
148 *
149 * If it's a something else then the contents
150 * will be a series of DER elements of the same
151 * type which need to be concatenated.
152 */
153 const char context_specific = (tag & 0xc0)
154 == 0x80;
155 char squash_child_headers =
156 is_primitive_type(tag);
157
158 /*
159 * This is a hack, but it sufficies to handle
160 * NSS's output. If we find an indefinite
161 * length, context-specific tag with a definite,
162 * primtive tag inside it, then we assume that
163 * the context-specific tag is implicit and the
164 * tags within are fragments of a primitive type
165 * that need to be concatenated.
166 */
167 if (context_specific &&
168 (tag & CBS_ASN1_CONSTRUCTED)) {
169 CBS in_copy, inner_contents;
170 unsigned int inner_tag;
171 size_t inner_header_len;
172
173 CBS_init(&in_copy, CBS_data(in),
174 CBS_len(in));
175 if (!cbs_nonstrict_get_any_asn1_element(
176 &in_copy, &inner_contents,
177 &inner_tag, &inner_header_len))
178 return 0;
179
180 if (CBS_len(&inner_contents) >
181 inner_header_len &&
182 is_primitive_type(inner_tag))
183 squash_child_headers = 1;
184 }
185
186 if (!squash_header) {
187 unsigned int out_tag = tag;
188
189 if (squash_child_headers)
190 out_tag &=
191 ~CBS_ASN1_CONSTRUCTED;
192
193 if (!CBB_add_asn1(out,
194 &out_contents_storage, out_tag))
195 return 0;
196
197 out_contents = &out_contents_storage;
198 }
199
200 if (!cbs_convert_indefinite(in, out_contents,
201 squash_child_headers,
202 1 /* looking for eoc */, depth + 1))
203 return 0;
204
205 if (out_contents != out && !CBB_flush(out))
206 return 0;
207
208 continue;
209 }
210 }
211
212 if (!squash_header) {
213 if (!CBB_add_asn1(out, &out_contents_storage, tag))
214 return 0;
215
216 out_contents = &out_contents_storage;
217 }
218
219 if (!CBS_skip(&contents, header_len))
220 return 0;
221
222 if (tag & CBS_ASN1_CONSTRUCTED) {
223 if (!cbs_convert_indefinite(&contents, out_contents,
224 0 /* don't squash header */,
225 0 /* not looking for eoc */, depth + 1))
226 return 0;
227 } else {
228 if (!CBB_add_bytes(out_contents, CBS_data(&contents),
229 CBS_len(&contents)))
230 return 0;
231 }
232
233 if (out_contents != out && !CBB_flush(out))
234 return 0;
235 }
236
237 return looking_for_eoc == 0;
238}
239
240int
241CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len)
242{
243 CBB cbb;
244
245 /*
246 * First, do a quick walk to find any indefinite-length elements. Most
247 * of the time we hope that there aren't any and thus we can quickly
248 * return.
249 */
250 char conversion_needed;
251 if (!cbs_find_indefinite(in, &conversion_needed, 0))
252 return 0;
253
254 if (!conversion_needed) {
255 *out = NULL;
256 *out_len = 0;
257 return 1;
258 }
259
260 if (!CBB_init(&cbb, CBS_len(in)))
261 return 0;
262 if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) {
263 CBB_cleanup(&cbb);
264 return 0;
265 }
266
267 return CBB_finish(&cbb, out, out_len);
268}
diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c
deleted file mode 100644
index 3f8e08e0e3..0000000000
--- a/src/lib/libssl/bs_cbb.c
+++ /dev/null
@@ -1,442 +0,0 @@
1/* $OpenBSD: bs_cbb.c,v 1.13 2015/09/01 13:35:39 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <assert.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <openssl/opensslconf.h>
22
23#include "bytestring.h"
24
25static int
26cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
27{
28 struct cbb_buffer_st *base;
29
30 base = malloc(sizeof(struct cbb_buffer_st));
31 if (base == NULL)
32 return 0;
33
34 base->buf = buf;
35 base->len = 0;
36 base->cap = cap;
37 base->can_resize = 1;
38
39 cbb->base = base;
40 cbb->is_top_level = 1;
41
42 return 1;
43}
44
45int
46CBB_init(CBB *cbb, size_t initial_capacity)
47{
48 uint8_t *buf = NULL;
49
50 memset(cbb, 0, sizeof(*cbb));
51
52 if (initial_capacity > 0) {
53 if ((buf = malloc(initial_capacity)) == NULL)
54 return 0;
55 }
56
57 if (!cbb_init(cbb, buf, initial_capacity)) {
58 free(buf);
59 return 0;
60 }
61
62 return 1;
63}
64
65int
66CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len)
67{
68 memset(cbb, 0, sizeof(*cbb));
69
70 if (!cbb_init(cbb, buf, len))
71 return 0;
72
73 cbb->base->can_resize = 0;
74
75 return 1;
76}
77
78void
79CBB_cleanup(CBB *cbb)
80{
81 if (cbb->base) {
82 if (cbb->base->can_resize)
83 free(cbb->base->buf);
84
85 free(cbb->base);
86 }
87 cbb->base = NULL;
88}
89
90static int
91cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len)
92{
93 size_t newlen;
94
95 if (base == NULL)
96 return 0;
97
98 newlen = base->len + len;
99 if (newlen < base->len)
100 /* Overflow */
101 return 0;
102
103 if (newlen > base->cap) {
104 size_t newcap = base->cap * 2;
105 uint8_t *newbuf;
106
107 if (!base->can_resize)
108 return 0;
109
110 if (newcap < base->cap || newcap < newlen)
111 newcap = newlen;
112
113 newbuf = realloc(base->buf, newcap);
114 if (newbuf == NULL)
115 return 0;
116
117 base->buf = newbuf;
118 base->cap = newcap;
119 }
120
121 if (out)
122 *out = base->buf + base->len;
123
124 base->len = newlen;
125 return 1;
126}
127
128static int
129cbb_add_u(CBB *cbb, uint32_t v, size_t len_len)
130{
131 uint8_t *buf;
132 size_t i;
133
134 if (len_len == 0)
135 return 1;
136
137 if (len_len > 4)
138 return 0;
139
140 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len))
141 return 0;
142
143 for (i = len_len - 1; i < len_len; i--) {
144 buf[i] = v;
145 v >>= 8;
146 }
147 return 1;
148}
149
150int
151CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len)
152{
153 if (!cbb->is_top_level)
154 return 0;
155
156 if (!CBB_flush(cbb))
157 return 0;
158
159 if (cbb->base->can_resize && (out_data == NULL || out_len == NULL))
160 /*
161 * |out_data| and |out_len| can only be NULL if the CBB is
162 * fixed.
163 */
164 return 0;
165
166 if (out_data != NULL)
167 *out_data = cbb->base->buf;
168
169 if (out_len != NULL)
170 *out_len = cbb->base->len;
171
172 cbb->base->buf = NULL;
173 CBB_cleanup(cbb);
174 return 1;
175}
176
177/*
178 * CBB_flush recurses and then writes out any pending length prefix. The current
179 * length of the underlying base is taken to be the length of the
180 * length-prefixed data.
181 */
182int
183CBB_flush(CBB *cbb)
184{
185 size_t child_start, i, len;
186
187 if (cbb->base == NULL)
188 return 0;
189
190 if (cbb->child == NULL || cbb->pending_len_len == 0)
191 return 1;
192
193 child_start = cbb->offset + cbb->pending_len_len;
194
195 if (!CBB_flush(cbb->child) || child_start < cbb->offset ||
196 cbb->base->len < child_start)
197 return 0;
198
199 len = cbb->base->len - child_start;
200
201 if (cbb->pending_is_asn1) {
202 /*
203 * For ASN.1, we assumed that we were using short form which
204 * only requires a single byte for the length octet.
205 *
206 * If it turns out that we need long form, we have to move
207 * the contents along in order to make space for more length
208 * octets.
209 */
210 size_t len_len = 1; /* total number of length octets */
211 uint8_t initial_length_byte;
212
213 /* We already wrote 1 byte for the length. */
214 assert (cbb->pending_len_len == 1);
215
216 /* Check for long form */
217 if (len > 0xfffffffe)
218 return 0; /* 0xffffffff is reserved */
219 else if (len > 0xffffff)
220 len_len = 5;
221 else if (len > 0xffff)
222 len_len = 4;
223 else if (len > 0xff)
224 len_len = 3;
225 else if (len > 0x7f)
226 len_len = 2;
227
228 if (len_len == 1) {
229 /* For short form, the initial byte is the length. */
230 initial_length_byte = len;
231 len = 0;
232
233 } else {
234 /*
235 * For long form, the initial byte is the number of
236 * subsequent length octets (plus bit 8 set).
237 */
238 initial_length_byte = 0x80 | (len_len - 1);
239
240 /*
241 * We need to move the contents along in order to make
242 * space for the long form length octets.
243 */
244 size_t extra_bytes = len_len - 1;
245 if (!cbb_buffer_add(cbb->base, NULL, extra_bytes))
246 return 0;
247
248 memmove(cbb->base->buf + child_start + extra_bytes,
249 cbb->base->buf + child_start, len);
250 }
251 cbb->base->buf[cbb->offset++] = initial_length_byte;
252 cbb->pending_len_len = len_len - 1;
253 }
254
255 for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) {
256 cbb->base->buf[cbb->offset + i] = len;
257 len >>= 8;
258 }
259 if (len != 0)
260 return 0;
261
262 cbb->child->base = NULL;
263 cbb->child = NULL;
264 cbb->pending_len_len = 0;
265 cbb->pending_is_asn1 = 0;
266 cbb->offset = 0;
267
268 return 1;
269}
270
271
272static int
273cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len)
274{
275 uint8_t *prefix_bytes;
276
277 if (!CBB_flush(cbb))
278 return 0;
279
280 cbb->offset = cbb->base->len;
281 if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len))
282 return 0;
283
284 memset(prefix_bytes, 0, len_len);
285 memset(out_contents, 0, sizeof(CBB));
286 out_contents->base = cbb->base;
287 cbb->child = out_contents;
288 cbb->pending_len_len = len_len;
289 cbb->pending_is_asn1 = 0;
290
291 return 1;
292}
293
294int
295CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents)
296{
297 return cbb_add_length_prefixed(cbb, out_contents, 1);
298}
299
300int
301CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents)
302{
303 return cbb_add_length_prefixed(cbb, out_contents, 2);
304}
305
306int
307CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents)
308{
309 return cbb_add_length_prefixed(cbb, out_contents, 3);
310}
311
312int
313CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag)
314{
315 if (tag > UINT8_MAX)
316 return 0;
317
318 /* Long form identifier octets are not supported. */
319 if ((tag & 0x1f) == 0x1f)
320 return 0;
321
322 /* Short-form identifier octet only needs a single byte */
323 if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag))
324 return 0;
325
326 /*
327 * Add 1 byte to cover the short-form length octet case. If it turns
328 * out we need long-form, it will be extended later.
329 */
330 cbb->offset = cbb->base->len;
331 if (!CBB_add_u8(cbb, 0))
332 return 0;
333
334 memset(out_contents, 0, sizeof(CBB));
335 out_contents->base = cbb->base;
336 cbb->child = out_contents;
337 cbb->pending_len_len = 1;
338 cbb->pending_is_asn1 = 1;
339
340 return 1;
341}
342
343int
344CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len)
345{
346 uint8_t *dest;
347
348 if (!CBB_add_space(cbb, &dest, len))
349 return 0;
350
351 memcpy(dest, data, len);
352 return 1;
353}
354
355int
356CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
357{
358 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
359 return 0;
360
361 return 1;
362}
363
364int
365CBB_add_u8(CBB *cbb, size_t value)
366{
367 if (value > UINT8_MAX)
368 return 0;
369
370 return cbb_add_u(cbb, (uint32_t)value, 1);
371}
372
373int
374CBB_add_u16(CBB *cbb, size_t value)
375{
376 if (value > UINT16_MAX)
377 return 0;
378
379 return cbb_add_u(cbb, (uint32_t)value, 2);
380}
381
382int
383CBB_add_u24(CBB *cbb, size_t value)
384{
385 if (value > 0xffffffUL)
386 return 0;
387
388 return cbb_add_u(cbb, (uint32_t)value, 3);
389}
390
391int
392CBB_add_asn1_uint64(CBB *cbb, uint64_t value)
393{
394 CBB child;
395 size_t i;
396 int started = 0;
397
398 if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER))
399 return 0;
400
401 for (i = 0; i < 8; i++) {
402 uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
403
404 /*
405 * ASN.1 restriction: first 9 bits cannot be all zeroes or
406 * all ones. Since this function only encodes unsigned
407 * integers, the only concerns are not encoding leading
408 * zeros and adding a padding byte if necessary.
409 *
410 * In practice, this means:
411 * 1) Skip leading octets of all zero bits in the value
412 * 2) After skipping the leading zero octets, if the next 9
413 * bits are all ones, add an all zero prefix octet (and
414 * set the high bit of the prefix octet if negative).
415 *
416 * Additionally, for an unsigned value, add an all zero
417 * prefix if the high bit of the first octet would be one.
418 */
419 if (!started) {
420 if (byte == 0)
421 /* Don't encode leading zeros. */
422 continue;
423
424 /*
425 * If the high bit is set, add a padding byte to make it
426 * unsigned.
427 */
428 if ((byte & 0x80) && !CBB_add_u8(&child, 0))
429 return 0;
430
431 started = 1;
432 }
433 if (!CBB_add_u8(&child, byte))
434 return 0;
435 }
436
437 /* 0 is encoded as a single 0, not the empty string. */
438 if (!started && !CBB_add_u8(&child, 0))
439 return 0;
440
441 return CBB_flush(cbb);
442}
diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c
deleted file mode 100644
index ea1f0108f6..0000000000
--- a/src/lib/libssl/bs_cbs.c
+++ /dev/null
@@ -1,511 +0,0 @@
1/* $OpenBSD: bs_cbs.c,v 1.17 2015/06/24 09:44:18 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <assert.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <openssl/opensslconf.h>
22#include <openssl/buffer.h>
23#include <openssl/crypto.h>
24
25#include "bytestring.h"
26
27void
28CBS_init(CBS *cbs, const uint8_t *data, size_t len)
29{
30 cbs->data = data;
31 cbs->initial_len = len;
32 cbs->len = len;
33}
34
35void
36CBS_dup(const CBS *cbs, CBS *out)
37{
38 CBS_init(out, CBS_data(cbs), CBS_len(cbs));
39 out->initial_len = cbs->initial_len;
40}
41
42static int
43cbs_get(CBS *cbs, const uint8_t **p, size_t n)
44{
45 if (cbs->len < n)
46 return 0;
47
48 *p = cbs->data;
49 cbs->data += n;
50 cbs->len -= n;
51 return 1;
52}
53
54size_t
55CBS_offset(const CBS *cbs)
56{
57 return cbs->initial_len - cbs->len;
58}
59
60int
61CBS_skip(CBS *cbs, size_t len)
62{
63 const uint8_t *dummy;
64 return cbs_get(cbs, &dummy, len);
65}
66
67const uint8_t *
68CBS_data(const CBS *cbs)
69{
70 return cbs->data;
71}
72
73size_t
74CBS_len(const CBS *cbs)
75{
76 return cbs->len;
77}
78
79int
80CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len)
81{
82 free(*out_ptr);
83 *out_ptr = NULL;
84 *out_len = 0;
85
86 if (cbs->len == 0)
87 return 1;
88
89 if ((*out_ptr = malloc(cbs->len)) == NULL)
90 return 0;
91
92 memcpy(*out_ptr, cbs->data, cbs->len);
93
94 *out_len = cbs->len;
95 return 1;
96}
97
98int
99CBS_strdup(const CBS *cbs, char **out_ptr)
100{
101 free(*out_ptr);
102 *out_ptr = strndup((const char *)cbs->data, cbs->len);
103 return (*out_ptr != NULL);
104}
105
106int
107CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied)
108{
109 if (dst_len < cbs->len)
110 return 0;
111
112 memmove(dst, cbs->data, cbs->len);
113
114 if (copied != NULL)
115 *copied = cbs->len;
116
117 return 1;
118}
119
120int
121CBS_contains_zero_byte(const CBS *cbs)
122{
123 return memchr(cbs->data, 0, cbs->len) != NULL;
124}
125
126int
127CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len)
128{
129 if (len != cbs->len)
130 return 0;
131
132 return timingsafe_memcmp(cbs->data, data, len) == 0;
133}
134
135static int
136cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
137{
138 uint32_t result = 0;
139 size_t i;
140 const uint8_t *data;
141
142 if (len < 1 || len > 4)
143 return 0;
144
145 if (!cbs_get(cbs, &data, len))
146 return 0;
147
148 for (i = 0; i < len; i++) {
149 result <<= 8;
150 result |= data[i];
151 }
152 *out = result;
153 return 1;
154}
155
156int
157CBS_get_u8(CBS *cbs, uint8_t *out)
158{
159 const uint8_t *v;
160
161 if (!cbs_get(cbs, &v, 1))
162 return 0;
163
164 *out = *v;
165 return 1;
166}
167
168int
169CBS_get_u16(CBS *cbs, uint16_t *out)
170{
171 uint32_t v;
172
173 if (!cbs_get_u(cbs, &v, 2))
174 return 0;
175
176 *out = v;
177 return 1;
178}
179
180int
181CBS_get_u24(CBS *cbs, uint32_t *out)
182{
183 return cbs_get_u(cbs, out, 3);
184}
185
186int
187CBS_get_u32(CBS *cbs, uint32_t *out)
188{
189 return cbs_get_u(cbs, out, 4);
190}
191
192int
193CBS_get_bytes(CBS *cbs, CBS *out, size_t len)
194{
195 const uint8_t *v;
196
197 if (!cbs_get(cbs, &v, len))
198 return 0;
199
200 CBS_init(out, v, len);
201 return 1;
202}
203
204static int
205cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len)
206{
207 uint32_t len;
208
209 if (!cbs_get_u(cbs, &len, len_len))
210 return 0;
211
212 return CBS_get_bytes(cbs, out, len);
213}
214
215int
216CBS_get_u8_length_prefixed(CBS *cbs, CBS *out)
217{
218 return cbs_get_length_prefixed(cbs, out, 1);
219}
220
221int
222CBS_get_u16_length_prefixed(CBS *cbs, CBS *out)
223{
224 return cbs_get_length_prefixed(cbs, out, 2);
225}
226
227int
228CBS_get_u24_length_prefixed(CBS *cbs, CBS *out)
229{
230 return cbs_get_length_prefixed(cbs, out, 3);
231}
232
233int
234CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
235 size_t *out_header_len)
236{
237 return cbs_get_any_asn1_element_internal(cbs, out, out_tag,
238 out_header_len, 1);
239}
240
241/*
242 * Review X.690 for details on ASN.1 DER encoding.
243 *
244 * If non-strict mode is enabled, then DER rules are relaxed
245 * for indefinite constructs (violates DER but a little closer to BER).
246 * Non-strict mode should only be used by bs_ber.c
247 *
248 * Sections 8, 10 and 11 for DER encoding
249 */
250int
251cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
252 size_t *out_header_len, int strict)
253{
254 uint8_t tag, length_byte;
255 CBS header = *cbs;
256 CBS throwaway;
257 size_t len;
258
259 if (out == NULL)
260 out = &throwaway;
261
262 /*
263 * Get identifier octet and length octet. Only 1 octet for each
264 * is a CBS limitation.
265 */
266 if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte))
267 return 0;
268
269 /* CBS limitation: long form tags are not supported. */
270 if ((tag & 0x1f) == 0x1f)
271 return 0;
272
273 if (out_tag != NULL)
274 *out_tag = tag;
275
276 if ((length_byte & 0x80) == 0) {
277 /* Short form length. */
278 len = ((size_t) length_byte) + 2;
279 if (out_header_len != NULL)
280 *out_header_len = 2;
281
282 } else {
283 /* Long form length. */
284 const size_t num_bytes = length_byte & 0x7f;
285 uint32_t len32;
286
287 /* ASN.1 reserved value for future extensions */
288 if (num_bytes == 0x7f)
289 return 0;
290
291 /* Handle indefinite form length */
292 if (num_bytes == 0) {
293 /* DER encoding doesn't allow for indefinite form. */
294 if (strict)
295 return 0;
296
297 /* Primitive cannot use indefinite in BER or DER. */
298 if ((tag & CBS_ASN1_CONSTRUCTED) == 0)
299 return 0;
300
301 /* Constructed, indefinite length allowed in BER. */
302 if (out_header_len != NULL)
303 *out_header_len = 2;
304 return CBS_get_bytes(cbs, out, 2);
305 }
306
307 /* CBS limitation. */
308 if (num_bytes > 4)
309 return 0;
310
311 if (!cbs_get_u(&header, &len32, num_bytes))
312 return 0;
313
314 /* DER has a minimum length octet requirement. */
315 if (len32 < 128)
316 /* Should have used short form instead */
317 return 0;
318
319 if ((len32 >> ((num_bytes - 1) * 8)) == 0)
320 /* Length should have been at least one byte shorter. */
321 return 0;
322
323 len = len32;
324 if (len + 2 + num_bytes < len)
325 /* Overflow. */
326 return 0;
327
328 len += 2 + num_bytes;
329 if (out_header_len != NULL)
330 *out_header_len = 2 + num_bytes;
331 }
332
333 return CBS_get_bytes(cbs, out, len);
334}
335
336static int
337cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header)
338{
339 size_t header_len;
340 unsigned int tag;
341 CBS throwaway;
342
343 if (out == NULL)
344 out = &throwaway;
345
346 if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) ||
347 tag != tag_value)
348 return 0;
349
350 if (skip_header && !CBS_skip(out, header_len)) {
351 assert(0);
352 return 0;
353 }
354
355 return 1;
356}
357
358int
359CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value)
360{
361 return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */);
362}
363
364int
365CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value)
366{
367 return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */);
368}
369
370int
371CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value)
372{
373 if (CBS_len(cbs) < 1)
374 return 0;
375
376 /*
377 * Tag number 31 indicates the start of a long form number.
378 * This is valid in ASN.1, but CBS only supports short form.
379 */
380 if ((tag_value & 0x1f) == 0x1f)
381 return 0;
382
383 return CBS_data(cbs)[0] == tag_value;
384}
385
386/* Encoding details are in ASN.1: X.690 section 8.3 */
387int
388CBS_get_asn1_uint64(CBS *cbs, uint64_t *out)
389{
390 CBS bytes;
391 const uint8_t *data;
392 size_t i, len;
393
394 if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER))
395 return 0;
396
397 *out = 0;
398 data = CBS_data(&bytes);
399 len = CBS_len(&bytes);
400
401 if (len == 0)
402 /* An INTEGER is encoded with at least one content octet. */
403 return 0;
404
405 if ((data[0] & 0x80) != 0)
406 /* Negative number. */
407 return 0;
408
409 if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0)
410 /* Violates smallest encoding rule: excessive leading zeros. */
411 return 0;
412
413 for (i = 0; i < len; i++) {
414 if ((*out >> 56) != 0)
415 /* Too large to represent as a uint64_t. */
416 return 0;
417
418 *out <<= 8;
419 *out |= data[i];
420 }
421
422 return 1;
423}
424
425int
426CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag)
427{
428 if (CBS_peek_asn1_tag(cbs, tag)) {
429 if (!CBS_get_asn1(cbs, out, tag))
430 return 0;
431
432 *out_present = 1;
433 } else {
434 *out_present = 0;
435 }
436 return 1;
437}
438
439int
440CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
441 unsigned int tag)
442{
443 CBS child;
444 int present;
445
446 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
447 return 0;
448
449 if (present) {
450 if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
451 CBS_len(&child) != 0)
452 return 0;
453 } else {
454 CBS_init(out, NULL, 0);
455 }
456 if (out_present)
457 *out_present = present;
458
459 return 1;
460}
461
462int
463CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
464 uint64_t default_value)
465{
466 CBS child;
467 int present;
468
469 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
470 return 0;
471
472 if (present) {
473 if (!CBS_get_asn1_uint64(&child, out) ||
474 CBS_len(&child) != 0)
475 return 0;
476 } else {
477 *out = default_value;
478 }
479 return 1;
480}
481
482int
483CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
484 int default_value)
485{
486 CBS child, child2;
487 int present;
488
489 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
490 return 0;
491
492 if (present) {
493 uint8_t boolean;
494
495 if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
496 CBS_len(&child2) != 1 || CBS_len(&child) != 0)
497 return 0;
498
499 boolean = CBS_data(&child2)[0];
500 if (boolean == 0)
501 *out = 0;
502 else if (boolean == 0xff)
503 *out = 1;
504 else
505 return 0;
506
507 } else {
508 *out = default_value;
509 }
510 return 1;
511}
diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h
deleted file mode 100644
index 8ea84005b4..0000000000
--- a/src/lib/libssl/bytestring.h
+++ /dev/null
@@ -1,511 +0,0 @@
1/* $OpenBSD: bytestring.h,v 1.14 2015/06/19 00:23:36 doug Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#ifndef OPENSSL_HEADER_BYTESTRING_H
18#define OPENSSL_HEADER_BYTESTRING_H
19
20#if defined(__cplusplus)
21extern "C" {
22#endif
23
24#include <sys/types.h>
25#include <stdint.h>
26
27#include <openssl/opensslconf.h>
28
29/*
30 * Bytestrings are used for parsing and building TLS and ASN.1 messages.
31 *
32 * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
33 * provides utility functions for safely parsing length-prefixed structures
34 * like TLS and ASN.1 from it.
35 *
36 * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
37 * provides utility functions for building length-prefixed messages.
38 */
39
40/* CRYPTO ByteString */
41typedef struct cbs_st {
42 const uint8_t *data;
43 size_t initial_len;
44 size_t len;
45} CBS;
46
47/*
48 * CBS_init sets |cbs| to point to |data|. It does not take ownership of
49 * |data|.
50 */
51void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
52
53/*
54 * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
55 * otherwise.
56 */
57int CBS_skip(CBS *cbs, size_t len);
58
59/*
60 * CBS_data returns a pointer to the contents of |cbs|.
61 */
62const uint8_t *CBS_data(const CBS *cbs);
63
64/*
65 * CBS_len returns the number of bytes remaining in |cbs|.
66 */
67size_t CBS_len(const CBS *cbs);
68
69/*
70 * CBS_offset returns the current offset into the original data of |cbs|.
71 */
72size_t CBS_offset(const CBS *cbs);
73
74/*
75 * CBS_stow copies the current contents of |cbs| into |*out_ptr| and
76 * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
77 * free. It returns one on success and zero on allocation failure. On
78 * success, |*out_ptr| should be freed with free. If |cbs| is empty,
79 * |*out_ptr| will be NULL.
80 */
81int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
82
83/*
84 * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
85 * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
86 * with free. It returns one on success and zero on allocation
87 * failure. On success, |*out_ptr| should be freed with free.
88 *
89 * NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call
90 * |CBS_contains_zero_byte(cbs)| to check for NUL bytes.
91 */
92int CBS_strdup(const CBS *cbs, char **out_ptr);
93
94/*
95 * CBS_write_bytes writes all of the remaining data from |cbs| into |dst|
96 * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set
97 * to the amount copied. It returns one on success and zero otherwise.
98 */
99int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len,
100 size_t *copied);
101
102/*
103 * CBS_contains_zero_byte returns one if the current contents of |cbs| contains
104 * a NUL byte and zero otherwise.
105 */
106int CBS_contains_zero_byte(const CBS *cbs);
107
108/*
109 * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
110 * starting at |data|. If they're equal, it returns one, otherwise zero. If the
111 * lengths match, it uses a constant-time comparison.
112 */
113int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len);
114
115/*
116 * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
117 * returns one on success and zero on error.
118 */
119int CBS_get_u8(CBS *cbs, uint8_t *out);
120
121/*
122 * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
123 * advances |cbs|. It returns one on success and zero on error.
124 */
125int CBS_get_u16(CBS *cbs, uint16_t *out);
126
127/*
128 * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
129 * advances |cbs|. It returns one on success and zero on error.
130 */
131int CBS_get_u24(CBS *cbs, uint32_t *out);
132
133/*
134 * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
135 * and advances |cbs|. It returns one on success and zero on error.
136 */
137int CBS_get_u32(CBS *cbs, uint32_t *out);
138
139/*
140 * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
141 * |cbs|. It returns one on success and zero on error.
142 */
143int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
144
145/*
146 * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
147 * length-prefixed value from |cbs| and advances |cbs| over it. It returns one
148 * on success and zero on error.
149 */
150int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
151
152/*
153 * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
154 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
155 * returns one on success and zero on error.
156 */
157int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
158
159/*
160 * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
161 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
162 * returns one on success and zero on error.
163 */
164int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
165
166
167/* Parsing ASN.1 */
168
169/*
170 * While an identifier can be multiple octets, this library only handles the
171 * single octet variety currently. This limits support up to tag number 30
172 * since tag number 31 is a reserved value to indicate multiple octets.
173 */
174
175/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */
176#define CBS_ASN1_UNIVERSAL 0x00
177#define CBS_ASN1_APPLICATION 0x40
178#define CBS_ASN1_CONTEXT_SPECIFIC 0x80
179#define CBS_ASN1_PRIVATE 0xc0
180
181/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */
182#define CBS_ASN1_PRIMITIVE 0x00
183#define CBS_ASN1_CONSTRUCTED 0x20
184
185/*
186 * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of
187 * the universal class.
188 */
189
190/*
191 * Common universal identifier octets.
192 * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers.
193 *
194 * Note: These definitions are the cause of some of the strange behavior in
195 * CBS's bs_ber.c.
196 *
197 * In BER, it is the sender's option to use primitive or constructed for
198 * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1).
199 *
200 * In DER, bitstring and octetstring are required to be primitive
201 * (X.690 section 10.2).
202 */
203#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1)
204#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2)
205#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3)
206#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4)
207#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6)
208#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa)
209#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10)
210#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11)
211
212/*
213 * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
214 * including tag and length bytes) and advances |cbs| over it. The ASN.1
215 * element must match |tag_value|. It returns one on success and zero
216 * on error.
217 *
218 * Tag numbers greater than 30 are not supported (i.e. short form only).
219 */
220int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value);
221
222/*
223 * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
224 * ASN.1 header bytes too.
225 */
226int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value);
227
228/*
229 * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
230 * if the next ASN.1 element on |cbs| would have tag |tag_value|. If
231 * |cbs| is empty or the tag does not match, it returns zero. Note: if
232 * it returns one, CBS_get_asn1 may still fail if the rest of the
233 * element is malformed.
234 */
235int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value);
236
237/*
238 * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
239 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
240 * the tag number and |*out_header_len| to the length of the ASN.1 header.
241 * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore
242 * the value.
243 *
244 * Tag numbers greater than 30 are not supported (i.e. short form only).
245 */
246int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
247 size_t *out_header_len);
248
249/*
250 * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
251 * and sets |*out| to its value. It returns one on success and zero on error,
252 * where error includes the integer being negative, or too large to represent
253 * in 64 bits.
254 */
255int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
256
257/*
258 * CBS_get_optional_asn1 gets an optional explicitly-tagged element
259 * from |cbs| tagged with |tag| and sets |*out| to its contents. If
260 * present, it sets |*out_present| to one, otherwise zero. It returns
261 * one on success, whether or not the element was present, and zero on
262 * decode failure.
263 */
264int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
265 unsigned int tag);
266
267/*
268 * CBS_get_optional_asn1_octet_string gets an optional
269 * explicitly-tagged OCTET STRING from |cbs|. If present, it sets
270 * |*out| to the string and |*out_present| to one. Otherwise, it sets
271 * |*out| to empty and |*out_present| to zero. |out_present| may be
272 * NULL. It returns one on success, whether or not the element was
273 * present, and zero on decode failure.
274 */
275int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
276 unsigned int tag);
277
278/*
279 * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
280 * INTEGER from |cbs|. If present, it sets |*out| to the
281 * value. Otherwise, it sets |*out| to |default_value|. It returns one
282 * on success, whether or not the element was present, and zero on
283 * decode failure.
284 */
285int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
286 uint64_t default_value);
287
288/*
289 * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
290 * |cbs|. If present, it sets |*out| to either zero or one, based on the
291 * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
292 * success, whether or not the element was present, and zero on decode
293 * failure.
294 */
295int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
296 int default_value);
297
298
299/*
300 * CRYPTO ByteBuilder.
301 *
302 * |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
303 * object is associated with a buffer and new buffers are created with
304 * |CBB_init|. Several |CBB| objects can point at the same buffer when a
305 * length-prefix is pending, however only a single |CBB| can be 'current' at
306 * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
307 * the new |CBB| points at the same buffer as the original. But if the original
308 * |CBB| is used then the length prefix is written out and the new |CBB| must
309 * not be used again.
310 *
311 * If one needs to force a length prefix to be written out because a |CBB| is
312 * going out of scope, use |CBB_flush|.
313 */
314
315struct cbb_buffer_st {
316 uint8_t *buf;
317
318 /* The number of valid bytes. */
319 size_t len;
320
321 /* The size of buf. */
322 size_t cap;
323
324 /*
325 * One iff |buf| is owned by this object. If not then |buf| cannot be
326 * resized.
327 */
328 char can_resize;
329};
330
331typedef struct cbb_st {
332 struct cbb_buffer_st *base;
333
334 /*
335 * offset is the offset from the start of |base->buf| to the position of any
336 * pending length-prefix.
337 */
338 size_t offset;
339
340 /* child points to a child CBB if a length-prefix is pending. */
341 struct cbb_st *child;
342
343 /*
344 * pending_len_len contains the number of bytes in a pending length-prefix,
345 * or zero if no length-prefix is pending.
346 */
347 uint8_t pending_len_len;
348
349 char pending_is_asn1;
350
351 /*
352 * is_top_level is true iff this is a top-level |CBB| (as opposed to a child
353 * |CBB|). Top-level objects are valid arguments for |CBB_finish|.
354 */
355 char is_top_level;
356} CBB;
357
358/*
359 * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
360 * needed, the |initial_capacity| is just a hint. It returns one on success or
361 * zero on error.
362 */
363int CBB_init(CBB *cbb, size_t initial_capacity);
364
365/*
366 * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
367 * |buf| cannot grow, trying to write more than |len| bytes will cause CBB
368 * functions to fail. It returns one on success or zero on error.
369 */
370int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
371
372/*
373 * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
374 * writing to the same buffer. This should be used in an error case where a
375 * serialisation is abandoned.
376 */
377void CBB_cleanup(CBB *cbb);
378
379/*
380 * CBB_finish completes any pending length prefix and sets |*out_data| to a
381 * malloced buffer and |*out_len| to the length of that buffer. The caller
382 * takes ownership of the buffer and, unless the buffer was fixed with
383 * |CBB_init_fixed|, must call |free| when done.
384 *
385 * It can only be called on a "top level" |CBB|, i.e. one initialised with
386 * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
387 * error.
388 */
389int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
390
391/*
392 * CBB_flush causes any pending length prefixes to be written out and any child
393 * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero
394 * on error.
395 */
396int CBB_flush(CBB *cbb);
397
398/*
399 * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
400 * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
401 * length. It returns one on success or zero on error.
402 */
403int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
404
405/*
406 * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
407 * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
408 * big-endian length. It returns one on success or zero on error.
409 */
410int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
411
412/*
413 * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
414 * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
415 * big-endian length. It returns one on success or zero on error.
416 */
417int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
418
419/*
420 * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
421 * ASN.1 object can be written. The |tag| argument will be used as the tag for
422 * the object. Passing in |tag| number 31 will return in an error since only
423 * single octet identifiers are supported. It returns one on success or zero
424 * on error.
425 */
426int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag);
427
428/*
429 * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
430 * success and zero otherwise.
431 */
432int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
433
434/*
435 * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
436 * the beginning of that space. The caller must then write |len| bytes of
437 * actual contents to |*out_data|. It returns one on success and zero
438 * otherwise.
439 */
440int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
441
442/*
443 * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
444 * success and zero otherwise.
445 */
446int CBB_add_u8(CBB *cbb, size_t value);
447
448/*
449 * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It
450 * returns one on success and zero otherwise.
451 */
452int CBB_add_u16(CBB *cbb, size_t value);
453
454/*
455 * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
456 * returns one on success and zero otherwise.
457 */
458int CBB_add_u24(CBB *cbb, size_t value);
459
460/*
461 * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
462 * and writes |value| in its contents. It returns one on success and zero on
463 * error.
464 */
465int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
466
467#ifdef LIBRESSL_INTERNAL
468/*
469 * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two
470 * CBS that point to the same buffer.
471 */
472void CBS_dup(const CBS *cbs, CBS *out);
473
474/*
475 * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
476 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
477 * the tag number and |*out_header_len| to the length of the ASN.1 header. If
478 * strict mode is disabled and the element has indefinite length then |*out|
479 * will only contain the header. Each of |out|, |out_tag|, and
480 * |out_header_len| may be NULL to ignore the value.
481 *
482 * Tag numbers greater than 30 are not supported (i.e. short form only).
483 */
484int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
485 size_t *out_header_len, int strict);
486
487/*
488 * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it
489 * finds indefinite-length elements that otherwise appear to be valid DER, it
490 * attempts to convert the DER-like data to DER and sets |*out| and
491 * |*out_length| to describe a malloced buffer containing the DER data.
492 * Additionally, |*in| will be advanced over the ASN.1 data.
493 *
494 * If it doesn't find any indefinite-length elements then it sets |*out| to
495 * NULL and |*in| is unmodified.
496 *
497 * This is NOT a conversion from BER to DER. There are many restrictions when
498 * dealing with DER data. This is only concerned with one: indefinite vs.
499 * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output
500 * from NSS.
501 *
502 * It returns one on success and zero otherwise.
503 */
504int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len);
505#endif /* LIBRESSL_INTERNAL */
506
507#if defined(__cplusplus)
508} /* extern C */
509#endif
510
511#endif /* OPENSSL_HEADER_BYTESTRING_H */
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
deleted file mode 100644
index bce084f1ee..0000000000
--- a/src/lib/libssl/d1_both.c
+++ /dev/null
@@ -1,1374 +0,0 @@
1/* $OpenBSD: d1_both.c,v 1.39 2016/03/06 14:52:15 beck Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <stdio.h>
118#include <string.h>
119
120#include "ssl_locl.h"
121
122#include <openssl/buffer.h>
123#include <openssl/evp.h>
124#include <openssl/objects.h>
125#include <openssl/x509.h>
126
127#include "pqueue.h"
128#include "bytestring.h"
129
130#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
131
132#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
133 if ((end) - (start) <= 8) { \
134 long ii; \
135 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
136 } else { \
137 long ii; \
138 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
139 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
140 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
141 } }
142
143#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
144 long ii; \
145 OPENSSL_assert((msg_len) > 0); \
146 is_complete = 1; \
147 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
148 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
149 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
150
151static unsigned char bitmask_start_values[] = {
152 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80
153};
154static unsigned char bitmask_end_values[] = {
155 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f
156};
157
158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160
161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163 unsigned long frag_len);
164static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
165static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
166 unsigned long len, unsigned short seq_num, unsigned long frag_off,
167 unsigned long frag_len);
168static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
169 int *ok);
170
171static hm_fragment *
172dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
173{
174 hm_fragment *frag = NULL;
175 unsigned char *buf = NULL;
176 unsigned char *bitmask = NULL;
177
178 frag = malloc(sizeof(hm_fragment));
179 if (frag == NULL)
180 return NULL;
181
182 if (frag_len) {
183 buf = malloc(frag_len);
184 if (buf == NULL) {
185 free(frag);
186 return NULL;
187 }
188 }
189
190 /* zero length fragment gets zero frag->fragment */
191 frag->fragment = buf;
192
193 /* Initialize reassembly bitmask if necessary */
194 if (reassembly) {
195 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len));
196 if (bitmask == NULL) {
197 free(buf);
198 free(frag);
199 return NULL;
200 }
201 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
202 }
203
204 frag->reassembly = bitmask;
205
206 return frag;
207}
208
209static void
210dtls1_hm_fragment_free(hm_fragment *frag)
211{
212 if (frag == NULL)
213 return;
214
215 if (frag->msg_header.is_ccs) {
216 EVP_CIPHER_CTX_free(
217 frag->msg_header.saved_retransmit_state.enc_write_ctx);
218 EVP_MD_CTX_destroy(
219 frag->msg_header.saved_retransmit_state.write_hash);
220 }
221 free(frag->fragment);
222 free(frag->reassembly);
223 free(frag);
224}
225
226/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
227int
228dtls1_do_write(SSL *s, int type)
229{
230 int ret;
231 int curr_mtu;
232 unsigned int len, frag_off, mac_size, blocksize;
233
234 /* AHA! Figure out the MTU, and stick to the right size */
235 if (s->d1->mtu < dtls1_min_mtu() &&
236 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
237 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
238 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
239
240 /*
241 * I've seen the kernel return bogus numbers when it
242 * doesn't know the MTU (ie., the initial write), so just
243 * make sure we have a reasonable number
244 */
245 if (s->d1->mtu < dtls1_min_mtu()) {
246 s->d1->mtu = 0;
247 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
248 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
249 s->d1->mtu, NULL);
250 }
251 }
252
253 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
254 /* should have something reasonable now */
255
256 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
257 OPENSSL_assert(s->init_num ==
258 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
259
260 if (s->write_hash)
261 mac_size = EVP_MD_CTX_size(s->write_hash);
262 else
263 mac_size = 0;
264
265 if (s->enc_write_ctx &&
266 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
267 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
268 else
269 blocksize = 0;
270
271 frag_off = 0;
272 while (s->init_num) {
273 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
274 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
275
276 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
277 /* grr.. we could get an error if MTU picked was wrong */
278 ret = BIO_flush(SSL_get_wbio(s));
279 if (ret <= 0)
280 return ret;
281 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
282 mac_size - blocksize;
283 }
284
285 if (s->init_num > curr_mtu)
286 len = curr_mtu;
287 else
288 len = s->init_num;
289
290
291 /* XDTLS: this function is too long. split out the CCS part */
292 if (type == SSL3_RT_HANDSHAKE) {
293 if (s->init_off != 0) {
294 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
295 s->init_off -= DTLS1_HM_HEADER_LENGTH;
296 s->init_num += DTLS1_HM_HEADER_LENGTH;
297
298 if (s->init_num > curr_mtu)
299 len = curr_mtu;
300 else
301 len = s->init_num;
302 }
303
304 dtls1_fix_message_header(s, frag_off,
305 len - DTLS1_HM_HEADER_LENGTH);
306
307 dtls1_write_message_header(s,
308 (unsigned char *)&s->init_buf->data[s->init_off]);
309
310 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
311 }
312
313 ret = dtls1_write_bytes(s, type,
314 &s->init_buf->data[s->init_off], len);
315 if (ret < 0) {
316 /*
317 * Might need to update MTU here, but we don't know
318 * which previous packet caused the failure -- so
319 * can't really retransmit anything. continue as
320 * if everything is fine and wait for an alert to
321 * handle the retransmit
322 */
323 if (BIO_ctrl(SSL_get_wbio(s),
324 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
325 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
326 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
327 else
328 return (-1);
329 } else {
330
331 /*
332 * Bad if this assert fails, only part of the
333 * handshake message got sent. but why would
334 * this happen?
335 */
336 OPENSSL_assert(len == (unsigned int)ret);
337
338 if (type == SSL3_RT_HANDSHAKE &&
339 !s->d1->retransmitting) {
340 /*
341 * Should not be done for 'Hello Request's,
342 * but in that case we'll ignore the result
343 * anyway
344 */
345 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
346 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
347 int xlen;
348
349 if (frag_off == 0) {
350 /*
351 * Reconstruct message header is if it
352 * is being sent in single fragment
353 */
354 *p++ = msg_hdr->type;
355 l2n3(msg_hdr->msg_len, p);
356 s2n (msg_hdr->seq, p);
357 l2n3(0, p);
358 l2n3(msg_hdr->msg_len, p);
359 p -= DTLS1_HM_HEADER_LENGTH;
360 xlen = ret;
361 } else {
362 p += DTLS1_HM_HEADER_LENGTH;
363 xlen = ret - DTLS1_HM_HEADER_LENGTH;
364 }
365
366 tls1_finish_mac(s, p, xlen);
367 }
368
369 if (ret == s->init_num) {
370 if (s->msg_callback)
371 s->msg_callback(1, s->version, type,
372 s->init_buf->data,
373 (size_t)(s->init_off + s->init_num),
374 s, s->msg_callback_arg);
375
376 s->init_off = 0;
377 /* done writing this message */
378 s->init_num = 0;
379
380 return (1);
381 }
382 s->init_off += ret;
383 s->init_num -= ret;
384 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
385 }
386 }
387 return (0);
388}
389
390
391/*
392 * Obtain handshake message of message type 'mt' (any if mt == -1),
393 * maximum acceptable body length 'max'.
394 * Read an entire handshake message. Handshake messages arrive in
395 * fragments.
396 */
397long
398dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
399{
400 int i, al;
401 struct hm_header_st *msg_hdr;
402 unsigned char *p;
403 unsigned long msg_len;
404
405 /*
406 * s3->tmp is used to store messages that are unexpected, caused
407 * by the absence of an optional handshake message
408 */
409 if (s->s3->tmp.reuse_message) {
410 s->s3->tmp.reuse_message = 0;
411 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
412 al = SSL_AD_UNEXPECTED_MESSAGE;
413 SSLerr(SSL_F_DTLS1_GET_MESSAGE,
414 SSL_R_UNEXPECTED_MESSAGE);
415 goto f_err;
416 }
417 *ok = 1;
418 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
419 s->init_num = (int)s->s3->tmp.message_size;
420 return s->init_num;
421 }
422
423 msg_hdr = &s->d1->r_msg_hdr;
424 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
425
426again:
427 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
428 if (i == DTLS1_HM_BAD_FRAGMENT ||
429 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
430 goto again;
431 else if (i <= 0 && !*ok)
432 return i;
433
434 p = (unsigned char *)s->init_buf->data;
435 msg_len = msg_hdr->msg_len;
436
437 /* reconstruct message header */
438 *(p++) = msg_hdr->type;
439 l2n3(msg_len, p);
440 s2n (msg_hdr->seq, p);
441 l2n3(0, p);
442 l2n3(msg_len, p);
443
444 p -= DTLS1_HM_HEADER_LENGTH;
445 msg_len += DTLS1_HM_HEADER_LENGTH;
446
447 tls1_finish_mac(s, p, msg_len);
448 if (s->msg_callback)
449 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
450 s, s->msg_callback_arg);
451
452 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
453
454 /* Don't change sequence numbers while listening */
455 if (!s->d1->listen)
456 s->d1->handshake_read_seq++;
457
458 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
459 return s->init_num;
460
461f_err:
462 ssl3_send_alert(s, SSL3_AL_FATAL, al);
463 *ok = 0;
464 return -1;
465}
466
467
468static int
469dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
470{
471 size_t frag_off, frag_len, msg_len;
472
473 msg_len = msg_hdr->msg_len;
474 frag_off = msg_hdr->frag_off;
475 frag_len = msg_hdr->frag_len;
476
477 /* sanity checking */
478 if ((frag_off + frag_len) > msg_len) {
479 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
480 SSL_R_EXCESSIVE_MESSAGE_SIZE);
481 return SSL_AD_ILLEGAL_PARAMETER;
482 }
483
484 if ((frag_off + frag_len) > (unsigned long)max) {
485 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
486 SSL_R_EXCESSIVE_MESSAGE_SIZE);
487 return SSL_AD_ILLEGAL_PARAMETER;
488 }
489
490 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
491 {
492 /*
493 * msg_len is limited to 2^24, but is effectively checked
494 * against max above
495 */
496 if (!BUF_MEM_grow_clean(s->init_buf,
497 msg_len + DTLS1_HM_HEADER_LENGTH)) {
498 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
499 return SSL_AD_INTERNAL_ERROR;
500 }
501
502 s->s3->tmp.message_size = msg_len;
503 s->d1->r_msg_hdr.msg_len = msg_len;
504 s->s3->tmp.message_type = msg_hdr->type;
505 s->d1->r_msg_hdr.type = msg_hdr->type;
506 s->d1->r_msg_hdr.seq = msg_hdr->seq;
507 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
508 /*
509 * They must be playing with us! BTW, failure to enforce
510 * upper limit would open possibility for buffer overrun.
511 */
512 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
513 SSL_R_EXCESSIVE_MESSAGE_SIZE);
514 return SSL_AD_ILLEGAL_PARAMETER;
515 }
516
517 return 0; /* no error */
518}
519
520static int
521dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
522{
523 /*
524 * (0) check whether the desired fragment is available
525 * if so:
526 * (1) copy over the fragment to s->init_buf->data[]
527 * (2) update s->init_num
528 */
529 pitem *item;
530 hm_fragment *frag;
531 int al;
532
533 *ok = 0;
534 item = pqueue_peek(s->d1->buffered_messages);
535 if (item == NULL)
536 return 0;
537
538 frag = (hm_fragment *)item->data;
539
540 /* Don't return if reassembly still in progress */
541 if (frag->reassembly != NULL)
542 return 0;
543
544 if (s->d1->handshake_read_seq == frag->msg_header.seq) {
545 unsigned long frag_len = frag->msg_header.frag_len;
546 pqueue_pop(s->d1->buffered_messages);
547
548 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
549
550 if (al == 0) /* no alert */
551 {
552 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
553 memcpy(&p[frag->msg_header.frag_off],
554 frag->fragment, frag->msg_header.frag_len);
555 }
556
557 dtls1_hm_fragment_free(frag);
558 pitem_free(item);
559
560 if (al == 0) {
561 *ok = 1;
562 return frag_len;
563 }
564
565 ssl3_send_alert(s, SSL3_AL_FATAL, al);
566 s->init_num = 0;
567 *ok = 0;
568 return -1;
569 } else
570 return 0;
571}
572
573/*
574 * dtls1_max_handshake_message_len returns the maximum number of bytes
575 * permitted in a DTLS handshake message for |s|. The minimum is 16KB,
576 * but may be greater if the maximum certificate list size requires it.
577 */
578static unsigned long
579dtls1_max_handshake_message_len(const SSL *s)
580{
581 unsigned long max_len;
582
583 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
584 if (max_len < (unsigned long)s->max_cert_list)
585 return s->max_cert_list;
586 return max_len;
587}
588
589static int
590dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
591{
592 hm_fragment *frag = NULL;
593 pitem *item = NULL;
594 int i = -1, is_complete;
595 unsigned char seq64be[8];
596 unsigned long frag_len = msg_hdr->frag_len;
597
598 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
599 msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
600 goto err;
601
602 if (frag_len == 0) {
603 i = DTLS1_HM_FRAGMENT_RETRY;
604 goto err;
605 }
606
607 /* Try to find item in queue */
608 memset(seq64be, 0, sizeof(seq64be));
609 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
610 seq64be[7] = (unsigned char)msg_hdr->seq;
611 item = pqueue_find(s->d1->buffered_messages, seq64be);
612
613 if (item == NULL) {
614 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
615 if (frag == NULL)
616 goto err;
617 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
618 frag->msg_header.frag_len = frag->msg_header.msg_len;
619 frag->msg_header.frag_off = 0;
620 } else {
621 frag = (hm_fragment*)item->data;
622 if (frag->msg_header.msg_len != msg_hdr->msg_len) {
623 item = NULL;
624 frag = NULL;
625 goto err;
626 }
627 }
628
629 /*
630 * If message is already reassembled, this must be a
631 * retransmit and can be dropped.
632 */
633 if (frag->reassembly == NULL) {
634 unsigned char devnull [256];
635
636 while (frag_len) {
637 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
638 devnull, frag_len > sizeof(devnull) ?
639 sizeof(devnull) : frag_len, 0);
640 if (i <= 0)
641 goto err;
642 frag_len -= i;
643 }
644 i = DTLS1_HM_FRAGMENT_RETRY;
645 goto err;
646 }
647
648 /* read the body of the fragment (header has already been read */
649 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
650 frag->fragment + msg_hdr->frag_off, frag_len, 0);
651 if (i <= 0 || (unsigned long)i != frag_len)
652 goto err;
653
654 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
655 (long)(msg_hdr->frag_off + frag_len));
656
657 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
658 is_complete);
659
660 if (is_complete) {
661 free(frag->reassembly);
662 frag->reassembly = NULL;
663 }
664
665 if (item == NULL) {
666 memset(seq64be, 0, sizeof(seq64be));
667 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
668 seq64be[7] = (unsigned char)(msg_hdr->seq);
669
670 item = pitem_new(seq64be, frag);
671 if (item == NULL) {
672 i = -1;
673 goto err;
674 }
675
676 pqueue_insert(s->d1->buffered_messages, item);
677 }
678
679 return DTLS1_HM_FRAGMENT_RETRY;
680
681err:
682 if (item == NULL && frag != NULL)
683 dtls1_hm_fragment_free(frag);
684 *ok = 0;
685 return i;
686}
687
688
689static int
690dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
691{
692 int i = -1;
693 hm_fragment *frag = NULL;
694 pitem *item = NULL;
695 unsigned char seq64be[8];
696 unsigned long frag_len = msg_hdr->frag_len;
697
698 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
699 goto err;
700
701 /* Try to find item in queue, to prevent duplicate entries */
702 memset(seq64be, 0, sizeof(seq64be));
703 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
704 seq64be[7] = (unsigned char) msg_hdr->seq;
705 item = pqueue_find(s->d1->buffered_messages, seq64be);
706
707 /*
708 * If we already have an entry and this one is a fragment,
709 * don't discard it and rather try to reassemble it.
710 */
711 if (item != NULL && frag_len < msg_hdr->msg_len)
712 item = NULL;
713
714 /*
715 * Discard the message if sequence number was already there, is
716 * too far in the future, already in the queue or if we received
717 * a FINISHED before the SERVER_HELLO, which then must be a stale
718 * retransmit.
719 */
720 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
721 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
722 (s->d1->handshake_read_seq == 0 &&
723 msg_hdr->type == SSL3_MT_FINISHED)) {
724 unsigned char devnull [256];
725
726 while (frag_len) {
727 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
728 devnull, frag_len > sizeof(devnull) ?
729 sizeof(devnull) : frag_len, 0);
730 if (i <= 0)
731 goto err;
732 frag_len -= i;
733 }
734 } else {
735 if (frag_len < msg_hdr->msg_len)
736 return dtls1_reassemble_fragment(s, msg_hdr, ok);
737
738 if (frag_len > dtls1_max_handshake_message_len(s))
739 goto err;
740
741 frag = dtls1_hm_fragment_new(frag_len, 0);
742 if (frag == NULL)
743 goto err;
744
745 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
746
747 if (frag_len) {
748 /* read the body of the fragment (header has already been read */
749 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
750 frag->fragment, frag_len, 0);
751 if (i <= 0 || (unsigned long)i != frag_len)
752 goto err;
753 }
754
755 memset(seq64be, 0, sizeof(seq64be));
756 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
757 seq64be[7] = (unsigned char)(msg_hdr->seq);
758
759 item = pitem_new(seq64be, frag);
760 if (item == NULL)
761 goto err;
762
763 pqueue_insert(s->d1->buffered_messages, item);
764 }
765
766 return DTLS1_HM_FRAGMENT_RETRY;
767
768err:
769 if (item == NULL && frag != NULL)
770 dtls1_hm_fragment_free(frag);
771 *ok = 0;
772 return i;
773}
774
775
776static long
777dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
778{
779 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
780 unsigned long len, frag_off, frag_len;
781 int i, al;
782 struct hm_header_st msg_hdr;
783
784again:
785 /* see if we have the required fragment already */
786 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
787 if (*ok)
788 s->init_num = frag_len;
789 return frag_len;
790 }
791
792 /* read handshake message header */
793 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
794 DTLS1_HM_HEADER_LENGTH, 0);
795 if (i <= 0) /* nbio, or an error */
796 {
797 s->rwstate = SSL_READING;
798 *ok = 0;
799 return i;
800 }
801 /* Handshake fails if message header is incomplete */
802 if (i != DTLS1_HM_HEADER_LENGTH ||
803 /* parse the message fragment header */
804 dtls1_get_message_header(wire, &msg_hdr) == 0) {
805 al = SSL_AD_UNEXPECTED_MESSAGE;
806 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
807 SSL_R_UNEXPECTED_MESSAGE);
808 goto f_err;
809 }
810
811 /*
812 * if this is a future (or stale) message it gets buffered
813 * (or dropped)--no further processing at this time
814 * While listening, we accept seq 1 (ClientHello with cookie)
815 * although we're still expecting seq 0 (ClientHello)
816 */
817 if (msg_hdr.seq != s->d1->handshake_read_seq &&
818 !(s->d1->listen && msg_hdr.seq == 1))
819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
820
821 len = msg_hdr.msg_len;
822 frag_off = msg_hdr.frag_off;
823 frag_len = msg_hdr.frag_len;
824
825 if (frag_len && frag_len < len)
826 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
827
828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
829 wire[0] == SSL3_MT_HELLO_REQUEST) {
830 /*
831 * The server may always send 'Hello Request' messages --
832 * we are doing a handshake anyway now, so ignore them
833 * if their format is correct. Does not count for
834 * 'Finished' MAC.
835 */
836 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
837 if (s->msg_callback)
838 s->msg_callback(0, s->version,
839 SSL3_RT_HANDSHAKE, wire,
840 DTLS1_HM_HEADER_LENGTH, s,
841 s->msg_callback_arg);
842
843 s->init_num = 0;
844 goto again;
845 }
846 else /* Incorrectly formated Hello request */
847 {
848 al = SSL_AD_UNEXPECTED_MESSAGE;
849 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
850 SSL_R_UNEXPECTED_MESSAGE);
851 goto f_err;
852 }
853 }
854
855 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
856 goto f_err;
857
858 /* XDTLS: ressurect this when restart is in place */
859 s->state = stn;
860
861 if (frag_len > 0) {
862 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
863
864 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
865 &p[frag_off], frag_len, 0);
866 /* XDTLS: fix this--message fragments cannot span multiple packets */
867 if (i <= 0) {
868 s->rwstate = SSL_READING;
869 *ok = 0;
870 return i;
871 }
872 } else
873 i = 0;
874
875 /*
876 * XDTLS: an incorrectly formatted fragment should cause the
877 * handshake to fail
878 */
879 if (i != (int)frag_len) {
880 al = SSL3_AD_ILLEGAL_PARAMETER;
881 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
882 SSL3_AD_ILLEGAL_PARAMETER);
883 goto f_err;
884 }
885
886 *ok = 1;
887
888 /*
889 * Note that s->init_num is *not* used as current offset in
890 * s->init_buf->data, but as a counter summing up fragments'
891 * lengths: as soon as they sum up to handshake packet
892 * length, we assume we have got all the fragments.
893 */
894 s->init_num = frag_len;
895 return frag_len;
896
897f_err:
898 ssl3_send_alert(s, SSL3_AL_FATAL, al);
899 s->init_num = 0;
900
901 *ok = 0;
902 return (-1);
903}
904
905/*
906 * for these 2 messages, we need to
907 * ssl->enc_read_ctx re-init
908 * ssl->s3->read_sequence zero
909 * ssl->s3->read_mac_secret re-init
910 * ssl->session->read_sym_enc assign
911 * ssl->session->read_hash assign
912 */
913int
914dtls1_send_change_cipher_spec(SSL *s, int a, int b)
915{
916 unsigned char *p;
917
918 if (s->state == a) {
919 p = (unsigned char *)s->init_buf->data;
920 *p++=SSL3_MT_CCS;
921 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
922 s->init_num = DTLS1_CCS_HEADER_LENGTH;
923
924 s->init_off = 0;
925
926 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
927 s->d1->handshake_write_seq, 0, 0);
928
929 /* buffer the message to handle re-xmits */
930 dtls1_buffer_message(s, 1);
931
932 s->state = b;
933 }
934
935 /* SSL3_ST_CW_CHANGE_B */
936 return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
937}
938
939static int
940dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
941{
942 int n;
943 unsigned char *p;
944
945 n = i2d_X509(x, NULL);
946 if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
947 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
948 return 0;
949 }
950 p = (unsigned char *)&(buf->data[*l]);
951 l2n3(n, p);
952 i2d_X509(x, &p);
953 *l += n + 3;
954
955 return 1;
956}
957
958unsigned long
959dtls1_output_cert_chain(SSL *s, X509 *x)
960{
961 unsigned char *p;
962 int i;
963 unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
964 BUF_MEM *buf;
965
966 /* TLSv1 sends a chain with nothing in it, instead of an alert */
967 buf = s->init_buf;
968 if (!BUF_MEM_grow_clean(buf, 10)) {
969 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
970 return (0);
971 }
972 if (x != NULL) {
973 X509_STORE_CTX xs_ctx;
974
975 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
976 x, NULL)) {
977 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
978 return (0);
979 }
980
981 X509_verify_cert(&xs_ctx);
982 /* Don't leave errors in the queue */
983 ERR_clear_error();
984 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
985 x = sk_X509_value(xs_ctx.chain, i);
986
987 if (!dtls1_add_cert_to_buf(buf, &l, x)) {
988 X509_STORE_CTX_cleanup(&xs_ctx);
989 return 0;
990 }
991 }
992 X509_STORE_CTX_cleanup(&xs_ctx);
993 }
994 /* Thawte special :-) */
995 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
996 x = sk_X509_value(s->ctx->extra_certs, i);
997 if (!dtls1_add_cert_to_buf(buf, &l, x))
998 return 0;
999 }
1000
1001 l -= (3 + DTLS1_HM_HEADER_LENGTH);
1002
1003 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1004 l2n3(l, p);
1005 l += 3;
1006 p = (unsigned char *)&(buf->data[0]);
1007 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1008
1009 l += DTLS1_HM_HEADER_LENGTH;
1010 return (l);
1011}
1012
1013int
1014dtls1_read_failed(SSL *s, int code)
1015{
1016 if (code > 0) {
1017#ifdef DEBUG
1018 fprintf(stderr, "invalid state reached %s:%d",
1019 __FILE__, __LINE__);
1020#endif
1021 return 1;
1022 }
1023
1024 if (!dtls1_is_timer_expired(s)) {
1025 /*
1026 * not a timeout, none of our business, let higher layers
1027 * handle this. in fact it's probably an error
1028 */
1029 return code;
1030 }
1031
1032 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1033 {
1034 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1035 return code;
1036 }
1037
1038 return dtls1_handle_timeout(s);
1039}
1040
1041int
1042dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1043{
1044 /*
1045 * The index of the retransmission queue actually is the message
1046 * sequence number, since the queue only contains messages of a
1047 * single handshake. However, the ChangeCipherSpec has no message
1048 * sequence number and so using only the sequence will result in
1049 * the CCS and Finished having the same index. To prevent this, the
1050 * sequence number is multiplied by 2. In case of a CCS 1 is
1051 * subtracted. This does not only differ CSS and Finished, it also
1052 * maintains the order of the index (important for priority queues)
1053 * and fits in the unsigned short variable.
1054 */
1055 return seq * 2 - is_ccs;
1056}
1057
1058int
1059dtls1_retransmit_buffered_messages(SSL *s)
1060{
1061 pqueue sent = s->d1->sent_messages;
1062 piterator iter;
1063 pitem *item;
1064 hm_fragment *frag;
1065 int found = 0;
1066
1067 iter = pqueue_iterator(sent);
1068
1069 for (item = pqueue_next(&iter); item != NULL;
1070 item = pqueue_next(&iter)) {
1071 frag = (hm_fragment *)item->data;
1072 if (dtls1_retransmit_message(s,
1073 (unsigned short)dtls1_get_queue_priority(
1074 frag->msg_header.seq, frag->msg_header.is_ccs), 0,
1075 &found) <= 0 && found) {
1076#ifdef DEBUG
1077 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1078#endif
1079 return -1;
1080 }
1081 }
1082
1083 return 1;
1084}
1085
1086int
1087dtls1_buffer_message(SSL *s, int is_ccs)
1088{
1089 pitem *item;
1090 hm_fragment *frag;
1091 unsigned char seq64be[8];
1092
1093 /* Buffer the messsage in order to handle DTLS retransmissions. */
1094
1095 /*
1096 * This function is called immediately after a message has
1097 * been serialized
1098 */
1099 OPENSSL_assert(s->init_off == 0);
1100
1101 frag = dtls1_hm_fragment_new(s->init_num, 0);
1102 if (frag == NULL)
1103 return 0;
1104
1105 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1106
1107 if (is_ccs) {
1108 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1109 ((s->version == DTLS1_VERSION) ?
1110 DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1111 } else {
1112 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1113 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1114 }
1115
1116 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1117 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
1118 frag->msg_header.type = s->d1->w_msg_hdr.type;
1119 frag->msg_header.frag_off = 0;
1120 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1121 frag->msg_header.is_ccs = is_ccs;
1122
1123 /* save current state*/
1124 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1125 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1126 frag->msg_header.saved_retransmit_state.session = s->session;
1127 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1128
1129 memset(seq64be, 0, sizeof(seq64be));
1130 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
1131 frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
1132 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
1133 frag->msg_header.seq, frag->msg_header.is_ccs));
1134
1135 item = pitem_new(seq64be, frag);
1136 if (item == NULL) {
1137 dtls1_hm_fragment_free(frag);
1138 return 0;
1139 }
1140
1141 pqueue_insert(s->d1->sent_messages, item);
1142 return 1;
1143}
1144
1145int
1146dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1147 int *found)
1148{
1149 int ret;
1150 /* XDTLS: for now assuming that read/writes are blocking */
1151 pitem *item;
1152 hm_fragment *frag;
1153 unsigned long header_length;
1154 unsigned char seq64be[8];
1155 struct dtls1_retransmit_state saved_state;
1156 unsigned char save_write_sequence[8];
1157
1158 /*
1159 OPENSSL_assert(s->init_num == 0);
1160 OPENSSL_assert(s->init_off == 0);
1161 */
1162
1163 /* XDTLS: the requested message ought to be found, otherwise error */
1164 memset(seq64be, 0, sizeof(seq64be));
1165 seq64be[6] = (unsigned char)(seq >> 8);
1166 seq64be[7] = (unsigned char)seq;
1167
1168 item = pqueue_find(s->d1->sent_messages, seq64be);
1169 if (item == NULL) {
1170#ifdef DEBUG
1171 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1172#endif
1173 *found = 0;
1174 return 0;
1175 }
1176
1177 *found = 1;
1178 frag = (hm_fragment *)item->data;
1179
1180 if (frag->msg_header.is_ccs)
1181 header_length = DTLS1_CCS_HEADER_LENGTH;
1182 else
1183 header_length = DTLS1_HM_HEADER_LENGTH;
1184
1185 memcpy(s->init_buf->data, frag->fragment,
1186 frag->msg_header.msg_len + header_length);
1187 s->init_num = frag->msg_header.msg_len + header_length;
1188
1189 dtls1_set_message_header_int(s, frag->msg_header.type,
1190 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1191 frag->msg_header.frag_len);
1192
1193 /* save current state */
1194 saved_state.enc_write_ctx = s->enc_write_ctx;
1195 saved_state.write_hash = s->write_hash;
1196 saved_state.session = s->session;
1197 saved_state.epoch = s->d1->w_epoch;
1198
1199 s->d1->retransmitting = 1;
1200
1201 /* restore state in which the message was originally sent */
1202 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1203 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1204 s->session = frag->msg_header.saved_retransmit_state.session;
1205 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1206
1207 if (frag->msg_header.saved_retransmit_state.epoch ==
1208 saved_state.epoch - 1) {
1209 memcpy(save_write_sequence, s->s3->write_sequence,
1210 sizeof(s->s3->write_sequence));
1211 memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
1212 sizeof(s->s3->write_sequence));
1213 }
1214
1215 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1216 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1217
1218 /* restore current state */
1219 s->enc_write_ctx = saved_state.enc_write_ctx;
1220 s->write_hash = saved_state.write_hash;
1221 s->session = saved_state.session;
1222 s->d1->w_epoch = saved_state.epoch;
1223
1224 if (frag->msg_header.saved_retransmit_state.epoch ==
1225 saved_state.epoch - 1) {
1226 memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
1227 sizeof(s->s3->write_sequence));
1228 memcpy(s->s3->write_sequence, save_write_sequence,
1229 sizeof(s->s3->write_sequence));
1230 }
1231
1232 s->d1->retransmitting = 0;
1233
1234 (void)BIO_flush(SSL_get_wbio(s));
1235 return ret;
1236}
1237
1238/* call this function when the buffered messages are no longer needed */
1239void
1240dtls1_clear_record_buffer(SSL *s)
1241{
1242 pitem *item;
1243
1244 for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
1245 item = pqueue_pop(s->d1->sent_messages)) {
1246 dtls1_hm_fragment_free((hm_fragment *)item->data);
1247 pitem_free(item);
1248 }
1249}
1250
1251unsigned char *
1252dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1253 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1254{
1255 /* Don't change sequence numbers while listening */
1256 if (frag_off == 0 && !s->d1->listen) {
1257 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1258 s->d1->next_handshake_write_seq++;
1259 }
1260
1261 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1262 frag_off, frag_len);
1263
1264 return p += DTLS1_HM_HEADER_LENGTH;
1265}
1266
1267/* don't actually do the writing, wait till the MTU has been retrieved */
1268static void
1269dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1270 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1271{
1272 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1273
1274 msg_hdr->type = mt;
1275 msg_hdr->msg_len = len;
1276 msg_hdr->seq = seq_num;
1277 msg_hdr->frag_off = frag_off;
1278 msg_hdr->frag_len = frag_len;
1279}
1280
1281static void
1282dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1283{
1284 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1285
1286 msg_hdr->frag_off = frag_off;
1287 msg_hdr->frag_len = frag_len;
1288}
1289
1290static unsigned char *
1291dtls1_write_message_header(SSL *s, unsigned char *p)
1292{
1293 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1294
1295 *p++ = msg_hdr->type;
1296 l2n3(msg_hdr->msg_len, p);
1297
1298 s2n(msg_hdr->seq, p);
1299 l2n3(msg_hdr->frag_off, p);
1300 l2n3(msg_hdr->frag_len, p);
1301
1302 return p;
1303}
1304
1305unsigned int
1306dtls1_min_mtu(void)
1307{
1308 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1309 sizeof(g_probable_mtu[0])) - 1]);
1310}
1311
1312static unsigned int
1313dtls1_guess_mtu(unsigned int curr_mtu)
1314{
1315 unsigned int i;
1316
1317 if (curr_mtu == 0)
1318 return g_probable_mtu[0];
1319
1320 for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
1321 if (curr_mtu > g_probable_mtu[i])
1322 return g_probable_mtu[i];
1323
1324 return curr_mtu;
1325}
1326
1327int
1328dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1329{
1330 CBS header;
1331 uint32_t msg_len, frag_off, frag_len;
1332 uint16_t seq;
1333 uint8_t type;
1334
1335 CBS_init(&header, data, sizeof(*msg_hdr));
1336
1337 memset(msg_hdr, 0, sizeof(*msg_hdr));
1338
1339 if (!CBS_get_u8(&header, &type))
1340 return 0;
1341 if (!CBS_get_u24(&header, &msg_len))
1342 return 0;
1343 if (!CBS_get_u16(&header, &seq))
1344 return 0;
1345 if (!CBS_get_u24(&header, &frag_off))
1346 return 0;
1347 if (!CBS_get_u24(&header, &frag_len))
1348 return 0;
1349
1350 msg_hdr->type = type;
1351 msg_hdr->msg_len = msg_len;
1352 msg_hdr->seq = seq;
1353 msg_hdr->frag_off = frag_off;
1354 msg_hdr->frag_len = frag_len;
1355
1356 return 1;
1357}
1358
1359void
1360dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1361{
1362 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1363
1364 ccs_hdr->type = *(data++);
1365}
1366
1367int
1368dtls1_shutdown(SSL *s)
1369{
1370 int ret;
1371
1372 ret = ssl3_shutdown(s);
1373 return ret;
1374}
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
deleted file mode 100644
index e018874f0d..0000000000
--- a/src/lib/libssl/d1_clnt.c
+++ /dev/null
@@ -1,724 +0,0 @@
1/* $OpenBSD: d1_clnt.c,v 1.56 2016/03/11 07:08:45 mmcc Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <stdio.h>
118
119#include "ssl_locl.h"
120
121#include <openssl/bn.h>
122#include <openssl/buffer.h>
123#include <openssl/dh.h>
124#include <openssl/evp.h>
125#include <openssl/md5.h>
126#include <openssl/objects.h>
127
128#include "bytestring.h"
129
130static const SSL_METHOD *dtls1_get_client_method(int ver);
131static int dtls1_get_hello_verify(SSL *s);
132
133const SSL_METHOD DTLSv1_client_method_data = {
134 .version = DTLS1_VERSION,
135 .ssl_new = dtls1_new,
136 .ssl_clear = dtls1_clear,
137 .ssl_free = dtls1_free,
138 .ssl_accept = ssl_undefined_function,
139 .ssl_connect = dtls1_connect,
140 .ssl_read = ssl3_read,
141 .ssl_peek = ssl3_peek,
142 .ssl_write = ssl3_write,
143 .ssl_shutdown = dtls1_shutdown,
144 .ssl_renegotiate = ssl3_renegotiate,
145 .ssl_renegotiate_check = ssl3_renegotiate_check,
146 .ssl_get_message = dtls1_get_message,
147 .ssl_read_bytes = dtls1_read_bytes,
148 .ssl_write_bytes = dtls1_write_app_data_bytes,
149 .ssl_dispatch_alert = dtls1_dispatch_alert,
150 .ssl_ctrl = dtls1_ctrl,
151 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
152 .get_cipher_by_char = ssl3_get_cipher_by_char,
153 .put_cipher_by_char = ssl3_put_cipher_by_char,
154 .ssl_pending = ssl3_pending,
155 .num_ciphers = ssl3_num_ciphers,
156 .get_cipher = dtls1_get_cipher,
157 .get_ssl_method = dtls1_get_client_method,
158 .get_timeout = dtls1_default_timeout,
159 .ssl3_enc = &DTLSv1_enc_data,
160 .ssl_version = ssl_undefined_void_function,
161 .ssl_callback_ctrl = ssl3_callback_ctrl,
162 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
163};
164
165const SSL_METHOD *
166DTLSv1_client_method(void)
167{
168 return &DTLSv1_client_method_data;
169}
170
171static const SSL_METHOD *
172dtls1_get_client_method(int ver)
173{
174 if (ver == DTLS1_VERSION)
175 return (DTLSv1_client_method());
176 return (NULL);
177}
178
179int
180dtls1_connect(SSL *s)
181{
182 void (*cb)(const SSL *ssl, int type, int val) = NULL;
183 int ret = -1;
184 int new_state, state, skip = 0;
185
186 ERR_clear_error();
187 errno = 0;
188
189 if (s->info_callback != NULL)
190 cb = s->info_callback;
191 else if (s->ctx->info_callback != NULL)
192 cb = s->ctx->info_callback;
193
194 s->in_handshake++;
195 if (!SSL_in_init(s) || SSL_in_before(s))
196 SSL_clear(s);
197
198
199 for (;;) {
200 state = s->state;
201
202 switch (s->state) {
203 case SSL_ST_RENEGOTIATE:
204 s->renegotiate = 1;
205 s->state = SSL_ST_CONNECT;
206 s->ctx->stats.sess_connect_renegotiate++;
207 /* break */
208 case SSL_ST_BEFORE:
209 case SSL_ST_CONNECT:
210 case SSL_ST_BEFORE|SSL_ST_CONNECT:
211 case SSL_ST_OK|SSL_ST_CONNECT:
212
213 s->server = 0;
214 if (cb != NULL)
215 cb(s, SSL_CB_HANDSHAKE_START, 1);
216
217 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) {
218 SSLerr(SSL_F_DTLS1_CONNECT,
219 ERR_R_INTERNAL_ERROR);
220 ret = -1;
221 goto end;
222 }
223
224 /* s->version=SSL3_VERSION; */
225 s->type = SSL_ST_CONNECT;
226
227 if (!ssl3_setup_init_buffer(s)) {
228 ret = -1;
229 goto end;
230 }
231 if (!ssl3_setup_buffers(s)) {
232 ret = -1;
233 goto end;
234 }
235 if (!ssl_init_wbio_buffer(s, 0)) {
236 ret = -1;
237 goto end;
238 }
239
240 /* don't push the buffering BIO quite yet */
241
242 s->state = SSL3_ST_CW_CLNT_HELLO_A;
243 s->ctx->stats.sess_connect++;
244 s->init_num = 0;
245 /* mark client_random uninitialized */
246 memset(s->s3->client_random, 0,
247 sizeof(s->s3->client_random));
248 s->d1->send_cookie = 0;
249 s->hit = 0;
250 break;
251
252
253 case SSL3_ST_CW_CLNT_HELLO_A:
254 case SSL3_ST_CW_CLNT_HELLO_B:
255
256 s->shutdown = 0;
257
258 /* every DTLS ClientHello resets Finished MAC */
259 if (!tls1_init_finished_mac(s)) {
260 ret = -1;
261 goto end;
262 }
263
264 dtls1_start_timer(s);
265 ret = ssl3_client_hello(s);
266 if (ret <= 0)
267 goto end;
268
269 if (s->d1->send_cookie) {
270 s->state = SSL3_ST_CW_FLUSH;
271 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
272 } else
273 s->state = SSL3_ST_CR_SRVR_HELLO_A;
274
275 s->init_num = 0;
276
277 /* turn on buffering for the next lot of output */
278 if (s->bbio != s->wbio)
279 s->wbio = BIO_push(s->bbio, s->wbio);
280
281 break;
282
283 case SSL3_ST_CR_SRVR_HELLO_A:
284 case SSL3_ST_CR_SRVR_HELLO_B:
285 ret = ssl3_get_server_hello(s);
286 if (ret <= 0)
287 goto end;
288 else {
289 if (s->hit) {
290
291 s->state = SSL3_ST_CR_FINISHED_A;
292 } else
293 s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
294 }
295 s->init_num = 0;
296 break;
297
298 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
299 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
300
301 ret = dtls1_get_hello_verify(s);
302 if (ret <= 0)
303 goto end;
304 dtls1_stop_timer(s);
305 if ( s->d1->send_cookie) /* start again, with a cookie */
306 s->state = SSL3_ST_CW_CLNT_HELLO_A;
307 else
308 s->state = SSL3_ST_CR_CERT_A;
309 s->init_num = 0;
310 break;
311
312 case SSL3_ST_CR_CERT_A:
313 case SSL3_ST_CR_CERT_B:
314 ret = ssl3_check_finished(s);
315 if (ret <= 0)
316 goto end;
317 if (ret == 2) {
318 s->hit = 1;
319 if (s->tlsext_ticket_expected)
320 s->state = SSL3_ST_CR_SESSION_TICKET_A;
321 else
322 s->state = SSL3_ST_CR_FINISHED_A;
323 s->init_num = 0;
324 break;
325 }
326 /* Check if it is anon DH. */
327 if (!(s->s3->tmp.new_cipher->algorithm_auth &
328 SSL_aNULL)) {
329 ret = ssl3_get_server_certificate(s);
330 if (ret <= 0)
331 goto end;
332 if (s->tlsext_status_expected)
333 s->state = SSL3_ST_CR_CERT_STATUS_A;
334 else
335 s->state = SSL3_ST_CR_KEY_EXCH_A;
336 } else {
337 skip = 1;
338 s->state = SSL3_ST_CR_KEY_EXCH_A;
339 }
340 s->init_num = 0;
341 break;
342
343 case SSL3_ST_CR_KEY_EXCH_A:
344 case SSL3_ST_CR_KEY_EXCH_B:
345 ret = ssl3_get_key_exchange(s);
346 if (ret <= 0)
347 goto end;
348 s->state = SSL3_ST_CR_CERT_REQ_A;
349 s->init_num = 0;
350
351 /* at this point we check that we have the
352 * required stuff from the server */
353 if (!ssl3_check_cert_and_algorithm(s)) {
354 ret = -1;
355 goto end;
356 }
357 break;
358
359 case SSL3_ST_CR_CERT_REQ_A:
360 case SSL3_ST_CR_CERT_REQ_B:
361 ret = ssl3_get_certificate_request(s);
362 if (ret <= 0)
363 goto end;
364 s->state = SSL3_ST_CR_SRVR_DONE_A;
365 s->init_num = 0;
366 break;
367
368 case SSL3_ST_CR_SRVR_DONE_A:
369 case SSL3_ST_CR_SRVR_DONE_B:
370 ret = ssl3_get_server_done(s);
371 if (ret <= 0)
372 goto end;
373 dtls1_stop_timer(s);
374 if (s->s3->tmp.cert_req)
375 s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
376 else
377 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
378 s->init_num = 0;
379 s->state = s->s3->tmp.next_state;
380 break;
381
382 case SSL3_ST_CW_CERT_A:
383 case SSL3_ST_CW_CERT_B:
384 case SSL3_ST_CW_CERT_C:
385 case SSL3_ST_CW_CERT_D:
386 dtls1_start_timer(s);
387 ret = dtls1_send_client_certificate(s);
388 if (ret <= 0)
389 goto end;
390 s->state = SSL3_ST_CW_KEY_EXCH_A;
391 s->init_num = 0;
392 break;
393
394 case SSL3_ST_CW_KEY_EXCH_A:
395 case SSL3_ST_CW_KEY_EXCH_B:
396 dtls1_start_timer(s);
397 ret = ssl3_send_client_key_exchange(s);
398 if (ret <= 0)
399 goto end;
400
401 /* EAY EAY EAY need to check for DH fix cert
402 * sent back */
403 /* For TLS, cert_req is set to 2, so a cert chain
404 * of nothing is sent, but no verify packet is sent */
405 if (s->s3->tmp.cert_req == 1) {
406 s->state = SSL3_ST_CW_CERT_VRFY_A;
407 } else {
408 s->state = SSL3_ST_CW_CHANGE_A;
409 s->s3->change_cipher_spec = 0;
410 }
411
412 s->init_num = 0;
413 break;
414
415 case SSL3_ST_CW_CERT_VRFY_A:
416 case SSL3_ST_CW_CERT_VRFY_B:
417 dtls1_start_timer(s);
418 ret = ssl3_send_client_verify(s);
419 if (ret <= 0)
420 goto end;
421 s->state = SSL3_ST_CW_CHANGE_A;
422 s->init_num = 0;
423 s->s3->change_cipher_spec = 0;
424 break;
425
426 case SSL3_ST_CW_CHANGE_A:
427 case SSL3_ST_CW_CHANGE_B:
428 if (!s->hit)
429 dtls1_start_timer(s);
430 ret = dtls1_send_change_cipher_spec(s,
431 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
432 if (ret <= 0)
433 goto end;
434
435 s->state = SSL3_ST_CW_FINISHED_A;
436 s->init_num = 0;
437
438 s->session->cipher = s->s3->tmp.new_cipher;
439 if (!s->method->ssl3_enc->setup_key_block(s)) {
440 ret = -1;
441 goto end;
442 }
443
444 if (!s->method->ssl3_enc->change_cipher_state(s,
445 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
446 ret = -1;
447 goto end;
448 }
449
450
451 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
452 break;
453
454 case SSL3_ST_CW_FINISHED_A:
455 case SSL3_ST_CW_FINISHED_B:
456 if (!s->hit)
457 dtls1_start_timer(s);
458 ret = ssl3_send_finished(s,
459 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
460 s->method->ssl3_enc->client_finished_label,
461 s->method->ssl3_enc->client_finished_label_len);
462 if (ret <= 0)
463 goto end;
464 s->state = SSL3_ST_CW_FLUSH;
465
466 /* clear flags */
467 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
468 if (s->hit) {
469 s->s3->tmp.next_state = SSL_ST_OK;
470 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
471 s->state = SSL_ST_OK;
472 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
473 s->s3->delay_buf_pop_ret = 0;
474 }
475 } else {
476
477 /* Allow NewSessionTicket if ticket expected */
478 if (s->tlsext_ticket_expected)
479 s->s3->tmp.next_state =
480 SSL3_ST_CR_SESSION_TICKET_A;
481 else
482 s->s3->tmp.next_state =
483 SSL3_ST_CR_FINISHED_A;
484 }
485 s->init_num = 0;
486 break;
487
488 case SSL3_ST_CR_SESSION_TICKET_A:
489 case SSL3_ST_CR_SESSION_TICKET_B:
490 ret = ssl3_get_new_session_ticket(s);
491 if (ret <= 0)
492 goto end;
493 s->state = SSL3_ST_CR_FINISHED_A;
494 s->init_num = 0;
495 break;
496
497 case SSL3_ST_CR_CERT_STATUS_A:
498 case SSL3_ST_CR_CERT_STATUS_B:
499 ret = ssl3_get_cert_status(s);
500 if (ret <= 0)
501 goto end;
502 s->state = SSL3_ST_CR_KEY_EXCH_A;
503 s->init_num = 0;
504 break;
505
506 case SSL3_ST_CR_FINISHED_A:
507 case SSL3_ST_CR_FINISHED_B:
508 s->d1->change_cipher_spec_ok = 1;
509 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
510 SSL3_ST_CR_FINISHED_B);
511 if (ret <= 0)
512 goto end;
513 dtls1_stop_timer(s);
514
515 if (s->hit)
516 s->state = SSL3_ST_CW_CHANGE_A;
517 else
518 s->state = SSL_ST_OK;
519
520
521 s->init_num = 0;
522 break;
523
524 case SSL3_ST_CW_FLUSH:
525 s->rwstate = SSL_WRITING;
526 if (BIO_flush(s->wbio) <= 0) {
527 /* If the write error was fatal, stop trying */
528 if (!BIO_should_retry(s->wbio)) {
529 s->rwstate = SSL_NOTHING;
530 s->state = s->s3->tmp.next_state;
531 }
532
533 ret = -1;
534 goto end;
535 }
536 s->rwstate = SSL_NOTHING;
537 s->state = s->s3->tmp.next_state;
538 break;
539
540 case SSL_ST_OK:
541 /* clean a few things up */
542 tls1_cleanup_key_block(s);
543
544 /* If we are not 'joining' the last two packets,
545 * remove the buffering now */
546 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
547 ssl_free_wbio_buffer(s);
548 /* else do it later in ssl3_write */
549
550 s->init_num = 0;
551 s->renegotiate = 0;
552 s->new_session = 0;
553
554 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
555 if (s->hit)
556 s->ctx->stats.sess_hit++;
557
558 ret = 1;
559 /* s->server=0; */
560 s->handshake_func = dtls1_connect;
561 s->ctx->stats.sess_connect_good++;
562
563 if (cb != NULL)
564 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
565
566 /* done with handshaking */
567 s->d1->handshake_read_seq = 0;
568 s->d1->next_handshake_write_seq = 0;
569 goto end;
570 /* break; */
571
572 default:
573 SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
574 ret = -1;
575 goto end;
576 /* break; */
577 }
578
579 /* did we do anything */
580 if (!s->s3->tmp.reuse_message && !skip) {
581 if (s->debug) {
582 if ((ret = BIO_flush(s->wbio)) <= 0)
583 goto end;
584 }
585
586 if ((cb != NULL) && (s->state != state)) {
587 new_state = s->state;
588 s->state = state;
589 cb(s, SSL_CB_CONNECT_LOOP, 1);
590 s->state = new_state;
591 }
592 }
593 skip = 0;
594 }
595
596end:
597 s->in_handshake--;
598 if (cb != NULL)
599 cb(s, SSL_CB_CONNECT_EXIT, ret);
600
601 return (ret);
602}
603
604static int
605dtls1_get_hello_verify(SSL *s)
606{
607 long n;
608 int al, ok = 0;
609 size_t cookie_len;
610 uint16_t ssl_version;
611 CBS hello_verify_request, cookie;
612
613 n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
614 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok);
615
616 if (!ok)
617 return ((int)n);
618
619 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
620 s->d1->send_cookie = 0;
621 s->s3->tmp.reuse_message = 1;
622 return (1);
623 }
624
625 if (n < 0)
626 goto truncated;
627
628 CBS_init(&hello_verify_request, s->init_msg, n);
629
630 if (!CBS_get_u16(&hello_verify_request, &ssl_version))
631 goto truncated;
632
633 if (ssl_version != s->version) {
634 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
635 s->version = (s->version & 0xff00) | (ssl_version & 0xff);
636 al = SSL_AD_PROTOCOL_VERSION;
637 goto f_err;
638 }
639
640 if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
641 goto truncated;
642
643 if (!CBS_write_bytes(&cookie, s->d1->cookie,
644 sizeof(s->d1->cookie), &cookie_len)) {
645 s->d1->cookie_len = 0;
646 al = SSL_AD_ILLEGAL_PARAMETER;
647 goto f_err;
648 }
649 s->d1->cookie_len = cookie_len;
650 s->d1->send_cookie = 1;
651
652 return 1;
653
654truncated:
655 al = SSL_AD_DECODE_ERROR;
656f_err:
657 ssl3_send_alert(s, SSL3_AL_FATAL, al);
658 return -1;
659}
660
661int
662dtls1_send_client_certificate(SSL *s)
663{
664 X509 *x509 = NULL;
665 EVP_PKEY *pkey = NULL;
666 int i;
667 unsigned long l;
668
669 if (s->state == SSL3_ST_CW_CERT_A) {
670 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
671 (s->cert->key->privatekey == NULL))
672 s->state = SSL3_ST_CW_CERT_B;
673 else
674 s->state = SSL3_ST_CW_CERT_C;
675 }
676
677 /* We need to get a client cert */
678 if (s->state == SSL3_ST_CW_CERT_B) {
679 /* If we get an error, we need to
680 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
681 * We then get retied later */
682 i = 0;
683 i = ssl_do_client_cert_cb(s, &x509, &pkey);
684 if (i < 0) {
685 s->rwstate = SSL_X509_LOOKUP;
686 return (-1);
687 }
688 s->rwstate = SSL_NOTHING;
689 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
690 s->state = SSL3_ST_CW_CERT_B;
691 if (!SSL_use_certificate(s, x509) ||
692 !SSL_use_PrivateKey(s, pkey))
693 i = 0;
694 } else if (i == 1) {
695 i = 0;
696 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
697 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
698 }
699
700 X509_free(x509);
701 EVP_PKEY_free(pkey);
702 if (i == 0)
703 s->s3->tmp.cert_req = 2;
704
705 /* Ok, we have a cert */
706 s->state = SSL3_ST_CW_CERT_C;
707 }
708
709 if (s->state == SSL3_ST_CW_CERT_C) {
710 s->state = SSL3_ST_CW_CERT_D;
711 l = dtls1_output_cert_chain(s,
712 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
713 s->init_num = (int)l;
714 s->init_off = 0;
715
716 /* set header called by dtls1_output_cert_chain() */
717
718 /* buffer the message to handle re-xmits */
719 dtls1_buffer_message(s, 0);
720 }
721
722 /* SSL3_ST_CW_CERT_D */
723 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
724}
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index 8445ceb10f..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,212 +0,0 @@
1/* $OpenBSD: d1_enc.c,v 1.11 2016/03/06 14:52:15 beck Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117
118#include "ssl_locl.h"
119
120#include <openssl/evp.h>
121#include <openssl/hmac.h>
122#include <openssl/md5.h>
123
124/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
125 *
126 * Returns:
127 * 0: (in non-constant time) if the record is publically invalid (i.e. too
128 * short etc).
129 * 1: if the record's padding is valid / the encryption was successful.
130 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
131 * an internal error occured. */
132int
133dtls1_enc(SSL *s, int send)
134{
135 SSL3_RECORD *rec;
136 EVP_CIPHER_CTX *ds;
137 unsigned long l;
138 int bs, i, j, k, mac_size = 0;
139 const EVP_CIPHER *enc;
140
141 if (send) {
142 if (EVP_MD_CTX_md(s->write_hash)) {
143 mac_size = EVP_MD_CTX_size(s->write_hash);
144 if (mac_size < 0)
145 return -1;
146 }
147 ds = s->enc_write_ctx;
148 rec = &(s->s3->wrec);
149 if (s->enc_write_ctx == NULL)
150 enc = NULL;
151 else {
152 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
153 if (rec->data != rec->input) {
154#ifdef DEBUG
155 /* we can't write into the input stream */
156 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
157 __FILE__, __LINE__);
158#endif
159 } else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
160 arc4random_buf(rec->input,
161 EVP_CIPHER_block_size(ds->cipher));
162 }
163 }
164 } else {
165 if (EVP_MD_CTX_md(s->read_hash)) {
166 mac_size = EVP_MD_CTX_size(s->read_hash);
167 OPENSSL_assert(mac_size >= 0);
168 }
169 ds = s->enc_read_ctx;
170 rec = &(s->s3->rrec);
171 if (s->enc_read_ctx == NULL)
172 enc = NULL;
173 else
174 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
175 }
176
177
178 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
179 memmove(rec->data, rec->input, rec->length);
180 rec->input = rec->data;
181 } else {
182 l = rec->length;
183 bs = EVP_CIPHER_block_size(ds->cipher);
184
185 if ((bs != 1) && send) {
186 i = bs - ((int)l % bs);
187
188 /* Add weird padding of upto 256 bytes */
189
190 /* we need to add 'i' padding bytes of value j */
191 j = i - 1;
192 for (k = (int)l; k < (int)(l + i); k++)
193 rec->input[k] = j;
194 l += i;
195 rec->length += i;
196 }
197
198
199 if (!send) {
200 if (l == 0 || l % bs != 0)
201 return 0;
202 }
203
204 EVP_Cipher(ds, rec->data, rec->input, l);
205
206
207 if ((bs != 1) && !send)
208 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
209 }
210 return (1);
211}
212
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
deleted file mode 100644
index 23a7021d35..0000000000
--- a/src/lib/libssl/d1_lib.c
+++ /dev/null
@@ -1,468 +0,0 @@
1/* $OpenBSD: d1_lib.c,v 1.33 2016/02/29 06:48:03 mmcc Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <sys/types.h>
61#include <sys/socket.h>
62#include <sys/time.h>
63
64#include <netinet/in.h>
65
66#include <stdio.h>
67
68#include <openssl/objects.h>
69
70#include "pqueue.h"
71#include "ssl_locl.h"
72
73int dtls1_listen(SSL *s, struct sockaddr *client);
74
75SSL3_ENC_METHOD DTLSv1_enc_data = {
76 .enc = dtls1_enc,
77 .mac = tls1_mac,
78 .setup_key_block = tls1_setup_key_block,
79 .generate_master_secret = tls1_generate_master_secret,
80 .change_cipher_state = tls1_change_cipher_state,
81 .final_finish_mac = tls1_final_finish_mac,
82 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
83 .cert_verify_mac = tls1_cert_verify_mac,
84 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
85 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
86 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
87 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
88 .alert_value = tls1_alert_code,
89 .export_keying_material = tls1_export_keying_material,
90 .enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
91};
92
93long
94dtls1_default_timeout(void)
95{
96 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
97 * is way too long for http, the cache would over fill */
98 return (60*60*2);
99}
100
101int
102dtls1_new(SSL *s)
103{
104 DTLS1_STATE *d1;
105
106 if (!ssl3_new(s))
107 return (0);
108 if ((d1 = calloc(1, sizeof *d1)) == NULL) {
109 ssl3_free(s);
110 return (0);
111 }
112
113 /* d1->handshake_epoch=0; */
114
115 d1->unprocessed_rcds.q = pqueue_new();
116 d1->processed_rcds.q = pqueue_new();
117 d1->buffered_messages = pqueue_new();
118 d1->sent_messages = pqueue_new();
119 d1->buffered_app_data.q = pqueue_new();
120
121 if (s->server) {
122 d1->cookie_len = sizeof(s->d1->cookie);
123 }
124
125 if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||
126 !d1->buffered_messages || !d1->sent_messages ||
127 !d1->buffered_app_data.q) {
128 pqueue_free(d1->unprocessed_rcds.q);
129 pqueue_free(d1->processed_rcds.q);
130 pqueue_free(d1->buffered_messages);
131 pqueue_free(d1->sent_messages);
132 pqueue_free(d1->buffered_app_data.q);
133 free(d1);
134 ssl3_free(s);
135 return (0);
136 }
137
138 s->d1 = d1;
139 s->method->ssl_clear(s);
140 return (1);
141}
142
143static void
144dtls1_clear_queues(SSL *s)
145{
146 pitem *item = NULL;
147 hm_fragment *frag = NULL;
148 DTLS1_RECORD_DATA *rdata;
149
150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 free(rdata->rbuf.buf);
153 free(item->data);
154 pitem_free(item);
155 }
156
157 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
158 rdata = (DTLS1_RECORD_DATA *) item->data;
159 free(rdata->rbuf.buf);
160 free(item->data);
161 pitem_free(item);
162 }
163
164 while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
165 frag = (hm_fragment *)item->data;
166 free(frag->fragment);
167 free(frag);
168 pitem_free(item);
169 }
170
171 while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
172 frag = (hm_fragment *)item->data;
173 free(frag->fragment);
174 free(frag);
175 pitem_free(item);
176 }
177
178 while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
179 rdata = (DTLS1_RECORD_DATA *) item->data;
180 free(rdata->rbuf.buf);
181 free(item->data);
182 pitem_free(item);
183 }
184}
185
186void
187dtls1_free(SSL *s)
188{
189 if (s == NULL)
190 return;
191
192 ssl3_free(s);
193
194 dtls1_clear_queues(s);
195
196 pqueue_free(s->d1->unprocessed_rcds.q);
197 pqueue_free(s->d1->processed_rcds.q);
198 pqueue_free(s->d1->buffered_messages);
199 pqueue_free(s->d1->sent_messages);
200 pqueue_free(s->d1->buffered_app_data.q);
201
202 explicit_bzero(s->d1, sizeof *s->d1);
203 free(s->d1);
204 s->d1 = NULL;
205}
206
207void
208dtls1_clear(SSL *s)
209{
210 pqueue unprocessed_rcds;
211 pqueue processed_rcds;
212 pqueue buffered_messages;
213 pqueue sent_messages;
214 pqueue buffered_app_data;
215 unsigned int mtu;
216
217 if (s->d1) {
218 unprocessed_rcds = s->d1->unprocessed_rcds.q;
219 processed_rcds = s->d1->processed_rcds.q;
220 buffered_messages = s->d1->buffered_messages;
221 sent_messages = s->d1->sent_messages;
222 buffered_app_data = s->d1->buffered_app_data.q;
223 mtu = s->d1->mtu;
224
225 dtls1_clear_queues(s);
226
227 memset(s->d1, 0, sizeof(*(s->d1)));
228
229 if (s->server) {
230 s->d1->cookie_len = sizeof(s->d1->cookie);
231 }
232
233 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
234 s->d1->mtu = mtu;
235 }
236
237 s->d1->unprocessed_rcds.q = unprocessed_rcds;
238 s->d1->processed_rcds.q = processed_rcds;
239 s->d1->buffered_messages = buffered_messages;
240 s->d1->sent_messages = sent_messages;
241 s->d1->buffered_app_data.q = buffered_app_data;
242 }
243
244 ssl3_clear(s);
245
246 s->version = DTLS1_VERSION;
247}
248
249long
250dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
251{
252 int ret = 0;
253
254 switch (cmd) {
255 case DTLS_CTRL_GET_TIMEOUT:
256 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) {
257 ret = 1;
258 }
259 break;
260 case DTLS_CTRL_HANDLE_TIMEOUT:
261 ret = dtls1_handle_timeout(s);
262 break;
263 case DTLS_CTRL_LISTEN:
264 ret = dtls1_listen(s, parg);
265 break;
266
267 default:
268 ret = ssl3_ctrl(s, cmd, larg, parg);
269 break;
270 }
271 return (ret);
272}
273
274/*
275 * As it's impossible to use stream ciphers in "datagram" mode, this
276 * simple filter is designed to disengage them in DTLS. Unfortunately
277 * there is no universal way to identify stream SSL_CIPHER, so we have
278 * to explicitly list their SSL_* codes. Currently RC4 is the only one
279 * available, but if new ones emerge, they will have to be added...
280 */
281const SSL_CIPHER *
282dtls1_get_cipher(unsigned int u)
283{
284 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
285
286 if (ciph != NULL) {
287 if (ciph->algorithm_enc == SSL_RC4)
288 return NULL;
289 }
290
291 return ciph;
292}
293
294void
295dtls1_start_timer(SSL *s)
296{
297
298 /* If timer is not set, initialize duration with 1 second */
299 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
300 s->d1->timeout_duration = 1;
301 }
302
303 /* Set timeout to current time */
304 gettimeofday(&(s->d1->next_timeout), NULL);
305
306 /* Add duration to current time */
307 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
308 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
309 &(s->d1->next_timeout));
310}
311
312struct timeval*
313dtls1_get_timeout(SSL *s, struct timeval* timeleft)
314{
315 struct timeval timenow;
316
317 /* If no timeout is set, just return NULL */
318 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
319 return NULL;
320 }
321
322 /* Get current time */
323 gettimeofday(&timenow, NULL);
324
325 /* If timer already expired, set remaining time to 0 */
326 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
327 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
328 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
329 memset(timeleft, 0, sizeof(struct timeval));
330 return timeleft;
331 }
332
333 /* Calculate time left until timer expires */
334 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
335 timeleft->tv_sec -= timenow.tv_sec;
336 timeleft->tv_usec -= timenow.tv_usec;
337 if (timeleft->tv_usec < 0) {
338 timeleft->tv_sec--;
339 timeleft->tv_usec += 1000000;
340 }
341
342 /* If remaining time is less than 15 ms, set it to 0
343 * to prevent issues because of small devergences with
344 * socket timeouts.
345 */
346 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
347 memset(timeleft, 0, sizeof(struct timeval));
348 }
349
350
351 return timeleft;
352}
353
354int
355dtls1_is_timer_expired(SSL *s)
356{
357 struct timeval timeleft;
358
359 /* Get time left until timeout, return false if no timer running */
360 if (dtls1_get_timeout(s, &timeleft) == NULL) {
361 return 0;
362 }
363
364 /* Return false if timer is not expired yet */
365 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
366 return 0;
367 }
368
369 /* Timer expired, so return true */
370 return 1;
371}
372
373void
374dtls1_double_timeout(SSL *s)
375{
376 s->d1->timeout_duration *= 2;
377 if (s->d1->timeout_duration > 60)
378 s->d1->timeout_duration = 60;
379 dtls1_start_timer(s);
380}
381
382void
383dtls1_stop_timer(SSL *s)
384{
385 /* Reset everything */
386 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
387 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
388 s->d1->timeout_duration = 1;
389 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
390 &(s->d1->next_timeout));
391 /* Clear retransmission buffer */
392 dtls1_clear_record_buffer(s);
393}
394
395int
396dtls1_check_timeout_num(SSL *s)
397{
398 s->d1->timeout.num_alerts++;
399
400 /* Reduce MTU after 2 unsuccessful retransmissions */
401 if (s->d1->timeout.num_alerts > 2) {
402 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
403 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
404
405 }
406
407 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
408 /* fail the connection, enough alerts have been sent */
409 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
410 return -1;
411 }
412
413 return 0;
414}
415
416int
417dtls1_handle_timeout(SSL *s)
418{
419 /* if no timer is expired, don't do anything */
420 if (!dtls1_is_timer_expired(s)) {
421 return 0;
422 }
423
424 dtls1_double_timeout(s);
425
426 if (dtls1_check_timeout_num(s) < 0)
427 return -1;
428
429 s->d1->timeout.read_timeouts++;
430 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
431 s->d1->timeout.read_timeouts = 1;
432 }
433
434 dtls1_start_timer(s);
435 return dtls1_retransmit_buffered_messages(s);
436}
437
438int
439dtls1_listen(SSL *s, struct sockaddr *client)
440{
441 int ret;
442
443 /* Ensure there is no state left over from a previous invocation */
444 SSL_clear(s);
445
446 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
447 s->d1->listen = 1;
448
449 ret = SSL_accept(s);
450 if (ret <= 0)
451 return ret;
452
453 (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
454 return 1;
455}
456
457void
458dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
459 unsigned short epoch)
460{
461 unsigned char dtlsseq[SSL3_SEQUENCE_SIZE];
462 unsigned char *p;
463
464 p = dtlsseq;
465 s2n(epoch, p);
466 memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2);
467 memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE);
468}
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
deleted file mode 100644
index 7f279a4f50..0000000000
--- a/src/lib/libssl/d1_meth.c
+++ /dev/null
@@ -1,112 +0,0 @@
1/* $OpenBSD: d1_meth.c,v 1.9 2015/02/06 08:30:23 jsing Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61
62#include <openssl/objects.h>
63
64#include "ssl_locl.h"
65
66static const SSL_METHOD *dtls1_get_method(int ver);
67
68const SSL_METHOD DTLSv1_method_data = {
69 .version = DTLS1_VERSION,
70 .ssl_new = dtls1_new,
71 .ssl_clear = dtls1_clear,
72 .ssl_free = dtls1_free,
73 .ssl_accept = dtls1_accept,
74 .ssl_connect = dtls1_connect,
75 .ssl_read = ssl3_read,
76 .ssl_peek = ssl3_peek,
77 .ssl_write = ssl3_write,
78 .ssl_shutdown = dtls1_shutdown,
79 .ssl_renegotiate = ssl3_renegotiate,
80 .ssl_renegotiate_check = ssl3_renegotiate_check,
81 .ssl_get_message = dtls1_get_message,
82 .ssl_read_bytes = dtls1_read_bytes,
83 .ssl_write_bytes = dtls1_write_app_data_bytes,
84 .ssl_dispatch_alert = dtls1_dispatch_alert,
85 .ssl_ctrl = dtls1_ctrl,
86 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
87 .get_cipher_by_char = ssl3_get_cipher_by_char,
88 .put_cipher_by_char = ssl3_put_cipher_by_char,
89 .ssl_pending = ssl3_pending,
90 .num_ciphers = ssl3_num_ciphers,
91 .get_cipher = dtls1_get_cipher,
92 .get_ssl_method = dtls1_get_method,
93 .get_timeout = dtls1_default_timeout,
94 .ssl3_enc = &DTLSv1_enc_data,
95 .ssl_version = ssl_undefined_void_function,
96 .ssl_callback_ctrl = ssl3_callback_ctrl,
97 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
98};
99
100const SSL_METHOD *
101DTLSv1_method(void)
102{
103 return &DTLSv1_method_data;
104}
105
106static const SSL_METHOD *
107dtls1_get_method(int ver)
108{
109 if (ver == DTLS1_VERSION)
110 return (DTLSv1_method());
111 return (NULL);
112}
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
deleted file mode 100644
index 5326a2c3d0..0000000000
--- a/src/lib/libssl/d1_pkt.c
+++ /dev/null
@@ -1,1477 +0,0 @@
1/* $OpenBSD: d1_pkt.c,v 1.48 2015/09/11 18:08:21 jsing Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <machine/endian.h>
117
118#include <errno.h>
119#include <stdio.h>
120
121#include "ssl_locl.h"
122
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125
126#include "pqueue.h"
127#include "bytestring.h"
128
129/* mod 128 saturating subtract of two 64-bit values in big-endian order */
130static int
131satsub64be(const unsigned char *v1, const unsigned char *v2)
132{
133 int ret, sat, brw, i;
134
135 if (sizeof(long) == 8)
136 do {
137 long l;
138
139 if (BYTE_ORDER == LITTLE_ENDIAN)
140 break;
141 /* not reached on little-endians */
142 /* following test is redundant, because input is
143 * always aligned, but I take no chances... */
144 if (((size_t)v1 | (size_t)v2) & 0x7)
145 break;
146
147 l = *((long *)v1);
148 l -= *((long *)v2);
149 if (l > 128)
150 return 128;
151 else if (l<-128)
152 return -128;
153 else
154 return (int)l;
155 } while (0);
156
157 ret = (int)v1[7] - (int)v2[7];
158 sat = 0;
159 brw = ret >> 8; /* brw is either 0 or -1 */
160 if (ret & 0x80) {
161 for (i = 6; i >= 0; i--) {
162 brw += (int)v1[i]-(int)v2[i];
163 sat |= ~brw;
164 brw >>= 8;
165 }
166 } else {
167 for (i = 6; i >= 0; i--) {
168 brw += (int)v1[i]-(int)v2[i];
169 sat |= brw;
170 brw >>= 8;
171 }
172 }
173 brw <<= 8; /* brw is either 0 or -256 */
174
175 if (sat & 0xff)
176 return brw | 0x80;
177 else
178 return brw + (ret & 0xFF);
179}
180
181static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
182 int len, int peek);
183static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
184static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
185static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
186 unsigned int *is_next_epoch);
187static int dtls1_buffer_record(SSL *s, record_pqueue *q,
188 unsigned char *priority);
189static int dtls1_process_record(SSL *s);
190
191/* copy buffered record into SSL structure */
192static int
193dtls1_copy_record(SSL *s, pitem *item)
194{
195 DTLS1_RECORD_DATA *rdata;
196
197 rdata = (DTLS1_RECORD_DATA *)item->data;
198
199 free(s->s3->rbuf.buf);
200
201 s->packet = rdata->packet;
202 s->packet_length = rdata->packet_length;
203 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
204 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
205
206 /* Set proper sequence number for mac calculation */
207 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
208
209 return (1);
210}
211
212
213static int
214dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
215{
216 DTLS1_RECORD_DATA *rdata;
217 pitem *item;
218
219 /* Limit the size of the queue to prevent DOS attacks */
220 if (pqueue_size(queue->q) >= 100)
221 return 0;
222
223 rdata = malloc(sizeof(DTLS1_RECORD_DATA));
224 item = pitem_new(priority, rdata);
225 if (rdata == NULL || item == NULL)
226 goto init_err;
227
228 rdata->packet = s->packet;
229 rdata->packet_length = s->packet_length;
230 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
231 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
232
233 item->data = rdata;
234
235
236 s->packet = NULL;
237 s->packet_length = 0;
238 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
239 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
240
241 if (!ssl3_setup_buffers(s))
242 goto err;
243
244 /* insert should not fail, since duplicates are dropped */
245 if (pqueue_insert(queue->q, item) == NULL)
246 goto err;
247
248 return (1);
249
250err:
251 free(rdata->rbuf.buf);
252
253init_err:
254 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
255 free(rdata);
256 pitem_free(item);
257 return (-1);
258}
259
260
261static int
262dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
263{
264 pitem *item;
265
266 item = pqueue_pop(queue->q);
267 if (item) {
268 dtls1_copy_record(s, item);
269
270 free(item->data);
271 pitem_free(item);
272
273 return (1);
274 }
275
276 return (0);
277}
278
279
280/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
281 * yet */
282#define dtls1_get_unprocessed_record(s) \
283 dtls1_retrieve_buffered_record((s), \
284 &((s)->d1->unprocessed_rcds))
285
286/* retrieve a buffered record that belongs to the current epoch, ie, processed */
287#define dtls1_get_processed_record(s) \
288 dtls1_retrieve_buffered_record((s), \
289 &((s)->d1->processed_rcds))
290
291static int
292dtls1_process_buffered_records(SSL *s)
293{
294 pitem *item;
295
296 item = pqueue_peek(s->d1->unprocessed_rcds.q);
297 if (item) {
298 /* Check if epoch is current. */
299 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
300 return (1);
301 /* Nothing to do. */
302
303 /* Process all the records. */
304 while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
305 dtls1_get_unprocessed_record(s);
306 if (! dtls1_process_record(s))
307 return (0);
308 if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
309 s->s3->rrec.seq_num) < 0)
310 return (-1);
311 }
312 }
313
314 /* sync epoch numbers once all the unprocessed records
315 * have been processed */
316 s->d1->processed_rcds.epoch = s->d1->r_epoch;
317 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
318
319 return (1);
320}
321
322static int
323dtls1_process_record(SSL *s)
324{
325 int i, al;
326 int enc_err;
327 SSL_SESSION *sess;
328 SSL3_RECORD *rr;
329 unsigned int mac_size, orig_len;
330 unsigned char md[EVP_MAX_MD_SIZE];
331
332 rr = &(s->s3->rrec);
333 sess = s->session;
334
335 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
336 * and we have that many bytes in s->packet
337 */
338 rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
339
340 /* ok, we can now read from 's->packet' data into 'rr'
341 * rr->input points at rr->length bytes, which
342 * need to be copied into rr->data by either
343 * the decryption or by the decompression
344 * When the data is 'copied' into the rr->data buffer,
345 * rr->input will be pointed at the new buffer */
346
347 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
348 * rr->length bytes of encrypted compressed stuff. */
349
350 /* check is not needed I believe */
351 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
352 al = SSL_AD_RECORD_OVERFLOW;
353 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
354 goto f_err;
355 }
356
357 /* decrypt in place in 'rr->input' */
358 rr->data = rr->input;
359
360 enc_err = s->method->ssl3_enc->enc(s, 0);
361 /* enc_err is:
362 * 0: (in non-constant time) if the record is publically invalid.
363 * 1: if the padding is valid
364 * -1: if the padding is invalid */
365 if (enc_err == 0) {
366 /* For DTLS we simply ignore bad packets. */
367 rr->length = 0;
368 s->packet_length = 0;
369 goto err;
370 }
371
372
373 /* r->length is now the compressed data plus mac */
374 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
375 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
376 /* s->read_hash != NULL => mac_size != -1 */
377 unsigned char *mac = NULL;
378 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
379 mac_size = EVP_MD_CTX_size(s->read_hash);
380 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
381
382 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
383 orig_len = rr->length + ((unsigned int)rr->type >> 8);
384
385 /* orig_len is the length of the record before any padding was
386 * removed. This is public information, as is the MAC in use,
387 * therefore we can safely process the record in a different
388 * amount of time if it's too short to possibly contain a MAC.
389 */
390 if (orig_len < mac_size ||
391 /* CBC records must have a padding length byte too. */
392 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
393 orig_len < mac_size + 1)) {
394 al = SSL_AD_DECODE_ERROR;
395 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
396 goto f_err;
397 }
398
399 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
400 /* We update the length so that the TLS header bytes
401 * can be constructed correctly but we need to extract
402 * the MAC in constant time from within the record,
403 * without leaking the contents of the padding bytes.
404 * */
405 mac = mac_tmp;
406 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
407 rr->length -= mac_size;
408 } else {
409 /* In this case there's no padding, so |orig_len|
410 * equals |rec->length| and we checked that there's
411 * enough bytes for |mac_size| above. */
412 rr->length -= mac_size;
413 mac = &rr->data[rr->length];
414 }
415
416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
417 if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
418 enc_err = -1;
419 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
420 enc_err = -1;
421 }
422
423 if (enc_err < 0) {
424 /* decryption failed, silently discard message */
425 rr->length = 0;
426 s->packet_length = 0;
427 goto err;
428 }
429
430 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
431 al = SSL_AD_RECORD_OVERFLOW;
432 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
433 goto f_err;
434 }
435
436 rr->off = 0;
437 /* So at this point the following is true
438 * ssl->s3->rrec.type is the type of record
439 * ssl->s3->rrec.length == number of bytes in record
440 * ssl->s3->rrec.off == offset to first valid byte
441 * ssl->s3->rrec.data == where to take bytes from, increment
442 * after use :-).
443 */
444
445 /* we have pulled in a full packet so zero things */
446 s->packet_length = 0;
447 return (1);
448
449f_err:
450 ssl3_send_alert(s, SSL3_AL_FATAL, al);
451err:
452 return (0);
453}
454
455
456/* Call this to get a new input record.
457 * It will return <= 0 if more data is needed, normally due to an error
458 * or non-blocking IO.
459 * When it finishes, one packet has been decoded and can be found in
460 * ssl->s3->rrec.type - is the type of record
461 * ssl->s3->rrec.data, - data
462 * ssl->s3->rrec.length, - number of bytes
463 */
464/* used only by dtls1_read_bytes */
465int
466dtls1_get_record(SSL *s)
467{
468 int i, n;
469 SSL3_RECORD *rr;
470 unsigned char *p = NULL;
471 DTLS1_BITMAP *bitmap;
472 unsigned int is_next_epoch;
473
474 rr = &(s->s3->rrec);
475
476 /* The epoch may have changed. If so, process all the
477 * pending records. This is a non-blocking operation. */
478 if (dtls1_process_buffered_records(s) < 0)
479 return (-1);
480
481 /* if we're renegotiating, then there may be buffered records */
482 if (dtls1_get_processed_record(s))
483 return 1;
484
485 /* get something from the wire */
486 if (0) {
487again:
488 /* dump this record on all retries */
489 rr->length = 0;
490 s->packet_length = 0;
491 }
492
493 /* check if we have the header */
494 if ((s->rstate != SSL_ST_READ_BODY) ||
495 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
496 CBS header, seq_no;
497 uint16_t epoch, len, ssl_version;
498 uint8_t type;
499
500 n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
501 /* read timeout is handled by dtls1_read_bytes */
502 if (n <= 0)
503 return(n); /* error or non-blocking */
504
505 /* this packet contained a partial record, dump it */
506 if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
507 goto again;
508
509 s->rstate = SSL_ST_READ_BODY;
510
511 CBS_init(&header, s->packet, s->packet_length);
512
513 /* Pull apart the header into the DTLS1_RECORD */
514 if (!CBS_get_u8(&header, &type))
515 goto again;
516 if (!CBS_get_u16(&header, &ssl_version))
517 goto again;
518
519 /* sequence number is 64 bits, with top 2 bytes = epoch */
520 if (!CBS_get_u16(&header, &epoch) ||
521 !CBS_get_bytes(&header, &seq_no, 6))
522 goto again;
523
524 if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]),
525 sizeof(s->s3->read_sequence) - 2, NULL))
526 goto again;
527 if (!CBS_get_u16(&header, &len))
528 goto again;
529
530 rr->type = type;
531 rr->epoch = epoch;
532 rr->length = len;
533
534 /* unexpected version, silently discard */
535 if (!s->first_packet && ssl_version != s->version)
536 goto again;
537
538 /* wrong version, silently discard record */
539 if ((ssl_version & 0xff00) != (s->version & 0xff00))
540 goto again;
541
542 /* record too long, silently discard it */
543 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
544 goto again;
545
546 /* now s->rstate == SSL_ST_READ_BODY */
547 p = (unsigned char *)CBS_data(&header);
548 }
549
550 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
551
552 if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
553 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
554 i = rr->length;
555 n = ssl3_read_n(s, i, i, 1);
556 if (n <= 0)
557 return(n); /* error or non-blocking io */
558
559 /* this packet contained a partial record, dump it */
560 if (n != i)
561 goto again;
562
563 /* now n == rr->length,
564 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
565 }
566 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
567
568 /* match epochs. NULL means the packet is dropped on the floor */
569 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
570 if (bitmap == NULL)
571 goto again;
572
573 /*
574 * Check whether this is a repeat, or aged record.
575 * Don't check if we're listening and this message is
576 * a ClientHello. They can look as if they're replayed,
577 * since they arrive from different connections and
578 * would be dropped unnecessarily.
579 */
580 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
581 p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
582 !dtls1_record_replay_check(s, bitmap))
583 goto again;
584
585 /* just read a 0 length packet */
586 if (rr->length == 0)
587 goto again;
588
589 /* If this record is from the next epoch (either HM or ALERT),
590 * and a handshake is currently in progress, buffer it since it
591 * cannot be processed at this time. However, do not buffer
592 * anything while listening.
593 */
594 if (is_next_epoch) {
595 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
596 if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
597 rr->seq_num) < 0)
598 return (-1);
599 /* Mark receipt of record. */
600 dtls1_record_bitmap_update(s, bitmap);
601 }
602 goto again;
603 }
604
605 if (!dtls1_process_record(s))
606 goto again;
607
608 /* Mark receipt of record. */
609 dtls1_record_bitmap_update(s, bitmap);
610
611 return (1);
612}
613
614/* Return up to 'len' payload bytes received in 'type' records.
615 * 'type' is one of the following:
616 *
617 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
618 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
619 * - 0 (during a shutdown, no data has to be returned)
620 *
621 * If we don't have stored data to work from, read a SSL/TLS record first
622 * (possibly multiple records if we still don't have anything to return).
623 *
624 * This function must handle any surprises the peer may have for us, such as
625 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
626 * a surprise, but handled as if it were), or renegotiation requests.
627 * Also if record payloads contain fragments too small to process, we store
628 * them until there is enough for the respective protocol (the record protocol
629 * may use arbitrary fragmentation and even interleaving):
630 * Change cipher spec protocol
631 * just 1 byte needed, no need for keeping anything stored
632 * Alert protocol
633 * 2 bytes needed (AlertLevel, AlertDescription)
634 * Handshake protocol
635 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
636 * to detect unexpected Client Hello and Hello Request messages
637 * here, anything else is handled by higher layers
638 * Application data protocol
639 * none of our business
640 */
641int
642dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
643{
644 int al, i, j, ret;
645 unsigned int n;
646 SSL3_RECORD *rr;
647 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
648
649 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
650 if (!ssl3_setup_buffers(s))
651 return (-1);
652
653 if ((type &&
654 type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) ||
655 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
656 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
657 return -1;
658 }
659
660 /* check whether there's a handshake message (client hello?) waiting */
661 if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
662 return ret;
663
664 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
665
666 if (!s->in_handshake && SSL_in_init(s))
667 {
668 /* type == SSL3_RT_APPLICATION_DATA */
669 i = s->handshake_func(s);
670 if (i < 0)
671 return (i);
672 if (i == 0) {
673 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
674 return (-1);
675 }
676 }
677
678start:
679 s->rwstate = SSL_NOTHING;
680
681 /* s->s3->rrec.type - is the type of record
682 * s->s3->rrec.data, - data
683 * s->s3->rrec.off, - offset into 'data' for next read
684 * s->s3->rrec.length, - number of bytes. */
685 rr = &(s->s3->rrec);
686
687 /* We are not handshaking and have no data yet,
688 * so process data buffered during the last handshake
689 * in advance, if any.
690 */
691 if (s->state == SSL_ST_OK && rr->length == 0) {
692 pitem *item;
693 item = pqueue_pop(s->d1->buffered_app_data.q);
694 if (item) {
695
696 dtls1_copy_record(s, item);
697
698 free(item->data);
699 pitem_free(item);
700 }
701 }
702
703 /* Check for timeout */
704 if (dtls1_handle_timeout(s) > 0)
705 goto start;
706
707 /* get new packet if necessary */
708 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
709 ret = dtls1_get_record(s);
710 if (ret <= 0) {
711 ret = dtls1_read_failed(s, ret);
712 /* anything other than a timeout is an error */
713 if (ret <= 0)
714 return (ret);
715 else
716 goto start;
717 }
718 }
719
720 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
721 rr->length = 0;
722 goto start;
723 }
724
725 /* we now have a packet which can be read and processed */
726
727 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
728 * reset by ssl3_get_finished */
729 && (rr->type != SSL3_RT_HANDSHAKE)) {
730 /* We now have application data between CCS and Finished.
731 * Most likely the packets were reordered on their way, so
732 * buffer the application data for later processing rather
733 * than dropping the connection.
734 */
735 if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
736 rr->seq_num) < 0) {
737 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
738 return (-1);
739 }
740 rr->length = 0;
741 goto start;
742 }
743
744 /* If the other end has shut down, throw anything we read away
745 * (even in 'peek' mode) */
746 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
747 rr->length = 0;
748 s->rwstate = SSL_NOTHING;
749 return (0);
750 }
751
752
753 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
754 {
755 /* make sure that we are not getting application data when we
756 * are doing a handshake for the first time */
757 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
758 (s->enc_read_ctx == NULL)) {
759 al = SSL_AD_UNEXPECTED_MESSAGE;
760 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
761 goto f_err;
762 }
763
764 if (len <= 0)
765 return (len);
766
767 if ((unsigned int)len > rr->length)
768 n = rr->length;
769 else
770 n = (unsigned int)len;
771
772 memcpy(buf, &(rr->data[rr->off]), n);
773 if (!peek) {
774 rr->length -= n;
775 rr->off += n;
776 if (rr->length == 0) {
777 s->rstate = SSL_ST_READ_HEADER;
778 rr->off = 0;
779 }
780 }
781
782 return (n);
783 }
784
785
786 /* If we get here, then type != rr->type; if we have a handshake
787 * message, then it was unexpected (Hello Request or Client Hello). */
788
789 /* In case of record types for which we have 'fragment' storage,
790 * fill that so that we can process the data at a fixed place.
791 */
792 {
793 unsigned int k, dest_maxlen = 0;
794 unsigned char *dest = NULL;
795 unsigned int *dest_len = NULL;
796
797 if (rr->type == SSL3_RT_HANDSHAKE) {
798 dest_maxlen = sizeof s->d1->handshake_fragment;
799 dest = s->d1->handshake_fragment;
800 dest_len = &s->d1->handshake_fragment_len;
801 } else if (rr->type == SSL3_RT_ALERT) {
802 dest_maxlen = sizeof(s->d1->alert_fragment);
803 dest = s->d1->alert_fragment;
804 dest_len = &s->d1->alert_fragment_len;
805 }
806 /* else it's a CCS message, or application data or wrong */
807 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
808 /* Application data while renegotiating
809 * is allowed. Try again reading.
810 */
811 if (rr->type == SSL3_RT_APPLICATION_DATA) {
812 BIO *bio;
813 s->s3->in_read_app_data = 2;
814 bio = SSL_get_rbio(s);
815 s->rwstate = SSL_READING;
816 BIO_clear_retry_flags(bio);
817 BIO_set_retry_read(bio);
818 return (-1);
819 }
820
821 /* Not certain if this is the right error handling */
822 al = SSL_AD_UNEXPECTED_MESSAGE;
823 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
824 goto f_err;
825 }
826
827 if (dest_maxlen > 0) {
828 /* XDTLS: In a pathalogical case, the Client Hello
829 * may be fragmented--don't always expect dest_maxlen bytes */
830 if (rr->length < dest_maxlen) {
831#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
832 /*
833 * for normal alerts rr->length is 2, while
834 * dest_maxlen is 7 if we were to handle this
835 * non-existing alert...
836 */
837 FIX ME
838#endif
839 s->rstate = SSL_ST_READ_HEADER;
840 rr->length = 0;
841 goto start;
842 }
843
844 /* now move 'n' bytes: */
845 for ( k = 0; k < dest_maxlen; k++) {
846 dest[k] = rr->data[rr->off++];
847 rr->length--;
848 }
849 *dest_len = dest_maxlen;
850 }
851 }
852
853 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
854 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
855 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
856
857 /* If we are a client, check for an incoming 'Hello Request': */
858 if ((!s->server) &&
859 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
860 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
861 (s->session != NULL) && (s->session->cipher != NULL)) {
862 s->d1->handshake_fragment_len = 0;
863
864 if ((s->d1->handshake_fragment[1] != 0) ||
865 (s->d1->handshake_fragment[2] != 0) ||
866 (s->d1->handshake_fragment[3] != 0)) {
867 al = SSL_AD_DECODE_ERROR;
868 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
869 goto err;
870 }
871
872 /* no need to check sequence number on HELLO REQUEST messages */
873
874 if (s->msg_callback)
875 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
876 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
877
878 if (SSL_is_init_finished(s) &&
879 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
880 !s->s3->renegotiate) {
881 s->d1->handshake_read_seq++;
882 s->new_session = 1;
883 ssl3_renegotiate(s);
884 if (ssl3_renegotiate_check(s)) {
885 i = s->handshake_func(s);
886 if (i < 0)
887 return (i);
888 if (i == 0) {
889 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
890 return (-1);
891 }
892
893 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
894 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
895 {
896 BIO *bio;
897 /* In the case where we try to read application data,
898 * but we trigger an SSL handshake, we return -1 with
899 * the retry option set. Otherwise renegotiation may
900 * cause nasty problems in the blocking world */
901 s->rwstate = SSL_READING;
902 bio = SSL_get_rbio(s);
903 BIO_clear_retry_flags(bio);
904 BIO_set_retry_read(bio);
905 return (-1);
906 }
907 }
908 }
909 }
910 /* we either finished a handshake or ignored the request,
911 * now try again to obtain the (application) data we were asked for */
912 goto start;
913 }
914
915 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
916 int alert_level = s->d1->alert_fragment[0];
917 int alert_descr = s->d1->alert_fragment[1];
918
919 s->d1->alert_fragment_len = 0;
920
921 if (s->msg_callback)
922 s->msg_callback(0, s->version, SSL3_RT_ALERT,
923 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
924
925 if (s->info_callback != NULL)
926 cb = s->info_callback;
927 else if (s->ctx->info_callback != NULL)
928 cb = s->ctx->info_callback;
929
930 if (cb != NULL) {
931 j = (alert_level << 8) | alert_descr;
932 cb(s, SSL_CB_READ_ALERT, j);
933 }
934
935 if (alert_level == 1) /* warning */
936 {
937 s->s3->warn_alert = alert_descr;
938 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
939 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
940 return (0);
941 }
942 } else if (alert_level == 2) /* fatal */
943 {
944 s->rwstate = SSL_NOTHING;
945 s->s3->fatal_alert = alert_descr;
946 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
947 ERR_asprintf_error_data("SSL alert number %d",
948 alert_descr);
949 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
950 SSL_CTX_remove_session(s->ctx, s->session);
951 return (0);
952 } else {
953 al = SSL_AD_ILLEGAL_PARAMETER;
954 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
955 goto f_err;
956 }
957
958 goto start;
959 }
960
961 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
962 {
963 s->rwstate = SSL_NOTHING;
964 rr->length = 0;
965 return (0);
966 }
967
968 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
969 struct ccs_header_st ccs_hdr;
970 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
971
972 dtls1_get_ccs_header(rr->data, &ccs_hdr);
973
974 /* 'Change Cipher Spec' is just a single byte, so we know
975 * exactly what the record payload has to look like */
976 /* XDTLS: check that epoch is consistent */
977 if ((rr->length != ccs_hdr_len) ||
978 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
979 i = SSL_AD_ILLEGAL_PARAMETER;
980 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
981 goto err;
982 }
983
984 rr->length = 0;
985
986 if (s->msg_callback)
987 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
988 rr->data, 1, s, s->msg_callback_arg);
989
990 /* We can't process a CCS now, because previous handshake
991 * messages are still missing, so just drop it.
992 */
993 if (!s->d1->change_cipher_spec_ok) {
994 goto start;
995 }
996
997 s->d1->change_cipher_spec_ok = 0;
998
999 s->s3->change_cipher_spec = 1;
1000 if (!ssl3_do_change_cipher_spec(s))
1001 goto err;
1002
1003 /* do this whenever CCS is processed */
1004 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1005
1006 goto start;
1007 }
1008
1009 /* Unexpected handshake message (Client Hello, or protocol violation) */
1010 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1011 !s->in_handshake) {
1012 struct hm_header_st msg_hdr;
1013
1014 /* this may just be a stale retransmit */
1015 if (!dtls1_get_message_header(rr->data, &msg_hdr))
1016 return -1;
1017 if (rr->epoch != s->d1->r_epoch) {
1018 rr->length = 0;
1019 goto start;
1020 }
1021
1022 /* If we are server, we may have a repeated FINISHED of the
1023 * client here, then retransmit our CCS and FINISHED.
1024 */
1025 if (msg_hdr.type == SSL3_MT_FINISHED) {
1026 if (dtls1_check_timeout_num(s) < 0)
1027 return -1;
1028
1029 dtls1_retransmit_buffered_messages(s);
1030 rr->length = 0;
1031 goto start;
1032 }
1033
1034 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1035 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1036 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1037 s->renegotiate = 1;
1038 s->new_session = 1;
1039 }
1040 i = s->handshake_func(s);
1041 if (i < 0)
1042 return (i);
1043 if (i == 0) {
1044 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1045 return (-1);
1046 }
1047
1048 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1049 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1050 {
1051 BIO *bio;
1052 /* In the case where we try to read application data,
1053 * but we trigger an SSL handshake, we return -1 with
1054 * the retry option set. Otherwise renegotiation may
1055 * cause nasty problems in the blocking world */
1056 s->rwstate = SSL_READING;
1057 bio = SSL_get_rbio(s);
1058 BIO_clear_retry_flags(bio);
1059 BIO_set_retry_read(bio);
1060 return (-1);
1061 }
1062 }
1063 goto start;
1064 }
1065
1066 switch (rr->type) {
1067 default:
1068 /* TLS just ignores unknown message types */
1069 if (s->version == TLS1_VERSION) {
1070 rr->length = 0;
1071 goto start;
1072 }
1073 al = SSL_AD_UNEXPECTED_MESSAGE;
1074 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1075 goto f_err;
1076 case SSL3_RT_CHANGE_CIPHER_SPEC:
1077 case SSL3_RT_ALERT:
1078 case SSL3_RT_HANDSHAKE:
1079 /* we already handled all of these, with the possible exception
1080 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1081 * should not happen when type != rr->type */
1082 al = SSL_AD_UNEXPECTED_MESSAGE;
1083 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
1084 goto f_err;
1085 case SSL3_RT_APPLICATION_DATA:
1086 /* At this point, we were expecting handshake data,
1087 * but have application data. If the library was
1088 * running inside ssl3_read() (i.e. in_read_app_data
1089 * is set) and it makes sense to read application data
1090 * at this point (session renegotiation not yet started),
1091 * we will indulge it.
1092 */
1093 if (s->s3->in_read_app_data &&
1094 (s->s3->total_renegotiations != 0) &&
1095 (((s->state & SSL_ST_CONNECT) &&
1096 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1097 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1098 (s->state & SSL_ST_ACCEPT) &&
1099 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1100 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1101 s->s3->in_read_app_data = 2;
1102 return (-1);
1103 } else {
1104 al = SSL_AD_UNEXPECTED_MESSAGE;
1105 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1106 goto f_err;
1107 }
1108 }
1109 /* not reached */
1110
1111f_err:
1112 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1113err:
1114 return (-1);
1115}
1116
1117int
1118dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1119{
1120 int i;
1121
1122 if (SSL_in_init(s) && !s->in_handshake)
1123 {
1124 i = s->handshake_func(s);
1125 if (i < 0)
1126 return (i);
1127 if (i == 0) {
1128 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1129 return -1;
1130 }
1131 }
1132
1133 if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
1134 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
1135 return -1;
1136 }
1137
1138 i = dtls1_write_bytes(s, type, buf_, len);
1139 return i;
1140}
1141
1142
1143 /* this only happens when a client hello is received and a handshake
1144 * is started. */
1145static int
1146have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1147 int len, int peek)
1148{
1149
1150 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1151 /* (partially) satisfy request from storage */
1152 {
1153 unsigned char *src = s->d1->handshake_fragment;
1154 unsigned char *dst = buf;
1155 unsigned int k, n;
1156
1157 /* peek == 0 */
1158 n = 0;
1159 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
1160 *dst++ = *src++;
1161 len--;
1162 s->d1->handshake_fragment_len--;
1163 n++;
1164 }
1165 /* move any remaining fragment bytes: */
1166 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1167 s->d1->handshake_fragment[k] = *src++;
1168 return n;
1169 }
1170
1171 return 0;
1172}
1173
1174
1175/* Call this to write data in records of type 'type'
1176 * It will return <= 0 if not all data has been sent or non-blocking IO.
1177 */
1178int
1179dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1180{
1181 int i;
1182
1183 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1184 s->rwstate = SSL_NOTHING;
1185 i = do_dtls1_write(s, type, buf, len);
1186 return i;
1187}
1188
1189int
1190do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1191{
1192 unsigned char *p, *pseq;
1193 int i, mac_size, clear = 0;
1194 int prefix_len = 0;
1195 SSL3_RECORD *wr;
1196 SSL3_BUFFER *wb;
1197 SSL_SESSION *sess;
1198 int bs;
1199
1200 /* first check if there is a SSL3_BUFFER still being written
1201 * out. This will happen with non blocking IO */
1202 if (s->s3->wbuf.left != 0) {
1203 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1204 return (ssl3_write_pending(s, type, buf, len));
1205 }
1206
1207 /* If we have an alert to send, lets send it */
1208 if (s->s3->alert_dispatch) {
1209 i = s->method->ssl_dispatch_alert(s);
1210 if (i <= 0)
1211 return (i);
1212 /* if it went, fall through and send more stuff */
1213 }
1214
1215 if (len == 0)
1216 return 0;
1217
1218 wr = &(s->s3->wrec);
1219 wb = &(s->s3->wbuf);
1220 sess = s->session;
1221
1222 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
1223 (EVP_MD_CTX_md(s->write_hash) == NULL))
1224 clear = 1;
1225
1226 if (clear)
1227 mac_size = 0;
1228 else {
1229 mac_size = EVP_MD_CTX_size(s->write_hash);
1230 if (mac_size < 0)
1231 goto err;
1232 }
1233
1234 /* DTLS implements explicit IV, so no need for empty fragments. */
1235
1236 p = wb->buf + prefix_len;
1237
1238 /* write the header */
1239
1240 *(p++) = type&0xff;
1241 wr->type = type;
1242
1243 *(p++) = (s->version >> 8);
1244 *(p++) = s->version&0xff;
1245
1246 /* field where we are to write out packet epoch, seq num and len */
1247 pseq = p;
1248
1249 p += 10;
1250
1251 /* lets setup the record stuff. */
1252
1253 /* Make space for the explicit IV in case of CBC.
1254 * (this is a bit of a boundary violation, but what the heck).
1255 */
1256 if (s->enc_write_ctx &&
1257 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1258 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1259 else
1260 bs = 0;
1261
1262 wr->data = p + bs;
1263 /* make room for IV in case of CBC */
1264 wr->length = (int)len;
1265 wr->input = (unsigned char *)buf;
1266
1267 /* we now 'read' from wr->input, wr->length bytes into
1268 * wr->data */
1269
1270 memcpy(wr->data, wr->input, wr->length);
1271 wr->input = wr->data;
1272
1273 /* we should still have the output to wr->data and the input
1274 * from wr->input. Length should be wr->length.
1275 * wr->data still points in the wb->buf */
1276
1277 if (mac_size != 0) {
1278 if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
1279 goto err;
1280 wr->length += mac_size;
1281 }
1282
1283 /* this is true regardless of mac size */
1284 wr->input = p;
1285 wr->data = p;
1286
1287
1288 /* ssl3_enc can only have an error on read */
1289 if (bs) /* bs != 0 in case of CBC */
1290 {
1291 arc4random_buf(p, bs);
1292 /* master IV and last CBC residue stand for
1293 * the rest of randomness */
1294 wr->length += bs;
1295 }
1296
1297 s->method->ssl3_enc->enc(s, 1);
1298
1299 /* record length after mac and block padding */
1300/* if (type == SSL3_RT_APPLICATION_DATA ||
1301 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1302
1303 /* there's only one epoch between handshake and app data */
1304
1305 s2n(s->d1->w_epoch, pseq);
1306
1307 /* XDTLS: ?? */
1308/* else
1309 s2n(s->d1->handshake_epoch, pseq);
1310*/
1311
1312 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1313 pseq += 6;
1314 s2n(wr->length, pseq);
1315
1316 /* we should now have
1317 * wr->data pointing to the encrypted data, which is
1318 * wr->length long */
1319 wr->type=type; /* not needed but helps for debugging */
1320 wr->length += DTLS1_RT_HEADER_LENGTH;
1321
1322 tls1_record_sequence_increment(s->s3->write_sequence);
1323
1324 /* now let's set up wb */
1325 wb->left = prefix_len + wr->length;
1326 wb->offset = 0;
1327
1328 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1329 s->s3->wpend_tot = len;
1330 s->s3->wpend_buf = buf;
1331 s->s3->wpend_type = type;
1332 s->s3->wpend_ret = len;
1333
1334 /* we now just need to write the buffer */
1335 return ssl3_write_pending(s, type, buf, len);
1336err:
1337 return -1;
1338}
1339
1340
1341
1342static int
1343dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1344{
1345 int cmp;
1346 unsigned int shift;
1347 const unsigned char *seq = s->s3->read_sequence;
1348
1349 cmp = satsub64be(seq, bitmap->max_seq_num);
1350 if (cmp > 0) {
1351 memcpy (s->s3->rrec.seq_num, seq, 8);
1352 return 1; /* this record in new */
1353 }
1354 shift = -cmp;
1355 if (shift >= sizeof(bitmap->map)*8)
1356 return 0; /* stale, outside the window */
1357 else if (bitmap->map & (1UL << shift))
1358 return 0; /* record previously received */
1359
1360 memcpy(s->s3->rrec.seq_num, seq, 8);
1361 return 1;
1362}
1363
1364
1365static void
1366dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1367{
1368 int cmp;
1369 unsigned int shift;
1370 const unsigned char *seq = s->s3->read_sequence;
1371
1372 cmp = satsub64be(seq, bitmap->max_seq_num);
1373 if (cmp > 0) {
1374 shift = cmp;
1375 if (shift < sizeof(bitmap->map)*8)
1376 bitmap->map <<= shift, bitmap->map |= 1UL;
1377 else
1378 bitmap->map = 1UL;
1379 memcpy(bitmap->max_seq_num, seq, 8);
1380 } else {
1381 shift = -cmp;
1382 if (shift < sizeof(bitmap->map) * 8)
1383 bitmap->map |= 1UL << shift;
1384 }
1385}
1386
1387
1388int
1389dtls1_dispatch_alert(SSL *s)
1390{
1391 int i, j;
1392 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1393 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1394 unsigned char *ptr = &buf[0];
1395
1396 s->s3->alert_dispatch = 0;
1397
1398 memset(buf, 0x00, sizeof(buf));
1399 *ptr++ = s->s3->send_alert[0];
1400 *ptr++ = s->s3->send_alert[1];
1401
1402#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1403 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1404 s2n(s->d1->handshake_read_seq, ptr);
1405 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1406 }
1407#endif
1408
1409 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
1410 if (i <= 0) {
1411 s->s3->alert_dispatch = 1;
1412 /* fprintf( stderr, "not done with alert\n" ); */
1413 } else {
1414 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1415#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1416 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1417#endif
1418 )
1419 (void)BIO_flush(s->wbio);
1420
1421 if (s->msg_callback)
1422 s->msg_callback(1, s->version, SSL3_RT_ALERT,
1423 s->s3->send_alert, 2, s, s->msg_callback_arg);
1424
1425 if (s->info_callback != NULL)
1426 cb = s->info_callback;
1427 else if (s->ctx->info_callback != NULL)
1428 cb = s->ctx->info_callback;
1429
1430 if (cb != NULL) {
1431 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1432 cb(s, SSL_CB_WRITE_ALERT, j);
1433 }
1434 }
1435 return (i);
1436}
1437
1438
1439static DTLS1_BITMAP *
1440dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1441{
1442
1443 *is_next_epoch = 0;
1444
1445 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1446 if (rr->epoch == s->d1->r_epoch)
1447 return &s->d1->bitmap;
1448
1449 /* Only HM and ALERT messages can be from the next epoch */
1450 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1451 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
1452 *is_next_epoch = 1;
1453 return &s->d1->next_bitmap;
1454 }
1455
1456 return NULL;
1457}
1458
1459void
1460dtls1_reset_seq_numbers(SSL *s, int rw)
1461{
1462 unsigned char *seq;
1463 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1464
1465 if (rw & SSL3_CC_READ) {
1466 seq = s->s3->read_sequence;
1467 s->d1->r_epoch++;
1468 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1469 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1470 } else {
1471 seq = s->s3->write_sequence;
1472 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1473 s->d1->w_epoch++;
1474 }
1475
1476 memset(seq, 0x00, seq_bytes);
1477}
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
deleted file mode 100644
index 45ce5b8d3e..0000000000
--- a/src/lib/libssl/d1_srtp.c
+++ /dev/null
@@ -1,473 +0,0 @@
1/* $OpenBSD: d1_srtp.c,v 1.15 2015/07/31 00:35:06 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/*
112 * DTLS code by Eric Rescorla <ekr@rtfm.com>
113 *
114 * Copyright (C) 2006, Network Resonance, Inc.
115 * Copyright (C) 2011, RTFM, Inc.
116 */
117
118#include <stdio.h>
119
120#include <openssl/objects.h>
121
122#include "ssl_locl.h"
123
124#ifndef OPENSSL_NO_SRTP
125
126#include "bytestring.h"
127#include "srtp.h"
128
129static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
130 {
131 "SRTP_AES128_CM_SHA1_80",
132 SRTP_AES128_CM_SHA1_80,
133 },
134 {
135 "SRTP_AES128_CM_SHA1_32",
136 SRTP_AES128_CM_SHA1_32,
137 },
138 {0}
139};
140
141static int
142find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
143 unsigned len)
144{
145 SRTP_PROTECTION_PROFILE *p;
146
147 p = srtp_known_profiles;
148 while (p->name) {
149 if ((len == strlen(p->name)) &&
150 !strncmp(p->name, profile_name, len)) {
151 *pptr = p;
152 return 0;
153 }
154
155 p++;
156 }
157
158 return 1;
159}
160
161static int
162find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr)
163{
164 SRTP_PROTECTION_PROFILE *p;
165
166 p = srtp_known_profiles;
167 while (p->name) {
168 if (p->id == profile_num) {
169 *pptr = p;
170 return 0;
171 }
172 p++;
173 }
174
175 return 1;
176}
177
178static int
179ssl_ctx_make_profiles(const char *profiles_string,
180 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
181{
182 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
183
184 char *col;
185 char *ptr = (char *)profiles_string;
186
187 SRTP_PROTECTION_PROFILE *p;
188
189 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
190 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
191 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
192 return 1;
193 }
194
195 do {
196 col = strchr(ptr, ':');
197
198 if (!find_profile_by_name(ptr, &p,
199 col ? col - ptr : (int)strlen(ptr))) {
200 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
201 } else {
202 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
203 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
204 sk_SRTP_PROTECTION_PROFILE_free(profiles);
205 return 1;
206 }
207
208 if (col)
209 ptr = col + 1;
210 } while (col);
211
212 *out = profiles;
213
214 return 0;
215}
216
217int
218SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
219{
220 return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
221}
222
223int
224SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
225{
226 return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
227}
228
229
230STACK_OF(SRTP_PROTECTION_PROFILE) *
231SSL_get_srtp_profiles(SSL *s)
232{
233 if (s != NULL) {
234 if (s->srtp_profiles != NULL) {
235 return s->srtp_profiles;
236 } else if ((s->ctx != NULL) &&
237 (s->ctx->srtp_profiles != NULL)) {
238 return s->ctx->srtp_profiles;
239 }
240 }
241
242 return NULL;
243}
244
245SRTP_PROTECTION_PROFILE *
246SSL_get_selected_srtp_profile(SSL *s)
247{
248 return s->srtp_profile;
249}
250
251/* Note: this function returns 0 length if there are no
252 profiles specified */
253int
254ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
255{
256 int ct = 0;
257 int i;
258 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
259 SRTP_PROTECTION_PROFILE *prof;
260
261 clnt = SSL_get_srtp_profiles(s);
262
263 ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
264
265 if (p) {
266 if (ct == 0) {
267 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
268 SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
269 return 1;
270 }
271
272 if ((2 + ct * 2 + 1) > maxlen) {
273 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
274 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
275 return 1;
276 }
277
278 /* Add the length */
279 s2n(ct * 2, p);
280 for (i = 0; i < ct; i++) {
281 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
282 s2n(prof->id, p);
283 }
284
285 /* Add an empty use_mki value */
286 *p++ = 0;
287 }
288
289 *len = 2 + ct*2 + 1;
290
291 return 0;
292}
293
294
295int
296ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
297 int *al)
298{
299 SRTP_PROTECTION_PROFILE *cprof, *sprof;
300 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
301 int i, j;
302 int ret = 1;
303 uint16_t id;
304 CBS cbs, ciphers, mki;
305
306 if (len < 0) {
307 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
308 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
309 *al = SSL_AD_DECODE_ERROR;
310 goto done;
311 }
312
313 CBS_init(&cbs, d, len);
314 /* Pull off the cipher suite list */
315 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
316 CBS_len(&ciphers) % 2) {
317 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
318 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
319 *al = SSL_AD_DECODE_ERROR;
320 goto done;
321 }
322
323 clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
324
325 while (CBS_len(&ciphers) > 0) {
326 if (!CBS_get_u16(&ciphers, &id)) {
327 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
328 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
329 *al = SSL_AD_DECODE_ERROR;
330 goto done;
331 }
332
333 if (!find_profile_by_num(id, &cprof))
334 sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
335 else
336 ; /* Ignore */
337 }
338
339 /* Extract the MKI value as a sanity check, but discard it for now. */
340 if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
341 CBS_len(&cbs) != 0) {
342 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
343 SSL_R_BAD_SRTP_MKI_VALUE);
344 *al = SSL_AD_DECODE_ERROR;
345 goto done;
346 }
347
348 srvr = SSL_get_srtp_profiles(s);
349
350 /*
351 * Pick our most preferred profile. If no profiles have been
352 * configured then the outer loop doesn't run
353 * (sk_SRTP_PROTECTION_PROFILE_num() = -1)
354 * and so we just return without doing anything.
355 */
356 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
357 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
358
359 for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
360 cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j);
361
362 if (cprof->id == sprof->id) {
363 s->srtp_profile = sprof;
364 *al = 0;
365 ret = 0;
366 goto done;
367 }
368 }
369 }
370
371 ret = 0;
372
373done:
374 if (clnt)
375 sk_SRTP_PROTECTION_PROFILE_free(clnt);
376
377 return ret;
378}
379
380int
381ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
382{
383 if (p) {
384 if (maxlen < 5) {
385 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
386 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
387 return 1;
388 }
389
390 if (s->srtp_profile == 0) {
391 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
392 SSL_R_USE_SRTP_NOT_NEGOTIATED);
393 return 1;
394 }
395 s2n(2, p);
396 s2n(s->srtp_profile->id, p);
397 *p++ = 0;
398 }
399 *len = 5;
400
401 return 0;
402}
403
404
405int
406ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int *al)
407{
408 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
409 SRTP_PROTECTION_PROFILE *prof;
410 int i;
411 uint16_t id;
412 CBS cbs, profile_ids, mki;
413
414 if (len < 0) {
415 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
416 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
417 *al = SSL_AD_DECODE_ERROR;
418 return 1;
419 }
420
421 CBS_init(&cbs, d, len);
422
423 /*
424 * As per RFC 5764 section 4.1.1, server response MUST be a single
425 * profile id.
426 */
427 if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
428 !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
429 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
430 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
431 *al = SSL_AD_DECODE_ERROR;
432 return 1;
433 }
434
435 /* Must be no MKI, since we never offer one. */
436 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
437 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
438 SSL_R_BAD_SRTP_MKI_VALUE);
439 *al = SSL_AD_ILLEGAL_PARAMETER;
440 return 1;
441 }
442
443 clnt = SSL_get_srtp_profiles(s);
444
445 /* Throw an error if the server gave us an unsolicited extension. */
446 if (clnt == NULL) {
447 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
448 SSL_R_NO_SRTP_PROFILES);
449 *al = SSL_AD_DECODE_ERROR;
450 return 1;
451 }
452
453 /*
454 * Check to see if the server gave us something we support
455 * (and presumably offered).
456 */
457 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
458 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
459
460 if (prof->id == id) {
461 s->srtp_profile = prof;
462 *al = 0;
463 return 0;
464 }
465 }
466
467 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
468 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
469 *al = SSL_AD_DECODE_ERROR;
470 return 1;
471}
472
473#endif
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
deleted file mode 100644
index f6664237ae..0000000000
--- a/src/lib/libssl/d1_srvr.c
+++ /dev/null
@@ -1,751 +0,0 @@
1/* $OpenBSD: d1_srvr.c,v 1.67 2015/09/13 09:20:19 jsing Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117
118#include "ssl_locl.h"
119
120#include <openssl/bn.h>
121#include <openssl/buffer.h>
122#include <openssl/dh.h>
123#include <openssl/evp.h>
124#include <openssl/md5.h>
125#include <openssl/objects.h>
126#include <openssl/x509.h>
127
128static const SSL_METHOD *dtls1_get_server_method(int ver);
129static int dtls1_send_hello_verify_request(SSL *s);
130
131const SSL_METHOD DTLSv1_server_method_data = {
132 .version = DTLS1_VERSION,
133 .ssl_new = dtls1_new,
134 .ssl_clear = dtls1_clear,
135 .ssl_free = dtls1_free,
136 .ssl_accept = dtls1_accept,
137 .ssl_connect = ssl_undefined_function,
138 .ssl_read = ssl3_read,
139 .ssl_peek = ssl3_peek,
140 .ssl_write = ssl3_write,
141 .ssl_shutdown = dtls1_shutdown,
142 .ssl_renegotiate = ssl3_renegotiate,
143 .ssl_renegotiate_check = ssl3_renegotiate_check,
144 .ssl_get_message = dtls1_get_message,
145 .ssl_read_bytes = dtls1_read_bytes,
146 .ssl_write_bytes = dtls1_write_app_data_bytes,
147 .ssl_dispatch_alert = dtls1_dispatch_alert,
148 .ssl_ctrl = dtls1_ctrl,
149 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
150 .get_cipher_by_char = ssl3_get_cipher_by_char,
151 .put_cipher_by_char = ssl3_put_cipher_by_char,
152 .ssl_pending = ssl3_pending,
153 .num_ciphers = ssl3_num_ciphers,
154 .get_cipher = dtls1_get_cipher,
155 .get_ssl_method = dtls1_get_server_method,
156 .get_timeout = dtls1_default_timeout,
157 .ssl3_enc = &DTLSv1_enc_data,
158 .ssl_version = ssl_undefined_void_function,
159 .ssl_callback_ctrl = ssl3_callback_ctrl,
160 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
161};
162
163const SSL_METHOD *
164DTLSv1_server_method(void)
165{
166 return &DTLSv1_server_method_data;
167}
168
169static const SSL_METHOD *
170dtls1_get_server_method(int ver)
171{
172 if (ver == DTLS1_VERSION)
173 return (DTLSv1_server_method());
174 return (NULL);
175}
176
177int
178dtls1_accept(SSL *s)
179{
180 void (*cb)(const SSL *ssl, int type, int val) = NULL;
181 unsigned long alg_k;
182 int ret = -1;
183 int new_state, state, skip = 0;
184 int listen;
185
186 ERR_clear_error();
187 errno = 0;
188
189 if (s->info_callback != NULL)
190 cb = s->info_callback;
191 else if (s->ctx->info_callback != NULL)
192 cb = s->ctx->info_callback;
193
194 listen = s->d1->listen;
195
196 /* init things to blank */
197 s->in_handshake++;
198 if (!SSL_in_init(s) || SSL_in_before(s))
199 SSL_clear(s);
200
201 s->d1->listen = listen;
202
203 if (s->cert == NULL) {
204 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
205 ret = -1;
206 goto end;
207 }
208
209 for (;;) {
210 state = s->state;
211
212 switch (s->state) {
213 case SSL_ST_RENEGOTIATE:
214 s->renegotiate = 1;
215 /* s->state=SSL_ST_ACCEPT; */
216
217 case SSL_ST_BEFORE:
218 case SSL_ST_ACCEPT:
219 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
220 case SSL_ST_OK|SSL_ST_ACCEPT:
221
222 s->server = 1;
223 if (cb != NULL)
224 cb(s, SSL_CB_HANDSHAKE_START, 1);
225
226 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
227 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
228 ret = -1;
229 goto end;
230 }
231 s->type = SSL_ST_ACCEPT;
232
233 if (!ssl3_setup_init_buffer(s)) {
234 ret = -1;
235 goto end;
236 }
237 if (!ssl3_setup_buffers(s)) {
238 ret = -1;
239 goto end;
240 }
241
242 s->init_num = 0;
243
244 if (s->state != SSL_ST_RENEGOTIATE) {
245 /* Ok, we now need to push on a buffering BIO so that
246 * the output is sent in a way that TCP likes :-)
247 * ...but not with SCTP :-)
248 */
249 if (!ssl_init_wbio_buffer(s, 1)) {
250 ret = -1;
251 goto end;
252 }
253
254 if (!tls1_init_finished_mac(s)) {
255 ret = -1;
256 goto end;
257 }
258
259 s->state = SSL3_ST_SR_CLNT_HELLO_A;
260 s->ctx->stats.sess_accept++;
261 } else {
262 /* s->state == SSL_ST_RENEGOTIATE,
263 * we will just send a HelloRequest */
264 s->ctx->stats.sess_accept_renegotiate++;
265 s->state = SSL3_ST_SW_HELLO_REQ_A;
266 }
267
268 break;
269
270 case SSL3_ST_SW_HELLO_REQ_A:
271 case SSL3_ST_SW_HELLO_REQ_B:
272
273 s->shutdown = 0;
274 dtls1_clear_record_buffer(s);
275 dtls1_start_timer(s);
276 ret = ssl3_send_hello_request(s);
277 if (ret <= 0)
278 goto end;
279 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
280 s->state = SSL3_ST_SW_FLUSH;
281 s->init_num = 0;
282
283 if (!tls1_init_finished_mac(s)) {
284 ret = -1;
285 goto end;
286 }
287 break;
288
289 case SSL3_ST_SW_HELLO_REQ_C:
290 s->state = SSL_ST_OK;
291 break;
292
293 case SSL3_ST_SR_CLNT_HELLO_A:
294 case SSL3_ST_SR_CLNT_HELLO_B:
295 case SSL3_ST_SR_CLNT_HELLO_C:
296
297 s->shutdown = 0;
298 ret = ssl3_get_client_hello(s);
299 if (ret <= 0)
300 goto end;
301 dtls1_stop_timer(s);
302
303 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
304 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
305 else
306 s->state = SSL3_ST_SW_SRVR_HELLO_A;
307
308 s->init_num = 0;
309
310 /* Reflect ClientHello sequence to remain stateless while listening */
311 if (listen) {
312 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
313 }
314
315 /* If we're just listening, stop here */
316 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
317 ret = 2;
318 s->d1->listen = 0;
319 /* Set expected sequence numbers
320 * to continue the handshake.
321 */
322 s->d1->handshake_read_seq = 2;
323 s->d1->handshake_write_seq = 1;
324 s->d1->next_handshake_write_seq = 1;
325 goto end;
326 }
327
328 break;
329
330 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
331 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
332
333 ret = dtls1_send_hello_verify_request(s);
334 if (ret <= 0)
335 goto end;
336 s->state = SSL3_ST_SW_FLUSH;
337 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
338
339 /* HelloVerifyRequest resets Finished MAC */
340 if (!tls1_init_finished_mac(s)) {
341 ret = -1;
342 goto end;
343 }
344 break;
345
346
347 case SSL3_ST_SW_SRVR_HELLO_A:
348 case SSL3_ST_SW_SRVR_HELLO_B:
349 s->renegotiate = 2;
350 dtls1_start_timer(s);
351 ret = ssl3_send_server_hello(s);
352 if (ret <= 0)
353 goto end;
354
355 if (s->hit) {
356 if (s->tlsext_ticket_expected)
357 s->state = SSL3_ST_SW_SESSION_TICKET_A;
358 else
359 s->state = SSL3_ST_SW_CHANGE_A;
360 } else
361 s->state = SSL3_ST_SW_CERT_A;
362 s->init_num = 0;
363 break;
364
365 case SSL3_ST_SW_CERT_A:
366 case SSL3_ST_SW_CERT_B:
367 /* Check if it is anon DH. */
368 if (!(s->s3->tmp.new_cipher->algorithm_auth &
369 SSL_aNULL)) {
370 dtls1_start_timer(s);
371 ret = dtls1_send_server_certificate(s);
372 if (ret <= 0)
373 goto end;
374 if (s->tlsext_status_expected)
375 s->state = SSL3_ST_SW_CERT_STATUS_A;
376 else
377 s->state = SSL3_ST_SW_KEY_EXCH_A;
378 } else {
379 skip = 1;
380 s->state = SSL3_ST_SW_KEY_EXCH_A;
381 }
382 s->init_num = 0;
383 break;
384
385 case SSL3_ST_SW_KEY_EXCH_A:
386 case SSL3_ST_SW_KEY_EXCH_B:
387 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
388
389 /* Only send if using a DH key exchange. */
390 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
391 dtls1_start_timer(s);
392 ret = ssl3_send_server_key_exchange(s);
393 if (ret <= 0)
394 goto end;
395 } else
396 skip = 1;
397
398 s->state = SSL3_ST_SW_CERT_REQ_A;
399 s->init_num = 0;
400 break;
401
402 case SSL3_ST_SW_CERT_REQ_A:
403 case SSL3_ST_SW_CERT_REQ_B:
404 /*
405 * Determine whether or not we need to request a
406 * certificate.
407 *
408 * Do not request a certificate if:
409 *
410 * - We did not ask for it (SSL_VERIFY_PEER is unset).
411 *
412 * - SSL_VERIFY_CLIENT_ONCE is set and we are
413 * renegotiating.
414 *
415 * - We are using an anonymous ciphersuites
416 * (see section "Certificate request" in SSL 3 drafts
417 * and in RFC 2246) ... except when the application
418 * insists on verification (against the specs, but
419 * s3_clnt.c accepts this for SSL 3).
420 */
421 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
422 ((s->session->peer != NULL) &&
423 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
424 ((s->s3->tmp.new_cipher->algorithm_auth &
425 SSL_aNULL) && !(s->verify_mode &
426 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
427 /* no cert request */
428 skip = 1;
429 s->s3->tmp.cert_request = 0;
430 s->state = SSL3_ST_SW_SRVR_DONE_A;
431 } else {
432 s->s3->tmp.cert_request = 1;
433 dtls1_start_timer(s);
434 ret = ssl3_send_certificate_request(s);
435 if (ret <= 0)
436 goto end;
437 s->state = SSL3_ST_SW_SRVR_DONE_A;
438 s->init_num = 0;
439 }
440 break;
441
442 case SSL3_ST_SW_SRVR_DONE_A:
443 case SSL3_ST_SW_SRVR_DONE_B:
444 dtls1_start_timer(s);
445 ret = ssl3_send_server_done(s);
446 if (ret <= 0)
447 goto end;
448 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
449 s->state = SSL3_ST_SW_FLUSH;
450 s->init_num = 0;
451 break;
452
453 case SSL3_ST_SW_FLUSH:
454 s->rwstate = SSL_WRITING;
455 if (BIO_flush(s->wbio) <= 0) {
456 /* If the write error was fatal, stop trying */
457 if (!BIO_should_retry(s->wbio)) {
458 s->rwstate = SSL_NOTHING;
459 s->state = s->s3->tmp.next_state;
460 }
461
462 ret = -1;
463 goto end;
464 }
465 s->rwstate = SSL_NOTHING;
466 s->state = s->s3->tmp.next_state;
467 break;
468
469 case SSL3_ST_SR_CERT_A:
470 case SSL3_ST_SR_CERT_B:
471 if (s->s3->tmp.cert_request) {
472 ret = ssl3_get_client_certificate(s);
473 if (ret <= 0)
474 goto end;
475 }
476 s->init_num = 0;
477 s->state = SSL3_ST_SR_KEY_EXCH_A;
478 break;
479
480 case SSL3_ST_SR_KEY_EXCH_A:
481 case SSL3_ST_SR_KEY_EXCH_B:
482 ret = ssl3_get_client_key_exchange(s);
483 if (ret <= 0)
484 goto end;
485
486 s->state = SSL3_ST_SR_CERT_VRFY_A;
487 s->init_num = 0;
488
489 if (ret == 2) {
490 /* For the ECDH ciphersuites when
491 * the client sends its ECDH pub key in
492 * a certificate, the CertificateVerify
493 * message is not sent.
494 */
495 s->state = SSL3_ST_SR_FINISHED_A;
496 s->init_num = 0;
497 } else if (SSL_USE_SIGALGS(s)) {
498 s->state = SSL3_ST_SR_CERT_VRFY_A;
499 s->init_num = 0;
500 if (!s->session->peer)
501 break;
502
503 /*
504 * For sigalgs freeze the handshake buffer
505 * at this point and digest cached records.
506 */
507 if (!s->s3->handshake_buffer) {
508 SSLerr(SSL_F_SSL3_ACCEPT,
509 ERR_R_INTERNAL_ERROR);
510 ret = -1;
511 goto end;
512 }
513 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
514 if (!tls1_digest_cached_records(s)) {
515 ret = -1;
516 goto end;
517 }
518 } else {
519 s->state = SSL3_ST_SR_CERT_VRFY_A;
520 s->init_num = 0;
521
522 /* We need to get hashes here so if there is
523 * a client cert, it can be verified */
524 s->method->ssl3_enc->cert_verify_mac(s,
525 NID_md5, &(s->s3->tmp.cert_verify_md[0]));
526 s->method->ssl3_enc->cert_verify_mac(s,
527 NID_sha1,
528 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
529 }
530 break;
531
532 case SSL3_ST_SR_CERT_VRFY_A:
533 case SSL3_ST_SR_CERT_VRFY_B:
534
535 s->d1->change_cipher_spec_ok = 1;
536 /* we should decide if we expected this one */
537 ret = ssl3_get_cert_verify(s);
538 if (ret <= 0)
539 goto end;
540 s->state = SSL3_ST_SR_FINISHED_A;
541 s->init_num = 0;
542 break;
543
544 case SSL3_ST_SR_FINISHED_A:
545 case SSL3_ST_SR_FINISHED_B:
546 s->d1->change_cipher_spec_ok = 1;
547 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
548 SSL3_ST_SR_FINISHED_B);
549 if (ret <= 0)
550 goto end;
551 dtls1_stop_timer(s);
552 if (s->hit)
553 s->state = SSL_ST_OK;
554 else if (s->tlsext_ticket_expected)
555 s->state = SSL3_ST_SW_SESSION_TICKET_A;
556 else
557 s->state = SSL3_ST_SW_CHANGE_A;
558 s->init_num = 0;
559 break;
560
561 case SSL3_ST_SW_SESSION_TICKET_A:
562 case SSL3_ST_SW_SESSION_TICKET_B:
563 ret = ssl3_send_newsession_ticket(s);
564 if (ret <= 0)
565 goto end;
566 s->state = SSL3_ST_SW_CHANGE_A;
567 s->init_num = 0;
568 break;
569
570 case SSL3_ST_SW_CERT_STATUS_A:
571 case SSL3_ST_SW_CERT_STATUS_B:
572 ret = ssl3_send_cert_status(s);
573 if (ret <= 0)
574 goto end;
575 s->state = SSL3_ST_SW_KEY_EXCH_A;
576 s->init_num = 0;
577 break;
578
579
580 case SSL3_ST_SW_CHANGE_A:
581 case SSL3_ST_SW_CHANGE_B:
582
583 s->session->cipher = s->s3->tmp.new_cipher;
584 if (!s->method->ssl3_enc->setup_key_block(s)) {
585 ret = -1;
586 goto end;
587 }
588
589 ret = dtls1_send_change_cipher_spec(s,
590 SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
591
592 if (ret <= 0)
593 goto end;
594
595
596 s->state = SSL3_ST_SW_FINISHED_A;
597 s->init_num = 0;
598
599 if (!s->method->ssl3_enc->change_cipher_state(s,
600 SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
601 ret = -1;
602 goto end;
603 }
604
605 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
606 break;
607
608 case SSL3_ST_SW_FINISHED_A:
609 case SSL3_ST_SW_FINISHED_B:
610 ret = ssl3_send_finished(s,
611 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
612 s->method->ssl3_enc->server_finished_label,
613 s->method->ssl3_enc->server_finished_label_len);
614 if (ret <= 0)
615 goto end;
616 s->state = SSL3_ST_SW_FLUSH;
617 if (s->hit) {
618 s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
619
620 } else {
621 s->s3->tmp.next_state = SSL_ST_OK;
622 }
623 s->init_num = 0;
624 break;
625
626 case SSL_ST_OK:
627 /* clean a few things up */
628 tls1_cleanup_key_block(s);
629
630 /* remove buffering on output */
631 ssl_free_wbio_buffer(s);
632
633 s->init_num = 0;
634
635 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
636 {
637 s->renegotiate = 0;
638 s->new_session = 0;
639
640 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
641
642 s->ctx->stats.sess_accept_good++;
643 /* s->server=1; */
644 s->handshake_func = dtls1_accept;
645
646 if (cb != NULL)
647 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
648 }
649
650 ret = 1;
651
652 /* done handshaking, next message is client hello */
653 s->d1->handshake_read_seq = 0;
654 /* next message is server hello */
655 s->d1->handshake_write_seq = 0;
656 s->d1->next_handshake_write_seq = 0;
657 goto end;
658 /* break; */
659
660 default:
661 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
662 ret = -1;
663 goto end;
664 /* break; */
665 }
666
667 if (!s->s3->tmp.reuse_message && !skip) {
668 if (s->debug) {
669 if ((ret = BIO_flush(s->wbio)) <= 0)
670 goto end;
671 }
672
673 if ((cb != NULL) && (s->state != state)) {
674 new_state = s->state;
675 s->state = state;
676 cb(s, SSL_CB_ACCEPT_LOOP, 1);
677 s->state = new_state;
678 }
679 }
680 skip = 0;
681 }
682end:
683 /* BIO_flush(s->wbio); */
684
685 s->in_handshake--;
686
687 if (cb != NULL)
688 cb(s, SSL_CB_ACCEPT_EXIT, ret);
689
690 return (ret);
691}
692
693int
694dtls1_send_hello_verify_request(SSL *s)
695{
696 unsigned char *d, *p;
697
698 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
699 d = p = ssl3_handshake_msg_start(s,
700 DTLS1_MT_HELLO_VERIFY_REQUEST);
701
702 *(p++) = s->version >> 8;
703 *(p++) = s->version & 0xFF;
704
705 if (s->ctx->app_gen_cookie_cb == NULL ||
706 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
707 &(s->d1->cookie_len)) == 0) {
708 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
709 ERR_R_INTERNAL_ERROR);
710 return 0;
711 }
712
713 *(p++) = (unsigned char) s->d1->cookie_len;
714 memcpy(p, s->d1->cookie, s->d1->cookie_len);
715 p += s->d1->cookie_len;
716
717 ssl3_handshake_msg_finish(s, p - d);
718
719 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
720 }
721
722 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
723 return (ssl3_handshake_write(s));
724}
725
726int
727dtls1_send_server_certificate(SSL *s)
728{
729 unsigned long l;
730 X509 *x;
731
732 if (s->state == SSL3_ST_SW_CERT_A) {
733 x = ssl_get_server_send_cert(s);
734 if (x == NULL) {
735 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,
736 ERR_R_INTERNAL_ERROR);
737 return (0);
738 }
739
740 l = dtls1_output_cert_chain(s, x);
741 s->state = SSL3_ST_SW_CERT_B;
742 s->init_num = (int)l;
743 s->init_off = 0;
744
745 /* buffer the message to handle re-xmits */
746 dtls1_buffer_message(s, 0);
747 }
748
749 /* SSL3_ST_SW_CERT_B */
750 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
751}
diff --git a/src/lib/libssl/doc/BIO_f_ssl.3 b/src/lib/libssl/doc/BIO_f_ssl.3
deleted file mode 100644
index f70b6c1e23..0000000000
--- a/src/lib/libssl/doc/BIO_f_ssl.3
+++ /dev/null
@@ -1,479 +0,0 @@
1.\"
2.\" $OpenBSD: BIO_f_ssl.3,v 1.4 2015/11/11 22:14:40 jmc Exp $
3.\"
4.Dd $Mdocdate: November 11 2015 $
5.Dt BIO_F_SSL 3
6.Os
7.Sh NAME
8.Nm BIO_f_ssl ,
9.Nm BIO_set_ssl ,
10.Nm BIO_get_ssl ,
11.Nm BIO_set_ssl_mode ,
12.Nm BIO_set_ssl_renegotiate_bytes ,
13.Nm BIO_get_num_renegotiates ,
14.Nm BIO_set_ssl_renegotiate_timeout ,
15.Nm BIO_new_ssl ,
16.Nm BIO_new_ssl_connect ,
17.Nm BIO_new_buffer_ssl_connect ,
18.Nm BIO_ssl_copy_session_id ,
19.Nm BIO_ssl_shutdown ,
20.Nm BIO_do_handshake
21.Nd SSL BIO
22.Sh SYNOPSIS
23.In openssl/bio.h
24.In openssl/ssl.h
25.Ft BIO_METHOD *
26.Fn BIO_f_ssl void
27.Fd #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
28.Fd #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
29.Fd #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
30.Fd #define BIO_set_ssl_renegotiate_bytes(b,num) \
31BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
32.Fd #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
33BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
34.Fd #define BIO_get_num_renegotiates(b) \
35BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL)
36.Ft BIO *
37.Fn BIO_new_ssl "SSL_CTX *ctx" "int client"
38.Ft BIO *
39.Fn BIO_new_ssl_connect "SSL_CTX *ctx"
40.Ft BIO *
41.Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx"
42.Ft int
43.Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from"
44.Ft void
45.Fn BIO_ssl_shutdown "BIO *bio"
46.Fd #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
47.Sh DESCRIPTION
48.Fn BIO_f_ssl
49returns the
50.Vt SSL
51.Vt BIO
52method.
53This is a filter
54.Vt BIO
55which is a wrapper around the OpenSSL
56.Vt SSL
57routines adding a
58.Vt BIO
59.Dq flavor
60to SSL I/O.
61.Pp
62I/O performed on an
63.Vt SSL
64.Vt BIO
65communicates using the SSL protocol with
66the
67.Vt SSL Ns 's
68read and write
69.Vt BIO Ns s.
70If an SSL connection is not established then an attempt is made to establish
71one on the first I/O call.
72.Pp
73If a
74.Vt BIO
75is appended to an
76.Vt SSL
77.Vt BIO
78using
79.Xr BIO_push 3
80it is automatically used as the
81.Vt SSL
82.Vt BIO Ns 's read and write
83.Vt BIO Ns s.
84.Pp
85Calling
86.Xr BIO_reset 3
87on an
88.Vt SSL
89.Vt BIO
90closes down any current SSL connection by calling
91.Xr SSL_shutdown 3 .
92.Xr BIO_reset
93is then sent to the next
94.Vt BIO
95in the chain; this will typically disconnect the underlying transport.
96The
97.Vt SSL
98.Vt BIO
99is then reset to the initial accept or connect state.
100.Pp
101If the close flag is set when an
102.Vt SSL
103.Vt BIO
104is freed then the internal
105.Vt SSL
106structure is also freed using
107.Xr SSL_free 3 .
108.Pp
109.Fn BIO_set_ssl
110sets the internal
111.Vt SSL
112pointer of
113.Vt BIO
114.Fa b
115to
116.Fa ssl
117using
118the close flag
119.Fa c .
120.Pp
121.Fn BIO_get_ssl
122retrieves the
123.Vt SSL
124pointer of
125.Vt BIO
126.Fa b ;
127it can then be manipulated using the standard SSL library functions.
128.Pp
129.Fn BIO_set_ssl_mode
130sets the
131.Vt SSL
132.Vt BIO
133mode to
134.Fa client .
135If
136.Fa client
137is 1, client mode is set.
138If
139.Fa client
140is 0, server mode is set.
141.Pp
142.Fn BIO_set_ssl_renegotiate_bytes
143sets the renegotiate byte count to
144.Fa num .
145When set after every
146.Fa num
147bytes of I/O (read and write) the SSL session is automatically renegotiated.
148.Fa num
149must be at least 512 bytes.
150.Pp
151.Fn BIO_set_ssl_renegotiate_timeout
152sets the renegotiate timeout to
153.Fa seconds .
154When the renegotiate timeout elapses the session is automatically renegotiated.
155.Pp
156.Fn BIO_get_num_renegotiates
157returns the total number of session renegotiations due to I/O or timeout.
158.Pp
159.Fn BIO_new_ssl
160allocates an
161.Vt SSL
162.Vt BIO
163using
164.Vt SSL_CTX
165.Va ctx
166and using client mode if
167.Fa client
168is nonzero.
169.Pp
170.Fn BIO_new_ssl_connect
171creates a new
172.Vt BIO
173chain consisting of an
174.Vt SSL
175.Vt BIO
176(using
177.Fa ctx )
178followed by a connect BIO.
179.Pp
180.Fn BIO_new_buffer_ssl_connect
181creates a new
182.Vt BIO
183chain consisting of a buffering
184.Vt BIO ,
185an
186.Vt SSL
187.Vt BIO
188(using
189.Fa ctx )
190and a connect
191.Vt BIO .
192.Pp
193.Fn BIO_ssl_copy_session_id
194copies an SSL session id between
195.Vt BIO
196chains
197.Fa from
198and
199.Fa to .
200It does this by locating the
201.Vt SSL
202.Vt BIO Ns s
203in each chain and calling
204.Xr SSL_copy_session_id 3
205on the internal
206.Vt SSL
207pointer.
208.Pp
209.Fn BIO_ssl_shutdown
210closes down an SSL connection on
211.Vt BIO
212chain
213.Fa bio .
214It does this by locating the
215.Vt SSL
216.Vt BIO
217in the
218chain and calling
219.Xr SSL_shutdown 3
220on its internal
221.Vt SSL
222pointer.
223.Pp
224.Fn BIO_do_handshake
225attempts to complete an SSL handshake on the supplied
226.Vt BIO
227and establish the SSL connection.
228It returns 1 if the connection was established successfully.
229A zero or negative value is returned if the connection could not be
230established; the call
231.Xr BIO_should_retry 3
232should be used for non blocking connect
233.Vt BIO Ns s
234to determine if the call should be retried.
235If an SSL connection has already been established this call has no effect.
236.Sh NOTES
237.Vt SSL
238.Vt BIO Ns s
239are exceptional in that if the underlying transport is non-blocking they can
240still request a retry in exceptional circumstances.
241Specifically this will happen if a session renegotiation takes place during a
242.Xr BIO_read 3
243operation.
244One case where this happens is when step up occurs.
245.Pp
246In OpenSSL 0.9.6 and later the SSL flag
247.Dv SSL_AUTO_RETRY
248can be set to disable this behaviour.
249In other words, when this flag is set an
250.Vt SSL
251.Vt BIO
252using a blocking transport will never request a retry.
253.Pp
254Since unknown
255.Xr BIO_ctrl 3
256operations are sent through filter
257.Vt BIO Ns s
258the server name and port can be set using
259.Xr BIO_set_host 3
260on the
261.Vt BIO
262returned by
263.Fn BIO_new_ssl_connect
264without having to locate the connect
265.Vt BIO
266first.
267.Pp
268Applications do not have to call
269.Fn BIO_do_handshake
270but may wish to do so to separate the handshake process from other I/O
271processing.
272.Sh RETURN VALUES
273.\" XXX
274This section is incomplete.
275.Sh EXAMPLES
276This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web
277server.
278The I/O routines are identical to those of the unencrypted example in
279.Xr BIO_s_connect 3 .
280.Bd -literal
281BIO *sbio, *out;
282int len;
283char tmpbuf[1024];
284SSL_CTX *ctx;
285SSL *ssl;
286
287ERR_load_crypto_strings();
288ERR_load_SSL_strings();
289OpenSSL_add_all_algorithms();
290
291/*
292 * We would seed the PRNG here if the platform didn't do it automatically
293 */
294
295ctx = SSL_CTX_new(SSLv23_client_method());
296
297/*
298 * We'd normally set some stuff like the verify paths and mode here because
299 * as things stand this will connect to any server whose certificate is
300 * signed by any CA.
301 */
302
303sbio = BIO_new_ssl_connect(ctx);
304
305BIO_get_ssl(sbio, &ssl);
306
307if (!ssl) {
308 fprintf(stderr, "Can't locate SSL pointer\en");
309 /* whatever ... */
310}
311
312/* Don't want any retries */
313SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
314
315/* We might want to do other things with ssl here */
316
317BIO_set_conn_hostname(sbio, "localhost:https");
318
319out = BIO_new_fp(stdout, BIO_NOCLOSE);
320if (BIO_do_connect(sbio) <= 0) {
321 fprintf(stderr, "Error connecting to server\en");
322 ERR_print_errors_fp(stderr);
323 /* whatever ... */
324}
325
326if (BIO_do_handshake(sbio) <= 0) {
327 fprintf(stderr, "Error establishing SSL connection\en");
328 ERR_print_errors_fp(stderr);
329 /* whatever ... */
330}
331
332/* Could examine ssl here to get connection info */
333
334BIO_puts(sbio, "GET / HTTP/1.0\en\en");
335for (;;) {
336 len = BIO_read(sbio, tmpbuf, 1024);
337 if(len <= 0) break;
338 BIO_write(out, tmpbuf, len);
339}
340BIO_free_all(sbio);
341BIO_free(out);
342.Ed
343.Pp
344Here is a simple server example.
345It makes use of a buffering
346.Vt BIO
347to allow lines to be read from the
348.Vt SSL
349.Vt BIO
350using
351.Xr BIO_gets 3 .
352It creates a pseudo web page containing the actual request from a client and
353also echoes the request to standard output.
354.Bd -literal
355BIO *sbio, *bbio, *acpt, *out;
356int len;
357char tmpbuf[1024];
358SSL_CTX *ctx;
359SSL *ssl;
360
361ERR_load_crypto_strings();
362ERR_load_SSL_strings();
363OpenSSL_add_all_algorithms();
364
365/* Might seed PRNG here */
366
367ctx = SSL_CTX_new(SSLv23_server_method());
368
369if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
370 || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
371 || !SSL_CTX_check_private_key(ctx)) {
372 fprintf(stderr, "Error setting up SSL_CTX\en");
373 ERR_print_errors_fp(stderr);
374 return 0;
375}
376
377/*
378 * Might do other things here like setting verify locations and DH and/or
379 * RSA temporary key callbacks
380 */
381
382/* New SSL BIO setup as server */
383sbio = BIO_new_ssl(ctx,0);
384
385BIO_get_ssl(sbio, &ssl);
386
387if (!ssl) {
388 fprintf(stderr, "Can't locate SSL pointer\en");
389 /* whatever ... */
390}
391
392/* Don't want any retries */
393SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
394
395/* Create the buffering BIO */
396
397bbio = BIO_new(BIO_f_buffer());
398
399/* Add to chain */
400sbio = BIO_push(bbio, sbio);
401
402acpt = BIO_new_accept("4433");
403
404/*
405 * By doing this when a new connection is established we automatically
406 * have sbio inserted into it. The BIO chain is now 'swallowed' by the
407 * accept BIO and will be freed when the accept BIO is freed.
408 */
409
410BIO_set_accept_bios(acpt,sbio);
411
412out = BIO_new_fp(stdout, BIO_NOCLOSE);
413
414/* Setup accept BIO */
415if (BIO_do_accept(acpt) <= 0) {
416 fprintf(stderr, "Error setting up accept BIO\en");
417 ERR_print_errors_fp(stderr);
418 return 0;
419}
420
421/* Now wait for incoming connection */
422if (BIO_do_accept(acpt) <= 0) {
423 fprintf(stderr, "Error in connection\en");
424 ERR_print_errors_fp(stderr);
425 return 0;
426}
427
428/* We only want one connection so remove and free accept BIO */
429
430sbio = BIO_pop(acpt);
431
432BIO_free_all(acpt);
433
434if (BIO_do_handshake(sbio) <= 0) {
435 fprintf(stderr, "Error in SSL handshake\en");
436 ERR_print_errors_fp(stderr);
437 return 0;
438}
439
440BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en");
441BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en");
442BIO_puts(sbio, "--------------------------------------------------\er\en");
443
444for (;;) {
445 len = BIO_gets(sbio, tmpbuf, 1024);
446 if (len <= 0)
447 break;
448 BIO_write(sbio, tmpbuf, len);
449 BIO_write(out, tmpbuf, len);
450 /* Look for blank line signifying end of headers */
451 if ((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en'))
452 break;
453}
454
455BIO_puts(sbio, "--------------------------------------------------\er\en");
456BIO_puts(sbio, "\er\en");
457
458/* Since there is a buffering BIO present we had better flush it */
459BIO_flush(sbio);
460
461BIO_free_all(sbio);
462.Ed
463.Sh BUGS
464In OpenSSL versions before 1.0.0 the
465.Xr BIO_pop 3
466call was handled incorrectly:
467the I/O BIO reference count was incorrectly incremented (instead of
468decremented) and dissociated with the
469.Vt SSL
470.Vt BIO
471even if the
472.Vt SSL
473.Vt BIO
474was not
475explicitly being popped (e.g., a pop higher up the chain).
476Applications which included workarounds for this bug (e.g., freeing BIOs more
477than once) should be modified to handle this fix or they may free up an already
478freed
479.Vt BIO .
diff --git a/src/lib/libssl/doc/SSL_CIPHER_get_name.3 b/src/lib/libssl/doc/SSL_CIPHER_get_name.3
deleted file mode 100644
index ebc478f9c6..0000000000
--- a/src/lib/libssl/doc/SSL_CIPHER_get_name.3
+++ /dev/null
@@ -1,196 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CIPHER_GET_NAME 3
6.Os
7.Sh NAME
8.Nm SSL_CIPHER_get_name ,
9.Nm SSL_CIPHER_get_bits ,
10.Nm SSL_CIPHER_get_version ,
11.Nm SSL_CIPHER_description
12.Nd get SSL_CIPHER properties
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft const char *
16.Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher"
17.Ft int
18.Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits"
19.Ft char *
20.Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher"
21.Ft char *
22.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size"
23.Sh DESCRIPTION
24.Fn SSL_CIPHER_get_name
25returns a pointer to the name of
26.Fa cipher .
27If the
28argument is the
29.Dv NULL
30pointer, a pointer to the constant value
31.Qq NONE
32is returned.
33.Pp
34.Fn SSL_CIPHER_get_bits
35returns the number of secret bits used for
36.Fa cipher .
37If
38.Fa alg_bits
39is not
40.Dv NULL ,
41it contains the number of bits processed by the
42chosen algorithm.
43If
44.Fa cipher
45is
46.Dv NULL ,
470 is returned.
48.Pp
49.Fn SSL_CIPHER_get_version
50returns a string which indicates the SSL/TLS protocol version that first
51defined the cipher.
52This is currently
53.Qq SSLv2
54or
55.Qq TLSv1/SSLv3 .
56In some cases it should possibly return
57.Qq TLSv1.2
58but the function does not; use
59.Xr SSL_CIPHER_description 3
60instead.
61If
62.Fa cipher
63is
64.Dv NULL ,
65.Qq (NONE)
66is returned.
67.Pp
68.Fn SSL_CIPHER_description
69returns a textual description of the cipher used into the buffer
70.Fa buf
71of length
72.Fa len
73provided.
74If
75.Fa buf
76is
77.Dv NULL ,
78a buffer is allocated using
79.Xr asprintf 3 ;
80that buffer should be freed using the
81.Xr free 3
82function.
83If
84.Fa len
85is too small, or if
86.Fa buf
87is
88.Dv NULL
89and the allocation fails, a pointer to the string
90.Qq Buffer too small
91is returned.
92.Sh NOTES
93The number of bits processed can be different from the secret bits.
94For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
95The algorithm does use the full 128 bits (which would be returned for
96.Fa alg_bits ) ,
97but 88 bits are fixed.
98The search space is hence only 40 bits.
99.Pp
100The string returned by
101.Fn SSL_CIPHER_description
102in case of success consists
103of cleartext information separated by one or more blanks in the following
104sequence:
105.Bl -tag -width Ds
106.It Aq Ar ciphername
107Textual representation of the cipher name.
108.It Aq Ar protocol version
109Protocol version:
110.Em SSLv2 ,
111.Em SSLv3 ,
112.Em TLSv1.2 .
113The TLSv1.0 ciphers are flagged with SSLv3.
114No new ciphers were added by TLSv1.1.
115.It Kx= Ns Aq Ar key exchange
116Key exchange method:
117.Em RSA
118(for export ciphers as
119.Em RSA(512)
120or
121.Em RSA(1024) ) ,
122.Em DH
123(for export ciphers as
124.Em DH(512)
125or
126.Em DH(1024) ) ,
127.Em DH/RSA ,
128.Em DH/DSS ,
129.Em Fortezza .
130.It Au= Ns Aq Ar authentication
131Authentication method:
132.Em RSA ,
133.Em DSS ,
134.Em DH ,
135.Em None .
136.Em None
137is the representation of anonymous ciphers.
138.It Enc= Ns Aq Ar symmetric encryption method
139Encryption method with number of secret bits:
140.Em DES(40) ,
141.Em DES(56) ,
142.Em 3DES(168) ,
143.Em RC4(40) ,
144.Em RC4(56) ,
145.Em RC4(64) ,
146.Em RC4(128) ,
147.Em RC2(40) ,
148.Em RC2(56) ,
149.Em RC2(128) ,
150.Em IDEA(128) ,
151.Em Fortezza ,
152.Em None .
153.It Mac= Ns Aq Ar message authentication code
154Message digest:
155.Em MD5 ,
156.Em SHA1 .
157.It Aq Ar export flag
158If the cipher is flagged exportable with respect to old US crypto
159regulations, the word
160.Dq export
161is printed.
162.El
163.Sh RETURN VALUES
164See
165.Sx DESCRIPTION
166.Sh EXAMPLES
167Some examples for the output of
168.Fn SSL_CIPHER_description :
169.D1 "EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1"
170.D1 "EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1"
171.D1 "RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5"
172.D1 "EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export"
173.Pp
174A complete list can be retrieved by invoking the following command:
175.Pp
176.Dl $ openssl ciphers -v ALL
177.Sh SEE ALSO
178.Xr openssl 1 ,
179.Xr ssl 3 ,
180.Xr SSL_get_ciphers 3 ,
181.Xr SSL_get_current_cipher 3
182.Sh BUGS
183If
184.Fn SSL_CIPHER_description
185is called with
186.Fa cipher
187being
188.Dv NULL ,
189the library crashes.
190.Pp
191If
192.Fn SSL_CIPHER_description
193cannot handle a built-in cipher,
194the according description of the cipher property is
195.Qq unknown .
196This case should not occur.
diff --git a/src/lib/libssl/doc/SSL_COMP_add_compression_method.3 b/src/lib/libssl/doc/SSL_COMP_add_compression_method.3
deleted file mode 100644
index d683574dd3..0000000000
--- a/src/lib/libssl/doc/SSL_COMP_add_compression_method.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_COMP_ADD_COMPRESSION_METHOD 3
6.Os
7.Sh NAME
8.Nm SSL_COMP_add_compression_method
9.Nd handle SSL/TLS integrated compression methods
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_COMP_add_compression_method "int id" "COMP_METHOD *cm"
14.Sh DESCRIPTION
15.Fn SSL_COMP_add_compression_method
16adds the compression method
17.Fa cm
18with the identifier
19.Fa id
20to the list of available compression methods.
21This list is globally maintained for all SSL operations within this application.
22It cannot be set for specific SSL_CTX or SSL objects.
23.Sh NOTES
24The TLS standard (or SSLv3) allows the integration of compression methods
25into the communication.
26The TLS RFC does however not specify compression methods or their corresponding
27identifiers, so there is currently no compatible way to integrate compression
28with unknown peers.
29It is therefore currently not recommended to integrate compression into
30applications.
31Applications for non-public use may agree on certain compression methods.
32Using different compression methods with the same identifier will lead to
33connection failure.
34.Pp
35An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
36will unconditionally send the list of all compression methods enabled with
37.Fn SSL_COMP_add_compression_method
38to the server during the handshake.
39Unlike the mechanisms to set a cipher list, there is no method available to
40restrict the list of compression method on a per connection basis.
41.Pp
42An OpenSSL server will match the identifiers listed by a client against
43its own compression methods and will unconditionally activate compression
44when a matching identifier is found.
45There is no way to restrict the list of compression methods supported on a per
46connection basis.
47.Pp
48The OpenSSL library has the compression methods
49.Fn COMP_rle
50and (when especially enabled during compilation)
51.Fn COMP_zlib
52available.
53.Sh WARNINGS
54Once the identities of the compression methods for the TLS protocol have
55been standardized, the compression API will most likely be changed.
56Using it in the current state is not recommended.
57.Sh RETURN VALUES
58.Fn SSL_COMP_add_compression_method
59may return the following values:
60.Bl -tag -width Ds
61.It 0
62The operation succeeded.
63.It 1
64The operation failed.
65Check the error queue to find out the reason.
66.El
67.Sh SEE ALSO
68.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3
deleted file mode 100644
index c18d220643..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3
+++ /dev/null
@@ -1,45 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_add_extra_chain_cert
9.Nd add certificate to chain
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft long
13.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX ctx" "X509 *x509"
14.Sh DESCRIPTION
15.Fn SSL_CTX_add_extra_chain_cert
16adds the certificate
17.Fa x509
18to the certificate chain presented together with the certificate.
19Several certificates can be added one after the other.
20.Sh NOTES
21When constructing the certificate chain, the chain will be formed from
22these certificates explicitly specified.
23If no chain is specified, the library will try to complete the chain from the
24available CA certificates in the trusted CA storage, see
25.Xr SSL_CTX_load_verify_locations 3 .
26.Pp
27The x509 certificate provided to
28.Fn SSL_CTX_add_extra_chain_cert
29will be freed by the library when the
30.Vt SSL_CTX
31is destroyed.
32An application
33.Em should not
34free the
35.Fa x509
36object.
37.Sh RETURN VALUES
38.Fn SSL_CTX_add_extra_chain_cert
39returns 1 on success.
40Check out the error stack to find out the reason for failure otherwise.
41.Sh SEE ALSO
42.Xr ssl 3 ,
43.Xr SSL_CTX_load_verify_locations 3 ,
44.Xr SSL_CTX_set_client_cert_cb 3 ,
45.Xr SSL_CTX_use_certificate 3
diff --git a/src/lib/libssl/doc/SSL_CTX_add_session.3 b/src/lib/libssl/doc/SSL_CTX_add_session.3
deleted file mode 100644
index 073b919dc1..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_add_session.3
+++ /dev/null
@@ -1,90 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_add_session.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_ADD_SESSION 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_add_session ,
9.Nm SSL_add_session ,
10.Nm SSL_CTX_remove_session ,
11.Nm SSL_remove_session
12.Nd manipulate session cache
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft int
16.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
17.Ft int
18.Fn SSL_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
19.Ft int
20.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
21.Ft int
22.Fn SSL_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
23.Sh DESCRIPTION
24.Fn SSL_CTX_add_session
25adds the session
26.Fa c
27to the context
28.Fa ctx .
29The reference count for session
30.Fa c
31is incremented by 1.
32If a session with the same session id already exists,
33the old session is removed by calling
34.Xr SSL_SESSION_free 3 .
35.Pp
36.Fn SSL_CTX_remove_session
37removes the session
38.Fa c
39from the context
40.Fa ctx .
41.Xr SSL_SESSION_free 3
42is called once for
43.Fa c .
44.Pp
45.Fn SSL_add_session
46and
47.Fn SSL_remove_session
48are synonyms for their
49.Fn SSL_CTX_*
50counterparts.
51.Sh NOTES
52When adding a new session to the internal session cache, it is examined
53whether a session with the same session id already exists.
54In this case it is assumed that both sessions are identical.
55If the same session is stored in a different
56.Vt SSL_SESSION
57object, the old session is removed and replaced by the new session.
58If the session is actually identical (the
59.Vt SSL_SESSION
60object is identical),
61.Fn SSL_CTX_add_session
62is a no-op, and the return value is 0.
63.Pp
64If a server
65.Vt SSL_CTX
66is configured with the
67.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
68flag then the internal cache will not be populated automatically by new
69sessions negotiated by the SSL/TLS implementation, even though the internal
70cache will be searched automatically for session-resume requests (the
71latter can be suppressed by
72.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ) .
73So the application can use
74.Fn SSL_CTX_add_session
75directly to have full control over the sessions that can be resumed if desired.
76.Sh RETURN VALUES
77The following values are returned by all functions:
78.Bl -tag -width Ds
79.It 0
80The operation failed.
81In case of the add operation, it was tried to add the same (identical) session
82twice.
83In case of the remove operation, the session was not found in the cache.
84.It 1
85The operation succeeded.
86.El
87.Sh SEE ALSO
88.Xr ssl 3 ,
89.Xr SSL_CTX_set_session_cache_mode 3 ,
90.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/SSL_CTX_ctrl.3 b/src/lib/libssl/doc/SSL_CTX_ctrl.3
deleted file mode 100644
index a016845585..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_ctrl.3
+++ /dev/null
@@ -1,49 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_ctrl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_CTRL 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_ctrl ,
9.Nm SSL_CTX_callback_ctrl ,
10.Nm SSL_ctrl ,
11.Nm SSL_callback_ctrl
12.Nd internal handling functions for SSL_CTX and SSL objects
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft long
16.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "void *parg"
17.Ft long
18.Fn SSL_CTX_callback_ctrl "SSL_CTX *" "int cmd" "void (*fp)()"
19.Ft long
20.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "void *parg"
21.Ft long
22.Fn SSL_callback_ctrl "SSL *" "int cmd" "void (*fp)()"
23.Sh DESCRIPTION
24The
25.Fn SSL_*_ctrl
26family of functions is used to manipulate settings of
27the
28.Vt SSL_CTX
29and
30.Vt SSL
31objects.
32Depending on the command
33.Fa cmd
34the arguments
35.Fa larg ,
36.Fa parg ,
37or
38.Fa fp
39are evaluated.
40These functions should never be called directly.
41All functionalities needed are made available via other functions or macros.
42.Sh RETURN VALUES
43The return values of the
44.Fn SSL*_ctrl
45functions depend on the command supplied via the
46.Fn cmd
47parameter.
48.Sh SEE ALSO
49.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_flush_sessions.3 b/src/lib/libssl/doc/SSL_CTX_flush_sessions.3
deleted file mode 100644
index 9d3c52cdd5..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_flush_sessions.3
+++ /dev/null
@@ -1,57 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_flush_sessions.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_FLUSH_SESSIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_flush_sessions ,
9.Nm SSL_flush_sessions
10.Nd remove expired sessions
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_CTX_flush_sessions "SSL_CTX *ctx" "long tm"
15.Ft void
16.Fn SSL_flush_sessions "SSL_CTX *ctx" "long tm"
17.Sh DESCRIPTION
18.Fn SSL_CTX_flush_sessions
19causes a run through the session cache of
20.Fa ctx
21to remove sessions expired at time
22.Fa tm .
23.Pp
24.Fn SSL_flush_sessions
25is a synonym for
26.Fn SSL_CTX_flush_sessions .
27.Sh NOTES
28If enabled, the internal session cache will collect all sessions established
29up to the specified maximum number (see
30.Fn SSL_CTX_sess_set_cache_size ) .
31As sessions will not be reused ones they are expired, they should be
32removed from the cache to save resources.
33This can either be done automatically whenever 255 new sessions were
34established (see
35.Xr SSL_CTX_set_session_cache_mode 3 )
36or manually by calling
37.Fn SSL_CTX_flush_sessions .
38.Pp
39The parameter
40.Fa tm
41specifies the time which should be used for the
42expiration test, in most cases the actual time given by
43.Fn time 0
44will be used.
45.Pp
46.Fn SSL_CTX_flush_sessions
47will only check sessions stored in the internal cache.
48When a session is found and removed, the
49.Va remove_session_cb
50is however called to synchronize with the external cache (see
51.Xr SSL_CTX_sess_set_get_cb 3 ) .
52.Sh RETURN VALUES
53.Sh SEE ALSO
54.Xr ssl 3 ,
55.Xr SSL_CTX_sess_set_get_cb 3 ,
56.Xr SSL_CTX_set_session_cache_mode 3 ,
57.Xr SSL_CTX_set_timeout 3
diff --git a/src/lib/libssl/doc/SSL_CTX_free.3 b/src/lib/libssl/doc/SSL_CTX_free.3
deleted file mode 100644
index 84f5eb57ee..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_free.3
+++ /dev/null
@@ -1,53 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_free.3,v 1.3 2015/12/30 18:45:02 millert Exp $
3.\"
4.Dd $Mdocdate: December 30 2015 $
5.Dt SSL_CTX_FREE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_free
9.Nd free an allocated SSL_CTX object
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_CTX_free "SSL_CTX *ctx"
14.Sh DESCRIPTION
15.Fn SSL_CTX_free
16decrements the reference count of
17.Fa ctx ,
18and removes the
19.Vt SSL_CTX
20object pointed to by
21.Fa ctx
22and frees up the allocated memory if the reference count has reached 0.
23If
24.Fa ctx
25is a
26.Dv NULL
27pointer, no action occurs.
28.Pp
29It also calls the
30.Xr free 3 Ns ing
31procedures for indirectly affected items, if applicable:
32the session cache, the list of ciphers, the list of Client CAs,
33the certificates and keys.
34.Sh WARNINGS
35If a session-remove callback is set
36.Pq Xr SSL_CTX_sess_set_remove_cb 3 ,
37this callback will be called for each session being freed from
38.Fa ctx Ns 's
39session cache.
40This implies that all corresponding sessions from an external session cache are
41removed as well.
42If this is not desired, the user should explicitly unset the callback by
43calling
44.Fn SSL_CTX_sess_set_remove_cb ctx NULL
45prior to calling
46.Fn SSL_CTX_free .
47.Sh RETURN VALUES
48.Fn SSL_CTX_free
49does not provide diagnostic information.
50.Sh SEE ALSO
51.Xr ssl 3 ,
52.Xr SSL_CTX_new 3 ,
53.Xr SSL_CTX_sess_set_get_cb 3
diff --git a/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3
deleted file mode 100644
index 18e41dd7d2..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3
+++ /dev/null
@@ -1,70 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.3 2015/09/14 15:51:20 schwarze Exp $
3.\"
4.Dd $Mdocdate: September 14 2015 $
5.Dt SSL_CTX_GET_EX_NEW_INDEX 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_get_ex_new_index ,
9.Nm SSL_CTX_set_ex_data ,
10.Nm SSL_CTX_get_ex_data
11.Nd internal application specific data functions
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fo SSL_CTX_get_ex_new_index
16.Fa "long argl"
17.Fa "void *argp"
18.Fa "CRYPTO_EX_new *new_func"
19.Fa "CRYPTO_EX_dup *dup_func"
20.Fa "CRYPTO_EX_free *free_func"
21.Fc
22.Ft int
23.Fn SSL_CTX_set_ex_data "SSL_CTX *ctx" "int idx" "void *arg"
24.Ft void *
25.Fn SSL_CTX_get_ex_data "const SSL_CTX *ctx" "int idx"
26.Bd -literal
27 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
28 int idx, long argl, void *argp);
29 typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
30 int idx, long argl, void *argp);
31 typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
32 int idx, long argl, void *argp);
33.Ed
34.Sh DESCRIPTION
35Several OpenSSL structures can have application specific data attached to them.
36These functions are used internally by OpenSSL to manipulate application
37specific data attached to a specific structure.
38.Pp
39.Fn SSL_CTX_get_ex_new_index
40is used to register a new index for application specific data.
41.Pp
42.Fn SSL_CTX_set_ex_data
43is used to store application data at
44.Fa arg
45for
46.Fa idx
47into the
48.Fa ctx
49object.
50.Pp
51.Fn SSL_CTX_get_ex_data
52is used to retrieve the information for
53.Fa idx
54from
55.Fa ctx .
56.Pp
57A detailed description for the
58.Fn *_get_ex_new_index
59functionality can be found in
60.Xr RSA_get_ex_new_index 3 .
61The
62.Fn *_get_ex_data
63and
64.Fn *_set_ex_data
65functionality is described in
66.Xr CRYPTO_set_ex_data 3 .
67.Sh SEE ALSO
68.Xr CRYPTO_set_ex_data 3 ,
69.Xr RSA_get_ex_new_index 3 ,
70.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3 b/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3
deleted file mode 100644
index 12e21db6a3..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3
+++ /dev/null
@@ -1,73 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_get_verify_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_GET_VERIFY_MODE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_get_verify_mode ,
9.Nm SSL_get_verify_mode ,
10.Nm SSL_CTX_get_verify_depth ,
11.Nm SSL_get_verify_depth ,
12.Nm SSL_get_verify_callback ,
13.Nm SSL_CTX_get_verify_callback
14.Nd get currently set verification parameters
15.Sh SYNOPSIS
16.In openssl/ssl.h
17.Ft int
18.Fn SSL_CTX_get_verify_mode "const SSL_CTX *ctx"
19.Ft int
20.Fn SSL_get_verify_mode "const SSL *ssl"
21.Ft int
22.Fn SSL_CTX_get_verify_depth "const SSL_CTX *ctx"
23.Ft int
24.Fn SSL_get_verify_depth "const SSL *ssl"
25.Ft int
26.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
27.Fa int "X509_STORE_CTX *"
28.Fc
29.Ft int
30.Fo "(*SSL_get_verify_callback(const SSL *ssl))"
31.Fa int "X509_STORE_CTX *"
32.Fc
33.Sh DESCRIPTION
34.Fn SSL_CTX_get_verify_mode
35returns the verification mode currently set in
36.Fa ctx .
37.Pp
38.Fn SSL_get_verify_mode
39returns the verification mode currently set in
40.Fa ssl .
41.Pp
42.Fn SSL_CTX_get_verify_depth
43returns the verification depth limit currently set
44in
45.Fa ctx .
46If no limit has been explicitly set,
47\(mi1 is returned and the default value will be used.
48.Pp
49.Fn SSL_get_verify_depth
50returns the verification depth limit currently set in
51.Fa ssl .
52If no limit has been explicitly set,
53\(mi1 is returned and the default value will be used.
54.Pp
55.Fn SSL_CTX_get_verify_callback
56returns a function pointer to the verification callback currently set in
57.Fa ctx .
58If no callback was explicitly set, the
59.Dv NULL
60pointer is returned and the default callback will be used.
61.Pp
62.Fn SSL_get_verify_callback
63returns a function pointer to the verification callback currently set in
64.Fa ssl .
65If no callback was explicitly set, the
66.Dv NULL
67pointer is returned and the default callback will be used.
68.Sh RETURN VALUES
69See
70.Sx DESCRIPTION
71.Sh SEE ALSO
72.Xr ssl 3 ,
73.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3 b/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3
deleted file mode 100644
index 09884db5da..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3
+++ /dev/null
@@ -1,161 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_load_verify_locations.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_load_verify_locations
9.Nd set default locations for trusted CA certificates
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fo SSL_CTX_load_verify_locations
14.Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath"
15.Fc
16.Sh DESCRIPTION
17.Fn SSL_CTX_load_verify_locations
18specifies the locations for
19.Fa ctx ,
20at which CA certificates for verification purposes are located.
21The certificates available via
22.Fa CAfile
23and
24.Fa CApath
25are trusted.
26.Sh NOTES
27If
28.Fa CAfile
29is not
30.Dv NULL ,
31it points to a file of CA certificates in PEM format.
32The file can contain several CA certificates identified by sequences of:
33.Bd -literal
34 -----BEGIN CERTIFICATE-----
35 ... (CA certificate in base64 encoding) ...
36 -----END CERTIFICATE-----
37.Ed
38Before, between, and after the certificates arbitrary text is allowed which can
39be used, e.g., for descriptions of the certificates.
40.Pp
41The
42.Fa CAfile
43is processed on execution of the
44.Fn SSL_CTX_load_verify_locations
45function.
46.Pp
47If
48.Fa CApath
49is not NULL, it points to a directory containing CA certificates in PEM format.
50The files each contain one CA certificate.
51The files are looked up by the CA subject name hash value,
52which must hence be available.
53If more than one CA certificate with the same name hash value exist,
54the extension must be different (e.g.,
55.Pa 9d66eef0.0 ,
56.Pa 9d66eef0.1 ,
57etc.).
58The search is performed in the ordering of the extension number,
59regardless of other properties of the certificates.
60.Pp
61The certificates in
62.Fa CApath
63are only looked up when required, e.g., when building the certificate chain or
64when actually performing the verification of a peer certificate.
65.Pp
66When looking up CA certificates, the OpenSSL library will first search the
67certificates in
68.Fa CAfile ,
69then those in
70.Fa CApath .
71Certificate matching is done based on the subject name, the key identifier (if
72present), and the serial number as taken from the certificate to be verified.
73If these data do not match, the next certificate will be tried.
74If a first certificate matching the parameters is found,
75the verification process will be performed;
76no other certificates for the same parameters will be searched in case of
77failure.
78.Pp
79In server mode, when requesting a client certificate, the server must send
80the list of CAs of which it will accept client certificates.
81This list is not influenced by the contents of
82.Fa CAfile
83or
84.Fa CApath
85and must explicitly be set using the
86.Xr SSL_CTX_set_client_CA_list 3
87family of functions.
88.Pp
89When building its own certificate chain, an OpenSSL client/server will try to
90fill in missing certificates from
91.Fa CAfile Ns / Fa CApath ,
92if the
93certificate chain was not explicitly specified (see
94.Xr SSL_CTX_add_extra_chain_cert 3
95and
96.Xr SSL_CTX_use_certificate 3 ) .
97.Sh WARNINGS
98If several CA certificates matching the name, key identifier, and serial
99number condition are available, only the first one will be examined.
100This may lead to unexpected results if the same CA certificate is available
101with different expiration dates.
102If a
103.Dq certificate expired
104verification error occurs, no other certificate will be searched.
105Make sure to not have expired certificates mixed with valid ones.
106.Sh RETURN VALUES
107The following return values can occur:
108.Bl -tag -width Ds
109.It 0
110The operation failed because
111.Fa CAfile
112and
113.Fa CApath
114are
115.Dv NULL
116or the processing at one of the locations specified failed.
117Check the error stack to find out the reason.
118.It 1
119The operation succeeded.
120.El
121.Sh EXAMPLES
122Generate a CA certificate file with descriptive text from the CA certificates
123.Pa ca1.pem
124.Pa ca2.pem
125.Pa ca3.pem :
126.Bd -literal
127#!/bin/sh
128rm CAfile.pem
129for i in ca1.pem ca2.pem ca3.pem; do
130 openssl x509 -in $i -text >> CAfile.pem
131done
132.Ed
133.Pp
134Prepare the directory /some/where/certs containing several CA certificates
135for use as
136.Fa CApath :
137.Bd -literal
138$ cd /some/where/certs
139$ rm -f *.[0-9]* *.r[0-9]*
140$ for c in *.pem; do
141> [ "$c" = "*.pem" ] && continue
142> hash=$(openssl x509 -noout -hash -in "$c")
143> if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then
144> suf=0
145> while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done
146> ln -s "$c" $hash.$suf
147> fi
148> if egrep -q -- '-BEGIN X509 CRL-' "$c"; then
149> suf=0
150> while [ -e $hash.r$suf ]; do suf=$(( $suf + 1 )); done
151> ln -s "$c" $hash.r$suf
152> fi
153> done
154.Ed
155.Sh SEE ALSO
156.Xr ssl 3 ,
157.Xr SSL_CTX_add_extra_chain_cert 3 ,
158.Xr SSL_CTX_set_cert_store 3 ,
159.Xr SSL_CTX_set_client_CA_list 3 ,
160.Xr SSL_CTX_use_certificate 3 ,
161.Xr SSL_get_client_CA_list 3
diff --git a/src/lib/libssl/doc/SSL_CTX_new.3 b/src/lib/libssl/doc/SSL_CTX_new.3
deleted file mode 100644
index d2c2b03452..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_new.3
+++ /dev/null
@@ -1,111 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_new.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_NEW 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_new ,
9.Nm SSLv3_method ,
10.Nm SSLv3_server_method ,
11.Nm SSLv3_client_method ,
12.Nm TLSv1_method ,
13.Nm TLSv1_server_method ,
14.Nm TLSv1_client_method ,
15.Nm TLSv1_1_method ,
16.Nm TLSv1_1_server_method ,
17.Nm TLSv1_1_client_method ,
18.Nm SSLv23_method ,
19.Nm SSLv23_server_method ,
20.Nm SSLv23_client_method
21.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions
22.Sh SYNOPSIS
23.In openssl/ssl.h
24.Ft SSL_CTX *
25.Fn SSL_CTX_new "const SSL_METHOD *method"
26.Sh DESCRIPTION
27.Fn SSL_CTX_new
28creates a new
29.Vt SSL_CTX
30object as framework to establish TLS/SSL enabled connections.
31.Sh NOTES
32The
33.Vt SSL_CTX
34object uses
35.Fa method
36as its connection method.
37The methods exist in a generic type (for client and server use),
38a server only type, and a client only type.
39.Fa method
40can be of the following types:
41.Bl -tag -width Ds
42.It Fn SSLv3_method void , Fn SSLv3_server_method void , \
43Fn SSLv3_client_method void
44A TLS/SSL connection established with these methods will only understand the
45SSLv3 protocol.
46A client will send out SSLv3 client hello messages and will indicate that it
47only understands SSLv3.
48A server will only understand SSLv3 client hello messages.
49Importantly, this means that it will not understand SSLv2 client hello messages
50which are widely used for compatibility reasons; see
51.Fn SSLv23_*_method .
52.It Fn TLSv1_method void , Fn TLSv1_server_method void , \
53Fn TLSv1_client_method void
54A TLS/SSL connection established with these methods will only understand the
55TLSv1 protocol.
56A client will send out TLSv1 client hello messages and will indicate that it
57only understands TLSv1.
58A server will only understand TLSv1 client hello messages.
59Importantly, this means that it will not understand SSLv2 client hello messages
60which are widely used for compatibility reasons; see
61.Fn SSLv23_*_method .
62It will also not understand SSLv3 client hello messages.
63.It Fn SSLv23_method void , Fn SSLv23_server_method void , \
64Fn SSLv23_client_method void
65A TLS/SSL connection established with these methods may understand the SSLv3,
66TLSv1, TLSv1.1 and TLSv1.2 protocols.
67.Pp
68A client will send out TLSv1 client hello messages including extensions and
69will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback
70to SSLv3.
71A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
72This is the best choice when compatibility is a concern.
73.El
74.Pp
75The list of protocols available can later be limited using the
76.Dv SSL_OP_NO_SSLv3 ,
77.Dv SSL_OP_NO_TLSv1 ,
78.Dv SSL_OP_NO_TLSv1_1 ,
79and
80.Dv SSL_OP_NO_TLSv1_2
81options of the
82.Fn SSL_CTX_set_options
83or
84.Fn SSL_set_options
85functions.
86Using these options it is possible to choose, for example,
87.Fn SSLv23_server_method
88and be able to negotiate with all possible clients,
89but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2.
90.Pp
91.Fn SSL_CTX_new
92initializes the list of ciphers, the session cache setting, the callbacks,
93the keys and certificates, and the options to its default values.
94.Sh RETURN VALUES
95The following return values can occur:
96.Bl -tag -width Ds
97.It Dv NULL
98The creation of a new
99.Vt SSL_CTX
100object failed.
101Check the error stack to find out the reason.
102.It Pointer to an SSL_CTX object
103The return value points to an allocated
104.Vt SSL_CTX
105object.
106.El
107.Sh SEE ALSO
108.Xr ssl 3 ,
109.Xr SSL_accept 3 ,
110.Xr SSL_CTX_free 3 ,
111.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_number.3 b/src/lib/libssl/doc/SSL_CTX_sess_number.3
deleted file mode 100644
index f3af4eab07..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sess_number.3
+++ /dev/null
@@ -1,104 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sess_number.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SESS_NUMBER 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sess_number ,
9.Nm SSL_CTX_sess_connect ,
10.Nm SSL_CTX_sess_connect_good ,
11.Nm SSL_CTX_sess_connect_renegotiate ,
12.Nm SSL_CTX_sess_accept ,
13.Nm SSL_CTX_sess_accept_good ,
14.Nm SSL_CTX_sess_accept_renegotiate ,
15.Nm SSL_CTX_sess_hits ,
16.Nm SSL_CTX_sess_cb_hits ,
17.Nm SSL_CTX_sess_misses ,
18.Nm SSL_CTX_sess_timeouts ,
19.Nm SSL_CTX_sess_cache_full
20.Nd obtain session cache statistics
21.Sh SYNOPSIS
22.In openssl/ssl.h
23.Ft long
24.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
25.Ft long
26.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
27.Ft long
28.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
29.Ft long
30.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
31.Ft long
32.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
33.Ft long
34.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
35.Ft long
36.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
37.Ft long
38.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
39.Ft long
40.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
41.Ft long
42.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
43.Ft long
44.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
45.Ft long
46.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
47.Sh DESCRIPTION
48.Fn SSL_CTX_sess_number
49returns the current number of sessions in the internal session cache.
50.Pp
51.Fn SSL_CTX_sess_connect
52returns the number of started SSL/TLS handshakes in client mode.
53.Pp
54.Fn SSL_CTX_sess_connect_good
55returns the number of successfully established SSL/TLS sessions in client mode.
56.Pp
57.Fn SSL_CTX_sess_connect_renegotiate
58returns the number of start renegotiations in client mode.
59.Pp
60.Fn SSL_CTX_sess_accept
61returns the number of started SSL/TLS handshakes in server mode.
62.Pp
63.Fn SSL_CTX_sess_accept_good
64returns the number of successfully established SSL/TLS sessions in server mode.
65.Pp
66.Fn SSL_CTX_sess_accept_renegotiate
67returns the number of start renegotiations in server mode.
68.Pp
69.Fn SSL_CTX_sess_hits
70returns the number of successfully reused sessions.
71In client mode a session set with
72.Xr SSL_set_session 3
73successfully reused is counted as a hit.
74In server mode a session successfully retrieved from internal or external cache
75is counted as a hit.
76.Pp
77.Fn SSL_CTX_sess_cb_hits
78returns the number of successfully retrieved sessions from the external session
79cache in server mode.
80.Pp
81.Fn SSL_CTX_sess_misses
82returns the number of sessions proposed by clients that were not found in the
83internal session cache in server mode.
84.Pp
85.Fn SSL_CTX_sess_timeouts
86returns the number of sessions proposed by clients and either found in the
87internal or external session cache in server mode,
88but that were invalid due to timeout.
89These sessions are not included in the
90.Fn SSL_CTX_sess_hits
91count.
92.Pp
93.Fn SSL_CTX_sess_cache_full
94returns the number of sessions that were removed because the maximum session
95cache size was exceeded.
96.Sh RETURN VALUES
97The functions return the values indicated in the
98.Sx DESCRIPTION
99section.
100.Sh SEE ALSO
101.Xr ssl 3 ,
102.Xr SSL_CTX_sess_set_cache_size 3 ,
103.Xr SSL_CTX_set_session_cache_mode 3 ,
104.Xr SSL_set_session 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3
deleted file mode 100644
index 89d02dd32b..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3
+++ /dev/null
@@ -1,55 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sess_set_cache_size.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SESS_SET_CACHE_SIZE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sess_set_cache_size ,
9.Nm SSL_CTX_sess_get_cache_size
10.Nd manipulate session cache size
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft long
14.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
15.Ft long
16.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_sess_set_cache_size
19sets the size of the internal session cache of context
20.Fa ctx
21to
22.Fa t .
23.Pp
24.Fn SSL_CTX_sess_get_cache_size
25returns the currently valid session cache size.
26.Sh NOTES
27The internal session cache size is
28.Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT ,
29currently 1024\(mu20, so that up to 20000 sessions can be held.
30This size can be modified using the
31.Fn SSL_CTX_sess_set_cache_size
32call.
33A special case is the size 0, which is used for unlimited size.
34.Pp
35When the maximum number of sessions is reached,
36no more new sessions are added to the cache.
37New space may be added by calling
38.Xr SSL_CTX_flush_sessions 3
39to remove expired sessions.
40.Pp
41If the size of the session cache is reduced and more sessions are already in
42the session cache,
43old session will be removed the next time a session shall be added.
44This removal is not synchronized with the expiration of sessions.
45.Sh RETURN VALUES
46.Fn SSL_CTX_sess_set_cache_size
47returns the previously valid size.
48.Pp
49.Fn SSL_CTX_sess_get_cache_size
50returns the currently valid size.
51.Sh SEE ALSO
52.Xr ssl 3 ,
53.Xr SSL_CTX_flush_sessions 3 ,
54.Xr SSL_CTX_sess_number 3 ,
55.Xr SSL_CTX_set_session_cache_mode 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3
deleted file mode 100644
index 7a372138c1..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3
+++ /dev/null
@@ -1,159 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SESS_SET_GET_CB 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sess_set_new_cb ,
9.Nm SSL_CTX_sess_set_remove_cb ,
10.Nm SSL_CTX_sess_set_get_cb ,
11.Nm SSL_CTX_sess_get_new_cb ,
12.Nm SSL_CTX_sess_get_remove_cb ,
13.Nm SSL_CTX_sess_get_get_cb
14.Nd provide callback functions for server side external session caching
15.Sh SYNOPSIS
16.In openssl/ssl.h
17.Ft void
18.Fo SSL_CTX_sess_set_new_cb
19.Fa "SSL_CTX *ctx"
20.Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)"
21.Fc
22.Ft void
23.Fo SSL_CTX_sess_set_remove_cb
24.Fa "SSL_CTX *ctx"
25.Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)"
26.Fc
27.Ft void
28.Fo SSL_CTX_sess_set_get_cb
29.Fa "SSL_CTX *ctx"
30.Fa "SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)"
31.Fc
32.Ft int
33.Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))"
34.Fa "struct ssl_st *ssl"
35.Fa "SSL_SESSION *sess"
36.Fc
37.Ft void
38.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
39.Fa "struct ssl_ctx_st *ctx"
40.Fa "SSL_SESSION *sess"
41.Fc
42.Ft SSL_SESSION *
43.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
44.Fa "struct ssl_st *ssl"
45.Fa "unsigned char *data"
46.Fa "int len"
47.Fa "int *copy"
48.Fc
49.Ft int
50.Fo "(*new_session_cb)"
51.Fa "struct ssl_st *ssl"
52.Fa "SSL_SESSION *sess"
53.Fc
54.Ft void
55.Fo "(*remove_session_cb)"
56.Fa "struct ssl_ctx_st *ctx"
57.Fa "SSL_SESSION *sess"
58.Fc
59.Ft SSL_SESSION *
60.Fo "(*get_session_cb)"
61.Fa "struct ssl_st *ssl"
62.Fa "unsigned char *data"
63.Fa "int len"
64.Fa "int *copy"
65.Fc
66.Sh DESCRIPTION
67.Fn SSL_CTX_sess_set_new_cb
68sets the callback function which is automatically called whenever a new session
69was negotiated.
70.Pp
71.Fn SSL_CTX_sess_set_remove_cb
72sets the callback function which is automatically called whenever a session is
73removed by the SSL engine (because it is considered faulty or the session has
74become obsolete because of exceeding the timeout value).
75.Pp
76.Fn SSL_CTX_sess_set_get_cb
77sets the callback function which is called whenever a SSL/TLS client proposes
78to resume a session but the session cannot be found in the internal session
79cache (see
80.Xr SSL_CTX_set_session_cache_mode 3 ) .
81(SSL/TLS server only.)
82.Pp
83.Fn SSL_CTX_sess_get_new_cb ,
84.Fn SSL_CTX_sess_get_remove_cb ,
85and
86.Fn SSL_CTX_sess_get_get_cb
87retrieve the function pointers of the provided callback functions.
88If a callback function has not been set, the
89.Dv NULL
90pointer is returned.
91.Sh NOTES
92In order to allow external session caching, synchronization with the internal
93session cache is realized via callback functions.
94Inside these callback functions, session can be saved to disk or put into a
95database using the
96.Xr d2i_SSL_SESSION 3
97interface.
98.Pp
99The
100.Fn new_session_cb
101function is called whenever a new session has been negotiated and session
102caching is enabled (see
103.Xr SSL_CTX_set_session_cache_mode 3 ) .
104The
105.Fn new_session_cb
106is passed the
107.Fa ssl
108connection and the ssl session
109.Fa sess .
110If the callback returns 0, the session will be immediately removed again.
111.Pp
112The
113.Fn remove_session_cb
114is called whenever the SSL engine removes a session from the internal cache.
115This happens when the session is removed because it is expired or when a
116connection was not shut down cleanly.
117It also happens for all sessions in the internal session cache when
118.Xr SSL_CTX_free 3
119is called.
120The
121.Fn remove_session_cb
122function is passed the
123.Fa ctx
124and the
125.Vt ssl
126session
127.Fa sess .
128It does not provide any feedback.
129.Pp
130The
131.Fn get_session_cb
132function is only called on SSL/TLS servers with the session id proposed by the
133client.
134The
135.Fn get_session_cb
136function is always called, also when session caching was disabled.
137The
138.Fn get_session_cb
139is passed the
140.Fa ssl
141connection, the session id of length
142.Fa length
143at the memory location
144.Fa data .
145With the parameter
146.Fa copy
147the callback can require the SSL engine to increment the reference count of the
148.Vt SSL_SESSION
149object,
150Normally the reference count is not incremented and therefore the session must
151not be explicitly freed with
152.Xr SSL_SESSION_free 3 .
153.Sh SEE ALSO
154.Xr d2i_SSL_SESSION 3 ,
155.Xr ssl 3 ,
156.Xr SSL_CTX_flush_sessions 3 ,
157.Xr SSL_CTX_free 3 ,
158.Xr SSL_CTX_set_session_cache_mode 3 ,
159.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sessions.3 b/src/lib/libssl/doc/SSL_CTX_sessions.3
deleted file mode 100644
index 23d9edb6e2..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sessions.3
+++ /dev/null
@@ -1,35 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sessions.3,v 1.3 2015/11/15 22:02:10 jmc Exp $
3.\"
4.Dd $Mdocdate: November 15 2015 $
5.Dt SSL_CTX_SESSIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sessions
9.Nd access internal session cache
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft struct lhash_st *
13.Fn SSL_CTX_sessions "SSL_CTX *ctx"
14.Sh DESCRIPTION
15.Fn SSL_CTX_sessions
16returns a pointer to the lhash databases containing the internal session cache
17for
18.Fa ctx .
19.Sh NOTES
20The sessions in the internal session cache are kept in an
21lhash-type database
22(see
23.Xr lh_new 3 ) .
24It is possible to directly access this database, e.g., for searching.
25In parallel,
26the sessions form a linked list which is maintained separately from the
27lhash operations,
28so that the database must not be modified directly but by using the
29.Xr SSL_CTX_add_session 3
30family of functions.
31.Sh SEE ALSO
32.Xr lh_new 3 ,
33.Xr ssl 3 ,
34.Xr SSL_CTX_add_session 3 ,
35.Xr SSL_CTX_set_session_cache_mode 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_store.3
deleted file mode 100644
index 8ef3c5561e..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3
+++ /dev/null
@@ -1,80 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CERT_STORE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_cert_store ,
9.Nm SSL_CTX_get_cert_store
10.Nd manipulate X509 certificate verification storage
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
15.Ft X509_STORE *
16.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_cert_store
19setsthe verification storage of
20.Fa ctx
21to or replaces it with
22.Fa store .
23If another
24.Vt X509_STORE
25object is currently set in
26.Fa ctx ,
27it will be
28.Xr X509_STORE_free 3 Ns ed.
29.Pp
30.Fn SSL_CTX_get_cert_store
31returns a pointer to the current certificate verification storage.
32.Sh NOTES
33In order to verify the certificates presented by the peer, trusted CA
34certificates must be accessed.
35These CA certificates are made available via lookup methods, handled inside the
36.Vt X509_STORE .
37From the
38.Vt X509_STORE
39the
40.Vt X509_STORE_CTX
41used when verifying certificates is created.
42.Pp
43Typically the trusted certificate store is handled indirectly via using
44.Xr SSL_CTX_load_verify_locations 3 .
45Using the
46.Fn SSL_CTX_set_cert_store
47and
48.Fn SSL_CTX_get_cert_store
49functions it is possible to manipulate the
50.Vt X509_STORE
51object beyond the
52.Xr SSL_CTX_load_verify_locations 3
53call.
54.Pp
55Currently no detailed documentation on how to use the
56.Vt X509_STORE
57object is available.
58Not all members of the
59.Vt X509_STORE
60are used when the verification takes place.
61So will, for example, the
62.Fn verify_callback
63be overridden with the
64.Fn verify_callback
65set via the
66.Xr SSL_CTX_set_verify 3
67family of functions.
68This document must therefore be updated when documentation about the
69.Vt X509_STORE
70object and its handling becomes available.
71.Sh RETURN VALUES
72.Fn SSL_CTX_set_cert_store
73does not return diagnostic output.
74.Pp
75.Fn SSL_CTX_get_cert_store
76returns the current setting.
77.Sh SEE ALSO
78.Xr ssl 3 ,
79.Xr SSL_CTX_load_verify_locations 3 ,
80.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3
deleted file mode 100644
index bb242d6929..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3
+++ /dev/null
@@ -1,112 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_cert_verify_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_cert_verify_callback
9.Nd set peer certificate verification procedure
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fo SSL_CTX_set_cert_verify_callback
14.Fa "SSL_CTX *ctx"
15.Fa "int (*callback)(X509_STORE_CTX *, void *)"
16.Fa "void *arg"
17.Fc
18.Sh DESCRIPTION
19.Fn SSL_CTX_set_cert_verify_callback
20sets the verification callback function for
21.Fa ctx .
22.Vt SSL
23objects that are created from
24.Fa ctx
25inherit the setting valid at the time when
26.Xr SSL_new 3
27is called.
28.Sh NOTES
29Whenever a certificate is verified during a SSL/TLS handshake,
30a verification function is called.
31If the application does not explicitly specify a verification callback
32function, the built-in verification function is used.
33If a verification callback
34.Fa callback
35is specified via
36.Fn SSL_CTX_set_cert_verify_callback ,
37the supplied callback function is called instead.
38By setting
39.Fa callback
40to
41.Dv NULL ,
42the default behaviour is restored.
43.Pp
44When the verification must be performed,
45.Fa callback
46will be called with the arguments
47.Fn callback "X509_STORE_CTX *x509_store_ctx" "void *arg" .
48The argument
49.Fa arg
50is specified by the application when setting
51.Fa callback .
52.Pp
53.Fa callback
54should return 1 to indicate verification success and 0 to indicate verification
55failure.
56If
57.Dv SSL_VERIFY_PEER
58is set and
59.Fa callback
60returns 0, the handshake will fail.
61As the verification procedure may allow the connection to continue in case of
62failure (by always returning 1) the verification result must be set in any case
63using the
64.Fa error
65member of
66.Fa x509_store_ctx
67so that the calling application will be informed about the detailed result of
68the verification procedure!
69.Pp
70Within
71.Fa x509_store_ctx ,
72.Fa callback
73has access to the
74.Fa verify_callback
75function set using
76.Xr SSL_CTX_set_verify 3 .
77.Sh WARNINGS
78Do not mix the verification callback described in this function with the
79.Fa verify_callback
80function called during the verification process.
81The latter is set using the
82.Xr SSL_CTX_set_verify 3
83family of functions.
84.Pp
85Providing a complete verification procedure including certificate purpose
86settings, etc., is a complex task.
87The built-in procedure is quite powerful and in most cases it should be
88sufficient to modify its behaviour using the
89.Fa verify_callback
90function.
91.Sh RETURN VALUES
92.Fn SSL_CTX_set_cert_verify_callback
93does not provide diagnostic information.
94.Sh SEE ALSO
95.Xr ssl 3 ,
96.Xr SSL_CTX_load_verify_locations 3 ,
97.Xr SSL_CTX_set_verify 3 ,
98.Xr SSL_get_verify_result 3
99.Sh HISTORY
100Previous to OpenSSL 0.9.7, the
101.Fa arg
102argument to
103.Fn SSL_CTX_set_cert_verify_callback
104was ignored, and
105.Fa callback
106was called
107simply as
108.Ft int
109.Fn (*callback) "X509_STORE_CTX *" .
110To compile software written for previous versions of OpenSSL,
111a dummy argument will have to be added to
112.Fa callback .
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3
deleted file mode 100644
index e7ce24fb34..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3
+++ /dev/null
@@ -1,82 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CIPHER_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_cipher_list ,
9.Nm SSL_set_cipher_list
10.Nd choose list of available SSL_CIPHERs
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft int
14.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "const char *str"
15.Ft int
16.Fn SSL_set_cipher_list "SSL *ssl" "const char *str"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_cipher_list
19sets the list of available ciphers for
20.Fa ctx
21using the control string
22.Fa str .
23The format of the string is described
24in
25.Xr openssl 1 .
26The list of ciphers is inherited by all
27.Fa ssl
28objects created from
29.Fa ctx .
30.Pp
31.Fn SSL_set_cipher_list
32sets the list of ciphers only for
33.Fa ssl .
34.Sh NOTES
35The control string
36.Fa str
37should be universally usable and not depend on details of the library
38configuration (ciphers compiled in).
39Thus no syntax checking takes place.
40Items that are not recognized, because the corresponding ciphers are not
41compiled in or because they are mistyped, are simply ignored.
42Failure is only flagged if no ciphers could be collected at all.
43.Pp
44It should be noted that inclusion of a cipher to be used into the list is a
45necessary condition.
46On the client side, the inclusion into the list is also sufficient.
47On the server side, additional restrictions apply.
48All ciphers have additional requirements.
49ADH ciphers don't need a certificate, but DH-parameters must have been set.
50All other ciphers need a corresponding certificate and key.
51.Pp
52A RSA cipher can only be chosen when a RSA certificate is available.
53RSA export ciphers with a keylength of 512 bits for the RSA key require a
54temporary 512 bit RSA key, as typically the supplied key has a length of 1024
55bits (see
56.Xr SSL_CTX_set_tmp_rsa_callback 3 ) .
57RSA ciphers using EDH need a certificate and key and additional DH-parameters
58(see
59.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
60.Pp
61A DSA cipher can only be chosen when a DSA certificate is available.
62DSA ciphers always use DH key exchange and therefore need DH-parameters (see
63.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
64.Pp
65When these conditions are not met for any cipher in the list (for example, a
66client only supports export RSA ciphers with an asymmetric key length of 512
67bits and the server is not configured to use temporary RSA keys), the
68.Dq no shared cipher
69.Pq Dv SSL_R_NO_SHARED_CIPHER
70error is generated and the handshake will fail.
71.Sh RETURN VALUES
72.Fn SSL_CTX_set_cipher_list
73and
74.Fn SSL_set_cipher_list
75return 1 if any cipher could be selected and 0 on complete failure.
76.Sh SEE ALSO
77.Xr ciphers 1 ,
78.Xr ssl 3 ,
79.Xr SSL_CTX_set_tmp_dh_callback 3 ,
80.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
81.Xr SSL_CTX_use_certificate 3 ,
82.Xr SSL_get_ciphers 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3
deleted file mode 100644
index 688c4ac023..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3
+++ /dev/null
@@ -1,132 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CLIENT_CA_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_client_CA_list ,
9.Nm SSL_set_client_CA_list ,
10.Nm SSL_CTX_add_client_CA ,
11.Nm SSL_add_client_CA
12.Nd set list of CAs sent to the client when requesting a client certificate
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK_OF(X509_NAME) *list"
17.Ft void
18.Fn SSL_set_client_CA_list "SSL *s" "STACK_OF(X509_NAME) *list"
19.Ft int
20.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *cacert"
21.Ft int
22.Fn SSL_add_client_CA "SSL *ssl" "X509 *cacert"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_client_CA_list
25sets the
26.Fa list
27of CAs sent to the client when requesting a client certificate for
28.Fa ctx .
29.Pp
30.Fn SSL_set_client_CA_list
31sets the
32.Fa list
33of CAs sent to the client when requesting a client certificate for the chosen
34.Fa ssl ,
35overriding the setting valid for
36.Fa ssl Ns 's
37.Vt SSL_CTX
38object.
39.Pp
40.Fn SSL_CTX_add_client_CA
41adds the CA name extracted from
42.Fa cacert
43to the list of CAs sent to the client when requesting a client certificate for
44.Fa ctx .
45.Pp
46.Fn SSL_add_client_CA
47adds the CA name extracted from
48.Fa cacert
49to the list of CAs sent to the client when requesting a client certificate for
50the chosen
51.Fa ssl ,
52overriding the setting valid for
53.Fa ssl Ns 's
54.Va SSL_CTX
55object.
56.Sh NOTES
57When a TLS/SSL server requests a client certificate (see
58.Fn SSL_CTX_set_verify ) ,
59it sends a list of CAs for which it will accept certificates to the client.
60.Pp
61This list must explicitly be set using
62.Fn SSL_CTX_set_client_CA_list
63for
64.Fa ctx
65and
66.Fn SSL_set_client_CA_list
67for the specific
68.Fa ssl .
69The list specified overrides the previous setting.
70The CAs listed do not become trusted
71.Po
72.Fa list
73only contains the names, not the complete certificates
74.Pc ;
75use
76.Xr SSL_CTX_load_verify_locations 3
77to additionally load them for verification.
78.Pp
79If the list of acceptable CAs is compiled in a file, the
80.Xr SSL_load_client_CA_file 3
81function can be used to help importing the necessary data.
82.Pp
83.Fn SSL_CTX_add_client_CA
84and
85.Fn SSL_add_client_CA
86can be used to add additional items the list of client CAs.
87If no list was specified before using
88.Fn SSL_CTX_set_client_CA_list
89or
90.Fn SSL_set_client_CA_list ,
91a new client CA list for
92.Fa ctx
93or
94.Fa ssl
95(as appropriate) is opened.
96.Pp
97These functions are only useful for TLS/SSL servers.
98.Sh RETURN VALUES
99.Fn SSL_CTX_set_client_CA_list
100and
101.Fn SSL_set_client_CA_list
102do not return diagnostic information.
103.Pp
104.Fn SSL_CTX_add_client_CA
105and
106.Fn SSL_add_client_CA
107have the following return values:
108.Bl -tag -width Ds
109.It 0
110A failure while manipulating the
111.Dv STACK_OF Ns
112.Pq Vt X509_NAME
113object occurred or the
114.Vt X509_NAME
115could not be extracted from
116.Fa cacert .
117Check the error stack to find out the reason.
118.It 1
119The operation succeeded.
120.El
121.Sh EXAMPLES
122Scan all certificates in
123.Fa CAfile
124and list them as acceptable CAs:
125.Bd -literal
126SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
127.Ed
128.Sh SEE ALSO
129.Xr ssl 3 ,
130.Xr SSL_CTX_load_verify_locations 3 ,
131.Xr SSL_get_client_CA_list 3 ,
132.Xr SSL_load_client_CA_file 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3
deleted file mode 100644
index 7a7d9466d2..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3
+++ /dev/null
@@ -1,143 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CLIENT_CERT_CB 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_client_cert_cb ,
9.Nm SSL_CTX_get_client_cert_cb
10.Nd handle client certificate callback function
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fo SSL_CTX_set_client_cert_cb
15.Fa "SSL_CTX *ctx"
16.Fa "int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
17.Fc
18.Ft int
19.Fo "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
20.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
21.Fc
22.Ft int
23.Fn "(*client_cert_cb)" "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
24.Sh DESCRIPTION
25.Fn SSL_CTX_set_client_cert_cb
26sets the
27.Fa client_cert_cb()
28callback that is called when a client certificate is requested by a server and
29no certificate was yet set for the SSL object.
30.Pp
31When
32.Fa client_cert_cb
33is
34.Dv NULL ,
35no callback function is used.
36.Pp
37.Fn SSL_CTX_get_client_cert_cb
38returns a pointer to the currently set callback function.
39.Pp
40.Fn client_cert_cb
41is the application-defined callback.
42If it wants to set a certificate,
43a certificate/private key combination must be set using the
44.Fa x509
45and
46.Fa pkey
47arguments and 1 must be returned.
48The certificate will be installed into
49.Fa ssl ;
50see the
51.Sx NOTES
52and
53.Sx BUGS
54sections.
55If no certificate should be set,
560 has to be returned and no certificate will be sent.
57A negative return value will suspend the handshake and the handshake function
58will return immediately.
59.Xr SSL_get_error 3
60will return
61.Dv SSL_ERROR_WANT_X509_LOOKUP
62to indicate that the handshake was suspended.
63The next call to the handshake function will again lead to the call of
64.Fa client_cert_cb() .
65It is the job of the
66.Fa client_cert_cb()
67to store information
68about the state of the last call, if required to continue.
69.Sh NOTES
70During a handshake (or renegotiation)
71a server may request a certificate from the client.
72A client certificate must only be sent when the server did send the request.
73.Pp
74When a certificate has been set using the
75.Xr SSL_CTX_use_certificate 3
76family of functions,
77it will be sent to the server.
78The TLS standard requires that only a certificate is sent if it matches the
79list of acceptable CAs sent by the server.
80This constraint is violated by the default behavior of the OpenSSL library.
81Using the callback function it is possible to implement a proper selection
82routine or to allow a user interaction to choose the certificate to be sent.
83.Pp
84If a callback function is defined and no certificate was yet defined for the
85.Vt SSL
86object, the callback function will be called.
87If the callback function returns a certificate, the OpenSSL library
88will try to load the private key and certificate data into the
89.Vt SSL
90object using the
91.Fn SSL_use_certificate
92and
93.Fn SSL_use_private_key
94functions.
95Thus it will permanently install the certificate and key for this SSL object.
96It will not be reset by calling
97.Xr SSL_clear 3 .
98If the callback returns no certificate, the OpenSSL library will not send a
99certificate.
100.Sh SEE ALSO
101.Xr ssl 3 ,
102.Xr SSL_clear 3 ,
103.Xr SSL_CTX_add_extra_chain_cert 3 ,
104.Xr SSL_CTX_use_certificate 3 ,
105.Xr SSL_free 3 ,
106.Xr SSL_get_client_CA_list 3
107.Sh BUGS
108The
109.Fa client_cert_cb()
110cannot return a complete certificate chain;
111it can only return one client certificate.
112If the chain only has a length of 2,
113the root CA certificate may be omitted according to the TLS standard and
114thus a standard conforming answer can be sent to the server.
115For a longer chain, the client must send the complete chain
116(with the option to leave out the root CA certificate).
117This can be accomplished only by either adding the intermediate CA certificates
118into the trusted certificate store for the
119.Vt SSL_CTX
120object (resulting in having to add CA certificates that otherwise maybe would
121not be trusted), or by adding the chain certificates using the
122.Xr SSL_CTX_add_extra_chain_cert 3
123function, which is only available for the
124.Vt SSL_CTX
125object as a whole and that therefore probably can only apply for one client
126certificate, making the concept of the callback function
127(to allow the choice from several certificates) questionable.
128.Pp
129Once the
130.Vt SSL
131object has been used in conjunction with the callback function,
132the certificate will be set for the
133.Vt SSL
134object and will not be cleared even when
135.Xr SSL_clear 3
136is called.
137It is therefore
138.Em mandatory
139to destroy the
140.Vt SSL
141object using
142.Xr SSL_free 3
143and create a new one to return to the previous state.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3 b/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3
deleted file mode 100644
index ac4d55ae73..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3
+++ /dev/null
@@ -1,95 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_default_passwd_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_default_passwd_cb ,
9.Nm SSL_CTX_set_default_passwd_cb_userdata
10.Nd set passwd callback for encrypted PEM file handling
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
15.Ft void
16.Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *u"
17.Ft int
18.Fn pem_passwd_cb "char *buf" "int size" "int rwflag" "void *userdata"
19.Sh DESCRIPTION
20.Fn SSL_CTX_set_default_passwd_cb
21sets the default password callback called when loading/storing a PEM
22certificate with encryption.
23.Pp
24.Fn SSL_CTX_set_default_passwd_cb_userdata
25sets a pointer to userdata
26.Fa u
27which will be provided to the password callback on invocation.
28.Pp
29The
30.Fn pem_passwd_cb ,
31which must be provided by the application,
32hands back the password to be used during decryption.
33On invocation a pointer to
34.Fa userdata
35is provided.
36The pem_passwd_cb must write the password into the provided buffer
37.Fa buf
38which is of size
39.Fa size .
40The actual length of the password must be returned to the calling function.
41.Fa rwflag
42indicates whether the callback is used for reading/decryption
43.Pq Fa rwflag No = 0
44or writing/encryption
45.Pq Fa rwflag No = 1 .
46.Sh NOTES
47When loading or storing private keys, a password might be supplied to protect
48the private key.
49The way this password can be supplied may depend on the application.
50If only one private key is handled, it can be practical to have
51.Fn pem_passwd_cb
52handle the password dialog interactively.
53If several keys have to be handled, it can be practical to ask for the password
54once, then keep it in memory and use it several times.
55In the last case, the password could be stored into the
56.Fa userdata
57storage and the
58.Fn pem_passwd_cb
59only returns the password already stored.
60.Pp
61When asking for the password interactively,
62.Fn pem_passwd_cb
63can use
64.Fa rwflag
65to check whether an item shall be encrypted
66.Pq Fa rwflag No = 1 .
67In this case the password dialog may ask for the same password twice for
68comparison in order to catch typos which would make decryption impossible.
69.Pp
70Other items in PEM formatting (certificates) can also be encrypted; it is
71however atypical, as certificate information is considered public.
72.Sh RETURN VALUES
73.Fn SSL_CTX_set_default_passwd_cb
74and
75.Fn SSL_CTX_set_default_passwd_cb_userdata
76do not provide diagnostic information.
77.Sh EXAMPLES
78The following example returns the password provided as
79.Fa userdata
80to the calling function.
81The password is considered to be a
82.Sq \e0
83terminated string.
84If the password does not fit into the buffer, the password is truncated.
85.Bd -literal
86int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
87{
88 strncpy(buf, (char *)password, size);
89 buf[size - 1] = '\e0';
90 return strlen(buf);
91}
92.Ed
93.Sh SEE ALSO
94.Xr ssl 3 ,
95.Xr SSL_CTX_use_certificate 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3 b/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3
deleted file mode 100644
index 0bea48904e..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3
+++ /dev/null
@@ -1,196 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_generate_session_id.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_GENERATE_SESSION_ID 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_generate_session_id ,
9.Nm SSL_set_generate_session_id ,
10.Nm SSL_has_matching_session_id
11.Nd manipulate generation of SSL session IDs (server only)
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Bd -literal
15 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
16 unsigned int *id_len);
17.Ed
18.Ft int
19.Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb"
20.Ft int
21.Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB" "cb);"
22.Ft int
23.Fo SSL_has_matching_session_id
24.Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len"
25.Fc
26.Sh DESCRIPTION
27.Fn SSL_CTX_set_generate_session_id
28sets the callback function for generating new session ids for SSL/TLS sessions
29for
30.Fa ctx
31to be
32.Fa cb .
33.Pp
34.Fn SSL_set_generate_session_id
35sets the callback function for generating new session ids for SSL/TLS sessions
36for
37.Fa ssl
38to be
39.Fa cb .
40.Pp
41.Fn SSL_has_matching_session_id
42checks, whether a session with id
43.Fa id
44(of length
45.Fa id_len )
46is already contained in the internal session cache
47of the parent context of
48.Fa ssl .
49.Sh NOTES
50When a new session is established between client and server,
51the server generates a session id.
52The session id is an arbitrary sequence of bytes.
53The length of the session id is 16 bytes for SSLv2 sessions and between 1 and
5432 bytes for SSLv3/TLSv1.
55The session id is not security critical but must be unique for the server.
56Additionally, the session id is transmitted in the clear when reusing the
57session so it must not contain sensitive information.
58.Pp
59Without a callback being set, an OpenSSL server will generate a unique session
60id from pseudo random numbers of the maximum possible length.
61Using the callback function, the session id can be changed to contain
62additional information like, e.g., a host id in order to improve load balancing
63or external caching techniques.
64.Pp
65The callback function receives a pointer to the memory location to put
66.Fa id
67into and a pointer to the maximum allowed length
68.Fa id_len .
69The buffer at location
70.Fa id
71is only guaranteed to have the size
72.Fa id_len .
73The callback is only allowed to generate a shorter id and reduce
74.Fa id_len ;
75the callback
76.Em must never
77increase
78.Fa id_len
79or write to the location
80.Fa id
81exceeding the given limit.
82.Pp
83If a SSLv2 session id is generated and
84.Fa id_len
85is reduced, it will be restored after the callback has finished and the session
86id will be padded with 0x00.
87It is not recommended to change the
88.Fa id_len
89for SSLv2 sessions.
90The callback can use the
91.Xr SSL_get_version 3
92function to check whether the session is of type SSLv2.
93.Pp
94The location
95.Fa id
96is filled with 0x00 before the callback is called,
97so the callback may only fill part of the possible length and leave
98.Fa id_len
99untouched while maintaining reproducibility.
100.Pp
101Since the sessions must be distinguished, session ids must be unique.
102Without the callback a random number is used,
103so that the probability of generating the same session id is extremely small
104(2^128 possible ids for an SSLv2 session, 2^256 for SSLv3/TLSv1).
105In order to ensure the uniqueness of the generated session id,
106the callback must call
107.Fn SSL_has_matching_session_id
108and generate another id if a conflict occurs.
109If an id conflict is not resolved, the handshake will fail.
110If the application codes, e.g., a unique host id, a unique process number, and
111a unique sequence number into the session id, uniqueness could easily be
112achieved without randomness added (it should however be taken care that
113no confidential information is leaked this way).
114If the application cannot guarantee uniqueness,
115it is recommended to use the maximum
116.Fa id_len
117and fill in the bytes not used to code special information with random data to
118avoid collisions.
119.Pp
120.Fn SSL_has_matching_session_id
121will only query the internal session cache, not the external one.
122Since the session id is generated before the handshake is completed,
123it is not immediately added to the cache.
124If another thread is using the same internal session cache,
125a race condition can occur in that another thread generates the same session id.
126Collisions can also occur when using an external session cache,
127since the external cache is not tested with
128.Fn SSL_has_matching_session_id
129and the same race condition applies.
130.Pp
131When calling
132.Fn SSL_has_matching_session_id
133for an SSLv2 session with reduced
134.Fa id_len Ns ,
135the match operation will be performed using the fixed length required and with
136a 0x00 padded id.
137.Pp
138The callback must return 0 if it cannot generate a session id for whatever
139reason and return 1 on success.
140.Sh RETURN VALUES
141.Fn SSL_CTX_set_generate_session_id
142and
143.Fn SSL_set_generate_session_id
144always return 1.
145.Pp
146.Fn SSL_has_matching_session_id
147returns 1 if another session with the same id is already in the cache.
148.Sh EXAMPLES
149The callback function listed will generate a session id with the server id
150given, and will fill the rest with pseudo random bytes:
151.Bd -literal
152const char session_id_prefix = "www-18";
153
154#define MAX_SESSION_ID_ATTEMPTS 10
155static int
156generate_session_id(const SSL *ssl, unsigned char *id,
157 unsigned int *id_len)
158{
159 unsigned int count = 0;
160 const char *version;
161
162 version = SSL_get_version(ssl);
163 if (!strcmp(version, "SSLv2")) {
164 /* we must not change id_len */
165 ;
166 }
167
168 do {
169 RAND_pseudo_bytes(id, *id_len);
170 /*
171 * Prefix the session_id with the required prefix. NB: If
172 * our prefix is too long, clip it \(en but there will be
173 * worse effects anyway, e.g., the server could only
174 * possibly create one session ID (the prefix!) so all
175 * future session negotiations will fail due to conflicts.
176 */
177 memcpy(id, session_id_prefix,
178 (strlen(session_id_prefix) < *id_len) ?
179 strlen(session_id_prefix) : *id_len);
180 } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
181 (++count < MAX_SESSION_ID_ATTEMPTS));
182
183 if (count >= MAX_SESSION_ID_ATTEMPTS)
184 return 0;
185 return 1;
186}
187.Ed
188.Sh SEE ALSO
189.Xr ssl 3 ,
190.Xr SSL_get_version 3
191.Sh HISTORY
192.Fn SSL_CTX_set_generate_session_id ,
193.Fn SSL_set_generate_session_id
194and
195.Fn SSL_has_matching_session_id
196were introduced in OpenSSL 0.9.7.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_info_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_info_callback.3
deleted file mode 100644
index 24ee74dda9..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_info_callback.3
+++ /dev/null
@@ -1,167 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_info_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_INFO_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_info_callback ,
9.Nm SSL_CTX_get_info_callback ,
10.Nm SSL_set_info_callback ,
11.Nm SSL_get_info_callback
12.Nd handle information callback for SSL connections
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fn SSL_CTX_set_info_callback "SSL_CTX *ctx" "void (*callback)()"
17.Ft void
18.Fn "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
19.Ft void
20.Fn SSL_set_info_callback "SSL *ssl" "void (*callback)()"
21.Ft void
22.Fn "(*SSL_get_info_callback(const SSL *ssl))"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_info_callback
25sets the
26.Fa callback
27function that can be used to obtain state information for SSL objects created
28from
29.Fa ctx
30during connection setup and use.
31The setting for
32.Fa ctx
33is overridden from the setting for a specific SSL object, if specified.
34When
35.Fa callback
36is
37.Dv NULL ,
38no callback function is used.
39.Pp
40.Fn SSL_set_info_callback
41sets the
42.Fa callback
43function that can be used to
44obtain state information for
45.Fa ssl
46during connection setup and use.
47When
48.Fa callback
49is
50.Dv NULL ,
51the callback setting currently valid for
52.Fa ctx
53is used.
54.Pp
55.Fn SSL_CTX_get_info_callback
56returns a pointer to the currently set information callback function for
57.Fa ctx .
58.Pp
59.Fn SSL_get_info_callback
60returns a pointer to the currently set information callback function for
61.Fa ssl .
62.Sh NOTES
63When setting up a connection and during use,
64it is possible to obtain state information from the SSL/TLS engine.
65When set, an information callback function is called whenever the state changes,
66an alert appears, or an error occurs.
67.Pp
68The callback function is called as
69.Fn callback "SSL *ssl" "int where" "int ret" .
70The
71.Fa where
72argument specifies information about where (in which context)
73the callback function was called.
74If
75.Fa ret
76is 0, an error condition occurred.
77If an alert is handled,
78.Dv SSL_CB_ALERT
79is set and
80.Fa ret
81specifies the alert information.
82.Pp
83.Fa where
84is a bitmask made up of the following bits:
85.Bl -tag -width Ds
86.It Dv SSL_CB_LOOP
87Callback has been called to indicate state change inside a loop.
88.It Dv SSL_CB_EXIT
89Callback has been called to indicate error exit of a handshake function.
90(May be soft error with retry option for non-blocking setups.)
91.It Dv SSL_CB_READ
92Callback has been called during read operation.
93.It Dv SSL_CB_WRITE
94Callback has been called during write operation.
95.It Dv SSL_CB_ALERT
96Callback has been called due to an alert being sent or received.
97.It Dv SSL_CB_READ_ALERT
98.It Dv SSL_CB_WRITE_ALERT
99.It Dv SSL_CB_ACCEPT_LOOP
100.It Dv SSL_CB_ACCEPT_EXIT
101.It Dv SSL_CB_CONNECT_LOOP
102.It Dv SSL_CB_CONNECT_EXIT
103.It Dv SSL_CB_HANDSHAKE_START
104Callback has been called because a new handshake is started.
105.It Dv SSL_CB_HANDSHAKE_DONE
106Callback has been called because a handshake is finished.
107.El
108.Pp
109The current state information can be obtained using the
110.Xr SSL_state_string 3
111family of functions.
112.Pp
113The
114.Fa ret
115information can be evaluated using the
116.Xr SSL_alert_type_string 3
117family of functions.
118.Sh RETURN VALUES
119.Fn SSL_set_info_callback
120does not provide diagnostic information.
121.Pp
122.Fn SSL_get_info_callback
123returns the current setting.
124.Sh EXAMPLES
125The following example callback function prints state strings,
126information about alerts being handled and error messages to the
127.Va bio_err
128.Vt BIO .
129.Bd -literal
130void
131apps_ssl_info_callback(SSL *s, int where, int ret)
132{
133 const char *str;
134 int w;
135
136 w = where & ~SSL_ST_MASK;
137
138 if (w & SSL_ST_CONNECT)
139 str = "SSL_connect";
140 else if (w & SSL_ST_ACCEPT)
141 str = "SSL_accept";
142 else
143 str = "undefined";
144
145 if (where & SSL_CB_LOOP) {
146 BIO_printf(bio_err, "%s:%s\en", str,
147 SSL_state_string_long(s));
148 } else if (where & SSL_CB_ALERT) {
149 str = (where & SSL_CB_READ) ? "read" : "write";
150 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str,
151 SSL_alert_type_string_long(ret),
152 SSL_alert_desc_string_long(ret));
153 } else if (where & SSL_CB_EXIT) {
154 if (ret == 0)
155 BIO_printf(bio_err, "%s:failed in %s\en",
156 str, SSL_state_string_long(s));
157 else if (ret < 0) {
158 BIO_printf(bio_err, "%s:error in %s\en",
159 str, SSL_state_string_long(s));
160 }
161 }
162}
163.Ed
164.Sh SEE ALSO
165.Xr ssl 3 ,
166.Xr SSL_alert_type_string 3 ,
167.Xr SSL_state_string 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3 b/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3
deleted file mode 100644
index e82f7b14a0..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3
+++ /dev/null
@@ -1,105 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.3 2016/03/10 23:21:46 mmcc Exp $
3.\"
4.Dd $Mdocdate: March 10 2016 $
5.Dt SSL_CTX_SET_MAX_CERT_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_max_cert_list ,
9.Nm SSL_CTX_get_max_cert_list ,
10.Nm SSL_set_max_cert_list ,
11.Nm SSL_get_max_cert_list
12.Nd manipulate allowed size for the peer's certificate chain
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft long
16.Fn SSL_CTX_set_max_cert_list "SSL_CTX *ctx" "long size"
17.Ft long
18.Fn SSL_CTX_get_max_cert_list "SSL_CTX *ctx"
19.Ft long
20.Fn SSL_set_max_cert_list "SSL *ssl" "long size"
21.Ft long
22.Fn SSL_get_max_cert_list "SSL *ctx"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_max_cert_list
25sets the maximum size allowed for the peer's certificate chain for all
26.Vt SSL
27objects created from
28.Fa ctx
29to be
30.Fa size
31bytes.
32The
33.Vt SSL
34objects inherit the setting valid for
35.Fa ctx
36at the time
37.Xr SSL_new 3
38is being called.
39.Pp
40.Fn SSL_CTX_get_max_cert_list
41returns the currently set maximum size for
42.Fa ctx .
43.Pp
44.Fn SSL_set_max_cert_list
45sets the maximum size allowed for the peer's certificate chain for
46.Fa ssl
47to be
48.Fa size
49bytes.
50This setting stays valid until a new value is set.
51.Pp
52.Fn SSL_get_max_cert_list
53returns the currently set maximum size for
54.Fa ssl .
55.Sh NOTES
56During the handshake process, the peer may send a certificate chain.
57The TLS/SSL standard does not give any maximum size of the certificate chain.
58The OpenSSL library handles incoming data by a dynamically allocated buffer.
59In order to prevent this buffer from growing without bound due to data
60received from a faulty or malicious peer, a maximum size for the certificate
61chain is set.
62.Pp
63The default value for the maximum certificate chain size is 100kB (30kB
64on the 16bit DOS platform).
65This should be sufficient for usual certificate chains
66(OpenSSL's default maximum chain length is 10, see
67.Xr SSL_CTX_set_verify 3 ,
68and certificates without special extensions have a typical size of 1-2kB).
69.Pp
70For special applications it can be necessary to extend the maximum certificate
71chain size allowed to be sent by the peer.
72See for example the work on
73.%T "Internet X.509 Public Key Infrastructure Proxy Certificate Profile"
74and
75.%T "TLS Delegation Protocol"
76at
77.Lk https://www.ietf.org/
78and
79.Lk http://www.globus.org/ .
80.Pp
81Under normal conditions it should never be necessary to set a value smaller
82than the default, as the buffer is handled dynamically and only uses the
83memory actually required by the data sent by the peer.
84.Pp
85If the maximum certificate chain size allowed is exceeded, the handshake will
86fail with a
87.Dv SSL_R_EXCESSIVE_MESSAGE_SIZE
88error.
89.Sh RETURN VALUES
90.Fn SSL_CTX_set_max_cert_list
91and
92.Fn SSL_set_max_cert_list
93return the previously set value.
94.Pp
95.Fn SSL_CTX_get_max_cert_list
96and
97.Fn SSL_get_max_cert_list
98return the currently set value.
99.Sh SEE ALSO
100.Xr ssl 3 ,
101.Xr SSL_CTX_set_verify 3 ,
102.Xr SSL_new 3
103.Sh HISTORY
104.Fn SSL*_set/get_max_cert_list
105were introduced in OpenSSL 0.9.7.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_mode.3 b/src/lib/libssl/doc/SSL_CTX_set_mode.3
deleted file mode 100644
index 2a3fcd5531..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_mode.3
+++ /dev/null
@@ -1,126 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_MODE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_mode ,
9.Nm SSL_set_mode ,
10.Nm SSL_CTX_get_mode ,
11.Nm SSL_get_mode
12.Nd manipulate SSL engine mode
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft long
16.Fn SSL_CTX_set_mode "SSL_CTX *ctx" "long mode"
17.Ft long
18.Fn SSL_set_mode "SSL *ssl" "long mode"
19.Ft long
20.Fn SSL_CTX_get_mode "SSL_CTX *ctx"
21.Ft long
22.Fn SSL_get_mode "SSL *ssl"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_mode
25adds the mode set via bitmask in
26.Fa mode
27to
28.Fa ctx .
29Options already set before are not cleared.
30.Pp
31.Fn SSL_set_mode
32adds the mode set via bitmask in
33.Fa mode
34to
35.Fa ssl .
36Options already set before are not cleared.
37.Pp
38.Fn SSL_CTX_get_mode
39returns the mode set for
40.Fa ctx .
41.Pp
42.Fn SSL_get_mode
43returns the mode set for
44.Fa ssl .
45.Sh NOTES
46The following mode changes are available:
47.Bl -tag -width Ds
48.It Dv SSL_MODE_ENABLE_PARTIAL_WRITE
49Allow
50.Fn SSL_write ... n
51to return
52.Ms r
53with
54.EQ
550 < r < n
56.EN
57(i.e., report success when just a single record has been written).
58When not set (the default),
59.Xr SSL_write 3
60will only report success once the complete chunk was written.
61Once
62.Xr SSL_write 3
63returns with
64.Ms r ,
65.Ms r
66bytes have been successfully written and the next call to
67.Xr SSL_write 3
68must only send the
69.Ms n \(mi r
70bytes left, imitating the behaviour of
71.Xr write 2 .
72.It Dv SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
73Make it possible to retry
74.Xr SSL_write 3
75with changed buffer location (the buffer contents must stay the same).
76This is not the default to avoid the misconception that non-blocking
77.Xr SSL_write 3
78behaves like non-blocking
79.Xr write 2 .
80.It Dv SSL_MODE_AUTO_RETRY
81Never bother the application with retries if the transport is blocking.
82If a renegotiation take place during normal operation, a
83.Xr SSL_read 3
84or
85.Xr SSL_write 3
86would return
87with \(mi1 and indicate the need to retry with
88.Dv SSL_ERROR_WANT_READ .
89In a non-blocking environment applications must be prepared to handle
90incomplete read/write operations.
91In a blocking environment, applications are not always prepared to deal with
92read/write operations returning without success report.
93The flag
94.Dv SSL_MODE_AUTO_RETRY
95will cause read/write operations to only return after the handshake and
96successful completion.
97.It Dv SSL_MODE_RELEASE_BUFFERS
98When we no longer need a read buffer or a write buffer for a given
99.Vt SSL ,
100then release the memory we were using to hold it.
101Released memory is either appended to a list of unused RAM chunks on the
102.Vt SSL_CTX ,
103or simply freed if the list of unused chunks would become longer than
104.Va "SSL_CTX->freelist_max_len" ,
105which defaults to 32.
106Using this flag can save around 34k per idle SSL connection.
107This flag has no effect on SSL v2 connections, or on DTLS connections.
108.El
109.Sh RETURN VALUES
110.Fn SSL_CTX_set_mode
111and
112.Fn SSL_set_mode
113return the new mode bitmask after adding
114.Fa mode .
115.Pp
116.Fn SSL_CTX_get_mode
117and
118.Fn SSL_get_mode
119return the current bitmask.
120.Sh SEE ALSO
121.Xr ssl 3 ,
122.Xr SSL_read 3 ,
123.Xr SSL_write 3
124.Sh HISTORY
125.Dv SSL_MODE_AUTO_RETRY
126was added in OpenSSL 0.9.6.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3
deleted file mode 100644
index c72f37ccd9..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3
+++ /dev/null
@@ -1,135 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_msg_callback.3,v 1.3 2015/11/11 22:14:40 jmc Exp $
3.\"
4.Dd $Mdocdate: November 11 2015 $
5.Dt SSL_CTX_SET_MSG_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_msg_callback ,
9.Nm SSL_CTX_set_msg_callback_arg ,
10.Nm SSL_set_msg_callback ,
11.Nm SSL_set_msg_callback_arg
12.Nd install callback for observing protocol messages
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fo SSL_CTX_set_msg_callback
17.Fa "SSL_CTX *ctx"
18.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
19.Fc
20.Ft void
21.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
22.Ft void
23.Fo SSL_set_msg_callback
24.Fa "SSL *ssl"
25.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
26.Fc
27.Ft void
28.Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg"
29.Sh DESCRIPTION
30.Fn SSL_CTX_set_msg_callback
31or
32.Fn SSL_set_msg_callback
33can be used to define a message callback function
34.Fa cb
35for observing all SSL/TLS protocol messages (such as handshake messages)
36that are received or sent.
37.Fn SSL_CTX_set_msg_callback_arg
38and
39.Fn SSL_set_msg_callback_arg
40can be used to set argument
41.Fa arg
42to the callback function, which is available for arbitrary application use.
43.Pp
44.Fn SSL_CTX_set_msg_callback
45and
46.Fn SSL_CTX_set_msg_callback_arg
47specify default settings that will be copied to new
48.Vt SSL
49objects by
50.Xr SSL_new 3 .
51.Fn SSL_set_msg_callback
52and
53.Fn SSL_set_msg_callback_arg
54modify the actual settings of an
55.Vt SSL
56object.
57Using a
58.Dv NULL
59pointer for
60.Fa cb
61disables the message callback.
62.Pp
63When
64.Fa cb
65is called by the SSL/TLS library for a protocol message,
66the function arguments have the following meaning:
67.Bl -tag -width Ds
68.It Fa write_p
69This flag is 0 when a protocol message has been received and 1 when a protocol
70message has been sent.
71.It Fa version
72The protocol version according to which the protocol message is
73interpreted by the library.
74Currently, this is one of
75.Dv SSL2_VERSION ,
76.Dv SSL3_VERSION
77and
78.Dv TLS1_VERSION
79(for SSL 2.0, SSL 3.0 and TLS 1.0, respectively).
80.It Fa content_type
81In the case of SSL 2.0, this is always 0.
82In the case of SSL 3.0 or TLS 1.0, this is one of the
83.Em ContentType
84values defined in the protocol specification
85.Po
86.Dq change_cipher_spec(20) ,
87.Dq alert(21) ,
88.Dq handshake(22) ;
89but never
90.Dq application_data(23)
91because the callback will only be called for protocol messages.
92.Pc
93.It Fa buf , Fa len
94.Fa buf
95points to a buffer containing the protocol message, which consists of
96.Fa len
97bytes.
98The buffer is no longer valid after the callback function has returned.
99.It Fa ssl
100The
101.Vt SSL
102object that received or sent the message.
103.It Fa arg
104The user-defined argument optionally defined by
105.Fn SSL_CTX_set_msg_callback_arg
106or
107.Fn SSL_set_msg_callback_arg .
108.El
109.Sh NOTES
110Protocol messages are passed to the callback function after decryption
111and fragment collection where applicable.
112(Thus record boundaries are not visible.)
113.Pp
114If processing a received protocol message results in an error,
115the callback function may not be called.
116For example, the callback function will never see messages that are considered
117too large to be processed.
118.Pp
119Due to automatic protocol version negotiation,
120.Fa version
121is not necessarily the protocol version used by the sender of the message:
122If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
123.Fa version
124will be
125.Dv SSL3_VERSION .
126.Sh SEE ALSO
127.Xr ssl 3 ,
128.Xr SSL_new 3
129.Sh HISTORY
130.Fn SSL_CTX_set_msg_callback ,
131.Fn SSL_CTX_set_msg_callback_arg ,
132.Fn SSL_set_msg_callback
133and
134.Fn SSL_set_msg_callback_arg
135were added in OpenSSL 0.9.7.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3
deleted file mode 100644
index 852553e97f..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_options.3
+++ /dev/null
@@ -1,395 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.10 2015/07/18 19:41:54 doug Exp $
3.\"
4.Dd $Mdocdate: July 18 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_options ,
9.Nm SSL_set_options ,
10.Nm SSL_CTX_clear_options ,
11.Nm SSL_clear_options ,
12.Nm SSL_CTX_get_options ,
13.Nm SSL_get_options ,
14.Nm SSL_get_secure_renegotiation_support
15.Nd manipulate SSL options
16.Sh SYNOPSIS
17.In openssl/ssl.h
18.Ft long
19.Fn SSL_CTX_set_options "SSL_CTX *ctx" "long options"
20.Ft long
21.Fn SSL_set_options "SSL *ssl" "long options"
22.Ft long
23.Fn SSL_CTX_clear_options "SSL_CTX *ctx" "long options"
24.Ft long
25.Fn SSL_clear_options "SSL *ssl" "long options"
26.Ft long
27.Fn SSL_CTX_get_options "SSL_CTX *ctx"
28.Ft long
29.Fn SSL_get_options "SSL *ssl"
30.Ft long
31.Fn SSL_get_secure_renegotiation_support "SSL *ssl"
32.Sh DESCRIPTION
33Note: all these functions are implemented using macros.
34.Pp
35.Fn SSL_CTX_set_options
36adds the options set via bitmask in
37.Fa options
38to
39.Fa ctx .
40Options already set before are not cleared!
41.Pp
42.Fn SSL_set_options
43adds the options set via bitmask in
44.Fa options
45to
46.Fa ssl .
47Options already set before are not cleared!
48.Pp
49.Fn SSL_CTX_clear_options
50clears the options set via bitmask in
51.Fa options
52to
53.Fa ctx .
54.Pp
55.Fn SSL_clear_options
56clears the options set via bitmask in
57.Fa options
58to
59.Fa ssl .
60.Pp
61.Fn SSL_CTX_get_options
62returns the options set for
63.Fa ctx .
64.Pp
65.Fn SSL_get_options
66returns the options set for
67.Fa ssl .
68.Pp
69.Fn SSL_get_secure_renegotiation_support
70indicates whether the peer supports secure renegotiation.
71.Sh NOTES
72The behaviour of the SSL library can be changed by setting several options.
73The options are coded as bitmasks and can be combined by a bitwise OR
74operation (|).
75.Pp
76.Fn SSL_CTX_set_options
77and
78.Fn SSL_set_options
79affect the (external) protocol behaviour of the SSL library.
80The (internal) behaviour of the API can be changed by using the similar
81.Xr SSL_CTX_set_mode 3
82and
83.Xr SSL_set_mode 3
84functions.
85.Pp
86During a handshake, the option settings of the SSL object are used.
87When a new SSL object is created from a context using
88.Xr SSL_new 3 ,
89the current option setting is copied.
90Changes to
91.Fa ctx
92do not affect already created
93.Vt SSL
94objects.
95.Fn SSL_clear
96does not affect the settings.
97.Pp
98The following
99.Em bug workaround
100options are available:
101.Bl -tag -width Ds
102.It Dv SSL_OP_MICROSOFT_SESS_ID_BUG
103As of
104.Ox 5.8 ,
105this option has no effect.
106.It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG
107As of
108.Ox 5.8 ,
109this option has no effect.
110.It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
111As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
112.It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
113As of
114.Ox 5.8 ,
115this option has no effect.
116.It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
117As of
118.Ox 5.8 ,
119this option has no effect.
120.It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG
121As of
122.Ox 5.8 ,
123this option has no effect.
124.It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG
125As of
126.Ox 5.8 ,
127this option has no effect.
128.It Dv SSL_OP_TLS_D5_BUG
129As of
130.Ox 5.8 ,
131this option has no effect.
132.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
133As of
134.Ox 5.8 ,
135this option has no effect.
136.It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
137Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability
138affecting CBC ciphers, which cannot be handled by some broken SSL
139implementations.
140This option has no effect for connections using other ciphers.
141.It Dv SSL_OP_TLSEXT_PADDING
142Adds a padding extension to ensure the ClientHello size is never between 256
143and 511 bytes in length.
144This is needed as a workaround for some implementations.
145.It Dv SSL_OP_ALL
146All of the above bug workarounds.
147.El
148.Pp
149It is usually safe to use
150.Dv SSL_OP_ALL
151to enable the bug workaround options if compatibility with somewhat broken
152implementations is desired.
153.Pp
154The following
155.Em modifying
156options are available:
157.Bl -tag -width Ds
158.It Dv SSL_OP_TLS_ROLLBACK_BUG
159Disable version rollback attack detection.
160.Pp
161During the client key exchange, the client must send the same information
162about acceptable SSL/TLS protocol levels as during the first hello.
163Some clients violate this rule by adapting to the server's answer.
164(Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1,
165the server only understands up to SSLv3.
166In this case the client must still use the same SSLv3.1=TLSv1 announcement.
167Some clients step down to SSLv3 with respect to the server's answer and violate
168the version rollback protection.)
169.It Dv SSL_OP_SINGLE_DH_USE
170Always create a new key when using temporary/ephemeral DH parameters
171(see
172.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
173This option must be used to prevent small subgroup attacks, when the DH
174parameters were not generated using
175.Dq strong
176primes (e.g., when using DSA-parameters, see
177.Xr openssl 1 ) .
178If
179.Dq strong
180primes were used, it is not strictly necessary to generate a new DH key during
181each handshake but it is also recommended.
182.Dv SSL_OP_SINGLE_DH_USE
183should therefore be enabled whenever temporary/ephemeral DH parameters are used.
184.It SSL_OP_EPHEMERAL_RSA
185Always use ephemeral (temporary) RSA key when doing RSA operations (see
186.Xr SSL_CTX_set_tmp_rsa_callback 3 ) .
187According to the specifications, this is only done when a RSA key can only be
188used for signature operations (namely under export ciphers with restricted RSA
189keylength).
190By setting this option, ephemeral RSA keys are always used.
191This option breaks compatibility with the SSL/TLS specifications and may lead
192to interoperability problems with clients and should therefore never be used.
193Ciphers with EDH (ephemeral Diffie-Hellman) key exchange should be used instead.
194.It Dv SSL_OP_CIPHER_SERVER_PREFERENCE
195When choosing a cipher, use the server's preferences instead of the client
196preferences.
197When not set, the SSL server will always follow the client's preferences.
198When set, the SSLv3/TLSv1 server will choose following its own preferences.
199Because of the different protocol, for SSLv2 the server will send its list of
200preferences to the client and the client chooses.
201.It Dv SSL_OP_NETSCAPE_CA_DN_BUG
202As of
203.Ox 5.8 ,
204this option has no effect.
205.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
206As of
207.Ox 5.8 ,
208this option has no effect.
209.It Dv SSL_OP_NO_SSLv2
210As of
211.Ox 5.6 ,
212this option has no effect as SSLv2 support has been removed.
213In previous versions it disabled use of the SSLv2 protocol.
214.It Dv SSL_OP_NO_SSLv3
215Do not use the SSLv3 protocol.
216.It Dv SSL_OP_NO_TLSv1
217Do not use the TLSv1.0 protocol.
218.It Dv SSL_OP_NO_TLSv1_1
219Do not use the TLSv1.1 protocol.
220.It Dv SSL_OP_NO_TLSv1_2
221Do not use the TLSv1.2 protocol.
222.It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
223When performing renegotiation as a server, always start a new session (i.e.,
224session resumption requests are only accepted in the initial handshake).
225This option is not needed for clients.
226.It Dv SSL_OP_NO_TICKET
227Normally clients and servers will, where possible, transparently make use of
228RFC4507bis tickets for stateless session resumption.
229.Pp
230If this option is set this functionality is disabled and tickets will not be
231used by clients or servers.
232.It Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
233As of
234.Ox 5.6 ,
235this option has no effect.
236In previous versions it allowed legacy insecure renegotiation between OpenSSL
237and unpatched clients or servers.
238See the
239.Sx SECURE RENEGOTIATION
240section for more details.
241.It Dv SSL_OP_LEGACY_SERVER_CONNECT
242Allow legacy insecure renegotiation between OpenSSL and unpatched servers
243.Em only :
244this option is currently set by default.
245See the
246.Sx SECURE RENEGOTIATION
247section for more details.
248.El
249.Sh SECURE RENEGOTIATION
250OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
251described in RFC5746.
252This counters the prefix attack described in CVE-2009-3555 and elsewhere.
253.Pp
254The deprecated and highly broken SSLv2 protocol does not support renegotiation
255at all; its use is
256.Em strongly
257discouraged.
258.Pp
259This attack has far-reaching consequences which application writers should be
260aware of.
261In the description below an implementation supporting secure renegotiation is
262referred to as
263.Dq patched .
264A server not supporting secure
265renegotiation is referred to as
266.Dq unpatched .
267.Pp
268The following sections describe the operations permitted by OpenSSL's secure
269renegotiation implementation.
270.Ss Patched client and server
271Connections and renegotiation are always permitted by OpenSSL implementations.
272.Ss Unpatched client and patched OpenSSL server
273The initial connection succeeds but client renegotiation is denied by the
274server with a
275.Em no_renegotiation
276warning alert if TLS v1.0 is used or a fatal
277.Em handshake_failure
278alert in SSL v3.0.
279.Pp
280If the patched OpenSSL server attempts to renegotiate a fatal
281.Em handshake_failure
282alert is sent.
283This is because the server code may be unaware of the unpatched nature of the
284client.
285.Pp
286.Em N.B.:
287a bug in OpenSSL clients earlier than 0.9.8m (all of which are unpatched) will
288result in the connection hanging if it receives a
289.Em no_renegotiation
290alert.
291OpenSSL versions 0.9.8m and later will regard a
292.Em no_renegotiation
293alert as fatal and respond with a fatal
294.Em handshake_failure
295alert.
296This is because the OpenSSL API currently has no provision to indicate to an
297application that a renegotiation attempt was refused.
298.Ss Patched OpenSSL client and unpatched server
299If the option
300.Dv SSL_OP_LEGACY_SERVER_CONNECT
301is set then initial connections and renegotiation between patched OpenSSL
302clients and unpatched servers succeeds.
303If neither option is set then initial connections to unpatched servers will
304fail.
305.Pp
306The option
307.Dv SSL_OP_LEGACY_SERVER_CONNECT
308is currently set by default even though it has security implications:
309otherwise it would be impossible to connect to unpatched servers (i.e., all of
310them initially) and this is clearly not acceptable.
311Renegotiation is permitted because this does not add any additional security
312issues: during an attack clients do not see any renegotiations anyway.
313.Pp
314As more servers become patched the option
315.Dv SSL_OP_LEGACY_SERVER_CONNECT
316will
317.Em not
318be set by default in a future version of OpenSSL.
319.Pp
320OpenSSL client applications wishing to ensure they can connect to unpatched
321servers should always
322.Em set
323.Dv SSL_OP_LEGACY_SERVER_CONNECT
324.Pp
325OpenSSL client applications that want to ensure they can
326.Em not
327connect to unpatched servers (and thus avoid any security issues) should always
328.Em clear
329.Dv SSL_OP_LEGACY_SERVER_CONNECT
330using
331.Fn SSL_CTX_clear_options
332or
333.Fn SSL_clear_options .
334.Sh RETURN VALUES
335.Fn SSL_CTX_set_options
336and
337.Fn SSL_set_options
338return the new options bitmask after adding
339.Fa options .
340.Pp
341.Fn SSL_CTX_clear_options
342and
343.Fn SSL_clear_options
344return the new options bitmask after clearing
345.Fa options .
346.Pp
347.Fn SSL_CTX_get_options
348and
349.Fn SSL_get_options
350return the current bitmask.
351.Pp
352.Fn SSL_get_secure_renegotiation_support
353returns 1 is the peer supports secure renegotiation and 0 if it does not.
354.Sh SEE ALSO
355.Xr openssl 1 ,
356.Xr ssl 3 ,
357.Xr SSL_clear 3 ,
358.Xr SSL_CTX_set_tmp_dh_callback 3 ,
359.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
360.Xr SSL_new 3
361.Sh HISTORY
362.Dv SSL_OP_CIPHER_SERVER_PREFERENCE
363and
364.Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
365have been added in
366OpenSSL 0.9.7.
367.Pp
368.Dv SSL_OP_TLS_ROLLBACK_BUG
369has been added in OpenSSL 0.9.6 and was automatically enabled with
370.Dv SSL_OP_ALL .
371As of 0.9.7, it is no longer included in
372.Dv SSL_OP_ALL
373and must be explicitly set.
374.Pp
375.Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
376has been added in OpenSSL 0.9.6e.
377Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be
378disabled with this option (in OpenSSL 0.9.6d, it was always enabled).
379.Pp
380.Fn SSL_CTX_clear_options
381and
382.Fn SSL_clear_options
383were first added in OpenSSL 0.9.8m.
384.Pp
385.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ,
386.Dv SSL_OP_LEGACY_SERVER_CONNECT
387and the function
388.Fn SSL_get_secure_renegotiation_support
389were first added in OpenSSL 0.9.8m.
390.Pp
391.Dv SSL_OP_NO_SSLv2
392and
393.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
394were changed to have no effect in
395.Ox 5.6 .
diff --git a/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3
deleted file mode 100644
index 40504ce59a..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_psk_client_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_PSK_CLIENT_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_psk_client_callback ,
9.Nm SSL_set_psk_client_callback
10.Nd set PSK client callback
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fo SSL_CTX_set_psk_client_callback
15.Fa "SSL_CTX *ctx"
16.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
17unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
18.Fc
19.Ft void
20.Fo SSL_set_psk_client_callback
21.Fa "SSL *ssl"
22.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
23unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
24.Fc
25.Sh DESCRIPTION
26A client application must provide a callback function which is called
27when the client is sending the ClientKeyExchange message to the server.
28.Pp
29The purpose of the callback function is to select the PSK identity and
30the pre-shared key to use during the connection setup phase.
31.Pp
32The callback is set using functions
33.Fn SSL_CTX_set_psk_client_callback
34or
35.Fn SSL_set_psk_client_callback .
36The callback function is given the connection in parameter
37.Fa ssl ,
38a
39.Dv NULL Ns
40-terminated PSK identity hint sent by the server in parameter
41.Fa hint ,
42a buffer
43.Fa identity
44of length
45.Fa max_identity_len
46bytes where the resulting
47.Dv NULL Ns
48-terminated identity is to be stored, and a buffer
49.Fa psk
50of
51length
52.Fa max_psk_len
53bytes where the resulting pre-shared key is to be stored.
54.Sh NOTES
55Note that parameter
56.Fa hint
57given to the callback may be
58.Dv NULL .
59.Sh RETURN VALUES
60Return values from the client callback are interpreted as follows:
61.Pp
62On success (callback found a PSK identity and a pre-shared key to use)
63the length (> 0) of
64.Fa psk
65in bytes is returned.
66.Pp
67Otherwise or on errors callback should return 0.
68In this case the connection setup fails.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3 b/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3
deleted file mode 100644
index 5cad447318..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3
+++ /dev/null
@@ -1,115 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.3 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_QUIET_SHUTDOWN 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_quiet_shutdown ,
9.Nm SSL_CTX_get_quiet_shutdown ,
10.Nm SSL_set_quiet_shutdown ,
11.Nm SSL_get_quiet_shutdown
12.Nd manipulate shutdown behaviour
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
17.Ft int
18.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
19.Ft void
20.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
21.Ft int
22.Fn SSL_get_quiet_shutdown "const SSL *ssl"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_quiet_shutdown
25sets the
26.Dq quiet shutdown
27flag for
28.Fa ctx
29to be
30.Fa mode .
31.Vt SSL
32objects created from
33.Fa ctx
34inherit the
35.Fa mode
36valid at the time
37.Xr SSL_new 3
38is called.
39.Fa mode
40may be 0 or 1.
41.Pp
42.Fn SSL_CTX_get_quiet_shutdown
43returns the
44.Dq quiet shutdown
45setting of
46.Fa ctx .
47.Pp
48.Fn SSL_set_quiet_shutdown
49sets the
50.Dq quiet shutdown
51flag for
52.Fa ssl
53to be
54.Fa mode .
55The setting stays valid until
56.Fa ssl
57is removed with
58.Xr SSL_free 3
59or
60.Fn SSL_set_quiet_shutdown
61is called again.
62It is not changed when
63.Xr SSL_clear 3
64is called.
65.Fa mode
66may be 0 or 1.
67.Pp
68.Fn SSL_get_quiet_shutdown
69returns the
70.Dq quiet shutdown
71setting of
72.Fa ssl .
73.Sh NOTES
74Normally when a SSL connection is finished, the parties must send out
75.Dq close notify
76alert messages using
77.Xr SSL_shutdown 3
78for a clean shutdown.
79.Pp
80When setting the
81.Dq quiet shutdown
82flag to 1,
83.Xr SSL_shutdown 3
84will set the internal flags to
85.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN
86.Po
87.Xr SSL_shutdown 3
88then behaves like
89.Xr SSL_set_shutdown 3
90called with
91.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN
92.Pc .
93The session is thus considered to be shut down, but no
94.Dq close notify
95alert is sent to the peer.
96This behaviour violates the TLS standard.
97.Pp
98The default is normal shutdown behaviour as described by the TLS standard.
99.Sh RETURN VALUES
100.Fn SSL_CTX_set_quiet_shutdown
101and
102.Fn SSL_set_quiet_shutdown
103do not return diagnostic information.
104.Pp
105.Fn SSL_CTX_get_quiet_shutdown
106and
107.Fn SSL_get_quiet_shutdown
108return the current setting.
109.Sh SEE ALSO
110.Xr ssl 3 ,
111.Xr SSL_clear 3 ,
112.Xr SSL_free 3 ,
113.Xr SSL_new 3 ,
114.Xr SSL_set_shutdown 3 ,
115.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3 b/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3
deleted file mode 100644
index a4e147f05a..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3
+++ /dev/null
@@ -1,143 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_session_cache_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_SESSION_CACHE_MODE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_session_cache_mode ,
9.Nm SSL_CTX_get_session_cache_mode
10.Nd enable/disable session caching
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft long
14.Fn SSL_CTX_set_session_cache_mode "SSL_CTX ctx" "long mode"
15.Ft long
16.Fn SSL_CTX_get_session_cache_mode "SSL_CTX ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_session_cache_mode
19enables/disables session caching by setting the operational mode for
20.Ar ctx
21to
22.Ar mode .
23.Pp
24.Fn SSL_CTX_get_session_cache_mode
25returns the currently used cache mode.
26.Sh NOTES
27The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
28The sessions can be held in memory for each
29.Fa ctx ,
30if more than one
31.Vt SSL_CTX
32object is being maintained, the sessions are unique for each
33.Vt SSL_CTX
34object.
35.Pp
36In order to reuse a session, a client must send the session's id to the server.
37It can only send exactly one id.
38The server then either agrees to reuse the session or it starts a full
39handshake (to create a new session).
40.Pp
41A server will lookup up the session in its internal session storage.
42If the session is not found in internal storage or lookups for the internal
43storage have been deactivated
44.Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ,
45the server will try the external storage if available.
46.Pp
47Since a client may try to reuse a session intended for use in a different
48context, the session id context must be set by the server (see
49.Xr SSL_CTX_set_session_id_context 3 ) .
50.Pp
51The following session cache modes and modifiers are available:
52.Bl -tag -width Ds
53.It Dv SSL_SESS_CACHE_OFF
54No session caching for client or server takes place.
55.It Dv SSL_SESS_CACHE_CLIENT
56Client sessions are added to the session cache.
57As there is no reliable way for the OpenSSL library to know whether a session
58should be reused or which session to choose (due to the abstract BIO layer the
59SSL engine does not have details about the connection),
60the application must select the session to be reused by using the
61.Xr SSL_set_session 3
62function.
63This option is not activated by default.
64.It Dv SSL_SESS_CACHE_SERVER
65Server sessions are added to the session cache.
66When a client proposes a session to be reused, the server looks for the
67corresponding session in (first) the internal session cache (unless
68.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
69is set), then (second) in the external cache if available.
70If the session is found, the server will try to reuse the session.
71This is the default.
72.It Dv SSL_SESS_CACHE_BOTH
73Enable both
74.Dv SSL_SESS_CACHE_CLIENT
75and
76.Dv SSL_SESS_CACHE_SERVER
77at the same time.
78.It Dv SSL_SESS_CACHE_NO_AUTO_CLEAR
79Normally the session cache is checked for expired sessions every 255
80connections using the
81.Xr SSL_CTX_flush_sessions 3
82function.
83Since this may lead to a delay which cannot be controlled,
84the automatic flushing may be disabled and
85.Xr SSL_CTX_flush_sessions 3
86can be called explicitly by the application.
87.It Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
88By setting this flag, session-resume operations in an SSL/TLS server will not
89automatically look up sessions in the internal cache,
90even if sessions are automatically stored there.
91If external session caching callbacks are in use,
92this flag guarantees that all lookups are directed to the external cache.
93As automatic lookup only applies for SSL/TLS servers,
94the flag has no effect on clients.
95.It Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
96Depending on the presence of
97.Dv SSL_SESS_CACHE_CLIENT
98and/or
99.Dv SSL_SESS_CACHE_SERVER ,
100sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
101Normally a new session is added to the internal cache as well as any external
102session caching (callback) that is configured for the
103.Vt SSL_CTX .
104This flag will prevent sessions being stored in the internal cache
105(though the application can add them manually using
106.Xr SSL_CTX_add_session 3 ) .
107Note:
108in any SSL/TLS servers where external caching is configured, any successful
109session lookups in the external cache (e.g., for session-resume requests) would
110normally be copied into the local cache before processing continues \(en this
111flag prevents these additions to the internal cache as well.
112.It Dv SSL_SESS_CACHE_NO_INTERNAL
113Enable both
114.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
115and
116.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
117at the same time.
118.El
119.Pp
120The default mode is
121.Dv SSL_SESS_CACHE_SERVER .
122.Sh RETURN VALUES
123.Fn SSL_CTX_set_session_cache_mode
124returns the previously set cache mode.
125.Pp
126.Fn SSL_CTX_get_session_cache_mode
127returns the currently set cache mode.
128.Sh SEE ALSO
129.Xr ssl 3 ,
130.Xr SSL_CTX_add_session 3 ,
131.Xr SSL_CTX_flush_sessions 3 ,
132.Xr SSL_CTX_sess_number 3 ,
133.Xr SSL_CTX_sess_set_cache_size 3 ,
134.Xr SSL_CTX_sess_set_get_cb 3 ,
135.Xr SSL_CTX_set_session_id_context 3 ,
136.Xr SSL_CTX_set_timeout 3 ,
137.Xr SSL_session_reused 3 ,
138.Xr SSL_set_session 3
139.Sh HISTORY
140.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
141and
142.Dv SSL_SESS_CACHE_NO_INTERNAL
143were introduced in OpenSSL 0.9.6h.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
deleted file mode 100644
index c8132a910c..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
+++ /dev/null
@@ -1,105 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_session_id_context.3,v 1.3 2015/09/14 15:51:20 schwarze Exp $
3.\"
4.Dd $Mdocdate: September 14 2015 $
5.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_session_id_context ,
9.Nm SSL_set_session_id_context
10.Nd set context within which session can be reused (server side only)
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft int
14.Fo SSL_CTX_set_session_id_context
15.Fa "SSL_CTX *ctx"
16.Fa "const unsigned char *sid_ctx"
17.Fa "unsigned int sid_ctx_len"
18.Fc
19.Ft int
20.Fo SSL_set_session_id_context
21.Fa "SSL *ssl"
22.Fa "const unsigned char *sid_ctx"
23.Fa "unsigned int sid_ctx_len"
24.Fc
25.Sh DESCRIPTION
26.Fn SSL_CTX_set_session_id_context
27sets the context
28.Fa sid_ctx
29of length
30.Fa sid_ctx_len
31within which a session can be reused for the
32.Fa ctx
33object.
34.Pp
35.Fn SSL_set_session_id_context
36sets the context
37.Fa sid_ctx
38of length
39.Fa sid_ctx_len
40within which a session can be reused for the
41.Fa ssl
42object.
43.Sh NOTES
44Sessions are generated within a certain context.
45When exporting/importing sessions with
46.Xr i2d_SSL_SESSION 3
47and
48.Xr d2i_SSL_SESSION 3 ,
49it would be possible to re-import a session generated from another context
50(e.g., another application), which might lead to malfunctions.
51Therefore each application must set its own session id context
52.Fa sid_ctx
53which is used to distinguish the contexts and is stored in exported sessions.
54The
55.Fa sid_ctx
56can be any kind of binary data with a given length; it is therefore possible
57to use, for instance, the name of the application, the hostname, the service
58name...
59.Pp
60The session id context becomes part of the session.
61The session id context is set by the SSL/TLS server.
62The
63.Fn SSL_CTX_set_session_id_context
64and
65.Fn SSL_set_session_id_context
66functions are therefore only useful on the server side.
67.Pp
68OpenSSL clients will check the session id context returned by the server when
69reusing a session.
70.Pp
71The maximum length of the
72.Fa sid_ctx
73is limited to
74.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
75.Sh WARNINGS
76If the session id context is not set on an SSL/TLS server and client
77certificates are used, stored sessions will not be reused but a fatal error
78will be flagged and the handshake will fail.
79.Pp
80If a server returns a different session id context to an OpenSSL client
81when reusing a session, an error will be flagged and the handshake will
82fail.
83OpenSSL servers will always return the correct session id context,
84as an OpenSSL server checks the session id context itself before reusing
85a session as described above.
86.Sh RETURN VALUES
87.Fn SSL_CTX_set_session_id_context
88and
89.Fn SSL_set_session_id_context
90return the following values:
91.Bl -tag -width Ds
92.It 0
93The length
94.Fa sid_ctx_len
95of the session id context
96.Fa sid_ctx
97exceeded
98the maximum allowed length of
99.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
100The error is logged to the error stack.
101.It 1
102The operation succeeded.
103.El
104.Sh SEE ALSO
105.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3 b/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3
deleted file mode 100644
index f4bd74e73b..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3
+++ /dev/null
@@ -1,81 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_ssl_version.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_SSL_VERSION 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_ssl_version ,
9.Nm SSL_set_ssl_method ,
10.Nm SSL_get_ssl_method
11.Nd choose a new TLS/SSL method
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *method"
16.Ft int
17.Fn SSL_set_ssl_method "SSL *s" "const SSL_METHOD *method"
18.Ft const SSL_METHOD *
19.Fn SSL_get_ssl_method "SSL *ssl"
20.Sh DESCRIPTION
21.Fn SSL_CTX_set_ssl_version
22sets a new default TLS/SSL
23.Fa method
24for
25.Vt SSL
26objects newly created from this
27.Fa ctx .
28.Vt SSL
29objects already created with
30.Xr SSL_new 3
31are not affected, except when
32.Xr SSL_clear 3
33is called.
34.Pp
35.Fn SSL_set_ssl_method
36sets a new TLS/SSL
37.Fa method
38for a particular
39.Vt SSL
40object
41.Fa s .
42It may be reset when
43.Xr SSL_clear 3
44is called.
45.Pp
46.Fn SSL_get_ssl_method
47returns a function pointer to the TLS/SSL method set in
48.Fa ssl .
49.Sh NOTES
50The available
51.Fa method
52choices are described in
53.Xr SSL_CTX_new 3 .
54.Pp
55When
56.Xr SSL_clear 3
57is called and no session is connected to an
58.Vt SSL
59object, the method of the
60.Vt SSL
61object is reset to the method currently set in the corresponding
62.Vt SSL_CTX
63object.
64.Sh RETURN VALUES
65The following return values can occur for
66.Fn SSL_CTX_set_ssl_version
67and
68.Fn SSL_set_ssl_method :
69.Bl -tag -width Ds
70.It 0
71The new choice failed.
72Check the error stack to find out the reason.
73.It 1
74The operation succeeded.
75.El
76.Sh SEE ALSO
77.Xr ssl 3 ,
78.Xr SSL_clear 3 ,
79.Xr SSL_CTX_new 3 ,
80.Xr SSL_new 3 ,
81.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_timeout.3 b/src/lib/libssl/doc/SSL_CTX_set_timeout.3
deleted file mode 100644
index 6454c4616f..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_timeout.3
+++ /dev/null
@@ -1,65 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_timeout.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_TIMEOUT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_timeout ,
9.Nm SSL_CTX_get_timeout
10.Nd manipulate timeout values for session caching
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft long
14.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
15.Ft long
16.Fn SSL_CTX_get_timeout "SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_timeout
19sets the timeout for newly created sessions for
20.Fa ctx
21to
22.Fa t .
23The timeout value
24.Fa t
25must be given in seconds.
26.Pp
27.Fn SSL_CTX_get_timeout
28returns the currently set timeout value for
29.Fa ctx .
30.Sh NOTES
31Whenever a new session is created, it is assigned a maximum lifetime.
32This lifetime is specified by storing the creation time of the session and the
33timeout value valid at this time.
34If the actual time is later than creation time plus timeout,
35the session is not reused.
36.Pp
37Due to this realization, all sessions behave according to the timeout value
38valid at the time of the session negotiation.
39Changes of the timeout value do not affect already established sessions.
40.Pp
41The expiration time of a single session can be modified using the
42.Xr SSL_SESSION_get_time 3
43family of functions.
44.Pp
45Expired sessions are removed from the internal session cache, whenever
46.Xr SSL_CTX_flush_sessions 3
47is called, either directly by the application or automatically (see
48.Xr SSL_CTX_set_session_cache_mode 3 ) .
49.Pp
50The default value for session timeout is decided on a per-protocol basis; see
51.Xr SSL_get_default_timeout 3 .
52All currently supported protocols have the same default timeout value of 300
53seconds.
54.Sh RETURN VALUES
55.Fn SSL_CTX_set_timeout
56returns the previously set timeout value.
57.Pp
58.Fn SSL_CTX_get_timeout
59returns the currently set timeout value.
60.Sh SEE ALSO
61.Xr ssl 3 ,
62.Xr SSL_CTX_flush_sessions 3 ,
63.Xr SSL_CTX_set_session_cache_mode 3 ,
64.Xr SSL_get_default_timeout 3 ,
65.Xr SSL_SESSION_get_time 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3
deleted file mode 100644
index 17eed868ee..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3
+++ /dev/null
@@ -1,235 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_tmp_dh_callback ,
9.Nm SSL_CTX_set_tmp_dh ,
10.Nm SSL_set_tmp_dh_callback ,
11.Nm SSL_set_tmp_dh
12.Nd handle DH keys for ephemeral key exchange
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fo SSL_CTX_set_tmp_dh_callback
17.Fa "SSL_CTX *ctx"
18.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)"
19.Fc
20.Ft long
21.Fn SSL_CTX_set_tmp_dh "SSL_CTX *ctx" "DH *dh"
22.Ft void
23.Fo SSL_set_tmp_dh_callback
24.Fa "SSL *ssl"
25.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength"
26.Fc
27.Ft long
28.Fn SSL_set_tmp_dh "SSL *ssl" "DH *dh"
29.Sh DESCRIPTION
30.Fn SSL_CTX_set_tmp_dh_callback
31sets the callback function for
32.Fa ctx
33to be used when a DH parameters are required to
34.Fa tmp_dh_callback .
35The callback is inherited by all
36.Vt ssl
37objects created from
38.Fa ctx .
39.Pp
40.Fn SSL_CTX_set_tmp_dh
41sets DH parameters to be used to be
42.Sy dh Ns .
43The key is inherited by all
44.Fa ssl
45objects created from
46.Fa ctx .
47.Pp
48.Fn SSL_set_tmp_dh_callback
49sets the callback only for
50.Fa ssl .
51.Pp
52.Fn SSL_set_tmp_dh
53sets the parameters only for
54.Fa ssl .
55.Pp
56These functions apply to SSL/TLS servers only.
57.Sh NOTES
58When using a cipher with RSA authentication,
59an ephemeral DH key exchange can take place.
60Ciphers with DSA keys always use ephemeral DH keys as well.
61In these cases, the session data are negotiated using the ephemeral/temporary
62DH key and the key supplied and certified by the certificate chain is only used
63for signing.
64Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
65.Pp
66Using ephemeral DH key exchange yields forward secrecy,
67as the connection can only be decrypted when the DH key is known.
68By generating a temporary DH key inside the server application that is lost
69when the application is left, it becomes impossible for an attacker to decrypt
70past sessions, even if he gets hold of the normal (certified) key,
71as this key was only used for signing.
72.Pp
73In order to perform a DH key exchange the server must use a DH group
74(DH parameters) and generate a DH key.
75The server will always generate a new DH key during the negotiation,
76when the DH parameters are supplied via callback and/or when the
77.Dv SSL_OP_SINGLE_DH_USE
78option of
79.Xr SSL_CTX_set_options 3
80is set.
81It will immediately create a DH key, when DH parameters are supplied via
82.Fn SSL_CTX_set_tmp_dh
83and
84.Dv SSL_OP_SINGLE_DH_USE
85is not set.
86In this case, it may happen that a key is generated on initialization without
87later being needed, while on the other hand the computer time during the
88negotiation is being saved.
89.Pp
90If
91.Dq strong
92primes were used to generate the DH parameters, it is not strictly necessary to
93generate a new key for each handshake but it does improve forward secrecy.
94If it is not assured that
95.Dq strong
96primes were used (see especially the section about DSA parameters below),
97.Dv SSL_OP_SINGLE_DH_USE
98must be used in order to prevent small subgroup attacks.
99Always using
100.Dv SSL_OP_SINGLE_DH_USE
101has an impact on the computer time needed during negotiation,
102but it is not very large,
103so application authors/users should consider always enabling this option.
104.Pp
105As generating DH parameters is extremely time consuming, an application should
106not generate the parameters on the fly but supply the parameters.
107DH parameters can be reused,
108as the actual key is newly generated during the negotiation.
109The risk in reusing DH parameters is that an attacker may specialize on a very
110often used DH group.
111Applications should therefore generate their own DH parameters during the
112installation process using the openssl
113.Xr openssl 1
114application.
115In order to reduce the computer time needed for this generation,
116it is possible to use DSA parameters instead (see
117.Xr openssl 1 ) ,
118but in this case
119.Dv SSL_OP_SINGLE_DH_USE
120is mandatory.
121.Pp
122Application authors may compile in DH parameters.
123Files
124.Pa dh512.pem ,
125.Pa dh1024.pem ,
126.Pa dh2048.pem ,
127and
128.Pa dh4096.pem
129in the
130.Pa apps
131directory of the current version of the OpenSSL distribution contain the
132.Sq SKIP
133DH parameters,
134which use safe primes and were generated verifiably pseudo-randomly.
135These files can be converted into C code using the
136.Fl C
137option of the
138.Xr openssl 1
139application.
140Authors may also generate their own set of parameters using
141.Xr openssl 1 ,
142but a user may not be sure how the parameters were generated.
143The generation of DH parameters during installation is therefore recommended.
144.Pp
145An application may either directly specify the DH parameters or can supply the
146DH parameters via a callback function.
147The callback approach has the advantage that the callback may supply DH
148parameters for different key lengths.
149.Pp
150The
151.Fa tmp_dh_callback
152is called with the
153.Fa keylength
154needed and the
155.Fa is_export
156information.
157The
158.Fa is_export
159flag is set when the ephemeral DH key exchange is performed with an export
160cipher.
161.Sh RETURN VALUES
162.Fn SSL_CTX_set_tmp_dh_callback
163and
164.Fn SSL_set_tmp_dh_callback
165do not return diagnostic output.
166.Pp
167.Fn SSL_CTX_set_tmp_dh
168and
169.Fn SSL_set_tmp_dh
170do return 1 on success and 0 on failure.
171Check the error queue to find out the reason of failure.
172.Sh EXAMPLES
173Handle DH parameters for key lengths of 512 and 1024 bits.
174(Error handling partly left out.)
175.Bd -literal
176\&...
177/* Set up ephemeral DH stuff */
178DH *dh_512 = NULL;
179DH *dh_1024 = NULL;
180FILE *paramfile;
181
182\&...
183
184/* "openssl dhparam -out dh_param_512.pem -2 512" */
185paramfile = fopen("dh_param_512.pem", "r");
186if (paramfile) {
187 dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
188 fclose(paramfile);
189}
190/* "openssl dhparam -out dh_param_1024.pem -2 1024" */
191paramfile = fopen("dh_param_1024.pem", "r");
192if (paramfile) {
193 dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
194 fclose(paramfile);
195}
196
197\&...
198
199/* "openssl dhparam -C -2 512" etc... */
200DH *get_dh512() { ... }
201DH *get_dh1024() { ... }
202
203DH *
204tmp_dh_callback(SSL *s, int is_export, int keylength)
205{
206 DH *dh_tmp=NULL;
207
208 switch (keylength) {
209 case 512:
210 if (!dh_512)
211 dh_512 = get_dh512();
212 dh_tmp = dh_512;
213 break;
214 case 1024:
215 if (!dh_1024)
216 dh_1024 = get_dh1024();
217 dh_tmp = dh_1024;
218 break;
219 default:
220 /*
221 * Generating a key on the fly is very costly,
222 * so use what is there
223 */
224 setup_dh_parameters_like_above();
225 }
226
227 return(dh_tmp);
228}
229.Ed
230.Sh SEE ALSO
231.Xr openssl 1 ,
232.Xr ssl 3 ,
233.Xr SSL_CTX_set_cipher_list 3 ,
234.Xr SSL_CTX_set_options 3 ,
235.Xr SSL_CTX_set_tmp_rsa_callback 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3
deleted file mode 100644
index 253274d122..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3
+++ /dev/null
@@ -1,231 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_TMP_RSA_CALLBACK.POD 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_tmp_rsa_callback ,
9.Nm SSL_CTX_set_tmp_rsa ,
10.Nm SSL_CTX_need_tmp_rsa ,
11.Nm SSL_set_tmp_rsa_callback ,
12.Nm SSL_set_tmp_rsa ,
13.Nm SSL_need_tmp_rsa
14.Nd handle RSA keys for ephemeral key exchange
15.Sh SYNOPSIS
16.In openssl/ssl.h
17.Ft void
18.Fo SSL_CTX_set_tmp_rsa_callback
19.Fa "SSL_CTX *ctx"
20.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
21.Fc
22.Ft long
23.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
24.Ft long
25.Fn SSL_CTX_need_tmp_rsa "SSL_CTX *ctx"
26.Ft void
27.Fo SSL_set_tmp_rsa_callback
28.Fa "SSL_CTX *ctx"
29.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
30.Fc
31.Ft long
32.Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa"
33.Ft long
34.Fn SSL_need_tmp_rsa "SSL *ssl"
35.Ft RSA *
36.Fn "(*tmp_rsa_callback)" "SSL *ssl" "int is_export" "int keylength"
37.Sh DESCRIPTION
38.Fn SSL_CTX_set_tmp_rsa_callback
39sets the callback function for
40.Fa ctx
41to be used when a temporary/ephemeral RSA key is required to
42.Fa tmp_rsa_callback .
43The callback is inherited by all
44.Vt SSL
45objects newly created from
46.Fa ctx
47with
48.Xr SSL_new 3 .
49Already created SSL objects are not affected.
50.Pp
51.Fn SSL_CTX_set_tmp_rsa
52sets the temporary/ephemeral RSA key to be used to be
53.Fa rsa .
54The key is inherited by all
55.Vt SSL
56objects newly created from
57.Fa ctx
58with
59.Xr SSL_new 3 .
60Already created SSL objects are not affected.
61.Pp
62.Fn SSL_CTX_need_tmp_rsa
63returns 1,
64if a temporary/ephemeral RSA key is needed for RSA-based strength-limited
65.Sq exportable
66ciphersuites because a RSA key with a keysize larger than 512 bits is installed.
67.Pp
68.Fn SSL_set_tmp_rsa_callback
69sets the callback only for
70.Fa ssl .
71.Pp
72.Fn SSL_set_tmp_rsa
73sets the key only for
74.Fa ssl .
75.Pp
76.Fn SSL_need_tmp_rsa
77returns 1,
78if a temporary/ephemeral RSA key is needed for RSA-based strength-limited
79.Sq exportable
80ciphersuites because a RSA key with a keysize larger than 512 bits is installed.
81.Pp
82These functions apply to SSL/TLS servers only.
83.Sh NOTES
84When using a cipher with RSA authentication,
85an ephemeral RSA key exchange can take place.
86In this case the session data are negotiated using the ephemeral/temporary RSA
87key and the RSA key supplied and certified by the certificate chain is only
88used for signing.
89.Pp
90Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
91than the usual key length of 1024 bits were created.
92To use these ciphers with RSA keys of usual length, an ephemeral key exchange
93must be performed, as the normal (certified) key cannot be directly used.
94.Pp
95Using ephemeral RSA key exchange yields forward secrecy,
96as the connection can only be decrypted when the RSA key is known.
97By generating a temporary RSA key inside the server application that is lost
98when the application is left, it becomes impossible for an attacker to decrypt
99past sessions, even if he gets hold of the normal (certified) RSA key,
100as this key was used for signing only.
101The downside is that creating a RSA key is computationally expensive.
102.Pp
103Additionally, the use of ephemeral RSA key exchange is only allowed in the TLS
104standard when the RSA key can be used for signing only, that is,
105for export ciphers.
106Using ephemeral RSA key exchange for other purposes violates the standard and
107can break interoperability with clients.
108It is therefore strongly recommended to not use ephemeral RSA key exchange and
109use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve
110forward secrecy (see
111.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
112.Pp
113On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
114and must be explicitly enabled using the
115.Dv SSL_OP_EPHEMERAL_RSA
116option of
117.Xr SSL_CTX_set_options 3 ,
118violating the TLS/SSL
119standard.
120When ephemeral RSA key exchange is required for export ciphers,
121it will automatically be used without this option!
122.Pp
123An application may either directly specify the key or can supply the key via
124a callback function.
125The callback approach has the advantage that the callback may generate the key
126only in case it is actually needed.
127However, as the generation of a RSA key is costly,
128it will lead to a significant delay in the handshake procedure.
129Another advantage of the callback function is that it can supply keys of
130different size (e.g., for
131.Dv SSL_OP_EPHEMERAL_RSA
132usage) while the explicit setting of the key is only useful for key size of
133512 bits to satisfy the export restricted ciphers and does give away key length
134if a longer key would be allowed.
135.Pp
136The
137.Fa tmp_rsa_callback
138is called with the
139.Fa keylength
140needed and the
141.Fa is_export
142information.
143The
144.Fa is_export
145flag is set when the ephemeral RSA key exchange is performed with an export
146cipher.
147.Sh RETURN VALUES
148.Fn SSL_CTX_set_tmp_rsa_callback
149and
150.Fn SSL_set_tmp_rsa_callback
151do not return diagnostic output.
152.Pp
153.Fn SSL_CTX_set_tmp_rsa
154and
155.Fn SSL_set_tmp_rsa
156return 1 on success and 0 on failure.
157Check the error queue to find out the reason of failure.
158.Pp
159.Fn SSL_CTX_need_tmp_rsa
160and
161.Fn SSL_need_tmp_rsa
162return 1 if a temporary RSA key is needed and 0 otherwise.
163.Sh EXAMPLES
164Generate temporary RSA keys to prepare ephemeral RSA key exchange.
165As the generation of a RSA key costs a lot of computer time,
166they are saved for later reuse.
167For demonstration purposes, two keys for 512 bits and 1024 bits
168respectively are generated.
169.Bd -literal
170\&...
171
172/* Set up ephemeral RSA stuff */
173RSA *rsa_512 = NULL;
174RSA *rsa_1024 = NULL;
175
176rsa_512 = RSA_generate_key(512, RSA_F4, NULL, NULL);
177if (rsa_512 == NULL)
178 evaluate_error_queue();
179
180rsa_1024 = RSA_generate_key(1024, RSA_F4, NULL, NULL);
181if (rsa_1024 == NULL)
182 evaluate_error_queue();
183
184\&...
185
186RSA *
187tmp_rsa_callback(SSL *s, int is_export, int keylength)
188{
189 RSA *rsa_tmp = NULL;
190
191 switch (keylength) {
192 case 512:
193 if (rsa_512)
194 rsa_tmp = rsa_512;
195 else {
196 /*
197 * generate on the fly,
198 * should not happen in this example
199 */
200 rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL,
201 NULL);
202 rsa_512 = rsa_tmp; /* Remember for later reuse */
203 }
204 break;
205 case 1024:
206 if (rsa_1024)
207 rsa_tmp = rsa_1024;
208 else
209 should_not_happen_in_this_example();
210 break;
211 default:
212 /*
213 * Generating a key on the fly is very costly,
214 * so use what is there
215 */
216 if (rsa_1024)
217 rsa_tmp = rsa_1024;
218 else
219 /* Use at least a shorter key */
220 rsa_tmp = rsa_512;
221 }
222 return rsa_tmp;
223}
224.Ed
225.Sh SEE ALSO
226.Xr openssl 1 ,
227.Xr ssl 3 ,
228.Xr SSL_CTX_set_cipher_list 3 ,
229.Xr SSL_CTX_set_options 3 ,
230.Xr SSL_CTX_set_tmp_dh_callback 3 ,
231.Xr SSL_new 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_verify.3 b/src/lib/libssl/doc/SSL_CTX_set_verify.3
deleted file mode 100644
index 9292f2086b..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_verify.3
+++ /dev/null
@@ -1,415 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_verify.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_VERIFY 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_verify ,
9.Nm SSL_set_verify ,
10.Nm SSL_CTX_set_verify_depth ,
11.Nm SSL_set_verify_depth
12.Nd set peer certificate verification parameters
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fo SSL_CTX_set_verify
17.Fa "SSL_CTX *ctx"
18.Fa "int mode"
19.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
20.Fc
21.Ft void
22.Fo SSL_set_verify
23.Fa "SSL *s"
24.Fa "int mode"
25.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
26.Fc
27.Ft void
28.Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth"
29.Ft void
30.Fn SSL_set_verify_depth "SSL *s" "int depth"
31.Ft int
32.Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx"
33.Sh DESCRIPTION
34.Fn SSL_CTX_set_verify
35sets the verification flags for
36.Fa ctx
37to be
38.Fa mode
39and
40specifies the
41.Fa verify_callback
42function to be used.
43If no callback function shall be specified, the
44.Dv NULL
45pointer can be used for
46.Fa verify_callback .
47.Pp
48.Fn SSL_set_verify
49sets the verification flags for
50.Fa ssl
51to be
52.Fa mode
53and specifies the
54.Fa verify_callback
55function to be used.
56If no callback function shall be specified, the
57.Dv NULL
58pointer can be used for
59.Fa verify_callback .
60In this case last
61.Fa verify_callback
62set specifically for this
63.Fa ssl
64remains.
65If no special callback was set before, the default callback for the underlying
66.Fa ctx
67is used, that was valid at the time
68.Fa ssl
69was created with
70.Xr SSL_new 3 .
71.Pp
72.Fn SSL_CTX_set_verify_depth
73sets the maximum
74.Fa depth
75for the certificate chain verification that shall be allowed for
76.Fa ctx .
77(See the
78.Sx BUGS
79section.)
80.Pp
81.Fn SSL_set_verify_depth
82sets the maximum
83.Fa depth
84for the certificate chain verification that shall be allowed for
85.Fa ssl .
86(See the
87.Sx BUGS
88section.)
89.Sh NOTES
90The verification of certificates can be controlled by a set of bitwise ORed
91.Fa mode
92flags:
93.Bl -tag -width Ds
94.It Dv SSL_VERIFY_NONE
95.Em Server mode:
96the server will not send a client certificate request to the client,
97so the client will not send a certificate.
98.Pp
99.Em Client mode:
100if not using an anonymous cipher (by default disabled),
101the server will send a certificate which will be checked.
102The result of the certificate verification process can be checked after the
103TLS/SSL handshake using the
104.Xr SSL_get_verify_result 3
105function.
106The handshake will be continued regardless of the verification result.
107.It Dv SSL_VERIFY_PEER
108.Em Server mode:
109the server sends a client certificate request to the client.
110The certificate returned (if any) is checked.
111If the verification process fails,
112the TLS/SSL handshake is immediately terminated with an alert message
113containing the reason for the verification failure.
114The behaviour can be controlled by the additional
115.Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
116and
117.Dv SSL_VERIFY_CLIENT_ONCE
118flags.
119.Pp
120.Em Client mode:
121the server certificate is verified.
122If the verification process fails,
123the TLS/SSL handshake is immediately terminated with an alert message
124containing the reason for the verification failure.
125If no server certificate is sent, because an anonymous cipher is used,
126.Dv SSL_VERIFY_PEER
127is ignored.
128.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
129.Em Server mode:
130if the client did not return a certificate, the TLS/SSL
131handshake is immediately terminated with a
132.Dq handshake failure
133alert.
134This flag must be used together with
135.Dv SSL_VERIFY_PEER.
136.Pp
137.Em Client mode:
138ignored
139.It Dv SSL_VERIFY_CLIENT_ONCE
140.Em Server mode:
141only request a client certificate on the initial TLS/SSL handshake.
142Do not ask for a client certificate again in case of a renegotiation.
143This flag must be used together with
144.Dv SSL_VERIFY_PEER .
145.Pp
146.Em Client mode:
147ignored
148.El
149.Pp
150Exactly one of the
151.Fa mode
152flags
153.Dv SSL_VERIFY_NONE
154and
155.Dv SSL_VERIFY_PEER
156must be set at any time.
157.Pp
158The actual verification procedure is performed either using the built-in
159verification procedure or using another application provided verification
160function set with
161.Xr SSL_CTX_set_cert_verify_callback 3 .
162The following descriptions apply in the case of the built-in procedure.
163An application provided procedure also has access to the verify depth
164information and the
165.Fa verify_callback Ns ()
166function, but the way this information is used may be different.
167.Pp
168.Fn SSL_CTX_set_verify_depth
169and
170.Fn SSL_set_verify_depth
171set the limit up to which depth certificates in a chain are used during the
172verification procedure.
173If the certificate chain is longer than allowed,
174the certificates above the limit are ignored.
175Error messages are generated as if these certificates would not be present,
176most likely a
177.Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
178will be issued.
179The depth count is
180.Dq level 0: peer certificate ,
181.Dq level 1: CA certificate ,
182.Dq level 2: higher level CA certificate ,
183and so on.
184Setting the maximum depth to 2 allows the levels 0, 1, and 2.
185The default depth limit is 100,
186allowing for the peer certificate and an additional 100 CA certificates.
187.Pp
188The
189.Fa verify_callback
190function is used to control the behaviour when the
191.Dv SSL_VERIFY_PEER
192flag is set.
193It must be supplied by the application and receives two arguments:
194.Fa preverify_ok
195indicates whether the verification of the certificate in question was passed
196(preverify_ok=1) or not (preverify_ok=0).
197.Fa x509_ctx
198is a pointer to the complete context used
199for the certificate chain verification.
200.Pp
201The certificate chain is checked starting with the deepest nesting level
202(the root CA certificate) and worked upward to the peer's certificate.
203At each level signatures and issuer attributes are checked.
204Whenever a verification error is found, the error number is stored in
205.Fa x509_ctx
206and
207.Fa verify_callback
208is called with
209.Fa preverify_ok
210equal to 0.
211By applying
212.Fn X509_CTX_store_*
213functions
214.Fa verify_callback
215can locate the certificate in question and perform additional steps (see
216.Sx EXAMPLES ) .
217If no error is found for a certificate,
218.Fa verify_callback
219is called with
220.Fa preverify_ok
221equal to 1 before advancing to the next level.
222.Pp
223The return value of
224.Fa verify_callback
225controls the strategy of the further verification process.
226If
227.Fa verify_callback
228returns 0, the verification process is immediately stopped with
229.Dq verification failed
230state.
231If
232.Dv SSL_VERIFY_PEER
233is set, a verification failure alert is sent to the peer and the TLS/SSL
234handshake is terminated.
235If
236.Fa verify_callback
237returns 1, the verification process is continued.
238If
239.Fa verify_callback
240always returns 1,
241the TLS/SSL handshake will not be terminated with respect to verification
242failures and the connection will be established.
243The calling process can however retrieve the error code of the last
244verification error using
245.Xr SSL_get_verify_result 3
246or by maintaining its own error storage managed by
247.Fa verify_callback .
248.Pp
249If no
250.Fa verify_callback
251is specified, the default callback will be used.
252Its return value is identical to
253.Fa preverify_ok ,
254so that any verification
255failure will lead to a termination of the TLS/SSL handshake with an
256alert message, if
257.Dv SSL_VERIFY_PEER
258is set.
259.Sh RETURN VALUES
260The
261.Fn SSL*_set_verify*
262functions do not provide diagnostic information.
263.Sh EXAMPLES
264The following code sequence realizes an example
265.Fa verify_callback
266function that will always continue the TLS/SSL handshake regardless of
267verification failure, if wished.
268The callback realizes a verification depth limit with more informational output.
269.Pp
270All verification errors are printed;
271information about the certificate chain is printed on request.
272The example is realized for a server that does allow but not require client
273certificates.
274.Pp
275The example makes use of the ex_data technique to store application data
276into/retrieve application data from the
277.Vt SSL
278structure (see
279.Xr SSL_get_ex_new_index 3 ,
280.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) .
281.Bd -literal
282\&...
283
284typedef struct {
285 int verbose_mode;
286 int verify_depth;
287 int always_continue;
288} mydata_t;
289int mydata_index;
290\&...
291static int
292verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
293{
294 char buf[256];
295 X509 *err_cert;
296 int err, depth;
297 SSL *ssl;
298 mydata_t *mydata;
299
300 err_cert = X509_STORE_CTX_get_current_cert(ctx);
301 err = X509_STORE_CTX_get_error(ctx);
302 depth = X509_STORE_CTX_get_error_depth(ctx);
303
304 /*
305 * Retrieve the pointer to the SSL of the connection currently
306 * treated * and the application specific data stored into the
307 * SSL object.
308 */
309 ssl = X509_STORE_CTX_get_ex_data(ctx,
310 SSL_get_ex_data_X509_STORE_CTX_idx());
311 mydata = SSL_get_ex_data(ssl, mydata_index);
312
313 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
314
315 /*
316 * Catch a too long certificate chain. The depth limit set using
317 * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
318 * that whenever the "depth>verify_depth" condition is met, we
319 * have violated the limit and want to log this error condition.
320 * We must do it here, because the CHAIN_TOO_LONG error would not
321 * be found explicitly; only errors introduced by cutting off the
322 * additional certificates would be logged.
323 */
324 if (depth > mydata->verify_depth) {
325 preverify_ok = 0;
326 err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
327 X509_STORE_CTX_set_error(ctx, err);
328 }
329 if (!preverify_ok) {
330 printf("verify error:num=%d:%s:depth=%d:%s\en", err,
331 X509_verify_cert_error_string(err), depth, buf);
332 } else if (mydata->verbose_mode) {
333 printf("depth=%d:%s\en", depth, buf);
334 }
335
336 /*
337 * At this point, err contains the last verification error.
338 * We can use it for something special
339 */
340 if (!preverify_ok && (err ==
341 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
342 X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
343 buf, 256);
344 printf("issuer= %s\en", buf);
345 }
346
347 if (mydata->always_continue)
348 return 1;
349 else
350 return preverify_ok;
351}
352\&...
353
354mydata_t mydata;
355
356\&...
357
358mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
359
360\&...
361
362SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
363 verify_callback);
364
365/*
366 * Let the verify_callback catch the verify_depth error so that we get
367 * an appropriate error in the logfile.
368 */
369SSL_CTX_set_verify_depth(verify_depth + 1);
370
371/*
372 * Set up the SSL specific data into "mydata" and store it into the SSL
373 * structure.
374 */
375mydata.verify_depth = verify_depth; ...
376SSL_set_ex_data(ssl, mydata_index, &mydata);
377
378\&...
379
380SSL_accept(ssl); /* check of success left out for clarity */
381if (peer = SSL_get_peer_certificate(ssl)) {
382 if (SSL_get_verify_result(ssl) == X509_V_OK) {
383 /* The client sent a certificate which verified OK */
384 }
385}
386.Ed
387.Sh SEE ALSO
388.Xr ssl 3 ,
389.Xr SSL_CTX_get_verify_mode 3 ,
390.Xr SSL_CTX_load_verify_locations 3 ,
391.Xr SSL_CTX_set_cert_verify_callback 3 ,
392.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
393.Xr SSL_get_ex_new_index 3 ,
394.Xr SSL_get_peer_certificate 3 ,
395.Xr SSL_get_verify_result 3 ,
396.Xr SSL_new 3
397.Sh BUGS
398In client mode, it is not checked whether the
399.Dv SSL_VERIFY_PEER
400flag is set, but whether
401.Dv SSL_VERIFY_NONE
402is not set.
403This can lead to unexpected behaviour, if the
404.Dv SSL_VERIFY_PEER
405and
406.Dv SSL_VERIFY_NONE
407are not used as required (exactly one must be set at any time).
408.Pp
409The certificate verification depth set with
410.Fn SSL[_CTX]_verify_depth
411stops the verification at a certain depth.
412The error message produced will be that of an incomplete certificate chain and
413not
414.Dv X509_V_ERR_CERT_CHAIN_TOO_LONG
415as may be expected.
diff --git a/src/lib/libssl/doc/SSL_CTX_use_certificate.3 b/src/lib/libssl/doc/SSL_CTX_use_certificate.3
deleted file mode 100644
index 6282c3b0d7..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_use_certificate.3
+++ /dev/null
@@ -1,336 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.3 2015/02/06 01:37:11 reyk Exp $
3.\"
4.Dd $Mdocdate: February 6 2015 $
5.Dt SSL_CTX_USE_CERTIFICATE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_use_certificate ,
9.Nm SSL_CTX_use_certificate_ASN1 ,
10.Nm SSL_CTX_use_certificate_file ,
11.Nm SSL_use_certificate ,
12.Nm SSL_use_certificate_ASN1 ,
13.Nm SSL_use_certificate_file ,
14.Nm SSL_CTX_use_certificate_chain_file ,
15.Nm SSL_CTX_use_certificate_chain_mem ,
16.Nm SSL_CTX_use_PrivateKey ,
17.Nm SSL_CTX_use_PrivateKey_ASN1 ,
18.Nm SSL_CTX_use_PrivateKey_file ,
19.Nm SSL_CTX_use_RSAPrivateKey ,
20.Nm SSL_CTX_use_RSAPrivateKey_ASN1 ,
21.Nm SSL_CTX_use_RSAPrivateKey_file ,
22.Nm SSL_use_PrivateKey_file ,
23.Nm SSL_use_PrivateKey_ASN1 ,
24.Nm SSL_use_PrivateKey ,
25.Nm SSL_use_RSAPrivateKey ,
26.Nm SSL_use_RSAPrivateKey_ASN1 ,
27.Nm SSL_use_RSAPrivateKey_file ,
28.Nm SSL_CTX_check_private_key ,
29.Nm SSL_check_private_key
30.Nd load certificate and key data
31.Sh SYNOPSIS
32.In openssl/ssl.h
33.Ft int
34.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
35.Ft int
36.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
37.Ft int
38.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "const char *file" "int type"
39.Ft int
40.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
41.Ft int
42.Fn SSL_use_certificate_ASN1 "SSL *ssl" "unsigned char *d" "int len"
43.Ft int
44.Fn SSL_use_certificate_file "SSL *ssl" "const char *file" "int type"
45.Ft int
46.Fn SSL_CTX_use_certificate_chain_file "SSL_CTX *ctx" "const char *file"
47.Ft int
48.Fn SSL_CTX_use_certificate_chain_mem "SSL_CTX *ctx" "void *buf" "int len"
49.Ft int
50.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
51.Ft int
52.Fo SSL_CTX_use_PrivateKey_ASN1
53.Fa "int pk" "SSL_CTX *ctx" "unsigned char *d" "long len"
54.Fc
55.Ft int
56.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "const char *file" "int type"
57.Ft int
58.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
59.Ft int
60.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
61.Ft int
62.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "const char *file" "int type"
63.Ft int
64.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
65.Ft int
66.Fn SSL_use_PrivateKey_ASN1 "int pk" "SSL *ssl" "unsigned char *d" "long len"
67.Ft int
68.Fn SSL_use_PrivateKey_file "SSL *ssl" "const char *file" "int type"
69.Ft int
70.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
71.Ft int
72.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len"
73.Ft int
74.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "const char *file" "int type"
75.Ft int
76.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
77.Ft int
78.Fn SSL_check_private_key "const SSL *ssl"
79.Sh DESCRIPTION
80These functions load the certificates and private keys into the
81.Vt SSL_CTX
82or
83.Vt SSL
84object, respectively.
85.Pp
86The
87.Fn SSL_CTX_*
88class of functions loads the certificates and keys into the
89.Vt SSL_CTX
90object
91.Fa ctx .
92The information is passed to
93.Vt SSL
94objects
95.Fa ssl
96created from
97.Fa ctx
98with
99.Xr SSL_new 3
100by copying, so that changes applied to
101.Fa ctx
102do not propagate to already existing
103.Vt SSL
104objects.
105.Pp
106The
107.Fn SSL_*
108class of functions only loads certificates and keys into a specific
109.Vt SSL
110object.
111The specific information is kept when
112.Xr SSL_clear 3
113is called for this
114.Vt SSL
115object.
116.Pp
117.Fn SSL_CTX_use_certificate
118loads the certificate
119.Fa x
120into
121.Fa ctx ;
122.Fn SSL_use_certificate
123loads
124.Fa x
125into
126.Fa ssl .
127The rest of the certificates needed to form the complete certificate chain can
128be specified using the
129.Xr SSL_CTX_add_extra_chain_cert 3
130function.
131.Pp
132.Fn SSL_CTX_use_certificate_ASN1
133loads the ASN1 encoded certificate from the memory location
134.Fa d
135(with length
136.Fa len )
137into
138.Fa ctx ;
139.Fn SSL_use_certificate_ASN1
140loads the ASN1 encoded certificate into
141.Fa ssl .
142.Pp
143.Fn SSL_CTX_use_certificate_file
144loads the first certificate stored in
145.Fa file
146into
147.Fa ctx .
148The formatting
149.Fa type
150of the certificate must be specified from the known types
151.Dv SSL_FILETYPE_PEM
152and
153.Dv SSL_FILETYPE_ASN1 .
154.Fn SSL_use_certificate_file
155loads the certificate from
156.Fa file
157into
158.Fa ssl .
159See the
160.Sx NOTES
161section on why
162.Fn SSL_CTX_use_certificate_chain_file
163should be preferred.
164.Pp
165The
166.Fn SSL_CTX_use_certificate_chain*
167functions load a certificate chain into
168.Fa ctx .
169The certificates must be in PEM format and must be sorted starting with the
170subject's certificate (actual client or server certificate),
171followed by intermediate CA certificates if applicable,
172and ending at the highest level (root) CA.
173There is no corresponding function working on a single
174.Vt SSL
175object.
176.Pp
177.Fn SSL_CTX_use_PrivateKey
178adds
179.Fa pkey
180as private key to
181.Fa ctx .
182.Fn SSL_CTX_use_RSAPrivateKey
183adds the private key
184.Fa rsa
185of type RSA to
186.Fa ctx .
187.Fn SSL_use_PrivateKey
188adds
189.Fa pkey
190as private key to
191.Fa ssl ;
192.Fn SSL_use_RSAPrivateKey
193adds
194.Fa rsa
195as private key of type RSA to
196.Fa ssl .
197If a certificate has already been set and the private does not belong to the
198certificate, an error is returned.
199To change a certificate private key pair,
200the new certificate needs to be set with
201.Fn SSL_use_certificate
202or
203.Fn SSL_CTX_use_certificate
204before setting the private key with
205.Fn SSL_CTX_use_PrivateKey
206or
207.Fn SSL_use_PrivateKey .
208.Pp
209.Fn SSL_CTX_use_PrivateKey_ASN1
210adds the private key of type
211.Fa pk
212stored at memory location
213.Fa d
214(length
215.Fa len )
216to
217.Fa ctx .
218.Fn SSL_CTX_use_RSAPrivateKey_ASN1
219adds the private key of type RSA stored at memory location
220.Fa d
221(length
222.Fa len )
223to
224.Fa ctx .
225.Fn SSL_use_PrivateKey_ASN1
226and
227.Fn SSL_use_RSAPrivateKey_ASN1
228add the private key to
229.Fa ssl .
230.Pp
231.Fn SSL_CTX_use_PrivateKey_file
232adds the first private key found in
233.Fa file
234to
235.Fa ctx .
236The formatting
237.Fa type
238of the certificate must be specified from the known types
239.Dv SSL_FILETYPE_PEM
240and
241.Dv SSL_FILETYPE_ASN1 .
242.Fn SSL_CTX_use_RSAPrivateKey_file
243adds the first private RSA key found in
244.Fa file
245to
246.Fa ctx .
247.Fn SSL_use_PrivateKey_file
248adds the first private key found in
249.Fa file
250to
251.Fa ssl ;
252.Fn SSL_use_RSAPrivateKey_file
253adds the first private RSA key found to
254.Fa ssl .
255.Pp
256.Fn SSL_CTX_check_private_key
257checks the consistency of a private key with the corresponding certificate
258loaded into
259.Fa ctx .
260If more than one key/certificate pair (RSA/DSA) is installed,
261the last item installed will be checked.
262If, e.g., the last item was a RSA certificate or key,
263the RSA key/certificate pair will be checked.
264.Fn SSL_check_private_key
265performs the same check for
266.Fa ssl .
267If no key/certificate was explicitly added for this
268.Fa ssl ,
269the last item added into
270.Fa ctx
271will be checked.
272.Sh NOTES
273The internal certificate store of OpenSSL can hold two private key/certificate
274pairs at a time:
275one key/certificate of type RSA and one key/certificate of type DSA.
276The certificate used depends on the cipher select, see also
277.Xr SSL_CTX_set_cipher_list 3 .
278.Pp
279When reading certificates and private keys from file, files of type
280.Dv SSL_FILETYPE_ASN1
281(also known as
282.Em DER ,
283binary encoding) can only contain one certificate or private key; consequently,
284.Fn SSL_CTX_use_certificate_chain_file
285is only applicable to PEM formatting.
286Files of type
287.Dv SSL_FILETYPE_PEM
288can contain more than one item.
289.Pp
290.Fn SSL_CTX_use_certificate_chain_file
291adds the first certificate found in the file to the certificate store.
292The other certificates are added to the store of chain certificates using
293.Xr SSL_CTX_add_extra_chain_cert 3 .
294There exists only one extra chain store, so that the same chain is appended
295to both types of certificates, RSA and DSA!
296If it is not intended to use both type of certificate at the same time,
297it is recommended to use the
298.Fn SSL_CTX_use_certificate_chain_file
299instead of the
300.Fn SSL_CTX_use_certificate_file
301function in order to allow the use of complete certificate chains even when no
302trusted CA storage is used or when the CA issuing the certificate shall not be
303added to the trusted CA storage.
304.Pp
305If additional certificates are needed to complete the chain during the TLS
306negotiation, CA certificates are additionally looked up in the locations of
307trusted CA certificates (see
308.Xr SSL_CTX_load_verify_locations 3 ) .
309.Pp
310The private keys loaded from file can be encrypted.
311In order to successfully load encrypted keys,
312a function returning the passphrase must have been supplied (see
313.Xr SSL_CTX_set_default_passwd_cb 3 ) .
314(Certificate files might be encrypted as well from the technical point of view,
315it however does not make sense as the data in the certificate is considered
316public anyway.)
317.Sh RETURN VALUES
318On success, the functions return 1.
319Otherwise check out the error stack to find out the reason.
320.Sh SEE ALSO
321.Xr ssl 3 ,
322.Xr SSL_clear 3 ,
323.Xr SSL_CTX_add_extra_chain_cert 3 ,
324.Xr SSL_CTX_load_verify_locations 3 ,
325.Xr SSL_CTX_set_cipher_list 3 ,
326.Xr SSL_CTX_set_client_cert_cb 3 ,
327.Xr SSL_CTX_set_default_passwd_cb 3 ,
328.Xr SSL_new 3
329.Sh HISTORY
330Support for DER encoded private keys
331.Pq Dv SSL_FILETYPE_ASN1
332in
333.Fn SSL_CTX_use_PrivateKey_file
334and
335.Fn SSL_use_PrivateKey_file
336was added in 0.9.8.
diff --git a/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3 b/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3
deleted file mode 100644
index 00c92b51ab..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3
+++ /dev/null
@@ -1,110 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_use_psk_identity_hint.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_USE_PSK_IDENTITY_HINT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_use_psk_identity_hint ,
9.Nm SSL_use_psk_identity_hint ,
10.Nm SSL_CTX_set_psk_server_callback ,
11.Nm SSL_set_psk_server_callback
12.Nd set PSK identity hint to use
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft int
16.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
17.Ft int
18.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
19.Ft void
20.Fo SSL_CTX_set_psk_server_callback
21.Fa "SSL_CTX *ctx"
22.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
23.Fc
24.Ft void
25.Fo SSL_set_psk_server_callback
26.Fa "SSL *ssl"
27.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
28.Fc
29.Sh DESCRIPTION
30.Fn SSL_CTX_use_psk_identity_hint
31sets the given
32.Dv NULL Ns
33-terminated PSK identity hint
34.Fa hint
35to SSL context object
36.Fa ctx .
37.Fn SSL_use_psk_identity_hint
38sets the given
39.Dv NULL Ns
40-terminated
41PSK identity hint
42.Fa hint
43to SSL connection object
44.Fa ssl .
45If
46.Fa hint
47is
48.Dv NULL
49the current hint from
50.Fa ctx
51or
52.Fa ssl
53is deleted.
54.Pp
55In the case where PSK identity hint is
56.Dv NULL ,
57the server does not send the
58.Em ServerKeyExchange
59message to the client.
60.Pp
61A server application must provide a callback function which is called when the
62server receives the
63.Em ClientKeyExchange
64message from the client.
65The purpose of the callback function is to validate the received PSK identity
66and to fetch the pre-shared key used during the connection setup phase.
67The callback is set using functions
68.Fn SSL_CTX_set_psk_server_callback
69or
70.Fn SSL_set_psk_server_callback .
71The callback function is given the connection in parameter
72.Fa ssl ,
73.Dv NULL Ns
74-terminated PSK identity sent by the client in parameter
75.Fa identity ,
76and a buffer
77.Fa psk
78of length
79.Fa max_psk_len
80bytes where the pre-shared key is to be stored.
81.Sh RETURN VALUES
82.Fn SSL_CTX_use_psk_identity_hint
83and
84.Fn SSL_use_psk_identity_hint
85return 1 on success, 0 otherwise.
86.Pp
87Return values from the server callback are interpreted as follows:
88.Bl -tag -width Ds
89.It >0
90PSK identity was found and the server callback has provided the PSK
91successfully in parameter
92.Fa psk .
93Return value is the length of
94.Fa psk
95in bytes.
96It is an error to return a value greater than
97.Fa max_psk_len .
98.Pp
99If the PSK identity was not found but the callback instructs the protocol to
100continue anyway, the callback must provide some random data to
101.Fa psk
102and return the length of the random data, so the connection will fail with
103.Dq decryption_error
104before it will be finished completely.
105.It 0
106PSK identity was not found.
107An
108.Dq unknown_psk_identity
109alert message will be sent and the connection setup fails.
110.El
diff --git a/src/lib/libssl/doc/SSL_SESSION_free.3 b/src/lib/libssl/doc/SSL_SESSION_free.3
deleted file mode 100644
index 69491f714b..0000000000
--- a/src/lib/libssl/doc/SSL_SESSION_free.3
+++ /dev/null
@@ -1,84 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_SESSION_free.3,v 1.3 2015/12/30 18:45:02 millert Exp $
3.\"
4.Dd $Mdocdate: December 30 2015 $
5.Dt SSL_SESSION_FREE 3
6.Os
7.Sh NAME
8.Nm SSL_SESSION_free
9.Nd free an allocated SSL_SESSION structure
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_SESSION_free "SSL_SESSION *session"
14.Sh DESCRIPTION
15.Fn SSL_SESSION_free
16decrements the reference count of
17.Fa session
18and removes the
19.Vt SSL_SESSION
20structure pointed to by
21.Fa session
22and frees up the allocated memory, if the reference count has reached 0.
23If
24.Fa session
25is a
26.Dv NULL
27pointer, no action occurs.
28.Sh NOTES
29.Vt SSL_SESSION
30objects are allocated when a TLS/SSL handshake operation is successfully
31completed.
32Depending on the settings, see
33.Xr SSL_CTX_set_session_cache_mode 3 ,
34the
35.Vt SSL_SESSION
36objects are internally referenced by the
37.Vt SSL_CTX
38and linked into its session cache.
39.Vt SSL
40objects may be using the
41.Vt SSL_SESSION
42object; as a session may be reused, several
43.Vt SSL
44objects may be using one
45.Vt SSL_SESSION
46object at the same time.
47It is therefore crucial to keep the reference count (usage information) correct
48and not delete a
49.Vt SSL_SESSION
50object that is still used, as this may lead to program failures due to dangling
51pointers.
52These failures may also appear delayed, e.g., when an
53.Vt SSL_SESSION
54object is completely freed as the reference count incorrectly becomes 0, but it
55is still referenced in the internal session cache and the cache list is
56processed during a
57.Xr SSL_CTX_flush_sessions 3
58operation.
59.Pp
60.Fn SSL_SESSION_free
61must only be called for
62.Vt SSL_SESSION
63objects, for which the reference count was explicitly incremented (e.g., by
64calling
65.Xr SSL_get1_session 3 ;
66see
67.Xr SSL_get_session 3 )
68or when the
69.Vt SSL_SESSION
70object was generated outside a TLS handshake operation, e.g., by using
71.Xr d2i_SSL_SESSION 3 .
72It must not be called on other
73.Vt SSL_SESSION
74objects, as this would cause incorrect reference counts and therefore program
75failures.
76.Sh RETURN VALUES
77.Fn SSL_SESSION_free
78does not provide diagnostic information.
79.Sh SEE ALSO
80.Xr d2i_SSL_SESSION 3 ,
81.Xr ssl 3 ,
82.Xr SSL_CTX_flush_sessions 3 ,
83.Xr SSL_CTX_set_session_cache_mode 3 ,
84.Xr SSL_get_session 3
diff --git a/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3
deleted file mode 100644
index a31f519506..0000000000
--- a/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3
+++ /dev/null
@@ -1,80 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_SESSION_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SESSION_GET_EX_NEW_INDEX 3
6.Os
7.Sh NAME
8.Nm SSL_SESSION_get_ex_new_index ,
9.Nm SSL_SESSION_set_ex_data ,
10.Nm SSL_SESSION_get_ex_data
11.Nd internal application specific data functions
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fo SSL_SESSION_get_ex_new_index
16.Fa "long argl"
17.Fa "void *argp"
18.Fa "CRYPTO_EX_new *new_func"
19.Fa "CRYPTO_EX_dup *dup_func"
20.Fa "CRYPTO_EX_free *free_func"
21.Fc
22.Ft int
23.Fn SSL_SESSION_set_ex_data "SSL_SESSION *session" "int idx" "void *arg"
24.Ft void *
25.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *session" "int idx"
26.Bd -literal
27 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
28 int idx, long argl, void *argp);
29 typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
30 int idx, long argl, void *argp);
31 typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
32 int idx, long argl, void *argp);
33.Ed
34.Sh DESCRIPTION
35Several OpenSSL structures can have application specific data attached to them.
36These functions are used internally by OpenSSL to manipulate
37application-specific data attached to a specific structure.
38.Pp
39.Fn SSL_SESSION_get_ex_new_index
40is used to register a new index for application-specific data.
41.Pp
42.Fn SSL_SESSION_set_ex_data
43is used to store application data at
44.Fa arg
45for
46.Fa idx
47into the
48.Fa session
49object.
50.Pp
51.Fn SSL_SESSION_get_ex_data
52is used to retrieve the information for
53.Fa idx
54from
55.Fa session .
56.Pp
57A detailed description for the
58.Fn *_get_ex_new_index
59functionality
60can be found in
61.Xr RSA_get_ex_new_index 3 .
62The
63.Fn *_get_ex_data
64and
65.Fn *_set_ex_data
66functionality is described in
67.Xr CRYPTO_set_ex_data 3 .
68.Sh WARNINGS
69The application data is only maintained for sessions held in memory.
70The application data is not included when dumping the session with
71.Xr i2d_SSL_SESSION 3
72(and all functions indirectly calling the dump functions like
73.Xr PEM_write_SSL_SESSION 3
74and
75.Xr PEM_write_bio_SSL_SESSION 3 )
76and can therefore not be restored.
77.Sh SEE ALSO
78.Xr CRYPTO_set_ex_data 3 ,
79.Xr RSA_get_ex_new_index 3 ,
80.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_SESSION_get_time.3 b/src/lib/libssl/doc/SSL_SESSION_get_time.3
deleted file mode 100644
index e906b5ad67..0000000000
--- a/src/lib/libssl/doc/SSL_SESSION_get_time.3
+++ /dev/null
@@ -1,98 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_SESSION_get_time.3,v 1.3 2015/11/11 22:14:40 jmc Exp $
3.\"
4.Dd $Mdocdate: November 11 2015 $
5.Dt SSL_SESSION_GET_TIME 3
6.Os
7.Sh NAME
8.Nm SSL_SESSION_get_time ,
9.Nm SSL_SESSION_set_time ,
10.Nm SSL_SESSION_get_timeout ,
11.Nm SSL_SESSION_set_timeout ,
12.Nm SSL_get_time ,
13.Nm SSL_set_time ,
14.Nm SSL_get_timeout ,
15.Nm SSL_set_timeout
16.Nd retrieve and manipulate session time and timeout settings
17.Sh SYNOPSIS
18.In openssl/ssl.h
19.Ft long
20.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
21.Ft long
22.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long tm"
23.Ft long
24.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
25.Ft long
26.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long tm"
27.Ft long
28.Fn SSL_get_time "const SSL_SESSION *s"
29.Ft long
30.Fn SSL_set_time "SSL_SESSION *s" "long tm"
31.Ft long
32.Fn SSL_get_timeout "const SSL_SESSION *s"
33.Ft long
34.Fn SSL_set_timeout "SSL_SESSION *s" "long tm"
35.Sh DESCRIPTION
36.Fn SSL_SESSION_get_time
37returns the time at which the session
38.Fa s
39was established.
40The time is given in seconds since the Epoch and therefore compatible to the
41time delivered by the
42.Xr time 3
43call.
44.Pp
45.Fn SSL_SESSION_set_time
46replaces the creation time of the session
47.Fa s
48with
49the chosen value
50.Fa tm .
51.Pp
52.Fn SSL_SESSION_get_timeout
53returns the timeout value set for session
54.Fa s
55in seconds.
56.Pp
57.Fn SSL_SESSION_set_timeout
58sets the timeout value for session
59.Fa s
60in seconds to
61.Fa tm .
62.Pp
63The
64.Fn SSL_get_time ,
65.Fn SSL_set_time ,
66.Fn SSL_get_timeout ,
67and
68.Fn SSL_set_timeout
69functions are synonyms for the
70.Fn SSL_SESSION_*
71counterparts.
72.Sh NOTES
73Sessions are expired by examining the creation time and the timeout value.
74Both are set at creation time of the session to the actual time and the default
75timeout value at creation, respectively, as set by
76.Xr SSL_CTX_set_timeout 3 .
77Using these functions it is possible to extend or shorten the lifetime of the
78session.
79.Sh RETURN VALUES
80.Fn SSL_SESSION_get_time
81and
82.Fn SSL_SESSION_get_timeout
83return the currently valid values.
84.Pp
85.Fn SSL_SESSION_set_time
86and
87.Fn SSL_SESSION_set_timeout
88return 1 on success.
89.Pp
90If any of the function is passed the
91.Dv NULL
92pointer for the session
93.Fa s ,
940 is returned.
95.Sh SEE ALSO
96.Xr ssl 3 ,
97.Xr SSL_CTX_set_timeout 3 ,
98.Xr SSL_get_default_timeout 3
diff --git a/src/lib/libssl/doc/SSL_accept.3 b/src/lib/libssl/doc/SSL_accept.3
deleted file mode 100644
index 8c7409d04f..0000000000
--- a/src/lib/libssl/doc/SSL_accept.3
+++ /dev/null
@@ -1,103 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_accept.3,v 1.3 2015/06/18 22:51:05 doug Exp $
3.\"
4.Dd $Mdocdate: June 18 2015 $
5.Dt SSL_ACCEPT 3
6.Os
7.Sh NAME
8.Nm SSL_accept
9.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_accept "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_accept
16waits for a TLS/SSL client to initiate the TLS/SSL handshake.
17The communication channel must already have been set and assigned to the
18.Fa ssl
19object by setting an underlying
20.Vt BIO .
21.Sh NOTES
22The behaviour of
23.Fn SSL_accept
24depends on the underlying
25.Vt BIO .
26.Pp
27If the underlying
28.Vt BIO
29is
30.Em blocking ,
31.Fn SSL_accept
32will only return once the handshake has been finished or an error occurred.
33.Pp
34If the underlying
35.Vt BIO
36is
37.Em non-blocking ,
38.Fn SSL_accept
39will also return when the underlying
40.Vt BIO
41could not satisfy the needs of
42.Fn SSL_accept
43to continue the handshake, indicating the problem by the return value \(mi1.
44In this case a call to
45.Xr SSL_get_error 3
46with the
47return value of
48.Fn SSL_accept
49will yield
50.Dv SSL_ERROR_WANT_READ
51or
52.Dv SSL_ERROR_WANT_WRITE .
53The calling process then must repeat the call after taking appropriate action
54to satisfy the needs of
55.Fn SSL_accept .
56The action depends on the underlying
57.Dv BIO .
58When using a non-blocking socket, nothing is to be done, but
59.Xr select 2
60can be used to check for the required condition.
61When using a buffering
62.Vt BIO ,
63like a
64.Vt BIO
65pair, data must be written into or retrieved out of the
66.Vt BIO
67before being able to continue.
68.Sh RETURN VALUES
69The following return values can occur:
70.Bl -tag -width Ds
71.It 0
72The TLS/SSL handshake was not successful but was shut down controlled and by
73the specifications of the TLS/SSL protocol.
74Call
75.Xr SSL_get_error 3
76with the return value
77.Fa ret
78to find out the reason.
79.It 1
80The TLS/SSL handshake was successfully completed,
81and a TLS/SSL connection has been established.
82.It <0
83The TLS/SSL handshake was not successful because a fatal error occurred either
84at the protocol level or a connection failure occurred.
85The shutdown was not clean.
86It can also occur of action is need to continue the operation for non-blocking
87.Vt BIO Ns
88s.
89Call
90.Xr SSL_get_error 3
91with the return value
92.Fa ret
93to find out the reason.
94.El
95.Sh SEE ALSO
96.Xr bio 3 ,
97.Xr ssl 3 ,
98.Xr SSL_connect 3 ,
99.Xr SSL_CTX_new 3 ,
100.Xr SSL_do_handshake 3 ,
101.Xr SSL_get_error 3 ,
102.Xr SSL_set_connect_state 3 ,
103.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_alert_type_string.3 b/src/lib/libssl/doc/SSL_alert_type_string.3
deleted file mode 100644
index 10c947dae9..0000000000
--- a/src/lib/libssl/doc/SSL_alert_type_string.3
+++ /dev/null
@@ -1,193 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_alert_type_string.3,v 1.3 2015/09/14 15:58:48 schwarze Exp $
3.\"
4.Dd $Mdocdate: September 14 2015 $
5.Dt SSL_ALERT_TYPE_STRING.POD 3
6.Os
7.Sh NAME
8.Nm SSL_alert_type_string ,
9.Nm SSL_alert_type_string_long ,
10.Nm SSL_alert_desc_string ,
11.Nm SSL_alert_desc_string_long
12.Nd get textual description of alert information
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft const char *
16.Fn SSL_alert_type_string "int value"
17.Ft const char *
18.Fn SSL_alert_type_string_long "int value"
19.Ft const char *
20.Fn SSL_alert_desc_string "int value"
21.Ft const char *
22.Fn SSL_alert_desc_string_long "int value"
23.Sh DESCRIPTION
24.Fn SSL_alert_type_string
25returns a one letter string indicating the type of the alert specified by
26.Fa value .
27.Pp
28.Fn SSL_alert_type_string_long
29returns a string indicating the type of the alert specified by
30.Fa value .
31.Pp
32.Fn SSL_alert_desc_string
33returns a two letter string as a short form describing the reason of the alert
34specified by
35.Fa value .
36.Pp
37.Fn SSL_alert_desc_string_long
38returns a string describing the reason of the alert specified by
39.Fa value .
40.Sh NOTES
41When one side of an SSL/TLS communication wants to inform the peer about
42a special situation, it sends an alert.
43The alert is sent as a special message and does not influence the normal data
44stream (unless its contents results in the communication being canceled).
45.Pp
46A warning alert is sent, when a non-fatal error condition occurs.
47The
48.Dq close notify
49alert is sent as a warning alert.
50Other examples for non-fatal errors are certificate errors
51.Po
52.Dq certificate expired ,
53.Dq unsupported certificate
54.Pc ,
55for which a warning alert may be sent.
56(The sending party may, however, decide to send a fatal error.)
57The receiving side may cancel the connection on reception of a warning alert at
58its discretion.
59.Pp
60Several alert messages must be sent as fatal alert messages as specified
61by the TLS RFC.
62A fatal alert always leads to a connection abort.
63.Sh RETURN VALUES
64The following strings can occur for
65.Fn SSL_alert_type_string
66or
67.Fn SSL_alert_type_string_long :
68.Bl -tag -width Ds
69.It \(dqW\(dq/\(dqwarning\(dq
70.It \(dqF\(dq/\(dqfatal\(dq
71.It \(dqU\(dq/\(dqunknown\(dq
72This indicates that no support is available for this alert type.
73Probably
74.Fa value
75does not contain a correct alert message.
76.El
77.Pp
78The following strings can occur for
79.Fn SSL_alert_desc_string
80or
81.Fn SSL_alert_desc_string_long :
82.Bl -tag -width Ds
83.It \(dqCN\(dq/\(dqclose notify\(dq
84The connection shall be closed.
85This is a warning alert.
86.It \(dqUM\(dq/\(dqunexpected message\(dq
87An inappropriate message was received.
88This alert is always fatal and should never be observed in communication
89between proper implementations.
90.It \(dqBM\(dq/\(dqbad record mac\(dq
91This alert is returned if a record is received with an incorrect MAC.
92This message is always fatal.
93.It \(dqDF\(dq/\(dqdecompression failure\(dq
94The decompression function received improper input
95(e.g., data that would expand to excessive length).
96This message is always fatal.
97.It \(dqHF\(dq/\(dqhandshake failure\(dq
98Reception of a handshake_failure alert message indicates that the sender was
99unable to negotiate an acceptable set of security parameters given the options
100available.
101This is a fatal error.
102.It \(dqNC\(dq/\(dqno certificate\(dq
103A client, that was asked to send a certificate, does not send a certificate
104(SSLv3 only).
105.It \(dqBC\(dq/\(dqbad certificate\(dq
106A certificate was corrupt, contained signatures that did not verify correctly,
107etc.
108.It \(dqUC\(dq/\(dqunsupported certificate\(dq
109A certificate was of an unsupported type.
110.It \(dqCR\(dq/\(dqcertificate revoked\(dq
111A certificate was revoked by its signer.
112.It \(dqCE\(dq/\(dqcertificate expired\(dq
113A certificate has expired or is not currently valid.
114.It \(dqCU\(dq/\(dqcertificate unknown\(dq
115Some other (unspecified) issue arose in processing the certificate,
116rendering it unacceptable.
117.It \(dqIP\(dq/\(dqillegal parameter\(dq
118A field in the handshake was out of range or inconsistent with other fields.
119This is always fatal.
120.It \(dqDC\(dq/\(dqdecryption failed\(dq
121A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple
122of the block length or its padding values, when checked, weren't correct.
123This message is always fatal.
124.It \(dqRO\(dq/\(dqrecord overflow\(dq
125A TLSCiphertext record was received which had a length more than
1262^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than
1272^14+1024 bytes.
128This message is always fatal.
129.It \(dqCA\(dq/\(dqunknown CA\(dq
130A valid certificate chain or partial chain was received,
131but the certificate was not accepted because the CA certificate could not be
132located or couldn't be matched with a known, trusted CA.
133This message is always fatal.
134.It \(dqAD\(dq/\(dqaccess denied\(dq
135A valid certificate was received, but when access control was applied,
136the sender decided not to proceed with negotiation.
137This message is always fatal.
138.It \(dqDE\(dq/\(dqdecode error\(dq
139A message could not be decoded because some field was out of the specified
140range or the length of the message was incorrect.
141This message is always fatal.
142.It \(dqCY\(dq/\(dqdecrypt error\(dq
143A handshake cryptographic operation failed, including being unable to correctly
144verify a signature, decrypt a key exchange, or validate a finished message.
145.It \(dqER\(dq/\(dqexport restriction\(dq
146A negotiation not in compliance with export restrictions was detected;
147for example, attempting to transfer a 1024 bit ephemeral RSA key for the
148RSA_EXPORT handshake method.
149This message is always fatal.
150.It \(dqPV\(dq/\(dqprotocol version\(dq
151The protocol version the client has attempted to negotiate is recognized,
152but not supported.
153(For example, old protocol versions might be avoided for security reasons.)
154This message is always fatal.
155.It \(dqIS\(dq/\(dqinsufficient security\(dq
156Returned instead of handshake_failure when a negotiation has failed
157specifically because the server requires ciphers more secure than those
158supported by the client.
159This message is always fatal.
160.It \(dqIE\(dq/\(dqinternal error\(dq
161An internal error unrelated to the peer or the correctness of the protocol
162makes it impossible to continue (such as a memory allocation failure).
163This message is always fatal.
164.It \(dqUS\(dq/\(dquser canceled\(dq
165This handshake is being canceled for some reason unrelated to a protocol
166failure.
167If the user cancels an operation after the handshake is complete,
168just closing the connection by sending a close_notify is more appropriate.
169This alert should be followed by a close_notify.
170This message is generally a warning.
171.It \(dqNR\(dq/\(dqno renegotiation\(dq
172Sent by the client in response to a hello request or by the server in response
173to a client hello after initial handshaking.
174Either of these would normally lead to renegotiation; when that is not
175appropriate, the recipient should respond with this alert; at that point,
176the original requester can decide whether to proceed with the connection.
177One case where this would be appropriate would be where a server has spawned a
178process to satisfy a request; the process might receive security parameters
179(key length, authentication, etc.) at startup and it might be difficult to
180communicate changes to these parameters after that point.
181This message is always a warning.
182.It \(dqUP\(dq/\(dqunknown PSK identity\(dq
183Sent by the server to indicate that it does not recognize a PSK identity or an
184SRP identity.
185.It \(dqUK\(dq/\(dqunknown\(dq
186This indicates that no description is available for this alert type.
187Probably
188.Fa value
189does not contain a correct alert message.
190.El
191.Sh SEE ALSO
192.Xr ssl 3 ,
193.Xr SSL_CTX_set_info_callback 3
diff --git a/src/lib/libssl/doc/SSL_clear.3 b/src/lib/libssl/doc/SSL_clear.3
deleted file mode 100644
index 8d49a840ca..0000000000
--- a/src/lib/libssl/doc/SSL_clear.3
+++ /dev/null
@@ -1,92 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_clear.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CLEAR 3
6.Os
7.Sh NAME
8.Nm SSL_clear
9.Nd reset SSL object to allow another connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_clear "SSL *ssl"
14.Sh DESCRIPTION
15Reset
16.Fa ssl
17to allow another connection.
18All settings (method, ciphers, BIOs) are kept.
19.Sh NOTES
20.Fn SSL_clear
21is used to prepare an
22.Vt SSL
23object for a new connection.
24While all settings are kept,
25a side effect is the handling of the current SSL session.
26If a session is still
27.Em open ,
28it is considered bad and will be removed from the session cache,
29as required by RFC2246.
30A session is considered open if
31.Xr SSL_shutdown 3
32was not called for the connection or at least
33.Xr SSL_set_shutdown 3
34was used to
35set the
36.Dv SSL_SENT_SHUTDOWN
37state.
38.Pp
39If a session was closed cleanly,
40the session object will be kept and all settings corresponding.
41This explicitly means that for example the special method used during the
42session will be kept for the next handshake.
43So if the session was a TLSv1 session, a
44.Vt SSL
45client object will use a TLSv1 client method for the next handshake and a
46.Vt SSL
47server object will use a TLSv1 server method, even if
48.Fn SSLv23_*_method Ns s
49were chosen on startup.
50This might lead to connection failures (see
51.Xr SSL_new 3 )
52for a description of the method's properties.
53.Sh WARNINGS
54.Fn SSL_clear
55resets the
56.Vt SSL
57object to allow for another connection.
58The reset operation however keeps several settings of the last sessions
59(some of these settings were made automatically during the last handshake).
60It only makes sense for a new connection with the exact same peer that shares
61these settings,
62and may fail if that peer changes its settings between connections.
63Use the sequence
64.Xr SSL_get_session 3 ;
65.Xr SSL_new 3 ;
66.Xr SSL_set_session 3 ;
67.Xr SSL_free 3
68instead to avoid such failures (or simply
69.Xr SSL_free 3 ;
70.Xr SSL_new 3
71if session reuse is not desired).
72.Sh RETURN VALUES
73The following return values can occur:
74.Bl -tag -width Ds
75.It 0
76The
77.Fn SSL_clear
78operation could not be performed.
79Check the error stack to find out the reason.
80.It 1
81The
82.Fn SSL_clear
83operation was successful.
84.El
85.Sh SEE ALSO
86.Xr ssl 3 ,
87.Xr SSL_CTX_set_client_cert_cb 3 ,
88.Xr SSL_CTX_set_options 3 ,
89.Xr SSL_free 3 ,
90.Xr SSL_new 3 ,
91.Xr SSL_set_shutdown 3 ,
92.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_connect.3 b/src/lib/libssl/doc/SSL_connect.3
deleted file mode 100644
index 105e0ed923..0000000000
--- a/src/lib/libssl/doc/SSL_connect.3
+++ /dev/null
@@ -1,102 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_connect.3,v 1.3 2015/07/24 15:25:08 jmc Exp $
3.\"
4.Dd $Mdocdate: July 24 2015 $
5.Dt SSL_CONNECT 3
6.Os
7.Sh NAME
8.Nm SSL_connect
9.Nd initiate the TLS/SSL handshake with a TLS/SSL server
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_connect "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_connect
16initiates the TLS/SSL handshake with a server.
17The communication channel must already have been set and assigned to the
18.Fa ssl
19by setting an underlying
20.Vt BIO .
21.Sh NOTES
22The behaviour of
23.Fn SSL_connect
24depends on the underlying
25.Vt BIO .
26.Pp
27If the underlying
28.Vt BIO
29is
30.Em blocking ,
31.Fn SSL_connect
32will only return once the handshake has been finished or an error occurred.
33.Pp
34If the underlying
35.Vt BIO
36is
37.Em non-blocking ,
38.Fn SSL_connect
39will also return when the underlying
40.Vt BIO
41could not satisfy the needs of
42.Fn SSL_connect
43to continue the handshake, indicating the problem with the return value \(mi1.
44In this case a call to
45.Xr SSL_get_error 3
46with the return value of
47.Fn SSL_connect
48will yield
49.Dv SSL_ERROR_WANT_READ
50or
51.Dv SSL_ERROR_WANT_WRITE .
52The calling process then must repeat the call after taking appropriate action
53to satisfy the needs of
54.Fn SSL_connect .
55The action depends on the underlying
56.Vt BIO .
57When using a non-blocking socket, nothing is to be done, but
58.Xr select 2
59can be used to check for the required condition.
60When using a buffering
61.Vt BIO ,
62like a
63.Vt BIO
64pair, data must be written into or retrieved out of the
65.Vt BIO
66before being able to continue.
67.Sh RETURN VALUES
68The following return values can occur:
69.Bl -tag -width Ds
70.It 0
71The TLS/SSL handshake was not successful but was shut down controlled and
72by the specifications of the TLS/SSL protocol.
73Call
74.Xr SSL_get_error 3
75with the return value
76.Fa ret
77to find out the reason.
78.It 1
79The TLS/SSL handshake was successfully completed,
80and a TLS/SSL connection has been established.
81.It <0
82The TLS/SSL handshake was not successful, because either a fatal error occurred
83at the protocol level or a connection failure occurred.
84The shutdown was not clean.
85It can also occur if action is needed to continue the operation for
86non-blocking
87.Vt BIO Ns s.
88Call
89.Xr SSL_get_error 3
90with the return value
91.Fa ret
92to find out the reason.
93.El
94.Sh SEE ALSO
95.Xr bio 3 ,
96.Xr ssl 3 ,
97.Xr SSL_accept 3 ,
98.Xr SSL_CTX_new 3 ,
99.Xr SSL_do_handshake 3 ,
100.Xr SSL_get_error 3 ,
101.Xr SSL_set_connect_state 3 ,
102.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_do_handshake.3 b/src/lib/libssl/doc/SSL_do_handshake.3
deleted file mode 100644
index 78a37b08c9..0000000000
--- a/src/lib/libssl/doc/SSL_do_handshake.3
+++ /dev/null
@@ -1,101 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_do_handshake.3,v 1.3 2015/06/18 22:51:05 doug Exp $
3.\"
4.Dd $Mdocdate: June 18 2015 $
5.Dt SSL_DO_HANDSHAKE 3
6.Os
7.Sh NAME
8.Nm SSL_do_handshake
9.Nd perform a TLS/SSL handshake
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_do_handshake "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_do_handshake
16will wait for a SSL/TLS handshake to take place.
17If the connection is in client mode, the handshake will be started.
18The handshake routines may have to be explicitly set in advance using either
19.Xr SSL_set_connect_state 3
20or
21.Xr SSL_set_accept_state 3 .
22.Sh NOTES
23The behaviour of
24.Fn SSL_do_handshake
25depends on the underlying
26.Vt BIO .
27.Pp
28If the underlying
29.Vt BIO
30is
31.Em blocking ,
32.Fn SSL_do_handshake
33will only return once the handshake has been finished or an error occurred.
34.Pp
35If the underlying
36.Vt BIO
37is
38.Em non-blocking ,
39.Fn SSL_do_handshake
40will also return when the underlying
41.Vt BIO
42could not satisfy the needs of
43.Fn SSL_do_handshake
44to continue the handshake.
45In this case a call to
46.Xr SSL_get_error 3
47with the return value of
48.Fn SSL_do_handshake
49will yield
50.Dv SSL_ERROR_WANT_READ
51or
52.Dv SSL_ERROR_WANT_WRITE .
53The calling process then must repeat the call after taking appropriate action
54to satisfy the needs of
55.Fn SSL_do_handshake .
56The action depends on the underlying
57.Vt BIO .
58When using a non-blocking socket, nothing is to be done, but
59.Xr select 2
60can be used to check for the required condition.
61When using a buffering
62.Vt BIO ,
63like a
64.Vt BIO
65pair, data must be written into or retrieved out of the
66.Vt BIO
67before being able to continue.
68.Sh RETURN VALUES
69The following return values can occur:
70.Bl -tag -width Ds
71.It 0
72The TLS/SSL handshake was not successful but was shut down controlled and
73by the specifications of the TLS/SSL protocol.
74Call
75.Xr SSL_get_error 3
76with the return value
77.Fa ret
78to find out the reason.
79.It 1
80The TLS/SSL handshake was successfully completed,
81and a TLS/SSL connection has been established.
82.It <0
83The TLS/SSL handshake was not successful because either a fatal error occurred
84at the protocol level or a connection failure occurred.
85The shutdown was not clean.
86It can also occur if action is needed to continue the operation for
87non-blocking
88.Vt BIO Ns s.
89Call
90.Xr SSL_get_error 3
91with the return value
92.Fa ret
93to find out the reason.
94.El
95.Sh SEE ALSO
96.Xr bio 3 ,
97.Xr ssl 3 ,
98.Xr SSL_accept 3 ,
99.Xr SSL_connect 3 ,
100.Xr SSL_get_error 3 ,
101.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/SSL_free.3 b/src/lib/libssl/doc/SSL_free.3
deleted file mode 100644
index 1a3711e6c7..0000000000
--- a/src/lib/libssl/doc/SSL_free.3
+++ /dev/null
@@ -1,67 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_free.3,v 1.3 2015/12/30 18:45:02 millert Exp $
3.\"
4.Dd $Mdocdate: December 30 2015 $
5.Dt SSL_FREE 3
6.Os
7.Sh NAME
8.Nm SSL_free
9.Nd free an allocated SSL structure
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_free "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_free
16decrements the reference count of
17.Fa ssl ,
18and removes the
19.Vt SSL
20structure pointed to by
21.Fa ssl
22and frees up the allocated memory if the reference count has reached 0.
23If
24.Fa ssl
25is a
26.Dv NULL
27pointer, no action occurs.
28.Sh NOTES
29.Fn SSL_free
30also calls the
31.Xr free 3 Ns
32ing procedures for indirectly affected items, if applicable: the buffering
33.Vt BIO ,
34the read and write
35.Vt BIOs ,
36cipher lists specially created for this
37.Fa ssl ,
38the
39.Sy SSL_SESSION .
40Do not explicitly free these indirectly freed up items before or after calling
41.Fn SSL_free ,
42as trying to free things twice may lead to program failure.
43.Pp
44The
45.Fa ssl
46session has reference counts from two users: the
47.Vt SSL
48object, for which the reference count is removed by
49.Fn SSL_free
50and the internal session cache.
51If the session is considered bad, because
52.Xr SSL_shutdown 3
53was not called for the connection and
54.Xr SSL_set_shutdown 3
55was not used to set the
56.Vt SSL_SENT_SHUTDOWN
57state, the session will also be removed from the session cache as required by
58RFC2246.
59.Sh RETURN VALUES
60.Fn SSL_free
61does not provide diagnostic information.
62.Sh SEE ALSO
63.Xr ssl 3 ,
64.Xr SSL_clear 3 ,
65.Xr SSL_new 3 ,
66.Xr SSL_set_shutdown 3 ,
67.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_get_SSL_CTX.3 b/src/lib/libssl/doc/SSL_get_SSL_CTX.3
deleted file mode 100644
index 7ba5b0cb81..0000000000
--- a/src/lib/libssl/doc/SSL_get_SSL_CTX.3
+++ /dev/null
@@ -1,28 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_SSL_CTX.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_SSL_CTX 3
6.Os
7.Sh NAME
8.Nm SSL_get_SSL_CTX
9.Nd get the SSL_CTX from which an SSL is created
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft SSL_CTX *
13.Fn SSL_get_SSL_CTX "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_SSL_CTX
16returns a pointer to the
17.Vt SSL_CTX
18object from which
19.Fa ssl
20was created with
21.Xr SSL_new 3 .
22.Sh RETURN VALUES
23The pointer to the
24.Vt SSL_CTX
25object is returned.
26.Sh SEE ALSO
27.Xr ssl 3 ,
28.Xr SSL_new 3
diff --git a/src/lib/libssl/doc/SSL_get_ciphers.3 b/src/lib/libssl/doc/SSL_get_ciphers.3
deleted file mode 100644
index 89abc172b4..0000000000
--- a/src/lib/libssl/doc/SSL_get_ciphers.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_ciphers.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_CIPHERS 3
6.Os
7.Sh NAME
8.Nm SSL_get_ciphers ,
9.Nm SSL_get_cipher_list
10.Nd get list of available SSL_CIPHERs
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft STACK_OF(SSL_CIPHER) *
14.Fn SSL_get_ciphers "const SSL *ssl"
15.Ft const char *
16.Fn SSL_get_cipher_list "const SSL *ssl" "int priority"
17.Sh DESCRIPTION
18.Fn SSL_get_ciphers
19returns the stack of available
20.Vt SSL_CIPHER Ns s
21for
22.Fa ssl ,
23sorted by preference.
24If
25.Fa ssl
26is
27.Dv NULL
28or no ciphers are available,
29.Dv NULL
30is returned.
31.Pp
32.Fn SSL_get_cipher_list
33returns a pointer to the name of the
34.Vt SSL_CIPHER
35listed for
36.Fa ssl
37with
38.Fa priority .
39If
40.Fa ssl
41is
42.Dv NULL ,
43no ciphers are available, or there are fewer ciphers than
44.Fa priority
45available,
46.Dv NULL
47is returned.
48.Sh NOTES
49The details of the ciphers obtained by
50.Fn SSL_get_ciphers
51can be obtained using the
52.Xr SSL_CIPHER_get_name 3
53family of functions.
54.Pp
55Call
56.Fn SSL_get_cipher_list
57with
58.Fa priority
59starting from 0 to obtain the sorted list of available ciphers, until
60.Dv NULL
61is returned.
62.Sh RETURN VALUES
63See
64.Sx DESCRIPTION .
65.Sh SEE ALSO
66.Xr ssl 3 ,
67.Xr SSL_CIPHER_get_name 3 ,
68.Xr SSL_CTX_set_cipher_list 3
diff --git a/src/lib/libssl/doc/SSL_get_client_CA_list.3 b/src/lib/libssl/doc/SSL_get_client_CA_list.3
deleted file mode 100644
index 7aa5a90c9a..0000000000
--- a/src/lib/libssl/doc/SSL_get_client_CA_list.3
+++ /dev/null
@@ -1,61 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_client_CA_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_CLIENT_CA_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_get_client_CA_list ,
9.Nm SSL_CTX_get_client_CA_list
10.Nd get list of client CAs
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft STACK_OF(X509_NAME) *
14.Fn SSL_get_client_CA_list "const SSL *s"
15.Ft STACK_OF(X509_NAME) *
16.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_get_client_CA_list
19returns the list of client CAs explicitly set for
20.Fa ctx
21using
22.Xr SSL_CTX_set_client_CA_list 3 .
23.Pp
24.Fn SSL_get_client_CA_list
25returns the list of client CAs explicitly set for
26.Fa ssl
27using
28.Fn SSL_set_client_CA_list
29or
30.Fa ssl Ns 's
31.Vt SSL_CTX
32object with
33.Xr SSL_CTX_set_client_CA_list 3 ,
34when in server mode.
35In client mode,
36.Fn SSL_get_client_CA_list
37returns the list of client CAs sent from the server, if any.
38.Sh RETURN VALUES
39.Fn SSL_CTX_set_client_CA_list
40and
41.Fn SSL_set_client_CA_list
42do not return diagnostic information.
43.Pp
44.Fn SSL_CTX_add_client_CA
45and
46.Fn SSL_add_client_CA
47have the following return values:
48.Bl -tag -width Ds
49.It Dv STACK_OF Ns Po Vt X509_NAMES Pc
50List of CA names explicitly set (for
51.Fa ctx
52or in server mode) or sent by the server (client mode).
53.It Dv NULL
54No client CA list was explicitly set (for
55.Fa ctx
56or in server mode) or the server did not send a list of CAs (client mode).
57.El
58.Sh SEE ALSO
59.Xr ssl 3 ,
60.Xr SSL_CTX_set_client_CA_list 3 ,
61.Xr SSL_CTX_set_client_cert_cb 3
diff --git a/src/lib/libssl/doc/SSL_get_current_cipher.3 b/src/lib/libssl/doc/SSL_get_current_cipher.3
deleted file mode 100644
index d7140571b0..0000000000
--- a/src/lib/libssl/doc/SSL_get_current_cipher.3
+++ /dev/null
@@ -1,52 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_current_cipher.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_CURRENT_CIPHER 3
6.Os
7.Sh NAME
8.Nm SSL_get_current_cipher ,
9.Nm SSL_get_cipher ,
10.Nm SSL_get_cipher_name ,
11.Nm SSL_get_cipher_bits ,
12.Nm SSL_get_cipher_version
13.Nd get SSL_CIPHER of a connection
14.Sh SYNOPSIS
15.In openssl/ssl.h
16.Ft SSL_CIPHER *
17.Fn SSL_get_current_cipher "const SSL *ssl"
18.Fd #define SSL_get_cipher(s) SSL_CIPHER_get_name(SSL_get_current_cipher(s))
19.Fd #define SSL_get_cipher_name(s) \
20SSL_CIPHER_get_name(SSL_get_current_cipher(s))
21.Fd #define SSL_get_cipher_bits(s,np) \
22SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
23.Fd #define SSL_get_cipher_version(s) \
24SSL_CIPHER_get_version(SSL_get_current_cipher(s))
25.Sh DESCRIPTION
26.Fn SSL_get_current_cipher
27returns a pointer to an
28.Vt SSL_CIPHER
29object containing the description of the actually used cipher of a connection
30established with the
31.Fa ssl
32object.
33.Pp
34.Fn SSL_get_cipher
35and
36.Fn SSL_get_cipher_name
37are identical macros to obtain the name of the currently used cipher.
38.Fn SSL_get_cipher_bits
39is a macro to obtain the number of secret/algorithm bits used and
40.Fn SSL_get_cipher_version
41returns the protocol name.
42See
43.Xr SSL_CIPHER_get_name 3
44for more details.
45.Sh RETURN VALUES
46.Fn SSL_get_current_cipher
47returns the cipher actually used or
48.Dv NULL ,
49when no session has been established.
50.Sh SEE ALSO
51.Xr ssl 3 ,
52.Xr SSL_CIPHER_get_name 3
diff --git a/src/lib/libssl/doc/SSL_get_default_timeout.3 b/src/lib/libssl/doc/SSL_get_default_timeout.3
deleted file mode 100644
index 1a58e87f27..0000000000
--- a/src/lib/libssl/doc/SSL_get_default_timeout.3
+++ /dev/null
@@ -1,36 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_default_timeout.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_DEFAULT_TIMEOUT 3
6.Os
7.Sh NAME
8.Nm SSL_get_default_timeout
9.Nd get default session timeout value
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft long
13.Fn SSL_get_default_timeout "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_default_timeout
16returns the default timeout value assigned to
17.Vt SSL_SESSION
18objects negotiated for the protocol valid for
19.Fa ssl .
20.Sh NOTES
21Whenever a new session is negotiated, it is assigned a timeout value,
22after which it will not be accepted for session reuse.
23If the timeout value was not explicitly set using
24.Xr SSL_CTX_set_timeout 3 ,
25the hardcoded default timeout for the protocol will be used.
26.Pp
27.Fn SSL_get_default_timeout
28return this hardcoded value, which is 300 seconds for all currently supported
29protocols (SSLv2, SSLv3, and TLSv1).
30.Sh RETURN VALUES
31See description.
32.Sh SEE ALSO
33.Xr ssl 3 ,
34.Xr SSL_CTX_flush_sessions 3 ,
35.Xr SSL_CTX_set_session_cache_mode 3 ,
36.Xr SSL_SESSION_get_time 3
diff --git a/src/lib/libssl/doc/SSL_get_error.3 b/src/lib/libssl/doc/SSL_get_error.3
deleted file mode 100644
index f6e5045b01..0000000000
--- a/src/lib/libssl/doc/SSL_get_error.3
+++ /dev/null
@@ -1,169 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_error.3,v 1.3 2015/07/24 15:25:08 jmc Exp $
3.\"
4.Dd $Mdocdate: July 24 2015 $
5.Dt SSL_GET_ERROR 3
6.Os
7.Sh NAME
8.Nm SSL_get_error
9.Nd obtain result code for TLS/SSL I/O operation
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_get_error "const SSL *ssl" "int ret"
14.Sh DESCRIPTION
15.Fn SSL_get_error
16returns a result code (suitable for the C
17.Dq switch
18statement) for a preceding call to
19.Xr SSL_connect 3 ,
20.Xr SSL_accept 3 ,
21.Xr SSL_do_handshake 3 ,
22.Xr SSL_read 3 ,
23.Xr SSL_peek 3 ,
24or
25.Xr SSL_write 3
26on
27.Fa ssl .
28The value returned by that TLS/SSL I/O function must be passed to
29.Fn SSL_get_error
30in parameter
31.Fa ret .
32.Pp
33In addition to
34.Fa ssl
35and
36.Fa ret ,
37.Fn SSL_get_error
38inspects the current thread's OpenSSL error queue.
39Thus,
40.Fn SSL_get_error
41must be used in the same thread that performed the TLS/SSL I/O operation,
42and no other OpenSSL function calls should appear in between.
43The current thread's error queue must be empty before the TLS/SSL I/O operation
44is attempted, or
45.Fn SSL_get_error
46will not work reliably.
47.Sh RETURN VALUES
48The following return values can currently occur:
49.Bl -tag -width Ds
50.It Dv SSL_ERROR_NONE
51The TLS/SSL I/O operation completed.
52This result code is returned if and only if
53.Fa ret
54< 0.
55.It Dv SSL_ERROR_ZERO_RETURN
56The TLS/SSL connection has been closed.
57If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned
58only if a closure alert has occurred in the protocol, i.e., if the connection
59has been closed cleanly.
60Note that in this case
61.Dv SSL_ERROR_ZERO_RETURN
62does not necessarily indicate that the underlying transport has been closed.
63.It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE
64The operation did not complete;
65the same TLS/SSL I/O function should be called again later.
66If, by then, the underlying
67.Vt BIO
68has data available for reading (if the result code is
69.Dv SSL_ERROR_WANT_READ )
70or allows writing data
71.Pq Dv SSL_ERROR_WANT_WRITE ,
72then some TLS/SSL protocol progress will take place,
73i.e., at least part of a TLS/SSL record will be read or written.
74Note that the retry may again lead to a
75.Dv SSL_ERROR_WANT_READ
76or
77.Dv SSL_ERROR_WANT_WRITE
78condition.
79There is no fixed upper limit for the number of iterations that may be
80necessary until progress becomes visible at application protocol level.
81.Pp
82For socket
83.Fa BIO Ns
84s (e.g., when
85.Fn SSL_set_fd
86was used),
87.Xr select 2
88or
89.Xr poll 2
90on the underlying socket can be used to find out when the TLS/SSL I/O function
91should be retried.
92.Pp
93Caveat: Any TLS/SSL I/O function can lead to either of
94.Dv SSL_ERROR_WANT_READ
95and
96.Dv SSL_ERROR_WANT_WRITE .
97In particular,
98.Xr SSL_read 3
99or
100.Xr SSL_peek 3
101may want to write data and
102.Xr SSL_write 3
103may want
104to read data.
105This is mainly because TLS/SSL handshakes may occur at any time during the
106protocol (initiated by either the client or the server);
107.Xr SSL_read 3 ,
108.Xr SSL_peek 3 ,
109and
110.Xr SSL_write 3
111will handle any pending handshakes.
112.It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT
113The operation did not complete; the same TLS/SSL I/O function should be
114called again later.
115The underlying BIO was not connected yet to the peer and the call would block
116in
117.Xr connect 2 Ns / Ns
118.Xr accept 2 .
119The SSL function should be
120called again when the connection is established.
121These messages can only appear with a
122.Xr BIO_s_connect 3
123or
124.Xr BIO_s_accept 3
125.Vt BIO ,
126respectively.
127In order to find out when the connection has been successfully established,
128on many platforms
129.Xr select 2
130or
131.Xr poll 2
132for writing on the socket file descriptor can be used.
133.It Dv SSL_ERROR_WANT_X509_LOOKUP
134The operation did not complete because an application callback set by
135.Xr SSL_CTX_set_client_cert_cb 3
136has asked to be called again.
137The TLS/SSL I/O function should be called again later.
138Details depend on the application.
139.It Dv SSL_ERROR_SYSCALL
140Some I/O error occurred.
141The OpenSSL error queue may contain more information on the error.
142If the error queue is empty (i.e.,
143.Fn ERR_get_error
144returns 0),
145.Fa ret
146can be used to find out more about the error:
147If
148.Fa ret
149== 0, an
150.Dv EOF
151was observed that violates the protocol.
152If
153.Fa ret
154== \(mi1, the underlying
155.Vt BIO
156reported an
157I/O error (for socket I/O on Unix systems, consult
158.Dv errno
159for details).
160.It Dv SSL_ERROR_SSL
161A failure in the SSL library occurred, usually a protocol error.
162The OpenSSL error queue contains more information on the error.
163.El
164.Sh SEE ALSO
165.Xr err 3 ,
166.Xr ssl 3
167.Sh HISTORY
168.Fn SSL_get_error
169was added in SSLeay 0.8.
diff --git a/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3
deleted file mode 100644
index ac8a27c952..0000000000
--- a/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ /dev/null
@@ -1,65 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.3 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3
6.Os
7.Sh NAME
8.Nm SSL_get_ex_data_X509_STORE_CTX_idx
9.Nd get ex_data index to access SSL structure from X509_STORE_CTX
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
14.Sh DESCRIPTION
15.Fn SSL_get_ex_data_X509_STORE_CTX_idx
16returns the index number under which the pointer to the
17.Vt SSL
18object is stored into the
19.Vt X509_STORE_CTX
20object.
21.Sh NOTES
22Whenever a
23.Vt X509_STORE_CTX
24object is created for the verification of the peer's certificate during a
25handshake, a pointer to the
26.Vt SSL
27object is stored into the
28.Vt X509_STORE_CTX
29object to identify the connection affected.
30To retrieve this pointer the
31.Xr X509_STORE_CTX_get_ex_data 3
32function can be used with the correct index.
33This index is globally the same for all
34.Vt X509_STORE_CTX
35objects and can be retrieved using
36.Fn SSL_get_ex_data_X509_STORE_CTX_idx .
37The index value is set when
38.Fn SSL_get_ex_data_X509_STORE_CTX_idx
39is first called either by the application program directly or indirectly during
40other SSL setup functions or during the handshake.
41.Pp
42The value depends on other index values defined for
43.Vt X509_STORE_CTX
44objects before the SSL index is created.
45.Sh RETURN VALUES
46.Bl -tag -width Ds
47.It \(>=0
48The index value to access the pointer.
49.It <0
50An error occurred, check the error stack for a detailed error message.
51.El
52.Sh EXAMPLES
53The index returned from
54.Fn SSL_get_ex_data_X509_STORE_CTX_idx
55provides access to
56.Vt SSL
57object for the connection during the
58.Fn verify_callback
59when checking the peer's certificate.
60Please check the example in
61.Xr SSL_CTX_set_verify 3 .
62.Sh SEE ALSO
63.Xr CRYPTO_set_ex_data 3 ,
64.Xr ssl 3 ,
65.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_get_ex_new_index.3
deleted file mode 100644
index d4613a6210..0000000000
--- a/src/lib/libssl/doc/SSL_get_ex_new_index.3
+++ /dev/null
@@ -1,76 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_EX_NEW_INDEX 3
6.Os
7.Sh NAME
8.Nm SSL_get_ex_new_index ,
9.Nm SSL_set_ex_data ,
10.Nm SSL_get_ex_data
11.Nd internal application specific data functions
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fo SSL_get_ex_new_index
16.Fa "long argl"
17.Fa "void *argp"
18.Fa "CRYPTO_EX_new *new_func"
19.Fa "CRYPTO_EX_dup *dup_func"
20.Fa "CRYPTO_EX_free *free_func"
21.Fc
22.Ft int
23.Fn SSL_set_ex_data "SSL *ssl" "int idx" "void *arg"
24.Ft void *
25.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
26.Bd -literal
27typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
28 int idx, long argl, void *argp);
29typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
30 int idx, long argl, void *argp);
31typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
32 int idx, long argl, void *argp);
33.Ed
34.Sh DESCRIPTION
35Several OpenSSL structures can have application specific data attached to them.
36These functions are used internally by OpenSSL to manipulate application
37specific data attached to a specific structure.
38.Pp
39.Fn SSL_get_ex_new_index
40is used to register a new index for application specific data.
41.Pp
42.Fn SSL_set_ex_data
43is used to store application data at
44.Fa arg
45for
46.Fa idx
47into the
48.Fa ssl
49object.
50.Pp
51.Fn SSL_get_ex_data
52is used to retrieve the information for
53.Fa idx
54from
55.Fa ssl .
56.Pp
57A detailed description for the
58.Fn *_get_ex_new_index
59functionality can be found in
60.Xr RSA_get_ex_new_index 3 .
61The
62.Fn *_get_ex_data
63and
64.Fn *_set_ex_data
65functionality is described in
66.Xr CRYPTO_set_ex_data 3 .
67.Sh EXAMPLES
68An example of how to use the functionality is included in the example
69.Fn verify_callback
70in
71.Xr SSL_CTX_set_verify 3 .
72.Sh SEE ALSO
73.Xr CRYPTO_set_ex_data 3 ,
74.Xr RSA_get_ex_new_index 3 ,
75.Xr ssl 3 ,
76.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_get_fd.3 b/src/lib/libssl/doc/SSL_get_fd.3
deleted file mode 100644
index b66b5f1044..0000000000
--- a/src/lib/libssl/doc/SSL_get_fd.3
+++ /dev/null
@@ -1,46 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_fd.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_FD 3
6.Os
7.Sh NAME
8.Nm SSL_get_fd ,
9.Nm SSL_get_rfd ,
10.Nm SSL_get_wfd
11.Nd get file descriptor linked to an SSL object
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_get_fd "const SSL *ssl"
16.Ft int
17.Fn SSL_get_rfd "const SSL *ssl"
18.Ft int
19.Fn SSL_get_wfd "const SSL *ssl"
20.Sh DESCRIPTION
21.Fn SSL_get_fd
22returns the file descriptor which is linked to
23.Fa ssl .
24.Fn SSL_get_rfd
25and
26.Fn SSL_get_wfd
27return the file descriptors for the read or the write channel,
28which can be different.
29If the read and the write channel are different,
30.Fn SSL_get_fd
31will return the file descriptor of the read channel.
32.Sh RETURN VALUES
33The following return values can occur:
34.Bl -tag -width Ds
35.It \(mi1
36The operation failed, because the underlying
37.Vt BIO
38is not of the correct type (suitable for file descriptors).
39.It \(>=0
40The file descriptor linked to
41.Fa ssl .
42.El
43.Sh SEE ALSO
44.Xr bio 3 ,
45.Xr ssl 3 ,
46.Xr SSL_set_fd 3
diff --git a/src/lib/libssl/doc/SSL_get_peer_cert_chain.3 b/src/lib/libssl/doc/SSL_get_peer_cert_chain.3
deleted file mode 100644
index e4faece5d0..0000000000
--- a/src/lib/libssl/doc/SSL_get_peer_cert_chain.3
+++ /dev/null
@@ -1,47 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_peer_cert_chain.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_PEER_CERT_CHAIN 3
6.Os
7.Sh NAME
8.Nm SSL_get_peer_cert_chain
9.Nd get the X509 certificate chain of the peer
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft STACK_OF(X509) *
13.Fn SSL_get_peer_cert_chain "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_peer_cert_chain
16returns a pointer to
17.Dv STACK_OF Ns Po Vt X509 Pc
18certificates forming the certificate chain of the peer.
19If called on the client side, the stack also contains the peer's certificate;
20if called on the server side, the peer's certificate must be obtained
21separately using
22.Xr SSL_get_peer_certificate 3 .
23If the peer did not present a certificate,
24.Dv NULL
25is returned.
26.Sh NOTES
27The peer certificate chain is not necessarily available after reusing a
28session, in which case a
29.Dv NULL
30pointer is returned.
31.Pp
32The reference count of the
33.Dv STACK_OF Ns Po Vt X509 Pc
34object is not incremented.
35If the corresponding session is freed, the pointer must not be used any longer.
36.Sh RETURN VALUES
37The following return values can occur:
38.Bl -tag -width Ds
39.It Dv NULL
40No certificate was presented by the peer or no connection was established or
41the certificate chain is no longer available when a session is reused.
42.It Pointer to a Dv STACK_OF Ns Po X509 Pc
43The return value points to the certificate chain presented by the peer.
44.El
45.Sh SEE ALSO
46.Xr ssl 3 ,
47.Xr SSL_get_peer_certificate 3
diff --git a/src/lib/libssl/doc/SSL_get_peer_certificate.3 b/src/lib/libssl/doc/SSL_get_peer_certificate.3
deleted file mode 100644
index bb32572356..0000000000
--- a/src/lib/libssl/doc/SSL_get_peer_certificate.3
+++ /dev/null
@@ -1,53 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_peer_certificate.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_PEER_CERTIFICATE 3
6.Os
7.Sh NAME
8.Nm SSL_get_peer_certificate
9.Nd get the X509 certificate of the peer
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft X509 *
13.Fn SSL_get_peer_certificate "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_peer_certificate
16returns a pointer to the X509 certificate the peer presented.
17If the peer did not present a certificate,
18.Dv NULL
19is returned.
20.Sh NOTES
21Due to the protocol definition, a TLS/SSL server will always send a
22certificate, if present.
23A client will only send a certificate when explicitly requested to do so by the
24server (see
25.Xr SSL_CTX_set_verify 3 ) .
26If an anonymous cipher is used, no certificates are sent.
27.Pp
28That a certificate is returned does not indicate information about the
29verification state.
30Use
31.Xr SSL_get_verify_result 3
32to check the verification state.
33.Pp
34The reference count of the
35.Vt X509
36object is incremented by one, so that it will not be destroyed when the session
37containing the peer certificate is freed.
38The
39.Vt X509
40object must be explicitly freed using
41.Xr X509_free 3 .
42.Sh RETURN VALUES
43The following return values can occur:
44.Bl -tag -width Ds
45.It Dv NULL
46No certificate was presented by the peer or no connection was established.
47.It Pointer to an X509 certificate
48The return value points to the certificate presented by the peer.
49.El
50.Sh SEE ALSO
51.Xr ssl 3 ,
52.Xr SSL_CTX_set_verify 3 ,
53.Xr SSL_get_verify_result 3
diff --git a/src/lib/libssl/doc/SSL_get_psk_identity.3 b/src/lib/libssl/doc/SSL_get_psk_identity.3
deleted file mode 100644
index 408555c0ee..0000000000
--- a/src/lib/libssl/doc/SSL_get_psk_identity.3
+++ /dev/null
@@ -1,44 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_psk_identity.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_PSK_IDENTITY 3
6.Os
7.Sh NAME
8.Nm SSL_get_psk_identity ,
9.Nm SSL_get_psk_identity_hint
10.Nd get PSK client identity and hint
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft const char *
14.Fn SSL_get_psk_identity_hint "const SSL *ssl"
15.Ft const char *
16.Fn SSL_get_psk_identity "const SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_get_psk_identity_hint
19is used to retrieve the PSK identity hint used during the connection setup
20related to
21.Vt SSL
22object
23.Fa ssl .
24Similarly,
25.Fn SSL_get_psk_identity
26is used to retrieve the PSK identity used during the connection setup.
27.Sh RETURN VALUES
28If
29.Pf non- Dv NULL ,
30.Fn SSL_get_psk_identity_hint
31returns the PSK identity hint and
32.Fn SSL_get_psk_identity
33returns the PSK identity.
34Both are
35.Dv NULL Ns -terminated.
36.Fn SSL_get_psk_identity_hint
37may return
38.Dv NULL
39if no PSK identity hint was used during the connection setup.
40.Pp
41Note that the return value is valid only during the lifetime of the
42.Vt SSL
43object
44.Fa ssl .
diff --git a/src/lib/libssl/doc/SSL_get_rbio.3 b/src/lib/libssl/doc/SSL_get_rbio.3
deleted file mode 100644
index 4455692eac..0000000000
--- a/src/lib/libssl/doc/SSL_get_rbio.3
+++ /dev/null
@@ -1,45 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_rbio.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_RBIO 3
6.Os
7.Sh NAME
8.Nm SSL_get_rbio ,
9.Nm SSL_get_wbio
10.Nd get BIO linked to an SSL object
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft BIO *
14.Fn SSL_get_rbio "SSL *ssl"
15.Ft BIO *
16.Fn SSL_get_wbio "SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_get_rbio
19and
20.Fn SSL_get_wbio
21return pointers to the
22.Vt BIO Ns s
23for the read or the write channel, which can be different.
24The reference count of the
25.Vt BIO
26is not incremented.
27.Sh RETURN VALUES
28The following return values can occur:
29.Bl -tag -width Ds
30.It Dv NULL
31No
32.Vt BIO
33was connected to the
34.Vt SSL
35object.
36.It Any other pointer
37The
38.Vt BIO
39linked to
40.Fa ssl .
41.El
42.Sh SEE ALSO
43.Xr bio 3 ,
44.Xr ssl 3 ,
45.Xr SSL_set_bio 3
diff --git a/src/lib/libssl/doc/SSL_get_session.3 b/src/lib/libssl/doc/SSL_get_session.3
deleted file mode 100644
index 435fe20956..0000000000
--- a/src/lib/libssl/doc/SSL_get_session.3
+++ /dev/null
@@ -1,97 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_session.3,v 1.3 2014/12/04 18:27:10 schwarze Exp $
3.\"
4.Dd $Mdocdate: December 4 2014 $
5.Dt SSL_GET_SESSION 3
6.Os
7.Sh NAME
8.Nm SSL_get_session ,
9.Nm SSL_get0_session ,
10.Nm SSL_get1_session
11.Nd retrieve TLS/SSL session data
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft SSL_SESSION *
15.Fn SSL_get_session "const SSL *ssl"
16.Ft SSL_SESSION *
17.Fn SSL_get0_session "const SSL *ssl"
18.Ft SSL_SESSION *
19.Fn SSL_get1_session "SSL *ssl"
20.Sh DESCRIPTION
21.Fn SSL_get_session
22returns a pointer to the
23.Vt SSL_SESSION
24actually used in
25.Fa ssl .
26The reference count of the
27.Vt SSL_SESSION
28is not incremented, so that the pointer can become invalid by other operations.
29.Pp
30.Fn SSL_get0_session
31is the same as
32.Fn SSL_get_session .
33.Pp
34.Fn SSL_get1_session
35is the same as
36.Fn SSL_get_session ,
37but the reference count of the
38.Vt SSL_SESSION
39is incremented by one.
40.Sh NOTES
41The
42Fa ssl
43session contains all information required to re-establish the connection
44without a new handshake.
45.Pp
46.Fn SSL_get0_session
47returns a pointer to the actual session.
48As the reference counter is not incremented,
49the pointer is only valid while the connection is in use.
50If
51.Xr SSL_clear 3
52or
53.Xr SSL_free 3
54is called, the session may be removed completely (if considered bad),
55and the pointer obtained will become invalid.
56Even if the session is valid,
57it can be removed at any time due to timeout during
58.Xr SSL_CTX_flush_sessions 3 .
59.Pp
60If the data is to be kept,
61.Fn SSL_get1_session
62will increment the reference count, so that the session will not be implicitly
63removed by other operations but stays in memory.
64In order to remove the session
65.Xr SSL_SESSION_free 3
66must be explicitly called once to decrement the reference count again.
67.Pp
68.Vt SSL_SESSION
69objects keep internal link information about the session cache list when being
70inserted into one
71.Vt SSL_CTX
72object's session cache.
73One
74.Vt SSL_SESSION
75object, regardless of its reference count, must therefore only be used with one
76.Vt SSL_CTX
77object (and the
78.Vt SSL
79objects created from this
80.Vt SSL_CTX
81object).
82.Sh RETURN VALUES
83The following return values can occur:
84.Bl -tag -width Ds
85.It Dv NULL
86There is no session available in
87.Fa ssl .
88.It Pointer to an Vt SSL
89The return value points to the data of an
90.Vt SSL
91session.
92.El
93.Sh SEE ALSO
94.Xr ssl 3 ,
95.Xr SSL_clear 3 ,
96.Xr SSL_free 3 ,
97.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/SSL_get_verify_result.3 b/src/lib/libssl/doc/SSL_get_verify_result.3
deleted file mode 100644
index e89e3dea61..0000000000
--- a/src/lib/libssl/doc/SSL_get_verify_result.3
+++ /dev/null
@@ -1,49 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_verify_result.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_VERIFY_RESULT 3
6.Os
7.Sh NAME
8.Nm SSL_get_verify_result
9.Nd get result of peer certificate verification
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft long
13.Fn SSL_get_verify_result "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_verify_result
16returns the result of the verification of the X509 certificate presented by the
17peer, if any.
18.Sh NOTES
19.Fn SSL_get_verify_result
20can only return one error code while the verification of a certificate can fail
21because of many reasons at the same time.
22Only the last verification error that occurred during the processing is
23available from
24.Fn SSL_get_verify_result .
25.Pp
26The verification result is part of the established session and is restored when
27a session is reused.
28.Sh RETURN VALUES
29The following return values can currently occur:
30.Bl -tag -width Ds
31.It Dv X509_V_OK
32The verification succeeded or no peer certificate was presented.
33.It Any other value
34Documented in
35.Xr openssl 1 .
36.El
37.Sh SEE ALSO
38.Xr openssl 1 ,
39.Xr ssl 3 ,
40.Xr SSL_get_peer_certificate 3 ,
41.Xr SSL_set_verify_result 3
42.Sh BUGS
43If no peer certificate was presented, the returned result code is
44.Dv X509_V_OK .
45This is because no verification error occurred;
46however, it does not indicate success.
47.Fn SSL_get_verify_result
48is only useful in connection with
49.Xr SSL_get_peer_certificate 3 .
diff --git a/src/lib/libssl/doc/SSL_get_version.3 b/src/lib/libssl/doc/SSL_get_version.3
deleted file mode 100644
index ecfd005f12..0000000000
--- a/src/lib/libssl/doc/SSL_get_version.3
+++ /dev/null
@@ -1,35 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_version.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_VERSION 3
6.Os
7.Sh NAME
8.Nm SSL_get_version
9.Nd get the protocol version of a connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft const char *
13.Fn SSL_get_version "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_version
16returns the name of the protocol used for the connection
17.Fa ssl .
18.Sh RETURN VALUES
19The following strings can be returned:
20.Bl -tag -width Ds
21.It Qq SSLv2
22The connection uses the SSLv2 protocol.
23.It Qq SSLv3
24The connection uses the SSLv3 protocol.
25.It Qq TLSv1
26The connection uses the TLSv1.0 protocol.
27.It Qq TLSv1.1
28The connection uses the TLSv1.1 protocol.
29.It Qq TLSv1.2
30The connection uses the TLSv1.2 protocol.
31.It Qq unknown
32This indicates that no version has been set (no connection established).
33.El
34.Sh SEE ALSO
35.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_library_init.3 b/src/lib/libssl/doc/SSL_library_init.3
deleted file mode 100644
index 0c84c5d9c9..0000000000
--- a/src/lib/libssl/doc/SSL_library_init.3
+++ /dev/null
@@ -1,54 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_library_init.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_LIBRARY_INIT 3
6.Os
7.Sh NAME
8.Nm SSL_library_init ,
9.Nm OpenSSL_add_ssl_algorithms ,
10.Nm SSLeay_add_ssl_algorithms
11.Nd initialize SSL library by registering algorithms
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_library_init void
16.Fd #define OpenSSL_add_ssl_algorithms() SSL_library_init()
17.Fd #define SSLeay_add_ssl_algorithms() SSL_library_init()
18.Sh DESCRIPTION
19.Fn SSL_library_init
20registers the available SSL/TLS ciphers and digests.
21.Pp
22.Fn OpenSSL_add_ssl_algorithms
23and
24.Fn SSLeay_add_ssl_algorithms
25are synonyms for
26.Fn SSL_library_init .
27.Sh NOTES
28.Fn SSL_library_init
29must be called before any other action takes place.
30.Fn SSL_library_init
31is not reentrant.
32.Sh WARNING
33.Fn SSL_library_init
34adds ciphers and digests used directly and indirectly by SSL/TLS.
35.Sh RETURN VALUES
36.Fn SSL_library_init
37always returns 1, so it is safe to discard the return value.
38.Sh EXAMPLES
39A typical TLS/SSL application will start with the library initialization, and
40provide readable error messages.
41.Bd -literal
42SSL_load_error_strings(); /* readable error messages */
43SSL_library_init(); /* initialize library */
44.Ed
45.Sh NOTES
46OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to
47.Fn SSL_library_init .
48Applications which need to use SHA2 in earlier versions of OpenSSL should call
49.Fn OpenSSL_add_all_algorithms
50as well.
51.Sh SEE ALSO
52.Xr RAND_add 3 ,
53.Xr ssl 3 ,
54.Xr SSL_load_error_strings 3
diff --git a/src/lib/libssl/doc/SSL_load_client_CA_file.3 b/src/lib/libssl/doc/SSL_load_client_CA_file.3
deleted file mode 100644
index d1f085583f..0000000000
--- a/src/lib/libssl/doc/SSL_load_client_CA_file.3
+++ /dev/null
@@ -1,53 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_load_client_CA_file.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_LOAD_CLIENT_CA_FILE 3
6.Os
7.Sh NAME
8.Nm SSL_load_client_CA_file
9.Nd load certificate names from file
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft STACK_OF(X509_NAME) *
13.Fn SSL_load_client_CA_file "const char *file"
14.Sh DESCRIPTION
15.Fn SSL_load_client_CA_file
16reads certificates from
17.Fa file
18and returns a
19.Dv STACK_OF Ns
20.Pq Vt X509_NAME
21with the subject names found.
22.Sh NOTES
23.Fn SSL_load_client_CA_file
24reads a file of PEM formatted certificates and extracts the
25.Vt X509_NAME Ns s
26of the certificates found.
27While the name suggests the specific usage as support function for
28.Xr SSL_CTX_set_client_CA_list 3 ,
29it is not limited to CA certificates.
30.Sh RETURN VALUES
31The following return values can occur:
32.Bl -tag -width Ds
33.It Dv NULL
34The operation failed, check out the error stack for the reason.
35.It Pointer to Dv STACK_OF Ns Po Vt X509_NAME Pc
36Pointer to the subject names of the successfully read certificates.
37.El
38.Sh EXAMPLES
39Load names of CAs from file and use it as a client CA list:
40.Bd -literal
41SSL_CTX *ctx;
42STACK_OF(X509_NAME) *cert_names;
43\&...
44cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
45if (cert_names != NULL)
46 SSL_CTX_set_client_CA_list(ctx, cert_names);
47else
48 error_handling();
49\&...
50.Ed
51.Sh SEE ALSO
52.Xr ssl 3 ,
53.Xr SSL_CTX_set_client_CA_list 3
diff --git a/src/lib/libssl/doc/SSL_new.3 b/src/lib/libssl/doc/SSL_new.3
deleted file mode 100644
index 884b51270b..0000000000
--- a/src/lib/libssl/doc/SSL_new.3
+++ /dev/null
@@ -1,41 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_new.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_NEW 3
6.Os
7.Sh NAME
8.Nm SSL_new
9.Nd create a new SSL structure for a connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft SSL *
13.Fn SSL_new "SSL_CTX *ctx"
14.Sh DESCRIPTION
15.Fn SSL_new
16creates a new
17.Vt SSL
18structure which is needed to hold the data for a TLS/SSL connection.
19The new structure inherits the settings of the underlying context
20.Fa ctx :
21connection method (SSLv2/v3/TLSv1), options, verification settings,
22timeout settings.
23.Sh RETURN VALUES
24The following return values can occur:
25.Bl -tag -width Ds
26.It Dv NULL
27The creation of a new
28.Vt SSL
29structure failed.
30Check the error stack to find out the reason.
31.It Pointer to an Vt SSL No structure
32The return value points to an allocated
33.Vt SSL
34structure.
35.El
36.Sh SEE ALSO
37.Xr ssl 3 ,
38.Xr SSL_clear 3 ,
39.Xr SSL_CTX_set_options 3 ,
40.Xr SSL_free 3 ,
41.Xr SSL_get_SSL_CTX 3
diff --git a/src/lib/libssl/doc/SSL_pending.3 b/src/lib/libssl/doc/SSL_pending.3
deleted file mode 100644
index 25ef4ea0ba..0000000000
--- a/src/lib/libssl/doc/SSL_pending.3
+++ /dev/null
@@ -1,44 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_pending.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_PENDING 3
6.Os
7.Sh NAME
8.Nm SSL_pending
9.Nd obtain number of readable bytes buffered in an SSL object
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_pending "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_pending
16returns the number of bytes which are available inside
17.Fa ssl
18for immediate read.
19.Sh NOTES
20Data are received in blocks from the peer.
21Therefore data can be buffered inside
22.Fa ssl
23and are ready for immediate retrieval with
24.Xr SSL_read 3 .
25.Sh RETURN VALUES
26The number of bytes pending is returned.
27.Sh SEE ALSO
28.Xr ssl 3 ,
29.Xr SSL_read 3
30.Sh BUGS
31.Fn SSL_pending
32takes into account only bytes from the TLS/SSL record that is currently being
33processed (if any).
34If the
35.Vt SSL
36object's
37.Em read_ahead
38flag is set, additional protocol bytes may have been read containing more
39TLS/SSL records; these are ignored by
40.Fn SSL_pending .
41.Pp
42Up to OpenSSL 0.9.6,
43.Fn SSL_pending
44does not check if the record type of pending data is application data.
diff --git a/src/lib/libssl/doc/SSL_read.3 b/src/lib/libssl/doc/SSL_read.3
deleted file mode 100644
index d6e5960958..0000000000
--- a/src/lib/libssl/doc/SSL_read.3
+++ /dev/null
@@ -1,193 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_read.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_READ 3
6.Os
7.Sh NAME
8.Nm SSL_read
9.Nd read bytes from a TLS/SSL connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_read "SSL *ssl" "void *buf" "int num"
14.Sh DESCRIPTION
15.Fn SSL_read
16tries to read
17.Fa num
18bytes from the specified
19.Fa ssl
20into the buffer
21.Fa buf .
22.Sh NOTES
23If necessary,
24.Fn SSL_read
25will negotiate a TLS/SSL session, if not already explicitly performed by
26.Xr SSL_connect 3
27or
28.Xr SSL_accept 3 .
29If the peer requests a re-negotiation,
30it will be performed transparently during the
31.Fn SSL_read
32operation.
33The behaviour of
34.Fn SSL_read
35depends on the underlying
36.Vt BIO .
37.Pp
38For the transparent negotiation to succeed, the
39.Fa ssl
40must have been initialized to client or server mode.
41This is being done by calling
42.Xr SSL_set_connect_state 3
43or
44.Xr SSL_set_accept_state 3
45before the first call to
46.Fn SSL_read
47or
48.Xr SSL_write 3 .
49.Pp
50.Fn SSL_read
51works based on the SSL/TLS records.
52The data are received in records (with a maximum record size of 16kB for
53SSLv3/TLSv1).
54Only after a record has been completely received can it be processed
55(decrypted and checked for integrity).
56Therefore data not retrieved at the last call of
57.Fn SSL_read
58can still be buffered inside the SSL layer and will be retrieved on the next
59call to
60.Fn SSL_read .
61If
62.Fa num
63is higher than the number of bytes buffered,
64.Fn SSL_read
65will return with the bytes buffered.
66If no more bytes are in the buffer,
67.Fn SSL_read
68will trigger the processing of the next record.
69Only when the record has been received and processed completely will
70.Fn SSL_read
71return reporting success.
72At most the contents of the record will be returned.
73As the size of an SSL/TLS record may exceed the maximum packet size of the
74underlying transport (e.g., TCP), it may be necessary to read several packets
75from the transport layer before the record is complete and
76.Fn SSL_read
77can succeed.
78.Pp
79If the underlying
80.Vt BIO
81is
82.Em blocking ,
83.Fn SSL_read
84will only return once the read operation has been finished or an error
85has occurred, except when a renegotiation take place, in which case a
86.Dv SSL_ERROR_WANT_READ
87may occur.
88This behavior can be controlled with the
89.Dv SSL_MODE_AUTO_RETRY
90flag of the
91.Xr SSL_CTX_set_mode 3
92call.
93.Pp
94If the underlying
95.Vt BIO
96is
97.Em non-blocking ,
98.Fn SSL_read
99will also return when the underlying
100.Vt BIO
101could not satisfy the needs of
102.Fn SSL_read
103to continue the operation.
104In this case a call to
105.Xr SSL_get_error 3
106with the return value of
107.Fn SSL_read
108will yield
109.Dv SSL_ERROR_WANT_READ
110or
111.Dv SSL_ERROR_WANT_WRITE .
112As at any time a re-negotiation is possible, a call to
113.Fn SSL_read
114can also cause write operations!
115The calling process then must repeat the call after taking appropriate action
116to satisfy the needs of
117.Fn SSL_read .
118The action depends on the underlying
119.Vt BIO .
120When using a non-blocking socket, nothing is to be done, but
121.Xr select 2
122can be used to check for the required condition.
123When using a buffering
124.Vt BIO ,
125like a
126.Vt BIO
127pair, data must be written into or retrieved out of the
128.Vt BIO
129before being able to continue.
130.Pp
131.Xr SSL_pending 3
132can be used to find out whether there are buffered bytes available for
133immediate retrieval.
134In this case
135.Fn SSL_read
136can be called without blocking or actually receiving new data from the
137underlying socket.
138.Sh WARNING
139When an
140.Fn SSL_read
141operation has to be repeated because of
142.Dv SSL_ERROR_WANT_READ
143or
144.Dv SSL_ERROR_WANT_WRITE ,
145it must be repeated with the same arguments.
146.Sh RETURN VALUES
147The following return values can occur:
148.Bl -tag -width Ds
149.It >0
150The read operation was successful; the return value is the number of bytes
151actually read from the TLS/SSL connection.
152.It 0
153The read operation was not successful.
154The reason may either be a clean shutdown due to a
155.Dq close notify
156alert sent by the peer (in which case the
157.Dv SSL_RECEIVED_SHUTDOWN
158flag in the ssl shutdown state is set (see
159.Xr SSL_shutdown 3
160and
161.Xr SSL_set_shutdown 3 ) .
162It is also possible that the peer simply shut down the underlying transport and
163the shutdown is incomplete.
164Call
165.Fn SSL_get_error
166with the return value to find out whether an error occurred or the connection
167was shut down cleanly
168.Pq Dv SSL_ERROR_ZERO_RETURN .
169.Pp
170SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only
171be detected whether the underlying connection was closed.
172It cannot be checked whether the closure was initiated by the peer or by
173something else.
174.It <0
175The read operation was not successful, because either an error occurred or
176action must be taken by the calling process.
177Call
178.Fn SSL_get_error
179with the return value to find out the reason.
180.El
181.Sh SEE ALSO
182.Xr bio 3 ,
183.Xr ssl 3 ,
184.Xr SSL_accept 3 ,
185.Xr SSL_connect 3 ,
186.Xr SSL_CTX_new 3 ,
187.Xr SSL_CTX_set_mode 3 ,
188.Xr SSL_get_error 3 ,
189.Xr SSL_pending 3 ,
190.Xr SSL_set_connect_state 3 ,
191.Xr SSL_set_shutdown 3 ,
192.Xr SSL_shutdown 3 ,
193.Xr SSL_write 3
diff --git a/src/lib/libssl/doc/SSL_rstate_string.3 b/src/lib/libssl/doc/SSL_rstate_string.3
deleted file mode 100644
index 81d83e52a1..0000000000
--- a/src/lib/libssl/doc/SSL_rstate_string.3
+++ /dev/null
@@ -1,55 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_rstate_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_RSTATE_STRING 3
6.Os
7.Sh NAME
8.Nm SSL_rstate_string ,
9.Nm SSL_rstate_string_long
10.Nd get textual description of state of an SSL object during read operation
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft const char *
14.Fn SSL_rstate_string "SSL *ssl"
15.Ft const char *
16.Fn SSL_rstate_string_long "SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_rstate_string
19returns a 2-letter string indicating the current read state of the
20.Vt SSL
21object
22.Fa ssl .
23.Pp
24.Fn SSL_rstate_string_long
25returns a string indicating the current read state of the
26.Vt SSL
27object
28.Fa ssl .
29.Sh NOTES
30When performing a read operation, the SSL/TLS engine must parse the record,
31consisting of header and body.
32When working in a blocking environment,
33.Fn SSL_rstate_string[_long]
34should always return
35.Qo RD Qc Ns / Ns Qo read done Qc .
36.Pp
37This function should only seldom be needed in applications.
38.Sh RETURN VALUES
39.Fn SSL_rstate_string
40and
41.Fn SSL_rstate_string_long
42can return the following values:
43.Bl -tag -width Ds
44.It Qo RH Qc Ns / Ns Qo read header Qc
45The header of the record is being evaluated.
46.It Qo RB Qc Ns / Ns Qo read body Qc
47The body of the record is being evaluated.
48.It Qo RD Qc Ns / Ns Qo read done Qc
49The record has been completely processed.
50.It Qo unknown Qc Ns / Ns Qo unknown Qc
51The read state is unknown.
52This should never happen.
53.El
54.Sh SEE ALSO
55.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_session_reused.3 b/src/lib/libssl/doc/SSL_session_reused.3
deleted file mode 100644
index 6ea45f749b..0000000000
--- a/src/lib/libssl/doc/SSL_session_reused.3
+++ /dev/null
@@ -1,32 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_session_reused.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SESSION_REUSED 3
6.Os
7.Sh NAME
8.Nm SSL_session_reused
9.Nd query whether a reused session was negotiated during handshake
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_session_reused "SSL *ssl"
14.Sh DESCRIPTION
15Query whether a reused session was negotiated during the handshake.
16.Sh NOTES
17During the negotiation, a client can propose to reuse a session.
18The server then looks up the session in its cache.
19If both client and server agree on the session,
20it will be reused and a flag is set that can be queried by the application.
21.Sh RETURN VALUES
22The following return values can occur:
23.Bl -tag -width Ds
24.It 0
25A new session was negotiated.
26.It 1
27A session was reused.
28.El
29.Sh SEE ALSO
30.Xr ssl 3 ,
31.Xr SSL_CTX_set_session_cache_mode 3 ,
32.Xr SSL_set_session 3
diff --git a/src/lib/libssl/doc/SSL_set_bio.3 b/src/lib/libssl/doc/SSL_set_bio.3
deleted file mode 100644
index 7e2611e000..0000000000
--- a/src/lib/libssl/doc/SSL_set_bio.3
+++ /dev/null
@@ -1,51 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_bio.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_BIO 3
6.Os
7.Sh NAME
8.Nm SSL_set_bio
9.Nd connect the SSL object with a BIO
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
14.Sh DESCRIPTION
15.Fn SSL_set_bio
16connects the
17.Vt BIO Ns
18s
19.Fa rbio
20and
21.Fa wbio
22for the read and write operations of the TLS/SSL (encrypted) side of
23.Fa ssl .
24.Pp
25The SSL engine inherits the behaviour of
26.Fa rbio
27and
28.Fa wbio ,
29respectively.
30If a
31.Vt BIO
32is non-blocking, the
33.Fa ssl
34will also have non-blocking behaviour.
35.Pp
36If there was already a
37.Vt BIO
38connected to
39.Fa ssl ,
40.Xr BIO_free 3
41will be called (for both the reading and writing side, if different).
42.Sh RETURN VALUES
43.Fn SSL_set_bio
44cannot fail.
45.Sh SEE ALSO
46.Xr bio 3 ,
47.Xr ssl 3 ,
48.Xr SSL_accept 3 ,
49.Xr SSL_connect 3 ,
50.Xr SSL_get_rbio 3 ,
51.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_set_connect_state.3 b/src/lib/libssl/doc/SSL_set_connect_state.3
deleted file mode 100644
index 291d9ac177..0000000000
--- a/src/lib/libssl/doc/SSL_set_connect_state.3
+++ /dev/null
@@ -1,71 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_connect_state.3,v 1.3 2015/11/11 22:14:40 jmc Exp $
3.\"
4.Dd $Mdocdate: November 11 2015 $
5.Dt SSL_SET_CONNECT_STATE 3
6.Os
7.Sh NAME
8.Nm SSL_set_connect_state ,
9.Nm SSL_set_accept_state
10.Nd prepare SSL object to work in client or server mode
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_set_connect_state "SSL *ssl"
15.Ft void
16.Fn SSL_set_accept_state "SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_set_connect_state
19sets
20.Fa ssl
21to work in client mode.
22.Pp
23.Fn SSL_set_accept_state
24sets
25.Fa ssl
26to work in server mode.
27.Sh NOTES
28When the
29.Vt SSL_CTX
30object was created with
31.Xr SSL_CTX_new 3 ,
32it was either assigned a dedicated client method, a dedicated server method, or
33a generic method, that can be used for both client and server connections.
34(The method might have been changed with
35.Xr SSL_CTX_set_ssl_version 3
36or
37.Xr SSL_set_ssl_method 3 . )
38.Pp
39When beginning a new handshake, the SSL engine must know whether it must call
40the connect (client) or accept (server) routines.
41Even though it may be clear from the method chosen whether client or server
42mode was requested, the handshake routines must be explicitly set.
43.Pp
44When using the
45.Xr SSL_connect 3
46or
47.Xr SSL_accept 3
48routines, the correct handshake routines are automatically set.
49When performing a transparent negotiation using
50.Xr SSL_write 3
51or
52.Xr SSL_read 3 ,
53the handshake routines must be explicitly set in advance using either
54.Fn SSL_set_connect_state
55or
56.Fn SSL_set_accept_state .
57.Sh RETURN VALUES
58.Fn SSL_set_connect_state
59and
60.Fn SSL_set_accept_state
61do not return diagnostic information.
62.Sh SEE ALSO
63.Xr ssl 3 ,
64.Xr SSL_accept 3 ,
65.Xr SSL_connect 3 ,
66.Xr SSL_CTX_new 3 ,
67.Xr SSL_CTX_set_ssl_version 3 ,
68.Xr SSL_do_handshake 3 ,
69.Xr SSL_new 3 ,
70.Xr SSL_read 3 ,
71.Xr SSL_write 3
diff --git a/src/lib/libssl/doc/SSL_set_fd.3 b/src/lib/libssl/doc/SSL_set_fd.3
deleted file mode 100644
index 94e0c7614a..0000000000
--- a/src/lib/libssl/doc/SSL_set_fd.3
+++ /dev/null
@@ -1,73 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_fd.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_FD 3
6.Os
7.Sh NAME
8.Nm SSL_set_fd ,
9.Nm SSL_set_rfd ,
10.Nm SSL_set_wfd
11.Nd connect the SSL object with a file descriptor
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_set_fd "SSL *ssl" "int fd"
16.Ft int
17.Fn SSL_set_rfd "SSL *ssl" "int fd"
18.Ft int
19.Fn SSL_set_wfd "SSL *ssl" "int fd"
20.Sh DESCRIPTION
21.Fn SSL_set_fd
22sets the file descriptor
23.Fa fd
24as the input/output facility for the TLS/SSL (encrypted) side of
25.Fa ssl .
26.Fa fd
27will typically be the socket file descriptor of a network connection.
28.Pp
29When performing the operation, a socket
30.Vt BIO
31is automatically created to interface between the
32.Fa ssl
33and
34.Fa fd .
35The
36.Vt BIO
37and hence the SSL engine inherit the behaviour of
38.Fa fd .
39If
40.Fa fd
41is non-blocking, the
42.Fa ssl
43will also have non-blocking behaviour.
44.Pp
45If there was already a
46.Vt BIO
47connected to
48.Fa ssl ,
49.Xr BIO_free 3
50will be called (for both the reading and writing side, if different).
51.Pp
52.Fn SSL_set_rfd
53and
54.Fn SSL_set_wfd
55perform the respective action, but only for the read channel or the write
56channel, which can be set independently.
57.Sh RETURN VALUES
58The following return values can occur:
59.Bl -tag -width Ds
60.It 0
61The operation failed.
62Check the error stack to find out why.
63.It 1
64The operation succeeded.
65.El
66.Sh SEE ALSO
67.Xr bio 3 ,
68.Xr ssl 3 ,
69.Xr SSL_accept 3 ,
70.Xr SSL_connect 3 ,
71.Xr SSL_get_fd 3 ,
72.Xr SSL_set_bio 3 ,
73.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_set_session.3 b/src/lib/libssl/doc/SSL_set_session.3
deleted file mode 100644
index 8b4b78b6e2..0000000000
--- a/src/lib/libssl/doc/SSL_set_session.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_session.3,v 1.3 2015/09/14 15:14:55 schwarze Exp $
3.\"
4.Dd $Mdocdate: September 14 2015 $
5.Dt SSL_SET_SESSION 3
6.Os
7.Sh NAME
8.Nm SSL_set_session
9.Nd set a TLS/SSL session to be used during TLS/SSL connect
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
14.Sh DESCRIPTION
15.Fn SSL_set_session
16sets
17.Fa session
18to be used when the TLS/SSL connection is to be established.
19.Fn SSL_set_session
20is only useful for TLS/SSL clients.
21When the session is set, the reference count of
22.Fa session
23is incremented
24by 1.
25If the session is not reused, the reference count is decremented again during
26.Fn SSL_connect .
27Whether the session was reused can be queried with the
28.Xr SSL_session_reused 3
29call.
30.Pp
31If there is already a session set inside
32.Fa ssl
33(because it was set with
34.Fn SSL_set_session
35before or because the same
36.Fa ssl
37was already used for a connection),
38.Xr SSL_SESSION_free 3
39will be called for that session.
40.Sh NOTES
41.Vt SSL_SESSION
42objects keep internal link information about the session cache list when being
43inserted into one
44.Vt SSL_CTX
45object's session cache.
46One
47.Vt SSL_SESSION
48object, regardless of its reference count, must therefore only be used with one
49.Vt SSL_CTX
50object (and the
51.Vt SSL
52objects created from this
53.Vt SSL_CTX
54object).
55.Sh RETURN VALUES
56The following return values can occur:
57.Bl -tag -width Ds
58.It 0
59The operation failed; check the error stack to find out the reason.
60.It 1
61The operation succeeded.
62.El
63.Sh SEE ALSO
64.Xr ssl 3 ,
65.Xr SSL_CTX_set_session_cache_mode 3 ,
66.Xr SSL_get_session 3 ,
67.Xr SSL_SESSION_free 3 ,
68.Xr SSL_session_reused 3
diff --git a/src/lib/libssl/doc/SSL_set_shutdown.3 b/src/lib/libssl/doc/SSL_set_shutdown.3
deleted file mode 100644
index 546b52dad5..0000000000
--- a/src/lib/libssl/doc/SSL_set_shutdown.3
+++ /dev/null
@@ -1,88 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_SHUTDOWN 3
6.Os
7.Sh NAME
8.Nm SSL_set_shutdown ,
9.Nm SSL_get_shutdown
10.Nd manipulate shutdown state of an SSL connection
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_set_shutdown "SSL *ssl" "int mode"
15.Ft int
16.Fn SSL_get_shutdown "const SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_set_shutdown
19sets the shutdown state of
20.Fa ssl
21to
22.Fa mode .
23.Pp
24.Fn SSL_get_shutdown
25returns the shutdown mode of
26.Fa ssl .
27.Sh NOTES
28The shutdown state of an ssl connection is a bitmask of:
29.Bl -tag -width Ds
30.It 0
31No shutdown setting, yet.
32.It Dv SSL_SENT_SHUTDOWN
33A
34.Dq close notify
35shutdown alert was sent to the peer; the connection is being considered closed
36and the session is closed and correct.
37.It Dv SSL_RECEIVED_SHUTDOWN
38A shutdown alert was received form the peer, either a normal
39.Dq close notify
40or a fatal error.
41.El
42.Pp
43.Dv SSL_SENT_SHUTDOWN
44and
45.Dv SSL_RECEIVED_SHUTDOWN
46can be set at the same time.
47.Pp
48The shutdown state of the connection is used to determine the state of the
49.Fa ssl
50session.
51If the session is still open when
52.Xr SSL_clear 3
53or
54.Xr SSL_free 3
55is called, it is considered bad and removed according to RFC2246.
56The actual condition for a correctly closed session is
57.Dv SSL_SENT_SHUTDOWN
58(according to the TLS RFC, it is acceptable to only send the
59.Dq close notify
60alert but to not wait for the peer's answer when the underlying connection is
61closed).
62.Fn SSL_set_shutdown
63can be used to set this state without sending a close alert to the peer (see
64.Xr SSL_shutdown 3 ) .
65.Pp
66If a
67.Dq close notify
68was received,
69.Dv SSL_RECEIVED_SHUTDOWN
70will be set, but to set
71.Dv SSL_SENT_SHUTDOWN
72the application must still call
73.Xr SSL_shutdown 3
74or
75.Fn SSL_set_shutdown
76itself.
77.Sh RETURN VALUES
78.Fn SSL_set_shutdown
79does not return diagnostic information.
80.Pp
81.Fn SSL_get_shutdown
82returns the current setting.
83.Sh SEE ALSO
84.Xr ssl 3 ,
85.Xr SSL_clear 3 ,
86.Xr SSL_CTX_set_quiet_shutdown 3 ,
87.Xr SSL_free 3 ,
88.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_set_verify_result.3 b/src/lib/libssl/doc/SSL_set_verify_result.3
deleted file mode 100644
index 9d5474d07a..0000000000
--- a/src/lib/libssl/doc/SSL_set_verify_result.3
+++ /dev/null
@@ -1,42 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_verify_result.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_VERIFY_RESULT 3
6.Os
7.Sh NAME
8.Nm SSL_set_verify_result
9.Nd override result of peer certificate verification
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_set_verify_result "SSL *ssl" "long verify_result"
14.Sh DESCRIPTION
15.Fn SSL_set_verify_result
16sets
17.Fa verify_result
18of the object
19.Fa ssl
20to be the result of the verification of the X509 certificate presented by the
21peer, if any.
22.Sh NOTES
23.Fn SSL_set_verify_result
24overrides the verification result.
25It only changes the verification result of the
26.Fa ssl
27object.
28It does not become part of the established session, so if the session is to be
29reused later, the original value will reappear.
30.Pp
31The valid codes for
32.Fa verify_result
33are documented in
34.Xr openssl 1 .
35.Sh RETURN VALUES
36.Fn SSL_set_verify_result
37does not provide a return value.
38.Sh SEE ALSO
39.Xr openssl 1 ,
40.Xr ssl 3 ,
41.Xr SSL_get_peer_certificate 3 ,
42.Xr SSL_get_verify_result 3
diff --git a/src/lib/libssl/doc/SSL_shutdown.3 b/src/lib/libssl/doc/SSL_shutdown.3
deleted file mode 100644
index 187e656fe3..0000000000
--- a/src/lib/libssl/doc/SSL_shutdown.3
+++ /dev/null
@@ -1,204 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SHUTDOWN 3
6.Os
7.Sh NAME
8.Nm SSL_shutdown
9.Nd shut down a TLS/SSL connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_shutdown "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_shutdown
16shuts down an active TLS/SSL connection.
17It sends the
18.Dq close notify
19shutdown alert to the peer.
20.Sh NOTES
21.Fn SSL_shutdown
22tries to send the
23.Dq close notify
24shutdown alert to the peer.
25Whether the operation succeeds or not, the
26.Dv SSL_SENT_SHUTDOWN
27flag is set and a currently open session is considered closed and good and will
28be kept in the session cache for further reuse.
29.Pp
30The shutdown procedure consists of 2 steps: the sending of the
31.Dq close notify
32shutdown alert and the reception of the peer's
33.Dq close notify
34shutdown alert.
35According to the TLS standard, it is acceptable for an application to only send
36its shutdown alert and then close the underlying connection without waiting for
37the peer's response (this way resources can be saved, as the process can
38already terminate or serve another connection).
39When the underlying connection shall be used for more communications,
40the complete shutdown procedure (bidirectional
41.Dq close notify
42alerts) must be performed, so that the peers stay synchronized.
43.Pp
44.Fn SSL_shutdown
45supports both uni- and bidirectional shutdown by its 2 step behavior.
46.Pp
47When the application is the first party to send the
48.Dq close notify
49alert,
50.Fn SSL_shutdown
51will only send the alert and then set the
52.Dv SSL_SENT_SHUTDOWN
53flag (so that the session is considered good and will be kept in cache).
54.Fn SSL_shutdown
55will then return 0.
56If a unidirectional shutdown is enough
57(the underlying connection shall be closed anyway), this first call to
58.Fn SSL_shutdown
59is sufficient.
60In order to complete the bidirectional shutdown handshake,
61.Fn SSL_shutdown
62must be called again.
63The second call will make
64.Fn SSL_shutdown
65wait for the peer's
66.Dq close notify
67shutdown alert.
68On success, the second call to
69.Fn SSL_shutdown
70will return 1.
71.Pp
72If the peer already sent the
73.Dq close notify
74alert and it was already processed implicitly inside another function
75.Pq Xr SSL_read 3 ,
76the
77.Dv SSL_RECEIVED_SHUTDOWN
78flag is set.
79.Fn SSL_shutdown
80will send the
81.Dq close notify
82alert, set the
83.Dv SSL_SENT_SHUTDOWN
84flag and will immediately return with 1.
85Whether
86.Dv SSL_RECEIVED_SHUTDOWN
87is already set can be checked using the
88.Fn SSL_get_shutdown
89(see also the
90.Xr SSL_set_shutdown 3
91call).
92.Pp
93It is therefore recommended to check the return value of
94.Fn SSL_shutdown
95and call
96.Fn SSL_shutdown
97again, if the bidirectional shutdown is not yet complete (return value of the
98first call is 0).
99As the shutdown is not specially handled in the SSLv2 protocol,
100.Fn SSL_shutdown
101will succeed on the first call.
102.Pp
103The behaviour of
104.Fn SSL_shutdown
105additionally depends on the underlying
106.Vt BIO .
107.Pp
108If the underlying
109.Vt BIO
110is
111.Em blocking ,
112.Fn SSL_shutdown
113will only return once the
114handshake step has been finished or an error occurred.
115.Pp
116If the underlying
117.Vt BIO
118is
119.Em non-blocking ,
120.Fn SSL_shutdown
121will also return when the underlying
122.Vt BIO
123could not satisfy the needs of
124.Fn SSL_shutdown
125to continue the handshake.
126In this case a call to
127.Xr SSL_get_error 3
128with the
129return value of
130.Fn SSL_shutdown
131will yield
132.Dv SSL_ERROR_WANT_READ
133or
134.Dv SSL_ERROR_WANT_WRITE .
135The calling process then must repeat the call after taking appropriate action
136to satisfy the needs of
137.Fn SSL_shutdown .
138The action depends on the underlying
139.Vt BIO .
140When using a non-blocking socket, nothing is to be done, but
141.Xr select 2
142can be used to check for the required condition.
143When using a buffering
144.Vt BIO ,
145like a
146.Vt BIO
147pair, data must be written into or retrieved out of the
148.Vt BIO
149before being able to continue.
150.Pp
151.Fn SSL_shutdown
152can be modified to only set the connection to
153.Dq shutdown
154state but not actually send the
155.Dq close notify
156alert messages; see
157.Xr SSL_CTX_set_quiet_shutdown 3 .
158When
159.Dq quiet shutdown
160is enabled,
161.Fn SSL_shutdown
162will always succeed and return 1.
163.Sh RETURN VALUES
164The following return values can occur:
165.Bl -tag -width Ds
166.It 0
167The shutdown is not yet finished.
168Call
169.Fn SSL_shutdown
170for a second time, if a bidirectional shutdown shall be performed.
171The output of
172.Xr SSL_get_error 3
173may be misleading, as an erroneous
174.Dv SSL_ERROR_SYSCALL
175may be flagged even though no error occurred.
176.It 1
177The shutdown was successfully completed.
178The
179.Dq close notify
180alert was sent and the peer's
181.Dq close notify
182alert was received.
183.It \(mi1
184The shutdown was not successful because a fatal error occurred either
185at the protocol level or a connection failure occurred.
186It can also occur if action is need to continue the operation for non-blocking
187.Vt BIO Ns
188s.
189Call
190.Xr SSL_get_error 3
191with the return value
192.Fa ret
193to find out the reason.
194.El
195.Sh SEE ALSO
196.Xr bio 3 ,
197.Xr ssl 3 ,
198.Xr SSL_accept 3 ,
199.Xr SSL_clear 3 ,
200.Xr SSL_connect 3 ,
201.Xr SSL_CTX_set_quiet_shutdown 3 ,
202.Xr SSL_free 3 ,
203.Xr SSL_get_error 3 ,
204.Xr SSL_set_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_state_string.3 b/src/lib/libssl/doc/SSL_state_string.3
deleted file mode 100644
index e9a042a3ce..0000000000
--- a/src/lib/libssl/doc/SSL_state_string.3
+++ /dev/null
@@ -1,57 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_state_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_STATE_STRING 3
6.Os
7.Sh NAME
8.Nm SSL_state_string ,
9.Nm SSL_state_string_long
10.Nd get textual description of state of an SSL object
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft const char *
14.Fn SSL_state_string "const SSL *ssl"
15.Ft const char *
16.Fn SSL_state_string_long "const SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_state_string
19returns a 6 letter string indicating the current state of the
20.Vt SSL
21object
22.Fa ssl .
23.Pp
24.Fn SSL_state_string_long
25returns a string indicating the current state of the
26.Vt SSL
27object
28.Fa ssl .
29.Sh NOTES
30During its use, an
31.Vt SSL
32object passes several states.
33The state is internally maintained.
34Querying the state information is not very informative before or when a
35connection has been established.
36It however can be of significant interest during the handshake.
37.Pp
38When using non-blocking sockets,
39the function call performing the handshake may return with
40.Dv SSL_ERROR_WANT_READ
41or
42.Dv SSL_ERROR_WANT_WRITE
43condition, so that
44.Fn SSL_state_string[_long]
45may be called.
46.Pp
47For both blocking or non-blocking sockets,
48the details state information can be used within the
49.Fn info_callback
50function set with the
51.Xr SSL_set_info_callback 3
52call.
53.Sh RETURN VALUES
54Detailed description of possible states to be included later.
55.Sh SEE ALSO
56.Xr ssl 3 ,
57.Xr SSL_CTX_set_info_callback 3
diff --git a/src/lib/libssl/doc/SSL_want.3 b/src/lib/libssl/doc/SSL_want.3
deleted file mode 100644
index e9513c8793..0000000000
--- a/src/lib/libssl/doc/SSL_want.3
+++ /dev/null
@@ -1,103 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_want.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_WANT 3
6.Os
7.Sh NAME
8.Nm SSL_want ,
9.Nm SSL_want_nothing ,
10.Nm SSL_want_read ,
11.Nm SSL_want_write ,
12.Nm SSL_want_x509_lookup
13.Nd obtain state information TLS/SSL I/O operation
14.Sh SYNOPSIS
15.In openssl/ssl.h
16.Ft int
17.Fn SSL_want "const SSL *ssl"
18.Ft int
19.Fn SSL_want_nothing "const SSL *ssl"
20.Ft int
21.Fn SSL_want_read "const SSL *ssl"
22.Ft int
23.Fn SSL_want_write "const SSL *ssl"
24.Ft int
25.Fn SSL_want_x509_lookup "const SSL *ssl"
26.Sh DESCRIPTION
27.Fn SSL_want
28returns state information for the
29.Vt SSL
30object
31.Fa ssl .
32.Pp
33The other
34.Fn SSL_want_*
35calls are shortcuts for the possible states returned by
36.Fn SSL_want .
37.Sh NOTES
38.Fn SSL_want
39examines the internal state information of the
40.Vt SSL
41object.
42Its return values are similar to those of
43.Xr SSL_get_error 3 .
44Unlike
45.Xr SSL_get_error 3 ,
46which also evaluates the error queue,
47the results are obtained by examining an internal state flag only.
48The information must therefore only be used for normal operation under
49non-blocking I/O.
50Error conditions are not handled and must be treated using
51.Xr SSL_get_error 3 .
52.Pp
53The result returned by
54.Fn SSL_want
55should always be consistent with the result of
56.Xr SSL_get_error 3 .
57.Sh RETURN VALUES
58The following return values can currently occur for
59.Fn SSL_want :
60.Bl -tag -width Ds
61.It .Dv SSL_NOTHING
62There is no data to be written or to be read.
63.It .Dv SSL_WRITING
64There are data in the SSL buffer that must be written to the underlying
65.Vt BIO
66layer in order to complete the actual
67.Fn SSL_*
68operation.
69A call to
70.Xr SSL_get_error 3
71should return
72.Dv SSL_ERROR_WANT_WRITE .
73.It Dv SSL_READING
74More data must be read from the underlying
75.Vt BIO
76layer in order to
77complete the actual
78.Fn SSL_*
79operation.
80A call to
81.Xr SSL_get_error 3
82should return
83.Dv SSL_ERROR_WANT_READ.
84.It Dv SSL_X509_LOOKUP
85The operation did not complete because an application callback set by
86.Xr SSL_CTX_set_client_cert_cb 3
87has asked to be called again.
88A call to
89.Xr SSL_get_error 3
90should return
91.Dv SSL_ERROR_WANT_X509_LOOKUP .
92.El
93.Pp
94.Fn SSL_want_nothing ,
95.Fn SSL_want_read ,
96.Fn SSL_want_write ,
97and
98.Fn SSL_want_x509_lookup
99return 1 when the corresponding condition is true or 0 otherwise.
100.Sh SEE ALSO
101.Xr err 3 ,
102.Xr ssl 3 ,
103.Xr SSL_get_error 3
diff --git a/src/lib/libssl/doc/SSL_write.3 b/src/lib/libssl/doc/SSL_write.3
deleted file mode 100644
index f020b8b59c..0000000000
--- a/src/lib/libssl/doc/SSL_write.3
+++ /dev/null
@@ -1,175 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_write.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_WRITE 3
6.Os
7.Sh NAME
8.Nm SSL_write
9.Nd write bytes to a TLS/SSL connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
14.Sh DESCRIPTION
15.Fn SSL_write
16writes
17.Fa num
18bytes from the buffer
19.Fa buf
20into the specified
21.Fa ssl
22connection.
23.Sh NOTES
24If necessary,
25.Fn SSL_write
26will negotiate a TLS/SSL session, if not already explicitly performed by
27.Xr SSL_connect 3
28or
29.Xr SSL_accept 3 .
30If the peer requests a re-negotiation,
31it will be performed transparently during the
32.Fn SSL_write
33operation.
34The behaviour of
35.Fn SSL_write
36depends on the underlying
37.Vt BIO .
38.Pp
39For the transparent negotiation to succeed, the
40.Fa ssl
41must have been initialized to client or server mode.
42This is being done by calling
43.Xr SSL_set_connect_state 3
44or
45.Xr SSL_set_accept_state 3
46before the first call to an
47.Xr SSL_read 3
48or
49.Fn SSL_write
50function.
51.Pp
52If the underlying
53.Vt BIO
54is
55.Em blocking ,
56.Fn SSL_write
57will only return once the write operation has been finished or an error
58occurred, except when a renegotiation take place, in which case a
59.Dv SSL_ERROR_WANT_READ
60may occur.
61This behaviour can be controlled with the
62.Dv SSL_MODE_AUTO_RETRY
63flag of the
64.Xr SSL_CTX_set_mode 3
65call.
66.Pp
67If the underlying
68.Vt BIO
69is
70.Em non-blocking ,
71.Fn SSL_write
72will also return when the underlying
73.Vt BIO
74could not satisfy the needs of
75.Fn SSL_write
76to continue the operation.
77In this case a call to
78.Xr SSL_get_error 3
79with the return value of
80.Fn SSL_write
81will yield
82.Dv SSL_ERROR_WANT_READ
83or
84.Dv SSL_ERROR_WANT_WRITE .
85As at any time a re-negotiation is possible, a call to
86.Fn SSL_write
87can also cause read operations!
88The calling process then must repeat the call after taking appropriate action
89to satisfy the needs of
90.Fn SSL_write .
91The action depends on the underlying
92.Vt BIO .
93When using a non-blocking socket, nothing is to be done, but
94.Xr select 2
95can be used to check for the required condition.
96When using a buffering
97.Vt BIO ,
98like a
99.Vt BIO
100pair, data must be written into or retrieved out of the BIO before being able
101to continue.
102.Pp
103.Fn SSL_write
104will only return with success, when the complete contents of
105.Fa buf
106of length
107.Fa num
108have been written.
109This default behaviour can be changed with the
110.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
111option of
112.Xr SSL_CTX_set_mode 3 .
113When this flag is set,
114.Fn SSL_write
115will also return with success when a partial write has been successfully
116completed.
117In this case the
118.Fn SSL_write
119operation is considered completed.
120The bytes are sent and a new
121.Fn SSL_write
122operation with a new buffer (with the already sent bytes removed) must be
123started.
124A partial write is performed with the size of a message block, which is 16kB
125for SSLv3/TLSv1.
126.Sh WARNING
127When an
128.Fn SSL_write
129operation has to be repeated because of
130.Dv SSL_ERROR_WANT_READ
131or
132.Dv SSL_ERROR_WANT_WRITE ,
133it must be repeated with the same arguments.
134.Pp
135When calling
136.Fn SSL_write
137with
138.Fa num Ns
139=0 bytes to be sent the behaviour is undefined.
140.Sh RETURN VALUES
141The following return values can occur:
142.Bl -tag -width Ds
143.It >0
144The write operation was successful.
145The return value is the number of bytes actually written to the TLS/SSL
146connection.
147.It 0
148The write operation was not successful.
149Probably the underlying connection was closed.
150Call
151.Xr SSL_get_error 3
152with the return value to find out whether an error occurred or the connection
153was shut down cleanly
154.Pq Dv SSL_ERROR_ZERO_RETURN .
155.Pp
156SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only
157be detected whether the underlying connection was closed.
158It cannot be checked why the closure happened.
159.It <0
160The write operation was not successful, because either an error occurred or
161action must be taken by the calling process.
162Call
163.Xr SSL_get_error 3
164with the return value to find out the reason.
165.El
166.Sh SEE ALSO
167.Xr bio 3 ,
168.Xr ssl 3 ,
169.Xr SSL_accept 3 ,
170.Xr SSL_connect 3 ,
171.Xr SSL_CTX_new 3 ,
172.Xr SSL_CTX_set_mode 3 ,
173.Xr SSL_get_error 3 ,
174.Xr SSL_read 3 ,
175.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/d2i_SSL_SESSION.3 b/src/lib/libssl/doc/d2i_SSL_SESSION.3
deleted file mode 100644
index ef8a36de79..0000000000
--- a/src/lib/libssl/doc/d2i_SSL_SESSION.3
+++ /dev/null
@@ -1,129 +0,0 @@
1.\"
2.\" $OpenBSD: d2i_SSL_SESSION.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt D2I_SSL_SESSION 3
6.Os
7.Sh NAME
8.Nm d2i_SSL_SESSION ,
9.Nm i2d_SSL_SESSION
10.Nd convert SSL_SESSION object from/to ASN1 representation
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft SSL_SESSION *
14.Fn d2i_SSL_SESSION "SSL_SESSION **a" "const unsigned char **pp" "long length"
15.Ft int
16.Fn i2d_SSL_SESSION "SSL_SESSION *in" "unsigned char **pp"
17.Sh DESCRIPTION
18.Fn d2i_SSL_SESSION
19transforms the external ASN1 representation of an SSL/TLS session,
20stored as binary data at location
21.Fa pp
22with length
23.Fa length ,
24into
25an
26.Vt SSL_SESSION
27object.
28.Pp
29.Fn i2d_SSL_SESSION
30transforms the
31.Vt SSL_SESSION
32object
33.Fa in
34into the ASN1 representation and stores it into the memory location pointed to
35by
36.Fa pp .
37The length of the resulting ASN1 representation is returned.
38If
39.Fa pp
40is the
41.Dv NULL
42pointer, only the length is calculated and returned.
43.Sh NOTES
44The
45.Vt SSL_SESSION
46object is built from several
47.Xr malloc 3 Ns
48-ed parts; it can therefore not be moved, copied or stored directly.
49In order to store session data on disk or into a database,
50it must be transformed into a binary ASN1 representation.
51.Pp
52When using
53.Fn d2i_SSL_SESSION ,
54the
55.Vt SSL_SESSION
56object is automatically allocated.
57The reference count is 1, so that the session must be explicitly removed using
58.Xr SSL_SESSION_free 3 ,
59unless the
60.Vt SSL_SESSION
61object is completely taken over, when being called inside the
62.Xr get_session_cb 3
63(see
64.Xr SSL_CTX_sess_set_get_cb 3 ) .
65.Pp
66.Vt SSL_SESSION
67objects keep internal link information about the session cache list when being
68inserted into one
69.Vt SSL_CTX
70object's session cache.
71One
72.Vt SSL_SESSION
73object, regardless of its reference count, must therefore only be used with one
74.Vt SSL_CTX
75object (and the
76.Vt SSL
77objects created from this
78.Vt SSL_CTX
79object).
80.Pp
81When using
82.Fn i2d_SSL_SESSION ,
83the memory location pointed to by
84.Fa pp
85must be large enough to hold the binary representation of the session.
86There is no known limit on the size of the created ASN1 representation,
87so the necessary amount of space should be obtained by first calling
88.Fn i2d_SSL_SESSION
89with
90.Fa pp Ns
91= Ns
92.Dv NULL ,
93and obtain the size needed, then allocate the memory and call
94.Fn i2d_SSL_SESSION
95again.
96Note that this will advance the value contained in
97.Fa *pp
98so it is necessary to save a copy of the original allocation.
99For example:
100.Bd -literal
101int i, j;
102
103char *p, *temp;
104
105 i = i2d_SSL_SESSION(sess, NULL);
106 p = temp = malloc(i);
107 if (temp != NULL) {
108 j = i2d_SSL_SESSION(sess, &temp);
109 assert(i == j);
110 assert(p + i == temp);
111 }
112.Ed
113.Sh RETURN VALUES
114.Fn d2i_SSL_SESSION
115returns a pointer to the newly allocated
116.Vt SSL_SESSION
117object.
118In case of failure a
119.Dv NULL
120pointer is returned and the error message can be retrieved from the error
121stack.
122.Pp
123.Fn i2d_SSL_SESSION
124returns the size of the ASN1 representation in bytes.
125When the session is not valid, 0 is returned and no operation is performed.
126.Sh SEE ALSO
127.Xr ssl 3 ,
128.Xr SSL_CTX_sess_set_get_cb 3 ,
129.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index ed4bde52e8..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,348 +0,0 @@
1#
2# OpenSSL example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6# This definition stops the following lines choking if HOME isn't
7# defined.
8HOME = .
9
10# Extra OBJECT IDENTIFIER info:
11#oid_file = $ENV::HOME/.oid
12oid_section = new_oids
13
14# To use this configuration file with the "-extfile" option of the
15# "openssl x509" utility, name here the section containing the
16# X.509v3 extensions to use:
17# extensions =
18# (Alternatively, use a configuration file that has only
19# X.509v3 extensions in its main [= default] section.)
20
21[ new_oids ]
22
23# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
24# Add a simple OID like this:
25# testoid1=1.2.3.4
26# Or use config file substitution like this:
27# testoid2=${testoid1}.5.6
28
29# Policies used by the TSA examples.
30tsa_policy1 = 1.2.3.4.1
31tsa_policy2 = 1.2.3.4.5.6
32tsa_policy3 = 1.2.3.4.5.7
33
34####################################################################
35[ ca ]
36default_ca = CA_default # The default ca section
37
38####################################################################
39[ CA_default ]
40
41dir = ./demoCA # Where everything is kept
42certs = $dir/certs # Where the issued certs are kept
43crl_dir = $dir/crl # Where the issued crl are kept
44database = $dir/index.txt # database index file.
45#unique_subject = no # Set to 'no' to allow creation of
46 # several ctificates with same subject.
47new_certs_dir = $dir/newcerts # default place for new certs.
48
49certificate = $dir/cacert.pem # The CA certificate
50serial = $dir/serial # The current serial number
51crlnumber = $dir/crlnumber # the current crl number
52 # must be commented out to leave a V1 CRL
53crl = $dir/crl.pem # The current CRL
54private_key = $dir/private/cakey.pem# The private key
55
56x509_extensions = usr_cert # The extentions to add to the cert
57
58# Comment out the following two lines for the "traditional"
59# (and highly broken) format.
60name_opt = ca_default # Subject Name options
61cert_opt = ca_default # Certificate field options
62
63# Extension copying option: use with caution.
64# copy_extensions = copy
65
66# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
67# so this is commented out by default to leave a V1 CRL.
68# crlnumber must also be commented out to leave a V1 CRL.
69# crl_extensions = crl_ext
70
71default_days = 365 # how long to certify for
72default_crl_days= 30 # how long before next CRL
73default_md = default # use public key default MD
74preserve = no # keep passed DN ordering
75
76# A few difference way of specifying how similar the request should look
77# For type CA, the listed attributes must be the same, and the optional
78# and supplied fields are just that :-)
79policy = policy_match
80
81# For the CA policy
82[ policy_match ]
83countryName = match
84stateOrProvinceName = match
85organizationName = match
86organizationalUnitName = optional
87commonName = supplied
88emailAddress = optional
89
90# For the 'anything' policy
91# At this point in time, you must list all acceptable 'object'
92# types.
93[ policy_anything ]
94countryName = optional
95stateOrProvinceName = optional
96localityName = optional
97organizationName = optional
98organizationalUnitName = optional
99commonName = supplied
100emailAddress = optional
101
102####################################################################
103[ req ]
104default_bits = 1024
105default_keyfile = privkey.pem
106distinguished_name = req_distinguished_name
107attributes = req_attributes
108x509_extensions = v3_ca # The extentions to add to the self signed cert
109
110# Passwords for private keys if not present they will be prompted for
111# input_password = secret
112# output_password = secret
113
114# This sets a mask for permitted string types. There are several options.
115# default: PrintableString, T61String, BMPString.
116# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
117# utf8only: only UTF8Strings (PKIX recommendation after 2004).
118# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
119# MASK:XXXX a literal mask value.
120# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
121string_mask = utf8only
122
123# req_extensions = v3_req # The extensions to add to a certificate request
124
125[ req_distinguished_name ]
126countryName = Country Name (2 letter code)
127countryName_default = AU
128countryName_min = 2
129countryName_max = 2
130
131stateOrProvinceName = State or Province Name (full name)
132stateOrProvinceName_default = Some-State
133
134localityName = Locality Name (eg, city)
135
1360.organizationName = Organization Name (eg, company)
1370.organizationName_default = Internet Widgits Pty Ltd
138
139# we can do this but it is not needed normally :-)
140#1.organizationName = Second Organization Name (eg, company)
141#1.organizationName_default = World Wide Web Pty Ltd
142
143organizationalUnitName = Organizational Unit Name (eg, section)
144#organizationalUnitName_default =
145
146commonName = Common Name (e.g. server FQDN or YOUR name)
147commonName_max = 64
148
149emailAddress = Email Address
150emailAddress_max = 64
151
152# SET-ex3 = SET extension number 3
153
154[ req_attributes ]
155challengePassword = A challenge password
156challengePassword_min = 4
157challengePassword_max = 20
158
159unstructuredName = An optional company name
160
161[ usr_cert ]
162
163# These extensions are added when 'ca' signs a request.
164
165# This goes against PKIX guidelines but some CAs do it and some software
166# requires this to avoid interpreting an end user certificate as a CA.
167
168basicConstraints=CA:FALSE
169
170# Here are some examples of the usage of nsCertType. If it is omitted
171# the certificate can be used for anything *except* object signing.
172
173# This is OK for an SSL server.
174# nsCertType = server
175
176# For an object signing certificate this would be used.
177# nsCertType = objsign
178
179# For normal client use this is typical
180# nsCertType = client, email
181
182# and for everything including object signing:
183# nsCertType = client, email, objsign
184
185# This is typical in keyUsage for a client certificate.
186# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
187
188# This will be displayed in Netscape's comment listbox.
189nsComment = "OpenSSL Generated Certificate"
190
191# PKIX recommendations harmless if included in all certificates.
192subjectKeyIdentifier=hash
193authorityKeyIdentifier=keyid,issuer
194
195# This stuff is for subjectAltName and issuerAltname.
196# Import the email address.
197# subjectAltName=email:copy
198# An alternative to produce certificates that aren't
199# deprecated according to PKIX.
200# subjectAltName=email:move
201
202# Copy subject details
203# issuerAltName=issuer:copy
204
205#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
206#nsBaseUrl
207#nsRevocationUrl
208#nsRenewalUrl
209#nsCaPolicyUrl
210#nsSslServerName
211
212# This is required for TSA certificates.
213# extendedKeyUsage = critical,timeStamping
214
215[ v3_req ]
216
217# Extensions to add to a certificate request
218
219basicConstraints = CA:FALSE
220keyUsage = nonRepudiation, digitalSignature, keyEncipherment
221
222[ v3_ca ]
223
224
225# Extensions for a typical CA
226
227
228# PKIX recommendation.
229
230subjectKeyIdentifier=hash
231
232authorityKeyIdentifier=keyid:always,issuer
233
234# This is what PKIX recommends but some broken software chokes on critical
235# extensions.
236#basicConstraints = critical,CA:true
237# So we do this instead.
238basicConstraints = CA:true
239
240# Key usage: this is typical for a CA certificate. However since it will
241# prevent it being used as an test self-signed certificate it is best
242# left out by default.
243# keyUsage = cRLSign, keyCertSign
244
245# Some might want this also
246# nsCertType = sslCA, emailCA
247
248# Include email address in subject alt name: another PKIX recommendation
249# subjectAltName=email:copy
250# Copy issuer details
251# issuerAltName=issuer:copy
252
253# DER hex encoding of an extension: beware experts only!
254# obj=DER:02:03
255# Where 'obj' is a standard or added object
256# You can even override a supported extension:
257# basicConstraints= critical, DER:30:03:01:01:FF
258
259[ crl_ext ]
260
261# CRL extensions.
262# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
263
264# issuerAltName=issuer:copy
265authorityKeyIdentifier=keyid:always
266
267[ proxy_cert_ext ]
268# These extensions should be added when creating a proxy certificate
269
270# This goes against PKIX guidelines but some CAs do it and some software
271# requires this to avoid interpreting an end user certificate as a CA.
272
273basicConstraints=CA:FALSE
274
275# Here are some examples of the usage of nsCertType. If it is omitted
276# the certificate can be used for anything *except* object signing.
277
278# This is OK for an SSL server.
279# nsCertType = server
280
281# For an object signing certificate this would be used.
282# nsCertType = objsign
283
284# For normal client use this is typical
285# nsCertType = client, email
286
287# and for everything including object signing:
288# nsCertType = client, email, objsign
289
290# This is typical in keyUsage for a client certificate.
291# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
292
293# This will be displayed in Netscape's comment listbox.
294nsComment = "OpenSSL Generated Certificate"
295
296# PKIX recommendations harmless if included in all certificates.
297subjectKeyIdentifier=hash
298authorityKeyIdentifier=keyid,issuer
299
300# This stuff is for subjectAltName and issuerAltname.
301# Import the email address.
302# subjectAltName=email:copy
303# An alternative to produce certificates that aren't
304# deprecated according to PKIX.
305# subjectAltName=email:move
306
307# Copy subject details
308# issuerAltName=issuer:copy
309
310#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
311#nsBaseUrl
312#nsRevocationUrl
313#nsRenewalUrl
314#nsCaPolicyUrl
315#nsSslServerName
316
317# This really needs to be in place for it to be a proxy certificate.
318proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
319
320####################################################################
321[ tsa ]
322
323default_tsa = tsa_config1 # the default TSA section
324
325[ tsa_config1 ]
326
327# These are used by the TSA reply generation only.
328dir = ./demoCA # TSA root directory
329serial = $dir/tsaserial # The current serial number (mandatory)
330crypto_device = builtin # OpenSSL engine to use for signing
331signer_cert = $dir/tsacert.pem # The TSA signing certificate
332 # (optional)
333certs = $dir/cacert.pem # Certificate chain to include in reply
334 # (optional)
335signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
336
337default_policy = tsa_policy1 # Policy if request did not specify it
338 # (optional)
339other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
340digests = md5, sha1 # Acceptable message digests (mandatory)
341accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
342clock_precision_digits = 0 # number of digits after dot. (optional)
343ordering = yes # Is ordering defined for timestamps?
344 # (optional, default: no)
345tsa_name = yes # Must the TSA name be included in the reply?
346 # (optional, default: no)
347ess_cert_id_chain = no # Must the ESS cert id chain be included?
348 # (optional, default: no)
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index f8817b0a71..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
1
2This is some preliminary documentation for OpenSSL.
3
4Contents:
5
6 OpenSSL X509V3 extension configuration
7 X509V3 Extension code: programmers guide
8 PKCS#12 Library
9
10
11==============================================================================
12 OpenSSL X509V3 extension configuration
13==============================================================================
14
15OpenSSL X509V3 extension configuration: preliminary documentation.
16
17INTRODUCTION.
18
19For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
20possible to add and print out common X509 V3 certificate and CRL extensions.
21
22BEGINNERS NOTE
23
24For most simple applications you don't need to know too much about extensions:
25the default openssl.cnf values will usually do sensible things.
26
27If you want to know more you can initially quickly look through the sections
28describing how the standard OpenSSL utilities display and add extensions and
29then the list of supported extensions.
30
31For more technical information about the meaning of extensions see:
32
33http://www.imc.org/ietf-pkix/
34http://home.netscape.com/eng/security/certs.html
35
36PRINTING EXTENSIONS.
37
38Extension values are automatically printed out for supported extensions.
39
40openssl x509 -in cert.pem -text
41openssl crl -in crl.pem -text
42
43will give information in the extension printout, for example:
44
45 X509v3 extensions:
46 X509v3 Basic Constraints:
47 CA:TRUE
48 X509v3 Subject Key Identifier:
49 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
50 X509v3 Authority Key Identifier:
51 keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
52 X509v3 Key Usage:
53 Certificate Sign, CRL Sign
54 X509v3 Subject Alternative Name:
55 email:email@1.address, email:email@2.address
56
57CONFIGURATION FILES.
58
59The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
60which certificate extensions to include. In each case a line:
61
62x509_extensions = extension_section
63
64indicates which section contains the extensions. In the case of 'req' the
65extension section is used when the -x509 option is present to create a
66self signed root certificate.
67
68The 'x509' utility also supports extensions when it signs a certificate.
69The -extfile option is used to set the configuration file containing the
70extensions. In this case a line with:
71
72extensions = extension_section
73
74in the nameless (default) section is used. If no such line is included then
75it uses the default section.
76
77You can also add extensions to CRLs: a line
78
79crl_extensions = crl_extension_section
80
81will include extensions when the -gencrl option is used with the 'ca' utility.
82You can add any extension to a CRL but of the supported extensions only
83issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
84CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
85CRL entry extensions can be displayed.
86
87NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
88you should not include a crl_extensions line in the configuration file.
89
90As with all configuration files you can use the inbuilt environment expansion
91to allow the values to be passed in the environment. Therefore if you have
92several extension sections used for different purposes you can have a line:
93
94x509_extensions = $ENV::ENV_EXT
95
96and set the ENV_EXT environment variable before calling the relevant utility.
97
98EXTENSION SYNTAX.
99
100Extensions have the basic form:
101
102extension_name=[critical,] extension_options
103
104the use of the critical option makes the extension critical. Extreme caution
105should be made when using the critical flag. If an extension is marked
106as critical then any client that does not understand the extension should
107reject it as invalid. Some broken software will reject certificates which
108have *any* critical extensions (these violates PKIX but we have to live
109with it).
110
111There are three main types of extension: string extensions, multi-valued
112extensions, and raw extensions.
113
114String extensions simply have a string which contains either the value itself
115or how it is obtained.
116
117For example:
118
119nsComment="This is a Comment"
120
121Multi-valued extensions have a short form and a long form. The short form
122is a list of names and values:
123
124basicConstraints=critical,CA:true,pathlen:1
125
126The long form allows the values to be placed in a separate section:
127
128basicConstraints=critical,@bs_section
129
130[bs_section]
131
132CA=true
133pathlen=1
134
135Both forms are equivalent. However it should be noted that in some cases the
136same name can appear multiple times, for example,
137
138subjectAltName=email:steve@here,email:steve@there
139
140in this case an equivalent long form is:
141
142subjectAltName=@alt_section
143
144[alt_section]
145
146email.1=steve@here
147email.2=steve@there
148
149This is because the configuration file code cannot handle the same name
150occurring twice in the same section.
151
152The syntax of raw extensions is governed by the extension code: it can
153for example contain data in multiple sections. The correct syntax to
154use is defined by the extension code itself: check out the certificate
155policies extension for an example.
156
157There are two ways to encode arbitrary extensions.
158
159The first way is to use the word ASN1 followed by the extension content
160using the same syntax as ASN1_generate_nconf(). For example:
161
1621.2.3.4=critical,ASN1:UTF8String:Some random data
163
1641.2.3.4=ASN1:SEQUENCE:seq_sect
165
166[seq_sect]
167
168field1 = UTF8:field1
169field2 = UTF8:field2
170
171It is also possible to use the word DER to include arbitrary data in any
172extension.
173
1741.2.3.4=critical,DER:01:02:03:04
1751.2.3.4=DER:01020304
176
177The value following DER is a hex dump of the DER encoding of the extension
178Any extension can be placed in this form to override the default behaviour.
179For example:
180
181basicConstraints=critical,DER:00:01:02:03
182
183WARNING: DER should be used with caution. It is possible to create totally
184invalid extensions unless care is taken.
185
186CURRENTLY SUPPORTED EXTENSIONS.
187
188If you aren't sure about extensions then they can be largely ignored: its only
189when you want to do things like restrict certificate usage when you need to
190worry about them.
191
192The only extension that a beginner might want to look at is Basic Constraints.
193If in addition you want to try Netscape object signing the you should also
194look at Netscape Certificate Type.
195
196Literal String extensions.
197
198In each case the 'value' of the extension is placed directly in the
199extension. Currently supported extensions in this category are: nsBaseUrl,
200nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
201nsSslServerName and nsComment.
202
203For example:
204
205nsComment="This is a test comment"
206
207Bit Strings.
208
209Bit string extensions just consist of a list of supported bits, currently
210two extensions are in this category: PKIX keyUsage and the Netscape specific
211nsCertType.
212
213nsCertType (netscape certificate type) takes the flags: client, server, email,
214objsign, reserved, sslCA, emailCA, objCA.
215
216keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
217keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
218encipherOnly, decipherOnly.
219
220For example:
221
222nsCertType=server
223
224keyUsage=digitalSignature, nonRepudiation
225
226Hints on Netscape Certificate Type.
227
228Other than Basic Constraints this is the only extension a beginner might
229want to use, if you want to try Netscape object signing, otherwise it can
230be ignored.
231
232If you want a certificate that can be used just for object signing then:
233
234nsCertType=objsign
235
236will do the job. If you want to use it as a normal end user and server
237certificate as well then
238
239nsCertType=objsign,email,server
240
241is more appropriate. You cannot use a self signed certificate for object
242signing (well Netscape signtool can but it cheats!) so you need to create
243a CA certificate and sign an end user certificate with it.
244
245Side note: If you want to conform to the Netscape specifications then you
246should really also set:
247
248nsCertType=objCA
249
250in the *CA* certificate for just an object signing CA and
251
252nsCertType=objCA,emailCA,sslCA
253
254for everything. Current Netscape software doesn't enforce this so it can
255be omitted.
256
257Basic Constraints.
258
259This is generally the only extension you need to worry about for simple
260applications. If you want your certificate to be usable as a CA certificate
261(in addition to an end user certificate) then you set this to:
262
263basicConstraints=CA:TRUE
264
265if you want to be certain the certificate cannot be used as a CA then do:
266
267basicConstraints=CA:FALSE
268
269The rest of this section describes more advanced usage.
270
271Basic constraints is a multi-valued extension that supports a CA and an
272optional pathlen option. The CA option takes the values true and false and
273pathlen takes an integer. Note if the CA option is false the pathlen option
274should be omitted.
275
276The pathlen parameter indicates the maximum number of CAs that can appear
277below this one in a chain. So if you have a CA with a pathlen of zero it can
278only be used to sign end user certificates and not further CAs. This all
279assumes that the software correctly interprets this extension of course.
280
281Examples:
282
283basicConstraints=CA:TRUE
284basicConstraints=critical,CA:TRUE, pathlen:0
285
286NOTE: for a CA to be considered valid it must have the CA option set to
287TRUE. An end user certificate MUST NOT have the CA value set to true.
288According to PKIX recommendations it should exclude the extension entirely,
289however some software may require CA set to FALSE for end entity certificates.
290
291Extended Key Usage.
292
293This extensions consists of a list of usages.
294
295These can either be object short names of the dotted numerical form of OIDs.
296While any OID can be used only certain values make sense. In particular the
297following PKIX, NS and MS values are meaningful:
298
299Value Meaning
300----- -------
301serverAuth SSL/TLS Web Server Authentication.
302clientAuth SSL/TLS Web Client Authentication.
303codeSigning Code signing.
304emailProtection E-mail Protection (S/MIME).
305timeStamping Trusted Timestamping
306msCodeInd Microsoft Individual Code Signing (authenticode)
307msCodeCom Microsoft Commercial Code Signing (authenticode)
308msCTLSign Microsoft Trust List Signing
309msSGC Microsoft Server Gated Crypto
310msEFS Microsoft Encrypted File System
311nsSGC Netscape Server Gated Crypto
312
313For example, under IE5 a CA can be used for any purpose: by including a list
314of the above usages the CA can be restricted to only authorised uses.
315
316Note: software packages may place additional interpretations on certificate
317use, in particular some usages may only work for selected CAs. Don't for example
318expect just including msSGC or nsSGC will automatically mean that a certificate
319can be used for SGC ("step up" encryption) otherwise anyone could use it.
320
321Examples:
322
323extendedKeyUsage=critical,codeSigning,1.2.3.4
324extendedKeyUsage=nsSGC,msSGC
325
326Subject Key Identifier.
327
328This is really a string extension and can take two possible values. Either
329a hex string giving details of the extension value to include or the word
330'hash' which then automatically follow PKIX guidelines in selecting and
331appropriate key identifier. The use of the hex string is strongly discouraged.
332
333Example: subjectKeyIdentifier=hash
334
335Authority Key Identifier.
336
337The authority key identifier extension permits two options. keyid and issuer:
338both can take the optional value "always".
339
340If the keyid option is present an attempt is made to copy the subject key
341identifier from the parent certificate. If the value "always" is present
342then an error is returned if the option fails.
343
344The issuer option copies the issuer and serial number from the issuer
345certificate. Normally this will only be done if the keyid option fails or
346is not included: the "always" flag will always include the value.
347
348Subject Alternative Name.
349
350The subject alternative name extension allows various literal values to be
351included in the configuration file. These include "email" (an email address)
352"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
353registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
354
355Also the email option include a special 'copy' value. This will automatically
356include and email addresses contained in the certificate subject name in
357the extension.
358
359otherName can include arbitrary data associated with an OID: the value
360should be the OID followed by a semicolon and the content in standard
361ASN1_generate_nconf() format.
362
363Examples:
364
365subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
366subjectAltName=email:my@other.address,RID:1.2.3.4
367subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
368
369Issuer Alternative Name.
370
371The issuer alternative name option supports all the literal options of
372subject alternative name. It does *not* support the email:copy option because
373that would not make sense. It does support an additional issuer:copy option
374that will copy all the subject alternative name values from the issuer
375certificate (if possible).
376
377Example:
378
379issuserAltName = issuer:copy
380
381Authority Info Access.
382
383The authority information access extension gives details about how to access
384certain information relating to the CA. Its syntax is accessOID;location
385where 'location' has the same syntax as subject alternative name (except
386that email:copy is not supported). accessOID can be any valid OID but only
387certain values are meaningful for example OCSP and caIssuers. OCSP gives the
388location of an OCSP responder: this is used by Netscape PSM and other software.
389
390Example:
391
392authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
393authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
394
395CRL distribution points.
396
397This is a multi-valued extension that supports all the literal options of
398subject alternative name. Of the few software packages that currently interpret
399this extension most only interpret the URI option.
400
401Currently each option will set a new DistributionPoint with the fullName
402field set to the given value.
403
404Other fields like cRLissuer and reasons cannot currently be set or displayed:
405at this time no examples were available that used these fields.
406
407If you see this extension with <UNSUPPORTED> when you attempt to print it out
408or it doesn't appear to display correctly then let me know, including the
409certificate (mail me at steve@openssl.org) .
410
411Examples:
412
413crlDistributionPoints=URI:http://www.myhost.com/myca.crl
414crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
415
416Certificate Policies.
417
418This is a RAW extension. It attempts to display the contents of this extension:
419unfortunately this extension is often improperly encoded.
420
421The certificate policies extension will rarely be used in practice: few
422software packages interpret it correctly or at all. IE5 does partially
423support this extension: but it needs the 'ia5org' option because it will
424only correctly support a broken encoding. Of the options below only the
425policy OID, explicitText and CPS options are displayed with IE5.
426
427All the fields of this extension can be set by using the appropriate syntax.
428
429If you follow the PKIX recommendations of not including any qualifiers and just
430using only one OID then you just include the value of that OID. Multiple OIDs
431can be set separated by commas, for example:
432
433certificatePolicies= 1.2.4.5, 1.1.3.4
434
435If you wish to include qualifiers then the policy OID and qualifiers need to
436be specified in a separate section: this is done by using the @section syntax
437instead of a literal OID value.
438
439The section referred to must include the policy OID using the name
440policyIdentifier, cPSuri qualifiers can be included using the syntax:
441
442CPS.nnn=value
443
444userNotice qualifiers can be set using the syntax:
445
446userNotice.nnn=@notice
447
448The value of the userNotice qualifier is specified in the relevant section.
449This section can include explicitText, organization and noticeNumbers
450options. explicitText and organization are text strings, noticeNumbers is a
451comma separated list of numbers. The organization and noticeNumbers options
452(if included) must BOTH be present. If you use the userNotice option with IE5
453then you need the 'ia5org' option at the top level to modify the encoding:
454otherwise it will not be interpreted properly.
455
456Example:
457
458certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
459
460[polsect]
461
462policyIdentifier = 1.3.5.8
463CPS.1="http://my.host.name/"
464CPS.2="http://my.your.name/"
465userNotice.1=@notice
466
467[notice]
468
469explicitText="Explicit Text Here"
470organization="Organisation Name"
471noticeNumbers=1,2,3,4
472
473TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
474according to PKIX it should be of type DisplayText but Verisign uses an
475IA5STRING and IE5 needs this too.
476
477Display only extensions.
478
479Some extensions are only partially supported and currently are only displayed
480but cannot be set. These include private key usage period, CRL number, and
481CRL reason.
482
483==============================================================================
484 X509V3 Extension code: programmers guide
485==============================================================================
486
487The purpose of the extension code is twofold. It allows an extension to be
488created from a string or structure describing its contents and it prints out an
489extension in a human or machine readable form.
490
4911. Initialisation and cleanup.
492
493No special initialisation is needed before calling the extension functions.
494You used to have to call X509V3_add_standard_extensions(); but this is no longer
495required and this function no longer does anything.
496
497void X509V3_EXT_cleanup(void);
498
499This function should be called to cleanup the extension code if any custom
500extensions have been added. If no custom extensions have been added then this
501call does nothing. After this call all custom extension code is freed up but
502you can still use the standard extensions.
503
5042. Printing and parsing extensions.
505
506The simplest way to print out extensions is via the standard X509 printing
507routines: if you use the standard X509_print() function, the supported
508extensions will be printed out automatically.
509
510The following functions allow finer control over extension display:
511
512int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
513int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
514
515These two functions print out an individual extension to a BIO or FILE pointer.
516Currently the flag argument is unused and should be set to 0. The 'indent'
517argument is the number of spaces to indent each line.
518
519void *X509V3_EXT_d2i(X509_EXTENSION *ext);
520
521This function parses an extension and returns its internal structure. The
522precise structure you get back depends on the extension being parsed. If the
523extension if basicConstraints you will get back a pointer to a
524BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
525details about the structures returned. The returned structure should be freed
526after use using the relevant free function, BASIC_CONSTRAINTS_free() for
527example.
528
529void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
530void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
531void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
532void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
533
534These functions combine the operations of searching for extensions and
535parsing them. They search a certificate, a CRL a CRL entry or a stack
536of extensions respectively for extension whose NID is 'nid' and return
537the parsed result of NULL if an error occurred. For example:
538
539BASIC_CONSTRAINTS *bs;
540bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
541
542This will search for the basicConstraints extension and either return
543it value or NULL. NULL can mean either the extension was not found, it
544occurred more than once or it could not be parsed.
545
546If 'idx' is NULL then an extension is only parsed if it occurs precisely
547once. This is standard behaviour because extensions normally cannot occur
548more than once. If however more than one extension of the same type can
549occur it can be used to parse successive extensions for example:
550
551int i;
552void *ext;
553
554i = -1;
555for(;;) {
556 ext = X509_get_ext_d2i(x, nid, crit, &idx);
557 if(ext == NULL) break;
558 /* Do something with ext */
559}
560
561If 'crit' is not NULL and the extension was found then the int it points to
562is set to 1 for critical extensions and 0 for non critical. Therefore if the
563function returns NULL but 'crit' is set to 0 or 1 then the extension was
564found but it could not be parsed.
565
566The int pointed to by crit will be set to -1 if the extension was not found
567and -2 if the extension occurred more than once (this will only happen if
568idx is NULL). In both cases the function will return NULL.
569
5703. Generating extensions.
571
572An extension will typically be generated from a configuration file, or some
573other kind of configuration database.
574
575int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
576 X509 *cert);
577int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
578 X509_CRL *crl);
579
580These functions add all the extensions in the given section to the given
581certificate or CRL. They will normally be called just before the certificate
582or CRL is due to be signed. Both return 0 on error on non zero for success.
583
584In each case 'conf' is the LHASH pointer of the configuration file to use
585and 'section' is the section containing the extension details.
586
587See the 'context functions' section for a description of the ctx parameter.
588
589
590X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
591 char *value);
592
593This function returns an extension based on a name and value pair, if the
594pair will not need to access other sections in a config file (or there is no
595config file) then the 'conf' parameter can be set to NULL.
596
597X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
598 char *value);
599
600This function creates an extension in the same way as X509V3_EXT_conf() but
601takes the NID of the extension rather than its name.
602
603For example to produce basicConstraints with the CA flag and a path length of
60410:
605
606x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
607
608
609X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
610
611This function sets up an extension from its internal structure. The ext_nid
612parameter is the NID of the extension and 'crit' is the critical flag.
613
6144. Context functions.
615
616The following functions set and manipulate an extension context structure.
617The purpose of the extension context is to allow the extension code to
618access various structures relating to the "environment" of the certificate:
619for example the issuers certificate or the certificate request.
620
621void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
622 X509_REQ *req, X509_CRL *crl, int flags);
623
624This function sets up an X509V3_CTX structure with details of the certificate
625environment: specifically the issuers certificate, the subject certificate,
626the certificate request and the CRL: if these are not relevant or not
627available then they can be set to NULL. The 'flags' parameter should be set
628to zero.
629
630X509V3_set_ctx_test(ctx)
631
632This macro is used to set the 'ctx' structure to a 'test' value: this is to
633allow the syntax of an extension (or configuration file) to be tested.
634
635X509V3_set_ctx_nodb(ctx)
636
637This macro is used when no configuration database is present.
638
639void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
640
641This function is used to set the configuration database when it is an LHASH
642structure: typically a configuration file.
643
644The following functions are used to access a configuration database: they
645should only be used in RAW extensions.
646
647char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
648
649This function returns the value of the parameter "name" in "section", or NULL
650if there has been an error.
651
652void X509V3_string_free(X509V3_CTX *ctx, char *str);
653
654This function frees up the string returned by the above function.
655
656STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
657
658This function returns a whole section as a STACK_OF(CONF_VALUE) .
659
660void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
661
662This function frees up the STACK returned by the above function.
663
664Note: it is possible to use the extension code with a custom configuration
665database. To do this the "db_meth" element of the X509V3_CTX structure should
666be set to an X509V3_CTX_METHOD structure. This structure contains the following
667function pointers:
668
669char * (*get_string)(void *db, char *section, char *value);
670STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
671void (*free_string)(void *db, char * string);
672void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
673
674these will be called and passed the 'db' element in the X509V3_CTX structure
675to access the database. If a given function is not implemented or not required
676it can be set to NULL.
677
6785. String helper functions.
679
680There are several "i2s" and "s2i" functions that convert structures to and
681from ASCII strings. In all the "i2s" cases the returned string should be
682freed using Free() after use. Since some of these are part of other extension
683code they may take a 'method' parameter. Unless otherwise stated it can be
684safely set to NULL.
685
686char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
687
688This returns a hex string from an ASN1_OCTET_STRING.
689
690char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
691char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
692
693These return a string decimal representations of an ASN1_INTEGER and an
694ASN1_ENUMERATED type, respectively.
695
696ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
697 X509V3_CTX *ctx, char *str);
698
699This converts an ASCII hex string to an ASN1_OCTET_STRING.
700
701ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
702
703This converts a decimal ASCII string into an ASN1_INTEGER.
704
7056. Multi valued extension helper functions.
706
707The following functions can be used to manipulate STACKs of CONF_VALUE
708structures, as used by multi valued extensions.
709
710int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
711
712This function expects a boolean value in 'value' and sets 'asn1_bool' to
713it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
714strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
715"false", "N", "n", "NO" or "no".
716
717int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
718
719This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
720
721int X509V3_add_value(const char *name, const char *value,
722 STACK_OF(CONF_VALUE) **extlist);
723
724This simply adds a string name and value pair.
725
726int X509V3_add_value_uchar(const char *name, const unsigned char *value,
727 STACK_OF(CONF_VALUE) **extlist);
728
729The same as above but for an unsigned character value.
730
731int X509V3_add_value_bool(const char *name, int asn1_bool,
732 STACK_OF(CONF_VALUE) **extlist);
733
734This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
735
736int X509V3_add_value_bool_nf(char *name, int asn1_bool,
737 STACK_OF(CONF_VALUE) **extlist);
738
739This is the same as above except it adds nothing if asn1_bool is FALSE.
740
741int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
742 STACK_OF(CONF_VALUE) **extlist);
743
744This function adds the value of the ASN1_INTEGER in decimal form.
745
7467. Other helper functions.
747
748<to be added>
749
750ADDING CUSTOM EXTENSIONS.
751
752Currently there are three types of supported extensions.
753
754String extensions are simple strings where the value is placed directly in the
755extensions, and the string returned is printed out.
756
757Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
758or return a STACK_OF(CONF_VALUE).
759
760Raw extensions are just passed a BIO or a value and it is the extensions
761responsibility to handle all the necessary printing.
762
763There are two ways to add an extension. One is simply as an alias to an already
764existing extension. An alias is an extension that is identical in ASN1 structure
765to an existing extension but has a different OBJECT IDENTIFIER. This can be
766done by calling:
767
768int X509V3_EXT_add_alias(int nid_to, int nid_from);
769
770'nid_to' is the new extension NID and 'nid_from' is the already existing
771extension NID.
772
773Alternatively an extension can be written from scratch. This involves writing
774the ASN1 code to encode and decode the extension and functions to print out and
775generate the extension from strings. The relevant functions are then placed in
776a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
777called.
778
779The X509V3_EXT_METHOD structure is described below.
780
781struct {
782int ext_nid;
783int ext_flags;
784X509V3_EXT_NEW ext_new;
785X509V3_EXT_FREE ext_free;
786X509V3_EXT_D2I d2i;
787X509V3_EXT_I2D i2d;
788X509V3_EXT_I2S i2s;
789X509V3_EXT_S2I s2i;
790X509V3_EXT_I2V i2v;
791X509V3_EXT_V2I v2i;
792X509V3_EXT_R2I r2i;
793X509V3_EXT_I2R i2r;
794
795void *usr_data;
796};
797
798The elements have the following meanings.
799
800ext_nid is the NID of the object identifier of the extension.
801
802ext_flags is set of flags. Currently the only external flag is
803 X509V3_EXT_MULTILINE which means a multi valued extensions
804 should be printed on separate lines.
805
806usr_data is an extension specific pointer to any relevant data. This
807 allows extensions to share identical code but have different
808 uses. An example of this is the bit string extension which uses
809 usr_data to contain a list of the bit names.
810
811All the remaining elements are function pointers.
812
813ext_new is a pointer to a function that allocates memory for the
814 extension ASN1 structure: for example ASN1_OBJECT_new().
815
816ext_free is a pointer to a function that free up memory of the extension
817 ASN1 structure: for example ASN1_OBJECT_free().
818
819d2i is the standard ASN1 function that converts a DER buffer into
820 the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
821
822i2d is the standard ASN1 function that converts the internal
823 structure into the DER representation: for example
824 i2d_ASN1_IA5STRING().
825
826The remaining functions are depend on the type of extension. One i2X and
827one X2i should be set and the rest set to NULL. The types set do not need
828to match up, for example the extension could be set using the multi valued
829v2i function and printed out using the raw i2r.
830
831All functions have the X509V3_EXT_METHOD passed to them in the 'method'
832parameter and an X509V3_CTX structure. Extension code can then access the
833parent structure via the 'method' parameter to for example make use of the value
834of usr_data. If the code needs to use detail relating to the request it can
835use the 'ctx' parameter.
836
837A note should be given here about the 'flags' member of the 'ctx' parameter.
838If it has the value CTX_TEST then the configuration syntax is being checked
839and no actual certificate or CRL exists. Therefore any attempt in the config
840file to access such information should silently succeed. If the syntax is OK
841then it should simply return a (possibly bogus) extension, otherwise it
842should return NULL.
843
844char *i2s(struct v3_ext_method *method, void *ext);
845
846This function takes the internal structure in the ext parameter and returns
847a Malloc'ed string representing its value.
848
849void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
850
851This function takes the string representation in the ext parameter and returns
852an allocated internal structure: ext_free() will be used on this internal
853structure after use.
854
855i2v and v2i handle a STACK_OF(CONF_VALUE):
856
857typedef struct
858{
859 char *section;
860 char *name;
861 char *value;
862} CONF_VALUE;
863
864Only the name and value members are currently used.
865
866STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
867
868This function is passed the internal structure in the ext parameter and
869returns a STACK of CONF_VALUE structures. The values of name, value,
870section and the structure itself will be freed up with Free after use.
871Several helper functions are available to add values to this STACK.
872
873void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
874 STACK_OF(CONF_VALUE) *values);
875
876This function takes a STACK_OF(CONF_VALUE) structures and should set the
877values of the external structure. This typically uses the name element to
878determine which structure element to set and the value element to determine
879what to set it to. Several helper functions are available for this
880purpose (see above).
881
882int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
883
884This function is passed the internal extension structure in the ext parameter
885and sends out a human readable version of the extension to out. The 'indent'
886parameter should be noted to determine the necessary amount of indentation
887needed on the output.
888
889void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
890
891This is just passed the string representation of the extension. It is intended
892to be used for more elaborate extensions where the standard single and multi
893valued options are insufficient. They can use the 'ctx' parameter to parse the
894configuration database themselves. See the context functions section for details
895of how to do this.
896
897Note: although this type takes the same parameters as the "r2s" function there
898is a subtle difference. Whereas an "r2i" function can access a configuration
899database an "s2i" function MUST NOT. This is so the internal code can safely
900assume that an "s2i" function will work without a configuration database.
901
902==============================================================================
903 PKCS#12 Library
904==============================================================================
905
906This section describes the internal PKCS#12 support. There are very few
907differences between the old external library and the new internal code at
908present. This may well change because the external library will not be updated
909much in future.
910
911This version now includes a couple of high level PKCS#12 functions which
912generally "do the right thing" and should make it much easier to handle PKCS#12
913structures.
914
915HIGH LEVEL FUNCTIONS.
916
917For most applications you only need concern yourself with the high level
918functions. They can parse and generate simple PKCS#12 files as produced by
919Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
920private key and certificate pair.
921
9221. Initialisation and cleanup.
923
924No special initialisation is needed for the internal PKCS#12 library: the
925standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
926add all algorithms (you should at least add SHA1 though) then you can manually
927initialise the PKCS#12 library with:
928
929PKCS12_PBE_add();
930
931The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
932called or it can be directly freed with:
933
934EVP_PBE_cleanup();
935
936after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
937be called.
938
9392. I/O functions.
940
941i2d_PKCS12_bio(bp, p12)
942
943This writes out a PKCS12 structure to a BIO.
944
945i2d_PKCS12_fp(fp, p12)
946
947This is the same but for a FILE pointer.
948
949d2i_PKCS12_bio(bp, p12)
950
951This reads in a PKCS12 structure from a BIO.
952
953d2i_PKCS12_fp(fp, p12)
954
955This is the same but for a FILE pointer.
956
9573. High level functions.
958
9593.1 Parsing with PKCS12_parse().
960
961int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
962 STACK **ca);
963
964This function takes a PKCS12 structure and a password (ASCII, null terminated)
965and returns the private key, the corresponding certificate and any CA
966certificates. If any of these is not required it can be passed as a NULL.
967The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
968structure. Typically to read in a PKCS#12 file you might do:
969
970p12 = d2i_PKCS12_fp(fp, NULL);
971PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
972PKCS12_free(p12);
973
9743.2 PKCS#12 creation with PKCS12_create().
975
976PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
977 STACK *ca, int nid_key, int nid_cert, int iter,
978 int mac_iter, int keytype);
979
980This function will create a PKCS12 structure from a given password, name,
981private key, certificate and optional STACK of CA certificates. The remaining
9825 parameters can be set to 0 and sensible defaults will be used.
983
984The parameters nid_key and nid_cert are the key and certificate encryption
985algorithms, iter is the encryption iteration count, mac_iter is the MAC
986iteration count and keytype is the type of private key. If you really want
987to know what these last 5 parameters do then read the low level section.
988
989Typically to create a PKCS#12 file the following could be used:
990
991p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
992i2d_PKCS12_fp(fp, p12);
993PKCS12_free(p12);
994
9953.3 Changing a PKCS#12 structure password.
996
997int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
998
999This changes the password of an already existing PKCS#12 structure. oldpass
1000is the old password and newpass is the new one. An error occurs if the old
1001password is incorrect.
1002
1003LOW LEVEL FUNCTIONS.
1004
1005In some cases the high level functions do not provide the necessary
1006functionality. For example if you want to generate or parse more complex
1007PKCS#12 files. The sample pkcs12 application uses the low level functions
1008to display details about the internal structure of a PKCS#12 file.
1009
1010Introduction.
1011
1012This is a brief description of how a PKCS#12 file is represented internally:
1013some knowledge of PKCS#12 is assumed.
1014
1015A PKCS#12 object contains several levels.
1016
1017At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
1018CRL, a private key, encrypted or unencrypted, a set of safebags (so the
1019structure can be nested) or other secrets (not documented at present).
1020A safebag can optionally have attributes, currently these are: a unicode
1021friendlyName (a Unicode string) or a localKeyID (a string of bytes).
1022
1023At the next level is an authSafe which is a set of safebags collected into
1024a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
1025
1026At the top level is the PKCS12 structure itself which contains a set of
1027authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
1028contains a MAC which is a kind of password protected digest to preserve
1029integrity (so any unencrypted stuff below can't be tampered with).
1030
1031The reason for these levels is so various objects can be encrypted in various
1032ways. For example you might want to encrypt a set of private keys with
1033triple-DES and then include the related certificates either unencrypted or
1034with lower encryption. Yes it's the dreaded crypto laws at work again which
1035allow strong encryption on private keys and only weak encryption on other
1036stuff.
1037
1038To build one of these things you turn all certificates and keys into safebags
1039(with optional attributes). You collect the safebags into (one or more) STACKS
1040and convert these into authsafes (encrypted or unencrypted). The authsafes
1041are collected into a STACK and added to a PKCS12 structure. Finally a MAC
1042inserted.
1043
1044Pulling one apart is basically the reverse process. The MAC is verified against
1045the given password. The authsafes are extracted and each authsafe split into
1046a set of safebags (possibly involving decryption). Finally the safebags are
1047decomposed into the original keys and certificates and the attributes used to
1048match up private key and certificate pairs.
1049
1050Anyway here are the functions that do the dirty work.
1051
10521. Construction functions.
1053
10541.1 Safebag functions.
1055
1056M_PKCS12_x5092certbag(x509)
1057
1058This macro takes an X509 structure and returns a certificate bag. The
1059X509 structure can be freed up after calling this function.
1060
1061M_PKCS12_x509crl2certbag(crl)
1062
1063As above but for a CRL.
1064
1065PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
1066
1067Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
1068Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
1069structure contains a private key data in plain text form it should be free'd
1070up as soon as it has been encrypted for security reasons (freeing up the
1071structure zeros out the sensitive data). This can be done with
1072PKCS8_PRIV_KEY_INFO_free().
1073
1074PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
1075
1076This sets the key type when a key is imported into MSIE or Outlook 98. Two
1077values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
1078key that can also be used for signing but its size is limited in the export
1079versions of MS software to 512 bits, it is also the default. KEY_SIG is a
1080signing only key but the keysize is unlimited (well 16K is supposed to work).
1081If you are using the domestic version of MSIE then you can ignore this because
1082KEY_EX is not limited and can be used for both.
1083
1084PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
1085
1086Convert a PKCS8 private key structure into a keybag. This routine embeds the
1087p8 structure in the keybag so p8 should not be freed up or used after it is
1088called. The p8 structure will be freed up when the safebag is freed.
1089
1090PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
1091
1092Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
1093embedded and can be freed up after use.
1094
1095int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1096int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1097
1098Add a local key id or a friendlyname to a safebag.
1099
11001.2 Authsafe functions.
1101
1102PKCS7 *PKCS12_pack_p7data(STACK *sk)
1103Take a stack of safebags and convert them into an unencrypted authsafe. The
1104stack of safebags can be freed up after calling this function.
1105
1106PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
1107
1108As above but encrypted.
1109
11101.3 PKCS12 functions.
1111
1112PKCS12 *PKCS12_init(int mode)
1113
1114Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
1115
1116M_PKCS12_pack_authsafes(p12, safes)
1117
1118This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
1119
1120int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
1121
1122Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
1123that SHA-1 should be used.
1124
11252. Extraction Functions.
1126
11272.1 Safebags.
1128
1129M_PKCS12_bag_type(bag)
1130
1131Return the type of "bag". Returns one of the following
1132
1133NID_keyBag
1134NID_pkcs8ShroudedKeyBag 7
1135NID_certBag 8
1136NID_crlBag 9
1137NID_secretBag 10
1138NID_safeContentsBag 11
1139
1140M_PKCS12_cert_bag_type(bag)
1141
1142Returns type of certificate bag, following are understood.
1143
1144NID_x509Certificate 14
1145NID_sdsiCertificate 15
1146
1147M_PKCS12_crl_bag_type(bag)
1148
1149Returns crl bag type, currently only NID_crlBag is recognised.
1150
1151M_PKCS12_certbag2x509(bag)
1152
1153This macro extracts an X509 certificate from a certificate bag.
1154
1155M_PKCS12_certbag2x509crl(bag)
1156
1157As above but for a CRL.
1158
1159EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
1160
1161Extract a private key from a PKCS8 private key info structure.
1162
1163M_PKCS12_decrypt_skey(bag, pass, passlen)
1164
1165Decrypt a shrouded key bag and return a PKCS8 private key info structure.
1166Works with both RSA and DSA keys
1167
1168char *PKCS12_get_friendlyname(bag)
1169
1170Returns the friendlyName of a bag if present or NULL if none. The returned
1171string is a null terminated ASCII string allocated with Malloc(). It should
1172thus be freed up with Free() after use.
1173
11742.2 AuthSafe functions.
1175
1176M_PKCS12_unpack_p7data(p7)
1177
1178Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
1179
1180#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
1181
1182As above but for an encrypted content info.
1183
11842.3 PKCS12 functions.
1185
1186M_PKCS12_unpack_authsafes(p12)
1187
1188Extract a STACK of authsafes from a PKCS12 structure.
1189
1190M_PKCS12_mac_present(p12)
1191
1192Check to see if a MAC is present.
1193
1194int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
1195
1196Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
1197
1198
1199Notes.
1200
12011. All the function return 0 or NULL on error.
12022. Encryption based functions take a common set of parameters. These are
1203described below.
1204
1205pass, passlen
1206ASCII password and length. The password on the MAC is called the "integrity
1207password" the encryption password is called the "privacy password" in the
1208PKCS#12 documentation. The passwords do not have to be the same. If -1 is
1209passed for the length it is worked out by the function itself (currently
1210this is sometimes done whatever is passed as the length but that may change).
1211
1212salt, saltlen
1213A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
1214default length is used.
1215
1216iter
1217Iteration count. This is a measure of how many times an internal function is
1218called to encrypt the data. The larger this value is the longer it takes, it
1219makes dictionary attacks on passwords harder. NOTE: Some implementations do
1220not support an iteration count on the MAC. If the password for the MAC and
1221encryption is the same then there is no point in having a high iteration
1222count for encryption if the MAC has no count. The MAC could be attacked
1223and the password used for the main decryption.
1224
1225pbe_nid
1226This is the NID of the password based encryption method used. The following are
1227supported.
1228NID_pbe_WithSHA1And128BitRC4
1229NID_pbe_WithSHA1And40BitRC4
1230NID_pbe_WithSHA1And3_Key_TripleDES_CBC
1231NID_pbe_WithSHA1And2_Key_TripleDES_CBC
1232NID_pbe_WithSHA1And128BitRC2_CBC
1233NID_pbe_WithSHA1And40BitRC2_CBC
1234
1235Which you use depends on the implementation you are exporting to. "Export
1236grade" (i.e. cryptographically challenged) products cannot support all
1237algorithms. Typically you may be able to use any encryption on shrouded key
1238bags but they must then be placed in an unencrypted authsafe. Other authsafes
1239may only support 40bit encryption. Of course if you are using SSLeay
1240throughout you can strongly encrypt everything and have high iteration counts
1241on everything.
1242
12433. For decryption routines only the password and length are needed.
1244
12454. Unlike the external version the nid's of objects are the values of the
1246constants: that is NID_certBag is the real nid, therefore there is no
1247PKCS12_obj_offset() function. Note the object constants are not the same as
1248those of the external version. If you use these constants then you will need
1249to recompile your code.
1250
12515. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or
1252macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
1253reused or freed up safely.
1254
diff --git a/src/lib/libssl/doc/ssl.3 b/src/lib/libssl/doc/ssl.3
deleted file mode 100644
index 7a76403bdc..0000000000
--- a/src/lib/libssl/doc/ssl.3
+++ /dev/null
@@ -1,1319 +0,0 @@
1.\"
2.\" $OpenBSD: ssl.3,v 1.4 2015/11/11 22:14:40 jmc Exp $
3.\"
4.Dd $Mdocdate: November 11 2015 $
5.Dt SSL 3
6.Os
7.Sh NAME
8.Nm ssl
9.Nd OpenSSL SSL/TLS library
10.Sh DESCRIPTION
11The OpenSSL
12.Nm ssl
13library implements the Secure Sockets Layer (SSL v2/v3) and
14Transport Layer Security (TLS v1) protocols.
15It provides a rich API which is documented here.
16.Pp
17At first the library must be initialized; see
18.Xr SSL_library_init 3 .
19.Pp
20Then an
21.Vt SSL_CTX
22object is created as a framework to establish TLS/SSL enabled connections (see
23.Xr SSL_CTX_new 3 ) .
24Various options regarding certificates, algorithms, etc., can be set in this
25object.
26.Pp
27When a network connection has been created, it can be assigned to an
28.Vt SSL
29object.
30After the
31.Vt SSL
32object has been created using
33.Xr SSL_new 3 ,
34.Xr SSL_set_fd 3
35or
36.Xr SSL_set_bio 3
37can be used to associate the network connection with the object.
38.Pp
39Then the TLS/SSL handshake is performed using
40.Xr SSL_accept 3
41or
42.Xr SSL_connect 3
43respectively.
44.Xr SSL_read 3
45and
46.Xr SSL_write 3
47are used to read and write data on the TLS/SSL connection.
48.Xr SSL_shutdown 3
49can be used to shut down the TLS/SSL connection.
50.Sh DATA STRUCTURES
51Currently the OpenSSL
52.Nm ssl
53library functions deals with the following data structures:
54.Bl -tag -width Ds
55.It Vt SSL_METHOD No (SSL Method)
56That's a dispatch structure describing the internal
57.Nm ssl
58library methods/functions which implement the various protocol versions
59(SSLv1, SSLv2 and TLSv1).
60It's needed to create an
61.Vt SSL_CTX .
62.It Vt SSL_CIPHER No (SSL Cipher)
63This structure holds the algorithm information for a particular cipher which
64is a core part of the SSL/TLS protocol.
65The available ciphers are configured on an
66.Vt SSL_CTX
67basis and the actually used ones are then part of the
68.Vt SSL_SESSION .
69.It Vt SSL_CTX No (SSL Context)
70That's the global context structure which is created by a server or client
71once per program lifetime and which holds mainly default values for the
72.Vt SSL
73structures which are later created for the connections.
74.It Vt SSL_SESSION No (SSL Session)
75This is a structure containing the current TLS/SSL session details for a
76connection:
77.Vt SSL_CIPHER Ns s, client and server certificates, keys, etc.
78.It Vt SSL No (SSL Connection)
79That's the main SSL/TLS structure which is created by a server or client per
80established connection.
81This actually is the core structure in the SSL API.
82Under run-time the application usually deals with this structure which has
83links to mostly all other structures.
84.El
85.Sh HEADER FILES
86Currently the OpenSSL
87.Nm ssl
88library provides the following C header files containing the prototypes for the
89data structures and functions:
90.Bl -tag -width Ds
91.It Pa ssl.h
92That's the common header file for the SSL/TLS API.
93Include it into your program to make the API of the
94.Nm ssl
95library available.
96It internally includes both more private SSL headers and headers from the
97.Em crypto
98library.
99Whenever you need hardcore details on the internals of the SSL API, look inside
100this header file.
101.It Pa ssl2.h
102That's the sub header file dealing with the SSLv2 protocol only.
103.Bf Em
104 Usually you don't have to include it explicitly because it's already included
105by
106.Pa ssl.h .
107.Ef
108.It Pa ssl3.h
109That's the sub header file dealing with the SSLv3 protocol only.
110.Bf Em
111Usually you don't have to include it explicitly because it's already included
112by
113.Pa ssl.h .
114.Ef
115.It Pa ssl23.h
116That's the sub header file dealing with the combined use of the SSLv2 and SSLv3
117protocols.
118.Bf Em
119Usually you don't have to include it explicitly because it's already included
120by
121.Pa ssl.h .
122.Ef
123.It Pa tls1.h
124That's the sub header file dealing with the TLSv1 protocol only.
125.Bf Em
126Usually you don't have to include it explicitly because it's already included
127by
128.Pa ssl.h .
129.Ef
130.El
131.Sh API FUNCTIONS
132The functions that the OpenSSL
133.Nm ssl
134library exports are documented below:
135.Ss DEALING WITH PROTOCOL METHODS
136Here we document the various API functions which deal with the SSL/TLS protocol
137methods defined in
138.Vt SSL_METHOD
139structures.
140.Bl -tag -width Ds
141.It Xo
142.Ft const SSL_METHOD *
143.Fn SSLv2_client_method void
144.Xc
145Constructor for the SSLv2
146.Vt SSL_METHOD
147structure for a dedicated client.
148.It Xo
149.Ft const SSL_METHOD *
150.Fn SSLv2_server_method void
151.Xc
152Constructor for the SSLv2
153.Vt SSL_METHOD
154structure for a dedicated server.
155.It Xo
156.Ft const SSL_METHOD *
157.Fn SSLv2_method void
158.Xc
159Constructor for the SSLv2
160.Vt SSL_METHOD
161structure for combined client and server.
162.It Xo
163.Ft const SSL_METHOD *
164.Fn SSLv3_client_method void
165.Xc
166Constructor for the SSLv3
167.Vt SSL_METHOD
168structure for a dedicated client.
169.It Xo
170.Ft const SSL_METHOD *
171.Fn SSLv3_server_method void
172.Xc
173Constructor for the SSLv3
174.Vt SSL_METHOD
175structure for a dedicated server.
176.It Xo
177.Ft const SSL_METHOD *
178.Fn SSLv3_method void
179.Xc
180Constructor for the SSLv3
181.Vt SSL_METHOD
182structure for combined client and server.
183.It Xo
184.Ft const SSL_METHOD *
185.Fn TLSv1_client_method void
186.Xc
187Constructor for the TLSv1
188.Vt SSL_METHOD
189structure for a dedicated client.
190.It Xo
191.Ft const SSL_METHOD *
192.Fn TLSv1_server_method void
193.Xc
194Constructor for the TLSv1
195.Vt SSL_METHOD
196structure for a dedicated server.
197.It Xo
198.Ft const SSL_METHOD *
199.Fn TLSv1_method void
200.Xc
201Constructor for the TLSv1
202.Vt SSL_METHOD
203structure for combined client and server.
204.El
205.Ss DEALING WITH CIPHERS
206Here we document the various API functions which deal with the SSL/TLS ciphers
207defined in
208.Vt SSL_CIPHER
209structures.
210.Bl -tag -width Ds
211.It Xo
212.Ft char *
213.Fn SSL_CIPHER_description "SSL_CIPHER *cipher" "char *buf" "int len"
214.Xc
215Write a string to
216.Fa buf
217(with a maximum size of
218.Fa len )
219containing a human readable description of
220.Fa cipher .
221Returns
222.Fa buf .
223.It Xo
224.Ft int
225.Fn SSL_CIPHER_get_bits "SSL_CIPHER *cipher" "int *alg_bits"
226.Xc
227Determine the number of bits in
228.Fa cipher .
229Because of export crippled ciphers there are two bits:
230the bits the algorithm supports in general (stored to
231.Fa alg_bits )
232and the bits which are actually used (the return value).
233.It Xo
234.Ft const char *
235.Fn SSL_CIPHER_get_name "SSL_CIPHER *cipher"
236.Xc
237Return the internal name of
238.Fa cipher
239as a string.
240These are the various strings defined by the
241.Dv SSL2_TXT_xxx ,
242.Dv SSL3_TXT_xxx
243and
244.Dv TLS1_TXT_xxx
245definitions in the header files.
246.It Xo
247.Ft char *
248.Fn SSL_CIPHER_get_version "SSL_CIPHER *cipher"
249.Xc
250Returns a string like
251Qq TLSv1/SSLv3
252or
253Qq SSLv2
254which indicates the SSL/TLS protocol version to which
255.Fa cipher
256belongs (i.e., where it was defined in the specification the first time).
257.El
258.Ss DEALING WITH PROTOCOL CONTEXTS
259Here we document the various API functions which deal with the SSL/TLS
260protocol context defined in the
261.Vt SSL_CTX
262structure.
263.Bl -tag -width Ds
264.It Xo
265.Ft int
266.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *x"
267.Xc
268.It Xo
269.Ft long
270.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
271.Xc
272.It Xo
273.Ft int
274.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
275.Xc
276.It Xo
277.Ft int
278.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
279.Xc
280.It Xo
281.Ft long
282.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "char *parg"
283.Xc
284.It Xo
285.Ft void
286.Fn SSL_CTX_flush_sessions "SSL_CTX *s" "long t"
287.Xc
288.It Xo
289.Ft void
290.Fn SSL_CTX_free "SSL_CTX *a"
291.Xc
292.It Xo
293.Ft char *
294.Fn SSL_CTX_get_app_data "SSL_CTX *ctx"
295.Xc
296.It Xo
297.Ft X509_STORE *
298.Fn SSL_CTX_get_cert_store "SSL_CTX *ctx"
299.Xc
300.It Xo
301.Ft STACK *
302.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
303.Xc
304.It Xo
305.Ft int
306.Fn "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
307.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
308.Xc
309.It Xo
310.Ft char *
311.Fn SSL_CTX_get_ex_data "const SSL_CTX *s" "int idx"
312.Xc
313.It Xo
314.Ft int
315.Fo SSL_CTX_get_ex_new_index
316.Fa "long argl"
317.Fa "void *argp"
318.Fa "CRYPTO_EX_new *new_func"
319.Fa "CRYPTO_EX_dup *dup_func"
320.Fa "CRYPTO_EX_free *free_func"
321.Fc
322.Xc
323.It Xo
324.Ft void
325.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
326.Fa "SSL *ssl"
327.Fa "int cb"
328.Fa "int ret"
329.Fc
330.Xc
331.It Xo
332.Ft int
333.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
334.Xc
335.It Xo
336.Ft int
337.Fn SSL_CTX_get_session_cache_mode "SSL_CTX *ctx"
338.Xc
339.It Xo
340.Ft long
341.Fn SSL_CTX_get_timeout "const SSL_CTX *ctx"
342.Xc
343.It Xo
344.Ft int
345.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
346.Fa "int ok"
347.Fa "X509_STORE_CTX *ctx"
348.Fc
349.Xc
350.It Xo
351.Ft int
352.Fn SSL_CTX_get_verify_mode "SSL_CTX *ctx"
353.Xc
354.It Xo
355.Ft int
356.Fn SSL_CTX_load_verify_locations "SSL_CTX *ctx" "char *CAfile" "char *CApath"
357.Xc
358.It Xo
359.Ft long
360.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx"
361.Xc
362.It Xo
363.Ft SSL_CTX *
364.Fn SSL_CTX_new "const SSL_METHOD *meth"
365.Xc
366.It Xo
367.Ft int
368.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
369.Xc
370.It Xo
371.Ft int
372.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
373.Xc
374.It Xo
375.Ft int
376.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
377.Xc
378.It Xo
379.Ft int
380.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
381.Xc
382.It Xo
383.Ft int
384.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
385.Xc
386.It Xo
387.Ft int
388.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
389.Xc
390.It Xo
391.Ft int
392.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
393.Xc
394.It Xo
395.Ft int
396.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
397.Xc
398.It Xo
399.Ft int
400.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
401.Xc
402.It Xo
403.Ft int
404.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
405.Xc
406.It Xo
407.Ft SSL_SESSION *
408.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
409.Fa "SSL *ssl"
410.Fa "unsigned char *data"
411.Fa "int len"
412.Fa "int *copy"
413.Fc
414.Xc
415.It Xo
416.Ft int
417.Fn "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" "SSL *ssl" "SSL_SESSION *sess"
418.Xc
419.It Xo
420.Ft void
421.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
422.Fa "SSL_CTX *ctx"
423.Fa "SSL_SESSION *sess"
424.Fc
425.Xc
426.It Xo
427.Ft int
428.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
429.Xc
430.It Xo
431.Ft int
432.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
433.Xc
434.It Xo
435.Ft int
436.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
437.Xc
438.It Xo
439.Ft void
440.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
441.Xc
442.It Xo
443.Ft void
444.Fo SSL_CTX_sess_set_get_cb
445.Fa "SSL_CTX *ctx"
446.Fa "SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)"
447.Fc
448.Xc
449.It Xo
450.Ft void
451.Fo SSL_CTX_sess_set_new_cb
452.Fa "SSL_CTX *ctx"
453.Fa "int (*cb)(SSL *ssl, SSL_SESSION *sess)"
454.Fc
455.Xc
456.It Xo
457.Ft void
458.Fo SSL_CTX_sess_set_remove_cb
459.Fa "SSL_CTX *ctx"
460.Fa "void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)"
461.Fc
462.Xc
463.It Xo
464.Ft int
465.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
466.Xc
467.It Xo
468.Ft LHASH *
469.Fn SSL_CTX_sessions "SSL_CTX *ctx"
470.Xc
471.It Xo
472.Ft void
473.Fn SSL_CTX_set_app_data "SSL_CTX *ctx" "void *arg"
474.Xc
475.It Xo
476.Ft void
477.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *cs"
478.Xc
479.It Xo
480.Ft void
481.Fn SSL_CTX_set_cert_verify_cb "SSL_CTX *ctx" "int (*cb)()" "char *arg"
482.Xc
483.It Xo
484.Ft int
485.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "char *str"
486.Xc
487.It Xo
488.Ft void
489.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK *list"
490.Xc
491.It Xo
492.Ft void
493.Fo SSL_CTX_set_client_cert_cb
494.Fa "SSL_CTX *ctx"
495.Fa "int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
496.Fc
497.Xc
498.It Xo
499.Ft void
500.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
501.Xc
502.It Xo
503.Ft void
504.Fn SSL_CTX_set_default_read_ahead "SSL_CTX *ctx" "int m"
505.Xc
506.It Xo
507.Ft int
508.Fn SSL_CTX_set_default_verify_paths "SSL_CTX *ctx"
509.Xc
510.It Xo
511.Ft int
512.Fn SSL_CTX_set_ex_data "SSL_CTX *s" "int idx" "char *arg"
513.Xc
514.It Xo
515.Ft void
516.Fo SSL_CTX_set_info_callback
517.Fa "SSL_CTX *ctx"
518.Fa "void (*cb)(SSL *ssl, int cb, int ret)"
519.Fc
520.Xc
521.It Xo
522.Ft void
523.Fo SSL_CTX_set_msg_callback
524.Fa "SSL_CTX *ctx"
525.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
526size_t len, SSL *ssl, void *arg)"
527.Fc
528.Xc
529.It Xo
530.Ft void
531.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
532.Xc
533.It Xo
534.Ft void
535.Fn SSL_CTX_set_options "SSL_CTX *ctx" "unsigned long op"
536.Xc
537.It Xo
538.Ft void
539.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
540.Xc
541.It Xo
542.Ft void
543.Fn SSL_CTX_set_session_cache_mode "SSL_CTX *ctx" "int mode"
544.Xc
545.It Xo
546.Ft int
547.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *meth"
548.Xc
549.It Xo
550.Ft void
551.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
552.Xc
553.It Xo
554.Ft long
555.Fn SSL_CTX_set_tmp_dh "SSL_CTX* ctx" "DH *dh"
556.Xc
557.It Xo
558.Ft long
559.Fn SSL_CTX_set_tmp_dh_callback "SSL_CTX *ctx" "DH *(*cb)(void)"
560.Xc
561.It Xo
562.Ft long
563.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
564.Xc
565.It Xo
566.Fn SSL_CTX_set_tmp_rsa_callback
567.Xc
568.Ft long
569.Fo SSL_CTX_set_tmp_rsa_callback
570.Fa "SSL_CTX *ctx"
571.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
572.Fc
573.Pp
574Sets the callback which will be called when a temporary private key is
575required.
576The
577.Fa export
578flag will be set if the reason for needing a temp key is that an export
579ciphersuite is in use, in which case,
580.Fa keylength
581will contain the required keylength in bits.
582.\" XXX using what?
583Generate a key of appropriate size (using ???) and return it.
584.It Xo
585.Fn SSL_set_tmp_rsa_callback
586.Xc
587.Ft long
588.Fo SSL_set_tmp_rsa_callback
589.Fa "SSL *ssl"
590.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
591.Fc
592.Pp
593The same as
594.Fn SSL_CTX_set_tmp_rsa_callback ,
595except it operates on an
596.Vt SSL
597session instead of a context.
598.It Xo
599.Ft void
600.Fn SSL_CTX_set_verify "SSL_CTX *ctx" "int mode" "int (*cb)(void)"
601.Xc
602.It Xo
603.Ft int
604.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
605.Xc
606.It Xo
607.Ft int
608.Fo SSL_CTX_use_PrivateKey_ASN1
609.Fa "int type"
610.Fa "SSL_CTX *ctx"
611.Fa "unsigned char *d"
612.Fa "long len"
613.Fc
614.Xc
615.It Xo
616.Ft int
617.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
618.Xc
619.It Xo
620.Ft int
621.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
622.Xc
623.It Xo
624.Ft int
625.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
626.Xc
627.It Xo
628.Ft int
629.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
630.Xc
631.It Xo
632.Ft int
633.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
634.Xc
635.It Xo
636.Ft int
637.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
638.Xc
639.It Xo
640.Ft int
641.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "char *file" "int type"
642.Xc
643.It Xo
644.Ft void
645.Fo SSL_CTX_set_psk_client_callback
646.Fa "SSL_CTX *ctx"
647.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
648unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
649.Fc
650.Xc
651.It Xo
652.Ft int
653.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
654.Xc
655.It Xo
656.Ft void
657.Fo SSL_CTX_set_psk_server_callback
658.Fa "SSL_CTX *ctx"
659.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
660unsigned char *psk, int max_psk_len)"
661.Fc
662.Xc
663.El
664.Ss DEALING WITH SESSIONS
665Here we document the various API functions which deal with the SSL/TLS sessions
666defined in the
667.Vt SSL_SESSION
668structures.
669.Bl -tag -width Ds
670.It Xo
671.Ft int
672.Fn SSL_SESSION_cmp "const SSL_SESSION *a" "const SSL_SESSION *b"
673.Xc
674.It Xo
675.Ft void
676.Fn SSL_SESSION_free "SSL_SESSION *ss"
677.Xc
678.It Xo
679.Ft char *
680.Fn SSL_SESSION_get_app_data "SSL_SESSION *s"
681.Xc
682.It Xo
683.Ft char *
684.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *s" "int idx"
685.Xc
686.It Xo
687.Ft int
688.Fo SSL_SESSION_get_ex_new_index
689.Fa "long argl"
690.Fa "char *argp"
691.Fa "int (*new_func)(void)"
692.Fa "int (*dup_func)(void), void (*free_func)(void)"
693.Fc
694.Xc
695.It Xo
696.Ft long
697.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
698.Xc
699.It Xo
700.Ft long
701.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
702.Xc
703.It Xo
704.Ft unsigned long
705.Fn SSL_SESSION_hash "const SSL_SESSION *a"
706.Xc
707.It Xo
708.Ft SSL_SESSION *
709.Fn SSL_SESSION_new void
710.Xc
711.It Xo
712.Ft int
713.Fn SSL_SESSION_print "BIO *bp" "const SSL_SESSION *x"
714.Xc
715.It Xo
716.Ft int
717.Fn SSL_SESSION_print_fp "FILE *fp" "const SSL_SESSION *x"
718.Xc
719.It Xo
720.Ft void
721.Fn SSL_SESSION_set_app_data "SSL_SESSION *s" "char *a"
722.Xc
723.It Xo
724.Ft int
725.Fn SSL_SESSION_set_ex_data "SSL_SESSION *s" "int idx" "char *arg"
726.Xc
727.It Xo
728.Ft long
729.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long t"
730.Xc
731.It Xo
732.Ft long
733.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long t"
734.Xc
735.El
736.Ss DEALING WITH CONNECTIONS
737Here we document the various API functions which deal with the SSL/TLS
738connection defined in the
739.Vt SSL
740structure.
741.Bl -tag -width Ds
742.It Xo
743.Ft int
744.Fn SSL_accept "SSL *ssl"
745.Xc
746.It Xo
747.Ft int
748.Fn SSL_add_dir_cert_subjects_to_stack "STACK *stack" "const char *dir"
749.Xc
750.It Xo
751.Ft int
752.Fn SSL_add_file_cert_subjects_to_stack "STACK *stack" "const char *file"
753.Xc
754.It Xo
755.Ft int
756.Fn SSL_add_client_CA "SSL *ssl" "X509 *x"
757.Xc
758.It Xo
759.Ft char *
760.Fn SSL_alert_desc_string "int value"
761.Xc
762.It Xo
763.Ft char *
764.Fn SSL_alert_desc_string_long "int value"
765.Xc
766.It Xo
767.Ft char *
768.Fn SSL_alert_type_string "int value"
769.Xc
770.It Xo
771.Ft char *
772.Fn SSL_alert_type_string_long "int value"
773.Xc
774.It Xo
775.Ft int
776.Fn SSL_check_private_key "const SSL *ssl"
777.Xc
778.It Xo
779.Ft void
780.Fn SSL_clear "SSL *ssl"
781.Xc
782.It Xo
783.Ft long
784.Fn SSL_clear_num_renegotiations "SSL *ssl"
785.Xc
786.It Xo
787.Ft int
788.Fn SSL_connect "SSL *ssl"
789.Xc
790.It Xo
791.Ft void
792.Fn SSL_copy_session_id "SSL *t" "const SSL *f"
793.Xc
794.It Xo
795.Ft long
796.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "char *parg"
797.Xc
798.It Xo
799.Ft int
800.Fn SSL_do_handshake "SSL *ssl"
801.Xc
802.It Xo
803.Ft SSL *
804.Fn SSL_dup "SSL *ssl"
805.Xc
806.It Xo
807.Ft STACK *
808.Fn SSL_dup_CA_list "STACK *sk"
809.Xc
810.It Xo
811.Ft void
812.Fn SSL_free "SSL *ssl"
813.Xc
814.It Xo
815.Ft SSL_CTX *
816.Fn SSL_get_SSL_CTX "const SSL *ssl"
817.Xc
818.It Xo
819.Ft char *
820.Fn SSL_get_app_data "SSL *ssl"
821.Xc
822.It Xo
823.Ft X509 *
824.Fn SSL_get_certificate "const SSL *ssl"
825.Xc
826.It Xo
827.Ft const char *
828.Fn SSL_get_cipher "const SSL *ssl"
829.Xc
830.It Xo
831.Ft int
832.Fn SSL_get_cipher_bits "const SSL *ssl" "int *alg_bits"
833.Xc
834.It Xo
835.Ft char *
836.Fn SSL_get_cipher_list "const SSL *ssl" "int n"
837.Xc
838.It Xo
839.Ft char *
840.Fn SSL_get_cipher_name "const SSL *ssl"
841.Xc
842.It Xo
843.Ft char *
844.Fn SSL_get_cipher_version "const SSL *ssl"
845.Xc
846.It Xo
847.Ft STACK *
848.Fn SSL_get_ciphers "const SSL *ssl"
849.Xc
850.It Xo
851.Ft STACK *
852.Fn SSL_get_client_CA_list "const SSL *ssl"
853.Xc
854.It Xo
855.Ft SSL_CIPHER *
856.Fn SSL_get_current_cipher "SSL *ssl"
857.Xc
858.It Xo
859.Ft long
860.Fn SSL_get_default_timeout "const SSL *ssl"
861.Xc
862.It Xo
863.Ft int
864.Fn SSL_get_error "const SSL *ssl" "int i"
865.Xc
866.It Xo
867.Ft char *
868.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
869.Xc
870.It Xo
871.Ft int
872.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
873.Xc
874.It Xo
875.Ft int
876.Fo SSL_get_ex_new_index
877.Fa "long argl"
878.Fa "char *argp"
879.Fa "int (*new_func)(void)"
880.Fa "int (*dup_func)(void)"
881.Fa "void (*free_func)(void)"
882.Fc
883.Xc
884.It Xo
885.Ft int
886.Fn SSL_get_fd "const SSL *ssl"
887.Xc
888.It Xo
889.Ft void
890.Fn "(*SSL_get_info_callback(const SSL *ssl))"
891.Xc
892.It Xo
893.Ft STACK *
894.Fn SSL_get_peer_cert_chain "const SSL *ssl"
895.Xc
896.It Xo
897.Ft X509 *
898.Fn SSL_get_peer_certificate "const SSL *ssl"
899.Xc
900.It Xo
901.Ft EVP_PKEY *
902.Fn SSL_get_privatekey "SSL *ssl"
903.Xc
904.It Xo
905.Ft int
906.Fn SSL_get_quiet_shutdown "const SSL *ssl"
907.Xc
908.It Xo
909.Ft BIO *
910.Fn SSL_get_rbio "const SSL *ssl"
911.Xc
912.It Xo
913.Ft int
914.Fn SSL_get_read_ahead "const SSL *ssl"
915.Xc
916.It Xo
917.Ft SSL_SESSION *
918.Fn SSL_get_session "const SSL *ssl"
919.Xc
920.It Xo
921.Ft char *
922.Fn SSL_get_shared_ciphers "const SSL *ssl" "char *buf" "int len"
923.Xc
924.It Xo
925.Ft int
926.Fn SSL_get_shutdown "const SSL *ssl"
927.Xc
928.It Xo
929.Ft const SSL_METHOD *
930.Fn SSL_get_ssl_method "SSL *ssl"
931.Xc
932.It Xo
933.Ft int
934.Fn SSL_get_state "const SSL *ssl"
935.Xc
936.It Xo
937.Ft long
938.Fn SSL_get_time "const SSL *ssl"
939.Xc
940.It Xo
941.Ft long
942.Fn SSL_get_timeout "const SSL *ssl"
943.Xc
944.It Xo
945.Ft int
946.Fn "(*SSL_get_verify_callback(const SSL *ssl))" int "X509_STORE_CTX *"
947.Xc
948.It Xo
949.Ft int
950.Fn SSL_get_verify_mode "const SSL *ssl"
951.Xc
952.It Xo
953.Ft long
954.Fn SSL_get_verify_result "const SSL *ssl"
955.Xc
956.It Xo
957.Ft char *
958.Fn SSL_get_version "const SSL *ssl"
959.Xc
960.It Xo
961.Ft BIO *
962.Fn SSL_get_wbio "const SSL *ssl"
963.Xc
964.It Xo
965.Ft int
966.Fn SSL_in_accept_init "SSL *ssl"
967.Xc
968.It Xo
969.Ft int
970.Fn SSL_in_before "SSL *ssl"
971.Xc
972.It Xo
973.Ft int
974.Fn SSL_in_connect_init "SSL *ssl"
975.Xc
976.It Xo
977.Ft int
978.Fn SSL_in_init "SSL *ssl"
979.Xc
980.It Xo
981.Ft int
982.Fn SSL_is_init_finished "SSL *ssl"
983.Xc
984.It Xo
985.Ft STACK *
986.Fn SSL_load_client_CA_file "char *file"
987.Xc
988.It Xo
989.Ft void
990.Fn SSL_load_error_strings "void"
991.Xc
992.It Xo
993.Ft SSL *
994.Fn SSL_new "SSL_CTX *ctx"
995.Xc
996.It Xo
997.Ft long
998.Fn SSL_num_renegotiations "SSL *ssl"
999.Xc
1000.It Xo
1001.Ft int
1002.Fn SSL_peek "SSL *ssl" "void *buf" "int num"
1003.Xc
1004.It Xo
1005.Ft int
1006.Fn SSL_pending "const SSL *ssl"
1007.Xc
1008.It Xo
1009.Ft int
1010.Fn SSL_read "SSL *ssl" "void *buf" "int num"
1011.Xc
1012.It Xo
1013.Ft int
1014.Fn SSL_renegotiate "SSL *ssl"
1015.Xc
1016.It Xo
1017.Ft char *
1018.Fn SSL_rstate_string "SSL *ssl"
1019.Xc
1020.It Xo
1021.Ft char *
1022.Fn SSL_rstate_string_long "SSL *ssl"
1023.Xc
1024.It Xo
1025.Ft long
1026.Fn SSL_session_reused "SSL *ssl"
1027.Xc
1028.It Xo
1029.Ft void
1030.Fn SSL_set_accept_state "SSL *ssl"
1031.Xc
1032.It Xo
1033.Ft void
1034.Fn SSL_set_app_data "SSL *ssl" "char *arg"
1035.Xc
1036.It Xo
1037.Ft void
1038.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
1039.Xc
1040.It Xo
1041.Ft int
1042.Fn SSL_set_cipher_list "SSL *ssl" "char *str"
1043.Xc
1044.It Xo
1045.Ft void
1046.Fn SSL_set_client_CA_list "SSL *ssl" "STACK *list"
1047.Xc
1048.It Xo
1049.Ft void
1050.Fn SSL_set_connect_state "SSL *ssl"
1051.Xc
1052.It Xo
1053.Ft int
1054.Fn SSL_set_ex_data "SSL *ssl" "int idx" "char *arg"
1055.Xc
1056.It Xo
1057.Ft int
1058.Fn SSL_set_fd "SSL *ssl" "int fd"
1059.Xc
1060.It Xo
1061.Ft void
1062.Fn SSL_set_info_callback "SSL *ssl" "void (*cb)(void)"
1063.Xc
1064.It Xo
1065.Ft void
1066.Fo SSL_set_msg_callback
1067.Fa "SSL *ctx"
1068.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
1069size_t len, SSL *ssl, void *arg)"
1070.Fc
1071.Xc
1072.It Xo
1073.Ft void
1074.Fn SSL_set_msg_callback_arg "SSL *ctx" "void *arg"
1075.Xc
1076.It Xo
1077.Ft void
1078.Fn SSL_set_options "SSL *ssl" "unsigned long op"
1079.Xc
1080.It Xo
1081.Ft void
1082.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
1083.Xc
1084.It Xo
1085.Ft void
1086.Fn SSL_set_read_ahead "SSL *ssl" "int yes"
1087.Xc
1088.It Xo
1089.Ft int
1090.Fn SSL_set_rfd "SSL *ssl" "int fd"
1091.Xc
1092.It Xo
1093.Ft int
1094.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
1095.Xc
1096.It Xo
1097.Ft void
1098.Fn SSL_set_shutdown "SSL *ssl" "int mode"
1099.Xc
1100.It Xo
1101.Ft int
1102.Fn SSL_set_ssl_method "SSL *ssl" "const SSL_METHOD *meth"
1103.Xc
1104.It Xo
1105.Ft void
1106.Fn SSL_set_time "SSL *ssl" "long t"
1107.Xc
1108.It Xo
1109.Ft void
1110.Fn SSL_set_timeout "SSL *ssl" "long t"
1111.Xc
1112.It Xo
1113.Ft void
1114.Fn SSL_set_verify "SSL *ssl" "int mode" "int (*callback)(void)"
1115.Xc
1116.It Xo
1117.Ft void
1118.Fn SSL_set_verify_result "SSL *ssl" "long arg"
1119.Xc
1120.It Xo
1121.Ft int
1122.Fn SSL_set_wfd "SSL *ssl" "int fd"
1123.Xc
1124.It Xo
1125.Ft int
1126.Fn SSL_shutdown "SSL *ssl"
1127.Xc
1128.It Xo
1129.Ft int
1130.Fn SSL_state "const SSL *ssl"
1131.Xc
1132.It Xo
1133.Ft char *
1134.Fn SSL_state_string "const SSL *ssl"
1135.Xc
1136.It Xo
1137.Ft char *
1138.Fn SSL_state_string_long "const SSL *ssl"
1139.Xc
1140.It Xo
1141.Ft long
1142.Fn SSL_total_renegotiations "SSL *ssl"
1143.Xc
1144.It Xo
1145.Ft int
1146.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
1147.Xc
1148.It Xo
1149.Ft int
1150.Fn SSL_use_PrivateKey_ASN1 "int type" "SSL *ssl" "unsigned char *d" "long len"
1151.Xc
1152.It Xo
1153.Ft int
1154.Fn SSL_use_PrivateKey_file "SSL *ssl" "char *file" "int type"
1155.Xc
1156.It Xo
1157.Ft int
1158.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
1159.Xc
1160.It Xo
1161.Ft int
1162.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len"
1163.Xc
1164.It Xo
1165.Ft int
1166.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "char *file" "int type"
1167.Xc
1168.It Xo
1169.Ft int
1170.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
1171.Xc
1172.It Xo
1173.Ft int
1174.Fn SSL_use_certificate_ASN1 "SSL *ssl" "int len" "unsigned char *d"
1175.Xc
1176.It Xo
1177.Ft int
1178.Fn SSL_use_certificate_file "SSL *ssl" "char *file" "int type"
1179.Xc
1180.It Xo
1181.Ft int
1182.Fn SSL_version "const SSL *ssl"
1183.Xc
1184.It Xo
1185.Ft int
1186.Fn SSL_want "const SSL *ssl"
1187.Xc
1188.It Xo
1189.Ft int
1190.Fn SSL_want_nothing "const SSL *ssl"
1191.Xc
1192.It Xo
1193.Ft int
1194.Fn SSL_want_read "const SSL *ssl"
1195.Xc
1196.It Xo
1197.Ft int
1198.Fn SSL_want_write "const SSL *ssl"
1199.Xc
1200.It Xo
1201.Ft int
1202.Fn SSL_want_x509_lookup "const SSL *ssl"
1203.Xc
1204.It Xo
1205.Ft int
1206.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
1207.Xc
1208.It Xo
1209.Ft void
1210.Fo SSL_set_psk_client_callback
1211.Fa "SSL *ssl"
1212.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
1213unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
1214.Fc
1215.Xc
1216.It Xo
1217.Ft int
1218.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
1219.Xc
1220.It Xo
1221.Ft void
1222.Fo SSL_set_psk_server_callback
1223.Fa "SSL *ssl"
1224.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
1225unsigned char *psk, int max_psk_len)"
1226.Fc
1227.Xc
1228.It Xo
1229.Ft const char *
1230.Fn SSL_get_psk_identity_hint "SSL *ssl"
1231.Xc
1232.It Xo
1233.Ft const char *
1234.Fn SSL_get_psk_identity "SSL *ssl"
1235.Xc
1236.El
1237.Sh SEE ALSO
1238.Xr openssl 1 ,
1239.Xr crypto 3 ,
1240.Xr d2i_SSL_SESSION 3 ,
1241.Xr SSL_accept 3 ,
1242.Xr SSL_alert_type_string 3 ,
1243.Xr SSL_CIPHER_get_name 3 ,
1244.Xr SSL_clear 3 ,
1245.Xr SSL_COMP_add_compression_method 3 ,
1246.Xr SSL_connect 3 ,
1247.Xr SSL_CTX_add_extra_chain_cert 3 ,
1248.Xr SSL_CTX_add_session 3 ,
1249.Xr SSL_CTX_ctrl 3 ,
1250.Xr SSL_CTX_flush_sessions 3 ,
1251.Xr SSL_CTX_get_ex_new_index 3 ,
1252.Xr SSL_CTX_get_verify_mode 3 ,
1253.Xr SSL_CTX_load_verify_locations 3 ,
1254.Xr SSL_CTX_new 3 ,
1255.Xr SSL_CTX_sess_number 3 ,
1256.Xr SSL_CTX_sess_set_cache_size 3 ,
1257.Xr SSL_CTX_sess_set_get_cb 3 ,
1258.Xr SSL_CTX_sessions 3 ,
1259.Xr SSL_CTX_set_cert_store 3 ,
1260.Xr SSL_CTX_set_cert_verify_callback 3 ,
1261.Xr SSL_CTX_set_cipher_list 3 ,
1262.Xr SSL_CTX_set_client_CA_list 3 ,
1263.Xr SSL_CTX_set_client_cert_cb 3 ,
1264.Xr SSL_CTX_set_default_passwd_cb 3 ,
1265.Xr SSL_CTX_set_generate_session_id 3 ,
1266.Xr SSL_CTX_set_info_callback 3 ,
1267.Xr SSL_CTX_set_max_cert_list 3 ,
1268.Xr SSL_CTX_set_mode 3 ,
1269.Xr SSL_CTX_set_msg_callback 3 ,
1270.Xr SSL_CTX_set_options 3 ,
1271.Xr SSL_CTX_set_psk_client_callback 3 ,
1272.Xr SSL_CTX_set_quiet_shutdown 3 ,
1273.Xr SSL_CTX_set_session_cache_mode 3 ,
1274.Xr SSL_CTX_set_session_id_context 3 ,
1275.Xr SSL_CTX_set_ssl_version 3 ,
1276.Xr SSL_CTX_set_timeout 3 ,
1277.Xr SSL_CTX_set_tmp_dh_callback 3 ,
1278.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
1279.Xr SSL_CTX_set_verify 3 ,
1280.Xr SSL_CTX_use_certificate 3 ,
1281.Xr SSL_CTX_use_psk_identity_hint 3 ,
1282.Xr SSL_do_handshake 3 ,
1283.Xr SSL_get_ciphers 3 ,
1284.Xr SSL_get_client_CA_list 3 ,
1285.Xr SSL_get_default_timeout 3 ,
1286.Xr SSL_get_error 3 ,
1287.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
1288.Xr SSL_get_ex_new_index 3 ,
1289.Xr SSL_get_fd 3 ,
1290.Xr SSL_get_peer_cert_chain 3 ,
1291.Xr SSL_get_psk_identity 3 ,
1292.Xr SSL_get_rbio 3 ,
1293.Xr SSL_get_session 3 ,
1294.Xr SSL_get_SSL_CTX 3 ,
1295.Xr SSL_get_verify_result 3 ,
1296.Xr SSL_get_version 3 ,
1297.Xr SSL_library_init 3 ,
1298.Xr SSL_load_client_CA_file 3 ,
1299.Xr SSL_new 3 ,
1300.Xr SSL_pending 3 ,
1301.Xr SSL_read 3 ,
1302.Xr SSL_rstate_string 3 ,
1303.Xr SSL_SESSION_free 3 ,
1304.Xr SSL_SESSION_get_ex_new_index 3 ,
1305.Xr SSL_SESSION_get_time 3 ,
1306.Xr SSL_session_reused 3 ,
1307.Xr SSL_set_bio 3 ,
1308.Xr SSL_set_connect_state 3 ,
1309.Xr SSL_set_fd 3 ,
1310.Xr SSL_set_session 3 ,
1311.Xr SSL_set_shutdown 3 ,
1312.Xr SSL_shutdown 3 ,
1313.Xr SSL_state_string 3 ,
1314.Xr SSL_want 3 ,
1315.Xr SSL_write 3
1316.Sh HISTORY
1317The
1318.Nm
1319document appeared in OpenSSL 0.9.2.
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index 7bada8d35f..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,285 +0,0 @@
1Standards related to OpenSSL
2============================
3
4[Please, this is currently a draft. I made a first try at finding
5 documents that describe parts of what OpenSSL implements. There are
6 big gaps, and I've most certainly done something wrong. Please
7 correct whatever is... Also, this note should be removed when this
8 file is reaching a somewhat correct state. -- Richard Levitte]
9
10
11All pointers in here will be either URL's or blobs of text borrowed
12from miscellaneous indexes, like rfc-index.txt (index of RFCs),
131id-index.txt (index of Internet drafts) and the like.
14
15To find the latest possible RFCs, it's recommended to either browse
16ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
17use the search mechanism found there.
18To find the latest possible Internet drafts, it's recommended to
19browse ftp://ftp.isi.edu/internet-drafts/.
20To find the latest possible PKCS, it's recommended to browse
21http://www.rsasecurity.com/rsalabs/pkcs/.
22
23
24Implemented:
25------------
26
27These are documents that describe things that are implemented (in
28whole or at least great parts) in OpenSSL.
29
301319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
31 (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
32
331320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
34 TXT=32407 bytes) (Status: INFORMATIONAL)
35
361321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
37 TXT=35222 bytes) (Status: INFORMATIONAL)
38
392246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
40 (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
41
422268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
43 January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
44
452315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
46 March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
47
48PKCS#8: Private-Key Information Syntax Standard
49
50PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
51
522560 X.509 Internet Public Key Infrastructure Online Certificate
53 Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
54 C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
55 STANDARD)
56
572712 Addition of Kerberos Cipher Suites to Transport Layer Security
58 (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
59 (Status: PROPOSED STANDARD)
60
612898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
62 B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
63 INFORMATIONAL)
64
652986 PKCS #10: Certification Request Syntax Specification Version 1.7.
66 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
67 (Obsoletes RFC2314) (Status: INFORMATIONAL)
68
693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
71
723161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
73 C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
74 (Status: PROPOSED STANDARD)
75
763268 Advanced Encryption Standard (AES) Ciphersuites for Transport
77 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
78 (Status: PROPOSED STANDARD)
79
803279 Algorithms and Identifiers for the Internet X.509 Public Key
81 Infrastructure Certificate and Certificate Revocation List (CRL)
82 Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
83 TXT=53833 bytes) (Status: PROPOSED STANDARD)
84
853280 Internet X.509 Public Key Infrastructure Certificate and
86 Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
87 Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
88 RFC2459) (Status: PROPOSED STANDARD)
89
903447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
91 Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
92 (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
93 INFORMATIONAL)
94
953713 A Description of the Camellia Encryption Algorithm. M. Matsui,
96 J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
97 (Status: INFORMATIONAL)
98
993820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
100 Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
101 June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
102
1034132 Addition of Camellia Cipher Suites to Transport Layer Security
104 (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
105 bytes) (Status: PROPOSED STANDARD)
106
1074162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
108 H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
109 (Status: PROPOSED STANDARD)
110
1114269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
112 D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
113 (Obsoletes RFC4009) (Status: INFORMATIONAL)
114
115
116Related:
117--------
118
119These are documents that are close to OpenSSL, for example the
120STARTTLS documents.
121
1221421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
123 Encryption and Authentication Procedures. J. Linn. February 1993.
124 (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
125 STANDARD)
126
1271422 Privacy Enhancement for Internet Electronic Mail: Part II:
128 Certificate-Based Key Management. S. Kent. February 1993. (Format:
129 TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
130
1311423 Privacy Enhancement for Internet Electronic Mail: Part III:
132 Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
133 (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
134 STANDARD)
135
1361424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
137 Certification and Related Services. B. Kaliski. February 1993.
138 (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
139
1402025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
141 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
142
1432510 Internet X.509 Public Key Infrastructure Certificate Management
144 Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
145 bytes) (Status: PROPOSED STANDARD)
146
1472511 Internet X.509 Certificate Request Message Format. M. Myers, C.
148 Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
149 (Status: PROPOSED STANDARD)
150
1512527 Internet X.509 Public Key Infrastructure Certificate Policy and
152 Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
153 (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
154
1552538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
156 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
157 PROPOSED STANDARD)
158
1592539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
160 D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
161 PROPOSED STANDARD)
162
1632559 Internet X.509 Public Key Infrastructure Operational Protocols -
164 LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
165 TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
166
1672585 Internet X.509 Public Key Infrastructure Operational Protocols:
168 FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
169 bytes) (Status: PROPOSED STANDARD)
170
1712587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
172 Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
173 (Status: PROPOSED STANDARD)
174
1752595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
176 (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
177
1782631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
179 (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
180
1812632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
182 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
183
1842716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
185 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
186
1872773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
188 February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
189 EXPERIMENTAL)
190
1912797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
192 Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
193 PROPOSED STANDARD)
194
1952817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
196 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
197 STANDARD)
198
1992818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
200 (Status: INFORMATIONAL)
201
2022876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
203 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
204
2052984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
206 October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
207
2082985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
209 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
210 (Status: INFORMATIONAL)
211
2123029 Internet X.509 Public Key Infrastructure Data Validation and
213 Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
214 R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
215 EXPERIMENTAL)
216
2173039 Internet X.509 Public Key Infrastructure Qualified Certificates
218 Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
219 (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
220
2213058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
222 Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
223 (Status: INFORMATIONAL)
224
2253161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
226 (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
227 (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
228
2293185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
230 October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
231
2323207 SMTP Service Extension for Secure SMTP over Transport Layer
233 Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
234 (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
235
2363217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
237 (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
238
2393274 Compressed Data Content Type for Cryptographic Message Syntax
240 (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
241 PROPOSED STANDARD)
242
2433278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
244 Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
245 Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
246 INFORMATIONAL)
247
2483281 An Internet Attribute Certificate Profile for Authorization. S.
249 Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
250 PROPOSED STANDARD)
251
2523369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
253 (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
254 PROPOSED STANDARD)
255
2563370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
257 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
258 PROPOSED STANDARD)
259
2603377 Lightweight Directory Access Protocol (v3): Technical
261 Specification. J. Hodges, R. Morgan. September 2002. (Format:
262 TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
263 RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
264
2653394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
266 R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
267 INFORMATIONAL)
268
2693436 Transport Layer Security over Stream Control Transmission
270 Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
271 (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
272
2733657 Use of the Camellia Encryption Algorithm in Cryptographic
274 Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
275 (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
276
277"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
278
279
280To be implemented:
281------------------
282
283These are documents that describe things that are planed to be
284implemented in the hopefully short future.
285
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
deleted file mode 100644
index 5aed28e99a..0000000000
--- a/src/lib/libssl/dtls1.h
+++ /dev/null
@@ -1,245 +0,0 @@
1/* $OpenBSD: dtls1.h,v 1.18 2015/09/10 17:57:50 jsing Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifndef HEADER_DTLS1_H
61#define HEADER_DTLS1_H
62
63#include <sys/time.h>
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68
69#include <openssl/buffer.h>
70
71#ifdef __cplusplus
72extern "C" {
73#endif
74
75#define DTLS1_VERSION 0xFEFF
76
77/* lengths of messages */
78#define DTLS1_COOKIE_LENGTH 256
79
80#define DTLS1_RT_HEADER_LENGTH 13
81
82#define DTLS1_HM_HEADER_LENGTH 12
83
84#define DTLS1_HM_BAD_FRAGMENT -2
85#define DTLS1_HM_FRAGMENT_RETRY -3
86
87#define DTLS1_CCS_HEADER_LENGTH 1
88
89#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
90#define DTLS1_AL_HEADER_LENGTH 7
91#else
92#define DTLS1_AL_HEADER_LENGTH 2
93#endif
94
95#ifndef OPENSSL_NO_SSL_INTERN
96
97
98typedef struct dtls1_bitmap_st {
99 unsigned long map; /* track 32 packets on 32-bit systems
100 and 64 - on 64-bit systems */
101 unsigned char max_seq_num[8]; /* max record number seen so far,
102 64-bit value in big-endian
103 encoding */
104} DTLS1_BITMAP;
105
106struct dtls1_retransmit_state {
107 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
108 EVP_MD_CTX *write_hash; /* used for mac generation */
109 SSL_SESSION *session;
110 unsigned short epoch;
111};
112
113struct hm_header_st {
114 unsigned char type;
115 unsigned long msg_len;
116 unsigned short seq;
117 unsigned long frag_off;
118 unsigned long frag_len;
119 unsigned int is_ccs;
120 struct dtls1_retransmit_state saved_retransmit_state;
121};
122
123struct ccs_header_st {
124 unsigned char type;
125 unsigned short seq;
126};
127
128struct dtls1_timeout_st {
129 /* Number of read timeouts so far */
130 unsigned int read_timeouts;
131
132 /* Number of write timeouts so far */
133 unsigned int write_timeouts;
134
135 /* Number of alerts received so far */
136 unsigned int num_alerts;
137};
138
139struct _pqueue;
140
141typedef struct record_pqueue_st {
142 unsigned short epoch;
143 struct _pqueue *q;
144} record_pqueue;
145
146typedef struct hm_fragment_st {
147 struct hm_header_st msg_header;
148 unsigned char *fragment;
149 unsigned char *reassembly;
150} hm_fragment;
151
152typedef struct dtls1_state_st {
153 unsigned int send_cookie;
154 unsigned char cookie[DTLS1_COOKIE_LENGTH];
155 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
156 unsigned int cookie_len;
157
158 /*
159 * The current data and handshake epoch. This is initially
160 * undefined, and starts at zero once the initial handshake is
161 * completed
162 */
163 unsigned short r_epoch;
164 unsigned short w_epoch;
165
166 /* records being received in the current epoch */
167 DTLS1_BITMAP bitmap;
168
169 /* renegotiation starts a new set of sequence numbers */
170 DTLS1_BITMAP next_bitmap;
171
172 /* handshake message numbers */
173 unsigned short handshake_write_seq;
174 unsigned short next_handshake_write_seq;
175
176 unsigned short handshake_read_seq;
177
178 /* save last sequence number for retransmissions */
179 unsigned char last_write_sequence[8];
180
181 /* Received handshake records (processed and unprocessed) */
182 record_pqueue unprocessed_rcds;
183 record_pqueue processed_rcds;
184
185 /* Buffered handshake messages */
186 struct _pqueue *buffered_messages;
187
188 /* Buffered (sent) handshake records */
189 struct _pqueue *sent_messages;
190
191 /* Buffered application records.
192 * Only for records between CCS and Finished
193 * to prevent either protocol violation or
194 * unnecessary message loss.
195 */
196 record_pqueue buffered_app_data;
197
198 /* Is set when listening for new connections with dtls1_listen() */
199 unsigned int listen;
200
201 unsigned int mtu; /* max DTLS packet size */
202
203 struct hm_header_st w_msg_hdr;
204 struct hm_header_st r_msg_hdr;
205
206 struct dtls1_timeout_st timeout;
207
208 /* Indicates when the last handshake msg or heartbeat sent will timeout */
209 struct timeval next_timeout;
210
211 /* Timeout duration */
212 unsigned short timeout_duration;
213
214 /* storage for Alert/Handshake protocol data received but not
215 * yet processed by ssl3_read_bytes: */
216 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
217 unsigned int alert_fragment_len;
218 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
219 unsigned int handshake_fragment_len;
220
221 unsigned int retransmitting;
222 unsigned int change_cipher_spec_ok;
223
224
225} DTLS1_STATE;
226
227typedef struct dtls1_record_data_st {
228 unsigned char *packet;
229 unsigned int packet_length;
230 SSL3_BUFFER rbuf;
231 SSL3_RECORD rrec;
232} DTLS1_RECORD_DATA;
233
234#endif
235
236/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
237#define DTLS1_TMO_READ_COUNT 2
238#define DTLS1_TMO_WRITE_COUNT 2
239
240#define DTLS1_TMO_ALERT_COUNT 12
241
242#ifdef __cplusplus
243}
244#endif
245#endif
diff --git a/src/lib/libssl/pqueue.c b/src/lib/libssl/pqueue.c
deleted file mode 100644
index 602969deb0..0000000000
--- a/src/lib/libssl/pqueue.c
+++ /dev/null
@@ -1,201 +0,0 @@
1/* $OpenBSD: pqueue.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdlib.h>
61#include <string.h>
62
63#include "pqueue.h"
64
65typedef struct _pqueue {
66 pitem *items;
67 int count;
68} pqueue_s;
69
70pitem *
71pitem_new(unsigned char *prio64be, void *data)
72{
73 pitem *item = malloc(sizeof(pitem));
74
75 if (item == NULL)
76 return NULL;
77
78 memcpy(item->priority, prio64be, sizeof(item->priority));
79
80 item->data = data;
81 item->next = NULL;
82
83 return item;
84}
85
86void
87pitem_free(pitem *item)
88{
89 free(item);
90}
91
92pqueue_s *
93pqueue_new(void)
94{
95 return calloc(1, sizeof(pqueue_s));
96}
97
98void
99pqueue_free(pqueue_s *pq)
100{
101 free(pq);
102}
103
104pitem *
105pqueue_insert(pqueue_s *pq, pitem *item)
106{
107 pitem *curr, *next;
108
109 if (pq->items == NULL) {
110 pq->items = item;
111 return item;
112 }
113
114 for (curr = NULL, next = pq->items; next != NULL;
115 curr = next, next = next->next) {
116 /* we can compare 64-bit value in big-endian encoding
117 * with memcmp:-) */
118 int cmp = memcmp(next->priority, item->priority,
119 sizeof(item->priority));
120 if (cmp > 0) { /* next > item */
121 item->next = next;
122
123 if (curr == NULL)
124 pq->items = item;
125 else
126 curr->next = item;
127
128 return item;
129 } else if (cmp == 0) /* duplicates not allowed */
130 return NULL;
131 }
132
133 item->next = NULL;
134 curr->next = item;
135
136 return item;
137}
138
139pitem *
140pqueue_peek(pqueue_s *pq)
141{
142 return pq->items;
143}
144
145pitem *
146pqueue_pop(pqueue_s *pq)
147{
148 pitem *item = pq->items;
149
150 if (pq->items != NULL)
151 pq->items = pq->items->next;
152
153 return item;
154}
155
156pitem *
157pqueue_find(pqueue_s *pq, unsigned char *prio64be)
158{
159 pitem *next;
160
161 for (next = pq->items; next != NULL; next = next->next)
162 if (memcmp(next->priority, prio64be,
163 sizeof(next->priority)) == 0)
164 return next;
165
166 return NULL;
167}
168
169pitem *
170pqueue_iterator(pqueue_s *pq)
171{
172 return pqueue_peek(pq);
173}
174
175pitem *
176pqueue_next(pitem **item)
177{
178 pitem *ret;
179
180 if (item == NULL || *item == NULL)
181 return NULL;
182
183 /* *item != NULL */
184 ret = *item;
185 *item = (*item)->next;
186
187 return ret;
188}
189
190int
191pqueue_size(pqueue_s *pq)
192{
193 pitem *item = pq->items;
194 int count = 0;
195
196 while (item != NULL) {
197 count++;
198 item = item->next;
199 }
200 return count;
201}
diff --git a/src/lib/libssl/pqueue.h b/src/lib/libssl/pqueue.h
deleted file mode 100644
index 0d7ddc04e2..0000000000
--- a/src/lib/libssl/pqueue.h
+++ /dev/null
@@ -1,89 +0,0 @@
1/* $OpenBSD: pqueue.h,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
2
3/*
4 * DTLS implementation written by Nagendra Modadugu
5 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
6 */
7/* ====================================================================
8 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in
19 * the documentation and/or other materials provided with the
20 * distribution.
21 *
22 * 3. All advertising materials mentioning features or use of this
23 * software must display the following acknowledgment:
24 * "This product includes software developed by the OpenSSL Project
25 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 *
27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28 * endorse or promote products derived from this software without
29 * prior written permission. For written permission, please contact
30 * openssl-core@OpenSSL.org.
31 *
32 * 5. Products derived from this software may not be called "OpenSSL"
33 * nor may "OpenSSL" appear in their names without prior written
34 * permission of the OpenSSL Project.
35 *
36 * 6. Redistributions of any form whatsoever must retain the following
37 * acknowledgment:
38 * "This product includes software developed by the OpenSSL Project
39 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52 * OF THE POSSIBILITY OF SUCH DAMAGE.
53 * ====================================================================
54 *
55 * This product includes cryptographic software written by Eric Young
56 * (eay@cryptsoft.com). This product includes software written by Tim
57 * Hudson (tjh@cryptsoft.com).
58 *
59 */
60
61#ifndef HEADER_PQUEUE_H
62#define HEADER_PQUEUE_H
63
64typedef struct _pqueue *pqueue;
65
66typedef struct _pitem {
67 unsigned char priority[8]; /* 64-bit value in big-endian encoding */
68 void *data;
69 struct _pitem *next;
70} pitem;
71
72typedef struct _pitem *piterator;
73
74pitem *pitem_new(unsigned char *prio64be, void *data);
75void pitem_free(pitem *item);
76
77pqueue pqueue_new(void);
78void pqueue_free(pqueue pq);
79
80pitem *pqueue_insert(pqueue pq, pitem *item);
81pitem *pqueue_peek(pqueue pq);
82pitem *pqueue_pop(pqueue pq);
83pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
84pitem *pqueue_iterator(pqueue pq);
85pitem *pqueue_next(piterator *iter);
86
87int pqueue_size(pqueue pq);
88
89#endif /* ! HEADER_PQUEUE_H */
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
deleted file mode 100644
index c6920e2b34..0000000000
--- a/src/lib/libssl/s23_clnt.c
+++ /dev/null
@@ -1,480 +0,0 @@
1/* $OpenBSD: s23_clnt.c,v 1.46 2015/09/11 18:08:21 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include "ssl_locl.h"
115
116#include <openssl/buffer.h>
117#include <openssl/evp.h>
118#include <openssl/objects.h>
119
120static int ssl23_client_hello(SSL *s);
121static int ssl23_get_server_hello(SSL *s);
122
123int
124ssl23_connect(SSL *s)
125{
126 void (*cb)(const SSL *ssl, int type, int val) = NULL;
127 int ret = -1;
128 int new_state, state;
129
130 ERR_clear_error();
131 errno = 0;
132
133 if (s->info_callback != NULL)
134 cb = s->info_callback;
135 else if (s->ctx->info_callback != NULL)
136 cb = s->ctx->info_callback;
137
138 s->in_handshake++;
139 if (!SSL_in_init(s) || SSL_in_before(s))
140 SSL_clear(s);
141
142 for (;;) {
143 state = s->state;
144
145 switch (s->state) {
146 case SSL_ST_BEFORE:
147 case SSL_ST_CONNECT:
148 case SSL_ST_BEFORE|SSL_ST_CONNECT:
149 case SSL_ST_OK|SSL_ST_CONNECT:
150
151 if (s->session != NULL) {
152 SSLerr(SSL_F_SSL23_CONNECT, SSL_R_SSL23_DOING_SESSION_ID_REUSE);
153 ret = -1;
154 goto end;
155 }
156 s->server = 0;
157 if (cb != NULL)
158 cb(s, SSL_CB_HANDSHAKE_START, 1);
159
160 /* s->version=TLS1_VERSION; */
161 s->type = SSL_ST_CONNECT;
162
163 if (!ssl3_setup_init_buffer(s)) {
164 ret = -1;
165 goto end;
166 }
167 if (!ssl3_setup_buffers(s)) {
168 ret = -1;
169 goto end;
170 }
171 if (!tls1_init_finished_mac(s)) {
172 ret = -1;
173 goto end;
174 }
175
176 s->state = SSL23_ST_CW_CLNT_HELLO_A;
177 s->ctx->stats.sess_connect++;
178 s->init_num = 0;
179 break;
180
181 case SSL23_ST_CW_CLNT_HELLO_A:
182 case SSL23_ST_CW_CLNT_HELLO_B:
183
184 s->shutdown = 0;
185 ret = ssl23_client_hello(s);
186 if (ret <= 0)
187 goto end;
188 s->state = SSL23_ST_CR_SRVR_HELLO_A;
189 s->init_num = 0;
190
191 break;
192
193 case SSL23_ST_CR_SRVR_HELLO_A:
194 case SSL23_ST_CR_SRVR_HELLO_B:
195 ret = ssl23_get_server_hello(s);
196 if (ret >= 0)
197 cb = NULL;
198 goto end;
199 /* break; */
200
201 default:
202 SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
203 ret = -1;
204 goto end;
205 /* break; */
206 }
207
208 if (s->debug) {
209 (void)BIO_flush(s->wbio);
210 }
211
212 if ((cb != NULL) && (s->state != state)) {
213 new_state = s->state;
214 s->state = state;
215 cb(s, SSL_CB_CONNECT_LOOP, 1);
216 s->state = new_state;
217 }
218 }
219
220end:
221 s->in_handshake--;
222 if (cb != NULL)
223 cb(s, SSL_CB_CONNECT_EXIT, ret);
224
225 return (ret);
226}
227
228static int
229ssl23_client_hello(SSL *s)
230{
231 unsigned char *buf;
232 unsigned char *p, *d;
233 int i;
234 unsigned long l;
235 int version = 0, version_major, version_minor;
236 int ret;
237 unsigned long mask, options = s->options;
238
239 /*
240 * SSL_OP_NO_X disables all protocols above X *if* there are
241 * some protocols below X enabled. This is required in order
242 * to maintain "version capability" vector contiguous. So
243 * that if application wants to disable TLS1.0 in favour of
244 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
245 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
246 */
247 mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1;
248 version = TLS1_2_VERSION;
249
250 if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
251 version = TLS1_1_VERSION;
252 mask &= ~SSL_OP_NO_TLSv1_1;
253 if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
254 version = TLS1_VERSION;
255 mask &= ~SSL_OP_NO_TLSv1;
256
257 buf = (unsigned char *)s->init_buf->data;
258 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
259 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
260
261 if (version == TLS1_2_VERSION) {
262 version_major = TLS1_2_VERSION_MAJOR;
263 version_minor = TLS1_2_VERSION_MINOR;
264 } else if (version == TLS1_1_VERSION) {
265 version_major = TLS1_1_VERSION_MAJOR;
266 version_minor = TLS1_1_VERSION_MINOR;
267 } else if (version == TLS1_VERSION) {
268 version_major = TLS1_VERSION_MAJOR;
269 version_minor = TLS1_VERSION_MINOR;
270 } else {
271 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
272 SSL_R_NO_PROTOCOLS_AVAILABLE);
273 return (-1);
274 }
275
276 s->client_version = version;
277
278 /* create Client Hello in SSL 3.0/TLS 1.0 format */
279
280 /*
281 * Do the record header (5 bytes) and handshake
282 * message header (4 bytes) last
283 */
284 d = p = &(buf[SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH]);
285
286 *(p++) = version_major;
287 *(p++) = version_minor;
288
289 /* Random stuff */
290 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
291 p += SSL3_RANDOM_SIZE;
292
293 /* Session ID (zero since there is no reuse) */
294 *(p++) = 0;
295
296 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
297 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
298 if (i == 0) {
299 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
300 SSL_R_NO_CIPHERS_AVAILABLE);
301 return -1;
302 }
303 s2n(i, p);
304 p += i;
305
306 /* add in (no) COMPRESSION */
307 *(p++) = 1;
308 /* Add the NULL method */
309 *(p++) = 0;
310
311 /* TLS extensions*/
312 if ((p = ssl_add_clienthello_tlsext(s, p,
313 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
314 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
315 return -1;
316 }
317
318 l = p - d;
319
320 /* fill in 4-byte handshake header */
321 d = &(buf[SSL3_RT_HEADER_LENGTH]);
322 *(d++) = SSL3_MT_CLIENT_HELLO;
323 l2n3(l, d);
324
325 l += 4;
326
327 if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
328 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
329 return -1;
330 }
331
332 /* fill in 5-byte record header */
333 d = buf;
334 *(d++) = SSL3_RT_HANDSHAKE;
335 *(d++) = version_major;
336
337 /*
338 * Some servers hang if we use long client hellos
339 * and a record number > TLS 1.0.
340 */
341 if (TLS1_get_client_version(s) > TLS1_VERSION)
342 *(d++) = 1;
343 else
344 *(d++) = version_minor;
345 s2n((int)l, d);
346
347 /* number of bytes to write */
348 s->init_num = p - buf;
349 s->init_off = 0;
350
351 tls1_finish_mac(s, &(buf[SSL3_RT_HEADER_LENGTH]),
352 s->init_num - SSL3_RT_HEADER_LENGTH);
353
354 s->state = SSL23_ST_CW_CLNT_HELLO_B;
355 s->init_off = 0;
356 }
357
358 /* SSL3_ST_CW_CLNT_HELLO_B */
359 ret = ssl23_write_bytes(s);
360
361 if ((ret >= 2) && s->msg_callback) {
362 /* Client Hello has been sent; tell msg_callback */
363
364 s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
365 s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
366 }
367
368 return ret;
369}
370
371static int
372ssl23_get_server_hello(SSL *s)
373{
374 char buf[8];
375 unsigned char *p;
376 int i;
377 int n;
378
379 n = ssl23_read_bytes(s, 7);
380
381 if (n != 7)
382 return (n);
383 p = s->packet;
384
385 memcpy(buf, p, n);
386
387 /* Old unsupported sslv2 handshake */
388 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
389 (p[5] == 0x00) && (p[6] == 0x02)) {
390 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
391 SSL_R_UNSUPPORTED_PROTOCOL);
392 goto err;
393 }
394
395 if (p[1] == SSL3_VERSION_MAJOR &&
396 p[2] <= TLS1_2_VERSION_MINOR &&
397 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
398 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
399 /* we have sslv3 or tls1 (server hello or alert) */
400
401 if ((p[2] == TLS1_VERSION_MINOR) &&
402 !(s->options & SSL_OP_NO_TLSv1)) {
403 s->version = TLS1_VERSION;
404 s->method = TLSv1_client_method();
405 } else if ((p[2] == TLS1_1_VERSION_MINOR) &&
406 !(s->options & SSL_OP_NO_TLSv1_1)) {
407 s->version = TLS1_1_VERSION;
408 s->method = TLSv1_1_client_method();
409 } else if ((p[2] == TLS1_2_VERSION_MINOR) &&
410 !(s->options & SSL_OP_NO_TLSv1_2)) {
411 s->version = TLS1_2_VERSION;
412 s->method = TLSv1_2_client_method();
413 } else {
414 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
415 SSL_R_UNSUPPORTED_PROTOCOL);
416 goto err;
417 }
418
419 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
420 /* fatal alert */
421 void (*cb)(const SSL *ssl, int type, int val) = NULL;
422 int j;
423
424 if (s->info_callback != NULL)
425 cb = s->info_callback;
426 else if (s->ctx->info_callback != NULL)
427 cb = s->ctx->info_callback;
428
429 i = p[5];
430 if (cb != NULL) {
431 j = (i << 8) | p[6];
432 cb(s, SSL_CB_READ_ALERT, j);
433 }
434
435 if (s->msg_callback)
436 s->msg_callback(0, s->version, SSL3_RT_ALERT,
437 p + 5, 2, s, s->msg_callback_arg);
438
439 s->rwstate = SSL_NOTHING;
440 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
441 SSL_AD_REASON_OFFSET + p[6]);
442 goto err;
443 }
444
445 if (!ssl_init_wbio_buffer(s, 1))
446 goto err;
447
448 /* we are in this state */
449 s->state = SSL3_ST_CR_SRVR_HELLO_A;
450
451 /* put the 7 bytes we have read into the input buffer
452 * for SSLv3 */
453 s->rstate = SSL_ST_READ_HEADER;
454 s->packet_length = n;
455 if (s->s3->rbuf.buf == NULL)
456 if (!ssl3_setup_read_buffer(s))
457 goto err;
458 s->packet = &(s->s3->rbuf.buf[0]);
459 memcpy(s->packet, buf, n);
460 s->s3->rbuf.left = n;
461 s->s3->rbuf.offset = 0;
462
463 s->handshake_func = s->method->ssl_connect;
464 } else {
465 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
466 goto err;
467 }
468 s->init_num = 0;
469
470 /*
471 * Since, if we are sending a ssl23 client hello, we are not
472 * reusing a session-id
473 */
474 if (!ssl_get_new_session(s, 0))
475 goto err;
476
477 return (SSL_connect(s));
478err:
479 return (-1);
480}
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
deleted file mode 100644
index cd594aa3c9..0000000000
--- a/src/lib/libssl/s23_lib.c
+++ /dev/null
@@ -1,132 +0,0 @@
1/* $OpenBSD: s23_lib.c,v 1.18 2014/11/16 14:12:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/objects.h>
62
63#include "ssl_locl.h"
64
65long
66ssl23_default_timeout(void)
67{
68 return (300);
69}
70
71int
72ssl23_read(SSL *s, void *buf, int len)
73{
74 int n;
75
76 errno = 0;
77 if (SSL_in_init(s) && (!s->in_handshake)) {
78 n = s->handshake_func(s);
79 if (n < 0)
80 return (n);
81 if (n == 0) {
82 SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
83 return (-1);
84 }
85 return (SSL_read(s, buf, len));
86 } else {
87 ssl_undefined_function(s);
88 return (-1);
89 }
90}
91
92int
93ssl23_peek(SSL *s, void *buf, int len)
94{
95 int n;
96
97 errno = 0;
98 if (SSL_in_init(s) && (!s->in_handshake)) {
99 n = s->handshake_func(s);
100 if (n < 0)
101 return (n);
102 if (n == 0) {
103 SSLerr(SSL_F_SSL23_PEEK, SSL_R_SSL_HANDSHAKE_FAILURE);
104 return (-1);
105 }
106 return (SSL_peek(s, buf, len));
107 } else {
108 ssl_undefined_function(s);
109 return (-1);
110 }
111}
112
113int
114ssl23_write(SSL *s, const void *buf, int len)
115{
116 int n;
117
118 errno = 0;
119 if (SSL_in_init(s) && (!s->in_handshake)) {
120 n = s->handshake_func(s);
121 if (n < 0)
122 return (n);
123 if (n == 0) {
124 SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
125 return (-1);
126 }
127 return (SSL_write(s, buf, len));
128 } else {
129 ssl_undefined_function(s);
130 return (-1);
131 }
132}
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
deleted file mode 100644
index 2081f48f08..0000000000
--- a/src/lib/libssl/s23_pkt.c
+++ /dev/null
@@ -1,116 +0,0 @@
1/* $OpenBSD: s23_pkt.c,v 1.9 2014/11/16 14:12:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <errno.h>
60#include <stdio.h>
61
62#include "ssl_locl.h"
63
64#include <openssl/buffer.h>
65#include <openssl/evp.h>
66
67int
68ssl23_write_bytes(SSL *s)
69{
70 int i, num, tot;
71 char *buf;
72
73 buf = s->init_buf->data;
74 tot = s->init_off;
75 num = s->init_num;
76 for (;;) {
77 s->rwstate = SSL_WRITING;
78 i = BIO_write(s->wbio, &(buf[tot]), num);
79 if (i <= 0) {
80 s->init_off = tot;
81 s->init_num = num;
82 return (i);
83 }
84 s->rwstate = SSL_NOTHING;
85 if (i == num)
86 return (tot + i);
87
88 num -= i;
89 tot += i;
90 }
91}
92
93/* return regularly only when we have read (at least) 'n' bytes */
94int
95ssl23_read_bytes(SSL *s, int n)
96{
97 unsigned char *p;
98 int j;
99
100 if (s->packet_length < (unsigned int)n) {
101 p = s->packet;
102
103 for (;;) {
104 s->rwstate = SSL_READING;
105 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
106 n - s->packet_length);
107 if (j <= 0)
108 return (j);
109 s->rwstate = SSL_NOTHING;
110 s->packet_length += j;
111 if (s->packet_length >= (unsigned int)n)
112 return (s->packet_length);
113 }
114 }
115 return (n);
116}
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
deleted file mode 100644
index ed476c70d1..0000000000
--- a/src/lib/libssl/s23_srvr.c
+++ /dev/null
@@ -1,514 +0,0 @@
1/* $OpenBSD: s23_srvr.c,v 1.47 2016/07/16 04:42:35 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include "ssl_locl.h"
115
116#include <openssl/buffer.h>
117#include <openssl/evp.h>
118#include <openssl/objects.h>
119
120int ssl23_get_client_hello(SSL *s);
121
122int
123ssl23_accept(SSL *s)
124{
125 void (*cb)(const SSL *ssl, int type, int val) = NULL;
126 int ret = -1;
127 int new_state, state;
128
129 ERR_clear_error();
130 errno = 0;
131
132 if (s->info_callback != NULL)
133 cb = s->info_callback;
134 else if (s->ctx->info_callback != NULL)
135 cb = s->ctx->info_callback;
136
137 s->in_handshake++;
138 if (!SSL_in_init(s) || SSL_in_before(s))
139 SSL_clear(s);
140
141 for (;;) {
142 state = s->state;
143
144 switch (s->state) {
145 case SSL_ST_BEFORE:
146 case SSL_ST_ACCEPT:
147 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
148 case SSL_ST_OK|SSL_ST_ACCEPT:
149
150 s->server = 1;
151 if (cb != NULL)
152 cb(s, SSL_CB_HANDSHAKE_START, 1);
153
154 /* s->version=SSL3_VERSION; */
155 s->type = SSL_ST_ACCEPT;
156
157 if (!ssl3_setup_init_buffer(s)) {
158 ret = -1;
159 goto end;
160 }
161 if (!tls1_init_finished_mac(s)) {
162 ret = -1;
163 goto end;
164 }
165
166 s->state = SSL23_ST_SR_CLNT_HELLO_A;
167 s->ctx->stats.sess_accept++;
168 s->init_num = 0;
169 break;
170
171 case SSL23_ST_SR_CLNT_HELLO_A:
172 case SSL23_ST_SR_CLNT_HELLO_B:
173
174 s->shutdown = 0;
175 ret = ssl23_get_client_hello(s);
176 if (ret >= 0)
177 cb = NULL;
178 goto end;
179 /* break; */
180
181 default:
182 SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
183 ret = -1;
184 goto end;
185 /* break; */
186 }
187
188 if ((cb != NULL) && (s->state != state)) {
189 new_state = s->state;
190 s->state = state;
191 cb(s, SSL_CB_ACCEPT_LOOP, 1);
192 s->state = new_state;
193 }
194 }
195
196end:
197 s->in_handshake--;
198 if (cb != NULL)
199 cb(s, SSL_CB_ACCEPT_EXIT, ret);
200
201 return (ret);
202}
203
204
205int
206ssl23_get_client_hello(SSL *s)
207{
208 char buf[11];
209 /*
210 * sizeof(buf) == 11, because we'll need to request this many bytes in
211 * the initial read.
212 * We can detect SSL 3.0/TLS 1.0 Client Hellos ('type == 3') correctly
213 * only when the following is in a single record, which is not
214 * guaranteed by the protocol specification:
215 * Byte Content
216 * 0 type \
217 * 1/2 version > record header
218 * 3/4 length /
219 * 5 msg_type \
220 * 6-8 length > Client Hello message
221 * 9/10 client_version /
222 */
223 unsigned char *p, *d, *d_len, *dd;
224 unsigned int i;
225 unsigned int csl, sil, cl;
226 int n = 0, j;
227 int type = 0;
228 int v[2];
229
230 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
231 /* read the initial header */
232 v[0] = v[1] = 0;
233
234 if (!ssl3_setup_buffers(s))
235 return -1;
236
237 n = ssl23_read_bytes(s, sizeof buf);
238 if (n != sizeof buf)
239 return(n);
240
241 p = s->packet;
242
243 memcpy(buf, p, n);
244
245 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
246 /*
247 * SSLv2 header
248 */
249 if ((p[3] == 0x00) && (p[4] == 0x02)) {
250 /* SSLv2 support has been removed */
251 goto unsupported;
252
253 } else if (p[3] == SSL3_VERSION_MAJOR) {
254 v[0] = p[3];
255 v[1] = p[4];
256 /* SSLv3/TLS */
257
258 if (p[4] >= TLS1_VERSION_MINOR) {
259 if (p[4] >= TLS1_2_VERSION_MINOR &&
260 !(s->options & SSL_OP_NO_TLSv1_2)) {
261 s->version = TLS1_2_VERSION;
262 s->state = SSL23_ST_SR_CLNT_HELLO_B;
263 } else if (p[4] >= TLS1_1_VERSION_MINOR &&
264 !(s->options & SSL_OP_NO_TLSv1_1)) {
265 s->version = TLS1_1_VERSION;
266 /* type=2; */ /* done later to survive restarts */
267 s->state = SSL23_ST_SR_CLNT_HELLO_B;
268 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
269 s->version = TLS1_VERSION;
270 /* type=2; */ /* done later to survive restarts */
271 s->state = SSL23_ST_SR_CLNT_HELLO_B;
272 } else {
273 goto unsupported;
274 }
275 } else {
276 /* SSLv3 support has been removed */
277 goto unsupported;
278 }
279 }
280 } else if ((p[0] == SSL3_RT_HANDSHAKE) &&
281 (p[1] == SSL3_VERSION_MAJOR) &&
282 (p[5] == SSL3_MT_CLIENT_HELLO) &&
283 ((p[3] == 0 && p[4] < 5 /* silly record length? */) ||
284 (p[9] >= p[1]))) {
285 /*
286 * SSLv3 or tls1 header
287 */
288
289 v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
290 /* We must look at client_version inside the Client Hello message
291 * to get the correct minor version.
292 * However if we have only a pathologically small fragment of the
293 * Client Hello message, this would be difficult, and we'd have
294 * to read more records to find out.
295 * No known SSL 3.0 client fragments ClientHello like this,
296 * so we simply reject such connections to avoid
297 * protocol version downgrade attacks. */
298 if (p[3] == 0 && p[4] < 6) {
299 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
300 SSL_R_RECORD_TOO_SMALL);
301 return -1;
302 }
303 /* if major version number > 3 set minor to a value
304 * which will use the highest version 3 we support.
305 * If TLS 2.0 ever appears we will need to revise
306 * this....
307 */
308 if (p[9] > SSL3_VERSION_MAJOR)
309 v[1] = 0xff;
310 else
311 v[1] = p[10]; /* minor version according to client_version */
312 if (v[1] >= TLS1_VERSION_MINOR) {
313 if (v[1] >= TLS1_2_VERSION_MINOR &&
314 !(s->options & SSL_OP_NO_TLSv1_2)) {
315 s->version = TLS1_2_VERSION;
316 type = 3;
317 } else if (v[1] >= TLS1_1_VERSION_MINOR &&
318 !(s->options & SSL_OP_NO_TLSv1_1)) {
319 s->version = TLS1_1_VERSION;
320 type = 3;
321 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
322 s->version = TLS1_VERSION;
323 type = 3;
324 } else {
325 goto unsupported;
326 }
327 } else {
328 /* SSLv3 */
329 if (!(s->options & SSL_OP_NO_TLSv1)) {
330 /* we won't be able to use TLS of course,
331 * but this will send an appropriate alert */
332 s->version = TLS1_VERSION;
333 type = 3;
334 } else {
335 goto unsupported;
336 }
337 }
338 }
339 else if ((strncmp("GET ", (char *)p, 4) == 0) ||
340 (strncmp("POST ",(char *)p, 5) == 0) ||
341 (strncmp("HEAD ",(char *)p, 5) == 0) ||
342 (strncmp("PUT ", (char *)p, 4) == 0)) {
343 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
344 return -1;
345 } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
346 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
347 return -1;
348 }
349 }
350
351 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
352 /* we have SSLv3/TLSv1 in an SSLv2 header
353 * (other cases skip this state) */
354
355 /*
356 * Limit the support of "backward compatible" headers
357 * only to "backward" versions of TLS. If we have moved
358 * on to modernity, just say no.
359 */
360 if (s->options & SSL_OP_NO_TLSv1)
361 goto unsupported;
362
363 type = 2;
364 p = s->packet;
365 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
366 v[1] = p[4];
367
368 /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
369 * header is sent directly on the wire, not wrapped as a TLS
370 * record. It's format is:
371 * Byte Content
372 * 0-1 msg_length
373 * 2 msg_type
374 * 3-4 version
375 * 5-6 cipher_spec_length
376 * 7-8 session_id_length
377 * 9-10 challenge_length
378 * ... ...
379 */
380 n = ((p[0] & 0x7f) << 8) | p[1];
381 if (n > (1024 * 4)) {
382 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
383 return -1;
384 }
385 if (n < 9) {
386 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
387 SSL_R_RECORD_LENGTH_MISMATCH);
388 return -1;
389 }
390
391 j = ssl23_read_bytes(s, n + 2);
392 if (j != n + 2)
393 return -1;
394
395 tls1_finish_mac(s, s->packet + 2, s->packet_length - 2);
396 if (s->msg_callback)
397 s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
398 s->packet_length - 2, s, s->msg_callback_arg);
399
400 p = s->packet;
401 p += 5;
402 n2s(p, csl);
403 n2s(p, sil);
404 n2s(p, cl);
405 d = (unsigned char *)s->init_buf->data;
406 if ((csl + sil + cl + 11) != s->packet_length) {
407 /*
408 * We can't have TLS extensions in SSL 2.0 format
409 * Client Hello, can we ? Error condition should be
410 * '>' otherwise
411 */
412 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
413 SSL_R_RECORD_LENGTH_MISMATCH);
414 return -1;
415 }
416
417 /* record header: msg_type ... */
418 *(d++) = SSL3_MT_CLIENT_HELLO;
419 /* ... and length (actual value will be written later) */
420 d_len = d;
421 d += 3;
422
423 /* client_version */
424 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
425 *(d++) = v[1];
426
427 /* lets populate the random area */
428 /* get the challenge_length */
429 i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
430 memset(d, 0, SSL3_RANDOM_SIZE);
431 memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
432 d += SSL3_RANDOM_SIZE;
433
434 /* no session-id reuse */
435 *(d++) = 0;
436
437 /* ciphers */
438 j = 0;
439 dd = d;
440 d += 2;
441 for (i = 0; i < csl; i += 3) {
442 if (p[i] != 0)
443 continue;
444 *(d++) = p[i + 1];
445 *(d++) = p[i + 2];
446 j += 2;
447 }
448 s2n(j, dd);
449
450 /* add in (no) COMPRESSION */
451 *(d++) = 1;
452 *(d++) = 0;
453
454 i = (d - (unsigned char *)s->init_buf->data) - 4;
455 l2n3((long)i, d_len);
456
457 /* get the data reused from the init_buf */
458 s->s3->tmp.reuse_message = 1;
459 s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
460 s->s3->tmp.message_size = i;
461 }
462
463 /* imaginary new state (for program structure): */
464 /* s->state = SSL23_SR_CLNT_HELLO_C */
465
466 if (type == 2 || type == 3) {
467 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
468
469 if (!ssl_init_wbio_buffer(s, 1))
470 return -1;
471
472 /* we are in this state */
473 s->state = SSL3_ST_SR_CLNT_HELLO_A;
474
475 if (type == 3) {
476 /* put the 'n' bytes we have read into the input buffer
477 * for SSLv3 */
478 s->rstate = SSL_ST_READ_HEADER;
479 s->packet_length = n;
480 if (s->s3->rbuf.buf == NULL)
481 if (!ssl3_setup_read_buffer(s))
482 return -1;
483
484 s->packet = &(s->s3->rbuf.buf[0]);
485 memcpy(s->packet, buf, n);
486 s->s3->rbuf.left = n;
487 s->s3->rbuf.offset = 0;
488 } else {
489 s->packet_length = 0;
490 s->s3->rbuf.left = 0;
491 s->s3->rbuf.offset = 0;
492 }
493 if (s->version == TLS1_2_VERSION)
494 s->method = TLSv1_2_server_method();
495 else if (s->version == TLS1_1_VERSION)
496 s->method = TLSv1_1_server_method();
497 else if (s->version == TLS1_VERSION)
498 s->method = TLSv1_server_method();
499 else
500 goto unsupported;
501 s->handshake_func = s->method->ssl_accept;
502 } else {
503 /* bad, very bad */
504 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
505 return -1;
506 }
507 s->init_num = 0;
508
509 return (SSL_accept(s));
510
511 unsupported:
512 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
513 return -1;
514}
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
deleted file mode 100644
index cfd0fb9b4b..0000000000
--- a/src/lib/libssl/s3_both.c
+++ /dev/null
@@ -1,743 +0,0 @@
1/* $OpenBSD: s3_both.c,v 1.48 2015/09/12 15:03:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <limits.h>
118#include <stdio.h>
119#include <string.h>
120
121#include "ssl_locl.h"
122
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125#include <openssl/objects.h>
126#include <openssl/x509.h>
127
128#include "bytestring.h"
129
130/*
131 * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
132 * SSL3_RT_CHANGE_CIPHER_SPEC).
133 */
134int
135ssl3_do_write(SSL *s, int type)
136{
137 int ret;
138
139 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
140 s->init_num);
141 if (ret < 0)
142 return (-1);
143
144 if (type == SSL3_RT_HANDSHAKE)
145 /*
146 * Should not be done for 'Hello Request's, but in that case
147 * we'll ignore the result anyway.
148 */
149 tls1_finish_mac(s,
150 (unsigned char *)&s->init_buf->data[s->init_off], ret);
151
152 if (ret == s->init_num) {
153 if (s->msg_callback)
154 s->msg_callback(1, s->version, type, s->init_buf->data,
155 (size_t)(s->init_off + s->init_num), s,
156 s->msg_callback_arg);
157 return (1);
158 }
159
160 s->init_off += ret;
161 s->init_num -= ret;
162
163 return (0);
164}
165
166int
167ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
168{
169 unsigned char *p;
170 int md_len;
171
172 if (s->state == a) {
173 md_len = s->method->ssl3_enc->finish_mac_length;
174 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
175
176 if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
177 s->s3->tmp.finish_md) != md_len)
178 return (0);
179 s->s3->tmp.finish_md_len = md_len;
180
181 /* Copy finished so we can use it for renegotiation checks. */
182 if (s->type == SSL_ST_CONNECT) {
183 memcpy(s->s3->previous_client_finished,
184 s->s3->tmp.finish_md, md_len);
185 s->s3->previous_client_finished_len = md_len;
186 } else {
187 memcpy(s->s3->previous_server_finished,
188 s->s3->tmp.finish_md, md_len);
189 s->s3->previous_server_finished_len = md_len;
190 }
191
192 p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED);
193 memcpy(p, s->s3->tmp.finish_md, md_len);
194 ssl3_handshake_msg_finish(s, md_len);
195
196 s->state = b;
197 }
198
199 return (ssl3_handshake_write(s));
200}
201
202/*
203 * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
204 * so far.
205 */
206static void
207ssl3_take_mac(SSL *s)
208{
209 const char *sender;
210 int slen;
211
212 /*
213 * If no new cipher setup return immediately: other functions will
214 * set the appropriate error.
215 */
216 if (s->s3->tmp.new_cipher == NULL)
217 return;
218
219 if (s->state & SSL_ST_CONNECT) {
220 sender = s->method->ssl3_enc->server_finished_label;
221 slen = s->method->ssl3_enc->server_finished_label_len;
222 } else {
223 sender = s->method->ssl3_enc->client_finished_label;
224 slen = s->method->ssl3_enc->client_finished_label_len;
225 }
226
227 s->s3->tmp.peer_finish_md_len =
228 s->method->ssl3_enc->final_finish_mac(s, sender, slen,
229 s->s3->tmp.peer_finish_md);
230}
231
232int
233ssl3_get_finished(SSL *s, int a, int b)
234{
235 int al, ok, md_len;
236 long n;
237 CBS cbs;
238
239 /* should actually be 36+4 :-) */
240 n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
241 if (!ok)
242 return ((int)n);
243
244 /* If this occurs, we have missed a message */
245 if (!s->s3->change_cipher_spec) {
246 al = SSL_AD_UNEXPECTED_MESSAGE;
247 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
248 goto f_err;
249 }
250 s->s3->change_cipher_spec = 0;
251
252 md_len = s->method->ssl3_enc->finish_mac_length;
253
254 if (n < 0) {
255 al = SSL_AD_DECODE_ERROR;
256 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
257 goto f_err;
258 }
259
260 CBS_init(&cbs, s->init_msg, n);
261
262 if (s->s3->tmp.peer_finish_md_len != md_len ||
263 CBS_len(&cbs) != md_len) {
264 al = SSL_AD_DECODE_ERROR;
265 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
266 goto f_err;
267 }
268
269 if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) {
270 al = SSL_AD_DECRYPT_ERROR;
271 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
272 goto f_err;
273 }
274
275 /* Copy finished so we can use it for renegotiation checks. */
276 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
277 if (s->type == SSL_ST_ACCEPT) {
278 memcpy(s->s3->previous_client_finished,
279 s->s3->tmp.peer_finish_md, md_len);
280 s->s3->previous_client_finished_len = md_len;
281 } else {
282 memcpy(s->s3->previous_server_finished,
283 s->s3->tmp.peer_finish_md, md_len);
284 s->s3->previous_server_finished_len = md_len;
285 }
286
287 return (1);
288f_err:
289 ssl3_send_alert(s, SSL3_AL_FATAL, al);
290 return (0);
291}
292
293/* for these 2 messages, we need to
294 * ssl->enc_read_ctx re-init
295 * ssl->s3->read_sequence zero
296 * ssl->s3->read_mac_secret re-init
297 * ssl->session->read_sym_enc assign
298 * ssl->session->read_hash assign
299 */
300int
301ssl3_send_change_cipher_spec(SSL *s, int a, int b)
302{
303 unsigned char *p;
304
305 if (s->state == a) {
306 p = (unsigned char *)s->init_buf->data;
307 *p = SSL3_MT_CCS;
308 s->init_num = 1;
309 s->init_off = 0;
310
311 s->state = b;
312 }
313
314 /* SSL3_ST_CW_CHANGE_B */
315 return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
316}
317
318static int
319ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
320{
321 int n;
322 unsigned char *p;
323
324 n = i2d_X509(x, NULL);
325 if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
326 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
327 return (-1);
328 }
329 /* XXX */
330 p = (unsigned char *)&(buf->data[*l]);
331 l2n3(n, p);
332 i2d_X509(x, &p);
333 *l += n + 3;
334
335 return (0);
336}
337
338unsigned long
339ssl3_output_cert_chain(SSL *s, X509 *x)
340{
341 unsigned char *p;
342 unsigned long l = ssl3_handshake_msg_hdr_len(s) + 3;
343 BUF_MEM *buf;
344 int no_chain;
345 int i;
346
347 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
348 no_chain = 1;
349 else
350 no_chain = 0;
351
352 /* TLSv1 sends a chain with nothing in it, instead of an alert */
353 buf = s->init_buf;
354 if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 6)) {
355 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
356 return (0);
357 }
358 if (x != NULL) {
359 if (no_chain) {
360 if (ssl3_add_cert_to_buf(buf, &l, x))
361 return (0);
362 } else {
363 X509_STORE_CTX xs_ctx;
364
365 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
366 x, NULL)) {
367 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
368 ERR_R_X509_LIB);
369 return (0);
370 }
371 X509_verify_cert(&xs_ctx);
372
373 /* Don't leave errors in the queue. */
374 ERR_clear_error();
375 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
376 x = sk_X509_value(xs_ctx.chain, i);
377 if (ssl3_add_cert_to_buf(buf, &l, x)) {
378 X509_STORE_CTX_cleanup(&xs_ctx);
379 return 0;
380 }
381 }
382 X509_STORE_CTX_cleanup(&xs_ctx);
383 }
384 }
385 /* Thawte special :-) */
386 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
387 x = sk_X509_value(s->ctx->extra_certs, i);
388 if (ssl3_add_cert_to_buf(buf, &l, x))
389 return (0);
390 }
391
392 l -= ssl3_handshake_msg_hdr_len(s) + 3;
393 p = (unsigned char *)&(buf->data[4]);
394 l2n3(l, p);
395 l += 3;
396 p = (unsigned char *)&(buf->data[0]);
397 *(p++) = SSL3_MT_CERTIFICATE;
398 l2n3(l, p);
399 l += 4; /* XXX */
400 return (l);
401}
402
403/*
404 * Obtain handshake message of message type 'mt' (any if mt == -1),
405 * maximum acceptable body length 'max'.
406 * The first four bytes (msg_type and length) are read in state 'st1',
407 * the body is read in state 'stn'.
408 */
409long
410ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
411{
412 unsigned char *p;
413 uint32_t l;
414 long n;
415 int i, al;
416 CBS cbs;
417 uint8_t u8;
418
419 if (s->s3->tmp.reuse_message) {
420 s->s3->tmp.reuse_message = 0;
421 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
422 al = SSL_AD_UNEXPECTED_MESSAGE;
423 SSLerr(SSL_F_SSL3_GET_MESSAGE,
424 SSL_R_UNEXPECTED_MESSAGE);
425 goto f_err;
426 }
427 *ok = 1;
428 s->init_msg = s->init_buf->data + 4;
429 s->init_num = (int)s->s3->tmp.message_size;
430 return s->init_num;
431 }
432
433 p = (unsigned char *)s->init_buf->data;
434
435 /* s->init_num < 4 */
436 if (s->state == st1) {
437 int skip_message;
438
439 do {
440 while (s->init_num < 4) {
441 i = s->method->ssl_read_bytes(s,
442 SSL3_RT_HANDSHAKE, &p[s->init_num],
443 4 - s->init_num, 0);
444 if (i <= 0) {
445 s->rwstate = SSL_READING;
446 *ok = 0;
447 return i;
448 }
449 s->init_num += i;
450 }
451
452 skip_message = 0;
453 if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) {
454 /*
455 * The server may always send 'Hello Request'
456 * messages -- we are doing a handshake anyway
457 * now, so ignore them if their format is
458 * correct. Does not count for 'Finished' MAC.
459 */
460 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
461 s->init_num = 0;
462 skip_message = 1;
463
464 if (s->msg_callback)
465 s->msg_callback(0, s->version,
466 SSL3_RT_HANDSHAKE, p, 4, s,
467 s->msg_callback_arg);
468 }
469 }
470 } while (skip_message);
471
472 /* s->init_num == 4 */
473
474 if ((mt >= 0) && (*p != mt)) {
475 al = SSL_AD_UNEXPECTED_MESSAGE;
476 SSLerr(SSL_F_SSL3_GET_MESSAGE,
477 SSL_R_UNEXPECTED_MESSAGE);
478 goto f_err;
479 }
480
481 /* XXX remove call to n2l3 */
482 CBS_init(&cbs, p, 4);
483 if (!CBS_get_u8(&cbs, &u8) ||
484 !CBS_get_u24(&cbs, &l)) {
485 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
486 goto err;
487 }
488 s->s3->tmp.message_type = u8;
489
490 if (l > (unsigned long)max) {
491 al = SSL_AD_ILLEGAL_PARAMETER;
492 SSLerr(SSL_F_SSL3_GET_MESSAGE,
493 SSL_R_EXCESSIVE_MESSAGE_SIZE);
494 goto f_err;
495 }
496 if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
497 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
498 goto err;
499 }
500 s->s3->tmp.message_size = l;
501 s->state = stn;
502
503 s->init_msg = s->init_buf->data + 4;
504 s->init_num = 0;
505 }
506
507 /* next state (stn) */
508 p = s->init_msg;
509 n = s->s3->tmp.message_size - s->init_num;
510 while (n > 0) {
511 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
512 &p[s->init_num], n, 0);
513 if (i <= 0) {
514 s->rwstate = SSL_READING;
515 *ok = 0;
516 return i;
517 }
518 s->init_num += i;
519 n -= i;
520 }
521
522 /* If receiving Finished, record MAC of prior handshake messages for
523 * Finished verification. */
524 if (*s->init_buf->data == SSL3_MT_FINISHED)
525 ssl3_take_mac(s);
526
527 /* Feed this message into MAC computation. */
528 tls1_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
529 if (s->msg_callback)
530 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
531 s->init_buf->data, (size_t)s->init_num + 4, s,
532 s->msg_callback_arg);
533
534 *ok = 1;
535 return (s->init_num);
536
537f_err:
538 ssl3_send_alert(s, SSL3_AL_FATAL, al);
539err:
540 *ok = 0;
541 return (-1);
542}
543
544int
545ssl_cert_type(X509 *x, EVP_PKEY *pkey)
546{
547 EVP_PKEY *pk;
548 int ret = -1, i;
549
550 if (pkey == NULL)
551 pk = X509_get_pubkey(x);
552 else
553 pk = pkey;
554 if (pk == NULL)
555 goto err;
556
557 i = pk->type;
558 if (i == EVP_PKEY_RSA) {
559 ret = SSL_PKEY_RSA_ENC;
560 } else if (i == EVP_PKEY_DSA) {
561 ret = SSL_PKEY_DSA_SIGN;
562 } else if (i == EVP_PKEY_EC) {
563 ret = SSL_PKEY_ECC;
564 } else if (i == NID_id_GostR3410_2001 ||
565 i == NID_id_GostR3410_2001_cc) {
566 ret = SSL_PKEY_GOST01;
567 }
568
569err:
570 if (!pkey)
571 EVP_PKEY_free(pk);
572 return (ret);
573}
574
575int
576ssl_verify_alarm_type(long type)
577{
578 int al;
579
580 switch (type) {
581 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
582 case X509_V_ERR_UNABLE_TO_GET_CRL:
583 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
584 al = SSL_AD_UNKNOWN_CA;
585 break;
586 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
587 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
588 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
589 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
590 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
591 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
592 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
593 case X509_V_ERR_CERT_NOT_YET_VALID:
594 case X509_V_ERR_CRL_NOT_YET_VALID:
595 case X509_V_ERR_CERT_UNTRUSTED:
596 case X509_V_ERR_CERT_REJECTED:
597 al = SSL_AD_BAD_CERTIFICATE;
598 break;
599 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
600 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
601 al = SSL_AD_DECRYPT_ERROR;
602 break;
603 case X509_V_ERR_CERT_HAS_EXPIRED:
604 case X509_V_ERR_CRL_HAS_EXPIRED:
605 al = SSL_AD_CERTIFICATE_EXPIRED;
606 break;
607 case X509_V_ERR_CERT_REVOKED:
608 al = SSL_AD_CERTIFICATE_REVOKED;
609 break;
610 case X509_V_ERR_OUT_OF_MEM:
611 al = SSL_AD_INTERNAL_ERROR;
612 break;
613 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
614 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
615 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
616 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
617 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
618 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
619 case X509_V_ERR_INVALID_CA:
620 al = SSL_AD_UNKNOWN_CA;
621 break;
622 case X509_V_ERR_APPLICATION_VERIFICATION:
623 al = SSL_AD_HANDSHAKE_FAILURE;
624 break;
625 case X509_V_ERR_INVALID_PURPOSE:
626 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
627 break;
628 default:
629 al = SSL_AD_CERTIFICATE_UNKNOWN;
630 break;
631 }
632 return (al);
633}
634
635int
636ssl3_setup_init_buffer(SSL *s)
637{
638 BUF_MEM *buf = NULL;
639
640 if (s->init_buf != NULL)
641 return (1);
642
643 if ((buf = BUF_MEM_new()) == NULL)
644 goto err;
645 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH))
646 goto err;
647
648 s->init_buf = buf;
649 return (1);
650
651err:
652 BUF_MEM_free(buf);
653 return (0);
654}
655
656int
657ssl3_setup_read_buffer(SSL *s)
658{
659 unsigned char *p;
660 size_t len, align, headerlen;
661
662 if (SSL_IS_DTLS(s))
663 headerlen = DTLS1_RT_HEADER_LENGTH;
664 else
665 headerlen = SSL3_RT_HEADER_LENGTH;
666
667 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
668
669 if (s->s3->rbuf.buf == NULL) {
670 len = SSL3_RT_MAX_PLAIN_LENGTH +
671 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
672 if ((p = malloc(len)) == NULL)
673 goto err;
674 s->s3->rbuf.buf = p;
675 s->s3->rbuf.len = len;
676 }
677
678 s->packet = &(s->s3->rbuf.buf[0]);
679 return 1;
680
681err:
682 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
683 return 0;
684}
685
686int
687ssl3_setup_write_buffer(SSL *s)
688{
689 unsigned char *p;
690 size_t len, align, headerlen;
691
692 if (SSL_IS_DTLS(s))
693 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
694 else
695 headerlen = SSL3_RT_HEADER_LENGTH;
696
697 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
698
699 if (s->s3->wbuf.buf == NULL) {
700 len = s->max_send_fragment +
701 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
702 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
703 len += headerlen + align +
704 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
705
706 if ((p = malloc(len)) == NULL)
707 goto err;
708 s->s3->wbuf.buf = p;
709 s->s3->wbuf.len = len;
710 }
711
712 return 1;
713
714err:
715 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
716 return 0;
717}
718
719int
720ssl3_setup_buffers(SSL *s)
721{
722 if (!ssl3_setup_read_buffer(s))
723 return 0;
724 if (!ssl3_setup_write_buffer(s))
725 return 0;
726 return 1;
727}
728
729int
730ssl3_release_write_buffer(SSL *s)
731{
732 free(s->s3->wbuf.buf);
733 s->s3->wbuf.buf = NULL;
734 return 1;
735}
736
737int
738ssl3_release_read_buffer(SSL *s)
739{
740 free(s->s3->rbuf.buf);
741 s->s3->rbuf.buf = NULL;
742 return 1;
743}
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
deleted file mode 100644
index 414d493150..0000000000
--- a/src/lib/libssl/s3_cbc.c
+++ /dev/null
@@ -1,656 +0,0 @@
1/* $OpenBSD: s3_cbc.c,v 1.12 2016/03/20 16:50:29 krw Exp $ */
2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "ssl_locl.h"
57
58#include <openssl/md5.h>
59#include <openssl/sha.h>
60
61/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
62 * field. (SHA-384/512 have 128-bit length.) */
63#define MAX_HASH_BIT_COUNT_BYTES 16
64
65/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
66 * Currently SHA-384/512 has a 128-byte block size and that's the largest
67 * supported by TLS.) */
68#define MAX_HASH_BLOCK_SIZE 128
69
70/* Some utility functions are needed:
71 *
72 * These macros return the given value with the MSB copied to all the other
73 * bits. They use the fact that arithmetic shift shifts-in the sign bit.
74 * However, this is not ensured by the C standard so you may need to replace
75 * them with something else on odd CPUs. */
76#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1)))
77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
78
79/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
80static unsigned
81constant_time_lt(unsigned a, unsigned b)
82{
83 a -= b;
84 return DUPLICATE_MSB_TO_ALL(a);
85}
86
87/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
88static unsigned
89constant_time_ge(unsigned a, unsigned b)
90{
91 a -= b;
92 return DUPLICATE_MSB_TO_ALL(~a);
93}
94
95/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
96static unsigned char
97constant_time_eq_8(unsigned a, unsigned b)
98{
99 unsigned c = a ^ b;
100 c--;
101 return DUPLICATE_MSB_TO_ALL_8(c);
102}
103
104/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
105 * record in |rec| in constant time and returns 1 if the padding is valid and
106 * -1 otherwise. It also removes any explicit IV from the start of the record
107 * without leaking any timing about whether there was enough space after the
108 * padding was removed.
109 *
110 * block_size: the block size of the cipher used to encrypt the record.
111 * returns:
112 * 0: (in non-constant time) if the record is publicly invalid.
113 * 1: if the padding was valid
114 * -1: otherwise. */
115int
116tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
117 unsigned mac_size)
118{
119 unsigned padding_length, good, to_check, i;
120 const unsigned overhead = 1 /* padding length byte */ + mac_size;
121
122 /* Check if version requires explicit IV */
123 if (SSL_USE_EXPLICIT_IV(s)) {
124 /* These lengths are all public so we can test them in
125 * non-constant time.
126 */
127 if (overhead + block_size > rec->length)
128 return 0;
129 /* We can now safely skip explicit IV */
130 rec->data += block_size;
131 rec->input += block_size;
132 rec->length -= block_size;
133 } else if (overhead > rec->length)
134 return 0;
135
136 padding_length = rec->data[rec->length - 1];
137
138 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
139 /* padding is already verified */
140 rec->length -= padding_length + 1;
141 return 1;
142 }
143
144 good = constant_time_ge(rec->length, overhead + padding_length);
145 /* The padding consists of a length byte at the end of the record and
146 * then that many bytes of padding, all with the same value as the
147 * length byte. Thus, with the length byte included, there are i+1
148 * bytes of padding.
149 *
150 * We can't check just |padding_length+1| bytes because that leaks
151 * decrypted information. Therefore we always have to check the maximum
152 * amount of padding possible. (Again, the length of the record is
153 * public information so we can use it.) */
154 to_check = 255; /* maximum amount of padding. */
155 if (to_check > rec->length - 1)
156 to_check = rec->length - 1;
157
158 for (i = 0; i < to_check; i++) {
159 unsigned char mask = constant_time_ge(padding_length, i);
160 unsigned char b = rec->data[rec->length - 1 - i];
161 /* The final |padding_length+1| bytes should all have the value
162 * |padding_length|. Therefore the XOR should be zero. */
163 good &= ~(mask&(padding_length ^ b));
164 }
165
166 /* If any of the final |padding_length+1| bytes had the wrong value,
167 * one or more of the lower eight bits of |good| will be cleared. We
168 * AND the bottom 8 bits together and duplicate the result to all the
169 * bits. */
170 good &= good >> 4;
171 good &= good >> 2;
172 good &= good >> 1;
173 good <<= sizeof(good)*8 - 1;
174 good = DUPLICATE_MSB_TO_ALL(good);
175
176 padding_length = good & (padding_length + 1);
177 rec->length -= padding_length;
178 rec->type |= padding_length<<8; /* kludge: pass padding length */
179
180 return (int)((good & 1) | (~good & -1));
181}
182
183/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
184 * constant time (independent of the concrete value of rec->length, which may
185 * vary within a 256-byte window).
186 *
187 * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
188 * this function.
189 *
190 * On entry:
191 * rec->orig_len >= md_size
192 * md_size <= EVP_MAX_MD_SIZE
193 *
194 * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
195 * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
196 * a single or pair of cache-lines, then the variable memory accesses don't
197 * actually affect the timing. CPUs with smaller cache-lines [if any] are
198 * not multi-core and are not considered vulnerable to cache-timing attacks.
199 */
200#define CBC_MAC_ROTATE_IN_PLACE
201
202void
203ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec,
204 unsigned md_size, unsigned orig_len)
205{
206#if defined(CBC_MAC_ROTATE_IN_PLACE)
207 unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
208 unsigned char *rotated_mac;
209#else
210 unsigned char rotated_mac[EVP_MAX_MD_SIZE];
211#endif
212
213 /* mac_end is the index of |rec->data| just after the end of the MAC. */
214 unsigned mac_end = rec->length;
215 unsigned mac_start = mac_end - md_size;
216 /* scan_start contains the number of bytes that we can ignore because
217 * the MAC's position can only vary by 255 bytes. */
218 unsigned scan_start = 0;
219 unsigned i, j;
220 unsigned div_spoiler;
221 unsigned rotate_offset;
222
223 OPENSSL_assert(orig_len >= md_size);
224 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
225
226#if defined(CBC_MAC_ROTATE_IN_PLACE)
227 rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63);
228#endif
229
230 /* This information is public so it's safe to branch based on it. */
231 if (orig_len > md_size + 255 + 1)
232 scan_start = orig_len - (md_size + 255 + 1);
233 /* div_spoiler contains a multiple of md_size that is used to cause the
234 * modulo operation to be constant time. Without this, the time varies
235 * based on the amount of padding when running on Intel chips at least.
236 *
237 * The aim of right-shifting md_size is so that the compiler doesn't
238 * figure out that it can remove div_spoiler as that would require it
239 * to prove that md_size is always even, which I hope is beyond it. */
240 div_spoiler = md_size >> 1;
241 div_spoiler <<= (sizeof(div_spoiler) - 1) * 8;
242 rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
243
244 memset(rotated_mac, 0, md_size);
245 for (i = scan_start, j = 0; i < orig_len; i++) {
246 unsigned char mac_started = constant_time_ge(i, mac_start);
247 unsigned char mac_ended = constant_time_ge(i, mac_end);
248 unsigned char b = rec->data[i];
249 rotated_mac[j++] |= b & mac_started & ~mac_ended;
250 j &= constant_time_lt(j, md_size);
251 }
252
253 /* Now rotate the MAC */
254#if defined(CBC_MAC_ROTATE_IN_PLACE)
255 j = 0;
256 for (i = 0; i < md_size; i++) {
257 /* in case cache-line is 32 bytes, touch second line */
258 ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
259 out[j++] = rotated_mac[rotate_offset++];
260 rotate_offset &= constant_time_lt(rotate_offset, md_size);
261 }
262#else
263 memset(out, 0, md_size);
264 rotate_offset = md_size - rotate_offset;
265 rotate_offset &= constant_time_lt(rotate_offset, md_size);
266 for (i = 0; i < md_size; i++) {
267 for (j = 0; j < md_size; j++)
268 out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
269 rotate_offset++;
270 rotate_offset &= constant_time_lt(rotate_offset, md_size);
271 }
272#endif
273}
274
275/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
276 * little-endian order. The value of p is advanced by four. */
277#define u32toLE(n, p) \
278 (*((p)++)=(unsigned char)(n), \
279 *((p)++)=(unsigned char)(n>>8), \
280 *((p)++)=(unsigned char)(n>>16), \
281 *((p)++)=(unsigned char)(n>>24))
282
283/* These functions serialize the state of a hash and thus perform the standard
284 * "final" operation without adding the padding and length that such a function
285 * typically does. */
286static void
287tls1_md5_final_raw(void* ctx, unsigned char *md_out)
288{
289 MD5_CTX *md5 = ctx;
290 u32toLE(md5->A, md_out);
291 u32toLE(md5->B, md_out);
292 u32toLE(md5->C, md_out);
293 u32toLE(md5->D, md_out);
294}
295
296static void
297tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
298{
299 SHA_CTX *sha1 = ctx;
300 l2n(sha1->h0, md_out);
301 l2n(sha1->h1, md_out);
302 l2n(sha1->h2, md_out);
303 l2n(sha1->h3, md_out);
304 l2n(sha1->h4, md_out);
305}
306#define LARGEST_DIGEST_CTX SHA_CTX
307
308static void
309tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
310{
311 SHA256_CTX *sha256 = ctx;
312 unsigned i;
313
314 for (i = 0; i < 8; i++) {
315 l2n(sha256->h[i], md_out);
316 }
317}
318#undef LARGEST_DIGEST_CTX
319#define LARGEST_DIGEST_CTX SHA256_CTX
320
321static void
322tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
323{
324 SHA512_CTX *sha512 = ctx;
325 unsigned i;
326
327 for (i = 0; i < 8; i++) {
328 l2n8(sha512->h[i], md_out);
329 }
330}
331#undef LARGEST_DIGEST_CTX
332#define LARGEST_DIGEST_CTX SHA512_CTX
333
334/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
335 * which ssl3_cbc_digest_record supports. */
336char
337ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
338{
339 switch (EVP_MD_CTX_type(ctx)) {
340 case NID_md5:
341 case NID_sha1:
342 case NID_sha224:
343 case NID_sha256:
344 case NID_sha384:
345 case NID_sha512:
346 return 1;
347 default:
348 return 0;
349 }
350}
351
352/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
353 * record.
354 *
355 * ctx: the EVP_MD_CTX from which we take the hash function.
356 * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
357 * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
358 * md_out_size: if non-NULL, the number of output bytes is written here.
359 * header: the 13-byte, TLS record header.
360 * data: the record data itself, less any preceeding explicit IV.
361 * data_plus_mac_size: the secret, reported length of the data and MAC
362 * once the padding has been removed.
363 * data_plus_mac_plus_padding_size: the public length of the whole
364 * record, including padding.
365 * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
366 *
367 * On entry: by virtue of having been through one of the remove_padding
368 * functions, above, we know that data_plus_mac_size is large enough to contain
369 * a padding byte and MAC. (If the padding was invalid, it might contain the
370 * padding too. ) */
371int
372ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
373 size_t* md_out_size, const unsigned char header[13],
374 const unsigned char *data, size_t data_plus_mac_size,
375 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
376 unsigned mac_secret_length, char is_sslv3)
377{
378 union { double align;
379 unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
380 } md_state;
381 void (*md_final_raw)(void *ctx, unsigned char *md_out);
382 void (*md_transform)(void *ctx, const unsigned char *block);
383 unsigned md_size, md_block_size = 64;
384 unsigned sslv3_pad_length = 40, header_length, variance_blocks,
385 len, max_mac_bytes, num_blocks,
386 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
387 unsigned int bits; /* at most 18 bits */
388 unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
389 /* hmac_pad is the masked HMAC key. */
390 unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
391 unsigned char first_block[MAX_HASH_BLOCK_SIZE];
392 unsigned char mac_out[EVP_MAX_MD_SIZE];
393 unsigned i, j, md_out_size_u;
394 EVP_MD_CTX md_ctx;
395 /* mdLengthSize is the number of bytes in the length field that terminates
396 * the hash. */
397 unsigned md_length_size = 8;
398 char length_is_big_endian = 1;
399
400 /* This is a, hopefully redundant, check that allows us to forget about
401 * many possible overflows later in this function. */
402 OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
403
404 switch (EVP_MD_CTX_type(ctx)) {
405 case NID_md5:
406 MD5_Init((MD5_CTX*)md_state.c);
407 md_final_raw = tls1_md5_final_raw;
408 md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
409 md_size = 16;
410 sslv3_pad_length = 48;
411 length_is_big_endian = 0;
412 break;
413 case NID_sha1:
414 SHA1_Init((SHA_CTX*)md_state.c);
415 md_final_raw = tls1_sha1_final_raw;
416 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
417 md_size = 20;
418 break;
419 case NID_sha224:
420 SHA224_Init((SHA256_CTX*)md_state.c);
421 md_final_raw = tls1_sha256_final_raw;
422 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
423 md_size = 224/8;
424 break;
425 case NID_sha256:
426 SHA256_Init((SHA256_CTX*)md_state.c);
427 md_final_raw = tls1_sha256_final_raw;
428 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
429 md_size = 32;
430 break;
431 case NID_sha384:
432 SHA384_Init((SHA512_CTX*)md_state.c);
433 md_final_raw = tls1_sha512_final_raw;
434 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
435 md_size = 384/8;
436 md_block_size = 128;
437 md_length_size = 16;
438 break;
439 case NID_sha512:
440 SHA512_Init((SHA512_CTX*)md_state.c);
441 md_final_raw = tls1_sha512_final_raw;
442 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
443 md_size = 64;
444 md_block_size = 128;
445 md_length_size = 16;
446 break;
447 default:
448 /* ssl3_cbc_record_digest_supported should have been
449 * called first to check that the hash function is
450 * supported. */
451 OPENSSL_assert(0);
452 if (md_out_size)
453 *md_out_size = 0;
454 return 0;
455 }
456
457 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
458 OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
459 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
460
461 header_length = 13;
462 if (is_sslv3) {
463 header_length = mac_secret_length + sslv3_pad_length +
464 8 /* sequence number */ +
465 1 /* record type */ +
466 2 /* record length */;
467 }
468
469 /* variance_blocks is the number of blocks of the hash that we have to
470 * calculate in constant time because they could be altered by the
471 * padding value.
472 *
473 * In SSLv3, the padding must be minimal so the end of the plaintext
474 * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
475 * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
476 * termination (0x80 + 64-bit length) don't fit in the final block, we
477 * say that the final two blocks can vary based on the padding.
478 *
479 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
480 * required to be minimal. Therefore we say that the final six blocks
481 * can vary based on the padding.
482 *
483 * Later in the function, if the message is short and there obviously
484 * cannot be this many blocks then variance_blocks can be reduced. */
485 variance_blocks = is_sslv3 ? 2 : 6;
486 /* From now on we're dealing with the MAC, which conceptually has 13
487 * bytes of `header' before the start of the data (TLS) or 71/75 bytes
488 * (SSLv3) */
489 len = data_plus_mac_plus_padding_size + header_length;
490 /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
491 * |header|, assuming that there's no padding. */
492 max_mac_bytes = len - md_size - 1;
493 /* num_blocks is the maximum number of hash blocks. */
494 num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
495 /* In order to calculate the MAC in constant time we have to handle
496 * the final blocks specially because the padding value could cause the
497 * end to appear somewhere in the final |variance_blocks| blocks and we
498 * can't leak where. However, |num_starting_blocks| worth of data can
499 * be hashed right away because no padding value can affect whether
500 * they are plaintext. */
501 num_starting_blocks = 0;
502 /* k is the starting byte offset into the conceptual header||data where
503 * we start processing. */
504 k = 0;
505 /* mac_end_offset is the index just past the end of the data to be
506 * MACed. */
507 mac_end_offset = data_plus_mac_size + header_length - md_size;
508 /* c is the index of the 0x80 byte in the final hash block that
509 * contains application data. */
510 c = mac_end_offset % md_block_size;
511 /* index_a is the hash block number that contains the 0x80 terminating
512 * value. */
513 index_a = mac_end_offset / md_block_size;
514 /* index_b is the hash block number that contains the 64-bit hash
515 * length, in bits. */
516 index_b = (mac_end_offset + md_length_size) / md_block_size;
517 /* bits is the hash-length in bits. It includes the additional hash
518 * block for the masked HMAC key, or whole of |header| in the case of
519 * SSLv3. */
520
521 /* For SSLv3, if we're going to have any starting blocks then we need
522 * at least two because the header is larger than a single block. */
523 if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
524 num_starting_blocks = num_blocks - variance_blocks;
525 k = md_block_size*num_starting_blocks;
526 }
527
528 bits = 8*mac_end_offset;
529 if (!is_sslv3) {
530 /* Compute the initial HMAC block. For SSLv3, the padding and
531 * secret bytes are included in |header| because they take more
532 * than a single block. */
533 bits += 8*md_block_size;
534 memset(hmac_pad, 0, md_block_size);
535 OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
536 memcpy(hmac_pad, mac_secret, mac_secret_length);
537 for (i = 0; i < md_block_size; i++)
538 hmac_pad[i] ^= 0x36;
539
540 md_transform(md_state.c, hmac_pad);
541 }
542
543 if (length_is_big_endian) {
544 memset(length_bytes, 0, md_length_size - 4);
545 length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
546 length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
547 length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
548 length_bytes[md_length_size - 1] = (unsigned char)bits;
549 } else {
550 memset(length_bytes, 0, md_length_size);
551 length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
552 length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
553 length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
554 length_bytes[md_length_size - 8] = (unsigned char)bits;
555 }
556
557 if (k > 0) {
558 if (is_sslv3) {
559 /* The SSLv3 header is larger than a single block.
560 * overhang is the number of bytes beyond a single
561 * block that the header consumes: either 7 bytes
562 * (SHA1) or 11 bytes (MD5). */
563 unsigned overhang = header_length - md_block_size;
564 md_transform(md_state.c, header);
565 memcpy(first_block, header + md_block_size, overhang);
566 memcpy(first_block + overhang, data, md_block_size - overhang);
567 md_transform(md_state.c, first_block);
568 for (i = 1; i < k/md_block_size - 1; i++)
569 md_transform(md_state.c, data + md_block_size*i - overhang);
570 } else {
571 /* k is a multiple of md_block_size. */
572 memcpy(first_block, header, 13);
573 memcpy(first_block + 13, data, md_block_size - 13);
574 md_transform(md_state.c, first_block);
575 for (i = 1; i < k/md_block_size; i++)
576 md_transform(md_state.c, data + md_block_size*i - 13);
577 }
578 }
579
580 memset(mac_out, 0, sizeof(mac_out));
581
582 /* We now process the final hash blocks. For each block, we construct
583 * it in constant time. If the |i==index_a| then we'll include the 0x80
584 * bytes and zero pad etc. For each block we selectively copy it, in
585 * constant time, to |mac_out|. */
586 for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) {
587 unsigned char block[MAX_HASH_BLOCK_SIZE];
588 unsigned char is_block_a = constant_time_eq_8(i, index_a);
589 unsigned char is_block_b = constant_time_eq_8(i, index_b);
590 for (j = 0; j < md_block_size; j++) {
591 unsigned char b = 0, is_past_c, is_past_cp1;
592 if (k < header_length)
593 b = header[k];
594 else if (k < data_plus_mac_plus_padding_size + header_length)
595 b = data[k - header_length];
596 k++;
597
598 is_past_c = is_block_a & constant_time_ge(j, c);
599 is_past_cp1 = is_block_a & constant_time_ge(j, c + 1);
600 /* If this is the block containing the end of the
601 * application data, and we are at the offset for the
602 * 0x80 value, then overwrite b with 0x80. */
603 b = (b&~is_past_c) | (0x80&is_past_c);
604 /* If this is the block containing the end of the
605 * application data and we're past the 0x80 value then
606 * just write zero. */
607 b = b&~is_past_cp1;
608 /* If this is index_b (the final block), but not
609 * index_a (the end of the data), then the 64-bit
610 * length didn't fit into index_a and we're having to
611 * add an extra block of zeros. */
612 b &= ~is_block_b | is_block_a;
613
614 /* The final bytes of one of the blocks contains the
615 * length. */
616 if (j >= md_block_size - md_length_size) {
617 /* If this is index_b, write a length byte. */
618 b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]);
619 }
620 block[j] = b;
621 }
622
623 md_transform(md_state.c, block);
624 md_final_raw(md_state.c, block);
625 /* If this is index_b, copy the hash value to |mac_out|. */
626 for (j = 0; j < md_size; j++)
627 mac_out[j] |= block[j]&is_block_b;
628 }
629
630 EVP_MD_CTX_init(&md_ctx);
631 if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) {
632 EVP_MD_CTX_cleanup(&md_ctx);
633 return 0;
634 }
635 if (is_sslv3) {
636 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
637 memset(hmac_pad, 0x5c, sslv3_pad_length);
638
639 EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
640 EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
641 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
642 } else {
643 /* Complete the HMAC in the standard manner. */
644 for (i = 0; i < md_block_size; i++)
645 hmac_pad[i] ^= 0x6a;
646
647 EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
648 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
649 }
650 EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
651 if (md_out_size)
652 *md_out_size = md_out_size_u;
653 EVP_MD_CTX_cleanup(&md_ctx);
654
655 return 1;
656}
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
deleted file mode 100644
index 264cb012d5..0000000000
--- a/src/lib/libssl/s3_clnt.c
+++ /dev/null
@@ -1,2635 +0,0 @@
1/* $OpenBSD: s3_clnt.c,v 1.138 2016/03/27 00:55:38 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <limits.h>
152#include <stdint.h>
153#include <stdio.h>
154
155#include "ssl_locl.h"
156
157#include <openssl/bn.h>
158#include <openssl/buffer.h>
159#include <openssl/dh.h>
160#include <openssl/evp.h>
161#include <openssl/md5.h>
162#include <openssl/objects.h>
163
164#ifndef OPENSSL_NO_ENGINE
165#include <openssl/engine.h>
166#endif
167#ifndef OPENSSL_NO_GOST
168#include <openssl/gost.h>
169#endif
170
171#include "bytestring.h"
172
173static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
174
175int
176ssl3_connect(SSL *s)
177{
178 void (*cb)(const SSL *ssl, int type, int val) = NULL;
179 int ret = -1;
180 int new_state, state, skip = 0;
181
182 ERR_clear_error();
183 errno = 0;
184
185 if (s->info_callback != NULL)
186 cb = s->info_callback;
187 else if (s->ctx->info_callback != NULL)
188 cb = s->ctx->info_callback;
189
190 s->in_handshake++;
191 if (!SSL_in_init(s) || SSL_in_before(s))
192 SSL_clear(s);
193
194 for (;;) {
195 state = s->state;
196
197 switch (s->state) {
198 case SSL_ST_RENEGOTIATE:
199 s->renegotiate = 1;
200 s->state = SSL_ST_CONNECT;
201 s->ctx->stats.sess_connect_renegotiate++;
202 /* break */
203 case SSL_ST_BEFORE:
204 case SSL_ST_CONNECT:
205 case SSL_ST_BEFORE|SSL_ST_CONNECT:
206 case SSL_ST_OK|SSL_ST_CONNECT:
207
208 s->server = 0;
209 if (cb != NULL)
210 cb(s, SSL_CB_HANDSHAKE_START, 1);
211
212 if ((s->version & 0xff00 ) != 0x0300) {
213 SSLerr(SSL_F_SSL3_CONNECT,
214 ERR_R_INTERNAL_ERROR);
215 ret = -1;
216 goto end;
217 }
218
219 /* s->version=SSL3_VERSION; */
220 s->type = SSL_ST_CONNECT;
221
222 if (!ssl3_setup_init_buffer(s)) {
223 ret = -1;
224 goto end;
225 }
226 if (!ssl3_setup_buffers(s)) {
227 ret = -1;
228 goto end;
229 }
230 if (!ssl_init_wbio_buffer(s, 0)) {
231 ret = -1;
232 goto end;
233 }
234
235 /* don't push the buffering BIO quite yet */
236
237 if (!tls1_init_finished_mac(s)) {
238 ret = -1;
239 goto end;
240 }
241
242 s->state = SSL3_ST_CW_CLNT_HELLO_A;
243 s->ctx->stats.sess_connect++;
244 s->init_num = 0;
245 break;
246
247 case SSL3_ST_CW_CLNT_HELLO_A:
248 case SSL3_ST_CW_CLNT_HELLO_B:
249
250 s->shutdown = 0;
251 ret = ssl3_client_hello(s);
252 if (ret <= 0)
253 goto end;
254 s->state = SSL3_ST_CR_SRVR_HELLO_A;
255 s->init_num = 0;
256
257 /* turn on buffering for the next lot of output */
258 if (s->bbio != s->wbio)
259 s->wbio = BIO_push(s->bbio, s->wbio);
260
261 break;
262
263 case SSL3_ST_CR_SRVR_HELLO_A:
264 case SSL3_ST_CR_SRVR_HELLO_B:
265 ret = ssl3_get_server_hello(s);
266 if (ret <= 0)
267 goto end;
268
269 if (s->hit) {
270 s->state = SSL3_ST_CR_FINISHED_A;
271 if (s->tlsext_ticket_expected) {
272 /* receive renewed session ticket */
273 s->state = SSL3_ST_CR_SESSION_TICKET_A;
274 }
275 } else
276 s->state = SSL3_ST_CR_CERT_A;
277 s->init_num = 0;
278 break;
279
280 case SSL3_ST_CR_CERT_A:
281 case SSL3_ST_CR_CERT_B:
282 ret = ssl3_check_finished(s);
283 if (ret <= 0)
284 goto end;
285 if (ret == 2) {
286 s->hit = 1;
287 if (s->tlsext_ticket_expected)
288 s->state = SSL3_ST_CR_SESSION_TICKET_A;
289 else
290 s->state = SSL3_ST_CR_FINISHED_A;
291 s->init_num = 0;
292 break;
293 }
294 /* Check if it is anon DH/ECDH. */
295 if (!(s->s3->tmp.new_cipher->algorithm_auth &
296 SSL_aNULL)) {
297 ret = ssl3_get_server_certificate(s);
298 if (ret <= 0)
299 goto end;
300 if (s->tlsext_status_expected)
301 s->state = SSL3_ST_CR_CERT_STATUS_A;
302 else
303 s->state = SSL3_ST_CR_KEY_EXCH_A;
304 } else {
305 skip = 1;
306 s->state = SSL3_ST_CR_KEY_EXCH_A;
307 }
308 s->init_num = 0;
309 break;
310
311 case SSL3_ST_CR_KEY_EXCH_A:
312 case SSL3_ST_CR_KEY_EXCH_B:
313 ret = ssl3_get_key_exchange(s);
314 if (ret <= 0)
315 goto end;
316 s->state = SSL3_ST_CR_CERT_REQ_A;
317 s->init_num = 0;
318
319 /*
320 * At this point we check that we have the
321 * required stuff from the server.
322 */
323 if (!ssl3_check_cert_and_algorithm(s)) {
324 ret = -1;
325 goto end;
326 }
327 break;
328
329 case SSL3_ST_CR_CERT_REQ_A:
330 case SSL3_ST_CR_CERT_REQ_B:
331 ret = ssl3_get_certificate_request(s);
332 if (ret <= 0)
333 goto end;
334 s->state = SSL3_ST_CR_SRVR_DONE_A;
335 s->init_num = 0;
336 break;
337
338 case SSL3_ST_CR_SRVR_DONE_A:
339 case SSL3_ST_CR_SRVR_DONE_B:
340 ret = ssl3_get_server_done(s);
341 if (ret <= 0)
342 goto end;
343 if (s->s3->tmp.cert_req)
344 s->state = SSL3_ST_CW_CERT_A;
345 else
346 s->state = SSL3_ST_CW_KEY_EXCH_A;
347 s->init_num = 0;
348
349 break;
350
351 case SSL3_ST_CW_CERT_A:
352 case SSL3_ST_CW_CERT_B:
353 case SSL3_ST_CW_CERT_C:
354 case SSL3_ST_CW_CERT_D:
355 ret = ssl3_send_client_certificate(s);
356 if (ret <= 0)
357 goto end;
358 s->state = SSL3_ST_CW_KEY_EXCH_A;
359 s->init_num = 0;
360 break;
361
362 case SSL3_ST_CW_KEY_EXCH_A:
363 case SSL3_ST_CW_KEY_EXCH_B:
364 ret = ssl3_send_client_key_exchange(s);
365 if (ret <= 0)
366 goto end;
367 /*
368 * EAY EAY EAY need to check for DH fix cert
369 * sent back
370 */
371 /*
372 * For TLS, cert_req is set to 2, so a cert chain
373 * of nothing is sent, but no verify packet is sent
374 */
375 /*
376 * XXX: For now, we do not support client
377 * authentication in ECDH cipher suites with
378 * ECDH (rather than ECDSA) certificates.
379 * We need to skip the certificate verify
380 * message when client's ECDH public key is sent
381 * inside the client certificate.
382 */
383 if (s->s3->tmp.cert_req == 1) {
384 s->state = SSL3_ST_CW_CERT_VRFY_A;
385 } else {
386 s->state = SSL3_ST_CW_CHANGE_A;
387 s->s3->change_cipher_spec = 0;
388 }
389 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
390 s->state = SSL3_ST_CW_CHANGE_A;
391 s->s3->change_cipher_spec = 0;
392 }
393
394 s->init_num = 0;
395 break;
396
397 case SSL3_ST_CW_CERT_VRFY_A:
398 case SSL3_ST_CW_CERT_VRFY_B:
399 ret = ssl3_send_client_verify(s);
400 if (ret <= 0)
401 goto end;
402 s->state = SSL3_ST_CW_CHANGE_A;
403 s->init_num = 0;
404 s->s3->change_cipher_spec = 0;
405 break;
406
407 case SSL3_ST_CW_CHANGE_A:
408 case SSL3_ST_CW_CHANGE_B:
409 ret = ssl3_send_change_cipher_spec(s,
410 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
411 if (ret <= 0)
412 goto end;
413
414 if (s->s3->next_proto_neg_seen)
415 s->state = SSL3_ST_CW_NEXT_PROTO_A;
416 else
417 s->state = SSL3_ST_CW_FINISHED_A;
418 s->init_num = 0;
419
420 s->session->cipher = s->s3->tmp.new_cipher;
421 if (!s->method->ssl3_enc->setup_key_block(s)) {
422 ret = -1;
423 goto end;
424 }
425
426 if (!s->method->ssl3_enc->change_cipher_state(s,
427 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
428 ret = -1;
429 goto end;
430 }
431
432 break;
433
434 case SSL3_ST_CW_NEXT_PROTO_A:
435 case SSL3_ST_CW_NEXT_PROTO_B:
436 ret = ssl3_send_next_proto(s);
437 if (ret <= 0)
438 goto end;
439 s->state = SSL3_ST_CW_FINISHED_A;
440 break;
441
442 case SSL3_ST_CW_FINISHED_A:
443 case SSL3_ST_CW_FINISHED_B:
444 ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
445 SSL3_ST_CW_FINISHED_B,
446 s->method->ssl3_enc->client_finished_label,
447 s->method->ssl3_enc->client_finished_label_len);
448 if (ret <= 0)
449 goto end;
450 s->s3->flags |= SSL3_FLAGS_CCS_OK;
451 s->state = SSL3_ST_CW_FLUSH;
452
453 /* clear flags */
454 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
455 if (s->hit) {
456 s->s3->tmp.next_state = SSL_ST_OK;
457 if (s->s3->flags &
458 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
459 s->state = SSL_ST_OK;
460 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
461 s->s3->delay_buf_pop_ret = 0;
462 }
463 } else {
464 /* Allow NewSessionTicket if ticket expected */
465 if (s->tlsext_ticket_expected)
466 s->s3->tmp.next_state =
467 SSL3_ST_CR_SESSION_TICKET_A;
468 else
469
470 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
471 }
472 s->init_num = 0;
473 break;
474
475 case SSL3_ST_CR_SESSION_TICKET_A:
476 case SSL3_ST_CR_SESSION_TICKET_B:
477 ret = ssl3_get_new_session_ticket(s);
478 if (ret <= 0)
479 goto end;
480 s->state = SSL3_ST_CR_FINISHED_A;
481 s->init_num = 0;
482 break;
483
484 case SSL3_ST_CR_CERT_STATUS_A:
485 case SSL3_ST_CR_CERT_STATUS_B:
486 ret = ssl3_get_cert_status(s);
487 if (ret <= 0)
488 goto end;
489 s->state = SSL3_ST_CR_KEY_EXCH_A;
490 s->init_num = 0;
491 break;
492
493 case SSL3_ST_CR_FINISHED_A:
494 case SSL3_ST_CR_FINISHED_B:
495 s->s3->flags |= SSL3_FLAGS_CCS_OK;
496 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
497 SSL3_ST_CR_FINISHED_B);
498 if (ret <= 0)
499 goto end;
500
501 if (s->hit)
502 s->state = SSL3_ST_CW_CHANGE_A;
503 else
504 s->state = SSL_ST_OK;
505 s->init_num = 0;
506 break;
507
508 case SSL3_ST_CW_FLUSH:
509 s->rwstate = SSL_WRITING;
510 if (BIO_flush(s->wbio) <= 0) {
511 ret = -1;
512 goto end;
513 }
514 s->rwstate = SSL_NOTHING;
515 s->state = s->s3->tmp.next_state;
516 break;
517
518 case SSL_ST_OK:
519 /* clean a few things up */
520 tls1_cleanup_key_block(s);
521
522 if (s->init_buf != NULL) {
523 BUF_MEM_free(s->init_buf);
524 s->init_buf = NULL;
525 }
526
527 /*
528 * If we are not 'joining' the last two packets,
529 * remove the buffering now
530 */
531 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
532 ssl_free_wbio_buffer(s);
533 /* else do it later in ssl3_write */
534
535 s->init_num = 0;
536 s->renegotiate = 0;
537 s->new_session = 0;
538
539 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
540 if (s->hit)
541 s->ctx->stats.sess_hit++;
542
543 ret = 1;
544 /* s->server=0; */
545 s->handshake_func = ssl3_connect;
546 s->ctx->stats.sess_connect_good++;
547
548 if (cb != NULL)
549 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
550
551 goto end;
552 /* break; */
553
554 default:
555 SSLerr(SSL_F_SSL3_CONNECT,
556 SSL_R_UNKNOWN_STATE);
557 ret = -1;
558 goto end;
559 /* break; */
560 }
561
562 /* did we do anything */
563 if (!s->s3->tmp.reuse_message && !skip) {
564 if (s->debug) {
565 if ((ret = BIO_flush(s->wbio)) <= 0)
566 goto end;
567 }
568
569 if ((cb != NULL) && (s->state != state)) {
570 new_state = s->state;
571 s->state = state;
572 cb(s, SSL_CB_CONNECT_LOOP, 1);
573 s->state = new_state;
574 }
575 }
576 skip = 0;
577 }
578
579end:
580 s->in_handshake--;
581 if (cb != NULL)
582 cb(s, SSL_CB_CONNECT_EXIT, ret);
583
584 return (ret);
585}
586
587int
588ssl3_client_hello(SSL *s)
589{
590 unsigned char *bufend, *p, *d;
591 int i;
592
593 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
594 SSL_SESSION *sess = s->session;
595
596 if ((sess == NULL) ||
597 (sess->ssl_version != s->version) ||
598 (!sess->session_id_length && !sess->tlsext_tick) ||
599 (sess->not_resumable)) {
600 if (!ssl_get_new_session(s, 0))
601 goto err;
602 }
603 /* else use the pre-loaded session */
604
605 /*
606 * If a DTLS ClientHello message is being resent after a
607 * HelloVerifyRequest, we must retain the original client
608 * random value.
609 */
610 if (!SSL_IS_DTLS(s) || s->d1->send_cookie == 0)
611 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
612
613 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
614
615 /*
616 * Version indicates the negotiated version: for example from
617 * an SSLv2/v3 compatible client hello). The client_version
618 * field is the maximum version we permit and it is also
619 * used in RSA encrypted premaster secrets. Some servers can
620 * choke if we initially report a higher version then
621 * renegotiate to a lower one in the premaster secret. This
622 * didn't happen with TLS 1.0 as most servers supported it
623 * but it can with TLS 1.1 or later if the server only supports
624 * 1.0.
625 *
626 * Possible scenario with previous logic:
627 * 1. Client hello indicates TLS 1.2
628 * 2. Server hello says TLS 1.0
629 * 3. RSA encrypted premaster secret uses 1.2.
630 * 4. Handhaked proceeds using TLS 1.0.
631 * 5. Server sends hello request to renegotiate.
632 * 6. Client hello indicates TLS v1.0 as we now
633 * know that is maximum server supports.
634 * 7. Server chokes on RSA encrypted premaster secret
635 * containing version 1.0.
636 *
637 * For interoperability it should be OK to always use the
638 * maximum version we support in client hello and then rely
639 * on the checking of version to ensure the servers isn't
640 * being inconsistent: for example initially negotiating with
641 * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
642 * client_version in client hello and not resetting it to
643 * the negotiated version.
644 */
645 *(p++) = s->client_version >> 8;
646 *(p++) = s->client_version & 0xff;
647
648 /* Random stuff */
649 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
650 p += SSL3_RANDOM_SIZE;
651
652 /* Session ID */
653 if (s->new_session)
654 i = 0;
655 else
656 i = s->session->session_id_length;
657 *(p++) = i;
658 if (i != 0) {
659 if (i > (int)sizeof(s->session->session_id)) {
660 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
661 ERR_R_INTERNAL_ERROR);
662 goto err;
663 }
664 memcpy(p, s->session->session_id, i);
665 p += i;
666 }
667
668 /* DTLS Cookie. */
669 if (SSL_IS_DTLS(s)) {
670 if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
671 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
672 ERR_R_INTERNAL_ERROR);
673 goto err;
674 }
675 *(p++) = s->d1->cookie_len;
676 memcpy(p, s->d1->cookie, s->d1->cookie_len);
677 p += s->d1->cookie_len;
678 }
679
680 /* Ciphers supported */
681 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
682 if (i == 0) {
683 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
684 SSL_R_NO_CIPHERS_AVAILABLE);
685 goto err;
686 }
687 s2n(i, p);
688 p += i;
689
690 /* add in (no) COMPRESSION */
691 *(p++) = 1;
692 *(p++) = 0; /* Add the NULL method */
693
694 /* TLS extensions*/
695 bufend = (unsigned char *)s->init_buf->data +
696 SSL3_RT_MAX_PLAIN_LENGTH;
697 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
698 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
699 ERR_R_INTERNAL_ERROR);
700 goto err;
701 }
702
703 ssl3_handshake_msg_finish(s, p - d);
704
705 s->state = SSL3_ST_CW_CLNT_HELLO_B;
706 }
707
708 /* SSL3_ST_CW_CLNT_HELLO_B */
709 return (ssl3_handshake_write(s));
710
711err:
712 return (-1);
713}
714
715int
716ssl3_get_server_hello(SSL *s)
717{
718 STACK_OF(SSL_CIPHER) *sk;
719 const SSL_CIPHER *c;
720 unsigned char *p, *q, *d;
721 int i, al, ok;
722 unsigned int j;
723 uint16_t cipher_value;
724 long n;
725 unsigned long alg_k;
726
727 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
728 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
729
730 if (!ok)
731 return ((int)n);
732
733 if (SSL_IS_DTLS(s)) {
734 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
735 if (s->d1->send_cookie == 0) {
736 s->s3->tmp.reuse_message = 1;
737 return (1);
738 } else {
739 /* Already sent a cookie. */
740 al = SSL_AD_UNEXPECTED_MESSAGE;
741 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
742 SSL_R_BAD_MESSAGE_TYPE);
743 goto f_err;
744 }
745 }
746 }
747
748 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
749 al = SSL_AD_UNEXPECTED_MESSAGE;
750 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
751 SSL_R_BAD_MESSAGE_TYPE);
752 goto f_err;
753 }
754
755 d = p = (unsigned char *)s->init_msg;
756
757 if (2 > n)
758 goto truncated;
759 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
760 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
761 s->version = (s->version&0xff00) | p[1];
762 al = SSL_AD_PROTOCOL_VERSION;
763 goto f_err;
764 }
765 p += 2;
766
767 /* load the server hello data */
768
769 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
770 goto truncated;
771
772 /* load the server random */
773 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
774 p += SSL3_RANDOM_SIZE;
775
776 /* get the session-id */
777 j = *(p++);
778
779 if ((j > sizeof s->session->session_id) ||
780 (j > SSL3_SESSION_ID_SIZE)) {
781 al = SSL_AD_ILLEGAL_PARAMETER;
782 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
783 SSL_R_SSL3_SESSION_ID_TOO_LONG);
784 goto f_err;
785 }
786
787 if (p + j + 2 - d > n)
788 goto truncated;
789
790 /* Get the cipher value. */
791 q = p + j;
792 n2s(q, cipher_value);
793
794 /*
795 * Check if we want to resume the session based on external
796 * pre-shared secret
797 */
798 if (s->tls_session_secret_cb) {
799 SSL_CIPHER *pref_cipher = NULL;
800 s->session->master_key_length = sizeof(s->session->master_key);
801 if (s->tls_session_secret_cb(s, s->session->master_key,
802 &s->session->master_key_length, NULL, &pref_cipher,
803 s->tls_session_secret_cb_arg)) {
804 s->session->cipher = pref_cipher ? pref_cipher :
805 ssl3_get_cipher_by_value(cipher_value);
806 s->s3->flags |= SSL3_FLAGS_CCS_OK;
807 }
808 }
809
810 if (j != 0 && j == s->session->session_id_length &&
811 timingsafe_memcmp(p, s->session->session_id, j) == 0) {
812 if (s->sid_ctx_length != s->session->sid_ctx_length ||
813 timingsafe_memcmp(s->session->sid_ctx,
814 s->sid_ctx, s->sid_ctx_length) != 0) {
815 /* actually a client application bug */
816 al = SSL_AD_ILLEGAL_PARAMETER;
817 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
818 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
819 goto f_err;
820 }
821 s->s3->flags |= SSL3_FLAGS_CCS_OK;
822 s->hit = 1;
823 } else {
824 /* a miss or crap from the other end */
825
826 /* If we were trying for session-id reuse, make a new
827 * SSL_SESSION so we don't stuff up other people */
828 s->hit = 0;
829 if (s->session->session_id_length > 0) {
830 if (!ssl_get_new_session(s, 0)) {
831 al = SSL_AD_INTERNAL_ERROR;
832 goto f_err;
833 }
834 }
835 s->session->session_id_length = j;
836 memcpy(s->session->session_id, p, j); /* j could be 0 */
837 }
838 p += j;
839
840 if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) {
841 /* unknown cipher */
842 al = SSL_AD_ILLEGAL_PARAMETER;
843 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
844 SSL_R_UNKNOWN_CIPHER_RETURNED);
845 goto f_err;
846 }
847
848 /* TLS v1.2 only ciphersuites require v1.2 or later */
849 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
850 (TLS1_get_version(s) < TLS1_2_VERSION)) {
851 al = SSL_AD_ILLEGAL_PARAMETER;
852 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
853 SSL_R_WRONG_CIPHER_RETURNED);
854 goto f_err;
855 }
856 p += SSL3_CIPHER_VALUE_SIZE;
857
858 sk = ssl_get_ciphers_by_id(s);
859 i = sk_SSL_CIPHER_find(sk, c);
860 if (i < 0) {
861 /* we did not say we would use this cipher */
862 al = SSL_AD_ILLEGAL_PARAMETER;
863 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
864 SSL_R_WRONG_CIPHER_RETURNED);
865 goto f_err;
866 }
867
868 /*
869 * Depending on the session caching (internal/external), the cipher
870 * and/or cipher_id values may not be set. Make sure that
871 * cipher_id is set and use it for comparison.
872 */
873 if (s->session->cipher)
874 s->session->cipher_id = s->session->cipher->id;
875 if (s->hit && (s->session->cipher_id != c->id)) {
876 al = SSL_AD_ILLEGAL_PARAMETER;
877 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
878 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
879 goto f_err;
880 }
881 s->s3->tmp.new_cipher = c;
882 /*
883 * Don't digest cached records if no sigalgs: we may need them for
884 * client authentication.
885 */
886 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
887 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
888 !tls1_digest_cached_records(s)) {
889 al = SSL_AD_INTERNAL_ERROR;
890 goto f_err;
891 }
892 /* lets get the compression algorithm */
893 /* COMPRESSION */
894 if (p + 1 - d > n)
895 goto truncated;
896 if (*(p++) != 0) {
897 al = SSL_AD_ILLEGAL_PARAMETER;
898 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
899 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
900 goto f_err;
901 }
902
903 /* TLS extensions*/
904 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
905 /* 'al' set by ssl_parse_serverhello_tlsext */
906 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
907 goto f_err;
908 }
909 if (ssl_check_serverhello_tlsext(s) <= 0) {
910 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
911 goto err;
912 }
913
914 if (p != d + n)
915 goto truncated;
916
917 return (1);
918
919truncated:
920 /* wrong packet length */
921 al = SSL_AD_DECODE_ERROR;
922 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
923f_err:
924 ssl3_send_alert(s, SSL3_AL_FATAL, al);
925err:
926 return (-1);
927}
928
929int
930ssl3_get_server_certificate(SSL *s)
931{
932 int al, i, ok, ret = -1;
933 long n;
934 CBS cbs, cert_list;
935 X509 *x = NULL;
936 const unsigned char *q;
937 STACK_OF(X509) *sk = NULL;
938 SESS_CERT *sc;
939 EVP_PKEY *pkey = NULL;
940
941 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
942 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
943
944 if (!ok)
945 return ((int)n);
946
947 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
948 s->s3->tmp.reuse_message = 1;
949 return (1);
950 }
951
952 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
953 al = SSL_AD_UNEXPECTED_MESSAGE;
954 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
955 SSL_R_BAD_MESSAGE_TYPE);
956 goto f_err;
957 }
958
959
960 if ((sk = sk_X509_new_null()) == NULL) {
961 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
962 ERR_R_MALLOC_FAILURE);
963 goto err;
964 }
965
966 if (n < 0)
967 goto truncated;
968
969 CBS_init(&cbs, s->init_msg, n);
970 if (CBS_len(&cbs) < 3)
971 goto truncated;
972
973 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
974 CBS_len(&cbs) != 0) {
975 al = SSL_AD_DECODE_ERROR;
976 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
977 SSL_R_LENGTH_MISMATCH);
978 goto f_err;
979 }
980
981 while (CBS_len(&cert_list) > 0) {
982 CBS cert;
983
984 if (CBS_len(&cert_list) < 3)
985 goto truncated;
986 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
987 al = SSL_AD_DECODE_ERROR;
988 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
989 SSL_R_CERT_LENGTH_MISMATCH);
990 goto f_err;
991 }
992
993 q = CBS_data(&cert);
994 x = d2i_X509(NULL, &q, CBS_len(&cert));
995 if (x == NULL) {
996 al = SSL_AD_BAD_CERTIFICATE;
997 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
998 ERR_R_ASN1_LIB);
999 goto f_err;
1000 }
1001 if (q != CBS_data(&cert) + CBS_len(&cert)) {
1002 al = SSL_AD_DECODE_ERROR;
1003 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1004 SSL_R_CERT_LENGTH_MISMATCH);
1005 goto f_err;
1006 }
1007 if (!sk_X509_push(sk, x)) {
1008 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1009 ERR_R_MALLOC_FAILURE);
1010 goto err;
1011 }
1012 x = NULL;
1013 }
1014
1015 i = ssl_verify_cert_chain(s, sk);
1016 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
1017 al = ssl_verify_alarm_type(s->verify_result);
1018 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1019 SSL_R_CERTIFICATE_VERIFY_FAILED);
1020 goto f_err;
1021
1022 }
1023 ERR_clear_error(); /* but we keep s->verify_result */
1024
1025 sc = ssl_sess_cert_new();
1026 if (sc == NULL)
1027 goto err;
1028 if (s->session->sess_cert)
1029 ssl_sess_cert_free(s->session->sess_cert);
1030 s->session->sess_cert = sc;
1031
1032 sc->cert_chain = sk;
1033 /*
1034 * Inconsistency alert: cert_chain does include the peer's
1035 * certificate, which we don't include in s3_srvr.c
1036 */
1037 x = sk_X509_value(sk, 0);
1038 sk = NULL;
1039 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1040
1041 pkey = X509_get_pubkey(x);
1042
1043 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
1044 x = NULL;
1045 al = SSL3_AL_FATAL;
1046 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1047 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1048 goto f_err;
1049 }
1050
1051 i = ssl_cert_type(x, pkey);
1052 if (i < 0) {
1053 x = NULL;
1054 al = SSL3_AL_FATAL;
1055 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1056 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1057 goto f_err;
1058 }
1059
1060 sc->peer_cert_type = i;
1061 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1062 /*
1063 * Why would the following ever happen?
1064 * We just created sc a couple of lines ago.
1065 */
1066 X509_free(sc->peer_pkeys[i].x509);
1067 sc->peer_pkeys[i].x509 = x;
1068 sc->peer_key = &(sc->peer_pkeys[i]);
1069
1070 X509_free(s->session->peer);
1071 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1072 s->session->peer = x;
1073 s->session->verify_result = s->verify_result;
1074
1075 x = NULL;
1076 ret = 1;
1077
1078 if (0) {
1079truncated:
1080 /* wrong packet length */
1081 al = SSL_AD_DECODE_ERROR;
1082 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1083 SSL_R_BAD_PACKET_LENGTH);
1084f_err:
1085 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1086 }
1087err:
1088 EVP_PKEY_free(pkey);
1089 X509_free(x);
1090 sk_X509_pop_free(sk, X509_free);
1091 return (ret);
1092}
1093
1094int
1095ssl3_get_key_exchange(SSL *s)
1096{
1097 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
1098 EVP_MD_CTX md_ctx;
1099 unsigned char *param, *p;
1100 int al, i, j, param_len, ok;
1101 long n, alg_k, alg_a;
1102 EVP_PKEY *pkey = NULL;
1103 const EVP_MD *md = NULL;
1104 RSA *rsa = NULL;
1105 DH *dh = NULL;
1106 EC_KEY *ecdh = NULL;
1107 BN_CTX *bn_ctx = NULL;
1108 EC_POINT *srvr_ecpoint = NULL;
1109 int curve_nid = 0;
1110 int encoded_pt_len = 0;
1111
1112 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1113 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1114
1115 /*
1116 * Use same message size as in ssl3_get_certificate_request()
1117 * as ServerKeyExchange message may be skipped.
1118 */
1119 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1120 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
1121 if (!ok)
1122 return ((int)n);
1123
1124 EVP_MD_CTX_init(&md_ctx);
1125
1126 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1127 /*
1128 * Do not skip server key exchange if this cipher suite uses
1129 * ephemeral keys.
1130 */
1131 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
1132 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1133 SSL_R_UNEXPECTED_MESSAGE);
1134 al = SSL_AD_UNEXPECTED_MESSAGE;
1135 goto f_err;
1136 }
1137
1138 s->s3->tmp.reuse_message = 1;
1139 EVP_MD_CTX_cleanup(&md_ctx);
1140 return (1);
1141 }
1142
1143 if (s->session->sess_cert != NULL) {
1144 DH_free(s->session->sess_cert->peer_dh_tmp);
1145 s->session->sess_cert->peer_dh_tmp = NULL;
1146
1147 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1148 s->session->sess_cert->peer_ecdh_tmp = NULL;
1149 } else {
1150 s->session->sess_cert = ssl_sess_cert_new();
1151 if (s->session->sess_cert == NULL)
1152 goto err;
1153 }
1154
1155 param = p = (unsigned char *)s->init_msg;
1156 param_len = 0;
1157
1158 if (alg_k & SSL_kDHE) {
1159 if ((dh = DH_new()) == NULL) {
1160 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1161 ERR_R_DH_LIB);
1162 goto err;
1163 }
1164 if (2 > n)
1165 goto truncated;
1166 n2s(p, i);
1167 param_len = i + 2;
1168 if (param_len > n) {
1169 al = SSL_AD_DECODE_ERROR;
1170 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1171 SSL_R_BAD_DH_P_LENGTH);
1172 goto f_err;
1173 }
1174 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1175 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1176 ERR_R_BN_LIB);
1177 goto err;
1178 }
1179 p += i;
1180
1181 if (param_len + 2 > n)
1182 goto truncated;
1183 n2s(p, i);
1184 param_len += i + 2;
1185 if (param_len > n) {
1186 al = SSL_AD_DECODE_ERROR;
1187 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1188 SSL_R_BAD_DH_G_LENGTH);
1189 goto f_err;
1190 }
1191 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1192 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1193 ERR_R_BN_LIB);
1194 goto err;
1195 }
1196 p += i;
1197
1198 if (param_len + 2 > n)
1199 goto truncated;
1200 n2s(p, i);
1201 param_len += i + 2;
1202 if (param_len > n) {
1203 al = SSL_AD_DECODE_ERROR;
1204 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1205 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1206 goto f_err;
1207 }
1208 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1209 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1210 ERR_R_BN_LIB);
1211 goto err;
1212 }
1213 p += i;
1214 n -= param_len;
1215
1216 /*
1217 * Check the strength of the DH key just constructed.
1218 * Discard keys weaker than 1024 bits.
1219 */
1220
1221 if (DH_size(dh) < 1024 / 8) {
1222 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1223 SSL_R_BAD_DH_P_LENGTH);
1224 goto err;
1225 }
1226
1227 if (alg_a & SSL_aRSA)
1228 pkey = X509_get_pubkey(
1229 s->session->sess_cert->peer_pkeys[
1230 SSL_PKEY_RSA_ENC].x509);
1231 else if (alg_a & SSL_aDSS)
1232 pkey = X509_get_pubkey(
1233 s->session->sess_cert->peer_pkeys[
1234 SSL_PKEY_DSA_SIGN].x509);
1235 /* else anonymous DH, so no certificate or pkey. */
1236
1237 s->session->sess_cert->peer_dh_tmp = dh;
1238 dh = NULL;
1239 } else if (alg_k & SSL_kECDHE) {
1240 const EC_GROUP *group;
1241 EC_GROUP *ngroup;
1242
1243 if ((ecdh = EC_KEY_new()) == NULL) {
1244 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1245 ERR_R_MALLOC_FAILURE);
1246 goto err;
1247 }
1248
1249 /*
1250 * Extract elliptic curve parameters and the
1251 * server's ephemeral ECDH public key.
1252 * Keep accumulating lengths of various components in
1253 * param_len and make sure it never exceeds n.
1254 */
1255
1256 /*
1257 * XXX: For now we only support named (not generic) curves
1258 * and the ECParameters in this case is just three bytes.
1259 */
1260 param_len = 3;
1261 if (param_len > n) {
1262 al = SSL_AD_DECODE_ERROR;
1263 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1264 SSL_R_LENGTH_TOO_SHORT);
1265 goto f_err;
1266 }
1267
1268 /*
1269 * Check curve is one of our preferences, if not server has
1270 * sent an invalid curve.
1271 */
1272 if (tls1_check_curve(s, p, param_len) != 1) {
1273 al = SSL_AD_DECODE_ERROR;
1274 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
1275 goto f_err;
1276 }
1277
1278 if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
1279 al = SSL_AD_INTERNAL_ERROR;
1280 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1281 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1282 goto f_err;
1283 }
1284
1285 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1286 if (ngroup == NULL) {
1287 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1288 ERR_R_EC_LIB);
1289 goto err;
1290 }
1291 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1292 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1293 ERR_R_EC_LIB);
1294 goto err;
1295 }
1296 EC_GROUP_free(ngroup);
1297
1298 group = EC_KEY_get0_group(ecdh);
1299
1300 p += 3;
1301
1302 /* Next, get the encoded ECPoint */
1303 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1304 ((bn_ctx = BN_CTX_new()) == NULL)) {
1305 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1306 ERR_R_MALLOC_FAILURE);
1307 goto err;
1308 }
1309
1310 if (param_len + 1 > n)
1311 goto truncated;
1312 encoded_pt_len = *p;
1313 /* length of encoded point */
1314 p += 1;
1315 param_len += (1 + encoded_pt_len);
1316 if ((param_len > n) || (EC_POINT_oct2point(group, srvr_ecpoint,
1317 p, encoded_pt_len, bn_ctx) == 0)) {
1318 al = SSL_AD_DECODE_ERROR;
1319 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1320 SSL_R_BAD_ECPOINT);
1321 goto f_err;
1322 }
1323
1324 n -= param_len;
1325 p += encoded_pt_len;
1326
1327 /*
1328 * The ECC/TLS specification does not mention the use
1329 * of DSA to sign ECParameters in the server key
1330 * exchange message. We do support RSA and ECDSA.
1331 */
1332 if (alg_a & SSL_aRSA)
1333 pkey = X509_get_pubkey(
1334 s->session->sess_cert->peer_pkeys[
1335 SSL_PKEY_RSA_ENC].x509);
1336 else if (alg_a & SSL_aECDSA)
1337 pkey = X509_get_pubkey(
1338 s->session->sess_cert->peer_pkeys[
1339 SSL_PKEY_ECC].x509);
1340 /* Else anonymous ECDH, so no certificate or pkey. */
1341 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1342 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1343 ecdh = NULL;
1344 BN_CTX_free(bn_ctx);
1345 bn_ctx = NULL;
1346 EC_POINT_free(srvr_ecpoint);
1347 srvr_ecpoint = NULL;
1348 } else if (alg_k) {
1349 al = SSL_AD_UNEXPECTED_MESSAGE;
1350 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1351 SSL_R_UNEXPECTED_MESSAGE);
1352 goto f_err;
1353 }
1354
1355 /* p points to the next byte, there are 'n' bytes left */
1356
1357 /* if it was signed, check the signature */
1358 if (pkey != NULL) {
1359 if (SSL_USE_SIGALGS(s)) {
1360 int sigalg = tls12_get_sigid(pkey);
1361 /* Should never happen */
1362 if (sigalg == -1) {
1363 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1364 ERR_R_INTERNAL_ERROR);
1365 goto err;
1366 }
1367 /*
1368 * Check key type is consistent
1369 * with signature
1370 */
1371 if (2 > n)
1372 goto truncated;
1373 if (sigalg != (int)p[1]) {
1374 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1375 SSL_R_WRONG_SIGNATURE_TYPE);
1376 al = SSL_AD_DECODE_ERROR;
1377 goto f_err;
1378 }
1379 md = tls12_get_hash(p[0]);
1380 if (md == NULL) {
1381 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1382 SSL_R_UNKNOWN_DIGEST);
1383 al = SSL_AD_DECODE_ERROR;
1384 goto f_err;
1385 }
1386 p += 2;
1387 n -= 2;
1388 } else
1389 md = EVP_sha1();
1390
1391 if (2 > n)
1392 goto truncated;
1393 n2s(p, i);
1394 n -= 2;
1395 j = EVP_PKEY_size(pkey);
1396
1397 if (i != n || n > j) {
1398 /* wrong packet length */
1399 al = SSL_AD_DECODE_ERROR;
1400 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1401 SSL_R_WRONG_SIGNATURE_LENGTH);
1402 goto f_err;
1403 }
1404
1405 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1406 int num;
1407
1408 j = 0;
1409 q = md_buf;
1410 for (num = 2; num > 0; num--) {
1411 if (!EVP_DigestInit_ex(&md_ctx,
1412 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1413 NULL)) {
1414 al = SSL_AD_INTERNAL_ERROR;
1415 goto f_err;
1416 }
1417 EVP_DigestUpdate(&md_ctx,
1418 s->s3->client_random,
1419 SSL3_RANDOM_SIZE);
1420 EVP_DigestUpdate(&md_ctx,
1421 s->s3->server_random,
1422 SSL3_RANDOM_SIZE);
1423 EVP_DigestUpdate(&md_ctx, param, param_len);
1424 EVP_DigestFinal_ex(&md_ctx, q,
1425 (unsigned int *)&i);
1426 q += i;
1427 j += i;
1428 }
1429 i = RSA_verify(NID_md5_sha1, md_buf, j,
1430 p, n, pkey->pkey.rsa);
1431 if (i < 0) {
1432 al = SSL_AD_DECRYPT_ERROR;
1433 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1434 SSL_R_BAD_RSA_DECRYPT);
1435 goto f_err;
1436 }
1437 if (i == 0) {
1438 /* bad signature */
1439 al = SSL_AD_DECRYPT_ERROR;
1440 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1441 SSL_R_BAD_SIGNATURE);
1442 goto f_err;
1443 }
1444 } else {
1445 EVP_VerifyInit_ex(&md_ctx, md, NULL);
1446 EVP_VerifyUpdate(&md_ctx, s->s3->client_random,
1447 SSL3_RANDOM_SIZE);
1448 EVP_VerifyUpdate(&md_ctx, s->s3->server_random,
1449 SSL3_RANDOM_SIZE);
1450 EVP_VerifyUpdate(&md_ctx, param, param_len);
1451 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1452 /* bad signature */
1453 al = SSL_AD_DECRYPT_ERROR;
1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1455 SSL_R_BAD_SIGNATURE);
1456 goto f_err;
1457 }
1458 }
1459 } else {
1460 /* aNULL does not need public keys. */
1461 if (!(alg_a & SSL_aNULL)) {
1462 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1463 ERR_R_INTERNAL_ERROR);
1464 goto err;
1465 }
1466 /* still data left over */
1467 if (n != 0) {
1468 al = SSL_AD_DECODE_ERROR;
1469 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1470 SSL_R_EXTRA_DATA_IN_MESSAGE);
1471 goto f_err;
1472 }
1473 }
1474 EVP_PKEY_free(pkey);
1475 EVP_MD_CTX_cleanup(&md_ctx);
1476 return (1);
1477truncated:
1478 /* wrong packet length */
1479 al = SSL_AD_DECODE_ERROR;
1480 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
1481f_err:
1482 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1483err:
1484 EVP_PKEY_free(pkey);
1485 RSA_free(rsa);
1486 DH_free(dh);
1487 BN_CTX_free(bn_ctx);
1488 EC_POINT_free(srvr_ecpoint);
1489 EC_KEY_free(ecdh);
1490 EVP_MD_CTX_cleanup(&md_ctx);
1491 return (-1);
1492}
1493
1494int
1495ssl3_get_certificate_request(SSL *s)
1496{
1497 int ok, ret = 0;
1498 long n;
1499 uint8_t ctype_num;
1500 CBS cert_request, ctypes, rdn_list;
1501 X509_NAME *xn = NULL;
1502 const unsigned char *q;
1503 STACK_OF(X509_NAME) *ca_sk = NULL;
1504
1505 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1506 SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok);
1507
1508 if (!ok)
1509 return ((int)n);
1510
1511 s->s3->tmp.cert_req = 0;
1512
1513 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
1514 s->s3->tmp.reuse_message = 1;
1515 /*
1516 * If we get here we don't need any cached handshake records
1517 * as we wont be doing client auth.
1518 */
1519 if (s->s3->handshake_buffer) {
1520 if (!tls1_digest_cached_records(s))
1521 goto err;
1522 }
1523 return (1);
1524 }
1525
1526 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1527 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1528 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1529 SSL_R_WRONG_MESSAGE_TYPE);
1530 goto err;
1531 }
1532
1533 /* TLS does not like anon-DH with client cert */
1534 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1535 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1536 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1537 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1538 goto err;
1539 }
1540
1541 if (n < 0)
1542 goto truncated;
1543 CBS_init(&cert_request, s->init_msg, n);
1544
1545 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1546 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1547 ERR_R_MALLOC_FAILURE);
1548 goto err;
1549 }
1550
1551 /* get the certificate types */
1552 if (!CBS_get_u8(&cert_request, &ctype_num))
1553 goto truncated;
1554
1555 if (ctype_num > SSL3_CT_NUMBER)
1556 ctype_num = SSL3_CT_NUMBER;
1557 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1558 !CBS_write_bytes(&ctypes, s->s3->tmp.ctype,
1559 sizeof(s->s3->tmp.ctype), NULL)) {
1560 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1561 SSL_R_DATA_LENGTH_TOO_LONG);
1562 goto err;
1563 }
1564
1565 if (SSL_USE_SIGALGS(s)) {
1566 CBS sigalgs;
1567
1568 if (CBS_len(&cert_request) < 2) {
1569 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1570 SSL_R_DATA_LENGTH_TOO_LONG);
1571 goto err;
1572 }
1573
1574 /* Check we have enough room for signature algorithms and
1575 * following length value.
1576 */
1577 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
1578 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1579 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1580 SSL_R_DATA_LENGTH_TOO_LONG);
1581 goto err;
1582 }
1583 if ((CBS_len(&sigalgs) & 1) ||
1584 !tls1_process_sigalgs(s, CBS_data(&sigalgs),
1585 CBS_len(&sigalgs))) {
1586 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1587 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1588 SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1589 goto err;
1590 }
1591 }
1592
1593 /* get the CA RDNs */
1594 if (CBS_len(&cert_request) < 2) {
1595 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1596 SSL_R_DATA_LENGTH_TOO_LONG);
1597 goto err;
1598 }
1599
1600 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
1601 CBS_len(&cert_request) != 0) {
1602 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1603 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1604 SSL_R_LENGTH_MISMATCH);
1605 goto err;
1606 }
1607
1608 while (CBS_len(&rdn_list) > 0) {
1609 CBS rdn;
1610
1611 if (CBS_len(&rdn_list) < 2) {
1612 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1613 SSL_R_DATA_LENGTH_TOO_LONG);
1614 goto err;
1615 }
1616
1617 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
1618 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1619 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1620 SSL_R_CA_DN_TOO_LONG);
1621 goto err;
1622 }
1623
1624 q = CBS_data(&rdn);
1625 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
1626 ssl3_send_alert(s, SSL3_AL_FATAL,
1627 SSL_AD_DECODE_ERROR);
1628 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1629 ERR_R_ASN1_LIB);
1630 goto err;
1631 }
1632
1633 if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
1634 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1635 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1636 SSL_R_CA_DN_LENGTH_MISMATCH);
1637 goto err;
1638 }
1639 if (!sk_X509_NAME_push(ca_sk, xn)) {
1640 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1641 ERR_R_MALLOC_FAILURE);
1642 goto err;
1643 }
1644 xn = NULL; /* avoid free in err block */
1645 }
1646
1647 /* we should setup a certificate to return.... */
1648 s->s3->tmp.cert_req = 1;
1649 s->s3->tmp.ctype_num = ctype_num;
1650 if (s->s3->tmp.ca_names != NULL)
1651 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
1652 s->s3->tmp.ca_names = ca_sk;
1653 ca_sk = NULL;
1654
1655 ret = 1;
1656 if (0) {
1657truncated:
1658 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1659 SSL_R_BAD_PACKET_LENGTH);
1660 }
1661err:
1662 X509_NAME_free(xn);
1663 if (ca_sk != NULL)
1664 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
1665 return (ret);
1666}
1667
1668static int
1669ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1670{
1671 return (X509_NAME_cmp(*a, *b));
1672}
1673
1674int
1675ssl3_get_new_session_ticket(SSL *s)
1676{
1677 int ok, al, ret = 0;
1678 uint32_t lifetime_hint;
1679 long n;
1680 CBS cbs, session_ticket;
1681
1682 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
1683 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
1684 if (!ok)
1685 return ((int)n);
1686
1687 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) {
1688 s->s3->tmp.reuse_message = 1;
1689 return (1);
1690 }
1691 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1692 al = SSL_AD_UNEXPECTED_MESSAGE;
1693 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1694 SSL_R_BAD_MESSAGE_TYPE);
1695 goto f_err;
1696 }
1697
1698 if (n < 0) {
1699 al = SSL_AD_DECODE_ERROR;
1700 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1701 SSL_R_LENGTH_MISMATCH);
1702 goto f_err;
1703 }
1704
1705 CBS_init(&cbs, s->init_msg, n);
1706 if (!CBS_get_u32(&cbs, &lifetime_hint) ||
1707#if UINT32_MAX > LONG_MAX
1708 lifetime_hint > LONG_MAX ||
1709#endif
1710 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1711 CBS_len(&cbs) != 0) {
1712 al = SSL_AD_DECODE_ERROR;
1713 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1714 SSL_R_LENGTH_MISMATCH);
1715 goto f_err;
1716 }
1717 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
1718
1719 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
1720 &s->session->tlsext_ticklen)) {
1721 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1722 ERR_R_MALLOC_FAILURE);
1723 goto err;
1724 }
1725
1726 /*
1727 * There are two ways to detect a resumed ticket sesion.
1728 * One is to set an appropriate session ID and then the server
1729 * must return a match in ServerHello. This allows the normal
1730 * client session ID matching to work and we know much
1731 * earlier that the ticket has been accepted.
1732 *
1733 * The other way is to set zero length session ID when the
1734 * ticket is presented and rely on the handshake to determine
1735 * session resumption.
1736 *
1737 * We choose the former approach because this fits in with
1738 * assumptions elsewhere in OpenSSL. The session ID is set
1739 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1740 * ticket.
1741 */
1742 EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket),
1743 s->session->session_id, &s->session->session_id_length,
1744 EVP_sha256(), NULL);
1745 ret = 1;
1746 return (ret);
1747f_err:
1748 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1749err:
1750 return (-1);
1751}
1752
1753int
1754ssl3_get_cert_status(SSL *s)
1755{
1756 CBS cert_status, response;
1757 size_t stow_len;
1758 int ok, al;
1759 long n;
1760 uint8_t status_type;
1761
1762 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
1763 SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
1764 16384, &ok);
1765
1766 if (!ok)
1767 return ((int)n);
1768
1769 if (n < 0) {
1770 /* need at least status type + length */
1771 al = SSL_AD_DECODE_ERROR;
1772 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1773 SSL_R_LENGTH_MISMATCH);
1774 goto f_err;
1775 }
1776
1777 CBS_init(&cert_status, s->init_msg, n);
1778 if (!CBS_get_u8(&cert_status, &status_type) ||
1779 CBS_len(&cert_status) < 3) {
1780 /* need at least status type + length */
1781 al = SSL_AD_DECODE_ERROR;
1782 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1783 SSL_R_LENGTH_MISMATCH);
1784 goto f_err;
1785 }
1786
1787 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
1788 al = SSL_AD_DECODE_ERROR;
1789 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1790 SSL_R_UNSUPPORTED_STATUS_TYPE);
1791 goto f_err;
1792 }
1793
1794 if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
1795 CBS_len(&cert_status) != 0) {
1796 al = SSL_AD_DECODE_ERROR;
1797 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1798 SSL_R_LENGTH_MISMATCH);
1799 goto f_err;
1800 }
1801
1802 if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
1803 &stow_len) || stow_len > INT_MAX) {
1804 s->tlsext_ocsp_resplen = 0;
1805 al = SSL_AD_INTERNAL_ERROR;
1806 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1807 ERR_R_MALLOC_FAILURE);
1808 goto f_err;
1809 }
1810 s->tlsext_ocsp_resplen = (int)stow_len;
1811
1812 if (s->ctx->tlsext_status_cb) {
1813 int ret;
1814 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1815 if (ret == 0) {
1816 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1817 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1818 SSL_R_INVALID_STATUS_RESPONSE);
1819 goto f_err;
1820 }
1821 if (ret < 0) {
1822 al = SSL_AD_INTERNAL_ERROR;
1823 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1824 ERR_R_MALLOC_FAILURE);
1825 goto f_err;
1826 }
1827 }
1828 return (1);
1829f_err:
1830 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1831 return (-1);
1832}
1833
1834int
1835ssl3_get_server_done(SSL *s)
1836{
1837 int ok, ret = 0;
1838 long n;
1839
1840 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
1841 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
1842 30, /* should be very small, like 0 :-) */ &ok);
1843
1844 if (!ok)
1845 return ((int)n);
1846 if (n > 0) {
1847 /* should contain no data */
1848 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1849 SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
1850 return (-1);
1851 }
1852 ret = 1;
1853 return (ret);
1854}
1855
1856static int
1857ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1858 int *outlen)
1859{
1860 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1861 EVP_PKEY *pkey = NULL;
1862 unsigned char *q;
1863 int ret = -1;
1864 int n;
1865
1866 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1867 if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
1868 pkey->pkey.rsa == NULL) {
1869 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1870 ERR_R_INTERNAL_ERROR);
1871 goto err;
1872 }
1873
1874 tmp_buf[0] = s->client_version >> 8;
1875 tmp_buf[1] = s->client_version & 0xff;
1876 arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2);
1877
1878 s->session->master_key_length = sizeof(tmp_buf);
1879
1880 q = p;
1881 p += 2;
1882
1883 n = RSA_public_encrypt(sizeof(tmp_buf), tmp_buf, p, pkey->pkey.rsa,
1884 RSA_PKCS1_PADDING);
1885 if (n <= 0) {
1886 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1887 SSL_R_BAD_RSA_ENCRYPT);
1888 goto err;
1889 }
1890
1891 s2n(n, q);
1892 n += 2;
1893
1894 s->session->master_key_length =
1895 s->method->ssl3_enc->generate_master_secret(s,
1896 s->session->master_key, tmp_buf, sizeof(tmp_buf));
1897
1898 *outlen = n;
1899 ret = 1;
1900
1901err:
1902 explicit_bzero(tmp_buf, sizeof(tmp_buf));
1903 EVP_PKEY_free(pkey);
1904
1905 return (ret);
1906}
1907
1908static int
1909ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1910 int *outlen)
1911{
1912 DH *dh_srvr = NULL, *dh_clnt = NULL;
1913 unsigned char *key = NULL;
1914 int key_size, n;
1915 int ret = -1;
1916
1917 /* Ensure that we have an ephemeral key for DHE. */
1918 if (sess_cert->peer_dh_tmp == NULL) {
1919 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1920 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1921 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1922 goto err;
1923 }
1924 dh_srvr = sess_cert->peer_dh_tmp;
1925
1926 /* Generate a new random key. */
1927 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1928 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1929 goto err;
1930 }
1931 if (!DH_generate_key(dh_clnt)) {
1932 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1933 goto err;
1934 }
1935 key_size = DH_size(dh_clnt);
1936 if ((key = malloc(key_size)) == NULL) {
1937 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1938 ERR_R_MALLOC_FAILURE);
1939 goto err;
1940 }
1941 n = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
1942 if (n <= 0) {
1943 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1944 goto err;
1945 }
1946
1947 /* Generate master key from the result. */
1948 s->session->master_key_length =
1949 s->method->ssl3_enc->generate_master_secret(s,
1950 s->session->master_key, key, n);
1951
1952 /* Send off the data. */
1953 n = BN_num_bytes(dh_clnt->pub_key);
1954 s2n(n, p);
1955 BN_bn2bin(dh_clnt->pub_key, p);
1956 n += 2;
1957
1958 *outlen = n;
1959 ret = 1;
1960
1961err:
1962 DH_free(dh_clnt);
1963 if (key != NULL)
1964 explicit_bzero(key, key_size);
1965 free(key);
1966
1967 return (ret);
1968}
1969
1970static int
1971ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1972 int *outlen)
1973{
1974 EC_KEY *tkey, *clnt_ecdh = NULL;
1975 const EC_GROUP *srvr_group = NULL;
1976 const EC_POINT *srvr_ecpoint = NULL;
1977 EVP_PKEY *srvr_pub_pkey = NULL;
1978 BN_CTX *bn_ctx = NULL;
1979 unsigned char *encodedPoint = NULL;
1980 unsigned char *key = NULL;
1981 unsigned long alg_k;
1982 int encoded_pt_len = 0;
1983 int key_size, n;
1984 int ret = -1;
1985
1986 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1987
1988 /* Ensure that we have an ephemeral key for ECDHE. */
1989 if ((alg_k & SSL_kECDHE) && sess_cert->peer_ecdh_tmp == NULL) {
1990 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1991 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1992 ERR_R_INTERNAL_ERROR);
1993 goto err;
1994 }
1995 tkey = sess_cert->peer_ecdh_tmp;
1996
1997 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
1998 /* Get the Server Public Key from certificate. */
1999 srvr_pub_pkey = X509_get_pubkey(
2000 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2001 if (srvr_pub_pkey != NULL && srvr_pub_pkey->type == EVP_PKEY_EC)
2002 tkey = srvr_pub_pkey->pkey.ec;
2003 }
2004
2005 if (tkey == NULL) {
2006 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2007 ERR_R_INTERNAL_ERROR);
2008 goto err;
2009 }
2010
2011 srvr_group = EC_KEY_get0_group(tkey);
2012 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2013
2014 if (srvr_group == NULL || srvr_ecpoint == NULL) {
2015 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2016 ERR_R_INTERNAL_ERROR);
2017 goto err;
2018 }
2019
2020 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
2021 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2022 ERR_R_MALLOC_FAILURE);
2023 goto err;
2024 }
2025
2026 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
2027 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
2028 goto err;
2029 }
2030
2031 /* Generate a new ECDH key pair. */
2032 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2033 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2034 goto err;
2035 }
2036 key_size = ECDH_size(clnt_ecdh);
2037 if (key_size <= 0) {
2038 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2039 goto err;
2040 }
2041 if ((key = malloc(key_size)) == NULL) {
2042 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2043 ERR_R_MALLOC_FAILURE);
2044 }
2045 n = ECDH_compute_key(key, key_size, srvr_ecpoint, clnt_ecdh, NULL);
2046 if (n <= 0) {
2047 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2048 goto err;
2049 }
2050
2051 /* Generate master key from the result. */
2052 s->session->master_key_length =
2053 s->method->ssl3_enc->generate_master_secret(s,
2054 s->session->master_key, key, n);
2055
2056 /*
2057 * First check the size of encoding and allocate memory accordingly.
2058 */
2059 encoded_pt_len = EC_POINT_point2oct(srvr_group,
2060 EC_KEY_get0_public_key(clnt_ecdh),
2061 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
2062
2063 bn_ctx = BN_CTX_new();
2064 encodedPoint = malloc(encoded_pt_len);
2065 if (encodedPoint == NULL || bn_ctx == NULL) {
2066 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2067 ERR_R_MALLOC_FAILURE);
2068 goto err;
2069 }
2070
2071 /* Encode the public key */
2072 n = EC_POINT_point2oct(srvr_group, EC_KEY_get0_public_key(clnt_ecdh),
2073 POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encoded_pt_len,
2074 bn_ctx);
2075
2076 *p = n; /* length of encoded point */
2077 /* Encoded point will be copied here */
2078 p += 1;
2079
2080 /* copy the point */
2081 memcpy((unsigned char *)p, encodedPoint, n);
2082 /* increment n to account for length field */
2083 n += 1;
2084
2085 *outlen = n;
2086 ret = 1;
2087
2088err:
2089 if (key != NULL)
2090 explicit_bzero(key, key_size);
2091 free(key);
2092
2093 BN_CTX_free(bn_ctx);
2094 free(encodedPoint);
2095 EC_KEY_free(clnt_ecdh);
2096 EVP_PKEY_free(srvr_pub_pkey);
2097
2098 return (ret);
2099}
2100
2101static int
2102ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
2103 int *outlen)
2104{
2105 unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
2106 EVP_PKEY *pub_key = NULL;
2107 EVP_PKEY_CTX *pkey_ctx;
2108 X509 *peer_cert;
2109 size_t msglen;
2110 unsigned int md_len;
2111 EVP_MD_CTX *ukm_hash;
2112 int ret = -1;
2113 int nid;
2114 int n;
2115
2116 /* Get server sertificate PKEY and create ctx from it */
2117 peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
2118 if (peer_cert == NULL) {
2119 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2120 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2121 goto err;
2122 }
2123
2124 pub_key = X509_get_pubkey(peer_cert);
2125 pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL);
2126
2127 /*
2128 * If we have send a certificate, and certificate key parameters match
2129 * those of server certificate, use certificate key for key exchange.
2130 * Otherwise, generate ephemeral key pair.
2131 */
2132 EVP_PKEY_encrypt_init(pkey_ctx);
2133
2134 /* Generate session key. */
2135 arc4random_buf(premaster_secret, 32);
2136
2137 /*
2138 * If we have client certificate, use its secret as peer key.
2139 */
2140 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2141 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2142 s->cert->key->privatekey) <=0) {
2143 /*
2144 * If there was an error - just ignore it.
2145 * Ephemeral key would be used.
2146 */
2147 ERR_clear_error();
2148 }
2149 }
2150
2151 /*
2152 * Compute shared IV and store it in algorithm-specific context data.
2153 */
2154 ukm_hash = EVP_MD_CTX_create();
2155 if (ukm_hash == NULL) {
2156 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2157 ERR_R_MALLOC_FAILURE);
2158 goto err;
2159 }
2160
2161 if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94)
2162 nid = NID_id_GostR3411_94;
2163 else
2164 nid = NID_id_tc26_gost3411_2012_256;
2165 if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
2166 goto err;
2167 EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE);
2168 EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE);
2169 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2170 EVP_MD_CTX_destroy(ukm_hash);
2171 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
2172 EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
2173 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG);
2174 goto err;
2175 }
2176
2177 /*
2178 * Make GOST keytransport blob message, encapsulate it into sequence.
2179 */
2180 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2181 msglen = 255;
2182 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
2183 32) < 0) {
2184 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG);
2185 goto err;
2186 }
2187 if (msglen >= 0x80) {
2188 *(p++) = 0x81;
2189 *(p++) = msglen & 0xff;
2190 n = msglen + 3;
2191 } else {
2192 *(p++) = msglen & 0xff;
2193 n = msglen + 2;
2194 }
2195 memcpy(p, tmp, msglen);
2196
2197 /* Check if pubkey from client certificate was used. */
2198 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
2199 NULL) > 0) {
2200 /* Set flag "skip certificate verify". */
2201 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2202 }
2203 EVP_PKEY_CTX_free(pkey_ctx);
2204 s->session->master_key_length =
2205 s->method->ssl3_enc->generate_master_secret(s,
2206 s->session->master_key, premaster_secret, 32);
2207
2208 *outlen = n;
2209 ret = 1;
2210
2211err:
2212 explicit_bzero(premaster_secret, sizeof(premaster_secret));
2213 EVP_PKEY_free(pub_key);
2214
2215 return (ret);
2216}
2217
2218int
2219ssl3_send_client_key_exchange(SSL *s)
2220{
2221 SESS_CERT *sess_cert;
2222 unsigned long alg_k;
2223 unsigned char *p;
2224 int n = 0;
2225
2226 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
2227 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
2228
2229 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2230
2231 if ((sess_cert = s->session->sess_cert) == NULL) {
2232 ssl3_send_alert(s, SSL3_AL_FATAL,
2233 SSL_AD_UNEXPECTED_MESSAGE);
2234 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2235 ERR_R_INTERNAL_ERROR);
2236 goto err;
2237 }
2238
2239 if (alg_k & SSL_kRSA) {
2240 if (ssl3_send_client_kex_rsa(s, sess_cert, p, &n) != 1)
2241 goto err;
2242 } else if (alg_k & SSL_kDHE) {
2243 if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1)
2244 goto err;
2245 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2246 if (ssl3_send_client_kex_ecdh(s, sess_cert, p, &n) != 1)
2247 goto err;
2248 } else if (alg_k & SSL_kGOST) {
2249 if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1)
2250 goto err;
2251 } else {
2252 ssl3_send_alert(s, SSL3_AL_FATAL,
2253 SSL_AD_HANDSHAKE_FAILURE);
2254 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2255 ERR_R_INTERNAL_ERROR);
2256 goto err;
2257 }
2258
2259 ssl3_handshake_msg_finish(s, n);
2260
2261 s->state = SSL3_ST_CW_KEY_EXCH_B;
2262 }
2263
2264 /* SSL3_ST_CW_KEY_EXCH_B */
2265 return (ssl3_handshake_write(s));
2266
2267err:
2268 return (-1);
2269}
2270
2271int
2272ssl3_send_client_verify(SSL *s)
2273{
2274 unsigned char *p;
2275 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2276 EVP_PKEY *pkey;
2277 EVP_PKEY_CTX *pctx = NULL;
2278 EVP_MD_CTX mctx;
2279 unsigned u = 0;
2280 unsigned long n;
2281 int j;
2282
2283 EVP_MD_CTX_init(&mctx);
2284
2285 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
2286 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
2287
2288 /*
2289 * Create context from key and test if sha1 is allowed as
2290 * digest.
2291 */
2292 pkey = s->cert->key->privatekey;
2293 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2294 EVP_PKEY_sign_init(pctx);
2295 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2296 if (!SSL_USE_SIGALGS(s))
2297 s->method->ssl3_enc->cert_verify_mac(s,
2298 NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2299 } else {
2300 ERR_clear_error();
2301 }
2302 /*
2303 * For TLS v1.2 send signature algorithm and signature
2304 * using agreed digest and cached handshake records.
2305 */
2306 if (SSL_USE_SIGALGS(s)) {
2307 long hdatalen = 0;
2308 void *hdata;
2309 const EVP_MD *md = s->cert->key->digest;
2310 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
2311 &hdata);
2312 if (hdatalen <= 0 ||
2313 !tls12_get_sigandhash(p, pkey, md)) {
2314 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2315 ERR_R_INTERNAL_ERROR);
2316 goto err;
2317 }
2318 p += 2;
2319 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2320 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2321 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2322 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2323 ERR_R_EVP_LIB);
2324 goto err;
2325 }
2326 s2n(u, p);
2327 n = u + 4;
2328 if (!tls1_digest_cached_records(s))
2329 goto err;
2330 } else if (pkey->type == EVP_PKEY_RSA) {
2331 s->method->ssl3_enc->cert_verify_mac(
2332 s, NID_md5, &(data[0]));
2333 if (RSA_sign(NID_md5_sha1, data,
2334 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2335 &u, pkey->pkey.rsa) <= 0 ) {
2336 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2337 ERR_R_RSA_LIB);
2338 goto err;
2339 }
2340 s2n(u, p);
2341 n = u + 2;
2342 } else if (pkey->type == EVP_PKEY_DSA) {
2343 if (!DSA_sign(pkey->save_type,
2344 &(data[MD5_DIGEST_LENGTH]),
2345 SHA_DIGEST_LENGTH, &(p[2]),
2346 (unsigned int *)&j, pkey->pkey.dsa)) {
2347 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2348 ERR_R_DSA_LIB);
2349 goto err;
2350 }
2351 s2n(j, p);
2352 n = j + 2;
2353 } else if (pkey->type == EVP_PKEY_EC) {
2354 if (!ECDSA_sign(pkey->save_type,
2355 &(data[MD5_DIGEST_LENGTH]),
2356 SHA_DIGEST_LENGTH, &(p[2]),
2357 (unsigned int *)&j, pkey->pkey.ec)) {
2358 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2359 ERR_R_ECDSA_LIB);
2360 goto err;
2361 }
2362 s2n(j, p);
2363 n = j + 2;
2364#ifndef OPENSSL_NO_GOST
2365 } else if (pkey->type == NID_id_GostR3410_94 ||
2366 pkey->type == NID_id_GostR3410_2001) {
2367 unsigned char signbuf[128];
2368 long hdatalen = 0;
2369 void *hdata;
2370 const EVP_MD *md;
2371 int nid;
2372 size_t sigsize;
2373
2374 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
2375 if (hdatalen <= 0) {
2376 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2377 ERR_R_INTERNAL_ERROR);
2378 goto err;
2379 }
2380 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2381 !(md = EVP_get_digestbynid(nid))) {
2382 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2383 ERR_R_EVP_LIB);
2384 goto err;
2385 }
2386 if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
2387 !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
2388 !EVP_DigestFinal(&mctx, signbuf, &u) ||
2389 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
2390 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
2391 EVP_PKEY_CTRL_GOST_SIG_FORMAT,
2392 GOST_SIG_FORMAT_RS_LE,
2393 NULL) <= 0) ||
2394 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
2395 signbuf, u) <= 0)) {
2396 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2397 ERR_R_EVP_LIB);
2398 goto err;
2399 }
2400 if (!tls1_digest_cached_records(s))
2401 goto err;
2402 j = sigsize;
2403 s2n(j, p);
2404 n = j + 2;
2405#endif
2406 } else {
2407 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2408 ERR_R_INTERNAL_ERROR);
2409 goto err;
2410 }
2411
2412 s->state = SSL3_ST_CW_CERT_VRFY_B;
2413
2414 ssl3_handshake_msg_finish(s, n);
2415 }
2416
2417 EVP_MD_CTX_cleanup(&mctx);
2418 EVP_PKEY_CTX_free(pctx);
2419
2420 return (ssl3_handshake_write(s));
2421
2422err:
2423 EVP_MD_CTX_cleanup(&mctx);
2424 EVP_PKEY_CTX_free(pctx);
2425 return (-1);
2426}
2427
2428int
2429ssl3_send_client_certificate(SSL *s)
2430{
2431 X509 *x509 = NULL;
2432 EVP_PKEY *pkey = NULL;
2433 int i;
2434 unsigned long l;
2435
2436 if (s->state == SSL3_ST_CW_CERT_A) {
2437 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
2438 (s->cert->key->privatekey == NULL))
2439 s->state = SSL3_ST_CW_CERT_B;
2440 else
2441 s->state = SSL3_ST_CW_CERT_C;
2442 }
2443
2444 /* We need to get a client cert */
2445 if (s->state == SSL3_ST_CW_CERT_B) {
2446 /*
2447 * If we get an error, we need to
2448 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2449 * We then get retied later
2450 */
2451 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2452 if (i < 0) {
2453 s->rwstate = SSL_X509_LOOKUP;
2454 return (-1);
2455 }
2456 s->rwstate = SSL_NOTHING;
2457 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2458 s->state = SSL3_ST_CW_CERT_B;
2459 if (!SSL_use_certificate(s, x509) ||
2460 !SSL_use_PrivateKey(s, pkey))
2461 i = 0;
2462 } else if (i == 1) {
2463 i = 0;
2464 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
2465 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2466 }
2467
2468 X509_free(x509);
2469 EVP_PKEY_free(pkey);
2470 if (i == 0)
2471 s->s3->tmp.cert_req = 2;
2472
2473 /* Ok, we have a cert */
2474 s->state = SSL3_ST_CW_CERT_C;
2475 }
2476
2477 if (s->state == SSL3_ST_CW_CERT_C) {
2478 s->state = SSL3_ST_CW_CERT_D;
2479 l = ssl3_output_cert_chain(s,
2480 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
2481 s->init_num = (int)l;
2482 s->init_off = 0;
2483 }
2484 /* SSL3_ST_CW_CERT_D */
2485 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2486}
2487
2488#define has_bits(i,m) (((i)&(m)) == (m))
2489
2490int
2491ssl3_check_cert_and_algorithm(SSL *s)
2492{
2493 int i, idx;
2494 long alg_k, alg_a;
2495 EVP_PKEY *pkey = NULL;
2496 SESS_CERT *sc;
2497 DH *dh;
2498
2499 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2500 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2501
2502 /* We don't have a certificate. */
2503 if (alg_a & SSL_aNULL)
2504 return (1);
2505
2506 sc = s->session->sess_cert;
2507 if (sc == NULL) {
2508 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2509 ERR_R_INTERNAL_ERROR);
2510 goto err;
2511 }
2512 dh = s->session->sess_cert->peer_dh_tmp;
2513
2514 /* This is the passed certificate. */
2515
2516 idx = sc->peer_cert_type;
2517 if (idx == SSL_PKEY_ECC) {
2518 if (ssl_check_srvr_ecc_cert_and_alg(
2519 sc->peer_pkeys[idx].x509, s) == 0) {
2520 /* check failed */
2521 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2522 SSL_R_BAD_ECC_CERT);
2523 goto f_err;
2524 } else {
2525 return (1);
2526 }
2527 }
2528 pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
2529 i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
2530 EVP_PKEY_free(pkey);
2531
2532 /* Check that we have a certificate if we require one. */
2533 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2534 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2535 SSL_R_MISSING_RSA_SIGNING_CERT);
2536 goto f_err;
2537 } else if ((alg_a & SSL_aDSS) &&
2538 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
2539 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2540 SSL_R_MISSING_DSA_SIGNING_CERT);
2541 goto f_err;
2542 }
2543 if ((alg_k & SSL_kRSA) &&
2544 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2545 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2546 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2547 goto f_err;
2548 }
2549 if ((alg_k & SSL_kDHE) &&
2550 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2551 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2552 SSL_R_MISSING_DH_KEY);
2553 goto f_err;
2554 }
2555
2556 return (1);
2557f_err:
2558 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2559err:
2560 return (0);
2561}
2562
2563int
2564ssl3_send_next_proto(SSL *s)
2565{
2566 unsigned int len, padding_len;
2567 unsigned char *d, *p;
2568
2569 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
2570 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
2571
2572 len = s->next_proto_negotiated_len;
2573 padding_len = 32 - ((len + 2) % 32);
2574 *(p++) = len;
2575 memcpy(p, s->next_proto_negotiated, len);
2576 p += len;
2577 *(p++) = padding_len;
2578 memset(p, 0, padding_len);
2579 p += padding_len;
2580
2581 ssl3_handshake_msg_finish(s, p - d);
2582
2583 s->state = SSL3_ST_CW_NEXT_PROTO_B;
2584 }
2585
2586 return (ssl3_handshake_write(s));
2587}
2588
2589/*
2590 * Check to see if handshake is full or resumed. Usually this is just a
2591 * case of checking to see if a cache hit has occurred. In the case of
2592 * session tickets we have to check the next message to be sure.
2593 */
2594
2595int
2596ssl3_check_finished(SSL *s)
2597{
2598 int ok;
2599 long n;
2600
2601 /* If we have no ticket it cannot be a resumed session. */
2602 if (!s->session->tlsext_tick)
2603 return (1);
2604 /* this function is called when we really expect a Certificate
2605 * message, so permit appropriate message length */
2606 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
2607 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
2608 if (!ok)
2609 return ((int)n);
2610 s->s3->tmp.reuse_message = 1;
2611 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
2612 (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
2613 return (2);
2614
2615 return (1);
2616}
2617
2618int
2619ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
2620{
2621 int i = 0;
2622
2623#ifndef OPENSSL_NO_ENGINE
2624 if (s->ctx->client_cert_engine) {
2625 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
2626 SSL_get_client_CA_list(s),
2627 px509, ppkey, NULL, NULL, NULL);
2628 if (i != 0)
2629 return (i);
2630 }
2631#endif
2632 if (s->ctx->client_cert_cb)
2633 i = s->ctx->client_cert_cb(s, px509, ppkey);
2634 return (i);
2635}
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index e873c17c87..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,2859 +0,0 @@
1/* $OpenBSD: s3_lib.c,v 1.108 2016/04/28 16:39:45 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152
153#include <openssl/dh.h>
154#include <openssl/md5.h>
155#include <openssl/objects.h>
156
157#include "ssl_locl.h"
158#include "bytestring.h"
159
160#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
161
162/*
163 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
164 * fixed nonce length in algorithms2. It is the inverse of the
165 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
166 */
167#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
168
169/* list of available SSLv3 ciphers (sorted by id) */
170SSL_CIPHER ssl3_ciphers[] = {
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174 {
175 .valid = 1,
176 .name = SSL3_TXT_RSA_NULL_MD5,
177 .id = SSL3_CK_RSA_NULL_MD5,
178 .algorithm_mkey = SSL_kRSA,
179 .algorithm_auth = SSL_aRSA,
180 .algorithm_enc = SSL_eNULL,
181 .algorithm_mac = SSL_MD5,
182 .algorithm_ssl = SSL_SSLV3,
183 .algo_strength = SSL_STRONG_NONE,
184 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 .strength_bits = 0,
186 .alg_bits = 0,
187 },
188
189 /* Cipher 02 */
190 {
191 .valid = 1,
192 .name = SSL3_TXT_RSA_NULL_SHA,
193 .id = SSL3_CK_RSA_NULL_SHA,
194 .algorithm_mkey = SSL_kRSA,
195 .algorithm_auth = SSL_aRSA,
196 .algorithm_enc = SSL_eNULL,
197 .algorithm_mac = SSL_SHA1,
198 .algorithm_ssl = SSL_SSLV3,
199 .algo_strength = SSL_STRONG_NONE,
200 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 .strength_bits = 0,
202 .alg_bits = 0,
203 },
204
205 /* Cipher 04 */
206 {
207 .valid = 1,
208 .name = SSL3_TXT_RSA_RC4_128_MD5,
209 .id = SSL3_CK_RSA_RC4_128_MD5,
210 .algorithm_mkey = SSL_kRSA,
211 .algorithm_auth = SSL_aRSA,
212 .algorithm_enc = SSL_RC4,
213 .algorithm_mac = SSL_MD5,
214 .algorithm_ssl = SSL_SSLV3,
215 .algo_strength = SSL_MEDIUM,
216 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 .strength_bits = 128,
218 .alg_bits = 128,
219 },
220
221 /* Cipher 05 */
222 {
223 .valid = 1,
224 .name = SSL3_TXT_RSA_RC4_128_SHA,
225 .id = SSL3_CK_RSA_RC4_128_SHA,
226 .algorithm_mkey = SSL_kRSA,
227 .algorithm_auth = SSL_aRSA,
228 .algorithm_enc = SSL_RC4,
229 .algorithm_mac = SSL_SHA1,
230 .algorithm_ssl = SSL_SSLV3,
231 .algo_strength = SSL_MEDIUM,
232 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 .strength_bits = 128,
234 .alg_bits = 128,
235 },
236
237 /* Cipher 07 */
238#ifndef OPENSSL_NO_IDEA
239 {
240 .valid = 1,
241 .name = SSL3_TXT_RSA_IDEA_128_SHA,
242 .id = SSL3_CK_RSA_IDEA_128_SHA,
243 .algorithm_mkey = SSL_kRSA,
244 .algorithm_auth = SSL_aRSA,
245 .algorithm_enc = SSL_IDEA,
246 .algorithm_mac = SSL_SHA1,
247 .algorithm_ssl = SSL_SSLV3,
248 .algo_strength = SSL_MEDIUM,
249 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
250 .strength_bits = 128,
251 .alg_bits = 128,
252 },
253#endif
254
255 /* Cipher 09 */
256 {
257 .valid = 1,
258 .name = SSL3_TXT_RSA_DES_64_CBC_SHA,
259 .id = SSL3_CK_RSA_DES_64_CBC_SHA,
260 .algorithm_mkey = SSL_kRSA,
261 .algorithm_auth = SSL_aRSA,
262 .algorithm_enc = SSL_DES,
263 .algorithm_mac = SSL_SHA1,
264 .algorithm_ssl = SSL_SSLV3,
265 .algo_strength = SSL_LOW,
266 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
267 .strength_bits = 56,
268 .alg_bits = 56,
269 },
270
271 /* Cipher 0A */
272 {
273 .valid = 1,
274 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
275 .id = SSL3_CK_RSA_DES_192_CBC3_SHA,
276 .algorithm_mkey = SSL_kRSA,
277 .algorithm_auth = SSL_aRSA,
278 .algorithm_enc = SSL_3DES,
279 .algorithm_mac = SSL_SHA1,
280 .algorithm_ssl = SSL_SSLV3,
281 .algo_strength = SSL_HIGH,
282 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
283 .strength_bits = 112,
284 .alg_bits = 168,
285 },
286
287 /*
288 * Ephemeral DH (DHE) ciphers.
289 */
290
291 /* Cipher 12 */
292 {
293 .valid = 1,
294 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
295 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
296 .algorithm_mkey = SSL_kDHE,
297 .algorithm_auth = SSL_aDSS,
298 .algorithm_enc = SSL_DES,
299 .algorithm_mac = SSL_SHA1,
300 .algorithm_ssl = SSL_SSLV3,
301 .algo_strength = SSL_LOW,
302 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
303 .strength_bits = 56,
304 .alg_bits = 56,
305 },
306
307 /* Cipher 13 */
308 {
309 .valid = 1,
310 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
311 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
312 .algorithm_mkey = SSL_kDHE,
313 .algorithm_auth = SSL_aDSS,
314 .algorithm_enc = SSL_3DES,
315 .algorithm_mac = SSL_SHA1,
316 .algorithm_ssl = SSL_SSLV3,
317 .algo_strength = SSL_HIGH,
318 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
319 .strength_bits = 112,
320 .alg_bits = 168,
321 },
322
323 /* Cipher 15 */
324 {
325 .valid = 1,
326 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
327 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
328 .algorithm_mkey = SSL_kDHE,
329 .algorithm_auth = SSL_aRSA,
330 .algorithm_enc = SSL_DES,
331 .algorithm_mac = SSL_SHA1,
332 .algorithm_ssl = SSL_SSLV3,
333 .algo_strength = SSL_LOW,
334 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
335 .strength_bits = 56,
336 .alg_bits = 56,
337 },
338
339 /* Cipher 16 */
340 {
341 .valid = 1,
342 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
343 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
344 .algorithm_mkey = SSL_kDHE,
345 .algorithm_auth = SSL_aRSA,
346 .algorithm_enc = SSL_3DES,
347 .algorithm_mac = SSL_SHA1,
348 .algorithm_ssl = SSL_SSLV3,
349 .algo_strength = SSL_HIGH,
350 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
351 .strength_bits = 112,
352 .alg_bits = 168,
353 },
354
355 /* Cipher 18 */
356 {
357 .valid = 1,
358 .name = SSL3_TXT_ADH_RC4_128_MD5,
359 .id = SSL3_CK_ADH_RC4_128_MD5,
360 .algorithm_mkey = SSL_kDHE,
361 .algorithm_auth = SSL_aNULL,
362 .algorithm_enc = SSL_RC4,
363 .algorithm_mac = SSL_MD5,
364 .algorithm_ssl = SSL_SSLV3,
365 .algo_strength = SSL_MEDIUM,
366 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
367 .strength_bits = 128,
368 .alg_bits = 128,
369 },
370
371 /* Cipher 1A */
372 {
373 .valid = 1,
374 .name = SSL3_TXT_ADH_DES_64_CBC_SHA,
375 .id = SSL3_CK_ADH_DES_64_CBC_SHA,
376 .algorithm_mkey = SSL_kDHE,
377 .algorithm_auth = SSL_aNULL,
378 .algorithm_enc = SSL_DES,
379 .algorithm_mac = SSL_SHA1,
380 .algorithm_ssl = SSL_SSLV3,
381 .algo_strength = SSL_LOW,
382 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
383 .strength_bits = 56,
384 .alg_bits = 56,
385 },
386
387 /* Cipher 1B */
388 {
389 .valid = 1,
390 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
391 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
392 .algorithm_mkey = SSL_kDHE,
393 .algorithm_auth = SSL_aNULL,
394 .algorithm_enc = SSL_3DES,
395 .algorithm_mac = SSL_SHA1,
396 .algorithm_ssl = SSL_SSLV3,
397 .algo_strength = SSL_HIGH,
398 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
399 .strength_bits = 112,
400 .alg_bits = 168,
401 },
402
403 /*
404 * AES ciphersuites.
405 */
406
407 /* Cipher 2F */
408 {
409 .valid = 1,
410 .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
411 .id = TLS1_CK_RSA_WITH_AES_128_SHA,
412 .algorithm_mkey = SSL_kRSA,
413 .algorithm_auth = SSL_aRSA,
414 .algorithm_enc = SSL_AES128,
415 .algorithm_mac = SSL_SHA1,
416 .algorithm_ssl = SSL_TLSV1,
417 .algo_strength = SSL_HIGH,
418 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
419 .strength_bits = 128,
420 .alg_bits = 128,
421 },
422
423 /* Cipher 32 */
424 {
425 .valid = 1,
426 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
427 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
428 .algorithm_mkey = SSL_kDHE,
429 .algorithm_auth = SSL_aDSS,
430 .algorithm_enc = SSL_AES128,
431 .algorithm_mac = SSL_SHA1,
432 .algorithm_ssl = SSL_TLSV1,
433 .algo_strength = SSL_HIGH,
434 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
435 .strength_bits = 128,
436 .alg_bits = 128,
437 },
438
439 /* Cipher 33 */
440 {
441 .valid = 1,
442 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
443 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
444 .algorithm_mkey = SSL_kDHE,
445 .algorithm_auth = SSL_aRSA,
446 .algorithm_enc = SSL_AES128,
447 .algorithm_mac = SSL_SHA1,
448 .algorithm_ssl = SSL_TLSV1,
449 .algo_strength = SSL_HIGH,
450 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
451 .strength_bits = 128,
452 .alg_bits = 128,
453 },
454
455 /* Cipher 34 */
456 {
457 .valid = 1,
458 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
459 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
460 .algorithm_mkey = SSL_kDHE,
461 .algorithm_auth = SSL_aNULL,
462 .algorithm_enc = SSL_AES128,
463 .algorithm_mac = SSL_SHA1,
464 .algorithm_ssl = SSL_TLSV1,
465 .algo_strength = SSL_HIGH,
466 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
467 .strength_bits = 128,
468 .alg_bits = 128,
469 },
470
471 /* Cipher 35 */
472 {
473 .valid = 1,
474 .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
475 .id = TLS1_CK_RSA_WITH_AES_256_SHA,
476 .algorithm_mkey = SSL_kRSA,
477 .algorithm_auth = SSL_aRSA,
478 .algorithm_enc = SSL_AES256,
479 .algorithm_mac = SSL_SHA1,
480 .algorithm_ssl = SSL_TLSV1,
481 .algo_strength = SSL_HIGH,
482 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
483 .strength_bits = 256,
484 .alg_bits = 256,
485 },
486
487 /* Cipher 38 */
488 {
489 .valid = 1,
490 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
491 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
492 .algorithm_mkey = SSL_kDHE,
493 .algorithm_auth = SSL_aDSS,
494 .algorithm_enc = SSL_AES256,
495 .algorithm_mac = SSL_SHA1,
496 .algorithm_ssl = SSL_TLSV1,
497 .algo_strength = SSL_HIGH,
498 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
499 .strength_bits = 256,
500 .alg_bits = 256,
501 },
502
503 /* Cipher 39 */
504 {
505 .valid = 1,
506 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
507 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
508 .algorithm_mkey = SSL_kDHE,
509 .algorithm_auth = SSL_aRSA,
510 .algorithm_enc = SSL_AES256,
511 .algorithm_mac = SSL_SHA1,
512 .algorithm_ssl = SSL_TLSV1,
513 .algo_strength = SSL_HIGH,
514 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
515 .strength_bits = 256,
516 .alg_bits = 256,
517 },
518
519 /* Cipher 3A */
520 {
521 .valid = 1,
522 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
523 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
524 .algorithm_mkey = SSL_kDHE,
525 .algorithm_auth = SSL_aNULL,
526 .algorithm_enc = SSL_AES256,
527 .algorithm_mac = SSL_SHA1,
528 .algorithm_ssl = SSL_TLSV1,
529 .algo_strength = SSL_HIGH,
530 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
531 .strength_bits = 256,
532 .alg_bits = 256,
533 },
534
535 /* TLS v1.2 ciphersuites */
536 /* Cipher 3B */
537 {
538 .valid = 1,
539 .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
540 .id = TLS1_CK_RSA_WITH_NULL_SHA256,
541 .algorithm_mkey = SSL_kRSA,
542 .algorithm_auth = SSL_aRSA,
543 .algorithm_enc = SSL_eNULL,
544 .algorithm_mac = SSL_SHA256,
545 .algorithm_ssl = SSL_TLSV1_2,
546 .algo_strength = SSL_STRONG_NONE,
547 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
548 .strength_bits = 0,
549 .alg_bits = 0,
550 },
551
552 /* Cipher 3C */
553 {
554 .valid = 1,
555 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
556 .id = TLS1_CK_RSA_WITH_AES_128_SHA256,
557 .algorithm_mkey = SSL_kRSA,
558 .algorithm_auth = SSL_aRSA,
559 .algorithm_enc = SSL_AES128,
560 .algorithm_mac = SSL_SHA256,
561 .algorithm_ssl = SSL_TLSV1_2,
562 .algo_strength = SSL_HIGH,
563 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
564 .strength_bits = 128,
565 .alg_bits = 128,
566 },
567
568 /* Cipher 3D */
569 {
570 .valid = 1,
571 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
572 .id = TLS1_CK_RSA_WITH_AES_256_SHA256,
573 .algorithm_mkey = SSL_kRSA,
574 .algorithm_auth = SSL_aRSA,
575 .algorithm_enc = SSL_AES256,
576 .algorithm_mac = SSL_SHA256,
577 .algorithm_ssl = SSL_TLSV1_2,
578 .algo_strength = SSL_HIGH,
579 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
580 .strength_bits = 256,
581 .alg_bits = 256,
582 },
583
584 /* Cipher 40 */
585 {
586 .valid = 1,
587 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
588 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
589 .algorithm_mkey = SSL_kDHE,
590 .algorithm_auth = SSL_aDSS,
591 .algorithm_enc = SSL_AES128,
592 .algorithm_mac = SSL_SHA256,
593 .algorithm_ssl = SSL_TLSV1_2,
594 .algo_strength = SSL_HIGH,
595 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
596 .strength_bits = 128,
597 .alg_bits = 128,
598 },
599
600#ifndef OPENSSL_NO_CAMELLIA
601 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
602
603 /* Cipher 41 */
604 {
605 .valid = 1,
606 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
607 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
608 .algorithm_mkey = SSL_kRSA,
609 .algorithm_auth = SSL_aRSA,
610 .algorithm_enc = SSL_CAMELLIA128,
611 .algorithm_mac = SSL_SHA1,
612 .algorithm_ssl = SSL_TLSV1,
613 .algo_strength = SSL_HIGH,
614 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
615 .strength_bits = 128,
616 .alg_bits = 128,
617 },
618
619 /* Cipher 44 */
620 {
621 .valid = 1,
622 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
623 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
624 .algorithm_mkey = SSL_kDHE,
625 .algorithm_auth = SSL_aDSS,
626 .algorithm_enc = SSL_CAMELLIA128,
627 .algorithm_mac = SSL_SHA1,
628 .algorithm_ssl = SSL_TLSV1,
629 .algo_strength = SSL_HIGH,
630 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
631 .strength_bits = 128,
632 .alg_bits = 128,
633 },
634
635 /* Cipher 45 */
636 {
637 .valid = 1,
638 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
639 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
640 .algorithm_mkey = SSL_kDHE,
641 .algorithm_auth = SSL_aRSA,
642 .algorithm_enc = SSL_CAMELLIA128,
643 .algorithm_mac = SSL_SHA1,
644 .algorithm_ssl = SSL_TLSV1,
645 .algo_strength = SSL_HIGH,
646 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
647 .strength_bits = 128,
648 .alg_bits = 128,
649 },
650
651 /* Cipher 46 */
652 {
653 .valid = 1,
654 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
655 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
656 .algorithm_mkey = SSL_kDHE,
657 .algorithm_auth = SSL_aNULL,
658 .algorithm_enc = SSL_CAMELLIA128,
659 .algorithm_mac = SSL_SHA1,
660 .algorithm_ssl = SSL_TLSV1,
661 .algo_strength = SSL_HIGH,
662 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
663 .strength_bits = 128,
664 .alg_bits = 128,
665 },
666#endif /* OPENSSL_NO_CAMELLIA */
667
668 /* TLS v1.2 ciphersuites */
669 /* Cipher 67 */
670 {
671 .valid = 1,
672 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
673 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
674 .algorithm_mkey = SSL_kDHE,
675 .algorithm_auth = SSL_aRSA,
676 .algorithm_enc = SSL_AES128,
677 .algorithm_mac = SSL_SHA256,
678 .algorithm_ssl = SSL_TLSV1_2,
679 .algo_strength = SSL_HIGH,
680 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
681 .strength_bits = 128,
682 .alg_bits = 128,
683 },
684
685 /* Cipher 6A */
686 {
687 .valid = 1,
688 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
689 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
690 .algorithm_mkey = SSL_kDHE,
691 .algorithm_auth = SSL_aDSS,
692 .algorithm_enc = SSL_AES256,
693 .algorithm_mac = SSL_SHA256,
694 .algorithm_ssl = SSL_TLSV1_2,
695 .algo_strength = SSL_HIGH,
696 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
697 .strength_bits = 256,
698 .alg_bits = 256,
699 },
700
701 /* Cipher 6B */
702 {
703 .valid = 1,
704 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
705 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
706 .algorithm_mkey = SSL_kDHE,
707 .algorithm_auth = SSL_aRSA,
708 .algorithm_enc = SSL_AES256,
709 .algorithm_mac = SSL_SHA256,
710 .algorithm_ssl = SSL_TLSV1_2,
711 .algo_strength = SSL_HIGH,
712 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
713 .strength_bits = 256,
714 .alg_bits = 256,
715 },
716
717 /* Cipher 6C */
718 {
719 .valid = 1,
720 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
721 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
722 .algorithm_mkey = SSL_kDHE,
723 .algorithm_auth = SSL_aNULL,
724 .algorithm_enc = SSL_AES128,
725 .algorithm_mac = SSL_SHA256,
726 .algorithm_ssl = SSL_TLSV1_2,
727 .algo_strength = SSL_HIGH,
728 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
729 .strength_bits = 128,
730 .alg_bits = 128,
731 },
732
733 /* Cipher 6D */
734 {
735 .valid = 1,
736 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
737 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
738 .algorithm_mkey = SSL_kDHE,
739 .algorithm_auth = SSL_aNULL,
740 .algorithm_enc = SSL_AES256,
741 .algorithm_mac = SSL_SHA256,
742 .algorithm_ssl = SSL_TLSV1_2,
743 .algo_strength = SSL_HIGH,
744 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
745 .strength_bits = 256,
746 .alg_bits = 256,
747 },
748
749 /* GOST Ciphersuites */
750
751 /* Cipher 81 */
752 {
753 .valid = 1,
754 .name = "GOST2001-GOST89-GOST89",
755 .id = 0x3000081,
756 .algorithm_mkey = SSL_kGOST,
757 .algorithm_auth = SSL_aGOST01,
758 .algorithm_enc = SSL_eGOST2814789CNT,
759 .algorithm_mac = SSL_GOST89MAC,
760 .algorithm_ssl = SSL_TLSV1,
761 .algo_strength = SSL_HIGH,
762 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
763 TLS1_STREAM_MAC,
764 .strength_bits = 256,
765 .alg_bits = 256
766 },
767
768 /* Cipher 83 */
769 {
770 .valid = 1,
771 .name = "GOST2001-NULL-GOST94",
772 .id = 0x3000083,
773 .algorithm_mkey = SSL_kGOST,
774 .algorithm_auth = SSL_aGOST01,
775 .algorithm_enc = SSL_eNULL,
776 .algorithm_mac = SSL_GOST94,
777 .algorithm_ssl = SSL_TLSV1,
778 .algo_strength = SSL_STRONG_NONE,
779 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
780 .strength_bits = 0,
781 .alg_bits = 0
782 },
783
784#ifndef OPENSSL_NO_CAMELLIA
785 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
786
787 /* Cipher 84 */
788 {
789 .valid = 1,
790 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
791 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
792 .algorithm_mkey = SSL_kRSA,
793 .algorithm_auth = SSL_aRSA,
794 .algorithm_enc = SSL_CAMELLIA256,
795 .algorithm_mac = SSL_SHA1,
796 .algorithm_ssl = SSL_TLSV1,
797 .algo_strength = SSL_HIGH,
798 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
799 .strength_bits = 256,
800 .alg_bits = 256,
801 },
802
803 /* Cipher 87 */
804 {
805 .valid = 1,
806 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
807 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
808 .algorithm_mkey = SSL_kDHE,
809 .algorithm_auth = SSL_aDSS,
810 .algorithm_enc = SSL_CAMELLIA256,
811 .algorithm_mac = SSL_SHA1,
812 .algorithm_ssl = SSL_TLSV1,
813 .algo_strength = SSL_HIGH,
814 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
815 .strength_bits = 256,
816 .alg_bits = 256,
817 },
818
819 /* Cipher 88 */
820 {
821 .valid = 1,
822 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
823 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
824 .algorithm_mkey = SSL_kDHE,
825 .algorithm_auth = SSL_aRSA,
826 .algorithm_enc = SSL_CAMELLIA256,
827 .algorithm_mac = SSL_SHA1,
828 .algorithm_ssl = SSL_TLSV1,
829 .algo_strength = SSL_HIGH,
830 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
831 .strength_bits = 256,
832 .alg_bits = 256,
833 },
834
835 /* Cipher 89 */
836 {
837 .valid = 1,
838 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
839 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
840 .algorithm_mkey = SSL_kDHE,
841 .algorithm_auth = SSL_aNULL,
842 .algorithm_enc = SSL_CAMELLIA256,
843 .algorithm_mac = SSL_SHA1,
844 .algorithm_ssl = SSL_TLSV1,
845 .algo_strength = SSL_HIGH,
846 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
847 .strength_bits = 256,
848 .alg_bits = 256,
849 },
850#endif /* OPENSSL_NO_CAMELLIA */
851
852 /*
853 * GCM ciphersuites from RFC5288.
854 */
855
856 /* Cipher 9C */
857 {
858 .valid = 1,
859 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
860 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
861 .algorithm_mkey = SSL_kRSA,
862 .algorithm_auth = SSL_aRSA,
863 .algorithm_enc = SSL_AES128GCM,
864 .algorithm_mac = SSL_AEAD,
865 .algorithm_ssl = SSL_TLSV1_2,
866 .algo_strength = SSL_HIGH,
867 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
868 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
869 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
870 .strength_bits = 128,
871 .alg_bits = 128,
872 },
873
874 /* Cipher 9D */
875 {
876 .valid = 1,
877 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
878 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
879 .algorithm_mkey = SSL_kRSA,
880 .algorithm_auth = SSL_aRSA,
881 .algorithm_enc = SSL_AES256GCM,
882 .algorithm_mac = SSL_AEAD,
883 .algorithm_ssl = SSL_TLSV1_2,
884 .algo_strength = SSL_HIGH,
885 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
886 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
887 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
888 .strength_bits = 256,
889 .alg_bits = 256,
890 },
891
892 /* Cipher 9E */
893 {
894 .valid = 1,
895 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
896 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
897 .algorithm_mkey = SSL_kDHE,
898 .algorithm_auth = SSL_aRSA,
899 .algorithm_enc = SSL_AES128GCM,
900 .algorithm_mac = SSL_AEAD,
901 .algorithm_ssl = SSL_TLSV1_2,
902 .algo_strength = SSL_HIGH,
903 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
904 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
905 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
906 .strength_bits = 128,
907 .alg_bits = 128,
908 },
909
910 /* Cipher 9F */
911 {
912 .valid = 1,
913 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
914 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
915 .algorithm_mkey = SSL_kDHE,
916 .algorithm_auth = SSL_aRSA,
917 .algorithm_enc = SSL_AES256GCM,
918 .algorithm_mac = SSL_AEAD,
919 .algorithm_ssl = SSL_TLSV1_2,
920 .algo_strength = SSL_HIGH,
921 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
922 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
923 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
924 .strength_bits = 256,
925 .alg_bits = 256,
926 },
927
928 /* Cipher A2 */
929 {
930 .valid = 1,
931 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
932 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
933 .algorithm_mkey = SSL_kDHE,
934 .algorithm_auth = SSL_aDSS,
935 .algorithm_enc = SSL_AES128GCM,
936 .algorithm_mac = SSL_AEAD,
937 .algorithm_ssl = SSL_TLSV1_2,
938 .algo_strength = SSL_HIGH,
939 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
940 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
941 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
942 .strength_bits = 128,
943 .alg_bits = 128,
944 },
945
946 /* Cipher A3 */
947 {
948 .valid = 1,
949 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
950 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
951 .algorithm_mkey = SSL_kDHE,
952 .algorithm_auth = SSL_aDSS,
953 .algorithm_enc = SSL_AES256GCM,
954 .algorithm_mac = SSL_AEAD,
955 .algorithm_ssl = SSL_TLSV1_2,
956 .algo_strength = SSL_HIGH,
957 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
958 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
959 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
960 .strength_bits = 256,
961 .alg_bits = 256,
962 },
963
964 /* Cipher A6 */
965 {
966 .valid = 1,
967 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
968 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
969 .algorithm_mkey = SSL_kDHE,
970 .algorithm_auth = SSL_aNULL,
971 .algorithm_enc = SSL_AES128GCM,
972 .algorithm_mac = SSL_AEAD,
973 .algorithm_ssl = SSL_TLSV1_2,
974 .algo_strength = SSL_HIGH,
975 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
976 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
977 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
978 .strength_bits = 128,
979 .alg_bits = 128,
980 },
981
982 /* Cipher A7 */
983 {
984 .valid = 1,
985 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
986 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
987 .algorithm_mkey = SSL_kDHE,
988 .algorithm_auth = SSL_aNULL,
989 .algorithm_enc = SSL_AES256GCM,
990 .algorithm_mac = SSL_AEAD,
991 .algorithm_ssl = SSL_TLSV1_2,
992 .algo_strength = SSL_HIGH,
993 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
994 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
995 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
996 .strength_bits = 256,
997 .alg_bits = 256,
998 },
999
1000#ifndef OPENSSL_NO_CAMELLIA
1001 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
1002
1003 /* Cipher BA */
1004 {
1005 .valid = 1,
1006 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1007 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1008 .algorithm_mkey = SSL_kRSA,
1009 .algorithm_auth = SSL_aRSA,
1010 .algorithm_enc = SSL_CAMELLIA128,
1011 .algorithm_mac = SSL_SHA256,
1012 .algorithm_ssl = SSL_TLSV1_2,
1013 .algo_strength = SSL_HIGH,
1014 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1015 .strength_bits = 128,
1016 .alg_bits = 128,
1017 },
1018
1019 /* Cipher BD */
1020 {
1021 .valid = 1,
1022 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1023 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1024 .algorithm_mkey = SSL_kDHE,
1025 .algorithm_auth = SSL_aDSS,
1026 .algorithm_enc = SSL_CAMELLIA128,
1027 .algorithm_mac = SSL_SHA256,
1028 .algorithm_ssl = SSL_TLSV1_2,
1029 .algo_strength = SSL_HIGH,
1030 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1031 .strength_bits = 128,
1032 .alg_bits = 128,
1033 },
1034
1035 /* Cipher BE */
1036 {
1037 .valid = 1,
1038 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1039 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1040 .algorithm_mkey = SSL_kDHE,
1041 .algorithm_auth = SSL_aRSA,
1042 .algorithm_enc = SSL_CAMELLIA128,
1043 .algorithm_mac = SSL_SHA256,
1044 .algorithm_ssl = SSL_TLSV1_2,
1045 .algo_strength = SSL_HIGH,
1046 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1047 .strength_bits = 128,
1048 .alg_bits = 128,
1049 },
1050
1051 /* Cipher BF */
1052 {
1053 .valid = 1,
1054 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1055 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1056 .algorithm_mkey = SSL_kDHE,
1057 .algorithm_auth = SSL_aNULL,
1058 .algorithm_enc = SSL_CAMELLIA128,
1059 .algorithm_mac = SSL_SHA256,
1060 .algorithm_ssl = SSL_TLSV1_2,
1061 .algo_strength = SSL_HIGH,
1062 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1063 .strength_bits = 128,
1064 .alg_bits = 128,
1065 },
1066
1067 /* Cipher C0 */
1068 {
1069 .valid = 1,
1070 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1071 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1072 .algorithm_mkey = SSL_kRSA,
1073 .algorithm_auth = SSL_aRSA,
1074 .algorithm_enc = SSL_CAMELLIA256,
1075 .algorithm_mac = SSL_SHA256,
1076 .algorithm_ssl = SSL_TLSV1_2,
1077 .algo_strength = SSL_HIGH,
1078 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1079 .strength_bits = 256,
1080 .alg_bits = 256,
1081 },
1082
1083 /* Cipher C3 */
1084 {
1085 .valid = 1,
1086 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1087 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1088 .algorithm_mkey = SSL_kDHE,
1089 .algorithm_auth = SSL_aDSS,
1090 .algorithm_enc = SSL_CAMELLIA256,
1091 .algorithm_mac = SSL_SHA256,
1092 .algorithm_ssl = SSL_TLSV1_2,
1093 .algo_strength = SSL_HIGH,
1094 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1095 .strength_bits = 256,
1096 .alg_bits = 256,
1097 },
1098
1099 /* Cipher C4 */
1100 {
1101 .valid = 1,
1102 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1103 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1104 .algorithm_mkey = SSL_kDHE,
1105 .algorithm_auth = SSL_aRSA,
1106 .algorithm_enc = SSL_CAMELLIA256,
1107 .algorithm_mac = SSL_SHA256,
1108 .algorithm_ssl = SSL_TLSV1_2,
1109 .algo_strength = SSL_HIGH,
1110 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1111 .strength_bits = 256,
1112 .alg_bits = 256,
1113 },
1114
1115 /* Cipher C5 */
1116 {
1117 .valid = 1,
1118 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1119 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1120 .algorithm_mkey = SSL_kDHE,
1121 .algorithm_auth = SSL_aNULL,
1122 .algorithm_enc = SSL_CAMELLIA256,
1123 .algorithm_mac = SSL_SHA256,
1124 .algorithm_ssl = SSL_TLSV1_2,
1125 .algo_strength = SSL_HIGH,
1126 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1127 .strength_bits = 256,
1128 .alg_bits = 256,
1129 },
1130#endif /* OPENSSL_NO_CAMELLIA */
1131
1132 /* Cipher C001 */
1133 {
1134 .valid = 1,
1135 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1136 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1137 .algorithm_mkey = SSL_kECDHe,
1138 .algorithm_auth = SSL_aECDH,
1139 .algorithm_enc = SSL_eNULL,
1140 .algorithm_mac = SSL_SHA1,
1141 .algorithm_ssl = SSL_TLSV1,
1142 .algo_strength = SSL_STRONG_NONE,
1143 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1144 .strength_bits = 0,
1145 .alg_bits = 0,
1146 },
1147
1148 /* Cipher C002 */
1149 {
1150 .valid = 1,
1151 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1152 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1153 .algorithm_mkey = SSL_kECDHe,
1154 .algorithm_auth = SSL_aECDH,
1155 .algorithm_enc = SSL_RC4,
1156 .algorithm_mac = SSL_SHA1,
1157 .algorithm_ssl = SSL_TLSV1,
1158 .algo_strength = SSL_MEDIUM,
1159 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1160 .strength_bits = 128,
1161 .alg_bits = 128,
1162 },
1163
1164 /* Cipher C003 */
1165 {
1166 .valid = 1,
1167 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1168 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1169 .algorithm_mkey = SSL_kECDHe,
1170 .algorithm_auth = SSL_aECDH,
1171 .algorithm_enc = SSL_3DES,
1172 .algorithm_mac = SSL_SHA1,
1173 .algorithm_ssl = SSL_TLSV1,
1174 .algo_strength = SSL_HIGH,
1175 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1176 .strength_bits = 112,
1177 .alg_bits = 168,
1178 },
1179
1180 /* Cipher C004 */
1181 {
1182 .valid = 1,
1183 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1184 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1185 .algorithm_mkey = SSL_kECDHe,
1186 .algorithm_auth = SSL_aECDH,
1187 .algorithm_enc = SSL_AES128,
1188 .algorithm_mac = SSL_SHA1,
1189 .algorithm_ssl = SSL_TLSV1,
1190 .algo_strength = SSL_HIGH,
1191 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1192 .strength_bits = 128,
1193 .alg_bits = 128,
1194 },
1195
1196 /* Cipher C005 */
1197 {
1198 .valid = 1,
1199 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1200 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1201 .algorithm_mkey = SSL_kECDHe,
1202 .algorithm_auth = SSL_aECDH,
1203 .algorithm_enc = SSL_AES256,
1204 .algorithm_mac = SSL_SHA1,
1205 .algorithm_ssl = SSL_TLSV1,
1206 .algo_strength = SSL_HIGH,
1207 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1208 .strength_bits = 256,
1209 .alg_bits = 256,
1210 },
1211
1212 /* Cipher C006 */
1213 {
1214 .valid = 1,
1215 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1216 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1217 .algorithm_mkey = SSL_kECDHE,
1218 .algorithm_auth = SSL_aECDSA,
1219 .algorithm_enc = SSL_eNULL,
1220 .algorithm_mac = SSL_SHA1,
1221 .algorithm_ssl = SSL_TLSV1,
1222 .algo_strength = SSL_STRONG_NONE,
1223 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1224 .strength_bits = 0,
1225 .alg_bits = 0,
1226 },
1227
1228 /* Cipher C007 */
1229 {
1230 .valid = 1,
1231 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1232 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1233 .algorithm_mkey = SSL_kECDHE,
1234 .algorithm_auth = SSL_aECDSA,
1235 .algorithm_enc = SSL_RC4,
1236 .algorithm_mac = SSL_SHA1,
1237 .algorithm_ssl = SSL_TLSV1,
1238 .algo_strength = SSL_MEDIUM,
1239 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1240 .strength_bits = 128,
1241 .alg_bits = 128,
1242 },
1243
1244 /* Cipher C008 */
1245 {
1246 .valid = 1,
1247 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1248 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1249 .algorithm_mkey = SSL_kECDHE,
1250 .algorithm_auth = SSL_aECDSA,
1251 .algorithm_enc = SSL_3DES,
1252 .algorithm_mac = SSL_SHA1,
1253 .algorithm_ssl = SSL_TLSV1,
1254 .algo_strength = SSL_HIGH,
1255 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1256 .strength_bits = 112,
1257 .alg_bits = 168,
1258 },
1259
1260 /* Cipher C009 */
1261 {
1262 .valid = 1,
1263 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1264 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1265 .algorithm_mkey = SSL_kECDHE,
1266 .algorithm_auth = SSL_aECDSA,
1267 .algorithm_enc = SSL_AES128,
1268 .algorithm_mac = SSL_SHA1,
1269 .algorithm_ssl = SSL_TLSV1,
1270 .algo_strength = SSL_HIGH,
1271 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1272 .strength_bits = 128,
1273 .alg_bits = 128,
1274 },
1275
1276 /* Cipher C00A */
1277 {
1278 .valid = 1,
1279 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1280 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1281 .algorithm_mkey = SSL_kECDHE,
1282 .algorithm_auth = SSL_aECDSA,
1283 .algorithm_enc = SSL_AES256,
1284 .algorithm_mac = SSL_SHA1,
1285 .algorithm_ssl = SSL_TLSV1,
1286 .algo_strength = SSL_HIGH,
1287 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1288 .strength_bits = 256,
1289 .alg_bits = 256,
1290 },
1291
1292 /* Cipher C00B */
1293 {
1294 .valid = 1,
1295 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1296 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1297 .algorithm_mkey = SSL_kECDHr,
1298 .algorithm_auth = SSL_aECDH,
1299 .algorithm_enc = SSL_eNULL,
1300 .algorithm_mac = SSL_SHA1,
1301 .algorithm_ssl = SSL_TLSV1,
1302 .algo_strength = SSL_STRONG_NONE,
1303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1304 .strength_bits = 0,
1305 .alg_bits = 0,
1306 },
1307
1308 /* Cipher C00C */
1309 {
1310 .valid = 1,
1311 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1312 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1313 .algorithm_mkey = SSL_kECDHr,
1314 .algorithm_auth = SSL_aECDH,
1315 .algorithm_enc = SSL_RC4,
1316 .algorithm_mac = SSL_SHA1,
1317 .algorithm_ssl = SSL_TLSV1,
1318 .algo_strength = SSL_MEDIUM,
1319 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1320 .strength_bits = 128,
1321 .alg_bits = 128,
1322 },
1323
1324 /* Cipher C00D */
1325 {
1326 .valid = 1,
1327 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1328 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1329 .algorithm_mkey = SSL_kECDHr,
1330 .algorithm_auth = SSL_aECDH,
1331 .algorithm_enc = SSL_3DES,
1332 .algorithm_mac = SSL_SHA1,
1333 .algorithm_ssl = SSL_TLSV1,
1334 .algo_strength = SSL_HIGH,
1335 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1336 .strength_bits = 112,
1337 .alg_bits = 168,
1338 },
1339
1340 /* Cipher C00E */
1341 {
1342 .valid = 1,
1343 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1344 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1345 .algorithm_mkey = SSL_kECDHr,
1346 .algorithm_auth = SSL_aECDH,
1347 .algorithm_enc = SSL_AES128,
1348 .algorithm_mac = SSL_SHA1,
1349 .algorithm_ssl = SSL_TLSV1,
1350 .algo_strength = SSL_HIGH,
1351 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1352 .strength_bits = 128,
1353 .alg_bits = 128,
1354 },
1355
1356 /* Cipher C00F */
1357 {
1358 .valid = 1,
1359 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1360 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1361 .algorithm_mkey = SSL_kECDHr,
1362 .algorithm_auth = SSL_aECDH,
1363 .algorithm_enc = SSL_AES256,
1364 .algorithm_mac = SSL_SHA1,
1365 .algorithm_ssl = SSL_TLSV1,
1366 .algo_strength = SSL_HIGH,
1367 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1368 .strength_bits = 256,
1369 .alg_bits = 256,
1370 },
1371
1372 /* Cipher C010 */
1373 {
1374 .valid = 1,
1375 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1376 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1377 .algorithm_mkey = SSL_kECDHE,
1378 .algorithm_auth = SSL_aRSA,
1379 .algorithm_enc = SSL_eNULL,
1380 .algorithm_mac = SSL_SHA1,
1381 .algorithm_ssl = SSL_TLSV1,
1382 .algo_strength = SSL_STRONG_NONE,
1383 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1384 .strength_bits = 0,
1385 .alg_bits = 0,
1386 },
1387
1388 /* Cipher C011 */
1389 {
1390 .valid = 1,
1391 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1392 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1393 .algorithm_mkey = SSL_kECDHE,
1394 .algorithm_auth = SSL_aRSA,
1395 .algorithm_enc = SSL_RC4,
1396 .algorithm_mac = SSL_SHA1,
1397 .algorithm_ssl = SSL_TLSV1,
1398 .algo_strength = SSL_MEDIUM,
1399 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1400 .strength_bits = 128,
1401 .alg_bits = 128,
1402 },
1403
1404 /* Cipher C012 */
1405 {
1406 .valid = 1,
1407 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1408 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1409 .algorithm_mkey = SSL_kECDHE,
1410 .algorithm_auth = SSL_aRSA,
1411 .algorithm_enc = SSL_3DES,
1412 .algorithm_mac = SSL_SHA1,
1413 .algorithm_ssl = SSL_TLSV1,
1414 .algo_strength = SSL_HIGH,
1415 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1416 .strength_bits = 112,
1417 .alg_bits = 168,
1418 },
1419
1420 /* Cipher C013 */
1421 {
1422 .valid = 1,
1423 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1424 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1425 .algorithm_mkey = SSL_kECDHE,
1426 .algorithm_auth = SSL_aRSA,
1427 .algorithm_enc = SSL_AES128,
1428 .algorithm_mac = SSL_SHA1,
1429 .algorithm_ssl = SSL_TLSV1,
1430 .algo_strength = SSL_HIGH,
1431 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1432 .strength_bits = 128,
1433 .alg_bits = 128,
1434 },
1435
1436 /* Cipher C014 */
1437 {
1438 .valid = 1,
1439 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1440 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1441 .algorithm_mkey = SSL_kECDHE,
1442 .algorithm_auth = SSL_aRSA,
1443 .algorithm_enc = SSL_AES256,
1444 .algorithm_mac = SSL_SHA1,
1445 .algorithm_ssl = SSL_TLSV1,
1446 .algo_strength = SSL_HIGH,
1447 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1448 .strength_bits = 256,
1449 .alg_bits = 256,
1450 },
1451
1452 /* Cipher C015 */
1453 {
1454 .valid = 1,
1455 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1456 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1457 .algorithm_mkey = SSL_kECDHE,
1458 .algorithm_auth = SSL_aNULL,
1459 .algorithm_enc = SSL_eNULL,
1460 .algorithm_mac = SSL_SHA1,
1461 .algorithm_ssl = SSL_TLSV1,
1462 .algo_strength = SSL_STRONG_NONE,
1463 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1464 .strength_bits = 0,
1465 .alg_bits = 0,
1466 },
1467
1468 /* Cipher C016 */
1469 {
1470 .valid = 1,
1471 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1472 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1473 .algorithm_mkey = SSL_kECDHE,
1474 .algorithm_auth = SSL_aNULL,
1475 .algorithm_enc = SSL_RC4,
1476 .algorithm_mac = SSL_SHA1,
1477 .algorithm_ssl = SSL_TLSV1,
1478 .algo_strength = SSL_MEDIUM,
1479 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1480 .strength_bits = 128,
1481 .alg_bits = 128,
1482 },
1483
1484 /* Cipher C017 */
1485 {
1486 .valid = 1,
1487 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1488 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1489 .algorithm_mkey = SSL_kECDHE,
1490 .algorithm_auth = SSL_aNULL,
1491 .algorithm_enc = SSL_3DES,
1492 .algorithm_mac = SSL_SHA1,
1493 .algorithm_ssl = SSL_TLSV1,
1494 .algo_strength = SSL_HIGH,
1495 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1496 .strength_bits = 112,
1497 .alg_bits = 168,
1498 },
1499
1500 /* Cipher C018 */
1501 {
1502 .valid = 1,
1503 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1504 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1505 .algorithm_mkey = SSL_kECDHE,
1506 .algorithm_auth = SSL_aNULL,
1507 .algorithm_enc = SSL_AES128,
1508 .algorithm_mac = SSL_SHA1,
1509 .algorithm_ssl = SSL_TLSV1,
1510 .algo_strength = SSL_HIGH,
1511 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1512 .strength_bits = 128,
1513 .alg_bits = 128,
1514 },
1515
1516 /* Cipher C019 */
1517 {
1518 .valid = 1,
1519 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1520 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1521 .algorithm_mkey = SSL_kECDHE,
1522 .algorithm_auth = SSL_aNULL,
1523 .algorithm_enc = SSL_AES256,
1524 .algorithm_mac = SSL_SHA1,
1525 .algorithm_ssl = SSL_TLSV1,
1526 .algo_strength = SSL_HIGH,
1527 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1528 .strength_bits = 256,
1529 .alg_bits = 256,
1530 },
1531
1532
1533 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
1534
1535 /* Cipher C023 */
1536 {
1537 .valid = 1,
1538 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1539 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1540 .algorithm_mkey = SSL_kECDHE,
1541 .algorithm_auth = SSL_aECDSA,
1542 .algorithm_enc = SSL_AES128,
1543 .algorithm_mac = SSL_SHA256,
1544 .algorithm_ssl = SSL_TLSV1_2,
1545 .algo_strength = SSL_HIGH,
1546 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1547 .strength_bits = 128,
1548 .alg_bits = 128,
1549 },
1550
1551 /* Cipher C024 */
1552 {
1553 .valid = 1,
1554 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1555 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1556 .algorithm_mkey = SSL_kECDHE,
1557 .algorithm_auth = SSL_aECDSA,
1558 .algorithm_enc = SSL_AES256,
1559 .algorithm_mac = SSL_SHA384,
1560 .algorithm_ssl = SSL_TLSV1_2,
1561 .algo_strength = SSL_HIGH,
1562 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1563 .strength_bits = 256,
1564 .alg_bits = 256,
1565 },
1566
1567 /* Cipher C025 */
1568 {
1569 .valid = 1,
1570 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
1571 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
1572 .algorithm_mkey = SSL_kECDHe,
1573 .algorithm_auth = SSL_aECDH,
1574 .algorithm_enc = SSL_AES128,
1575 .algorithm_mac = SSL_SHA256,
1576 .algorithm_ssl = SSL_TLSV1_2,
1577 .algo_strength = SSL_HIGH,
1578 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1579 .strength_bits = 128,
1580 .alg_bits = 128,
1581 },
1582
1583 /* Cipher C026 */
1584 {
1585 .valid = 1,
1586 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
1587 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
1588 .algorithm_mkey = SSL_kECDHe,
1589 .algorithm_auth = SSL_aECDH,
1590 .algorithm_enc = SSL_AES256,
1591 .algorithm_mac = SSL_SHA384,
1592 .algorithm_ssl = SSL_TLSV1_2,
1593 .algo_strength = SSL_HIGH,
1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1595 .strength_bits = 256,
1596 .alg_bits = 256,
1597 },
1598
1599 /* Cipher C027 */
1600 {
1601 .valid = 1,
1602 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1603 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1604 .algorithm_mkey = SSL_kECDHE,
1605 .algorithm_auth = SSL_aRSA,
1606 .algorithm_enc = SSL_AES128,
1607 .algorithm_mac = SSL_SHA256,
1608 .algorithm_ssl = SSL_TLSV1_2,
1609 .algo_strength = SSL_HIGH,
1610 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1611 .strength_bits = 128,
1612 .alg_bits = 128,
1613 },
1614
1615 /* Cipher C028 */
1616 {
1617 .valid = 1,
1618 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1619 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1620 .algorithm_mkey = SSL_kECDHE,
1621 .algorithm_auth = SSL_aRSA,
1622 .algorithm_enc = SSL_AES256,
1623 .algorithm_mac = SSL_SHA384,
1624 .algorithm_ssl = SSL_TLSV1_2,
1625 .algo_strength = SSL_HIGH,
1626 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1627 .strength_bits = 256,
1628 .alg_bits = 256,
1629 },
1630
1631 /* Cipher C029 */
1632 {
1633 .valid = 1,
1634 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
1635 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
1636 .algorithm_mkey = SSL_kECDHr,
1637 .algorithm_auth = SSL_aECDH,
1638 .algorithm_enc = SSL_AES128,
1639 .algorithm_mac = SSL_SHA256,
1640 .algorithm_ssl = SSL_TLSV1_2,
1641 .algo_strength = SSL_HIGH,
1642 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1643 .strength_bits = 128,
1644 .alg_bits = 128,
1645 },
1646
1647 /* Cipher C02A */
1648 {
1649 .valid = 1,
1650 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
1651 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
1652 .algorithm_mkey = SSL_kECDHr,
1653 .algorithm_auth = SSL_aECDH,
1654 .algorithm_enc = SSL_AES256,
1655 .algorithm_mac = SSL_SHA384,
1656 .algorithm_ssl = SSL_TLSV1_2,
1657 .algo_strength = SSL_HIGH,
1658 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1659 .strength_bits = 256,
1660 .alg_bits = 256,
1661 },
1662
1663 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1664
1665 /* Cipher C02B */
1666 {
1667 .valid = 1,
1668 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1669 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1670 .algorithm_mkey = SSL_kECDHE,
1671 .algorithm_auth = SSL_aECDSA,
1672 .algorithm_enc = SSL_AES128GCM,
1673 .algorithm_mac = SSL_AEAD,
1674 .algorithm_ssl = SSL_TLSV1_2,
1675 .algo_strength = SSL_HIGH,
1676 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1677 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1678 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1679 .strength_bits = 128,
1680 .alg_bits = 128,
1681 },
1682
1683 /* Cipher C02C */
1684 {
1685 .valid = 1,
1686 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1687 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1688 .algorithm_mkey = SSL_kECDHE,
1689 .algorithm_auth = SSL_aECDSA,
1690 .algorithm_enc = SSL_AES256GCM,
1691 .algorithm_mac = SSL_AEAD,
1692 .algorithm_ssl = SSL_TLSV1_2,
1693 .algo_strength = SSL_HIGH,
1694 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1695 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1696 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1697 .strength_bits = 256,
1698 .alg_bits = 256,
1699 },
1700
1701 /* Cipher C02D */
1702 {
1703 .valid = 1,
1704 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1705 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1706 .algorithm_mkey = SSL_kECDHe,
1707 .algorithm_auth = SSL_aECDH,
1708 .algorithm_enc = SSL_AES128GCM,
1709 .algorithm_mac = SSL_AEAD,
1710 .algorithm_ssl = SSL_TLSV1_2,
1711 .algo_strength = SSL_HIGH,
1712 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1713 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1714 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1715 .strength_bits = 128,
1716 .alg_bits = 128,
1717 },
1718
1719 /* Cipher C02E */
1720 {
1721 .valid = 1,
1722 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1723 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1724 .algorithm_mkey = SSL_kECDHe,
1725 .algorithm_auth = SSL_aECDH,
1726 .algorithm_enc = SSL_AES256GCM,
1727 .algorithm_mac = SSL_AEAD,
1728 .algorithm_ssl = SSL_TLSV1_2,
1729 .algo_strength = SSL_HIGH,
1730 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1731 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1732 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1733 .strength_bits = 256,
1734 .alg_bits = 256,
1735 },
1736
1737 /* Cipher C02F */
1738 {
1739 .valid = 1,
1740 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1741 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1742 .algorithm_mkey = SSL_kECDHE,
1743 .algorithm_auth = SSL_aRSA,
1744 .algorithm_enc = SSL_AES128GCM,
1745 .algorithm_mac = SSL_AEAD,
1746 .algorithm_ssl = SSL_TLSV1_2,
1747 .algo_strength = SSL_HIGH,
1748 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1749 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1750 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1751 .strength_bits = 128,
1752 .alg_bits = 128,
1753 },
1754
1755 /* Cipher C030 */
1756 {
1757 .valid = 1,
1758 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1759 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1760 .algorithm_mkey = SSL_kECDHE,
1761 .algorithm_auth = SSL_aRSA,
1762 .algorithm_enc = SSL_AES256GCM,
1763 .algorithm_mac = SSL_AEAD,
1764 .algorithm_ssl = SSL_TLSV1_2,
1765 .algo_strength = SSL_HIGH,
1766 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1767 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1768 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1769 .strength_bits = 256,
1770 .alg_bits = 256,
1771 },
1772
1773 /* Cipher C031 */
1774 {
1775 .valid = 1,
1776 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1777 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1778 .algorithm_mkey = SSL_kECDHr,
1779 .algorithm_auth = SSL_aECDH,
1780 .algorithm_enc = SSL_AES128GCM,
1781 .algorithm_mac = SSL_AEAD,
1782 .algorithm_ssl = SSL_TLSV1_2,
1783 .algo_strength = SSL_HIGH,
1784 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1785 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1786 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1787 .strength_bits = 128,
1788 .alg_bits = 128,
1789 },
1790
1791 /* Cipher C032 */
1792 {
1793 .valid = 1,
1794 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1795 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1796 .algorithm_mkey = SSL_kECDHr,
1797 .algorithm_auth = SSL_aECDH,
1798 .algorithm_enc = SSL_AES256GCM,
1799 .algorithm_mac = SSL_AEAD,
1800 .algorithm_ssl = SSL_TLSV1_2,
1801 .algo_strength = SSL_HIGH,
1802 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1803 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1804 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1805 .strength_bits = 256,
1806 .alg_bits = 256,
1807 },
1808
1809#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1810 /* Cipher CC13 */
1811 {
1812 .valid = 1,
1813 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
1814 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
1815 .algorithm_mkey = SSL_kECDHE,
1816 .algorithm_auth = SSL_aRSA,
1817 .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1818 .algorithm_mac = SSL_AEAD,
1819 .algorithm_ssl = SSL_TLSV1_2,
1820 .algo_strength = SSL_HIGH,
1821 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1822 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1823 .strength_bits = 256,
1824 .alg_bits = 256,
1825 },
1826
1827 /* Cipher CC14 */
1828 {
1829 .valid = 1,
1830 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
1831 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
1832 .algorithm_mkey = SSL_kECDHE,
1833 .algorithm_auth = SSL_aECDSA,
1834 .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1835 .algorithm_mac = SSL_AEAD,
1836 .algorithm_ssl = SSL_TLSV1_2,
1837 .algo_strength = SSL_HIGH,
1838 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1839 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1840 .strength_bits = 256,
1841 .alg_bits = 256,
1842 },
1843
1844 /* Cipher CC15 */
1845 {
1846 .valid = 1,
1847 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD,
1848 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD,
1849 .algorithm_mkey = SSL_kDHE,
1850 .algorithm_auth = SSL_aRSA,
1851 .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1852 .algorithm_mac = SSL_AEAD,
1853 .algorithm_ssl = SSL_TLSV1_2,
1854 .algo_strength = SSL_HIGH,
1855 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1856 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1857 .strength_bits = 256,
1858 .alg_bits = 256,
1859 },
1860
1861 /* Cipher CCA8 */
1862 {
1863 .valid = 1,
1864 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1865 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
1866 .algorithm_mkey = SSL_kECDHE,
1867 .algorithm_auth = SSL_aRSA,
1868 .algorithm_enc = SSL_CHACHA20POLY1305,
1869 .algorithm_mac = SSL_AEAD,
1870 .algorithm_ssl = SSL_TLSV1_2,
1871 .algo_strength = SSL_HIGH,
1872 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1873 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
1874 .strength_bits = 256,
1875 .alg_bits = 256,
1876 },
1877
1878 /* Cipher CCA9 */
1879 {
1880 .valid = 1,
1881 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1882 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
1883 .algorithm_mkey = SSL_kECDHE,
1884 .algorithm_auth = SSL_aECDSA,
1885 .algorithm_enc = SSL_CHACHA20POLY1305,
1886 .algorithm_mac = SSL_AEAD,
1887 .algorithm_ssl = SSL_TLSV1_2,
1888 .algo_strength = SSL_HIGH,
1889 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1890 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
1891 .strength_bits = 256,
1892 .alg_bits = 256,
1893 },
1894
1895 /* Cipher CCAA */
1896 {
1897 .valid = 1,
1898 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1899 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
1900 .algorithm_mkey = SSL_kDHE,
1901 .algorithm_auth = SSL_aRSA,
1902 .algorithm_enc = SSL_CHACHA20POLY1305,
1903 .algorithm_mac = SSL_AEAD,
1904 .algorithm_ssl = SSL_TLSV1_2,
1905 .algo_strength = SSL_HIGH,
1906 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1907 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
1908 .strength_bits = 256,
1909 .alg_bits = 256,
1910 },
1911#endif
1912
1913 /* Cipher FF85 FIXME IANA */
1914 {
1915 .valid = 1,
1916 .name = "GOST2012256-GOST89-GOST89",
1917 .id = 0x300ff85, /* FIXME IANA */
1918 .algorithm_mkey = SSL_kGOST,
1919 .algorithm_auth = SSL_aGOST01,
1920 .algorithm_enc = SSL_eGOST2814789CNT,
1921 .algorithm_mac = SSL_GOST89MAC,
1922 .algorithm_ssl = SSL_TLSV1,
1923 .algo_strength = SSL_HIGH,
1924 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
1925 TLS1_STREAM_MAC,
1926 .strength_bits = 256,
1927 .alg_bits = 256
1928 },
1929
1930 /* Cipher FF87 FIXME IANA */
1931 {
1932 .valid = 1,
1933 .name = "GOST2012256-NULL-STREEBOG256",
1934 .id = 0x300ff87, /* FIXME IANA */
1935 .algorithm_mkey = SSL_kGOST,
1936 .algorithm_auth = SSL_aGOST01,
1937 .algorithm_enc = SSL_eNULL,
1938 .algorithm_mac = SSL_STREEBOG256,
1939 .algorithm_ssl = SSL_TLSV1,
1940 .algo_strength = SSL_STRONG_NONE,
1941 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
1942 .strength_bits = 0,
1943 .alg_bits = 0
1944 },
1945
1946
1947 /* end of list */
1948};
1949
1950int
1951ssl3_num_ciphers(void)
1952{
1953 return (SSL3_NUM_CIPHERS);
1954}
1955
1956const SSL_CIPHER *
1957ssl3_get_cipher(unsigned int u)
1958{
1959 if (u < SSL3_NUM_CIPHERS)
1960 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
1961 else
1962 return (NULL);
1963}
1964
1965const SSL_CIPHER *
1966ssl3_get_cipher_by_id(unsigned int id)
1967{
1968 const SSL_CIPHER *cp;
1969 SSL_CIPHER c;
1970
1971 c.id = id;
1972 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
1973 if (cp != NULL && cp->valid == 1)
1974 return (cp);
1975
1976 return (NULL);
1977}
1978
1979const SSL_CIPHER *
1980ssl3_get_cipher_by_value(uint16_t value)
1981{
1982 return ssl3_get_cipher_by_id(SSL3_CK_ID | value);
1983}
1984
1985uint16_t
1986ssl3_cipher_get_value(const SSL_CIPHER *c)
1987{
1988 return (c->id & SSL3_CK_VALUE_MASK);
1989}
1990
1991int
1992ssl3_pending(const SSL *s)
1993{
1994 if (s->rstate == SSL_ST_READ_BODY)
1995 return 0;
1996
1997 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
1998 s->s3->rrec.length : 0;
1999}
2000
2001int
2002ssl3_handshake_msg_hdr_len(SSL *s)
2003{
2004 return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
2005 SSL3_HM_HEADER_LENGTH);
2006}
2007
2008unsigned char *
2009ssl3_handshake_msg_start(SSL *s, uint8_t msg_type)
2010{
2011 unsigned char *d, *p;
2012
2013 d = p = (unsigned char *)s->init_buf->data;
2014
2015 /* Handshake message type and length. */
2016 *(p++) = msg_type;
2017 l2n3(0, p);
2018
2019 return (d + ssl3_handshake_msg_hdr_len(s));
2020}
2021
2022void
2023ssl3_handshake_msg_finish(SSL *s, unsigned int len)
2024{
2025 unsigned char *d, *p;
2026 uint8_t msg_type;
2027
2028 d = p = (unsigned char *)s->init_buf->data;
2029
2030 /* Handshake message length. */
2031 msg_type = *(p++);
2032 l2n3(len, p);
2033
2034 s->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len;
2035 s->init_off = 0;
2036
2037 if (SSL_IS_DTLS(s)) {
2038 dtls1_set_message_header(s, d, msg_type, len, 0, len);
2039 dtls1_buffer_message(s, 0);
2040 }
2041}
2042
2043int
2044ssl3_handshake_write(SSL *s)
2045{
2046 if (SSL_IS_DTLS(s))
2047 return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
2048
2049 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2050}
2051
2052int
2053ssl3_new(SSL *s)
2054{
2055 SSL3_STATE *s3;
2056
2057 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2058 goto err;
2059 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2060 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2061
2062 s->s3 = s3;
2063
2064 s->method->ssl_clear(s);
2065 return (1);
2066err:
2067 return (0);
2068}
2069
2070void
2071ssl3_free(SSL *s)
2072{
2073 if (s == NULL)
2074 return;
2075
2076 tls1_cleanup_key_block(s);
2077 ssl3_release_read_buffer(s);
2078 ssl3_release_write_buffer(s);
2079
2080 DH_free(s->s3->tmp.dh);
2081 EC_KEY_free(s->s3->tmp.ecdh);
2082
2083 if (s->s3->tmp.ca_names != NULL)
2084 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2085 BIO_free(s->s3->handshake_buffer);
2086 tls1_free_digest_list(s);
2087 free(s->s3->alpn_selected);
2088
2089 explicit_bzero(s->s3, sizeof *s->s3);
2090 free(s->s3);
2091 s->s3 = NULL;
2092}
2093
2094void
2095ssl3_clear(SSL *s)
2096{
2097 unsigned char *rp, *wp;
2098 size_t rlen, wlen;
2099
2100 tls1_cleanup_key_block(s);
2101 if (s->s3->tmp.ca_names != NULL)
2102 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2103
2104 DH_free(s->s3->tmp.dh);
2105 s->s3->tmp.dh = NULL;
2106 EC_KEY_free(s->s3->tmp.ecdh);
2107 s->s3->tmp.ecdh = NULL;
2108
2109 rp = s->s3->rbuf.buf;
2110 wp = s->s3->wbuf.buf;
2111 rlen = s->s3->rbuf.len;
2112 wlen = s->s3->wbuf.len;
2113
2114 BIO_free(s->s3->handshake_buffer);
2115 s->s3->handshake_buffer = NULL;
2116
2117 tls1_free_digest_list(s);
2118
2119 free(s->s3->alpn_selected);
2120 s->s3->alpn_selected = NULL;
2121
2122 memset(s->s3, 0, sizeof *s->s3);
2123 s->s3->rbuf.buf = rp;
2124 s->s3->wbuf.buf = wp;
2125 s->s3->rbuf.len = rlen;
2126 s->s3->wbuf.len = wlen;
2127
2128 ssl_free_wbio_buffer(s);
2129
2130 s->packet_length = 0;
2131 s->s3->renegotiate = 0;
2132 s->s3->total_renegotiations = 0;
2133 s->s3->num_renegotiations = 0;
2134 s->s3->in_read_app_data = 0;
2135 s->version = TLS1_VERSION;
2136
2137 free(s->next_proto_negotiated);
2138 s->next_proto_negotiated = NULL;
2139 s->next_proto_negotiated_len = 0;
2140}
2141
2142
2143long
2144ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2145{
2146 int ret = 0;
2147
2148 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
2149 if (!ssl_cert_inst(&s->cert)) {
2150 SSLerr(SSL_F_SSL3_CTRL,
2151 ERR_R_MALLOC_FAILURE);
2152 return (0);
2153 }
2154 }
2155
2156 switch (cmd) {
2157 case SSL_CTRL_GET_SESSION_REUSED:
2158 ret = s->hit;
2159 break;
2160 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2161 break;
2162 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2163 ret = s->s3->num_renegotiations;
2164 break;
2165 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2166 ret = s->s3->num_renegotiations;
2167 s->s3->num_renegotiations = 0;
2168 break;
2169 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2170 ret = s->s3->total_renegotiations;
2171 break;
2172 case SSL_CTRL_GET_FLAGS:
2173 ret = (int)(s->s3->flags);
2174 break;
2175 case SSL_CTRL_NEED_TMP_RSA:
2176 ret = 0;
2177 break;
2178 case SSL_CTRL_SET_TMP_RSA:
2179 case SSL_CTRL_SET_TMP_RSA_CB:
2180 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2181 break;
2182 case SSL_CTRL_SET_TMP_DH:
2183 {
2184 DH *dh = (DH *)parg;
2185 if (dh == NULL) {
2186 SSLerr(SSL_F_SSL3_CTRL,
2187 ERR_R_PASSED_NULL_PARAMETER);
2188 return (ret);
2189 }
2190 if ((dh = DHparams_dup(dh)) == NULL) {
2191 SSLerr(SSL_F_SSL3_CTRL,
2192 ERR_R_DH_LIB);
2193 return (ret);
2194 }
2195 DH_free(s->cert->dh_tmp);
2196 s->cert->dh_tmp = dh;
2197 ret = 1;
2198 }
2199 break;
2200
2201 case SSL_CTRL_SET_TMP_DH_CB:
2202 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2203 return (ret);
2204
2205 case SSL_CTRL_SET_DH_AUTO:
2206 s->cert->dh_tmp_auto = larg;
2207 return 1;
2208
2209 case SSL_CTRL_SET_TMP_ECDH:
2210 {
2211 EC_KEY *ecdh = NULL;
2212
2213 if (parg == NULL) {
2214 SSLerr(SSL_F_SSL3_CTRL,
2215 ERR_R_PASSED_NULL_PARAMETER);
2216 return (ret);
2217 }
2218 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
2219 SSLerr(SSL_F_SSL3_CTRL,
2220 ERR_R_ECDH_LIB);
2221 return (ret);
2222 }
2223 ecdh = (EC_KEY *)parg;
2224 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
2225 if (!EC_KEY_generate_key(ecdh)) {
2226 EC_KEY_free(ecdh);
2227 SSLerr(SSL_F_SSL3_CTRL,
2228 ERR_R_ECDH_LIB);
2229 return (ret);
2230 }
2231 }
2232 EC_KEY_free(s->cert->ecdh_tmp);
2233 s->cert->ecdh_tmp = ecdh;
2234 ret = 1;
2235 }
2236 break;
2237 case SSL_CTRL_SET_TMP_ECDH_CB:
2238 {
2239 SSLerr(SSL_F_SSL3_CTRL,
2240 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2241 return (ret);
2242 }
2243 break;
2244 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2245 if (larg == TLSEXT_NAMETYPE_host_name) {
2246 free(s->tlsext_hostname);
2247 s->tlsext_hostname = NULL;
2248
2249 ret = 1;
2250 if (parg == NULL)
2251 break;
2252 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
2253 SSLerr(SSL_F_SSL3_CTRL,
2254 SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2255 return 0;
2256 }
2257 if ((s->tlsext_hostname = strdup((char *)parg))
2258 == NULL) {
2259 SSLerr(SSL_F_SSL3_CTRL,
2260 ERR_R_INTERNAL_ERROR);
2261 return 0;
2262 }
2263 } else {
2264 SSLerr(SSL_F_SSL3_CTRL,
2265 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2266 return 0;
2267 }
2268 break;
2269 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2270 s->tlsext_debug_arg = parg;
2271 ret = 1;
2272 break;
2273
2274 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2275 s->tlsext_status_type = larg;
2276 ret = 1;
2277 break;
2278
2279 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2280 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2281 ret = 1;
2282 break;
2283
2284 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2285 s->tlsext_ocsp_exts = parg;
2286 ret = 1;
2287 break;
2288
2289 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2290 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2291 ret = 1;
2292 break;
2293
2294 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2295 s->tlsext_ocsp_ids = parg;
2296 ret = 1;
2297 break;
2298
2299 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2300 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2301 return s->tlsext_ocsp_resplen;
2302
2303 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2304 free(s->tlsext_ocsp_resp);
2305 s->tlsext_ocsp_resp = parg;
2306 s->tlsext_ocsp_resplen = larg;
2307 ret = 1;
2308 break;
2309
2310 case SSL_CTRL_SET_ECDH_AUTO:
2311 s->cert->ecdh_tmp_auto = larg;
2312 ret = 1;
2313 break;
2314
2315 default:
2316 break;
2317 }
2318 return (ret);
2319}
2320
2321long
2322ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2323{
2324 int ret = 0;
2325
2326 if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
2327 if (!ssl_cert_inst(&s->cert)) {
2328 SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
2329 ERR_R_MALLOC_FAILURE);
2330 return (0);
2331 }
2332 }
2333
2334 switch (cmd) {
2335 case SSL_CTRL_SET_TMP_RSA_CB:
2336 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2337 break;
2338 case SSL_CTRL_SET_TMP_DH_CB:
2339 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2340 break;
2341 case SSL_CTRL_SET_TMP_ECDH_CB:
2342 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2343 break;
2344 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2345 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
2346 unsigned char *, int, void *))fp;
2347 break;
2348 default:
2349 break;
2350 }
2351 return (ret);
2352}
2353
2354long
2355ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2356{
2357 CERT *cert;
2358
2359 cert = ctx->cert;
2360
2361 switch (cmd) {
2362 case SSL_CTRL_NEED_TMP_RSA:
2363 return (0);
2364 case SSL_CTRL_SET_TMP_RSA:
2365 case SSL_CTRL_SET_TMP_RSA_CB:
2366 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2367 return (0);
2368 case SSL_CTRL_SET_TMP_DH:
2369 {
2370 DH *new = NULL, *dh;
2371
2372 dh = (DH *)parg;
2373 if ((new = DHparams_dup(dh)) == NULL) {
2374 SSLerr(SSL_F_SSL3_CTX_CTRL,
2375 ERR_R_DH_LIB);
2376 return 0;
2377 }
2378 DH_free(cert->dh_tmp);
2379 cert->dh_tmp = new;
2380 return 1;
2381 }
2382 /*break; */
2383
2384 case SSL_CTRL_SET_TMP_DH_CB:
2385 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2386 return (0);
2387
2388 case SSL_CTRL_SET_DH_AUTO:
2389 ctx->cert->dh_tmp_auto = larg;
2390 return (1);
2391
2392 case SSL_CTRL_SET_TMP_ECDH:
2393 {
2394 EC_KEY *ecdh = NULL;
2395
2396 if (parg == NULL) {
2397 SSLerr(SSL_F_SSL3_CTX_CTRL,
2398 ERR_R_ECDH_LIB);
2399 return 0;
2400 }
2401 ecdh = EC_KEY_dup((EC_KEY *)parg);
2402 if (ecdh == NULL) {
2403 SSLerr(SSL_F_SSL3_CTX_CTRL,
2404 ERR_R_EC_LIB);
2405 return 0;
2406 }
2407 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
2408 if (!EC_KEY_generate_key(ecdh)) {
2409 EC_KEY_free(ecdh);
2410 SSLerr(SSL_F_SSL3_CTX_CTRL,
2411 ERR_R_ECDH_LIB);
2412 return 0;
2413 }
2414 }
2415
2416 EC_KEY_free(cert->ecdh_tmp);
2417 cert->ecdh_tmp = ecdh;
2418 return 1;
2419 }
2420 /* break; */
2421 case SSL_CTRL_SET_TMP_ECDH_CB:
2422 {
2423 SSLerr(SSL_F_SSL3_CTX_CTRL,
2424 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2425 return (0);
2426 }
2427 break;
2428 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2429 ctx->tlsext_servername_arg = parg;
2430 break;
2431 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2432 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2433 {
2434 unsigned char *keys = parg;
2435 if (!keys)
2436 return 48;
2437 if (larg != 48) {
2438 SSLerr(SSL_F_SSL3_CTX_CTRL,
2439 SSL_R_INVALID_TICKET_KEYS_LENGTH);
2440 return 0;
2441 }
2442 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
2443 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2444 memcpy(ctx->tlsext_tick_hmac_key,
2445 keys + 16, 16);
2446 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2447 } else {
2448 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2449 memcpy(keys + 16,
2450 ctx->tlsext_tick_hmac_key, 16);
2451 memcpy(keys + 32,
2452 ctx->tlsext_tick_aes_key, 16);
2453 }
2454 return 1;
2455 }
2456
2457 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2458 ctx->tlsext_status_arg = parg;
2459 return 1;
2460 break;
2461
2462 case SSL_CTRL_SET_ECDH_AUTO:
2463 ctx->cert->ecdh_tmp_auto = larg;
2464 return 1;
2465
2466 /* A Thawte special :-) */
2467 case SSL_CTRL_EXTRA_CHAIN_CERT:
2468 if (ctx->extra_certs == NULL) {
2469 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
2470 return (0);
2471 }
2472 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2473 break;
2474
2475 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
2476 *(STACK_OF(X509) **)parg = ctx->extra_certs;
2477 break;
2478
2479 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
2480 if (ctx->extra_certs) {
2481 sk_X509_pop_free(ctx->extra_certs, X509_free);
2482 ctx->extra_certs = NULL;
2483 }
2484 break;
2485
2486 default:
2487 return (0);
2488 }
2489 return (1);
2490}
2491
2492long
2493ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2494{
2495 CERT *cert;
2496
2497 cert = ctx->cert;
2498
2499 switch (cmd) {
2500 case SSL_CTRL_SET_TMP_RSA_CB:
2501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2502 return (0);
2503 case SSL_CTRL_SET_TMP_DH_CB:
2504 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2505 break;
2506 case SSL_CTRL_SET_TMP_ECDH_CB:
2507 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2508 break;
2509 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2510 ctx->tlsext_servername_callback =
2511 (int (*)(SSL *, int *, void *))fp;
2512 break;
2513
2514 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2515 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
2516 break;
2517
2518 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2519 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
2520 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
2521 break;
2522
2523 default:
2524 return (0);
2525 }
2526 return (1);
2527}
2528
2529/*
2530 * This function needs to check if the ciphers required are actually available.
2531 */
2532const SSL_CIPHER *
2533ssl3_get_cipher_by_char(const unsigned char *p)
2534{
2535 CBS cipher;
2536 uint16_t cipher_value;
2537
2538 /* We have to assume it is at least 2 bytes due to existing API. */
2539 CBS_init(&cipher, p, 2);
2540 if (!CBS_get_u16(&cipher, &cipher_value))
2541 return NULL;
2542
2543 return ssl3_get_cipher_by_value(cipher_value);
2544}
2545
2546int
2547ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2548{
2549 if (p != NULL) {
2550 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
2551 return (0);
2552 s2n(ssl3_cipher_get_value(c), p);
2553 }
2554 return (2);
2555}
2556
2557SSL_CIPHER *
2558ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2559 STACK_OF(SSL_CIPHER) *srvr)
2560{
2561 unsigned long alg_k, alg_a, mask_k, mask_a;
2562 STACK_OF(SSL_CIPHER) *prio, *allow;
2563 SSL_CIPHER *c, *ret = NULL;
2564 int i, ii, ok;
2565 CERT *cert;
2566
2567 /* Let's see which ciphers we can support */
2568 cert = s->cert;
2569
2570 /*
2571 * Do not set the compare functions, because this may lead to a
2572 * reordering by "id". We want to keep the original ordering.
2573 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2574 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2575 */
2576
2577 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
2578 prio = srvr;
2579 allow = clnt;
2580 } else {
2581 prio = clnt;
2582 allow = srvr;
2583 }
2584
2585 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
2586 c = sk_SSL_CIPHER_value(prio, i);
2587
2588 /* Skip TLS v1.2 only ciphersuites if not supported. */
2589 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
2590 !SSL_USE_TLS1_2_CIPHERS(s))
2591 continue;
2592
2593 ssl_set_cert_masks(cert, c);
2594 mask_k = cert->mask_k;
2595 mask_a = cert->mask_a;
2596
2597 alg_k = c->algorithm_mkey;
2598 alg_a = c->algorithm_auth;
2599
2600
2601 ok = (alg_k & mask_k) && (alg_a & mask_a);
2602
2603 /*
2604 * If we are considering an ECC cipher suite that uses our
2605 * certificate check it.
2606 */
2607 if (alg_a & (SSL_aECDSA|SSL_aECDH))
2608 ok = ok && tls1_check_ec_server_key(s);
2609 /*
2610 * If we are considering an ECC cipher suite that uses
2611 * an ephemeral EC key check it.
2612 */
2613 if (alg_k & SSL_kECDHE)
2614 ok = ok && tls1_check_ec_tmp_key(s);
2615
2616 if (!ok)
2617 continue;
2618 ii = sk_SSL_CIPHER_find(allow, c);
2619 if (ii >= 0) {
2620 ret = sk_SSL_CIPHER_value(allow, ii);
2621 break;
2622 }
2623 }
2624 return (ret);
2625}
2626
2627int
2628ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2629{
2630 int ret = 0;
2631 unsigned long alg_k;
2632
2633 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2634
2635#ifndef OPENSSL_NO_GOST
2636 if ((alg_k & SSL_kGOST)) {
2637 p[ret++] = TLS_CT_GOST94_SIGN;
2638 p[ret++] = TLS_CT_GOST01_SIGN;
2639 p[ret++] = TLS_CT_GOST12_256_SIGN;
2640 p[ret++] = TLS_CT_GOST12_512_SIGN;
2641 }
2642#endif
2643
2644 if (alg_k & SSL_kDHE) {
2645 p[ret++] = SSL3_CT_RSA_FIXED_DH;
2646 p[ret++] = SSL3_CT_DSS_FIXED_DH;
2647 }
2648 p[ret++] = SSL3_CT_RSA_SIGN;
2649 p[ret++] = SSL3_CT_DSS_SIGN;
2650 if ((alg_k & (SSL_kECDHr|SSL_kECDHe))) {
2651 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
2652 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
2653 }
2654
2655 /*
2656 * ECDSA certs can be used with RSA cipher suites as well
2657 * so we don't need to check for SSL_kECDH or SSL_kECDHE
2658 */
2659 p[ret++] = TLS_CT_ECDSA_SIGN;
2660
2661 return (ret);
2662}
2663
2664int
2665ssl3_shutdown(SSL *s)
2666{
2667 int ret;
2668
2669 /*
2670 * Don't do anything much if we have not done the handshake or
2671 * we don't want to send messages :-)
2672 */
2673 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
2674 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2675 return (1);
2676 }
2677
2678 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
2679 s->shutdown|=SSL_SENT_SHUTDOWN;
2680 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2681 /*
2682 * Our shutdown alert has been sent now, and if it still needs
2683 * to be written, s->s3->alert_dispatch will be true
2684 */
2685 if (s->s3->alert_dispatch)
2686 return(-1); /* return WANT_WRITE */
2687 } else if (s->s3->alert_dispatch) {
2688 /* resend it if not sent */
2689 ret = s->method->ssl_dispatch_alert(s);
2690 if (ret == -1) {
2691 /*
2692 * We only get to return -1 here the 2nd/Nth
2693 * invocation, we must have already signalled
2694 * return 0 upon a previous invoation,
2695 * return WANT_WRITE
2696 */
2697 return (ret);
2698 }
2699 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2700 /* If we are waiting for a close from our peer, we are closed */
2701 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
2702 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2703 return(-1); /* return WANT_READ */
2704 }
2705 }
2706
2707 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2708 !s->s3->alert_dispatch)
2709 return (1);
2710 else
2711 return (0);
2712}
2713
2714int
2715ssl3_write(SSL *s, const void *buf, int len)
2716{
2717 int ret, n;
2718
2719#if 0
2720 if (s->shutdown & SSL_SEND_SHUTDOWN) {
2721 s->rwstate = SSL_NOTHING;
2722 return (0);
2723 }
2724#endif
2725 errno = 0;
2726 if (s->s3->renegotiate)
2727 ssl3_renegotiate_check(s);
2728
2729 /*
2730 * This is an experimental flag that sends the
2731 * last handshake message in the same packet as the first
2732 * use data - used to see if it helps the TCP protocol during
2733 * session-id reuse
2734 */
2735 /* The second test is because the buffer may have been removed */
2736 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
2737 /* First time through, we write into the buffer */
2738 if (s->s3->delay_buf_pop_ret == 0) {
2739 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2740 buf, len);
2741 if (ret <= 0)
2742 return (ret);
2743
2744 s->s3->delay_buf_pop_ret = ret;
2745 }
2746
2747 s->rwstate = SSL_WRITING;
2748 n = BIO_flush(s->wbio);
2749 if (n <= 0)
2750 return (n);
2751 s->rwstate = SSL_NOTHING;
2752
2753 /* We have flushed the buffer, so remove it */
2754 ssl_free_wbio_buffer(s);
2755 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2756
2757 ret = s->s3->delay_buf_pop_ret;
2758 s->s3->delay_buf_pop_ret = 0;
2759 } else {
2760 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2761 buf, len);
2762 if (ret <= 0)
2763 return (ret);
2764 }
2765
2766 return (ret);
2767}
2768
2769static int
2770ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2771{
2772 int ret;
2773
2774 errno = 0;
2775 if (s->s3->renegotiate)
2776 ssl3_renegotiate_check(s);
2777 s->s3->in_read_app_data = 1;
2778 ret = s->method->ssl_read_bytes(s,
2779 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2780 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
2781 /*
2782 * ssl3_read_bytes decided to call s->handshake_func, which
2783 * called ssl3_read_bytes to read handshake data.
2784 * However, ssl3_read_bytes actually found application data
2785 * and thinks that application data makes sense here; so disable
2786 * handshake processing and try to read application data again.
2787 */
2788 s->in_handshake++;
2789 ret = s->method->ssl_read_bytes(s,
2790 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2791 s->in_handshake--;
2792 } else
2793 s->s3->in_read_app_data = 0;
2794
2795 return (ret);
2796}
2797
2798int
2799ssl3_read(SSL *s, void *buf, int len)
2800{
2801 return ssl3_read_internal(s, buf, len, 0);
2802}
2803
2804int
2805ssl3_peek(SSL *s, void *buf, int len)
2806{
2807 return ssl3_read_internal(s, buf, len, 1);
2808}
2809
2810int
2811ssl3_renegotiate(SSL *s)
2812{
2813 if (s->handshake_func == NULL)
2814 return (1);
2815
2816 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2817 return (0);
2818
2819 s->s3->renegotiate = 1;
2820 return (1);
2821}
2822
2823int
2824ssl3_renegotiate_check(SSL *s)
2825{
2826 int ret = 0;
2827
2828 if (s->s3->renegotiate) {
2829 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
2830 !SSL_in_init(s)) {
2831 /*
2832 * If we are the server, and we have sent
2833 * a 'RENEGOTIATE' message, we need to go
2834 * to SSL_ST_ACCEPT.
2835 */
2836 /* SSL_ST_ACCEPT */
2837 s->state = SSL_ST_RENEGOTIATE;
2838 s->s3->renegotiate = 0;
2839 s->s3->num_renegotiations++;
2840 s->s3->total_renegotiations++;
2841 ret = 1;
2842 }
2843 }
2844 return (ret);
2845}
2846/*
2847 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
2848 * and handshake macs if required.
2849 */
2850long
2851ssl_get_algorithm2(SSL *s)
2852{
2853 long alg2 = s->s3->tmp.new_cipher->algorithm2;
2854
2855 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
2856 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
2857 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
2858 return alg2;
2859}
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
deleted file mode 100644
index 0e97be6728..0000000000
--- a/src/lib/libssl/s3_pkt.c
+++ /dev/null
@@ -1,1391 +0,0 @@
1/* $OpenBSD: s3_pkt.c,v 1.58 2016/07/10 23:07:34 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <errno.h>
113#include <stdio.h>
114
115#include "ssl_locl.h"
116
117#include <openssl/buffer.h>
118#include <openssl/evp.h>
119
120#include "bytestring.h"
121
122static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
123 unsigned int len, int create_empty_fragment);
124static int ssl3_get_record(SSL *s);
125
126/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
127 * packet by another n bytes.
128 * The packet will be in the sub-array of s->s3->rbuf.buf specified
129 * by s->packet and s->packet_length.
130 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
131 * [plus s->packet_length bytes if extend == 1].)
132 */
133int
134ssl3_read_n(SSL *s, int n, int max, int extend)
135{
136 int i, len, left;
137 size_t align;
138 unsigned char *pkt;
139 SSL3_BUFFER *rb;
140
141 if (n <= 0)
142 return n;
143
144 rb = &(s->s3->rbuf);
145 if (rb->buf == NULL)
146 if (!ssl3_setup_read_buffer(s))
147 return -1;
148
149 left = rb->left;
150 align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
151 align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
152
153 if (!extend) {
154 /* start with empty packet ... */
155 if (left == 0)
156 rb->offset = align;
157 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
158 /* check if next packet length is large
159 * enough to justify payload alignment... */
160 pkt = rb->buf + rb->offset;
161 if (pkt[0] == SSL3_RT_APPLICATION_DATA &&
162 (pkt[3]<<8|pkt[4]) >= 128) {
163 /* Note that even if packet is corrupted
164 * and its length field is insane, we can
165 * only be led to wrong decision about
166 * whether memmove will occur or not.
167 * Header values has no effect on memmove
168 * arguments and therefore no buffer
169 * overrun can be triggered. */
170 memmove(rb->buf + align, pkt, left);
171 rb->offset = align;
172 }
173 }
174 s->packet = rb->buf + rb->offset;
175 s->packet_length = 0;
176 /* ... now we can act as if 'extend' was set */
177 }
178
179 /* For DTLS/UDP reads should not span multiple packets
180 * because the read operation returns the whole packet
181 * at once (as long as it fits into the buffer). */
182 if (SSL_IS_DTLS(s)) {
183 if (left > 0 && n > left)
184 n = left;
185 }
186
187 /* if there is enough in the buffer from a previous read, take some */
188 if (left >= n) {
189 s->packet_length += n;
190 rb->left = left - n;
191 rb->offset += n;
192 return (n);
193 }
194
195 /* else we need to read more data */
196
197 len = s->packet_length;
198 pkt = rb->buf + align;
199 /* Move any available bytes to front of buffer:
200 * 'len' bytes already pointed to by 'packet',
201 * 'left' extra ones at the end */
202 if (s->packet != pkt) {
203 /* len > 0 */
204 memmove(pkt, s->packet, len + left);
205 s->packet = pkt;
206 rb->offset = len + align;
207 }
208
209 if (n > (int)(rb->len - rb->offset)) {
210 /* does not happen */
211 SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
212 return -1;
213 }
214
215 if (!s->read_ahead) {
216 /* ignore max parameter */
217 max = n;
218 } else {
219 if (max < n)
220 max = n;
221 if (max > (int)(rb->len - rb->offset))
222 max = rb->len - rb->offset;
223 }
224
225 while (left < n) {
226 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
227 * and need to read in more until we have len+n (up to
228 * len+max if possible) */
229
230 errno = 0;
231 if (s->rbio != NULL) {
232 s->rwstate = SSL_READING;
233 i = BIO_read(s->rbio, pkt + len + left, max - left);
234 } else {
235 SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
236 i = -1;
237 }
238
239 if (i <= 0) {
240 rb->left = left;
241 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
242 !SSL_IS_DTLS(s)) {
243 if (len + left == 0)
244 ssl3_release_read_buffer(s);
245 }
246 return (i);
247 }
248 left += i;
249
250 /*
251 * reads should *never* span multiple packets for DTLS because
252 * the underlying transport protocol is message oriented as
253 * opposed to byte oriented as in the TLS case.
254 */
255 if (SSL_IS_DTLS(s)) {
256 if (n > left)
257 n = left; /* makes the while condition false */
258 }
259 }
260
261 /* done reading, now the book-keeping */
262 rb->offset += n;
263 rb->left = left - n;
264 s->packet_length += n;
265 s->rwstate = SSL_NOTHING;
266 return (n);
267}
268
269/* Call this to get a new input record.
270 * It will return <= 0 if more data is needed, normally due to an error
271 * or non-blocking IO.
272 * When it finishes, one packet has been decoded and can be found in
273 * ssl->s3->rrec.type - is the type of record
274 * ssl->s3->rrec.data, - data
275 * ssl->s3->rrec.length, - number of bytes
276 */
277/* used only by ssl3_read_bytes */
278static int
279ssl3_get_record(SSL *s)
280{
281 int al;
282 int enc_err, n, i, ret = -1;
283 SSL3_RECORD *rr;
284 SSL_SESSION *sess;
285 unsigned char md[EVP_MAX_MD_SIZE];
286 unsigned mac_size, orig_len;
287
288 rr = &(s->s3->rrec);
289 sess = s->session;
290
291again:
292 /* check if we have the header */
293 if ((s->rstate != SSL_ST_READ_BODY) ||
294 (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
295 CBS header;
296 uint16_t len, ssl_version;
297 uint8_t type;
298
299 n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
300 if (n <= 0)
301 return(n); /* error or non-blocking */
302 s->rstate = SSL_ST_READ_BODY;
303
304 CBS_init(&header, s->packet, n);
305
306 /* Pull apart the header into the SSL3_RECORD */
307 if (!CBS_get_u8(&header, &type) ||
308 !CBS_get_u16(&header, &ssl_version) ||
309 !CBS_get_u16(&header, &len)) {
310 SSLerr(SSL_F_SSL3_GET_RECORD,
311 SSL_R_BAD_PACKET_LENGTH);
312 goto err;
313 }
314
315 rr->type = type;
316 rr->length = len;
317
318 /* Lets check version */
319 if (!s->first_packet && ssl_version != s->version) {
320 SSLerr(SSL_F_SSL3_GET_RECORD,
321 SSL_R_WRONG_VERSION_NUMBER);
322 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
323 !s->enc_write_ctx && !s->write_hash)
324 /* Send back error using their minor version number :-) */
325 s->version = ssl_version;
326 al = SSL_AD_PROTOCOL_VERSION;
327 goto f_err;
328 }
329
330 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
331 SSLerr(SSL_F_SSL3_GET_RECORD,
332 SSL_R_WRONG_VERSION_NUMBER);
333 goto err;
334 }
335
336 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
337 al = SSL_AD_RECORD_OVERFLOW;
338 SSLerr(SSL_F_SSL3_GET_RECORD,
339 SSL_R_PACKET_LENGTH_TOO_LONG);
340 goto f_err;
341 }
342
343 /* now s->rstate == SSL_ST_READ_BODY */
344 }
345
346 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
347
348 if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
349 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
350 i = rr->length;
351 n = ssl3_read_n(s, i, i, 1);
352 if (n <= 0)
353 return(n); /* error or non-blocking io */
354 /* now n == rr->length,
355 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
356 }
357
358 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
359
360 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
361 * and we have that many bytes in s->packet
362 */
363 rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);
364
365 /* ok, we can now read from 's->packet' data into 'rr'
366 * rr->input points at rr->length bytes, which
367 * need to be copied into rr->data by either
368 * the decryption or by the decompression
369 * When the data is 'copied' into the rr->data buffer,
370 * rr->input will be pointed at the new buffer */
371
372 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
373 * rr->length bytes of encrypted compressed stuff. */
374
375 /* check is not needed I believe */
376 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
377 al = SSL_AD_RECORD_OVERFLOW;
378 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
379 goto f_err;
380 }
381
382 /* decrypt in place in 'rr->input' */
383 rr->data = rr->input;
384
385 enc_err = s->method->ssl3_enc->enc(s, 0);
386 /* enc_err is:
387 * 0: (in non-constant time) if the record is publically invalid.
388 * 1: if the padding is valid
389 * -1: if the padding is invalid */
390 if (enc_err == 0) {
391 al = SSL_AD_DECRYPTION_FAILED;
392 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
393 goto f_err;
394 }
395
396
397 /* r->length is now the compressed data plus mac */
398 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
399 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
400 /* s->read_hash != NULL => mac_size != -1 */
401 unsigned char *mac = NULL;
402 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
403
404 mac_size = EVP_MD_CTX_size(s->read_hash);
405 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
406
407 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
408 orig_len = rr->length + ((unsigned int)rr->type >> 8);
409
410 /* orig_len is the length of the record before any padding was
411 * removed. This is public information, as is the MAC in use,
412 * therefore we can safely process the record in a different
413 * amount of time if it's too short to possibly contain a MAC.
414 */
415 if (orig_len < mac_size ||
416 /* CBC records must have a padding length byte too. */
417 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
418 orig_len < mac_size + 1)) {
419 al = SSL_AD_DECODE_ERROR;
420 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
421 goto f_err;
422 }
423
424 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
425 /* We update the length so that the TLS header bytes
426 * can be constructed correctly but we need to extract
427 * the MAC in constant time from within the record,
428 * without leaking the contents of the padding bytes.
429 * */
430 mac = mac_tmp;
431 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
432 rr->length -= mac_size;
433 } else {
434 /* In this case there's no padding, so |orig_len|
435 * equals |rec->length| and we checked that there's
436 * enough bytes for |mac_size| above. */
437 rr->length -= mac_size;
438 mac = &rr->data[rr->length];
439 }
440
441 i = s->method->ssl3_enc->mac(s,md,0 /* not send */);
442 if (i < 0 || mac == NULL ||
443 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
444 enc_err = -1;
445 if (rr->length >
446 SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
447 enc_err = -1;
448 }
449
450 if (enc_err < 0) {
451 /*
452 * A separate 'decryption_failed' alert was introduced with
453 * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a
454 * decryption failure is directly visible from the ciphertext
455 * anyway, we should not reveal which kind of error
456 * occurred -- this might become visible to an attacker
457 * (e.g. via a logfile)
458 */
459 al = SSL_AD_BAD_RECORD_MAC;
460 SSLerr(SSL_F_SSL3_GET_RECORD,
461 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
462 goto f_err;
463 }
464
465 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
466 al = SSL_AD_RECORD_OVERFLOW;
467 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
468 goto f_err;
469 }
470
471 rr->off = 0;
472 /*
473 * So at this point the following is true
474 *
475 * ssl->s3->rrec.type is the type of record
476 * ssl->s3->rrec.length == number of bytes in record
477 * ssl->s3->rrec.off == offset to first valid byte
478 * ssl->s3->rrec.data == where to take bytes from, increment
479 * after use :-).
480 */
481
482 /* we have pulled in a full packet so zero things */
483 s->packet_length = 0;
484
485 /* just read a 0 length packet */
486 if (rr->length == 0)
487 goto again;
488
489 return (1);
490
491f_err:
492 ssl3_send_alert(s, SSL3_AL_FATAL, al);
493err:
494 return (ret);
495}
496
497/* Call this to write data in records of type 'type'
498 * It will return <= 0 if not all data has been sent or non-blocking IO.
499 */
500int
501ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
502{
503 const unsigned char *buf = buf_;
504 unsigned int tot, n, nw;
505 int i;
506
507 if (len < 0) {
508 SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
509 return -1;
510 }
511
512 s->rwstate = SSL_NOTHING;
513 tot = s->s3->wnum;
514 s->s3->wnum = 0;
515
516 if (SSL_in_init(s) && !s->in_handshake) {
517 i = s->handshake_func(s);
518 if (i < 0)
519 return (i);
520 if (i == 0) {
521 SSLerr(SSL_F_SSL3_WRITE_BYTES,
522 SSL_R_SSL_HANDSHAKE_FAILURE);
523 return -1;
524 }
525 }
526
527 if (len < tot)
528 len = tot;
529 n = (len - tot);
530 for (;;) {
531 if (n > s->max_send_fragment)
532 nw = s->max_send_fragment;
533 else
534 nw = n;
535
536 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
537 if (i <= 0) {
538 s->s3->wnum = tot;
539 return i;
540 }
541
542 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
543 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
544 /*
545 * Next chunk of data should get another prepended
546 * empty fragment in ciphersuites with known-IV
547 * weakness.
548 */
549 s->s3->empty_fragment_done = 0;
550
551 return tot + i;
552 }
553
554 n -= i;
555 tot += i;
556 }
557}
558
559static int
560do_ssl3_write(SSL *s, int type, const unsigned char *buf,
561 unsigned int len, int create_empty_fragment)
562{
563 unsigned char *p, *plen;
564 int i, mac_size, clear = 0;
565 int prefix_len = 0;
566 int eivlen;
567 size_t align;
568 SSL3_RECORD *wr;
569 SSL3_BUFFER *wb = &(s->s3->wbuf);
570 SSL_SESSION *sess;
571
572 if (wb->buf == NULL)
573 if (!ssl3_setup_write_buffer(s))
574 return -1;
575
576 /* first check if there is a SSL3_BUFFER still being written
577 * out. This will happen with non blocking IO */
578 if (wb->left != 0)
579 return (ssl3_write_pending(s, type, buf, len));
580
581 /* If we have an alert to send, lets send it */
582 if (s->s3->alert_dispatch) {
583 i = s->method->ssl_dispatch_alert(s);
584 if (i <= 0)
585 return (i);
586 /* if it went, fall through and send more stuff */
587 /* we may have released our buffer, so get it again */
588 if (wb->buf == NULL)
589 if (!ssl3_setup_write_buffer(s))
590 return -1;
591 }
592
593 if (len == 0 && !create_empty_fragment)
594 return 0;
595
596 wr = &(s->s3->wrec);
597 sess = s->session;
598
599 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
600 (EVP_MD_CTX_md(s->write_hash) == NULL)) {
601 clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
602 mac_size = 0;
603 } else {
604 mac_size = EVP_MD_CTX_size(s->write_hash);
605 if (mac_size < 0)
606 goto err;
607 }
608
609 /*
610 * 'create_empty_fragment' is true only when this function calls
611 * itself.
612 */
613 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
614 /*
615 * Countermeasure against known-IV weakness in CBC ciphersuites
616 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
617 */
618 if (s->s3->need_empty_fragments &&
619 type == SSL3_RT_APPLICATION_DATA) {
620 /* recursive function call with 'create_empty_fragment' set;
621 * this prepares and buffers the data for an empty fragment
622 * (these 'prefix_len' bytes are sent out later
623 * together with the actual payload) */
624 prefix_len = do_ssl3_write(s, type, buf, 0, 1);
625 if (prefix_len <= 0)
626 goto err;
627
628 if (prefix_len >
629 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
630 /* insufficient space */
631 SSLerr(SSL_F_DO_SSL3_WRITE,
632 ERR_R_INTERNAL_ERROR);
633 goto err;
634 }
635 }
636
637 s->s3->empty_fragment_done = 1;
638 }
639
640 if (create_empty_fragment) {
641 /* extra fragment would be couple of cipher blocks,
642 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
643 * if we want to align the real payload, then we can
644 * just pretent we simply have two headers. */
645 align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
646 align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
647
648 p = wb->buf + align;
649 wb->offset = align;
650 } else if (prefix_len) {
651 p = wb->buf + wb->offset + prefix_len;
652 } else {
653 align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
654 align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
655
656 p = wb->buf + align;
657 wb->offset = align;
658 }
659
660 /* write the header */
661
662 *(p++) = type&0xff;
663 wr->type = type;
664
665 *(p++) = (s->version >> 8);
666 /* Some servers hang if iniatial client hello is larger than 256
667 * bytes and record version number > TLS 1.0
668 */
669 if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate &&
670 TLS1_get_version(s) > TLS1_VERSION)
671 *(p++) = 0x1;
672 else
673 *(p++) = s->version&0xff;
674
675 /* field where we are to write out packet length */
676 plen = p;
677 p += 2;
678
679 /* Explicit IV length. */
680 if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
681 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
682 if (mode == EVP_CIPH_CBC_MODE) {
683 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
684 if (eivlen <= 1)
685 eivlen = 0;
686 }
687 /* Need explicit part of IV for GCM mode */
688 else if (mode == EVP_CIPH_GCM_MODE)
689 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
690 else
691 eivlen = 0;
692 } else if (s->aead_write_ctx != NULL &&
693 s->aead_write_ctx->variable_nonce_in_record) {
694 eivlen = s->aead_write_ctx->variable_nonce_len;
695 } else
696 eivlen = 0;
697
698 /* lets setup the record stuff. */
699 wr->data = p + eivlen;
700 wr->length = (int)len;
701 wr->input = (unsigned char *)buf;
702
703 /* we now 'read' from wr->input, wr->length bytes into wr->data */
704
705 memcpy(wr->data, wr->input, wr->length);
706 wr->input = wr->data;
707
708 /* we should still have the output to wr->data and the input
709 * from wr->input. Length should be wr->length.
710 * wr->data still points in the wb->buf */
711
712 if (mac_size != 0) {
713 if (s->method->ssl3_enc->mac(s,
714 &(p[wr->length + eivlen]), 1) < 0)
715 goto err;
716 wr->length += mac_size;
717 }
718
719 wr->input = p;
720 wr->data = p;
721
722 if (eivlen) {
723 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
724 goto err;
725 */
726 wr->length += eivlen;
727 }
728
729 /* ssl3_enc can only have an error on read */
730 s->method->ssl3_enc->enc(s, 1);
731
732 /* record length after mac and block padding */
733 s2n(wr->length, plen);
734
735 /* we should now have
736 * wr->data pointing to the encrypted data, which is
737 * wr->length long */
738 wr->type=type; /* not needed but helps for debugging */
739 wr->length += SSL3_RT_HEADER_LENGTH;
740
741 if (create_empty_fragment) {
742 /* we are in a recursive call;
743 * just return the length, don't write out anything here
744 */
745 return wr->length;
746 }
747
748 /* now let's set up wb */
749 wb->left = prefix_len + wr->length;
750
751 /* memorize arguments so that ssl3_write_pending can detect
752 * bad write retries later */
753 s->s3->wpend_tot = len;
754 s->s3->wpend_buf = buf;
755 s->s3->wpend_type = type;
756 s->s3->wpend_ret = len;
757
758 /* we now just need to write the buffer */
759 return ssl3_write_pending(s, type, buf, len);
760err:
761 return -1;
762}
763
764/* if s->s3->wbuf.left != 0, we need to call this */
765int
766ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
767{
768 int i;
769 SSL3_BUFFER *wb = &(s->s3->wbuf);
770
771 /* XXXX */
772 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
773 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
774 (s->s3->wpend_type != type)) {
775 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
776 return (-1);
777 }
778
779 for (;;) {
780 errno = 0;
781 if (s->wbio != NULL) {
782 s->rwstate = SSL_WRITING;
783 i = BIO_write(s->wbio,
784 (char *)&(wb->buf[wb->offset]),
785 (unsigned int)wb->left);
786 } else {
787 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
788 i = -1;
789 }
790 if (i == wb->left) {
791 wb->left = 0;
792 wb->offset += i;
793 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
794 !SSL_IS_DTLS(s))
795 ssl3_release_write_buffer(s);
796 s->rwstate = SSL_NOTHING;
797 return (s->s3->wpend_ret);
798 } else if (i <= 0) {
799 /*
800 * For DTLS, just drop it. That's kind of the
801 * whole point in using a datagram service.
802 */
803 if (SSL_IS_DTLS(s))
804 wb->left = 0;
805 return (i);
806 }
807 wb->offset += i;
808 wb->left -= i;
809 }
810}
811
812/* Return up to 'len' payload bytes received in 'type' records.
813 * 'type' is one of the following:
814 *
815 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
816 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
817 * - 0 (during a shutdown, no data has to be returned)
818 *
819 * If we don't have stored data to work from, read a SSL/TLS record first
820 * (possibly multiple records if we still don't have anything to return).
821 *
822 * This function must handle any surprises the peer may have for us, such as
823 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
824 * a surprise, but handled as if it were), or renegotiation requests.
825 * Also if record payloads contain fragments too small to process, we store
826 * them until there is enough for the respective protocol (the record protocol
827 * may use arbitrary fragmentation and even interleaving):
828 * Change cipher spec protocol
829 * just 1 byte needed, no need for keeping anything stored
830 * Alert protocol
831 * 2 bytes needed (AlertLevel, AlertDescription)
832 * Handshake protocol
833 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
834 * to detect unexpected Client Hello and Hello Request messages
835 * here, anything else is handled by higher layers
836 * Application data protocol
837 * none of our business
838 */
839int
840ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
841{
842 int al, i, j, ret;
843 unsigned int n;
844 SSL3_RECORD *rr;
845 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
846
847 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
848 if (!ssl3_setup_read_buffer(s))
849 return (-1);
850
851 if (len < 0) {
852 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
853 return -1;
854 }
855
856 if ((type && type != SSL3_RT_APPLICATION_DATA &&
857 type != SSL3_RT_HANDSHAKE) ||
858 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
859 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
860 return -1;
861 }
862
863 if ((type == SSL3_RT_HANDSHAKE) &&
864 (s->s3->handshake_fragment_len > 0)) {
865 /* (partially) satisfy request from storage */
866 unsigned char *src = s->s3->handshake_fragment;
867 unsigned char *dst = buf;
868 unsigned int k;
869
870 /* peek == 0 */
871 n = 0;
872 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
873 *dst++ = *src++;
874 len--;
875 s->s3->handshake_fragment_len--;
876 n++;
877 }
878 /* move any remaining fragment bytes: */
879 for (k = 0; k < s->s3->handshake_fragment_len; k++)
880 s->s3->handshake_fragment[k] = *src++;
881 return n;
882 }
883
884 /*
885 * Now s->s3->handshake_fragment_len == 0 if
886 * type == SSL3_RT_HANDSHAKE.
887 */
888 if (!s->in_handshake && SSL_in_init(s)) {
889 /* type == SSL3_RT_APPLICATION_DATA */
890 i = s->handshake_func(s);
891 if (i < 0)
892 return (i);
893 if (i == 0) {
894 SSLerr(SSL_F_SSL3_READ_BYTES,
895 SSL_R_SSL_HANDSHAKE_FAILURE);
896 return (-1);
897 }
898 }
899start:
900 s->rwstate = SSL_NOTHING;
901
902 /*
903 * s->s3->rrec.type - is the type of record
904 * s->s3->rrec.data, - data
905 * s->s3->rrec.off, - offset into 'data' for next read
906 * s->s3->rrec.length, - number of bytes.
907 */
908 rr = &(s->s3->rrec);
909
910 /* get new packet if necessary */
911 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
912 ret = ssl3_get_record(s);
913 if (ret <= 0)
914 return (ret);
915 }
916
917 /* we now have a packet which can be read and processed */
918
919 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
920 * reset by ssl3_get_finished */
921 && (rr->type != SSL3_RT_HANDSHAKE)) {
922 al = SSL_AD_UNEXPECTED_MESSAGE;
923 SSLerr(SSL_F_SSL3_READ_BYTES,
924 SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
925 goto f_err;
926 }
927
928 /* If the other end has shut down, throw anything we read away
929 * (even in 'peek' mode) */
930 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
931 rr->length = 0;
932 s->rwstate = SSL_NOTHING;
933 return (0);
934 }
935
936
937 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
938 if (type == rr->type) {
939 /* make sure that we are not getting application data when we
940 * are doing a handshake for the first time */
941 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
942 (s->enc_read_ctx == NULL)) {
943 al = SSL_AD_UNEXPECTED_MESSAGE;
944 SSLerr(SSL_F_SSL3_READ_BYTES,
945 SSL_R_APP_DATA_IN_HANDSHAKE);
946 goto f_err;
947 }
948
949 if (len <= 0)
950 return (len);
951
952 if ((unsigned int)len > rr->length)
953 n = rr->length;
954 else
955 n = (unsigned int)len;
956
957 memcpy(buf, &(rr->data[rr->off]), n);
958 if (!peek) {
959 memset(&(rr->data[rr->off]), 0, n);
960 rr->length -= n;
961 rr->off += n;
962 if (rr->length == 0) {
963 s->rstate = SSL_ST_READ_HEADER;
964 rr->off = 0;
965 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
966 s->s3->rbuf.left == 0)
967 ssl3_release_read_buffer(s);
968 }
969 }
970 return (n);
971 }
972
973
974 /* If we get here, then type != rr->type; if we have a handshake
975 * message, then it was unexpected (Hello Request or Client Hello). */
976
977 {
978 /*
979 * In case of record types for which we have 'fragment'
980 * storage, * fill that so that we can process the data
981 * at a fixed place.
982 */
983 unsigned int dest_maxlen = 0;
984 unsigned char *dest = NULL;
985 unsigned int *dest_len = NULL;
986
987 if (rr->type == SSL3_RT_HANDSHAKE) {
988 dest_maxlen = sizeof s->s3->handshake_fragment;
989 dest = s->s3->handshake_fragment;
990 dest_len = &s->s3->handshake_fragment_len;
991 } else if (rr->type == SSL3_RT_ALERT) {
992 dest_maxlen = sizeof s->s3->alert_fragment;
993 dest = s->s3->alert_fragment;
994 dest_len = &s->s3->alert_fragment_len;
995 }
996 if (dest_maxlen > 0) {
997 /* available space in 'dest' */
998 n = dest_maxlen - *dest_len;
999 if (rr->length < n)
1000 n = rr->length; /* available bytes */
1001
1002 /* now move 'n' bytes: */
1003 while (n-- > 0) {
1004 dest[(*dest_len)++] = rr->data[rr->off++];
1005 rr->length--;
1006 }
1007
1008 if (*dest_len < dest_maxlen)
1009 goto start; /* fragment was too small */
1010 }
1011 }
1012
1013 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1014 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1015 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1016
1017 /* If we are a client, check for an incoming 'Hello Request': */
1018 if ((!s->server) && (s->s3->handshake_fragment_len >= 4) &&
1019 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1020 (s->session != NULL) && (s->session->cipher != NULL)) {
1021 s->s3->handshake_fragment_len = 0;
1022
1023 if ((s->s3->handshake_fragment[1] != 0) ||
1024 (s->s3->handshake_fragment[2] != 0) ||
1025 (s->s3->handshake_fragment[3] != 0)) {
1026 al = SSL_AD_DECODE_ERROR;
1027 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1028 goto f_err;
1029 }
1030
1031 if (s->msg_callback)
1032 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1033 s->s3->handshake_fragment, 4, s,
1034 s->msg_callback_arg);
1035
1036 if (SSL_is_init_finished(s) &&
1037 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1038 !s->s3->renegotiate) {
1039 ssl3_renegotiate(s);
1040 if (ssl3_renegotiate_check(s)) {
1041 i = s->handshake_func(s);
1042 if (i < 0)
1043 return (i);
1044 if (i == 0) {
1045 SSLerr(SSL_F_SSL3_READ_BYTES,
1046 SSL_R_SSL_HANDSHAKE_FAILURE);
1047 return (-1);
1048 }
1049
1050 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1051 if (s->s3->rbuf.left == 0) {
1052 /* no read-ahead left? */
1053 BIO *bio;
1054 /* In the case where we try to read application data,
1055 * but we trigger an SSL handshake, we return -1 with
1056 * the retry option set. Otherwise renegotiation may
1057 * cause nasty problems in the blocking world */
1058 s->rwstate = SSL_READING;
1059 bio = SSL_get_rbio(s);
1060 BIO_clear_retry_flags(bio);
1061 BIO_set_retry_read(bio);
1062 return (-1);
1063 }
1064 }
1065 }
1066 }
1067 /* we either finished a handshake or ignored the request,
1068 * now try again to obtain the (application) data we were asked for */
1069 goto start;
1070 }
1071 /* If we are a server and get a client hello when renegotiation isn't
1072 * allowed send back a no renegotiation alert and carry on.
1073 * WARNING: experimental code, needs reviewing (steve)
1074 */
1075 if (s->server &&
1076 SSL_is_init_finished(s) &&
1077 !s->s3->send_connection_binding &&
1078 (s->s3->handshake_fragment_len >= 4) &&
1079 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1080 (s->session != NULL) && (s->session->cipher != NULL)) {
1081 /*s->s3->handshake_fragment_len = 0;*/
1082 rr->length = 0;
1083 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1084 goto start;
1085 }
1086 if (s->s3->alert_fragment_len >= 2) {
1087 int alert_level = s->s3->alert_fragment[0];
1088 int alert_descr = s->s3->alert_fragment[1];
1089
1090 s->s3->alert_fragment_len = 0;
1091
1092 if (s->msg_callback)
1093 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1094 s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1095
1096 if (s->info_callback != NULL)
1097 cb = s->info_callback;
1098 else if (s->ctx->info_callback != NULL)
1099 cb = s->ctx->info_callback;
1100
1101 if (cb != NULL) {
1102 j = (alert_level << 8) | alert_descr;
1103 cb(s, SSL_CB_READ_ALERT, j);
1104 }
1105
1106 if (alert_level == 1) {
1107 /* warning */
1108 s->s3->warn_alert = alert_descr;
1109 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1110 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1111 return (0);
1112 }
1113 /* This is a warning but we receive it if we requested
1114 * renegotiation and the peer denied it. Terminate with
1115 * a fatal alert because if application tried to
1116 * renegotiatie it presumably had a good reason and
1117 * expects it to succeed.
1118 *
1119 * In future we might have a renegotiation where we
1120 * don't care if the peer refused it where we carry on.
1121 */
1122 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1123 al = SSL_AD_HANDSHAKE_FAILURE;
1124 SSLerr(SSL_F_SSL3_READ_BYTES,
1125 SSL_R_NO_RENEGOTIATION);
1126 goto f_err;
1127 }
1128 } else if (alert_level == 2) {
1129 /* fatal */
1130 s->rwstate = SSL_NOTHING;
1131 s->s3->fatal_alert = alert_descr;
1132 SSLerr(SSL_F_SSL3_READ_BYTES,
1133 SSL_AD_REASON_OFFSET + alert_descr);
1134 ERR_asprintf_error_data("SSL alert number %d",
1135 alert_descr);
1136 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1137 SSL_CTX_remove_session(s->ctx, s->session);
1138 return (0);
1139 } else {
1140 al = SSL_AD_ILLEGAL_PARAMETER;
1141 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
1142 goto f_err;
1143 }
1144
1145 goto start;
1146 }
1147
1148 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1149 /* but we have not received a shutdown */
1150 s->rwstate = SSL_NOTHING;
1151 rr->length = 0;
1152 return (0);
1153 }
1154
1155 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1156 /* 'Change Cipher Spec' is just a single byte, so we know
1157 * exactly what the record payload has to look like */
1158 if ((rr->length != 1) || (rr->off != 0) ||
1159 (rr->data[0] != SSL3_MT_CCS)) {
1160 al = SSL_AD_ILLEGAL_PARAMETER;
1161 SSLerr(SSL_F_SSL3_READ_BYTES,
1162 SSL_R_BAD_CHANGE_CIPHER_SPEC);
1163 goto f_err;
1164 }
1165
1166 /* Check we have a cipher to change to */
1167 if (s->s3->tmp.new_cipher == NULL) {
1168 al = SSL_AD_UNEXPECTED_MESSAGE;
1169 SSLerr(SSL_F_SSL3_READ_BYTES,
1170 SSL_R_CCS_RECEIVED_EARLY);
1171 goto f_err;
1172 }
1173
1174 /* Check that we should be receiving a Change Cipher Spec. */
1175 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1176 al = SSL_AD_UNEXPECTED_MESSAGE;
1177 SSLerr(SSL_F_SSL3_READ_BYTES,
1178 SSL_R_CCS_RECEIVED_EARLY);
1179 goto f_err;
1180 }
1181 s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
1182
1183 rr->length = 0;
1184
1185 if (s->msg_callback) {
1186 s->msg_callback(0, s->version,
1187 SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s,
1188 s->msg_callback_arg);
1189 }
1190
1191 s->s3->change_cipher_spec = 1;
1192 if (!ssl3_do_change_cipher_spec(s))
1193 goto err;
1194 else
1195 goto start;
1196 }
1197
1198 /* Unexpected handshake message (Client Hello, or protocol violation) */
1199 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
1200 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1201 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1202 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1203 s->renegotiate = 1;
1204 s->new_session = 1;
1205 }
1206 i = s->handshake_func(s);
1207 if (i < 0)
1208 return (i);
1209 if (i == 0) {
1210 SSLerr(SSL_F_SSL3_READ_BYTES,
1211 SSL_R_SSL_HANDSHAKE_FAILURE);
1212 return (-1);
1213 }
1214
1215 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1216 if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
1217 BIO *bio;
1218 /* In the case where we try to read application data,
1219 * but we trigger an SSL handshake, we return -1 with
1220 * the retry option set. Otherwise renegotiation may
1221 * cause nasty problems in the blocking world */
1222 s->rwstate = SSL_READING;
1223 bio = SSL_get_rbio(s);
1224 BIO_clear_retry_flags(bio);
1225 BIO_set_retry_read(bio);
1226 return (-1);
1227 }
1228 }
1229 goto start;
1230 }
1231
1232 switch (rr->type) {
1233 default:
1234 /*
1235 * TLS up to v1.1 just ignores unknown message types:
1236 * TLS v1.2 give an unexpected message alert.
1237 */
1238 if (s->version >= TLS1_VERSION &&
1239 s->version <= TLS1_1_VERSION) {
1240 rr->length = 0;
1241 goto start;
1242 }
1243 al = SSL_AD_UNEXPECTED_MESSAGE;
1244 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1245 goto f_err;
1246 case SSL3_RT_CHANGE_CIPHER_SPEC:
1247 case SSL3_RT_ALERT:
1248 case SSL3_RT_HANDSHAKE:
1249 /* we already handled all of these, with the possible exception
1250 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1251 * should not happen when type != rr->type */
1252 al = SSL_AD_UNEXPECTED_MESSAGE;
1253 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
1254 goto f_err;
1255 case SSL3_RT_APPLICATION_DATA:
1256 /* At this point, we were expecting handshake data,
1257 * but have application data. If the library was
1258 * running inside ssl3_read() (i.e. in_read_app_data
1259 * is set) and it makes sense to read application data
1260 * at this point (session renegotiation not yet started),
1261 * we will indulge it.
1262 */
1263 if (s->s3->in_read_app_data &&
1264 (s->s3->total_renegotiations != 0) &&
1265 (((s->state & SSL_ST_CONNECT) &&
1266 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1267 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
1268 ((s->state & SSL_ST_ACCEPT) &&
1269 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1270 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1271 s->s3->in_read_app_data = 2;
1272 return (-1);
1273 } else {
1274 al = SSL_AD_UNEXPECTED_MESSAGE;
1275 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1276 goto f_err;
1277 }
1278 }
1279 /* not reached */
1280
1281f_err:
1282 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1283err:
1284 return (-1);
1285}
1286
1287int
1288ssl3_do_change_cipher_spec(SSL *s)
1289{
1290 int i;
1291 const char *sender;
1292 int slen;
1293
1294 if (s->state & SSL_ST_ACCEPT)
1295 i = SSL3_CHANGE_CIPHER_SERVER_READ;
1296 else
1297 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1298
1299 if (s->s3->tmp.key_block == NULL) {
1300 if (s->session == NULL || s->session->master_key_length == 0) {
1301 /* might happen if dtls1_read_bytes() calls this */
1302 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
1303 SSL_R_CCS_RECEIVED_EARLY);
1304 return (0);
1305 }
1306
1307 s->session->cipher = s->s3->tmp.new_cipher;
1308 if (!s->method->ssl3_enc->setup_key_block(s))
1309 return (0);
1310 }
1311
1312 if (!s->method->ssl3_enc->change_cipher_state(s, i))
1313 return (0);
1314
1315 /* we have to record the message digest at
1316 * this point so we can get it before we read
1317 * the finished message */
1318 if (s->state & SSL_ST_CONNECT) {
1319 sender = s->method->ssl3_enc->server_finished_label;
1320 slen = s->method->ssl3_enc->server_finished_label_len;
1321 } else {
1322 sender = s->method->ssl3_enc->client_finished_label;
1323 slen = s->method->ssl3_enc->client_finished_label_len;
1324 }
1325
1326 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
1327 s->s3->tmp.peer_finish_md);
1328 if (i == 0) {
1329 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
1330 return 0;
1331 }
1332 s->s3->tmp.peer_finish_md_len = i;
1333
1334 return (1);
1335}
1336
1337int
1338ssl3_send_alert(SSL *s, int level, int desc)
1339{
1340 /* Map tls/ssl alert value to correct one */
1341 desc = s->method->ssl3_enc->alert_value(desc);
1342 if (desc < 0)
1343 return -1;
1344 /* If a fatal one, remove from cache */
1345 if ((level == 2) && (s->session != NULL))
1346 SSL_CTX_remove_session(s->ctx, s->session);
1347
1348 s->s3->alert_dispatch = 1;
1349 s->s3->send_alert[0] = level;
1350 s->s3->send_alert[1] = desc;
1351 if (s->s3->wbuf.left == 0) /* data still being written out? */
1352 return s->method->ssl_dispatch_alert(s);
1353
1354 /* else data is still being written out, we will get written
1355 * some time in the future */
1356 return -1;
1357}
1358
1359int
1360ssl3_dispatch_alert(SSL *s)
1361{
1362 int i, j;
1363 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1364
1365 s->s3->alert_dispatch = 0;
1366 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1367 if (i <= 0) {
1368 s->s3->alert_dispatch = 1;
1369 } else {
1370 /* Alert sent to BIO. If it is important, flush it now.
1371 * If the message does not get sent due to non-blocking IO,
1372 * we will not worry too much. */
1373 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1374 (void)BIO_flush(s->wbio);
1375
1376 if (s->msg_callback)
1377 s->msg_callback(1, s->version, SSL3_RT_ALERT,
1378 s->s3->send_alert, 2, s, s->msg_callback_arg);
1379
1380 if (s->info_callback != NULL)
1381 cb = s->info_callback;
1382 else if (s->ctx->info_callback != NULL)
1383 cb = s->ctx->info_callback;
1384
1385 if (cb != NULL) {
1386 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1387 cb(s, SSL_CB_WRITE_ALERT, j);
1388 }
1389 }
1390 return (i);
1391}
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
deleted file mode 100644
index 9fe96de53e..0000000000
--- a/src/lib/libssl/s3_srvr.c
+++ /dev/null
@@ -1,2692 +0,0 @@
1/* $OpenBSD: s3_srvr.c,v 1.126 2016/05/30 13:42:54 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152
153#include "ssl_locl.h"
154
155#include <openssl/bn.h>
156#include <openssl/buffer.h>
157#include <openssl/evp.h>
158#include <openssl/dh.h>
159#ifndef OPENSSL_NO_GOST
160#include <openssl/gost.h>
161#endif
162#include <openssl/hmac.h>
163#include <openssl/md5.h>
164#include <openssl/objects.h>
165#include <openssl/x509.h>
166
167#include "bytestring.h"
168
169int
170ssl3_accept(SSL *s)
171{
172 unsigned long alg_k;
173 void (*cb)(const SSL *ssl, int type, int val) = NULL;
174 int ret = -1;
175 int new_state, state, skip = 0;
176
177 ERR_clear_error();
178 errno = 0;
179
180 if (s->info_callback != NULL)
181 cb = s->info_callback;
182 else if (s->ctx->info_callback != NULL)
183 cb = s->ctx->info_callback;
184
185 /* init things to blank */
186 s->in_handshake++;
187 if (!SSL_in_init(s) || SSL_in_before(s))
188 SSL_clear(s);
189
190 if (s->cert == NULL) {
191 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
192 ret = -1;
193 goto end;
194 }
195
196 for (;;) {
197 state = s->state;
198
199 switch (s->state) {
200 case SSL_ST_RENEGOTIATE:
201 s->renegotiate = 1;
202 /* s->state=SSL_ST_ACCEPT; */
203
204 case SSL_ST_BEFORE:
205 case SSL_ST_ACCEPT:
206 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
207 case SSL_ST_OK|SSL_ST_ACCEPT:
208
209 s->server = 1;
210 if (cb != NULL)
211 cb(s, SSL_CB_HANDSHAKE_START, 1);
212
213 if ((s->version >> 8) != 3) {
214 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
215 ret = -1;
216 goto end;
217 }
218 s->type = SSL_ST_ACCEPT;
219
220 if (!ssl3_setup_init_buffer(s)) {
221 ret = -1;
222 goto end;
223 }
224 if (!ssl3_setup_buffers(s)) {
225 ret = -1;
226 goto end;
227 }
228
229 s->init_num = 0;
230
231 if (s->state != SSL_ST_RENEGOTIATE) {
232 /*
233 * Ok, we now need to push on a buffering BIO
234 * so that the output is sent in a way that
235 * TCP likes :-)
236 */
237 if (!ssl_init_wbio_buffer(s, 1)) {
238 ret = -1;
239 goto end;
240 }
241
242 if (!tls1_init_finished_mac(s)) {
243 ret = -1;
244 goto end;
245 }
246
247 s->state = SSL3_ST_SR_CLNT_HELLO_A;
248 s->ctx->stats.sess_accept++;
249 } else if (!s->s3->send_connection_binding) {
250 /*
251 * Server attempting to renegotiate with
252 * client that doesn't support secure
253 * renegotiation.
254 */
255 SSLerr(SSL_F_SSL3_ACCEPT,
256 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
257 ssl3_send_alert(s, SSL3_AL_FATAL,
258 SSL_AD_HANDSHAKE_FAILURE);
259 ret = -1;
260 goto end;
261 } else {
262 /*
263 * s->state == SSL_ST_RENEGOTIATE,
264 * we will just send a HelloRequest
265 */
266 s->ctx->stats.sess_accept_renegotiate++;
267 s->state = SSL3_ST_SW_HELLO_REQ_A;
268 }
269 break;
270
271 case SSL3_ST_SW_HELLO_REQ_A:
272 case SSL3_ST_SW_HELLO_REQ_B:
273
274 s->shutdown = 0;
275 ret = ssl3_send_hello_request(s);
276 if (ret <= 0)
277 goto end;
278 s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
279 s->state = SSL3_ST_SW_FLUSH;
280 s->init_num = 0;
281
282 if (!tls1_init_finished_mac(s)) {
283 ret = -1;
284 goto end;
285 }
286 break;
287
288 case SSL3_ST_SW_HELLO_REQ_C:
289 s->state = SSL_ST_OK;
290 break;
291
292 case SSL3_ST_SR_CLNT_HELLO_A:
293 case SSL3_ST_SR_CLNT_HELLO_B:
294 case SSL3_ST_SR_CLNT_HELLO_C:
295
296 s->shutdown = 0;
297 if (s->rwstate != SSL_X509_LOOKUP) {
298 ret = ssl3_get_client_hello(s);
299 if (ret <= 0)
300 goto end;
301 }
302
303 s->renegotiate = 2;
304 s->state = SSL3_ST_SW_SRVR_HELLO_A;
305 s->init_num = 0;
306 break;
307
308 case SSL3_ST_SW_SRVR_HELLO_A:
309 case SSL3_ST_SW_SRVR_HELLO_B:
310 ret = ssl3_send_server_hello(s);
311 if (ret <= 0)
312 goto end;
313 if (s->hit) {
314 if (s->tlsext_ticket_expected)
315 s->state = SSL3_ST_SW_SESSION_TICKET_A;
316 else
317 s->state = SSL3_ST_SW_CHANGE_A;
318 }
319 else
320 s->state = SSL3_ST_SW_CERT_A;
321 s->init_num = 0;
322 break;
323
324 case SSL3_ST_SW_CERT_A:
325 case SSL3_ST_SW_CERT_B:
326 /* Check if it is anon DH or anon ECDH. */
327 if (!(s->s3->tmp.new_cipher->algorithm_auth &
328 SSL_aNULL)) {
329 ret = ssl3_send_server_certificate(s);
330 if (ret <= 0)
331 goto end;
332 if (s->tlsext_status_expected)
333 s->state = SSL3_ST_SW_CERT_STATUS_A;
334 else
335 s->state = SSL3_ST_SW_KEY_EXCH_A;
336 } else {
337 skip = 1;
338 s->state = SSL3_ST_SW_KEY_EXCH_A;
339 }
340 s->init_num = 0;
341 break;
342
343 case SSL3_ST_SW_KEY_EXCH_A:
344 case SSL3_ST_SW_KEY_EXCH_B:
345 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
346
347 /*
348 * Only send if using a DH key exchange.
349 *
350 * For ECC ciphersuites, we send a ServerKeyExchange
351 * message only if the cipher suite is ECDHE. In other
352 * cases, the server certificate contains the server's
353 * public key for key exchange.
354 */
355 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
356 ret = ssl3_send_server_key_exchange(s);
357 if (ret <= 0)
358 goto end;
359 } else
360 skip = 1;
361
362 s->state = SSL3_ST_SW_CERT_REQ_A;
363 s->init_num = 0;
364 break;
365
366 case SSL3_ST_SW_CERT_REQ_A:
367 case SSL3_ST_SW_CERT_REQ_B:
368 /*
369 * Determine whether or not we need to request a
370 * certificate.
371 *
372 * Do not request a certificate if:
373 *
374 * - We did not ask for it (SSL_VERIFY_PEER is unset).
375 *
376 * - SSL_VERIFY_CLIENT_ONCE is set and we are
377 * renegotiating.
378 *
379 * - We are using an anonymous ciphersuites
380 * (see section "Certificate request" in SSL 3 drafts
381 * and in RFC 2246) ... except when the application
382 * insists on verification (against the specs, but
383 * s3_clnt.c accepts this for SSL 3).
384 */
385 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
386 ((s->session->peer != NULL) &&
387 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
388 ((s->s3->tmp.new_cipher->algorithm_auth &
389 SSL_aNULL) && !(s->verify_mode &
390 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
391 /* No cert request */
392 skip = 1;
393 s->s3->tmp.cert_request = 0;
394 s->state = SSL3_ST_SW_SRVR_DONE_A;
395 if (s->s3->handshake_buffer) {
396 if (!tls1_digest_cached_records(s)) {
397 ret = -1;
398 goto end;
399 }
400 }
401 } else {
402 s->s3->tmp.cert_request = 1;
403 ret = ssl3_send_certificate_request(s);
404 if (ret <= 0)
405 goto end;
406 s->state = SSL3_ST_SW_SRVR_DONE_A;
407 s->init_num = 0;
408 }
409 break;
410
411 case SSL3_ST_SW_SRVR_DONE_A:
412 case SSL3_ST_SW_SRVR_DONE_B:
413 ret = ssl3_send_server_done(s);
414 if (ret <= 0)
415 goto end;
416 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
417 s->state = SSL3_ST_SW_FLUSH;
418 s->init_num = 0;
419 break;
420
421 case SSL3_ST_SW_FLUSH:
422
423 /*
424 * This code originally checked to see if
425 * any data was pending using BIO_CTRL_INFO
426 * and then flushed. This caused problems
427 * as documented in PR#1939. The proposed
428 * fix doesn't completely resolve this issue
429 * as buggy implementations of BIO_CTRL_PENDING
430 * still exist. So instead we just flush
431 * unconditionally.
432 */
433
434 s->rwstate = SSL_WRITING;
435 if (BIO_flush(s->wbio) <= 0) {
436 ret = -1;
437 goto end;
438 }
439 s->rwstate = SSL_NOTHING;
440
441 s->state = s->s3->tmp.next_state;
442 break;
443
444 case SSL3_ST_SR_CERT_A:
445 case SSL3_ST_SR_CERT_B:
446 if (s->s3->tmp.cert_request) {
447 ret = ssl3_get_client_certificate(s);
448 if (ret <= 0)
449 goto end;
450 }
451 s->init_num = 0;
452 s->state = SSL3_ST_SR_KEY_EXCH_A;
453 break;
454
455 case SSL3_ST_SR_KEY_EXCH_A:
456 case SSL3_ST_SR_KEY_EXCH_B:
457 ret = ssl3_get_client_key_exchange(s);
458 if (ret <= 0)
459 goto end;
460 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
461 if (ret == 2) {
462 /*
463 * For the ECDH ciphersuites when
464 * the client sends its ECDH pub key in
465 * a certificate, the CertificateVerify
466 * message is not sent.
467 * Also for GOST ciphersuites when
468 * the client uses its key from the certificate
469 * for key exchange.
470 */
471 if (s->s3->next_proto_neg_seen)
472 s->state = SSL3_ST_SR_NEXT_PROTO_A;
473 else
474 s->state = SSL3_ST_SR_FINISHED_A;
475 s->init_num = 0;
476 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
477 s->state = SSL3_ST_SR_CERT_VRFY_A;
478 s->init_num = 0;
479 if (!s->session->peer)
480 break;
481 /*
482 * For sigalgs freeze the handshake buffer
483 * at this point and digest cached records.
484 */
485 if (!s->s3->handshake_buffer) {
486 SSLerr(SSL_F_SSL3_ACCEPT,
487 ERR_R_INTERNAL_ERROR);
488 ret = -1;
489 goto end;
490 }
491 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
492 if (!tls1_digest_cached_records(s)) {
493 ret = -1;
494 goto end;
495 }
496 } else {
497 int offset = 0;
498 int dgst_num;
499
500 s->state = SSL3_ST_SR_CERT_VRFY_A;
501 s->init_num = 0;
502
503 /*
504 * We need to get hashes here so if there is
505 * a client cert, it can be verified
506 * FIXME - digest processing for
507 * CertificateVerify should be generalized.
508 * But it is next step
509 */
510 if (s->s3->handshake_buffer) {
511 if (!tls1_digest_cached_records(s)) {
512 ret = -1;
513 goto end;
514 }
515 }
516 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
517 dgst_num++)
518 if (s->s3->handshake_dgst[dgst_num]) {
519 int dgst_size;
520
521 s->method->ssl3_enc->cert_verify_mac(s,
522 EVP_MD_CTX_type(
523 s->s3->handshake_dgst[dgst_num]),
524 &(s->s3->tmp.cert_verify_md[offset]));
525 dgst_size = EVP_MD_CTX_size(
526 s->s3->handshake_dgst[dgst_num]);
527 if (dgst_size < 0) {
528 ret = -1;
529 goto end;
530 }
531 offset += dgst_size;
532 }
533 }
534 break;
535
536 case SSL3_ST_SR_CERT_VRFY_A:
537 case SSL3_ST_SR_CERT_VRFY_B:
538 s->s3->flags |= SSL3_FLAGS_CCS_OK;
539
540 /* we should decide if we expected this one */
541 ret = ssl3_get_cert_verify(s);
542 if (ret <= 0)
543 goto end;
544
545 if (s->s3->next_proto_neg_seen)
546 s->state = SSL3_ST_SR_NEXT_PROTO_A;
547 else
548 s->state = SSL3_ST_SR_FINISHED_A;
549 s->init_num = 0;
550 break;
551
552 case SSL3_ST_SR_NEXT_PROTO_A:
553 case SSL3_ST_SR_NEXT_PROTO_B:
554 ret = ssl3_get_next_proto(s);
555 if (ret <= 0)
556 goto end;
557 s->init_num = 0;
558 s->state = SSL3_ST_SR_FINISHED_A;
559 break;
560
561 case SSL3_ST_SR_FINISHED_A:
562 case SSL3_ST_SR_FINISHED_B:
563 s->s3->flags |= SSL3_FLAGS_CCS_OK;
564 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
565 SSL3_ST_SR_FINISHED_B);
566 if (ret <= 0)
567 goto end;
568 if (s->hit)
569 s->state = SSL_ST_OK;
570 else if (s->tlsext_ticket_expected)
571 s->state = SSL3_ST_SW_SESSION_TICKET_A;
572 else
573 s->state = SSL3_ST_SW_CHANGE_A;
574 s->init_num = 0;
575 break;
576
577 case SSL3_ST_SW_SESSION_TICKET_A:
578 case SSL3_ST_SW_SESSION_TICKET_B:
579 ret = ssl3_send_newsession_ticket(s);
580 if (ret <= 0)
581 goto end;
582 s->state = SSL3_ST_SW_CHANGE_A;
583 s->init_num = 0;
584 break;
585
586 case SSL3_ST_SW_CERT_STATUS_A:
587 case SSL3_ST_SW_CERT_STATUS_B:
588 ret = ssl3_send_cert_status(s);
589 if (ret <= 0)
590 goto end;
591 s->state = SSL3_ST_SW_KEY_EXCH_A;
592 s->init_num = 0;
593 break;
594
595
596 case SSL3_ST_SW_CHANGE_A:
597 case SSL3_ST_SW_CHANGE_B:
598
599 s->session->cipher = s->s3->tmp.new_cipher;
600 if (!s->method->ssl3_enc->setup_key_block(s)) {
601 ret = -1;
602 goto end;
603 }
604
605 ret = ssl3_send_change_cipher_spec(s,
606 SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
607
608 if (ret <= 0)
609 goto end;
610 s->state = SSL3_ST_SW_FINISHED_A;
611 s->init_num = 0;
612
613 if (!s->method->ssl3_enc->change_cipher_state(
614 s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
615 ret = -1;
616 goto end;
617 }
618
619 break;
620
621 case SSL3_ST_SW_FINISHED_A:
622 case SSL3_ST_SW_FINISHED_B:
623 ret = ssl3_send_finished(s,
624 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
625 s->method->ssl3_enc->server_finished_label,
626 s->method->ssl3_enc->server_finished_label_len);
627 if (ret <= 0)
628 goto end;
629 s->state = SSL3_ST_SW_FLUSH;
630 if (s->hit) {
631 if (s->s3->next_proto_neg_seen) {
632 s->s3->flags |= SSL3_FLAGS_CCS_OK;
633 s->s3->tmp.next_state =
634 SSL3_ST_SR_NEXT_PROTO_A;
635 } else
636 s->s3->tmp.next_state =
637 SSL3_ST_SR_FINISHED_A;
638 } else
639 s->s3->tmp.next_state = SSL_ST_OK;
640 s->init_num = 0;
641 break;
642
643 case SSL_ST_OK:
644 /* clean a few things up */
645 tls1_cleanup_key_block(s);
646
647 BUF_MEM_free(s->init_buf);
648 s->init_buf = NULL;
649
650 /* remove buffering on output */
651 ssl_free_wbio_buffer(s);
652
653 s->init_num = 0;
654
655 /* skipped if we just sent a HelloRequest */
656 if (s->renegotiate == 2) {
657 s->renegotiate = 0;
658 s->new_session = 0;
659
660 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
661
662 s->ctx->stats.sess_accept_good++;
663 /* s->server=1; */
664 s->handshake_func = ssl3_accept;
665
666 if (cb != NULL)
667 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
668 }
669
670 ret = 1;
671 goto end;
672 /* break; */
673
674 default:
675 SSLerr(SSL_F_SSL3_ACCEPT,
676 SSL_R_UNKNOWN_STATE);
677 ret = -1;
678 goto end;
679 /* break; */
680 }
681
682 if (!s->s3->tmp.reuse_message && !skip) {
683 if (s->debug) {
684 if ((ret = BIO_flush(s->wbio)) <= 0)
685 goto end;
686 }
687
688
689 if ((cb != NULL) && (s->state != state)) {
690 new_state = s->state;
691 s->state = state;
692 cb(s, SSL_CB_ACCEPT_LOOP, 1);
693 s->state = new_state;
694 }
695 }
696 skip = 0;
697 }
698end:
699 /* BIO_flush(s->wbio); */
700
701 s->in_handshake--;
702 if (cb != NULL)
703 cb(s, SSL_CB_ACCEPT_EXIT, ret);
704 return (ret);
705}
706
707int
708ssl3_send_hello_request(SSL *s)
709{
710 if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
711 ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
712 ssl3_handshake_msg_finish(s, 0);
713
714 s->state = SSL3_ST_SW_HELLO_REQ_B;
715 }
716
717 /* SSL3_ST_SW_HELLO_REQ_B */
718 return (ssl3_handshake_write(s));
719}
720
721int
722ssl3_get_client_hello(SSL *s)
723{
724 int i, j, ok, al, ret = -1;
725 unsigned int cookie_len;
726 long n;
727 unsigned long id;
728 unsigned char *p, *d;
729 SSL_CIPHER *c;
730 STACK_OF(SSL_CIPHER) *ciphers = NULL;
731 unsigned long alg_k;
732
733 /*
734 * We do this so that we will respond with our native type.
735 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
736 * This down switching should be handled by a different method.
737 * If we are SSLv3, we will respond with SSLv3, even if prompted with
738 * TLSv1.
739 */
740 if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
741 s->state = SSL3_ST_SR_CLNT_HELLO_B;
742 }
743 s->first_packet = 1;
744 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
745 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
746 SSL3_RT_MAX_PLAIN_LENGTH, &ok);
747
748 if (!ok)
749 return ((int)n);
750 s->first_packet = 0;
751 d = p = (unsigned char *)s->init_msg;
752
753 if (2 > n)
754 goto truncated;
755 /*
756 * Use version from inside client hello, not from record header.
757 * (may differ: see RFC 2246, Appendix E, second paragraph)
758 */
759 s->client_version = (((int)p[0]) << 8)|(int)p[1];
760 p += 2;
761
762 if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
763 (s->version != DTLS1_VERSION && s->client_version < s->version)) {
764 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
765 SSL_R_WRONG_VERSION_NUMBER);
766 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
767 !s->enc_write_ctx && !s->write_hash) {
768 /*
769 * Similar to ssl3_get_record, send alert using remote
770 * version number
771 */
772 s->version = s->client_version;
773 }
774 al = SSL_AD_PROTOCOL_VERSION;
775 goto f_err;
776 }
777
778 /*
779 * If we require cookies and this ClientHello doesn't
780 * contain one, just return since we do not want to
781 * allocate any memory yet. So check cookie length...
782 */
783 if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
784 unsigned int session_length, cookie_length;
785
786 session_length = *(p + SSL3_RANDOM_SIZE);
787 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
788
789 if (cookie_length == 0)
790 return (1);
791 }
792
793 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
794 goto truncated;
795
796 /* load the client random */
797 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
798 p += SSL3_RANDOM_SIZE;
799
800 /* get the session-id */
801 j= *(p++);
802 if (p + j - d > n)
803 goto truncated;
804
805 s->hit = 0;
806 /*
807 * Versions before 0.9.7 always allow clients to resume sessions in
808 * renegotiation. 0.9.7 and later allow this by default, but optionally
809 * ignore resumption requests with flag
810 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
811 * rather than a change to default behavior so that applications
812 * relying on this for security won't even compile against older
813 * library versions).
814 *
815 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
816 * to request renegotiation but not a new session (s->new_session
817 * remains unset): for servers, this essentially just means that the
818 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
819 * ignored.
820 */
821 if ((s->new_session && (s->options &
822 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
823 if (!ssl_get_new_session(s, 1))
824 goto err;
825 } else {
826 i = ssl_get_prev_session(s, p, j, d + n);
827 if (i == 1) { /* previous session */
828 s->hit = 1;
829 } else if (i == -1)
830 goto err;
831 else {
832 /* i == 0 */
833 if (!ssl_get_new_session(s, 1))
834 goto err;
835 }
836 }
837
838 p += j;
839
840 if (SSL_IS_DTLS(s)) {
841 /* cookie stuff */
842 if (p + 1 - d > n)
843 goto truncated;
844 cookie_len = *(p++);
845
846 /*
847 * The ClientHello may contain a cookie even if the
848 * HelloVerify message has not been sent--make sure that it
849 * does not cause an overflow.
850 */
851 if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
852 /* too much data */
853 al = SSL_AD_DECODE_ERROR;
854 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
855 SSL_R_COOKIE_MISMATCH);
856 goto f_err;
857 }
858
859 if (p + cookie_len - d > n)
860 goto truncated;
861
862 /* verify the cookie if appropriate option is set. */
863 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
864 cookie_len > 0) {
865 memcpy(s->d1->rcvd_cookie, p, cookie_len);
866
867 if (s->ctx->app_verify_cookie_cb != NULL) {
868 if (s->ctx->app_verify_cookie_cb(s,
869 s->d1->rcvd_cookie, cookie_len) == 0) {
870 al = SSL_AD_HANDSHAKE_FAILURE;
871 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
872 SSL_R_COOKIE_MISMATCH);
873 goto f_err;
874 }
875 /* else cookie verification succeeded */
876 } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
877 s->d1->cookie_len) != 0) {
878 /* default verification */
879 al = SSL_AD_HANDSHAKE_FAILURE;
880 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
881 SSL_R_COOKIE_MISMATCH);
882 goto f_err;
883 }
884
885 ret = 2;
886 }
887
888 p += cookie_len;
889 }
890
891 if (p + 2 - d > n)
892 goto truncated;
893 n2s(p, i);
894 if ((i == 0) && (j != 0)) {
895 /* we need a cipher if we are not resuming a session */
896 al = SSL_AD_ILLEGAL_PARAMETER;
897 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
898 SSL_R_NO_CIPHERS_SPECIFIED);
899 goto f_err;
900 }
901 if (p + i - d > n)
902 goto truncated;
903 if (i > 0) {
904 if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
905 goto err;
906 }
907 p += i;
908
909 /* If it is a hit, check that the cipher is in the list */
910 if ((s->hit) && (i > 0)) {
911 j = 0;
912 id = s->session->cipher->id;
913
914 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
915 c = sk_SSL_CIPHER_value(ciphers, i);
916 if (c->id == id) {
917 j = 1;
918 break;
919 }
920 }
921 if (j == 0) {
922 /*
923 * We need to have the cipher in the cipher
924 * list if we are asked to reuse it
925 */
926 al = SSL_AD_ILLEGAL_PARAMETER;
927 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
928 SSL_R_REQUIRED_CIPHER_MISSING);
929 goto f_err;
930 }
931 }
932
933 /* compression */
934 if (p + 1 - d > n)
935 goto truncated;
936 i= *(p++);
937 if (p + i - d > n)
938 goto truncated;
939 for (j = 0; j < i; j++) {
940 if (p[j] == 0)
941 break;
942 }
943
944 p += i;
945 if (j >= i) {
946 /* no compress */
947 al = SSL_AD_DECODE_ERROR;
948 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
949 SSL_R_NO_COMPRESSION_SPECIFIED);
950 goto f_err;
951 }
952
953 /* TLS extensions*/
954 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
955 /* 'al' set by ssl_parse_clienthello_tlsext */
956 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
957 goto f_err;
958 }
959 if (ssl_check_clienthello_tlsext_early(s) <= 0) {
960 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
961 SSL_R_CLIENTHELLO_TLSEXT);
962 goto err;
963 }
964
965 /*
966 * Check if we want to use external pre-shared secret for this
967 * handshake for not reused session only. We need to generate
968 * server_random before calling tls_session_secret_cb in order to allow
969 * SessionTicket processing to use it in key derivation.
970 */
971 arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
972
973 if (!s->hit && s->tls_session_secret_cb) {
974 SSL_CIPHER *pref_cipher = NULL;
975
976 s->session->master_key_length = sizeof(s->session->master_key);
977 if (s->tls_session_secret_cb(s, s->session->master_key,
978 &s->session->master_key_length, ciphers, &pref_cipher,
979 s->tls_session_secret_cb_arg)) {
980 s->hit = 1;
981 s->session->ciphers = ciphers;
982 s->session->verify_result = X509_V_OK;
983
984 ciphers = NULL;
985
986 /* check if some cipher was preferred by call back */
987 pref_cipher = pref_cipher ? pref_cipher :
988 ssl3_choose_cipher(s, s->session->ciphers,
989 SSL_get_ciphers(s));
990 if (pref_cipher == NULL) {
991 al = SSL_AD_HANDSHAKE_FAILURE;
992 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
993 SSL_R_NO_SHARED_CIPHER);
994 goto f_err;
995 }
996
997 s->session->cipher = pref_cipher;
998
999 if (s->cipher_list)
1000 sk_SSL_CIPHER_free(s->cipher_list);
1001
1002 if (s->cipher_list_by_id)
1003 sk_SSL_CIPHER_free(s->cipher_list_by_id);
1004
1005 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1006 s->cipher_list_by_id =
1007 sk_SSL_CIPHER_dup(s->session->ciphers);
1008 }
1009 }
1010
1011 /*
1012 * Given s->session->ciphers and SSL_get_ciphers, we must
1013 * pick a cipher
1014 */
1015
1016 if (!s->hit) {
1017 if (s->session->ciphers != NULL)
1018 sk_SSL_CIPHER_free(s->session->ciphers);
1019 s->session->ciphers = ciphers;
1020 if (ciphers == NULL) {
1021 al = SSL_AD_ILLEGAL_PARAMETER;
1022 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1023 SSL_R_NO_CIPHERS_PASSED);
1024 goto f_err;
1025 }
1026 ciphers = NULL;
1027 c = ssl3_choose_cipher(s, s->session->ciphers,
1028 SSL_get_ciphers(s));
1029
1030 if (c == NULL) {
1031 al = SSL_AD_HANDSHAKE_FAILURE;
1032 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1033 SSL_R_NO_SHARED_CIPHER);
1034 goto f_err;
1035 }
1036 s->s3->tmp.new_cipher = c;
1037 } else {
1038 s->s3->tmp.new_cipher = s->session->cipher;
1039 }
1040
1041 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1042 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
1043 !(s->verify_mode & SSL_VERIFY_PEER)) {
1044 if (!tls1_digest_cached_records(s)) {
1045 al = SSL_AD_INTERNAL_ERROR;
1046 goto f_err;
1047 }
1048 }
1049
1050 /*
1051 * We now have the following setup.
1052 * client_random
1053 * cipher_list - our prefered list of ciphers
1054 * ciphers - the clients prefered list of ciphers
1055 * compression - basically ignored right now
1056 * ssl version is set - sslv3
1057 * s->session - The ssl session has been setup.
1058 * s->hit - session reuse flag
1059 * s->tmp.new_cipher - the new cipher to use.
1060 */
1061
1062 /* Handles TLS extensions that we couldn't check earlier */
1063 if (ssl_check_clienthello_tlsext_late(s) <= 0) {
1064 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
1065 goto err;
1066 }
1067
1068 if (ret < 0)
1069 ret = 1;
1070 if (0) {
1071truncated:
1072 al = SSL_AD_DECODE_ERROR;
1073 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH);
1074f_err:
1075 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1076 }
1077err:
1078 if (ciphers != NULL)
1079 sk_SSL_CIPHER_free(ciphers);
1080 return (ret);
1081}
1082
1083int
1084ssl3_send_server_hello(SSL *s)
1085{
1086 unsigned char *bufend;
1087 unsigned char *p, *d;
1088 int sl;
1089
1090 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
1091 d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
1092
1093 *(p++) = s->version >> 8;
1094 *(p++) = s->version & 0xff;
1095
1096 /* Random stuff */
1097 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
1098 p += SSL3_RANDOM_SIZE;
1099
1100 /*
1101 * There are several cases for the session ID to send
1102 * back in the server hello:
1103 *
1104 * - For session reuse from the session cache,
1105 * we send back the old session ID.
1106 * - If stateless session reuse (using a session ticket)
1107 * is successful, we send back the client's "session ID"
1108 * (which doesn't actually identify the session).
1109 * - If it is a new session, we send back the new
1110 * session ID.
1111 * - However, if we want the new session to be single-use,
1112 * we send back a 0-length session ID.
1113 *
1114 * s->hit is non-zero in either case of session reuse,
1115 * so the following won't overwrite an ID that we're supposed
1116 * to send back.
1117 */
1118 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1119 && !s->hit)
1120 s->session->session_id_length = 0;
1121
1122 sl = s->session->session_id_length;
1123 if (sl > (int)sizeof(s->session->session_id)) {
1124 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1125 ERR_R_INTERNAL_ERROR);
1126 return (-1);
1127 }
1128 *(p++) = sl;
1129 memcpy(p, s->session->session_id, sl);
1130 p += sl;
1131
1132 /* put the cipher */
1133 s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p);
1134
1135 /* put the compression method */
1136 *(p++) = 0;
1137
1138 bufend = (unsigned char *)s->init_buf->data +
1139 SSL3_RT_MAX_PLAIN_LENGTH;
1140 if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
1141 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1142 ERR_R_INTERNAL_ERROR);
1143 return (-1);
1144 }
1145
1146 ssl3_handshake_msg_finish(s, p - d);
1147 }
1148
1149 /* SSL3_ST_SW_SRVR_HELLO_B */
1150 return (ssl3_handshake_write(s));
1151}
1152
1153int
1154ssl3_send_server_done(SSL *s)
1155{
1156 if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
1157 ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
1158 ssl3_handshake_msg_finish(s, 0);
1159
1160 s->state = SSL3_ST_SW_SRVR_DONE_B;
1161 }
1162
1163 /* SSL3_ST_SW_SRVR_DONE_B */
1164 return (ssl3_handshake_write(s));
1165}
1166
1167int
1168ssl3_send_server_key_exchange(SSL *s)
1169{
1170 unsigned char *q;
1171 int j, num;
1172 unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1173 unsigned int u;
1174 DH *dh = NULL, *dhp;
1175 EC_KEY *ecdh = NULL, *ecdhp;
1176 unsigned char *encodedPoint = NULL;
1177 int encodedlen = 0;
1178 int curve_id = 0;
1179 BN_CTX *bn_ctx = NULL;
1180
1181 EVP_PKEY *pkey;
1182 const EVP_MD *md = NULL;
1183 unsigned char *p, *d;
1184 int al, i;
1185 unsigned long type;
1186 int n;
1187 CERT *cert;
1188 BIGNUM *r[4];
1189 int nr[4], kn;
1190 BUF_MEM *buf;
1191 EVP_MD_CTX md_ctx;
1192
1193 EVP_MD_CTX_init(&md_ctx);
1194 if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
1195 type = s->s3->tmp.new_cipher->algorithm_mkey;
1196 cert = s->cert;
1197
1198 buf = s->init_buf;
1199
1200 r[0] = r[1] = r[2] = r[3] = NULL;
1201 n = 0;
1202 if (type & SSL_kDHE) {
1203 if (s->cert->dh_tmp_auto != 0) {
1204 if ((dhp = ssl_get_auto_dh(s)) == NULL) {
1205 al = SSL_AD_INTERNAL_ERROR;
1206 SSLerr(
1207 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1208 ERR_R_INTERNAL_ERROR);
1209 goto f_err;
1210 }
1211 } else
1212 dhp = cert->dh_tmp;
1213
1214 if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
1215 dhp = s->cert->dh_tmp_cb(s, 0,
1216 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
1217
1218 if (dhp == NULL) {
1219 al = SSL_AD_HANDSHAKE_FAILURE;
1220 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1221 SSL_R_MISSING_TMP_DH_KEY);
1222 goto f_err;
1223 }
1224
1225 if (s->s3->tmp.dh != NULL) {
1226 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1227 ERR_R_INTERNAL_ERROR);
1228 goto err;
1229 }
1230
1231 if (s->cert->dh_tmp_auto != 0) {
1232 dh = dhp;
1233 } else if ((dh = DHparams_dup(dhp)) == NULL) {
1234 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1235 ERR_R_DH_LIB);
1236 goto err;
1237 }
1238 s->s3->tmp.dh = dh;
1239 if (!DH_generate_key(dh)) {
1240 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1241 ERR_R_DH_LIB);
1242 goto err;
1243 }
1244 r[0] = dh->p;
1245 r[1] = dh->g;
1246 r[2] = dh->pub_key;
1247 } else if (type & SSL_kECDHE) {
1248 const EC_GROUP *group;
1249
1250 ecdhp = cert->ecdh_tmp;
1251 if (s->cert->ecdh_tmp_auto != 0) {
1252 int nid = tls1_get_shared_curve(s);
1253 if (nid != NID_undef)
1254 ecdhp = EC_KEY_new_by_curve_name(nid);
1255 } else if (ecdhp == NULL &&
1256 s->cert->ecdh_tmp_cb != NULL) {
1257 ecdhp = s->cert->ecdh_tmp_cb(s, 0,
1258 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
1259 }
1260 if (ecdhp == NULL) {
1261 al = SSL_AD_HANDSHAKE_FAILURE;
1262 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1263 SSL_R_MISSING_TMP_ECDH_KEY);
1264 goto f_err;
1265 }
1266
1267 if (s->s3->tmp.ecdh != NULL) {
1268 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1269 ERR_R_INTERNAL_ERROR);
1270 goto err;
1271 }
1272
1273 /* Duplicate the ECDH structure. */
1274 if (s->cert->ecdh_tmp_auto != 0) {
1275 ecdh = ecdhp;
1276 } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
1277 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1278 ERR_R_ECDH_LIB);
1279 goto err;
1280 }
1281 s->s3->tmp.ecdh = ecdh;
1282
1283 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1284 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1285 (s->options & SSL_OP_SINGLE_ECDH_USE)) {
1286 if (!EC_KEY_generate_key(ecdh)) {
1287 SSLerr(
1288 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1289 ERR_R_ECDH_LIB);
1290 goto err;
1291 }
1292 }
1293
1294 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1295 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1296 (EC_KEY_get0_private_key(ecdh) == NULL)) {
1297 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1298 ERR_R_ECDH_LIB);
1299 goto err;
1300 }
1301
1302 /*
1303 * XXX: For now, we only support ephemeral ECDH
1304 * keys over named (not generic) curves. For
1305 * supported named curves, curve_id is non-zero.
1306 */
1307 if ((curve_id = tls1_ec_nid2curve_id(
1308 EC_GROUP_get_curve_name(group))) == 0) {
1309 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1310 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1311 goto err;
1312 }
1313
1314 /*
1315 * Encode the public key.
1316 * First check the size of encoding and
1317 * allocate memory accordingly.
1318 */
1319 encodedlen = EC_POINT_point2oct(group,
1320 EC_KEY_get0_public_key(ecdh),
1321 POINT_CONVERSION_UNCOMPRESSED,
1322 NULL, 0, NULL);
1323
1324 encodedPoint = malloc(encodedlen);
1325
1326 bn_ctx = BN_CTX_new();
1327 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
1328 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1329 ERR_R_MALLOC_FAILURE);
1330 goto err;
1331 }
1332
1333
1334 encodedlen = EC_POINT_point2oct(group,
1335 EC_KEY_get0_public_key(ecdh),
1336 POINT_CONVERSION_UNCOMPRESSED,
1337 encodedPoint, encodedlen, bn_ctx);
1338
1339 if (encodedlen == 0) {
1340 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1341 ERR_R_ECDH_LIB);
1342 goto err;
1343 }
1344
1345 BN_CTX_free(bn_ctx);
1346 bn_ctx = NULL;
1347
1348 /*
1349 * XXX: For now, we only support named (not
1350 * generic) curves in ECDH ephemeral key exchanges.
1351 * In this situation, we need four additional bytes
1352 * to encode the entire ServerECDHParams
1353 * structure.
1354 */
1355 n = 4 + encodedlen;
1356
1357 /*
1358 * We'll generate the serverKeyExchange message
1359 * explicitly so we can set these to NULLs
1360 */
1361 r[0] = NULL;
1362 r[1] = NULL;
1363 r[2] = NULL;
1364 r[3] = NULL;
1365 } else
1366 {
1367 al = SSL_AD_HANDSHAKE_FAILURE;
1368 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1369 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1370 goto f_err;
1371 }
1372 for (i = 0; i < 4 && r[i] != NULL; i++) {
1373 nr[i] = BN_num_bytes(r[i]);
1374 n += 2 + nr[i];
1375 }
1376
1377 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
1378 if ((pkey = ssl_get_sign_pkey(
1379 s, s->s3->tmp.new_cipher, &md)) == NULL) {
1380 al = SSL_AD_DECODE_ERROR;
1381 goto f_err;
1382 }
1383 kn = EVP_PKEY_size(pkey);
1384 } else {
1385 pkey = NULL;
1386 kn = 0;
1387 }
1388
1389 if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
1390 n + kn)) {
1391 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1392 ERR_LIB_BUF);
1393 goto err;
1394 }
1395
1396 d = p = ssl3_handshake_msg_start(s,
1397 SSL3_MT_SERVER_KEY_EXCHANGE);
1398
1399 for (i = 0; i < 4 && r[i] != NULL; i++) {
1400 s2n(nr[i], p);
1401 BN_bn2bin(r[i], p);
1402 p += nr[i];
1403 }
1404
1405 if (type & SSL_kECDHE) {
1406 /*
1407 * XXX: For now, we only support named (not generic)
1408 * curves.
1409 * In this situation, the serverKeyExchange message has:
1410 * [1 byte CurveType], [2 byte CurveName]
1411 * [1 byte length of encoded point], followed by
1412 * the actual encoded point itself
1413 */
1414 *p = NAMED_CURVE_TYPE;
1415 p += 1;
1416 *p = 0;
1417 p += 1;
1418 *p = curve_id;
1419 p += 1;
1420 *p = encodedlen;
1421 p += 1;
1422 memcpy((unsigned char*)p,
1423 (unsigned char *)encodedPoint, encodedlen);
1424 free(encodedPoint);
1425 encodedPoint = NULL;
1426 p += encodedlen;
1427 }
1428
1429
1430 /* not anonymous */
1431 if (pkey != NULL) {
1432 /*
1433 * n is the length of the params, they start at &(d[4])
1434 * and p points to the space at the end.
1435 */
1436 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1437 q = md_buf;
1438 j = 0;
1439 for (num = 2; num > 0; num--) {
1440 if (!EVP_DigestInit_ex(&md_ctx,
1441 (num == 2) ? s->ctx->md5 :
1442 s->ctx->sha1, NULL))
1443 goto err;
1444 EVP_DigestUpdate(&md_ctx,
1445 s->s3->client_random,
1446 SSL3_RANDOM_SIZE);
1447 EVP_DigestUpdate(&md_ctx,
1448 s->s3->server_random,
1449 SSL3_RANDOM_SIZE);
1450 EVP_DigestUpdate(&md_ctx, d, n);
1451 EVP_DigestFinal_ex(&md_ctx, q,
1452 (unsigned int *)&i);
1453 q += i;
1454 j += i;
1455 }
1456 if (RSA_sign(NID_md5_sha1, md_buf, j,
1457 &(p[2]), &u, pkey->pkey.rsa) <= 0) {
1458 SSLerr(
1459 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1460 ERR_LIB_RSA);
1461 goto err;
1462 }
1463 s2n(u, p);
1464 n += u + 2;
1465 } else if (md) {
1466 /* Send signature algorithm. */
1467 if (SSL_USE_SIGALGS(s)) {
1468 if (!tls12_get_sigandhash(p, pkey, md)) {
1469 /* Should never happen */
1470 al = SSL_AD_INTERNAL_ERROR;
1471 SSLerr(
1472 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1473 ERR_R_INTERNAL_ERROR);
1474 goto f_err;
1475 }
1476 p += 2;
1477 }
1478 EVP_SignInit_ex(&md_ctx, md, NULL);
1479 EVP_SignUpdate(&md_ctx,
1480 s->s3->client_random,
1481 SSL3_RANDOM_SIZE);
1482 EVP_SignUpdate(&md_ctx,
1483 s->s3->server_random,
1484 SSL3_RANDOM_SIZE);
1485 EVP_SignUpdate(&md_ctx, d, n);
1486 if (!EVP_SignFinal(&md_ctx, &p[2],
1487 (unsigned int *)&i, pkey)) {
1488 SSLerr(
1489 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1490 ERR_LIB_EVP);
1491 goto err;
1492 }
1493 s2n(i, p);
1494 n += i + 2;
1495 if (SSL_USE_SIGALGS(s))
1496 n += 2;
1497 } else {
1498 /* Is this error check actually needed? */
1499 al = SSL_AD_HANDSHAKE_FAILURE;
1500 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1501 SSL_R_UNKNOWN_PKEY_TYPE);
1502 goto f_err;
1503 }
1504 }
1505
1506 ssl3_handshake_msg_finish(s, n);
1507 }
1508
1509 s->state = SSL3_ST_SW_KEY_EXCH_B;
1510 EVP_MD_CTX_cleanup(&md_ctx);
1511
1512 return (ssl3_handshake_write(s));
1513
1514f_err:
1515 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1516err:
1517 free(encodedPoint);
1518 BN_CTX_free(bn_ctx);
1519 EVP_MD_CTX_cleanup(&md_ctx);
1520 return (-1);
1521}
1522
1523int
1524ssl3_send_certificate_request(SSL *s)
1525{
1526 unsigned char *p, *d;
1527 int i, j, nl, off, n;
1528 STACK_OF(X509_NAME) *sk = NULL;
1529 X509_NAME *name;
1530 BUF_MEM *buf;
1531
1532 if (s->state == SSL3_ST_SW_CERT_REQ_A) {
1533 buf = s->init_buf;
1534
1535 d = p = ssl3_handshake_msg_start(s,
1536 SSL3_MT_CERTIFICATE_REQUEST);
1537
1538 /* get the list of acceptable cert types */
1539 p++;
1540 n = ssl3_get_req_cert_type(s, p);
1541 d[0] = n;
1542 p += n;
1543 n++;
1544
1545 if (SSL_USE_SIGALGS(s)) {
1546 nl = tls12_get_req_sig_algs(s, p + 2);
1547 s2n(nl, p);
1548 p += nl + 2;
1549 n += nl + 2;
1550 }
1551
1552 off = n;
1553 p += 2;
1554 n += 2;
1555
1556 sk = SSL_get_client_CA_list(s);
1557 nl = 0;
1558 if (sk != NULL) {
1559 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
1560 name = sk_X509_NAME_value(sk, i);
1561 j = i2d_X509_NAME(name, NULL);
1562 if (!BUF_MEM_grow_clean(buf,
1563 ssl3_handshake_msg_hdr_len(s) + n + j
1564 + 2)) {
1565 SSLerr(
1566 SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
1567 ERR_R_BUF_LIB);
1568 goto err;
1569 }
1570 p = ssl3_handshake_msg_start(s,
1571 SSL3_MT_CERTIFICATE_REQUEST) + n;
1572 s2n(j, p);
1573 i2d_X509_NAME(name, &p);
1574 n += 2 + j;
1575 nl += 2 + j;
1576 }
1577 }
1578 /* else no CA names */
1579 p = ssl3_handshake_msg_start(s,
1580 SSL3_MT_CERTIFICATE_REQUEST) + off;
1581 s2n(nl, p);
1582
1583 ssl3_handshake_msg_finish(s, n);
1584
1585 s->state = SSL3_ST_SW_CERT_REQ_B;
1586 }
1587
1588 /* SSL3_ST_SW_CERT_REQ_B */
1589 return (ssl3_handshake_write(s));
1590err:
1591 return (-1);
1592}
1593
1594int
1595ssl3_get_client_key_exchange(SSL *s)
1596{
1597 int i, al, ok;
1598 long n;
1599 unsigned long alg_k;
1600 unsigned char *d, *p;
1601 RSA *rsa = NULL;
1602 EVP_PKEY *pkey = NULL;
1603 BIGNUM *pub = NULL;
1604 DH *dh_srvr;
1605
1606 EC_KEY *srvr_ecdh = NULL;
1607 EVP_PKEY *clnt_pub_pkey = NULL;
1608 EC_POINT *clnt_ecpoint = NULL;
1609 BN_CTX *bn_ctx = NULL;
1610
1611 /* 2048 maxlen is a guess. How long a key does that permit? */
1612 n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
1613 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
1614 if (!ok)
1615 return ((int)n);
1616 d = p = (unsigned char *)s->init_msg;
1617
1618 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1619
1620 if (alg_k & SSL_kRSA) {
1621 char fakekey[SSL_MAX_MASTER_KEY_LENGTH];
1622
1623 arc4random_buf(fakekey, sizeof(fakekey));
1624 fakekey[0] = s->client_version >> 8;
1625 fakekey[1] = s->client_version & 0xff;
1626
1627 pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
1628 if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
1629 (pkey->pkey.rsa == NULL)) {
1630 al = SSL_AD_HANDSHAKE_FAILURE;
1631 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1632 SSL_R_MISSING_RSA_CERTIFICATE);
1633 goto f_err;
1634 }
1635 rsa = pkey->pkey.rsa;
1636
1637 if (2 > n)
1638 goto truncated;
1639 n2s(p, i);
1640 if (n != i + 2) {
1641 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1642 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1643 goto err;
1644 } else
1645 n = i;
1646
1647 i = RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
1648
1649 ERR_clear_error();
1650
1651 al = -1;
1652
1653 if (i != SSL_MAX_MASTER_KEY_LENGTH) {
1654 al = SSL_AD_DECODE_ERROR;
1655 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
1656 }
1657
1658 if (p + 2 - d > n) /* needed in the SSL3 case */
1659 goto truncated;
1660 if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
1661 (p[1] == (s->client_version & 0xff)))) {
1662 /*
1663 * The premaster secret must contain the same version
1664 * number as the ClientHello to detect version rollback
1665 * attacks (strangely, the protocol does not offer such
1666 * protection for DH ciphersuites).
1667 * However, buggy clients exist that send the negotiated
1668 * protocol version instead if the server does not
1669 * support the requested protocol version.
1670 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
1671 * clients.
1672 */
1673 if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
1674 (p[0] == (s->version >> 8)) &&
1675 (p[1] == (s->version & 0xff)))) {
1676 al = SSL_AD_DECODE_ERROR;
1677 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
1678
1679 /*
1680 * The Klima-Pokorny-Rosa extension of
1681 * Bleichenbacher's attack
1682 * (http://eprint.iacr.org/2003/052/) exploits
1683 * the version number check as a "bad version
1684 * oracle" -- an alert would reveal that the
1685 * plaintext corresponding to some ciphertext
1686 * made up by the adversary is properly
1687 * formatted except that the version number is
1688 * wrong.
1689 * To avoid such attacks, we should treat this
1690 * just like any other decryption error.
1691 */
1692 }
1693 }
1694
1695 if (al != -1) {
1696 /*
1697 * Some decryption failure -- use random value instead
1698 * as countermeasure against Bleichenbacher's attack
1699 * on PKCS #1 v1.5 RSA padding (see RFC 2246,
1700 * section 7.4.7.1).
1701 */
1702 i = SSL_MAX_MASTER_KEY_LENGTH;
1703 p = fakekey;
1704 }
1705
1706 s->session->master_key_length =
1707 s->method->ssl3_enc->generate_master_secret(s,
1708 s->session->master_key,
1709 p, i);
1710 explicit_bzero(p, i);
1711 } else if (alg_k & SSL_kDHE) {
1712 if (2 > n)
1713 goto truncated;
1714 n2s(p, i);
1715 if (n != i + 2) {
1716 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1717 SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
1718 goto err;
1719 }
1720
1721 if (n == 0L) {
1722 /* the parameters are in the cert */
1723 al = SSL_AD_HANDSHAKE_FAILURE;
1724 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1725 SSL_R_UNABLE_TO_DECODE_DH_CERTS);
1726 goto f_err;
1727 } else {
1728 if (s->s3->tmp.dh == NULL) {
1729 al = SSL_AD_HANDSHAKE_FAILURE;
1730 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1731 SSL_R_MISSING_TMP_DH_KEY);
1732 goto f_err;
1733 } else
1734 dh_srvr = s->s3->tmp.dh;
1735 }
1736
1737 pub = BN_bin2bn(p, i, NULL);
1738 if (pub == NULL) {
1739 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1740 SSL_R_BN_LIB);
1741 goto err;
1742 }
1743
1744 i = DH_compute_key(p, pub, dh_srvr);
1745
1746 if (i <= 0) {
1747 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1748 ERR_R_DH_LIB);
1749 BN_clear_free(pub);
1750 goto err;
1751 }
1752
1753 DH_free(s->s3->tmp.dh);
1754 s->s3->tmp.dh = NULL;
1755
1756 BN_clear_free(pub);
1757 pub = NULL;
1758 s->session->master_key_length =
1759 s->method->ssl3_enc->generate_master_secret(
1760 s, s->session->master_key, p, i);
1761 explicit_bzero(p, i);
1762 } else
1763
1764 if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
1765 int ret = 1;
1766 int key_size;
1767 const EC_KEY *tkey;
1768 const EC_GROUP *group;
1769 const BIGNUM *priv_key;
1770
1771 /* Initialize structures for server's ECDH key pair. */
1772 if ((srvr_ecdh = EC_KEY_new()) == NULL) {
1773 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1774 ERR_R_MALLOC_FAILURE);
1775 goto err;
1776 }
1777
1778 /* Let's get server private key and group information. */
1779 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
1780 /* Use the certificate */
1781 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
1782 } else {
1783 /*
1784 * Use the ephermeral values we saved when
1785 * generating the ServerKeyExchange msg.
1786 */
1787 tkey = s->s3->tmp.ecdh;
1788 }
1789
1790 group = EC_KEY_get0_group(tkey);
1791 priv_key = EC_KEY_get0_private_key(tkey);
1792
1793 if (!EC_KEY_set_group(srvr_ecdh, group) ||
1794 !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
1795 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1796 ERR_R_EC_LIB);
1797 goto err;
1798 }
1799
1800 /* Let's get client's public key */
1801 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
1802 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1803 ERR_R_MALLOC_FAILURE);
1804 goto err;
1805 }
1806
1807 if (n == 0L) {
1808 /* Client Publickey was in Client Certificate */
1809
1810 if (alg_k & SSL_kECDHE) {
1811 al = SSL_AD_HANDSHAKE_FAILURE;
1812 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1813 SSL_R_MISSING_TMP_ECDH_KEY);
1814 goto f_err;
1815 }
1816 if (((clnt_pub_pkey = X509_get_pubkey(
1817 s->session->peer)) == NULL) ||
1818 (clnt_pub_pkey->type != EVP_PKEY_EC)) {
1819 /*
1820 * XXX: For now, we do not support client
1821 * authentication using ECDH certificates
1822 * so this branch (n == 0L) of the code is
1823 * never executed. When that support is
1824 * added, we ought to ensure the key
1825 * received in the certificate is
1826 * authorized for key agreement.
1827 * ECDH_compute_key implicitly checks that
1828 * the two ECDH shares are for the same
1829 * group.
1830 */
1831 al = SSL_AD_HANDSHAKE_FAILURE;
1832 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1833 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
1834 goto f_err;
1835 }
1836
1837 if (EC_POINT_copy(clnt_ecpoint,
1838 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec))
1839 == 0) {
1840 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1841 ERR_R_EC_LIB);
1842 goto err;
1843 }
1844 ret = 2; /* Skip certificate verify processing */
1845 } else {
1846 /*
1847 * Get client's public key from encoded point
1848 * in the ClientKeyExchange message.
1849 */
1850 if ((bn_ctx = BN_CTX_new()) == NULL) {
1851 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1852 ERR_R_MALLOC_FAILURE);
1853 goto err;
1854 }
1855
1856 /* Get encoded point length */
1857 i = *p;
1858
1859 p += 1;
1860 if (n != 1 + i) {
1861 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1862 ERR_R_EC_LIB);
1863 goto err;
1864 }
1865 if (EC_POINT_oct2point(group,
1866 clnt_ecpoint, p, i, bn_ctx) == 0) {
1867 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1868 ERR_R_EC_LIB);
1869 goto err;
1870 }
1871 /*
1872 * p is pointing to somewhere in the buffer
1873 * currently, so set it to the start.
1874 */
1875 p = (unsigned char *)s->init_buf->data;
1876 }
1877
1878 /* Compute the shared pre-master secret */
1879 key_size = ECDH_size(srvr_ecdh);
1880 if (key_size <= 0) {
1881 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1882 ERR_R_ECDH_LIB);
1883 goto err;
1884 }
1885 i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh,
1886 NULL);
1887 if (i <= 0) {
1888 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1889 ERR_R_ECDH_LIB);
1890 goto err;
1891 }
1892
1893 EVP_PKEY_free(clnt_pub_pkey);
1894 EC_POINT_free(clnt_ecpoint);
1895 EC_KEY_free(srvr_ecdh);
1896 BN_CTX_free(bn_ctx);
1897 EC_KEY_free(s->s3->tmp.ecdh);
1898 s->s3->tmp.ecdh = NULL;
1899
1900
1901 /* Compute the master secret */
1902 s->session->master_key_length = s->method->ssl3_enc-> \
1903 generate_master_secret(s, s->session->master_key, p, i);
1904
1905 explicit_bzero(p, i);
1906 return (ret);
1907 } else
1908 if (alg_k & SSL_kGOST) {
1909 int ret = 0;
1910 EVP_PKEY_CTX *pkey_ctx;
1911 EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
1912 unsigned char premaster_secret[32], *start;
1913 size_t outlen = 32, inlen;
1914 unsigned long alg_a;
1915 int Ttag, Tclass;
1916 long Tlen;
1917
1918 /* Get our certificate private key*/
1919 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1920 if (alg_a & SSL_aGOST01)
1921 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
1922
1923 pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
1924 EVP_PKEY_decrypt_init(pkey_ctx);
1925 /*
1926 * If client certificate is present and is of the same type,
1927 * maybe use it for key exchange.
1928 * Don't mind errors from EVP_PKEY_derive_set_peer, because
1929 * it is completely valid to use a client certificate for
1930 * authorization only.
1931 */
1932 client_pub_pkey = X509_get_pubkey(s->session->peer);
1933 if (client_pub_pkey) {
1934 if (EVP_PKEY_derive_set_peer(pkey_ctx,
1935 client_pub_pkey) <= 0)
1936 ERR_clear_error();
1937 }
1938 if (2 > n)
1939 goto truncated;
1940 /* Decrypt session key */
1941 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
1942 &Tclass, n) != V_ASN1_CONSTRUCTED ||
1943 Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
1944 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1945 SSL_R_DECRYPTION_FAILED);
1946 goto gerr;
1947 }
1948 start = p;
1949 inlen = Tlen;
1950 if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
1951 start, inlen) <=0) {
1952 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1953 SSL_R_DECRYPTION_FAILED);
1954 goto gerr;
1955 }
1956 /* Generate master secret */
1957 s->session->master_key_length =
1958 s->method->ssl3_enc->generate_master_secret(
1959 s, s->session->master_key, premaster_secret, 32);
1960 /* Check if pubkey from client certificate was used */
1961 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
1962 EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
1963 ret = 2;
1964 else
1965 ret = 1;
1966gerr:
1967 EVP_PKEY_free(client_pub_pkey);
1968 EVP_PKEY_CTX_free(pkey_ctx);
1969 if (ret)
1970 return (ret);
1971 else
1972 goto err;
1973 } else {
1974 al = SSL_AD_HANDSHAKE_FAILURE;
1975 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1976 SSL_R_UNKNOWN_CIPHER_TYPE);
1977 goto f_err;
1978 }
1979
1980 return (1);
1981truncated:
1982 al = SSL_AD_DECODE_ERROR;
1983 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
1984f_err:
1985 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1986err:
1987 EVP_PKEY_free(clnt_pub_pkey);
1988 EC_POINT_free(clnt_ecpoint);
1989 EC_KEY_free(srvr_ecdh);
1990 BN_CTX_free(bn_ctx);
1991 return (-1);
1992}
1993
1994int
1995ssl3_get_cert_verify(SSL *s)
1996{
1997 EVP_PKEY *pkey = NULL;
1998 unsigned char *p;
1999 int al, ok, ret = 0;
2000 long n;
2001 int type = 0, i, j;
2002 X509 *peer;
2003 const EVP_MD *md = NULL;
2004 EVP_MD_CTX mctx;
2005 EVP_MD_CTX_init(&mctx);
2006
2007 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
2008 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
2009 if (!ok)
2010 return ((int)n);
2011
2012 if (s->session->peer != NULL) {
2013 peer = s->session->peer;
2014 pkey = X509_get_pubkey(peer);
2015 type = X509_certificate_type(peer, pkey);
2016 } else {
2017 peer = NULL;
2018 pkey = NULL;
2019 }
2020
2021 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
2022 s->s3->tmp.reuse_message = 1;
2023 if (peer != NULL) {
2024 al = SSL_AD_UNEXPECTED_MESSAGE;
2025 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2026 SSL_R_MISSING_VERIFY_MESSAGE);
2027 goto f_err;
2028 }
2029 ret = 1;
2030 goto end;
2031 }
2032
2033 if (peer == NULL) {
2034 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2035 SSL_R_NO_CLIENT_CERT_RECEIVED);
2036 al = SSL_AD_UNEXPECTED_MESSAGE;
2037 goto f_err;
2038 }
2039
2040 if (!(type & EVP_PKT_SIGN)) {
2041 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2042 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2043 al = SSL_AD_ILLEGAL_PARAMETER;
2044 goto f_err;
2045 }
2046
2047 if (s->s3->change_cipher_spec) {
2048 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2049 SSL_R_CCS_RECEIVED_EARLY);
2050 al = SSL_AD_UNEXPECTED_MESSAGE;
2051 goto f_err;
2052 }
2053
2054 /* we now have a signature that we need to verify */
2055 p = (unsigned char *)s->init_msg;
2056 /*
2057 * Check for broken implementations of GOST ciphersuites.
2058 *
2059 * If key is GOST and n is exactly 64, it is a bare
2060 * signature without length field.
2061 */
2062 if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
2063 pkey->type == NID_id_GostR3410_2001) ) {
2064 i = 64;
2065 } else {
2066 if (SSL_USE_SIGALGS(s)) {
2067 int sigalg = tls12_get_sigid(pkey);
2068 /* Should never happen */
2069 if (sigalg == -1) {
2070 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2071 ERR_R_INTERNAL_ERROR);
2072 al = SSL_AD_INTERNAL_ERROR;
2073 goto f_err;
2074 }
2075 if (2 > n)
2076 goto truncated;
2077 /* Check key type is consistent with signature */
2078 if (sigalg != (int)p[1]) {
2079 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2080 SSL_R_WRONG_SIGNATURE_TYPE);
2081 al = SSL_AD_DECODE_ERROR;
2082 goto f_err;
2083 }
2084 md = tls12_get_hash(p[0]);
2085 if (md == NULL) {
2086 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2087 SSL_R_UNKNOWN_DIGEST);
2088 al = SSL_AD_DECODE_ERROR;
2089 goto f_err;
2090 }
2091 p += 2;
2092 n -= 2;
2093 }
2094 if (2 > n)
2095 goto truncated;
2096 n2s(p, i);
2097 n -= 2;
2098 if (i > n)
2099 goto truncated;
2100 }
2101 j = EVP_PKEY_size(pkey);
2102 if ((i > j) || (n > j) || (n <= 0)) {
2103 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2104 SSL_R_WRONG_SIGNATURE_SIZE);
2105 al = SSL_AD_DECODE_ERROR;
2106 goto f_err;
2107 }
2108
2109 if (SSL_USE_SIGALGS(s)) {
2110 long hdatalen = 0;
2111 void *hdata;
2112 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
2113 if (hdatalen <= 0) {
2114 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2115 ERR_R_INTERNAL_ERROR);
2116 al = SSL_AD_INTERNAL_ERROR;
2117 goto f_err;
2118 }
2119 if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
2120 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
2121 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2122 ERR_R_EVP_LIB);
2123 al = SSL_AD_INTERNAL_ERROR;
2124 goto f_err;
2125 }
2126
2127 if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
2128 al = SSL_AD_DECRYPT_ERROR;
2129 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2130 SSL_R_BAD_SIGNATURE);
2131 goto f_err;
2132 }
2133 } else
2134 if (pkey->type == EVP_PKEY_RSA) {
2135 i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
2136 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
2137 pkey->pkey.rsa);
2138 if (i < 0) {
2139 al = SSL_AD_DECRYPT_ERROR;
2140 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2141 SSL_R_BAD_RSA_DECRYPT);
2142 goto f_err;
2143 }
2144 if (i == 0) {
2145 al = SSL_AD_DECRYPT_ERROR;
2146 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2147 SSL_R_BAD_RSA_SIGNATURE);
2148 goto f_err;
2149 }
2150 } else
2151 if (pkey->type == EVP_PKEY_DSA) {
2152 j = DSA_verify(pkey->save_type,
2153 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2154 SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
2155 if (j <= 0) {
2156 /* bad signature */
2157 al = SSL_AD_DECRYPT_ERROR;
2158 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2159 SSL_R_BAD_DSA_SIGNATURE);
2160 goto f_err;
2161 }
2162 } else
2163 if (pkey->type == EVP_PKEY_EC) {
2164 j = ECDSA_verify(pkey->save_type,
2165 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2166 SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
2167 if (j <= 0) {
2168 /* bad signature */
2169 al = SSL_AD_DECRYPT_ERROR;
2170 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2171 SSL_R_BAD_ECDSA_SIGNATURE);
2172 goto f_err;
2173 }
2174 } else
2175#ifndef OPENSSL_NO_GOST
2176 if (pkey->type == NID_id_GostR3410_94 ||
2177 pkey->type == NID_id_GostR3410_2001) {
2178 long hdatalen = 0;
2179 void *hdata;
2180 unsigned char signature[128];
2181 unsigned int siglen = sizeof(signature);
2182 int nid;
2183 EVP_PKEY_CTX *pctx;
2184
2185 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
2186 if (hdatalen <= 0) {
2187 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2188 ERR_R_INTERNAL_ERROR);
2189 al = SSL_AD_INTERNAL_ERROR;
2190 goto f_err;
2191 }
2192 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2193 !(md = EVP_get_digestbynid(nid))) {
2194 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2195 ERR_R_EVP_LIB);
2196 al = SSL_AD_INTERNAL_ERROR;
2197 goto f_err;
2198 }
2199 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2200 if (!pctx) {
2201 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2202 ERR_R_EVP_LIB);
2203 al = SSL_AD_INTERNAL_ERROR;
2204 goto f_err;
2205 }
2206 if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
2207 !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
2208 !EVP_DigestFinal(&mctx, signature, &siglen) ||
2209 (EVP_PKEY_verify_init(pctx) <= 0) ||
2210 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
2211 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
2212 EVP_PKEY_CTRL_GOST_SIG_FORMAT,
2213 GOST_SIG_FORMAT_RS_LE,
2214 NULL) <= 0)) {
2215 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2216 ERR_R_EVP_LIB);
2217 al = SSL_AD_INTERNAL_ERROR;
2218 EVP_PKEY_CTX_free(pctx);
2219 goto f_err;
2220 }
2221
2222 if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
2223 al = SSL_AD_DECRYPT_ERROR;
2224 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2225 SSL_R_BAD_SIGNATURE);
2226 EVP_PKEY_CTX_free(pctx);
2227 goto f_err;
2228 }
2229
2230 EVP_PKEY_CTX_free(pctx);
2231 } else
2232#endif
2233 {
2234 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2235 ERR_R_INTERNAL_ERROR);
2236 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
2237 goto f_err;
2238 }
2239
2240
2241 ret = 1;
2242 if (0) {
2243truncated:
2244 al = SSL_AD_DECODE_ERROR;
2245 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH);
2246f_err:
2247 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2248 }
2249end:
2250 if (s->s3->handshake_buffer) {
2251 BIO_free(s->s3->handshake_buffer);
2252 s->s3->handshake_buffer = NULL;
2253 s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
2254 }
2255 EVP_MD_CTX_cleanup(&mctx);
2256 EVP_PKEY_free(pkey);
2257 return (ret);
2258}
2259
2260int
2261ssl3_get_client_certificate(SSL *s)
2262{
2263 CBS cbs, client_certs;
2264 int i, ok, al, ret = -1;
2265 X509 *x = NULL;
2266 long n;
2267 const unsigned char *q;
2268 STACK_OF(X509) *sk = NULL;
2269
2270 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2271 -1, s->max_cert_list, &ok);
2272
2273 if (!ok)
2274 return ((int)n);
2275
2276 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2277 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2278 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2279 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2280 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2281 al = SSL_AD_HANDSHAKE_FAILURE;
2282 goto f_err;
2283 }
2284 /*
2285 * If tls asked for a client cert,
2286 * the client must return a 0 list.
2287 */
2288 if (s->s3->tmp.cert_request) {
2289 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2290 SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
2291 );
2292 al = SSL_AD_UNEXPECTED_MESSAGE;
2293 goto f_err;
2294 }
2295 s->s3->tmp.reuse_message = 1;
2296 return (1);
2297 }
2298
2299 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
2300 al = SSL_AD_UNEXPECTED_MESSAGE;
2301 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2302 SSL_R_WRONG_MESSAGE_TYPE);
2303 goto f_err;
2304 }
2305
2306 if (n < 0)
2307 goto truncated;
2308
2309 CBS_init(&cbs, s->init_msg, n);
2310
2311 if ((sk = sk_X509_new_null()) == NULL) {
2312 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2313 ERR_R_MALLOC_FAILURE);
2314 goto err;
2315 }
2316
2317 if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
2318 CBS_len(&cbs) != 0)
2319 goto truncated;
2320
2321 while (CBS_len(&client_certs) > 0) {
2322 CBS cert;
2323
2324 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
2325 al = SSL_AD_DECODE_ERROR;
2326 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2327 SSL_R_CERT_LENGTH_MISMATCH);
2328 goto f_err;
2329 }
2330
2331 q = CBS_data(&cert);
2332 x = d2i_X509(NULL, &q, CBS_len(&cert));
2333 if (x == NULL) {
2334 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2335 ERR_R_ASN1_LIB);
2336 goto err;
2337 }
2338 if (q != CBS_data(&cert) + CBS_len(&cert)) {
2339 al = SSL_AD_DECODE_ERROR;
2340 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2341 SSL_R_CERT_LENGTH_MISMATCH);
2342 goto f_err;
2343 }
2344 if (!sk_X509_push(sk, x)) {
2345 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2346 ERR_R_MALLOC_FAILURE);
2347 goto err;
2348 }
2349 x = NULL;
2350 }
2351
2352 if (sk_X509_num(sk) <= 0) {
2353 /*
2354 * TLS does not mind 0 certs returned.
2355 * Fail for TLS only if we required a certificate.
2356 */
2357 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2358 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2359 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2360 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2361 al = SSL_AD_HANDSHAKE_FAILURE;
2362 goto f_err;
2363 }
2364 /* No client certificate so digest cached records */
2365 if (s->s3->handshake_buffer && !tls1_digest_cached_records(s)) {
2366 al = SSL_AD_INTERNAL_ERROR;
2367 goto f_err;
2368 }
2369 } else {
2370 i = ssl_verify_cert_chain(s, sk);
2371 if (i <= 0) {
2372 al = ssl_verify_alarm_type(s->verify_result);
2373 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2374 SSL_R_NO_CERTIFICATE_RETURNED);
2375 goto f_err;
2376 }
2377 }
2378
2379 X509_free(s->session->peer);
2380 s->session->peer = sk_X509_shift(sk);
2381 s->session->verify_result = s->verify_result;
2382
2383 /*
2384 * With the current implementation, sess_cert will always be NULL
2385 * when we arrive here
2386 */
2387 if (s->session->sess_cert == NULL) {
2388 s->session->sess_cert = ssl_sess_cert_new();
2389 if (s->session->sess_cert == NULL) {
2390 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2391 ERR_R_MALLOC_FAILURE);
2392 goto err;
2393 }
2394 }
2395 if (s->session->sess_cert->cert_chain != NULL)
2396 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
2397 s->session->sess_cert->cert_chain = sk;
2398
2399 /*
2400 * Inconsistency alert: cert_chain does *not* include the
2401 * peer's own certificate, while we do include it in s3_clnt.c
2402 */
2403
2404 sk = NULL;
2405
2406 ret = 1;
2407 if (0) {
2408truncated:
2409 al = SSL_AD_DECODE_ERROR;
2410 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2411 SSL_R_BAD_PACKET_LENGTH);
2412f_err:
2413 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2414 }
2415err:
2416 X509_free(x);
2417 if (sk != NULL)
2418 sk_X509_pop_free(sk, X509_free);
2419 return (ret);
2420}
2421
2422int
2423ssl3_send_server_certificate(SSL *s)
2424{
2425 unsigned long l;
2426 X509 *x;
2427
2428 if (s->state == SSL3_ST_SW_CERT_A) {
2429 x = ssl_get_server_send_cert(s);
2430 if (x == NULL) {
2431 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
2432 ERR_R_INTERNAL_ERROR);
2433 return (0);
2434 }
2435
2436 l = ssl3_output_cert_chain(s, x);
2437 s->state = SSL3_ST_SW_CERT_B;
2438 s->init_num = (int)l;
2439 s->init_off = 0;
2440 }
2441
2442 /* SSL3_ST_SW_CERT_B */
2443 return (ssl3_handshake_write(s));
2444}
2445
2446/* send a new session ticket (not necessarily for a new session) */
2447int
2448ssl3_send_newsession_ticket(SSL *s)
2449{
2450 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
2451 unsigned char *d, *p, *senc, *macstart;
2452 const unsigned char *const_p;
2453 int len, slen_full, slen;
2454 SSL_SESSION *sess;
2455 unsigned int hlen;
2456 EVP_CIPHER_CTX ctx;
2457 HMAC_CTX hctx;
2458 SSL_CTX *tctx = s->initial_ctx;
2459 unsigned char iv[EVP_MAX_IV_LENGTH];
2460 unsigned char key_name[16];
2461
2462 /* get session encoding length */
2463 slen_full = i2d_SSL_SESSION(s->session, NULL);
2464 /*
2465 * Some length values are 16 bits, so forget it if session is
2466 * too long
2467 */
2468 if (slen_full > 0xFF00)
2469 return (-1);
2470 senc = malloc(slen_full);
2471 if (!senc)
2472 return (-1);
2473 p = senc;
2474 i2d_SSL_SESSION(s->session, &p);
2475
2476 /*
2477 * Create a fresh copy (not shared with other threads) to
2478 * clean up
2479 */
2480 const_p = senc;
2481 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
2482 if (sess == NULL) {
2483 free(senc);
2484 return (-1);
2485 }
2486
2487 /* ID is irrelevant for the ticket */
2488 sess->session_id_length = 0;
2489
2490 slen = i2d_SSL_SESSION(sess, NULL);
2491 if (slen > slen_full) {
2492 /* shouldn't ever happen */
2493 free(senc);
2494 return (-1);
2495 }
2496 p = senc;
2497 i2d_SSL_SESSION(sess, &p);
2498 SSL_SESSION_free(sess);
2499
2500 /*
2501 * Grow buffer if need be: the length calculation is as
2502 * follows 1 (size of message name) + 3 (message length
2503 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
2504 * 16 (key name) + max_iv_len (iv length) +
2505 * session_length + max_enc_block_size (max encrypted session
2506 * length) + max_md_size (HMAC).
2507 */
2508 if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) +
2509 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
2510 EVP_MAX_MD_SIZE + slen)) {
2511 free(senc);
2512 return (-1);
2513 }
2514
2515 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEWSESSION_TICKET);
2516
2517 EVP_CIPHER_CTX_init(&ctx);
2518 HMAC_CTX_init(&hctx);
2519
2520 /*
2521 * Initialize HMAC and cipher contexts. If callback present
2522 * it does all the work otherwise use generated values
2523 * from parent ctx.
2524 */
2525 if (tctx->tlsext_ticket_key_cb) {
2526 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
2527 &hctx, 1) < 0) {
2528 free(senc);
2529 EVP_CIPHER_CTX_cleanup(&ctx);
2530 return (-1);
2531 }
2532 } else {
2533 arc4random_buf(iv, 16);
2534 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2535 tctx->tlsext_tick_aes_key, iv);
2536 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2537 tlsext_tick_md(), NULL);
2538 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
2539 }
2540
2541 /*
2542 * Ticket lifetime hint (advisory only):
2543 * We leave this unspecified for resumed session
2544 * (for simplicity), and guess that tickets for new
2545 * sessions will live as long as their sessions.
2546 */
2547 l2n(s->hit ? 0 : s->session->timeout, p);
2548
2549 /* Skip ticket length for now */
2550 p += 2;
2551 /* Output key name */
2552 macstart = p;
2553 memcpy(p, key_name, 16);
2554 p += 16;
2555 /* output IV */
2556 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
2557 p += EVP_CIPHER_CTX_iv_length(&ctx);
2558 /* Encrypt session data */
2559 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
2560 p += len;
2561 EVP_EncryptFinal_ex(&ctx, p, &len);
2562 p += len;
2563 EVP_CIPHER_CTX_cleanup(&ctx);
2564
2565 HMAC_Update(&hctx, macstart, p - macstart);
2566 HMAC_Final(&hctx, p, &hlen);
2567 HMAC_CTX_cleanup(&hctx);
2568 p += hlen;
2569
2570 /* Now write out lengths: p points to end of data written */
2571 /* Total length */
2572 len = p - d;
2573
2574 /* Skip ticket lifetime hint. */
2575 p = d + 4;
2576 s2n(len - 6, p); /* Message length */
2577
2578 ssl3_handshake_msg_finish(s, len);
2579
2580 s->state = SSL3_ST_SW_SESSION_TICKET_B;
2581
2582 free(senc);
2583 }
2584
2585 /* SSL3_ST_SW_SESSION_TICKET_B */
2586 return (ssl3_handshake_write(s));
2587}
2588
2589int
2590ssl3_send_cert_status(SSL *s)
2591{
2592 unsigned char *p;
2593
2594 if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
2595 /*
2596 * Grow buffer if need be: the length calculation is as
2597 * follows 1 (message type) + 3 (message length) +
2598 * 1 (ocsp response type) + 3 (ocsp response length)
2599 * + (ocsp response)
2600 */
2601 if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 +
2602 s->tlsext_ocsp_resplen))
2603 return (-1);
2604
2605 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);
2606
2607 *(p++) = s->tlsext_status_type;
2608 l2n3(s->tlsext_ocsp_resplen, p);
2609 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
2610
2611 ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4);
2612
2613 s->state = SSL3_ST_SW_CERT_STATUS_B;
2614 }
2615
2616 /* SSL3_ST_SW_CERT_STATUS_B */
2617 return (ssl3_handshake_write(s));
2618}
2619
2620/*
2621 * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
2622 * It sets the next_proto member in s if found
2623 */
2624int
2625ssl3_get_next_proto(SSL *s)
2626{
2627 CBS cbs, proto, padding;
2628 int ok;
2629 long n;
2630 size_t len;
2631
2632 /*
2633 * Clients cannot send a NextProtocol message if we didn't see the
2634 * extension in their ClientHello
2635 */
2636 if (!s->s3->next_proto_neg_seen) {
2637 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2638 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
2639 return (-1);
2640 }
2641
2642 /* 514 maxlen is enough for the payload format below */
2643 n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
2644 SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
2645 if (!ok)
2646 return ((int)n);
2647
2648 /*
2649 * s->state doesn't reflect whether ChangeCipherSpec has been received
2650 * in this handshake, but s->s3->change_cipher_spec does (will be reset
2651 * by ssl3_get_finished).
2652 */
2653 if (!s->s3->change_cipher_spec) {
2654 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2655 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
2656 return (-1);
2657 }
2658
2659 if (n < 2)
2660 return (0);
2661 /* The body must be > 1 bytes long */
2662
2663 CBS_init(&cbs, s->init_msg, s->init_num);
2664
2665 /*
2666 * The payload looks like:
2667 * uint8 proto_len;
2668 * uint8 proto[proto_len];
2669 * uint8 padding_len;
2670 * uint8 padding[padding_len];
2671 */
2672 if (!CBS_get_u8_length_prefixed(&cbs, &proto) ||
2673 !CBS_get_u8_length_prefixed(&cbs, &padding) ||
2674 CBS_len(&cbs) != 0)
2675 return 0;
2676
2677 /*
2678 * XXX We should not NULL it, but this matches old behavior of not
2679 * freeing before malloc.
2680 */
2681 s->next_proto_negotiated = NULL;
2682 s->next_proto_negotiated_len = 0;
2683
2684 if (!CBS_stow(&proto, &s->next_proto_negotiated, &len)) {
2685 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2686 ERR_R_MALLOC_FAILURE);
2687 return (0);
2688 }
2689 s->next_proto_negotiated_len = (uint8_t)len;
2690
2691 return (1);
2692}
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index 090dbb8680..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,3 +0,0 @@
1# Don't forget to give libtls the same type of bump!
2major=39
3minor=0
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h
deleted file mode 100644
index 6daa02a791..0000000000
--- a/src/lib/libssl/srtp.h
+++ /dev/null
@@ -1,142 +0,0 @@
1/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/*
112 * DTLS code by Eric Rescorla <ekr@rtfm.com>
113 *
114 * Copyright (C) 2006, Network Resonance, Inc.
115 * Copyright (C) 2011, RTFM, Inc.
116 */
117
118#ifndef HEADER_D1_SRTP_H
119#define HEADER_D1_SRTP_H
120
121#ifdef __cplusplus
122extern "C" {
123#endif
124
125#define SRTP_AES128_CM_SHA1_80 0x0001
126#define SRTP_AES128_CM_SHA1_32 0x0002
127#define SRTP_AES128_F8_SHA1_80 0x0003
128#define SRTP_AES128_F8_SHA1_32 0x0004
129#define SRTP_NULL_SHA1_80 0x0005
130#define SRTP_NULL_SHA1_32 0x0006
131
132int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
133int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
134
135STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
136SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
137
138#ifdef __cplusplus
139}
140#endif
141
142#endif
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index 58493fa988..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,2382 +0,0 @@
1/* $OpenBSD: ssl.h,v 1.96 2015/10/25 16:07:04 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_H
144#define HEADER_SSL_H
145
146#include <stdint.h>
147
148#include <openssl/opensslconf.h>
149#include <openssl/hmac.h>
150#include <openssl/pem.h>
151#include <openssl/safestack.h>
152
153#ifndef OPENSSL_NO_BIO
154#include <openssl/bio.h>
155#endif
156
157#ifndef OPENSSL_NO_DEPRECATED
158#include <openssl/buffer.h>
159#include <openssl/crypto.h>
160#include <openssl/lhash.h>
161
162#ifndef OPENSSL_NO_X509
163#include <openssl/x509.h>
164#endif
165#endif
166
167#ifdef __cplusplus
168extern "C" {
169#endif
170
171/* SSLeay version number for ASN.1 encoding of the session information */
172/* Version 0 - initial version
173 * Version 1 - added the optional peer certificate
174 */
175#define SSL_SESSION_ASN1_VERSION 0x0001
176
177/* text strings for the ciphers */
178#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
179#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
180#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
181#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
182#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
183#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
184#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
185#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
186#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
187#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
188
189/* VRS Additional Kerberos5 entries
190 */
191#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
192#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
193#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
194#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
195#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
196#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
197#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
198#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
199
200#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
201#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
202#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
203#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
204#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
205#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
206
207#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
208#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
209#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
210#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
211#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
212#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
213#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
214
215#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
216#define SSL_MAX_SID_CTX_LENGTH 32
217
218#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
219#define SSL_MAX_KEY_ARG_LENGTH 8
220#define SSL_MAX_MASTER_KEY_LENGTH 48
221
222
223/* These are used to specify which ciphers to use and not to use */
224
225#define SSL_TXT_LOW "LOW"
226#define SSL_TXT_MEDIUM "MEDIUM"
227#define SSL_TXT_HIGH "HIGH"
228
229#define SSL_TXT_kFZA "kFZA" /* unused! */
230#define SSL_TXT_aFZA "aFZA" /* unused! */
231#define SSL_TXT_eFZA "eFZA" /* unused! */
232#define SSL_TXT_FZA "FZA" /* unused! */
233
234#define SSL_TXT_aNULL "aNULL"
235#define SSL_TXT_eNULL "eNULL"
236#define SSL_TXT_NULL "NULL"
237
238#define SSL_TXT_kRSA "kRSA"
239#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
240#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
241#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
242#define SSL_TXT_kEDH "kEDH"
243#define SSL_TXT_kKRB5 "kKRB5"
244#define SSL_TXT_kECDHr "kECDHr"
245#define SSL_TXT_kECDHe "kECDHe"
246#define SSL_TXT_kECDH "kECDH"
247#define SSL_TXT_kEECDH "kEECDH"
248#define SSL_TXT_kPSK "kPSK"
249#define SSL_TXT_kGOST "kGOST"
250#define SSL_TXT_kSRP "kSRP"
251
252#define SSL_TXT_aRSA "aRSA"
253#define SSL_TXT_aDSS "aDSS"
254#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
255#define SSL_TXT_aECDH "aECDH"
256#define SSL_TXT_aKRB5 "aKRB5"
257#define SSL_TXT_aECDSA "aECDSA"
258#define SSL_TXT_aPSK "aPSK"
259#define SSL_TXT_aGOST94 "aGOST94"
260#define SSL_TXT_aGOST01 "aGOST01"
261#define SSL_TXT_aGOST "aGOST"
262
263#define SSL_TXT_DSS "DSS"
264#define SSL_TXT_DH "DH"
265#define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */
266#define SSL_TXT_EDH "EDH" /* previous name for DHE */
267#define SSL_TXT_ADH "ADH"
268#define SSL_TXT_RSA "RSA"
269#define SSL_TXT_ECDH "ECDH"
270#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */
271#define SSL_TXT_EECDH "EECDH" /* previous name for ECDHE */
272#define SSL_TXT_AECDH "AECDH"
273#define SSL_TXT_ECDSA "ECDSA"
274#define SSL_TXT_KRB5 "KRB5"
275#define SSL_TXT_PSK "PSK"
276#define SSL_TXT_SRP "SRP"
277
278#define SSL_TXT_DES "DES"
279#define SSL_TXT_3DES "3DES"
280#define SSL_TXT_RC4 "RC4"
281#define SSL_TXT_RC2 "RC2"
282#define SSL_TXT_IDEA "IDEA"
283#define SSL_TXT_SEED "SEED"
284#define SSL_TXT_AES128 "AES128"
285#define SSL_TXT_AES256 "AES256"
286#define SSL_TXT_AES "AES"
287#define SSL_TXT_AES_GCM "AESGCM"
288#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
289#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
290#define SSL_TXT_CAMELLIA "CAMELLIA"
291#define SSL_TXT_CHACHA20 "CHACHA20"
292
293#define SSL_TXT_AEAD "AEAD"
294#define SSL_TXT_MD5 "MD5"
295#define SSL_TXT_SHA1 "SHA1"
296#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
297#define SSL_TXT_GOST94 "GOST94"
298#define SSL_TXT_GOST89MAC "GOST89MAC"
299#define SSL_TXT_SHA256 "SHA256"
300#define SSL_TXT_SHA384 "SHA384"
301#define SSL_TXT_STREEBOG256 "STREEBOG256"
302#define SSL_TXT_STREEBOG512 "STREEBOG512"
303
304#define SSL_TXT_DTLS1 "DTLSv1"
305#define SSL_TXT_SSLV2 "SSLv2"
306#define SSL_TXT_SSLV3 "SSLv3"
307#define SSL_TXT_TLSV1 "TLSv1"
308#define SSL_TXT_TLSV1_1 "TLSv1.1"
309#define SSL_TXT_TLSV1_2 "TLSv1.2"
310
311#define SSL_TXT_EXP "EXP"
312#define SSL_TXT_EXPORT "EXPORT"
313
314#define SSL_TXT_ALL "ALL"
315
316/*
317 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
318 * ciphers normally not being used.
319 * Example: "RC4" will activate all ciphers using RC4 including ciphers
320 * without authentication, which would normally disabled by DEFAULT (due
321 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
322 * will make sure that it is also disabled in the specific selection.
323 * COMPLEMENTOF* identifiers are portable between version, as adjustments
324 * to the default cipher setup will also be included here.
325 *
326 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
327 * DEFAULT gets, as only selection is being done and no sorting as needed
328 * for DEFAULT.
329 */
330#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
331#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
332
333/* The following cipher list is used by default.
334 * It also is substituted when an application-defined cipher list string
335 * starts with 'DEFAULT'. */
336#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
337/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
338 * starts with a reasonable order, and all we have to do for DEFAULT is
339 * throwing out anonymous and unencrypted ciphersuites!
340 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
341 * some of them.)
342 */
343
344/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
345#define SSL_SENT_SHUTDOWN 1
346#define SSL_RECEIVED_SHUTDOWN 2
347
348
349#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
350#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
351
352/* This is needed to stop compilers complaining about the
353 * 'struct ssl_st *' function parameters used to prototype callbacks
354 * in SSL_CTX. */
355typedef struct ssl_st *ssl_crock_st;
356typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
357typedef struct ssl_method_st SSL_METHOD;
358typedef struct ssl_cipher_st SSL_CIPHER;
359typedef struct ssl_session_st SSL_SESSION;
360
361DECLARE_STACK_OF(SSL_CIPHER)
362
363/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
364typedef struct srtp_protection_profile_st {
365 const char *name;
366 unsigned long id;
367} SRTP_PROTECTION_PROFILE;
368
369DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
370
371typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
372 int len, void *arg);
373typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
374 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
375
376#ifndef OPENSSL_NO_SSL_INTERN
377
378/* used to hold info on the particular ciphers used */
379struct ssl_cipher_st {
380 int valid;
381 const char *name; /* text name */
382 unsigned long id; /* id, 4 bytes, first is version */
383
384 unsigned long algorithm_mkey; /* key exchange algorithm */
385 unsigned long algorithm_auth; /* server authentication */
386 unsigned long algorithm_enc; /* symmetric encryption */
387 unsigned long algorithm_mac; /* symmetric authentication */
388 unsigned long algorithm_ssl; /* (major) protocol version */
389
390 unsigned long algo_strength; /* strength and export flags */
391 unsigned long algorithm2; /* Extra flags */
392 int strength_bits; /* Number of bits really used */
393 int alg_bits; /* Number of bits for algorithm */
394};
395
396
397/* Used to hold functions for SSLv3/TLSv1 functions */
398struct ssl_method_st {
399 int version;
400 int (*ssl_new)(SSL *s);
401 void (*ssl_clear)(SSL *s);
402 void (*ssl_free)(SSL *s);
403 int (*ssl_accept)(SSL *s);
404 int (*ssl_connect)(SSL *s);
405 int (*ssl_read)(SSL *s, void *buf, int len);
406 int (*ssl_peek)(SSL *s, void *buf, int len);
407 int (*ssl_write)(SSL *s, const void *buf, int len);
408 int (*ssl_shutdown)(SSL *s);
409 int (*ssl_renegotiate)(SSL *s);
410 int (*ssl_renegotiate_check)(SSL *s);
411 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
412 long max, int *ok);
413 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
414 int len, int peek);
415 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
416 int (*ssl_dispatch_alert)(SSL *s);
417 long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
418 long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
419 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
420 int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
421 int (*ssl_pending)(const SSL *s);
422 int (*num_ciphers)(void);
423 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
424 const struct ssl_method_st *(*get_ssl_method)(int version);
425 long (*get_timeout)(void);
426 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
427 int (*ssl_version)(void);
428 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
429 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
430};
431
432/* Lets make this into an ASN.1 type structure as follows
433 * SSL_SESSION_ID ::= SEQUENCE {
434 * version INTEGER, -- structure version number
435 * SSLversion INTEGER, -- SSL version number
436 * Cipher OCTET STRING, -- the 3 byte cipher ID
437 * Session_ID OCTET STRING, -- the Session ID
438 * Master_key OCTET STRING, -- the master key
439 * KRB5_principal OCTET STRING -- optional Kerberos principal
440 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
441 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
442 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
443 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
444 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
445 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
446 * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
447 * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
448 * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
449 * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
450 * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
451 * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
452 * }
453 * Look in ssl/ssl_asn1.c for more details
454 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
455 */
456struct ssl_session_st {
457 int ssl_version; /* what ssl version session info is
458 * being kept in here? */
459
460 int master_key_length;
461 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
462 /* session_id - valid? */
463 unsigned int session_id_length;
464 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
465 /* this is used to determine whether the session is being reused in
466 * the appropriate context. It is up to the application to set this,
467 * via SSL_new */
468 unsigned int sid_ctx_length;
469 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
470
471 /* Used to indicate that session resumption is not allowed.
472 * Applications can also set this bit for a new session via
473 * not_resumable_session_cb to disable session caching and tickets. */
474 int not_resumable;
475
476 /* The cert is the certificate used to establish this connection */
477 struct sess_cert_st /* SESS_CERT */ *sess_cert;
478
479 /* This is the cert for the other end.
480 * On clients, it will be the same as sess_cert->peer_key->x509
481 * (the latter is not enough as sess_cert is not retained
482 * in the external representation of sessions, see ssl_asn1.c). */
483 X509 *peer;
484 /* when app_verify_callback accepts a session where the peer's certificate
485 * is not ok, we must remember the error for session reuse: */
486 long verify_result; /* only for servers */
487
488 long timeout;
489 time_t time;
490 int references;
491
492 const SSL_CIPHER *cipher;
493 unsigned long cipher_id; /* when ASN.1 loaded, this
494 * needs to be used to load
495 * the 'cipher' structure */
496
497 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
498
499 CRYPTO_EX_DATA ex_data; /* application specific data */
500
501 /* These are used to make removal of session-ids more
502 * efficient and to implement a maximum cache size. */
503 struct ssl_session_st *prev, *next;
504 char *tlsext_hostname;
505 size_t tlsext_ecpointformatlist_length;
506 uint8_t *tlsext_ecpointformatlist; /* peer's list */
507 size_t tlsext_ellipticcurvelist_length;
508 uint16_t *tlsext_ellipticcurvelist; /* peer's list */
509
510 /* RFC4507 info */
511 unsigned char *tlsext_tick; /* Session ticket */
512 size_t tlsext_ticklen; /* Session ticket length */
513 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
514};
515
516#endif
517
518/* Allow initial connection to servers that don't support RI */
519#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
520#define SSL_OP_TLSEXT_PADDING 0x00000010L
521
522/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
523 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
524 * the workaround is not needed.
525 * Unfortunately some broken SSL/TLS implementations cannot handle it
526 * at all, which is why it was previously included in SSL_OP_ALL.
527 * Now it's not.
528 */
529#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
530
531/* DTLS options */
532#define SSL_OP_NO_QUERY_MTU 0x00001000L
533/* Turn on Cookie Exchange (on relevant for servers) */
534#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
535/* Don't use RFC4507 ticket extension */
536#define SSL_OP_NO_TICKET 0x00004000L
537
538/* As server, disallow session resumption on renegotiation */
539#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
540/* If set, always create a new key when using tmp_ecdh parameters */
541#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
542/* If set, always create a new key when using tmp_dh parameters */
543#define SSL_OP_SINGLE_DH_USE 0x00100000L
544/* Set on servers to choose the cipher according to the server's
545 * preferences */
546#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
547/* If set, a server will allow a client to issue a SSLv3.0 version number
548 * as latest version supported in the premaster secret, even when TLSv1.0
549 * (version 3.1) was announced in the client hello. Normally this is
550 * forbidden to prevent version rollback attacks. */
551#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
552
553#define SSL_OP_NO_TLSv1 0x04000000L
554#define SSL_OP_NO_TLSv1_2 0x08000000L
555#define SSL_OP_NO_TLSv1_1 0x10000000L
556
557/* Make server add server-hello extension from early version of
558 * cryptopro draft, when GOST ciphersuite is negotiated.
559 * Required for interoperability with CryptoPro CSP 3.x
560 */
561#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
562
563/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
564#define SSL_OP_ALL \
565 (SSL_OP_LEGACY_SERVER_CONNECT | \
566 SSL_OP_TLSEXT_PADDING | \
567 SSL_OP_CRYPTOPRO_TLSEXT_BUG)
568
569/* Obsolete flags kept for compatibility. No sane code should use them. */
570#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0
571#define SSL_OP_CISCO_ANYCONNECT 0x0
572#define SSL_OP_EPHEMERAL_RSA 0x0
573#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0
574#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0
575#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
576#define SSL_OP_NETSCAPE_CA_DN_BUG 0x0
577#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0
578#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0
579#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0
580#define SSL_OP_NO_COMPRESSION 0x0
581#define SSL_OP_NO_SSLv2 0x0
582#define SSL_OP_NO_SSLv3 0x0
583#define SSL_OP_PKCS1_CHECK_1 0x0
584#define SSL_OP_PKCS1_CHECK_2 0x0
585#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0
586#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
587#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
588#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
589#define SSL_OP_TLS_D5_BUG 0x0
590
591/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
592 * when just a single record has been written): */
593#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
594/* Make it possible to retry SSL_write() with changed buffer location
595 * (buffer contents must stay the same!); this is not the default to avoid
596 * the misconception that non-blocking SSL_write() behaves like
597 * non-blocking write(): */
598#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
599/* Never bother the application with retries if the transport
600 * is blocking: */
601#define SSL_MODE_AUTO_RETRY 0x00000004L
602/* Don't attempt to automatically build certificate chain */
603#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
604/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
605 * TLS only.) "Released" buffers are put onto a free-list in the context
606 * or just freed (depending on the context's setting for freelist_max_len). */
607#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
608
609/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
610 * they cannot be used to clear bits. */
611
612#define SSL_CTX_set_options(ctx,op) \
613 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
614#define SSL_CTX_clear_options(ctx,op) \
615 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
616#define SSL_CTX_get_options(ctx) \
617 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
618#define SSL_set_options(ssl,op) \
619 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
620#define SSL_clear_options(ssl,op) \
621 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
622#define SSL_get_options(ssl) \
623 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
624
625#define SSL_CTX_set_mode(ctx,op) \
626 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
627#define SSL_CTX_clear_mode(ctx,op) \
628 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
629#define SSL_CTX_get_mode(ctx) \
630 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
631#define SSL_clear_mode(ssl,op) \
632 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
633#define SSL_set_mode(ssl,op) \
634 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
635#define SSL_get_mode(ssl) \
636 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
637#define SSL_set_mtu(ssl, mtu) \
638 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
639
640#define SSL_get_secure_renegotiation_support(ssl) \
641 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
642
643void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
644 int version, int content_type, const void *buf, size_t len, SSL *ssl,
645 void *arg));
646void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
647 int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
648#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
649#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
650
651struct ssl_aead_ctx_st;
652typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
653
654#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
655
656#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
657
658/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
659 * them. It is used to override the generation of SSL/TLS session IDs in a
660 * server. Return value should be zero on an error, non-zero to proceed. Also,
661 * callbacks should themselves check if the id they generate is unique otherwise
662 * the SSL handshake will fail with an error - callbacks can do this using the
663 * 'ssl' value they're passed by;
664 * SSL_has_matching_session_id(ssl, id, *id_len)
665 * The length value passed in is set at the maximum size the session ID can be.
666 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
667 * can alter this length to be less if desired, but under SSLv2 session IDs are
668 * supposed to be fixed at 16 bytes so the id will be padded after the callback
669 * returns in this case. It is also an error for the callback to set the size to
670 * zero. */
671typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
672 unsigned int *id_len);
673
674typedef struct ssl_comp_st SSL_COMP;
675
676#ifndef OPENSSL_NO_SSL_INTERN
677
678struct ssl_comp_st {
679 int id;
680 const char *name;
681};
682
683DECLARE_STACK_OF(SSL_COMP)
684DECLARE_LHASH_OF(SSL_SESSION);
685
686struct ssl_ctx_st {
687 const SSL_METHOD *method;
688
689 STACK_OF(SSL_CIPHER) *cipher_list;
690 /* same as above but sorted for lookup */
691 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
692
693 struct x509_store_st /* X509_STORE */ *cert_store;
694 LHASH_OF(SSL_SESSION) *sessions;
695 /* Most session-ids that will be cached, default is
696 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
697 unsigned long session_cache_size;
698 struct ssl_session_st *session_cache_head;
699 struct ssl_session_st *session_cache_tail;
700
701 /* This can have one of 2 values, ored together,
702 * SSL_SESS_CACHE_CLIENT,
703 * SSL_SESS_CACHE_SERVER,
704 * Default is SSL_SESSION_CACHE_SERVER, which means only
705 * SSL_accept which cache SSL_SESSIONS. */
706 int session_cache_mode;
707
708 /* If timeout is not 0, it is the default timeout value set
709 * when SSL_new() is called. This has been put in to make
710 * life easier to set things up */
711 long session_timeout;
712
713 /* If this callback is not null, it will be called each
714 * time a session id is added to the cache. If this function
715 * returns 1, it means that the callback will do a
716 * SSL_SESSION_free() when it has finished using it. Otherwise,
717 * on 0, it means the callback has finished with it.
718 * If remove_session_cb is not null, it will be called when
719 * a session-id is removed from the cache. After the call,
720 * OpenSSL will SSL_SESSION_free() it. */
721 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
722 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
723 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
724 unsigned char *data, int len, int *copy);
725
726 struct {
727 int sess_connect; /* SSL new conn - started */
728 int sess_connect_renegotiate;/* SSL reneg - requested */
729 int sess_connect_good; /* SSL new conne/reneg - finished */
730 int sess_accept; /* SSL new accept - started */
731 int sess_accept_renegotiate;/* SSL reneg - requested */
732 int sess_accept_good; /* SSL accept/reneg - finished */
733 int sess_miss; /* session lookup misses */
734 int sess_timeout; /* reuse attempt on timeouted session */
735 int sess_cache_full; /* session removed due to full cache */
736 int sess_hit; /* session reuse actually done */
737 int sess_cb_hit; /* session-id that was not
738 * in the cache was
739 * passed back via the callback. This
740 * indicates that the application is
741 * supplying session-id's from other
742 * processes - spooky :-) */
743 } stats;
744
745 int references;
746
747 /* if defined, these override the X509_verify_cert() calls */
748 int (*app_verify_callback)(X509_STORE_CTX *, void *);
749 void *app_verify_arg;
750
751 /* Default password callback. */
752 pem_password_cb *default_passwd_callback;
753
754 /* Default password callback user data. */
755 void *default_passwd_callback_userdata;
756
757 /* get client cert callback */
758 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
759
760 /* cookie generate callback */
761 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
762 unsigned int *cookie_len);
763
764 /* verify cookie callback */
765 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
766 unsigned int cookie_len);
767
768 CRYPTO_EX_DATA ex_data;
769
770 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
771 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */
772
773 STACK_OF(X509) *extra_certs;
774
775 /* Default values used when no per-SSL value is defined follow */
776
777 void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
778
779 /* what we put in client cert requests */
780 STACK_OF(X509_NAME) *client_CA;
781
782
783 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
784
785 unsigned long options;
786 unsigned long mode;
787 long max_cert_list;
788
789 struct cert_st /* CERT */ *cert;
790 int read_ahead;
791
792 /* callback that allows applications to peek at protocol messages */
793 void (*msg_callback)(int write_p, int version, int content_type,
794 const void *buf, size_t len, SSL *ssl, void *arg);
795 void *msg_callback_arg;
796
797 int verify_mode;
798 unsigned int sid_ctx_length;
799 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
800 int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
801
802 /* Default generate session ID callback. */
803 GEN_SESSION_CB generate_session_id;
804
805 X509_VERIFY_PARAM *param;
806
807 int quiet_shutdown;
808
809 /* Maximum amount of data to send in one fragment.
810 * actual record size can be more than this due to
811 * padding and MAC overheads.
812 */
813 unsigned int max_send_fragment;
814
815#ifndef OPENSSL_NO_ENGINE
816 /* Engine to pass requests for client certs to
817 */
818 ENGINE *client_cert_engine;
819#endif
820
821 /* TLS extensions servername callback */
822 int (*tlsext_servername_callback)(SSL*, int *, void *);
823 void *tlsext_servername_arg;
824 /* RFC 4507 session ticket keys */
825 unsigned char tlsext_tick_key_name[16];
826 unsigned char tlsext_tick_hmac_key[16];
827 unsigned char tlsext_tick_aes_key[16];
828 /* Callback to support customisation of ticket key setting */
829 int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
830 unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
831
832 /* certificate status request info */
833 /* Callback for status request */
834 int (*tlsext_status_cb)(SSL *ssl, void *arg);
835 void *tlsext_status_arg;
836
837
838
839
840 /* Next protocol negotiation information */
841 /* (for experimental NPN extension). */
842
843 /* For a server, this contains a callback function by which the set of
844 * advertised protocols can be provided. */
845 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
846 unsigned int *len, void *arg);
847 void *next_protos_advertised_cb_arg;
848 /* For a client, this contains a callback function that selects the
849 * next protocol from the list provided by the server. */
850 int (*next_proto_select_cb)(SSL *s, unsigned char **out,
851 unsigned char *outlen, const unsigned char *in,
852 unsigned int inlen, void *arg);
853 void *next_proto_select_cb_arg;
854
855 /*
856 * ALPN information
857 * (we are in the process of transitioning from NPN to ALPN).
858 */
859
860 /*
861 * Server callback function that allows the server to select the
862 * protocol for the connection.
863 * out: on successful return, this must point to the raw protocol
864 * name (without the length prefix).
865 * outlen: on successful return, this contains the length of out.
866 * in: points to the client's list of supported protocols in
867 * wire-format.
868 * inlen: the length of in.
869 */
870 int (*alpn_select_cb)(SSL *s, const unsigned char **out,
871 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
872 void *arg);
873 void *alpn_select_cb_arg;
874
875 /* Client list of supported protocols in wire format. */
876 unsigned char *alpn_client_proto_list;
877 unsigned int alpn_client_proto_list_len;
878
879 /* SRTP profiles we are willing to do from RFC 5764 */
880 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
881};
882
883#endif
884
885#define SSL_SESS_CACHE_OFF 0x0000
886#define SSL_SESS_CACHE_CLIENT 0x0001
887#define SSL_SESS_CACHE_SERVER 0x0002
888#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
889#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
890/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
891#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
892#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
893#define SSL_SESS_CACHE_NO_INTERNAL \
894 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
895
896LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
897#define SSL_CTX_sess_number(ctx) \
898 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
899#define SSL_CTX_sess_connect(ctx) \
900 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
901#define SSL_CTX_sess_connect_good(ctx) \
902 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
903#define SSL_CTX_sess_connect_renegotiate(ctx) \
904 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
905#define SSL_CTX_sess_accept(ctx) \
906 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
907#define SSL_CTX_sess_accept_renegotiate(ctx) \
908 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
909#define SSL_CTX_sess_accept_good(ctx) \
910 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
911#define SSL_CTX_sess_hits(ctx) \
912 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
913#define SSL_CTX_sess_cb_hits(ctx) \
914 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
915#define SSL_CTX_sess_misses(ctx) \
916 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
917#define SSL_CTX_sess_timeouts(ctx) \
918 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
919#define SSL_CTX_sess_cache_full(ctx) \
920 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
921
922void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
923 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
924int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
925 SSL_SESSION *sess);
926void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
927 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
928void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
929 SSL_SESSION *sess);
930void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
931 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
932 int len, int *copy));
933SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
934 unsigned char *Data, int len, int *copy);
935void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
936 int type, int val));
937void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
938 int val);
939void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
940 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
941int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
942 EVP_PKEY **pkey);
943#ifndef OPENSSL_NO_ENGINE
944int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
945#endif
946void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
947 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
948 unsigned int *cookie_len));
949void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
950 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
951 unsigned int cookie_len));
952void
953SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
954 const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
955void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
956 unsigned char **out, unsigned char *outlen, const unsigned char *in,
957 unsigned int inlen, void *arg), void *arg);
958
959int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
960 const unsigned char *in, unsigned int inlen, const unsigned char *client,
961 unsigned int client_len);
962void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
963 unsigned *len);
964
965#define OPENSSL_NPN_UNSUPPORTED 0
966#define OPENSSL_NPN_NEGOTIATED 1
967#define OPENSSL_NPN_NO_OVERLAP 2
968
969int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
970 unsigned int protos_len);
971int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
972 unsigned int protos_len);
973void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
974 int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen,
975 const unsigned char *in, unsigned int inlen, void *arg), void *arg);
976void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
977 unsigned int *len);
978
979#define SSL_NOTHING 1
980#define SSL_WRITING 2
981#define SSL_READING 3
982#define SSL_X509_LOOKUP 4
983
984/* These will only be used when doing non-blocking IO */
985#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
986#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
987#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
988#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
989
990#define SSL_MAC_FLAG_READ_MAC_STREAM 1
991#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
992
993#ifndef OPENSSL_NO_SSL_INTERN
994
995struct ssl_st {
996 /* protocol version
997 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
998 */
999 int version;
1000 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
1001
1002 const SSL_METHOD *method; /* SSLv3 */
1003
1004 /* There are 2 BIO's even though they are normally both the
1005 * same. This is so data can be read and written to different
1006 * handlers */
1007
1008#ifndef OPENSSL_NO_BIO
1009 BIO *rbio; /* used by SSL_read */
1010 BIO *wbio; /* used by SSL_write */
1011 BIO *bbio; /* used during session-id reuse to concatenate
1012 * messages */
1013#else
1014 char *rbio; /* used by SSL_read */
1015 char *wbio; /* used by SSL_write */
1016 char *bbio;
1017#endif
1018 /* This holds a variable that indicates what we were doing
1019 * when a 0 or -1 is returned. This is needed for
1020 * non-blocking IO so we know what request needs re-doing when
1021 * in SSL_accept or SSL_connect */
1022 int rwstate;
1023
1024 /* true when we are actually in SSL_accept() or SSL_connect() */
1025 int in_handshake;
1026 int (*handshake_func)(SSL *);
1027
1028 /* Imagine that here's a boolean member "init" that is
1029 * switched as soon as SSL_set_{accept/connect}_state
1030 * is called for the first time, so that "state" and
1031 * "handshake_func" are properly initialized. But as
1032 * handshake_func is == 0 until then, we use this
1033 * test instead of an "init" member.
1034 */
1035
1036 int server; /* are we the server side? - mostly used by SSL_clear*/
1037
1038 int new_session;/* Generate a new session or reuse an old one.
1039 * NB: For servers, the 'new' session may actually be a previously
1040 * cached session or even the previous session unless
1041 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1042 int quiet_shutdown;/* don't send shutdown packets */
1043 int shutdown; /* we have shut things down, 0x01 sent, 0x02
1044 * for received */
1045 int state; /* where we are */
1046 int rstate; /* where we are when reading */
1047
1048 BUF_MEM *init_buf; /* buffer used during init */
1049 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
1050 int init_num; /* amount read/written */
1051 int init_off; /* amount read/written */
1052
1053 /* used internally to point at a raw packet */
1054 unsigned char *packet;
1055 unsigned int packet_length;
1056
1057 struct ssl3_state_st *s3; /* SSLv3 variables */
1058 struct dtls1_state_st *d1; /* DTLSv1 variables */
1059
1060 int read_ahead; /* Read as many input bytes as possible
1061 * (for non-blocking reads) */
1062
1063 /* callback that allows applications to peek at protocol messages */
1064 void (*msg_callback)(int write_p, int version, int content_type,
1065 const void *buf, size_t len, SSL *ssl, void *arg);
1066 void *msg_callback_arg;
1067
1068 int hit; /* reusing a previous session */
1069
1070 X509_VERIFY_PARAM *param;
1071
1072 /* crypto */
1073 STACK_OF(SSL_CIPHER) *cipher_list;
1074 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1075
1076 /* These are the ones being used, the ones in SSL_SESSION are
1077 * the ones to be 'copied' into these ones */
1078 int mac_flags;
1079
1080 SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then
1081 enc_read_ctx and read_hash are
1082 ignored. */
1083
1084 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1085 EVP_MD_CTX *read_hash; /* used for mac generation */
1086
1087 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then
1088 enc_write_ctx and write_hash are
1089 ignored. */
1090
1091 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1092 EVP_MD_CTX *write_hash; /* used for mac generation */
1093
1094 /* session info */
1095
1096 /* client cert? */
1097 /* This is used to hold the server certificate used */
1098 struct cert_st /* CERT */ *cert;
1099
1100 /* the session_id_context is used to ensure sessions are only reused
1101 * in the appropriate context */
1102 unsigned int sid_ctx_length;
1103 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1104
1105 /* This can also be in the session once a session is established */
1106 SSL_SESSION *session;
1107
1108 /* Default generate session ID callback. */
1109 GEN_SESSION_CB generate_session_id;
1110
1111 /* Used in SSL2 and SSL3 */
1112 int verify_mode; /* 0 don't care about verify failure.
1113 * 1 fail if verify fails */
1114 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
1115
1116 void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
1117
1118 int error; /* error bytes to be written */
1119 int error_code; /* actual code */
1120
1121
1122
1123 SSL_CTX *ctx;
1124 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
1125 * and SSL_write() calls, good for nbio debuging :-) */
1126 int debug;
1127
1128
1129 /* extra application data */
1130 long verify_result;
1131 CRYPTO_EX_DATA ex_data;
1132
1133 /* for server side, keep the list of CA_dn we can use */
1134 STACK_OF(X509_NAME) *client_CA;
1135
1136 int references;
1137 unsigned long options; /* protocol behaviour */
1138 unsigned long mode; /* API behaviour */
1139 long max_cert_list;
1140 int first_packet;
1141 int client_version; /* what was passed, used for
1142 * SSLv3/TLS rollback check */
1143 unsigned int max_send_fragment;
1144 /* TLS extension debug callback */
1145 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1146 unsigned char *data, int len, void *arg);
1147 void *tlsext_debug_arg;
1148 char *tlsext_hostname;
1149 int servername_done; /* no further mod of servername
1150 0 : call the servername extension callback.
1151 1 : prepare 2, allow last ack just after in server callback.
1152 2 : don't call servername callback, no ack in server hello
1153 */
1154 /* certificate status request info */
1155 /* Status type or -1 if no status type */
1156 int tlsext_status_type;
1157 /* Expect OCSP CertificateStatus message */
1158 int tlsext_status_expected;
1159 /* OCSP status request only */
1160 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
1161 X509_EXTENSIONS *tlsext_ocsp_exts;
1162 /* OCSP response received or to be sent */
1163 unsigned char *tlsext_ocsp_resp;
1164 int tlsext_ocsp_resplen;
1165
1166 /* RFC4507 session ticket expected to be received or sent */
1167 int tlsext_ticket_expected;
1168 size_t tlsext_ecpointformatlist_length;
1169 uint8_t *tlsext_ecpointformatlist; /* our list */
1170 size_t tlsext_ellipticcurvelist_length;
1171 uint16_t *tlsext_ellipticcurvelist; /* our list */
1172
1173 /* TLS Session Ticket extension override */
1174 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1175
1176 /* TLS Session Ticket extension callback */
1177 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
1178 void *tls_session_ticket_ext_cb_arg;
1179
1180 /* TLS pre-shared secret session resumption */
1181 tls_session_secret_cb_fn tls_session_secret_cb;
1182 void *tls_session_secret_cb_arg;
1183
1184 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1185
1186 /* Next protocol negotiation. For the client, this is the protocol that
1187 * we sent in NextProtocol and is set when handling ServerHello
1188 * extensions.
1189 *
1190 * For a server, this is the client's selected_protocol from
1191 * NextProtocol and is set when handling the NextProtocol message,
1192 * before the Finished message. */
1193 unsigned char *next_proto_negotiated;
1194 unsigned char next_proto_negotiated_len;
1195
1196#define session_ctx initial_ctx
1197
1198 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
1199 SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
1200
1201 unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated?
1202 0: disabled
1203 1: enabled
1204 2: enabled, but not allowed to send Requests
1205 */
1206 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1207 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1208
1209 /* Client list of supported protocols in wire format. */
1210 unsigned char *alpn_client_proto_list;
1211 unsigned int alpn_client_proto_list_len;
1212
1213 int renegotiate;/* 1 if we are renegotiating.
1214 * 2 if we are a server and are inside a handshake
1215 * (i.e. not just sending a HelloRequest) */
1216
1217};
1218
1219#endif
1220
1221#ifdef __cplusplus
1222}
1223#endif
1224
1225#include <openssl/ssl2.h>
1226#include <openssl/ssl3.h>
1227#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1228#include <openssl/dtls1.h> /* Datagram TLS */
1229#include <openssl/ssl23.h>
1230#include <openssl/srtp.h> /* Support for the use_srtp extension */
1231
1232#ifdef __cplusplus
1233extern "C" {
1234#endif
1235
1236/* compatibility */
1237#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
1238#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
1239#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
1240#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
1241#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
1242#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1243
1244/* The following are the possible values for ssl->state are are
1245 * used to indicate where we are up to in the SSL connection establishment.
1246 * The macros that follow are about the only things you should need to use
1247 * and even then, only when using non-blocking IO.
1248 * It can also be useful to work out where you were when the connection
1249 * failed */
1250
1251#define SSL_ST_CONNECT 0x1000
1252#define SSL_ST_ACCEPT 0x2000
1253#define SSL_ST_MASK 0x0FFF
1254#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
1255#define SSL_ST_BEFORE 0x4000
1256#define SSL_ST_OK 0x03
1257#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
1258
1259#define SSL_CB_LOOP 0x01
1260#define SSL_CB_EXIT 0x02
1261#define SSL_CB_READ 0x04
1262#define SSL_CB_WRITE 0x08
1263#define SSL_CB_ALERT 0x4000 /* used in callback */
1264#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
1265#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
1266#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
1267#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
1268#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
1269#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
1270#define SSL_CB_HANDSHAKE_START 0x10
1271#define SSL_CB_HANDSHAKE_DONE 0x20
1272
1273/* Is the SSL_connection established? */
1274#define SSL_get_state(a) SSL_state(a)
1275#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
1276#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
1277#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
1278#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
1279#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
1280
1281/* The following 2 states are kept in ssl->rstate when reads fail,
1282 * you should not need these */
1283#define SSL_ST_READ_HEADER 0xF0
1284#define SSL_ST_READ_BODY 0xF1
1285#define SSL_ST_READ_DONE 0xF2
1286
1287/* Obtain latest Finished message
1288 * -- that we sent (SSL_get_finished)
1289 * -- that we expected from peer (SSL_get_peer_finished).
1290 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
1291size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
1292size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1293
1294/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
1295 * are 'ored' with SSL_VERIFY_PEER if they are desired */
1296#define SSL_VERIFY_NONE 0x00
1297#define SSL_VERIFY_PEER 0x01
1298#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
1299#define SSL_VERIFY_CLIENT_ONCE 0x04
1300
1301#define OpenSSL_add_ssl_algorithms() SSL_library_init()
1302#define SSLeay_add_ssl_algorithms() SSL_library_init()
1303
1304/* More backward compatibility */
1305#define SSL_get_cipher(s) \
1306 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1307#define SSL_get_cipher_bits(s,np) \
1308 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
1309#define SSL_get_cipher_version(s) \
1310 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
1311#define SSL_get_cipher_name(s) \
1312 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1313#define SSL_get_time(a) SSL_SESSION_get_time(a)
1314#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
1315#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1316#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1317
1318#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1319#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1320
1321DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1322
1323#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
1324
1325/* These alert types are for SSLv3 and TLSv1 */
1326#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1327#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
1328#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
1329#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
1330#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
1331#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
1332#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
1333#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
1334#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
1335#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
1336#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
1337#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
1338#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
1339#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
1340#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
1341#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
1342#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
1343#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
1344#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
1345#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
1346#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
1347#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
1348#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
1349#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
1350#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
1351#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
1352#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1353#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1354#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1355#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1356#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1357
1358#define SSL_ERROR_NONE 0
1359#define SSL_ERROR_SSL 1
1360#define SSL_ERROR_WANT_READ 2
1361#define SSL_ERROR_WANT_WRITE 3
1362#define SSL_ERROR_WANT_X509_LOOKUP 4
1363#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
1364#define SSL_ERROR_ZERO_RETURN 6
1365#define SSL_ERROR_WANT_CONNECT 7
1366#define SSL_ERROR_WANT_ACCEPT 8
1367
1368#define SSL_CTRL_NEED_TMP_RSA 1
1369#define SSL_CTRL_SET_TMP_RSA 2
1370#define SSL_CTRL_SET_TMP_DH 3
1371#define SSL_CTRL_SET_TMP_ECDH 4
1372#define SSL_CTRL_SET_TMP_RSA_CB 5
1373#define SSL_CTRL_SET_TMP_DH_CB 6
1374#define SSL_CTRL_SET_TMP_ECDH_CB 7
1375
1376#define SSL_CTRL_GET_SESSION_REUSED 8
1377#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
1378#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
1379#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
1380#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
1381#define SSL_CTRL_GET_FLAGS 13
1382#define SSL_CTRL_EXTRA_CHAIN_CERT 14
1383
1384#define SSL_CTRL_SET_MSG_CALLBACK 15
1385#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
1386
1387/* only applies to datagram connections */
1388#define SSL_CTRL_SET_MTU 17
1389/* Stats */
1390#define SSL_CTRL_SESS_NUMBER 20
1391#define SSL_CTRL_SESS_CONNECT 21
1392#define SSL_CTRL_SESS_CONNECT_GOOD 22
1393#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
1394#define SSL_CTRL_SESS_ACCEPT 24
1395#define SSL_CTRL_SESS_ACCEPT_GOOD 25
1396#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
1397#define SSL_CTRL_SESS_HIT 27
1398#define SSL_CTRL_SESS_CB_HIT 28
1399#define SSL_CTRL_SESS_MISSES 29
1400#define SSL_CTRL_SESS_TIMEOUTS 30
1401#define SSL_CTRL_SESS_CACHE_FULL 31
1402#define SSL_CTRL_OPTIONS 32
1403#define SSL_CTRL_MODE 33
1404
1405#define SSL_CTRL_GET_READ_AHEAD 40
1406#define SSL_CTRL_SET_READ_AHEAD 41
1407#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
1408#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
1409#define SSL_CTRL_SET_SESS_CACHE_MODE 44
1410#define SSL_CTRL_GET_SESS_CACHE_MODE 45
1411
1412#define SSL_CTRL_GET_MAX_CERT_LIST 50
1413#define SSL_CTRL_SET_MAX_CERT_LIST 51
1414
1415#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1416
1417/* see tls1.h for macros based on these */
1418#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1419#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1420#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
1421#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
1422#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1423#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1424#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1425#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1426#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1427#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
1428#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
1429#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
1430#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
1431#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
1432#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
1433#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
1434
1435#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1436
1437#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
1438#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
1439#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
1440
1441#define SSL_CTRL_SET_SRP_ARG 78
1442#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1443#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1444#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1445
1446#define DTLS_CTRL_GET_TIMEOUT 73
1447#define DTLS_CTRL_HANDLE_TIMEOUT 74
1448#define DTLS_CTRL_LISTEN 75
1449
1450#define SSL_CTRL_GET_RI_SUPPORT 76
1451#define SSL_CTRL_CLEAR_OPTIONS 77
1452#define SSL_CTRL_CLEAR_MODE 78
1453
1454#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
1455#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
1456
1457#define SSL_CTRL_SET_ECDH_AUTO 94
1458
1459#define SSL_CTRL_SET_DH_AUTO 118
1460
1461#define DTLSv1_get_timeout(ssl, arg) \
1462 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1463#define DTLSv1_handle_timeout(ssl) \
1464 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1465#define DTLSv1_listen(ssl, peer) \
1466 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
1467
1468#define SSL_session_reused(ssl) \
1469 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1470#define SSL_num_renegotiations(ssl) \
1471 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
1472#define SSL_clear_num_renegotiations(ssl) \
1473 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
1474#define SSL_total_renegotiations(ssl) \
1475 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1476
1477#define SSL_CTX_need_tmp_RSA(ctx) \
1478 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1479#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
1480 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1481#define SSL_CTX_set_tmp_dh(ctx,dh) \
1482 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1483#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
1484 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1485#define SSL_CTX_set_dh_auto(ctx, onoff) \
1486 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
1487#define SSL_CTX_set_ecdh_auto(ctx, onoff) \
1488 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
1489
1490#define SSL_need_tmp_RSA(ssl) \
1491 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1492#define SSL_set_tmp_rsa(ssl,rsa) \
1493 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1494#define SSL_set_tmp_dh(ssl,dh) \
1495 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1496#define SSL_set_tmp_ecdh(ssl,ecdh) \
1497 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1498#define SSL_set_dh_auto(s, onoff) \
1499 SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
1500#define SSL_set_ecdh_auto(s, onoff) \
1501 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
1502
1503#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1504 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1505#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
1506 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
1507#define SSL_CTX_clear_extra_chain_certs(ctx) \
1508 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
1509
1510#ifndef OPENSSL_NO_BIO
1511BIO_METHOD *BIO_f_ssl(void);
1512BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
1513BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
1514BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1515int BIO_ssl_copy_session_id(BIO *to, BIO *from);
1516void BIO_ssl_shutdown(BIO *ssl_bio);
1517#endif
1518
1519int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
1520SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1521void SSL_CTX_free(SSL_CTX *);
1522long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
1523long SSL_CTX_get_timeout(const SSL_CTX *ctx);
1524X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1525void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
1526int SSL_want(const SSL *s);
1527int SSL_clear(SSL *s);
1528
1529void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
1530
1531const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1532const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
1533const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
1534int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
1535char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1536const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1537unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
1538uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
1539
1540int SSL_get_fd(const SSL *s);
1541int SSL_get_rfd(const SSL *s);
1542int SSL_get_wfd(const SSL *s);
1543const char * SSL_get_cipher_list(const SSL *s, int n);
1544char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
1545int SSL_get_read_ahead(const SSL * s);
1546int SSL_pending(const SSL *s);
1547int SSL_set_fd(SSL *s, int fd);
1548int SSL_set_rfd(SSL *s, int fd);
1549int SSL_set_wfd(SSL *s, int fd);
1550#ifndef OPENSSL_NO_BIO
1551void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
1552BIO * SSL_get_rbio(const SSL *s);
1553BIO * SSL_get_wbio(const SSL *s);
1554#endif
1555int SSL_set_cipher_list(SSL *s, const char *str);
1556void SSL_set_read_ahead(SSL *s, int yes);
1557int SSL_get_verify_mode(const SSL *s);
1558int SSL_get_verify_depth(const SSL *s);
1559int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
1560void SSL_set_verify(SSL *s, int mode,
1561 int (*callback)(int ok, X509_STORE_CTX *ctx));
1562void SSL_set_verify_depth(SSL *s, int depth);
1563int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1564int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
1565int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1566int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
1567int SSL_use_certificate(SSL *ssl, X509 *x);
1568int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1569
1570int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
1571int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
1572int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
1573int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1574int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1575int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1576int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
1577int SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len);
1578STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
1579int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1580 const char *file);
1581int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1582 const char *dir);
1583
1584void SSL_load_error_strings(void );
1585const char *SSL_state_string(const SSL *s);
1586const char *SSL_rstate_string(const SSL *s);
1587const char *SSL_state_string_long(const SSL *s);
1588const char *SSL_rstate_string_long(const SSL *s);
1589long SSL_SESSION_get_time(const SSL_SESSION *s);
1590long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1591long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1592long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1593void SSL_copy_session_id(SSL *to, const SSL *from);
1594X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
1595int
1596SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1597unsigned int sid_ctx_len);
1598
1599SSL_SESSION *SSL_SESSION_new(void);
1600const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1601 unsigned int *len);
1602unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1603int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
1604#ifndef OPENSSL_NO_BIO
1605int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
1606#endif
1607void SSL_SESSION_free(SSL_SESSION *ses);
1608int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
1609int SSL_set_session(SSL *to, SSL_SESSION *session);
1610int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1611int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
1612int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
1613int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1614int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1615 unsigned int id_len);
1616SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1617 long length);
1618
1619#ifdef HEADER_X509_H
1620X509 * SSL_get_peer_certificate(const SSL *s);
1621#endif
1622
1623STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1624
1625int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
1626int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
1627int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
1628void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
1629 int (*callback)(int, X509_STORE_CTX *));
1630void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
1631void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
1632int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1633int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1634int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1635int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
1636int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1637int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1638
1639void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
1640void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1641
1642int SSL_CTX_check_private_key(const SSL_CTX *ctx);
1643int SSL_check_private_key(const SSL *ctx);
1644
1645int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
1646
1647SSL *SSL_new(SSL_CTX *ctx);
1648int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
1649
1650int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1651int SSL_set_purpose(SSL *s, int purpose);
1652int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1653int SSL_set_trust(SSL *s, int trust);
1654
1655int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1656int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1657
1658
1659void SSL_free(SSL *ssl);
1660int SSL_accept(SSL *ssl);
1661int SSL_connect(SSL *ssl);
1662int SSL_read(SSL *ssl, void *buf, int num);
1663int SSL_peek(SSL *ssl, void *buf, int num);
1664int SSL_write(SSL *ssl, const void *buf, int num);
1665long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
1666long SSL_callback_ctrl(SSL *, int, void (*)(void));
1667long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
1668long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1669
1670int SSL_get_error(const SSL *s, int ret_code);
1671const char *SSL_get_version(const SSL *s);
1672
1673/* This sets the 'default' SSL version that SSL_new() will create */
1674int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1675
1676const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */
1677const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */
1678const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */
1679
1680const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1681const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1682const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1683
1684const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
1685const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
1686const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
1687
1688const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
1689const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
1690const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
1691
1692const SSL_METHOD *TLS_method(void); /* TLS v1.0 or later */
1693const SSL_METHOD *TLS_server_method(void); /* TLS v1.0 or later */
1694const SSL_METHOD *TLS_client_method(void); /* TLS v1.0 or later */
1695
1696const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1697const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1698const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1699
1700STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1701
1702int SSL_do_handshake(SSL *s);
1703int SSL_renegotiate(SSL *s);
1704int SSL_renegotiate_abbreviated(SSL *s);
1705int SSL_renegotiate_pending(SSL *s);
1706int SSL_shutdown(SSL *s);
1707
1708const SSL_METHOD *SSL_get_ssl_method(SSL *s);
1709int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
1710const char *SSL_alert_type_string_long(int value);
1711const char *SSL_alert_type_string(int value);
1712const char *SSL_alert_desc_string_long(int value);
1713const char *SSL_alert_desc_string(int value);
1714
1715void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1716void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1717STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
1718STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1719int SSL_add_client_CA(SSL *ssl, X509 *x);
1720int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
1721
1722void SSL_set_connect_state(SSL *s);
1723void SSL_set_accept_state(SSL *s);
1724
1725long SSL_get_default_timeout(const SSL *s);
1726
1727int SSL_library_init(void );
1728
1729char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
1730STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1731
1732SSL *SSL_dup(SSL *ssl);
1733
1734X509 *SSL_get_certificate(const SSL *ssl);
1735/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1736
1737void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1738int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1739void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1740int SSL_get_quiet_shutdown(const SSL *ssl);
1741void SSL_set_shutdown(SSL *ssl,int mode);
1742int SSL_get_shutdown(const SSL *ssl);
1743int SSL_version(const SSL *ssl);
1744int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1745int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1746 const char *CApath);
1747int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len);
1748#define SSL_get0_session SSL_get_session /* just peek at pointer */
1749SSL_SESSION *SSL_get_session(const SSL *ssl);
1750SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1751SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1752SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
1753void SSL_set_info_callback(SSL *ssl,
1754 void (*cb)(const SSL *ssl, int type, int val));
1755void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
1756int SSL_state(const SSL *ssl);
1757void SSL_set_state(SSL *ssl, int state);
1758
1759void SSL_set_verify_result(SSL *ssl, long v);
1760long SSL_get_verify_result(const SSL *ssl);
1761
1762int SSL_set_ex_data(SSL *ssl, int idx, void *data);
1763void *SSL_get_ex_data(const SSL *ssl, int idx);
1764int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1765 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1766
1767int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
1768void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
1769int SSL_SESSION_get_ex_new_index(long argl, void *argp,
1770 CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
1771 CRYPTO_EX_free *free_func);
1772
1773int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
1774void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
1775int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1776 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1777
1778int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1779
1780#define SSL_CTX_sess_set_cache_size(ctx,t) \
1781 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1782#define SSL_CTX_sess_get_cache_size(ctx) \
1783 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1784#define SSL_CTX_set_session_cache_mode(ctx,m) \
1785 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1786#define SSL_CTX_get_session_cache_mode(ctx) \
1787 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1788
1789#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1790#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1791#define SSL_CTX_get_read_ahead(ctx) \
1792 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1793#define SSL_CTX_set_read_ahead(ctx,m) \
1794 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1795#define SSL_CTX_get_max_cert_list(ctx) \
1796 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1797#define SSL_CTX_set_max_cert_list(ctx,m) \
1798 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1799#define SSL_get_max_cert_list(ssl) \
1800 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1801#define SSL_set_max_cert_list(ssl,m) \
1802 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1803
1804#define SSL_CTX_set_max_send_fragment(ctx,m) \
1805 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1806#define SSL_set_max_send_fragment(ssl,m) \
1807 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1808
1809/* NB: the keylength is only applicable when is_export is true */
1810void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1811 RSA *(*cb)(SSL *ssl, int is_export, int keylength));
1812
1813void SSL_set_tmp_rsa_callback(SSL *ssl,
1814 RSA *(*cb)(SSL *ssl, int is_export, int keylength));
1815void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1816 DH *(*dh)(SSL *ssl, int is_export, int keylength));
1817void SSL_set_tmp_dh_callback(SSL *ssl,
1818 DH *(*dh)(SSL *ssl, int is_export, int keylength));
1819void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
1820 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
1821void SSL_set_tmp_ecdh_callback(SSL *ssl,
1822 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
1823
1824const void *SSL_get_current_compression(SSL *s);
1825const void *SSL_get_current_expansion(SSL *s);
1826
1827const char *SSL_COMP_get_name(const void *comp);
1828void *SSL_COMP_get_compression_methods(void);
1829int SSL_COMP_add_compression_method(int id, void *cm);
1830
1831/* TLS extensions functions */
1832int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1833
1834int SSL_set_session_ticket_ext_cb(SSL *s,
1835 tls_session_ticket_ext_cb_fn cb, void *arg);
1836
1837/* Pre-shared secret session resumption functions */
1838int SSL_set_session_secret_cb(SSL *s,
1839 tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
1840
1841void SSL_set_debug(SSL *s, int debug);
1842int SSL_cache_hit(SSL *s);
1843
1844/* BEGIN ERROR CODES */
1845/* The following lines are auto generated by the script mkerr.pl. Any changes
1846 * made after this point may be overwritten when the script is next run.
1847 */
1848void ERR_load_SSL_strings(void);
1849
1850/* Error codes for the SSL functions. */
1851
1852/* Function codes. */
1853#define SSL_F_CLIENT_CERTIFICATE 100
1854#define SSL_F_CLIENT_FINISHED 167
1855#define SSL_F_CLIENT_HELLO 101
1856#define SSL_F_CLIENT_MASTER_KEY 102
1857#define SSL_F_D2I_SSL_SESSION 103
1858#define SSL_F_DO_DTLS1_WRITE 245
1859#define SSL_F_DO_SSL3_WRITE 104
1860#define SSL_F_DTLS1_ACCEPT 246
1861#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
1862#define SSL_F_DTLS1_BUFFER_RECORD 247
1863#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316
1864#define SSL_F_DTLS1_CLIENT_HELLO 248
1865#define SSL_F_DTLS1_CONNECT 249
1866#define SSL_F_DTLS1_ENC 250
1867#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
1868#define SSL_F_DTLS1_GET_MESSAGE 252
1869#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1870#define SSL_F_DTLS1_GET_RECORD 254
1871#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
1872#define SSL_F_DTLS1_HEARTBEAT 305
1873#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1874#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
1875#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
1876#define SSL_F_DTLS1_PROCESS_RECORD 257
1877#define SSL_F_DTLS1_READ_BYTES 258
1878#define SSL_F_DTLS1_READ_FAILED 259
1879#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
1880#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
1881#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
1882#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
1883#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
1884#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
1885#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
1886#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
1887#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
1888#define SSL_F_GET_CLIENT_FINISHED 105
1889#define SSL_F_GET_CLIENT_HELLO 106
1890#define SSL_F_GET_CLIENT_MASTER_KEY 107
1891#define SSL_F_GET_SERVER_FINISHED 108
1892#define SSL_F_GET_SERVER_HELLO 109
1893#define SSL_F_GET_SERVER_VERIFY 110
1894#define SSL_F_I2D_SSL_SESSION 111
1895#define SSL_F_READ_N 112
1896#define SSL_F_REQUEST_CERTIFICATE 113
1897#define SSL_F_SERVER_FINISH 239
1898#define SSL_F_SERVER_HELLO 114
1899#define SSL_F_SERVER_VERIFY 240
1900#define SSL_F_SSL23_ACCEPT 115
1901#define SSL_F_SSL23_CLIENT_HELLO 116
1902#define SSL_F_SSL23_CONNECT 117
1903#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1904#define SSL_F_SSL23_GET_SERVER_HELLO 119
1905#define SSL_F_SSL23_PEEK 237
1906#define SSL_F_SSL23_READ 120
1907#define SSL_F_SSL23_WRITE 121
1908#define SSL_F_SSL2_ACCEPT 122
1909#define SSL_F_SSL2_CONNECT 123
1910#define SSL_F_SSL2_ENC_INIT 124
1911#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
1912#define SSL_F_SSL2_PEEK 234
1913#define SSL_F_SSL2_READ 125
1914#define SSL_F_SSL2_READ_INTERNAL 236
1915#define SSL_F_SSL2_SET_CERTIFICATE 126
1916#define SSL_F_SSL2_WRITE 127
1917#define SSL_F_SSL3_ACCEPT 128
1918#define SSL_F_SSL3_ADD_CERT_TO_BUF 296
1919#define SSL_F_SSL3_CALLBACK_CTRL 233
1920#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1921#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1922#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
1923#define SSL_F_SSL3_CLIENT_HELLO 131
1924#define SSL_F_SSL3_CONNECT 132
1925#define SSL_F_SSL3_CTRL 213
1926#define SSL_F_SSL3_CTX_CTRL 133
1927#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
1928#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
1929#define SSL_F_SSL3_ENC 134
1930#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1931#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1932#define SSL_F_SSL3_GET_CERT_STATUS 289
1933#define SSL_F_SSL3_GET_CERT_VERIFY 136
1934#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1935#define SSL_F_SSL3_GET_CLIENT_HELLO 138
1936#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
1937#define SSL_F_SSL3_GET_FINISHED 140
1938#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1939#define SSL_F_SSL3_GET_MESSAGE 142
1940#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
1941#define SSL_F_SSL3_GET_NEXT_PROTO 306
1942#define SSL_F_SSL3_GET_RECORD 143
1943#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1944#define SSL_F_SSL3_GET_SERVER_DONE 145
1945#define SSL_F_SSL3_GET_SERVER_HELLO 146
1946#define SSL_F_SSL3_HANDSHAKE_MAC 285
1947#define SSL_F_SSL3_NEW_SESSION_TICKET 287
1948#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1949#define SSL_F_SSL3_PEEK 235
1950#define SSL_F_SSL3_READ_BYTES 148
1951#define SSL_F_SSL3_READ_N 149
1952#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
1953#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
1954#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1955#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1956#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1957#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1958#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1959#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1960#define SSL_F_SSL3_SETUP_READ_BUFFER 156
1961#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
1962#define SSL_F_SSL3_WRITE_BYTES 158
1963#define SSL_F_SSL3_WRITE_PENDING 159
1964#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
1965#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
1966#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307
1967#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1968#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1969#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
1970#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
1971#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308
1972#define SSL_F_SSL_BAD_METHOD 160
1973#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1974#define SSL_F_SSL_CERT_DUP 221
1975#define SSL_F_SSL_CERT_INST 222
1976#define SSL_F_SSL_CERT_INSTANTIATE 214
1977#define SSL_F_SSL_CERT_NEW 162
1978#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1979#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
1980#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
1981#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1982#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1983#define SSL_F_SSL_CLEAR 164
1984#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1985#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1986#define SSL_F_SSL_CTRL 232
1987#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1988#define SSL_F_SSL_CTX_MAKE_PROFILES 309
1989#define SSL_F_SSL_CTX_NEW 169
1990#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1991#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
1992#define SSL_F_SSL_CTX_SET_PURPOSE 226
1993#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1994#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
1995#define SSL_F_SSL_CTX_SET_TRUST 229
1996#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
1997#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
1998#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
1999#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
2000#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
2001#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
2002#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
2003#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
2004#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
2005#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
2006#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
2007#define SSL_F_SSL_DO_HANDSHAKE 180
2008#define SSL_F_SSL_GET_NEW_SESSION 181
2009#define SSL_F_SSL_GET_PREV_SESSION 217
2010#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
2011#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
2012#define SSL_F_SSL_GET_SIGN_PKEY 183
2013#define SSL_F_SSL_INIT_WBIO_BUFFER 184
2014#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
2015#define SSL_F_SSL_NEW 186
2016#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
2017#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
2018#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310
2019#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
2020#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
2021#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
2022#define SSL_F_SSL_PEEK 270
2023#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
2024#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
2025#define SSL_F_SSL_READ 223
2026#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
2027#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
2028#define SSL_F_SSL_SESSION_NEW 189
2029#define SSL_F_SSL_SESSION_PRINT_FP 190
2030#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
2031#define SSL_F_SSL_SESS_CERT_NEW 225
2032#define SSL_F_SSL_SET_CERT 191
2033#define SSL_F_SSL_SET_CIPHER_LIST 271
2034#define SSL_F_SSL_SET_FD 192
2035#define SSL_F_SSL_SET_PKEY 193
2036#define SSL_F_SSL_SET_PURPOSE 227
2037#define SSL_F_SSL_SET_RFD 194
2038#define SSL_F_SSL_SET_SESSION 195
2039#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
2040#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
2041#define SSL_F_SSL_SET_TRUST 228
2042#define SSL_F_SSL_SET_WFD 196
2043#define SSL_F_SSL_SHUTDOWN 224
2044#define SSL_F_SSL_SRP_CTX_INIT 313
2045#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
2046#define SSL_F_SSL_UNDEFINED_FUNCTION 197
2047#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
2048#define SSL_F_SSL_USE_CERTIFICATE 198
2049#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
2050#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
2051#define SSL_F_SSL_USE_PRIVATEKEY 201
2052#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
2053#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
2054#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
2055#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
2056#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
2057#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
2058#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
2059#define SSL_F_SSL_WRITE 208
2060#define SSL_F_TLS1_AEAD_CTX_INIT 339
2061#define SSL_F_TLS1_CERT_VERIFY_MAC 286
2062#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2063#define SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD 340
2064#define SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER 338
2065#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
2066#define SSL_F_TLS1_ENC 210
2067#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
2068#define SSL_F_TLS1_HEARTBEAT 315
2069#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2070#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2071#define SSL_F_TLS1_PRF 284
2072#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
2073#define SSL_F_WRITE_PENDING 212
2074
2075/* Reason codes. */
2076#define SSL_R_APP_DATA_IN_HANDSHAKE 100
2077#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2078#define SSL_R_BAD_ALERT_RECORD 101
2079#define SSL_R_BAD_AUTHENTICATION_TYPE 102
2080#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
2081#define SSL_R_BAD_CHECKSUM 104
2082#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
2083#define SSL_R_BAD_DECOMPRESSION 107
2084#define SSL_R_BAD_DH_G_LENGTH 108
2085#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
2086#define SSL_R_BAD_DH_P_LENGTH 110
2087#define SSL_R_BAD_DIGEST_LENGTH 111
2088#define SSL_R_BAD_DSA_SIGNATURE 112
2089#define SSL_R_BAD_ECC_CERT 304
2090#define SSL_R_BAD_ECDSA_SIGNATURE 305
2091#define SSL_R_BAD_ECPOINT 306
2092#define SSL_R_BAD_HANDSHAKE_LENGTH 332
2093#define SSL_R_BAD_HELLO_REQUEST 105
2094#define SSL_R_BAD_LENGTH 271
2095#define SSL_R_BAD_MAC_DECODE 113
2096#define SSL_R_BAD_MAC_LENGTH 333
2097#define SSL_R_BAD_MESSAGE_TYPE 114
2098#define SSL_R_BAD_PACKET_LENGTH 115
2099#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
2100#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
2101#define SSL_R_BAD_RESPONSE_ARGUMENT 117
2102#define SSL_R_BAD_RSA_DECRYPT 118
2103#define SSL_R_BAD_RSA_ENCRYPT 119
2104#define SSL_R_BAD_RSA_E_LENGTH 120
2105#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
2106#define SSL_R_BAD_RSA_SIGNATURE 122
2107#define SSL_R_BAD_SIGNATURE 123
2108#define SSL_R_BAD_SRP_A_LENGTH 347
2109#define SSL_R_BAD_SRP_B_LENGTH 348
2110#define SSL_R_BAD_SRP_G_LENGTH 349
2111#define SSL_R_BAD_SRP_N_LENGTH 350
2112#define SSL_R_BAD_SRP_S_LENGTH 351
2113#define SSL_R_BAD_SRTP_MKI_VALUE 352
2114#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
2115#define SSL_R_BAD_SSL_FILETYPE 124
2116#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
2117#define SSL_R_BAD_STATE 126
2118#define SSL_R_BAD_WRITE_RETRY 127
2119#define SSL_R_BIO_NOT_SET 128
2120#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
2121#define SSL_R_BN_LIB 130
2122#define SSL_R_CA_DN_LENGTH_MISMATCH 131
2123#define SSL_R_CA_DN_TOO_LONG 132
2124#define SSL_R_CCS_RECEIVED_EARLY 133
2125#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
2126#define SSL_R_CERT_LENGTH_MISMATCH 135
2127#define SSL_R_CHALLENGE_IS_DIFFERENT 136
2128#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
2129#define SSL_R_CIPHER_COMPRESSION_UNAVAILABLE 371
2130#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
2131#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
2132#define SSL_R_CLIENTHELLO_TLSEXT 226
2133#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
2134#define SSL_R_COMPRESSION_DISABLED 343
2135#define SSL_R_COMPRESSION_FAILURE 141
2136#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
2137#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
2138#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
2139#define SSL_R_CONNECTION_TYPE_NOT_SET 144
2140#define SSL_R_COOKIE_MISMATCH 308
2141#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
2142#define SSL_R_DATA_LENGTH_TOO_LONG 146
2143#define SSL_R_DECRYPTION_FAILED 147
2144#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
2145#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
2146#define SSL_R_DIGEST_CHECK_FAILED 149
2147#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
2148#define SSL_R_DUPLICATE_COMPRESSION_ID 309
2149#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
2150#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
2151#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2152#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
2153#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
2154#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
2155#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
2156#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
2157#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
2158#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
2159#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
2160#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
2161#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
2162#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
2163#define SSL_R_HTTPS_PROXY_REQUEST 155
2164#define SSL_R_HTTP_REQUEST 156
2165#define SSL_R_ILLEGAL_PADDING 283
2166#define SSL_R_INAPPROPRIATE_FALLBACK 373
2167#define SSL_R_INCONSISTENT_COMPRESSION 340
2168#define SSL_R_INVALID_CHALLENGE_LENGTH 158
2169#define SSL_R_INVALID_COMMAND 280
2170#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
2171#define SSL_R_INVALID_PURPOSE 278
2172#define SSL_R_INVALID_SRP_USERNAME 357
2173#define SSL_R_INVALID_STATUS_RESPONSE 328
2174#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
2175#define SSL_R_INVALID_TRUST 279
2176#define SSL_R_KEY_ARG_TOO_LONG 284
2177#define SSL_R_KRB5 285
2178#define SSL_R_KRB5_C_CC_PRINC 286
2179#define SSL_R_KRB5_C_GET_CRED 287
2180#define SSL_R_KRB5_C_INIT 288
2181#define SSL_R_KRB5_C_MK_REQ 289
2182#define SSL_R_KRB5_S_BAD_TICKET 290
2183#define SSL_R_KRB5_S_INIT 291
2184#define SSL_R_KRB5_S_RD_REQ 292
2185#define SSL_R_KRB5_S_TKT_EXPIRED 293
2186#define SSL_R_KRB5_S_TKT_NYV 294
2187#define SSL_R_KRB5_S_TKT_SKEW 295
2188#define SSL_R_LENGTH_MISMATCH 159
2189#define SSL_R_LENGTH_TOO_SHORT 160
2190#define SSL_R_LIBRARY_BUG 274
2191#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
2192#define SSL_R_MESSAGE_TOO_LONG 296
2193#define SSL_R_MISSING_DH_DSA_CERT 162
2194#define SSL_R_MISSING_DH_KEY 163
2195#define SSL_R_MISSING_DH_RSA_CERT 164
2196#define SSL_R_MISSING_DSA_SIGNING_CERT 165
2197#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
2198#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
2199#define SSL_R_MISSING_RSA_CERTIFICATE 168
2200#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
2201#define SSL_R_MISSING_RSA_SIGNING_CERT 170
2202#define SSL_R_MISSING_SRP_PARAM 358
2203#define SSL_R_MISSING_TMP_DH_KEY 171
2204#define SSL_R_MISSING_TMP_ECDH_KEY 311
2205#define SSL_R_MISSING_TMP_RSA_KEY 172
2206#define SSL_R_MISSING_TMP_RSA_PKEY 173
2207#define SSL_R_MISSING_VERIFY_MESSAGE 174
2208#define SSL_R_MULTIPLE_SGC_RESTARTS 346
2209#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
2210#define SSL_R_NO_CERTIFICATES_RETURNED 176
2211#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
2212#define SSL_R_NO_CERTIFICATE_RETURNED 178
2213#define SSL_R_NO_CERTIFICATE_SET 179
2214#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
2215#define SSL_R_NO_CIPHERS_AVAILABLE 181
2216#define SSL_R_NO_CIPHERS_PASSED 182
2217#define SSL_R_NO_CIPHERS_SPECIFIED 183
2218#define SSL_R_NO_CIPHER_LIST 184
2219#define SSL_R_NO_CIPHER_MATCH 185
2220#define SSL_R_NO_CLIENT_CERT_METHOD 331
2221#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
2222#define SSL_R_NO_COMPRESSION_SPECIFIED 187
2223#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
2224#define SSL_R_NO_METHOD_SPECIFIED 188
2225#define SSL_R_NO_PRIVATEKEY 189
2226#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
2227#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
2228#define SSL_R_NO_PUBLICKEY 192
2229#define SSL_R_NO_RENEGOTIATION 339
2230#define SSL_R_NO_REQUIRED_DIGEST 324
2231#define SSL_R_NO_SHARED_CIPHER 193
2232#define SSL_R_NO_SRTP_PROFILES 359
2233#define SSL_R_NO_VERIFY_CALLBACK 194
2234#define SSL_R_NULL_SSL_CTX 195
2235#define SSL_R_NULL_SSL_METHOD_PASSED 196
2236#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2237#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2238#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2239#define SSL_R_PACKET_LENGTH_TOO_LONG 198
2240#define SSL_R_PARSE_TLSEXT 227
2241#define SSL_R_PATH_TOO_LONG 270
2242#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
2243#define SSL_R_PEER_ERROR 200
2244#define SSL_R_PEER_ERROR_CERTIFICATE 201
2245#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
2246#define SSL_R_PEER_ERROR_NO_CIPHER 203
2247#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
2248#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
2249#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
2250#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
2251#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
2252#define SSL_R_PSK_NO_CLIENT_CB 224
2253#define SSL_R_PSK_NO_SERVER_CB 225
2254#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
2255#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
2256#define SSL_R_PUBLIC_KEY_NOT_RSA 210
2257#define SSL_R_READ_BIO_NOT_SET 211
2258#define SSL_R_READ_TIMEOUT_EXPIRED 312
2259#define SSL_R_READ_WRONG_PACKET_TYPE 212
2260#define SSL_R_RECORD_LENGTH_MISMATCH 213
2261#define SSL_R_RECORD_TOO_LARGE 214
2262#define SSL_R_RECORD_TOO_SMALL 298
2263#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
2264#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
2265#define SSL_R_RENEGOTIATION_MISMATCH 337
2266#define SSL_R_REQUIRED_CIPHER_MISSING 215
2267#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
2268#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
2269#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
2270#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
2271#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
2272#define SSL_R_SERVERHELLO_TLSEXT 275
2273#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
2274#define SSL_R_SHORT_READ 219
2275#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
2276#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
2277#define SSL_R_SRP_A_CALC 361
2278#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
2279#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
2280#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
2281#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
2282#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
2283#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
2284#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
2285#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
2286#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
2287#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
2288#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
2289#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
2290#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
2291#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
2292#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
2293#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
2294#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
2295#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
2296#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
2297#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
2298#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
2299#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
2300#define SSL_R_SSL_HANDSHAKE_FAILURE 229
2301#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
2302#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
2303#define SSL_R_SSL_SESSION_ID_CONFLICT 302
2304#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
2305#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
2306#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
2307#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
2308#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
2309#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
2310#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
2311#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
2312#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
2313#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
2314#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
2315#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
2316#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
2317#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2318#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2319#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2320#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
2321#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
2322#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
2323#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2324#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2325#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2326#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
2327#define SSL_R_TLS_HEARTBEAT_PENDING 366
2328#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
2329#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2330#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2331#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2332#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
2333#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
2334#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
2335#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
2336#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
2337#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
2338#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
2339#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
2340#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
2341#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
2342#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
2343#define SSL_R_UNEXPECTED_MESSAGE 244
2344#define SSL_R_UNEXPECTED_RECORD 245
2345#define SSL_R_UNINITIALIZED 276
2346#define SSL_R_UNKNOWN_ALERT_TYPE 246
2347#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
2348#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
2349#define SSL_R_UNKNOWN_CIPHER_TYPE 249
2350#define SSL_R_UNKNOWN_DIGEST 368
2351#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
2352#define SSL_R_UNKNOWN_PKEY_TYPE 251
2353#define SSL_R_UNKNOWN_PROTOCOL 252
2354#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2355#define SSL_R_UNKNOWN_SSL_VERSION 254
2356#define SSL_R_UNKNOWN_STATE 255
2357#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
2358#define SSL_R_UNSUPPORTED_CIPHER 256
2359#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2360#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
2361#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2362#define SSL_R_UNSUPPORTED_PROTOCOL 258
2363#define SSL_R_UNSUPPORTED_SSL_VERSION 259
2364#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
2365#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
2366#define SSL_R_WRITE_BIO_NOT_SET 260
2367#define SSL_R_WRONG_CIPHER_RETURNED 261
2368#define SSL_R_WRONG_CURVE 378
2369#define SSL_R_WRONG_MESSAGE_TYPE 262
2370#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2371#define SSL_R_WRONG_SIGNATURE_LENGTH 264
2372#define SSL_R_WRONG_SIGNATURE_SIZE 265
2373#define SSL_R_WRONG_SIGNATURE_TYPE 370
2374#define SSL_R_WRONG_SSL_VERSION 266
2375#define SSL_R_WRONG_VERSION_NUMBER 267
2376#define SSL_R_X509_LIB 268
2377#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
2378
2379#ifdef __cplusplus
2380}
2381#endif
2382#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index 3a8d300729..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,153 +0,0 @@
1/* $OpenBSD: ssl2.h,v 1.12 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
137#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
138
139#define SSL2_CHALLENGE_LENGTH 16
140/*#define SSL2_CHALLENGE_LENGTH 32 */
141#define SSL2_MIN_CHALLENGE_LENGTH 16
142#define SSL2_MAX_CHALLENGE_LENGTH 32
143#define SSL2_CONNECTION_ID_LENGTH 16
144#define SSL2_MAX_CONNECTION_ID_LENGTH 16
145#define SSL2_SSL_SESSION_ID_LENGTH 16
146#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
147#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
148#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
149
150#ifdef __cplusplus
151}
152#endif
153#endif
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index 570e4b0171..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,82 +0,0 @@
1/* $OpenBSD: ssl23.h,v 1.4 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 5ec2fe6f88..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,617 +0,0 @@
1/* $OpenBSD: ssl3.h,v 1.41 2015/07/19 06:23:51 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H
119
120#include <openssl/buffer.h>
121#include <openssl/evp.h>
122#include <openssl/ssl.h>
123
124#ifdef __cplusplus
125extern "C" {
126#endif
127
128/* TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. */
129#define SSL3_CK_SCSV 0x030000FF
130
131/* TLS_FALLBACK_SCSV from draft-ietf-tls-downgrade-scsv-03. */
132#define SSL3_CK_FALLBACK_SCSV 0x03005600
133
134#define SSL3_CK_RSA_NULL_MD5 0x03000001
135#define SSL3_CK_RSA_NULL_SHA 0x03000002
136#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
137#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
138#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
139#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
140#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
141#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
142#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
143#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
144
145#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
146#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
147#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
148#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
149#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
150#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
151
152#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
153#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
154#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
155#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
156#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
157#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
158
159#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
160#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
161#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
162#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
163#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
164
165/* VRS Additional Kerberos5 entries
166 */
167#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
168#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
169#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
170#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
171#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
172#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
173#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
174#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
175
176#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
177#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
178#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
179#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
180#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
181#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
182
183#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
184#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
185#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
186#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
187#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
188#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
189#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
190#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
191#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
192#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
193
194#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
195#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
196#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
197#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
198#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
199#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
200
201#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
202#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
203#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
204#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
205#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
206#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
207
208#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
209#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
210#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
211#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
212#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
213
214#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
215#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
216#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
217#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
218#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
219#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
220#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
221#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
222
223#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
224#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
225#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
226#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
227#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
228#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
229
230#define SSL3_SSL_SESSION_ID_LENGTH 32
231#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
232
233#define SSL3_MASTER_SECRET_SIZE 48
234#define SSL3_RANDOM_SIZE 32
235#define SSL3_SEQUENCE_SIZE 8
236#define SSL3_SESSION_ID_SIZE 32
237#define SSL3_CIPHER_VALUE_SIZE 2
238
239#define SSL3_RT_HEADER_LENGTH 5
240#define SSL3_HM_HEADER_LENGTH 4
241
242#define SSL3_ALIGN_PAYLOAD 8
243
244/* This is the maximum MAC (digest) size used by the SSL library.
245 * Currently maximum of 20 is used by SHA1, but we reserve for
246 * future extension for 512-bit hashes.
247 */
248
249#define SSL3_RT_MAX_MD_SIZE 64
250
251/* Maximum block size used in all ciphersuites. Currently 16 for AES.
252 */
253
254#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
255
256#define SSL3_RT_MAX_EXTRA (16384)
257
258/* Maximum plaintext length: defined by SSL/TLS standards */
259#define SSL3_RT_MAX_PLAIN_LENGTH 16384
260/* Maximum compression overhead: defined by SSL/TLS standards */
261#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
262
263/* The standards give a maximum encryption overhead of 1024 bytes.
264 * In practice the value is lower than this. The overhead is the maximum
265 * number of padding bytes (256) plus the mac size.
266 */
267#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
268
269/* OpenSSL currently only uses a padding length of at most one block so
270 * the send overhead is smaller.
271 */
272
273#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
274 (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
275
276/* If compression isn't used don't include the compression overhead */
277#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
278#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
279 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
280#define SSL3_RT_MAX_PACKET_SIZE \
281 (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
282
283#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
284#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
285
286#define SSL3_VERSION 0x0300
287#define SSL3_VERSION_MAJOR 0x03
288#define SSL3_VERSION_MINOR 0x00
289
290#define SSL3_RT_CHANGE_CIPHER_SPEC 20
291#define SSL3_RT_ALERT 21
292#define SSL3_RT_HANDSHAKE 22
293#define SSL3_RT_APPLICATION_DATA 23
294#define TLS1_RT_HEARTBEAT 24
295
296#define SSL3_AL_WARNING 1
297#define SSL3_AL_FATAL 2
298
299#define SSL3_AD_CLOSE_NOTIFY 0
300#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
301#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
302#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
303#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
304#define SSL3_AD_NO_CERTIFICATE 41
305#define SSL3_AD_BAD_CERTIFICATE 42
306#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
307#define SSL3_AD_CERTIFICATE_REVOKED 44
308#define SSL3_AD_CERTIFICATE_EXPIRED 45
309#define SSL3_AD_CERTIFICATE_UNKNOWN 46
310#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
311
312#define TLS1_HB_REQUEST 1
313#define TLS1_HB_RESPONSE 2
314
315#ifndef OPENSSL_NO_SSL_INTERN
316
317typedef struct ssl3_record_st {
318/*r */ int type; /* type of record */
319/*rw*/ unsigned int length; /* How many bytes available */
320/*r */ unsigned int off; /* read/write offset into 'buf' */
321/*rw*/ unsigned char *data; /* pointer to the record data */
322/*rw*/ unsigned char *input; /* where the decode bytes are */
323/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
324/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
325} SSL3_RECORD;
326
327typedef struct ssl3_buffer_st {
328 unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
329 * see ssl3_setup_buffers() */
330 size_t len; /* buffer size */
331 int offset; /* where to 'copy from' */
332 int left; /* how many bytes left */
333} SSL3_BUFFER;
334
335#endif
336
337#define SSL3_CT_RSA_SIGN 1
338#define SSL3_CT_DSS_SIGN 2
339#define SSL3_CT_RSA_FIXED_DH 3
340#define SSL3_CT_DSS_FIXED_DH 4
341#define SSL3_CT_RSA_EPHEMERAL_DH 5
342#define SSL3_CT_DSS_EPHEMERAL_DH 6
343#define SSL3_CT_FORTEZZA_DMS 20
344/* SSL3_CT_NUMBER is used to size arrays and it must be large
345 * enough to contain all of the cert types defined either for
346 * SSLv3 and TLSv1.
347 */
348#define SSL3_CT_NUMBER 11
349
350
351#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
352#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
353#define SSL3_FLAGS_POP_BUFFER 0x0004
354#define TLS1_FLAGS_TLS_PADDING_BUG 0x0
355#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
356#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
357#define SSL3_FLAGS_CCS_OK 0x0080
358
359#ifndef OPENSSL_NO_SSL_INTERN
360
361typedef struct ssl3_state_st {
362 long flags;
363 int delay_buf_pop_ret;
364
365 unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
366 int read_mac_secret_size;
367 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
368 unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
369 int write_mac_secret_size;
370 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
371
372 unsigned char server_random[SSL3_RANDOM_SIZE];
373 unsigned char client_random[SSL3_RANDOM_SIZE];
374
375 /* flags for countermeasure against known-IV weakness */
376 int need_empty_fragments;
377 int empty_fragment_done;
378
379 SSL3_BUFFER rbuf; /* read IO goes into here */
380 SSL3_BUFFER wbuf; /* write IO goes into here */
381
382 SSL3_RECORD rrec; /* each decoded record goes in here */
383 SSL3_RECORD wrec; /* goes out from here */
384
385 /* storage for Alert/Handshake protocol data received but not
386 * yet processed by ssl3_read_bytes: */
387 unsigned char alert_fragment[2];
388 unsigned int alert_fragment_len;
389 unsigned char handshake_fragment[4];
390 unsigned int handshake_fragment_len;
391
392 /* partial write - check the numbers match */
393 unsigned int wnum; /* number of bytes sent so far */
394 int wpend_tot; /* number bytes written */
395 int wpend_type;
396 int wpend_ret; /* number of bytes submitted */
397 const unsigned char *wpend_buf;
398
399 /* used during startup, digest all incoming/outgoing packets */
400 BIO *handshake_buffer;
401 /* When set of handshake digests is determined, buffer is hashed
402 * and freed and MD_CTX-es for all required digests are stored in
403 * this array */
404 EVP_MD_CTX **handshake_dgst;
405 /* this is set whenerver we see a change_cipher_spec message
406 * come in when we are not looking for one */
407 int change_cipher_spec;
408
409 int warn_alert;
410 int fatal_alert;
411 /* we allow one fatal and one warning alert to be outstanding,
412 * send close alert via the warning alert */
413 int alert_dispatch;
414 unsigned char send_alert[2];
415
416 /* This flag is set when we should renegotiate ASAP, basically when
417 * there is no more data in the read or write buffers */
418 int renegotiate;
419 int total_renegotiations;
420 int num_renegotiations;
421
422 int in_read_app_data;
423
424 struct {
425 /* actually only needs to be 16+20 */
426 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
427
428 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
429 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
430 int finish_md_len;
431 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
432 int peer_finish_md_len;
433
434 unsigned long message_size;
435 int message_type;
436
437 /* used to hold the new cipher we are going to use */
438 const SSL_CIPHER *new_cipher;
439 DH *dh;
440
441 EC_KEY *ecdh; /* holds short lived ECDH key */
442
443 /* used when SSL_ST_FLUSH_DATA is entered */
444 int next_state;
445
446 int reuse_message;
447
448 /* used for certificate requests */
449 int cert_req;
450 int ctype_num;
451 char ctype[SSL3_CT_NUMBER];
452 STACK_OF(X509_NAME) *ca_names;
453
454 int key_block_length;
455 unsigned char *key_block;
456
457 const EVP_CIPHER *new_sym_enc;
458 const EVP_AEAD *new_aead;
459 const EVP_MD *new_hash;
460 int new_mac_pkey_type;
461 int new_mac_secret_size;
462 int cert_request;
463 } tmp;
464
465 /* Connection binding to prevent renegotiation attacks */
466 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
467 unsigned char previous_client_finished_len;
468 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
469 unsigned char previous_server_finished_len;
470 int send_connection_binding; /* TODOEKR */
471
472 /* Set if we saw the Next Protocol Negotiation extension from our peer.
473 */
474 int next_proto_neg_seen;
475
476 /*
477 * ALPN information
478 * (we are in the process of transitioning from NPN to ALPN).
479 */
480
481 /*
482 * In a server these point to the selected ALPN protocol after the
483 * ClientHello has been processed. In a client these contain the
484 * protocol that the server selected once the ServerHello has been
485 * processed.
486 */
487 unsigned char *alpn_selected;
488 unsigned int alpn_selected_len;
489} SSL3_STATE;
490
491#endif
492
493/* SSLv3 */
494/*client */
495/* extra state */
496#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
497/* write to server */
498#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
499#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
500/* read from server */
501#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
502#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
503#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
504#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
505#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
506#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
507#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
508#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
509#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
510#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
511#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
512#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
513/* write to server */
514#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
515#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
516#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
517#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
518#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
519#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
520#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
521#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
522#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
523#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
524#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
525#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
526#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
527#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
528/* read from server */
529#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
530#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
531#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
532#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
533#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
534#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
535#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
536#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
537
538/* server */
539/* extra state */
540#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
541/* read from client */
542/* Do not change the number values, they do matter */
543#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
544#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
545#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
546/* write to client */
547#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
548#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
549#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
550#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
551#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
552#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
553#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
554#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
555#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
556#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
557#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
558#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
559#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
560#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
561#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
562/* read from client */
563#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
564#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
565#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
566#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
567#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
568#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
569#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
570#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
571#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
572#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
573#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
574#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
575/* write to client */
576#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
577#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
578#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
579#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
580#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
581#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
582#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
583#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
584
585#define SSL3_MT_HELLO_REQUEST 0
586#define SSL3_MT_CLIENT_HELLO 1
587#define SSL3_MT_SERVER_HELLO 2
588#define SSL3_MT_NEWSESSION_TICKET 4
589#define SSL3_MT_CERTIFICATE 11
590#define SSL3_MT_SERVER_KEY_EXCHANGE 12
591#define SSL3_MT_CERTIFICATE_REQUEST 13
592#define SSL3_MT_SERVER_DONE 14
593#define SSL3_MT_CERTIFICATE_VERIFY 15
594#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
595#define SSL3_MT_FINISHED 20
596#define SSL3_MT_CERTIFICATE_STATUS 22
597
598#define SSL3_MT_NEXT_PROTO 67
599
600#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
601
602#define SSL3_MT_CCS 1
603
604/* These are used when changing over to a new cipher */
605#define SSL3_CC_READ 0x01
606#define SSL3_CC_WRITE 0x02
607#define SSL3_CC_CLIENT 0x10
608#define SSL3_CC_SERVER 0x20
609#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
610#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
611#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
612#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
613
614#ifdef __cplusplus
615}
616#endif
617#endif
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index 3010a735c9..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,131 +0,0 @@
1/* $OpenBSD: ssl_algs.c,v 1.22 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63
64#include "ssl_locl.h"
65
66int
67SSL_library_init(void)
68{
69
70#ifndef OPENSSL_NO_DES
71 EVP_add_cipher(EVP_des_cbc());
72 EVP_add_cipher(EVP_des_ede3_cbc());
73#endif
74#ifndef OPENSSL_NO_IDEA
75 EVP_add_cipher(EVP_idea_cbc());
76#endif
77#ifndef OPENSSL_NO_RC4
78 EVP_add_cipher(EVP_rc4());
79#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
80 EVP_add_cipher(EVP_rc4_hmac_md5());
81#endif
82#endif
83#ifndef OPENSSL_NO_RC2
84 EVP_add_cipher(EVP_rc2_cbc());
85 /* Not actually used for SSL/TLS but this makes PKCS#12 work
86 * if an application only calls SSL_library_init().
87 */
88 EVP_add_cipher(EVP_rc2_40_cbc());
89#endif
90 EVP_add_cipher(EVP_aes_128_cbc());
91 EVP_add_cipher(EVP_aes_192_cbc());
92 EVP_add_cipher(EVP_aes_256_cbc());
93 EVP_add_cipher(EVP_aes_128_gcm());
94 EVP_add_cipher(EVP_aes_256_gcm());
95 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
96 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
97#ifndef OPENSSL_NO_CAMELLIA
98 EVP_add_cipher(EVP_camellia_128_cbc());
99 EVP_add_cipher(EVP_camellia_256_cbc());
100#endif
101#ifndef OPENSSL_NO_GOST
102 EVP_add_cipher(EVP_gost2814789_cfb64());
103 EVP_add_cipher(EVP_gost2814789_cnt());
104#endif
105
106 EVP_add_digest(EVP_md5());
107 EVP_add_digest_alias(SN_md5, "ssl2-md5");
108 EVP_add_digest_alias(SN_md5, "ssl3-md5");
109 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
110 EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
111 EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
112 EVP_add_digest(EVP_sha224());
113 EVP_add_digest(EVP_sha256());
114 EVP_add_digest(EVP_sha384());
115 EVP_add_digest(EVP_sha512());
116 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
117 EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
118 EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
119 EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
120 EVP_add_digest(EVP_ecdsa());
121#ifndef OPENSSL_NO_GOST
122 EVP_add_digest(EVP_gostr341194());
123 EVP_add_digest(EVP_gost2814789imit());
124 EVP_add_digest(EVP_streebog256());
125 EVP_add_digest(EVP_streebog512());
126#endif
127 /* initialize cipher/digest methods table */
128 ssl_load_ciphers();
129 return (1);
130}
131
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index ee00cb286d..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,691 +0,0 @@
1/* $OpenBSD: ssl_asn1.c,v 1.41 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include "ssl_locl.h"
63
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67/* XXX - these are here to avoid including asn1_mac.h */
68int asn1_GetSequence(ASN1_const_CTX *c, long *length);
69void asn1_add_error(const unsigned char *address, int offset);
70
71typedef struct ssl_session_asn1_st {
72 ASN1_INTEGER version;
73 ASN1_INTEGER ssl_version;
74 ASN1_OCTET_STRING cipher;
75 ASN1_OCTET_STRING master_key;
76 ASN1_OCTET_STRING session_id;
77 ASN1_OCTET_STRING session_id_context;
78 ASN1_INTEGER time;
79 ASN1_INTEGER timeout;
80 ASN1_INTEGER verify_result;
81 ASN1_OCTET_STRING tlsext_hostname;
82 ASN1_INTEGER tlsext_tick_lifetime;
83 ASN1_OCTET_STRING tlsext_tick;
84} SSL_SESSION_ASN1;
85
86int
87i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
88{
89#define LSIZE2 (sizeof(long)*2)
90 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
91 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
92 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
93 unsigned char ibuf6[LSIZE2];
94 SSL_SESSION_ASN1 a;
95 unsigned char *p;
96 int len = 0, ret;
97 long l;
98
99 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
100 return (0);
101
102 /*
103 * Note that I cheat in the following 2 assignments.
104 * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
105 * is > sizeof(long)+1, the buffer will not be re-malloc()ed.
106 * This is a bit evil but makes things simple, no dynamic allocation
107 * to clean up :-)
108 */
109 a.version.length = LSIZE2;
110 a.version.type = V_ASN1_INTEGER;
111 a.version.data = ibuf1;
112 ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
113 len += i2d_ASN1_INTEGER(&(a.version), NULL);
114
115 a.ssl_version.length = LSIZE2;
116 a.ssl_version.type = V_ASN1_INTEGER;
117 a.ssl_version.data = ibuf2;
118 ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
119 len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL);
120
121 a.cipher.length = 2;
122 a.cipher.type = V_ASN1_OCTET_STRING;
123 l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id;
124 buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
125 buf[1] = ((unsigned char)(l)) & 0xff;
126 a.cipher.data = buf;
127 len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL);
128
129 a.master_key.length = in->master_key_length;
130 a.master_key.type = V_ASN1_OCTET_STRING;
131 a.master_key.data = in->master_key;
132 len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL);
133
134 a.session_id.length = in->session_id_length;
135 a.session_id.type = V_ASN1_OCTET_STRING;
136 a.session_id.data = in->session_id;
137 len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL);
138
139 if (in->time != 0L) {
140 a.time.length = LSIZE2;
141 a.time.type = V_ASN1_INTEGER;
142 a.time.data = ibuf3;
143 ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */
144 v1 = i2d_ASN1_INTEGER(&(a.time), NULL);
145 len += ASN1_object_size(1, v1, 1);
146 }
147
148 if (in->timeout != 0L) {
149 a.timeout.length = LSIZE2;
150 a.timeout.type = V_ASN1_INTEGER;
151 a.timeout.data = ibuf4;
152 ASN1_INTEGER_set(&(a.timeout), in->timeout);
153 v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL);
154 len += ASN1_object_size(1, v2, 2);
155 }
156
157 if (in->peer != NULL) {
158 v3 = i2d_X509(in->peer, NULL);
159 len += ASN1_object_size(1, v3, 3);
160 }
161
162 a.session_id_context.length = in->sid_ctx_length;
163 a.session_id_context.type = V_ASN1_OCTET_STRING;
164 a.session_id_context.data = in->sid_ctx;
165 v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL);
166 len += ASN1_object_size(1, v4, 4);
167
168 if (in->verify_result != X509_V_OK) {
169 a.verify_result.length = LSIZE2;
170 a.verify_result.type = V_ASN1_INTEGER;
171 a.verify_result.data = ibuf5;
172 ASN1_INTEGER_set(&a.verify_result, in->verify_result);
173 v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL);
174 len += ASN1_object_size(1, v5, 5);
175 }
176
177 if (in->tlsext_hostname) {
178 a.tlsext_hostname.length = strlen(in->tlsext_hostname);
179 a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
180 a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
181 v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL);
182 len += ASN1_object_size(1, v6, 6);
183 }
184
185 /* 7 - PSK identity hint. */
186 /* 8 - PSK identity. */
187
188 if (in->tlsext_tick_lifetime_hint > 0) {
189 a.tlsext_tick_lifetime.length = LSIZE2;
190 a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
191 a.tlsext_tick_lifetime.data = ibuf6;
192 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
193 in->tlsext_tick_lifetime_hint);
194 v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL);
195 len += ASN1_object_size(1, v9, 9);
196 }
197
198 if (in->tlsext_tick) {
199 a.tlsext_tick.length = in->tlsext_ticklen;
200 a.tlsext_tick.type = V_ASN1_OCTET_STRING;
201 a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
202 v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL);
203 len += ASN1_object_size(1, v10, 10);
204 }
205
206 /* 11 - Compression method. */
207 /* 12 - SRP username. */
208
209 /* If given a NULL pointer, return the length only. */
210 ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE));
211 if (pp == NULL)
212 return (ret);
213
214 /* Burp out the ASN1. */
215 p = *pp;
216 ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
217 i2d_ASN1_INTEGER(&(a.version), &p);
218 i2d_ASN1_INTEGER(&(a.ssl_version), &p);
219 i2d_ASN1_OCTET_STRING(&(a.cipher), &p);
220 i2d_ASN1_OCTET_STRING(&(a.session_id), &p);
221 i2d_ASN1_OCTET_STRING(&(a.master_key), &p);
222 if (in->time != 0L) {
223 ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC);
224 i2d_ASN1_INTEGER(&(a.time), &p);
225 }
226 if (in->timeout != 0L) {
227 ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC);
228 i2d_ASN1_INTEGER(&(a.timeout), &p);
229 }
230 if (in->peer != NULL) {
231 ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC);
232 i2d_X509(in->peer, &p);
233 }
234 ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC);
235 i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p);
236 if (in->verify_result != X509_V_OK) {
237 ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC);
238 i2d_ASN1_INTEGER(&(a.verify_result), &p);
239 }
240 if (in->tlsext_hostname) {
241 ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC);
242 i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p);
243 }
244 /* 7 - PSK identity hint. */
245 /* 8 - PSK identity. */
246 if (in->tlsext_tick_lifetime_hint > 0) {
247 ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC);
248 i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p);
249 }
250 if (in->tlsext_tick) {
251 ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC);
252 i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p);
253 }
254 /* 11 - Compression method. */
255 /* 12 - SRP username. */
256
257 *pp = p;
258 return (ret);
259}
260
261SSL_SESSION *
262d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
263{
264 SSL_SESSION *ret = NULL;
265 ASN1_const_CTX c;
266 ASN1_INTEGER ai, *aip;
267 ASN1_OCTET_STRING os, *osp;
268 int ssl_version = 0, i;
269 int Tinf, Ttag, Tclass;
270 long Tlen;
271 long id;
272
273 c.pp = pp;
274 c.p = *pp;
275 c.q = *pp;
276 c.max = (length == 0) ? 0 : (c.p + length);
277 c.slen = length;
278
279 if (a == NULL || *a == NULL) {
280 if ((ret = SSL_SESSION_new()) == NULL) {
281 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
282 goto err;
283 }
284 } else
285 ret = *a;
286
287 aip = &ai;
288 osp = &os;
289
290 if (!asn1_GetSequence(&c, &length)) {
291 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
292 goto err;
293 }
294
295 ai.data = NULL;
296 ai.length = 0;
297 c.q = c.p;
298 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
299 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
300 goto err;
301 }
302 c.slen -= (c.p - c.q);
303
304 if (ai.data != NULL) {
305 free(ai.data);
306 ai.data = NULL;
307 ai.length = 0;
308 }
309
310 /* we don't care about the version right now :-) */
311 c.q = c.p;
312 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
313 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
314 goto err;
315 }
316 c.slen -= (c.p - c.q);
317 ssl_version = (int)ASN1_INTEGER_get(aip);
318 ret->ssl_version = ssl_version;
319 if (ai.data != NULL) {
320 free(ai.data);
321 ai.data = NULL;
322 ai.length = 0;
323 }
324
325 os.data = NULL;
326 os.length = 0;
327 c.q = c.p;
328 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
329 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
330 goto err;
331 }
332 c.slen -= (c.p - c.q);
333 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
334 if (os.length != 2) {
335 SSLerr(SSL_F_D2I_SSL_SESSION,
336 SSL_R_CIPHER_CODE_WRONG_LENGTH);
337 goto err;
338 }
339 id = 0x03000000L | ((unsigned long)os.data[0]<<8L) |
340 (unsigned long)os.data[1];
341 } else {
342 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
343 goto err;
344 }
345
346 ret->cipher = NULL;
347 ret->cipher_id = id;
348
349 c.q = c.p;
350 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
351 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
352 goto err;
353 }
354 c.slen -= (c.p - c.q);
355
356 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
357 if (os.length > i)
358 os.length = i;
359 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
360 os.length = sizeof(ret->session_id);
361
362 ret->session_id_length = os.length;
363 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
364 memcpy(ret->session_id, os.data, os.length);
365
366 c.q = c.p;
367 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
368 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
369 goto err;
370 }
371 c.slen -= (c.p - c.q);
372 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
373 ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
374 else
375 ret->master_key_length = os.length;
376 memcpy(ret->master_key, os.data, ret->master_key_length);
377
378 os.length = 0;
379
380 /* 1 - Time (INTEGER). */
381 /* XXX 2038 */
382 ai.length = 0;
383 if (c.slen != 0L &&
384 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 1)) {
385 c.q = c.p;
386 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
387 if (Tinf & 0x80) {
388 SSLerr(SSL_F_D2I_SSL_SESSION,
389 ERR_R_BAD_ASN1_OBJECT_HEADER);
390 goto err;
391 }
392 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
393 Tlen = c.slen - (c.p - c.q) - 2;
394 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
395 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
396 goto err;
397 }
398 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
399 Tlen = c.slen - (c.p - c.q);
400 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
401 SSLerr(SSL_F_D2I_SSL_SESSION,
402 ERR_R_MISSING_ASN1_EOS);
403 goto err;
404 }
405 }
406 c.slen -= (c.p - c.q);
407 }
408 if (ai.data != NULL) {
409 ret->time = ASN1_INTEGER_get(aip);
410 free(ai.data);
411 ai.data = NULL;
412 ai.length = 0;
413 } else
414 ret->time = time(NULL);
415
416 /* 2 - Timeout (INTEGER). */
417 ai.length = 0;
418 if (c.slen != 0L &&
419 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 2)) {
420 c.q = c.p;
421 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
422 if (Tinf & 0x80) {
423 SSLerr(SSL_F_D2I_SSL_SESSION,
424 ERR_R_BAD_ASN1_OBJECT_HEADER);
425 goto err;
426 }
427 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
428 Tlen = c.slen - (c.p - c.q) - 2;
429 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
430 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
431 goto err;
432 }
433 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
434 Tlen = c.slen - (c.p - c.q);
435 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
436 SSLerr(SSL_F_D2I_SSL_SESSION,
437 ERR_R_MISSING_ASN1_EOS);
438 goto err;
439 }
440 }
441 c.slen -= (c.p - c.q);
442 }
443 if (ai.data != NULL) {
444 ret->timeout = ASN1_INTEGER_get(aip);
445 free(ai.data);
446 ai.data = NULL;
447 ai.length = 0;
448 } else
449 ret->timeout = 3;
450
451 /* 3 - Peer (X509). */
452 X509_free(ret->peer);
453 ret->peer = NULL;
454
455 if (c.slen != 0L &&
456 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
457 c.q = c.p;
458 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
459 if (Tinf & 0x80) {
460 SSLerr(SSL_F_D2I_SSL_SESSION,
461 ERR_R_BAD_ASN1_OBJECT_HEADER);
462 goto err;
463 }
464 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
465 Tlen = c.slen - (c.p - c.q) - 2;
466 if (d2i_X509(&ret->peer, &c.p, Tlen) == NULL) {
467 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
468 goto err;
469 }
470 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
471 Tlen = c.slen - (c.p - c.q);
472 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
473 SSLerr(SSL_F_D2I_SSL_SESSION,
474 ERR_R_MISSING_ASN1_EOS);
475 goto err;
476 }
477 }
478 c.slen -= (c.p - c.q);
479 }
480
481 /* 4 - Session ID (OCTET STRING). */
482 os.length = 0;
483 free(os.data);
484 os.data = NULL;
485 if (c.slen != 0L &&
486 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 4)) {
487 c.q = c.p;
488 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
489 if (Tinf & 0x80) {
490 SSLerr(SSL_F_D2I_SSL_SESSION,
491 ERR_R_BAD_ASN1_OBJECT_HEADER);
492 goto err;
493 }
494 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
495 Tlen = c.slen - (c.p - c.q) - 2;
496 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
497 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
498 goto err;
499 }
500 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
501 Tlen = c.slen - (c.p - c.q);
502 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
503 SSLerr(SSL_F_D2I_SSL_SESSION,
504 ERR_R_MISSING_ASN1_EOS);
505 goto err;
506 }
507 }
508 c.slen -= (c.p - c.q);
509 }
510 if (os.data != NULL) {
511 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
512 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
513 goto err;
514 } else {
515 ret->sid_ctx_length = os.length;
516 memcpy(ret->sid_ctx, os.data, os.length);
517 }
518 free(os.data);
519 os.data = NULL;
520 os.length = 0;
521 } else
522 ret->sid_ctx_length = 0;
523
524 /* 5 - Verify_result. */
525 ai.length = 0;
526 if (c.slen != 0L &&
527 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 5)) {
528 c.q = c.p;
529 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
530 if (Tinf & 0x80) {
531 SSLerr(SSL_F_D2I_SSL_SESSION,
532 ERR_R_BAD_ASN1_OBJECT_HEADER);
533 goto err;
534 }
535 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
536 Tlen = c.slen - (c.p - c.q) - 2;
537 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
538 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
539 goto err;
540 }
541 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
542 Tlen = c.slen - (c.p - c.q);
543 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
544 SSLerr(SSL_F_D2I_SSL_SESSION,
545 ERR_R_MISSING_ASN1_EOS);
546 goto err;
547 }
548 }
549 c.slen -= (c.p - c.q);
550 }
551 if (ai.data != NULL) {
552 ret->verify_result = ASN1_INTEGER_get(aip);
553 free(ai.data);
554 ai.data = NULL;
555 ai.length = 0;
556 } else
557 ret->verify_result = X509_V_OK;
558
559 /* 6 - HostName (OCTET STRING). */
560 os.length = 0;
561 os.data = NULL;
562 if (c.slen != 0L &&
563 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 6)) {
564 c.q = c.p;
565 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
566 if (Tinf & 0x80) {
567 SSLerr(SSL_F_D2I_SSL_SESSION,
568 ERR_R_BAD_ASN1_OBJECT_HEADER);
569 goto err;
570 }
571 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
572 Tlen = c.slen - (c.p - c.q) - 2;
573 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
574 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
575 goto err;
576 }
577 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
578 Tlen = c.slen - (c.p - c.q);
579 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
580 SSLerr(SSL_F_D2I_SSL_SESSION,
581 ERR_R_MISSING_ASN1_EOS);
582 goto err;
583 }
584 }
585 c.slen -= (c.p - c.q);
586 }
587 if (os.data) {
588 ret->tlsext_hostname = strndup((char *)os.data, os.length);
589 free(os.data);
590 os.data = NULL;
591 os.length = 0;
592 } else
593 ret->tlsext_hostname = NULL;
594
595 /* 7 - PSK identity hint (OCTET STRING). */
596 /* 8 - PSK identity (OCTET STRING). */
597
598 /* 9 - Ticket lifetime. */
599 ai.length = 0;
600 if (c.slen != 0L &&
601 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 9)) {
602 c.q = c.p;
603 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
604 if (Tinf & 0x80) {
605 SSLerr(SSL_F_D2I_SSL_SESSION,
606 ERR_R_BAD_ASN1_OBJECT_HEADER);
607 goto err;
608 }
609 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
610 Tlen = c.slen - (c.p - c.q) - 2;
611 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
612 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
613 goto err;
614 }
615 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
616 Tlen = c.slen - (c.p - c.q);
617 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
618 SSLerr(SSL_F_D2I_SSL_SESSION,
619 ERR_R_MISSING_ASN1_EOS);
620 goto err;
621 }
622 }
623 c.slen -= (c.p - c.q);
624 }
625 if (ai.data != NULL) {
626 ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip);
627 free(ai.data);
628 ai.data = NULL;
629 ai.length = 0;
630 } else if (ret->tlsext_ticklen && ret->session_id_length)
631 ret->tlsext_tick_lifetime_hint = -1;
632 else
633 ret->tlsext_tick_lifetime_hint = 0;
634 os.length = 0;
635 os.data = NULL;
636
637 /* 10 - Ticket (OCTET STRING). */
638 if (c.slen != 0L &&
639 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 10)) {
640 c.q = c.p;
641 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
642 if (Tinf & 0x80) {
643 SSLerr(SSL_F_D2I_SSL_SESSION,
644 ERR_R_BAD_ASN1_OBJECT_HEADER);
645 goto err;
646 }
647 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
648 Tlen = c.slen - (c.p - c.q) - 2;
649 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
650 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
651 goto err;
652 }
653 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
654 Tlen = c.slen - (c.p - c.q);
655 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
656 SSLerr(SSL_F_D2I_SSL_SESSION,
657 ERR_R_MISSING_ASN1_EOS);
658 goto err;
659 }
660 }
661 c.slen -= (c.p - c.q);
662 }
663 if (os.data) {
664 ret->tlsext_tick = os.data;
665 ret->tlsext_ticklen = os.length;
666 os.data = NULL;
667 os.length = 0;
668 } else
669 ret->tlsext_tick = NULL;
670
671 /* 11 - Compression method (OCTET STRING). */
672 /* 12 - SRP username (OCTET STRING). */
673
674 if (!asn1_const_Finish(&c)) {
675 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
676 goto err;
677 }
678
679 *pp = c.p;
680 if (a != NULL)
681 *a = ret;
682
683 return (ret);
684
685err:
686 ERR_asprintf_error_data("offset=%d", (int)(c.q - *pp));
687 if (ret != NULL && (a == NULL || *a != ret))
688 SSL_SESSION_free(ret);
689
690 return (NULL);
691}
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index 7e92812e56..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,722 +0,0 @@
1/* $OpenBSD: ssl_cert.c,v 1.52 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <sys/types.h>
118
119#include <dirent.h>
120#include <stdio.h>
121#include <unistd.h>
122
123#include <openssl/bio.h>
124#include <openssl/bn.h>
125#include <openssl/dh.h>
126#include <openssl/objects.h>
127#include <openssl/opensslconf.h>
128#include <openssl/pem.h>
129#include <openssl/x509v3.h>
130
131#include "ssl_locl.h"
132
133int
134SSL_get_ex_data_X509_STORE_CTX_idx(void)
135{
136 static volatile int ssl_x509_store_ctx_idx = -1;
137 int got_write_lock = 0;
138
139 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
140
141 if (ssl_x509_store_ctx_idx < 0) {
142 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
143 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
144 got_write_lock = 1;
145
146 if (ssl_x509_store_ctx_idx < 0) {
147 ssl_x509_store_ctx_idx =
148 X509_STORE_CTX_get_ex_new_index(
149 0, "SSL for verify callback", NULL, NULL, NULL);
150 }
151 }
152
153 if (got_write_lock)
154 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
155 else
156 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
157
158 return ssl_x509_store_ctx_idx;
159}
160
161static void
162ssl_cert_set_default_md(CERT *cert)
163{
164 /* Set digest values to defaults */
165 cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
166 cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
167 cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
168 cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
169#ifndef OPENSSL_NO_GOST
170 cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
171#endif
172}
173
174CERT *
175ssl_cert_new(void)
176{
177 CERT *ret;
178
179 ret = calloc(1, sizeof(CERT));
180 if (ret == NULL) {
181 SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
182 return (NULL);
183 }
184 ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
185 ret->references = 1;
186 ssl_cert_set_default_md(ret);
187 return (ret);
188}
189
190CERT *
191ssl_cert_dup(CERT *cert)
192{
193 CERT *ret;
194 int i;
195
196 ret = calloc(1, sizeof(CERT));
197 if (ret == NULL) {
198 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
199 return (NULL);
200 }
201
202 /*
203 * same as ret->key = ret->pkeys + (cert->key - cert->pkeys),
204 * if you find that more readable
205 */
206 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
207
208 ret->valid = cert->valid;
209 ret->mask_k = cert->mask_k;
210 ret->mask_a = cert->mask_a;
211
212 if (cert->dh_tmp != NULL) {
213 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
214 if (ret->dh_tmp == NULL) {
215 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
216 goto err;
217 }
218 if (cert->dh_tmp->priv_key) {
219 BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
220 if (!b) {
221 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
222 goto err;
223 }
224 ret->dh_tmp->priv_key = b;
225 }
226 if (cert->dh_tmp->pub_key) {
227 BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
228 if (!b) {
229 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
230 goto err;
231 }
232 ret->dh_tmp->pub_key = b;
233 }
234 }
235 ret->dh_tmp_cb = cert->dh_tmp_cb;
236 ret->dh_tmp_auto = cert->dh_tmp_auto;
237
238 if (cert->ecdh_tmp) {
239 ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
240 if (ret->ecdh_tmp == NULL) {
241 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
242 goto err;
243 }
244 }
245 ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
246 ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
247
248 for (i = 0; i < SSL_PKEY_NUM; i++) {
249 if (cert->pkeys[i].x509 != NULL) {
250 ret->pkeys[i].x509 = cert->pkeys[i].x509;
251 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
252 CRYPTO_LOCK_X509);
253 }
254
255 if (cert->pkeys[i].privatekey != NULL) {
256 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
257 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
258 CRYPTO_LOCK_EVP_PKEY);
259
260 switch (i) {
261 /*
262 * If there was anything special to do for
263 * certain types of keys, we'd do it here.
264 * (Nothing at the moment, I think.)
265 */
266
267 case SSL_PKEY_RSA_ENC:
268 case SSL_PKEY_RSA_SIGN:
269 /* We have an RSA key. */
270 break;
271
272 case SSL_PKEY_DSA_SIGN:
273 /* We have a DSA key. */
274 break;
275
276 case SSL_PKEY_DH_RSA:
277 case SSL_PKEY_DH_DSA:
278 /* We have a DH key. */
279 break;
280
281 case SSL_PKEY_ECC:
282 /* We have an ECC key */
283 break;
284
285 default:
286 /* Can't happen. */
287 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
288 }
289 }
290 }
291
292 /*
293 * ret->extra_certs *should* exist, but currently the own certificate
294 * chain is held inside SSL_CTX
295 */
296
297 ret->references = 1;
298 /*
299 * Set digests to defaults. NB: we don't copy existing values
300 * as they will be set during handshake.
301 */
302 ssl_cert_set_default_md(ret);
303
304 return (ret);
305
306err:
307 DH_free(ret->dh_tmp);
308 EC_KEY_free(ret->ecdh_tmp);
309
310 for (i = 0; i < SSL_PKEY_NUM; i++) {
311 X509_free(ret->pkeys[i].x509);
312 EVP_PKEY_free(ret->pkeys[i].privatekey);
313 }
314 free (ret);
315 return NULL;
316}
317
318
319void
320ssl_cert_free(CERT *c)
321{
322 int i;
323
324 if (c == NULL)
325 return;
326
327 i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT);
328 if (i > 0)
329 return;
330
331 DH_free(c->dh_tmp);
332 EC_KEY_free(c->ecdh_tmp);
333
334 for (i = 0; i < SSL_PKEY_NUM; i++) {
335 X509_free(c->pkeys[i].x509);
336 EVP_PKEY_free(c->pkeys[i].privatekey);
337 }
338
339 free(c);
340}
341
342int
343ssl_cert_inst(CERT **o)
344{
345 /*
346 * Create a CERT if there isn't already one
347 * (which cannot really happen, as it is initially created in
348 * SSL_CTX_new; but the earlier code usually allows for that one
349 * being non-existant, so we follow that behaviour, as it might
350 * turn out that there actually is a reason for it -- but I'm
351 * not sure that *all* of the existing code could cope with
352 * s->cert being NULL, otherwise we could do without the
353 * initialization in SSL_CTX_new).
354 */
355
356 if (o == NULL) {
357 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
358 return (0);
359 }
360 if (*o == NULL) {
361 if ((*o = ssl_cert_new()) == NULL) {
362 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
363 return (0);
364 }
365 }
366 return (1);
367}
368
369
370SESS_CERT *
371ssl_sess_cert_new(void)
372{
373 SESS_CERT *ret;
374
375 ret = calloc(1, sizeof *ret);
376 if (ret == NULL) {
377 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
378 return NULL;
379 }
380 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
381 ret->references = 1;
382
383 return ret;
384}
385
386void
387ssl_sess_cert_free(SESS_CERT *sc)
388{
389 int i;
390
391 if (sc == NULL)
392 return;
393
394 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
395 if (i > 0)
396 return;
397
398 /* i == 0 */
399 if (sc->cert_chain != NULL)
400 sk_X509_pop_free(sc->cert_chain, X509_free);
401 for (i = 0; i < SSL_PKEY_NUM; i++)
402 X509_free(sc->peer_pkeys[i].x509);
403
404 DH_free(sc->peer_dh_tmp);
405 EC_KEY_free(sc->peer_ecdh_tmp);
406
407 free(sc);
408}
409
410int
411ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
412{
413 X509_STORE_CTX ctx;
414 X509 *x;
415 int ret;
416
417 if ((sk == NULL) || (sk_X509_num(sk) == 0))
418 return (0);
419
420 x = sk_X509_value(sk, 0);
421 if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) {
422 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
423 return (0);
424 }
425 X509_STORE_CTX_set_ex_data(&ctx,
426 SSL_get_ex_data_X509_STORE_CTX_idx(), s);
427
428 /*
429 * We need to inherit the verify parameters. These can be
430 * determined by the context: if its a server it will verify
431 * SSL client certificates or vice versa.
432 */
433 X509_STORE_CTX_set_default(&ctx,
434 s->server ? "ssl_client" : "ssl_server");
435
436 /*
437 * Anything non-default in "param" should overwrite anything
438 * in the ctx.
439 */
440 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
441
442 if (s->verify_callback)
443 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
444
445 if (s->ctx->app_verify_callback != NULL)
446 ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
447 else
448 ret = X509_verify_cert(&ctx);
449
450 s->verify_result = ctx.error;
451 X509_STORE_CTX_cleanup(&ctx);
452
453 return (ret);
454}
455
456static void
457set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
458 STACK_OF(X509_NAME) *name_list)
459{
460 if (*ca_list != NULL)
461 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
462
463 *ca_list = name_list;
464}
465
466STACK_OF(X509_NAME) *
467SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
468{
469 int i;
470 STACK_OF(X509_NAME) *ret;
471 X509_NAME *name;
472
473 ret = sk_X509_NAME_new_null();
474 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
475 name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
476 if ((name == NULL) || !sk_X509_NAME_push(ret, name)) {
477 sk_X509_NAME_pop_free(ret, X509_NAME_free);
478 return (NULL);
479 }
480 }
481 return (ret);
482}
483
484void
485SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
486{
487 set_client_CA_list(&(s->client_CA), name_list);
488}
489
490void
491SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
492{
493 set_client_CA_list(&(ctx->client_CA), name_list);
494}
495
496STACK_OF(X509_NAME) *
497SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
498{
499 return (ctx->client_CA);
500}
501
502STACK_OF(X509_NAME) *
503SSL_get_client_CA_list(const SSL *s)
504{
505 if (s->type == SSL_ST_CONNECT) {
506 /* We are in the client. */
507 if (((s->version >> 8) == SSL3_VERSION_MAJOR) &&
508 (s->s3 != NULL))
509 return (s->s3->tmp.ca_names);
510 else
511 return (NULL);
512 } else {
513 if (s->client_CA != NULL)
514 return (s->client_CA);
515 else
516 return (s->ctx->client_CA);
517 }
518}
519
520static int
521add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
522{
523 X509_NAME *name;
524
525 if (x == NULL)
526 return (0);
527 if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))
528 return (0);
529
530 if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
531 return (0);
532
533 if (!sk_X509_NAME_push(*sk, name)) {
534 X509_NAME_free(name);
535 return (0);
536 }
537 return (1);
538}
539
540int
541SSL_add_client_CA(SSL *ssl, X509 *x)
542{
543 return (add_client_CA(&(ssl->client_CA), x));
544}
545
546int
547SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
548{
549 return (add_client_CA(&(ctx->client_CA), x));
550}
551
552static int
553xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
554{
555 return (X509_NAME_cmp(*a, *b));
556}
557
558/*!
559 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
560 * it doesn't really have anything to do with clients (except that a common use
561 * for a stack of CAs is to send it to the client). Actually, it doesn't have
562 * much to do with CAs, either, since it will load any old cert.
563 * \param file the file containing one or more certs.
564 * \return a ::STACK containing the certs.
565 */
566STACK_OF(X509_NAME) *
567SSL_load_client_CA_file(const char *file)
568{
569 BIO *in;
570 X509 *x = NULL;
571 X509_NAME *xn = NULL;
572 STACK_OF(X509_NAME) *ret = NULL, *sk;
573
574 sk = sk_X509_NAME_new(xname_cmp);
575
576 in = BIO_new(BIO_s_file_internal());
577
578 if ((sk == NULL) || (in == NULL)) {
579 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
580 goto err;
581 }
582
583 if (!BIO_read_filename(in, file))
584 goto err;
585
586 for (;;) {
587 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
588 break;
589 if (ret == NULL) {
590 ret = sk_X509_NAME_new_null();
591 if (ret == NULL) {
592 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,
593 ERR_R_MALLOC_FAILURE);
594 goto err;
595 }
596 }
597 if ((xn = X509_get_subject_name(x)) == NULL) goto err;
598 /* check for duplicates */
599 xn = X509_NAME_dup(xn);
600 if (xn == NULL)
601 goto err;
602 if (sk_X509_NAME_find(sk, xn) >= 0)
603 X509_NAME_free(xn);
604 else {
605 sk_X509_NAME_push(sk, xn);
606 sk_X509_NAME_push(ret, xn);
607 }
608 }
609
610 if (0) {
611err:
612 if (ret != NULL)
613 sk_X509_NAME_pop_free(ret, X509_NAME_free);
614 ret = NULL;
615 }
616 if (sk != NULL)
617 sk_X509_NAME_free(sk);
618 BIO_free(in);
619 X509_free(x);
620 if (ret != NULL)
621 ERR_clear_error();
622 return (ret);
623}
624
625/*!
626 * Add a file of certs to a stack.
627 * \param stack the stack to add to.
628 * \param file the file to add from. All certs in this file that are not
629 * already in the stack will be added.
630 * \return 1 for success, 0 for failure. Note that in the case of failure some
631 * certs may have been added to \c stack.
632 */
633
634int
635SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
636 const char *file)
637{
638 BIO *in;
639 X509 *x = NULL;
640 X509_NAME *xn = NULL;
641 int ret = 1;
642 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
643
644 oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
645
646 in = BIO_new(BIO_s_file_internal());
647
648 if (in == NULL) {
649 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,
650 ERR_R_MALLOC_FAILURE);
651 goto err;
652 }
653
654 if (!BIO_read_filename(in, file))
655 goto err;
656
657 for (;;) {
658 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
659 break;
660 if ((xn = X509_get_subject_name(x)) == NULL) goto err;
661 xn = X509_NAME_dup(xn);
662 if (xn == NULL)
663 goto err;
664 if (sk_X509_NAME_find(stack, xn) >= 0)
665 X509_NAME_free(xn);
666 else
667 sk_X509_NAME_push(stack, xn);
668 }
669
670 ERR_clear_error();
671
672 if (0) {
673err:
674 ret = 0;
675 }
676 BIO_free(in);
677 X509_free(x);
678
679 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
680
681 return ret;
682}
683
684/*!
685 * Add a directory of certs to a stack.
686 * \param stack the stack to append to.
687 * \param dir the directory to append from. All files in this directory will be
688 * examined as potential certs. Any that are acceptable to
689 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will
690 * be included.
691 * \return 1 for success, 0 for failure. Note that in the case of failure some
692 * certs may have been added to \c stack.
693 */
694
695int
696SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir)
697{
698 DIR *dirp = NULL;
699 char *path = NULL;
700 int ret = 0;
701
702 dirp = opendir(dir);
703 if (dirp) {
704 struct dirent *dp;
705 while ((dp = readdir(dirp)) != NULL) {
706 if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) {
707 ret = SSL_add_file_cert_subjects_to_stack(
708 stack, path);
709 free(path);
710 }
711 if (!ret)
712 break;
713 }
714 (void) closedir(dirp);
715 }
716 if (!ret) {
717 SYSerr(SYS_F_OPENDIR, errno);
718 ERR_asprintf_error_data("opendir ('%s')", dir);
719 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
720 }
721 return ret;
722}
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index 526d98e293..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1798 +0,0 @@
1/* $OpenBSD: ssl_ciph.c,v 1.86 2016/04/28 16:39:45 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144
145#include <openssl/objects.h>
146
147#ifndef OPENSSL_NO_ENGINE
148#include <openssl/engine.h>
149#endif
150
151#include "ssl_locl.h"
152
153#define SSL_ENC_DES_IDX 0
154#define SSL_ENC_3DES_IDX 1
155#define SSL_ENC_RC4_IDX 2
156#define SSL_ENC_IDEA_IDX 3
157#define SSL_ENC_NULL_IDX 4
158#define SSL_ENC_AES128_IDX 5
159#define SSL_ENC_AES256_IDX 6
160#define SSL_ENC_CAMELLIA128_IDX 7
161#define SSL_ENC_CAMELLIA256_IDX 8
162#define SSL_ENC_GOST89_IDX 9
163#define SSL_ENC_AES128GCM_IDX 10
164#define SSL_ENC_AES256GCM_IDX 11
165#define SSL_ENC_NUM_IDX 12
166
167
168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
169 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
170};
171
172#define SSL_MD_MD5_IDX 0
173#define SSL_MD_SHA1_IDX 1
174#define SSL_MD_GOST94_IDX 2
175#define SSL_MD_GOST89MAC_IDX 3
176#define SSL_MD_SHA256_IDX 4
177#define SSL_MD_SHA384_IDX 5
178#define SSL_MD_STREEBOG256_IDX 6
179#define SSL_MD_STREEBOG512_IDX 7
180/*Constant SSL_MAX_DIGEST equal to size of digests array should be
181 * defined in the
182 * ssl_locl.h */
183#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
184static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
185 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
186};
187
188static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
189 EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT,
190 EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
191};
192
193static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
194 0, 0, 0, 0, 0, 0, 0, 0
195};
196
197static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
198 SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
199 SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
200 SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
201 SSL_HANDSHAKE_MAC_STREEBOG512
202};
203
204#define CIPHER_ADD 1
205#define CIPHER_KILL 2
206#define CIPHER_DEL 3
207#define CIPHER_ORD 4
208#define CIPHER_SPECIAL 5
209
210typedef struct cipher_order_st {
211 const SSL_CIPHER *cipher;
212 int active;
213 int dead;
214 struct cipher_order_st *next, *prev;
215} CIPHER_ORDER;
216
217static const SSL_CIPHER cipher_aliases[] = {
218
219 /* "ALL" doesn't include eNULL (must be specifically enabled) */
220 {
221 .name = SSL_TXT_ALL,
222 .algorithm_enc = ~SSL_eNULL,
223 },
224
225 /* "COMPLEMENTOFALL" */
226 {
227 .name = SSL_TXT_CMPALL,
228 .algorithm_enc = SSL_eNULL,
229 },
230
231 /*
232 * "COMPLEMENTOFDEFAULT"
233 * (does *not* include ciphersuites not found in ALL!)
234 */
235 {
236 .name = SSL_TXT_CMPDEF,
237 .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
238 .algorithm_auth = SSL_aNULL,
239 .algorithm_enc = ~SSL_eNULL,
240 },
241
242 /*
243 * key exchange aliases
244 * (some of those using only a single bit here combine multiple key
245 * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
246 * and DHE_RSA)
247 */
248 {
249 .name = SSL_TXT_kRSA,
250 .algorithm_mkey = SSL_kRSA,
251 },
252 {
253 .name = SSL_TXT_kEDH,
254 .algorithm_mkey = SSL_kDHE,
255 },
256 {
257 .name = SSL_TXT_DH,
258 .algorithm_mkey = SSL_kDHE,
259 },
260
261 {
262 .name = SSL_TXT_kECDHr,
263 .algorithm_mkey = SSL_kECDHr,
264 },
265 {
266 .name = SSL_TXT_kECDHe,
267 .algorithm_mkey = SSL_kECDHe,
268 },
269 {
270 .name = SSL_TXT_kECDH,
271 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
272 },
273 {
274 .name = SSL_TXT_kEECDH,
275 .algorithm_mkey = SSL_kECDHE,
276 },
277 {
278 .name = SSL_TXT_ECDH,
279 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
280 },
281
282 {
283 .name = SSL_TXT_kGOST,
284 .algorithm_mkey = SSL_kGOST,
285 },
286
287 /* server authentication aliases */
288 {
289 .name = SSL_TXT_aRSA,
290 .algorithm_auth = SSL_aRSA,
291 },
292 {
293 .name = SSL_TXT_aDSS,
294 .algorithm_auth = SSL_aDSS,
295 },
296 {
297 .name = SSL_TXT_DSS,
298 .algorithm_auth = SSL_aDSS,
299 },
300 {
301 .name = SSL_TXT_aNULL,
302 .algorithm_auth = SSL_aNULL,
303 },
304 {
305 .name = SSL_TXT_aECDH,
306 .algorithm_auth = SSL_aECDH,
307 },
308 {
309 .name = SSL_TXT_aECDSA,
310 .algorithm_auth = SSL_aECDSA,
311 },
312 {
313 .name = SSL_TXT_ECDSA,
314 .algorithm_auth = SSL_aECDSA,
315 },
316 {
317 .name = SSL_TXT_aGOST01,
318 .algorithm_auth = SSL_aGOST01,
319 },
320 {
321 .name = SSL_TXT_aGOST,
322 .algorithm_auth = SSL_aGOST01,
323 },
324
325 /* aliases combining key exchange and server authentication */
326 {
327 .name = SSL_TXT_DHE,
328 .algorithm_mkey = SSL_kDHE,
329 .algorithm_auth = ~SSL_aNULL,
330 },
331 {
332 .name = SSL_TXT_EDH,
333 .algorithm_mkey = SSL_kDHE,
334 .algorithm_auth = ~SSL_aNULL,
335 },
336 {
337 .name = SSL_TXT_ECDHE,
338 .algorithm_mkey = SSL_kECDHE,
339 .algorithm_auth = ~SSL_aNULL,
340 },
341 {
342 .name = SSL_TXT_EECDH,
343 .algorithm_mkey = SSL_kECDHE,
344 .algorithm_auth = ~SSL_aNULL,
345 },
346 {
347 .name = SSL_TXT_NULL,
348 .algorithm_enc = SSL_eNULL,
349 },
350 {
351 .name = SSL_TXT_RSA,
352 .algorithm_mkey = SSL_kRSA,
353 .algorithm_auth = SSL_aRSA,
354 },
355 {
356 .name = SSL_TXT_ADH,
357 .algorithm_mkey = SSL_kDHE,
358 .algorithm_auth = SSL_aNULL,
359 },
360 {
361 .name = SSL_TXT_AECDH,
362 .algorithm_mkey = SSL_kECDHE,
363 .algorithm_auth = SSL_aNULL,
364 },
365
366 /* symmetric encryption aliases */
367 {
368 .name = SSL_TXT_DES,
369 .algorithm_enc = SSL_DES,
370 },
371 {
372 .name = SSL_TXT_3DES,
373 .algorithm_enc = SSL_3DES,
374 },
375 {
376 .name = SSL_TXT_RC4,
377 .algorithm_enc = SSL_RC4,
378 },
379 {
380 .name = SSL_TXT_IDEA,
381 .algorithm_enc = SSL_IDEA,
382 },
383 {
384 .name = SSL_TXT_eNULL,
385 .algorithm_enc = SSL_eNULL,
386 },
387 {
388 .name = SSL_TXT_AES128,
389 .algorithm_enc = SSL_AES128|SSL_AES128GCM,
390 },
391 {
392 .name = SSL_TXT_AES256,
393 .algorithm_enc = SSL_AES256|SSL_AES256GCM,
394 },
395 {
396 .name = SSL_TXT_AES,
397 .algorithm_enc = SSL_AES,
398 },
399 {
400 .name = SSL_TXT_AES_GCM,
401 .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
402 },
403 {
404 .name = SSL_TXT_CAMELLIA128,
405 .algorithm_enc = SSL_CAMELLIA128,
406 },
407 {
408 .name = SSL_TXT_CAMELLIA256,
409 .algorithm_enc = SSL_CAMELLIA256,
410 },
411 {
412 .name = SSL_TXT_CAMELLIA,
413 .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
414 },
415 {
416 .name = SSL_TXT_CHACHA20,
417 .algorithm_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD,
418 },
419
420 /* MAC aliases */
421 {
422 .name = SSL_TXT_AEAD,
423 .algorithm_mac = SSL_AEAD,
424 },
425 {
426 .name = SSL_TXT_MD5,
427 .algorithm_mac = SSL_MD5,
428 },
429 {
430 .name = SSL_TXT_SHA1,
431 .algorithm_mac = SSL_SHA1,
432 },
433 {
434 .name = SSL_TXT_SHA,
435 .algorithm_mac = SSL_SHA1,
436 },
437 {
438 .name = SSL_TXT_GOST94,
439 .algorithm_mac = SSL_GOST94,
440 },
441 {
442 .name = SSL_TXT_GOST89MAC,
443 .algorithm_mac = SSL_GOST89MAC,
444 },
445 {
446 .name = SSL_TXT_SHA256,
447 .algorithm_mac = SSL_SHA256,
448 },
449 {
450 .name = SSL_TXT_SHA384,
451 .algorithm_mac = SSL_SHA384,
452 },
453 {
454 .name = SSL_TXT_STREEBOG256,
455 .algorithm_mac = SSL_STREEBOG256,
456 },
457 {
458 .name = SSL_TXT_STREEBOG512,
459 .algorithm_mac = SSL_STREEBOG512,
460 },
461
462 /* protocol version aliases */
463 {
464 .name = SSL_TXT_SSLV3,
465 .algorithm_ssl = SSL_SSLV3,
466 },
467 {
468 .name = SSL_TXT_TLSV1,
469 .algorithm_ssl = SSL_TLSV1,
470 },
471 {
472 .name = SSL_TXT_TLSV1_2,
473 .algorithm_ssl = SSL_TLSV1_2,
474 },
475
476 /* strength classes */
477 {
478 .name = SSL_TXT_LOW,
479 .algo_strength = SSL_LOW,
480 },
481 {
482 .name = SSL_TXT_MEDIUM,
483 .algo_strength = SSL_MEDIUM,
484 },
485 {
486 .name = SSL_TXT_HIGH,
487 .algo_strength = SSL_HIGH,
488 },
489};
490
491void
492ssl_load_ciphers(void)
493{
494 ssl_cipher_methods[SSL_ENC_DES_IDX] =
495 EVP_get_cipherbyname(SN_des_cbc);
496 ssl_cipher_methods[SSL_ENC_3DES_IDX] =
497 EVP_get_cipherbyname(SN_des_ede3_cbc);
498 ssl_cipher_methods[SSL_ENC_RC4_IDX] =
499 EVP_get_cipherbyname(SN_rc4);
500#ifndef OPENSSL_NO_IDEA
501 ssl_cipher_methods[SSL_ENC_IDEA_IDX] =
502 EVP_get_cipherbyname(SN_idea_cbc);
503#else
504 ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
505#endif
506 ssl_cipher_methods[SSL_ENC_AES128_IDX] =
507 EVP_get_cipherbyname(SN_aes_128_cbc);
508 ssl_cipher_methods[SSL_ENC_AES256_IDX] =
509 EVP_get_cipherbyname(SN_aes_256_cbc);
510 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
511 EVP_get_cipherbyname(SN_camellia_128_cbc);
512 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =
513 EVP_get_cipherbyname(SN_camellia_256_cbc);
514 ssl_cipher_methods[SSL_ENC_GOST89_IDX] =
515 EVP_get_cipherbyname(SN_gost89_cnt);
516
517 ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] =
518 EVP_get_cipherbyname(SN_aes_128_gcm);
519 ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] =
520 EVP_get_cipherbyname(SN_aes_256_gcm);
521
522 ssl_digest_methods[SSL_MD_MD5_IDX] =
523 EVP_get_digestbyname(SN_md5);
524 ssl_mac_secret_size[SSL_MD_MD5_IDX] =
525 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
526 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
527 ssl_digest_methods[SSL_MD_SHA1_IDX] =
528 EVP_get_digestbyname(SN_sha1);
529 ssl_mac_secret_size[SSL_MD_SHA1_IDX] =
530 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
531 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
532 ssl_digest_methods[SSL_MD_GOST94_IDX] =
533 EVP_get_digestbyname(SN_id_GostR3411_94);
534 if (ssl_digest_methods[SSL_MD_GOST94_IDX]) {
535 ssl_mac_secret_size[SSL_MD_GOST94_IDX] =
536 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
537 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
538 }
539 ssl_digest_methods[SSL_MD_GOST89MAC_IDX] =
540 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
541 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
542 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
543 }
544
545 ssl_digest_methods[SSL_MD_SHA256_IDX] =
546 EVP_get_digestbyname(SN_sha256);
547 ssl_mac_secret_size[SSL_MD_SHA256_IDX] =
548 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
549 ssl_digest_methods[SSL_MD_SHA384_IDX] =
550 EVP_get_digestbyname(SN_sha384);
551 ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
552 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
553 ssl_digest_methods[SSL_MD_STREEBOG256_IDX] =
554 EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256);
555 ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] =
556 EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]);
557 ssl_digest_methods[SSL_MD_STREEBOG512_IDX] =
558 EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512);
559 ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX] =
560 EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]);
561}
562
563int
564ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
565 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size)
566{
567 const SSL_CIPHER *c;
568 int i;
569
570 c = s->cipher;
571 if (c == NULL)
572 return (0);
573
574 /*
575 * This function does not handle EVP_AEAD.
576 * See ssl_cipher_get_aead_evp instead.
577 */
578 if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)
579 return(0);
580
581 if ((enc == NULL) || (md == NULL))
582 return (0);
583
584 switch (c->algorithm_enc) {
585 case SSL_DES:
586 i = SSL_ENC_DES_IDX;
587 break;
588 case SSL_3DES:
589 i = SSL_ENC_3DES_IDX;
590 break;
591 case SSL_RC4:
592 i = SSL_ENC_RC4_IDX;
593 break;
594 case SSL_IDEA:
595 i = SSL_ENC_IDEA_IDX;
596 break;
597 case SSL_eNULL:
598 i = SSL_ENC_NULL_IDX;
599 break;
600 case SSL_AES128:
601 i = SSL_ENC_AES128_IDX;
602 break;
603 case SSL_AES256:
604 i = SSL_ENC_AES256_IDX;
605 break;
606 case SSL_CAMELLIA128:
607 i = SSL_ENC_CAMELLIA128_IDX;
608 break;
609 case SSL_CAMELLIA256:
610 i = SSL_ENC_CAMELLIA256_IDX;
611 break;
612 case SSL_eGOST2814789CNT:
613 i = SSL_ENC_GOST89_IDX;
614 break;
615 case SSL_AES128GCM:
616 i = SSL_ENC_AES128GCM_IDX;
617 break;
618 case SSL_AES256GCM:
619 i = SSL_ENC_AES256GCM_IDX;
620 break;
621 default:
622 i = -1;
623 break;
624 }
625
626 if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
627 *enc = NULL;
628 else {
629 if (i == SSL_ENC_NULL_IDX)
630 *enc = EVP_enc_null();
631 else
632 *enc = ssl_cipher_methods[i];
633 }
634
635 switch (c->algorithm_mac) {
636 case SSL_MD5:
637 i = SSL_MD_MD5_IDX;
638 break;
639 case SSL_SHA1:
640 i = SSL_MD_SHA1_IDX;
641 break;
642 case SSL_SHA256:
643 i = SSL_MD_SHA256_IDX;
644 break;
645 case SSL_SHA384:
646 i = SSL_MD_SHA384_IDX;
647 break;
648 case SSL_GOST94:
649 i = SSL_MD_GOST94_IDX;
650 break;
651 case SSL_GOST89MAC:
652 i = SSL_MD_GOST89MAC_IDX;
653 break;
654 case SSL_STREEBOG256:
655 i = SSL_MD_STREEBOG256_IDX;
656 break;
657 case SSL_STREEBOG512:
658 i = SSL_MD_STREEBOG512_IDX;
659 break;
660 default:
661 i = -1;
662 break;
663 }
664 if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
665 *md = NULL;
666
667 if (mac_pkey_type != NULL)
668 *mac_pkey_type = NID_undef;
669 if (mac_secret_size != NULL)
670 *mac_secret_size = 0;
671 if (c->algorithm_mac == SSL_AEAD)
672 mac_pkey_type = NULL;
673 } else {
674 *md = ssl_digest_methods[i];
675 if (mac_pkey_type != NULL)
676 *mac_pkey_type = ssl_mac_pkey_id[i];
677 if (mac_secret_size != NULL)
678 *mac_secret_size = ssl_mac_secret_size[i];
679 }
680
681 if ((*enc != NULL) &&
682 (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
683 (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
684 const EVP_CIPHER *evp;
685
686 if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
687 s->ssl_version < TLS1_VERSION)
688 return 1;
689
690 if (c->algorithm_enc == SSL_RC4 &&
691 c->algorithm_mac == SSL_MD5 &&
692 (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
693 *enc = evp, *md = NULL;
694 else if (c->algorithm_enc == SSL_AES128 &&
695 c->algorithm_mac == SSL_SHA1 &&
696 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
697 *enc = evp, *md = NULL;
698 else if (c->algorithm_enc == SSL_AES256 &&
699 c->algorithm_mac == SSL_SHA1 &&
700 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
701 *enc = evp, *md = NULL;
702 return (1);
703 } else
704 return (0);
705}
706
707/*
708 * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object
709 * for s->cipher. It returns 1 on success and 0 on error.
710 */
711int
712ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
713{
714 const SSL_CIPHER *c = s->cipher;
715
716 *aead = NULL;
717
718 if (c == NULL)
719 return 0;
720 if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0)
721 return 0;
722
723 switch (c->algorithm_enc) {
724#ifndef OPENSSL_NO_AES
725 case SSL_AES128GCM:
726 *aead = EVP_aead_aes_128_gcm();
727 return 1;
728 case SSL_AES256GCM:
729 *aead = EVP_aead_aes_256_gcm();
730 return 1;
731#endif
732#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
733 case SSL_CHACHA20POLY1305:
734 *aead = EVP_aead_chacha20_poly1305();
735 return 1;
736 case SSL_CHACHA20POLY1305_OLD:
737 *aead = EVP_aead_chacha20_poly1305_old();
738 return 1;
739#endif
740 default:
741 break;
742 }
743 return 0;
744}
745
746int
747ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
748{
749 if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
750 return 0;
751 }
752 *mask = ssl_handshake_digest_flag[idx];
753 if (*mask)
754 *md = ssl_digest_methods[idx];
755 else
756 *md = NULL;
757 return 1;
758}
759
760#define ITEM_SEP(a) \
761 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
762
763static void
764ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
765 CIPHER_ORDER **tail)
766{
767 if (curr == *tail)
768 return;
769 if (curr == *head)
770 *head = curr->next;
771 if (curr->prev != NULL)
772 curr->prev->next = curr->next;
773 if (curr->next != NULL)
774 curr->next->prev = curr->prev;
775 (*tail)->next = curr;
776 curr->prev= *tail;
777 curr->next = NULL;
778 *tail = curr;
779}
780
781static void
782ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
783 CIPHER_ORDER **tail)
784{
785 if (curr == *head)
786 return;
787 if (curr == *tail)
788 *tail = curr->prev;
789 if (curr->next != NULL)
790 curr->next->prev = curr->prev;
791 if (curr->prev != NULL)
792 curr->prev->next = curr->next;
793 (*head)->prev = curr;
794 curr->next= *head;
795 curr->prev = NULL;
796 *head = curr;
797}
798
799static void
800ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
801 unsigned long *enc, unsigned long *mac, unsigned long *ssl)
802{
803 *mkey = 0;
804 *auth = 0;
805 *enc = 0;
806 *mac = 0;
807 *ssl = 0;
808
809 /*
810 * Check for the availability of GOST 34.10 public/private key
811 * algorithms. If they are not available disable the associated
812 * authentication and key exchange algorithms.
813 */
814 if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) {
815 *auth |= SSL_aGOST01;
816 *mkey |= SSL_kGOST;
817 }
818
819#ifdef SSL_FORBID_ENULL
820 *enc |= SSL_eNULL;
821#endif
822
823 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0;
824 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
825 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0;
826 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0;
827 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0;
828 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0;
829 *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0;
830 *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0;
831 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0;
832 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0;
833 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0;
834
835 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0;
836 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
837 *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
838 *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
839 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
840 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0;
841 *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0;
842 *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0;
843
844}
845
846static void
847ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
848 unsigned long disabled_mkey, unsigned long disabled_auth,
849 unsigned long disabled_enc, unsigned long disabled_mac,
850 unsigned long disabled_ssl, CIPHER_ORDER *co_list,
851 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
852{
853 int i, co_list_num;
854 const SSL_CIPHER *c;
855
856 /*
857 * We have num_of_ciphers descriptions compiled in, depending on the
858 * method selected (SSLv3, TLSv1, etc). These will later be sorted in
859 * a linked list with at most num entries.
860 */
861
862 /* Get the initial list of ciphers */
863 co_list_num = 0; /* actual count of ciphers */
864 for (i = 0; i < num_of_ciphers; i++) {
865 c = ssl_method->get_cipher(i);
866 /* drop those that use any of that is not available */
867 if ((c != NULL) && c->valid &&
868 !(c->algorithm_mkey & disabled_mkey) &&
869 !(c->algorithm_auth & disabled_auth) &&
870 !(c->algorithm_enc & disabled_enc) &&
871 !(c->algorithm_mac & disabled_mac) &&
872 !(c->algorithm_ssl & disabled_ssl)) {
873 co_list[co_list_num].cipher = c;
874 co_list[co_list_num].next = NULL;
875 co_list[co_list_num].prev = NULL;
876 co_list[co_list_num].active = 0;
877 co_list_num++;
878 /*
879 if (!sk_push(ca_list,(char *)c)) goto err;
880 */
881 }
882 }
883
884 /*
885 * Prepare linked list from list entries
886 */
887 if (co_list_num > 0) {
888 co_list[0].prev = NULL;
889
890 if (co_list_num > 1) {
891 co_list[0].next = &co_list[1];
892
893 for (i = 1; i < co_list_num - 1; i++) {
894 co_list[i].prev = &co_list[i - 1];
895 co_list[i].next = &co_list[i + 1];
896 }
897
898 co_list[co_list_num - 1].prev =
899 &co_list[co_list_num - 2];
900 }
901
902 co_list[co_list_num - 1].next = NULL;
903
904 *head_p = &co_list[0];
905 *tail_p = &co_list[co_list_num - 1];
906 }
907}
908
909static void
910ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases,
911 unsigned long disabled_mkey, unsigned long disabled_auth,
912 unsigned long disabled_enc, unsigned long disabled_mac,
913 unsigned long disabled_ssl, CIPHER_ORDER *head)
914{
915 CIPHER_ORDER *ciph_curr;
916 const SSL_CIPHER **ca_curr;
917 int i;
918 unsigned long mask_mkey = ~disabled_mkey;
919 unsigned long mask_auth = ~disabled_auth;
920 unsigned long mask_enc = ~disabled_enc;
921 unsigned long mask_mac = ~disabled_mac;
922 unsigned long mask_ssl = ~disabled_ssl;
923
924 /*
925 * First, add the real ciphers as already collected
926 */
927 ciph_curr = head;
928 ca_curr = ca_list;
929 while (ciph_curr != NULL) {
930 *ca_curr = ciph_curr->cipher;
931 ca_curr++;
932 ciph_curr = ciph_curr->next;
933 }
934
935 /*
936 * Now we add the available ones from the cipher_aliases[] table.
937 * They represent either one or more algorithms, some of which
938 * in any affected category must be supported (set in enabled_mask),
939 * or represent a cipher strength value (will be added in any case because algorithms=0).
940 */
941 for (i = 0; i < num_of_group_aliases; i++) {
942 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
943 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
944 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
945 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
946 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
947
948 if (algorithm_mkey)
949 if ((algorithm_mkey & mask_mkey) == 0)
950 continue;
951
952 if (algorithm_auth)
953 if ((algorithm_auth & mask_auth) == 0)
954 continue;
955
956 if (algorithm_enc)
957 if ((algorithm_enc & mask_enc) == 0)
958 continue;
959
960 if (algorithm_mac)
961 if ((algorithm_mac & mask_mac) == 0)
962 continue;
963
964 if (algorithm_ssl)
965 if ((algorithm_ssl & mask_ssl) == 0)
966 continue;
967
968 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
969 ca_curr++;
970 }
971
972 *ca_curr = NULL; /* end of list */
973}
974
975static void
976ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
977 unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac,
978 unsigned long alg_ssl, unsigned long algo_strength,
979 int rule, int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
980{
981 CIPHER_ORDER *head, *tail, *curr, *next, *last;
982 const SSL_CIPHER *cp;
983 int reverse = 0;
984
985
986 if (rule == CIPHER_DEL)
987 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
988
989 head = *head_p;
990 tail = *tail_p;
991
992 if (reverse) {
993 next = tail;
994 last = head;
995 } else {
996 next = head;
997 last = tail;
998 }
999
1000 curr = NULL;
1001 for (;;) {
1002 if (curr == last)
1003 break;
1004 curr = next;
1005 next = reverse ? curr->prev : curr->next;
1006
1007 cp = curr->cipher;
1008
1009 /*
1010 * Selection criteria is either the value of strength_bits
1011 * or the algorithms used.
1012 */
1013 if (strength_bits >= 0) {
1014 if (strength_bits != cp->strength_bits)
1015 continue;
1016 } else {
1017
1018 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
1019 continue;
1020 if (alg_auth && !(alg_auth & cp->algorithm_auth))
1021 continue;
1022 if (alg_enc && !(alg_enc & cp->algorithm_enc))
1023 continue;
1024 if (alg_mac && !(alg_mac & cp->algorithm_mac))
1025 continue;
1026 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
1027 continue;
1028 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
1029 continue;
1030 }
1031
1032
1033 /* add the cipher if it has not been added yet. */
1034 if (rule == CIPHER_ADD) {
1035 /* reverse == 0 */
1036 if (!curr->active) {
1037 ll_append_tail(&head, curr, &tail);
1038 curr->active = 1;
1039 }
1040 }
1041 /* Move the added cipher to this location */
1042 else if (rule == CIPHER_ORD) {
1043 /* reverse == 0 */
1044 if (curr->active) {
1045 ll_append_tail(&head, curr, &tail);
1046 }
1047 } else if (rule == CIPHER_DEL) {
1048 /* reverse == 1 */
1049 if (curr->active) {
1050 /* most recently deleted ciphersuites get best positions
1051 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
1052 * works in reverse to maintain the order) */
1053 ll_append_head(&head, curr, &tail);
1054 curr->active = 0;
1055 }
1056 } else if (rule == CIPHER_KILL) {
1057 /* reverse == 0 */
1058 if (head == curr)
1059 head = curr->next;
1060 else
1061 curr->prev->next = curr->next;
1062 if (tail == curr)
1063 tail = curr->prev;
1064 curr->active = 0;
1065 if (curr->next != NULL)
1066 curr->next->prev = curr->prev;
1067 if (curr->prev != NULL)
1068 curr->prev->next = curr->next;
1069 curr->next = NULL;
1070 curr->prev = NULL;
1071 }
1072 }
1073
1074 *head_p = head;
1075 *tail_p = tail;
1076}
1077
1078static int
1079ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
1080{
1081 int max_strength_bits, i, *number_uses;
1082 CIPHER_ORDER *curr;
1083
1084 /*
1085 * This routine sorts the ciphers with descending strength. The sorting
1086 * must keep the pre-sorted sequence, so we apply the normal sorting
1087 * routine as '+' movement to the end of the list.
1088 */
1089 max_strength_bits = 0;
1090 curr = *head_p;
1091 while (curr != NULL) {
1092 if (curr->active &&
1093 (curr->cipher->strength_bits > max_strength_bits))
1094 max_strength_bits = curr->cipher->strength_bits;
1095 curr = curr->next;
1096 }
1097
1098 number_uses = calloc((max_strength_bits + 1), sizeof(int));
1099 if (!number_uses) {
1100 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
1101 return (0);
1102 }
1103
1104 /*
1105 * Now find the strength_bits values actually used
1106 */
1107 curr = *head_p;
1108 while (curr != NULL) {
1109 if (curr->active)
1110 number_uses[curr->cipher->strength_bits]++;
1111 curr = curr->next;
1112 }
1113 /*
1114 * Go through the list of used strength_bits values in descending
1115 * order.
1116 */
1117 for (i = max_strength_bits; i >= 0; i--)
1118 if (number_uses[i] > 0)
1119 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
1120
1121 free(number_uses);
1122 return (1);
1123}
1124
1125static int
1126ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
1127 CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list)
1128{
1129 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
1130 unsigned long algo_strength;
1131 int j, multi, found, rule, retval, ok, buflen;
1132 unsigned long cipher_id = 0;
1133 const char *l, *buf;
1134 char ch;
1135
1136 retval = 1;
1137 l = rule_str;
1138 for (;;) {
1139 ch = *l;
1140
1141 if (ch == '\0')
1142 break;
1143
1144 if (ch == '-') {
1145 rule = CIPHER_DEL;
1146 l++;
1147 } else if (ch == '+') {
1148 rule = CIPHER_ORD;
1149 l++;
1150 } else if (ch == '!') {
1151 rule = CIPHER_KILL;
1152 l++;
1153 } else if (ch == '@') {
1154 rule = CIPHER_SPECIAL;
1155 l++;
1156 } else {
1157 rule = CIPHER_ADD;
1158 }
1159
1160 if (ITEM_SEP(ch)) {
1161 l++;
1162 continue;
1163 }
1164
1165 alg_mkey = 0;
1166 alg_auth = 0;
1167 alg_enc = 0;
1168 alg_mac = 0;
1169 alg_ssl = 0;
1170 algo_strength = 0;
1171
1172 for (;;) {
1173 ch = *l;
1174 buf = l;
1175 buflen = 0;
1176 while (((ch >= 'A') && (ch <= 'Z')) ||
1177 ((ch >= '0') && (ch <= '9')) ||
1178 ((ch >= 'a') && (ch <= 'z')) ||
1179 (ch == '-') || (ch == '.')) {
1180 ch = *(++l);
1181 buflen++;
1182 }
1183
1184 if (buflen == 0) {
1185 /*
1186 * We hit something we cannot deal with,
1187 * it is no command or separator nor
1188 * alphanumeric, so we call this an error.
1189 */
1190 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1191 SSL_R_INVALID_COMMAND);
1192 retval = found = 0;
1193 l++;
1194 break;
1195 }
1196
1197 if (rule == CIPHER_SPECIAL) {
1198 /* unused -- avoid compiler warning */
1199 found = 0;
1200 /* special treatment */
1201 break;
1202 }
1203
1204 /* check for multi-part specification */
1205 if (ch == '+') {
1206 multi = 1;
1207 l++;
1208 } else
1209 multi = 0;
1210
1211 /*
1212 * Now search for the cipher alias in the ca_list.
1213 * Be careful with the strncmp, because the "buflen"
1214 * limitation will make the rule "ADH:SOME" and the
1215 * cipher "ADH-MY-CIPHER" look like a match for
1216 * buflen=3. So additionally check whether the cipher
1217 * name found has the correct length. We can save a
1218 * strlen() call: just checking for the '\0' at the
1219 * right place is sufficient, we have to strncmp()
1220 * anyway (we cannot use strcmp(), because buf is not
1221 * '\0' terminated.)
1222 */
1223 j = found = 0;
1224 cipher_id = 0;
1225 while (ca_list[j]) {
1226 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1227 (ca_list[j]->name[buflen] == '\0')) {
1228 found = 1;
1229 break;
1230 } else
1231 j++;
1232 }
1233
1234 if (!found)
1235 break; /* ignore this entry */
1236
1237 if (ca_list[j]->algorithm_mkey) {
1238 if (alg_mkey) {
1239 alg_mkey &= ca_list[j]->algorithm_mkey;
1240 if (!alg_mkey) {
1241 found = 0;
1242 break;
1243 }
1244 } else
1245 alg_mkey = ca_list[j]->algorithm_mkey;
1246 }
1247
1248 if (ca_list[j]->algorithm_auth) {
1249 if (alg_auth) {
1250 alg_auth &= ca_list[j]->algorithm_auth;
1251 if (!alg_auth) {
1252 found = 0;
1253 break;
1254 }
1255 } else
1256 alg_auth = ca_list[j]->algorithm_auth;
1257 }
1258
1259 if (ca_list[j]->algorithm_enc) {
1260 if (alg_enc) {
1261 alg_enc &= ca_list[j]->algorithm_enc;
1262 if (!alg_enc) {
1263 found = 0;
1264 break;
1265 }
1266 } else
1267 alg_enc = ca_list[j]->algorithm_enc;
1268 }
1269
1270 if (ca_list[j]->algorithm_mac) {
1271 if (alg_mac) {
1272 alg_mac &= ca_list[j]->algorithm_mac;
1273 if (!alg_mac) {
1274 found = 0;
1275 break;
1276 }
1277 } else
1278 alg_mac = ca_list[j]->algorithm_mac;
1279 }
1280
1281 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
1282 if (algo_strength & SSL_STRONG_MASK) {
1283 algo_strength &=
1284 (ca_list[j]->algo_strength &
1285 SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1286 if (!(algo_strength &
1287 SSL_STRONG_MASK)) {
1288 found = 0;
1289 break;
1290 }
1291 } else
1292 algo_strength |=
1293 ca_list[j]->algo_strength &
1294 SSL_STRONG_MASK;
1295 }
1296
1297 if (ca_list[j]->valid) {
1298 /*
1299 * explicit ciphersuite found; its protocol
1300 * version does not become part of the search
1301 * pattern!
1302 */
1303 cipher_id = ca_list[j]->id;
1304 } else {
1305 /*
1306 * not an explicit ciphersuite; only in this
1307 * case, the protocol version is considered
1308 * part of the search pattern
1309 */
1310 if (ca_list[j]->algorithm_ssl) {
1311 if (alg_ssl) {
1312 alg_ssl &=
1313 ca_list[j]->algorithm_ssl;
1314 if (!alg_ssl) {
1315 found = 0;
1316 break;
1317 }
1318 } else
1319 alg_ssl =
1320 ca_list[j]->algorithm_ssl;
1321 }
1322 }
1323
1324 if (!multi)
1325 break;
1326 }
1327
1328 /*
1329 * Ok, we have the rule, now apply it
1330 */
1331 if (rule == CIPHER_SPECIAL) {
1332 /* special command */
1333 ok = 0;
1334 if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
1335 ok = ssl_cipher_strength_sort(head_p, tail_p);
1336 else
1337 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1338 SSL_R_INVALID_COMMAND);
1339 if (ok == 0)
1340 retval = 0;
1341 /*
1342 * We do not support any "multi" options
1343 * together with "@", so throw away the
1344 * rest of the command, if any left, until
1345 * end or ':' is found.
1346 */
1347 while ((*l != '\0') && !ITEM_SEP(*l))
1348 l++;
1349 } else if (found) {
1350 ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth,
1351 alg_enc, alg_mac, alg_ssl, algo_strength, rule,
1352 -1, head_p, tail_p);
1353 } else {
1354 while ((*l != '\0') && !ITEM_SEP(*l))
1355 l++;
1356 }
1357 if (*l == '\0')
1358 break; /* done */
1359 }
1360
1361 return (retval);
1362}
1363
1364static inline int
1365ssl_aes_is_accelerated(void)
1366{
1367#if defined(__i386__) || defined(__x86_64__)
1368 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);
1369#else
1370 return (0);
1371#endif
1372}
1373
1374STACK_OF(SSL_CIPHER) *
1375ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1376 STACK_OF(SSL_CIPHER) **cipher_list,
1377 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1378 const char *rule_str)
1379{
1380 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1381 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1382 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1383 const char *rule_p;
1384 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1385 const SSL_CIPHER **ca_list = NULL;
1386
1387 /*
1388 * Return with error if nothing to do.
1389 */
1390 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
1391 return NULL;
1392
1393 /*
1394 * To reduce the work to do we only want to process the compiled
1395 * in algorithms, so we first get the mask of disabled ciphers.
1396 */
1397 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1398
1399 /*
1400 * Now we have to collect the available ciphers from the compiled
1401 * in ciphers. We cannot get more than the number compiled in, so
1402 * it is used for allocation.
1403 */
1404 num_of_ciphers = ssl_method->num_ciphers();
1405 co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
1406 if (co_list == NULL) {
1407 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1408 return(NULL); /* Failure */
1409 }
1410
1411 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1412 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1413 co_list, &head, &tail);
1414
1415
1416 /* Now arrange all ciphers by preference: */
1417
1418 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1419 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1420 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1421
1422 if (ssl_aes_is_accelerated() == 1) {
1423 /*
1424 * We have hardware assisted AES - prefer AES as a symmetric
1425 * cipher, with CHACHA20 second.
1426 */
1427 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
1428 CIPHER_ADD, -1, &head, &tail);
1429 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
1430 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1431 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
1432 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1433 } else {
1434 /*
1435 * CHACHA20 is fast and safe on all hardware and is thus our
1436 * preferred symmetric cipher, with AES second.
1437 */
1438 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
1439 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1440 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
1441 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1442 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
1443 CIPHER_ADD, -1, &head, &tail);
1444 }
1445
1446 /* Temporarily enable everything else for sorting */
1447 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1448
1449 /* Low priority for MD5 */
1450 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1451
1452 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1453 * (For applications that allow them, they aren't too bad, but we prefer
1454 * authenticated ciphers.) */
1455 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1456
1457 /* Move ciphers without forward secrecy to the end */
1458 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1459 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1460
1461 /* RC4 is sort of broken - move it to the end */
1462 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1463
1464 /* Now sort by symmetric encryption strength. The above ordering remains
1465 * in force within each class */
1466 if (!ssl_cipher_strength_sort(&head, &tail)) {
1467 free(co_list);
1468 return NULL;
1469 }
1470
1471 /* Now disable everything (maintaining the ordering!) */
1472 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1473
1474
1475 /*
1476 * We also need cipher aliases for selecting based on the rule_str.
1477 * There might be two types of entries in the rule_str: 1) names
1478 * of ciphers themselves 2) aliases for groups of ciphers.
1479 * For 1) we need the available ciphers and for 2) the cipher
1480 * groups of cipher_aliases added together in one list (otherwise
1481 * we would be happy with just the cipher_aliases table).
1482 */
1483 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1484 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1485 ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
1486 if (ca_list == NULL) {
1487 free(co_list);
1488 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1489 return(NULL); /* Failure */
1490 }
1491 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1492 disabled_mkey, disabled_auth, disabled_enc,
1493 disabled_mac, disabled_ssl, head);
1494
1495 /*
1496 * If the rule_string begins with DEFAULT, apply the default rule
1497 * before using the (possibly available) additional rules.
1498 */
1499 ok = 1;
1500 rule_p = rule_str;
1501 if (strncmp(rule_str, "DEFAULT", 7) == 0) {
1502 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1503 &head, &tail, ca_list);
1504 rule_p += 7;
1505 if (*rule_p == ':')
1506 rule_p++;
1507 }
1508
1509 if (ok && (strlen(rule_p) > 0))
1510 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1511
1512 free((void *)ca_list); /* Not needed anymore */
1513
1514 if (!ok) {
1515 /* Rule processing failure */
1516 free(co_list);
1517 return (NULL);
1518 }
1519
1520 /*
1521 * Allocate new "cipherstack" for the result, return with error
1522 * if we cannot get one.
1523 */
1524 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
1525 free(co_list);
1526 return (NULL);
1527 }
1528
1529 /*
1530 * The cipher selection for the list is done. The ciphers are added
1531 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1532 */
1533 for (curr = head; curr != NULL; curr = curr->next) {
1534 if (curr->active) {
1535 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1536 }
1537 }
1538 free(co_list); /* Not needed any longer */
1539
1540 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1541 if (tmp_cipher_list == NULL) {
1542 sk_SSL_CIPHER_free(cipherstack);
1543 return NULL;
1544 }
1545 if (*cipher_list != NULL)
1546 sk_SSL_CIPHER_free(*cipher_list);
1547 *cipher_list = cipherstack;
1548 if (*cipher_list_by_id != NULL)
1549 sk_SSL_CIPHER_free(*cipher_list_by_id);
1550 *cipher_list_by_id = tmp_cipher_list;
1551 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
1552 ssl_cipher_ptr_id_cmp);
1553
1554 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1555 return (cipherstack);
1556}
1557
1558const SSL_CIPHER *
1559SSL_CIPHER_get_by_id(unsigned int id)
1560{
1561 return ssl3_get_cipher_by_id(id);
1562}
1563
1564const SSL_CIPHER *
1565SSL_CIPHER_get_by_value(uint16_t value)
1566{
1567 return ssl3_get_cipher_by_value(value);
1568}
1569
1570char *
1571SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1572{
1573 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1574 const char *ver, *kx, *au, *enc, *mac;
1575 char *ret;
1576 int l;
1577
1578 alg_mkey = cipher->algorithm_mkey;
1579 alg_auth = cipher->algorithm_auth;
1580 alg_enc = cipher->algorithm_enc;
1581 alg_mac = cipher->algorithm_mac;
1582 alg_ssl = cipher->algorithm_ssl;
1583
1584 alg2 = cipher->algorithm2;
1585
1586 if (alg_ssl & SSL_SSLV3)
1587 ver = "SSLv3";
1588 else if (alg_ssl & SSL_TLSV1_2)
1589 ver = "TLSv1.2";
1590 else
1591 ver = "unknown";
1592
1593 switch (alg_mkey) {
1594 case SSL_kRSA:
1595 kx = "RSA";
1596 break;
1597 case SSL_kDHE:
1598 kx = "DH";
1599 break;
1600 case SSL_kECDHr:
1601 kx = "ECDH/RSA";
1602 break;
1603 case SSL_kECDHe:
1604 kx = "ECDH/ECDSA";
1605 break;
1606 case SSL_kECDHE:
1607 kx = "ECDH";
1608 break;
1609 case SSL_kGOST:
1610 kx = "GOST";
1611 break;
1612 default:
1613 kx = "unknown";
1614 }
1615
1616 switch (alg_auth) {
1617 case SSL_aRSA:
1618 au = "RSA";
1619 break;
1620 case SSL_aDSS:
1621 au = "DSS";
1622 break;
1623 case SSL_aECDH:
1624 au = "ECDH";
1625 break;
1626 case SSL_aNULL:
1627 au = "None";
1628 break;
1629 case SSL_aECDSA:
1630 au = "ECDSA";
1631 break;
1632 case SSL_aGOST01:
1633 au = "GOST01";
1634 break;
1635 default:
1636 au = "unknown";
1637 break;
1638 }
1639
1640 switch (alg_enc) {
1641 case SSL_DES:
1642 enc = "DES(56)";
1643 break;
1644 case SSL_3DES:
1645 enc = "3DES(168)";
1646 break;
1647 case SSL_RC4:
1648 enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)";
1649 break;
1650 case SSL_IDEA:
1651 enc = "IDEA(128)";
1652 break;
1653 case SSL_eNULL:
1654 enc = "None";
1655 break;
1656 case SSL_AES128:
1657 enc = "AES(128)";
1658 break;
1659 case SSL_AES256:
1660 enc = "AES(256)";
1661 break;
1662 case SSL_AES128GCM:
1663 enc = "AESGCM(128)";
1664 break;
1665 case SSL_AES256GCM:
1666 enc = "AESGCM(256)";
1667 break;
1668 case SSL_CAMELLIA128:
1669 enc = "Camellia(128)";
1670 break;
1671 case SSL_CAMELLIA256:
1672 enc = "Camellia(256)";
1673 break;
1674 case SSL_CHACHA20POLY1305:
1675 enc = "ChaCha20-Poly1305";
1676 break;
1677 case SSL_CHACHA20POLY1305_OLD:
1678 enc = "ChaCha20-Poly1305-Old";
1679 break;
1680 case SSL_eGOST2814789CNT:
1681 enc = "GOST-28178-89-CNT";
1682 break;
1683 default:
1684 enc = "unknown";
1685 break;
1686 }
1687
1688 switch (alg_mac) {
1689 case SSL_MD5:
1690 mac = "MD5";
1691 break;
1692 case SSL_SHA1:
1693 mac = "SHA1";
1694 break;
1695 case SSL_SHA256:
1696 mac = "SHA256";
1697 break;
1698 case SSL_SHA384:
1699 mac = "SHA384";
1700 break;
1701 case SSL_AEAD:
1702 mac = "AEAD";
1703 break;
1704 case SSL_GOST94:
1705 mac = "GOST94";
1706 break;
1707 case SSL_GOST89MAC:
1708 mac = "GOST89IMIT";
1709 break;
1710 case SSL_STREEBOG256:
1711 mac = "STREEBOG256";
1712 break;
1713 case SSL_STREEBOG512:
1714 mac = "STREEBOG512";
1715 break;
1716 default:
1717 mac = "unknown";
1718 break;
1719 }
1720
1721 if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n",
1722 cipher->name, ver, kx, au, enc, mac) == -1)
1723 return "OPENSSL_malloc Error";
1724
1725 if (buf != NULL) {
1726 l = strlcpy(buf, ret, len);
1727 free(ret);
1728 ret = buf;
1729 if (l >= len)
1730 ret = "Buffer too small";
1731 }
1732
1733 return (ret);
1734}
1735
1736char *
1737SSL_CIPHER_get_version(const SSL_CIPHER *c)
1738{
1739 if (c == NULL)
1740 return("(NONE)");
1741 if ((c->id >> 24) == 3)
1742 return("TLSv1/SSLv3");
1743 else
1744 return("unknown");
1745}
1746
1747/* return the actual cipher being used */
1748const char *
1749SSL_CIPHER_get_name(const SSL_CIPHER *c)
1750{
1751 if (c != NULL)
1752 return (c->name);
1753 return("(NONE)");
1754}
1755
1756/* number of bits for symmetric cipher */
1757int
1758SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1759{
1760 int ret = 0;
1761
1762 if (c != NULL) {
1763 if (alg_bits != NULL)
1764 *alg_bits = c->alg_bits;
1765 ret = c->strength_bits;
1766 }
1767 return (ret);
1768}
1769
1770unsigned long
1771SSL_CIPHER_get_id(const SSL_CIPHER *c)
1772{
1773 return c->id;
1774}
1775
1776uint16_t
1777SSL_CIPHER_get_value(const SSL_CIPHER *c)
1778{
1779 return ssl3_cipher_get_value(c);
1780}
1781
1782void *
1783SSL_COMP_get_compression_methods(void)
1784{
1785 return NULL;
1786}
1787
1788int
1789SSL_COMP_add_compression_method(int id, void *cm)
1790{
1791 return 1;
1792}
1793
1794const char *
1795SSL_COMP_get_name(const void *comp)
1796{
1797 return NULL;
1798}
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 04742b60ca..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,615 +0,0 @@
1/* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62
63#include <openssl/err.h>
64#include <openssl/ssl.h>
65
66/* BEGIN ERROR CODES */
67#ifndef OPENSSL_NO_ERR
68
69#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
70#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
71
72static ERR_STRING_DATA SSL_str_functs[]= {
73 {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
74 {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
75 {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
76 {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
77 {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
78 {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
79 {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
80 {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
81 {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
82 {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
83 {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
84 {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
85 {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
86 {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
87 {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
88 {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
89 {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
90 {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
91 {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
92 {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"},
93 {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
94 {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
95 {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
96 {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
97 {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
98 {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
99 {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
100 {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
101 {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
102 {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
103 {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
104 {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
105 {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
106 {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
107 {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
108 {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
109 {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
110 {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
111 {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
112 {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
113 {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
114 {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
115 {ERR_FUNC(SSL_F_READ_N), "READ_N"},
116 {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
117 {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
118 {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
119 {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
120 {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
121 {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
122 {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
123 {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
124 {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
125 {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
126 {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
127 {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
128 {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
129 {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
130 {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
131 {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
132 {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
133 {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
134 {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
135 {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
136 {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
137 {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
138 {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
139 {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
140 {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
141 {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
142 {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
143 {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
144 {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
145 {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
146 {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
147 {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"},
148 {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
149 {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
150 {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
151 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
152 {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
153 {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
154 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
155 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
156 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
157 {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
158 {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
159 {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
160 {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
161 {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
162 {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
163 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
164 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
165 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
166 {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
167 {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
168 {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
169 {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
170 {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
171 {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
172 {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
173 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
174 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
175 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
176 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
177 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
178 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
179 {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
180 {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
181 {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
182 {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
183 {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
184 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
185 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
186 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
187 {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
188 {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
189 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
190 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
191 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
192 {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
193 {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
194 {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
195 {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
196 {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
197 {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
198 {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
199 {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
200 {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
201 {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
202 {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
203 {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
204 {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
205 {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
206 {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
207 {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
208 {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"},
209 {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
210 {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
211 {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
212 {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
213 {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
214 {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
215 {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
216 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
217 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
218 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
219 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
220 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
221 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
222 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
223 {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
224 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
225 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
226 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
227 {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
228 {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
229 {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
230 {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
231 {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
232 {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
233 {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
234 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
235 {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
236 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
237 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
238 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
239 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
240 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
241 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
242 {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
243 {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
244 {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
245 {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
246 {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
247 {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
248 {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
249 {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
250 {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"},
251 {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
252 {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
253 {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
254 {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
255 {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
256 {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
257 {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
258 {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
259 {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
260 {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
261 {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
262 {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
263 {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
264 {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
265 {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
266 {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
267 {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
268 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
269 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
270 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
271 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
272 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
273 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
274 {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
275 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
276 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
277 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
278 {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
279 {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
280 {ERR_FUNC(SSL_F_TLS1_AEAD_CTX_INIT), "TLS1_AEAD_CTX_INIT"},
281 {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
282 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
283 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD), "TLS1_CHANGE_CIPHER_STATE_AEAD"},
284 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER), "TLS1_CHANGE_CIPHER_STATE_CIPHER"},
285 {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"},
286 {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
287 {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"},
288 {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"},
289 {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
290 {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
291 {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
292 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
293 {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
294 {0, NULL}
295};
296
297static ERR_STRING_DATA SSL_str_reasons[]= {
298 {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"},
299 {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"},
300 {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"},
301 {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"},
302 {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
303 {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"},
304 {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"},
305 {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"},
306 {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"},
307 {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"},
308 {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"},
309 {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"},
310 {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"},
311 {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"},
312 {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"},
313 {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"},
314 {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"},
315 {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"},
316 {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"},
317 {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"},
318 {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"},
319 {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"},
320 {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"},
321 {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"},
322 {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"},
323 {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"},
324 {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"},
325 {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"},
326 {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"},
327 {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
328 {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"},
329 {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"},
330 {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"},
331 {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"},
332 {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"},
333 {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"},
334 {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"},
335 {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"},
336 {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"},
337 {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"},
338 {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"},
339 {ERR_REASON(SSL_R_BAD_STATE) , "bad state"},
340 {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"},
341 {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"},
342 {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"},
343 {ERR_REASON(SSL_R_BN_LIB) , "bn lib"},
344 {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"},
345 {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"},
346 {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"},
347 {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
348 {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"},
349 {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"},
350 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
351 {ERR_REASON(SSL_R_CIPHER_COMPRESSION_UNAVAILABLE), "cipher compression unavailable"},
352 {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"},
353 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"},
354 {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"},
355 {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"},
356 {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"},
357 {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"},
358 {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"},
359 {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"},
360 {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"},
361 {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
362 {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"},
363 {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"},
364 {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"},
365 {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"},
366 {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"},
367 {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"},
368 {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"},
369 {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"},
370 {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
371 {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"},
372 {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
373 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"},
374 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"},
375 {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"},
376 {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"},
377 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
378 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"},
379 {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"},
380 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
381 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"},
382 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
383 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"},
384 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"},
385 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"},
386 {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"},
387 {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"},
388 {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
389 {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
390 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"},
391 {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"},
392 {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"},
393 {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"},
394 {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"},
395 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
396 {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"},
397 {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"},
398 {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"},
399 {ERR_REASON(SSL_R_KRB5) , "krb5"},
400 {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"},
401 {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"},
402 {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"},
403 {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"},
404 {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"},
405 {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"},
406 {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"},
407 {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"},
408 {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"},
409 {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"},
410 {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"},
411 {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"},
412 {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"},
413 {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
414 {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"},
415 {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"},
416 {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"},
417 {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"},
418 {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
419 {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"},
420 {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"},
421 {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
422 {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"},
423 {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
424 {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"},
425 {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"},
426 {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"},
427 {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"},
428 {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"},
429 {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
430 {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"},
431 {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"},
432 {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
433 {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
434 {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
435 {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"},
436 {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"},
437 {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"},
438 {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"},
439 {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"},
440 {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"},
441 {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"},
442 {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
443 {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
444 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
445 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"},
446 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"},
447 {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"},
448 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
449 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
450 {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"},
451 {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"},
452 {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"},
453 {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"},
454 {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"},
455 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"},
456 {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"},
457 {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
458 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"},
459 {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"},
460 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"},
461 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
462 {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"},
463 {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"},
464 {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"},
465 {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"},
466 {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"},
467 {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"},
468 {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"},
469 {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"},
470 {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
471 {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"},
472 {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"},
473 {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
474 {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"},
475 {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"},
476 {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
477 {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"},
478 {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"},
479 {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"},
480 {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"},
481 {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
482 {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
483 {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"},
484 {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"},
485 {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
486 {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"},
487 {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
488 {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
489 {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"},
490 {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"},
491 {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"},
492 {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"},
493 {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"},
494 {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"},
495 {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"},
496 {ERR_REASON(SSL_R_SHORT_READ) , "short read"},
497 {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"},
498 {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"},
499 {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"},
500 {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"},
501 {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"},
502 {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"},
503 {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"},
504 {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"},
505 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"},
506 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"},
507 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"},
508 {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
509 {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"},
510 {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"},
511 {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"},
512 {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"},
513 {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"},
514 {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"},
515 {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"},
516 {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"},
517 {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"},
518 {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"},
519 {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"},
520 {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"},
521 {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"},
522 {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"},
523 {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"},
524 {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"},
525 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
526 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"},
527 {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"},
528 {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"},
529 {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"},
530 {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
531 {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"},
532 {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"},
533 {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"},
534 {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"},
535 {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"},
536 {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"},
537 {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"},
538 {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"},
539 {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"},
540 {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
541 {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"},
542 {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"},
543 {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"},
544 {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"},
545 {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
546 {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"},
547 {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"},
548 {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbeats"},
549 {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"},
550 {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"},
551 {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"},
552 {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"},
553 {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"},
554 {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"},
555 {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
556 {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"},
557 {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"},
558 {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"},
559 {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"},
560 {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"},
561 {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"},
562 {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"},
563 {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"},
564 {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"},
565 {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"},
566 {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"},
567 {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"},
568 {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"},
569 {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
570 {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
571 {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"},
572 {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"},
573 {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"},
574 {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"},
575 {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"},
576 {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"},
577 {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"},
578 {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"},
579 {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"},
580 {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"},
581 {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"},
582 {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"},
583 {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"},
584 {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"},
585 {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
586 {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
587 {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
588 {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"},
589 {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
590 {ERR_REASON(SSL_R_WRONG_CURVE) , "wrong curve"},
591 {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"},
592 {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
593 {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
594 {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"},
595 {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"},
596 {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"},
597 {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"},
598 {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"},
599 {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
600 {0, NULL}
601};
602
603#endif
604
605void
606ERR_load_SSL_strings(void)
607{
608#ifndef OPENSSL_NO_ERR
609
610 if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
611 ERR_load_strings(0, SSL_str_functs);
612 ERR_load_strings(0, SSL_str_reasons);
613 }
614#endif
615}
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index 9aad13cdc5..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* $OpenBSD: ssl_err2.c,v 1.7 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/ssl.h>
63
64void
65SSL_load_error_strings(void)
66{
67#ifndef OPENSSL_NO_ERR
68 ERR_load_crypto_strings();
69 ERR_load_SSL_strings();
70#endif
71}
72
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 5b9b952e72..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3062 +0,0 @@
1/* $OpenBSD: ssl_lib.c,v 1.116 2015/10/25 15:52:49 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144
145#include "ssl_locl.h"
146
147#include <openssl/bn.h>
148#include <openssl/dh.h>
149#include <openssl/lhash.h>
150#include <openssl/objects.h>
151#include <openssl/ocsp.h>
152#include <openssl/x509v3.h>
153
154#ifndef OPENSSL_NO_ENGINE
155#include <openssl/engine.h>
156#endif
157
158#include "bytestring.h"
159
160const char *SSL_version_str = OPENSSL_VERSION_TEXT;
161
162SSL3_ENC_METHOD ssl3_undef_enc_method = {
163 /*
164 * Evil casts, but these functions are only called if there's a
165 * library bug.
166 */
167 .enc = (int (*)(SSL *, int))ssl_undefined_function,
168 .mac = (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 .setup_key_block = ssl_undefined_function,
170 .generate_master_secret = (int (*)(SSL *, unsigned char *,
171 unsigned char *, int))ssl_undefined_function,
172 .change_cipher_state = (int (*)(SSL*, int))ssl_undefined_function,
173 .final_finish_mac = (int (*)(SSL *, const char*, int,
174 unsigned char *))ssl_undefined_function,
175 .finish_mac_length = 0,
176 .cert_verify_mac = (int (*)(SSL *, int,
177 unsigned char *))ssl_undefined_function,
178 .client_finished_label = NULL,
179 .client_finished_label_len = 0,
180 .server_finished_label = NULL,
181 .server_finished_label_len = 0,
182 .alert_value = (int (*)(int))ssl_undefined_function,
183 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t,
184 const char *, size_t, const unsigned char *, size_t,
185 int use_context))ssl_undefined_function,
186 .enc_flags = 0,
187};
188
189int
190SSL_clear(SSL *s)
191{
192 if (s->method == NULL) {
193 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
194 return (0);
195 }
196
197 if (ssl_clear_bad_session(s)) {
198 SSL_SESSION_free(s->session);
199 s->session = NULL;
200 }
201
202 s->error = 0;
203 s->hit = 0;
204 s->shutdown = 0;
205
206 if (s->renegotiate) {
207 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
208 return (0);
209 }
210
211 s->type = 0;
212
213 s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
214
215 s->version = s->method->version;
216 s->client_version = s->version;
217 s->rwstate = SSL_NOTHING;
218 s->rstate = SSL_ST_READ_HEADER;
219
220 BUF_MEM_free(s->init_buf);
221 s->init_buf = NULL;
222
223 ssl_clear_cipher_ctx(s);
224 ssl_clear_hash_ctx(&s->read_hash);
225 ssl_clear_hash_ctx(&s->write_hash);
226
227 s->first_packet = 0;
228
229 /*
230 * Check to see if we were changed into a different method, if
231 * so, revert back if we are not doing session-id reuse.
232 */
233 if (!s->in_handshake && (s->session == NULL) &&
234 (s->method != s->ctx->method)) {
235 s->method->ssl_free(s);
236 s->method = s->ctx->method;
237 if (!s->method->ssl_new(s))
238 return (0);
239 } else
240 s->method->ssl_clear(s);
241
242 return (1);
243}
244
245/* Used to change an SSL_CTXs default SSL method type */
246int
247SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
248{
249 STACK_OF(SSL_CIPHER) *sk;
250
251 ctx->method = meth;
252
253 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
254 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
255 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
256 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
257 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
258 return (0);
259 }
260 return (1);
261}
262
263SSL *
264SSL_new(SSL_CTX *ctx)
265{
266 SSL *s;
267
268 if (ctx == NULL) {
269 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
270 return (NULL);
271 }
272 if (ctx->method == NULL) {
273 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
274 return (NULL);
275 }
276
277 s = calloc(1, sizeof(SSL));
278 if (s == NULL)
279 goto err;
280
281
282 s->options = ctx->options;
283 s->mode = ctx->mode;
284 s->max_cert_list = ctx->max_cert_list;
285
286 if (ctx->cert != NULL) {
287 /*
288 * Earlier library versions used to copy the pointer to
289 * the CERT, not its contents; only when setting new
290 * parameters for the per-SSL copy, ssl_cert_new would be
291 * called (and the direct reference to the per-SSL_CTX
292 * settings would be lost, but those still were indirectly
293 * accessed for various purposes, and for that reason they
294 * used to be known as s->ctx->default_cert).
295 * Now we don't look at the SSL_CTX's CERT after having
296 * duplicated it once.
297 */
298 s->cert = ssl_cert_dup(ctx->cert);
299 if (s->cert == NULL)
300 goto err;
301 } else
302 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
303
304 s->read_ahead = ctx->read_ahead;
305 s->msg_callback = ctx->msg_callback;
306 s->msg_callback_arg = ctx->msg_callback_arg;
307 s->verify_mode = ctx->verify_mode;
308 s->sid_ctx_length = ctx->sid_ctx_length;
309 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
310 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
311 s->verify_callback = ctx->default_verify_callback;
312 s->generate_session_id = ctx->generate_session_id;
313
314 s->param = X509_VERIFY_PARAM_new();
315 if (!s->param)
316 goto err;
317 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
318 s->quiet_shutdown = ctx->quiet_shutdown;
319 s->max_send_fragment = ctx->max_send_fragment;
320
321 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
322 s->ctx = ctx;
323 s->tlsext_debug_cb = 0;
324 s->tlsext_debug_arg = NULL;
325 s->tlsext_ticket_expected = 0;
326 s->tlsext_status_type = -1;
327 s->tlsext_status_expected = 0;
328 s->tlsext_ocsp_ids = NULL;
329 s->tlsext_ocsp_exts = NULL;
330 s->tlsext_ocsp_resp = NULL;
331 s->tlsext_ocsp_resplen = -1;
332 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
333 s->initial_ctx = ctx;
334 s->next_proto_negotiated = NULL;
335
336 if (s->ctx->alpn_client_proto_list != NULL) {
337 s->alpn_client_proto_list =
338 malloc(s->ctx->alpn_client_proto_list_len);
339 if (s->alpn_client_proto_list == NULL)
340 goto err;
341 memcpy(s->alpn_client_proto_list,
342 s->ctx->alpn_client_proto_list,
343 s->ctx->alpn_client_proto_list_len);
344 s->alpn_client_proto_list_len =
345 s->ctx->alpn_client_proto_list_len;
346 }
347
348 s->verify_result = X509_V_OK;
349
350 s->method = ctx->method;
351
352 if (!s->method->ssl_new(s))
353 goto err;
354
355 s->references = 1;
356 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
357
358 SSL_clear(s);
359
360 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
361
362 return (s);
363
364err:
365 SSL_free(s);
366 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
367 return (NULL);
368}
369
370int
371SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
372 unsigned int sid_ctx_len)
373{
374 if (sid_ctx_len > sizeof ctx->sid_ctx) {
375 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
376 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
377 return (0);
378 }
379 ctx->sid_ctx_length = sid_ctx_len;
380 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
381
382 return (1);
383}
384
385int
386SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
387 unsigned int sid_ctx_len)
388{
389 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
390 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
391 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
392 return (0);
393 }
394 ssl->sid_ctx_length = sid_ctx_len;
395 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
396
397 return (1);
398}
399
400int
401SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
402{
403 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
404 ctx->generate_session_id = cb;
405 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
406 return (1);
407}
408
409int
410SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
411{
412 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
413 ssl->generate_session_id = cb;
414 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
415 return (1);
416}
417
418int
419SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
420 unsigned int id_len)
421{
422 /*
423 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
424 * shows how we can "construct" a session to give us the desired
425 * check - ie. to find if there's a session in the hash table
426 * that would conflict with any new session built out of this
427 * id/id_len and the ssl_version in use by this SSL.
428 */
429 SSL_SESSION r, *p;
430
431 if (id_len > sizeof r.session_id)
432 return (0);
433
434 r.ssl_version = ssl->version;
435 r.session_id_length = id_len;
436 memcpy(r.session_id, id, id_len);
437
438 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
439 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
440 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
441 return (p != NULL);
442}
443
444int
445SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
446{
447 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
448}
449
450int
451SSL_set_purpose(SSL *s, int purpose)
452{
453 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
454}
455
456int
457SSL_CTX_set_trust(SSL_CTX *s, int trust)
458{
459 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
460}
461
462int
463SSL_set_trust(SSL *s, int trust)
464{
465 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
466}
467
468int
469SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
470{
471 return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
472}
473
474int
475SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
476{
477 return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
478}
479
480void
481SSL_free(SSL *s)
482{
483 int i;
484
485 if (s == NULL)
486 return;
487
488 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
489 if (i > 0)
490 return;
491
492 if (s->param)
493 X509_VERIFY_PARAM_free(s->param);
494
495 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
496
497 if (s->bbio != NULL) {
498 /* If the buffering BIO is in place, pop it off */
499 if (s->bbio == s->wbio) {
500 s->wbio = BIO_pop(s->wbio);
501 }
502 BIO_free(s->bbio);
503 s->bbio = NULL;
504 }
505
506 if (s->rbio != s->wbio)
507 BIO_free_all(s->rbio);
508 BIO_free_all(s->wbio);
509
510 if (s->init_buf != NULL)
511 BUF_MEM_free(s->init_buf);
512
513 /* add extra stuff */
514 if (s->cipher_list != NULL)
515 sk_SSL_CIPHER_free(s->cipher_list);
516 if (s->cipher_list_by_id != NULL)
517 sk_SSL_CIPHER_free(s->cipher_list_by_id);
518
519 /* Make the next call work :-) */
520 if (s->session != NULL) {
521 ssl_clear_bad_session(s);
522 SSL_SESSION_free(s->session);
523 }
524
525 ssl_clear_cipher_ctx(s);
526 ssl_clear_hash_ctx(&s->read_hash);
527 ssl_clear_hash_ctx(&s->write_hash);
528
529 if (s->cert != NULL)
530 ssl_cert_free(s->cert);
531 /* Free up if allocated */
532
533 free(s->tlsext_hostname);
534 SSL_CTX_free(s->initial_ctx);
535 free(s->tlsext_ecpointformatlist);
536 free(s->tlsext_ellipticcurvelist);
537 if (s->tlsext_ocsp_exts)
538 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
539 X509_EXTENSION_free);
540 if (s->tlsext_ocsp_ids)
541 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
542 free(s->tlsext_ocsp_resp);
543
544 if (s->client_CA != NULL)
545 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
546
547 if (s->method != NULL)
548 s->method->ssl_free(s);
549
550 SSL_CTX_free(s->ctx);
551
552
553 free(s->next_proto_negotiated);
554 free(s->alpn_client_proto_list);
555
556#ifndef OPENSSL_NO_SRTP
557 if (s->srtp_profiles)
558 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
559#endif
560
561 free(s);
562}
563
564void
565SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
566{
567 /* If the output buffering BIO is still in place, remove it */
568 if (s->bbio != NULL) {
569 if (s->wbio == s->bbio) {
570 s->wbio = s->wbio->next_bio;
571 s->bbio->next_bio = NULL;
572 }
573 }
574
575 if (s->rbio != rbio && s->rbio != s->wbio)
576 BIO_free_all(s->rbio);
577 if (s->wbio != wbio)
578 BIO_free_all(s->wbio);
579 s->rbio = rbio;
580 s->wbio = wbio;
581}
582
583BIO *
584SSL_get_rbio(const SSL *s)
585{
586 return (s->rbio);
587}
588
589BIO *
590SSL_get_wbio(const SSL *s)
591{
592 return (s->wbio);
593}
594
595int
596SSL_get_fd(const SSL *s)
597{
598 return (SSL_get_rfd(s));
599}
600
601int
602SSL_get_rfd(const SSL *s)
603{
604 int ret = -1;
605 BIO *b, *r;
606
607 b = SSL_get_rbio(s);
608 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
609 if (r != NULL)
610 BIO_get_fd(r, &ret);
611 return (ret);
612}
613
614int
615SSL_get_wfd(const SSL *s)
616{
617 int ret = -1;
618 BIO *b, *r;
619
620 b = SSL_get_wbio(s);
621 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
622 if (r != NULL)
623 BIO_get_fd(r, &ret);
624 return (ret);
625}
626
627int
628SSL_set_fd(SSL *s, int fd)
629{
630 int ret = 0;
631 BIO *bio = NULL;
632
633 bio = BIO_new(BIO_s_socket());
634
635 if (bio == NULL) {
636 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
637 goto err;
638 }
639 BIO_set_fd(bio, fd, BIO_NOCLOSE);
640 SSL_set_bio(s, bio, bio);
641 ret = 1;
642err:
643 return (ret);
644}
645
646int
647SSL_set_wfd(SSL *s, int fd)
648{
649 int ret = 0;
650 BIO *bio = NULL;
651
652 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
653 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
654 bio = BIO_new(BIO_s_socket());
655
656 if (bio == NULL) {
657 SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
658 goto err;
659 }
660 BIO_set_fd(bio, fd, BIO_NOCLOSE);
661 SSL_set_bio(s, SSL_get_rbio(s), bio);
662 } else
663 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
664 ret = 1;
665err:
666 return (ret);
667}
668
669int
670SSL_set_rfd(SSL *s, int fd)
671{
672 int ret = 0;
673 BIO *bio = NULL;
674
675 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
676 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
677 bio = BIO_new(BIO_s_socket());
678
679 if (bio == NULL) {
680 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
681 goto err;
682 }
683 BIO_set_fd(bio, fd, BIO_NOCLOSE);
684 SSL_set_bio(s, bio, SSL_get_wbio(s));
685 } else
686 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
687 ret = 1;
688err:
689 return (ret);
690}
691
692
693/* return length of latest Finished message we sent, copy to 'buf' */
694size_t
695SSL_get_finished(const SSL *s, void *buf, size_t count)
696{
697 size_t ret = 0;
698
699 if (s->s3 != NULL) {
700 ret = s->s3->tmp.finish_md_len;
701 if (count > ret)
702 count = ret;
703 memcpy(buf, s->s3->tmp.finish_md, count);
704 }
705 return (ret);
706}
707
708/* return length of latest Finished message we expected, copy to 'buf' */
709size_t
710SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
711{
712 size_t ret = 0;
713
714 if (s->s3 != NULL) {
715 ret = s->s3->tmp.peer_finish_md_len;
716 if (count > ret)
717 count = ret;
718 memcpy(buf, s->s3->tmp.peer_finish_md, count);
719 }
720 return (ret);
721}
722
723
724int
725SSL_get_verify_mode(const SSL *s)
726{
727 return (s->verify_mode);
728}
729
730int
731SSL_get_verify_depth(const SSL *s)
732{
733 return (X509_VERIFY_PARAM_get_depth(s->param));
734}
735
736int
737(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
738{
739 return (s->verify_callback);
740}
741
742int
743SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
744{
745 return (ctx->verify_mode);
746}
747
748int
749SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
750{
751 return (X509_VERIFY_PARAM_get_depth(ctx->param));
752}
753
754int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
755{
756 return (ctx->default_verify_callback);
757}
758
759void
760SSL_set_verify(SSL *s, int mode,
761 int (*callback)(int ok, X509_STORE_CTX *ctx))
762{
763 s->verify_mode = mode;
764 if (callback != NULL)
765 s->verify_callback = callback;
766}
767
768void
769SSL_set_verify_depth(SSL *s, int depth)
770{
771 X509_VERIFY_PARAM_set_depth(s->param, depth);
772}
773
774void
775SSL_set_read_ahead(SSL *s, int yes)
776{
777 s->read_ahead = yes;
778}
779
780int
781SSL_get_read_ahead(const SSL *s)
782{
783 return (s->read_ahead);
784}
785
786int
787SSL_pending(const SSL *s)
788{
789 /*
790 * SSL_pending cannot work properly if read-ahead is enabled
791 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
792 * and it is impossible to fix since SSL_pending cannot report
793 * errors that may be observed while scanning the new data.
794 * (Note that SSL_pending() is often used as a boolean value,
795 * so we'd better not return -1.)
796 */
797 return (s->method->ssl_pending(s));
798}
799
800X509 *
801SSL_get_peer_certificate(const SSL *s)
802{
803 X509 *r;
804
805 if ((s == NULL) || (s->session == NULL))
806 r = NULL;
807 else
808 r = s->session->peer;
809
810 if (r == NULL)
811 return (r);
812
813 CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
814
815 return (r);
816}
817
818STACK_OF(X509) *
819SSL_get_peer_cert_chain(const SSL *s)
820{
821 STACK_OF(X509) *r;
822
823 if ((s == NULL) || (s->session == NULL) ||
824 (s->session->sess_cert == NULL))
825 r = NULL;
826 else
827 r = s->session->sess_cert->cert_chain;
828
829 /*
830 * If we are a client, cert_chain includes the peer's own
831 * certificate;
832 * if we are a server, it does not.
833 */
834 return (r);
835}
836
837/*
838 * Now in theory, since the calling process own 't' it should be safe to
839 * modify. We need to be able to read f without being hassled
840 */
841void
842SSL_copy_session_id(SSL *t, const SSL *f)
843{
844 CERT *tmp;
845
846 /* Do we need to to SSL locking? */
847 SSL_set_session(t, SSL_get_session(f));
848
849 /*
850 * What if we are setup as SSLv2 but want to talk SSLv3 or
851 * vice-versa.
852 */
853 if (t->method != f->method) {
854 t->method->ssl_free(t); /* cleanup current */
855 t->method=f->method; /* change method */
856 t->method->ssl_new(t); /* setup new */
857 }
858
859 tmp = t->cert;
860 if (f->cert != NULL) {
861 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
862 t->cert = f->cert;
863 } else
864 t->cert = NULL;
865 if (tmp != NULL)
866 ssl_cert_free(tmp);
867 SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
868}
869
870/* Fix this so it checks all the valid key/cert options */
871int
872SSL_CTX_check_private_key(const SSL_CTX *ctx)
873{
874 if ((ctx == NULL) || (ctx->cert == NULL) ||
875 (ctx->cert->key->x509 == NULL)) {
876 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
877 SSL_R_NO_CERTIFICATE_ASSIGNED);
878 return (0);
879 }
880 if (ctx->cert->key->privatekey == NULL) {
881 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
882 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
883 return (0);
884 }
885 return (X509_check_private_key(ctx->cert->key->x509,
886 ctx->cert->key->privatekey));
887}
888
889/* Fix this function so that it takes an optional type parameter */
890int
891SSL_check_private_key(const SSL *ssl)
892{
893 if (ssl == NULL) {
894 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
895 ERR_R_PASSED_NULL_PARAMETER);
896 return (0);
897 }
898 if (ssl->cert == NULL) {
899 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
900 SSL_R_NO_CERTIFICATE_ASSIGNED);
901 return (0);
902 }
903 if (ssl->cert->key->x509 == NULL) {
904 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
905 SSL_R_NO_CERTIFICATE_ASSIGNED);
906 return (0);
907 }
908 if (ssl->cert->key->privatekey == NULL) {
909 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
910 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
911 return (0);
912 }
913 return (X509_check_private_key(ssl->cert->key->x509,
914 ssl->cert->key->privatekey));
915}
916
917int
918SSL_accept(SSL *s)
919{
920 if (s->handshake_func == NULL)
921 SSL_set_accept_state(s); /* Not properly initialized yet */
922
923 return (s->method->ssl_accept(s));
924}
925
926int
927SSL_connect(SSL *s)
928{
929 if (s->handshake_func == NULL)
930 SSL_set_connect_state(s); /* Not properly initialized yet */
931
932 return (s->method->ssl_connect(s));
933}
934
935long
936SSL_get_default_timeout(const SSL *s)
937{
938 return (s->method->get_timeout());
939}
940
941int
942SSL_read(SSL *s, void *buf, int num)
943{
944 if (s->handshake_func == NULL) {
945 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
946 return (-1);
947 }
948
949 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
950 s->rwstate = SSL_NOTHING;
951 return (0);
952 }
953 return (s->method->ssl_read(s, buf, num));
954}
955
956int
957SSL_peek(SSL *s, void *buf, int num)
958{
959 if (s->handshake_func == NULL) {
960 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
961 return (-1);
962 }
963
964 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
965 return (0);
966 }
967 return (s->method->ssl_peek(s, buf, num));
968}
969
970int
971SSL_write(SSL *s, const void *buf, int num)
972{
973 if (s->handshake_func == NULL) {
974 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
975 return (-1);
976 }
977
978 if (s->shutdown & SSL_SENT_SHUTDOWN) {
979 s->rwstate = SSL_NOTHING;
980 SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
981 return (-1);
982 }
983 return (s->method->ssl_write(s, buf, num));
984}
985
986int
987SSL_shutdown(SSL *s)
988{
989 /*
990 * Note that this function behaves differently from what one might
991 * expect. Return values are 0 for no success (yet),
992 * 1 for success; but calling it once is usually not enough,
993 * even if blocking I/O is used (see ssl3_shutdown).
994 */
995
996 if (s->handshake_func == NULL) {
997 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
998 return (-1);
999 }
1000
1001 if ((s != NULL) && !SSL_in_init(s))
1002 return (s->method->ssl_shutdown(s));
1003 else
1004 return (1);
1005}
1006
1007int
1008SSL_renegotiate(SSL *s)
1009{
1010 if (s->renegotiate == 0)
1011 s->renegotiate = 1;
1012
1013 s->new_session = 1;
1014
1015 return (s->method->ssl_renegotiate(s));
1016}
1017
1018int
1019SSL_renegotiate_abbreviated(SSL *s)
1020{
1021 if (s->renegotiate == 0)
1022 s->renegotiate = 1;
1023
1024 s->new_session = 0;
1025
1026 return (s->method->ssl_renegotiate(s));
1027}
1028
1029int
1030SSL_renegotiate_pending(SSL *s)
1031{
1032 /*
1033 * Becomes true when negotiation is requested;
1034 * false again once a handshake has finished.
1035 */
1036 return (s->renegotiate != 0);
1037}
1038
1039long
1040SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1041{
1042 long l;
1043
1044 switch (cmd) {
1045 case SSL_CTRL_GET_READ_AHEAD:
1046 return (s->read_ahead);
1047 case SSL_CTRL_SET_READ_AHEAD:
1048 l = s->read_ahead;
1049 s->read_ahead = larg;
1050 return (l);
1051
1052 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1053 s->msg_callback_arg = parg;
1054 return (1);
1055
1056 case SSL_CTRL_OPTIONS:
1057 return (s->options|=larg);
1058 case SSL_CTRL_CLEAR_OPTIONS:
1059 return (s->options&=~larg);
1060 case SSL_CTRL_MODE:
1061 return (s->mode|=larg);
1062 case SSL_CTRL_CLEAR_MODE:
1063 return (s->mode &=~larg);
1064 case SSL_CTRL_GET_MAX_CERT_LIST:
1065 return (s->max_cert_list);
1066 case SSL_CTRL_SET_MAX_CERT_LIST:
1067 l = s->max_cert_list;
1068 s->max_cert_list = larg;
1069 return (l);
1070 case SSL_CTRL_SET_MTU:
1071#ifndef OPENSSL_NO_DTLS1
1072 if (larg < (long)dtls1_min_mtu())
1073 return (0);
1074#endif
1075 if (SSL_IS_DTLS(s)) {
1076 s->d1->mtu = larg;
1077 return (larg);
1078 }
1079 return (0);
1080 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1081 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1082 return (0);
1083 s->max_send_fragment = larg;
1084 return (1);
1085 case SSL_CTRL_GET_RI_SUPPORT:
1086 if (s->s3)
1087 return (s->s3->send_connection_binding);
1088 else return (0);
1089 default:
1090 return (s->method->ssl_ctrl(s, cmd, larg, parg));
1091 }
1092}
1093
1094long
1095SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1096{
1097 switch (cmd) {
1098 case SSL_CTRL_SET_MSG_CALLBACK:
1099 s->msg_callback = (void (*)(int write_p, int version,
1100 int content_type, const void *buf, size_t len,
1101 SSL *ssl, void *arg))(fp);
1102 return (1);
1103
1104 default:
1105 return (s->method->ssl_callback_ctrl(s, cmd, fp));
1106 }
1107}
1108
1109LHASH_OF(SSL_SESSION) *
1110SSL_CTX_sessions(SSL_CTX *ctx)
1111{
1112 return (ctx->sessions);
1113}
1114
1115long
1116SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1117{
1118 long l;
1119
1120 switch (cmd) {
1121 case SSL_CTRL_GET_READ_AHEAD:
1122 return (ctx->read_ahead);
1123 case SSL_CTRL_SET_READ_AHEAD:
1124 l = ctx->read_ahead;
1125 ctx->read_ahead = larg;
1126 return (l);
1127
1128 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1129 ctx->msg_callback_arg = parg;
1130 return (1);
1131
1132 case SSL_CTRL_GET_MAX_CERT_LIST:
1133 return (ctx->max_cert_list);
1134 case SSL_CTRL_SET_MAX_CERT_LIST:
1135 l = ctx->max_cert_list;
1136 ctx->max_cert_list = larg;
1137 return (l);
1138
1139 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1140 l = ctx->session_cache_size;
1141 ctx->session_cache_size = larg;
1142 return (l);
1143 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1144 return (ctx->session_cache_size);
1145 case SSL_CTRL_SET_SESS_CACHE_MODE:
1146 l = ctx->session_cache_mode;
1147 ctx->session_cache_mode = larg;
1148 return (l);
1149 case SSL_CTRL_GET_SESS_CACHE_MODE:
1150 return (ctx->session_cache_mode);
1151
1152 case SSL_CTRL_SESS_NUMBER:
1153 return (lh_SSL_SESSION_num_items(ctx->sessions));
1154 case SSL_CTRL_SESS_CONNECT:
1155 return (ctx->stats.sess_connect);
1156 case SSL_CTRL_SESS_CONNECT_GOOD:
1157 return (ctx->stats.sess_connect_good);
1158 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1159 return (ctx->stats.sess_connect_renegotiate);
1160 case SSL_CTRL_SESS_ACCEPT:
1161 return (ctx->stats.sess_accept);
1162 case SSL_CTRL_SESS_ACCEPT_GOOD:
1163 return (ctx->stats.sess_accept_good);
1164 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1165 return (ctx->stats.sess_accept_renegotiate);
1166 case SSL_CTRL_SESS_HIT:
1167 return (ctx->stats.sess_hit);
1168 case SSL_CTRL_SESS_CB_HIT:
1169 return (ctx->stats.sess_cb_hit);
1170 case SSL_CTRL_SESS_MISSES:
1171 return (ctx->stats.sess_miss);
1172 case SSL_CTRL_SESS_TIMEOUTS:
1173 return (ctx->stats.sess_timeout);
1174 case SSL_CTRL_SESS_CACHE_FULL:
1175 return (ctx->stats.sess_cache_full);
1176 case SSL_CTRL_OPTIONS:
1177 return (ctx->options|=larg);
1178 case SSL_CTRL_CLEAR_OPTIONS:
1179 return (ctx->options&=~larg);
1180 case SSL_CTRL_MODE:
1181 return (ctx->mode|=larg);
1182 case SSL_CTRL_CLEAR_MODE:
1183 return (ctx->mode&=~larg);
1184 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1185 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1186 return (0);
1187 ctx->max_send_fragment = larg;
1188 return (1);
1189 default:
1190 return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
1191 }
1192}
1193
1194long
1195SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1196{
1197 switch (cmd) {
1198 case SSL_CTRL_SET_MSG_CALLBACK:
1199 ctx->msg_callback = (void (*)(int write_p, int version,
1200 int content_type, const void *buf, size_t len, SSL *ssl,
1201 void *arg))(fp);
1202 return (1);
1203
1204 default:
1205 return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
1206 }
1207}
1208
1209int
1210ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1211{
1212 long l;
1213
1214 l = a->id - b->id;
1215 if (l == 0L)
1216 return (0);
1217 else
1218 return ((l > 0) ? 1:-1);
1219}
1220
1221int
1222ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1223 const SSL_CIPHER * const *bp)
1224{
1225 long l;
1226
1227 l = (*ap)->id - (*bp)->id;
1228 if (l == 0L)
1229 return (0);
1230 else
1231 return ((l > 0) ? 1:-1);
1232}
1233
1234/*
1235 * Return a STACK of the ciphers available for the SSL and in order of
1236 * preference.
1237 */
1238STACK_OF(SSL_CIPHER) *
1239SSL_get_ciphers(const SSL *s)
1240{
1241 if (s != NULL) {
1242 if (s->cipher_list != NULL) {
1243 return (s->cipher_list);
1244 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1245 return (s->ctx->cipher_list);
1246 }
1247 }
1248 return (NULL);
1249}
1250
1251/*
1252 * Return a STACK of the ciphers available for the SSL and in order of
1253 * algorithm id.
1254 */
1255STACK_OF(SSL_CIPHER) *
1256ssl_get_ciphers_by_id(SSL *s)
1257{
1258 if (s != NULL) {
1259 if (s->cipher_list_by_id != NULL) {
1260 return (s->cipher_list_by_id);
1261 } else if ((s->ctx != NULL) &&
1262 (s->ctx->cipher_list_by_id != NULL)) {
1263 return (s->ctx->cipher_list_by_id);
1264 }
1265 }
1266 return (NULL);
1267}
1268
1269/* The old interface to get the same thing as SSL_get_ciphers(). */
1270const char *
1271SSL_get_cipher_list(const SSL *s, int n)
1272{
1273 SSL_CIPHER *c;
1274 STACK_OF(SSL_CIPHER) *sk;
1275
1276 if (s == NULL)
1277 return (NULL);
1278 sk = SSL_get_ciphers(s);
1279 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1280 return (NULL);
1281 c = sk_SSL_CIPHER_value(sk, n);
1282 if (c == NULL)
1283 return (NULL);
1284 return (c->name);
1285}
1286
1287/* Specify the ciphers to be used by default by the SSL_CTX. */
1288int
1289SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1290{
1291 STACK_OF(SSL_CIPHER) *sk;
1292
1293 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1294 &ctx->cipher_list_by_id, str);
1295 /*
1296 * ssl_create_cipher_list may return an empty stack if it
1297 * was unable to find a cipher matching the given rule string
1298 * (for example if the rule string specifies a cipher which
1299 * has been disabled). This is not an error as far as
1300 * ssl_create_cipher_list is concerned, and hence
1301 * ctx->cipher_list and ctx->cipher_list_by_id has been
1302 * updated.
1303 */
1304 if (sk == NULL)
1305 return (0);
1306 else if (sk_SSL_CIPHER_num(sk) == 0) {
1307 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1308 return (0);
1309 }
1310 return (1);
1311}
1312
1313/* Specify the ciphers to be used by the SSL. */
1314int
1315SSL_set_cipher_list(SSL *s, const char *str)
1316{
1317 STACK_OF(SSL_CIPHER) *sk;
1318
1319 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1320 &s->cipher_list_by_id, str);
1321 /* see comment in SSL_CTX_set_cipher_list */
1322 if (sk == NULL)
1323 return (0);
1324 else if (sk_SSL_CIPHER_num(sk) == 0) {
1325 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1326 return (0);
1327 }
1328 return (1);
1329}
1330
1331/* works well for SSLv2, not so good for SSLv3 */
1332char *
1333SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1334{
1335 char *end;
1336 STACK_OF(SSL_CIPHER) *sk;
1337 SSL_CIPHER *c;
1338 size_t curlen = 0;
1339 int i;
1340
1341 if (s->session == NULL || s->session->ciphers == NULL || len < 2)
1342 return (NULL);
1343
1344 sk = s->session->ciphers;
1345 if (sk_SSL_CIPHER_num(sk) == 0)
1346 return (NULL);
1347
1348 buf[0] = '\0';
1349 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1350 c = sk_SSL_CIPHER_value(sk, i);
1351 end = buf + curlen;
1352 if (strlcat(buf, c->name, len) >= len ||
1353 (curlen = strlcat(buf, ":", len)) >= len) {
1354 /* remove truncated cipher from list */
1355 *end = '\0';
1356 break;
1357 }
1358 }
1359 /* remove trailing colon */
1360 if ((end = strrchr(buf, ':')) != NULL)
1361 *end = '\0';
1362 return (buf);
1363}
1364
1365int
1366ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
1367{
1368 int i;
1369 SSL_CIPHER *c;
1370 unsigned char *q;
1371
1372 if (sk == NULL)
1373 return (0);
1374 q = p;
1375
1376 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1377 c = sk_SSL_CIPHER_value(sk, i);
1378
1379 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1380 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1381 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1382 continue;
1383
1384 s2n(ssl3_cipher_get_value(c), p);
1385 }
1386
1387 /*
1388 * If p == q, no ciphers and caller indicates an error. Otherwise
1389 * add SCSV if not renegotiating.
1390 */
1391 if (p != q && !s->renegotiate)
1392 s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p);
1393
1394 return (p - q);
1395}
1396
1397STACK_OF(SSL_CIPHER) *
1398ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1399{
1400 CBS cbs;
1401 const SSL_CIPHER *c;
1402 STACK_OF(SSL_CIPHER) *sk = NULL;
1403 unsigned long cipher_id;
1404 uint16_t cipher_value, max_version;
1405
1406 if (s->s3)
1407 s->s3->send_connection_binding = 0;
1408
1409 /*
1410 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
1411 */
1412 if (num < 2 || num > 0x10000 - 2) {
1413 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1414 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1415 return (NULL);
1416 }
1417
1418 if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
1419 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1420 goto err;
1421 }
1422
1423 CBS_init(&cbs, p, num);
1424 while (CBS_len(&cbs) > 0) {
1425 if (!CBS_get_u16(&cbs, &cipher_value)) {
1426 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1427 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1428 goto err;
1429 }
1430
1431 cipher_id = SSL3_CK_ID | cipher_value;
1432
1433 if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
1434 /*
1435 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
1436 * renegotiating.
1437 */
1438 if (s->renegotiate) {
1439 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1440 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1441 ssl3_send_alert(s, SSL3_AL_FATAL,
1442 SSL_AD_HANDSHAKE_FAILURE);
1443
1444 goto err;
1445 }
1446 s->s3->send_connection_binding = 1;
1447 continue;
1448 }
1449
1450 if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
1451 /*
1452 * TLS_FALLBACK_SCSV indicates that the client
1453 * previously tried a higher protocol version.
1454 * Fail if the current version is an unexpected
1455 * downgrade.
1456 */
1457 max_version = ssl_max_server_version(s);
1458 if (max_version == 0 || s->version < max_version) {
1459 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1460 SSL_R_INAPPROPRIATE_FALLBACK);
1461 if (s->s3 != NULL)
1462 ssl3_send_alert(s, SSL3_AL_FATAL,
1463 SSL_AD_INAPPROPRIATE_FALLBACK);
1464 goto err;
1465 }
1466 continue;
1467 }
1468
1469 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
1470 if (!sk_SSL_CIPHER_push(sk, c)) {
1471 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1472 ERR_R_MALLOC_FAILURE);
1473 goto err;
1474 }
1475 }
1476 }
1477
1478 return (sk);
1479
1480err:
1481 sk_SSL_CIPHER_free(sk);
1482
1483 return (NULL);
1484}
1485
1486
1487/*
1488 * Return a servername extension value if provided in Client Hello, or NULL.
1489 * So far, only host_name types are defined (RFC 3546).
1490 */
1491const char *
1492SSL_get_servername(const SSL *s, const int type)
1493{
1494 if (type != TLSEXT_NAMETYPE_host_name)
1495 return (NULL);
1496
1497 return (s->session && !s->tlsext_hostname ?
1498 s->session->tlsext_hostname :
1499 s->tlsext_hostname);
1500}
1501
1502int
1503SSL_get_servername_type(const SSL *s)
1504{
1505 if (s->session &&
1506 (!s->tlsext_hostname ?
1507 s->session->tlsext_hostname : s->tlsext_hostname))
1508 return (TLSEXT_NAMETYPE_host_name);
1509 return (-1);
1510}
1511
1512/*
1513 * SSL_select_next_proto implements the standard protocol selection. It is
1514 * expected that this function is called from the callback set by
1515 * SSL_CTX_set_next_proto_select_cb.
1516 *
1517 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1518 * strings. The length byte itself is not included in the length. A byte
1519 * string of length 0 is invalid. No byte string may be truncated.
1520 *
1521 * The current, but experimental algorithm for selecting the protocol is:
1522 *
1523 * 1) If the server doesn't support NPN then this is indicated to the
1524 * callback. In this case, the client application has to abort the connection
1525 * or have a default application level protocol.
1526 *
1527 * 2) If the server supports NPN, but advertises an empty list then the
1528 * client selects the first protcol in its list, but indicates via the
1529 * API that this fallback case was enacted.
1530 *
1531 * 3) Otherwise, the client finds the first protocol in the server's list
1532 * that it supports and selects this protocol. This is because it's
1533 * assumed that the server has better information about which protocol
1534 * a client should use.
1535 *
1536 * 4) If the client doesn't support any of the server's advertised
1537 * protocols, then this is treated the same as case 2.
1538 *
1539 * It returns either
1540 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1541 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1542 */
1543int
1544SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1545 const unsigned char *server, unsigned int server_len,
1546 const unsigned char *client, unsigned int client_len)
1547{
1548 unsigned int i, j;
1549 const unsigned char *result;
1550 int status = OPENSSL_NPN_UNSUPPORTED;
1551
1552 /*
1553 * For each protocol in server preference order,
1554 * see if we support it.
1555 */
1556 for (i = 0; i < server_len; ) {
1557 for (j = 0; j < client_len; ) {
1558 if (server[i] == client[j] &&
1559 memcmp(&server[i + 1],
1560 &client[j + 1], server[i]) == 0) {
1561 /* We found a match */
1562 result = &server[i];
1563 status = OPENSSL_NPN_NEGOTIATED;
1564 goto found;
1565 }
1566 j += client[j];
1567 j++;
1568 }
1569 i += server[i];
1570 i++;
1571 }
1572
1573 /* There's no overlap between our protocols and the server's list. */
1574 result = client;
1575 status = OPENSSL_NPN_NO_OVERLAP;
1576
1577found:
1578 *out = (unsigned char *) result + 1;
1579 *outlen = result[0];
1580 return (status);
1581}
1582
1583/*
1584 * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1585 * requested protocol for this connection and returns 0. If the client didn't
1586 * request any protocol, then *data is set to NULL.
1587 *
1588 * Note that the client can request any protocol it chooses. The value returned
1589 * from this function need not be a member of the list of supported protocols
1590 * provided by the callback.
1591 */
1592void
1593SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1594 unsigned *len)
1595{
1596 *data = s->next_proto_negotiated;
1597 if (!*data) {
1598 *len = 0;
1599 } else {
1600 *len = s->next_proto_negotiated_len;
1601 }
1602}
1603
1604/*
1605 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1606 * TLS server needs a list of supported protocols for Next Protocol
1607 * Negotiation. The returned list must be in wire format. The list is returned
1608 * by setting |out| to point to it and |outlen| to its length. This memory will
1609 * not be modified, but one should assume that the SSL* keeps a reference to
1610 * it.
1611 *
1612 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
1613 * Otherwise, no such extension will be included in the ServerHello.
1614 */
1615void
1616SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1617 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1618{
1619 ctx->next_protos_advertised_cb = cb;
1620 ctx->next_protos_advertised_cb_arg = arg;
1621}
1622
1623/*
1624 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1625 * client needs to select a protocol from the server's provided list. |out|
1626 * must be set to point to the selected protocol (which may be within |in|).
1627 * The length of the protocol name must be written into |outlen|. The server's
1628 * advertised protocols are provided in |in| and |inlen|. The callback can
1629 * assume that |in| is syntactically valid.
1630 *
1631 * The client must select a protocol. It is fatal to the connection if this
1632 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1633 */
1634void
1635SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1636 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1637 unsigned int inlen, void *arg), void *arg)
1638{
1639 ctx->next_proto_select_cb = cb;
1640 ctx->next_proto_select_cb_arg = arg;
1641}
1642
1643/*
1644 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1645 * protocols, which must be in wire-format (i.e. a series of non-empty,
1646 * 8-bit length-prefixed strings). Returns 0 on success.
1647 */
1648int
1649SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1650 unsigned int protos_len)
1651{
1652 free(ctx->alpn_client_proto_list);
1653 if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
1654 return (1);
1655 memcpy(ctx->alpn_client_proto_list, protos, protos_len);
1656 ctx->alpn_client_proto_list_len = protos_len;
1657
1658 return (0);
1659}
1660
1661/*
1662 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1663 * protocols, which must be in wire-format (i.e. a series of non-empty,
1664 * 8-bit length-prefixed strings). Returns 0 on success.
1665 */
1666int
1667SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
1668 unsigned int protos_len)
1669{
1670 free(ssl->alpn_client_proto_list);
1671 if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
1672 return (1);
1673 memcpy(ssl->alpn_client_proto_list, protos, protos_len);
1674 ssl->alpn_client_proto_list_len = protos_len;
1675
1676 return (0);
1677}
1678
1679/*
1680 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1681 * ClientHello processing in order to select an ALPN protocol from the
1682 * client's list of offered protocols.
1683 */
1684void
1685SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1686 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1687 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1688{
1689 ctx->alpn_select_cb = cb;
1690 ctx->alpn_select_cb_arg = arg;
1691}
1692
1693/*
1694 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1695 * it sets data to point to len bytes of protocol name (not including the
1696 * leading length-prefix byte). If the server didn't respond with* a negotiated
1697 * protocol then len will be zero.
1698 */
1699void
1700SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1701 unsigned *len)
1702{
1703 *data = NULL;
1704 *len = 0;
1705
1706 if (ssl->s3 != NULL) {
1707 *data = ssl->s3->alpn_selected;
1708 *len = ssl->s3->alpn_selected_len;
1709 }
1710}
1711
1712int
1713SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1714 const char *label, size_t llen, const unsigned char *p, size_t plen,
1715 int use_context)
1716{
1717 return (s->method->ssl3_enc->export_keying_material(s, out, olen,
1718 label, llen, p, plen, use_context));
1719}
1720
1721static unsigned long
1722ssl_session_hash(const SSL_SESSION *a)
1723{
1724 unsigned long l;
1725
1726 l = (unsigned long)
1727 ((unsigned int) a->session_id[0] )|
1728 ((unsigned int) a->session_id[1]<< 8L)|
1729 ((unsigned long)a->session_id[2]<<16L)|
1730 ((unsigned long)a->session_id[3]<<24L);
1731 return (l);
1732}
1733
1734/*
1735 * NB: If this function (or indeed the hash function which uses a sort of
1736 * coarser function than this one) is changed, ensure
1737 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1738 * able to construct an SSL_SESSION that will collide with any existing session
1739 * with a matching session ID.
1740 */
1741static int
1742ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1743{
1744 if (a->ssl_version != b->ssl_version)
1745 return (1);
1746 if (a->session_id_length != b->session_id_length)
1747 return (1);
1748 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
1749 return (1);
1750 return (0);
1751}
1752
1753/*
1754 * These wrapper functions should remain rather than redeclaring
1755 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1756 * variable. The reason is that the functions aren't static, they're exposed via
1757 * ssl.h.
1758 */
1759static
1760IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1761static
1762IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1763
1764SSL_CTX *
1765SSL_CTX_new(const SSL_METHOD *meth)
1766{
1767 SSL_CTX *ret = NULL;
1768
1769 if (meth == NULL) {
1770 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
1771 return (NULL);
1772 }
1773
1774 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1775 SSLerr(SSL_F_SSL_CTX_NEW,
1776 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1777 goto err;
1778 }
1779 ret = calloc(1, sizeof(SSL_CTX));
1780 if (ret == NULL)
1781 goto err;
1782
1783 ret->method = meth;
1784
1785 ret->cert_store = NULL;
1786 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1787 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1788 ret->session_cache_head = NULL;
1789 ret->session_cache_tail = NULL;
1790
1791 /* We take the system default */
1792 ret->session_timeout = meth->get_timeout();
1793
1794 ret->new_session_cb = 0;
1795 ret->remove_session_cb = 0;
1796 ret->get_session_cb = 0;
1797 ret->generate_session_id = 0;
1798
1799 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1800
1801 ret->references = 1;
1802 ret->quiet_shutdown = 0;
1803
1804 ret->info_callback = NULL;
1805
1806 ret->app_verify_callback = 0;
1807 ret->app_verify_arg = NULL;
1808
1809 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1810 ret->read_ahead = 0;
1811 ret->msg_callback = 0;
1812 ret->msg_callback_arg = NULL;
1813 ret->verify_mode = SSL_VERIFY_NONE;
1814 ret->sid_ctx_length = 0;
1815 ret->default_verify_callback = NULL;
1816 if ((ret->cert = ssl_cert_new()) == NULL)
1817 goto err;
1818
1819 ret->default_passwd_callback = 0;
1820 ret->default_passwd_callback_userdata = NULL;
1821 ret->client_cert_cb = 0;
1822 ret->app_gen_cookie_cb = 0;
1823 ret->app_verify_cookie_cb = 0;
1824
1825 ret->sessions = lh_SSL_SESSION_new();
1826 if (ret->sessions == NULL)
1827 goto err;
1828 ret->cert_store = X509_STORE_new();
1829 if (ret->cert_store == NULL)
1830 goto err;
1831
1832 ssl_create_cipher_list(ret->method, &ret->cipher_list,
1833 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1834 if (ret->cipher_list == NULL ||
1835 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1836 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
1837 goto err2;
1838 }
1839
1840 ret->param = X509_VERIFY_PARAM_new();
1841 if (!ret->param)
1842 goto err;
1843
1844 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1845 SSLerr(SSL_F_SSL_CTX_NEW,
1846 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1847 goto err2;
1848 }
1849 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1850 SSLerr(SSL_F_SSL_CTX_NEW,
1851 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1852 goto err2;
1853 }
1854
1855 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
1856 goto err;
1857
1858 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1859
1860 ret->extra_certs = NULL;
1861
1862 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1863
1864 ret->tlsext_servername_callback = 0;
1865 ret->tlsext_servername_arg = NULL;
1866
1867 /* Setup RFC4507 ticket keys */
1868 arc4random_buf(ret->tlsext_tick_key_name, 16);
1869 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
1870 arc4random_buf(ret->tlsext_tick_aes_key, 16);
1871
1872 ret->tlsext_status_cb = 0;
1873 ret->tlsext_status_arg = NULL;
1874
1875 ret->next_protos_advertised_cb = 0;
1876 ret->next_proto_select_cb = 0;
1877#ifndef OPENSSL_NO_ENGINE
1878 ret->client_cert_engine = NULL;
1879#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1880#define eng_strx(x) #x
1881#define eng_str(x) eng_strx(x)
1882 /* Use specific client engine automatically... ignore errors */
1883 {
1884 ENGINE *eng;
1885 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1886 if (!eng) {
1887 ERR_clear_error();
1888 ENGINE_load_builtin_engines();
1889 eng = ENGINE_by_id(eng_str(
1890 OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1891 }
1892 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1893 ERR_clear_error();
1894 }
1895#endif
1896#endif
1897 /*
1898 * Default is to connect to non-RI servers. When RI is more widely
1899 * deployed might change this.
1900 */
1901 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1902
1903 return (ret);
1904err:
1905 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
1906err2:
1907 SSL_CTX_free(ret);
1908 return (NULL);
1909}
1910
1911void
1912SSL_CTX_free(SSL_CTX *a)
1913{
1914 int i;
1915
1916 if (a == NULL)
1917 return;
1918
1919 i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
1920 if (i > 0)
1921 return;
1922
1923 if (a->param)
1924 X509_VERIFY_PARAM_free(a->param);
1925
1926 /*
1927 * Free internal session cache. However: the remove_cb() may reference
1928 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1929 * after the sessions were flushed.
1930 * As the ex_data handling routines might also touch the session cache,
1931 * the most secure solution seems to be: empty (flush) the cache, then
1932 * free ex_data, then finally free the cache.
1933 * (See ticket [openssl.org #212].)
1934 */
1935 if (a->sessions != NULL)
1936 SSL_CTX_flush_sessions(a, 0);
1937
1938 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1939
1940 if (a->sessions != NULL)
1941 lh_SSL_SESSION_free(a->sessions);
1942
1943 if (a->cert_store != NULL)
1944 X509_STORE_free(a->cert_store);
1945 if (a->cipher_list != NULL)
1946 sk_SSL_CIPHER_free(a->cipher_list);
1947 if (a->cipher_list_by_id != NULL)
1948 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1949 if (a->cert != NULL)
1950 ssl_cert_free(a->cert);
1951 if (a->client_CA != NULL)
1952 sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
1953 if (a->extra_certs != NULL)
1954 sk_X509_pop_free(a->extra_certs, X509_free);
1955
1956#ifndef OPENSSL_NO_SRTP
1957 if (a->srtp_profiles)
1958 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1959#endif
1960
1961#ifndef OPENSSL_NO_ENGINE
1962 if (a->client_cert_engine)
1963 ENGINE_finish(a->client_cert_engine);
1964#endif
1965
1966 free(a->alpn_client_proto_list);
1967
1968 free(a);
1969}
1970
1971void
1972SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1973{
1974 ctx->default_passwd_callback = cb;
1975}
1976
1977void
1978SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
1979{
1980 ctx->default_passwd_callback_userdata = u;
1981}
1982
1983void
1984SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
1985 void *), void *arg)
1986{
1987 ctx->app_verify_callback = cb;
1988 ctx->app_verify_arg = arg;
1989}
1990
1991void
1992SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
1993{
1994 ctx->verify_mode = mode;
1995 ctx->default_verify_callback = cb;
1996}
1997
1998void
1999SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2000{
2001 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2002}
2003
2004void
2005ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2006{
2007 CERT_PKEY *cpk;
2008 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
2009 unsigned long mask_k, mask_a;
2010 int have_ecc_cert, ecdh_ok, ecdsa_ok;
2011 int have_ecdh_tmp;
2012 X509 *x = NULL;
2013 EVP_PKEY *ecc_pkey = NULL;
2014 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2015
2016 if (c == NULL)
2017 return;
2018
2019 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
2020 c->dh_tmp_auto != 0);
2021
2022 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
2023 c->ecdh_tmp_auto != 0);
2024 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2025 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2026 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2027 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2028 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2029 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2030/* FIX THIS EAY EAY EAY */
2031 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2032 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
2033 mask_k = 0;
2034 mask_a = 0;
2035
2036 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2037 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2038 mask_k |= SSL_kGOST;
2039 mask_a |= SSL_aGOST01;
2040 }
2041
2042 if (rsa_enc)
2043 mask_k|=SSL_kRSA;
2044
2045 if (dh_tmp)
2046 mask_k|=SSL_kDHE;
2047
2048 if (rsa_enc || rsa_sign)
2049 mask_a|=SSL_aRSA;
2050
2051 if (dsa_sign)
2052 mask_a|=SSL_aDSS;
2053
2054 mask_a|=SSL_aNULL;
2055
2056 /*
2057 * An ECC certificate may be usable for ECDH and/or
2058 * ECDSA cipher suites depending on the key usage extension.
2059 */
2060 if (have_ecc_cert) {
2061 /* This call populates extension flags (ex_flags) */
2062 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2063 X509_check_purpose(x, -1, 0);
2064 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2065 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2066 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2067 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2068 ecc_pkey = X509_get_pubkey(x);
2069 EVP_PKEY_free(ecc_pkey);
2070 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2071 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2072 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2073 }
2074 if (ecdh_ok) {
2075 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2076 mask_k|=SSL_kECDHr;
2077 mask_a|=SSL_aECDH;
2078 }
2079 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2080 mask_k|=SSL_kECDHe;
2081 mask_a|=SSL_aECDH;
2082 }
2083 }
2084 if (ecdsa_ok)
2085 mask_a|=SSL_aECDSA;
2086 }
2087
2088 if (have_ecdh_tmp) {
2089 mask_k|=SSL_kECDHE;
2090 }
2091
2092
2093 c->mask_k = mask_k;
2094 c->mask_a = mask_a;
2095 c->valid = 1;
2096}
2097
2098/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2099#define ku_reject(x, usage) \
2100 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2101
2102
2103int
2104ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2105{
2106 unsigned long alg_k, alg_a;
2107 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2108 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2109
2110 alg_k = cs->algorithm_mkey;
2111 alg_a = cs->algorithm_auth;
2112
2113 /* This call populates the ex_flags field correctly */
2114 X509_check_purpose(x, -1, 0);
2115 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2116 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2117 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2118 }
2119 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2120 /* key usage, if present, must allow key agreement */
2121 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2122 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2123 SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2124 return (0);
2125 }
2126 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
2127 TLS1_2_VERSION) {
2128 /* signature alg must be ECDSA */
2129 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2130 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2131 SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2132 return (0);
2133 }
2134 }
2135 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
2136 TLS1_2_VERSION) {
2137 /* signature alg must be RSA */
2138 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2139 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2140 SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2141 return (0);
2142 }
2143 }
2144 }
2145 if (alg_a & SSL_aECDSA) {
2146 /* key usage, if present, must allow signing */
2147 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2148 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2149 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2150 return (0);
2151 }
2152 }
2153
2154 return (1);
2155 /* all checks are ok */
2156}
2157
2158
2159/* THIS NEEDS CLEANING UP */
2160CERT_PKEY *
2161ssl_get_server_send_pkey(const SSL *s)
2162{
2163 unsigned long alg_k, alg_a;
2164 CERT *c;
2165 int i;
2166
2167 c = s->cert;
2168 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2169
2170 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2171 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2172
2173 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2174 /*
2175 * We don't need to look at SSL_kECDHE
2176 * since no certificate is needed for
2177 * anon ECDH and for authenticated
2178 * ECDHE, the check for the auth
2179 * algorithm will set i correctly
2180 * NOTE: For ECDH-RSA, we need an ECC
2181 * not an RSA cert but for EECDH-RSA
2182 * we need an RSA cert. Placing the
2183 * checks for SSL_kECDH before RSA
2184 * checks ensures the correct cert is chosen.
2185 */
2186 i = SSL_PKEY_ECC;
2187 } else if (alg_a & SSL_aECDSA) {
2188 i = SSL_PKEY_ECC;
2189 } else if (alg_a & SSL_aDSS) {
2190 i = SSL_PKEY_DSA_SIGN;
2191 } else if (alg_a & SSL_aRSA) {
2192 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2193 i = SSL_PKEY_RSA_SIGN;
2194 else
2195 i = SSL_PKEY_RSA_ENC;
2196 } else if (alg_a & SSL_aGOST01) {
2197 i = SSL_PKEY_GOST01;
2198 } else { /* if (alg_a & SSL_aNULL) */
2199 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
2200 return (NULL);
2201 }
2202
2203 return (c->pkeys + i);
2204}
2205
2206X509 *
2207ssl_get_server_send_cert(const SSL *s)
2208{
2209 CERT_PKEY *cpk;
2210
2211 cpk = ssl_get_server_send_pkey(s);
2212 if (!cpk)
2213 return (NULL);
2214 return (cpk->x509);
2215}
2216
2217EVP_PKEY *
2218ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2219{
2220 unsigned long alg_a;
2221 CERT *c;
2222 int idx = -1;
2223
2224 alg_a = cipher->algorithm_auth;
2225 c = s->cert;
2226
2227 if ((alg_a & SSL_aDSS) &&
2228 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2229 idx = SSL_PKEY_DSA_SIGN;
2230 else if (alg_a & SSL_aRSA) {
2231 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2232 idx = SSL_PKEY_RSA_SIGN;
2233 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2234 idx = SSL_PKEY_RSA_ENC;
2235 } else if ((alg_a & SSL_aECDSA) &&
2236 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2237 idx = SSL_PKEY_ECC;
2238 if (idx == -1) {
2239 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
2240 return (NULL);
2241 }
2242 if (pmd)
2243 *pmd = c->pkeys[idx].digest;
2244 return (c->pkeys[idx].privatekey);
2245}
2246
2247DH *
2248ssl_get_auto_dh(SSL *s)
2249{
2250 CERT_PKEY *cpk;
2251 int keylen;
2252 DH *dhp;
2253
2254 if (s->cert->dh_tmp_auto == 2) {
2255 keylen = 1024;
2256 } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
2257 keylen = 1024;
2258 if (s->s3->tmp.new_cipher->strength_bits == 256)
2259 keylen = 3072;
2260 } else {
2261 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2262 return (NULL);
2263 if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
2264 return (NULL);
2265 keylen = EVP_PKEY_bits(cpk->privatekey);
2266 }
2267
2268 if ((dhp = DH_new()) == NULL)
2269 return (NULL);
2270
2271 dhp->g = BN_new();
2272 if (dhp->g != NULL)
2273 BN_set_word(dhp->g, 2);
2274
2275 if (keylen >= 8192)
2276 dhp->p = get_rfc3526_prime_8192(NULL);
2277 else if (keylen >= 4096)
2278 dhp->p = get_rfc3526_prime_4096(NULL);
2279 else if (keylen >= 3072)
2280 dhp->p = get_rfc3526_prime_3072(NULL);
2281 else if (keylen >= 2048)
2282 dhp->p = get_rfc3526_prime_2048(NULL);
2283 else if (keylen >= 1536)
2284 dhp->p = get_rfc3526_prime_1536(NULL);
2285 else
2286 dhp->p = get_rfc2409_prime_1024(NULL);
2287
2288 if (dhp->p == NULL || dhp->g == NULL) {
2289 DH_free(dhp);
2290 return (NULL);
2291 }
2292 return (dhp);
2293}
2294
2295void
2296ssl_update_cache(SSL *s, int mode)
2297{
2298 int i;
2299
2300 /*
2301 * If the session_id_length is 0, we are not supposed to cache it,
2302 * and it would be rather hard to do anyway :-)
2303 */
2304 if (s->session->session_id_length == 0)
2305 return;
2306
2307 i = s->session_ctx->session_cache_mode;
2308 if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2309 || SSL_CTX_add_session(s->session_ctx, s->session))
2310 && (s->session_ctx->new_session_cb != NULL)) {
2311 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2312 if (!s->session_ctx->new_session_cb(s, s->session))
2313 SSL_SESSION_free(s->session);
2314 }
2315
2316 /* auto flush every 255 connections */
2317 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2318 ((i & mode) == mode)) {
2319 if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2320 s->session_ctx->stats.sess_connect_good :
2321 s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2322 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2323 }
2324 }
2325}
2326
2327const SSL_METHOD *
2328SSL_get_ssl_method(SSL *s)
2329{
2330 return (s->method);
2331}
2332
2333int
2334SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2335{
2336 int conn = -1;
2337 int ret = 1;
2338
2339 if (s->method != meth) {
2340 if (s->handshake_func != NULL)
2341 conn = (s->handshake_func == s->method->ssl_connect);
2342
2343 if (s->method->version == meth->version)
2344 s->method = meth;
2345 else {
2346 s->method->ssl_free(s);
2347 s->method = meth;
2348 ret = s->method->ssl_new(s);
2349 }
2350
2351 if (conn == 1)
2352 s->handshake_func = meth->ssl_connect;
2353 else if (conn == 0)
2354 s->handshake_func = meth->ssl_accept;
2355 }
2356 return (ret);
2357}
2358
2359int
2360SSL_get_error(const SSL *s, int i)
2361{
2362 int reason;
2363 unsigned long l;
2364 BIO *bio;
2365
2366 if (i > 0)
2367 return (SSL_ERROR_NONE);
2368
2369 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2370 * etc, where we do encode the error */
2371 if ((l = ERR_peek_error()) != 0) {
2372 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2373 return (SSL_ERROR_SYSCALL);
2374 else
2375 return (SSL_ERROR_SSL);
2376 }
2377
2378 if ((i < 0) && SSL_want_read(s)) {
2379 bio = SSL_get_rbio(s);
2380 if (BIO_should_read(bio)) {
2381 return (SSL_ERROR_WANT_READ);
2382 } else if (BIO_should_write(bio)) {
2383 /*
2384 * This one doesn't make too much sense... We never
2385 * try to write to the rbio, and an application
2386 * program where rbio and wbio are separate couldn't
2387 * even know what it should wait for. However if we
2388 * ever set s->rwstate incorrectly (so that we have
2389 * SSL_want_read(s) instead of SSL_want_write(s))
2390 * and rbio and wbio *are* the same, this test works
2391 * around that bug; so it might be safer to keep it.
2392 */
2393 return (SSL_ERROR_WANT_WRITE);
2394 } else if (BIO_should_io_special(bio)) {
2395 reason = BIO_get_retry_reason(bio);
2396 if (reason == BIO_RR_CONNECT)
2397 return (SSL_ERROR_WANT_CONNECT);
2398 else if (reason == BIO_RR_ACCEPT)
2399 return (SSL_ERROR_WANT_ACCEPT);
2400 else
2401 return (SSL_ERROR_SYSCALL); /* unknown */
2402 }
2403 }
2404
2405 if ((i < 0) && SSL_want_write(s)) {
2406 bio = SSL_get_wbio(s);
2407 if (BIO_should_write(bio)) {
2408 return (SSL_ERROR_WANT_WRITE);
2409 } else if (BIO_should_read(bio)) {
2410 /*
2411 * See above (SSL_want_read(s) with
2412 * BIO_should_write(bio))
2413 */
2414 return (SSL_ERROR_WANT_READ);
2415 } else if (BIO_should_io_special(bio)) {
2416 reason = BIO_get_retry_reason(bio);
2417 if (reason == BIO_RR_CONNECT)
2418 return (SSL_ERROR_WANT_CONNECT);
2419 else if (reason == BIO_RR_ACCEPT)
2420 return (SSL_ERROR_WANT_ACCEPT);
2421 else
2422 return (SSL_ERROR_SYSCALL);
2423 }
2424 }
2425 if ((i < 0) && SSL_want_x509_lookup(s)) {
2426 return (SSL_ERROR_WANT_X509_LOOKUP);
2427 }
2428
2429 if (i == 0) {
2430 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2431 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2432 return (SSL_ERROR_ZERO_RETURN);
2433 }
2434 return (SSL_ERROR_SYSCALL);
2435}
2436
2437int
2438SSL_do_handshake(SSL *s)
2439{
2440 int ret = 1;
2441
2442 if (s->handshake_func == NULL) {
2443 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
2444 return (-1);
2445 }
2446
2447 s->method->ssl_renegotiate_check(s);
2448
2449 if (SSL_in_init(s) || SSL_in_before(s)) {
2450 ret = s->handshake_func(s);
2451 }
2452 return (ret);
2453}
2454
2455/*
2456 * For the next 2 functions, SSL_clear() sets shutdown and so
2457 * one of these calls will reset it
2458 */
2459void
2460SSL_set_accept_state(SSL *s)
2461{
2462 s->server = 1;
2463 s->shutdown = 0;
2464 s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2465 s->handshake_func = s->method->ssl_accept;
2466 /* clear the current cipher */
2467 ssl_clear_cipher_ctx(s);
2468 ssl_clear_hash_ctx(&s->read_hash);
2469 ssl_clear_hash_ctx(&s->write_hash);
2470}
2471
2472void
2473SSL_set_connect_state(SSL *s)
2474{
2475 s->server = 0;
2476 s->shutdown = 0;
2477 s->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2478 s->handshake_func = s->method->ssl_connect;
2479 /* clear the current cipher */
2480 ssl_clear_cipher_ctx(s);
2481 ssl_clear_hash_ctx(&s->read_hash);
2482 ssl_clear_hash_ctx(&s->write_hash);
2483}
2484
2485int
2486ssl_undefined_function(SSL *s)
2487{
2488 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
2489 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2490 return (0);
2491}
2492
2493int
2494ssl_undefined_void_function(void)
2495{
2496 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
2497 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2498 return (0);
2499}
2500
2501int
2502ssl_undefined_const_function(const SSL *s)
2503{
2504 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
2505 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2506 return (0);
2507}
2508
2509const char *
2510ssl_version_string(int ver)
2511{
2512 switch (ver) {
2513 case DTLS1_VERSION:
2514 return (SSL_TXT_DTLS1);
2515 case TLS1_VERSION:
2516 return (SSL_TXT_TLSV1);
2517 case TLS1_1_VERSION:
2518 return (SSL_TXT_TLSV1_1);
2519 case TLS1_2_VERSION:
2520 return (SSL_TXT_TLSV1_2);
2521 default:
2522 return ("unknown");
2523 }
2524}
2525
2526const char *
2527SSL_get_version(const SSL *s)
2528{
2529 return ssl_version_string(s->version);
2530}
2531
2532uint16_t
2533ssl_max_server_version(SSL *s)
2534{
2535 uint16_t max_version;
2536
2537 /*
2538 * The SSL method will be changed during version negotiation, as such
2539 * we want to use the SSL method from the context.
2540 */
2541 max_version = s->ctx->method->version;
2542
2543 if (SSL_IS_DTLS(s))
2544 return (DTLS1_VERSION);
2545
2546 if ((s->options & SSL_OP_NO_TLSv1_2) == 0 &&
2547 max_version >= TLS1_2_VERSION)
2548 return (TLS1_2_VERSION);
2549 if ((s->options & SSL_OP_NO_TLSv1_1) == 0 &&
2550 max_version >= TLS1_1_VERSION)
2551 return (TLS1_1_VERSION);
2552 if ((s->options & SSL_OP_NO_TLSv1) == 0 &&
2553 max_version >= TLS1_VERSION)
2554 return (TLS1_VERSION);
2555
2556 return (0);
2557}
2558
2559SSL *
2560SSL_dup(SSL *s)
2561{
2562 STACK_OF(X509_NAME) *sk;
2563 X509_NAME *xn;
2564 SSL *ret;
2565 int i;
2566
2567 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2568 return (NULL);
2569
2570 ret->version = s->version;
2571 ret->type = s->type;
2572 ret->method = s->method;
2573
2574 if (s->session != NULL) {
2575 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2576 SSL_copy_session_id(ret, s);
2577 } else {
2578 /*
2579 * No session has been established yet, so we have to expect
2580 * that s->cert or ret->cert will be changed later --
2581 * they should not both point to the same object,
2582 * and thus we can't use SSL_copy_session_id.
2583 */
2584
2585 ret->method->ssl_free(ret);
2586 ret->method = s->method;
2587 ret->method->ssl_new(ret);
2588
2589 if (s->cert != NULL) {
2590 if (ret->cert != NULL) {
2591 ssl_cert_free(ret->cert);
2592 }
2593 ret->cert = ssl_cert_dup(s->cert);
2594 if (ret->cert == NULL)
2595 goto err;
2596 }
2597
2598 SSL_set_session_id_context(ret,
2599 s->sid_ctx, s->sid_ctx_length);
2600 }
2601
2602 ret->options = s->options;
2603 ret->mode = s->mode;
2604 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2605 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2606 ret->msg_callback = s->msg_callback;
2607 ret->msg_callback_arg = s->msg_callback_arg;
2608 SSL_set_verify(ret, SSL_get_verify_mode(s),
2609 SSL_get_verify_callback(s));
2610 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2611 ret->generate_session_id = s->generate_session_id;
2612
2613 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2614
2615 ret->debug = s->debug;
2616
2617 /* copy app data, a little dangerous perhaps */
2618 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2619 &ret->ex_data, &s->ex_data))
2620 goto err;
2621
2622 /* setup rbio, and wbio */
2623 if (s->rbio != NULL) {
2624 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2625 goto err;
2626 }
2627 if (s->wbio != NULL) {
2628 if (s->wbio != s->rbio) {
2629 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2630 goto err;
2631 } else
2632 ret->wbio = ret->rbio;
2633 }
2634 ret->rwstate = s->rwstate;
2635 ret->in_handshake = s->in_handshake;
2636 ret->handshake_func = s->handshake_func;
2637 ret->server = s->server;
2638 ret->renegotiate = s->renegotiate;
2639 ret->new_session = s->new_session;
2640 ret->quiet_shutdown = s->quiet_shutdown;
2641 ret->shutdown = s->shutdown;
2642 /* SSL_dup does not really work at any state, though */
2643 ret->state=s->state;
2644 ret->rstate = s->rstate;
2645
2646 /*
2647 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2648 * ret->init_off
2649 */
2650 ret->init_num = 0;
2651
2652 ret->hit = s->hit;
2653
2654 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2655
2656 /* dup the cipher_list and cipher_list_by_id stacks */
2657 if (s->cipher_list != NULL) {
2658 if ((ret->cipher_list =
2659 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2660 goto err;
2661 }
2662 if (s->cipher_list_by_id != NULL) {
2663 if ((ret->cipher_list_by_id =
2664 sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
2665 goto err;
2666 }
2667
2668 /* Dup the client_CA list */
2669 if (s->client_CA != NULL) {
2670 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2671 ret->client_CA = sk;
2672 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2673 xn = sk_X509_NAME_value(sk, i);
2674 if (sk_X509_NAME_set(sk, i,
2675 X509_NAME_dup(xn)) == NULL) {
2676 X509_NAME_free(xn);
2677 goto err;
2678 }
2679 }
2680 }
2681
2682 if (0) {
2683err:
2684 if (ret != NULL)
2685 SSL_free(ret);
2686 ret = NULL;
2687 }
2688 return (ret);
2689}
2690
2691void
2692ssl_clear_cipher_ctx(SSL *s)
2693{
2694 EVP_CIPHER_CTX_free(s->enc_read_ctx);
2695 s->enc_read_ctx = NULL;
2696 EVP_CIPHER_CTX_free(s->enc_write_ctx);
2697 s->enc_write_ctx = NULL;
2698
2699 if (s->aead_read_ctx != NULL) {
2700 EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
2701 free(s->aead_read_ctx);
2702 s->aead_read_ctx = NULL;
2703 }
2704 if (s->aead_write_ctx != NULL) {
2705 EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
2706 free(s->aead_write_ctx);
2707 s->aead_write_ctx = NULL;
2708 }
2709
2710}
2711
2712/* Fix this function so that it takes an optional type parameter */
2713X509 *
2714SSL_get_certificate(const SSL *s)
2715{
2716 if (s->cert != NULL)
2717 return (s->cert->key->x509);
2718 else
2719 return (NULL);
2720}
2721
2722/* Fix this function so that it takes an optional type parameter */
2723EVP_PKEY *
2724SSL_get_privatekey(SSL *s)
2725{
2726 if (s->cert != NULL)
2727 return (s->cert->key->privatekey);
2728 else
2729 return (NULL);
2730}
2731
2732const SSL_CIPHER *
2733SSL_get_current_cipher(const SSL *s)
2734{
2735 if ((s->session != NULL) && (s->session->cipher != NULL))
2736 return (s->session->cipher);
2737 return (NULL);
2738}
2739const void *
2740SSL_get_current_compression(SSL *s)
2741{
2742 return (NULL);
2743}
2744
2745const void *
2746SSL_get_current_expansion(SSL *s)
2747{
2748 return (NULL);
2749}
2750
2751int
2752ssl_init_wbio_buffer(SSL *s, int push)
2753{
2754 BIO *bbio;
2755
2756 if (s->bbio == NULL) {
2757 bbio = BIO_new(BIO_f_buffer());
2758 if (bbio == NULL)
2759 return (0);
2760 s->bbio = bbio;
2761 } else {
2762 bbio = s->bbio;
2763 if (s->bbio == s->wbio)
2764 s->wbio = BIO_pop(s->wbio);
2765 }
2766 (void)BIO_reset(bbio);
2767/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2768 if (!BIO_set_read_buffer_size(bbio, 1)) {
2769 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
2770 return (0);
2771 }
2772 if (push) {
2773 if (s->wbio != bbio)
2774 s->wbio = BIO_push(bbio, s->wbio);
2775 } else {
2776 if (s->wbio == bbio)
2777 s->wbio = BIO_pop(bbio);
2778 }
2779 return (1);
2780}
2781
2782void
2783ssl_free_wbio_buffer(SSL *s)
2784{
2785 if (s == NULL)
2786 return;
2787
2788 if (s->bbio == NULL)
2789 return;
2790
2791 if (s->bbio == s->wbio) {
2792 /* remove buffering */
2793 s->wbio = BIO_pop(s->wbio);
2794 }
2795 BIO_free(s->bbio);
2796 s->bbio = NULL;
2797}
2798
2799void
2800SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2801{
2802 ctx->quiet_shutdown = mode;
2803}
2804
2805int
2806SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2807{
2808 return (ctx->quiet_shutdown);
2809}
2810
2811void
2812SSL_set_quiet_shutdown(SSL *s, int mode)
2813{
2814 s->quiet_shutdown = mode;
2815}
2816
2817int
2818SSL_get_quiet_shutdown(const SSL *s)
2819{
2820 return (s->quiet_shutdown);
2821}
2822
2823void
2824SSL_set_shutdown(SSL *s, int mode)
2825{
2826 s->shutdown = mode;
2827}
2828
2829int
2830SSL_get_shutdown(const SSL *s)
2831{
2832 return (s->shutdown);
2833}
2834
2835int
2836SSL_version(const SSL *s)
2837{
2838 return (s->version);
2839}
2840
2841SSL_CTX *
2842SSL_get_SSL_CTX(const SSL *ssl)
2843{
2844 return (ssl->ctx);
2845}
2846
2847SSL_CTX *
2848SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2849{
2850 if (ssl->ctx == ctx)
2851 return (ssl->ctx);
2852 if (ctx == NULL)
2853 ctx = ssl->initial_ctx;
2854 if (ssl->cert != NULL)
2855 ssl_cert_free(ssl->cert);
2856 ssl->cert = ssl_cert_dup(ctx->cert);
2857 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2858 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2859 ssl->ctx = ctx;
2860 return (ssl->ctx);
2861}
2862
2863int
2864SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2865{
2866 return (X509_STORE_set_default_paths(ctx->cert_store));
2867}
2868
2869int
2870SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2871 const char *CApath)
2872{
2873 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2874}
2875
2876int
2877SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
2878{
2879 return (X509_STORE_load_mem(ctx->cert_store, buf, len));
2880}
2881
2882void
2883SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
2884{
2885 ssl->info_callback = cb;
2886}
2887
2888void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
2889{
2890 return (ssl->info_callback);
2891}
2892
2893int
2894SSL_state(const SSL *ssl)
2895{
2896 return (ssl->state);
2897}
2898
2899void
2900SSL_set_state(SSL *ssl, int state)
2901{
2902 ssl->state = state;
2903}
2904
2905void
2906SSL_set_verify_result(SSL *ssl, long arg)
2907{
2908 ssl->verify_result = arg;
2909}
2910
2911long
2912SSL_get_verify_result(const SSL *ssl)
2913{
2914 return (ssl->verify_result);
2915}
2916
2917int
2918SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2919 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2920{
2921 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2922 new_func, dup_func, free_func));
2923}
2924
2925int
2926SSL_set_ex_data(SSL *s, int idx, void *arg)
2927{
2928 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2929}
2930
2931void *
2932SSL_get_ex_data(const SSL *s, int idx)
2933{
2934 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2935}
2936
2937int
2938SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2939 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2940{
2941 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2942 new_func, dup_func, free_func));
2943}
2944
2945int
2946SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
2947{
2948 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2949}
2950
2951void *
2952SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
2953{
2954 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2955}
2956
2957int
2958ssl_ok(SSL *s)
2959{
2960 return (1);
2961}
2962
2963X509_STORE *
2964SSL_CTX_get_cert_store(const SSL_CTX *ctx)
2965{
2966 return (ctx->cert_store);
2967}
2968
2969void
2970SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
2971{
2972 if (ctx->cert_store != NULL)
2973 X509_STORE_free(ctx->cert_store);
2974 ctx->cert_store = store;
2975}
2976
2977int
2978SSL_want(const SSL *s)
2979{
2980 return (s->rwstate);
2981}
2982
2983void
2984SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
2985 int keylength))
2986{
2987 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2988}
2989
2990void
2991SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2992 int keylength))
2993{
2994 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2995}
2996
2997void
2998SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
2999 int keylength))
3000{
3001 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3002}
3003
3004void
3005SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3006 int keylength))
3007{
3008 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3009}
3010
3011void
3012SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3013 int is_export, int keylength))
3014{
3015 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3016 (void (*)(void))ecdh);
3017}
3018
3019void
3020SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3021 int keylength))
3022{
3023 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3024}
3025
3026
3027void
3028SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3029 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3030{
3031 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3032 (void (*)(void))cb);
3033}
3034
3035void
3036SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3037 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3038{
3039 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3040}
3041
3042void
3043ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3044{
3045 if (*hash)
3046 EVP_MD_CTX_destroy(*hash);
3047 *hash = NULL;
3048}
3049
3050void
3051SSL_set_debug(SSL *s, int debug)
3052{
3053 s->debug = debug;
3054}
3055
3056int
3057SSL_cache_hit(SSL *s)
3058{
3059 return (s->hit);
3060}
3061
3062IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index 2a521fe26a..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,847 +0,0 @@
1/* $OpenBSD: ssl_locl.h,v 1.129 2016/04/28 16:39:45 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_LOCL_H
144#define HEADER_SSL_LOCL_H
145
146#include <sys/types.h>
147
148#include <errno.h>
149#include <stdlib.h>
150#include <string.h>
151#include <time.h>
152#include <unistd.h>
153
154#include <openssl/opensslconf.h>
155#include <openssl/bio.h>
156#include <openssl/buffer.h>
157#include <openssl/dsa.h>
158#include <openssl/err.h>
159#include <openssl/rsa.h>
160#include <openssl/ssl.h>
161#include <openssl/stack.h>
162
163#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
164 l|=(((unsigned long)(*((c)++)))<< 8), \
165 l|=(((unsigned long)(*((c)++)))<<16), \
166 l|=(((unsigned long)(*((c)++)))<<24))
167
168/* NOTE - c is not incremented as per c2l */
169#define c2ln(c,l1,l2,n) { \
170 c+=n; \
171 l1=l2=0; \
172 switch (n) { \
173 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
174 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
175 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
176 case 5: l2|=((unsigned long)(*(--(c)))); \
177 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
178 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
179 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
180 case 1: l1|=((unsigned long)(*(--(c)))); \
181 } \
182 }
183
184#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
185 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
186 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
187 *((c)++)=(unsigned char)(((l)>>24)&0xff))
188
189#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
190 l|=((unsigned long)(*((c)++)))<<16, \
191 l|=((unsigned long)(*((c)++)))<< 8, \
192 l|=((unsigned long)(*((c)++))))
193
194#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
195 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
196 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
197 *((c)++)=(unsigned char)(((l) )&0xff))
198
199#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
200 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
201 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
202 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
203 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
204 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
205 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
206 *((c)++)=(unsigned char)(((l) )&0xff))
207
208/* NOTE - c is not incremented as per l2c */
209#define l2cn(l1,l2,c,n) { \
210 c+=n; \
211 switch (n) { \
212 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
213 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
214 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
215 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
216 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
217 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
218 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
219 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
220 } \
221 }
222
223#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
224 (((unsigned int)(c[1])) )),c+=2)
225#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
226 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
227
228#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
229 (((unsigned long)(c[1]))<< 8)| \
230 (((unsigned long)(c[2])) )),c+=3)
231
232#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
233 c[1]=(unsigned char)(((l)>> 8)&0xff), \
234 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
235
236/* LOCAL STUFF */
237
238#define SSL_DECRYPT 0
239#define SSL_ENCRYPT 1
240
241/*
242 * Define the Bitmasks for SSL_CIPHER.algorithms.
243 * This bits are used packed as dense as possible. If new methods/ciphers
244 * etc will be added, the bits a likely to change, so this information
245 * is for internal library use only, even though SSL_CIPHER.algorithms
246 * can be publicly accessed.
247 * Use the according functions for cipher management instead.
248 *
249 * The bit mask handling in the selection and sorting scheme in
250 * ssl_create_cipher_list() has only limited capabilities, reflecting
251 * that the different entities within are mutually exclusive:
252 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
253 */
254
255/* Bits for algorithm_mkey (key exchange algorithm) */
256#define SSL_kRSA 0x00000001L /* RSA key exchange */
257#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
258#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
259#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
260#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
261#define SSL_kGOST 0x00000200L /* GOST key exchange */
262
263/* Bits for algorithm_auth (server authentication) */
264#define SSL_aRSA 0x00000001L /* RSA auth */
265#define SSL_aDSS 0x00000002L /* DSS auth */
266#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
267#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
268#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
269#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
270
271
272/* Bits for algorithm_enc (symmetric encryption) */
273#define SSL_DES 0x00000001L
274#define SSL_3DES 0x00000002L
275#define SSL_RC4 0x00000004L
276#define SSL_IDEA 0x00000008L
277#define SSL_eNULL 0x00000010L
278#define SSL_AES128 0x00000020L
279#define SSL_AES256 0x00000040L
280#define SSL_CAMELLIA128 0x00000080L
281#define SSL_CAMELLIA256 0x00000100L
282#define SSL_eGOST2814789CNT 0x00000200L
283#define SSL_AES128GCM 0x00000400L
284#define SSL_AES256GCM 0x00000800L
285#define SSL_CHACHA20POLY1305 0x00001000L
286#define SSL_CHACHA20POLY1305_OLD 0x00002000L
287
288#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
289#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
290
291
292/* Bits for algorithm_mac (symmetric authentication) */
293
294#define SSL_MD5 0x00000001L
295#define SSL_SHA1 0x00000002L
296#define SSL_GOST94 0x00000004L
297#define SSL_GOST89MAC 0x00000008L
298#define SSL_SHA256 0x00000010L
299#define SSL_SHA384 0x00000020L
300/* Not a real MAC, just an indication it is part of cipher */
301#define SSL_AEAD 0x00000040L
302#define SSL_STREEBOG256 0x00000080L
303#define SSL_STREEBOG512 0x00000100L
304
305/* Bits for algorithm_ssl (protocol version) */
306#define SSL_SSLV3 0x00000002L
307#define SSL_TLSV1 SSL_SSLV3 /* for now */
308#define SSL_TLSV1_2 0x00000004L
309
310
311/* Bits for algorithm2 (handshake digests and other extra flags) */
312
313#define SSL_HANDSHAKE_MAC_MD5 0x10
314#define SSL_HANDSHAKE_MAC_SHA 0x20
315#define SSL_HANDSHAKE_MAC_GOST94 0x40
316#define SSL_HANDSHAKE_MAC_SHA256 0x80
317#define SSL_HANDSHAKE_MAC_SHA384 0x100
318#define SSL_HANDSHAKE_MAC_STREEBOG256 0x200
319#define SSL_HANDSHAKE_MAC_STREEBOG512 0x400
320#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
321
322/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
323 * make sure to update this constant too */
324#define SSL_MAX_DIGEST 8
325
326#define SSL3_CK_ID 0x03000000
327#define SSL3_CK_VALUE_MASK 0x0000ffff
328
329#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)
330
331#define TLS1_PRF_DGST_SHIFT 10
332#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
333#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
334#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
335#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
336#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
337#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
338#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
339
340/* Stream MAC for GOST ciphersuites from cryptopro draft
341 * (currently this also goes into algorithm2) */
342#define TLS1_STREAM_MAC 0x04
343
344/*
345 * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
346 * indicates that the variable part of the nonce is included as a prefix of
347 * the record (AES-GCM, for example, does this with an 8-byte variable nonce.)
348 */
349#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD (1 << 22)
350
351/*
352 * SSL_CIPHER_ALGORITHM2_AEAD is an algorithm2 flag that indicates the cipher
353 * is implemented via an EVP_AEAD.
354 */
355#define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23)
356
357/*
358 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce
359 * for an SSL_CIPHER with the SSL_CIPHER_ALGORITHM2_AEAD flag.
360 */
361#define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \
362 (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)
363
364/*
365 * Cipher strength information.
366 */
367#define SSL_STRONG_MASK 0x000001fcL
368#define SSL_STRONG_NONE 0x00000004L
369#define SSL_LOW 0x00000020L
370#define SSL_MEDIUM 0x00000040L
371#define SSL_HIGH 0x00000080L
372
373/*
374 * The keylength (measured in RSA key bits, I guess) for temporary keys.
375 * Cipher argument is so that this can be variable in the future.
376 */
377#define SSL_C_PKEYLENGTH(c) 1024
378
379/* Check if an SSL structure is using DTLS. */
380#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
381
382/* See if we need explicit IV. */
383#define SSL_USE_EXPLICIT_IV(s) \
384 (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
385
386/* See if we use signature algorithms extension. */
387#define SSL_USE_SIGALGS(s) \
388 (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
389
390/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
391#define SSL_USE_TLS1_2_CIPHERS(s) \
392 (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
393
394/* Mostly for SSLv3 */
395#define SSL_PKEY_RSA_ENC 0
396#define SSL_PKEY_RSA_SIGN 1
397#define SSL_PKEY_DSA_SIGN 2
398#define SSL_PKEY_DH_RSA 3
399#define SSL_PKEY_DH_DSA 4
400#define SSL_PKEY_ECC 5
401#define SSL_PKEY_GOST01 6
402#define SSL_PKEY_NUM 7
403
404/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
405 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
406 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
407 * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
408 * SSL_aRSA <- RSA_ENC | RSA_SIGN
409 * SSL_aDSS <- DSA_SIGN
410 */
411
412/*
413#define CERT_INVALID 0
414#define CERT_PUBLIC_KEY 1
415#define CERT_PRIVATE_KEY 2
416*/
417
418/* From ECC-TLS draft, used in encoding the curve type in
419 * ECParameters
420 */
421#define EXPLICIT_PRIME_CURVE_TYPE 1
422#define EXPLICIT_CHAR2_CURVE_TYPE 2
423#define NAMED_CURVE_TYPE 3
424
425typedef struct cert_pkey_st {
426 X509 *x509;
427 EVP_PKEY *privatekey;
428 /* Digest to use when signing */
429 const EVP_MD *digest;
430} CERT_PKEY;
431
432typedef struct cert_st {
433 /* Current active set */
434 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
435 * Probably it would make more sense to store
436 * an index, not a pointer. */
437
438 /* The following masks are for the key and auth
439 * algorithms that are supported by the certs below */
440 int valid;
441 unsigned long mask_k;
442 unsigned long mask_a;
443
444 DH *dh_tmp;
445 DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
446 int dh_tmp_auto;
447
448 EC_KEY *ecdh_tmp;
449 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
450 int ecdh_tmp_auto;
451
452 CERT_PKEY pkeys[SSL_PKEY_NUM];
453
454 int references; /* >1 only if SSL_copy_session_id is used */
455} CERT;
456
457
458typedef struct sess_cert_st {
459 STACK_OF(X509) *cert_chain; /* as received from peer */
460
461 /* The 'peer_...' members are used only by clients. */
462 int peer_cert_type;
463
464 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
465 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
466 /* Obviously we don't have the private keys of these,
467 * so maybe we shouldn't even use the CERT_PKEY type here. */
468
469 DH *peer_dh_tmp;
470 EC_KEY *peer_ecdh_tmp;
471
472 int references; /* actually always 1 at the moment */
473} SESS_CERT;
474
475
476/*#define SSL_DEBUG */
477/*#define RSA_DEBUG */
478
479/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
480 * It is a bit of a mess of functions, but hell, think of it as
481 * an opaque structure :-) */
482typedef struct ssl3_enc_method {
483 int (*enc)(SSL *, int);
484 int (*mac)(SSL *, unsigned char *, int);
485 int (*setup_key_block)(SSL *);
486 int (*generate_master_secret)(SSL *, unsigned char *,
487 unsigned char *, int);
488 int (*change_cipher_state)(SSL *, int);
489 int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
490 int finish_mac_length;
491 int (*cert_verify_mac)(SSL *, int, unsigned char *);
492 const char *client_finished_label;
493 int client_finished_label_len;
494 const char *server_finished_label;
495 int server_finished_label_len;
496 int (*alert_value)(int);
497 int (*export_keying_material)(SSL *, unsigned char *, size_t,
498 const char *, size_t, const unsigned char *, size_t,
499 int use_context);
500 /* Flags indicating protocol version requirements. */
501 unsigned int enc_flags;
502} SSL3_ENC_METHOD;
503
504/*
505 * Flag values for enc_flags.
506 */
507
508/* Uses explicit IV. */
509#define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0)
510
511/* Uses signature algorithms extension. */
512#define SSL_ENC_FLAG_SIGALGS (1 << 1)
513
514/* Uses SHA256 default PRF. */
515#define SSL_ENC_FLAG_SHA256_PRF (1 << 2)
516
517/* Is DTLS. */
518#define SSL_ENC_FLAG_DTLS (1 << 3)
519
520/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
521#define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4)
522
523/*
524 * ssl_aead_ctx_st contains information about an AEAD that is being used to
525 * encrypt an SSL connection.
526 */
527struct ssl_aead_ctx_st {
528 EVP_AEAD_CTX ctx;
529 /*
530 * fixed_nonce contains any bytes of the nonce that are fixed for all
531 * records.
532 */
533 unsigned char fixed_nonce[12];
534 unsigned char fixed_nonce_len;
535 unsigned char variable_nonce_len;
536 unsigned char xor_fixed_nonce;
537 unsigned char tag_len;
538 /*
539 * variable_nonce_in_record is non-zero if the variable nonce
540 * for a record is included as a prefix before the ciphertext.
541 */
542 char variable_nonce_in_record;
543};
544
545extern SSL3_ENC_METHOD ssl3_undef_enc_method;
546extern SSL_CIPHER ssl3_ciphers[];
547
548const char *ssl_version_string(int ver);
549uint16_t ssl_max_server_version(SSL *s);
550
551extern SSL3_ENC_METHOD DTLSv1_enc_data;
552extern SSL3_ENC_METHOD TLSv1_enc_data;
553extern SSL3_ENC_METHOD TLSv1_1_enc_data;
554extern SSL3_ENC_METHOD TLSv1_2_enc_data;
555
556void ssl_clear_cipher_ctx(SSL *s);
557int ssl_clear_bad_session(SSL *s);
558CERT *ssl_cert_new(void);
559CERT *ssl_cert_dup(CERT *cert);
560int ssl_cert_inst(CERT **o);
561void ssl_cert_free(CERT *c);
562SESS_CERT *ssl_sess_cert_new(void);
563void ssl_sess_cert_free(SESS_CERT *sc);
564int ssl_get_new_session(SSL *s, int session);
565int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
566 const unsigned char *limit);
567int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
568DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
569int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
570 const SSL_CIPHER * const *bp);
571STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p,
572 int num);
573int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
574 unsigned char *p);
575STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
576 STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
577 const char *rule_str);
578void ssl_update_cache(SSL *s, int mode);
579int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
580 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
581int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead);
582int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
583
584int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
585int ssl_undefined_function(SSL *s);
586int ssl_undefined_void_function(void);
587int ssl_undefined_const_function(const SSL *s);
588CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
589X509 *ssl_get_server_send_cert(const SSL *);
590EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
591DH *ssl_get_auto_dh(SSL *s);
592int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
593void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
594STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
595int ssl_verify_alarm_type(long type);
596void ssl_load_ciphers(void);
597
598const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
599int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
600int ssl3_send_server_certificate(SSL *s);
601int ssl3_send_newsession_ticket(SSL *s);
602int ssl3_send_cert_status(SSL *s);
603int ssl3_get_finished(SSL *s, int state_a, int state_b);
604int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
605int ssl3_do_write(SSL *s, int type);
606int ssl3_send_alert(SSL *s, int level, int desc);
607int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
608long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
609int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
610int ssl3_num_ciphers(void);
611const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
612const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
613const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
614uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c);
615int ssl3_renegotiate(SSL *ssl);
616
617int ssl3_renegotiate_check(SSL *ssl);
618
619int ssl3_dispatch_alert(SSL *s);
620int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
621int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
622unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
623SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
624 STACK_OF(SSL_CIPHER) *srvr);
625int ssl3_setup_buffers(SSL *s);
626int ssl3_setup_init_buffer(SSL *s);
627int ssl3_setup_read_buffer(SSL *s);
628int ssl3_setup_write_buffer(SSL *s);
629int ssl3_release_read_buffer(SSL *s);
630int ssl3_release_write_buffer(SSL *s);
631int ssl3_new(SSL *s);
632void ssl3_free(SSL *s);
633int ssl3_accept(SSL *s);
634int ssl3_connect(SSL *s);
635int ssl3_read(SSL *s, void *buf, int len);
636int ssl3_peek(SSL *s, void *buf, int len);
637int ssl3_write(SSL *s, const void *buf, int len);
638int ssl3_shutdown(SSL *s);
639void ssl3_clear(SSL *s);
640long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
641long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
642long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
643long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
644int ssl3_pending(const SSL *s);
645
646int ssl3_handshake_msg_hdr_len(SSL *s);
647unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
648void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
649int ssl3_handshake_write(SSL *s);
650
651void tls1_record_sequence_increment(unsigned char *seq);
652int ssl3_do_change_cipher_spec(SSL *ssl);
653
654int ssl23_read(SSL *s, void *buf, int len);
655int ssl23_peek(SSL *s, void *buf, int len);
656int ssl23_write(SSL *s, const void *buf, int len);
657long ssl23_default_timeout(void);
658
659long tls1_default_timeout(void);
660int dtls1_do_write(SSL *s, int type);
661int ssl3_read_n(SSL *s, int n, int max, int extend);
662int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
663int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
664 unsigned int len);
665unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
666 unsigned char mt, unsigned long len, unsigned long frag_off,
667 unsigned long frag_len);
668
669int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
670int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
671
672int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
673unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
674int dtls1_read_failed(SSL *s, int code);
675int dtls1_buffer_message(SSL *s, int ccs);
676int dtls1_retransmit_message(SSL *s, unsigned short seq,
677 unsigned long frag_off, int *found);
678int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
679int dtls1_retransmit_buffered_messages(SSL *s);
680void dtls1_clear_record_buffer(SSL *s);
681int dtls1_get_message_header(unsigned char *data,
682 struct hm_header_st *msg_hdr);
683void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
684void dtls1_reset_seq_numbers(SSL *s, int rw);
685void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
686 unsigned short epoch);
687long dtls1_default_timeout(void);
688struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
689int dtls1_check_timeout_num(SSL *s);
690int dtls1_handle_timeout(SSL *s);
691const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
692void dtls1_start_timer(SSL *s);
693void dtls1_stop_timer(SSL *s);
694int dtls1_is_timer_expired(SSL *s);
695void dtls1_double_timeout(SSL *s);
696unsigned int dtls1_min_mtu(void);
697
698/* some client-only functions */
699int ssl3_client_hello(SSL *s);
700int ssl3_get_server_hello(SSL *s);
701int ssl3_get_certificate_request(SSL *s);
702int ssl3_get_new_session_ticket(SSL *s);
703int ssl3_get_cert_status(SSL *s);
704int ssl3_get_server_done(SSL *s);
705int ssl3_send_client_verify(SSL *s);
706int ssl3_send_client_certificate(SSL *s);
707int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
708int ssl3_send_client_key_exchange(SSL *s);
709int ssl3_get_key_exchange(SSL *s);
710int ssl3_get_server_certificate(SSL *s);
711int ssl3_check_cert_and_algorithm(SSL *s);
712int ssl3_check_finished(SSL *s);
713int ssl3_send_next_proto(SSL *s);
714
715int dtls1_send_client_certificate(SSL *s);
716
717/* some server-only functions */
718int ssl3_get_client_hello(SSL *s);
719int ssl3_send_server_hello(SSL *s);
720int ssl3_send_hello_request(SSL *s);
721int ssl3_send_server_key_exchange(SSL *s);
722int ssl3_send_certificate_request(SSL *s);
723int ssl3_send_server_done(SSL *s);
724int ssl3_get_client_certificate(SSL *s);
725int ssl3_get_client_key_exchange(SSL *s);
726int ssl3_get_cert_verify(SSL *s);
727int ssl3_get_next_proto(SSL *s);
728
729int dtls1_send_server_certificate(SSL *s);
730
731int ssl23_accept(SSL *s);
732int ssl23_connect(SSL *s);
733int ssl23_read_bytes(SSL *s, int n);
734int ssl23_write_bytes(SSL *s);
735
736int tls1_new(SSL *s);
737void tls1_free(SSL *s);
738void tls1_clear(SSL *s);
739long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
740long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
741
742int dtls1_new(SSL *s);
743int dtls1_accept(SSL *s);
744int dtls1_connect(SSL *s);
745void dtls1_free(SSL *s);
746void dtls1_clear(SSL *s);
747long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
748int dtls1_shutdown(SSL *s);
749
750long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
751int dtls1_get_record(SSL *s);
752int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
753 unsigned int len);
754int dtls1_dispatch_alert(SSL *s);
755int dtls1_enc(SSL *s, int snd);
756
757int ssl_init_wbio_buffer(SSL *s, int push);
758void ssl_free_wbio_buffer(SSL *s);
759
760int tls1_init_finished_mac(SSL *s);
761void tls1_finish_mac(SSL *s, const unsigned char *buf, int len);
762void tls1_free_digest_list(SSL *s);
763void tls1_cleanup_key_block(SSL *s);
764int tls1_digest_cached_records(SSL *s);
765int tls1_change_cipher_state(SSL *s, int which);
766int tls1_setup_key_block(SSL *s);
767int tls1_enc(SSL *s, int snd);
768int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
769int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
770int tls1_mac(SSL *ssl, unsigned char *md, int snd);
771int tls1_generate_master_secret(SSL *s, unsigned char *out,
772 unsigned char *p, int len);
773int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
774 const char *label, size_t llen, const unsigned char *p, size_t plen,
775 int use_context);
776int tls1_alert_code(int code);
777int ssl_ok(SSL *s);
778
779int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
780
781SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
782
783int tls1_ec_curve_id2nid(uint16_t curve_id);
784uint16_t tls1_ec_nid2curve_id(int nid);
785int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
786int tls1_get_shared_curve(SSL *s);
787
788unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
789 unsigned char *limit);
790
791unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
792 unsigned char *limit);
793
794int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
795 unsigned char *d, int n, int *al);
796int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
797 unsigned char *d, int n, int *al);
798int ssl_check_clienthello_tlsext_early(SSL *s);
799int ssl_check_clienthello_tlsext_late(SSL *s);
800int ssl_check_serverhello_tlsext(SSL *s);
801
802#define tlsext_tick_md EVP_sha256
803int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
804 const unsigned char *limit, SSL_SESSION **ret);
805int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
806 const EVP_MD *md);
807int tls12_get_sigid(const EVP_PKEY *pk);
808const EVP_MD *tls12_get_hash(unsigned char hash_alg);
809
810void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
811int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
812 int *len, int maxlen);
813int ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d,
814 int len, int *al);
815int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
816 int *len, int maxlen);
817int ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d,
818 int len, int *al);
819long ssl_get_algorithm2(SSL *s);
820int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
821int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
822
823int tls1_check_ec_server_key(SSL *s);
824int tls1_check_ec_tmp_key(SSL *s);
825
826int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
827 int *len, int maxlen);
828int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d,
829 int len, int *al);
830int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
831 int *len, int maxlen);
832int ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d,
833 int len, int *al);
834
835/* s3_cbc.c */
836void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
837 unsigned md_size, unsigned orig_len);
838int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
839 unsigned block_size, unsigned mac_size);
840char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
841int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
842 size_t *md_out_size, const unsigned char header[13],
843 const unsigned char *data, size_t data_plus_mac_size,
844 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
845 unsigned mac_secret_length, char is_sslv3);
846
847#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 7481524942..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,751 +0,0 @@
1/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include "ssl_locl.h"
62
63#include <openssl/bio.h>
64#include <openssl/evp.h>
65#include <openssl/objects.h>
66#include <openssl/pem.h>
67#include <openssl/x509.h>
68
69static int ssl_set_cert(CERT *c, X509 *x509);
70static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
71static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *);
72
73int
74SSL_use_certificate(SSL *ssl, X509 *x)
75{
76 if (x == NULL) {
77 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
78 return (0);
79 }
80 if (!ssl_cert_inst(&ssl->cert)) {
81 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
82 return (0);
83 }
84 return (ssl_set_cert(ssl->cert, x));
85}
86
87int
88SSL_use_certificate_file(SSL *ssl, const char *file, int type)
89{
90 int j;
91 BIO *in;
92 int ret = 0;
93 X509 *x = NULL;
94
95 in = BIO_new(BIO_s_file_internal());
96 if (in == NULL) {
97 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
98 goto end;
99 }
100
101 if (BIO_read_filename(in, file) <= 0) {
102 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
103 goto end;
104 }
105 if (type == SSL_FILETYPE_ASN1) {
106 j = ERR_R_ASN1_LIB;
107 x = d2i_X509_bio(in, NULL);
108 } else if (type == SSL_FILETYPE_PEM) {
109 j = ERR_R_PEM_LIB;
110 x = PEM_read_bio_X509(in, NULL,
111 ssl->ctx->default_passwd_callback,
112 ssl->ctx->default_passwd_callback_userdata);
113 } else {
114 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
115 goto end;
116 }
117
118 if (x == NULL) {
119 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
120 goto end;
121 }
122
123 ret = SSL_use_certificate(ssl, x);
124end:
125 X509_free(x);
126 BIO_free(in);
127 return (ret);
128}
129
130int
131SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
132{
133 X509 *x;
134 int ret;
135
136 x = d2i_X509(NULL, &d,(long)len);
137 if (x == NULL) {
138 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
139 return (0);
140 }
141
142 ret = SSL_use_certificate(ssl, x);
143 X509_free(x);
144 return (ret);
145}
146
147int
148SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
149{
150 EVP_PKEY *pkey;
151 int ret;
152
153 if (rsa == NULL) {
154 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
155 return (0);
156 }
157 if (!ssl_cert_inst(&ssl->cert)) {
158 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
159 return (0);
160 }
161 if ((pkey = EVP_PKEY_new()) == NULL) {
162 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
163 return (0);
164 }
165
166 RSA_up_ref(rsa);
167 EVP_PKEY_assign_RSA(pkey, rsa);
168
169 ret = ssl_set_pkey(ssl->cert, pkey);
170 EVP_PKEY_free(pkey);
171 return (ret);
172}
173
174static int
175ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
176{
177 int i;
178
179 i = ssl_cert_type(NULL, pkey);
180 if (i < 0) {
181 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
182 return (0);
183 }
184
185 if (c->pkeys[i].x509 != NULL) {
186 EVP_PKEY *pktmp;
187 pktmp = X509_get_pubkey(c->pkeys[i].x509);
188 EVP_PKEY_copy_parameters(pktmp, pkey);
189 EVP_PKEY_free(pktmp);
190 ERR_clear_error();
191
192 /*
193 * Don't check the public/private key, this is mostly
194 * for smart cards.
195 */
196 if ((pkey->type == EVP_PKEY_RSA) &&
197 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
198;
199 else
200 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
201 X509_free(c->pkeys[i].x509);
202 c->pkeys[i].x509 = NULL;
203 return 0;
204 }
205 }
206
207 EVP_PKEY_free(c->pkeys[i].privatekey);
208 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
209 c->pkeys[i].privatekey = pkey;
210 c->key = &(c->pkeys[i]);
211
212 c->valid = 0;
213 return (1);
214}
215
216int
217SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
218{
219 int j, ret = 0;
220 BIO *in;
221 RSA *rsa = NULL;
222
223 in = BIO_new(BIO_s_file_internal());
224 if (in == NULL) {
225 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
226 goto end;
227 }
228
229 if (BIO_read_filename(in, file) <= 0) {
230 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
231 goto end;
232 }
233 if (type == SSL_FILETYPE_ASN1) {
234 j = ERR_R_ASN1_LIB;
235 rsa = d2i_RSAPrivateKey_bio(in, NULL);
236 } else if (type == SSL_FILETYPE_PEM) {
237 j = ERR_R_PEM_LIB;
238 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
239 ssl->ctx->default_passwd_callback,
240 ssl->ctx->default_passwd_callback_userdata);
241 } else {
242 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
243 goto end;
244 }
245 if (rsa == NULL) {
246 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
247 goto end;
248 }
249 ret = SSL_use_RSAPrivateKey(ssl, rsa);
250 RSA_free(rsa);
251end:
252 BIO_free(in);
253 return (ret);
254}
255
256int
257SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
258{
259 int ret;
260 const unsigned char *p;
261 RSA *rsa;
262
263 p = d;
264 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
266 return (0);
267 }
268
269 ret = SSL_use_RSAPrivateKey(ssl, rsa);
270 RSA_free(rsa);
271 return (ret);
272}
273
274int
275SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
276{
277 int ret;
278
279 if (pkey == NULL) {
280 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
281 return (0);
282 }
283 if (!ssl_cert_inst(&ssl->cert)) {
284 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
285 return (0);
286 }
287 ret = ssl_set_pkey(ssl->cert, pkey);
288 return (ret);
289}
290
291int
292SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
293{
294 int j, ret = 0;
295 BIO *in;
296 EVP_PKEY *pkey = NULL;
297
298 in = BIO_new(BIO_s_file_internal());
299 if (in == NULL) {
300 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
301 goto end;
302 }
303
304 if (BIO_read_filename(in, file) <= 0) {
305 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
306 goto end;
307 }
308 if (type == SSL_FILETYPE_PEM) {
309 j = ERR_R_PEM_LIB;
310 pkey = PEM_read_bio_PrivateKey(in, NULL,
311 ssl->ctx->default_passwd_callback,
312 ssl->ctx->default_passwd_callback_userdata);
313 } else if (type == SSL_FILETYPE_ASN1) {
314 j = ERR_R_ASN1_LIB;
315 pkey = d2i_PrivateKey_bio(in, NULL);
316 } else {
317 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
318 goto end;
319 }
320 if (pkey == NULL) {
321 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
322 goto end;
323 }
324 ret = SSL_use_PrivateKey(ssl, pkey);
325 EVP_PKEY_free(pkey);
326end:
327 BIO_free(in);
328 return (ret);
329}
330
331int
332SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
333{
334 int ret;
335 const unsigned char *p;
336 EVP_PKEY *pkey;
337
338 p = d;
339 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
340 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
341 return (0);
342 }
343
344 ret = SSL_use_PrivateKey(ssl, pkey);
345 EVP_PKEY_free(pkey);
346 return (ret);
347}
348
349int
350SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
351{
352 if (x == NULL) {
353 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
354 return (0);
355 }
356 if (!ssl_cert_inst(&ctx->cert)) {
357 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
358 return (0);
359 }
360 return (ssl_set_cert(ctx->cert, x));
361}
362
363static int
364ssl_set_cert(CERT *c, X509 *x)
365{
366 EVP_PKEY *pkey;
367 int i;
368
369 pkey = X509_get_pubkey(x);
370 if (pkey == NULL) {
371 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
372 return (0);
373 }
374
375 i = ssl_cert_type(x, pkey);
376 if (i < 0) {
377 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
378 EVP_PKEY_free(pkey);
379 return (0);
380 }
381
382 if (c->pkeys[i].privatekey != NULL) {
383 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
384 ERR_clear_error();
385
386 /*
387 * Don't check the public/private key, this is mostly
388 * for smart cards.
389 */
390 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
391 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
392 RSA_METHOD_FLAG_NO_CHECK))
393;
394 else
395 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
396 /*
397 * don't fail for a cert/key mismatch, just free
398 * current private key (when switching to a different
399 * cert & key, first this function should be used,
400 * then ssl_set_pkey
401 */
402 EVP_PKEY_free(c->pkeys[i].privatekey);
403 c->pkeys[i].privatekey = NULL;
404 /* clear error queue */
405 ERR_clear_error();
406 }
407 }
408
409 EVP_PKEY_free(pkey);
410
411 X509_free(c->pkeys[i].x509);
412 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
413 c->pkeys[i].x509 = x;
414 c->key = &(c->pkeys[i]);
415
416 c->valid = 0;
417 return (1);
418}
419
420int
421SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
422{
423 int j;
424 BIO *in;
425 int ret = 0;
426 X509 *x = NULL;
427
428 in = BIO_new(BIO_s_file_internal());
429 if (in == NULL) {
430 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
431 goto end;
432 }
433
434 if (BIO_read_filename(in, file) <= 0) {
435 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
436 goto end;
437 }
438 if (type == SSL_FILETYPE_ASN1) {
439 j = ERR_R_ASN1_LIB;
440 x = d2i_X509_bio(in, NULL);
441 } else if (type == SSL_FILETYPE_PEM) {
442 j = ERR_R_PEM_LIB;
443 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
444 ctx->default_passwd_callback_userdata);
445 } else {
446 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
447 goto end;
448 }
449
450 if (x == NULL) {
451 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
452 goto end;
453 }
454
455 ret = SSL_CTX_use_certificate(ctx, x);
456end:
457 X509_free(x);
458 BIO_free(in);
459 return (ret);
460}
461
462int
463SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
464{
465 X509 *x;
466 int ret;
467
468 x = d2i_X509(NULL, &d,(long)len);
469 if (x == NULL) {
470 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
471 return (0);
472 }
473
474 ret = SSL_CTX_use_certificate(ctx, x);
475 X509_free(x);
476 return (ret);
477}
478
479int
480SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
481{
482 int ret;
483 EVP_PKEY *pkey;
484
485 if (rsa == NULL) {
486 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
487 return (0);
488 }
489 if (!ssl_cert_inst(&ctx->cert)) {
490 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
491 return (0);
492 }
493 if ((pkey = EVP_PKEY_new()) == NULL) {
494 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
495 return (0);
496 }
497
498 RSA_up_ref(rsa);
499 EVP_PKEY_assign_RSA(pkey, rsa);
500
501 ret = ssl_set_pkey(ctx->cert, pkey);
502 EVP_PKEY_free(pkey);
503 return (ret);
504}
505
506int
507SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
508{
509 int j, ret = 0;
510 BIO *in;
511 RSA *rsa = NULL;
512
513 in = BIO_new(BIO_s_file_internal());
514 if (in == NULL) {
515 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
516 goto end;
517 }
518
519 if (BIO_read_filename(in, file) <= 0) {
520 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
521 goto end;
522 }
523 if (type == SSL_FILETYPE_ASN1) {
524 j = ERR_R_ASN1_LIB;
525 rsa = d2i_RSAPrivateKey_bio(in, NULL);
526 } else if (type == SSL_FILETYPE_PEM) {
527 j = ERR_R_PEM_LIB;
528 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
529 ctx->default_passwd_callback,
530 ctx->default_passwd_callback_userdata);
531 } else {
532 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
533 goto end;
534 }
535 if (rsa == NULL) {
536 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
537 goto end;
538 }
539 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
540 RSA_free(rsa);
541end:
542 BIO_free(in);
543 return (ret);
544}
545
546int
547SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
548{
549 int ret;
550 const unsigned char *p;
551 RSA *rsa;
552
553 p = d;
554 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
555 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
556 return (0);
557 }
558
559 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
560 RSA_free(rsa);
561 return (ret);
562}
563
564int
565SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
566{
567 if (pkey == NULL) {
568 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,
569 ERR_R_PASSED_NULL_PARAMETER);
570 return (0);
571 }
572 if (!ssl_cert_inst(&ctx->cert)) {
573 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
574 return (0);
575 }
576 return (ssl_set_pkey(ctx->cert, pkey));
577}
578
579int
580SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
581{
582 int j, ret = 0;
583 BIO *in;
584 EVP_PKEY *pkey = NULL;
585
586 in = BIO_new(BIO_s_file_internal());
587 if (in == NULL) {
588 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
589 goto end;
590 }
591
592 if (BIO_read_filename(in, file) <= 0) {
593 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
594 goto end;
595 }
596 if (type == SSL_FILETYPE_PEM) {
597 j = ERR_R_PEM_LIB;
598 pkey = PEM_read_bio_PrivateKey(in, NULL,
599 ctx->default_passwd_callback,
600 ctx->default_passwd_callback_userdata);
601 } else if (type == SSL_FILETYPE_ASN1) {
602 j = ERR_R_ASN1_LIB;
603 pkey = d2i_PrivateKey_bio(in, NULL);
604 } else {
605 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,
606 SSL_R_BAD_SSL_FILETYPE);
607 goto end;
608 }
609 if (pkey == NULL) {
610 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
611 goto end;
612 }
613 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
614 EVP_PKEY_free(pkey);
615end:
616 BIO_free(in);
617 return (ret);
618}
619
620int
621SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
622 long len)
623{
624 int ret;
625 const unsigned char *p;
626 EVP_PKEY *pkey;
627
628 p = d;
629 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
630 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
631 return (0);
632 }
633
634 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
635 EVP_PKEY_free(pkey);
636 return (ret);
637}
638
639
640/*
641 * Read a bio that contains our certificate in "PEM" format,
642 * possibly followed by a sequence of CA certificates that should be
643 * sent to the peer in the Certificate message.
644 */
645static int
646ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
647{
648 int ret = 0;
649 X509 *x = NULL;
650
651 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
652
653 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
654 ctx->default_passwd_callback_userdata);
655 if (x == NULL) {
656 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
657 goto end;
658 }
659
660 ret = SSL_CTX_use_certificate(ctx, x);
661
662 if (ERR_peek_error() != 0)
663 ret = 0;
664 /* Key/certificate mismatch doesn't imply ret==0 ... */
665 if (ret) {
666 /*
667 * If we could set up our certificate, now proceed to
668 * the CA certificates.
669 */
670 X509 *ca;
671 int r;
672 unsigned long err;
673
674 if (ctx->extra_certs != NULL) {
675 sk_X509_pop_free(ctx->extra_certs, X509_free);
676 ctx->extra_certs = NULL;
677 }
678
679 while ((ca = PEM_read_bio_X509(in, NULL,
680 ctx->default_passwd_callback,
681 ctx->default_passwd_callback_userdata)) != NULL) {
682 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
683 if (!r) {
684 X509_free(ca);
685 ret = 0;
686 goto end;
687 }
688 /*
689 * Note that we must not free r if it was successfully
690 * added to the chain (while we must free the main
691 * certificate, since its reference count is increased
692 * by SSL_CTX_use_certificate).
693 */
694 }
695
696 /* When the while loop ends, it's usually just EOF. */
697 err = ERR_peek_last_error();
698 if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
699 ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
700 ERR_clear_error();
701 else
702 ret = 0; /* some real error */
703 }
704
705end:
706 X509_free(x);
707 return (ret);
708}
709
710int
711SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
712{
713 BIO *in;
714 int ret = 0;
715
716 in = BIO_new(BIO_s_file_internal());
717 if (in == NULL) {
718 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
719 goto end;
720 }
721
722 if (BIO_read_filename(in, file) <= 0) {
723 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
724 goto end;
725 }
726
727 ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
728
729end:
730 BIO_free(in);
731 return (ret);
732}
733
734int
735SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
736{
737 BIO *in;
738 int ret = 0;
739
740 in = BIO_new_mem_buf(buf, len);
741 if (in == NULL) {
742 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
743 goto end;
744 }
745
746 ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
747
748end:
749 BIO_free(in);
750 return (ret);
751}
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index 16dd5c444c..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,1099 +0,0 @@
1/* $OpenBSD: ssl_sess.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <openssl/lhash.h>
139
140#ifndef OPENSSL_NO_ENGINE
141#include <openssl/engine.h>
142#endif
143
144#include "ssl_locl.h"
145
146static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
147static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
148static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
149
150/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
151SSL_SESSION *
152SSL_get_session(const SSL *ssl)
153{
154 return (ssl->session);
155}
156
157/* variant of SSL_get_session: caller really gets something */
158SSL_SESSION *
159SSL_get1_session(SSL *ssl)
160{
161 SSL_SESSION *sess;
162
163 /*
164 * Need to lock this all up rather than just use CRYPTO_add so that
165 * somebody doesn't free ssl->session between when we check it's
166 * non-null and when we up the reference count.
167 */
168 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
169 sess = ssl->session;
170 if (sess)
171 sess->references++;
172 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
173
174 return (sess);
175}
176
177int
178SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
179 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
180{
181 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
182 argl, argp, new_func, dup_func, free_func);
183}
184
185int
186SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
187{
188 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
189}
190
191void *
192SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
193{
194 return (CRYPTO_get_ex_data(&s->ex_data, idx));
195}
196
197SSL_SESSION *
198SSL_SESSION_new(void)
199{
200 SSL_SESSION *ss;
201
202 ss = calloc(1, sizeof(SSL_SESSION));
203 if (ss == NULL) {
204 SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
205 return (0);
206 }
207
208 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
209 ss->references = 1;
210 ss->timeout=60*5+4; /* 5 minute timeout by default */
211 ss->time = time(NULL);
212 ss->prev = NULL;
213 ss->next = NULL;
214 ss->tlsext_hostname = NULL;
215
216 ss->tlsext_ecpointformatlist_length = 0;
217 ss->tlsext_ecpointformatlist = NULL;
218 ss->tlsext_ellipticcurvelist_length = 0;
219 ss->tlsext_ellipticcurvelist = NULL;
220
221 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
222
223 return (ss);
224}
225
226const unsigned char *
227SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
228{
229 if (len)
230 *len = s->session_id_length;
231 return s->session_id;
232}
233
234unsigned int
235SSL_SESSION_get_compress_id(const SSL_SESSION *s)
236{
237 return 0;
238}
239
240/*
241 * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
242 * the ID with random gunk repeatedly until we have no conflict is going to
243 * complete in one iteration pretty much "most" of the time (btw:
244 * understatement). So, if it takes us 10 iterations and we still can't avoid
245 * a conflict - well that's a reasonable point to call it quits. Either the
246 * arc4random code is broken or someone is trying to open roughly very close to
247 * 2^128 (or 2^256) SSL sessions to our server. How you might store that many
248 * sessions is perhaps a more interesting question...
249 */
250
251#define MAX_SESS_ID_ATTEMPTS 10
252
253static int
254def_generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)
255{
256 unsigned int retry = 0;
257
258 do {
259 arc4random_buf(id, *id_len);
260 } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
261 (++retry < MAX_SESS_ID_ATTEMPTS));
262
263 if (retry < MAX_SESS_ID_ATTEMPTS)
264 return 1;
265
266 /* else - woops a session_id match */
267 /* XXX We should also check the external cache --
268 * but the probability of a collision is negligible, and
269 * we could not prevent the concurrent creation of sessions
270 * with identical IDs since we currently don't have means
271 * to atomically check whether a session ID already exists
272 * and make a reservation for it if it does not
273 * (this problem applies to the internal cache as well).
274 */
275 return 0;
276}
277
278int
279ssl_get_new_session(SSL *s, int session)
280{
281 unsigned int tmp;
282 SSL_SESSION *ss = NULL;
283 GEN_SESSION_CB cb = def_generate_session_id;
284
285 /* This gets used by clients and servers. */
286
287 if ((ss = SSL_SESSION_new()) == NULL)
288 return (0);
289
290 /* If the context has a default timeout, use it */
291 if (s->session_ctx->session_timeout == 0)
292 ss->timeout = SSL_get_default_timeout(s);
293 else
294 ss->timeout = s->session_ctx->session_timeout;
295
296 if (s->session != NULL) {
297 SSL_SESSION_free(s->session);
298 s->session = NULL;
299 }
300
301 if (session) {
302 switch (s->version) {
303 case TLS1_VERSION:
304 case TLS1_1_VERSION:
305 case TLS1_2_VERSION:
306 case DTLS1_VERSION:
307 ss->ssl_version = s->version;
308 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
309 break;
310 default:
311 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
312 SSL_R_UNSUPPORTED_SSL_VERSION);
313 SSL_SESSION_free(ss);
314 return (0);
315 }
316
317 /* If RFC4507 ticket use empty session ID. */
318 if (s->tlsext_ticket_expected) {
319 ss->session_id_length = 0;
320 goto sess_id_done;
321 }
322
323 /* Choose which callback will set the session ID. */
324 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
325 if (s->generate_session_id)
326 cb = s->generate_session_id;
327 else if (s->session_ctx->generate_session_id)
328 cb = s->session_ctx->generate_session_id;
329 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
330
331 /* Choose a session ID. */
332 tmp = ss->session_id_length;
333 if (!cb(s, ss->session_id, &tmp)) {
334 /* The callback failed */
335 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
336 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
337 SSL_SESSION_free(ss);
338 return (0);
339 }
340
341 /*
342 * Don't allow the callback to set the session length to zero.
343 * nor set it higher than it was.
344 */
345 if (!tmp || (tmp > ss->session_id_length)) {
346 /* The callback set an illegal length */
347 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
348 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
349 SSL_SESSION_free(ss);
350 return (0);
351 }
352 ss->session_id_length = tmp;
353
354 /* Finally, check for a conflict. */
355 if (SSL_has_matching_session_id(s, ss->session_id,
356 ss->session_id_length)) {
357 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
358 SSL_R_SSL_SESSION_ID_CONFLICT);
359 SSL_SESSION_free(ss);
360 return (0);
361 }
362
363sess_id_done:
364 if (s->tlsext_hostname) {
365 ss->tlsext_hostname = strdup(s->tlsext_hostname);
366 if (ss->tlsext_hostname == NULL) {
367 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
368 ERR_R_INTERNAL_ERROR);
369 SSL_SESSION_free(ss);
370 return 0;
371 }
372 }
373 } else {
374 ss->session_id_length = 0;
375 }
376
377 if (s->sid_ctx_length > sizeof ss->sid_ctx) {
378 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
379 SSL_SESSION_free(ss);
380 return 0;
381 }
382
383 memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
384 ss->sid_ctx_length = s->sid_ctx_length;
385 s->session = ss;
386 ss->ssl_version = s->version;
387 ss->verify_result = X509_V_OK;
388
389 return (1);
390}
391
392/*
393 * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
394 * connection. It is only called by servers.
395 *
396 * session_id: points at the session ID in the ClientHello. This code will
397 * read past the end of this in order to parse out the session ticket
398 * extension, if any.
399 * len: the length of the session ID.
400 * limit: a pointer to the first byte after the ClientHello.
401 *
402 * Returns:
403 * -1: error
404 * 0: a session may have been found.
405 *
406 * Side effects:
407 * - If a session is found then s->session is pointed at it (after freeing
408 * an existing session if need be) and s->verify_result is set from the
409 * session.
410 * - Both for new and resumed sessions, s->tlsext_ticket_expected is set
411 * to 1 if the server should issue a new session ticket (to 0 otherwise).
412 */
413int
414ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
415 const unsigned char *limit)
416{
417 SSL_SESSION *ret = NULL;
418 int fatal = 0;
419 int try_session_cache = 1;
420 int r;
421
422 /* This is used only by servers. */
423
424 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
425 goto err;
426
427 if (len == 0)
428 try_session_cache = 0;
429
430 /* Sets s->tlsext_ticket_expected. */
431 r = tls1_process_ticket(s, session_id, len, limit, &ret);
432 switch (r) {
433 case -1: /* Error during processing */
434 fatal = 1;
435 goto err;
436 case 0: /* No ticket found */
437 case 1: /* Zero length ticket found */
438 break; /* Ok to carry on processing session id. */
439 case 2: /* Ticket found but not decrypted. */
440 case 3: /* Ticket decrypted, *ret has been set. */
441 try_session_cache = 0;
442 break;
443 default:
444 abort();
445 }
446
447 if (try_session_cache && ret == NULL &&
448 !(s->session_ctx->session_cache_mode &
449 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
450 SSL_SESSION data;
451 data.ssl_version = s->version;
452 data.session_id_length = len;
453 memcpy(data.session_id, session_id, len);
454
455 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
456 ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
457 if (ret != NULL) {
458 /* Don't allow other threads to steal it. */
459 CRYPTO_add(&ret->references, 1,
460 CRYPTO_LOCK_SSL_SESSION);
461 }
462 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
463
464 if (ret == NULL)
465 s->session_ctx->stats.sess_miss++;
466 }
467
468 if (try_session_cache && ret == NULL &&
469 s->session_ctx->get_session_cb != NULL) {
470 int copy = 1;
471
472 if ((ret = s->session_ctx->get_session_cb(s, session_id,
473 len, &copy))) {
474 s->session_ctx->stats.sess_cb_hit++;
475
476 /*
477 * Increment reference count now if the session
478 * callback asks us to do so (note that if the session
479 * structures returned by the callback are shared
480 * between threads, it must handle the reference count
481 * itself [i.e. copy == 0], or things won't be
482 * thread-safe).
483 */
484 if (copy)
485 CRYPTO_add(&ret->references, 1,
486 CRYPTO_LOCK_SSL_SESSION);
487
488 /*
489 * Add the externally cached session to the internal
490 * cache as well if and only if we are supposed to.
491 */
492 if (!(s->session_ctx->session_cache_mode &
493 SSL_SESS_CACHE_NO_INTERNAL_STORE))
494 /*
495 * The following should not return 1,
496 * otherwise, things are very strange.
497 */
498 SSL_CTX_add_session(s->session_ctx, ret);
499 }
500 }
501
502 if (ret == NULL)
503 goto err;
504
505 /* Now ret is non-NULL and we own one of its reference counts. */
506
507 if (ret->sid_ctx_length != s->sid_ctx_length ||
508 timingsafe_memcmp(ret->sid_ctx,
509 s->sid_ctx, ret->sid_ctx_length) != 0) {
510 /* We have the session requested by the client, but we don't
511 * want to use it in this context. */
512 goto err; /* treat like cache miss */
513 }
514
515 if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
516 /*
517 * We can't be sure if this session is being used out of
518 * context, which is especially important for SSL_VERIFY_PEER.
519 * The application should have used
520 * SSL[_CTX]_set_session_id_context.
521 *
522 * For this error case, we generate an error instead of treating
523 * the event like a cache miss (otherwise it would be easy for
524 * applications to effectively disable the session cache by
525 * accident without anyone noticing).
526 */
527 SSLerr(SSL_F_SSL_GET_PREV_SESSION,
528 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
529 fatal = 1;
530 goto err;
531 }
532
533 if (ret->cipher == NULL) {
534 ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
535 if (ret->cipher == NULL)
536 goto err;
537 }
538
539 if (ret->timeout < (time(NULL) - ret->time)) {
540 /* timeout */
541 s->session_ctx->stats.sess_timeout++;
542 if (try_session_cache) {
543 /* session was from the cache, so remove it */
544 SSL_CTX_remove_session(s->session_ctx, ret);
545 }
546 goto err;
547 }
548
549 s->session_ctx->stats.sess_hit++;
550
551 if (s->session != NULL)
552 SSL_SESSION_free(s->session);
553 s->session = ret;
554 s->verify_result = s->session->verify_result;
555 return 1;
556
557err:
558 if (ret != NULL) {
559 SSL_SESSION_free(ret);
560 if (!try_session_cache) {
561 /*
562 * The session was from a ticket, so we should
563 * issue a ticket for the new session.
564 */
565 s->tlsext_ticket_expected = 1;
566 }
567 }
568 if (fatal)
569 return -1;
570 else
571 return 0;
572}
573
574int
575SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
576{
577 int ret = 0;
578 SSL_SESSION *s;
579
580 /*
581 * Add just 1 reference count for the SSL_CTX's session cache
582 * even though it has two ways of access: each session is in a
583 * doubly linked list and an lhash.
584 */
585 CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
586
587 /*
588 * If session c is in already in cache, we take back the increment
589 * later.
590 */
591 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
592 s = lh_SSL_SESSION_insert(ctx->sessions, c);
593
594 /*
595 * s != NULL iff we already had a session with the given PID.
596 * In this case, s == c should hold (then we did not really modify
597 * ctx->sessions), or we're in trouble.
598 */
599 if (s != NULL && s != c) {
600 /* We *are* in trouble ... */
601 SSL_SESSION_list_remove(ctx, s);
602 SSL_SESSION_free(s);
603 /*
604 * ... so pretend the other session did not exist in cache
605 * (we cannot handle two SSL_SESSION structures with identical
606 * session ID in the same cache, which could happen e.g. when
607 * two threads concurrently obtain the same session from an
608 * external cache).
609 */
610 s = NULL;
611 }
612
613 /* Put at the head of the queue unless it is already in the cache */
614 if (s == NULL)
615 SSL_SESSION_list_add(ctx, c);
616
617 if (s != NULL) {
618 /*
619 * existing cache entry -- decrement previously incremented
620 * reference count because it already takes into account the
621 * cache.
622 */
623 SSL_SESSION_free(s); /* s == c */
624 ret = 0;
625 } else {
626 /*
627 * New cache entry -- remove old ones if cache has become
628 * too large.
629 */
630
631 ret = 1;
632
633 if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
634 while (SSL_CTX_sess_number(ctx) >
635 SSL_CTX_sess_get_cache_size(ctx)) {
636 if (!remove_session_lock(ctx,
637 ctx->session_cache_tail, 0))
638 break;
639 else
640 ctx->stats.sess_cache_full++;
641 }
642 }
643 }
644 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
645 return (ret);
646}
647
648int
649SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
650{
651 return remove_session_lock(ctx, c, 1);
652}
653
654static int
655remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
656{
657 SSL_SESSION *r;
658 int ret = 0;
659
660 if ((c != NULL) && (c->session_id_length != 0)) {
661 if (lck)
662 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
663 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
664 ret = 1;
665 r = lh_SSL_SESSION_delete(ctx->sessions, c);
666 SSL_SESSION_list_remove(ctx, c);
667 }
668 if (lck)
669 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
670
671 if (ret) {
672 r->not_resumable = 1;
673 if (ctx->remove_session_cb != NULL)
674 ctx->remove_session_cb(ctx, r);
675 SSL_SESSION_free(r);
676 }
677 } else
678 ret = 0;
679 return (ret);
680}
681
682void
683SSL_SESSION_free(SSL_SESSION *ss)
684{
685 int i;
686
687 if (ss == NULL)
688 return;
689
690 i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
691 if (i > 0)
692 return;
693
694 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
695
696 explicit_bzero(ss->master_key, sizeof ss->master_key);
697 explicit_bzero(ss->session_id, sizeof ss->session_id);
698 if (ss->sess_cert != NULL)
699 ssl_sess_cert_free(ss->sess_cert);
700 X509_free(ss->peer);
701 if (ss->ciphers != NULL)
702 sk_SSL_CIPHER_free(ss->ciphers);
703 free(ss->tlsext_hostname);
704 free(ss->tlsext_tick);
705 ss->tlsext_ecpointformatlist_length = 0;
706 free(ss->tlsext_ecpointformatlist);
707 ss->tlsext_ellipticcurvelist_length = 0;
708 free(ss->tlsext_ellipticcurvelist);
709 explicit_bzero(ss, sizeof(*ss));
710 free(ss);
711}
712
713int
714SSL_set_session(SSL *s, SSL_SESSION *session)
715{
716 int ret = 0;
717 const SSL_METHOD *meth;
718
719 if (session != NULL) {
720 meth = s->ctx->method->get_ssl_method(session->ssl_version);
721 if (meth == NULL)
722 meth = s->method->get_ssl_method(session->ssl_version);
723 if (meth == NULL) {
724 SSLerr(SSL_F_SSL_SET_SESSION,
725 SSL_R_UNABLE_TO_FIND_SSL_METHOD);
726 return (0);
727 }
728
729 if (meth != s->method) {
730 if (!SSL_set_ssl_method(s, meth))
731 return (0);
732 }
733
734
735 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
736 CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
737 if (s->session != NULL)
738 SSL_SESSION_free(s->session);
739 s->session = session;
740 s->verify_result = s->session->verify_result;
741 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
742 ret = 1;
743 } else {
744 if (s->session != NULL) {
745 SSL_SESSION_free(s->session);
746 s->session = NULL;
747 }
748
749 meth = s->ctx->method;
750 if (meth != s->method) {
751 if (!SSL_set_ssl_method(s, meth))
752 return (0);
753 }
754 ret = 1;
755 }
756 return (ret);
757}
758
759long
760SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
761{
762 if (s == NULL)
763 return (0);
764 s->timeout = t;
765 return (1);
766}
767
768long
769SSL_SESSION_get_timeout(const SSL_SESSION *s)
770{
771 if (s == NULL)
772 return (0);
773 return (s->timeout);
774}
775
776/* XXX 2038 */
777long
778SSL_SESSION_get_time(const SSL_SESSION *s)
779{
780 if (s == NULL)
781 return (0);
782 return (s->time);
783}
784
785/* XXX 2038 */
786long
787SSL_SESSION_set_time(SSL_SESSION *s, long t)
788{
789 if (s == NULL)
790 return (0);
791 s->time = t;
792 return (t);
793}
794
795X509 *
796SSL_SESSION_get0_peer(SSL_SESSION *s)
797{
798 return s->peer;
799}
800
801int
802SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
803 unsigned int sid_ctx_len)
804{
805 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
806 SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
807 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
808 return 0;
809 }
810 s->sid_ctx_length = sid_ctx_len;
811 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
812
813 return 1;
814}
815
816long
817SSL_CTX_set_timeout(SSL_CTX *s, long t)
818{
819 long l;
820
821 if (s == NULL)
822 return (0);
823 l = s->session_timeout;
824 s->session_timeout = t;
825
826 return (l);
827}
828
829long
830SSL_CTX_get_timeout(const SSL_CTX *s)
831{
832 if (s == NULL)
833 return (0);
834 return (s->session_timeout);
835}
836
837int
838SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
839 void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
840 SSL_CIPHER **cipher, void *arg), void *arg)
841{
842 if (s == NULL)
843 return (0);
844 s->tls_session_secret_cb = tls_session_secret_cb;
845 s->tls_session_secret_cb_arg = arg;
846 return (1);
847}
848
849int
850SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
851 void *arg)
852{
853 if (s == NULL)
854 return (0);
855 s->tls_session_ticket_ext_cb = cb;
856 s->tls_session_ticket_ext_cb_arg = arg;
857 return (1);
858}
859
860int
861SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
862{
863 if (s->version >= TLS1_VERSION) {
864 free(s->tlsext_session_ticket);
865 s->tlsext_session_ticket =
866 malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
867 if (!s->tlsext_session_ticket) {
868 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT,
869 ERR_R_MALLOC_FAILURE);
870 return 0;
871 }
872
873 if (ext_data) {
874 s->tlsext_session_ticket->length = ext_len;
875 s->tlsext_session_ticket->data =
876 s->tlsext_session_ticket + 1;
877 memcpy(s->tlsext_session_ticket->data,
878 ext_data, ext_len);
879 } else {
880 s->tlsext_session_ticket->length = 0;
881 s->tlsext_session_ticket->data = NULL;
882 }
883
884 return 1;
885 }
886
887 return 0;
888}
889
890typedef struct timeout_param_st {
891 SSL_CTX *ctx;
892 long time;
893 LHASH_OF(SSL_SESSION) *cache;
894} TIMEOUT_PARAM;
895
896static void
897timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
898{
899 if ((p->time == 0) || (p->time > (s->time + s->timeout))) {
900 /* timeout */
901 /* The reason we don't call SSL_CTX_remove_session() is to
902 * save on locking overhead */
903 (void)lh_SSL_SESSION_delete(p->cache, s);
904 SSL_SESSION_list_remove(p->ctx, s);
905 s->not_resumable = 1;
906 if (p->ctx->remove_session_cb != NULL)
907 p->ctx->remove_session_cb(p->ctx, s);
908 SSL_SESSION_free(s);
909 }
910}
911
912static
913IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
914
915/* XXX 2038 */
916void
917SSL_CTX_flush_sessions(SSL_CTX *s, long t)
918{
919 unsigned long i;
920 TIMEOUT_PARAM tp;
921
922 tp.ctx = s;
923 tp.cache = s->sessions;
924 if (tp.cache == NULL)
925 return;
926 tp.time = t;
927 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
928 i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
929 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
930 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
931 TIMEOUT_PARAM, &tp);
932 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
933 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
934}
935
936int
937ssl_clear_bad_session(SSL *s)
938{
939 if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
940 !(SSL_in_init(s) || SSL_in_before(s))) {
941 SSL_CTX_remove_session(s->ctx, s->session);
942 return (1);
943 } else
944 return (0);
945}
946
947/* locked by SSL_CTX in the calling function */
948static void
949SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
950{
951 if ((s->next == NULL) || (s->prev == NULL))
952 return;
953
954 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
955 /* last element in list */
956 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
957 /* only one element in list */
958 ctx->session_cache_head = NULL;
959 ctx->session_cache_tail = NULL;
960 } else {
961 ctx->session_cache_tail = s->prev;
962 s->prev->next =
963 (SSL_SESSION *)&(ctx->session_cache_tail);
964 }
965 } else {
966 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
967 /* first element in list */
968 ctx->session_cache_head = s->next;
969 s->next->prev =
970 (SSL_SESSION *)&(ctx->session_cache_head);
971 } else {
972 /* middle of list */
973 s->next->prev = s->prev;
974 s->prev->next = s->next;
975 }
976 }
977 s->prev = s->next = NULL;
978}
979
980static void
981SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
982{
983 if ((s->next != NULL) && (s->prev != NULL))
984 SSL_SESSION_list_remove(ctx, s);
985
986 if (ctx->session_cache_head == NULL) {
987 ctx->session_cache_head = s;
988 ctx->session_cache_tail = s;
989 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
990 s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
991 } else {
992 s->next = ctx->session_cache_head;
993 s->next->prev = s;
994 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
995 ctx->session_cache_head = s;
996 }
997}
998
999void
1000SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1001 int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
1002 ctx->new_session_cb = cb;
1003}
1004
1005int
1006(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
1007{
1008 return ctx->new_session_cb;
1009}
1010
1011void
1012SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1013 void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
1014{
1015 ctx->remove_session_cb = cb;
1016}
1017
1018void
1019(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
1020{
1021 return ctx->remove_session_cb;
1022}
1023
1024void
1025SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
1026 unsigned char *data, int len, int *copy))
1027{
1028 ctx->get_session_cb = cb;
1029}
1030
1031SSL_SESSION *
1032(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
1033 int len, int *copy)
1034{
1035 return ctx->get_session_cb;
1036}
1037
1038void
1039SSL_CTX_set_info_callback(SSL_CTX *ctx,
1040 void (*cb)(const SSL *ssl, int type, int val))
1041{
1042 ctx->info_callback = cb;
1043}
1044
1045void
1046(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
1047{
1048 return ctx->info_callback;
1049}
1050
1051void
1052SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1053 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
1054{
1055 ctx->client_cert_cb = cb;
1056}
1057
1058int
1059(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509,
1060 EVP_PKEY **pkey)
1061{
1062 return ctx->client_cert_cb;
1063}
1064
1065#ifndef OPENSSL_NO_ENGINE
1066int
1067SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1068{
1069 if (!ENGINE_init(e)) {
1070 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
1071 ERR_R_ENGINE_LIB);
1072 return 0;
1073 }
1074 if (!ENGINE_get_ssl_client_cert_function(e)) {
1075 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
1076 SSL_R_NO_CLIENT_CERT_METHOD);
1077 ENGINE_finish(e);
1078 return 0;
1079 }
1080 ctx->client_cert_engine = e;
1081 return 1;
1082}
1083#endif
1084
1085void
1086SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1087 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
1088{
1089 ctx->app_gen_cookie_cb = cb;
1090}
1091
1092void
1093SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1094 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
1095{
1096 ctx->app_verify_cookie_cb = cb;
1097}
1098
1099IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 6d67d19c25..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,801 +0,0 @@
1/* $OpenBSD: ssl_stat.c,v 1.12 2014/11/16 14:12:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86
87#include "ssl_locl.h"
88
89const char *
90SSL_state_string_long(const SSL *s)
91{
92 const char *str;
93
94 switch (s->state) {
95 case SSL_ST_BEFORE:
96 str = "before SSL initialization";
97 break;
98 case SSL_ST_ACCEPT:
99 str = "before accept initialization";
100 break;
101 case SSL_ST_CONNECT:
102 str = "before connect initialization";
103 break;
104 case SSL_ST_OK:
105 str = "SSL negotiation finished successfully";
106 break;
107 case SSL_ST_RENEGOTIATE:
108 str = "SSL renegotiate ciphers";
109 break;
110 case SSL_ST_BEFORE|SSL_ST_CONNECT:
111 str = "before/connect initialization";
112 break;
113 case SSL_ST_OK|SSL_ST_CONNECT:
114 str = "ok/connect SSL initialization";
115 break;
116 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
117 str = "before/accept initialization";
118 break;
119 case SSL_ST_OK|SSL_ST_ACCEPT:
120 str = "ok/accept SSL initialization";
121 break;
122
123 /* SSLv3 additions */
124 case SSL3_ST_CW_CLNT_HELLO_A:
125 str = "SSLv3 write client hello A";
126 break;
127 case SSL3_ST_CW_CLNT_HELLO_B:
128 str = "SSLv3 write client hello B";
129 break;
130 case SSL3_ST_CR_SRVR_HELLO_A:
131 str = "SSLv3 read server hello A";
132 break;
133 case SSL3_ST_CR_SRVR_HELLO_B:
134 str = "SSLv3 read server hello B";
135 break;
136 case SSL3_ST_CR_CERT_A:
137 str = "SSLv3 read server certificate A";
138 break;
139 case SSL3_ST_CR_CERT_B:
140 str = "SSLv3 read server certificate B";
141 break;
142 case SSL3_ST_CR_KEY_EXCH_A:
143 str = "SSLv3 read server key exchange A";
144 break;
145 case SSL3_ST_CR_KEY_EXCH_B:
146 str = "SSLv3 read server key exchange B";
147 break;
148 case SSL3_ST_CR_CERT_REQ_A:
149 str = "SSLv3 read server certificate request A";
150 break;
151 case SSL3_ST_CR_CERT_REQ_B:
152 str = "SSLv3 read server certificate request B";
153 break;
154 case SSL3_ST_CR_SESSION_TICKET_A:
155 str = "SSLv3 read server session ticket A";
156 break;
157 case SSL3_ST_CR_SESSION_TICKET_B:
158 str = "SSLv3 read server session ticket B";
159 break;
160 case SSL3_ST_CR_SRVR_DONE_A:
161 str = "SSLv3 read server done A";
162 break;
163 case SSL3_ST_CR_SRVR_DONE_B:
164 str = "SSLv3 read server done B";
165 break;
166 case SSL3_ST_CW_CERT_A:
167 str = "SSLv3 write client certificate A";
168 break;
169 case SSL3_ST_CW_CERT_B:
170 str = "SSLv3 write client certificate B";
171 break;
172 case SSL3_ST_CW_CERT_C:
173 str = "SSLv3 write client certificate C";
174 break;
175 case SSL3_ST_CW_CERT_D:
176 str = "SSLv3 write client certificate D";
177 break;
178 case SSL3_ST_CW_KEY_EXCH_A:
179 str = "SSLv3 write client key exchange A";
180 break;
181 case SSL3_ST_CW_KEY_EXCH_B:
182 str = "SSLv3 write client key exchange B";
183 break;
184 case SSL3_ST_CW_CERT_VRFY_A:
185 str = "SSLv3 write certificate verify A";
186 break;
187 case SSL3_ST_CW_CERT_VRFY_B:
188 str = "SSLv3 write certificate verify B";
189 break;
190
191 case SSL3_ST_CW_CHANGE_A:
192 case SSL3_ST_SW_CHANGE_A:
193 str = "SSLv3 write change cipher spec A";
194 break;
195 case SSL3_ST_CW_CHANGE_B:
196 case SSL3_ST_SW_CHANGE_B:
197 str = "SSLv3 write change cipher spec B";
198 break;
199 case SSL3_ST_CW_FINISHED_A:
200 case SSL3_ST_SW_FINISHED_A:
201 str = "SSLv3 write finished A";
202 break;
203 case SSL3_ST_CW_FINISHED_B:
204 case SSL3_ST_SW_FINISHED_B:
205 str = "SSLv3 write finished B";
206 break;
207 case SSL3_ST_CR_CHANGE_A:
208 case SSL3_ST_SR_CHANGE_A:
209 str = "SSLv3 read change cipher spec A";
210 break;
211 case SSL3_ST_CR_CHANGE_B:
212 case SSL3_ST_SR_CHANGE_B:
213 str = "SSLv3 read change cipher spec B";
214 break;
215 case SSL3_ST_CR_FINISHED_A:
216 case SSL3_ST_SR_FINISHED_A:
217 str = "SSLv3 read finished A";
218 break;
219 case SSL3_ST_CR_FINISHED_B:
220 case SSL3_ST_SR_FINISHED_B:
221 str = "SSLv3 read finished B";
222 break;
223
224 case SSL3_ST_CW_FLUSH:
225 case SSL3_ST_SW_FLUSH:
226 str = "SSLv3 flush data";
227 break;
228
229 case SSL3_ST_SR_CLNT_HELLO_A:
230 str = "SSLv3 read client hello A";
231 break;
232 case SSL3_ST_SR_CLNT_HELLO_B:
233 str = "SSLv3 read client hello B";
234 break;
235 case SSL3_ST_SR_CLNT_HELLO_C:
236 str = "SSLv3 read client hello C";
237 break;
238 case SSL3_ST_SW_HELLO_REQ_A:
239 str = "SSLv3 write hello request A";
240 break;
241 case SSL3_ST_SW_HELLO_REQ_B:
242 str = "SSLv3 write hello request B";
243 break;
244 case SSL3_ST_SW_HELLO_REQ_C:
245 str = "SSLv3 write hello request C";
246 break;
247 case SSL3_ST_SW_SRVR_HELLO_A:
248 str = "SSLv3 write server hello A";
249 break;
250 case SSL3_ST_SW_SRVR_HELLO_B:
251 str = "SSLv3 write server hello B";
252 break;
253 case SSL3_ST_SW_CERT_A:
254 str = "SSLv3 write certificate A";
255 break;
256 case SSL3_ST_SW_CERT_B:
257 str = "SSLv3 write certificate B";
258 break;
259 case SSL3_ST_SW_KEY_EXCH_A:
260 str = "SSLv3 write key exchange A";
261 break;
262 case SSL3_ST_SW_KEY_EXCH_B:
263 str = "SSLv3 write key exchange B";
264 break;
265 case SSL3_ST_SW_CERT_REQ_A:
266 str = "SSLv3 write certificate request A";
267 break;
268 case SSL3_ST_SW_CERT_REQ_B:
269 str = "SSLv3 write certificate request B";
270 break;
271 case SSL3_ST_SW_SESSION_TICKET_A:
272 str = "SSLv3 write session ticket A";
273 break;
274 case SSL3_ST_SW_SESSION_TICKET_B:
275 str = "SSLv3 write session ticket B";
276 break;
277 case SSL3_ST_SW_SRVR_DONE_A:
278 str = "SSLv3 write server done A";
279 break;
280 case SSL3_ST_SW_SRVR_DONE_B:
281 str = "SSLv3 write server done B";
282 break;
283 case SSL3_ST_SR_CERT_A:
284 str = "SSLv3 read client certificate A";
285 break;
286 case SSL3_ST_SR_CERT_B:
287 str = "SSLv3 read client certificate B";
288 break;
289 case SSL3_ST_SR_KEY_EXCH_A:
290 str = "SSLv3 read client key exchange A";
291 break;
292 case SSL3_ST_SR_KEY_EXCH_B:
293 str = "SSLv3 read client key exchange B";
294 break;
295 case SSL3_ST_SR_CERT_VRFY_A:
296 str = "SSLv3 read certificate verify A";
297 break;
298 case SSL3_ST_SR_CERT_VRFY_B:
299 str = "SSLv3 read certificate verify B";
300 break;
301
302 /* DTLS */
303 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
304 str = "DTLS1 read hello verify request A";
305 break;
306 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
307 str = "DTLS1 read hello verify request B";
308 break;
309 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
310 str = "DTLS1 write hello verify request A";
311 break;
312 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
313 str = "DTLS1 write hello verify request B";
314 break;
315
316 default:
317 str = "unknown state";
318 break;
319 }
320 return (str);
321}
322
323const char *
324SSL_rstate_string_long(const SSL *s)
325{
326 const char *str;
327
328 switch (s->rstate) {
329 case SSL_ST_READ_HEADER:
330 str = "read header";
331 break;
332 case SSL_ST_READ_BODY:
333 str = "read body";
334 break;
335 case SSL_ST_READ_DONE:
336 str = "read done";
337 break;
338 default:
339 str = "unknown";
340 break;
341 }
342 return (str);
343}
344
345const char *
346SSL_state_string(const SSL *s)
347{
348 const char *str;
349
350 switch (s->state) {
351 case SSL_ST_BEFORE:
352 str = "PINIT ";
353 break;
354 case SSL_ST_ACCEPT:
355 str = "AINIT ";
356 break;
357 case SSL_ST_CONNECT:
358 str = "CINIT ";
359 break;
360 case SSL_ST_OK:
361 str = "SSLOK ";
362 break;
363
364 /* SSLv3 additions */
365 case SSL3_ST_SW_FLUSH:
366 case SSL3_ST_CW_FLUSH:
367 str = "3FLUSH";
368 break;
369 case SSL3_ST_CW_CLNT_HELLO_A:
370 str = "3WCH_A";
371 break;
372 case SSL3_ST_CW_CLNT_HELLO_B:
373 str = "3WCH_B";
374 break;
375 case SSL3_ST_CR_SRVR_HELLO_A:
376 str = "3RSH_A";
377 break;
378 case SSL3_ST_CR_SRVR_HELLO_B:
379 str = "3RSH_B";
380 break;
381 case SSL3_ST_CR_CERT_A:
382 str = "3RSC_A";
383 break;
384 case SSL3_ST_CR_CERT_B:
385 str = "3RSC_B";
386 break;
387 case SSL3_ST_CR_KEY_EXCH_A:
388 str = "3RSKEA";
389 break;
390 case SSL3_ST_CR_KEY_EXCH_B:
391 str = "3RSKEB";
392 break;
393 case SSL3_ST_CR_CERT_REQ_A:
394 str = "3RCR_A";
395 break;
396 case SSL3_ST_CR_CERT_REQ_B:
397 str = "3RCR_B";
398 break;
399 case SSL3_ST_CR_SRVR_DONE_A:
400 str = "3RSD_A";
401 break;
402 case SSL3_ST_CR_SRVR_DONE_B:
403 str = "3RSD_B";
404 break;
405 case SSL3_ST_CW_CERT_A:
406 str = "3WCC_A";
407 break;
408 case SSL3_ST_CW_CERT_B:
409 str = "3WCC_B";
410 break;
411 case SSL3_ST_CW_CERT_C:
412 str = "3WCC_C";
413 break;
414 case SSL3_ST_CW_CERT_D:
415 str = "3WCC_D";
416 break;
417 case SSL3_ST_CW_KEY_EXCH_A:
418 str = "3WCKEA";
419 break;
420 case SSL3_ST_CW_KEY_EXCH_B:
421 str = "3WCKEB";
422 break;
423 case SSL3_ST_CW_CERT_VRFY_A:
424 str = "3WCV_A";
425 break;
426 case SSL3_ST_CW_CERT_VRFY_B:
427 str = "3WCV_B";
428 break;
429
430 case SSL3_ST_SW_CHANGE_A:
431 case SSL3_ST_CW_CHANGE_A:
432 str = "3WCCSA";
433 break;
434 case SSL3_ST_SW_CHANGE_B:
435 case SSL3_ST_CW_CHANGE_B:
436 str = "3WCCSB";
437 break;
438 case SSL3_ST_SW_FINISHED_A:
439 case SSL3_ST_CW_FINISHED_A:
440 str = "3WFINA";
441 break;
442 case SSL3_ST_SW_FINISHED_B:
443 case SSL3_ST_CW_FINISHED_B:
444 str = "3WFINB";
445 break;
446 case SSL3_ST_SR_CHANGE_A:
447 case SSL3_ST_CR_CHANGE_A:
448 str = "3RCCSA";
449 break;
450 case SSL3_ST_SR_CHANGE_B:
451 case SSL3_ST_CR_CHANGE_B:
452 str = "3RCCSB";
453 break;
454 case SSL3_ST_SR_FINISHED_A:
455 case SSL3_ST_CR_FINISHED_A:
456 str = "3RFINA";
457 break;
458 case SSL3_ST_SR_FINISHED_B:
459 case SSL3_ST_CR_FINISHED_B:
460 str = "3RFINB";
461 break;
462
463 case SSL3_ST_SW_HELLO_REQ_A:
464 str = "3WHR_A";
465 break;
466 case SSL3_ST_SW_HELLO_REQ_B:
467 str = "3WHR_B";
468 break;
469 case SSL3_ST_SW_HELLO_REQ_C:
470 str = "3WHR_C";
471 break;
472 case SSL3_ST_SR_CLNT_HELLO_A:
473 str = "3RCH_A";
474 break;
475 case SSL3_ST_SR_CLNT_HELLO_B:
476 str = "3RCH_B";
477 break;
478 case SSL3_ST_SR_CLNT_HELLO_C:
479 str = "3RCH_C";
480 break;
481 case SSL3_ST_SW_SRVR_HELLO_A:
482 str = "3WSH_A";
483 break;
484 case SSL3_ST_SW_SRVR_HELLO_B:
485 str = "3WSH_B";
486 break;
487 case SSL3_ST_SW_CERT_A:
488 str = "3WSC_A";
489 break;
490 case SSL3_ST_SW_CERT_B:
491 str = "3WSC_B";
492 break;
493 case SSL3_ST_SW_KEY_EXCH_A:
494 str = "3WSKEA";
495 break;
496 case SSL3_ST_SW_KEY_EXCH_B:
497 str = "3WSKEB";
498 break;
499 case SSL3_ST_SW_CERT_REQ_A:
500 str = "3WCR_A";
501 break;
502 case SSL3_ST_SW_CERT_REQ_B:
503 str = "3WCR_B";
504 break;
505 case SSL3_ST_SW_SRVR_DONE_A:
506 str = "3WSD_A";
507 break;
508 case SSL3_ST_SW_SRVR_DONE_B:
509 str = "3WSD_B";
510 break;
511 case SSL3_ST_SR_CERT_A:
512 str = "3RCC_A";
513 break;
514 case SSL3_ST_SR_CERT_B:
515 str = "3RCC_B";
516 break;
517 case SSL3_ST_SR_KEY_EXCH_A:
518 str = "3RCKEA";
519 break;
520 case SSL3_ST_SR_KEY_EXCH_B:
521 str = "3RCKEB";
522 break;
523 case SSL3_ST_SR_CERT_VRFY_A:
524 str = "3RCV_A";
525 break;
526 case SSL3_ST_SR_CERT_VRFY_B:
527 str = "3RCV_B";
528 break;
529
530 /* DTLS */
531 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
532 str = "DRCHVA";
533 break;
534 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
535 str = "DRCHVB";
536 break;
537 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
538 str = "DWCHVA";
539 break;
540 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
541 str = "DWCHVB";
542 break;
543
544 default:
545 str = "UNKWN ";
546 break;
547 }
548 return (str);
549}
550
551const char *
552SSL_alert_type_string_long(int value)
553{
554 value >>= 8;
555 if (value == SSL3_AL_WARNING)
556 return ("warning");
557 else if (value == SSL3_AL_FATAL)
558 return ("fatal");
559 else
560 return ("unknown");
561}
562
563const char *
564SSL_alert_type_string(int value)
565{
566 value >>= 8;
567 if (value == SSL3_AL_WARNING)
568 return ("W");
569 else if (value == SSL3_AL_FATAL)
570 return ("F");
571 else
572 return ("U");
573}
574
575const char *
576SSL_alert_desc_string(int value)
577{
578 const char *str;
579
580 switch (value & 0xff) {
581 case SSL3_AD_CLOSE_NOTIFY:
582 str = "CN";
583 break;
584 case SSL3_AD_UNEXPECTED_MESSAGE:
585 str = "UM";
586 break;
587 case SSL3_AD_BAD_RECORD_MAC:
588 str = "BM";
589 break;
590 case SSL3_AD_DECOMPRESSION_FAILURE:
591 str = "DF";
592 break;
593 case SSL3_AD_HANDSHAKE_FAILURE:
594 str = "HF";
595 break;
596 case SSL3_AD_NO_CERTIFICATE:
597 str = "NC";
598 break;
599 case SSL3_AD_BAD_CERTIFICATE:
600 str = "BC";
601 break;
602 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
603 str = "UC";
604 break;
605 case SSL3_AD_CERTIFICATE_REVOKED:
606 str = "CR";
607 break;
608 case SSL3_AD_CERTIFICATE_EXPIRED:
609 str = "CE";
610 break;
611 case SSL3_AD_CERTIFICATE_UNKNOWN:
612 str = "CU";
613 break;
614 case SSL3_AD_ILLEGAL_PARAMETER:
615 str = "IP";
616 break;
617 case TLS1_AD_DECRYPTION_FAILED:
618 str = "DC";
619 break;
620 case TLS1_AD_RECORD_OVERFLOW:
621 str = "RO";
622 break;
623 case TLS1_AD_UNKNOWN_CA:
624 str = "CA";
625 break;
626 case TLS1_AD_ACCESS_DENIED:
627 str = "AD";
628 break;
629 case TLS1_AD_DECODE_ERROR:
630 str = "DE";
631 break;
632 case TLS1_AD_DECRYPT_ERROR:
633 str = "CY";
634 break;
635 case TLS1_AD_EXPORT_RESTRICTION:
636 str = "ER";
637 break;
638 case TLS1_AD_PROTOCOL_VERSION:
639 str = "PV";
640 break;
641 case TLS1_AD_INSUFFICIENT_SECURITY:
642 str = "IS";
643 break;
644 case TLS1_AD_INTERNAL_ERROR:
645 str = "IE";
646 break;
647 case TLS1_AD_USER_CANCELLED:
648 str = "US";
649 break;
650 case TLS1_AD_NO_RENEGOTIATION:
651 str = "NR";
652 break;
653 case TLS1_AD_UNSUPPORTED_EXTENSION:
654 str = "UE";
655 break;
656 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
657 str = "CO";
658 break;
659 case TLS1_AD_UNRECOGNIZED_NAME:
660 str = "UN";
661 break;
662 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
663 str = "BR";
664 break;
665 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
666 str = "BH";
667 break;
668 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
669 str = "UP";
670 break;
671 default:
672 str = "UK";
673 break;
674 }
675 return (str);
676}
677
678const char *
679SSL_alert_desc_string_long(int value)
680{
681 const char *str;
682
683 switch (value & 0xff) {
684 case SSL3_AD_CLOSE_NOTIFY:
685 str = "close notify";
686 break;
687 case SSL3_AD_UNEXPECTED_MESSAGE:
688 str = "unexpected_message";
689 break;
690 case SSL3_AD_BAD_RECORD_MAC:
691 str = "bad record mac";
692 break;
693 case SSL3_AD_DECOMPRESSION_FAILURE:
694 str = "decompression failure";
695 break;
696 case SSL3_AD_HANDSHAKE_FAILURE:
697 str = "handshake failure";
698 break;
699 case SSL3_AD_NO_CERTIFICATE:
700 str = "no certificate";
701 break;
702 case SSL3_AD_BAD_CERTIFICATE:
703 str = "bad certificate";
704 break;
705 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
706 str = "unsupported certificate";
707 break;
708 case SSL3_AD_CERTIFICATE_REVOKED:
709 str = "certificate revoked";
710 break;
711 case SSL3_AD_CERTIFICATE_EXPIRED:
712 str = "certificate expired";
713 break;
714 case SSL3_AD_CERTIFICATE_UNKNOWN:
715 str = "certificate unknown";
716 break;
717 case SSL3_AD_ILLEGAL_PARAMETER:
718 str = "illegal parameter";
719 break;
720 case TLS1_AD_DECRYPTION_FAILED:
721 str = "decryption failed";
722 break;
723 case TLS1_AD_RECORD_OVERFLOW:
724 str = "record overflow";
725 break;
726 case TLS1_AD_UNKNOWN_CA:
727 str = "unknown CA";
728 break;
729 case TLS1_AD_ACCESS_DENIED:
730 str = "access denied";
731 break;
732 case TLS1_AD_DECODE_ERROR:
733 str = "decode error";
734 break;
735 case TLS1_AD_DECRYPT_ERROR:
736 str = "decrypt error";
737 break;
738 case TLS1_AD_EXPORT_RESTRICTION:
739 str = "export restriction";
740 break;
741 case TLS1_AD_PROTOCOL_VERSION:
742 str = "protocol version";
743 break;
744 case TLS1_AD_INSUFFICIENT_SECURITY:
745 str = "insufficient security";
746 break;
747 case TLS1_AD_INTERNAL_ERROR:
748 str = "internal error";
749 break;
750 case TLS1_AD_USER_CANCELLED:
751 str = "user canceled";
752 break;
753 case TLS1_AD_NO_RENEGOTIATION:
754 str = "no renegotiation";
755 break;
756 case TLS1_AD_UNSUPPORTED_EXTENSION:
757 str = "unsupported extension";
758 break;
759 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
760 str = "certificate unobtainable";
761 break;
762 case TLS1_AD_UNRECOGNIZED_NAME:
763 str = "unrecognized name";
764 break;
765 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
766 str = "bad certificate status response";
767 break;
768 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
769 str = "bad certificate hash value";
770 break;
771 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
772 str = "unknown PSK identity";
773 break;
774 default:
775 str = "unknown";
776 break;
777 }
778 return (str);
779}
780
781const char *
782SSL_rstate_string(const SSL *s)
783{
784 const char *str;
785
786 switch (s->rstate) {
787 case SSL_ST_READ_HEADER:
788 str = "RH";
789 break;
790 case SSL_ST_READ_BODY:
791 str = "RB";
792 break;
793 case SSL_ST_READ_DONE:
794 str = "RD";
795 break;
796 default:
797 str = "unknown";
798 break;
799 }
800 return (str);
801}
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index c3626dc03a..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,187 +0,0 @@
1/* $OpenBSD: ssl_txt.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86
87#include <openssl/buffer.h>
88
89#include "ssl_locl.h"
90
91int
92SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
93{
94 BIO *b;
95 int ret;
96
97 if ((b = BIO_new(BIO_s_file_internal())) == NULL) {
98 SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
99 return (0);
100 }
101 BIO_set_fp(b, fp, BIO_NOCLOSE);
102 ret = SSL_SESSION_print(b, x);
103 BIO_free(b);
104 return (ret);
105}
106
107int
108SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
109{
110 unsigned int i;
111 const char *s;
112
113 if (x == NULL)
114 goto err;
115 if (BIO_puts(bp, "SSL-Session:\n") <= 0)
116 goto err;
117
118 s = ssl_version_string(x->ssl_version);
119 if (BIO_printf(bp, " Protocol : %s\n", s) <= 0)
120 goto err;
121
122 if (x->cipher == NULL) {
123 if (((x->cipher_id) & 0xff000000) == 0x02000000) {
124 if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0)
125 goto err;
126 } else {
127 if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0)
128 goto err;
129 }
130 } else {
131 if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
132 goto err;
133 }
134 if (BIO_puts(bp, " Session-ID: ") <= 0)
135 goto err;
136 for (i = 0; i < x->session_id_length; i++) {
137 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
138 goto err;
139 }
140 if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0)
141 goto err;
142 for (i = 0; i < x->sid_ctx_length; i++) {
143 if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
144 goto err;
145 }
146 if (BIO_puts(bp, "\n Master-Key: ") <= 0)
147 goto err;
148 for (i = 0; i < (unsigned int)x->master_key_length; i++) {
149 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
150 goto err;
151 }
152 if (x->tlsext_tick_lifetime_hint) {
153 if (BIO_printf(bp,
154 "\n TLS session ticket lifetime hint: %ld (seconds)",
155 x->tlsext_tick_lifetime_hint) <= 0)
156 goto err;
157 }
158 if (x->tlsext_tick) {
159 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
160 goto err;
161 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
162 goto err;
163 }
164
165 if (x->time != 0) {
166 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
167 goto err;
168 }
169 if (x->timeout != 0L) {
170 if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0)
171 goto err;
172 }
173 if (BIO_puts(bp, "\n") <= 0)
174 goto err;
175
176 if (BIO_puts(bp, " Verify return code: ") <= 0)
177 goto err;
178
179 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
180 X509_verify_cert_error_string(x->verify_result)) <= 0)
181 goto err;
182
183 return (1);
184err:
185 return (0);
186}
187
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
deleted file mode 100644
index 0853a3cb33..0000000000
--- a/src/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,237 +0,0 @@
1/* $OpenBSD: t1_clnt.c,v 1.18 2015/09/11 14:39:05 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include "ssl_locl.h"
62
63#include <openssl/buffer.h>
64#include <openssl/evp.h>
65#include <openssl/objects.h>
66
67static const SSL_METHOD *tls1_get_client_method(int ver);
68
69const SSL_METHOD TLS_client_method_data = {
70 .version = TLS1_2_VERSION,
71 .ssl_new = tls1_new,
72 .ssl_clear = tls1_clear,
73 .ssl_free = tls1_free,
74 .ssl_accept = ssl_undefined_function,
75 .ssl_connect = ssl23_connect,
76 .ssl_read = ssl23_read,
77 .ssl_peek = ssl23_peek,
78 .ssl_write = ssl23_write,
79 .ssl_shutdown = ssl_undefined_function,
80 .ssl_renegotiate = ssl_undefined_function,
81 .ssl_renegotiate_check = ssl_ok,
82 .ssl_get_message = ssl3_get_message,
83 .ssl_read_bytes = ssl3_read_bytes,
84 .ssl_write_bytes = ssl3_write_bytes,
85 .ssl_dispatch_alert = ssl3_dispatch_alert,
86 .ssl_ctrl = ssl3_ctrl,
87 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
88 .get_cipher_by_char = ssl3_get_cipher_by_char,
89 .put_cipher_by_char = ssl3_put_cipher_by_char,
90 .ssl_pending = ssl_undefined_const_function,
91 .num_ciphers = ssl3_num_ciphers,
92 .get_cipher = ssl3_get_cipher,
93 .get_ssl_method = tls1_get_client_method,
94 .get_timeout = ssl23_default_timeout,
95 .ssl3_enc = &ssl3_undef_enc_method,
96 .ssl_version = ssl_undefined_void_function,
97 .ssl_callback_ctrl = ssl3_callback_ctrl,
98 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
99};
100
101const SSL_METHOD TLSv1_client_method_data = {
102 .version = TLS1_VERSION,
103 .ssl_new = tls1_new,
104 .ssl_clear = tls1_clear,
105 .ssl_free = tls1_free,
106 .ssl_accept = ssl_undefined_function,
107 .ssl_connect = ssl3_connect,
108 .ssl_read = ssl3_read,
109 .ssl_peek = ssl3_peek,
110 .ssl_write = ssl3_write,
111 .ssl_shutdown = ssl3_shutdown,
112 .ssl_renegotiate = ssl3_renegotiate,
113 .ssl_renegotiate_check = ssl3_renegotiate_check,
114 .ssl_get_message = ssl3_get_message,
115 .ssl_read_bytes = ssl3_read_bytes,
116 .ssl_write_bytes = ssl3_write_bytes,
117 .ssl_dispatch_alert = ssl3_dispatch_alert,
118 .ssl_ctrl = ssl3_ctrl,
119 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
120 .get_cipher_by_char = ssl3_get_cipher_by_char,
121 .put_cipher_by_char = ssl3_put_cipher_by_char,
122 .ssl_pending = ssl3_pending,
123 .num_ciphers = ssl3_num_ciphers,
124 .get_cipher = ssl3_get_cipher,
125 .get_ssl_method = tls1_get_client_method,
126 .get_timeout = tls1_default_timeout,
127 .ssl3_enc = &TLSv1_enc_data,
128 .ssl_version = ssl_undefined_void_function,
129 .ssl_callback_ctrl = ssl3_callback_ctrl,
130 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
131};
132
133const SSL_METHOD TLSv1_1_client_method_data = {
134 .version = TLS1_1_VERSION,
135 .ssl_new = tls1_new,
136 .ssl_clear = tls1_clear,
137 .ssl_free = tls1_free,
138 .ssl_accept = ssl_undefined_function,
139 .ssl_connect = ssl3_connect,
140 .ssl_read = ssl3_read,
141 .ssl_peek = ssl3_peek,
142 .ssl_write = ssl3_write,
143 .ssl_shutdown = ssl3_shutdown,
144 .ssl_renegotiate = ssl3_renegotiate,
145 .ssl_renegotiate_check = ssl3_renegotiate_check,
146 .ssl_get_message = ssl3_get_message,
147 .ssl_read_bytes = ssl3_read_bytes,
148 .ssl_write_bytes = ssl3_write_bytes,
149 .ssl_dispatch_alert = ssl3_dispatch_alert,
150 .ssl_ctrl = ssl3_ctrl,
151 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
152 .get_cipher_by_char = ssl3_get_cipher_by_char,
153 .put_cipher_by_char = ssl3_put_cipher_by_char,
154 .ssl_pending = ssl3_pending,
155 .num_ciphers = ssl3_num_ciphers,
156 .get_cipher = ssl3_get_cipher,
157 .get_ssl_method = tls1_get_client_method,
158 .get_timeout = tls1_default_timeout,
159 .ssl3_enc = &TLSv1_1_enc_data,
160 .ssl_version = ssl_undefined_void_function,
161 .ssl_callback_ctrl = ssl3_callback_ctrl,
162 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
163};
164
165const SSL_METHOD TLSv1_2_client_method_data = {
166 .version = TLS1_2_VERSION,
167 .ssl_new = tls1_new,
168 .ssl_clear = tls1_clear,
169 .ssl_free = tls1_free,
170 .ssl_accept = ssl_undefined_function,
171 .ssl_connect = ssl3_connect,
172 .ssl_read = ssl3_read,
173 .ssl_peek = ssl3_peek,
174 .ssl_write = ssl3_write,
175 .ssl_shutdown = ssl3_shutdown,
176 .ssl_renegotiate = ssl3_renegotiate,
177 .ssl_renegotiate_check = ssl3_renegotiate_check,
178 .ssl_get_message = ssl3_get_message,
179 .ssl_read_bytes = ssl3_read_bytes,
180 .ssl_write_bytes = ssl3_write_bytes,
181 .ssl_dispatch_alert = ssl3_dispatch_alert,
182 .ssl_ctrl = ssl3_ctrl,
183 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
184 .get_cipher_by_char = ssl3_get_cipher_by_char,
185 .put_cipher_by_char = ssl3_put_cipher_by_char,
186 .ssl_pending = ssl3_pending,
187 .num_ciphers = ssl3_num_ciphers,
188 .get_cipher = ssl3_get_cipher,
189 .get_ssl_method = tls1_get_client_method,
190 .get_timeout = tls1_default_timeout,
191 .ssl3_enc = &TLSv1_2_enc_data,
192 .ssl_version = ssl_undefined_void_function,
193 .ssl_callback_ctrl = ssl3_callback_ctrl,
194 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
195};
196
197static const SSL_METHOD *
198tls1_get_client_method(int ver)
199{
200 if (ver == TLS1_2_VERSION)
201 return (TLSv1_2_client_method());
202 if (ver == TLS1_1_VERSION)
203 return (TLSv1_1_client_method());
204 if (ver == TLS1_VERSION)
205 return (TLSv1_client_method());
206 return (NULL);
207}
208
209const SSL_METHOD *
210SSLv23_client_method(void)
211{
212 return (TLS_client_method());
213}
214
215const SSL_METHOD *
216TLS_client_method(void)
217{
218 return (&TLS_client_method_data);
219}
220
221const SSL_METHOD *
222TLSv1_client_method(void)
223{
224 return (&TLSv1_client_method_data);
225}
226
227const SSL_METHOD *
228TLSv1_1_client_method(void)
229{
230 return (&TLSv1_1_client_method_data);
231}
232
233const SSL_METHOD *
234TLSv1_2_client_method(void)
235{
236 return (&TLSv1_2_client_method_data);
237}
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 53570b2d4f..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,1419 +0,0 @@
1/* $OpenBSD: t1_enc.c,v 1.85 2016/04/28 16:39:45 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139
140#include "ssl_locl.h"
141
142#include <openssl/evp.h>
143#include <openssl/hmac.h>
144#include <openssl/md5.h>
145
146void
147tls1_cleanup_key_block(SSL *s)
148{
149 if (s->s3->tmp.key_block != NULL) {
150 explicit_bzero(s->s3->tmp.key_block,
151 s->s3->tmp.key_block_length);
152 free(s->s3->tmp.key_block);
153 s->s3->tmp.key_block = NULL;
154 }
155 s->s3->tmp.key_block_length = 0;
156}
157
158int
159tls1_init_finished_mac(SSL *s)
160{
161 BIO_free(s->s3->handshake_buffer);
162 tls1_free_digest_list(s);
163
164 s->s3->handshake_buffer = BIO_new(BIO_s_mem());
165 if (s->s3->handshake_buffer == NULL)
166 return (0);
167
168 (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
169
170 return (1);
171}
172
173void
174tls1_free_digest_list(SSL *s)
175{
176 int i;
177
178 if (s == NULL)
179 return;
180
181 if (s->s3->handshake_dgst == NULL)
182 return;
183 for (i = 0; i < SSL_MAX_DIGEST; i++) {
184 if (s->s3->handshake_dgst[i])
185 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
186 }
187 free(s->s3->handshake_dgst);
188 s->s3->handshake_dgst = NULL;
189}
190
191void
192tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
193{
194 if (s->s3->handshake_buffer &&
195 !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
196 BIO_write(s->s3->handshake_buffer, (void *)buf, len);
197 } else {
198 int i;
199 for (i = 0; i < SSL_MAX_DIGEST; i++) {
200 if (s->s3->handshake_dgst[i]!= NULL)
201 EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len);
202 }
203 }
204}
205
206int
207tls1_digest_cached_records(SSL *s)
208{
209 int i;
210 long mask;
211 const EVP_MD *md;
212 long hdatalen;
213 void *hdata;
214
215 tls1_free_digest_list(s);
216
217 s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
218 if (s->s3->handshake_dgst == NULL) {
219 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
220 return 0;
221 }
222 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
223 if (hdatalen <= 0) {
224 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
225 SSL_R_BAD_HANDSHAKE_LENGTH);
226 return 0;
227 }
228
229 /* Loop through bits of the algorithm2 field and create MD contexts. */
230 for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
231 if ((mask & ssl_get_algorithm2(s)) && md) {
232 s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
233 if (s->s3->handshake_dgst[i] == NULL) {
234 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
235 ERR_R_MALLOC_FAILURE);
236 return 0;
237 }
238 if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i],
239 md, NULL)) {
240 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
241 return 0;
242 }
243 if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
244 hdatalen))
245 return 0;
246 }
247 }
248
249 if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
250 BIO_free(s->s3->handshake_buffer);
251 s->s3->handshake_buffer = NULL;
252 }
253
254 return 1;
255}
256
257void
258tls1_record_sequence_increment(unsigned char *seq)
259{
260 int i;
261
262 for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) {
263 if (++seq[i] != 0)
264 break;
265 }
266}
267
268/* seed1 through seed5 are virtually concatenated */
269static int
270tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
271 const void *seed1, int seed1_len, const void *seed2, int seed2_len,
272 const void *seed3, int seed3_len, const void *seed4, int seed4_len,
273 const void *seed5, int seed5_len, unsigned char *out, int olen)
274{
275 int chunk;
276 size_t j;
277 EVP_MD_CTX ctx, ctx_tmp;
278 EVP_PKEY *mac_key;
279 unsigned char A1[EVP_MAX_MD_SIZE];
280 size_t A1_len;
281 int ret = 0;
282
283 chunk = EVP_MD_size(md);
284 OPENSSL_assert(chunk >= 0);
285
286 EVP_MD_CTX_init(&ctx);
287 EVP_MD_CTX_init(&ctx_tmp);
288 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
289 if (!mac_key)
290 goto err;
291 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
292 goto err;
293 if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
294 goto err;
295 if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
296 goto err;
297 if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
298 goto err;
299 if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
300 goto err;
301 if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
302 goto err;
303 if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
304 goto err;
305 if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
306 goto err;
307
308 for (;;) {
309 /* Reinit mac contexts */
310 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
311 goto err;
312 if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
313 goto err;
314 if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
315 goto err;
316 if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len))
317 goto err;
318 if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
319 goto err;
320 if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
321 goto err;
322 if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
323 goto err;
324 if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
325 goto err;
326 if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
327 goto err;
328
329 if (olen > chunk) {
330 if (!EVP_DigestSignFinal(&ctx, out, &j))
331 goto err;
332 out += j;
333 olen -= j;
334 /* calc the next A1 value */
335 if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
336 goto err;
337 } else {
338 /* last one */
339 if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
340 goto err;
341 memcpy(out, A1, olen);
342 break;
343 }
344 }
345 ret = 1;
346
347err:
348 EVP_PKEY_free(mac_key);
349 EVP_MD_CTX_cleanup(&ctx);
350 EVP_MD_CTX_cleanup(&ctx_tmp);
351 explicit_bzero(A1, sizeof(A1));
352 return ret;
353}
354
355/* seed1 through seed5 are virtually concatenated */
356static int
357tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
358 int seed2_len, const void *seed3, int seed3_len, const void *seed4,
359 int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec,
360 int slen, unsigned char *out1, unsigned char *out2, int olen)
361{
362 int len, i, idx, count;
363 const unsigned char *S1;
364 long m;
365 const EVP_MD *md;
366 int ret = 0;
367
368 /* Count number of digests and partition sec evenly */
369 count = 0;
370 for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
371 if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
372 count++;
373 }
374 if (count == 0) {
375 SSLerr(SSL_F_TLS1_PRF,
376 SSL_R_SSL_HANDSHAKE_FAILURE);
377 goto err;
378 }
379 len = slen / count;
380 if (count == 1)
381 slen = 0;
382 S1 = sec;
383 memset(out1, 0, olen);
384 for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
385 if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
386 if (!md) {
387 SSLerr(SSL_F_TLS1_PRF,
388 SSL_R_UNSUPPORTED_DIGEST_TYPE);
389 goto err;
390 }
391 if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
392 seed1_len, seed2, seed2_len, seed3, seed3_len,
393 seed4, seed4_len, seed5, seed5_len, out2, olen))
394 goto err;
395 S1 += len;
396 for (i = 0; i < olen; i++) {
397 out1[i] ^= out2[i];
398 }
399 }
400 }
401 ret = 1;
402
403err:
404 return ret;
405}
406
407static int
408tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
409{
410 int ret;
411
412 ret = tls1_PRF(ssl_get_algorithm2(s),
413 TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
414 s->s3->server_random, SSL3_RANDOM_SIZE,
415 s->s3->client_random, SSL3_RANDOM_SIZE,
416 NULL, 0, NULL, 0,
417 s->session->master_key, s->session->master_key_length,
418 km, tmp, num);
419 return ret;
420}
421
422/*
423 * tls1_aead_ctx_init allocates aead_ctx, if needed. It returns 1 on success
424 * and 0 on failure.
425 */
426static int
427tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
428{
429 if (*aead_ctx != NULL) {
430 EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx);
431 return (1);
432 }
433
434 *aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
435 if (*aead_ctx == NULL) {
436 SSLerr(SSL_F_TLS1_AEAD_CTX_INIT, ERR_R_MALLOC_FAILURE);
437 return (0);
438 }
439
440 return (1);
441}
442
443static int
444tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
445 unsigned key_len, const unsigned char *iv, unsigned iv_len)
446{
447 const EVP_AEAD *aead = s->s3->tmp.new_aead;
448 SSL_AEAD_CTX *aead_ctx;
449
450 if (is_read) {
451 if (!tls1_aead_ctx_init(&s->aead_read_ctx))
452 return 0;
453 aead_ctx = s->aead_read_ctx;
454 } else {
455 if (!tls1_aead_ctx_init(&s->aead_write_ctx))
456 return 0;
457 aead_ctx = s->aead_write_ctx;
458 }
459
460 if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,
461 EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
462 return (0);
463 if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
464 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
465 ERR_R_INTERNAL_ERROR);
466 return (0);
467 }
468 memcpy(aead_ctx->fixed_nonce, iv, iv_len);
469 aead_ctx->fixed_nonce_len = iv_len;
470 aead_ctx->variable_nonce_len = 8; /* always the case, currently. */
471 aead_ctx->variable_nonce_in_record =
472 (s->s3->tmp.new_cipher->algorithm2 &
473 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
474 aead_ctx->xor_fixed_nonce =
475 s->s3->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
476 aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
477
478 if (aead_ctx->xor_fixed_nonce) {
479 if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) ||
480 aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {
481 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
482 ERR_R_INTERNAL_ERROR);
483 return (0);
484 }
485 } else {
486 if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
487 EVP_AEAD_nonce_length(aead)) {
488 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
489 ERR_R_INTERNAL_ERROR);
490 return (0);
491 }
492 }
493
494 return (1);
495}
496
497/*
498 * tls1_change_cipher_state_cipher performs the work needed to switch cipher
499 * states when using EVP_CIPHER. The argument is_read is true iff this function
500 * is being called due to reading, as opposed to writing, a ChangeCipherSpec
501 * message. In order to support export ciphersuites, use_client_keys indicates
502 * whether the key material provided is in the "client write" direction.
503 */
504static int
505tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
506 const unsigned char *mac_secret, unsigned int mac_secret_size,
507 const unsigned char *key, unsigned int key_len, const unsigned char *iv,
508 unsigned int iv_len)
509{
510 EVP_CIPHER_CTX *cipher_ctx;
511 const EVP_CIPHER *cipher;
512 EVP_MD_CTX *mac_ctx;
513 const EVP_MD *mac;
514 int mac_type;
515
516 cipher = s->s3->tmp.new_sym_enc;
517 mac = s->s3->tmp.new_hash;
518 mac_type = s->s3->tmp.new_mac_pkey_type;
519
520 if (is_read) {
521 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
522 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
523 else
524 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
525
526 EVP_CIPHER_CTX_free(s->enc_read_ctx);
527 s->enc_read_ctx = NULL;
528 EVP_MD_CTX_destroy(s->read_hash);
529 s->read_hash = NULL;
530
531 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
532 goto err;
533 s->enc_read_ctx = cipher_ctx;
534 if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
535 goto err;
536 s->read_hash = mac_ctx;
537 } else {
538 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
539 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
540 else
541 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
542
543 /*
544 * DTLS fragments retain a pointer to the compression, cipher
545 * and hash contexts, so that it can restore state in order
546 * to perform retransmissions. As such, we cannot free write
547 * contexts that are used for DTLS - these are instead freed
548 * by DTLS when its frees a ChangeCipherSpec fragment.
549 */
550 if (!SSL_IS_DTLS(s)) {
551 EVP_CIPHER_CTX_free(s->enc_write_ctx);
552 s->enc_write_ctx = NULL;
553 EVP_MD_CTX_destroy(s->write_hash);
554 s->write_hash = NULL;
555 }
556 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
557 goto err;
558 s->enc_write_ctx = cipher_ctx;
559 if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
560 goto err;
561 s->write_hash = mac_ctx;
562 }
563
564 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
565 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL,
566 !is_read);
567 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
568 iv_len, (unsigned char *)iv);
569 } else
570 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read);
571
572 if (!(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
573 EVP_PKEY *mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
574 mac_secret, mac_secret_size);
575 if (mac_key == NULL)
576 goto err;
577 EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key);
578 EVP_PKEY_free(mac_key);
579 } else if (mac_secret_size > 0) {
580 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
581 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
582 mac_secret_size, (unsigned char *)mac_secret);
583 }
584
585 if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
586 int nid;
587 if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
588 nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
589 else
590 nid = NID_id_tc26_gost_28147_param_Z;
591
592 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
593 if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
594 EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
595 }
596
597 return (1);
598
599err:
600 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE);
601 return (0);
602}
603
604int
605tls1_change_cipher_state(SSL *s, int which)
606{
607 const unsigned char *client_write_mac_secret, *server_write_mac_secret;
608 const unsigned char *client_write_key, *server_write_key;
609 const unsigned char *client_write_iv, *server_write_iv;
610 const unsigned char *mac_secret, *key, *iv;
611 int mac_secret_size, key_len, iv_len;
612 unsigned char *key_block, *seq;
613 const EVP_CIPHER *cipher;
614 const EVP_AEAD *aead;
615 char is_read, use_client_keys;
616
617
618 cipher = s->s3->tmp.new_sym_enc;
619 aead = s->s3->tmp.new_aead;
620
621 /*
622 * is_read is true if we have just read a ChangeCipherSpec message,
623 * that is we need to update the read cipherspec. Otherwise we have
624 * just written one.
625 */
626 is_read = (which & SSL3_CC_READ) != 0;
627
628 /*
629 * use_client_keys is true if we wish to use the keys for the "client
630 * write" direction. This is the case if we're a client sending a
631 * ChangeCipherSpec, or a server reading a client's ChangeCipherSpec.
632 */
633 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
634 (which == SSL3_CHANGE_CIPHER_SERVER_READ));
635
636
637 /*
638 * Reset sequence number to zero - for DTLS this is handled in
639 * dtls1_reset_seq_numbers().
640 */
641 if (!SSL_IS_DTLS(s)) {
642 seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
643 memset(seq, 0, SSL3_SEQUENCE_SIZE);
644 }
645
646 if (aead != NULL) {
647 key_len = EVP_AEAD_key_length(aead);
648 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher);
649 } else {
650 key_len = EVP_CIPHER_key_length(cipher);
651 iv_len = EVP_CIPHER_iv_length(cipher);
652
653 /* If GCM mode only part of IV comes from PRF. */
654 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
655 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
656 }
657
658 mac_secret_size = s->s3->tmp.new_mac_secret_size;
659
660 key_block = s->s3->tmp.key_block;
661 client_write_mac_secret = key_block;
662 key_block += mac_secret_size;
663 server_write_mac_secret = key_block;
664 key_block += mac_secret_size;
665 client_write_key = key_block;
666 key_block += key_len;
667 server_write_key = key_block;
668 key_block += key_len;
669 client_write_iv = key_block;
670 key_block += iv_len;
671 server_write_iv = key_block;
672 key_block += iv_len;
673
674 if (use_client_keys) {
675 mac_secret = client_write_mac_secret;
676 key = client_write_key;
677 iv = client_write_iv;
678 } else {
679 mac_secret = server_write_mac_secret;
680 key = server_write_key;
681 iv = server_write_iv;
682 }
683
684 if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {
685 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
686 goto err2;
687 }
688
689 if (is_read) {
690 memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size);
691 s->s3->read_mac_secret_size = mac_secret_size;
692 } else {
693 memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size);
694 s->s3->write_mac_secret_size = mac_secret_size;
695 }
696
697 if (aead != NULL) {
698 return tls1_change_cipher_state_aead(s, is_read, key, key_len,
699 iv, iv_len);
700 }
701
702 return tls1_change_cipher_state_cipher(s, is_read, use_client_keys,
703 mac_secret, mac_secret_size, key, key_len, iv, iv_len);
704
705err2:
706 return (0);
707}
708
709int
710tls1_setup_key_block(SSL *s)
711{
712 unsigned char *key_block, *tmp_block = NULL;
713 int mac_type = NID_undef, mac_secret_size = 0;
714 int key_block_len, key_len, iv_len;
715 const EVP_CIPHER *cipher = NULL;
716 const EVP_AEAD *aead = NULL;
717 const EVP_MD *mac = NULL;
718 int ret = 0;
719
720 if (s->s3->tmp.key_block_length != 0)
721 return (1);
722
723 if (s->session->cipher &&
724 (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
725 if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
726 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
727 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
728 return (0);
729 }
730 key_len = EVP_AEAD_key_length(aead);
731 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher);
732 } else {
733 if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
734 &mac_secret_size)) {
735 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
736 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
737 return (0);
738 }
739 key_len = EVP_CIPHER_key_length(cipher);
740 iv_len = EVP_CIPHER_iv_length(cipher);
741
742 /* If GCM mode only part of IV comes from PRF. */
743 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
744 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
745 }
746
747 s->s3->tmp.new_aead = aead;
748 s->s3->tmp.new_sym_enc = cipher;
749 s->s3->tmp.new_hash = mac;
750 s->s3->tmp.new_mac_pkey_type = mac_type;
751 s->s3->tmp.new_mac_secret_size = mac_secret_size;
752
753 tls1_cleanup_key_block(s);
754
755 if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
756 2)) == NULL) {
757 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
758 goto err;
759 }
760 key_block_len = (mac_secret_size + key_len + iv_len) * 2;
761
762 s->s3->tmp.key_block_length = key_block_len;
763 s->s3->tmp.key_block = key_block;
764
765 if ((tmp_block = malloc(key_block_len)) == NULL) {
766 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
767 goto err;
768 }
769
770 if (!tls1_generate_key_block(s, key_block, tmp_block, key_block_len))
771 goto err;
772
773 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
774 s->method->version <= TLS1_VERSION) {
775 /*
776 * Enable vulnerability countermeasure for CBC ciphers with
777 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
778 */
779 s->s3->need_empty_fragments = 1;
780
781 if (s->session->cipher != NULL) {
782 if (s->session->cipher->algorithm_enc == SSL_eNULL)
783 s->s3->need_empty_fragments = 0;
784
785#ifndef OPENSSL_NO_RC4
786 if (s->session->cipher->algorithm_enc == SSL_RC4)
787 s->s3->need_empty_fragments = 0;
788#endif
789 }
790 }
791
792 ret = 1;
793
794err:
795 if (tmp_block) {
796 explicit_bzero(tmp_block, key_block_len);
797 free(tmp_block);
798 }
799 return (ret);
800}
801
802/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
803 *
804 * Returns:
805 * 0: (in non-constant time) if the record is publically invalid (i.e. too
806 * short etc).
807 * 1: if the record's padding is valid / the encryption was successful.
808 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
809 * an internal error occured.
810 */
811int
812tls1_enc(SSL *s, int send)
813{
814 const SSL_AEAD_CTX *aead;
815 const EVP_CIPHER *enc;
816 EVP_CIPHER_CTX *ds;
817 SSL3_RECORD *rec;
818 unsigned char *seq;
819 unsigned long l;
820 int bs, i, j, k, pad = 0, ret, mac_size = 0;
821
822 if (send) {
823 aead = s->aead_write_ctx;
824 rec = &s->s3->wrec;
825 seq = s->s3->write_sequence;
826 } else {
827 aead = s->aead_read_ctx;
828 rec = &s->s3->rrec;
829 seq = s->s3->read_sequence;
830 }
831
832 if (aead) {
833 unsigned char ad[13], *in, *out, nonce[16];
834 size_t out_len, pad_len = 0;
835 unsigned int nonce_used;
836
837 if (SSL_IS_DTLS(s)) {
838 dtls1_build_sequence_number(ad, seq,
839 send ? s->d1->w_epoch : s->d1->r_epoch);
840 } else {
841 memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
842 tls1_record_sequence_increment(seq);
843 }
844
845 ad[8] = rec->type;
846 ad[9] = (unsigned char)(s->version >> 8);
847 ad[10] = (unsigned char)(s->version);
848
849 if (aead->variable_nonce_len > 8 ||
850 aead->variable_nonce_len > sizeof(nonce))
851 return -1;
852
853 if (aead->xor_fixed_nonce) {
854 if (aead->fixed_nonce_len > sizeof(nonce) ||
855 aead->variable_nonce_len > aead->fixed_nonce_len)
856 return -1; /* Should never happen. */
857 pad_len = aead->fixed_nonce_len - aead->variable_nonce_len;
858 } else {
859 if (aead->fixed_nonce_len +
860 aead->variable_nonce_len > sizeof(nonce))
861 return -1; /* Should never happen. */
862 }
863
864 if (send) {
865 size_t len = rec->length;
866 size_t eivlen = 0;
867 in = rec->input;
868 out = rec->data;
869
870 if (aead->xor_fixed_nonce) {
871 /*
872 * The sequence number is left zero
873 * padded, then xored with the fixed
874 * nonce.
875 */
876 memset(nonce, 0, pad_len);
877 memcpy(nonce + pad_len, ad,
878 aead->variable_nonce_len);
879 for (i = 0; i < aead->fixed_nonce_len; i++)
880 nonce[i] ^= aead->fixed_nonce[i];
881 nonce_used = aead->fixed_nonce_len;
882 } else {
883 /*
884 * When sending we use the sequence number as
885 * the variable part of the nonce.
886 */
887 memcpy(nonce, aead->fixed_nonce,
888 aead->fixed_nonce_len);
889 nonce_used = aead->fixed_nonce_len;
890 memcpy(nonce + nonce_used, ad,
891 aead->variable_nonce_len);
892 nonce_used += aead->variable_nonce_len;
893 }
894
895 /*
896 * In do_ssl3_write, rec->input is moved forward by
897 * variable_nonce_len in order to leave space for the
898 * variable nonce. Thus we can copy the sequence number
899 * bytes into place without overwriting any of the
900 * plaintext.
901 */
902 if (aead->variable_nonce_in_record) {
903 memcpy(out, ad, aead->variable_nonce_len);
904 len -= aead->variable_nonce_len;
905 eivlen = aead->variable_nonce_len;
906 }
907
908 ad[11] = len >> 8;
909 ad[12] = len & 0xff;
910
911 if (!EVP_AEAD_CTX_seal(&aead->ctx,
912 out + eivlen, &out_len, len + aead->tag_len, nonce,
913 nonce_used, in + eivlen, len, ad, sizeof(ad)))
914 return -1;
915 if (aead->variable_nonce_in_record)
916 out_len += aead->variable_nonce_len;
917 } else {
918 /* receive */
919 size_t len = rec->length;
920
921 if (rec->data != rec->input)
922 return -1; /* internal error - should never happen. */
923 out = in = rec->input;
924
925 if (len < aead->variable_nonce_len)
926 return 0;
927
928 if (aead->xor_fixed_nonce) {
929 /*
930 * The sequence number is left zero
931 * padded, then xored with the fixed
932 * nonce.
933 */
934 memset(nonce, 0, pad_len);
935 memcpy(nonce + pad_len, ad,
936 aead->variable_nonce_len);
937 for (i = 0; i < aead->fixed_nonce_len; i++)
938 nonce[i] ^= aead->fixed_nonce[i];
939 nonce_used = aead->fixed_nonce_len;
940 } else {
941 memcpy(nonce, aead->fixed_nonce,
942 aead->fixed_nonce_len);
943 nonce_used = aead->fixed_nonce_len;
944
945 memcpy(nonce + nonce_used,
946 aead->variable_nonce_in_record ? in : ad,
947 aead->variable_nonce_len);
948 nonce_used += aead->variable_nonce_len;
949 }
950
951 if (aead->variable_nonce_in_record) {
952 in += aead->variable_nonce_len;
953 len -= aead->variable_nonce_len;
954 out += aead->variable_nonce_len;
955 }
956
957 if (len < aead->tag_len)
958 return 0;
959 len -= aead->tag_len;
960
961 ad[11] = len >> 8;
962 ad[12] = len & 0xff;
963
964 if (!EVP_AEAD_CTX_open(&aead->ctx, out, &out_len, len,
965 nonce, nonce_used, in, len + aead->tag_len, ad,
966 sizeof(ad)))
967 return -1;
968
969 rec->data = rec->input = out;
970 }
971
972 rec->length = out_len;
973
974 return 1;
975 }
976
977 if (send) {
978 if (EVP_MD_CTX_md(s->write_hash)) {
979 int n = EVP_MD_CTX_size(s->write_hash);
980 OPENSSL_assert(n >= 0);
981 }
982 ds = s->enc_write_ctx;
983 if (s->enc_write_ctx == NULL)
984 enc = NULL;
985 else {
986 int ivlen = 0;
987 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
988 if (SSL_USE_EXPLICIT_IV(s) &&
989 EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
990 ivlen = EVP_CIPHER_iv_length(enc);
991 if (ivlen > 1) {
992 if (rec->data != rec->input) {
993#ifdef DEBUG
994 /* we can't write into the input stream:
995 * Can this ever happen?? (steve)
996 */
997 fprintf(stderr,
998 "%s:%d: rec->data != rec->input\n",
999 __FILE__, __LINE__);
1000#endif
1001 } else
1002 arc4random_buf(rec->input, ivlen);
1003 }
1004 }
1005 } else {
1006 if (EVP_MD_CTX_md(s->read_hash)) {
1007 int n = EVP_MD_CTX_size(s->read_hash);
1008 OPENSSL_assert(n >= 0);
1009 }
1010 ds = s->enc_read_ctx;
1011 if (s->enc_read_ctx == NULL)
1012 enc = NULL;
1013 else
1014 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
1015 }
1016
1017 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
1018 memmove(rec->data, rec->input, rec->length);
1019 rec->input = rec->data;
1020 ret = 1;
1021 } else {
1022 l = rec->length;
1023 bs = EVP_CIPHER_block_size(ds->cipher);
1024
1025 if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
1026 unsigned char buf[13];
1027
1028 if (SSL_IS_DTLS(s)) {
1029 dtls1_build_sequence_number(buf, seq,
1030 send ? s->d1->w_epoch : s->d1->r_epoch);
1031 } else {
1032 memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
1033 tls1_record_sequence_increment(seq);
1034 }
1035
1036 buf[8] = rec->type;
1037 buf[9] = (unsigned char)(s->version >> 8);
1038 buf[10] = (unsigned char)(s->version);
1039 buf[11] = rec->length >> 8;
1040 buf[12] = rec->length & 0xff;
1041 pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf);
1042 if (send) {
1043 l += pad;
1044 rec->length += pad;
1045 }
1046 } else if ((bs != 1) && send) {
1047 i = bs - ((int)l % bs);
1048
1049 /* Add weird padding of upto 256 bytes */
1050
1051 /* we need to add 'i' padding bytes of value j */
1052 j = i - 1;
1053 for (k = (int)l; k < (int)(l + i); k++)
1054 rec->input[k] = j;
1055 l += i;
1056 rec->length += i;
1057 }
1058
1059 if (!send) {
1060 if (l == 0 || l % bs != 0)
1061 return 0;
1062 }
1063
1064 i = EVP_Cipher(ds, rec->data, rec->input, l);
1065 if ((EVP_CIPHER_flags(ds->cipher) &
1066 EVP_CIPH_FLAG_CUSTOM_CIPHER) ? (i < 0) : (i == 0))
1067 return -1; /* AEAD can fail to verify MAC */
1068 if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
1069 rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
1070 rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
1071 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
1072 }
1073
1074 ret = 1;
1075 if (EVP_MD_CTX_md(s->read_hash) != NULL)
1076 mac_size = EVP_MD_CTX_size(s->read_hash);
1077 if ((bs != 1) && !send)
1078 ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
1079 if (pad && !send)
1080 rec->length -= pad;
1081 }
1082 return ret;
1083}
1084
1085int
1086tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
1087{
1088 EVP_MD_CTX ctx, *d = NULL;
1089 unsigned int ret;
1090 int i;
1091
1092 if (s->s3->handshake_buffer)
1093 if (!tls1_digest_cached_records(s))
1094 return 0;
1095
1096 for (i = 0; i < SSL_MAX_DIGEST; i++) {
1097 if (s->s3->handshake_dgst[i] &&
1098 EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
1099 d = s->s3->handshake_dgst[i];
1100 break;
1101 }
1102 }
1103 if (d == NULL) {
1104 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
1105 return 0;
1106 }
1107
1108 EVP_MD_CTX_init(&ctx);
1109 if (!EVP_MD_CTX_copy_ex(&ctx, d))
1110 return 0;
1111 EVP_DigestFinal_ex(&ctx, out, &ret);
1112 EVP_MD_CTX_cleanup(&ctx);
1113
1114 return ((int)ret);
1115}
1116
1117int
1118tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
1119{
1120 unsigned int i;
1121 EVP_MD_CTX ctx;
1122 unsigned char buf[2*EVP_MAX_MD_SIZE];
1123 unsigned char *q, buf2[12];
1124 int idx;
1125 long mask;
1126 int err = 0;
1127 const EVP_MD *md;
1128
1129 q = buf;
1130
1131 if (s->s3->handshake_buffer)
1132 if (!tls1_digest_cached_records(s))
1133 return 0;
1134
1135 EVP_MD_CTX_init(&ctx);
1136
1137 for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
1138 if (ssl_get_algorithm2(s) & mask) {
1139 int hashsize = EVP_MD_size(md);
1140 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
1141 if (!hdgst || hashsize < 0 ||
1142 hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
1143 /* internal error: 'buf' is too small for this cipersuite! */
1144 err = 1;
1145 } else {
1146 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
1147 !EVP_DigestFinal_ex(&ctx, q, &i) ||
1148 (i != (unsigned int)hashsize))
1149 err = 1;
1150 q += hashsize;
1151 }
1152 }
1153 }
1154
1155 if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf),
1156 NULL, 0, NULL, 0, NULL, 0,
1157 s->session->master_key, s->session->master_key_length,
1158 out, buf2, sizeof buf2))
1159 err = 1;
1160 EVP_MD_CTX_cleanup(&ctx);
1161
1162 if (err)
1163 return 0;
1164 else
1165 return sizeof buf2;
1166}
1167
1168int
1169tls1_mac(SSL *ssl, unsigned char *md, int send)
1170{
1171 SSL3_RECORD *rec;
1172 unsigned char *seq;
1173 EVP_MD_CTX *hash;
1174 size_t md_size, orig_len;
1175 EVP_MD_CTX hmac, *mac_ctx;
1176 unsigned char header[13];
1177 int stream_mac = (send ?
1178 (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
1179 (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
1180 int t;
1181
1182 if (send) {
1183 rec = &(ssl->s3->wrec);
1184 seq = &(ssl->s3->write_sequence[0]);
1185 hash = ssl->write_hash;
1186 } else {
1187 rec = &(ssl->s3->rrec);
1188 seq = &(ssl->s3->read_sequence[0]);
1189 hash = ssl->read_hash;
1190 }
1191
1192 t = EVP_MD_CTX_size(hash);
1193 OPENSSL_assert(t >= 0);
1194 md_size = t;
1195
1196 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
1197 if (stream_mac) {
1198 mac_ctx = hash;
1199 } else {
1200 if (!EVP_MD_CTX_copy(&hmac, hash))
1201 return -1;
1202 mac_ctx = &hmac;
1203 }
1204
1205 if (SSL_IS_DTLS(ssl))
1206 dtls1_build_sequence_number(header, seq,
1207 send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
1208 else
1209 memcpy(header, seq, SSL3_SEQUENCE_SIZE);
1210
1211 /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
1212 orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
1213 rec->type &= 0xff;
1214
1215 header[8] = rec->type;
1216 header[9] = (unsigned char)(ssl->version >> 8);
1217 header[10] = (unsigned char)(ssl->version);
1218 header[11] = (rec->length) >> 8;
1219 header[12] = (rec->length) & 0xff;
1220
1221 if (!send &&
1222 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
1223 ssl3_cbc_record_digest_supported(mac_ctx)) {
1224 /* This is a CBC-encrypted record. We must avoid leaking any
1225 * timing-side channel information about how many blocks of
1226 * data we are hashing because that gives an attacker a
1227 * timing-oracle. */
1228 if (!ssl3_cbc_digest_record(mac_ctx,
1229 md, &md_size, header, rec->input,
1230 rec->length + md_size, orig_len,
1231 ssl->s3->read_mac_secret,
1232 ssl->s3->read_mac_secret_size,
1233 0 /* not SSLv3 */))
1234 return -1;
1235 } else {
1236 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
1237 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
1238 t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
1239 OPENSSL_assert(t > 0);
1240 }
1241
1242 if (!stream_mac)
1243 EVP_MD_CTX_cleanup(&hmac);
1244
1245 if (!SSL_IS_DTLS(ssl))
1246 tls1_record_sequence_increment(seq);
1247
1248 return (md_size);
1249}
1250
1251int
1252tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1253 int len)
1254{
1255 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
1256
1257 tls1_PRF(ssl_get_algorithm2(s),
1258 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
1259 s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
1260 s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
1261 p, len, s->session->master_key, buff, sizeof buff);
1262
1263 return (SSL3_MASTER_SECRET_SIZE);
1264}
1265
1266int
1267tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1268 const char *label, size_t llen, const unsigned char *context,
1269 size_t contextlen, int use_context)
1270{
1271 unsigned char *buff;
1272 unsigned char *val = NULL;
1273 size_t vallen, currentvalpos;
1274 int rv;
1275
1276 buff = malloc(olen);
1277 if (buff == NULL)
1278 goto err2;
1279
1280 /* construct PRF arguments
1281 * we construct the PRF argument ourself rather than passing separate
1282 * values into the TLS PRF to ensure that the concatenation of values
1283 * does not create a prohibited label.
1284 */
1285 vallen = llen + SSL3_RANDOM_SIZE * 2;
1286 if (use_context) {
1287 vallen += 2 + contextlen;
1288 }
1289
1290 val = malloc(vallen);
1291 if (val == NULL)
1292 goto err2;
1293 currentvalpos = 0;
1294 memcpy(val + currentvalpos, (unsigned char *) label, llen);
1295 currentvalpos += llen;
1296 memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
1297 currentvalpos += SSL3_RANDOM_SIZE;
1298 memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
1299 currentvalpos += SSL3_RANDOM_SIZE;
1300
1301 if (use_context) {
1302 val[currentvalpos] = (contextlen >> 8) & 0xff;
1303 currentvalpos++;
1304 val[currentvalpos] = contextlen & 0xff;
1305 currentvalpos++;
1306 if ((contextlen > 0) || (context != NULL)) {
1307 memcpy(val + currentvalpos, context, contextlen);
1308 }
1309 }
1310
1311 /* disallow prohibited labels
1312 * note that SSL3_RANDOM_SIZE > max(prohibited label len) =
1313 * 15, so size of val > max(prohibited label len) = 15 and the
1314 * comparisons won't have buffer overflow
1315 */
1316 if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
1317 TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
1318 goto err1;
1319 if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
1320 TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
1321 goto err1;
1322 if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
1323 TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
1324 goto err1;
1325 if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
1326 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
1327 goto err1;
1328
1329 rv = tls1_PRF(ssl_get_algorithm2(s),
1330 val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1331 s->session->master_key, s->session->master_key_length,
1332 out, buff, olen);
1333
1334 goto ret;
1335err1:
1336 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,
1337 SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1338 rv = 0;
1339 goto ret;
1340err2:
1341 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1342 rv = 0;
1343ret:
1344 free(buff);
1345 free(val);
1346
1347 return (rv);
1348}
1349
1350int
1351tls1_alert_code(int code)
1352{
1353 switch (code) {
1354 case SSL_AD_CLOSE_NOTIFY:
1355 return (SSL3_AD_CLOSE_NOTIFY);
1356 case SSL_AD_UNEXPECTED_MESSAGE:
1357 return (SSL3_AD_UNEXPECTED_MESSAGE);
1358 case SSL_AD_BAD_RECORD_MAC:
1359 return (SSL3_AD_BAD_RECORD_MAC);
1360 case SSL_AD_DECRYPTION_FAILED:
1361 return (TLS1_AD_DECRYPTION_FAILED);
1362 case SSL_AD_RECORD_OVERFLOW:
1363 return (TLS1_AD_RECORD_OVERFLOW);
1364 case SSL_AD_DECOMPRESSION_FAILURE:
1365 return (SSL3_AD_DECOMPRESSION_FAILURE);
1366 case SSL_AD_HANDSHAKE_FAILURE:
1367 return (SSL3_AD_HANDSHAKE_FAILURE);
1368 case SSL_AD_NO_CERTIFICATE:
1369 return (-1);
1370 case SSL_AD_BAD_CERTIFICATE:
1371 return (SSL3_AD_BAD_CERTIFICATE);
1372 case SSL_AD_UNSUPPORTED_CERTIFICATE:
1373 return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
1374 case SSL_AD_CERTIFICATE_REVOKED:
1375 return (SSL3_AD_CERTIFICATE_REVOKED);
1376 case SSL_AD_CERTIFICATE_EXPIRED:
1377 return (SSL3_AD_CERTIFICATE_EXPIRED);
1378 case SSL_AD_CERTIFICATE_UNKNOWN:
1379 return (SSL3_AD_CERTIFICATE_UNKNOWN);
1380 case SSL_AD_ILLEGAL_PARAMETER:
1381 return (SSL3_AD_ILLEGAL_PARAMETER);
1382 case SSL_AD_UNKNOWN_CA:
1383 return (TLS1_AD_UNKNOWN_CA);
1384 case SSL_AD_ACCESS_DENIED:
1385 return (TLS1_AD_ACCESS_DENIED);
1386 case SSL_AD_DECODE_ERROR:
1387 return (TLS1_AD_DECODE_ERROR);
1388 case SSL_AD_DECRYPT_ERROR:
1389 return (TLS1_AD_DECRYPT_ERROR);
1390 case SSL_AD_EXPORT_RESTRICTION:
1391 return (TLS1_AD_EXPORT_RESTRICTION);
1392 case SSL_AD_PROTOCOL_VERSION:
1393 return (TLS1_AD_PROTOCOL_VERSION);
1394 case SSL_AD_INSUFFICIENT_SECURITY:
1395 return (TLS1_AD_INSUFFICIENT_SECURITY);
1396 case SSL_AD_INTERNAL_ERROR:
1397 return (TLS1_AD_INTERNAL_ERROR);
1398 case SSL_AD_INAPPROPRIATE_FALLBACK:
1399 return(TLS1_AD_INAPPROPRIATE_FALLBACK);
1400 case SSL_AD_USER_CANCELLED:
1401 return (TLS1_AD_USER_CANCELLED);
1402 case SSL_AD_NO_RENEGOTIATION:
1403 return (TLS1_AD_NO_RENEGOTIATION);
1404 case SSL_AD_UNSUPPORTED_EXTENSION:
1405 return (TLS1_AD_UNSUPPORTED_EXTENSION);
1406 case SSL_AD_CERTIFICATE_UNOBTAINABLE:
1407 return (TLS1_AD_CERTIFICATE_UNOBTAINABLE);
1408 case SSL_AD_UNRECOGNIZED_NAME:
1409 return (TLS1_AD_UNRECOGNIZED_NAME);
1410 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
1411 return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
1412 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
1413 return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
1414 case SSL_AD_UNKNOWN_PSK_IDENTITY:
1415 return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
1416 default:
1417 return (-1);
1418 }
1419}
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index 7230dec671..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,2404 +0,0 @@
1/* $OpenBSD: t1_lib.c,v 1.87 2016/05/30 13:42:54 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include <openssl/evp.h>
115#include <openssl/hmac.h>
116#include <openssl/objects.h>
117#include <openssl/ocsp.h>
118
119#include "ssl_locl.h"
120#include "bytestring.h"
121
122static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
123 const unsigned char *sess_id, int sesslen,
124 SSL_SESSION **psess);
125
126SSL3_ENC_METHOD TLSv1_enc_data = {
127 .enc = tls1_enc,
128 .mac = tls1_mac,
129 .setup_key_block = tls1_setup_key_block,
130 .generate_master_secret = tls1_generate_master_secret,
131 .change_cipher_state = tls1_change_cipher_state,
132 .final_finish_mac = tls1_final_finish_mac,
133 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
134 .cert_verify_mac = tls1_cert_verify_mac,
135 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
136 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
137 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
138 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
139 .alert_value = tls1_alert_code,
140 .export_keying_material = tls1_export_keying_material,
141 .enc_flags = 0,
142};
143
144SSL3_ENC_METHOD TLSv1_1_enc_data = {
145 .enc = tls1_enc,
146 .mac = tls1_mac,
147 .setup_key_block = tls1_setup_key_block,
148 .generate_master_secret = tls1_generate_master_secret,
149 .change_cipher_state = tls1_change_cipher_state,
150 .final_finish_mac = tls1_final_finish_mac,
151 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
152 .cert_verify_mac = tls1_cert_verify_mac,
153 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
154 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
155 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
156 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
157 .alert_value = tls1_alert_code,
158 .export_keying_material = tls1_export_keying_material,
159 .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
160};
161
162SSL3_ENC_METHOD TLSv1_2_enc_data = {
163 .enc = tls1_enc,
164 .mac = tls1_mac,
165 .setup_key_block = tls1_setup_key_block,
166 .generate_master_secret = tls1_generate_master_secret,
167 .change_cipher_state = tls1_change_cipher_state,
168 .final_finish_mac = tls1_final_finish_mac,
169 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
170 .cert_verify_mac = tls1_cert_verify_mac,
171 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
172 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
173 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
174 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
175 .alert_value = tls1_alert_code,
176 .export_keying_material = tls1_export_keying_material,
177 .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|
178 SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
179};
180
181long
182tls1_default_timeout(void)
183{
184 /* 2 hours, the 24 hours mentioned in the TLSv1 spec
185 * is way too long for http, the cache would over fill */
186 return (60 * 60 * 2);
187}
188
189int
190tls1_new(SSL *s)
191{
192 if (!ssl3_new(s))
193 return (0);
194 s->method->ssl_clear(s);
195 return (1);
196}
197
198void
199tls1_free(SSL *s)
200{
201 if (s == NULL)
202 return;
203
204 free(s->tlsext_session_ticket);
205 ssl3_free(s);
206}
207
208void
209tls1_clear(SSL *s)
210{
211 ssl3_clear(s);
212 s->version = s->method->version;
213}
214
215
216static int nid_list[] = {
217 NID_sect163k1, /* sect163k1 (1) */
218 NID_sect163r1, /* sect163r1 (2) */
219 NID_sect163r2, /* sect163r2 (3) */
220 NID_sect193r1, /* sect193r1 (4) */
221 NID_sect193r2, /* sect193r2 (5) */
222 NID_sect233k1, /* sect233k1 (6) */
223 NID_sect233r1, /* sect233r1 (7) */
224 NID_sect239k1, /* sect239k1 (8) */
225 NID_sect283k1, /* sect283k1 (9) */
226 NID_sect283r1, /* sect283r1 (10) */
227 NID_sect409k1, /* sect409k1 (11) */
228 NID_sect409r1, /* sect409r1 (12) */
229 NID_sect571k1, /* sect571k1 (13) */
230 NID_sect571r1, /* sect571r1 (14) */
231 NID_secp160k1, /* secp160k1 (15) */
232 NID_secp160r1, /* secp160r1 (16) */
233 NID_secp160r2, /* secp160r2 (17) */
234 NID_secp192k1, /* secp192k1 (18) */
235 NID_X9_62_prime192v1, /* secp192r1 (19) */
236 NID_secp224k1, /* secp224k1 (20) */
237 NID_secp224r1, /* secp224r1 (21) */
238 NID_secp256k1, /* secp256k1 (22) */
239 NID_X9_62_prime256v1, /* secp256r1 (23) */
240 NID_secp384r1, /* secp384r1 (24) */
241 NID_secp521r1, /* secp521r1 (25) */
242 NID_brainpoolP256r1, /* brainpoolP256r1 (26) */
243 NID_brainpoolP384r1, /* brainpoolP384r1 (27) */
244 NID_brainpoolP512r1 /* brainpoolP512r1 (28) */
245};
246
247static const uint8_t ecformats_default[] = {
248 TLSEXT_ECPOINTFORMAT_uncompressed,
249 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
250 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
251};
252
253static const uint16_t eccurves_default[] = {
254 14, /* sect571r1 (14) */
255 13, /* sect571k1 (13) */
256 25, /* secp521r1 (25) */
257 28, /* brainpool512r1 (28) */
258 11, /* sect409k1 (11) */
259 12, /* sect409r1 (12) */
260 27, /* brainpoolP384r1 (27) */
261 24, /* secp384r1 (24) */
262 9, /* sect283k1 (9) */
263 10, /* sect283r1 (10) */
264 26, /* brainpoolP256r1 (26) */
265 22, /* secp256k1 (22) */
266 23, /* secp256r1 (23) */
267 8, /* sect239k1 (8) */
268 6, /* sect233k1 (6) */
269 7, /* sect233r1 (7) */
270 20, /* secp224k1 (20) */
271 21, /* secp224r1 (21) */
272 4, /* sect193r1 (4) */
273 5, /* sect193r2 (5) */
274 18, /* secp192k1 (18) */
275 19, /* secp192r1 (19) */
276 1, /* sect163k1 (1) */
277 2, /* sect163r1 (2) */
278 3, /* sect163r2 (3) */
279 15, /* secp160k1 (15) */
280 16, /* secp160r1 (16) */
281 17, /* secp160r2 (17) */
282};
283
284int
285tls1_ec_curve_id2nid(uint16_t curve_id)
286{
287 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
288 if ((curve_id < 1) ||
289 ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0])))
290 return 0;
291 return nid_list[curve_id - 1];
292}
293
294uint16_t
295tls1_ec_nid2curve_id(int nid)
296{
297 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
298 switch (nid) {
299 case NID_sect163k1: /* sect163k1 (1) */
300 return 1;
301 case NID_sect163r1: /* sect163r1 (2) */
302 return 2;
303 case NID_sect163r2: /* sect163r2 (3) */
304 return 3;
305 case NID_sect193r1: /* sect193r1 (4) */
306 return 4;
307 case NID_sect193r2: /* sect193r2 (5) */
308 return 5;
309 case NID_sect233k1: /* sect233k1 (6) */
310 return 6;
311 case NID_sect233r1: /* sect233r1 (7) */
312 return 7;
313 case NID_sect239k1: /* sect239k1 (8) */
314 return 8;
315 case NID_sect283k1: /* sect283k1 (9) */
316 return 9;
317 case NID_sect283r1: /* sect283r1 (10) */
318 return 10;
319 case NID_sect409k1: /* sect409k1 (11) */
320 return 11;
321 case NID_sect409r1: /* sect409r1 (12) */
322 return 12;
323 case NID_sect571k1: /* sect571k1 (13) */
324 return 13;
325 case NID_sect571r1: /* sect571r1 (14) */
326 return 14;
327 case NID_secp160k1: /* secp160k1 (15) */
328 return 15;
329 case NID_secp160r1: /* secp160r1 (16) */
330 return 16;
331 case NID_secp160r2: /* secp160r2 (17) */
332 return 17;
333 case NID_secp192k1: /* secp192k1 (18) */
334 return 18;
335 case NID_X9_62_prime192v1: /* secp192r1 (19) */
336 return 19;
337 case NID_secp224k1: /* secp224k1 (20) */
338 return 20;
339 case NID_secp224r1: /* secp224r1 (21) */
340 return 21;
341 case NID_secp256k1: /* secp256k1 (22) */
342 return 22;
343 case NID_X9_62_prime256v1: /* secp256r1 (23) */
344 return 23;
345 case NID_secp384r1: /* secp384r1 (24) */
346 return 24;
347 case NID_secp521r1: /* secp521r1 (25) */
348 return 25;
349 case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */
350 return 26;
351 case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */
352 return 27;
353 case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */
354 return 28;
355 default:
356 return 0;
357 }
358}
359
360/*
361 * Return the appropriate format list. If client_formats is non-zero, return
362 * the client/session formats. Otherwise return the custom format list if one
363 * exists, or the default formats if a custom list has not been specified.
364 */
365static void
366tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
367 size_t *pformatslen)
368{
369 if (client_formats != 0) {
370 *pformats = s->session->tlsext_ecpointformatlist;
371 *pformatslen = s->session->tlsext_ecpointformatlist_length;
372 return;
373 }
374
375 *pformats = s->tlsext_ecpointformatlist;
376 *pformatslen = s->tlsext_ecpointformatlist_length;
377 if (*pformats == NULL) {
378 *pformats = ecformats_default;
379 *pformatslen = sizeof(ecformats_default);
380 }
381}
382
383/*
384 * Return the appropriate curve list. If client_curves is non-zero, return
385 * the client/session curves. Otherwise return the custom curve list if one
386 * exists, or the default curves if a custom list has not been specified.
387 */
388static void
389tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
390 size_t *pcurveslen)
391{
392 if (client_curves != 0) {
393 *pcurves = s->session->tlsext_ellipticcurvelist;
394 *pcurveslen = s->session->tlsext_ellipticcurvelist_length;
395 return;
396 }
397
398 *pcurves = s->tlsext_ellipticcurvelist;
399 *pcurveslen = s->tlsext_ellipticcurvelist_length;
400 if (*pcurves == NULL) {
401 *pcurves = eccurves_default;
402 *pcurveslen = sizeof(eccurves_default) / 2;
403 }
404}
405
406/* Check that a curve is one of our preferences. */
407int
408tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
409{
410 CBS cbs;
411 const uint16_t *curves;
412 size_t curveslen, i;
413 uint8_t type;
414 uint16_t cid;
415
416 CBS_init(&cbs, p, len);
417
418 /* Only named curves are supported. */
419 if (CBS_len(&cbs) != 3 ||
420 !CBS_get_u8(&cbs, &type) ||
421 type != NAMED_CURVE_TYPE ||
422 !CBS_get_u16(&cbs, &cid))
423 return (0);
424
425 tls1_get_curvelist(s, 0, &curves, &curveslen);
426
427 for (i = 0; i < curveslen; i++) {
428 if (curves[i] == cid)
429 return (1);
430 }
431 return (0);
432}
433
434int
435tls1_get_shared_curve(SSL *s)
436{
437 size_t preflen, supplen, i, j;
438 const uint16_t *pref, *supp;
439 unsigned long server_pref;
440
441 /* Cannot do anything on the client side. */
442 if (s->server == 0)
443 return (NID_undef);
444
445 /* Return first preference shared curve. */
446 server_pref = (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
447 tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
448 tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);
449
450 for (i = 0; i < preflen; i++) {
451 for (j = 0; j < supplen; j++) {
452 if (pref[i] == supp[j])
453 return (tls1_ec_curve_id2nid(pref[i]));
454 }
455 }
456 return (NID_undef);
457}
458
459/* For an EC key set TLS ID and required compression based on parameters. */
460static int
461tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
462{
463 const EC_GROUP *grp;
464 const EC_METHOD *meth;
465 int is_prime = 0;
466 int nid, id;
467
468 if (ec == NULL)
469 return (0);
470
471 /* Determine if it is a prime field. */
472 if ((grp = EC_KEY_get0_group(ec)) == NULL)
473 return (0);
474 if ((meth = EC_GROUP_method_of(grp)) == NULL)
475 return (0);
476 if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
477 is_prime = 1;
478
479 /* Determine curve ID. */
480 nid = EC_GROUP_get_curve_name(grp);
481 id = tls1_ec_nid2curve_id(nid);
482
483 /* If we have an ID set it, otherwise set arbitrary explicit curve. */
484 if (id != 0)
485 *curve_id = id;
486 else
487 *curve_id = is_prime ? 0xff01 : 0xff02;
488
489 /* Specify the compression identifier. */
490 if (comp_id != NULL) {
491 if (EC_KEY_get0_public_key(ec) == NULL)
492 return (0);
493
494 if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
495 *comp_id = is_prime ?
496 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime :
497 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
498 } else {
499 *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
500 }
501 }
502 return (1);
503}
504
505/* Check that an EC key is compatible with extensions. */
506static int
507tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
508{
509 size_t curveslen, formatslen, i;
510 const uint16_t *curves;
511 const uint8_t *formats;
512
513 /*
514 * Check point formats extension if present, otherwise everything
515 * is supported (see RFC4492).
516 */
517 tls1_get_formatlist(s, 1, &formats, &formatslen);
518 if (comp_id != NULL && formats != NULL) {
519 for (i = 0; i < formatslen; i++) {
520 if (formats[i] == *comp_id)
521 break;
522 }
523 if (i == formatslen)
524 return (0);
525 }
526
527 /*
528 * Check curve list if present, otherwise everything is supported.
529 */
530 tls1_get_curvelist(s, 1, &curves, &curveslen);
531 if (curve_id != NULL && curves != NULL) {
532 for (i = 0; i < curveslen; i++) {
533 if (curves[i] == *curve_id)
534 break;
535 }
536 if (i == curveslen)
537 return (0);
538 }
539
540 return (1);
541}
542
543/* Check EC server key is compatible with client extensions. */
544int
545tls1_check_ec_server_key(SSL *s)
546{
547 CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
548 uint16_t curve_id;
549 uint8_t comp_id;
550 EVP_PKEY *pkey;
551 int rv;
552
553 if (cpk->x509 == NULL || cpk->privatekey == NULL)
554 return (0);
555 if ((pkey = X509_get_pubkey(cpk->x509)) == NULL)
556 return (0);
557 rv = tls1_set_ec_id(&curve_id, &comp_id, pkey->pkey.ec);
558 EVP_PKEY_free(pkey);
559 if (rv != 1)
560 return (0);
561
562 return tls1_check_ec_key(s, &curve_id, &comp_id);
563}
564
565/* Check EC temporary key is compatible with client extensions. */
566int
567tls1_check_ec_tmp_key(SSL *s)
568{
569 EC_KEY *ec = s->cert->ecdh_tmp;
570 uint16_t curve_id;
571
572 if (s->cert->ecdh_tmp_auto != 0) {
573 /* Need a shared curve. */
574 if (tls1_get_shared_curve(s) != NID_undef)
575 return (1);
576 return (0);
577 }
578
579 if (ec == NULL) {
580 if (s->cert->ecdh_tmp_cb != NULL)
581 return (1);
582 return (0);
583 }
584 if (tls1_set_ec_id(&curve_id, NULL, ec) != 1)
585 return (0);
586
587 return tls1_check_ec_key(s, &curve_id, NULL);
588}
589
590/*
591 * List of supported signature algorithms and hashes. Should make this
592 * customisable at some point, for now include everything we support.
593 */
594
595static unsigned char tls12_sigalgs[] = {
596 TLSEXT_hash_sha512, TLSEXT_signature_rsa,
597 TLSEXT_hash_sha512, TLSEXT_signature_dsa,
598 TLSEXT_hash_sha512, TLSEXT_signature_ecdsa,
599#ifndef OPENSSL_NO_GOST
600 TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512,
601#endif
602
603 TLSEXT_hash_sha384, TLSEXT_signature_rsa,
604 TLSEXT_hash_sha384, TLSEXT_signature_dsa,
605 TLSEXT_hash_sha384, TLSEXT_signature_ecdsa,
606
607 TLSEXT_hash_sha256, TLSEXT_signature_rsa,
608 TLSEXT_hash_sha256, TLSEXT_signature_dsa,
609 TLSEXT_hash_sha256, TLSEXT_signature_ecdsa,
610
611#ifndef OPENSSL_NO_GOST
612 TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256,
613 TLSEXT_hash_gost94, TLSEXT_signature_gostr01,
614#endif
615
616 TLSEXT_hash_sha224, TLSEXT_signature_rsa,
617 TLSEXT_hash_sha224, TLSEXT_signature_dsa,
618 TLSEXT_hash_sha224, TLSEXT_signature_ecdsa,
619
620 TLSEXT_hash_sha1, TLSEXT_signature_rsa,
621 TLSEXT_hash_sha1, TLSEXT_signature_dsa,
622 TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
623};
624
625int
626tls12_get_req_sig_algs(SSL *s, unsigned char *p)
627{
628 size_t slen = sizeof(tls12_sigalgs);
629
630 if (p)
631 memcpy(p, tls12_sigalgs, slen);
632 return (int)slen;
633}
634
635unsigned char *
636ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
637{
638 int extdatalen = 0;
639 unsigned char *ret = p;
640 int using_ecc = 0;
641
642 /* See if we support any ECC ciphersuites. */
643 if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION) {
644 STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
645 unsigned long alg_k, alg_a;
646 int i;
647
648 for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
649 SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
650
651 alg_k = c->algorithm_mkey;
652 alg_a = c->algorithm_auth;
653
654 if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
655 (alg_a & SSL_aECDSA))) {
656 using_ecc = 1;
657 break;
658 }
659 }
660 }
661
662 ret += 2;
663
664 if (ret >= limit)
665 return NULL; /* this really never occurs, but ... */
666
667 if (s->tlsext_hostname != NULL) {
668 /* Add TLS extension servername to the Client Hello message */
669 size_t size_str, lenmax;
670
671 /* check for enough space.
672 4 for the servername type and extension length
673 2 for servernamelist length
674 1 for the hostname type
675 2 for hostname length
676 + hostname length
677 */
678
679 if ((size_t)(limit - ret) < 9)
680 return NULL;
681
682 lenmax = limit - ret - 9;
683 if ((size_str = strlen(s->tlsext_hostname)) > lenmax)
684 return NULL;
685
686 /* extension type and length */
687 s2n(TLSEXT_TYPE_server_name, ret);
688
689 s2n(size_str + 5, ret);
690
691 /* length of servername list */
692 s2n(size_str + 3, ret);
693
694 /* hostname type, length and hostname */
695 *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
696 s2n(size_str, ret);
697 memcpy(ret, s->tlsext_hostname, size_str);
698 ret += size_str;
699 }
700
701 /* Add RI if renegotiating */
702 if (s->renegotiate) {
703 int el;
704
705 if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
706 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
707 ERR_R_INTERNAL_ERROR);
708 return NULL;
709 }
710
711 if ((size_t)(limit - ret) < 4 + el)
712 return NULL;
713
714 s2n(TLSEXT_TYPE_renegotiate, ret);
715 s2n(el, ret);
716
717 if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
718 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
719 ERR_R_INTERNAL_ERROR);
720 return NULL;
721 }
722
723 ret += el;
724 }
725
726 if (using_ecc) {
727 size_t curveslen, formatslen, lenmax;
728 const uint16_t *curves;
729 const uint8_t *formats;
730 int i;
731
732 /*
733 * Add TLS extension ECPointFormats to the ClientHello message.
734 */
735 tls1_get_formatlist(s, 0, &formats, &formatslen);
736
737 if ((size_t)(limit - ret) < 5)
738 return NULL;
739
740 lenmax = limit - ret - 5;
741 if (formatslen > lenmax)
742 return NULL;
743 if (formatslen > 255) {
744 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
745 ERR_R_INTERNAL_ERROR);
746 return NULL;
747 }
748
749 s2n(TLSEXT_TYPE_ec_point_formats, ret);
750 s2n(formatslen + 1, ret);
751 *(ret++) = (unsigned char)formatslen;
752 memcpy(ret, formats, formatslen);
753 ret += formatslen;
754
755 /*
756 * Add TLS extension EllipticCurves to the ClientHello message.
757 */
758 tls1_get_curvelist(s, 0, &curves, &curveslen);
759
760 if ((size_t)(limit - ret) < 6)
761 return NULL;
762
763 lenmax = limit - ret - 6;
764 if (curveslen > lenmax)
765 return NULL;
766 if (curveslen > 65532) {
767 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
768 ERR_R_INTERNAL_ERROR);
769 return NULL;
770 }
771
772 s2n(TLSEXT_TYPE_elliptic_curves, ret);
773 s2n((curveslen * 2) + 2, ret);
774
775 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
776 * elliptic_curve_list, but the examples use two bytes.
777 * https://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
778 * resolves this to two bytes.
779 */
780 s2n(curveslen * 2, ret);
781 for (i = 0; i < curveslen; i++)
782 s2n(curves[i], ret);
783 }
784
785 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
786 int ticklen;
787 if (!s->new_session && s->session && s->session->tlsext_tick)
788 ticklen = s->session->tlsext_ticklen;
789 else if (s->session && s->tlsext_session_ticket &&
790 s->tlsext_session_ticket->data) {
791 ticklen = s->tlsext_session_ticket->length;
792 s->session->tlsext_tick = malloc(ticklen);
793 if (!s->session->tlsext_tick)
794 return NULL;
795 memcpy(s->session->tlsext_tick,
796 s->tlsext_session_ticket->data, ticklen);
797 s->session->tlsext_ticklen = ticklen;
798 } else
799 ticklen = 0;
800 if (ticklen == 0 && s->tlsext_session_ticket &&
801 s->tlsext_session_ticket->data == NULL)
802 goto skip_ext;
803 /* Check for enough room 2 for extension type, 2 for len
804 * rest for ticket
805 */
806 if ((size_t)(limit - ret) < 4 + ticklen)
807 return NULL;
808 s2n(TLSEXT_TYPE_session_ticket, ret);
809
810 s2n(ticklen, ret);
811 if (ticklen) {
812 memcpy(ret, s->session->tlsext_tick, ticklen);
813 ret += ticklen;
814 }
815 }
816skip_ext:
817
818 if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
819 if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
820 return NULL;
821
822 s2n(TLSEXT_TYPE_signature_algorithms, ret);
823 s2n(sizeof(tls12_sigalgs) + 2, ret);
824 s2n(sizeof(tls12_sigalgs), ret);
825 memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
826 ret += sizeof(tls12_sigalgs);
827 }
828
829 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
830 s->version != DTLS1_VERSION) {
831 int i;
832 long extlen, idlen, itmp;
833 OCSP_RESPID *id;
834
835 idlen = 0;
836 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
837 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
838 itmp = i2d_OCSP_RESPID(id, NULL);
839 if (itmp <= 0)
840 return NULL;
841 idlen += itmp + 2;
842 }
843
844 if (s->tlsext_ocsp_exts) {
845 extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
846 if (extlen < 0)
847 return NULL;
848 } else
849 extlen = 0;
850
851 if ((size_t)(limit - ret) < 7 + extlen + idlen)
852 return NULL;
853 s2n(TLSEXT_TYPE_status_request, ret);
854 if (extlen + idlen > 0xFFF0)
855 return NULL;
856 s2n(extlen + idlen + 5, ret);
857 *(ret++) = TLSEXT_STATUSTYPE_ocsp;
858 s2n(idlen, ret);
859 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
860 /* save position of id len */
861 unsigned char *q = ret;
862 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
863 /* skip over id len */
864 ret += 2;
865 itmp = i2d_OCSP_RESPID(id, &ret);
866 /* write id len */
867 s2n(itmp, q);
868 }
869 s2n(extlen, ret);
870 if (extlen > 0)
871 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
872 }
873
874 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
875 /* The client advertises an emtpy extension to indicate its
876 * support for Next Protocol Negotiation */
877 if ((size_t)(limit - ret) < 4)
878 return NULL;
879 s2n(TLSEXT_TYPE_next_proto_neg, ret);
880 s2n(0, ret);
881 }
882
883 if (s->alpn_client_proto_list != NULL &&
884 s->s3->tmp.finish_md_len == 0) {
885 if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
886 return (NULL);
887 s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
888 s2n(2 + s->alpn_client_proto_list_len, ret);
889 s2n(s->alpn_client_proto_list_len, ret);
890 memcpy(ret, s->alpn_client_proto_list,
891 s->alpn_client_proto_list_len);
892 ret += s->alpn_client_proto_list_len;
893 }
894
895#ifndef OPENSSL_NO_SRTP
896 if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
897 int el;
898
899 ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
900
901 if ((size_t)(limit - ret) < 4 + el)
902 return NULL;
903
904 s2n(TLSEXT_TYPE_use_srtp, ret);
905 s2n(el, ret);
906
907 if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
908 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
909 ERR_R_INTERNAL_ERROR);
910 return NULL;
911 }
912 ret += el;
913 }
914#endif
915
916 /*
917 * Add padding to workaround bugs in F5 terminators.
918 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
919 *
920 * Note that this seems to trigger issues with IronPort SMTP
921 * appliances.
922 *
923 * NB: because this code works out the length of all existing
924 * extensions it MUST always appear last.
925 */
926 if (s->options & SSL_OP_TLSEXT_PADDING) {
927 int hlen = ret - (unsigned char *)s->init_buf->data;
928
929 /*
930 * The code in s23_clnt.c to build ClientHello messages
931 * includes the 5-byte record header in the buffer, while the
932 * code in s3_clnt.c does not.
933 */
934 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
935 hlen -= 5;
936 if (hlen > 0xff && hlen < 0x200) {
937 hlen = 0x200 - hlen;
938 if (hlen >= 4)
939 hlen -= 4;
940 else
941 hlen = 0;
942
943 s2n(TLSEXT_TYPE_padding, ret);
944 s2n(hlen, ret);
945 memset(ret, 0, hlen);
946 ret += hlen;
947 }
948 }
949
950 if ((extdatalen = ret - p - 2) == 0)
951 return p;
952
953 s2n(extdatalen, p);
954 return ret;
955}
956
957unsigned char *
958ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
959{
960 int using_ecc, extdatalen = 0;
961 unsigned long alg_a, alg_k;
962 unsigned char *ret = p;
963 int next_proto_neg_seen;
964
965 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
966 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
967 using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
968 alg_a & SSL_aECDSA) &&
969 s->session->tlsext_ecpointformatlist != NULL;
970
971 ret += 2;
972 if (ret >= limit)
973 return NULL; /* this really never occurs, but ... */
974
975 if (!s->hit && s->servername_done == 1 &&
976 s->session->tlsext_hostname != NULL) {
977 if ((size_t)(limit - ret) < 4)
978 return NULL;
979
980 s2n(TLSEXT_TYPE_server_name, ret);
981 s2n(0, ret);
982 }
983
984 if (s->s3->send_connection_binding) {
985 int el;
986
987 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
988 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
989 ERR_R_INTERNAL_ERROR);
990 return NULL;
991 }
992
993 if ((size_t)(limit - ret) < 4 + el)
994 return NULL;
995
996 s2n(TLSEXT_TYPE_renegotiate, ret);
997 s2n(el, ret);
998
999 if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
1000 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
1001 ERR_R_INTERNAL_ERROR);
1002 return NULL;
1003 }
1004
1005 ret += el;
1006 }
1007
1008 if (using_ecc && s->version != DTLS1_VERSION) {
1009 const unsigned char *formats;
1010 size_t formatslen, lenmax;
1011
1012 /*
1013 * Add TLS extension ECPointFormats to the ServerHello message.
1014 */
1015 tls1_get_formatlist(s, 0, &formats, &formatslen);
1016
1017 if ((size_t)(limit - ret) < 5)
1018 return NULL;
1019
1020 lenmax = limit - ret - 5;
1021 if (formatslen > lenmax)
1022 return NULL;
1023 if (formatslen > 255) {
1024 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
1025 ERR_R_INTERNAL_ERROR);
1026 return NULL;
1027 }
1028
1029 s2n(TLSEXT_TYPE_ec_point_formats, ret);
1030 s2n(formatslen + 1, ret);
1031 *(ret++) = (unsigned char)formatslen;
1032 memcpy(ret, formats, formatslen);
1033 ret += formatslen;
1034 }
1035
1036 /*
1037 * Currently the server should not respond with a SupportedCurves
1038 * extension.
1039 */
1040
1041 if (s->tlsext_ticket_expected &&
1042 !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
1043 if ((size_t)(limit - ret) < 4)
1044 return NULL;
1045
1046 s2n(TLSEXT_TYPE_session_ticket, ret);
1047 s2n(0, ret);
1048 }
1049
1050 if (s->tlsext_status_expected) {
1051 if ((size_t)(limit - ret) < 4)
1052 return NULL;
1053
1054 s2n(TLSEXT_TYPE_status_request, ret);
1055 s2n(0, ret);
1056 }
1057
1058#ifndef OPENSSL_NO_SRTP
1059 if (SSL_IS_DTLS(s) && s->srtp_profile) {
1060 int el;
1061
1062 ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
1063
1064 if ((size_t)(limit - ret) < 4 + el)
1065 return NULL;
1066
1067 s2n(TLSEXT_TYPE_use_srtp, ret);
1068 s2n(el, ret);
1069
1070 if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
1071 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
1072 ERR_R_INTERNAL_ERROR);
1073 return NULL;
1074 }
1075 ret += el;
1076 }
1077#endif
1078
1079 if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 ||
1080 (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) &&
1081 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
1082 static const unsigned char cryptopro_ext[36] = {
1083 0xfd, 0xe8, /*65000*/
1084 0x00, 0x20, /*32 bytes length*/
1085 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
1086 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
1087 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
1088 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
1089 };
1090 if ((size_t)(limit - ret) < sizeof(cryptopro_ext))
1091 return NULL;
1092 memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
1093 ret += sizeof(cryptopro_ext);
1094 }
1095
1096 next_proto_neg_seen = s->s3->next_proto_neg_seen;
1097 s->s3->next_proto_neg_seen = 0;
1098 if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
1099 const unsigned char *npa;
1100 unsigned int npalen;
1101 int r;
1102
1103 r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
1104 s->ctx->next_protos_advertised_cb_arg);
1105 if (r == SSL_TLSEXT_ERR_OK) {
1106 if ((size_t)(limit - ret) < 4 + npalen)
1107 return NULL;
1108 s2n(TLSEXT_TYPE_next_proto_neg, ret);
1109 s2n(npalen, ret);
1110 memcpy(ret, npa, npalen);
1111 ret += npalen;
1112 s->s3->next_proto_neg_seen = 1;
1113 }
1114 }
1115
1116 if (s->s3->alpn_selected != NULL) {
1117 const unsigned char *selected = s->s3->alpn_selected;
1118 unsigned int len = s->s3->alpn_selected_len;
1119
1120 if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
1121 return (NULL);
1122 s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
1123 s2n(3 + len, ret);
1124 s2n(1 + len, ret);
1125 *ret++ = len;
1126 memcpy(ret, selected, len);
1127 ret += len;
1128 }
1129
1130 if ((extdatalen = ret - p - 2) == 0)
1131 return p;
1132
1133 s2n(extdatalen, p);
1134 return ret;
1135}
1136
1137/*
1138 * tls1_alpn_handle_client_hello is called to process the ALPN extension in a
1139 * ClientHello.
1140 * data: the contents of the extension, not including the type and length.
1141 * data_len: the number of bytes in data.
1142 * al: a pointer to the alert value to send in the event of a non-zero
1143 * return.
1144 * returns: 1 on success.
1145 */
1146static int
1147tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
1148 unsigned int data_len, int *al)
1149{
1150 CBS cbs, proto_name_list, alpn;
1151 const unsigned char *selected;
1152 unsigned char selected_len;
1153 int r;
1154
1155 if (s->ctx->alpn_select_cb == NULL)
1156 return (1);
1157
1158 if (data_len < 2)
1159 goto parse_error;
1160
1161 CBS_init(&cbs, data, data_len);
1162
1163 /*
1164 * data should contain a uint16 length followed by a series of 8-bit,
1165 * length-prefixed strings.
1166 */
1167 if (!CBS_get_u16_length_prefixed(&cbs, &alpn) ||
1168 CBS_len(&alpn) < 2 ||
1169 CBS_len(&cbs) != 0)
1170 goto parse_error;
1171
1172 /* Validate data before sending to callback. */
1173 CBS_dup(&alpn, &proto_name_list);
1174 while (CBS_len(&proto_name_list) > 0) {
1175 CBS proto_name;
1176
1177 if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name) ||
1178 CBS_len(&proto_name) == 0)
1179 goto parse_error;
1180 }
1181
1182 r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
1183 CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg);
1184 if (r == SSL_TLSEXT_ERR_OK) {
1185 free(s->s3->alpn_selected);
1186 if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) {
1187 *al = SSL_AD_INTERNAL_ERROR;
1188 return (-1);
1189 }
1190 memcpy(s->s3->alpn_selected, selected, selected_len);
1191 s->s3->alpn_selected_len = selected_len;
1192 }
1193
1194 return (1);
1195
1196parse_error:
1197 *al = SSL_AD_DECODE_ERROR;
1198 return (0);
1199}
1200
1201int
1202ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1203 int n, int *al)
1204{
1205 unsigned short type;
1206 unsigned short size;
1207 unsigned short len;
1208 unsigned char *data = *p;
1209 int renegotiate_seen = 0;
1210 int sigalg_seen = 0;
1211
1212 s->servername_done = 0;
1213 s->tlsext_status_type = -1;
1214 s->s3->next_proto_neg_seen = 0;
1215 free(s->s3->alpn_selected);
1216 s->s3->alpn_selected = NULL;
1217
1218 if (data >= (d + n - 2))
1219 goto ri_check;
1220 n2s(data, len);
1221
1222 if (data > (d + n - len))
1223 goto ri_check;
1224
1225 while (data <= (d + n - 4)) {
1226 n2s(data, type);
1227 n2s(data, size);
1228
1229 if (data + size > (d + n))
1230 goto ri_check;
1231 if (s->tlsext_debug_cb)
1232 s->tlsext_debug_cb(s, 0, type, data, size,
1233 s->tlsext_debug_arg);
1234/* The servername extension is treated as follows:
1235
1236 - Only the hostname type is supported with a maximum length of 255.
1237 - The servername is rejected if too long or if it contains zeros,
1238 in which case an fatal alert is generated.
1239 - The servername field is maintained together with the session cache.
1240 - When a session is resumed, the servername call back invoked in order
1241 to allow the application to position itself to the right context.
1242 - The servername is acknowledged if it is new for a session or when
1243 it is identical to a previously used for the same session.
1244 Applications can control the behaviour. They can at any time
1245 set a 'desirable' servername for a new SSL object. This can be the
1246 case for example with HTTPS when a Host: header field is received and
1247 a renegotiation is requested. In this case, a possible servername
1248 presented in the new client hello is only acknowledged if it matches
1249 the value of the Host: field.
1250 - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
1251 if they provide for changing an explicit servername context for the session,
1252 i.e. when the session has been established with a servername extension.
1253 - On session reconnect, the servername extension may be absent.
1254
1255*/
1256
1257 if (type == TLSEXT_TYPE_server_name) {
1258 unsigned char *sdata;
1259 int servname_type;
1260 int dsize;
1261
1262 if (size < 2) {
1263 *al = SSL_AD_DECODE_ERROR;
1264 return 0;
1265 }
1266 n2s(data, dsize);
1267
1268 size -= 2;
1269 if (dsize > size) {
1270 *al = SSL_AD_DECODE_ERROR;
1271 return 0;
1272 }
1273
1274 sdata = data;
1275 while (dsize > 3) {
1276 servname_type = *(sdata++);
1277
1278 n2s(sdata, len);
1279 dsize -= 3;
1280
1281 if (len > dsize) {
1282 *al = SSL_AD_DECODE_ERROR;
1283 return 0;
1284 }
1285 if (s->servername_done == 0)
1286 switch (servname_type) {
1287 case TLSEXT_NAMETYPE_host_name:
1288 if (!s->hit) {
1289 if (s->session->tlsext_hostname) {
1290 *al = SSL_AD_DECODE_ERROR;
1291 return 0;
1292 }
1293 if (len > TLSEXT_MAXLEN_host_name) {
1294 *al = TLS1_AD_UNRECOGNIZED_NAME;
1295 return 0;
1296 }
1297 if ((s->session->tlsext_hostname =
1298 malloc(len + 1)) == NULL) {
1299 *al = TLS1_AD_INTERNAL_ERROR;
1300 return 0;
1301 }
1302 memcpy(s->session->tlsext_hostname, sdata, len);
1303 s->session->tlsext_hostname[len] = '\0';
1304 if (strlen(s->session->tlsext_hostname) != len) {
1305 free(s->session->tlsext_hostname);
1306 s->session->tlsext_hostname = NULL;
1307 *al = TLS1_AD_UNRECOGNIZED_NAME;
1308 return 0;
1309 }
1310 s->servername_done = 1;
1311
1312
1313 } else {
1314 s->servername_done = s->session->tlsext_hostname &&
1315 strlen(s->session->tlsext_hostname) == len &&
1316 strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
1317 }
1318 break;
1319
1320 default:
1321 break;
1322 }
1323
1324 dsize -= len;
1325 }
1326 if (dsize != 0) {
1327 *al = SSL_AD_DECODE_ERROR;
1328 return 0;
1329 }
1330
1331 }
1332
1333 else if (type == TLSEXT_TYPE_ec_point_formats &&
1334 s->version != DTLS1_VERSION) {
1335 unsigned char *sdata = data;
1336 size_t formatslen;
1337 uint8_t *formats;
1338
1339 if (size < 1) {
1340 *al = TLS1_AD_DECODE_ERROR;
1341 return 0;
1342 }
1343 formatslen = *(sdata++);
1344 if (formatslen != size - 1) {
1345 *al = TLS1_AD_DECODE_ERROR;
1346 return 0;
1347 }
1348
1349 if (!s->hit) {
1350 free(s->session->tlsext_ecpointformatlist);
1351 s->session->tlsext_ecpointformatlist = NULL;
1352 s->session->tlsext_ecpointformatlist_length = 0;
1353
1354 if ((formats = reallocarray(NULL, formatslen,
1355 sizeof(uint8_t))) == NULL) {
1356 *al = TLS1_AD_INTERNAL_ERROR;
1357 return 0;
1358 }
1359 memcpy(formats, sdata, formatslen);
1360 s->session->tlsext_ecpointformatlist = formats;
1361 s->session->tlsext_ecpointformatlist_length =
1362 formatslen;
1363 }
1364 } else if (type == TLSEXT_TYPE_elliptic_curves &&
1365 s->version != DTLS1_VERSION) {
1366 unsigned char *sdata = data;
1367 size_t curveslen, i;
1368 uint16_t *curves;
1369
1370 if (size < 2) {
1371 *al = TLS1_AD_DECODE_ERROR;
1372 return 0;
1373 }
1374 n2s(sdata, curveslen);
1375 if (curveslen != size - 2 || curveslen % 2 != 0) {
1376 *al = TLS1_AD_DECODE_ERROR;
1377 return 0;
1378 }
1379 curveslen /= 2;
1380
1381 if (!s->hit) {
1382 if (s->session->tlsext_ellipticcurvelist) {
1383 *al = TLS1_AD_DECODE_ERROR;
1384 return 0;
1385 }
1386 s->session->tlsext_ellipticcurvelist_length = 0;
1387 if ((curves = reallocarray(NULL, curveslen,
1388 sizeof(uint16_t))) == NULL) {
1389 *al = TLS1_AD_INTERNAL_ERROR;
1390 return 0;
1391 }
1392 for (i = 0; i < curveslen; i++)
1393 n2s(sdata, curves[i]);
1394 s->session->tlsext_ellipticcurvelist = curves;
1395 s->session->tlsext_ellipticcurvelist_length = curveslen;
1396 }
1397 }
1398 else if (type == TLSEXT_TYPE_session_ticket) {
1399 if (s->tls_session_ticket_ext_cb &&
1400 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
1401 *al = TLS1_AD_INTERNAL_ERROR;
1402 return 0;
1403 }
1404 } else if (type == TLSEXT_TYPE_renegotiate) {
1405 if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
1406 return 0;
1407 renegotiate_seen = 1;
1408 } else if (type == TLSEXT_TYPE_signature_algorithms) {
1409 int dsize;
1410 if (sigalg_seen || size < 2) {
1411 *al = SSL_AD_DECODE_ERROR;
1412 return 0;
1413 }
1414 sigalg_seen = 1;
1415 n2s(data, dsize);
1416 size -= 2;
1417 if (dsize != size || dsize & 1) {
1418 *al = SSL_AD_DECODE_ERROR;
1419 return 0;
1420 }
1421 if (!tls1_process_sigalgs(s, data, dsize)) {
1422 *al = SSL_AD_DECODE_ERROR;
1423 return 0;
1424 }
1425 } else if (type == TLSEXT_TYPE_status_request &&
1426 s->version != DTLS1_VERSION) {
1427
1428 if (size < 5) {
1429 *al = SSL_AD_DECODE_ERROR;
1430 return 0;
1431 }
1432
1433 s->tlsext_status_type = *data++;
1434 size--;
1435 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
1436 const unsigned char *sdata;
1437 int dsize;
1438 /* Read in responder_id_list */
1439 n2s(data, dsize);
1440 size -= 2;
1441 if (dsize > size ) {
1442 *al = SSL_AD_DECODE_ERROR;
1443 return 0;
1444 }
1445 while (dsize > 0) {
1446 OCSP_RESPID *id;
1447 int idsize;
1448 if (dsize < 4) {
1449 *al = SSL_AD_DECODE_ERROR;
1450 return 0;
1451 }
1452 n2s(data, idsize);
1453 dsize -= 2 + idsize;
1454 size -= 2 + idsize;
1455 if (dsize < 0) {
1456 *al = SSL_AD_DECODE_ERROR;
1457 return 0;
1458 }
1459 sdata = data;
1460 data += idsize;
1461 id = d2i_OCSP_RESPID(NULL,
1462 &sdata, idsize);
1463 if (!id) {
1464 *al = SSL_AD_DECODE_ERROR;
1465 return 0;
1466 }
1467 if (data != sdata) {
1468 OCSP_RESPID_free(id);
1469 *al = SSL_AD_DECODE_ERROR;
1470 return 0;
1471 }
1472 if (!s->tlsext_ocsp_ids &&
1473 !(s->tlsext_ocsp_ids =
1474 sk_OCSP_RESPID_new_null())) {
1475 OCSP_RESPID_free(id);
1476 *al = SSL_AD_INTERNAL_ERROR;
1477 return 0;
1478 }
1479 if (!sk_OCSP_RESPID_push(
1480 s->tlsext_ocsp_ids, id)) {
1481 OCSP_RESPID_free(id);
1482 *al = SSL_AD_INTERNAL_ERROR;
1483 return 0;
1484 }
1485 }
1486
1487 /* Read in request_extensions */
1488 if (size < 2) {
1489 *al = SSL_AD_DECODE_ERROR;
1490 return 0;
1491 }
1492 n2s(data, dsize);
1493 size -= 2;
1494 if (dsize != size) {
1495 *al = SSL_AD_DECODE_ERROR;
1496 return 0;
1497 }
1498 sdata = data;
1499 if (dsize > 0) {
1500 if (s->tlsext_ocsp_exts) {
1501 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
1502 X509_EXTENSION_free);
1503 }
1504
1505 s->tlsext_ocsp_exts =
1506 d2i_X509_EXTENSIONS(NULL,
1507 &sdata, dsize);
1508 if (!s->tlsext_ocsp_exts ||
1509 (data + dsize != sdata)) {
1510 *al = SSL_AD_DECODE_ERROR;
1511 return 0;
1512 }
1513 }
1514 } else {
1515 /* We don't know what to do with any other type
1516 * so ignore it.
1517 */
1518 s->tlsext_status_type = -1;
1519 }
1520 }
1521 else if (type == TLSEXT_TYPE_next_proto_neg &&
1522 s->s3->tmp.finish_md_len == 0 &&
1523 s->s3->alpn_selected == NULL) {
1524 /* We shouldn't accept this extension on a
1525 * renegotiation.
1526 *
1527 * s->new_session will be set on renegotiation, but we
1528 * probably shouldn't rely that it couldn't be set on
1529 * the initial renegotation too in certain cases (when
1530 * there's some other reason to disallow resuming an
1531 * earlier session -- the current code won't be doing
1532 * anything like that, but this might change).
1533
1534 * A valid sign that there's been a previous handshake
1535 * in this connection is if s->s3->tmp.finish_md_len >
1536 * 0. (We are talking about a check that will happen
1537 * in the Hello protocol round, well before a new
1538 * Finished message could have been computed.) */
1539 s->s3->next_proto_neg_seen = 1;
1540 }
1541 else if (type ==
1542 TLSEXT_TYPE_application_layer_protocol_negotiation &&
1543 s->ctx->alpn_select_cb != NULL &&
1544 s->s3->tmp.finish_md_len == 0) {
1545 if (tls1_alpn_handle_client_hello(s, data,
1546 size, al) != 1)
1547 return (0);
1548 /* ALPN takes precedence over NPN. */
1549 s->s3->next_proto_neg_seen = 0;
1550 }
1551
1552 /* session ticket processed earlier */
1553#ifndef OPENSSL_NO_SRTP
1554 else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
1555 if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
1556 return 0;
1557 }
1558#endif
1559
1560 data += size;
1561 }
1562
1563 *p = data;
1564
1565ri_check:
1566
1567 /* Need RI if renegotiating */
1568
1569 if (!renegotiate_seen && s->renegotiate) {
1570 *al = SSL_AD_HANDSHAKE_FAILURE;
1571 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
1572 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1573 return 0;
1574 }
1575
1576 return 1;
1577}
1578
1579/*
1580 * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
1581 * elements of zero length are allowed and the set of elements must exactly fill
1582 * the length of the block.
1583 */
1584static char
1585ssl_next_proto_validate(const unsigned char *d, unsigned int len)
1586{
1587 CBS npn, value;
1588
1589 CBS_init(&npn, d, len);
1590 while (CBS_len(&npn) > 0) {
1591 if (!CBS_get_u8_length_prefixed(&npn, &value) ||
1592 CBS_len(&value) == 0)
1593 return 0;
1594 }
1595 return 1;
1596}
1597
1598int
1599ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1600 int n, int *al)
1601{
1602 unsigned short length;
1603 unsigned short type;
1604 unsigned short size;
1605 unsigned char *data = *p;
1606 int tlsext_servername = 0;
1607 int renegotiate_seen = 0;
1608
1609 s->s3->next_proto_neg_seen = 0;
1610 free(s->s3->alpn_selected);
1611 s->s3->alpn_selected = NULL;
1612
1613 if (data >= (d + n - 2))
1614 goto ri_check;
1615
1616 n2s(data, length);
1617 if (data + length != d + n) {
1618 *al = SSL_AD_DECODE_ERROR;
1619 return 0;
1620 }
1621
1622 while (data <= (d + n - 4)) {
1623 n2s(data, type);
1624 n2s(data, size);
1625
1626 if (data + size > (d + n))
1627 goto ri_check;
1628
1629 if (s->tlsext_debug_cb)
1630 s->tlsext_debug_cb(s, 1, type, data, size,
1631 s->tlsext_debug_arg);
1632
1633 if (type == TLSEXT_TYPE_server_name) {
1634 if (s->tlsext_hostname == NULL || size > 0) {
1635 *al = TLS1_AD_UNRECOGNIZED_NAME;
1636 return 0;
1637 }
1638 tlsext_servername = 1;
1639
1640 }
1641 else if (type == TLSEXT_TYPE_ec_point_formats &&
1642 s->version != DTLS1_VERSION) {
1643 unsigned char *sdata = data;
1644 size_t formatslen;
1645 uint8_t *formats;
1646
1647 if (size < 1) {
1648 *al = TLS1_AD_DECODE_ERROR;
1649 return 0;
1650 }
1651 formatslen = *(sdata++);
1652 if (formatslen != size - 1) {
1653 *al = TLS1_AD_DECODE_ERROR;
1654 return 0;
1655 }
1656
1657 if (!s->hit) {
1658 free(s->session->tlsext_ecpointformatlist);
1659 s->session->tlsext_ecpointformatlist = NULL;
1660 s->session->tlsext_ecpointformatlist_length = 0;
1661
1662 if ((formats = reallocarray(NULL, formatslen,
1663 sizeof(uint8_t))) == NULL) {
1664 *al = TLS1_AD_INTERNAL_ERROR;
1665 return 0;
1666 }
1667 memcpy(formats, sdata, formatslen);
1668 s->session->tlsext_ecpointformatlist = formats;
1669 s->session->tlsext_ecpointformatlist_length =
1670 formatslen;
1671 }
1672 }
1673 else if (type == TLSEXT_TYPE_session_ticket) {
1674 if (s->tls_session_ticket_ext_cb &&
1675 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
1676 *al = TLS1_AD_INTERNAL_ERROR;
1677 return 0;
1678 }
1679 if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) {
1680 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1681 return 0;
1682 }
1683 s->tlsext_ticket_expected = 1;
1684 }
1685 else if (type == TLSEXT_TYPE_status_request &&
1686 s->version != DTLS1_VERSION) {
1687 /* MUST be empty and only sent if we've requested
1688 * a status request message.
1689 */
1690 if ((s->tlsext_status_type == -1) || (size > 0)) {
1691 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1692 return 0;
1693 }
1694 /* Set flag to expect CertificateStatus message */
1695 s->tlsext_status_expected = 1;
1696 }
1697 else if (type == TLSEXT_TYPE_next_proto_neg &&
1698 s->s3->tmp.finish_md_len == 0) {
1699 unsigned char *selected;
1700 unsigned char selected_len;
1701
1702 /* We must have requested it. */
1703 if (s->ctx->next_proto_select_cb == NULL) {
1704 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1705 return 0;
1706 }
1707 /* The data must be valid */
1708 if (!ssl_next_proto_validate(data, size)) {
1709 *al = TLS1_AD_DECODE_ERROR;
1710 return 0;
1711 }
1712 if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) {
1713 *al = TLS1_AD_INTERNAL_ERROR;
1714 return 0;
1715 }
1716 s->next_proto_negotiated = malloc(selected_len);
1717 if (!s->next_proto_negotiated) {
1718 *al = TLS1_AD_INTERNAL_ERROR;
1719 return 0;
1720 }
1721 memcpy(s->next_proto_negotiated, selected, selected_len);
1722 s->next_proto_negotiated_len = selected_len;
1723 s->s3->next_proto_neg_seen = 1;
1724 }
1725 else if (type ==
1726 TLSEXT_TYPE_application_layer_protocol_negotiation) {
1727 unsigned int len;
1728
1729 /* We must have requested it. */
1730 if (s->alpn_client_proto_list == NULL) {
1731 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1732 return 0;
1733 }
1734 if (size < 4) {
1735 *al = TLS1_AD_DECODE_ERROR;
1736 return (0);
1737 }
1738
1739 /* The extension data consists of:
1740 * uint16 list_length
1741 * uint8 proto_length;
1742 * uint8 proto[proto_length]; */
1743 len = ((unsigned int)data[0]) << 8 |
1744 ((unsigned int)data[1]);
1745 if (len != (unsigned int)size - 2) {
1746 *al = TLS1_AD_DECODE_ERROR;
1747 return (0);
1748 }
1749 len = data[2];
1750 if (len != (unsigned int)size - 3) {
1751 *al = TLS1_AD_DECODE_ERROR;
1752 return (0);
1753 }
1754 free(s->s3->alpn_selected);
1755 s->s3->alpn_selected = malloc(len);
1756 if (s->s3->alpn_selected == NULL) {
1757 *al = TLS1_AD_INTERNAL_ERROR;
1758 return (0);
1759 }
1760 memcpy(s->s3->alpn_selected, data + 3, len);
1761 s->s3->alpn_selected_len = len;
1762
1763 } else if (type == TLSEXT_TYPE_renegotiate) {
1764 if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1765 return 0;
1766 renegotiate_seen = 1;
1767 }
1768#ifndef OPENSSL_NO_SRTP
1769 else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
1770 if (ssl_parse_serverhello_use_srtp_ext(s, data,
1771 size, al))
1772 return 0;
1773 }
1774#endif
1775
1776 data += size;
1777
1778 }
1779
1780 if (data != d + n) {
1781 *al = SSL_AD_DECODE_ERROR;
1782 return 0;
1783 }
1784
1785 if (!s->hit && tlsext_servername == 1) {
1786 if (s->tlsext_hostname) {
1787 if (s->session->tlsext_hostname == NULL) {
1788 s->session->tlsext_hostname =
1789 strdup(s->tlsext_hostname);
1790
1791 if (!s->session->tlsext_hostname) {
1792 *al = SSL_AD_UNRECOGNIZED_NAME;
1793 return 0;
1794 }
1795 } else {
1796 *al = SSL_AD_DECODE_ERROR;
1797 return 0;
1798 }
1799 }
1800 }
1801
1802 *p = data;
1803
1804ri_check:
1805
1806 /* Determine if we need to see RI. Strictly speaking if we want to
1807 * avoid an attack we should *always* see RI even on initial server
1808 * hello because the client doesn't see any renegotiation during an
1809 * attack. However this would mean we could not connect to any server
1810 * which doesn't support RI so for the immediate future tolerate RI
1811 * absence on initial connect only.
1812 */
1813 if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1814 *al = SSL_AD_HANDSHAKE_FAILURE;
1815 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
1816 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1817 return 0;
1818 }
1819
1820 return 1;
1821}
1822
1823int
1824ssl_check_clienthello_tlsext_early(SSL *s)
1825{
1826 int ret = SSL_TLSEXT_ERR_NOACK;
1827 int al = SSL_AD_UNRECOGNIZED_NAME;
1828
1829 /* The handling of the ECPointFormats extension is done elsewhere, namely in
1830 * ssl3_choose_cipher in s3_lib.c.
1831 */
1832 /* The handling of the EllipticCurves extension is done elsewhere, namely in
1833 * ssl3_choose_cipher in s3_lib.c.
1834 */
1835
1836 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1837 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1838 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1839 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1840
1841 switch (ret) {
1842 case SSL_TLSEXT_ERR_ALERT_FATAL:
1843 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1844 return -1;
1845 case SSL_TLSEXT_ERR_ALERT_WARNING:
1846 ssl3_send_alert(s, SSL3_AL_WARNING, al);
1847 return 1;
1848 case SSL_TLSEXT_ERR_NOACK:
1849 s->servername_done = 0;
1850 default:
1851 return 1;
1852 }
1853}
1854
1855int
1856ssl_check_clienthello_tlsext_late(SSL *s)
1857{
1858 int ret = SSL_TLSEXT_ERR_OK;
1859 int al = 0; /* XXX gcc3 */
1860
1861 /* If status request then ask callback what to do.
1862 * Note: this must be called after servername callbacks in case
1863 * the certificate has changed, and must be called after the cipher
1864 * has been chosen because this may influence which certificate is sent
1865 */
1866 if ((s->tlsext_status_type != -1) &&
1867 s->ctx && s->ctx->tlsext_status_cb) {
1868 int r;
1869 CERT_PKEY *certpkey;
1870 certpkey = ssl_get_server_send_pkey(s);
1871 /* If no certificate can't return certificate status */
1872 if (certpkey == NULL) {
1873 s->tlsext_status_expected = 0;
1874 return 1;
1875 }
1876 /* Set current certificate to one we will use so
1877 * SSL_get_certificate et al can pick it up.
1878 */
1879 s->cert->key = certpkey;
1880 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1881 switch (r) {
1882 /* We don't want to send a status request response */
1883 case SSL_TLSEXT_ERR_NOACK:
1884 s->tlsext_status_expected = 0;
1885 break;
1886 /* status request response should be sent */
1887 case SSL_TLSEXT_ERR_OK:
1888 if (s->tlsext_ocsp_resp)
1889 s->tlsext_status_expected = 1;
1890 else
1891 s->tlsext_status_expected = 0;
1892 break;
1893 /* something bad happened */
1894 case SSL_TLSEXT_ERR_ALERT_FATAL:
1895 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1896 al = SSL_AD_INTERNAL_ERROR;
1897 goto err;
1898 }
1899 } else
1900 s->tlsext_status_expected = 0;
1901
1902err:
1903 switch (ret) {
1904 case SSL_TLSEXT_ERR_ALERT_FATAL:
1905 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1906 return -1;
1907 case SSL_TLSEXT_ERR_ALERT_WARNING:
1908 ssl3_send_alert(s, SSL3_AL_WARNING, al);
1909 return 1;
1910 default:
1911 return 1;
1912 }
1913}
1914
1915int
1916ssl_check_serverhello_tlsext(SSL *s)
1917{
1918 int ret = SSL_TLSEXT_ERR_NOACK;
1919 int al = SSL_AD_UNRECOGNIZED_NAME;
1920
1921 /* If we are client and using an elliptic curve cryptography cipher
1922 * suite, then if server returns an EC point formats lists extension
1923 * it must contain uncompressed.
1924 */
1925 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1926 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1927 if ((s->tlsext_ecpointformatlist != NULL) &&
1928 (s->tlsext_ecpointformatlist_length > 0) &&
1929 (s->session->tlsext_ecpointformatlist != NULL) &&
1930 (s->session->tlsext_ecpointformatlist_length > 0) &&
1931 ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
1932 /* we are using an ECC cipher */
1933 size_t i;
1934 unsigned char *list;
1935 int found_uncompressed = 0;
1936 list = s->session->tlsext_ecpointformatlist;
1937 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
1938 if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
1939 found_uncompressed = 1;
1940 break;
1941 }
1942 }
1943 if (!found_uncompressed) {
1944 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1945 return -1;
1946 }
1947 }
1948 ret = SSL_TLSEXT_ERR_OK;
1949
1950 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1951 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1952 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1953 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1954
1955 /* If we've requested certificate status and we wont get one
1956 * tell the callback
1957 */
1958 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
1959 s->ctx && s->ctx->tlsext_status_cb) {
1960 int r;
1961 /* Set resp to NULL, resplen to -1 so callback knows
1962 * there is no response.
1963 */
1964 free(s->tlsext_ocsp_resp);
1965 s->tlsext_ocsp_resp = NULL;
1966 s->tlsext_ocsp_resplen = -1;
1967 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1968 if (r == 0) {
1969 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1970 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1971 }
1972 if (r < 0) {
1973 al = SSL_AD_INTERNAL_ERROR;
1974 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1975 }
1976 }
1977
1978 switch (ret) {
1979 case SSL_TLSEXT_ERR_ALERT_FATAL:
1980 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1981
1982 return -1;
1983 case SSL_TLSEXT_ERR_ALERT_WARNING:
1984 ssl3_send_alert(s, SSL3_AL_WARNING, al);
1985
1986 return 1;
1987 case SSL_TLSEXT_ERR_NOACK:
1988 s->servername_done = 0;
1989 default:
1990 return 1;
1991 }
1992}
1993
1994/* Since the server cache lookup is done early on in the processing of the
1995 * ClientHello, and other operations depend on the result, we need to handle
1996 * any TLS session ticket extension at the same time.
1997 *
1998 * session_id: points at the session ID in the ClientHello. This code will
1999 * read past the end of this in order to parse out the session ticket
2000 * extension, if any.
2001 * len: the length of the session ID.
2002 * limit: a pointer to the first byte after the ClientHello.
2003 * ret: (output) on return, if a ticket was decrypted, then this is set to
2004 * point to the resulting session.
2005 *
2006 * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
2007 * ciphersuite, in which case we have no use for session tickets and one will
2008 * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
2009 *
2010 * Returns:
2011 * -1: fatal error, either from parsing or decrypting the ticket.
2012 * 0: no ticket was found (or was ignored, based on settings).
2013 * 1: a zero length extension was found, indicating that the client supports
2014 * session tickets but doesn't currently have one to offer.
2015 * 2: either s->tls_session_secret_cb was set, or a ticket was offered but
2016 * couldn't be decrypted because of a non-fatal error.
2017 * 3: a ticket was successfully decrypted and *ret was set.
2018 *
2019 * Side effects:
2020 * Sets s->tlsext_ticket_expected to 1 if the server will have to issue
2021 * a new session ticket to the client because the client indicated support
2022 * (and s->tls_session_secret_cb is NULL) but the client either doesn't have
2023 * a session ticket or we couldn't use the one it gave us, or if
2024 * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
2025 * Otherwise, s->tlsext_ticket_expected is set to 0.
2026 */
2027int
2028tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
2029 const unsigned char *limit, SSL_SESSION **ret)
2030{
2031 /* Point after session ID in client hello */
2032 CBS session_id, cookie, cipher_list, compress_algo, extensions;
2033
2034 *ret = NULL;
2035 s->tlsext_ticket_expected = 0;
2036
2037 /* If tickets disabled behave as if no ticket present
2038 * to permit stateful resumption.
2039 */
2040 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
2041 return 0;
2042 if (!limit)
2043 return 0;
2044
2045 if (limit < session)
2046 return -1;
2047
2048 CBS_init(&session_id, session, limit - session);
2049
2050 /* Skip past the session id */
2051 if (!CBS_skip(&session_id, session_len))
2052 return -1;
2053
2054 /* Skip past DTLS cookie */
2055 if (SSL_IS_DTLS(s)) {
2056 if (!CBS_get_u8_length_prefixed(&session_id, &cookie))
2057 return -1;
2058 }
2059
2060 /* Skip past cipher list */
2061 if (!CBS_get_u16_length_prefixed(&session_id, &cipher_list))
2062 return -1;
2063
2064 /* Skip past compression algorithm list */
2065 if (!CBS_get_u8_length_prefixed(&session_id, &compress_algo))
2066 return -1;
2067
2068 /* Now at start of extensions */
2069 if (CBS_len(&session_id) == 0)
2070 return 0;
2071 if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
2072 return -1;
2073
2074 while (CBS_len(&extensions) > 0) {
2075 CBS ext_data;
2076 uint16_t ext_type;
2077
2078 if (!CBS_get_u16(&extensions, &ext_type) ||
2079 !CBS_get_u16_length_prefixed(&extensions, &ext_data))
2080 return -1;
2081
2082 if (ext_type == TLSEXT_TYPE_session_ticket) {
2083 int r;
2084 if (CBS_len(&ext_data) == 0) {
2085 /* The client will accept a ticket but doesn't
2086 * currently have one. */
2087 s->tlsext_ticket_expected = 1;
2088 return 1;
2089 }
2090 if (s->tls_session_secret_cb) {
2091 /* Indicate that the ticket couldn't be
2092 * decrypted rather than generating the session
2093 * from ticket now, trigger abbreviated
2094 * handshake based on external mechanism to
2095 * calculate the master secret later. */
2096 return 2;
2097 }
2098
2099 r = tls_decrypt_ticket(s, CBS_data(&ext_data),
2100 CBS_len(&ext_data), session, session_len, ret);
2101
2102 switch (r) {
2103 case 2: /* ticket couldn't be decrypted */
2104 s->tlsext_ticket_expected = 1;
2105 return 2;
2106 case 3: /* ticket was decrypted */
2107 return r;
2108 case 4: /* ticket decrypted but need to renew */
2109 s->tlsext_ticket_expected = 1;
2110 return 3;
2111 default: /* fatal error */
2112 return -1;
2113 }
2114 }
2115 }
2116 return 0;
2117}
2118
2119/* tls_decrypt_ticket attempts to decrypt a session ticket.
2120 *
2121 * etick: points to the body of the session ticket extension.
2122 * eticklen: the length of the session tickets extenion.
2123 * sess_id: points at the session ID.
2124 * sesslen: the length of the session ID.
2125 * psess: (output) on return, if a ticket was decrypted, then this is set to
2126 * point to the resulting session.
2127 *
2128 * Returns:
2129 * -1: fatal error, either from parsing or decrypting the ticket.
2130 * 2: the ticket couldn't be decrypted.
2131 * 3: a ticket was successfully decrypted and *psess was set.
2132 * 4: same as 3, but the ticket needs to be renewed.
2133 */
2134static int
2135tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
2136 const unsigned char *sess_id, int sesslen, SSL_SESSION **psess)
2137{
2138 SSL_SESSION *sess;
2139 unsigned char *sdec;
2140 const unsigned char *p;
2141 int slen, mlen, renew_ticket = 0;
2142 unsigned char tick_hmac[EVP_MAX_MD_SIZE];
2143 HMAC_CTX hctx;
2144 EVP_CIPHER_CTX ctx;
2145 SSL_CTX *tctx = s->initial_ctx;
2146 /* Need at least keyname + iv + some encrypted data */
2147 if (eticklen < 48)
2148 return 2;
2149 /* Initialize session ticket encryption and HMAC contexts */
2150 HMAC_CTX_init(&hctx);
2151 EVP_CIPHER_CTX_init(&ctx);
2152 if (tctx->tlsext_ticket_key_cb) {
2153 unsigned char *nctick = (unsigned char *)etick;
2154 int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
2155 &ctx, &hctx, 0);
2156 if (rv < 0) {
2157 EVP_CIPHER_CTX_cleanup(&ctx);
2158 return -1;
2159 }
2160 if (rv == 0) {
2161 EVP_CIPHER_CTX_cleanup(&ctx);
2162 return 2;
2163 }
2164 if (rv == 2)
2165 renew_ticket = 1;
2166 } else {
2167 /* Check key name matches */
2168 if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16))
2169 return 2;
2170 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2171 tlsext_tick_md(), NULL);
2172 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2173 tctx->tlsext_tick_aes_key, etick + 16);
2174 }
2175 /* Attempt to process session ticket, first conduct sanity and
2176 * integrity checks on ticket.
2177 */
2178 mlen = HMAC_size(&hctx);
2179 if (mlen < 0) {
2180 EVP_CIPHER_CTX_cleanup(&ctx);
2181 return -1;
2182 }
2183 eticklen -= mlen;
2184 /* Check HMAC of encrypted ticket */
2185 HMAC_Update(&hctx, etick, eticklen);
2186 HMAC_Final(&hctx, tick_hmac, NULL);
2187 HMAC_CTX_cleanup(&hctx);
2188 if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) {
2189 EVP_CIPHER_CTX_cleanup(&ctx);
2190 return 2;
2191 }
2192 /* Attempt to decrypt session data */
2193 /* Move p after IV to start of encrypted ticket, update length */
2194 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2195 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2196 sdec = malloc(eticklen);
2197 if (!sdec) {
2198 EVP_CIPHER_CTX_cleanup(&ctx);
2199 return -1;
2200 }
2201 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
2202 if (EVP_DecryptFinal_ex(&ctx, sdec + slen, &mlen) <= 0) {
2203 free(sdec);
2204 EVP_CIPHER_CTX_cleanup(&ctx);
2205 return 2;
2206 }
2207 slen += mlen;
2208 EVP_CIPHER_CTX_cleanup(&ctx);
2209 p = sdec;
2210
2211 sess = d2i_SSL_SESSION(NULL, &p, slen);
2212 free(sdec);
2213 if (sess) {
2214 /* The session ID, if non-empty, is used by some clients to
2215 * detect that the ticket has been accepted. So we copy it to
2216 * the session structure. If it is empty set length to zero
2217 * as required by standard.
2218 */
2219 if (sesslen)
2220 memcpy(sess->session_id, sess_id, sesslen);
2221 sess->session_id_length = sesslen;
2222 *psess = sess;
2223 if (renew_ticket)
2224 return 4;
2225 else
2226 return 3;
2227 }
2228 ERR_clear_error();
2229 /* For session parse failure, indicate that we need to send a new
2230 * ticket. */
2231 return 2;
2232}
2233
2234/* Tables to translate from NIDs to TLS v1.2 ids */
2235
2236typedef struct {
2237 int nid;
2238 int id;
2239} tls12_lookup;
2240
2241static tls12_lookup tls12_md[] = {
2242 {NID_md5, TLSEXT_hash_md5},
2243 {NID_sha1, TLSEXT_hash_sha1},
2244 {NID_sha224, TLSEXT_hash_sha224},
2245 {NID_sha256, TLSEXT_hash_sha256},
2246 {NID_sha384, TLSEXT_hash_sha384},
2247 {NID_sha512, TLSEXT_hash_sha512},
2248 {NID_id_GostR3411_94, TLSEXT_hash_gost94},
2249 {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256},
2250 {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512}
2251};
2252
2253static tls12_lookup tls12_sig[] = {
2254 {EVP_PKEY_RSA, TLSEXT_signature_rsa},
2255 {EVP_PKEY_DSA, TLSEXT_signature_dsa},
2256 {EVP_PKEY_EC, TLSEXT_signature_ecdsa},
2257 {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01},
2258};
2259
2260static int
2261tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
2262{
2263 size_t i;
2264 for (i = 0; i < tlen; i++) {
2265 if (table[i].nid == nid)
2266 return table[i].id;
2267 }
2268 return -1;
2269}
2270
2271int
2272tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
2273{
2274 int sig_id, md_id;
2275 if (!md)
2276 return 0;
2277 md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
2278 sizeof(tls12_md) / sizeof(tls12_lookup));
2279 if (md_id == -1)
2280 return 0;
2281 sig_id = tls12_get_sigid(pk);
2282 if (sig_id == -1)
2283 return 0;
2284 p[0] = (unsigned char)md_id;
2285 p[1] = (unsigned char)sig_id;
2286 return 1;
2287}
2288
2289int
2290tls12_get_sigid(const EVP_PKEY *pk)
2291{
2292 return tls12_find_id(pk->type, tls12_sig,
2293 sizeof(tls12_sig) / sizeof(tls12_lookup));
2294}
2295
2296const EVP_MD *
2297tls12_get_hash(unsigned char hash_alg)
2298{
2299 switch (hash_alg) {
2300 case TLSEXT_hash_sha1:
2301 return EVP_sha1();
2302 case TLSEXT_hash_sha224:
2303 return EVP_sha224();
2304 case TLSEXT_hash_sha256:
2305 return EVP_sha256();
2306 case TLSEXT_hash_sha384:
2307 return EVP_sha384();
2308 case TLSEXT_hash_sha512:
2309 return EVP_sha512();
2310#ifndef OPENSSL_NO_GOST
2311 case TLSEXT_hash_gost94:
2312 return EVP_gostr341194();
2313 case TLSEXT_hash_streebog_256:
2314 return EVP_streebog256();
2315 case TLSEXT_hash_streebog_512:
2316 return EVP_streebog512();
2317#endif
2318 default:
2319 return NULL;
2320 }
2321}
2322
2323/* Set preferred digest for each key type */
2324
2325int
2326tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2327{
2328 int idx;
2329 const EVP_MD *md;
2330 CERT *c = s->cert;
2331 CBS cbs;
2332
2333 /* Extension ignored for inappropriate versions */
2334 if (!SSL_USE_SIGALGS(s))
2335 return 1;
2336
2337 /* Should never happen */
2338 if (!c || dsize < 0)
2339 return 0;
2340
2341 CBS_init(&cbs, data, dsize);
2342
2343 c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
2344 c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
2345 c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
2346 c->pkeys[SSL_PKEY_ECC].digest = NULL;
2347 c->pkeys[SSL_PKEY_GOST01].digest = NULL;
2348
2349 while (CBS_len(&cbs) > 0) {
2350 uint8_t hash_alg, sig_alg;
2351
2352 if (!CBS_get_u8(&cbs, &hash_alg) ||
2353 !CBS_get_u8(&cbs, &sig_alg)) {
2354 /* Should never happen */
2355 return 0;
2356 }
2357
2358 switch (sig_alg) {
2359 case TLSEXT_signature_rsa:
2360 idx = SSL_PKEY_RSA_SIGN;
2361 break;
2362 case TLSEXT_signature_dsa:
2363 idx = SSL_PKEY_DSA_SIGN;
2364 break;
2365 case TLSEXT_signature_ecdsa:
2366 idx = SSL_PKEY_ECC;
2367 break;
2368 case TLSEXT_signature_gostr01:
2369 case TLSEXT_signature_gostr12_256:
2370 case TLSEXT_signature_gostr12_512:
2371 idx = SSL_PKEY_GOST01;
2372 break;
2373 default:
2374 continue;
2375 }
2376
2377 if (c->pkeys[idx].digest == NULL) {
2378 md = tls12_get_hash(hash_alg);
2379 if (md) {
2380 c->pkeys[idx].digest = md;
2381 if (idx == SSL_PKEY_RSA_SIGN)
2382 c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
2383 }
2384 }
2385
2386 }
2387
2388 /* Set any remaining keys to default values. NOTE: if alg is not
2389 * supported it stays as NULL.
2390 */
2391 if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
2392 c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
2393 if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
2394 c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
2395 c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
2396 }
2397 if (!c->pkeys[SSL_PKEY_ECC].digest)
2398 c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
2399#ifndef OPENSSL_NO_GOST
2400 if (!c->pkeys[SSL_PKEY_GOST01].digest)
2401 c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
2402#endif
2403 return 1;
2404}
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
deleted file mode 100644
index aea4c04547..0000000000
--- a/src/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,235 +0,0 @@
1/* $OpenBSD: t1_meth.c,v 1.17 2015/09/11 14:52:17 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/objects.h>
62
63#include "ssl_locl.h"
64
65static const SSL_METHOD *tls1_get_method(int ver);
66
67const SSL_METHOD TLS_method_data = {
68 .version = TLS1_2_VERSION,
69 .ssl_new = tls1_new,
70 .ssl_clear = tls1_clear,
71 .ssl_free = tls1_free,
72 .ssl_accept = ssl23_accept,
73 .ssl_connect = ssl23_connect,
74 .ssl_read = ssl23_read,
75 .ssl_peek = ssl23_peek,
76 .ssl_write = ssl23_write,
77 .ssl_shutdown = ssl_undefined_function,
78 .ssl_renegotiate = ssl_undefined_function,
79 .ssl_renegotiate_check = ssl_ok,
80 .ssl_get_message = ssl3_get_message,
81 .ssl_read_bytes = ssl3_read_bytes,
82 .ssl_write_bytes = ssl3_write_bytes,
83 .ssl_dispatch_alert = ssl3_dispatch_alert,
84 .ssl_ctrl = ssl3_ctrl,
85 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
86 .get_cipher_by_char = ssl3_get_cipher_by_char,
87 .put_cipher_by_char = ssl3_put_cipher_by_char,
88 .ssl_pending = ssl_undefined_const_function,
89 .num_ciphers = ssl3_num_ciphers,
90 .get_cipher = ssl3_get_cipher,
91 .get_ssl_method = tls1_get_method,
92 .get_timeout = ssl23_default_timeout,
93 .ssl3_enc = &ssl3_undef_enc_method,
94 .ssl_version = ssl_undefined_void_function,
95 .ssl_callback_ctrl = ssl3_callback_ctrl,
96 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
97};
98
99const SSL_METHOD TLSv1_method_data = {
100 .version = TLS1_VERSION,
101 .ssl_new = tls1_new,
102 .ssl_clear = tls1_clear,
103 .ssl_free = tls1_free,
104 .ssl_accept = ssl3_accept,
105 .ssl_connect = ssl3_connect,
106 .ssl_read = ssl3_read,
107 .ssl_peek = ssl3_peek,
108 .ssl_write = ssl3_write,
109 .ssl_shutdown = ssl3_shutdown,
110 .ssl_renegotiate = ssl3_renegotiate,
111 .ssl_renegotiate_check = ssl3_renegotiate_check,
112 .ssl_get_message = ssl3_get_message,
113 .ssl_read_bytes = ssl3_read_bytes,
114 .ssl_write_bytes = ssl3_write_bytes,
115 .ssl_dispatch_alert = ssl3_dispatch_alert,
116 .ssl_ctrl = ssl3_ctrl,
117 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
118 .get_cipher_by_char = ssl3_get_cipher_by_char,
119 .put_cipher_by_char = ssl3_put_cipher_by_char,
120 .ssl_pending = ssl3_pending,
121 .num_ciphers = ssl3_num_ciphers,
122 .get_cipher = ssl3_get_cipher,
123 .get_ssl_method = tls1_get_method,
124 .get_timeout = tls1_default_timeout,
125 .ssl3_enc = &TLSv1_enc_data,
126 .ssl_version = ssl_undefined_void_function,
127 .ssl_callback_ctrl = ssl3_callback_ctrl,
128 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
129};
130
131const SSL_METHOD TLSv1_1_method_data = {
132 .version = TLS1_1_VERSION,
133 .ssl_new = tls1_new,
134 .ssl_clear = tls1_clear,
135 .ssl_free = tls1_free,
136 .ssl_accept = ssl3_accept,
137 .ssl_connect = ssl3_connect,
138 .ssl_read = ssl3_read,
139 .ssl_peek = ssl3_peek,
140 .ssl_write = ssl3_write,
141 .ssl_shutdown = ssl3_shutdown,
142 .ssl_renegotiate = ssl3_renegotiate,
143 .ssl_renegotiate_check = ssl3_renegotiate_check,
144 .ssl_get_message = ssl3_get_message,
145 .ssl_read_bytes = ssl3_read_bytes,
146 .ssl_write_bytes = ssl3_write_bytes,
147 .ssl_dispatch_alert = ssl3_dispatch_alert,
148 .ssl_ctrl = ssl3_ctrl,
149 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
150 .get_cipher_by_char = ssl3_get_cipher_by_char,
151 .put_cipher_by_char = ssl3_put_cipher_by_char,
152 .ssl_pending = ssl3_pending,
153 .num_ciphers = ssl3_num_ciphers,
154 .get_cipher = ssl3_get_cipher,
155 .get_ssl_method = tls1_get_method,
156 .get_timeout = tls1_default_timeout,
157 .ssl3_enc = &TLSv1_1_enc_data,
158 .ssl_version = ssl_undefined_void_function,
159 .ssl_callback_ctrl = ssl3_callback_ctrl,
160 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
161};
162
163const SSL_METHOD TLSv1_2_method_data = {
164 .version = TLS1_2_VERSION,
165 .ssl_new = tls1_new,
166 .ssl_clear = tls1_clear,
167 .ssl_free = tls1_free,
168 .ssl_accept = ssl3_accept,
169 .ssl_connect = ssl3_connect,
170 .ssl_read = ssl3_read,
171 .ssl_peek = ssl3_peek,
172 .ssl_write = ssl3_write,
173 .ssl_shutdown = ssl3_shutdown,
174 .ssl_renegotiate = ssl3_renegotiate,
175 .ssl_renegotiate_check = ssl3_renegotiate_check,
176 .ssl_get_message = ssl3_get_message,
177 .ssl_read_bytes = ssl3_read_bytes,
178 .ssl_write_bytes = ssl3_write_bytes,
179 .ssl_dispatch_alert = ssl3_dispatch_alert,
180 .ssl_ctrl = ssl3_ctrl,
181 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
182 .get_cipher_by_char = ssl3_get_cipher_by_char,
183 .put_cipher_by_char = ssl3_put_cipher_by_char,
184 .ssl_pending = ssl3_pending,
185 .num_ciphers = ssl3_num_ciphers,
186 .get_cipher = ssl3_get_cipher,
187 .get_ssl_method = tls1_get_method,
188 .get_timeout = tls1_default_timeout,
189 .ssl3_enc = &TLSv1_2_enc_data,
190 .ssl_version = ssl_undefined_void_function,
191 .ssl_callback_ctrl = ssl3_callback_ctrl,
192 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
193};
194
195static const SSL_METHOD *
196tls1_get_method(int ver)
197{
198 if (ver == TLS1_2_VERSION)
199 return (TLSv1_2_method());
200 if (ver == TLS1_1_VERSION)
201 return (TLSv1_1_method());
202 if (ver == TLS1_VERSION)
203 return (TLSv1_method());
204 return (NULL);
205}
206
207const SSL_METHOD *
208SSLv23_method(void)
209{
210 return (TLS_method());
211}
212
213const SSL_METHOD *
214TLS_method(void)
215{
216 return &TLS_method_data;
217}
218
219const SSL_METHOD *
220TLSv1_method(void)
221{
222 return (&TLSv1_method_data);
223}
224
225const SSL_METHOD *
226TLSv1_1_method(void)
227{
228 return (&TLSv1_1_method_data);
229}
230
231const SSL_METHOD *
232TLSv1_2_method(void)
233{
234 return (&TLSv1_2_method_data);
235}
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
deleted file mode 100644
index 294a632b8f..0000000000
--- a/src/lib/libssl/t1_reneg.c
+++ /dev/null
@@ -1,286 +0,0 @@
1/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include <openssl/objects.h>
115
116#include "ssl_locl.h"
117#include "bytestring.h"
118
119/* Add the client's renegotiation binding */
120int
121ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
122 int maxlen)
123{
124 if (p) {
125 if ((s->s3->previous_client_finished_len + 1) > maxlen) {
126 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
127 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
128 return 0;
129 }
130
131 /* Length byte */
132 *p = s->s3->previous_client_finished_len;
133 p++;
134
135 memcpy(p, s->s3->previous_client_finished,
136 s->s3->previous_client_finished_len);
137
138 }
139
140 *len = s->s3->previous_client_finished_len + 1;
141
142 return 1;
143}
144
145/* Parse the client's renegotiation binding and abort if it's not
146 right */
147int
148ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
149 int *al)
150{
151 CBS cbs, reneg;
152
153 if (len < 0) {
154 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
155 SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al = SSL_AD_ILLEGAL_PARAMETER;
157 return 0;
158 }
159
160 CBS_init(&cbs, d, len);
161 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
162 /* Consistency check */
163 CBS_len(&cbs) != 0) {
164 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
165 SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al = SSL_AD_ILLEGAL_PARAMETER;
167 return 0;
168 }
169
170 /* Check that the extension matches */
171 if (CBS_len(&reneg) != s->s3->previous_client_finished_len) {
172 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
173 SSL_R_RENEGOTIATION_MISMATCH);
174 *al = SSL_AD_HANDSHAKE_FAILURE;
175 return 0;
176 }
177
178 if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,
179 s->s3->previous_client_finished_len)) {
180 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
181 SSL_R_RENEGOTIATION_MISMATCH);
182 *al = SSL_AD_HANDSHAKE_FAILURE;
183 return 0;
184 }
185
186 s->s3->send_connection_binding = 1;
187
188 return 1;
189}
190
191/* Add the server's renegotiation binding */
192int
193ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
194 int maxlen)
195{
196 if (p) {
197 if ((s->s3->previous_client_finished_len +
198 s->s3->previous_server_finished_len + 1) > maxlen) {
199 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
200 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
201 return 0;
202 }
203
204 /* Length byte */
205 *p = s->s3->previous_client_finished_len +
206 s->s3->previous_server_finished_len;
207 p++;
208
209 memcpy(p, s->s3->previous_client_finished,
210 s->s3->previous_client_finished_len);
211 p += s->s3->previous_client_finished_len;
212
213 memcpy(p, s->s3->previous_server_finished,
214 s->s3->previous_server_finished_len);
215
216 }
217
218 *len = s->s3->previous_client_finished_len +
219 s->s3->previous_server_finished_len + 1;
220
221 return 1;
222}
223
224/* Parse the server's renegotiation binding and abort if it's not
225 right */
226int
227ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
228{
229 CBS cbs, reneg, previous_client, previous_server;
230 int expected_len = s->s3->previous_client_finished_len +
231 s->s3->previous_server_finished_len;
232
233 /* Check for logic errors */
234 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
235 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
236
237 if (len < 0) {
238 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
239 SSL_R_RENEGOTIATION_ENCODING_ERR);
240 *al = SSL_AD_ILLEGAL_PARAMETER;
241 return 0;
242 }
243
244 CBS_init(&cbs, d, len);
245
246 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
247 /* Consistency check */
248 CBS_len(&cbs) != 0) {
249 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
250 SSL_R_RENEGOTIATION_ENCODING_ERR);
251 *al = SSL_AD_ILLEGAL_PARAMETER;
252 return 0;
253 }
254
255 /* Check that the extension matches */
256 if (CBS_len(&reneg) != expected_len ||
257 !CBS_get_bytes(&reneg, &previous_client,
258 s->s3->previous_client_finished_len) ||
259 !CBS_get_bytes(&reneg, &previous_server,
260 s->s3->previous_server_finished_len) ||
261 CBS_len(&reneg) != 0) {
262 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
263 SSL_R_RENEGOTIATION_MISMATCH);
264 *al = SSL_AD_HANDSHAKE_FAILURE;
265 return 0;
266 }
267
268 if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
269 CBS_len(&previous_client))) {
270 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
271 SSL_R_RENEGOTIATION_MISMATCH);
272 *al = SSL_AD_HANDSHAKE_FAILURE;
273 return 0;
274 }
275 if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
276 CBS_len(&previous_server))) {
277 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
278 SSL_R_RENEGOTIATION_MISMATCH);
279 *al = SSL_AD_ILLEGAL_PARAMETER;
280 return 0;
281 }
282
283 s->s3->send_connection_binding = 1;
284
285 return 1;
286}
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
deleted file mode 100644
index 902cd93cd7..0000000000
--- a/src/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,238 +0,0 @@
1/* $OpenBSD: t1_srvr.c,v 1.19 2015/09/11 14:47:56 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include "ssl_locl.h"
62
63#include <openssl/buffer.h>
64#include <openssl/evp.h>
65#include <openssl/objects.h>
66#include <openssl/x509.h>
67
68static const SSL_METHOD *tls1_get_server_method(int ver);
69
70const SSL_METHOD TLS_server_method_data = {
71 .version = TLS1_2_VERSION,
72 .ssl_new = tls1_new,
73 .ssl_clear = tls1_clear,
74 .ssl_free = tls1_free,
75 .ssl_accept = ssl23_accept,
76 .ssl_connect = ssl_undefined_function,
77 .ssl_read = ssl23_read,
78 .ssl_peek = ssl23_peek,
79 .ssl_write = ssl23_write,
80 .ssl_shutdown = ssl_undefined_function,
81 .ssl_renegotiate = ssl_undefined_function,
82 .ssl_renegotiate_check = ssl_ok,
83 .ssl_get_message = ssl3_get_message,
84 .ssl_read_bytes = ssl3_read_bytes,
85 .ssl_write_bytes = ssl3_write_bytes,
86 .ssl_dispatch_alert = ssl3_dispatch_alert,
87 .ssl_ctrl = ssl3_ctrl,
88 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
89 .get_cipher_by_char = ssl3_get_cipher_by_char,
90 .put_cipher_by_char = ssl3_put_cipher_by_char,
91 .ssl_pending = ssl_undefined_const_function,
92 .num_ciphers = ssl3_num_ciphers,
93 .get_cipher = ssl3_get_cipher,
94 .get_ssl_method = tls1_get_server_method,
95 .get_timeout = ssl23_default_timeout,
96 .ssl3_enc = &ssl3_undef_enc_method,
97 .ssl_version = ssl_undefined_void_function,
98 .ssl_callback_ctrl = ssl3_callback_ctrl,
99 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
100};
101
102const SSL_METHOD TLSv1_server_method_data = {
103 .version = TLS1_VERSION,
104 .ssl_new = tls1_new,
105 .ssl_clear = tls1_clear,
106 .ssl_free = tls1_free,
107 .ssl_accept = ssl3_accept,
108 .ssl_connect = ssl_undefined_function,
109 .ssl_read = ssl3_read,
110 .ssl_peek = ssl3_peek,
111 .ssl_write = ssl3_write,
112 .ssl_shutdown = ssl3_shutdown,
113 .ssl_renegotiate = ssl3_renegotiate,
114 .ssl_renegotiate_check = ssl3_renegotiate_check,
115 .ssl_get_message = ssl3_get_message,
116 .ssl_read_bytes = ssl3_read_bytes,
117 .ssl_write_bytes = ssl3_write_bytes,
118 .ssl_dispatch_alert = ssl3_dispatch_alert,
119 .ssl_ctrl = ssl3_ctrl,
120 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
121 .get_cipher_by_char = ssl3_get_cipher_by_char,
122 .put_cipher_by_char = ssl3_put_cipher_by_char,
123 .ssl_pending = ssl3_pending,
124 .num_ciphers = ssl3_num_ciphers,
125 .get_cipher = ssl3_get_cipher,
126 .get_ssl_method = tls1_get_server_method,
127 .get_timeout = tls1_default_timeout,
128 .ssl3_enc = &TLSv1_enc_data,
129 .ssl_version = ssl_undefined_void_function,
130 .ssl_callback_ctrl = ssl3_callback_ctrl,
131 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
132};
133
134const SSL_METHOD TLSv1_1_server_method_data = {
135 .version = TLS1_1_VERSION,
136 .ssl_new = tls1_new,
137 .ssl_clear = tls1_clear,
138 .ssl_free = tls1_free,
139 .ssl_accept = ssl3_accept,
140 .ssl_connect = ssl_undefined_function,
141 .ssl_read = ssl3_read,
142 .ssl_peek = ssl3_peek,
143 .ssl_write = ssl3_write,
144 .ssl_shutdown = ssl3_shutdown,
145 .ssl_renegotiate = ssl3_renegotiate,
146 .ssl_renegotiate_check = ssl3_renegotiate_check,
147 .ssl_get_message = ssl3_get_message,
148 .ssl_read_bytes = ssl3_read_bytes,
149 .ssl_write_bytes = ssl3_write_bytes,
150 .ssl_dispatch_alert = ssl3_dispatch_alert,
151 .ssl_ctrl = ssl3_ctrl,
152 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
153 .get_cipher_by_char = ssl3_get_cipher_by_char,
154 .put_cipher_by_char = ssl3_put_cipher_by_char,
155 .ssl_pending = ssl3_pending,
156 .num_ciphers = ssl3_num_ciphers,
157 .get_cipher = ssl3_get_cipher,
158 .get_ssl_method = tls1_get_server_method,
159 .get_timeout = tls1_default_timeout,
160 .ssl3_enc = &TLSv1_1_enc_data,
161 .ssl_version = ssl_undefined_void_function,
162 .ssl_callback_ctrl = ssl3_callback_ctrl,
163 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
164};
165
166const SSL_METHOD TLSv1_2_server_method_data = {
167 .version = TLS1_2_VERSION,
168 .ssl_new = tls1_new,
169 .ssl_clear = tls1_clear,
170 .ssl_free = tls1_free,
171 .ssl_accept = ssl3_accept,
172 .ssl_connect = ssl_undefined_function,
173 .ssl_read = ssl3_read,
174 .ssl_peek = ssl3_peek,
175 .ssl_write = ssl3_write,
176 .ssl_shutdown = ssl3_shutdown,
177 .ssl_renegotiate = ssl3_renegotiate,
178 .ssl_renegotiate_check = ssl3_renegotiate_check,
179 .ssl_get_message = ssl3_get_message,
180 .ssl_read_bytes = ssl3_read_bytes,
181 .ssl_write_bytes = ssl3_write_bytes,
182 .ssl_dispatch_alert = ssl3_dispatch_alert,
183 .ssl_ctrl = ssl3_ctrl,
184 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
185 .get_cipher_by_char = ssl3_get_cipher_by_char,
186 .put_cipher_by_char = ssl3_put_cipher_by_char,
187 .ssl_pending = ssl3_pending,
188 .num_ciphers = ssl3_num_ciphers,
189 .get_cipher = ssl3_get_cipher,
190 .get_ssl_method = tls1_get_server_method,
191 .get_timeout = tls1_default_timeout,
192 .ssl3_enc = &TLSv1_2_enc_data,
193 .ssl_version = ssl_undefined_void_function,
194 .ssl_callback_ctrl = ssl3_callback_ctrl,
195 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
196};
197
198static const SSL_METHOD *
199tls1_get_server_method(int ver)
200{
201 if (ver == TLS1_2_VERSION)
202 return (TLSv1_2_server_method());
203 if (ver == TLS1_1_VERSION)
204 return (TLSv1_1_server_method());
205 if (ver == TLS1_VERSION)
206 return (TLSv1_server_method());
207 return (NULL);
208}
209
210const SSL_METHOD *
211SSLv23_server_method(void)
212{
213 return (TLS_server_method());
214}
215
216const SSL_METHOD *
217TLS_server_method(void)
218{
219 return (&TLS_server_method_data);
220}
221
222const SSL_METHOD *
223TLSv1_server_method(void)
224{
225 return (&TLSv1_server_method_data);
226}
227
228const SSL_METHOD *
229TLSv1_1_server_method(void)
230{
231 return (&TLSv1_1_server_method_data);
232}
233
234const SSL_METHOD *
235TLSv1_2_server_method(void)
236{
237 return (&TLSv1_2_server_method_data);
238}
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 109bc8c10b..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 2048
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha1
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
24commonName = Common Name (eg, YOUR name)
25commonName_value = Dodgy CA
26
27####################################################################
28[ ca ]
29default_ca = CA_default # The default ca section
30
31####################################################################
32[ CA_default ]
33
34dir = ./demoCA # Where everything is kept
35certs = $dir/certs # Where the issued certs are kept
36crl_dir = $dir/crl # Where the issued crl are kept
37database = $dir/index.txt # database index file.
38#unique_subject = no # Set to 'no' to allow creation of
39 # several ctificates with same subject.
40new_certs_dir = $dir/newcerts # default place for new certs.
41
42certificate = $dir/cacert.pem # The CA certificate
43serial = $dir/serial # The current serial number
44crl = $dir/crl.pem # The current CRL
45private_key = $dir/private/cakey.pem# The private key
46RANDFILE = $dir/private/.rand # private random number file
47
48x509_extensions = v3_ca # The extentions to add to the cert
49
50name_opt = ca_default # Subject Name options
51cert_opt = ca_default # Certificate field options
52
53default_days = 365 # how long to certify for
54default_crl_days= 30 # how long before next CRL
55default_md = md5 # which md to use.
56preserve = no # keep passed DN ordering
57
58policy = policy_anything
59
60[ policy_anything ]
61countryName = optional
62stateOrProvinceName = optional
63localityName = optional
64organizationName = optional
65organizationalUnitName = optional
66commonName = supplied
67emailAddress = optional
68
69
70
71[ v3_ca ]
72subjectKeyIdentifier=hash
73authorityKeyIdentifier=keyid:always,issuer:always
74basicConstraints = CA:true,pathlen:1
75keyUsage = cRLSign, keyCertSign
76issuerAltName=issuer:copy
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DH certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CU
17countryName_value = CU
18
19organizationName = Organization Name (eg, company)
20organizationName_value = La Junta de la Revolucion
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Junta
24
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
24
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
deleted file mode 100644
index f5a275bfc2..0000000000
--- a/src/lib/libssl/test/CAtsa.cnf
+++ /dev/null
@@ -1,163 +0,0 @@
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha1 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 1024
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extentions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = md5, sha1 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147
148[ tsa_config2 ]
149
150# This configuration uses a certificate which doesn't have timeStamping usage.
151# These are used by the TSA reply generation only.
152dir = . # TSA root directory
153serial = $dir/tsa_serial # The current serial number (mandatory)
154signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
155 # (optional)
156certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
157 # (optional)
158signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
159
160default_policy = tsa_policy1 # Policy if request did not specify it
161 # (optional)
162other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163digests = md5, sha1 # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 326cce2ba8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
33[ v3_proxy ]
34basicConstraints=CA:FALSE
35subjectKeyIdentifier=hash
36authorityKeyIdentifier=keyid,issuer:always
37proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 8b502321b8..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
333.commonName = Common Name (eg, YOUR name)
343.commonName_value = Proxy 2
35
36[ v3_proxy ]
37basicConstraints=CA:FALSE
38subjectKeyIdentifier=hash
39authorityKeyIdentifier=keyid,issuer:always
40proxyCertInfo=critical,@proxy_ext
41
42[ proxy_ext ]
43language=id-ppl-anyLanguage
44pathlen=0
45policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
27
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 58ac0ca54d..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 2048
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha256
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
30[ v3_ee ]
31subjectKeyIdentifier=hash
32authorityKeyIdentifier=keyid,issuer:always
33basicConstraints = CA:false
34keyUsage = nonRepudiation, digitalSignature, keyEncipherment
35issuerAltName=issuer:copy
36
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
1
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
1y
2y
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
deleted file mode 100755
index 6e6f91f81b..0000000000
--- a/src/lib/libssl/test/asn1test.c
+++ /dev/null
@@ -1,23 +0,0 @@
1/* $OpenBSD: asn1test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */
2#include <openssl/x509.h>
3#include <openssl/asn1_mac.h>
4
5typedef struct X
6 {
7 STACK_OF(X509_EXTENSION) *ext;
8 } X;
9
10/* This isn't meant to run particularly, it's just to test type checking */
11int main(int argc, char **argv)
12 {
13 X *x = NULL;
14 unsigned char **pp = NULL;
15
16 M_ASN1_I2D_vars(x);
17 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
18 i2d_X509_EXTENSION);
19 M_ASN1_I2D_seq_total();
20 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
21 i2d_X509_EXTENSION);
22 M_ASN1_I2D_finish();
23 }
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index bdb3218f7a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
deleted file mode 100644
index 2e95b48ba4..0000000000
--- a/src/lib/libssl/test/cms-examples.pl
+++ /dev/null
@@ -1,409 +0,0 @@
1# test/cms-examples.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl script to run tests against S/MIME examples in RFC4134
54# Assumes RFC is in current directory and called "rfc4134.txt"
55
56use MIME::Base64;
57
58my $badttest = 0;
59my $verbose = 1;
60
61my $cmscmd;
62my $exdir = "./";
63my $exfile = "./rfc4134.txt";
64
65if (-f "../apps/openssl")
66 {
67 $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
68 }
69elsif (-f "..\\out32dll\\openssl.exe")
70 {
71 $cmscmd = "..\\out32dll\\openssl.exe cms";
72 }
73elsif (-f "..\\out32\\openssl.exe")
74 {
75 $cmscmd = "..\\out32\\openssl.exe cms";
76 }
77
78my @test_list = (
79 [ "3.1.bin" => "dataout" ],
80 [ "3.2.bin" => "encode, dataout" ],
81 [ "4.1.bin" => "encode, verifyder, cont, dss" ],
82 [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
83 [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
84 [ "4.4.bin" => "encode, verifyder, cont, dss" ],
85 [ "4.5.bin" => "verifyder, cont, rsa" ],
86 [ "4.6.bin" => "encode, verifyder, cont, dss" ],
87 [ "4.7.bin" => "encode, verifyder, cont, dss" ],
88 [ "4.8.eml" => "verifymime, dss" ],
89 [ "4.9.eml" => "verifymime, dss" ],
90 [ "4.10.bin" => "encode, verifyder, cont, dss" ],
91 [ "4.11.bin" => "encode, certsout" ],
92 [ "5.1.bin" => "encode, envelopeder, cont" ],
93 [ "5.2.bin" => "encode, envelopeder, cont" ],
94 [ "5.3.eml" => "envelopemime, cont" ],
95 [ "6.0.bin" => "encode, digest, cont" ],
96 [ "7.1.bin" => "encode, encrypted, cont" ],
97 [ "7.2.bin" => "encode, encrypted, cont" ]
98);
99
100# Extract examples from RFC4134 text.
101# Base64 decode all examples, certificates and
102# private keys are converted to PEM format.
103
104my ( $filename, $data );
105
106my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
107
108$data = "";
109
110open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
111
112while (<IN>) {
113 next unless (/^\|/);
114 s/^\|//;
115 next if (/^\*/);
116 if (/^>(.*)$/) {
117 $filename = $1;
118 next;
119 }
120 if (/^</) {
121 $filename = "$exdir/$filename";
122 if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
123 $data = decode_base64($data);
124 open OUT, ">$filename";
125 binmode OUT;
126 print OUT $data;
127 close OUT;
128 push @cleanup, $filename;
129 }
130 elsif ( $filename =~ /\.cer$/ ) {
131 write_pem( $filename, "CERTIFICATE", $data );
132 }
133 elsif ( $filename =~ /\.pri$/ ) {
134 write_pem( $filename, "PRIVATE KEY", $data );
135 }
136 $data = "";
137 $filename = "";
138 }
139 else {
140 $data .= $_;
141 }
142
143}
144
145my $secretkey =
146 "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
147
148foreach (@test_list) {
149 my ( $file, $tlist ) = @$_;
150 print "Example file $file:\n";
151 if ( $tlist =~ /encode/ ) {
152 run_reencode_test( $exdir, $file );
153 }
154 if ( $tlist =~ /certsout/ ) {
155 run_certsout_test( $exdir, $file );
156 }
157 if ( $tlist =~ /dataout/ ) {
158 run_dataout_test( $exdir, $file );
159 }
160 if ( $tlist =~ /verify/ ) {
161 run_verify_test( $exdir, $tlist, $file );
162 }
163 if ( $tlist =~ /digest/ ) {
164 run_digest_test( $exdir, $tlist, $file );
165 }
166 if ( $tlist =~ /encrypted/ ) {
167 run_encrypted_test( $exdir, $tlist, $file, $secretkey );
168 }
169 if ( $tlist =~ /envelope/ ) {
170 run_envelope_test( $exdir, $tlist, $file );
171 }
172
173}
174
175foreach (@cleanup) {
176 unlink $_;
177}
178
179if ($badtest) {
180 print "\n$badtest TESTS FAILED!!\n";
181}
182else {
183 print "\n***All tests successful***\n";
184}
185
186sub write_pem {
187 my ( $filename, $str, $data ) = @_;
188
189 $filename =~ s/\.[^.]*$/.pem/;
190
191 push @cleanup, $filename;
192
193 open OUT, ">$filename";
194
195 print OUT "-----BEGIN $str-----\n";
196 print OUT $data;
197 print OUT "-----END $str-----\n";
198
199 close OUT;
200}
201
202sub run_reencode_test {
203 my ( $cmsdir, $tfile ) = @_;
204 unlink "tmp.der";
205
206 system( "$cmscmd -cmsout -inform DER -outform DER"
207 . " -in $cmsdir/$tfile -out tmp.der" );
208
209 if ($?) {
210 print "\tReencode command FAILED!!\n";
211 $badtest++;
212 }
213 elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
214 print "\tReencode FAILED!!\n";
215 $badtest++;
216 }
217 else {
218 print "\tReencode passed\n" if $verbose;
219 }
220}
221
222sub run_certsout_test {
223 my ( $cmsdir, $tfile ) = @_;
224 unlink "tmp.der";
225 unlink "tmp.pem";
226
227 system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
228 . " -in $cmsdir/$tfile -out tmp.der" );
229
230 if ($?) {
231 print "\tCertificate output command FAILED!!\n";
232 $badtest++;
233 }
234 else {
235 print "\tCertificate output passed\n" if $verbose;
236 }
237}
238
239sub run_dataout_test {
240 my ( $cmsdir, $tfile ) = @_;
241 unlink "tmp.txt";
242
243 system(
244 "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
245
246 if ($?) {
247 print "\tDataout command FAILED!!\n";
248 $badtest++;
249 }
250 elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
251 print "\tDataout compare FAILED!!\n";
252 $badtest++;
253 }
254 else {
255 print "\tDataout passed\n" if $verbose;
256 }
257}
258
259sub run_verify_test {
260 my ( $cmsdir, $tlist, $tfile ) = @_;
261 unlink "tmp.txt";
262
263 $form = "DER" if $tlist =~ /verifyder/;
264 $form = "SMIME" if $tlist =~ /verifymime/;
265 $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
266 $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
267
268 $cmd =
269 "$cmscmd -verify -inform $form"
270 . " -CAfile $cafile"
271 . " -in $cmsdir/$tfile -out tmp.txt";
272
273 $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
274
275 system("$cmd 2>cms.err 1>cms.out");
276
277 if ($?) {
278 print "\tVerify command FAILED!!\n";
279 $badtest++;
280 }
281 elsif ( $tlist =~ /cont/
282 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
283 {
284 print "\tVerify content compare FAILED!!\n";
285 $badtest++;
286 }
287 else {
288 print "\tVerify passed\n" if $verbose;
289 }
290}
291
292sub run_envelope_test {
293 my ( $cmsdir, $tlist, $tfile ) = @_;
294 unlink "tmp.txt";
295
296 $form = "DER" if $tlist =~ /envelopeder/;
297 $form = "SMIME" if $tlist =~ /envelopemime/;
298
299 $cmd =
300 "$cmscmd -decrypt -inform $form"
301 . " -recip $cmsdir/BobRSASignByCarl.pem"
302 . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
303 . " -in $cmsdir/$tfile -out tmp.txt";
304
305 system("$cmd 2>cms.err 1>cms.out");
306
307 if ($?) {
308 print "\tDecrypt command FAILED!!\n";
309 $badtest++;
310 }
311 elsif ( $tlist =~ /cont/
312 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
313 {
314 print "\tDecrypt content compare FAILED!!\n";
315 $badtest++;
316 }
317 else {
318 print "\tDecrypt passed\n" if $verbose;
319 }
320}
321
322sub run_digest_test {
323 my ( $cmsdir, $tlist, $tfile ) = @_;
324 unlink "tmp.txt";
325
326 my $cmd =
327 "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
328
329 system("$cmd 2>cms.err 1>cms.out");
330
331 if ($?) {
332 print "\tDigest verify command FAILED!!\n";
333 $badtest++;
334 }
335 elsif ( $tlist =~ /cont/
336 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
337 {
338 print "\tDigest verify content compare FAILED!!\n";
339 $badtest++;
340 }
341 else {
342 print "\tDigest verify passed\n" if $verbose;
343 }
344}
345
346sub run_encrypted_test {
347 my ( $cmsdir, $tlist, $tfile, $key ) = @_;
348 unlink "tmp.txt";
349
350 system( "$cmscmd -EncryptedData_decrypt -inform DER"
351 . " -secretkey $key"
352 . " -in $cmsdir/$tfile -out tmp.txt" );
353
354 if ($?) {
355 print "\tEncrypted Data command FAILED!!\n";
356 $badtest++;
357 }
358 elsif ( $tlist =~ /cont/
359 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
360 {
361 print "\tEncrypted Data content compare FAILED!!\n";
362 $badtest++;
363 }
364 else {
365 print "\tEncryptedData verify passed\n" if $verbose;
366 }
367}
368
369sub cmp_files {
370 my ( $f1, $f2 ) = @_;
371 my ( $fp1, $fp2 );
372
373 my ( $rd1, $rd2 );
374
375 if ( !open( $fp1, "<$f1" ) ) {
376 print STDERR "Can't Open file $f1\n";
377 return 0;
378 }
379
380 if ( !open( $fp2, "<$f2" ) ) {
381 print STDERR "Can't Open file $f2\n";
382 return 0;
383 }
384
385 binmode $fp1;
386 binmode $fp2;
387
388 my $ret = 0;
389
390 for ( ; ; ) {
391 $n1 = sysread $fp1, $rd1, 4096;
392 $n2 = sysread $fp2, $rd2, 4096;
393 last if ( $n1 != $n2 );
394 last if ( $rd1 ne $rd2 );
395
396 if ( $n1 == 0 ) {
397 $ret = 1;
398 last;
399 }
400
401 }
402
403 close $fp1;
404 close $fp2;
405
406 return $ret;
407
408}
409
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
deleted file mode 100644
index dfef799be2..0000000000
--- a/src/lib/libssl/test/cms-test.pl
+++ /dev/null
@@ -1,459 +0,0 @@
1# test/cms-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# CMS, PKCS7 consistency test script. Run extensive tests on
54# OpenSSL PKCS#7 and CMS implementations.
55
56my $ossl_path;
57my $redir = " 2> cms.err > cms.out";
58# Make VMS work
59if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
60 $ossl_path = "pipe mcr OSSLX:openssl";
61}
62# Make MSYS work
63elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
64 $ossl_path = "cmd /c ..\\apps\\openssl";
65}
66elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
67 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
68}
69elsif ( -f "..\\out32dll\\openssl.exe" ) {
70 $ossl_path = "..\\out32dll\\openssl.exe";
71}
72elsif ( -f "..\\out32\\openssl.exe" ) {
73 $ossl_path = "..\\out32\\openssl.exe";
74}
75else {
76 die "Can't find OpenSSL executable";
77}
78
79my $pk7cmd = "$ossl_path smime ";
80my $cmscmd = "$ossl_path cms ";
81my $smdir = "smime-certs";
82my $halt_err = 1;
83
84my $badcmd = 0;
85my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
86
87my @smime_pkcs7_tests = (
88
89 [
90 "signed content DER format, RSA key",
91 "-sign -in smcont.txt -outform \"DER\" -nodetach"
92 . " -certfile $smdir/smroot.pem"
93 . " -signer $smdir/smrsa1.pem -out test.cms",
94 "-verify -in test.cms -inform \"DER\" "
95 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
96 ],
97
98 [
99 "signed detached content DER format, RSA key",
100 "-sign -in smcont.txt -outform \"DER\""
101 . " -signer $smdir/smrsa1.pem -out test.cms",
102 "-verify -in test.cms -inform \"DER\" "
103 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
104 ],
105
106 [
107 "signed content test streaming BER format, RSA",
108 "-sign -in smcont.txt -outform \"DER\" -nodetach"
109 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
110 "-verify -in test.cms -inform \"DER\" "
111 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
112 ],
113
114 [
115 "signed content DER format, DSA key",
116 "-sign -in smcont.txt -outform \"DER\" -nodetach"
117 . " -signer $smdir/smdsa1.pem -out test.cms",
118 "-verify -in test.cms -inform \"DER\" "
119 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
120 ],
121
122 [
123 "signed detached content DER format, DSA key",
124 "-sign -in smcont.txt -outform \"DER\""
125 . " -signer $smdir/smdsa1.pem -out test.cms",
126 "-verify -in test.cms -inform \"DER\" "
127 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
128 ],
129
130 [
131 "signed detached content DER format, add RSA signer",
132 "-resign -inform \"DER\" -in test.cms -outform \"DER\""
133 . " -signer $smdir/smrsa1.pem -out test2.cms",
134 "-verify -in test2.cms -inform \"DER\" "
135 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
136 ],
137
138 [
139 "signed content test streaming BER format, DSA key",
140 "-sign -in smcont.txt -outform \"DER\" -nodetach"
141 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
142 "-verify -in test.cms -inform \"DER\" "
143 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
144 ],
145
146 [
147 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
148 "-sign -in smcont.txt -outform \"DER\" -nodetach"
149 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
150 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
151 . " -stream -out test.cms",
152 "-verify -in test.cms -inform \"DER\" "
153 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
154 ],
155
156 [
157"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
158 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
159 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
160 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
161 . " -stream -out test.cms",
162 "-verify -in test.cms -inform \"DER\" "
163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
164 ],
165
166 [
167 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
168 "-sign -in smcont.txt -nodetach"
169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
171 . " -stream -out test.cms",
172 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
173 ],
174
175 [
176"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
177 "-sign -in smcont.txt"
178 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
179 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
180 . " -stream -out test.cms",
181 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
182 ],
183
184 [
185 "enveloped content test streaming S/MIME format, 3 recipients",
186 "-encrypt -in smcont.txt"
187 . " -stream -out test.cms"
188 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
189 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
190 ],
191
192 [
193"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
194 "-encrypt -in smcont.txt"
195 . " -stream -out test.cms"
196 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
197 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
198 ],
199
200 [
201"enveloped content test streaming S/MIME format, 3 recipients, key only used",
202 "-encrypt -in smcont.txt"
203 . " -stream -out test.cms"
204 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
205 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
206 ],
207
208 [
209"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
210 "-encrypt -in smcont.txt"
211 . " -aes256 -stream -out test.cms"
212 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
213 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
214 ],
215
216);
217
218my @smime_cms_tests = (
219
220 [
221 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
222 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
223 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
224 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
225 . " -stream -out test.cms",
226 "-verify -in test.cms -inform \"DER\" "
227 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
228 ],
229
230 [
231 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
232 "-sign -in smcont.txt -outform PEM -nodetach"
233 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
234 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
235 . " -stream -out test.cms",
236 "-verify -in test.cms -inform PEM "
237 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
238 ],
239
240 [
241 "signed content MIME format, RSA key, signed receipt request",
242 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
243 . " -receipt_request_to test\@openssl.org -receipt_request_all"
244 . " -out test.cms",
245 "-verify -in test.cms "
246 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
247 ],
248
249 [
250 "signed receipt MIME format, RSA key",
251 "-sign_receipt -in test.cms"
252 . " -signer $smdir/smrsa2.pem"
253 . " -out test2.cms",
254 "-verify_receipt test2.cms -in test.cms"
255 . " \"-CAfile\" $smdir/smroot.pem"
256 ],
257
258 [
259 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
260 "-encrypt -in smcont.txt"
261 . " -stream -out test.cms -keyid"
262 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
263 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
264 ],
265
266 [
267 "enveloped content test streaming PEM format, KEK",
268 "-encrypt -in smcont.txt -outform PEM -aes128"
269 . " -stream -out test.cms "
270 . " -secretkey 000102030405060708090A0B0C0D0E0F "
271 . " -secretkeyid C0FEE0",
272 "-decrypt -in test.cms -out smtst.txt -inform PEM"
273 . " -secretkey 000102030405060708090A0B0C0D0E0F "
274 . " -secretkeyid C0FEE0"
275 ],
276
277 [
278 "enveloped content test streaming PEM format, KEK, key only",
279 "-encrypt -in smcont.txt -outform PEM -aes128"
280 . " -stream -out test.cms "
281 . " -secretkey 000102030405060708090A0B0C0D0E0F "
282 . " -secretkeyid C0FEE0",
283 "-decrypt -in test.cms -out smtst.txt -inform PEM"
284 . " -secretkey 000102030405060708090A0B0C0D0E0F "
285 ],
286
287 [
288 "data content test streaming PEM format",
289 "-data_create -in smcont.txt -outform PEM -nodetach"
290 . " -stream -out test.cms",
291 "-data_out -in test.cms -inform PEM -out smtst.txt"
292 ],
293
294 [
295 "encrypted content test streaming PEM format, 128 bit RC2 key",
296 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
297 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
298 . " -stream -out test.cms",
299 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
300 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
301 ],
302
303 [
304 "encrypted content test streaming PEM format, 40 bit RC2 key",
305 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
306 . " -rc2 -secretkey 0001020304"
307 . " -stream -out test.cms",
308 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
309 . " -secretkey 0001020304 -out smtst.txt"
310 ],
311
312 [
313 "encrypted content test streaming PEM format, triple DES key",
314 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
315 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
316 . " -stream -out test.cms",
317 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
318 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
319 . " -out smtst.txt"
320 ],
321
322 [
323 "encrypted content test streaming PEM format, 128 bit AES key",
324 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
325 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
326 . " -stream -out test.cms",
327 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
328 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
329 ],
330
331);
332
333my @smime_cms_comp_tests = (
334
335 [
336 "compressed content test streaming PEM format",
337 "-compress -in smcont.txt -outform PEM -nodetach"
338 . " -stream -out test.cms",
339 "-uncompress -in test.cms -inform PEM -out smtst.txt"
340 ]
341
342);
343
344print "CMS => PKCS#7 compatibility tests\n";
345
346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
347
348print "CMS <= PKCS#7 compatibility tests\n";
349
350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
351
352print "CMS <=> CMS consistency tests\n";
353
354run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
355run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
356
357if ( `$ossl_path version -f` =~ /ZLIB/ ) {
358 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
359}
360else {
361 print "Zlib not supported: compression tests skipped\n";
362}
363
364print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
365
366if ($badcmd) {
367 print "$badcmd TESTS FAILED!!\n";
368}
369else {
370 print "ALL TESTS SUCCESSFUL.\n";
371}
372
373unlink "test.cms";
374unlink "test2.cms";
375unlink "smtst.txt";
376unlink "cms.out";
377unlink "cms.err";
378
379sub run_smime_tests {
380 my ( $rv, $aref, $scmd, $vcmd ) = @_;
381
382 foreach $smtst (@$aref) {
383 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
384 if ($ossl8)
385 {
386 # Skip smime resign: 0.9.8 smime doesn't support -resign
387 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
388 # Disable streaming: option not supported in 0.9.8
389 $tnam =~ s/streaming//;
390 $rscmd =~ s/-stream//;
391 $rvcmd =~ s/-stream//;
392 }
393 system("$scmd$rscmd$redir");
394 if ($?) {
395 print "$tnam: generation error\n";
396 $$rv++;
397 exit 1 if $halt_err;
398 next;
399 }
400 system("$vcmd$rvcmd$redir");
401 if ($?) {
402 print "$tnam: verify error\n";
403 $$rv++;
404 exit 1 if $halt_err;
405 next;
406 }
407 if (!cmp_files("smtst.txt", "smcont.txt")) {
408 print "$tnam: content verify error\n";
409 $$rv++;
410 exit 1 if $halt_err;
411 next;
412 }
413 print "$tnam: OK\n";
414 }
415}
416
417sub cmp_files {
418 use FileHandle;
419 my ( $f1, $f2 ) = @_;
420 my $fp1 = FileHandle->new();
421 my $fp2 = FileHandle->new();
422
423 my ( $rd1, $rd2 );
424
425 if ( !open( $fp1, "<$f1" ) ) {
426 print STDERR "Can't Open file $f1\n";
427 return 0;
428 }
429
430 if ( !open( $fp2, "<$f2" ) ) {
431 print STDERR "Can't Open file $f2\n";
432 return 0;
433 }
434
435 binmode $fp1;
436 binmode $fp2;
437
438 my $ret = 0;
439
440 for ( ; ; ) {
441 $n1 = sysread $fp1, $rd1, 4096;
442 $n2 = sysread $fp2, $rd2, 4096;
443 last if ( $n1 != $n2 );
444 last if ( $rd1 ne $rd2 );
445
446 if ( $n1 == 0 ) {
447 $ret = 1;
448 last;
449 }
450
451 }
452
453 close $fp1;
454 close $fp2;
455
456 return $ret;
457
458}
459
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
deleted file mode 100644
index 1e65ccf99c..0000000000
--- a/src/lib/libssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
1/* $OpenBSD: methtest.c,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include "meth.h"
64#include <openssl/err.h>
65
66int main(argc,argv)
67int argc;
68char *argv[];
69 {
70 METHOD_CTX *top,*tmp1,*tmp2;
71
72 top=METH_new(x509_lookup()); /* get a top level context */
73 if (top == NULL) goto err;
74
75 tmp1=METH_new(x509_by_file());
76 if (top == NULL) goto err;
77 METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
78 METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
79 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
80
81 tmp2=METH_new(x509_by_dir());
82 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
83 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
84 METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
85 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
86
87/* tmp=METH_new(x509_by_issuer_dir);
88 METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
89 METH_push(top,METH_X509_BY_ISSUER,tmp);
90
91 tmp=METH_new(x509_by_issuer_primary);
92 METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
93 METH_push(top,METH_X509_BY_ISSUER,tmp);
94*/
95
96 METH_init(top);
97 METH_control(tmp1,METH_CONTROL_DUMP,stdout);
98 METH_control(tmp2,METH_CONTROL_DUMP,stdout);
99 EXIT(0);
100err:
101 ERR_load_crypto_strings();
102 ERR_print_errors_fp(stderr);
103 EXIT(1);
104 return(0);
105 }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN PKCS7-----
2MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
3SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
4AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
5eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
6MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
7bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
8ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
9FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
109XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
11BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
12bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
13BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
14j7Kie1x339mxW/w9VZNTUDQQweHh
15-----END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
1 MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
2 AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
3 EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
4 cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
5 ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
6 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
7 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
8 bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
9 CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
10 Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
11 CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
12 ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
13 l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
14 HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
15 Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
16 c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
17 YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
18 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
19 dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
20 LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
21 ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
22 biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
23 IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
24 AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
25 L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
26 HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
27 slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
28 ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
29 /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
30 aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
31 ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
32 OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
33 MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
34 Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
35 qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
36 sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
37 P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
38 A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
39 KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
40 Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
41 Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
42 hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
43 Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
44 dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
45 KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
46 dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
47 I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
48 ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
49 ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
50 ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
51 MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
52 /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
53 DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
54 b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
deleted file mode 100644
index 5c6b89fcdb..0000000000
--- a/src/lib/libssl/test/pkits-test.pl
+++ /dev/null
@@ -1,949 +0,0 @@
1# test/pkits-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl utility to run PKITS tests for RFC3280 compliance.
54
55my $ossl_path;
56
57if ( -f "../apps/openssl" ) {
58 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
59}
60elsif ( -f "..\\out32dll\\openssl.exe" ) {
61 $ossl_path = "..\\out32dll\\openssl.exe";
62}
63elsif ( -f "..\\out32\\openssl.exe" ) {
64 $ossl_path = "..\\out32\\openssl.exe";
65}
66else {
67 die "Can't find OpenSSL executable";
68}
69
70my $pkitsdir = "pkits/smime";
71my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
72
73die "Can't find PKITS test data" if !-d $pkitsdir;
74
75my $nist1 = "2.16.840.1.101.3.2.1.48.1";
76my $nist2 = "2.16.840.1.101.3.2.1.48.2";
77my $nist3 = "2.16.840.1.101.3.2.1.48.3";
78my $nist4 = "2.16.840.1.101.3.2.1.48.4";
79my $nist5 = "2.16.840.1.101.3.2.1.48.5";
80my $nist6 = "2.16.840.1.101.3.2.1.48.6";
81
82my $apolicy = "X509v3 Any Policy";
83
84# This table contains the chapter headings of the accompanying PKITS
85# document. They provide useful informational output and their names
86# can be converted into the filename to test.
87
88my @testlists = (
89 [ "4.1", "Signature Verification" ],
90 [ "4.1.1", "Valid Signatures Test1", 0 ],
91 [ "4.1.2", "Invalid CA Signature Test2", 7 ],
92 [ "4.1.3", "Invalid EE Signature Test3", 7 ],
93 [ "4.1.4", "Valid DSA Signatures Test4", 0 ],
94 [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ],
95 [ "4.1.6", "Invalid DSA Signature Test6", 7 ],
96 [ "4.2", "Validity Periods" ],
97 [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ],
98 [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ],
99 [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ],
100 [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ],
101 [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ],
102 [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ],
103 [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ],
104 [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ],
105 [ "4.3", "Verifying Name Chaining" ],
106 [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ],
107 [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ],
108 [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ],
109 [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ],
110 [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ],
111 [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ],
112 [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
113 [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ],
114 [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ],
115 [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
116 [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ],
117 [ "4.4", "Basic Certificate Revocation Tests" ],
118 [ "4.4.1", "Missing CRL Test1", 3 ],
119 [ "4.4.2", "Invalid Revoked CA Test2", 23 ],
120 [ "4.4.3", "Invalid Revoked EE Test3", 23 ],
121 [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ],
122 [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
123 [ "4.4.6", "Invalid Wrong CRL Test6", 3 ],
124 [ "4.4.7", "Valid Two CRLs Test7", 0 ],
125
126 # The test document suggests these should return certificate revoked...
127 # Subsquent discussion has concluded they should not due to unhandle
128 # critical CRL extensions.
129 [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
130 [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ],
131
132 [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ],
133 [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ],
134 [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ],
135 [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ],
136 [ "4.4.14", "Valid Negative Serial Number Test14", 0 ],
137 [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ],
138 [ "4.4.16", "Valid Long Serial Number Test16", 0 ],
139 [ "4.4.17", "Valid Long Serial Number Test17", 0 ],
140 [ "4.4.18", "Invalid Long Serial Number Test18", 23 ],
141 [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ],
142 [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
143
144 # CRL path is revoked so get a CRL path validation error
145 [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ],
146 [ "4.5", "Verifying Paths with Self-Issued Certificates" ],
147 [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ],
148 [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ],
149 [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ],
150 [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ],
151 [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ],
152 [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ],
153 [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ],
154 [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ],
155 [ "4.6", "Verifying Basic Constraints" ],
156 [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ],
157 [ "4.6.2", "Invalid cA False Test2", 24 ],
158 [ "4.6.3", "Invalid cA False Test3", 24 ],
159 [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ],
160 [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ],
161 [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ],
162 [ "4.6.7", "Valid pathLenConstraint Test7", 0 ],
163 [ "4.6.8", "Valid pathLenConstraint Test8", 0 ],
164 [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ],
165 [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ],
166 [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ],
167 [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ],
168 [ "4.6.13", "Valid pathLenConstraint Test13", 0 ],
169 [ "4.6.14", "Valid pathLenConstraint Test14", 0 ],
170 [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ],
171 [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ],
172 [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ],
173 [ "4.7", "Key Usage" ],
174 [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ],
175 [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
176 [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ],
177 [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ],
178 [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ],
179
180 # Certificate policy tests need special handling. They can have several
181 # sub tests and we need to check the outputs are correct.
182
183 [ "4.8", "Certificate Policies" ],
184 [
185 "4.8.1.1",
186 "All Certificates Same Policy Test1",
187 "-policy anyPolicy -explicit_policy",
188 "True", $nist1, $nist1, 0
189 ],
190 [
191 "4.8.1.2",
192 "All Certificates Same Policy Test1",
193 "-policy $nist1 -explicit_policy",
194 "True", $nist1, $nist1, 0
195 ],
196 [
197 "4.8.1.3",
198 "All Certificates Same Policy Test1",
199 "-policy $nist2 -explicit_policy",
200 "True", $nist1, "<empty>", 43
201 ],
202 [
203 "4.8.1.4",
204 "All Certificates Same Policy Test1",
205 "-policy $nist1 -policy $nist2 -explicit_policy",
206 "True", $nist1, $nist1, 0
207 ],
208 [
209 "4.8.2.1",
210 "All Certificates No Policies Test2",
211 "-policy anyPolicy",
212 "False", "<empty>", "<empty>", 0
213 ],
214 [
215 "4.8.2.2",
216 "All Certificates No Policies Test2",
217 "-policy anyPolicy -explicit_policy",
218 "True", "<empty>", "<empty>", 43
219 ],
220 [
221 "4.8.3.1",
222 "Different Policies Test3",
223 "-policy anyPolicy",
224 "False", "<empty>", "<empty>", 0
225 ],
226 [
227 "4.8.3.2",
228 "Different Policies Test3",
229 "-policy anyPolicy -explicit_policy",
230 "True", "<empty>", "<empty>", 43
231 ],
232 [
233 "4.8.3.3",
234 "Different Policies Test3",
235 "-policy $nist1 -policy $nist2 -explicit_policy",
236 "True", "<empty>", "<empty>", 43
237 ],
238
239 [
240 "4.8.4",
241 "Different Policies Test4",
242 "-policy anyPolicy",
243 "True", "<empty>", "<empty>", 43
244 ],
245 [
246 "4.8.5",
247 "Different Policies Test5",
248 "-policy anyPolicy",
249 "True", "<empty>", "<empty>", 43
250 ],
251 [
252 "4.8.6.1",
253 "Overlapping Policies Test6",
254 "-policy anyPolicy",
255 "True", $nist1, $nist1, 0
256 ],
257 [
258 "4.8.6.2",
259 "Overlapping Policies Test6",
260 "-policy $nist1",
261 "True", $nist1, $nist1, 0
262 ],
263 [
264 "4.8.6.3",
265 "Overlapping Policies Test6",
266 "-policy $nist2",
267 "True", $nist1, "<empty>", 43
268 ],
269 [
270 "4.8.7",
271 "Different Policies Test7",
272 "-policy anyPolicy",
273 "True", "<empty>", "<empty>", 43
274 ],
275 [
276 "4.8.8",
277 "Different Policies Test8",
278 "-policy anyPolicy",
279 "True", "<empty>", "<empty>", 43
280 ],
281 [
282 "4.8.9",
283 "Different Policies Test9",
284 "-policy anyPolicy",
285 "True", "<empty>", "<empty>", 43
286 ],
287 [
288 "4.8.10.1",
289 "All Certificates Same Policies Test10",
290 "-policy $nist1",
291 "True", "$nist1:$nist2", "$nist1", 0
292 ],
293 [
294 "4.8.10.2",
295 "All Certificates Same Policies Test10",
296 "-policy $nist2",
297 "True", "$nist1:$nist2", "$nist2", 0
298 ],
299 [
300 "4.8.10.3",
301 "All Certificates Same Policies Test10",
302 "-policy anyPolicy",
303 "True", "$nist1:$nist2", "$nist1:$nist2", 0
304 ],
305 [
306 "4.8.11.1",
307 "All Certificates AnyPolicy Test11",
308 "-policy anyPolicy",
309 "True", "$apolicy", "$apolicy", 0
310 ],
311 [
312 "4.8.11.2",
313 "All Certificates AnyPolicy Test11",
314 "-policy $nist1",
315 "True", "$apolicy", "$nist1", 0
316 ],
317 [
318 "4.8.12",
319 "Different Policies Test12",
320 "-policy anyPolicy",
321 "True", "<empty>", "<empty>", 43
322 ],
323 [
324 "4.8.13.1",
325 "All Certificates Same Policies Test13",
326 "-policy $nist1",
327 "True", "$nist1:$nist2:$nist3", "$nist1", 0
328 ],
329 [
330 "4.8.13.2",
331 "All Certificates Same Policies Test13",
332 "-policy $nist2",
333 "True", "$nist1:$nist2:$nist3", "$nist2", 0
334 ],
335 [
336 "4.8.13.3",
337 "All Certificates Same Policies Test13",
338 "-policy $nist3",
339 "True", "$nist1:$nist2:$nist3", "$nist3", 0
340 ],
341 [
342 "4.8.14.1", "AnyPolicy Test14",
343 "-policy $nist1", "True",
344 "$nist1", "$nist1",
345 0
346 ],
347 [
348 "4.8.14.2", "AnyPolicy Test14",
349 "-policy $nist2", "True",
350 "$nist1", "<empty>",
351 43
352 ],
353 [
354 "4.8.15",
355 "User Notice Qualifier Test15",
356 "-policy anyPolicy",
357 "False", "$nist1", "$nist1", 0
358 ],
359 [
360 "4.8.16",
361 "User Notice Qualifier Test16",
362 "-policy anyPolicy",
363 "False", "$nist1", "$nist1", 0
364 ],
365 [
366 "4.8.17",
367 "User Notice Qualifier Test17",
368 "-policy anyPolicy",
369 "False", "$nist1", "$nist1", 0
370 ],
371 [
372 "4.8.18.1",
373 "User Notice Qualifier Test18",
374 "-policy $nist1",
375 "True", "$nist1:$nist2", "$nist1", 0
376 ],
377 [
378 "4.8.18.2",
379 "User Notice Qualifier Test18",
380 "-policy $nist2",
381 "True", "$nist1:$nist2", "$nist2", 0
382 ],
383 [
384 "4.8.19",
385 "User Notice Qualifier Test19",
386 "-policy anyPolicy",
387 "False", "$nist1", "$nist1", 0
388 ],
389 [
390 "4.8.20",
391 "CPS Pointer Qualifier Test20",
392 "-policy anyPolicy -explicit_policy",
393 "True", "$nist1", "$nist1", 0
394 ],
395 [ "4.9", "Require Explicit Policy" ],
396 [
397 "4.9.1",
398 "Valid RequireExplicitPolicy Test1",
399 "-policy anyPolicy",
400 "False", "<empty>", "<empty>", 0
401 ],
402 [
403 "4.9.2",
404 "Valid RequireExplicitPolicy Test2",
405 "-policy anyPolicy",
406 "False", "<empty>", "<empty>", 0
407 ],
408 [
409 "4.9.3",
410 "Invalid RequireExplicitPolicy Test3",
411 "-policy anyPolicy",
412 "True", "<empty>", "<empty>", 43
413 ],
414 [
415 "4.9.4",
416 "Valid RequireExplicitPolicy Test4",
417 "-policy anyPolicy",
418 "True", "$nist1", "$nist1", 0
419 ],
420 [
421 "4.9.5",
422 "Invalid RequireExplicitPolicy Test5",
423 "-policy anyPolicy",
424 "True", "<empty>", "<empty>", 43
425 ],
426 [
427 "4.9.6",
428 "Valid Self-Issued requireExplicitPolicy Test6",
429 "-policy anyPolicy",
430 "False", "<empty>", "<empty>", 0
431 ],
432 [
433 "4.9.7",
434 "Invalid Self-Issued requireExplicitPolicy Test7",
435 "-policy anyPolicy",
436 "True", "<empty>", "<empty>", 43
437 ],
438 [
439 "4.9.8",
440 "Invalid Self-Issued requireExplicitPolicy Test8",
441 "-policy anyPolicy",
442 "True", "<empty>", "<empty>", 43
443 ],
444 [ "4.10", "Policy Mappings" ],
445 [
446 "4.10.1.1",
447 "Valid Policy Mapping Test1",
448 "-policy $nist1",
449 "True", "$nist1", "$nist1", 0
450 ],
451 [
452 "4.10.1.2",
453 "Valid Policy Mapping Test1",
454 "-policy $nist2",
455 "True", "$nist1", "<empty>", 43
456 ],
457 [
458 "4.10.1.3",
459 "Valid Policy Mapping Test1",
460 "-policy anyPolicy -inhibit_map",
461 "True", "<empty>", "<empty>", 43
462 ],
463 [
464 "4.10.2.1",
465 "Invalid Policy Mapping Test2",
466 "-policy anyPolicy",
467 "True", "<empty>", "<empty>", 43
468 ],
469 [
470 "4.10.2.2",
471 "Invalid Policy Mapping Test2",
472 "-policy anyPolicy -inhibit_map",
473 "True", "<empty>", "<empty>", 43
474 ],
475 [
476 "4.10.3.1",
477 "Valid Policy Mapping Test3",
478 "-policy $nist1",
479 "True", "$nist2", "<empty>", 43
480 ],
481 [
482 "4.10.3.2",
483 "Valid Policy Mapping Test3",
484 "-policy $nist2",
485 "True", "$nist2", "$nist2", 0
486 ],
487 [
488 "4.10.4",
489 "Invalid Policy Mapping Test4",
490 "-policy anyPolicy",
491 "True", "<empty>", "<empty>", 43
492 ],
493 [
494 "4.10.5.1",
495 "Valid Policy Mapping Test5",
496 "-policy $nist1",
497 "True", "$nist1", "$nist1", 0
498 ],
499 [
500 "4.10.5.2",
501 "Valid Policy Mapping Test5",
502 "-policy $nist6",
503 "True", "$nist1", "<empty>", 43
504 ],
505 [
506 "4.10.6.1",
507 "Valid Policy Mapping Test6",
508 "-policy $nist1",
509 "True", "$nist1", "$nist1", 0
510 ],
511 [
512 "4.10.6.2",
513 "Valid Policy Mapping Test6",
514 "-policy $nist6",
515 "True", "$nist1", "<empty>", 43
516 ],
517 [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
518 [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ],
519 [
520 "4.10.9",
521 "Valid Policy Mapping Test9",
522 "-policy anyPolicy",
523 "True", "$nist1", "$nist1", 0
524 ],
525 [
526 "4.10.10",
527 "Invalid Policy Mapping Test10",
528 "-policy anyPolicy",
529 "True", "<empty>", "<empty>", 43
530 ],
531 [
532 "4.10.11",
533 "Valid Policy Mapping Test11",
534 "-policy anyPolicy",
535 "True", "$nist1", "$nist1", 0
536 ],
537
538 # TODO: check notice display
539 [
540 "4.10.12.1",
541 "Valid Policy Mapping Test12",
542 "-policy $nist1",
543 "True", "$nist1:$nist2", "$nist1", 0
544 ],
545
546 # TODO: check notice display
547 [
548 "4.10.12.2",
549 "Valid Policy Mapping Test12",
550 "-policy $nist2",
551 "True", "$nist1:$nist2", "$nist2", 0
552 ],
553 [
554 "4.10.13",
555 "Valid Policy Mapping Test13",
556 "-policy anyPolicy",
557 "True", "$nist1", "$nist1", 0
558 ],
559
560 # TODO: check notice display
561 [
562 "4.10.14",
563 "Valid Policy Mapping Test14",
564 "-policy anyPolicy",
565 "True", "$nist1", "$nist1", 0
566 ],
567 [ "4.11", "Inhibit Policy Mapping" ],
568 [
569 "4.11.1",
570 "Invalid inhibitPolicyMapping Test1",
571 "-policy anyPolicy",
572 "True", "<empty>", "<empty>", 43
573 ],
574 [
575 "4.11.2",
576 "Valid inhibitPolicyMapping Test2",
577 "-policy anyPolicy",
578 "True", "$nist1", "$nist1", 0
579 ],
580 [
581 "4.11.3",
582 "Invalid inhibitPolicyMapping Test3",
583 "-policy anyPolicy",
584 "True", "<empty>", "<empty>", 43
585 ],
586 [
587 "4.11.4",
588 "Valid inhibitPolicyMapping Test4",
589 "-policy anyPolicy",
590 "True", "$nist2", "$nist2", 0
591 ],
592 [
593 "4.11.5",
594 "Invalid inhibitPolicyMapping Test5",
595 "-policy anyPolicy",
596 "True", "<empty>", "<empty>", 43
597 ],
598 [
599 "4.11.6",
600 "Invalid inhibitPolicyMapping Test6",
601 "-policy anyPolicy",
602 "True", "<empty>", "<empty>", 43
603 ],
604 [
605 "4.11.7",
606 "Valid Self-Issued inhibitPolicyMapping Test7",
607 "-policy anyPolicy",
608 "True", "$nist1", "$nist1", 0
609 ],
610 [
611 "4.11.8",
612 "Invalid Self-Issued inhibitPolicyMapping Test8",
613 "-policy anyPolicy",
614 "True", "<empty>", "<empty>", 43
615 ],
616 [
617 "4.11.9",
618 "Invalid Self-Issued inhibitPolicyMapping Test9",
619 "-policy anyPolicy",
620 "True", "<empty>", "<empty>", 43
621 ],
622 [
623 "4.11.10",
624 "Invalid Self-Issued inhibitPolicyMapping Test10",
625 "-policy anyPolicy",
626 "True", "<empty>", "<empty>", 43
627 ],
628 [
629 "4.11.11",
630 "Invalid Self-Issued inhibitPolicyMapping Test11",
631 "-policy anyPolicy",
632 "True", "<empty>", "<empty>", 43
633 ],
634 [ "4.12", "Inhibit Any Policy" ],
635 [
636 "4.12.1",
637 "Invalid inhibitAnyPolicy Test1",
638 "-policy anyPolicy",
639 "True", "<empty>", "<empty>", 43
640 ],
641 [
642 "4.12.2",
643 "Valid inhibitAnyPolicy Test2",
644 "-policy anyPolicy",
645 "True", "$nist1", "$nist1", 0
646 ],
647 [
648 "4.12.3.1",
649 "inhibitAnyPolicy Test3",
650 "-policy anyPolicy",
651 "True", "$nist1", "$nist1", 0
652 ],
653 [
654 "4.12.3.2",
655 "inhibitAnyPolicy Test3",
656 "-policy anyPolicy -inhibit_any",
657 "True", "<empty>", "<empty>", 43
658 ],
659 [
660 "4.12.4",
661 "Invalid inhibitAnyPolicy Test4",
662 "-policy anyPolicy",
663 "True", "<empty>", "<empty>", 43
664 ],
665 [
666 "4.12.5",
667 "Invalid inhibitAnyPolicy Test5",
668 "-policy anyPolicy",
669 "True", "<empty>", "<empty>", 43
670 ],
671 [
672 "4.12.6",
673 "Invalid inhibitAnyPolicy Test6",
674 "-policy anyPolicy",
675 "True", "<empty>", "<empty>", 43
676 ],
677 [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ],
678 [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ],
679 [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ],
680 [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ],
681 [ "4.13", "Name Constraints" ],
682 [ "4.13.1", "Valid DN nameConstraints Test1", 0 ],
683 [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ],
684 [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ],
685 [ "4.13.4", "Valid DN nameConstraints Test4", 0 ],
686 [ "4.13.5", "Valid DN nameConstraints Test5", 0 ],
687 [ "4.13.6", "Valid DN nameConstraints Test6", 0 ],
688 [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ],
689 [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ],
690 [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ],
691 [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ],
692 [ "4.13.11", "Valid DN nameConstraints Test11", 0 ],
693 [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ],
694 [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ],
695 [ "4.13.14", "Valid DN nameConstraints Test14", 0 ],
696 [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ],
697 [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ],
698 [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ],
699 [ "4.13.18", "Valid DN nameConstraints Test18", 0 ],
700 [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ],
701 [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
702 [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ],
703 [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ],
704 [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ],
705 [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ],
706 [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ],
707 [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ],
708 [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ],
709 [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ],
710 [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ],
711 [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ],
712 [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ],
713 [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ],
714 [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ],
715 [ "4.13.34", "Valid URI nameConstraints Test34", 0 ],
716 [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ],
717 [ "4.13.36", "Valid URI nameConstraints Test36", 0 ],
718 [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ],
719 [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ],
720 [ "4.14", "Distribution Points" ],
721 [ "4.14.1", "Valid distributionPoint Test1", 0 ],
722 [ "4.14.2", "Invalid distributionPoint Test2", 23 ],
723 [ "4.14.3", "Invalid distributionPoint Test3", 44 ],
724 [ "4.14.4", "Valid distributionPoint Test4", 0 ],
725 [ "4.14.5", "Valid distributionPoint Test5", 0 ],
726 [ "4.14.6", "Invalid distributionPoint Test6", 23 ],
727 [ "4.14.7", "Valid distributionPoint Test7", 0 ],
728 [ "4.14.8", "Invalid distributionPoint Test8", 44 ],
729 [ "4.14.9", "Invalid distributionPoint Test9", 44 ],
730 [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ],
731 [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ],
732 [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ],
733 [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ],
734 [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ],
735 [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ],
736 [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ],
737 [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ],
738 [ "4.14.18", "Valid onlySomeReasons Test18", 0 ],
739 [ "4.14.19", "Valid onlySomeReasons Test19", 0 ],
740 [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ],
741 [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ],
742 [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ],
743 [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ],
744 [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ],
745 [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ],
746 [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ],
747 [ "4.14.27", "Invalid cRLIssuer Test27", 3 ],
748 [ "4.14.28", "Valid cRLIssuer Test28", 0 ],
749 [ "4.14.29", "Valid cRLIssuer Test29", 0 ],
750
751 # Although this test is valid it has a circular dependency. As a result
752 # an attempt is made to reursively checks a CRL path and rejected due to
753 # a CRL path validation error. PKITS notes suggest this test does not
754 # need to be run due to this issue.
755 [ "4.14.30", "Valid cRLIssuer Test30", 54 ],
756 [ "4.14.31", "Invalid cRLIssuer Test31", 23 ],
757 [ "4.14.32", "Invalid cRLIssuer Test32", 23 ],
758 [ "4.14.33", "Valid cRLIssuer Test33", 0 ],
759 [ "4.14.34", "Invalid cRLIssuer Test34", 23 ],
760 [ "4.14.35", "Invalid cRLIssuer Test35", 44 ],
761 [ "4.15", "Delta-CRLs" ],
762 [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ],
763 [ "4.15.2", "Valid delta-CRL Test2", 0 ],
764 [ "4.15.3", "Invalid delta-CRL Test3", 23 ],
765 [ "4.15.4", "Invalid delta-CRL Test4", 23 ],
766 [ "4.15.5", "Valid delta-CRL Test5", 0 ],
767 [ "4.15.6", "Invalid delta-CRL Test6", 23 ],
768 [ "4.15.7", "Valid delta-CRL Test7", 0 ],
769 [ "4.15.8", "Valid delta-CRL Test8", 0 ],
770 [ "4.15.9", "Invalid delta-CRL Test9", 23 ],
771 [ "4.15.10", "Invalid delta-CRL Test10", 12 ],
772 [ "4.16", "Private Certificate Extensions" ],
773 [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
774 [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ],
775);
776
777
778my $verbose = 1;
779
780my $numtest = 0;
781my $numfail = 0;
782
783my $ossl = "ossl/apps/openssl";
784
785my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
786$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
787
788# Check for expiry of trust anchor
789system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0";
790if ($? == 256)
791 {
792 print STDERR "WARNING: using older expired data\n";
793 $ossl_cmd .= "-attime 1291940972 ";
794 }
795
796$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
797
798system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
799
800die "Can't create trust anchor file" if $?;
801
802print "Running PKITS tests:\n" if $verbose;
803
804foreach (@testlists) {
805 my $argnum = @$_;
806 if ( $argnum == 2 ) {
807 my ( $tnum, $title ) = @$_;
808 print "$tnum $title\n" if $verbose;
809 }
810 elsif ( $argnum == 3 ) {
811 my ( $tnum, $title, $exp_ret ) = @$_;
812 my $filename = $title;
813 $exp_ret += 32 if $exp_ret;
814 $filename =~ tr/ -//d;
815 $filename = "Signed${filename}.eml";
816 if ( !-f "$pkitsdir/$filename" ) {
817 print "\"$filename\" not found\n";
818 }
819 else {
820 my $ret;
821 my $test_fail = 0;
822 my $errmsg = "";
823 my $cmd = $ossl_cmd;
824 $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
825 my $cmdout = `$cmd`;
826 $ret = $? >> 8;
827 if ( $? & 0xff ) {
828 $errmsg .= "Abnormal OpenSSL termination\n";
829 $test_fail = 1;
830 }
831 if ( $exp_ret != $ret ) {
832 $errmsg .= "Return code:$ret, ";
833 $errmsg .= "expected $exp_ret\n";
834 $test_fail = 1;
835 }
836 if ($test_fail) {
837 print "$tnum $title : Failed!\n";
838 print "Filename: $pkitsdir/$filename\n";
839 print $errmsg;
840 print "Command output:\n$cmdout\n";
841 $numfail++;
842 }
843 $numtest++;
844 }
845 }
846 elsif ( $argnum == 7 ) {
847 my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
848 = @$_;
849 my $filename = $title;
850 $exp_ret += 32 if $exp_ret;
851 $filename =~ tr/ -//d;
852 $filename = "Signed${filename}.eml";
853 if ( !-f "$pkitsdir/$filename" ) {
854 print "\"$filename\" not found\n";
855 }
856 else {
857 my $ret;
858 my $cmdout = "";
859 my $errmsg = "";
860 my $epol = "";
861 my $aset = "";
862 my $uset = "";
863 my $pol = -1;
864 my $test_fail = 0;
865 my $cmd = $ossl_cmd;
866 $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
867 @oparr = `$cmd`;
868 $ret = $? >> 8;
869
870 if ( $? & 0xff ) {
871 $errmsg .= "Abnormal OpenSSL termination\n";
872 $test_fail = 1;
873 }
874 foreach (@oparr) {
875 my $test_failed = 0;
876 $cmdout .= $_;
877 if (/^Require explicit Policy: (.*)$/) {
878 $epol = $1;
879 }
880 if (/^Authority Policies/) {
881 if (/empty/) {
882 $aset = "<empty>";
883 }
884 else {
885 $pol = 1;
886 }
887 }
888 $test_fail = 1 if (/leak/i);
889 if (/^User Policies/) {
890 if (/empty/) {
891 $uset = "<empty>";
892 }
893 else {
894 $pol = 2;
895 }
896 }
897 if (/\s+Policy: (.*)$/) {
898 if ( $pol == 1 ) {
899 $aset .= ":" if $aset ne "";
900 $aset .= $1;
901 }
902 elsif ( $pol == 2 ) {
903 $uset .= ":" if $uset ne "";
904 $uset .= $1;
905 }
906 }
907 }
908
909 if ( $epol ne $exp_epol ) {
910 $errmsg .= "Explicit policy:$epol, ";
911 $errmsg .= "expected $exp_epol\n";
912 $test_fail = 1;
913 }
914 if ( $aset ne $exp_aset ) {
915 $errmsg .= "Authority policy set :$aset, ";
916 $errmsg .= "expected $exp_aset\n";
917 $test_fail = 1;
918 }
919 if ( $uset ne $exp_uset ) {
920 $errmsg .= "User policy set :$uset, ";
921 $errmsg .= "expected $exp_uset\n";
922 $test_fail = 1;
923 }
924
925 if ( $exp_ret != $ret ) {
926 print "Return code:$ret, expected $exp_ret\n";
927 $test_fail = 1;
928 }
929
930 if ($test_fail) {
931 print "$tnum $title : Failed!\n";
932 print "Filename: $pkitsdir/$filename\n";
933 print "Command output:\n$cmdout\n";
934 $numfail++;
935 }
936 $numtest++;
937 }
938 }
939}
940
941if ($numfail) {
942 print "$numfail tests failed out of $numtest\n";
943}
944else {
945 print "All Tests Successful.\n";
946}
947
948unlink "pkitsta.pem";
949
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
deleted file mode 100644
index 0aadcdac16..0000000000
--- a/src/lib/libssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* $OpenBSD: r160test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
deleted file mode 100644
index e837c0b75b..0000000000
--- a/src/lib/libssl/test/smcont.txt
+++ /dev/null
@@ -1 +0,0 @@
1Some test content for OpenSSL CMS \ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
deleted file mode 100644
index d5677dbfbe..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa1.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
9YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
10C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
119fMUZq1v0ePD4Wo0Xkxo
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
25CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
267WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
27h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
284Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
31kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
32phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
33hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
deleted file mode 100644
index ef86c115d7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
9It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
10VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
11Nf8SimTZYB0/CKje6M5ufA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
25g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
266WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
27j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
28FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
29rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
30FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
31FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
326Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
33jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
deleted file mode 100644
index eeb848dabc..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
9GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
10TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
11Y+XZd0Sv69CatDIRYWvaIA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
25M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
26aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
27pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
28VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
31k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
32rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
33OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
deleted file mode 100644
index 249706c8c7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsap.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN DSA PARAMETERS-----
2MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
3Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
4gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
5qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
6Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
7GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
8Qw5z
9-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
deleted file mode 100644
index a59eb2684c..0000000000
--- a/src/lib/libssl/test/smime-certs/smroot.pem
+++ /dev/null
@@ -1,30 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
39Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
4speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
5AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
6JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
7xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
8U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
9Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
101tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
113Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
123ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
13U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
140J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
21ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
22wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
239HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
2481XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
25BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
26dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
27SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
28l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
29r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
30-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
deleted file mode 100644
index 2cf3148e33..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa1.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
3ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
4JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
5AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
6KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
7JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
8xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
9KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
10Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
11h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
12oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
13QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
14SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
23ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
24yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
28O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
299cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
30I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
deleted file mode 100644
index d41f69c82f..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa2.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
359i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
4WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
5AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
6+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
7dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
8bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
9QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
10M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
11iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
12A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
13jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
146rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
23eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
2400obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
28rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
29ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
30YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
deleted file mode 100644
index c8cbe55151..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa3.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
3ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
4h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
5AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
6iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
7/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
8ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
9hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
10OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
11RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
129XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
13GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
14VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
23Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
24Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
28tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
29jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
30PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 055269eab8..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl crl'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testcrl.pem
9fi
10
11echo testing crl conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index 10834442a1..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ ca ]
10default_ca = CA_default # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir = ./demoCA # Where everything is kept
16certs = $dir/certs # Where the issued certs are kept
17crl_dir = $dir/crl # Where the issued crl are kept
18database = $dir/index.txt # database index file.
19new_certs_dir = $dir/new_certs # default place for new certs.
20
21certificate = $dir/CAcert.pem # The CA certificate
22serial = $dir/serial # The current serial number
23crl = $dir/crl.pem # The current CRL
24private_key = $dir/private/CAkey.pem# The private key
25RANDFILE = $dir/private/.rand # private random number file
26
27default_days = 365 # how long to certify for
28default_crl_days= 30 # how long before next CRL
29default_md = md5 # which md to use.
30
31# A few difference way of specifying how similar the request should look
32# For type CA, the listed attributes must be the same, and the optional
33# and supplied fields are just that :-)
34policy = policy_match
35
36# For the CA policy
37[ policy_match ]
38countryName = match
39stateOrProvinceName = match
40organizationName = match
41organizationalUnitName = optional
42commonName = supplied
43emailAddress = optional
44
45# For the 'anything' policy
46# At this point in time, you must list all acceptable 'object'
47# types.
48[ policy_anything ]
49countryName = optional
50stateOrProvinceName = optional
51localityName = optional
52organizationName = optional
53organizationalUnitName = optional
54commonName = supplied
55emailAddress = optional
56
57####################################################################
58[ req ]
59default_bits = 1024
60default_keyfile = testkey.pem
61distinguished_name = req_distinguished_name
62encrypt_rsa_key = no
63
64[ req_distinguished_name ]
65countryName = Country Name (2 letter code)
66countryName_default = AU
67countryName_value = AU
68
69stateOrProvinceName = State or Province Name (full name)
70stateOrProvinceName_default = Queensland
71stateOrProvinceName_value =
72
73localityName = Locality Name (eg, city)
74localityName_value = Brisbane
75
76organizationName = Organization Name (eg, company)
77organizationName_default =
78organizationName_value = CryptSoft Pty Ltd
79
80organizationalUnitName = Organizational Unit Name (eg, section)
81organizationalUnitName_default =
82organizationalUnitName_value = .
83
84commonName = Common Name (eg, YOUR name)
85commonName_value = Eric Young
86
87emailAddress = Email Address
88emailAddress_value = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni
deleted file mode 100644
index e8fb63ee2b..0000000000
--- a/src/lib/libssl/test/test_aesni
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine aesni | grep -v no-aesni; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25 BUFSIZE="16 32 48 64 80 96 128 144 999"
26
27 nerr=0
28
29 for alg in $AES_ALGS; do
30 echo $alg
31 for bufsize in $BUFSIZE; do
32 TEST=`( cat $PROG | \
33 $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
34 $PROG enc -d -k "$HASH" -$alg | \
35 $PROG dgst -hex ) 2>/dev/null`
36 if [ "$TEST" != "$HASH" ]; then
37 echo "-$alg/$bufsize encrypt test failed"
38 nerr=`expr $nerr + 1`
39 fi
40 done
41 for bufsize in $BUFSIZE; do
42 TEST=`( cat $PROG | \
43 $PROG enc -e -k "$HASH" -$alg | \
44 $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
45 $PROG dgst -hex ) 2>/dev/null`
46 if [ "$TEST" != "$HASH" ]; then
47 echo "-$alg/$bufsize decrypt test failed"
48 nerr=`expr $nerr + 1`
49 fi
50 done
51 TEST=`( cat $PROG | \
52 $PROG enc -e -k "$HASH" -$alg -engine aesni | \
53 $PROG enc -d -k "$HASH" -$alg -engine aesni | \
54 $PROG dgst -hex ) 2>/dev/null`
55 if [ "$TEST" != "$HASH" ]; then
56 echo "-$alg en/decrypt test failed"
57 nerr=`expr $nerr + 1`
58 fi
59 done
60
61 if [ $nerr -gt 0 ]; then
62 echo "AESNI engine test failed."
63 exit 1;
64 fi
65else
66 echo "AESNI engine is not available"
67fi
68
69exit 0
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
deleted file mode 100755
index 5c0f21043c..0000000000
--- a/src/lib/libssl/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine padlock | grep -v no-ACE; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25
26 nerr=0
27
28 for alg in $ACE_ALGS; do
29 echo $alg
30 TEST=`( cat $PROG | \
31 $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
32 $PROG enc -d -k "$HASH" -$alg | \
33 $PROG dgst -hex ) 2>/dev/null`
34 if [ "$TEST" != "$HASH" ]; then
35 echo "-$alg encrypt test failed"
36 nerr=`expr $nerr + 1`
37 fi
38 TEST=`( cat $PROG | \
39 $PROG enc -e -k "$HASH" -$alg | \
40 $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
41 $PROG dgst -hex ) 2>/dev/null`
42 if [ "$TEST" != "$HASH" ]; then
43 echo "-$alg decrypt test failed"
44 nerr=`expr $nerr + 1`
45 fi
46 TEST=`( cat $PROG | \
47 $PROG enc -e -k "$HASH" -$alg -engine padlock | \
48 $PROG enc -d -k "$HASH" -$alg -engine padlock | \
49 $PROG dgst -hex ) 2>/dev/null`
50 if [ "$TEST" != "$HASH" ]; then
51 echo "-$alg en/decrypt test failed"
52 nerr=`expr $nerr + 1`
53 fi
54 done
55
56 if [ $nerr -gt 0 ]; then
57 echo "PadLock ACE test failed."
58 exit 1;
59 fi
60else
61 echo "PadLock ACE is not available"
62fi
63
64exit 0
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index b109cfe271..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
1#!/bin/sh
2
3SH="/bin/sh"
4if test "$OSTYPE" = msdosdjgpp; then
5 PATH="../apps\;$PATH"
6else
7 PATH="../apps:$PATH"
8fi
9export SH PATH
10
11SSLEAY_CONFIG="-config CAss.cnf"
12export SSLEAY_CONFIG
13
14OPENSSL="`pwd`/../util/opensslwrap.sh"
15export OPENSSL
16
17/bin/rm -fr demoCA
18$SH ../apps/CA.sh -newca <<EOF
19EOF
20
21if [ $? != 0 ]; then
22 exit 1;
23fi
24
25SSLEAY_CONFIG="-config Uss.cnf"
26export SSLEAY_CONFIG
27$SH ../apps/CA.sh -newreq
28if [ $? != 0 ]; then
29 exit 1;
30fi
31
32
33SSLEAY_CONFIG="-config ../apps/openssl.cnf"
34export SSLEAY_CONFIG
35$SH ../apps/CA.sh -sign <<EOF
36y
37y
38EOF
39if [ $? != 0 ]; then
40 exit 1;
41fi
42
43
44$SH ../apps/CA.sh -verify newcert.pem
45if [ $? != 0 ]; then
46 exit 1;
47fi
48
49/bin/rm -fr demoCA newcert.pem newreq.pem
50#usage: CA -newcert|-newreq|-newca|-sign|-verify
51
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN X509 CRL-----
2MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
3F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
4IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
5MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
6MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
7MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
8MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
9MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
10MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
11NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
12NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
13AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
14wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
15JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
16-----END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index f5ce7c0c45..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
1#!/bin/sh
2
3testsrc=Makefile
4test=./p
5cmd="../util/shlib_wrap.sh ../apps/openssl"
6
7cat $testsrc >$test;
8
9echo cat
10$cmd enc < $test > $test.cipher
11$cmd enc < $test.cipher >$test.clear
12cmp $test $test.clear
13if [ $? != 0 ]
14then
15 exit 1
16else
17 /bin/rm $test.cipher $test.clear
18fi
19echo base64
20$cmd enc -a -e < $test > $test.cipher
21$cmd enc -a -d < $test.cipher >$test.clear
22cmp $test $test.clear
23if [ $? != 0 ]
24then
25 exit 1
26else
27 /bin/rm $test.cipher $test.clear
28fi
29
30for i in `$cmd list-cipher-commands`
31do
32 echo $i
33 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
34 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
35 cmp $test $test.$i.clear
36 if [ $? != 0 ]
37 then
38 exit 1
39 else
40 /bin/rm $test.$i.cipher $test.$i.clear
41 fi
42
43 echo $i base64
44 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
45 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
46 cmp $test $test.$i.clear
47 if [ $? != 0 ]
48 then
49 exit 1
50 else
51 /bin/rm $test.$i.cipher $test.$i.clear
52 fi
53done
54rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/sh
2
3T=testcert
4KEY=512
5CA=../certs/testca.pem
6
7/bin/rm -f $T.1 $T.2 $T.key
8
9if test "$OSTYPE" = msdosdjgpp; then
10 PATH=../apps\;$PATH;
11else
12 PATH=../apps:$PATH;
13fi
14export PATH
15
16echo "generating certificate request"
17
18echo "string to make the random number generator think it has entropy" >> ./.rnd
19
20if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
21 req_new='-newkey dsa:../apps/dsa512.pem'
22else
23 req_new='-new'
24 echo "There should be a 2 sequences of .'s and some +'s."
25 echo "There should not be more that at most 80 per line"
26fi
27
28echo "This could take some time."
29
30rm -f testkey.pem testreq.pem
31
32../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
33if [ $? != 0 ]; then
34echo problems creating request
35exit 1
36fi
37
38../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
39if [ $? != 0 ]; then
40echo signature on req is wrong
41exit 1
42fi
43
44exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
1-----BEGIN PKCS7-----
2MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
3cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
4DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
5BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
6HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
7ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
8biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
9aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
10aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
11VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
12UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
13AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
14BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
15ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
16IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
17bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
18L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
19OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
20IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
21ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
22cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
23QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
24MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
25AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
26cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
27AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
28MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
29QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
30dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
31Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
32DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
33TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
34AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
352d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
3647ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
37MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
38QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
39AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
40ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
41BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
42ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
43MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
44sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
45XfZsaiiIgotQHjEA
46-----END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
3QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
4DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
5hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
6gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
7-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
3Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
4rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
5oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
6mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
7rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
8mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
1-----BEGIN SSL SESSION PARAMETERS-----
2MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
3bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
4ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
5YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
6A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
7LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
8CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
9TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
10hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
11CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
12-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
1#!/bin/sh
2
3digest='-sha1'
4reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
5x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
6verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
7dummycnf="../apps/openssl.cnf"
8
9CAkey="keyCA.ss"
10CAcert="certCA.ss"
11CAreq="reqCA.ss"
12CAconf="CAss.cnf"
13CAreq2="req2CA.ss" # temp
14
15Uconf="Uss.cnf"
16Ukey="keyU.ss"
17Ureq="reqU.ss"
18Ucert="certU.ss"
19
20P1conf="P1ss.cnf"
21P1key="keyP1.ss"
22P1req="reqP1.ss"
23P1cert="certP1.ss"
24P1intermediate="tmp_intP1.ss"
25
26P2conf="P2ss.cnf"
27P2key="keyP2.ss"
28P2req="reqP2.ss"
29P2cert="certP2.ss"
30P2intermediate="tmp_intP2.ss"
31
32echo
33echo "make a certificate request using 'req'"
34
35echo "string to make the random number generator think it has entropy" >> ./.rnd
36
37if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
38 req_new='-newkey dsa:../apps/dsa512.pem'
39else
40 req_new='-new'
41fi
42
43$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
44if [ $? != 0 ]; then
45 echo "error using 'req' to generate a certificate request"
46 exit 1
47fi
48echo
49echo "convert the certificate request into a self signed certificate using 'x509'"
50$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
51if [ $? != 0 ]; then
52 echo "error using 'x509' to self sign a certificate request"
53 exit 1
54fi
55
56echo
57echo "convert a certificate into a certificate request using 'x509'"
58$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
59if [ $? != 0 ]; then
60 echo "error using 'x509' convert a certificate to a certificate request"
61 exit 1
62fi
63
64$reqcmd -config $dummycnf -verify -in $CAreq -noout
65if [ $? != 0 ]; then
66 echo first generated request is invalid
67 exit 1
68fi
69
70$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
71if [ $? != 0 ]; then
72 echo second generated request is invalid
73 exit 1
74fi
75
76$verifycmd -CAfile $CAcert $CAcert
77if [ $? != 0 ]; then
78 echo first generated cert is invalid
79 exit 1
80fi
81
82echo
83echo "make a user certificate request using 'req'"
84$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
85if [ $? != 0 ]; then
86 echo "error using 'req' to generate a user certificate request"
87 exit 1
88fi
89
90echo
91echo "sign user certificate request with the just created CA via 'x509'"
92$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
93if [ $? != 0 ]; then
94 echo "error using 'x509' to sign a user certificate request"
95 exit 1
96fi
97
98$verifycmd -CAfile $CAcert $Ucert
99echo
100echo "Certificate details"
101$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
102
103echo
104echo "make a proxy certificate request using 'req'"
105$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
106if [ $? != 0 ]; then
107 echo "error using 'req' to generate a proxy certificate request"
108 exit 1
109fi
110
111echo
112echo "sign proxy certificate request with the just created user certificate via 'x509'"
113$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
114if [ $? != 0 ]; then
115 echo "error using 'x509' to sign a proxy certificate request"
116 exit 1
117fi
118
119cat $Ucert > $P1intermediate
120$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
121echo
122echo "Certificate details"
123$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
124
125echo
126echo "make another proxy certificate request using 'req'"
127$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
128if [ $? != 0 ]; then
129 echo "error using 'req' to generate another proxy certificate request"
130 exit 1
131fi
132
133echo
134echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
135$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
136if [ $? != 0 ]; then
137 echo "error using 'x509' to sign a second proxy certificate request"
138 exit 1
139fi
140
141cat $Ucert $P1cert > $P2intermediate
142$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
143echo
144echo "Certificate details"
145$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
146
147echo
148echo The generated CA certificate is $CAcert
149echo The generated CA private key is $CAkey
150
151echo The generated user certificate is $Ucert
152echo The generated user private key is $Ukey
153
154echo The first generated proxy certificate is $P1cert
155echo The first generated proxy private key is $P1key
156
157echo The second generated proxy certificate is $P2cert
158echo The second generated proxy private key is $P2key
159
160/bin/rm err.ss
161#/bin/rm $P1intermediate
162#/bin/rm $P2intermediate
163exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index 4e8542b556..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,178 +0,0 @@
1#!/bin/sh
2
3if [ "$1" = "" ]; then
4 key=../apps/server.pem
5else
6 key="$1"
7fi
8if [ "$2" = "" ]; then
9 cert=../apps/server.pem
10else
11 cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16 dsa_cert=YES
17else
18 dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22 CA="-CApath ../certs"
23else
24 CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28 extra=""
29else
30 extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42 echo test sslv2 with client authentication
43 $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45 echo test sslv2 with both client and server authentication
46 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2 via BIO pair
74$ssltest -bio_pair -ssl2 $extra || exit 1
75
76echo test sslv2 with server authentication via BIO pair
77$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78
79if [ $dsa_cert = NO ]; then
80 echo test sslv2 with client authentication via BIO pair
81 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82
83 echo test sslv2 with both client and server authentication via BIO pair
84 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85fi
86
87echo test sslv3 via BIO pair
88$ssltest -bio_pair -ssl3 $extra || exit 1
89
90echo test sslv3 with server authentication via BIO pair
91$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92
93echo test sslv3 with client authentication via BIO pair
94$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95
96echo test sslv3 with both client and server authentication via BIO pair
97$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 via BIO pair
100$ssltest $extra || exit 1
101
102if [ $dsa_cert = NO ]; then
103 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
104 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
105fi
106
107echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109
110echo test sslv2/sslv3 with server authentication
111$ssltest -bio_pair -server_auth $CA $extra || exit 1
112
113echo test sslv2/sslv3 with client authentication via BIO pair
114$ssltest -bio_pair -client_auth $CA $extra || exit 1
115
116echo test sslv2/sslv3 with both client and server authentication via BIO pair
117$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118
119echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121
122echo "Testing ciphersuites"
123for protocol in TLSv1.2 SSLv3; do
124 echo "Testing ciphersuites for $protocol"
125 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
126 echo "Testing $cipher"
127 prot=""
128 if [ $protocol = "SSLv3" ] ; then
129 prot="-ssl3"
130 fi
131 $ssltest -cipher $cipher $prot
132 if [ $? -ne 0 ] ; then
133 echo "Failed $cipher"
134 exit 1
135 fi
136 done
137done
138
139#############################################################################
140
141if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
142 echo skipping anonymous DH tests
143else
144 echo test tls1 with 1024bit anonymous DH, multiple handshakes
145 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
146fi
147
148if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
149 echo skipping RSA tests
150else
151 echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
152 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
153
154 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
155 echo skipping RSA+DHE tests
156 else
157 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
158 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
159 fi
160fi
161
162echo test tls1 with PSK
163$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
164
165echo test tls1 with PSK via BIO pair
166$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
167
168if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
169 echo skipping SRP tests
170else
171 echo test tls1 with SRP
172 $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
173
174 echo test tls1 with SRP via BIO pair
175 $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
176fi
177
178exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
1#! /bin/sh
2
3echo 'Testing a lot of proxy conditions.'
4echo 'Some of them may turn out being invalid, which is fine.'
5for auth in A B C BC; do
6 for cond in A B C 'A|B&!C'; do
7 sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
8 if [ $? = 3 ]; then exit 1; fi
9 done
10done
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
deleted file mode 100644
index bb653b5f73..0000000000
--- a/src/lib/libssl/test/testtsa
+++ /dev/null
@@ -1,238 +0,0 @@
1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
17# Because that's what ../apps/CA.sh really looks at
18SSLEAY_CONFIG="-config $OPENSSL_CONF"
19export SSLEAY_CONFIG
20
21OPENSSL="`pwd`/../util/opensslwrap.sh"
22export OPENSSL
23
24error () {
25
26 echo "TSA test failed!" >&2
27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
56 export INDEX
57 EXT=$2
58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
60
61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
69 test $? != 0 && error
70}
71
72print_request () {
73
74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75}
76
77create_time_stamp_request1 () {
78
79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93 test $? != 0 && error
94}
95
96print_response () {
97
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113 test $? != 0 && error
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119 test $? != 0 && error
120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121 test $? != 0 && error
122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140 test $? != 0 && error
141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
143 test $? != 0 && error
144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
154 test $? = 0 && error
155 echo Ok
156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
3BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
4MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
5RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
6AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
7/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
8Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
9zl9HYIMxATFyqSiD9jsx
10-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 6b66eb342e..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
1
2More number for the questions about SSL overheads....
3
4The following numbers were generated on a Pentium pro 200, running Linux.
5They give an indication of the SSL protocol and encryption overheads.
6
7The program that generated them is an unreleased version of ssl/ssltest.c
8which is the SSLeay ssl protocol testing program. It is a single process that
9talks both sides of the SSL protocol via a non-blocking memory buffer
10interface.
11
12How do I read this? The protocol and cipher are reasonable obvious.
13The next number is the number of connections being made. The next is the
14number of bytes exchanged between the client and server side of the protocol.
15This is the number of bytes that the client sends to the server, and then
16the server sends back. Because this is all happening in one process,
17the data is being encrypted, decrypted, encrypted and then decrypted again.
18It is a round trip of that many bytes. Because the one process performs
19both the client and server sides of the protocol and it sends this many bytes
20each direction, multiply this number by 4 to generate the number
21of bytes encrypted/decrypted/MACed. The first time value is how many seconds
22elapsed doing a full SSL handshake, the second is the cost of one
23full handshake and the rest being session-id reuse.
24
25SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
26SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
27SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
28SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
29SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
30SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
31SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
32
33SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
34SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
35SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
36SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
37SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
38SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
39
40SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
41SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
42SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
43SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
44SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
45SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
46SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
47
48SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
49SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
50SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
51SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
52SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
53SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
54SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
55
56What does this all mean? Well for a server, with no session-id reuse, with
57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
58a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
59about 49 connections a second. Reality will be quite different :-).
60
61Remember the first number is 1000 full ssl handshakes, the second is
621 full and 999 with session-id reuse. The RSA overheads for each exchange
63would be one public and one private operation, but the protocol/MAC/cipher
64cost would be quite similar in both the client and server.
65
66eric (adding numbers to speculation)
67
68--- Appendix ---
69- The time measured is user time but these number a very rough.
70- Remember this is the cost of both client and server sides of the protocol.
71- The TCP/kernel overhead of connection establishment is normally the
72 killer in SSL. Often delays in the TCP protocol will make session-id
73 reuse look slower that new sessions, but this would not be the case on
74 a loaded server.
75- The TCP round trip latencies, while slowing individual connections,
76 would have minimal impact on throughput.
77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
78- the required number of bytes are processed.
79- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
80- A 512bit server key was being used except where noted.
81- No server key verification was being performed on the client side of the
82 protocol. This would slow things down very little.
83- The library being used is SSLeay 0.8.x.
84- The normal measuring system was commands of the form
85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
86 This modified version of ssltest should be in the next public release of
87 SSLeay.
88
89The general cipher performance number for this platform are
90
91SSLeay 0.8.2a 04-Sep-1997
92built on Fri Sep 5 17:37:05 EST 1997
93options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
94C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
95The 'numbers' are in 1000s of bytes per second processed.
96type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
97md2 131.02k 368.41k 500.57k 549.21k 566.09k
98mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
99md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
100sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
101sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
102rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
103des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
104des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
105idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
106rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
107blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
108 sign verify
109rsa 512 bits 0.0100s 0.0011s
110rsa 1024 bits 0.0451s 0.0012s
111rsa 2048 bits 0.2605s 0.0086s
112rsa 4096 bits 1.6883s 0.0302s
113
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 3e435ffbf9..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testp7.pem
9fi
10
11echo testing pkcs7 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp fff.p f.p
36if [ $? != 0 ]; then exit 1; fi
37cmp fff.p ff.p1
38if [ $? != 0 ]; then exit 1; fi
39cmp fff.p ff.p3
40if [ $? != 0 ]; then exit 1; fi
41
42cmp f.p ff.p1
43if [ $? != 0 ]; then exit 1; fi
44cmp f.p ff.p3
45if [ $? != 0 ]; then exit 1; fi
46
47/bin/rm -f f.* ff.* fff.*
48exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e88f..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=pkcs7-1.pem
9fi
10
11echo "testing pkcs7 conversions (2)"
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp f.p ff.p1
36if [ $? != 0 ]; then exit 1; fi
37cmp f.p ff.p3
38if [ $? != 0 ]; then exit 1; fi
39
40/bin/rm -f f.* ff.* fff.*
41exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 77f37dcf3a..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testreq.pem
9fi
10
11if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
12 echo "skipping req conversion test for $t"
13 exit 0
14fi
15
16echo testing req conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -verify -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -verify -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 249ac1ddcc..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
4 echo skipping rsa conversion test
5 exit 0
6fi
7
8cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
9
10if [ "$1"x != "x" ]; then
11 t=$1
12else
13 t=testrsa.pem
14fi
15
16echo testing rsa conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index 6adbd531ce..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testsid.pem
9fi
10
11echo testing session-id conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 4a15b98d17..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl x509'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testx509.pem
9fi
10
11echo testing X509 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> n"
18$cmd -in fff.p -inform p -outform n >f.n
19if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27echo "n -> d"
28$cmd -in f.n -inform n -outform d >ff.d2
29if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34echo "d -> n"
35$cmd -in f.d -inform d -outform n >ff.n1
36if [ $? != 0 ]; then exit 1; fi
37echo "n -> n"
38$cmd -in f.n -inform n -outform n >ff.n2
39if [ $? != 0 ]; then exit 1; fi
40echo "p -> n"
41$cmd -in f.p -inform p -outform n >ff.n3
42if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47echo "n -> p"
48$cmd -in f.n -inform n -outform p >ff.p2
49if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58cmp fff.p ff.p2
59if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63cmp f.n ff.n1
64if [ $? != 0 ]; then exit 1; fi
65cmp f.n ff.n2
66if [ $? != 0 ]; then exit 1; fi
67cmp f.n ff.n3
68if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72cmp f.p ff.p2
73if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
3NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
4dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
5ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
6ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
7ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
8miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
9AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
10Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
11DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
12MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
13AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
14X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
15WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
3YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
4ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
5dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
6WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
7BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
8FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
96ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
10G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
11YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
12b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
13F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
14lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
15jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index e123117866..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,758 +0,0 @@
1/* $OpenBSD: tls1.h,v 1.28 2016/04/28 16:39:45 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#ifndef HEADER_TLS1_H
152#define HEADER_TLS1_H
153
154#include <openssl/buffer.h>
155
156#ifdef __cplusplus
157extern "C" {
158#endif
159
160#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
161
162#define TLS1_2_VERSION 0x0303
163#define TLS1_2_VERSION_MAJOR 0x03
164#define TLS1_2_VERSION_MINOR 0x03
165
166#define TLS1_1_VERSION 0x0302
167#define TLS1_1_VERSION_MAJOR 0x03
168#define TLS1_1_VERSION_MINOR 0x02
169
170#define TLS1_VERSION 0x0301
171#define TLS1_VERSION_MAJOR 0x03
172#define TLS1_VERSION_MINOR 0x01
173
174#define TLS1_get_version(s) \
175 ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
176
177#define TLS1_get_client_version(s) \
178 ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
179
180/*
181 * TLS Alert codes.
182 *
183 * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
184 */
185
186#define TLS1_AD_DECRYPTION_FAILED 21
187#define TLS1_AD_RECORD_OVERFLOW 22
188#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
189#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
190#define TLS1_AD_DECODE_ERROR 50 /* fatal */
191#define TLS1_AD_DECRYPT_ERROR 51
192#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
193#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
194#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
195#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
196/* Code 86 from RFC 7507. */
197#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */
198#define TLS1_AD_USER_CANCELLED 90
199#define TLS1_AD_NO_RENEGOTIATION 100
200/* Codes 110-114 from RFC 3546. */
201#define TLS1_AD_UNSUPPORTED_EXTENSION 110
202#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
203#define TLS1_AD_UNRECOGNIZED_NAME 112
204#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
205#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
206/* Code 115 from RFC 4279. */
207#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
208
209/*
210 * TLS ExtensionType values.
211 *
212 * https://www.iana.org/assignments/tls-extensiontype-values/
213 */
214
215/* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */
216#define TLSEXT_TYPE_server_name 0
217#define TLSEXT_TYPE_max_fragment_length 1
218#define TLSEXT_TYPE_client_certificate_url 2
219#define TLSEXT_TYPE_trusted_ca_keys 3
220#define TLSEXT_TYPE_truncated_hmac 4
221#define TLSEXT_TYPE_status_request 5
222
223/* ExtensionType values from RFC 4681. */
224#define TLSEXT_TYPE_user_mapping 6
225
226/* ExtensionType values from RFC 5878. */
227#define TLSEXT_TYPE_client_authz 7
228#define TLSEXT_TYPE_server_authz 8
229
230/* ExtensionType values from RFC 6091. */
231#define TLSEXT_TYPE_cert_type 9
232
233/* ExtensionType values from RFC 4492. */
234#define TLSEXT_TYPE_elliptic_curves 10
235#define TLSEXT_TYPE_ec_point_formats 11
236
237/* ExtensionType value from RFC 5054. */
238#define TLSEXT_TYPE_srp 12
239
240/* ExtensionType values from RFC 5246. */
241#define TLSEXT_TYPE_signature_algorithms 13
242
243/* ExtensionType value from RFC 5764. */
244#define TLSEXT_TYPE_use_srtp 14
245
246/* ExtensionType value from RFC 5620. */
247#define TLSEXT_TYPE_heartbeat 15
248
249/* ExtensionType value from RFC 7301. */
250#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
251
252/* ExtensionType value for TLS padding extension.
253 * (TEMPORARY - registered 2014-03-12, expires 2015-03-12)
254 * https://tools.ietf.org/html/draft-agl-tls-padding-03
255 */
256#define TLSEXT_TYPE_padding 21
257
258/* ExtensionType value from RFC 4507. */
259#define TLSEXT_TYPE_session_ticket 35
260
261/* Temporary extension type */
262#define TLSEXT_TYPE_renegotiate 0xff01
263
264/* This is not an IANA defined extension number */
265#define TLSEXT_TYPE_next_proto_neg 13172
266
267/* NameType value from RFC 3546. */
268#define TLSEXT_NAMETYPE_host_name 0
269/* status request value from RFC 3546 */
270#define TLSEXT_STATUSTYPE_ocsp 1
271
272/* ECPointFormat values from RFC 4492. */
273#define TLSEXT_ECPOINTFORMAT_first 0
274#define TLSEXT_ECPOINTFORMAT_uncompressed 0
275#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
276#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
277#define TLSEXT_ECPOINTFORMAT_last 2
278
279/* Signature and hash algorithms from RFC 5246. */
280
281#define TLSEXT_signature_anonymous 0
282#define TLSEXT_signature_rsa 1
283#define TLSEXT_signature_dsa 2
284#define TLSEXT_signature_ecdsa 3
285/* FIXME IANA */
286#define TLSEXT_signature_gostr01 237
287#define TLSEXT_signature_gostr12_256 238
288#define TLSEXT_signature_gostr12_512 239
289
290#define TLSEXT_hash_none 0
291#define TLSEXT_hash_md5 1
292#define TLSEXT_hash_sha1 2
293#define TLSEXT_hash_sha224 3
294#define TLSEXT_hash_sha256 4
295#define TLSEXT_hash_sha384 5
296#define TLSEXT_hash_sha512 6
297/* FIXME IANA */
298#define TLSEXT_hash_gost94 237
299#define TLSEXT_hash_streebog_256 238
300#define TLSEXT_hash_streebog_512 239
301
302#define TLSEXT_MAXLEN_host_name 255
303
304const char *SSL_get_servername(const SSL *s, const int type);
305int SSL_get_servername_type(const SSL *s);
306/* SSL_export_keying_material exports a value derived from the master secret,
307 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
308 * optional context. (Since a zero length context is allowed, the |use_context|
309 * flag controls whether a context is included.)
310 *
311 * It returns 1 on success and zero otherwise.
312 */
313int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
314 const char *label, size_t llen, const unsigned char *p, size_t plen,
315 int use_context);
316
317#define SSL_set_tlsext_host_name(s,name) \
318SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
319
320#define SSL_set_tlsext_debug_callback(ssl, cb) \
321SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
322
323#define SSL_set_tlsext_debug_arg(ssl, arg) \
324SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
325
326#define SSL_set_tlsext_status_type(ssl, type) \
327SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
328
329#define SSL_get_tlsext_status_exts(ssl, arg) \
330SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
331
332#define SSL_set_tlsext_status_exts(ssl, arg) \
333SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
334
335#define SSL_get_tlsext_status_ids(ssl, arg) \
336SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
337
338#define SSL_set_tlsext_status_ids(ssl, arg) \
339SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
340
341#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
342SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
343
344#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
345SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
346
347#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
348SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
349
350#define SSL_TLSEXT_ERR_OK 0
351#define SSL_TLSEXT_ERR_ALERT_WARNING 1
352#define SSL_TLSEXT_ERR_ALERT_FATAL 2
353#define SSL_TLSEXT_ERR_NOACK 3
354
355#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
356SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
357
358#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
359 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
360#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
361 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
362
363#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
364SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
365
366#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
367SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
368
369#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
370SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
371
372/* PSK ciphersuites from RFC 4279. */
373#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
374#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
375#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
376#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
377
378/* Additional TLS ciphersuites from expired Internet Draft
379 * draft-ietf-tls-56-bit-ciphersuites-01.txt
380 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
381 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
382 * shouldn't. Note that the first two are actually not in the IDs. */
383#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */
384#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
385#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
386#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
387#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
388#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
389#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
390
391/* AES ciphersuites from RFC 3268. */
392
393#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
394#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
395#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
396#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
397#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
398#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
399
400#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
401#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
402#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
403#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
404#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
405#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
406
407/* TLS v1.2 ciphersuites */
408#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
409#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
410#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
411#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
412#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
413#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
414
415/* Camellia ciphersuites from RFC 4132. */
416#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
417#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
418#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
419#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
420#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
421#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
422
423/* TLS v1.2 ciphersuites */
424#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
425#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
426#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
427#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
428#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
429#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
430#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
431
432/* Camellia ciphersuites from RFC 4132. */
433#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
434#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
435#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
436#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
437#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
438#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
439
440/* SEED ciphersuites from RFC 4162. */
441#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
442#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
443#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
444#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
445#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
446#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
447
448/* TLS v1.2 GCM ciphersuites from RFC 5288. */
449#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
450#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
451#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
452#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
453#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
454#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
455#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
456#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
457#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
458#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
459#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
460#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
461
462/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
463#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA
464#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB
465#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC
466#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD
467#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE
468#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF
469
470#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0
471#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1
472#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2
473#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3
474#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4
475#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5
476
477/* ECC ciphersuites from RFC 4492. */
478#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
479#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
480#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
481#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
482#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
483
484#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
485#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
486#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
487#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
488#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
489
490#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
491#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
492#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
493#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
494#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
495
496#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
497#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
498#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
499#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
500#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
501
502#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
503#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
504#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
505#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
506#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
507
508/* SRP ciphersuites from RFC 5054. */
509#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
510#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
511#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
512#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
513#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
514#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
515#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
516#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
517#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
518
519/* ECDH HMAC based ciphersuites from RFC 5289. */
520#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
521#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
522#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
523#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
524#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
525#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
526#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
527#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
528
529/* ECDH GCM based ciphersuites from RFC 5289. */
530#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
531#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
532#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
533#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
534#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
535#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
536#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
537#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
538
539/* ChaCha20-Poly1305 based ciphersuites. */
540#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC13
541#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD 0x0300CC14
542#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC15
543#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CCA8
544#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CCA9
545#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CCAA
546
547#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
548#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
549#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
550#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
551#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
552#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
553#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
554
555/* AES ciphersuites from RFC 3268. */
556#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
557#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
558#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
559#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
560#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
561#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
562
563#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
564#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
565#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
566#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
567#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
568#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
569
570/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
571#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
572#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
573#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
574#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
575#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
576
577#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
578#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
579#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
580#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
581#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
582
583#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
584#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
585#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
586#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
587#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
588
589#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
590#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
591#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
592#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
593#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
594
595#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
596#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
597#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
598#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
599#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
600
601/* PSK ciphersuites from RFC 4279. */
602#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
603#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
604#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
605#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
606
607/* SRP ciphersuite from RFC 5054. */
608#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
609#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
610#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
611#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
612#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
613#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
614#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
615#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
616#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
617
618/* Camellia ciphersuites from RFC 4132. */
619#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
620#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
621#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
622#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
623#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
624#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
625
626#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
627#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
628#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
629#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
630#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
631#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
632
633/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
634#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256"
635#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256"
636#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256"
637#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256"
638#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256"
639#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256"
640
641#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256"
642#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256"
643#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256"
644#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256"
645#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256"
646#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256"
647
648/* SEED ciphersuites from RFC 4162. */
649#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
650#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
651#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
652#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
653#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
654#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
655
656/* TLS v1.2 ciphersuites. */
657#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
658#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
659#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
660#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
661#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
662#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
663#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
664#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
665#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
666#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
667#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
668#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
669#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
670
671/* TLS v1.2 GCM ciphersuites from RFC 5288. */
672#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
673#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
674#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
675#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
676#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
677#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
678#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
679#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
680#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
681#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
682#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
683#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
684
685/* ECDH HMAC based ciphersuites from RFC 5289. */
686
687#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
688#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
689#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
690#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
691#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
692#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
693#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
694#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
695
696/* ECDH GCM based ciphersuites from RFC 5289. */
697#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
698#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
699#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256"
700#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384"
701#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
702#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
703#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
704#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
705
706/* ChaCha20-Poly1305 based ciphersuites. */
707#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD "ECDHE-RSA-CHACHA20-POLY1305-OLD"
708#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD "ECDHE-ECDSA-CHACHA20-POLY1305-OLD"
709#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD "DHE-RSA-CHACHA20-POLY1305-OLD"
710#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
711#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
712#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
713
714#define TLS_CT_RSA_SIGN 1
715#define TLS_CT_DSS_SIGN 2
716#define TLS_CT_RSA_FIXED_DH 3
717#define TLS_CT_DSS_FIXED_DH 4
718#define TLS_CT_ECDSA_SIGN 64
719#define TLS_CT_RSA_FIXED_ECDH 65
720#define TLS_CT_ECDSA_FIXED_ECDH 66
721#define TLS_CT_GOST94_SIGN 21
722#define TLS_CT_GOST01_SIGN 22
723#define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */
724#define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */
725/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
726 * comment there) */
727#define TLS_CT_NUMBER 11
728
729#define TLS1_FINISH_MAC_LENGTH 12
730
731#define TLS_MD_MAX_CONST_SIZE 20
732#define TLS_MD_CLIENT_FINISH_CONST "client finished"
733#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
734#define TLS_MD_SERVER_FINISH_CONST "server finished"
735#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
736#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
737#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
738#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
739#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
740#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
741#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
742#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
743#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
744#define TLS_MD_IV_BLOCK_CONST "IV block"
745#define TLS_MD_IV_BLOCK_CONST_SIZE 8
746#define TLS_MD_MASTER_SECRET_CONST "master secret"
747#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
748
749/* TLS Session Ticket extension struct. */
750struct tls_session_ticket_ext_st {
751 unsigned short length;
752 void *data;
753};
754
755#ifdef __cplusplus
756}
757#endif
758#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-10 22:07:26 +0000