summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2010-07-28 09:00:21 +0000
committercvs2svn <admin@example.com>2010-07-28 09:00:21 +0000
commit5ddaa036d8d4dbc19363c6710257163923c0cd40 (patch)
treea3c06ac6c5718f455db47eeb67025a4ec403a055 /src/lib/libssl
parentb8cf097636fac0ceae64ef6eaea1e283d31c6d71 (diff)
downloadopenbsd-OPENBSD_4_8_BASE.tar.gz
openbsd-OPENBSD_4_8_BASE.tar.bz2
openbsd-OPENBSD_4_8_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_4_8_BASE'.OPENBSD_4_8_BASE
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/LICENSE127
-rw-r--r--src/lib/libssl/bio_ssl.c598
-rw-r--r--src/lib/libssl/d1_both.c1193
-rw-r--r--src/lib/libssl/d1_clnt.c1155
-rw-r--r--src/lib/libssl/d1_enc.c286
-rw-r--r--src/lib/libssl/d1_lib.c211
-rw-r--r--src/lib/libssl/d1_meth.c77
-rw-r--r--src/lib/libssl/d1_pkt.c1792
-rw-r--r--src/lib/libssl/d1_srvr.c1147
-rw-r--r--src/lib/libssl/doc/openssl.cnf313
-rw-r--r--src/lib/libssl/doc/openssl.txt1254
-rw-r--r--src/lib/libssl/doc/standards.txt281
-rw-r--r--src/lib/libssl/dtls1.h218
-rw-r--r--src/lib/libssl/s23_clnt.c615
-rw-r--r--src/lib/libssl/s23_lib.c198
-rw-r--r--src/lib/libssl/s23_pkt.c117
-rw-r--r--src/lib/libssl/s23_srvr.c581
-rw-r--r--src/lib/libssl/s3_both.c622
-rw-r--r--src/lib/libssl/s3_clnt.c2744
-rw-r--r--src/lib/libssl/s3_lib.c2626
-rw-r--r--src/lib/libssl/s3_pkt.c1328
-rw-r--r--src/lib/libssl/s3_srvr.c2853
-rw-r--r--src/lib/libssl/shlib_version2
-rw-r--r--src/lib/libssl/ssl.h2075
-rw-r--r--src/lib/libssl/ssl2.h268
-rw-r--r--src/lib/libssl/ssl23.h83
-rw-r--r--src/lib/libssl/ssl3.h566
-rw-r--r--src/lib/libssl/ssl_algs.c132
-rw-r--r--src/lib/libssl/ssl_asn1.c500
-rw-r--r--src/lib/libssl/ssl_cert.c829
-rw-r--r--src/lib/libssl/ssl_ciph.c1387
-rw-r--r--src/lib/libssl/ssl_err.c518
-rw-r--r--src/lib/libssl/ssl_err2.c70
-rw-r--r--src/lib/libssl/ssl_lib.c2703
-rw-r--r--src/lib/libssl/ssl_locl.h982
-rw-r--r--src/lib/libssl/ssl_rsa.c779
-rw-r--r--src/lib/libssl/ssl_sess.c906
-rw-r--r--src/lib/libssl/ssl_stat.c506
-rw-r--r--src/lib/libssl/ssl_txt.c203
-rw-r--r--src/lib/libssl/t1_clnt.c79
-rw-r--r--src/lib/libssl/t1_enc.c872
-rw-r--r--src/lib/libssl/t1_lib.c878
-rw-r--r--src/lib/libssl/t1_meth.c76
-rw-r--r--src/lib/libssl/t1_srvr.c80
-rw-r--r--src/lib/libssl/test/CAss.cnf76
-rw-r--r--src/lib/libssl/test/CAssdh.cnf24
-rw-r--r--src/lib/libssl/test/CAssdsa.cnf23
-rw-r--r--src/lib/libssl/test/CAssrsa.cnf24
-rw-r--r--src/lib/libssl/test/P1ss.cnf37
-rw-r--r--src/lib/libssl/test/P2ss.cnf45
-rw-r--r--src/lib/libssl/test/Sssdsa.cnf27
-rw-r--r--src/lib/libssl/test/Sssrsa.cnf26
-rw-r--r--src/lib/libssl/test/Uss.cnf36
-rw-r--r--src/lib/libssl/test/VMSca-response.11
-rw-r--r--src/lib/libssl/test/VMSca-response.22
-rw-r--r--src/lib/libssl/test/bctest111
-rw-r--r--src/lib/libssl/test/cms-examples.pl409
-rw-r--r--src/lib/libssl/test/cms-test.pl453
-rw-r--r--src/lib/libssl/test/methtest.c105
-rw-r--r--src/lib/libssl/test/pkcs7-1.pem15
-rw-r--r--src/lib/libssl/test/pkcs7.pem54
-rw-r--r--src/lib/libssl/test/r160test.c57
-rw-r--r--src/lib/libssl/test/smcont.txt1
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa1.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa2.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa3.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsap.pem9
-rw-r--r--src/lib/libssl/test/smime-certs/smroot.pem30
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa1.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa2.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa3.pem31
-rw-r--r--src/lib/libssl/test/tcrl78
-rw-r--r--src/lib/libssl/test/test.cnf88
-rw-r--r--src/lib/libssl/test/test_aesni69
-rw-r--r--src/lib/libssl/test/testca51
-rw-r--r--src/lib/libssl/test/testcrl.pem16
-rw-r--r--src/lib/libssl/test/testenc54
-rw-r--r--src/lib/libssl/test/testgen44
-rw-r--r--src/lib/libssl/test/testp7.pem46
-rw-r--r--src/lib/libssl/test/testreq2.pem7
-rw-r--r--src/lib/libssl/test/testrsa.pem9
-rw-r--r--src/lib/libssl/test/testsid.pem12
-rw-r--r--src/lib/libssl/test/testss163
-rw-r--r--src/lib/libssl/test/testssl145
-rw-r--r--src/lib/libssl/test/testsslproxy10
-rw-r--r--src/lib/libssl/test/testx509.pem10
-rw-r--r--src/lib/libssl/test/times113
-rw-r--r--src/lib/libssl/test/tpkcs748
-rw-r--r--src/lib/libssl/test/tpkcs7d41
-rw-r--r--src/lib/libssl/test/treq83
-rw-r--r--src/lib/libssl/test/trsa83
-rw-r--r--src/lib/libssl/test/tsid78
-rw-r--r--src/lib/libssl/test/tx50978
-rw-r--r--src/lib/libssl/test/v3-cert1.pem16
-rw-r--r--src/lib/libssl/test/v3-cert2.pem16
-rw-r--r--src/lib/libssl/tls1.h407
96 files changed, 0 insertions, 38355 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index a2c4adcbe6..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,127 +0,0 @@
1
2 LICENSE ISSUES
3 ==============
4
5 The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
6 the OpenSSL License and the original SSLeay license apply to the toolkit.
7 See below for the actual license texts. Actually both licenses are BSD-style
8 Open Source licenses. In case of any license issues related to OpenSSL
9 please contact openssl-core@openssl.org.
10
11 OpenSSL License
12 ---------------
13
14/* ====================================================================
15 * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 *
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 *
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in
26 * the documentation and/or other materials provided with the
27 * distribution.
28 *
29 * 3. All advertising materials mentioning features or use of this
30 * software must display the following acknowledgment:
31 * "This product includes software developed by the OpenSSL Project
32 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
33 *
34 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
35 * endorse or promote products derived from this software without
36 * prior written permission. For written permission, please contact
37 * openssl-core@openssl.org.
38 *
39 * 5. Products derived from this software may not be called "OpenSSL"
40 * nor may "OpenSSL" appear in their names without prior written
41 * permission of the OpenSSL Project.
42 *
43 * 6. Redistributions of any form whatsoever must retain the following
44 * acknowledgment:
45 * "This product includes software developed by the OpenSSL Project
46 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
49 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
51 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
52 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
54 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
55 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
57 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
59 * OF THE POSSIBILITY OF SUCH DAMAGE.
60 * ====================================================================
61 *
62 * This product includes cryptographic software written by Eric Young
63 * (eay@cryptsoft.com). This product includes software written by Tim
64 * Hudson (tjh@cryptsoft.com).
65 *
66 */
67
68 Original SSLeay License
69 -----------------------
70
71/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
72 * All rights reserved.
73 *
74 * This package is an SSL implementation written
75 * by Eric Young (eay@cryptsoft.com).
76 * The implementation was written so as to conform with Netscapes SSL.
77 *
78 * This library is free for commercial and non-commercial use as long as
79 * the following conditions are aheared to. The following conditions
80 * apply to all code found in this distribution, be it the RC4, RSA,
81 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
82 * included with this distribution is covered by the same copyright terms
83 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
84 *
85 * Copyright remains Eric Young's, and as such any Copyright notices in
86 * the code are not to be removed.
87 * If this package is used in a product, Eric Young should be given attribution
88 * as the author of the parts of the library used.
89 * This can be in the form of a textual message at program startup or
90 * in documentation (online or textual) provided with the package.
91 *
92 * Redistribution and use in source and binary forms, with or without
93 * modification, are permitted provided that the following conditions
94 * are met:
95 * 1. Redistributions of source code must retain the copyright
96 * notice, this list of conditions and the following disclaimer.
97 * 2. Redistributions in binary form must reproduce the above copyright
98 * notice, this list of conditions and the following disclaimer in the
99 * documentation and/or other materials provided with the distribution.
100 * 3. All advertising materials mentioning features or use of this software
101 * must display the following acknowledgement:
102 * "This product includes cryptographic software written by
103 * Eric Young (eay@cryptsoft.com)"
104 * The word 'cryptographic' can be left out if the rouines from the library
105 * being used are not cryptographic related :-).
106 * 4. If you include any Windows specific code (or a derivative thereof) from
107 * the apps directory (application code) you must include an acknowledgement:
108 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
109 *
110 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
111 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
112 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
113 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
114 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
115 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
116 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
117 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
118 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
119 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
120 * SUCH DAMAGE.
121 *
122 * The licence and distribution terms for any publically available version or
123 * derivative of this code cannot be changed. i.e. this code cannot simply be
124 * copied and put under another distribution licence
125 * [including the GNU Public Licence.]
126 */
127
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index 420deb7fc9..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,598 +0,0 @@
1/* ssl/bio_ssl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <errno.h>
63#include <openssl/crypto.h>
64#include <openssl/bio.h>
65#include <openssl/err.h>
66#include <openssl/ssl.h>
67
68static int ssl_write(BIO *h, const char *buf, int num);
69static int ssl_read(BIO *h, char *buf, int size);
70static int ssl_puts(BIO *h, const char *str);
71static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st
76 {
77 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates;
80 unsigned long renegotiate_count;
81 unsigned long byte_count;
82 unsigned long renegotiate_timeout;
83 unsigned long last_time;
84 } BIO_SSL;
85
86static BIO_METHOD methods_sslp=
87 {
88 BIO_TYPE_SSL,"ssl",
89 ssl_write,
90 ssl_read,
91 ssl_puts,
92 NULL, /* ssl_gets, */
93 ssl_ctrl,
94 ssl_new,
95 ssl_free,
96 ssl_callback_ctrl,
97 };
98
99BIO_METHOD *BIO_f_ssl(void)
100 {
101 return(&methods_sslp);
102 }
103
104static int ssl_new(BIO *bi)
105 {
106 BIO_SSL *bs;
107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL)
110 {
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 }
120
121static int ssl_free(BIO *a)
122 {
123 BIO_SSL *bs;
124
125 if (a == NULL) return(0);
126 bs=(BIO_SSL *)a->ptr;
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
128 if (a->shutdown)
129 {
130 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl);
132 a->init=0;
133 a->flags=0;
134 }
135 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr);
137 return(1);
138 }
139
140static int ssl_read(BIO *b, char *out, int outl)
141 {
142 int ret=1;
143 BIO_SSL *sb;
144 SSL *ssl;
145 int retry_reason=0;
146 int r=0;
147
148 if (out == NULL) return(0);
149 sb=(BIO_SSL *)b->ptr;
150 ssl=sb->ssl;
151
152 BIO_clear_retry_flags(b);
153
154#if 0
155 if (!SSL_is_init_finished(ssl))
156 {
157/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0)
159 {
160
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1;
163 goto end;
164 }
165 }
166#endif
167/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl);
169
170 switch (SSL_get_error(ssl,ret))
171 {
172 case SSL_ERROR_NONE:
173 if (ret <= 0) break;
174 if (sb->renegotiate_count > 0)
175 {
176 sb->byte_count+=ret;
177 if (sb->byte_count > sb->renegotiate_count)
178 {
179 sb->byte_count=0;
180 sb->num_renegotiates++;
181 SSL_renegotiate(ssl);
182 r=1;
183 }
184 }
185 if ((sb->renegotiate_timeout > 0) && (!r))
186 {
187 unsigned long tm;
188
189 tm=(unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout)
191 {
192 sb->last_time=tm;
193 sb->num_renegotiates++;
194 SSL_renegotiate(ssl);
195 }
196 }
197
198 break;
199 case SSL_ERROR_WANT_READ:
200 BIO_set_retry_read(b);
201 break;
202 case SSL_ERROR_WANT_WRITE:
203 BIO_set_retry_write(b);
204 break;
205 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP;
208 break;
209 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT;
212 break;
213 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT;
216 break;
217 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN:
220 default:
221 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 }
227
228static int ssl_write(BIO *b, const char *out, int outl)
229 {
230 int ret,r=0;
231 int retry_reason=0;
232 SSL *ssl;
233 BIO_SSL *bs;
234
235 if (out == NULL) return(0);
236 bs=(BIO_SSL *)b->ptr;
237 ssl=bs->ssl;
238
239 BIO_clear_retry_flags(b);
240
241/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl);
244
245 switch (SSL_get_error(ssl,ret))
246 {
247 case SSL_ERROR_NONE:
248 if (ret <= 0) break;
249 if (bs->renegotiate_count > 0)
250 {
251 bs->byte_count+=ret;
252 if (bs->byte_count > bs->renegotiate_count)
253 {
254 bs->byte_count=0;
255 bs->num_renegotiates++;
256 SSL_renegotiate(ssl);
257 r=1;
258 }
259 }
260 if ((bs->renegotiate_timeout > 0) && (!r))
261 {
262 unsigned long tm;
263
264 tm=(unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout)
266 {
267 bs->last_time=tm;
268 bs->num_renegotiates++;
269 SSL_renegotiate(ssl);
270 }
271 }
272 break;
273 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b);
275 break;
276 case SSL_ERROR_WANT_READ:
277 BIO_set_retry_read(b);
278 break;
279 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP;
282 break;
283 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL:
288 default:
289 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 }
295
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
297 {
298 SSL **sslp,*ssl;
299 BIO_SSL *bs;
300 BIO *dbio,*bio;
301 long ret=1;
302
303 bs=(BIO_SSL *)b->ptr;
304 ssl=bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0);
307 switch (cmd)
308 {
309 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl);
311
312 if (ssl->handshake_func == ssl->method->ssl_connect)
313 SSL_set_connect_state(ssl);
314 else if (ssl->handshake_func == ssl->method->ssl_accept)
315 SSL_set_accept_state(ssl);
316
317 SSL_clear(ssl);
318
319 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
321 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
323 else
324 ret=1;
325 break;
326 case BIO_CTRL_INFO:
327 ret=0;
328 break;
329 case BIO_C_SSL_MODE:
330 if (num) /* client mode */
331 SSL_set_connect_state(ssl);
332 else
333 SSL_set_accept_state(ssl);
334 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout;
337 if (num < 60) num=5;
338 bs->renegotiate_timeout=(unsigned long)num;
339 bs->last_time=(unsigned long)time(NULL);
340 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count;
343 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num;
345 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates;
348 break;
349 case BIO_C_SET_SSL:
350 if (ssl != NULL)
351 ssl_free(b);
352 b->shutdown=(int)num;
353 ssl=(SSL *)ptr;
354 ((BIO_SSL *)b->ptr)->ssl=ssl;
355 bio=SSL_get_rbio(ssl);
356 if (bio != NULL)
357 {
358 if (b->next_bio != NULL)
359 BIO_push(bio,b->next_bio);
360 b->next_bio=bio;
361 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
362 }
363 b->init=1;
364 break;
365 case BIO_C_GET_SSL:
366 if (ptr != NULL)
367 {
368 sslp=(SSL **)ptr;
369 *sslp=ssl;
370 }
371 else
372 ret=0;
373 break;
374 case BIO_CTRL_GET_CLOSE:
375 ret=b->shutdown;
376 break;
377 case BIO_CTRL_SET_CLOSE:
378 b->shutdown=(int)num;
379 break;
380 case BIO_CTRL_WPENDING:
381 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
382 break;
383 case BIO_CTRL_PENDING:
384 ret=SSL_pending(ssl);
385 if (ret == 0)
386 ret=BIO_pending(ssl->rbio);
387 break;
388 case BIO_CTRL_FLUSH:
389 BIO_clear_retry_flags(b);
390 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
391 BIO_copy_next_retry(b);
392 break;
393 case BIO_CTRL_PUSH:
394 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
395 {
396 SSL_set_bio(ssl,b->next_bio,b->next_bio);
397 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
398 }
399 break;
400 case BIO_CTRL_POP:
401 /* ugly bit of a hack */
402 if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
403 {
404 BIO_free_all(ssl->wbio);
405 }
406 if (b->next_bio != NULL)
407 {
408 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
409 }
410 ssl->wbio=NULL;
411 ssl->rbio=NULL;
412 break;
413 case BIO_C_DO_STATE_MACHINE:
414 BIO_clear_retry_flags(b);
415
416 b->retry_reason=0;
417 ret=(int)SSL_do_handshake(ssl);
418
419 switch (SSL_get_error(ssl,(int)ret))
420 {
421 case SSL_ERROR_WANT_READ:
422 BIO_set_flags(b,
423 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
424 break;
425 case SSL_ERROR_WANT_WRITE:
426 BIO_set_flags(b,
427 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
428 break;
429 case SSL_ERROR_WANT_CONNECT:
430 BIO_set_flags(b,
431 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
432 b->retry_reason=b->next_bio->retry_reason;
433 break;
434 default:
435 break;
436 }
437 break;
438 case BIO_CTRL_DUP:
439 dbio=(BIO *)ptr;
440 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
441 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
442 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
443 ((BIO_SSL *)dbio->ptr)->renegotiate_count=
444 ((BIO_SSL *)b->ptr)->renegotiate_count;
445 ((BIO_SSL *)dbio->ptr)->byte_count=
446 ((BIO_SSL *)b->ptr)->byte_count;
447 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
448 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
449 ((BIO_SSL *)dbio->ptr)->last_time=
450 ((BIO_SSL *)b->ptr)->last_time;
451 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
452 break;
453 case BIO_C_GET_FD:
454 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
455 break;
456 case BIO_CTRL_SET_CALLBACK:
457 {
458#if 0 /* FIXME: Should this be used? -- Richard Levitte */
459 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
460 ret = -1;
461#else
462 ret=0;
463#endif
464 }
465 break;
466 case BIO_CTRL_GET_CALLBACK:
467 {
468 void (**fptr)(const SSL *xssl,int type,int val);
469
470 fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
471 *fptr=SSL_get_info_callback(ssl);
472 }
473 break;
474 default:
475 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
476 break;
477 }
478 return(ret);
479 }
480
481static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
482 {
483 SSL *ssl;
484 BIO_SSL *bs;
485 long ret=1;
486
487 bs=(BIO_SSL *)b->ptr;
488 ssl=bs->ssl;
489 switch (cmd)
490 {
491 case BIO_CTRL_SET_CALLBACK:
492 {
493 /* FIXME: setting this via a completely different prototype
494 seems like a crap idea */
495 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
496 }
497 break;
498 default:
499 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
500 break;
501 }
502 return(ret);
503 }
504
505static int ssl_puts(BIO *bp, const char *str)
506 {
507 int n,ret;
508
509 n=strlen(str);
510 ret=BIO_write(bp,str,n);
511 return(ret);
512 }
513
514BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
515 {
516#ifndef OPENSSL_NO_SOCK
517 BIO *ret=NULL,*buf=NULL,*ssl=NULL;
518
519 if ((buf=BIO_new(BIO_f_buffer())) == NULL)
520 return(NULL);
521 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
522 goto err;
523 if ((ret=BIO_push(buf,ssl)) == NULL)
524 goto err;
525 return(ret);
526err:
527 if (buf != NULL) BIO_free(buf);
528 if (ssl != NULL) BIO_free(ssl);
529#endif
530 return(NULL);
531 }
532
533BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
534 {
535 BIO *ret=NULL,*con=NULL,*ssl=NULL;
536
537 if ((con=BIO_new(BIO_s_connect())) == NULL)
538 return(NULL);
539 if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
540 goto err;
541 if ((ret=BIO_push(ssl,con)) == NULL)
542 goto err;
543 return(ret);
544err:
545 if (con != NULL) BIO_free(con);
546 if (ret != NULL) BIO_free(ret);
547 return(NULL);
548 }
549
550BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
551 {
552 BIO *ret;
553 SSL *ssl;
554
555 if ((ret=BIO_new(BIO_f_ssl())) == NULL)
556 return(NULL);
557 if ((ssl=SSL_new(ctx)) == NULL)
558 {
559 BIO_free(ret);
560 return(NULL);
561 }
562 if (client)
563 SSL_set_connect_state(ssl);
564 else
565 SSL_set_accept_state(ssl);
566
567 BIO_set_ssl(ret,ssl,BIO_CLOSE);
568 return(ret);
569 }
570
571int BIO_ssl_copy_session_id(BIO *t, BIO *f)
572 {
573 t=BIO_find_type(t,BIO_TYPE_SSL);
574 f=BIO_find_type(f,BIO_TYPE_SSL);
575 if ((t == NULL) || (f == NULL))
576 return(0);
577 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
578 (((BIO_SSL *)f->ptr)->ssl == NULL))
579 return(0);
580 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
581 return(1);
582 }
583
584void BIO_ssl_shutdown(BIO *b)
585 {
586 SSL *s;
587
588 while (b != NULL)
589 {
590 if (b->method->type == BIO_TYPE_SSL)
591 {
592 s=((BIO_SSL *)b->ptr)->ssl;
593 SSL_shutdown(s);
594 break;
595 }
596 b=b->next_bio;
597 }
598 }
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
deleted file mode 100644
index 15a201a25c..0000000000
--- a/src/lib/libssl/d1_both.c
+++ /dev/null
@@ -1,1193 +0,0 @@
1/* ssl/d1_both.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <string.h>
118#include <stdio.h>
119#include "ssl_locl.h"
120#include <openssl/buffer.h>
121#include <openssl/rand.h>
122#include <openssl/objects.h>
123#include <openssl/evp.h>
124#include <openssl/x509.h>
125
126
127/* XDTLS: figure out the right values */
128static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
129
130static unsigned int dtls1_min_mtu(void);
131static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
132static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
133 unsigned long frag_len);
134static unsigned char *dtls1_write_message_header(SSL *s,
135 unsigned char *p);
136static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
137 unsigned long len, unsigned short seq_num, unsigned long frag_off,
138 unsigned long frag_len);
139static int dtls1_retransmit_buffered_messages(SSL *s);
140static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
141 long max, int *ok);
142
143static hm_fragment *
144dtls1_hm_fragment_new(unsigned long frag_len)
145 {
146 hm_fragment *frag = NULL;
147 unsigned char *buf = NULL;
148
149 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
150 if ( frag == NULL)
151 return NULL;
152
153 if (frag_len)
154 {
155 buf = (unsigned char *)OPENSSL_malloc(frag_len);
156 if ( buf == NULL)
157 {
158 OPENSSL_free(frag);
159 return NULL;
160 }
161 }
162
163 /* zero length fragment gets zero frag->fragment */
164 frag->fragment = buf;
165
166 return frag;
167 }
168
169static void
170dtls1_hm_fragment_free(hm_fragment *frag)
171 {
172 if (frag->fragment) OPENSSL_free(frag->fragment);
173 OPENSSL_free(frag);
174 }
175
176/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
177int dtls1_do_write(SSL *s, int type)
178 {
179 int ret;
180 int curr_mtu;
181 unsigned int len, frag_off;
182
183 /* AHA! Figure out the MTU, and stick to the right size */
184 if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
185 {
186 s->d1->mtu =
187 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
188
189 /* I've seen the kernel return bogus numbers when it doesn't know
190 * (initial write), so just make sure we have a reasonable number */
191 if ( s->d1->mtu < dtls1_min_mtu())
192 {
193 s->d1->mtu = 0;
194 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
195 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
196 s->d1->mtu, NULL);
197 }
198 }
199#if 0
200 mtu = s->d1->mtu;
201
202 fprintf(stderr, "using MTU = %d\n", mtu);
203
204 mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
205
206 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
207
208 if ( curr_mtu > 0)
209 mtu = curr_mtu;
210 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
211 return ret;
212
213 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
214 {
215 ret = BIO_flush(SSL_get_wbio(s));
216 if ( ret <= 0)
217 return ret;
218 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
219 }
220
221 OPENSSL_assert(mtu > 0); /* should have something reasonable now */
222
223#endif
224
225 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
226 OPENSSL_assert(s->init_num ==
227 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
228
229 frag_off = 0;
230 while( s->init_num)
231 {
232 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
233 DTLS1_RT_HEADER_LENGTH;
234
235 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
236 {
237 /* grr.. we could get an error if MTU picked was wrong */
238 ret = BIO_flush(SSL_get_wbio(s));
239 if ( ret <= 0)
240 return ret;
241 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
242 }
243
244 if ( s->init_num > curr_mtu)
245 len = curr_mtu;
246 else
247 len = s->init_num;
248
249
250 /* XDTLS: this function is too long. split out the CCS part */
251 if ( type == SSL3_RT_HANDSHAKE)
252 {
253 if ( s->init_off != 0)
254 {
255 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
256 s->init_off -= DTLS1_HM_HEADER_LENGTH;
257 s->init_num += DTLS1_HM_HEADER_LENGTH;
258
259 /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
260 if ( len <= DTLS1_HM_HEADER_LENGTH)
261 len += DTLS1_HM_HEADER_LENGTH;
262 }
263
264 dtls1_fix_message_header(s, frag_off,
265 len - DTLS1_HM_HEADER_LENGTH);
266
267 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
268
269 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
270 }
271
272 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
273 len);
274 if (ret < 0)
275 {
276 /* might need to update MTU here, but we don't know
277 * which previous packet caused the failure -- so can't
278 * really retransmit anything. continue as if everything
279 * is fine and wait for an alert to handle the
280 * retransmit
281 */
282 if ( BIO_ctrl(SSL_get_wbio(s),
283 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))
284 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
285 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
286 else
287 return(-1);
288 }
289 else
290 {
291
292 /* bad if this assert fails, only part of the handshake
293 * message got sent. but why would this happen? */
294 OPENSSL_assert(len == (unsigned int)ret);
295
296 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
297 {
298 /* should not be done for 'Hello Request's, but in that case
299 * we'll ignore the result anyway */
300 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
301 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
302 int xlen;
303
304 if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
305 {
306 /* reconstruct message header is if it
307 * is being sent in single fragment */
308 *p++ = msg_hdr->type;
309 l2n3(msg_hdr->msg_len,p);
310 s2n (msg_hdr->seq,p);
311 l2n3(0,p);
312 l2n3(msg_hdr->msg_len,p);
313 p -= DTLS1_HM_HEADER_LENGTH;
314 xlen = ret;
315 }
316 else
317 {
318 p += DTLS1_HM_HEADER_LENGTH;
319 xlen = ret - DTLS1_HM_HEADER_LENGTH;
320 }
321
322 ssl3_finish_mac(s, p, xlen);
323 }
324
325 if (ret == s->init_num)
326 {
327 if (s->msg_callback)
328 s->msg_callback(1, s->version, type, s->init_buf->data,
329 (size_t)(s->init_off + s->init_num), s,
330 s->msg_callback_arg);
331
332 s->init_off = 0; /* done writing this message */
333 s->init_num = 0;
334
335 return(1);
336 }
337 s->init_off+=ret;
338 s->init_num-=ret;
339 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
340 }
341 }
342 return(0);
343 }
344
345
346/* Obtain handshake message of message type 'mt' (any if mt == -1),
347 * maximum acceptable body length 'max'.
348 * Read an entire handshake message. Handshake messages arrive in
349 * fragments.
350 */
351long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
352 {
353 int i, al;
354 struct hm_header_st *msg_hdr;
355
356 /* s3->tmp is used to store messages that are unexpected, caused
357 * by the absence of an optional handshake message */
358 if (s->s3->tmp.reuse_message)
359 {
360 s->s3->tmp.reuse_message=0;
361 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
362 {
363 al=SSL_AD_UNEXPECTED_MESSAGE;
364 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
365 goto f_err;
366 }
367 *ok=1;
368 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
369 s->init_num = (int)s->s3->tmp.message_size;
370 return s->init_num;
371 }
372
373 msg_hdr = &s->d1->r_msg_hdr;
374 do
375 {
376 if ( msg_hdr->frag_off == 0)
377 {
378 /* s->d1->r_message_header.msg_len = 0; */
379 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
380 }
381
382 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
383 if ( i == DTLS1_HM_BAD_FRAGMENT ||
384 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
385 continue;
386 else if ( i <= 0 && !*ok)
387 return i;
388
389 /* Note that s->init_sum is used as a counter summing
390 * up fragments' lengths: as soon as they sum up to
391 * handshake packet length, we assume we have got all
392 * the fragments. Overlapping fragments would cause
393 * premature termination, so we don't expect overlaps.
394 * Well, handling overlaps would require something more
395 * drastic. Indeed, as it is now there is no way to
396 * tell if out-of-order fragment from the middle was
397 * the last. '>=' is the best/least we can do to control
398 * the potential damage caused by malformed overlaps. */
399 if ((unsigned int)s->init_num >= msg_hdr->msg_len)
400 {
401 unsigned char *p = (unsigned char *)s->init_buf->data;
402 unsigned long msg_len = msg_hdr->msg_len;
403
404 /* reconstruct message header as if it was
405 * sent in single fragment */
406 *(p++) = msg_hdr->type;
407 l2n3(msg_len,p);
408 s2n (msg_hdr->seq,p);
409 l2n3(0,p);
410 l2n3(msg_len,p);
411 if (s->client_version != DTLS1_BAD_VER)
412 p -= DTLS1_HM_HEADER_LENGTH,
413 msg_len += DTLS1_HM_HEADER_LENGTH;
414
415 ssl3_finish_mac(s, p, msg_len);
416 if (s->msg_callback)
417 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
418 p, msg_len,
419 s, s->msg_callback_arg);
420
421 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
422
423 s->d1->handshake_read_seq++;
424 /* we just read a handshake message from the other side:
425 * this means that we don't need to retransmit of the
426 * buffered messages.
427 * XDTLS: may be able clear out this
428 * buffer a little sooner (i.e if an out-of-order
429 * handshake message/record is received at the record
430 * layer.
431 * XDTLS: exception is that the server needs to
432 * know that change cipher spec and finished messages
433 * have been received by the client before clearing this
434 * buffer. this can simply be done by waiting for the
435 * first data segment, but is there a better way? */
436 dtls1_clear_record_buffer(s);
437
438 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
439 return s->init_num;
440 }
441 else
442 msg_hdr->frag_off = i;
443 } while(1) ;
444
445f_err:
446 ssl3_send_alert(s,SSL3_AL_FATAL,al);
447 *ok = 0;
448 return -1;
449 }
450
451
452static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
453 {
454 size_t frag_off,frag_len,msg_len;
455
456 msg_len = msg_hdr->msg_len;
457 frag_off = msg_hdr->frag_off;
458 frag_len = msg_hdr->frag_len;
459
460 /* sanity checking */
461 if ( (frag_off+frag_len) > msg_len)
462 {
463 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
464 return SSL_AD_ILLEGAL_PARAMETER;
465 }
466
467 if ( (frag_off+frag_len) > (unsigned long)max)
468 {
469 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
470 return SSL_AD_ILLEGAL_PARAMETER;
471 }
472
473 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
474 {
475 /* msg_len is limited to 2^24, but is effectively checked
476 * against max above */
477 if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH))
478 {
479 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
480 return SSL_AD_INTERNAL_ERROR;
481 }
482
483 s->s3->tmp.message_size = msg_len;
484 s->d1->r_msg_hdr.msg_len = msg_len;
485 s->s3->tmp.message_type = msg_hdr->type;
486 s->d1->r_msg_hdr.type = msg_hdr->type;
487 s->d1->r_msg_hdr.seq = msg_hdr->seq;
488 }
489 else if (msg_len != s->d1->r_msg_hdr.msg_len)
490 {
491 /* They must be playing with us! BTW, failure to enforce
492 * upper limit would open possibility for buffer overrun. */
493 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
494 return SSL_AD_ILLEGAL_PARAMETER;
495 }
496
497 return 0; /* no error */
498 }
499
500
501static int
502dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
503 {
504 /* (0) check whether the desired fragment is available
505 * if so:
506 * (1) copy over the fragment to s->init_buf->data[]
507 * (2) update s->init_num
508 */
509 pitem *item;
510 hm_fragment *frag;
511 int al;
512
513 *ok = 0;
514 item = pqueue_peek(s->d1->buffered_messages);
515 if ( item == NULL)
516 return 0;
517
518 frag = (hm_fragment *)item->data;
519
520 if ( s->d1->handshake_read_seq == frag->msg_header.seq)
521 {
522 pqueue_pop(s->d1->buffered_messages);
523
524 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
525
526 if (al==0) /* no alert */
527 {
528 unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
529 memcpy(&p[frag->msg_header.frag_off],
530 frag->fragment,frag->msg_header.frag_len);
531 }
532
533 dtls1_hm_fragment_free(frag);
534 pitem_free(item);
535
536 if (al==0)
537 {
538 *ok = 1;
539 return frag->msg_header.frag_len;
540 }
541
542 ssl3_send_alert(s,SSL3_AL_FATAL,al);
543 s->init_num = 0;
544 *ok = 0;
545 return -1;
546 }
547 else
548 return 0;
549 }
550
551
552static int
553dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
554{
555 int i=-1;
556 hm_fragment *frag = NULL;
557 pitem *item = NULL;
558 PQ_64BIT seq64;
559 unsigned long frag_len = msg_hdr->frag_len;
560
561 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
562 goto err;
563
564 if (msg_hdr->seq <= s->d1->handshake_read_seq)
565 {
566 unsigned char devnull [256];
567
568 while (frag_len)
569 {
570 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
571 devnull,
572 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
573 if (i<=0) goto err;
574 frag_len -= i;
575 }
576 }
577
578 frag = dtls1_hm_fragment_new(frag_len);
579 if ( frag == NULL)
580 goto err;
581
582 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
583
584 if (frag_len)
585 {
586 /* read the body of the fragment (header has already been read */
587 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
588 frag->fragment,frag_len,0);
589 if (i<=0 || (unsigned long)i!=frag_len)
590 goto err;
591 }
592
593 pq_64bit_init(&seq64);
594 pq_64bit_assign_word(&seq64, msg_hdr->seq);
595
596 item = pitem_new(seq64, frag);
597 pq_64bit_free(&seq64);
598 if ( item == NULL)
599 goto err;
600
601 pqueue_insert(s->d1->buffered_messages, item);
602 return DTLS1_HM_FRAGMENT_RETRY;
603
604err:
605 if ( frag != NULL) dtls1_hm_fragment_free(frag);
606 if ( item != NULL) OPENSSL_free(item);
607 *ok = 0;
608 return i;
609 }
610
611
612static long
613dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
614 {
615 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
616 unsigned long l, frag_off, frag_len;
617 int i,al;
618 struct hm_header_st msg_hdr;
619
620 /* see if we have the required fragment already */
621 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
622 {
623 if (*ok) s->init_num += frag_len;
624 return frag_len;
625 }
626
627 /* read handshake message header */
628 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
629 DTLS1_HM_HEADER_LENGTH, 0);
630 if (i <= 0) /* nbio, or an error */
631 {
632 s->rwstate=SSL_READING;
633 *ok = 0;
634 return i;
635 }
636 OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
637
638 /* parse the message fragment header */
639 dtls1_get_message_header(wire, &msg_hdr);
640
641 /*
642 * if this is a future (or stale) message it gets buffered
643 * (or dropped)--no further processing at this time
644 */
645 if ( msg_hdr.seq != s->d1->handshake_read_seq)
646 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
647
648 l = msg_hdr.msg_len;
649 frag_off = msg_hdr.frag_off;
650 frag_len = msg_hdr.frag_len;
651
652 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
653 wire[0] == SSL3_MT_HELLO_REQUEST)
654 {
655 /* The server may always send 'Hello Request' messages --
656 * we are doing a handshake anyway now, so ignore them
657 * if their format is correct. Does not count for
658 * 'Finished' MAC. */
659 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
660 {
661 if (s->msg_callback)
662 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
663 wire, DTLS1_HM_HEADER_LENGTH, s,
664 s->msg_callback_arg);
665
666 s->init_num = 0;
667 return dtls1_get_message_fragment(s, st1, stn,
668 max, ok);
669 }
670 else /* Incorrectly formated Hello request */
671 {
672 al=SSL_AD_UNEXPECTED_MESSAGE;
673 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
674 goto f_err;
675 }
676 }
677
678 if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
679 goto f_err;
680
681 /* XDTLS: ressurect this when restart is in place */
682 s->state=stn;
683
684 if ( frag_len > 0)
685 {
686 unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
687
688 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
689 &p[frag_off],frag_len,0);
690 /* XDTLS: fix this--message fragments cannot span multiple packets */
691 if (i <= 0)
692 {
693 s->rwstate=SSL_READING;
694 *ok = 0;
695 return i;
696 }
697 }
698 else
699 i = 0;
700
701 /* XDTLS: an incorrectly formatted fragment should cause the
702 * handshake to fail */
703 OPENSSL_assert(i == (int)frag_len);
704
705 *ok = 1;
706
707 /* Note that s->init_num is *not* used as current offset in
708 * s->init_buf->data, but as a counter summing up fragments'
709 * lengths: as soon as they sum up to handshake packet
710 * length, we assume we have got all the fragments. */
711 s->init_num += frag_len;
712 return frag_len;
713
714f_err:
715 ssl3_send_alert(s,SSL3_AL_FATAL,al);
716 s->init_num = 0;
717
718 *ok=0;
719 return(-1);
720 }
721
722int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
723 {
724 unsigned char *p,*d;
725 int i;
726 unsigned long l;
727
728 if (s->state == a)
729 {
730 d=(unsigned char *)s->init_buf->data;
731 p= &(d[DTLS1_HM_HEADER_LENGTH]);
732
733 i=s->method->ssl3_enc->final_finish_mac(s,
734 &(s->s3->finish_dgst1),
735 &(s->s3->finish_dgst2),
736 sender,slen,s->s3->tmp.finish_md);
737 s->s3->tmp.finish_md_len = i;
738 memcpy(p, s->s3->tmp.finish_md, i);
739 p+=i;
740 l=i;
741
742#ifdef OPENSSL_SYS_WIN16
743 /* MSVC 1.5 does not clear the top bytes of the word unless
744 * I do this.
745 */
746 l&=0xffff;
747#endif
748
749 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
750 s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
751 s->init_off=0;
752
753 /* buffer the message to handle re-xmits */
754 dtls1_buffer_message(s, 0);
755
756 s->state=b;
757 }
758
759 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
760 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
761 }
762
763/* for these 2 messages, we need to
764 * ssl->enc_read_ctx re-init
765 * ssl->s3->read_sequence zero
766 * ssl->s3->read_mac_secret re-init
767 * ssl->session->read_sym_enc assign
768 * ssl->session->read_compression assign
769 * ssl->session->read_hash assign
770 */
771int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
772 {
773 unsigned char *p;
774
775 if (s->state == a)
776 {
777 p=(unsigned char *)s->init_buf->data;
778 *p++=SSL3_MT_CCS;
779 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
780 s->init_num=DTLS1_CCS_HEADER_LENGTH;
781
782 if (s->client_version == DTLS1_BAD_VER)
783 {
784 s->d1->next_handshake_write_seq++;
785 s2n(s->d1->handshake_write_seq,p);
786 s->init_num+=2;
787 }
788
789 s->init_off=0;
790
791 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
792 s->d1->handshake_write_seq, 0, 0);
793
794 /* buffer the message to handle re-xmits */
795 dtls1_buffer_message(s, 1);
796
797 s->state=b;
798 }
799
800 /* SSL3_ST_CW_CHANGE_B */
801 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
802 }
803
804unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
805 {
806 unsigned char *p;
807 int n,i;
808 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
809 BUF_MEM *buf;
810 X509_STORE_CTX xs_ctx;
811 X509_OBJECT obj;
812
813 /* TLSv1 sends a chain with nothing in it, instead of an alert */
814 buf=s->init_buf;
815 if (!BUF_MEM_grow_clean(buf,10))
816 {
817 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
818 return(0);
819 }
820 if (x != NULL)
821 {
822 if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
823 {
824 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
825 return(0);
826 }
827
828 for (;;)
829 {
830 n=i2d_X509(x,NULL);
831 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
832 {
833 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
834 return(0);
835 }
836 p=(unsigned char *)&(buf->data[l]);
837 l2n3(n,p);
838 i2d_X509(x,&p);
839 l+=n+3;
840 if (X509_NAME_cmp(X509_get_subject_name(x),
841 X509_get_issuer_name(x)) == 0) break;
842
843 i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
844 X509_get_issuer_name(x),&obj);
845 if (i <= 0) break;
846 x=obj.data.x509;
847 /* Count is one too high since the X509_STORE_get uped the
848 * ref count */
849 X509_free(x);
850 }
851
852 X509_STORE_CTX_cleanup(&xs_ctx);
853 }
854
855 /* Thawte special :-) */
856 if (s->ctx->extra_certs != NULL)
857 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
858 {
859 x=sk_X509_value(s->ctx->extra_certs,i);
860 n=i2d_X509(x,NULL);
861 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
862 {
863 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
864 return(0);
865 }
866 p=(unsigned char *)&(buf->data[l]);
867 l2n3(n,p);
868 i2d_X509(x,&p);
869 l+=n+3;
870 }
871
872 l-= (3 + DTLS1_HM_HEADER_LENGTH);
873
874 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
875 l2n3(l,p);
876 l+=3;
877 p=(unsigned char *)&(buf->data[0]);
878 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
879
880 l+=DTLS1_HM_HEADER_LENGTH;
881 return(l);
882 }
883
884int dtls1_read_failed(SSL *s, int code)
885 {
886 DTLS1_STATE *state;
887 BIO *bio;
888 int send_alert = 0;
889
890 if ( code > 0)
891 {
892 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
893 return 1;
894 }
895
896 bio = SSL_get_rbio(s);
897 if ( ! BIO_dgram_recv_timedout(bio))
898 {
899 /* not a timeout, none of our business,
900 let higher layers handle this. in fact it's probably an error */
901 return code;
902 }
903
904 if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */
905 {
906 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
907 return code;
908 }
909
910 state = s->d1;
911 state->timeout.num_alerts++;
912 if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
913 {
914 /* fail the connection, enough alerts have been sent */
915 SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED);
916 return 0;
917 }
918
919 state->timeout.read_timeouts++;
920 if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
921 {
922 send_alert = 1;
923 state->timeout.read_timeouts = 1;
924 }
925
926
927#if 0 /* for now, each alert contains only one record number */
928 item = pqueue_peek(state->rcvd_records);
929 if ( item )
930 {
931 /* send an alert immediately for all the missing records */
932 }
933 else
934#endif
935
936#if 0 /* no more alert sending, just retransmit the last set of messages */
937 if ( send_alert)
938 ssl3_send_alert(s,SSL3_AL_WARNING,
939 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
940#endif
941
942 return dtls1_retransmit_buffered_messages(s) ;
943 }
944
945
946static int
947dtls1_retransmit_buffered_messages(SSL *s)
948 {
949 pqueue sent = s->d1->sent_messages;
950 piterator iter;
951 pitem *item;
952 hm_fragment *frag;
953 int found = 0;
954
955 iter = pqueue_iterator(sent);
956
957 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
958 {
959 frag = (hm_fragment *)item->data;
960 if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 &&
961 found)
962 {
963 fprintf(stderr, "dtls1_retransmit_message() failed\n");
964 return -1;
965 }
966 }
967
968 return 1;
969 }
970
971int
972dtls1_buffer_message(SSL *s, int is_ccs)
973 {
974 pitem *item;
975 hm_fragment *frag;
976 PQ_64BIT seq64;
977 unsigned int epoch = s->d1->w_epoch;
978
979 /* this function is called immediately after a message has
980 * been serialized */
981 OPENSSL_assert(s->init_off == 0);
982
983 frag = dtls1_hm_fragment_new(s->init_num);
984
985 memcpy(frag->fragment, s->init_buf->data, s->init_num);
986
987 if ( is_ccs)
988 {
989 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
990 DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
991 epoch++;
992 }
993 else
994 {
995 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
996 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
997 }
998
999 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1000 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
1001 frag->msg_header.type = s->d1->w_msg_hdr.type;
1002 frag->msg_header.frag_off = 0;
1003 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1004 frag->msg_header.is_ccs = is_ccs;
1005
1006 pq_64bit_init(&seq64);
1007 pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq);
1008
1009 item = pitem_new(seq64, frag);
1010 pq_64bit_free(&seq64);
1011 if ( item == NULL)
1012 {
1013 dtls1_hm_fragment_free(frag);
1014 return 0;
1015 }
1016
1017#if 0
1018 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
1019 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
1020 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
1021#endif
1022
1023 pqueue_insert(s->d1->sent_messages, item);
1024 return 1;
1025 }
1026
1027int
1028dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1029 int *found)
1030 {
1031 int ret;
1032 /* XDTLS: for now assuming that read/writes are blocking */
1033 pitem *item;
1034 hm_fragment *frag ;
1035 unsigned long header_length;
1036 PQ_64BIT seq64;
1037
1038 /*
1039 OPENSSL_assert(s->init_num == 0);
1040 OPENSSL_assert(s->init_off == 0);
1041 */
1042
1043 /* XDTLS: the requested message ought to be found, otherwise error */
1044 pq_64bit_init(&seq64);
1045 pq_64bit_assign_word(&seq64, seq);
1046
1047 item = pqueue_find(s->d1->sent_messages, seq64);
1048 pq_64bit_free(&seq64);
1049 if ( item == NULL)
1050 {
1051 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1052 *found = 0;
1053 return 0;
1054 }
1055
1056 *found = 1;
1057 frag = (hm_fragment *)item->data;
1058
1059 if ( frag->msg_header.is_ccs)
1060 header_length = DTLS1_CCS_HEADER_LENGTH;
1061 else
1062 header_length = DTLS1_HM_HEADER_LENGTH;
1063
1064 memcpy(s->init_buf->data, frag->fragment,
1065 frag->msg_header.msg_len + header_length);
1066 s->init_num = frag->msg_header.msg_len + header_length;
1067
1068 dtls1_set_message_header_int(s, frag->msg_header.type,
1069 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1070 frag->msg_header.frag_len);
1071
1072 s->d1->retransmitting = 1;
1073 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1074 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1075 s->d1->retransmitting = 0;
1076
1077 (void)BIO_flush(SSL_get_wbio(s));
1078 return ret;
1079 }
1080
1081/* call this function when the buffered messages are no longer needed */
1082void
1083dtls1_clear_record_buffer(SSL *s)
1084 {
1085 pitem *item;
1086
1087 for(item = pqueue_pop(s->d1->sent_messages);
1088 item != NULL; item = pqueue_pop(s->d1->sent_messages))
1089 {
1090 dtls1_hm_fragment_free((hm_fragment *)item->data);
1091 pitem_free(item);
1092 }
1093 }
1094
1095
1096unsigned char *
1097dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1098 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1099 {
1100 if ( frag_off == 0)
1101 {
1102 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1103 s->d1->next_handshake_write_seq++;
1104 }
1105
1106 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1107 frag_off, frag_len);
1108
1109 return p += DTLS1_HM_HEADER_LENGTH;
1110 }
1111
1112
1113/* don't actually do the writing, wait till the MTU has been retrieved */
1114static void
1115dtls1_set_message_header_int(SSL *s, unsigned char mt,
1116 unsigned long len, unsigned short seq_num, unsigned long frag_off,
1117 unsigned long frag_len)
1118 {
1119 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1120
1121 msg_hdr->type = mt;
1122 msg_hdr->msg_len = len;
1123 msg_hdr->seq = seq_num;
1124 msg_hdr->frag_off = frag_off;
1125 msg_hdr->frag_len = frag_len;
1126 }
1127
1128static void
1129dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1130 unsigned long frag_len)
1131 {
1132 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1133
1134 msg_hdr->frag_off = frag_off;
1135 msg_hdr->frag_len = frag_len;
1136 }
1137
1138static unsigned char *
1139dtls1_write_message_header(SSL *s, unsigned char *p)
1140 {
1141 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1142
1143 *p++ = msg_hdr->type;
1144 l2n3(msg_hdr->msg_len, p);
1145
1146 s2n(msg_hdr->seq, p);
1147 l2n3(msg_hdr->frag_off, p);
1148 l2n3(msg_hdr->frag_len, p);
1149
1150 return p;
1151 }
1152
1153static unsigned int
1154dtls1_min_mtu(void)
1155 {
1156 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1157 sizeof(g_probable_mtu[0])) - 1]);
1158 }
1159
1160static unsigned int
1161dtls1_guess_mtu(unsigned int curr_mtu)
1162 {
1163 size_t i;
1164
1165 if ( curr_mtu == 0 )
1166 return g_probable_mtu[0] ;
1167
1168 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
1169 if ( curr_mtu > g_probable_mtu[i])
1170 return g_probable_mtu[i];
1171
1172 return curr_mtu;
1173 }
1174
1175void
1176dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1177 {
1178 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1179 msg_hdr->type = *(data++);
1180 n2l3(data, msg_hdr->msg_len);
1181
1182 n2s(data, msg_hdr->seq);
1183 n2l3(data, msg_hdr->frag_off);
1184 n2l3(data, msg_hdr->frag_len);
1185 }
1186
1187void
1188dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1189 {
1190 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1191
1192 ccs_hdr->type = *(data++);
1193 }
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
deleted file mode 100644
index 49c6760d19..0000000000
--- a/src/lib/libssl/d1_clnt.c
+++ /dev/null
@@ -1,1155 +0,0 @@
1/* ssl/d1_clnt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#include "kssl_lcl.h"
119#include <openssl/buffer.h>
120#include <openssl/rand.h>
121#include <openssl/objects.h>
122#include <openssl/evp.h>
123#include <openssl/md5.h>
124#ifndef OPENSSL_NO_DH
125#include <openssl/dh.h>
126#endif
127
128static SSL_METHOD *dtls1_get_client_method(int ver);
129static int dtls1_get_hello_verify(SSL *s);
130
131static SSL_METHOD *dtls1_get_client_method(int ver)
132 {
133 if (ver == DTLS1_VERSION)
134 return(DTLSv1_client_method());
135 else
136 return(NULL);
137 }
138
139IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
140 ssl_undefined_function,
141 dtls1_connect,
142 dtls1_get_client_method)
143
144int dtls1_connect(SSL *s)
145 {
146 BUF_MEM *buf=NULL;
147 unsigned long Time=(unsigned long)time(NULL),l;
148 long num1;
149 void (*cb)(const SSL *ssl,int type,int val)=NULL;
150 int ret= -1;
151 int new_state,state,skip=0;;
152
153 RAND_add(&Time,sizeof(Time),0);
154 ERR_clear_error();
155 clear_sys_error();
156
157 if (s->info_callback != NULL)
158 cb=s->info_callback;
159 else if (s->ctx->info_callback != NULL)
160 cb=s->ctx->info_callback;
161
162 s->in_handshake++;
163 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
164
165 for (;;)
166 {
167 state=s->state;
168
169 switch(s->state)
170 {
171 case SSL_ST_RENEGOTIATE:
172 s->new_session=1;
173 s->state=SSL_ST_CONNECT;
174 s->ctx->stats.sess_connect_renegotiate++;
175 /* break */
176 case SSL_ST_BEFORE:
177 case SSL_ST_CONNECT:
178 case SSL_ST_BEFORE|SSL_ST_CONNECT:
179 case SSL_ST_OK|SSL_ST_CONNECT:
180
181 s->server=0;
182 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
183
184 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
185 {
186 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
187 ret = -1;
188 goto end;
189 }
190
191 /* s->version=SSL3_VERSION; */
192 s->type=SSL_ST_CONNECT;
193
194 if (s->init_buf == NULL)
195 {
196 if ((buf=BUF_MEM_new()) == NULL)
197 {
198 ret= -1;
199 goto end;
200 }
201 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
202 {
203 ret= -1;
204 goto end;
205 }
206 s->init_buf=buf;
207 buf=NULL;
208 }
209
210 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
211
212 /* setup buffing BIO */
213 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
214
215 /* don't push the buffering BIO quite yet */
216
217 s->state=SSL3_ST_CW_CLNT_HELLO_A;
218 s->ctx->stats.sess_connect++;
219 s->init_num=0;
220 /* mark client_random uninitialized */
221 memset(s->s3->client_random,0,sizeof(s->s3->client_random));
222 break;
223
224 case SSL3_ST_CW_CLNT_HELLO_A:
225 case SSL3_ST_CW_CLNT_HELLO_B:
226
227 s->shutdown=0;
228
229 /* every DTLS ClientHello resets Finished MAC */
230 ssl3_init_finished_mac(s);
231
232 ret=dtls1_client_hello(s);
233 if (ret <= 0) goto end;
234
235 if ( s->d1->send_cookie)
236 {
237 s->state=SSL3_ST_CW_FLUSH;
238 s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
239 }
240 else
241 s->state=SSL3_ST_CR_SRVR_HELLO_A;
242
243 s->init_num=0;
244
245 /* turn on buffering for the next lot of output */
246 if (s->bbio != s->wbio)
247 s->wbio=BIO_push(s->bbio,s->wbio);
248
249 break;
250
251 case SSL3_ST_CR_SRVR_HELLO_A:
252 case SSL3_ST_CR_SRVR_HELLO_B:
253 ret=ssl3_get_server_hello(s);
254 if (ret <= 0) goto end;
255 else
256 {
257 if (s->hit)
258 s->state=SSL3_ST_CR_FINISHED_A;
259 else
260 s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
261 }
262 s->init_num=0;
263 break;
264
265 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
266 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
267
268 ret = dtls1_get_hello_verify(s);
269 if ( ret <= 0)
270 goto end;
271 if ( s->d1->send_cookie) /* start again, with a cookie */
272 s->state=SSL3_ST_CW_CLNT_HELLO_A;
273 else
274 s->state = SSL3_ST_CR_CERT_A;
275 s->init_num = 0;
276 break;
277
278 case SSL3_ST_CR_CERT_A:
279 case SSL3_ST_CR_CERT_B:
280 /* Check if it is anon DH */
281 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
282 {
283 ret=ssl3_get_server_certificate(s);
284 if (ret <= 0) goto end;
285 }
286 else
287 skip=1;
288 s->state=SSL3_ST_CR_KEY_EXCH_A;
289 s->init_num=0;
290 break;
291
292 case SSL3_ST_CR_KEY_EXCH_A:
293 case SSL3_ST_CR_KEY_EXCH_B:
294 ret=ssl3_get_key_exchange(s);
295 if (ret <= 0) goto end;
296 s->state=SSL3_ST_CR_CERT_REQ_A;
297 s->init_num=0;
298
299 /* at this point we check that we have the
300 * required stuff from the server */
301 if (!ssl3_check_cert_and_algorithm(s))
302 {
303 ret= -1;
304 goto end;
305 }
306 break;
307
308 case SSL3_ST_CR_CERT_REQ_A:
309 case SSL3_ST_CR_CERT_REQ_B:
310 ret=ssl3_get_certificate_request(s);
311 if (ret <= 0) goto end;
312 s->state=SSL3_ST_CR_SRVR_DONE_A;
313 s->init_num=0;
314 break;
315
316 case SSL3_ST_CR_SRVR_DONE_A:
317 case SSL3_ST_CR_SRVR_DONE_B:
318 ret=ssl3_get_server_done(s);
319 if (ret <= 0) goto end;
320 if (s->s3->tmp.cert_req)
321 s->state=SSL3_ST_CW_CERT_A;
322 else
323 s->state=SSL3_ST_CW_KEY_EXCH_A;
324 s->init_num=0;
325
326 break;
327
328 case SSL3_ST_CW_CERT_A:
329 case SSL3_ST_CW_CERT_B:
330 case SSL3_ST_CW_CERT_C:
331 case SSL3_ST_CW_CERT_D:
332 ret=dtls1_send_client_certificate(s);
333 if (ret <= 0) goto end;
334 s->state=SSL3_ST_CW_KEY_EXCH_A;
335 s->init_num=0;
336 break;
337
338 case SSL3_ST_CW_KEY_EXCH_A:
339 case SSL3_ST_CW_KEY_EXCH_B:
340 ret=dtls1_send_client_key_exchange(s);
341 if (ret <= 0) goto end;
342 l=s->s3->tmp.new_cipher->algorithms;
343 /* EAY EAY EAY need to check for DH fix cert
344 * sent back */
345 /* For TLS, cert_req is set to 2, so a cert chain
346 * of nothing is sent, but no verify packet is sent */
347 if (s->s3->tmp.cert_req == 1)
348 {
349 s->state=SSL3_ST_CW_CERT_VRFY_A;
350 }
351 else
352 {
353 s->state=SSL3_ST_CW_CHANGE_A;
354 s->s3->change_cipher_spec=0;
355 }
356
357 s->init_num=0;
358 break;
359
360 case SSL3_ST_CW_CERT_VRFY_A:
361 case SSL3_ST_CW_CERT_VRFY_B:
362 ret=dtls1_send_client_verify(s);
363 if (ret <= 0) goto end;
364 s->state=SSL3_ST_CW_CHANGE_A;
365 s->init_num=0;
366 s->s3->change_cipher_spec=0;
367 break;
368
369 case SSL3_ST_CW_CHANGE_A:
370 case SSL3_ST_CW_CHANGE_B:
371 ret=dtls1_send_change_cipher_spec(s,
372 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
373 if (ret <= 0) goto end;
374 s->state=SSL3_ST_CW_FINISHED_A;
375 s->init_num=0;
376
377 s->session->cipher=s->s3->tmp.new_cipher;
378#ifdef OPENSSL_NO_COMP
379 s->session->compress_meth=0;
380#else
381 if (s->s3->tmp.new_compression == NULL)
382 s->session->compress_meth=0;
383 else
384 s->session->compress_meth=
385 s->s3->tmp.new_compression->id;
386#endif
387 if (!s->method->ssl3_enc->setup_key_block(s))
388 {
389 ret= -1;
390 goto end;
391 }
392
393 if (!s->method->ssl3_enc->change_cipher_state(s,
394 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
395 {
396 ret= -1;
397 goto end;
398 }
399
400 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
401 break;
402
403 case SSL3_ST_CW_FINISHED_A:
404 case SSL3_ST_CW_FINISHED_B:
405 ret=dtls1_send_finished(s,
406 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
407 s->method->ssl3_enc->client_finished_label,
408 s->method->ssl3_enc->client_finished_label_len);
409 if (ret <= 0) goto end;
410 s->state=SSL3_ST_CW_FLUSH;
411
412 /* clear flags */
413 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
414 if (s->hit)
415 {
416 s->s3->tmp.next_state=SSL_ST_OK;
417 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
418 {
419 s->state=SSL_ST_OK;
420 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
421 s->s3->delay_buf_pop_ret=0;
422 }
423 }
424 else
425 {
426 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
427 }
428 s->init_num=0;
429 /* mark client_random uninitialized */
430 memset (s->s3->client_random,0,sizeof(s->s3->client_random));
431
432 break;
433
434 case SSL3_ST_CR_FINISHED_A:
435 case SSL3_ST_CR_FINISHED_B:
436
437 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
438 SSL3_ST_CR_FINISHED_B);
439 if (ret <= 0) goto end;
440
441 if (s->hit)
442 s->state=SSL3_ST_CW_CHANGE_A;
443 else
444 s->state=SSL_ST_OK;
445 s->init_num=0;
446 break;
447
448 case SSL3_ST_CW_FLUSH:
449 /* number of bytes to be flushed */
450 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
451 if (num1 > 0)
452 {
453 s->rwstate=SSL_WRITING;
454 num1=BIO_flush(s->wbio);
455 if (num1 <= 0) { ret= -1; goto end; }
456 s->rwstate=SSL_NOTHING;
457 }
458
459 s->state=s->s3->tmp.next_state;
460 break;
461
462 case SSL_ST_OK:
463 /* clean a few things up */
464 ssl3_cleanup_key_block(s);
465
466#if 0
467 if (s->init_buf != NULL)
468 {
469 BUF_MEM_free(s->init_buf);
470 s->init_buf=NULL;
471 }
472#endif
473
474 /* If we are not 'joining' the last two packets,
475 * remove the buffering now */
476 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
477 ssl_free_wbio_buffer(s);
478 /* else do it later in ssl3_write */
479
480 s->init_num=0;
481 s->new_session=0;
482
483 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
484 if (s->hit) s->ctx->stats.sess_hit++;
485
486 ret=1;
487 /* s->server=0; */
488 s->handshake_func=dtls1_connect;
489 s->ctx->stats.sess_connect_good++;
490
491 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
492
493 /* done with handshaking */
494 s->d1->handshake_read_seq = 0;
495 goto end;
496 /* break; */
497
498 default:
499 SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
500 ret= -1;
501 goto end;
502 /* break; */
503 }
504
505 /* did we do anything */
506 if (!s->s3->tmp.reuse_message && !skip)
507 {
508 if (s->debug)
509 {
510 if ((ret=BIO_flush(s->wbio)) <= 0)
511 goto end;
512 }
513
514 if ((cb != NULL) && (s->state != state))
515 {
516 new_state=s->state;
517 s->state=state;
518 cb(s,SSL_CB_CONNECT_LOOP,1);
519 s->state=new_state;
520 }
521 }
522 skip=0;
523 }
524end:
525 s->in_handshake--;
526 if (buf != NULL)
527 BUF_MEM_free(buf);
528 if (cb != NULL)
529 cb(s,SSL_CB_CONNECT_EXIT,ret);
530 return(ret);
531 }
532
533int dtls1_client_hello(SSL *s)
534 {
535 unsigned char *buf;
536 unsigned char *p,*d;
537 unsigned int i,j;
538 unsigned long Time,l;
539 SSL_COMP *comp;
540
541 buf=(unsigned char *)s->init_buf->data;
542 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
543 {
544 if ((s->session == NULL) ||
545 (s->session->ssl_version != s->version) ||
546 (s->session->not_resumable))
547 {
548 if (!ssl_get_new_session(s,0))
549 goto err;
550 }
551 /* else use the pre-loaded session */
552
553 p=s->s3->client_random;
554 /* if client_random is initialized, reuse it, we are
555 * required to use same upon reply to HelloVerify */
556 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
557 if (i==sizeof(s->s3->client_random))
558 {
559 Time=(unsigned long)time(NULL); /* Time */
560 l2n(Time,p);
561 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
562 }
563
564 /* Do the message type and length last */
565 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
566
567 *(p++)=s->version>>8;
568 *(p++)=s->version&0xff;
569 s->client_version=s->version;
570
571 /* Random stuff */
572 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
573 p+=SSL3_RANDOM_SIZE;
574
575 /* Session ID */
576 if (s->new_session)
577 i=0;
578 else
579 i=s->session->session_id_length;
580 *(p++)=i;
581 if (i != 0)
582 {
583 if (i > sizeof s->session->session_id)
584 {
585 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
586 goto err;
587 }
588 memcpy(p,s->session->session_id,i);
589 p+=i;
590 }
591
592 /* cookie stuff */
593 if ( s->d1->cookie_len > sizeof(s->d1->cookie))
594 {
595 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
596 goto err;
597 }
598 *(p++) = s->d1->cookie_len;
599 memcpy(p, s->d1->cookie, s->d1->cookie_len);
600 p += s->d1->cookie_len;
601
602 /* Ciphers supported */
603 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
604 if (i == 0)
605 {
606 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
607 goto err;
608 }
609 s2n(i,p);
610 p+=i;
611
612 /* COMPRESSION */
613 if (s->ctx->comp_methods == NULL)
614 j=0;
615 else
616 j=sk_SSL_COMP_num(s->ctx->comp_methods);
617 *(p++)=1+j;
618 for (i=0; i<j; i++)
619 {
620 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
621 *(p++)=comp->id;
622 }
623 *(p++)=0; /* Add the NULL method */
624
625 l=(p-d);
626 d=buf;
627
628 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
629
630 s->state=SSL3_ST_CW_CLNT_HELLO_B;
631 /* number of bytes to write */
632 s->init_num=p-buf;
633 s->init_off=0;
634
635 /* buffer the message to handle re-xmits */
636 dtls1_buffer_message(s, 0);
637 }
638
639 /* SSL3_ST_CW_CLNT_HELLO_B */
640 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
641err:
642 return(-1);
643 }
644
645static int dtls1_get_hello_verify(SSL *s)
646 {
647 int n, al, ok = 0;
648 unsigned char *data;
649 unsigned int cookie_len;
650
651 n=s->method->ssl_get_message(s,
652 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
653 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
654 -1,
655 s->max_cert_list,
656 &ok);
657
658 if (!ok) return((int)n);
659
660 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
661 {
662 s->d1->send_cookie = 0;
663 s->s3->tmp.reuse_message=1;
664 return(1);
665 }
666
667 data = (unsigned char *)s->init_msg;
668
669 if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
670 {
671 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
672 s->version=(s->version&0xff00)|data[1];
673 al = SSL_AD_PROTOCOL_VERSION;
674 goto f_err;
675 }
676 data+=2;
677
678 cookie_len = *(data++);
679 if ( cookie_len > sizeof(s->d1->cookie))
680 {
681 al=SSL_AD_ILLEGAL_PARAMETER;
682 goto f_err;
683 }
684
685 memcpy(s->d1->cookie, data, cookie_len);
686 s->d1->cookie_len = cookie_len;
687
688 s->d1->send_cookie = 1;
689 return 1;
690
691f_err:
692 ssl3_send_alert(s, SSL3_AL_FATAL, al);
693 return -1;
694 }
695
696int dtls1_send_client_key_exchange(SSL *s)
697 {
698 unsigned char *p,*d;
699 int n;
700 unsigned long l;
701#ifndef OPENSSL_NO_RSA
702 unsigned char *q;
703 EVP_PKEY *pkey=NULL;
704#endif
705#ifndef OPENSSL_NO_KRB5
706 KSSL_ERR kssl_err;
707#endif /* OPENSSL_NO_KRB5 */
708
709 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
710 {
711 d=(unsigned char *)s->init_buf->data;
712 p= &(d[DTLS1_HM_HEADER_LENGTH]);
713
714 l=s->s3->tmp.new_cipher->algorithms;
715
716 /* Fool emacs indentation */
717 if (0) {}
718#ifndef OPENSSL_NO_RSA
719 else if (l & SSL_kRSA)
720 {
721 RSA *rsa;
722 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
723
724 if (s->session->sess_cert->peer_rsa_tmp != NULL)
725 rsa=s->session->sess_cert->peer_rsa_tmp;
726 else
727 {
728 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
729 if ((pkey == NULL) ||
730 (pkey->type != EVP_PKEY_RSA) ||
731 (pkey->pkey.rsa == NULL))
732 {
733 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
734 goto err;
735 }
736 rsa=pkey->pkey.rsa;
737 EVP_PKEY_free(pkey);
738 }
739
740 tmp_buf[0]=s->client_version>>8;
741 tmp_buf[1]=s->client_version&0xff;
742 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
743 goto err;
744
745 s->session->master_key_length=sizeof tmp_buf;
746
747 q=p;
748 /* Fix buf for TLS and [incidentally] DTLS */
749 if (s->version > SSL3_VERSION)
750 p+=2;
751 n=RSA_public_encrypt(sizeof tmp_buf,
752 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
753#ifdef PKCS1_CHECK
754 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
755 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
756#endif
757 if (n <= 0)
758 {
759 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
760 goto err;
761 }
762
763 /* Fix buf for TLS and [incidentally] DTLS */
764 if (s->version > SSL3_VERSION)
765 {
766 s2n(n,q);
767 n+=2;
768 }
769
770 s->session->master_key_length=
771 s->method->ssl3_enc->generate_master_secret(s,
772 s->session->master_key,
773 tmp_buf,sizeof tmp_buf);
774 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
775 }
776#endif
777#ifndef OPENSSL_NO_KRB5
778 else if (l & SSL_kKRB5)
779 {
780 krb5_error_code krb5rc;
781 KSSL_CTX *kssl_ctx = s->kssl_ctx;
782 /* krb5_data krb5_ap_req; */
783 krb5_data *enc_ticket;
784 krb5_data authenticator, *authp = NULL;
785 EVP_CIPHER_CTX ciph_ctx;
786 EVP_CIPHER *enc = NULL;
787 unsigned char iv[EVP_MAX_IV_LENGTH];
788 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
789 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
790 + EVP_MAX_IV_LENGTH];
791 int padl, outl = sizeof(epms);
792
793 EVP_CIPHER_CTX_init(&ciph_ctx);
794
795#ifdef KSSL_DEBUG
796 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
797 l, SSL_kKRB5);
798#endif /* KSSL_DEBUG */
799
800 authp = NULL;
801#ifdef KRB5SENDAUTH
802 if (KRB5SENDAUTH) authp = &authenticator;
803#endif /* KRB5SENDAUTH */
804
805 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
806 &kssl_err);
807 enc = kssl_map_enc(kssl_ctx->enctype);
808 if (enc == NULL)
809 goto err;
810#ifdef KSSL_DEBUG
811 {
812 printf("kssl_cget_tkt rtn %d\n", krb5rc);
813 if (krb5rc && kssl_err.text)
814 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
815 }
816#endif /* KSSL_DEBUG */
817
818 if (krb5rc)
819 {
820 ssl3_send_alert(s,SSL3_AL_FATAL,
821 SSL_AD_HANDSHAKE_FAILURE);
822 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
823 kssl_err.reason);
824 goto err;
825 }
826
827 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
828 ** in place of RFC 2712 KerberosWrapper, as in:
829 **
830 ** Send ticket (copy to *p, set n = length)
831 ** n = krb5_ap_req.length;
832 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
833 ** if (krb5_ap_req.data)
834 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
835 **
836 ** Now using real RFC 2712 KerberosWrapper
837 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
838 ** Note: 2712 "opaque" types are here replaced
839 ** with a 2-byte length followed by the value.
840 ** Example:
841 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
842 ** Where "xx xx" = length bytes. Shown here with
843 ** optional authenticator omitted.
844 */
845
846 /* KerberosWrapper.Ticket */
847 s2n(enc_ticket->length,p);
848 memcpy(p, enc_ticket->data, enc_ticket->length);
849 p+= enc_ticket->length;
850 n = enc_ticket->length + 2;
851
852 /* KerberosWrapper.Authenticator */
853 if (authp && authp->length)
854 {
855 s2n(authp->length,p);
856 memcpy(p, authp->data, authp->length);
857 p+= authp->length;
858 n+= authp->length + 2;
859
860 free(authp->data);
861 authp->data = NULL;
862 authp->length = 0;
863 }
864 else
865 {
866 s2n(0,p);/* null authenticator length */
867 n+=2;
868 }
869
870 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
871 goto err;
872
873 /* 20010420 VRS. Tried it this way; failed.
874 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
875 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
876 ** kssl_ctx->length);
877 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
878 */
879
880 memset(iv, 0, sizeof iv); /* per RFC 1510 */
881 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
882 kssl_ctx->key,iv);
883 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
884 sizeof tmp_buf);
885 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
886 outl += padl;
887 if (outl > sizeof epms)
888 {
889 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
890 goto err;
891 }
892 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
893
894 /* KerberosWrapper.EncryptedPreMasterSecret */
895 s2n(outl,p);
896 memcpy(p, epms, outl);
897 p+=outl;
898 n+=outl + 2;
899
900 s->session->master_key_length=
901 s->method->ssl3_enc->generate_master_secret(s,
902 s->session->master_key,
903 tmp_buf, sizeof tmp_buf);
904
905 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
906 OPENSSL_cleanse(epms, outl);
907 }
908#endif
909#ifndef OPENSSL_NO_DH
910 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
911 {
912 DH *dh_srvr,*dh_clnt;
913
914 if (s->session->sess_cert->peer_dh_tmp != NULL)
915 dh_srvr=s->session->sess_cert->peer_dh_tmp;
916 else
917 {
918 /* we get them from the cert */
919 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
920 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
921 goto err;
922 }
923
924 /* generate a new random key */
925 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
926 {
927 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
928 goto err;
929 }
930 if (!DH_generate_key(dh_clnt))
931 {
932 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
933 goto err;
934 }
935
936 /* use the 'p' output buffer for the DH key, but
937 * make sure to clear it out afterwards */
938
939 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
940
941 if (n <= 0)
942 {
943 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
944 goto err;
945 }
946
947 /* generate master key from the result */
948 s->session->master_key_length=
949 s->method->ssl3_enc->generate_master_secret(s,
950 s->session->master_key,p,n);
951 /* clean up */
952 memset(p,0,n);
953
954 /* send off the data */
955 n=BN_num_bytes(dh_clnt->pub_key);
956 s2n(n,p);
957 BN_bn2bin(dh_clnt->pub_key,p);
958 n+=2;
959
960 DH_free(dh_clnt);
961
962 /* perhaps clean things up a bit EAY EAY EAY EAY*/
963 }
964#endif
965 else
966 {
967 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
968 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
969 goto err;
970 }
971
972 d = dtls1_set_message_header(s, d,
973 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
974 /*
975 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
976 l2n3(n,d);
977 l2n(s->d1->handshake_write_seq,d);
978 s->d1->handshake_write_seq++;
979 */
980
981 s->state=SSL3_ST_CW_KEY_EXCH_B;
982 /* number of bytes to write */
983 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
984 s->init_off=0;
985
986 /* buffer the message to handle re-xmits */
987 dtls1_buffer_message(s, 0);
988 }
989
990 /* SSL3_ST_CW_KEY_EXCH_B */
991 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
992err:
993 return(-1);
994 }
995
996int dtls1_send_client_verify(SSL *s)
997 {
998 unsigned char *p,*d;
999 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1000 EVP_PKEY *pkey;
1001#ifndef OPENSSL_NO_RSA
1002 unsigned u=0;
1003#endif
1004 unsigned long n;
1005#ifndef OPENSSL_NO_DSA
1006 int j;
1007#endif
1008
1009 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
1010 {
1011 d=(unsigned char *)s->init_buf->data;
1012 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1013 pkey=s->cert->key->privatekey;
1014
1015 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
1016 &(data[MD5_DIGEST_LENGTH]));
1017
1018#ifndef OPENSSL_NO_RSA
1019 if (pkey->type == EVP_PKEY_RSA)
1020 {
1021 s->method->ssl3_enc->cert_verify_mac(s,
1022 &(s->s3->finish_dgst1),&(data[0]));
1023 if (RSA_sign(NID_md5_sha1, data,
1024 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1025 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
1026 {
1027 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1028 goto err;
1029 }
1030 s2n(u,p);
1031 n=u+2;
1032 }
1033 else
1034#endif
1035#ifndef OPENSSL_NO_DSA
1036 if (pkey->type == EVP_PKEY_DSA)
1037 {
1038 if (!DSA_sign(pkey->save_type,
1039 &(data[MD5_DIGEST_LENGTH]),
1040 SHA_DIGEST_LENGTH,&(p[2]),
1041 (unsigned int *)&j,pkey->pkey.dsa))
1042 {
1043 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1044 goto err;
1045 }
1046 s2n(j,p);
1047 n=j+2;
1048 }
1049 else
1050#endif
1051 {
1052 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
1053 goto err;
1054 }
1055
1056 d = dtls1_set_message_header(s, d,
1057 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
1058
1059 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
1060 s->init_off=0;
1061
1062 /* buffer the message to handle re-xmits */
1063 dtls1_buffer_message(s, 0);
1064
1065 s->state = SSL3_ST_CW_CERT_VRFY_B;
1066 }
1067
1068 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1069 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1070err:
1071 return(-1);
1072 }
1073
1074int dtls1_send_client_certificate(SSL *s)
1075 {
1076 X509 *x509=NULL;
1077 EVP_PKEY *pkey=NULL;
1078 int i;
1079 unsigned long l;
1080
1081 if (s->state == SSL3_ST_CW_CERT_A)
1082 {
1083 if ((s->cert == NULL) ||
1084 (s->cert->key->x509 == NULL) ||
1085 (s->cert->key->privatekey == NULL))
1086 s->state=SSL3_ST_CW_CERT_B;
1087 else
1088 s->state=SSL3_ST_CW_CERT_C;
1089 }
1090
1091 /* We need to get a client cert */
1092 if (s->state == SSL3_ST_CW_CERT_B)
1093 {
1094 /* If we get an error, we need to
1095 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1096 * We then get retied later */
1097 i=0;
1098 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1099 if (i < 0)
1100 {
1101 s->rwstate=SSL_X509_LOOKUP;
1102 return(-1);
1103 }
1104 s->rwstate=SSL_NOTHING;
1105 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
1106 {
1107 s->state=SSL3_ST_CW_CERT_B;
1108 if ( !SSL_use_certificate(s,x509) ||
1109 !SSL_use_PrivateKey(s,pkey))
1110 i=0;
1111 }
1112 else if (i == 1)
1113 {
1114 i=0;
1115 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1116 }
1117
1118 if (x509 != NULL) X509_free(x509);
1119 if (pkey != NULL) EVP_PKEY_free(pkey);
1120 if (i == 0)
1121 {
1122 if (s->version == SSL3_VERSION)
1123 {
1124 s->s3->tmp.cert_req=0;
1125 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
1126 return(1);
1127 }
1128 else
1129 {
1130 s->s3->tmp.cert_req=2;
1131 }
1132 }
1133
1134 /* Ok, we have a cert */
1135 s->state=SSL3_ST_CW_CERT_C;
1136 }
1137
1138 if (s->state == SSL3_ST_CW_CERT_C)
1139 {
1140 s->state=SSL3_ST_CW_CERT_D;
1141 l=dtls1_output_cert_chain(s,
1142 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
1143 s->init_num=(int)l;
1144 s->init_off=0;
1145
1146 /* set header called by dtls1_output_cert_chain() */
1147
1148 /* buffer the message to handle re-xmits */
1149 dtls1_buffer_message(s, 0);
1150 }
1151 /* SSL3_ST_CW_CERT_D */
1152 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1153 }
1154
1155
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index cf3332e4e4..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,286 +0,0 @@
1/* ssl/d1_enc.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h>
120#endif
121#include <openssl/evp.h>
122#include <openssl/hmac.h>
123#include <openssl/md5.h>
124#include <openssl/rand.h>
125#ifdef KSSL_DEBUG
126#include <openssl/des.h>
127#endif
128
129int dtls1_enc(SSL *s, int send)
130 {
131 SSL3_RECORD *rec;
132 EVP_CIPHER_CTX *ds;
133 unsigned long l;
134 int bs,i,ii,j,k,n=0;
135 const EVP_CIPHER *enc;
136
137 if (send)
138 {
139 if (s->write_hash != NULL)
140 n=EVP_MD_size(s->write_hash);
141 ds=s->enc_write_ctx;
142 rec= &(s->s3->wrec);
143 if (s->enc_write_ctx == NULL)
144 enc=NULL;
145 else
146 {
147 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
148 if ( rec->data != rec->input)
149 /* we can't write into the input stream */
150 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
151 __FILE__, __LINE__);
152 else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
153 {
154 if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
155 return -1;
156 }
157 }
158 }
159 else
160 {
161 if (s->read_hash != NULL)
162 n=EVP_MD_size(s->read_hash);
163 ds=s->enc_read_ctx;
164 rec= &(s->s3->rrec);
165 if (s->enc_read_ctx == NULL)
166 enc=NULL;
167 else
168 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
169 }
170
171#ifdef KSSL_DEBUG
172 printf("dtls1_enc(%d)\n", send);
173#endif /* KSSL_DEBUG */
174
175 if ((s->session == NULL) || (ds == NULL) ||
176 (enc == NULL))
177 {
178 memmove(rec->data,rec->input,rec->length);
179 rec->input=rec->data;
180 }
181 else
182 {
183 l=rec->length;
184 bs=EVP_CIPHER_block_size(ds->cipher);
185
186 if ((bs != 1) && send)
187 {
188 i=bs-((int)l%bs);
189
190 /* Add weird padding of upto 256 bytes */
191
192 /* we need to add 'i' padding bytes of value j */
193 j=i-1;
194 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
195 {
196 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
197 j++;
198 }
199 for (k=(int)l; k<(int)(l+i); k++)
200 rec->input[k]=j;
201 l+=i;
202 rec->length+=i;
203 }
204
205#ifdef KSSL_DEBUG
206 {
207 unsigned long ui;
208 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
209 (void *)ds,rec->data,rec->input,l);
210 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
211 ds->buf_len, ds->cipher->key_len,
212 (unsigned long)DES_KEY_SZ,
213 (unsigned long)DES_SCHEDULE_SZ,
214 ds->cipher->iv_len);
215 printf("\t\tIV: ");
216 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
217 printf("\n");
218 printf("\trec->input=");
219 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
220 printf("\n");
221 }
222#endif /* KSSL_DEBUG */
223
224 if (!send)
225 {
226 if (l == 0 || l%bs != 0)
227 {
228 SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
229 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
230 return 0;
231 }
232 }
233
234 EVP_Cipher(ds,rec->data,rec->input,l);
235
236#ifdef KSSL_DEBUG
237 {
238 unsigned long ki;
239 printf("\trec->data=");
240 for (ki=0; ki<l; ki++)
241 printf(" %02x", rec->data[ki]); printf("\n");
242 }
243#endif /* KSSL_DEBUG */
244
245 if ((bs != 1) && !send)
246 {
247 ii=i=rec->data[l-1]; /* padding_length */
248 i++;
249 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
250 {
251 /* First packet is even in size, so check */
252 if ((memcmp(s->s3->read_sequence,
253 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
254 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
255 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
256 i--;
257 }
258 /* TLS 1.0 does not bound the number of padding bytes by the block size.
259 * All of them must have value 'padding_length'. */
260 if (i > (int)rec->length)
261 {
262 /* Incorrect padding. SSLerr() and ssl3_alert are done
263 * by caller: we don't want to reveal whether this is
264 * a decryption error or a MAC verification failure
265 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
266 */
267 return -1;
268 }
269 for (j=(int)(l-i); j<(int)l; j++)
270 {
271 if (rec->data[j] != ii)
272 {
273 /* Incorrect padding */
274 return -1;
275 }
276 }
277 rec->length-=i;
278
279 rec->data += bs; /* skip the implicit IV */
280 rec->input += bs;
281 rec->length -= bs;
282 }
283 }
284 return(1);
285 }
286
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
deleted file mode 100644
index 3568e97a87..0000000000
--- a/src/lib/libssl/d1_lib.c
+++ /dev/null
@@ -1,211 +0,0 @@
1/* ssl/d1_lib.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include <openssl/objects.h>
62#include "ssl_locl.h"
63
64const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
65
66SSL3_ENC_METHOD DTLSv1_enc_data={
67 dtls1_enc,
68 tls1_mac,
69 tls1_setup_key_block,
70 tls1_generate_master_secret,
71 tls1_change_cipher_state,
72 tls1_final_finish_mac,
73 TLS1_FINISH_MAC_LENGTH,
74 tls1_cert_verify_mac,
75 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
76 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
77 tls1_alert_code,
78 };
79
80long dtls1_default_timeout(void)
81 {
82 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
83 * is way too long for http, the cache would over fill */
84 return(60*60*2);
85 }
86
87IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
88 ssl_undefined_function,
89 ssl_undefined_function,
90 ssl_bad_method)
91
92int dtls1_new(SSL *s)
93 {
94 DTLS1_STATE *d1;
95
96 if (!ssl3_new(s)) return(0);
97 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
98 memset(d1,0, sizeof *d1);
99
100 /* d1->handshake_epoch=0; */
101#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
102 d1->bitmap.length=64;
103#else
104 d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
105#endif
106 pq_64bit_init(&(d1->bitmap.map));
107 pq_64bit_init(&(d1->bitmap.max_seq_num));
108
109 d1->next_bitmap.length = d1->bitmap.length;
110 pq_64bit_init(&(d1->next_bitmap.map));
111 pq_64bit_init(&(d1->next_bitmap.max_seq_num));
112
113 d1->unprocessed_rcds.q=pqueue_new();
114 d1->processed_rcds.q=pqueue_new();
115 d1->buffered_messages = pqueue_new();
116 d1->sent_messages=pqueue_new();
117
118 if ( s->server)
119 {
120 d1->cookie_len = sizeof(s->d1->cookie);
121 }
122
123 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
124 || ! d1->buffered_messages || ! d1->sent_messages)
125 {
126 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
127 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
128 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
129 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
130 OPENSSL_free(d1);
131 return (0);
132 }
133
134 s->d1=d1;
135 s->method->ssl_clear(s);
136 return(1);
137 }
138
139void dtls1_free(SSL *s)
140 {
141 pitem *item = NULL;
142 hm_fragment *frag = NULL;
143
144 ssl3_free(s);
145
146 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
147 {
148 OPENSSL_free(item->data);
149 pitem_free(item);
150 }
151 pqueue_free(s->d1->unprocessed_rcds.q);
152
153 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
154 {
155 OPENSSL_free(item->data);
156 pitem_free(item);
157 }
158 pqueue_free(s->d1->processed_rcds.q);
159
160 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
161 {
162 frag = (hm_fragment *)item->data;
163 OPENSSL_free(frag->fragment);
164 OPENSSL_free(frag);
165 pitem_free(item);
166 }
167 pqueue_free(s->d1->buffered_messages);
168
169 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
170 {
171 frag = (hm_fragment *)item->data;
172 OPENSSL_free(frag->fragment);
173 OPENSSL_free(frag);
174 pitem_free(item);
175 }
176 pqueue_free(s->d1->sent_messages);
177
178 pq_64bit_free(&(s->d1->bitmap.map));
179 pq_64bit_free(&(s->d1->bitmap.max_seq_num));
180
181 pq_64bit_free(&(s->d1->next_bitmap.map));
182 pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
183
184 OPENSSL_free(s->d1);
185 }
186
187void dtls1_clear(SSL *s)
188 {
189 ssl3_clear(s);
190 s->version=DTLS1_VERSION;
191 }
192
193/*
194 * As it's impossible to use stream ciphers in "datagram" mode, this
195 * simple filter is designed to disengage them in DTLS. Unfortunately
196 * there is no universal way to identify stream SSL_CIPHER, so we have
197 * to explicitly list their SSL_* codes. Currently RC4 is the only one
198 * available, but if new ones emerge, they will have to be added...
199 */
200SSL_CIPHER *dtls1_get_cipher(unsigned int u)
201 {
202 SSL_CIPHER *ciph = ssl3_get_cipher(u);
203
204 if (ciph != NULL)
205 {
206 if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)
207 return NULL;
208 }
209
210 return ciph;
211 }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
deleted file mode 100644
index 8a6cf31947..0000000000
--- a/src/lib/libssl/d1_meth.c
+++ /dev/null
@@ -1,77 +0,0 @@
1/* ssl/d1_meth.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include <openssl/objects.h>
62#include "ssl_locl.h"
63
64static SSL_METHOD *dtls1_get_method(int ver);
65static SSL_METHOD *dtls1_get_method(int ver)
66 {
67 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method());
69 else
70 return(NULL);
71 }
72
73IMPLEMENT_dtls1_meth_func(DTLSv1_method,
74 dtls1_accept,
75 dtls1_connect,
76 dtls1_get_method)
77
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
deleted file mode 100644
index eb56cf987b..0000000000
--- a/src/lib/libssl/d1_pkt.c
+++ /dev/null
@@ -1,1792 +0,0 @@
1/* ssl/d1_pkt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include <errno.h>
118#define USE_SOCKETS
119#include "ssl_locl.h"
120#include <openssl/evp.h>
121#include <openssl/buffer.h>
122#include <openssl/pqueue.h>
123#include <openssl/rand.h>
124
125static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
126 int len, int peek);
127static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
128 PQ_64BIT *seq_num);
129static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
130static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
131 unsigned int *is_next_epoch);
132#if 0
133static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
134 unsigned short *priority, unsigned long *offset);
135#endif
136static int dtls1_buffer_record(SSL *s, record_pqueue *q,
137 PQ_64BIT priority);
138static int dtls1_process_record(SSL *s);
139#if PQ_64BIT_IS_INTEGER
140static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
141#endif
142static void dtls1_clear_timeouts(SSL *s);
143
144/* copy buffered record into SSL structure */
145static int
146dtls1_copy_record(SSL *s, pitem *item)
147 {
148 DTLS1_RECORD_DATA *rdata;
149
150 rdata = (DTLS1_RECORD_DATA *)item->data;
151
152 if (s->s3->rbuf.buf != NULL)
153 OPENSSL_free(s->s3->rbuf.buf);
154
155 s->packet = rdata->packet;
156 s->packet_length = rdata->packet_length;
157 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
158 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
159
160 return(1);
161 }
162
163
164static int
165dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
166{
167 DTLS1_RECORD_DATA *rdata;
168 pitem *item;
169
170 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
171 item = pitem_new(priority, rdata);
172 if (rdata == NULL || item == NULL)
173 {
174 if (rdata != NULL) OPENSSL_free(rdata);
175 if (item != NULL) pitem_free(item);
176
177 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
178 return(0);
179 }
180
181 rdata->packet = s->packet;
182 rdata->packet_length = s->packet_length;
183 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
184 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
185
186 item->data = rdata;
187
188 /* insert should not fail, since duplicates are dropped */
189 if (pqueue_insert(queue->q, item) == NULL)
190 {
191 OPENSSL_free(rdata);
192 pitem_free(item);
193 return(0);
194 }
195
196 s->packet = NULL;
197 s->packet_length = 0;
198 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
199 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
200
201 if (!ssl3_setup_buffers(s))
202 {
203 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
204 OPENSSL_free(rdata);
205 pitem_free(item);
206 return(0);
207 }
208
209 return(1);
210 }
211
212
213static int
214dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
215 {
216 pitem *item;
217
218 item = pqueue_pop(queue->q);
219 if (item)
220 {
221 dtls1_copy_record(s, item);
222
223 OPENSSL_free(item->data);
224 pitem_free(item);
225
226 return(1);
227 }
228
229 return(0);
230 }
231
232
233/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
234 * yet */
235#define dtls1_get_unprocessed_record(s) \
236 dtls1_retrieve_buffered_record((s), \
237 &((s)->d1->unprocessed_rcds))
238
239/* retrieve a buffered record that belongs to the current epoch, ie, processed */
240#define dtls1_get_processed_record(s) \
241 dtls1_retrieve_buffered_record((s), \
242 &((s)->d1->processed_rcds))
243
244static int
245dtls1_process_buffered_records(SSL *s)
246 {
247 pitem *item;
248
249 item = pqueue_peek(s->d1->unprocessed_rcds.q);
250 if (item)
251 {
252 DTLS1_RECORD_DATA *rdata;
253 rdata = (DTLS1_RECORD_DATA *)item->data;
254
255 /* Check if epoch is current. */
256 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
257 return(1); /* Nothing to do. */
258
259 /* Process all the records. */
260 while (pqueue_peek(s->d1->unprocessed_rcds.q))
261 {
262 dtls1_get_unprocessed_record(s);
263 if ( ! dtls1_process_record(s))
264 return(0);
265 dtls1_buffer_record(s, &(s->d1->processed_rcds),
266 s->s3->rrec.seq_num);
267 }
268 }
269
270 /* sync epoch numbers once all the unprocessed records
271 * have been processed */
272 s->d1->processed_rcds.epoch = s->d1->r_epoch;
273 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
274
275 return(1);
276 }
277
278
279#if 0
280
281static int
282dtls1_get_buffered_record(SSL *s)
283 {
284 pitem *item;
285 PQ_64BIT priority =
286 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
287 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
288
289 if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
290 nothing buffered */
291 return 0;
292
293
294 item = pqueue_peek(s->d1->rcvd_records);
295 if (item && item->priority == priority)
296 {
297 /* Check if we've received the record of interest. It must be
298 * a handshake record, since data records as passed up without
299 * buffering */
300 DTLS1_RECORD_DATA *rdata;
301 item = pqueue_pop(s->d1->rcvd_records);
302 rdata = (DTLS1_RECORD_DATA *)item->data;
303
304 if (s->s3->rbuf.buf != NULL)
305 OPENSSL_free(s->s3->rbuf.buf);
306
307 s->packet = rdata->packet;
308 s->packet_length = rdata->packet_length;
309 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
310 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
311
312 OPENSSL_free(item->data);
313 pitem_free(item);
314
315 /* s->d1->next_expected_seq_num++; */
316 return(1);
317 }
318
319 return 0;
320 }
321
322#endif
323
324static int
325dtls1_process_record(SSL *s)
326{
327 int i,al;
328 int clear=0;
329 int enc_err;
330 SSL_SESSION *sess;
331 SSL3_RECORD *rr;
332 unsigned int mac_size;
333 unsigned char md[EVP_MAX_MD_SIZE];
334
335
336 rr= &(s->s3->rrec);
337 sess = s->session;
338
339 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
340 * and we have that many bytes in s->packet
341 */
342 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
343
344 /* ok, we can now read from 's->packet' data into 'rr'
345 * rr->input points at rr->length bytes, which
346 * need to be copied into rr->data by either
347 * the decryption or by the decompression
348 * When the data is 'copied' into the rr->data buffer,
349 * rr->input will be pointed at the new buffer */
350
351 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
352 * rr->length bytes of encrypted compressed stuff. */
353
354 /* check is not needed I believe */
355 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
356 {
357 al=SSL_AD_RECORD_OVERFLOW;
358 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
359 goto f_err;
360 }
361
362 /* decrypt in place in 'rr->input' */
363 rr->data=rr->input;
364
365 enc_err = s->method->ssl3_enc->enc(s,0);
366 if (enc_err <= 0)
367 {
368 if (enc_err == 0)
369 /* SSLerr() and ssl3_send_alert() have been called */
370 goto err;
371
372 /* otherwise enc_err == -1 */
373 goto decryption_failed_or_bad_record_mac;
374 }
375
376#ifdef TLS_DEBUG
377printf("dec %d\n",rr->length);
378{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
379printf("\n");
380#endif
381
382 /* r->length is now the compressed data plus mac */
383if ( (sess == NULL) ||
384 (s->enc_read_ctx == NULL) ||
385 (s->read_hash == NULL))
386 clear=1;
387
388 if (!clear)
389 {
390 mac_size=EVP_MD_size(s->read_hash);
391
392 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
393 {
394#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
395 al=SSL_AD_RECORD_OVERFLOW;
396 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
397 goto f_err;
398#else
399 goto decryption_failed_or_bad_record_mac;
400#endif
401 }
402 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
403 if (rr->length < mac_size)
404 {
405#if 0 /* OK only for stream ciphers */
406 al=SSL_AD_DECODE_ERROR;
407 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
408 goto f_err;
409#else
410 goto decryption_failed_or_bad_record_mac;
411#endif
412 }
413 rr->length-=mac_size;
414 i=s->method->ssl3_enc->mac(s,md,0);
415 if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
416 {
417 goto decryption_failed_or_bad_record_mac;
418 }
419 }
420
421 /* r->length is now just compressed */
422 if (s->expand != NULL)
423 {
424 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
425 {
426 al=SSL_AD_RECORD_OVERFLOW;
427 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
428 goto f_err;
429 }
430 if (!ssl3_do_uncompress(s))
431 {
432 al=SSL_AD_DECOMPRESSION_FAILURE;
433 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
434 goto f_err;
435 }
436 }
437
438 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
439 {
440 al=SSL_AD_RECORD_OVERFLOW;
441 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
442 goto f_err;
443 }
444
445 rr->off=0;
446 /* So at this point the following is true
447 * ssl->s3->rrec.type is the type of record
448 * ssl->s3->rrec.length == number of bytes in record
449 * ssl->s3->rrec.off == offset to first valid byte
450 * ssl->s3->rrec.data == where to take bytes from, increment
451 * after use :-).
452 */
453
454 /* we have pulled in a full packet so zero things */
455 s->packet_length=0;
456 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
457 return(1);
458
459decryption_failed_or_bad_record_mac:
460 /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
461 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
462 * failure is directly visible from the ciphertext anyway,
463 * we should not reveal which kind of error occured -- this
464 * might become visible to an attacker (e.g. via logfile) */
465 al=SSL_AD_BAD_RECORD_MAC;
466 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
467f_err:
468 ssl3_send_alert(s,SSL3_AL_FATAL,al);
469err:
470 return(0);
471}
472
473
474/* Call this to get a new input record.
475 * It will return <= 0 if more data is needed, normally due to an error
476 * or non-blocking IO.
477 * When it finishes, one packet has been decoded and can be found in
478 * ssl->s3->rrec.type - is the type of record
479 * ssl->s3->rrec.data, - data
480 * ssl->s3->rrec.length, - number of bytes
481 */
482/* used only by dtls1_read_bytes */
483int dtls1_get_record(SSL *s)
484 {
485 int ssl_major,ssl_minor,al;
486 int i,n;
487 SSL3_RECORD *rr;
488 SSL_SESSION *sess;
489 unsigned char *p;
490 unsigned short version;
491 DTLS1_BITMAP *bitmap;
492 unsigned int is_next_epoch;
493
494 rr= &(s->s3->rrec);
495 sess=s->session;
496
497 /* The epoch may have changed. If so, process all the
498 * pending records. This is a non-blocking operation. */
499 if ( ! dtls1_process_buffered_records(s))
500 return 0;
501
502 /* if we're renegotiating, then there may be buffered records */
503 if (dtls1_get_processed_record(s))
504 return 1;
505
506 /* get something from the wire */
507again:
508 /* check if we have the header */
509 if ( (s->rstate != SSL_ST_READ_BODY) ||
510 (s->packet_length < DTLS1_RT_HEADER_LENGTH))
511 {
512 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
513 /* read timeout is handled by dtls1_read_bytes */
514 if (n <= 0) return(n); /* error or non-blocking */
515
516 OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);
517
518 s->rstate=SSL_ST_READ_BODY;
519
520 p=s->packet;
521
522 /* Pull apart the header into the DTLS1_RECORD */
523 rr->type= *(p++);
524 ssl_major= *(p++);
525 ssl_minor= *(p++);
526 version=(ssl_major<<8)|ssl_minor;
527
528 /* sequence number is 64 bits, with top 2 bytes = epoch */
529 n2s(p,rr->epoch);
530
531 memcpy(&(s->s3->read_sequence[2]), p, 6);
532 p+=6;
533
534 n2s(p,rr->length);
535
536 /* Lets check version */
537 if (!s->first_packet)
538 {
539 if (version != s->version && version != DTLS1_BAD_VER)
540 {
541 SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
542 /* Send back error using their
543 * version number :-) */
544 s->version=version;
545 al=SSL_AD_PROTOCOL_VERSION;
546 goto f_err;
547 }
548 }
549
550 if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
551 (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
552 {
553 SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
554 goto err;
555 }
556
557 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
558 {
559 al=SSL_AD_RECORD_OVERFLOW;
560 SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
561 goto f_err;
562 }
563
564 s->client_version = version;
565 /* now s->rstate == SSL_ST_READ_BODY */
566 }
567
568 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
569
570 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
571 {
572 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
573 i=rr->length;
574 n=ssl3_read_n(s,i,i,1);
575 if (n <= 0) return(n); /* error or non-blocking io */
576
577 /* this packet contained a partial record, dump it */
578 if ( n != i)
579 {
580 s->packet_length = 0;
581 goto again;
582 }
583
584 /* now n == rr->length,
585 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
586 }
587 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
588
589 /* match epochs. NULL means the packet is dropped on the floor */
590 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
591 if ( bitmap == NULL)
592 {
593 s->packet_length = 0; /* dump this record */
594 goto again; /* get another record */
595 }
596
597 /* check whether this is a repeat, or aged record */
598 if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
599 {
600 rr->length = 0;
601 s->packet_length=0; /* dump this record */
602 goto again; /* get another record */
603 }
604
605 /* just read a 0 length packet */
606 if (rr->length == 0) goto again;
607
608 /* If this record is from the next epoch (either HM or ALERT), buffer it
609 * since it cannot be processed at this time.
610 * Records from the next epoch are marked as received even though they are
611 * not processed, so as to prevent any potential resource DoS attack */
612 if (is_next_epoch)
613 {
614 dtls1_record_bitmap_update(s, bitmap);
615 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
616 s->packet_length = 0;
617 goto again;
618 }
619
620 if ( ! dtls1_process_record(s))
621 return(0);
622
623 dtls1_clear_timeouts(s); /* done waiting */
624 return(1);
625
626f_err:
627 ssl3_send_alert(s,SSL3_AL_FATAL,al);
628err:
629 return(0);
630 }
631
632/* Return up to 'len' payload bytes received in 'type' records.
633 * 'type' is one of the following:
634 *
635 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
636 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
637 * - 0 (during a shutdown, no data has to be returned)
638 *
639 * If we don't have stored data to work from, read a SSL/TLS record first
640 * (possibly multiple records if we still don't have anything to return).
641 *
642 * This function must handle any surprises the peer may have for us, such as
643 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
644 * a surprise, but handled as if it were), or renegotiation requests.
645 * Also if record payloads contain fragments too small to process, we store
646 * them until there is enough for the respective protocol (the record protocol
647 * may use arbitrary fragmentation and even interleaving):
648 * Change cipher spec protocol
649 * just 1 byte needed, no need for keeping anything stored
650 * Alert protocol
651 * 2 bytes needed (AlertLevel, AlertDescription)
652 * Handshake protocol
653 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
654 * to detect unexpected Client Hello and Hello Request messages
655 * here, anything else is handled by higher layers
656 * Application data protocol
657 * none of our business
658 */
659int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
660 {
661 int al,i,j,ret;
662 unsigned int n;
663 SSL3_RECORD *rr;
664 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
665
666 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
667 if (!ssl3_setup_buffers(s))
668 return(-1);
669
670 /* XXX: check what the second '&& type' is about */
671 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
672 (type != SSL3_RT_HANDSHAKE) && type) ||
673 (peek && (type != SSL3_RT_APPLICATION_DATA)))
674 {
675 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
676 return -1;
677 }
678
679 /* check whether there's a handshake message (client hello?) waiting */
680 if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
681 return ret;
682
683 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
684
685 if (!s->in_handshake && SSL_in_init(s))
686 {
687 /* type == SSL3_RT_APPLICATION_DATA */
688 i=s->handshake_func(s);
689 if (i < 0) return(i);
690 if (i == 0)
691 {
692 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
693 return(-1);
694 }
695 }
696
697start:
698 s->rwstate=SSL_NOTHING;
699
700 /* s->s3->rrec.type - is the type of record
701 * s->s3->rrec.data, - data
702 * s->s3->rrec.off, - offset into 'data' for next read
703 * s->s3->rrec.length, - number of bytes. */
704 rr = &(s->s3->rrec);
705
706 /* get new packet if necessary */
707 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
708 {
709 ret=dtls1_get_record(s);
710 if (ret <= 0)
711 {
712 ret = dtls1_read_failed(s, ret);
713 /* anything other than a timeout is an error */
714 if (ret <= 0)
715 return(ret);
716 else
717 goto start;
718 }
719 }
720
721 /* we now have a packet which can be read and processed */
722
723 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
724 * reset by ssl3_get_finished */
725 && (rr->type != SSL3_RT_HANDSHAKE))
726 {
727 al=SSL_AD_UNEXPECTED_MESSAGE;
728 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
729 goto err;
730 }
731
732 /* If the other end has shut down, throw anything we read away
733 * (even in 'peek' mode) */
734 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
735 {
736 rr->length=0;
737 s->rwstate=SSL_NOTHING;
738 return(0);
739 }
740
741
742 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
743 {
744 /* make sure that we are not getting application data when we
745 * are doing a handshake for the first time */
746 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
747 (s->enc_read_ctx == NULL))
748 {
749 al=SSL_AD_UNEXPECTED_MESSAGE;
750 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
751 goto f_err;
752 }
753
754 if (len <= 0) return(len);
755
756 if ((unsigned int)len > rr->length)
757 n = rr->length;
758 else
759 n = (unsigned int)len;
760
761 memcpy(buf,&(rr->data[rr->off]),n);
762 if (!peek)
763 {
764 rr->length-=n;
765 rr->off+=n;
766 if (rr->length == 0)
767 {
768 s->rstate=SSL_ST_READ_HEADER;
769 rr->off=0;
770 }
771 }
772 return(n);
773 }
774
775
776 /* If we get here, then type != rr->type; if we have a handshake
777 * message, then it was unexpected (Hello Request or Client Hello). */
778
779 /* In case of record types for which we have 'fragment' storage,
780 * fill that so that we can process the data at a fixed place.
781 */
782 {
783 unsigned int k, dest_maxlen = 0;
784 unsigned char *dest = NULL;
785 unsigned int *dest_len = NULL;
786
787 if (rr->type == SSL3_RT_HANDSHAKE)
788 {
789 dest_maxlen = sizeof s->d1->handshake_fragment;
790 dest = s->d1->handshake_fragment;
791 dest_len = &s->d1->handshake_fragment_len;
792 }
793 else if (rr->type == SSL3_RT_ALERT)
794 {
795 dest_maxlen = sizeof(s->d1->alert_fragment);
796 dest = s->d1->alert_fragment;
797 dest_len = &s->d1->alert_fragment_len;
798 }
799 /* else it's a CCS message, or it's wrong */
800 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
801 {
802 /* Not certain if this is the right error handling */
803 al=SSL_AD_UNEXPECTED_MESSAGE;
804 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
805 goto f_err;
806 }
807
808
809 if (dest_maxlen > 0)
810 {
811 /* XDTLS: In a pathalogical case, the Client Hello
812 * may be fragmented--don't always expect dest_maxlen bytes */
813 if ( rr->length < dest_maxlen)
814 {
815#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
816 /*
817 * for normal alerts rr->length is 2, while
818 * dest_maxlen is 7 if we were to handle this
819 * non-existing alert...
820 */
821 FIX ME
822#endif
823 s->rstate=SSL_ST_READ_HEADER;
824 rr->length = 0;
825 goto start;
826 }
827
828 /* now move 'n' bytes: */
829 for ( k = 0; k < dest_maxlen; k++)
830 {
831 dest[k] = rr->data[rr->off++];
832 rr->length--;
833 }
834 *dest_len = dest_maxlen;
835 }
836 }
837
838 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
839 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
840 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
841
842 /* If we are a client, check for an incoming 'Hello Request': */
843 if ((!s->server) &&
844 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
845 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
846 (s->session != NULL) && (s->session->cipher != NULL))
847 {
848 s->d1->handshake_fragment_len = 0;
849
850 if ((s->d1->handshake_fragment[1] != 0) ||
851 (s->d1->handshake_fragment[2] != 0) ||
852 (s->d1->handshake_fragment[3] != 0))
853 {
854 al=SSL_AD_DECODE_ERROR;
855 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
856 goto err;
857 }
858
859 /* no need to check sequence number on HELLO REQUEST messages */
860
861 if (s->msg_callback)
862 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
863 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
864
865 if (SSL_is_init_finished(s) &&
866 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
867 !s->s3->renegotiate)
868 {
869 ssl3_renegotiate(s);
870 if (ssl3_renegotiate_check(s))
871 {
872 i=s->handshake_func(s);
873 if (i < 0) return(i);
874 if (i == 0)
875 {
876 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
877 return(-1);
878 }
879
880 if (!(s->mode & SSL_MODE_AUTO_RETRY))
881 {
882 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
883 {
884 BIO *bio;
885 /* In the case where we try to read application data,
886 * but we trigger an SSL handshake, we return -1 with
887 * the retry option set. Otherwise renegotiation may
888 * cause nasty problems in the blocking world */
889 s->rwstate=SSL_READING;
890 bio=SSL_get_rbio(s);
891 BIO_clear_retry_flags(bio);
892 BIO_set_retry_read(bio);
893 return(-1);
894 }
895 }
896 }
897 }
898 /* we either finished a handshake or ignored the request,
899 * now try again to obtain the (application) data we were asked for */
900 goto start;
901 }
902
903 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
904 {
905 int alert_level = s->d1->alert_fragment[0];
906 int alert_descr = s->d1->alert_fragment[1];
907
908 s->d1->alert_fragment_len = 0;
909
910 if (s->msg_callback)
911 s->msg_callback(0, s->version, SSL3_RT_ALERT,
912 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
913
914 if (s->info_callback != NULL)
915 cb=s->info_callback;
916 else if (s->ctx->info_callback != NULL)
917 cb=s->ctx->info_callback;
918
919 if (cb != NULL)
920 {
921 j = (alert_level << 8) | alert_descr;
922 cb(s, SSL_CB_READ_ALERT, j);
923 }
924
925 if (alert_level == 1) /* warning */
926 {
927 s->s3->warn_alert = alert_descr;
928 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
929 {
930 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
931 return(0);
932 }
933#if 0
934 /* XXX: this is a possible improvement in the future */
935 /* now check if it's a missing record */
936 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
937 {
938 unsigned short seq;
939 unsigned int frag_off;
940 unsigned char *p = &(s->d1->alert_fragment[2]);
941
942 n2s(p, seq);
943 n2l3(p, frag_off);
944
945 dtls1_retransmit_message(s, seq, frag_off, &found);
946 if ( ! found && SSL_in_init(s))
947 {
948 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
949 /* requested a message not yet sent,
950 send an alert ourselves */
951 ssl3_send_alert(s,SSL3_AL_WARNING,
952 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
953 }
954 }
955#endif
956 }
957 else if (alert_level == 2) /* fatal */
958 {
959 char tmp[16];
960
961 s->rwstate=SSL_NOTHING;
962 s->s3->fatal_alert = alert_descr;
963 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
964 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
965 ERR_add_error_data(2,"SSL alert number ",tmp);
966 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
967 SSL_CTX_remove_session(s->ctx,s->session);
968 return(0);
969 }
970 else
971 {
972 al=SSL_AD_ILLEGAL_PARAMETER;
973 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
974 goto f_err;
975 }
976
977 goto start;
978 }
979
980 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
981 {
982 s->rwstate=SSL_NOTHING;
983 rr->length=0;
984 return(0);
985 }
986
987 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
988 {
989 struct ccs_header_st ccs_hdr;
990
991 dtls1_get_ccs_header(rr->data, &ccs_hdr);
992
993 /* 'Change Cipher Spec' is just a single byte, so we know
994 * exactly what the record payload has to look like */
995 /* XDTLS: check that epoch is consistent */
996 if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
997 (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
998 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
999 {
1000 i=SSL_AD_ILLEGAL_PARAMETER;
1001 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1002 goto err;
1003 }
1004
1005 rr->length=0;
1006
1007 if (s->msg_callback)
1008 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1009 rr->data, 1, s, s->msg_callback_arg);
1010
1011 s->s3->change_cipher_spec=1;
1012 if (!ssl3_do_change_cipher_spec(s))
1013 goto err;
1014
1015 /* do this whenever CCS is processed */
1016 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1017
1018 if (s->client_version == DTLS1_BAD_VER)
1019 s->d1->handshake_read_seq++;
1020
1021 goto start;
1022 }
1023
1024 /* Unexpected handshake message (Client Hello, or protocol violation) */
1025 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1026 !s->in_handshake)
1027 {
1028 struct hm_header_st msg_hdr;
1029
1030 /* this may just be a stale retransmit */
1031 dtls1_get_message_header(rr->data, &msg_hdr);
1032 if( rr->epoch != s->d1->r_epoch)
1033 {
1034 rr->length = 0;
1035 goto start;
1036 }
1037
1038 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1039 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1040 {
1041#if 0 /* worked only because C operator preferences are not as expected (and
1042 * because this is not really needed for clients except for detecting
1043 * protocol violations): */
1044 s->state=SSL_ST_BEFORE|(s->server)
1045 ?SSL_ST_ACCEPT
1046 :SSL_ST_CONNECT;
1047#else
1048 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1049#endif
1050 s->new_session=1;
1051 }
1052 i=s->handshake_func(s);
1053 if (i < 0) return(i);
1054 if (i == 0)
1055 {
1056 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1057 return(-1);
1058 }
1059
1060 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1061 {
1062 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1063 {
1064 BIO *bio;
1065 /* In the case where we try to read application data,
1066 * but we trigger an SSL handshake, we return -1 with
1067 * the retry option set. Otherwise renegotiation may
1068 * cause nasty problems in the blocking world */
1069 s->rwstate=SSL_READING;
1070 bio=SSL_get_rbio(s);
1071 BIO_clear_retry_flags(bio);
1072 BIO_set_retry_read(bio);
1073 return(-1);
1074 }
1075 }
1076 goto start;
1077 }
1078
1079 switch (rr->type)
1080 {
1081 default:
1082#ifndef OPENSSL_NO_TLS
1083 /* TLS just ignores unknown message types */
1084 if (s->version == TLS1_VERSION)
1085 {
1086 rr->length = 0;
1087 goto start;
1088 }
1089#endif
1090 al=SSL_AD_UNEXPECTED_MESSAGE;
1091 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1092 goto f_err;
1093 case SSL3_RT_CHANGE_CIPHER_SPEC:
1094 case SSL3_RT_ALERT:
1095 case SSL3_RT_HANDSHAKE:
1096 /* we already handled all of these, with the possible exception
1097 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1098 * should not happen when type != rr->type */
1099 al=SSL_AD_UNEXPECTED_MESSAGE;
1100 SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
1101 goto f_err;
1102 case SSL3_RT_APPLICATION_DATA:
1103 /* At this point, we were expecting handshake data,
1104 * but have application data. If the library was
1105 * running inside ssl3_read() (i.e. in_read_app_data
1106 * is set) and it makes sense to read application data
1107 * at this point (session renegotiation not yet started),
1108 * we will indulge it.
1109 */
1110 if (s->s3->in_read_app_data &&
1111 (s->s3->total_renegotiations != 0) &&
1112 ((
1113 (s->state & SSL_ST_CONNECT) &&
1114 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1115 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1116 ) || (
1117 (s->state & SSL_ST_ACCEPT) &&
1118 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1119 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1120 )
1121 ))
1122 {
1123 s->s3->in_read_app_data=2;
1124 return(-1);
1125 }
1126 else
1127 {
1128 al=SSL_AD_UNEXPECTED_MESSAGE;
1129 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1130 goto f_err;
1131 }
1132 }
1133 /* not reached */
1134
1135f_err:
1136 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1137err:
1138 return(-1);
1139 }
1140
1141int
1142dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1143 {
1144 unsigned int n,tot;
1145 int i;
1146
1147 if (SSL_in_init(s) && !s->in_handshake)
1148 {
1149 i=s->handshake_func(s);
1150 if (i < 0) return(i);
1151 if (i == 0)
1152 {
1153 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1154 return -1;
1155 }
1156 }
1157
1158 tot = s->s3->wnum;
1159 n = len - tot;
1160
1161 while( n)
1162 {
1163 /* dtls1_write_bytes sends one record at a time, sized according to
1164 * the currently known MTU */
1165 i = dtls1_write_bytes(s, type, buf_, len);
1166 if (i <= 0) return i;
1167
1168 if ((i == (int)n) ||
1169 (type == SSL3_RT_APPLICATION_DATA &&
1170 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
1171 {
1172 /* next chunk of data should get another prepended empty fragment
1173 * in ciphersuites with known-IV weakness: */
1174 s->s3->empty_fragment_done = 0;
1175 return tot+i;
1176 }
1177
1178 tot += i;
1179 n-=i;
1180 }
1181
1182 return tot;
1183 }
1184
1185
1186 /* this only happens when a client hello is received and a handshake
1187 * is started. */
1188static int
1189have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1190 int len, int peek)
1191 {
1192
1193 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1194 /* (partially) satisfy request from storage */
1195 {
1196 unsigned char *src = s->d1->handshake_fragment;
1197 unsigned char *dst = buf;
1198 unsigned int k,n;
1199
1200 /* peek == 0 */
1201 n = 0;
1202 while ((len > 0) && (s->d1->handshake_fragment_len > 0))
1203 {
1204 *dst++ = *src++;
1205 len--; s->d1->handshake_fragment_len--;
1206 n++;
1207 }
1208 /* move any remaining fragment bytes: */
1209 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1210 s->d1->handshake_fragment[k] = *src++;
1211 return n;
1212 }
1213
1214 return 0;
1215 }
1216
1217
1218
1219
1220/* Call this to write data in records of type 'type'
1221 * It will return <= 0 if not all data has been sent or non-blocking IO.
1222 */
1223int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
1224 {
1225 const unsigned char *buf=buf_;
1226 unsigned int tot,n,nw;
1227 int i;
1228 unsigned int mtu;
1229
1230 s->rwstate=SSL_NOTHING;
1231 tot=s->s3->wnum;
1232
1233 n=(len-tot);
1234
1235 /* handshake layer figures out MTU for itself, but data records
1236 * are also sent through this interface, so need to figure out MTU */
1237#if 0
1238 mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_MTU, 0, NULL);
1239 mtu += DTLS1_HM_HEADER_LENGTH; /* HM already inserted */
1240#endif
1241 mtu = s->d1->mtu;
1242
1243 if (mtu > SSL3_RT_MAX_PLAIN_LENGTH)
1244 mtu = SSL3_RT_MAX_PLAIN_LENGTH;
1245
1246 if (n > mtu)
1247 nw=mtu;
1248 else
1249 nw=n;
1250
1251 i=do_dtls1_write(s, type, &(buf[tot]), nw, 0);
1252 if (i <= 0)
1253 {
1254 s->s3->wnum=tot;
1255 return i;
1256 }
1257
1258 if ( (int)s->s3->wnum + i == len)
1259 s->s3->wnum = 0;
1260 else
1261 s->s3->wnum += i;
1262
1263 return i;
1264 }
1265
1266int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1267 {
1268 unsigned char *p,*pseq;
1269 int i,mac_size,clear=0;
1270 int prefix_len = 0;
1271 SSL3_RECORD *wr;
1272 SSL3_BUFFER *wb;
1273 SSL_SESSION *sess;
1274 int bs;
1275
1276 /* first check if there is a SSL3_BUFFER still being written
1277 * out. This will happen with non blocking IO */
1278 if (s->s3->wbuf.left != 0)
1279 {
1280 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1281 return(ssl3_write_pending(s,type,buf,len));
1282 }
1283
1284 /* If we have an alert to send, lets send it */
1285 if (s->s3->alert_dispatch)
1286 {
1287 i=s->method->ssl_dispatch_alert(s);
1288 if (i <= 0)
1289 return(i);
1290 /* if it went, fall through and send more stuff */
1291 }
1292
1293 if (len == 0 && !create_empty_fragment)
1294 return 0;
1295
1296 wr= &(s->s3->wrec);
1297 wb= &(s->s3->wbuf);
1298 sess=s->session;
1299
1300 if ( (sess == NULL) ||
1301 (s->enc_write_ctx == NULL) ||
1302 (s->write_hash == NULL))
1303 clear=1;
1304
1305 if (clear)
1306 mac_size=0;
1307 else
1308 mac_size=EVP_MD_size(s->write_hash);
1309
1310 /* DTLS implements explicit IV, so no need for empty fragments */
1311#if 0
1312 /* 'create_empty_fragment' is true only when this function calls itself */
1313 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
1314 && SSL_version(s) != DTLS1_VERSION)
1315 {
1316 /* countermeasure against known-IV weakness in CBC ciphersuites
1317 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1318 */
1319
1320 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
1321 {
1322 /* recursive function call with 'create_empty_fragment' set;
1323 * this prepares and buffers the data for an empty fragment
1324 * (these 'prefix_len' bytes are sent out later
1325 * together with the actual payload) */
1326 prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
1327 if (prefix_len <= 0)
1328 goto err;
1329
1330 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
1331 {
1332 /* insufficient space */
1333 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1334 goto err;
1335 }
1336 }
1337
1338 s->s3->empty_fragment_done = 1;
1339 }
1340#endif
1341
1342 p = wb->buf + prefix_len;
1343
1344 /* write the header */
1345
1346 *(p++)=type&0xff;
1347 wr->type=type;
1348
1349 if (s->client_version == DTLS1_BAD_VER)
1350 *(p++) = DTLS1_BAD_VER>>8,
1351 *(p++) = DTLS1_BAD_VER&0xff;
1352 else
1353 *(p++)=(s->version>>8),
1354 *(p++)=s->version&0xff;
1355
1356 /* field where we are to write out packet epoch, seq num and len */
1357 pseq=p;
1358 p+=10;
1359
1360 /* lets setup the record stuff. */
1361
1362 /* Make space for the explicit IV in case of CBC.
1363 * (this is a bit of a boundary violation, but what the heck).
1364 */
1365 if ( s->enc_write_ctx &&
1366 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1367 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1368 else
1369 bs = 0;
1370
1371 wr->data=p + bs; /* make room for IV in case of CBC */
1372 wr->length=(int)len;
1373 wr->input=(unsigned char *)buf;
1374
1375 /* we now 'read' from wr->input, wr->length bytes into
1376 * wr->data */
1377
1378 /* first we compress */
1379 if (s->compress != NULL)
1380 {
1381 if (!ssl3_do_compress(s))
1382 {
1383 SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
1384 goto err;
1385 }
1386 }
1387 else
1388 {
1389 memcpy(wr->data,wr->input,wr->length);
1390 wr->input=wr->data;
1391 }
1392
1393 /* we should still have the output to wr->data and the input
1394 * from wr->input. Length should be wr->length.
1395 * wr->data still points in the wb->buf */
1396
1397 if (mac_size != 0)
1398 {
1399 s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1);
1400 wr->length+=mac_size;
1401 }
1402
1403 /* this is true regardless of mac size */
1404 wr->input=p;
1405 wr->data=p;
1406
1407
1408 /* ssl3_enc can only have an error on read */
1409 if (bs) /* bs != 0 in case of CBC */
1410 {
1411 RAND_pseudo_bytes(p,bs);
1412 /* master IV and last CBC residue stand for
1413 * the rest of randomness */
1414 wr->length += bs;
1415 }
1416
1417 s->method->ssl3_enc->enc(s,1);
1418
1419 /* record length after mac and block padding */
1420/* if (type == SSL3_RT_APPLICATION_DATA ||
1421 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1422
1423 /* there's only one epoch between handshake and app data */
1424
1425 s2n(s->d1->w_epoch, pseq);
1426
1427 /* XDTLS: ?? */
1428/* else
1429 s2n(s->d1->handshake_epoch, pseq); */
1430
1431 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1432 pseq+=6;
1433 s2n(wr->length,pseq);
1434
1435 /* we should now have
1436 * wr->data pointing to the encrypted data, which is
1437 * wr->length long */
1438 wr->type=type; /* not needed but helps for debugging */
1439 wr->length+=DTLS1_RT_HEADER_LENGTH;
1440
1441#if 0 /* this is now done at the message layer */
1442 /* buffer the record, making it easy to handle retransmits */
1443 if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
1444 dtls1_buffer_record(s, wr->data, wr->length,
1445 *((PQ_64BIT *)&(s->s3->write_sequence[0])));
1446#endif
1447
1448 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1449
1450 if (create_empty_fragment)
1451 {
1452 /* we are in a recursive call;
1453 * just return the length, don't write out anything here
1454 */
1455 return wr->length;
1456 }
1457
1458 /* now let's set up wb */
1459 wb->left = prefix_len + wr->length;
1460 wb->offset = 0;
1461
1462 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1463 s->s3->wpend_tot=len;
1464 s->s3->wpend_buf=buf;
1465 s->s3->wpend_type=type;
1466 s->s3->wpend_ret=len;
1467
1468 /* we now just need to write the buffer */
1469 return ssl3_write_pending(s,type,buf,len);
1470err:
1471 return -1;
1472 }
1473
1474
1475
1476static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
1477 PQ_64BIT *seq_num)
1478 {
1479#if PQ_64BIT_IS_INTEGER
1480 PQ_64BIT mask = 0x0000000000000001L;
1481#endif
1482 PQ_64BIT rcd_num, tmp;
1483
1484 pq_64bit_init(&rcd_num);
1485 pq_64bit_init(&tmp);
1486
1487 /* this is the sequence number for the record just read */
1488 pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
1489
1490
1491 if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
1492 pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
1493 {
1494 pq_64bit_assign(seq_num, &rcd_num);
1495 pq_64bit_free(&rcd_num);
1496 pq_64bit_free(&tmp);
1497 return 1; /* this record is new */
1498 }
1499
1500 pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
1501
1502 if ( pq_64bit_get_word(&tmp) > bitmap->length)
1503 {
1504 pq_64bit_free(&rcd_num);
1505 pq_64bit_free(&tmp);
1506 return 0; /* stale, outside the window */
1507 }
1508
1509#if PQ_64BIT_IS_BIGNUM
1510 {
1511 int offset;
1512 pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
1513 pq_64bit_sub_word(&tmp, 1);
1514 offset = pq_64bit_get_word(&tmp);
1515 if ( pq_64bit_is_bit_set(&(bitmap->map), offset))
1516 {
1517 pq_64bit_free(&rcd_num);
1518 pq_64bit_free(&tmp);
1519 return 0;
1520 }
1521 }
1522#else
1523 mask <<= (bitmap->max_seq_num - rcd_num - 1);
1524 if (bitmap->map & mask)
1525 return 0; /* record previously received */
1526#endif
1527
1528 pq_64bit_assign(seq_num, &rcd_num);
1529 pq_64bit_free(&rcd_num);
1530 pq_64bit_free(&tmp);
1531 return 1;
1532 }
1533
1534
1535static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1536 {
1537 unsigned int shift;
1538 PQ_64BIT rcd_num;
1539 PQ_64BIT tmp;
1540 PQ_64BIT_CTX *ctx;
1541
1542 pq_64bit_init(&rcd_num);
1543 pq_64bit_init(&tmp);
1544
1545 pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
1546
1547 /* unfortunate code complexity due to 64-bit manipulation support
1548 * on 32-bit machines */
1549 if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
1550 pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
1551 {
1552 pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num));
1553 pq_64bit_add_word(&tmp, 1);
1554
1555 shift = (unsigned int)pq_64bit_get_word(&tmp);
1556
1557 pq_64bit_lshift(&(tmp), &(bitmap->map), shift);
1558 pq_64bit_assign(&(bitmap->map), &tmp);
1559
1560 pq_64bit_set_bit(&(bitmap->map), 0);
1561 pq_64bit_add_word(&rcd_num, 1);
1562 pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
1563
1564 pq_64bit_assign_word(&tmp, 1);
1565 pq_64bit_lshift(&tmp, &tmp, bitmap->length);
1566 ctx = pq_64bit_ctx_new(&ctx);
1567 pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
1568 pq_64bit_ctx_free(ctx);
1569 }
1570 else
1571 {
1572 pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
1573 pq_64bit_sub_word(&tmp, 1);
1574 shift = (unsigned int)pq_64bit_get_word(&tmp);
1575
1576 pq_64bit_set_bit(&(bitmap->map), shift);
1577 }
1578
1579 pq_64bit_free(&rcd_num);
1580 pq_64bit_free(&tmp);
1581 }
1582
1583
1584int dtls1_dispatch_alert(SSL *s)
1585 {
1586 int i,j;
1587 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1588 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1589 unsigned char *ptr = &buf[0];
1590
1591 s->s3->alert_dispatch=0;
1592
1593 memset(buf, 0x00, sizeof(buf));
1594 *ptr++ = s->s3->send_alert[0];
1595 *ptr++ = s->s3->send_alert[1];
1596
1597#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1598 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1599 {
1600 s2n(s->d1->handshake_read_seq, ptr);
1601#if 0
1602 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
1603
1604 else
1605 s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
1606#endif
1607
1608#if 0
1609 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
1610#endif
1611 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1612 }
1613#endif
1614
1615 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1616 if (i <= 0)
1617 {
1618 s->s3->alert_dispatch=1;
1619 /* fprintf( stderr, "not done with alert\n" ); */
1620 }
1621 else
1622 {
1623 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1624#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1625 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1626#endif
1627 )
1628 (void)BIO_flush(s->wbio);
1629
1630 if (s->msg_callback)
1631 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
1632 2, s, s->msg_callback_arg);
1633
1634 if (s->info_callback != NULL)
1635 cb=s->info_callback;
1636 else if (s->ctx->info_callback != NULL)
1637 cb=s->ctx->info_callback;
1638
1639 if (cb != NULL)
1640 {
1641 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1642 cb(s,SSL_CB_WRITE_ALERT,j);
1643 }
1644 }
1645 return(i);
1646 }
1647
1648
1649static DTLS1_BITMAP *
1650dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1651 {
1652
1653 *is_next_epoch = 0;
1654
1655 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1656 if (rr->epoch == s->d1->r_epoch)
1657 return &s->d1->bitmap;
1658
1659 /* Only HM and ALERT messages can be from the next epoch */
1660 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1661 (rr->type == SSL3_RT_HANDSHAKE ||
1662 rr->type == SSL3_RT_ALERT))
1663 {
1664 *is_next_epoch = 1;
1665 return &s->d1->next_bitmap;
1666 }
1667
1668 return NULL;
1669 }
1670
1671#if 0
1672static int
1673dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
1674 unsigned long *offset)
1675 {
1676
1677 /* alerts are passed up immediately */
1678 if ( rr->type == SSL3_RT_APPLICATION_DATA ||
1679 rr->type == SSL3_RT_ALERT)
1680 return 0;
1681
1682 /* Only need to buffer if a handshake is underway.
1683 * (this implies that Hello Request and Client Hello are passed up
1684 * immediately) */
1685 if ( SSL_in_init(s))
1686 {
1687 unsigned char *data = rr->data;
1688 /* need to extract the HM/CCS sequence number here */
1689 if ( rr->type == SSL3_RT_HANDSHAKE ||
1690 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1691 {
1692 unsigned short seq_num;
1693 struct hm_header_st msg_hdr;
1694 struct ccs_header_st ccs_hdr;
1695
1696 if ( rr->type == SSL3_RT_HANDSHAKE)
1697 {
1698 dtls1_get_message_header(data, &msg_hdr);
1699 seq_num = msg_hdr.seq;
1700 *offset = msg_hdr.frag_off;
1701 }
1702 else
1703 {
1704 dtls1_get_ccs_header(data, &ccs_hdr);
1705 seq_num = ccs_hdr.seq;
1706 *offset = 0;
1707 }
1708
1709 /* this is either a record we're waiting for, or a
1710 * retransmit of something we happened to previously
1711 * receive (higher layers will drop the repeat silently */
1712 if ( seq_num < s->d1->handshake_read_seq)
1713 return 0;
1714 if (rr->type == SSL3_RT_HANDSHAKE &&
1715 seq_num == s->d1->handshake_read_seq &&
1716 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
1717 return 0;
1718 else if ( seq_num == s->d1->handshake_read_seq &&
1719 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
1720 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
1721 return 0;
1722 else
1723 {
1724 *priority = seq_num;
1725 return 1;
1726 }
1727 }
1728 else /* unknown record type */
1729 return 0;
1730 }
1731
1732 return 0;
1733 }
1734#endif
1735
1736void
1737dtls1_reset_seq_numbers(SSL *s, int rw)
1738 {
1739 unsigned char *seq;
1740 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1741
1742 if ( rw & SSL3_CC_READ)
1743 {
1744 seq = s->s3->read_sequence;
1745 s->d1->r_epoch++;
1746
1747 pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));
1748 s->d1->bitmap.length = s->d1->next_bitmap.length;
1749 pq_64bit_assign(&(s->d1->bitmap.max_seq_num),
1750 &(s->d1->next_bitmap.max_seq_num));
1751
1752 pq_64bit_free(&(s->d1->next_bitmap.map));
1753 pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
1754 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1755 pq_64bit_init(&(s->d1->next_bitmap.map));
1756 pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
1757 }
1758 else
1759 {
1760 seq = s->s3->write_sequence;
1761 s->d1->w_epoch++;
1762 }
1763
1764 memset(seq, 0x00, seq_bytes);
1765 }
1766
1767#if PQ_64BIT_IS_INTEGER
1768static PQ_64BIT
1769bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
1770 {
1771 PQ_64BIT _num;
1772
1773 _num = (((PQ_64BIT)bytes[0]) << 56) |
1774 (((PQ_64BIT)bytes[1]) << 48) |
1775 (((PQ_64BIT)bytes[2]) << 40) |
1776 (((PQ_64BIT)bytes[3]) << 32) |
1777 (((PQ_64BIT)bytes[4]) << 24) |
1778 (((PQ_64BIT)bytes[5]) << 16) |
1779 (((PQ_64BIT)bytes[6]) << 8) |
1780 (((PQ_64BIT)bytes[7]) );
1781
1782 *num = _num ;
1783 return _num;
1784 }
1785#endif
1786
1787
1788static void
1789dtls1_clear_timeouts(SSL *s)
1790 {
1791 memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
1792 }
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
deleted file mode 100644
index 0bbf8ae7f3..0000000000
--- a/src/lib/libssl/d1_srvr.c
+++ /dev/null
@@ -1,1147 +0,0 @@
1/* ssl/d1_srvr.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#include <openssl/buffer.h>
119#include <openssl/rand.h>
120#include <openssl/objects.h>
121#include <openssl/evp.h>
122#include <openssl/x509.h>
123#include <openssl/md5.h>
124#ifndef OPENSSL_NO_DH
125#include <openssl/dh.h>
126#endif
127
128static SSL_METHOD *dtls1_get_server_method(int ver);
129static int dtls1_send_hello_verify_request(SSL *s);
130
131static SSL_METHOD *dtls1_get_server_method(int ver)
132 {
133 if (ver == DTLS1_VERSION)
134 return(DTLSv1_server_method());
135 else
136 return(NULL);
137 }
138
139IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
140 dtls1_accept,
141 ssl_undefined_function,
142 dtls1_get_server_method)
143
144int dtls1_accept(SSL *s)
145 {
146 BUF_MEM *buf;
147 unsigned long l,Time=(unsigned long)time(NULL);
148 void (*cb)(const SSL *ssl,int type,int val)=NULL;
149 long num1;
150 int ret= -1;
151 int new_state,state,skip=0;
152
153 RAND_add(&Time,sizeof(Time),0);
154 ERR_clear_error();
155 clear_sys_error();
156
157 if (s->info_callback != NULL)
158 cb=s->info_callback;
159 else if (s->ctx->info_callback != NULL)
160 cb=s->ctx->info_callback;
161
162 /* init things to blank */
163 s->in_handshake++;
164 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
165
166 if (s->cert == NULL)
167 {
168 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
169 return(-1);
170 }
171
172 for (;;)
173 {
174 state=s->state;
175
176 switch (s->state)
177 {
178 case SSL_ST_RENEGOTIATE:
179 s->new_session=1;
180 /* s->state=SSL_ST_ACCEPT; */
181
182 case SSL_ST_BEFORE:
183 case SSL_ST_ACCEPT:
184 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
185 case SSL_ST_OK|SSL_ST_ACCEPT:
186
187 s->server=1;
188 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
189
190 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
191 {
192 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
193 return -1;
194 }
195 s->type=SSL_ST_ACCEPT;
196
197 if (s->init_buf == NULL)
198 {
199 if ((buf=BUF_MEM_new()) == NULL)
200 {
201 ret= -1;
202 goto end;
203 }
204 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
205 {
206 ret= -1;
207 goto end;
208 }
209 s->init_buf=buf;
210 }
211
212 if (!ssl3_setup_buffers(s))
213 {
214 ret= -1;
215 goto end;
216 }
217
218 s->init_num=0;
219
220 if (s->state != SSL_ST_RENEGOTIATE)
221 {
222 /* Ok, we now need to push on a buffering BIO so that
223 * the output is sent in a way that TCP likes :-)
224 */
225 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
226
227 ssl3_init_finished_mac(s);
228 s->state=SSL3_ST_SR_CLNT_HELLO_A;
229 s->ctx->stats.sess_accept++;
230 }
231 else
232 {
233 /* s->state == SSL_ST_RENEGOTIATE,
234 * we will just send a HelloRequest */
235 s->ctx->stats.sess_accept_renegotiate++;
236 s->state=SSL3_ST_SW_HELLO_REQ_A;
237 }
238
239 if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
240 s->d1->send_cookie = 1;
241 else
242 s->d1->send_cookie = 0;
243
244 break;
245
246 case SSL3_ST_SW_HELLO_REQ_A:
247 case SSL3_ST_SW_HELLO_REQ_B:
248
249 s->shutdown=0;
250 ret=dtls1_send_hello_request(s);
251 if (ret <= 0) goto end;
252 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
253 s->state=SSL3_ST_SW_FLUSH;
254 s->init_num=0;
255
256 ssl3_init_finished_mac(s);
257 break;
258
259 case SSL3_ST_SW_HELLO_REQ_C:
260 s->state=SSL_ST_OK;
261 break;
262
263 case SSL3_ST_SR_CLNT_HELLO_A:
264 case SSL3_ST_SR_CLNT_HELLO_B:
265 case SSL3_ST_SR_CLNT_HELLO_C:
266
267 s->shutdown=0;
268 ret=ssl3_get_client_hello(s);
269 if (ret <= 0) goto end;
270 s->new_session = 2;
271
272 if ( s->d1->send_cookie)
273 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
274 else
275 s->state = SSL3_ST_SW_SRVR_HELLO_A;
276
277 s->init_num=0;
278 break;
279
280 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
281 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
282
283 ret = dtls1_send_hello_verify_request(s);
284 if ( ret <= 0) goto end;
285 s->d1->send_cookie = 0;
286 s->state=SSL3_ST_SW_FLUSH;
287 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
288
289 /* HelloVerifyRequests resets Finished MAC */
290 if (s->client_version != DTLS1_BAD_VER)
291 ssl3_init_finished_mac(s);
292 break;
293
294 case SSL3_ST_SW_SRVR_HELLO_A:
295 case SSL3_ST_SW_SRVR_HELLO_B:
296 ret=dtls1_send_server_hello(s);
297 if (ret <= 0) goto end;
298
299 if (s->hit)
300 s->state=SSL3_ST_SW_CHANGE_A;
301 else
302 s->state=SSL3_ST_SW_CERT_A;
303 s->init_num=0;
304 break;
305
306 case SSL3_ST_SW_CERT_A:
307 case SSL3_ST_SW_CERT_B:
308 /* Check if it is anon DH */
309 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
310 {
311 ret=dtls1_send_server_certificate(s);
312 if (ret <= 0) goto end;
313 }
314 else
315 skip=1;
316 s->state=SSL3_ST_SW_KEY_EXCH_A;
317 s->init_num=0;
318 break;
319
320 case SSL3_ST_SW_KEY_EXCH_A:
321 case SSL3_ST_SW_KEY_EXCH_B:
322 l=s->s3->tmp.new_cipher->algorithms;
323
324 /* clear this, it may get reset by
325 * send_server_key_exchange */
326 if ((s->options & SSL_OP_EPHEMERAL_RSA)
327#ifndef OPENSSL_NO_KRB5
328 && !(l & SSL_KRB5)
329#endif /* OPENSSL_NO_KRB5 */
330 )
331 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
332 * even when forbidden by protocol specs
333 * (handshake may fail as clients are not required to
334 * be able to handle this) */
335 s->s3->tmp.use_rsa_tmp=1;
336 else
337 s->s3->tmp.use_rsa_tmp=0;
338
339 /* only send if a DH key exchange, fortezza or
340 * RSA but we have a sign only certificate */
341 if (s->s3->tmp.use_rsa_tmp
342 || (l & (SSL_DH|SSL_kFZA))
343 || ((l & SSL_kRSA)
344 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
345 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
346 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
347 )
348 )
349 )
350 )
351 {
352 ret=dtls1_send_server_key_exchange(s);
353 if (ret <= 0) goto end;
354 }
355 else
356 skip=1;
357
358 s->state=SSL3_ST_SW_CERT_REQ_A;
359 s->init_num=0;
360 break;
361
362 case SSL3_ST_SW_CERT_REQ_A:
363 case SSL3_ST_SW_CERT_REQ_B:
364 if (/* don't request cert unless asked for it: */
365 !(s->verify_mode & SSL_VERIFY_PEER) ||
366 /* if SSL_VERIFY_CLIENT_ONCE is set,
367 * don't request cert during re-negotiation: */
368 ((s->session->peer != NULL) &&
369 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
370 /* never request cert in anonymous ciphersuites
371 * (see section "Certificate request" in SSL 3 drafts
372 * and in RFC 2246): */
373 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
374 /* ... except when the application insists on verification
375 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
376 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
377 /* never request cert in Kerberos ciphersuites */
378 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
379 {
380 /* no cert request */
381 skip=1;
382 s->s3->tmp.cert_request=0;
383 s->state=SSL3_ST_SW_SRVR_DONE_A;
384 }
385 else
386 {
387 s->s3->tmp.cert_request=1;
388 ret=dtls1_send_certificate_request(s);
389 if (ret <= 0) goto end;
390#ifndef NETSCAPE_HANG_BUG
391 s->state=SSL3_ST_SW_SRVR_DONE_A;
392#else
393 s->state=SSL3_ST_SW_FLUSH;
394 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
395#endif
396 s->init_num=0;
397 }
398 break;
399
400 case SSL3_ST_SW_SRVR_DONE_A:
401 case SSL3_ST_SW_SRVR_DONE_B:
402 ret=dtls1_send_server_done(s);
403 if (ret <= 0) goto end;
404 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
405 s->state=SSL3_ST_SW_FLUSH;
406 s->init_num=0;
407 break;
408
409 case SSL3_ST_SW_FLUSH:
410 /* number of bytes to be flushed */
411 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
412 if (num1 > 0)
413 {
414 s->rwstate=SSL_WRITING;
415 num1=BIO_flush(s->wbio);
416 if (num1 <= 0) { ret= -1; goto end; }
417 s->rwstate=SSL_NOTHING;
418 }
419
420 s->state=s->s3->tmp.next_state;
421 break;
422
423 case SSL3_ST_SR_CERT_A:
424 case SSL3_ST_SR_CERT_B:
425 /* Check for second client hello (MS SGC) */
426 ret = ssl3_check_client_hello(s);
427 if (ret <= 0)
428 goto end;
429 if (ret == 2)
430 s->state = SSL3_ST_SR_CLNT_HELLO_C;
431 else {
432 /* could be sent for a DH cert, even if we
433 * have not asked for it :-) */
434 ret=ssl3_get_client_certificate(s);
435 if (ret <= 0) goto end;
436 s->init_num=0;
437 s->state=SSL3_ST_SR_KEY_EXCH_A;
438 }
439 break;
440
441 case SSL3_ST_SR_KEY_EXCH_A:
442 case SSL3_ST_SR_KEY_EXCH_B:
443 ret=ssl3_get_client_key_exchange(s);
444 if (ret <= 0) goto end;
445 s->state=SSL3_ST_SR_CERT_VRFY_A;
446 s->init_num=0;
447
448 /* We need to get hashes here so if there is
449 * a client cert, it can be verified */
450 s->method->ssl3_enc->cert_verify_mac(s,
451 &(s->s3->finish_dgst1),
452 &(s->s3->tmp.cert_verify_md[0]));
453 s->method->ssl3_enc->cert_verify_mac(s,
454 &(s->s3->finish_dgst2),
455 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
456
457 break;
458
459 case SSL3_ST_SR_CERT_VRFY_A:
460 case SSL3_ST_SR_CERT_VRFY_B:
461
462 /* we should decide if we expected this one */
463 ret=ssl3_get_cert_verify(s);
464 if (ret <= 0) goto end;
465
466 s->state=SSL3_ST_SR_FINISHED_A;
467 s->init_num=0;
468 break;
469
470 case SSL3_ST_SR_FINISHED_A:
471 case SSL3_ST_SR_FINISHED_B:
472 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
473 SSL3_ST_SR_FINISHED_B);
474 if (ret <= 0) goto end;
475 if (s->hit)
476 s->state=SSL_ST_OK;
477 else
478 s->state=SSL3_ST_SW_CHANGE_A;
479 s->init_num=0;
480 break;
481
482 case SSL3_ST_SW_CHANGE_A:
483 case SSL3_ST_SW_CHANGE_B:
484
485 s->session->cipher=s->s3->tmp.new_cipher;
486 if (!s->method->ssl3_enc->setup_key_block(s))
487 { ret= -1; goto end; }
488
489 ret=dtls1_send_change_cipher_spec(s,
490 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
491
492 if (ret <= 0) goto end;
493 s->state=SSL3_ST_SW_FINISHED_A;
494 s->init_num=0;
495
496 if (!s->method->ssl3_enc->change_cipher_state(s,
497 SSL3_CHANGE_CIPHER_SERVER_WRITE))
498 {
499 ret= -1;
500 goto end;
501 }
502
503 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
504 break;
505
506 case SSL3_ST_SW_FINISHED_A:
507 case SSL3_ST_SW_FINISHED_B:
508 ret=dtls1_send_finished(s,
509 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
510 s->method->ssl3_enc->server_finished_label,
511 s->method->ssl3_enc->server_finished_label_len);
512 if (ret <= 0) goto end;
513 s->state=SSL3_ST_SW_FLUSH;
514 if (s->hit)
515 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
516 else
517 s->s3->tmp.next_state=SSL_ST_OK;
518 s->init_num=0;
519 break;
520
521 case SSL_ST_OK:
522 /* clean a few things up */
523 ssl3_cleanup_key_block(s);
524
525#if 0
526 BUF_MEM_free(s->init_buf);
527 s->init_buf=NULL;
528#endif
529
530 /* remove buffering on output */
531 ssl_free_wbio_buffer(s);
532
533 s->init_num=0;
534
535 if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
536 {
537 /* actually not necessarily a 'new' session unless
538 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
539
540 s->new_session=0;
541
542 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
543
544 s->ctx->stats.sess_accept_good++;
545 /* s->server=1; */
546 s->handshake_func=dtls1_accept;
547
548 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
549 }
550
551 ret = 1;
552
553 /* done handshaking, next message is client hello */
554 s->d1->handshake_read_seq = 0;
555 /* next message is server hello */
556 s->d1->handshake_write_seq = 0;
557 goto end;
558 /* break; */
559
560 default:
561 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
562 ret= -1;
563 goto end;
564 /* break; */
565 }
566
567 if (!s->s3->tmp.reuse_message && !skip)
568 {
569 if (s->debug)
570 {
571 if ((ret=BIO_flush(s->wbio)) <= 0)
572 goto end;
573 }
574
575
576 if ((cb != NULL) && (s->state != state))
577 {
578 new_state=s->state;
579 s->state=state;
580 cb(s,SSL_CB_ACCEPT_LOOP,1);
581 s->state=new_state;
582 }
583 }
584 skip=0;
585 }
586end:
587 /* BIO_flush(s->wbio); */
588
589 s->in_handshake--;
590 if (cb != NULL)
591 cb(s,SSL_CB_ACCEPT_EXIT,ret);
592 return(ret);
593 }
594
595int dtls1_send_hello_request(SSL *s)
596 {
597 unsigned char *p;
598
599 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
600 {
601 p=(unsigned char *)s->init_buf->data;
602 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
603
604 s->state=SSL3_ST_SW_HELLO_REQ_B;
605 /* number of bytes to write */
606 s->init_num=DTLS1_HM_HEADER_LENGTH;
607 s->init_off=0;
608
609 /* no need to buffer this message, since there are no retransmit
610 * requests for it */
611 }
612
613 /* SSL3_ST_SW_HELLO_REQ_B */
614 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
615 }
616
617int dtls1_send_hello_verify_request(SSL *s)
618 {
619 unsigned int msg_len;
620 unsigned char *msg, *buf, *p;
621
622 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
623 {
624 buf = (unsigned char *)s->init_buf->data;
625
626 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
627 if (s->client_version == DTLS1_BAD_VER)
628 *(p++) = DTLS1_BAD_VER>>8,
629 *(p++) = DTLS1_BAD_VER&0xff;
630 else
631 *(p++) = s->version >> 8,
632 *(p++) = s->version & 0xFF;
633
634 if (s->ctx->app_gen_cookie_cb != NULL &&
635 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
636 &(s->d1->cookie_len)) == 0)
637 {
638 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
639 return 0;
640 }
641 /* else the cookie is assumed to have
642 * been initialized by the application */
643
644 *(p++) = (unsigned char) s->d1->cookie_len;
645 memcpy(p, s->d1->cookie, s->d1->cookie_len);
646 p += s->d1->cookie_len;
647 msg_len = p - msg;
648
649 dtls1_set_message_header(s, buf,
650 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
651
652 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
653 /* number of bytes to write */
654 s->init_num=p-buf;
655 s->init_off=0;
656
657 /* buffer the message to handle re-xmits */
658 dtls1_buffer_message(s, 0);
659 }
660
661 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
662 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
663 }
664
665int dtls1_send_server_hello(SSL *s)
666 {
667 unsigned char *buf;
668 unsigned char *p,*d;
669 int i;
670 unsigned int sl;
671 unsigned long l,Time;
672
673 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
674 {
675 buf=(unsigned char *)s->init_buf->data;
676 p=s->s3->server_random;
677 Time=(unsigned long)time(NULL); /* Time */
678 l2n(Time,p);
679 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
680 /* Do the message type and length last */
681 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
682
683 if (s->client_version == DTLS1_BAD_VER)
684 *(p++)=DTLS1_BAD_VER>>8,
685 *(p++)=DTLS1_BAD_VER&0xff;
686 else
687 *(p++)=s->version>>8,
688 *(p++)=s->version&0xff;
689
690 /* Random stuff */
691 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
692 p+=SSL3_RANDOM_SIZE;
693
694 /* now in theory we have 3 options to sending back the
695 * session id. If it is a re-use, we send back the
696 * old session-id, if it is a new session, we send
697 * back the new session-id or we send back a 0 length
698 * session-id if we want it to be single use.
699 * Currently I will not implement the '0' length session-id
700 * 12-Jan-98 - I'll now support the '0' length stuff.
701 */
702 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
703 s->session->session_id_length=0;
704
705 sl=s->session->session_id_length;
706 if (sl > sizeof s->session->session_id)
707 {
708 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
709 return -1;
710 }
711 *(p++)=sl;
712 memcpy(p,s->session->session_id,sl);
713 p+=sl;
714
715 /* put the cipher */
716 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
717 p+=i;
718
719 /* put the compression method */
720#ifdef OPENSSL_NO_COMP
721 *(p++)=0;
722#else
723 if (s->s3->tmp.new_compression == NULL)
724 *(p++)=0;
725 else
726 *(p++)=s->s3->tmp.new_compression->id;
727#endif
728
729 /* do the header */
730 l=(p-d);
731 d=buf;
732
733 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
734
735 s->state=SSL3_ST_SW_SRVR_HELLO_B;
736 /* number of bytes to write */
737 s->init_num=p-buf;
738 s->init_off=0;
739
740 /* buffer the message to handle re-xmits */
741 dtls1_buffer_message(s, 0);
742 }
743
744 /* SSL3_ST_SW_SRVR_HELLO_B */
745 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
746 }
747
748int dtls1_send_server_done(SSL *s)
749 {
750 unsigned char *p;
751
752 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
753 {
754 p=(unsigned char *)s->init_buf->data;
755
756 /* do the header */
757 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
758
759 s->state=SSL3_ST_SW_SRVR_DONE_B;
760 /* number of bytes to write */
761 s->init_num=DTLS1_HM_HEADER_LENGTH;
762 s->init_off=0;
763
764 /* buffer the message to handle re-xmits */
765 dtls1_buffer_message(s, 0);
766 }
767
768 /* SSL3_ST_SW_SRVR_DONE_B */
769 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
770 }
771
772int dtls1_send_server_key_exchange(SSL *s)
773 {
774#ifndef OPENSSL_NO_RSA
775 unsigned char *q;
776 int j,num;
777 RSA *rsa;
778 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
779 unsigned int u;
780#endif
781#ifndef OPENSSL_NO_DH
782 DH *dh=NULL,*dhp;
783#endif
784 EVP_PKEY *pkey;
785 unsigned char *p,*d;
786 int al,i;
787 unsigned long type;
788 int n;
789 CERT *cert;
790 BIGNUM *r[4];
791 int nr[4],kn;
792 BUF_MEM *buf;
793 EVP_MD_CTX md_ctx;
794
795 EVP_MD_CTX_init(&md_ctx);
796 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
797 {
798 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
799 cert=s->cert;
800
801 buf=s->init_buf;
802
803 r[0]=r[1]=r[2]=r[3]=NULL;
804 n=0;
805#ifndef OPENSSL_NO_RSA
806 if (type & SSL_kRSA)
807 {
808 rsa=cert->rsa_tmp;
809 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
810 {
811 rsa=s->cert->rsa_tmp_cb(s,
812 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
813 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
814 if(rsa == NULL)
815 {
816 al=SSL_AD_HANDSHAKE_FAILURE;
817 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
818 goto f_err;
819 }
820 RSA_up_ref(rsa);
821 cert->rsa_tmp=rsa;
822 }
823 if (rsa == NULL)
824 {
825 al=SSL_AD_HANDSHAKE_FAILURE;
826 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
827 goto f_err;
828 }
829 r[0]=rsa->n;
830 r[1]=rsa->e;
831 s->s3->tmp.use_rsa_tmp=1;
832 }
833 else
834#endif
835#ifndef OPENSSL_NO_DH
836 if (type & SSL_kEDH)
837 {
838 dhp=cert->dh_tmp;
839 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
840 dhp=s->cert->dh_tmp_cb(s,
841 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
842 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
843 if (dhp == NULL)
844 {
845 al=SSL_AD_HANDSHAKE_FAILURE;
846 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
847 goto f_err;
848 }
849
850 if (s->s3->tmp.dh != NULL)
851 {
852 DH_free(dh);
853 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
854 goto err;
855 }
856
857 if ((dh=DHparams_dup(dhp)) == NULL)
858 {
859 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
860 goto err;
861 }
862
863 s->s3->tmp.dh=dh;
864 if ((dhp->pub_key == NULL ||
865 dhp->priv_key == NULL ||
866 (s->options & SSL_OP_SINGLE_DH_USE)))
867 {
868 if(!DH_generate_key(dh))
869 {
870 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
871 ERR_R_DH_LIB);
872 goto err;
873 }
874 }
875 else
876 {
877 dh->pub_key=BN_dup(dhp->pub_key);
878 dh->priv_key=BN_dup(dhp->priv_key);
879 if ((dh->pub_key == NULL) ||
880 (dh->priv_key == NULL))
881 {
882 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
883 goto err;
884 }
885 }
886 r[0]=dh->p;
887 r[1]=dh->g;
888 r[2]=dh->pub_key;
889 }
890 else
891#endif
892 {
893 al=SSL_AD_HANDSHAKE_FAILURE;
894 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
895 goto f_err;
896 }
897 for (i=0; r[i] != NULL; i++)
898 {
899 nr[i]=BN_num_bytes(r[i]);
900 n+=2+nr[i];
901 }
902
903 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
904 {
905 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
906 == NULL)
907 {
908 al=SSL_AD_DECODE_ERROR;
909 goto f_err;
910 }
911 kn=EVP_PKEY_size(pkey);
912 }
913 else
914 {
915 pkey=NULL;
916 kn=0;
917 }
918
919 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
920 {
921 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
922 goto err;
923 }
924 d=(unsigned char *)s->init_buf->data;
925 p= &(d[DTLS1_HM_HEADER_LENGTH]);
926
927 for (i=0; r[i] != NULL; i++)
928 {
929 s2n(nr[i],p);
930 BN_bn2bin(r[i],p);
931 p+=nr[i];
932 }
933
934 /* not anonymous */
935 if (pkey != NULL)
936 {
937 /* n is the length of the params, they start at
938 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
939 * at the end. */
940#ifndef OPENSSL_NO_RSA
941 if (pkey->type == EVP_PKEY_RSA)
942 {
943 q=md_buf;
944 j=0;
945 for (num=2; num > 0; num--)
946 {
947 EVP_DigestInit_ex(&md_ctx,(num == 2)
948 ?s->ctx->md5:s->ctx->sha1, NULL);
949 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
950 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
951 EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
952 EVP_DigestFinal_ex(&md_ctx,q,
953 (unsigned int *)&i);
954 q+=i;
955 j+=i;
956 }
957 if (RSA_sign(NID_md5_sha1, md_buf, j,
958 &(p[2]), &u, pkey->pkey.rsa) <= 0)
959 {
960 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
961 goto err;
962 }
963 s2n(u,p);
964 n+=u+2;
965 }
966 else
967#endif
968#if !defined(OPENSSL_NO_DSA)
969 if (pkey->type == EVP_PKEY_DSA)
970 {
971 /* lets do DSS */
972 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
973 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
974 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
975 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
976 if (!EVP_SignFinal(&md_ctx,&(p[2]),
977 (unsigned int *)&i,pkey))
978 {
979 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
980 goto err;
981 }
982 s2n(i,p);
983 n+=i+2;
984 }
985 else
986#endif
987 {
988 /* Is this error check actually needed? */
989 al=SSL_AD_HANDSHAKE_FAILURE;
990 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
991 goto f_err;
992 }
993 }
994
995 d = dtls1_set_message_header(s, d,
996 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
997
998 /* we should now have things packed up, so lets send
999 * it off */
1000 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1001 s->init_off=0;
1002
1003 /* buffer the message to handle re-xmits */
1004 dtls1_buffer_message(s, 0);
1005 }
1006
1007 s->state = SSL3_ST_SW_KEY_EXCH_B;
1008 EVP_MD_CTX_cleanup(&md_ctx);
1009 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1010f_err:
1011 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1012err:
1013 EVP_MD_CTX_cleanup(&md_ctx);
1014 return(-1);
1015 }
1016
1017int dtls1_send_certificate_request(SSL *s)
1018 {
1019 unsigned char *p,*d;
1020 int i,j,nl,off,n;
1021 STACK_OF(X509_NAME) *sk=NULL;
1022 X509_NAME *name;
1023 BUF_MEM *buf;
1024 unsigned int msg_len;
1025
1026 if (s->state == SSL3_ST_SW_CERT_REQ_A)
1027 {
1028 buf=s->init_buf;
1029
1030 d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1031
1032 /* get the list of acceptable cert types */
1033 p++;
1034 n=ssl3_get_req_cert_type(s,p);
1035 d[0]=n;
1036 p+=n;
1037 n++;
1038
1039 off=n;
1040 p+=2;
1041 n+=2;
1042
1043 sk=SSL_get_client_CA_list(s);
1044 nl=0;
1045 if (sk != NULL)
1046 {
1047 for (i=0; i<sk_X509_NAME_num(sk); i++)
1048 {
1049 name=sk_X509_NAME_value(sk,i);
1050 j=i2d_X509_NAME(name,NULL);
1051 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
1052 {
1053 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1054 goto err;
1055 }
1056 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
1057 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1058 {
1059 s2n(j,p);
1060 i2d_X509_NAME(name,&p);
1061 n+=2+j;
1062 nl+=2+j;
1063 }
1064 else
1065 {
1066 d=p;
1067 i2d_X509_NAME(name,&p);
1068 j-=2; s2n(j,d); j+=2;
1069 n+=j;
1070 nl+=j;
1071 }
1072 }
1073 }
1074 /* else no CA names */
1075 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
1076 s2n(nl,p);
1077
1078 d=(unsigned char *)buf->data;
1079 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
1080 l2n3(n,d);
1081 s2n(s->d1->handshake_write_seq,d);
1082 s->d1->handshake_write_seq++;
1083
1084 /* we should now have things packed up, so lets send
1085 * it off */
1086
1087 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1088 s->init_off=0;
1089#ifdef NETSCAPE_HANG_BUG
1090/* XXX: what to do about this? */
1091 p=(unsigned char *)s->init_buf->data + s->init_num;
1092
1093 /* do the header */
1094 *(p++)=SSL3_MT_SERVER_DONE;
1095 *(p++)=0;
1096 *(p++)=0;
1097 *(p++)=0;
1098 s->init_num += 4;
1099#endif
1100
1101 /* XDTLS: set message header ? */
1102 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1103 dtls1_set_message_header(s, (void *)s->init_buf->data,
1104 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1105
1106 /* buffer the message to handle re-xmits */
1107 dtls1_buffer_message(s, 0);
1108
1109 s->state = SSL3_ST_SW_CERT_REQ_B;
1110 }
1111
1112 /* SSL3_ST_SW_CERT_REQ_B */
1113 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1114err:
1115 return(-1);
1116 }
1117
1118int dtls1_send_server_certificate(SSL *s)
1119 {
1120 unsigned long l;
1121 X509 *x;
1122
1123 if (s->state == SSL3_ST_SW_CERT_A)
1124 {
1125 x=ssl_get_server_send_cert(s);
1126 if (x == NULL &&
1127 /* VRS: allow null cert if auth == KRB5 */
1128 (s->s3->tmp.new_cipher->algorithms
1129 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
1130 != (SSL_aKRB5|SSL_kKRB5))
1131 {
1132 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
1133 return(0);
1134 }
1135
1136 l=dtls1_output_cert_chain(s,x);
1137 s->state=SSL3_ST_SW_CERT_B;
1138 s->init_num=(int)l;
1139 s->init_off=0;
1140
1141 /* buffer the message to handle re-xmits */
1142 dtls1_buffer_message(s, 0);
1143 }
1144
1145 /* SSL3_ST_SW_CERT_B */
1146 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1147 }
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index 9e59020c17..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,313 +0,0 @@
1#
2# OpenSSL example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6# This definition stops the following lines choking if HOME isn't
7# defined.
8HOME = .
9RANDFILE = $ENV::HOME/.rnd
10
11# Extra OBJECT IDENTIFIER info:
12#oid_file = $ENV::HOME/.oid
13oid_section = new_oids
14
15# To use this configuration file with the "-extfile" option of the
16# "openssl x509" utility, name here the section containing the
17# X.509v3 extensions to use:
18# extensions =
19# (Alternatively, use a configuration file that has only
20# X.509v3 extensions in its main [= default] section.)
21
22[ new_oids ]
23
24# We can add new OIDs in here for use by 'ca' and 'req'.
25# Add a simple OID like this:
26# testoid1=1.2.3.4
27# Or use config file substitution like this:
28# testoid2=${testoid1}.5.6
29
30####################################################################
31[ ca ]
32default_ca = CA_default # The default ca section
33
34####################################################################
35[ CA_default ]
36
37dir = ./demoCA # Where everything is kept
38certs = $dir/certs # Where the issued certs are kept
39crl_dir = $dir/crl # Where the issued crl are kept
40database = $dir/index.txt # database index file.
41#unique_subject = no # Set to 'no' to allow creation of
42 # several ctificates with same subject.
43new_certs_dir = $dir/newcerts # default place for new certs.
44
45certificate = $dir/cacert.pem # The CA certificate
46serial = $dir/serial # The current serial number
47crlnumber = $dir/crlnumber # the current crl number
48 # must be commented out to leave a V1 CRL
49crl = $dir/crl.pem # The current CRL
50private_key = $dir/private/cakey.pem# The private key
51RANDFILE = $dir/private/.rand # private random number file
52
53x509_extensions = usr_cert # The extentions to add to the cert
54
55# Comment out the following two lines for the "traditional"
56# (and highly broken) format.
57name_opt = ca_default # Subject Name options
58cert_opt = ca_default # Certificate field options
59
60# Extension copying option: use with caution.
61# copy_extensions = copy
62
63# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
64# so this is commented out by default to leave a V1 CRL.
65# crlnumber must also be commented out to leave a V1 CRL.
66# crl_extensions = crl_ext
67
68default_days = 365 # how long to certify for
69default_crl_days= 30 # how long before next CRL
70default_md = sha1 # which md to use.
71preserve = no # keep passed DN ordering
72
73# A few difference way of specifying how similar the request should look
74# For type CA, the listed attributes must be the same, and the optional
75# and supplied fields are just that :-)
76policy = policy_match
77
78# For the CA policy
79[ policy_match ]
80countryName = match
81stateOrProvinceName = match
82organizationName = match
83organizationalUnitName = optional
84commonName = supplied
85emailAddress = optional
86
87# For the 'anything' policy
88# At this point in time, you must list all acceptable 'object'
89# types.
90[ policy_anything ]
91countryName = optional
92stateOrProvinceName = optional
93localityName = optional
94organizationName = optional
95organizationalUnitName = optional
96commonName = supplied
97emailAddress = optional
98
99####################################################################
100[ req ]
101default_bits = 1024
102default_keyfile = privkey.pem
103distinguished_name = req_distinguished_name
104attributes = req_attributes
105x509_extensions = v3_ca # The extentions to add to the self signed cert
106
107# Passwords for private keys if not present they will be prompted for
108# input_password = secret
109# output_password = secret
110
111# This sets a mask for permitted string types. There are several options.
112# default: PrintableString, T61String, BMPString.
113# pkix : PrintableString, BMPString.
114# utf8only: only UTF8Strings.
115# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
116# MASK:XXXX a literal mask value.
117# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
118# so use this option with caution!
119string_mask = nombstr
120
121# req_extensions = v3_req # The extensions to add to a certificate request
122
123[ req_distinguished_name ]
124countryName = Country Name (2 letter code)
125countryName_default = AU
126countryName_min = 2
127countryName_max = 2
128
129stateOrProvinceName = State or Province Name (full name)
130stateOrProvinceName_default = Some-State
131
132localityName = Locality Name (eg, city)
133
1340.organizationName = Organization Name (eg, company)
1350.organizationName_default = Internet Widgits Pty Ltd
136
137# we can do this but it is not needed normally :-)
138#1.organizationName = Second Organization Name (eg, company)
139#1.organizationName_default = World Wide Web Pty Ltd
140
141organizationalUnitName = Organizational Unit Name (eg, section)
142#organizationalUnitName_default =
143
144commonName = Common Name (eg, YOUR name)
145commonName_max = 64
146
147emailAddress = Email Address
148emailAddress_max = 64
149
150# SET-ex3 = SET extension number 3
151
152[ req_attributes ]
153challengePassword = A challenge password
154challengePassword_min = 4
155challengePassword_max = 20
156
157unstructuredName = An optional company name
158
159[ usr_cert ]
160
161# These extensions are added when 'ca' signs a request.
162
163# This goes against PKIX guidelines but some CAs do it and some software
164# requires this to avoid interpreting an end user certificate as a CA.
165
166basicConstraints=CA:FALSE
167
168# Here are some examples of the usage of nsCertType. If it is omitted
169# the certificate can be used for anything *except* object signing.
170
171# This is OK for an SSL server.
172# nsCertType = server
173
174# For an object signing certificate this would be used.
175# nsCertType = objsign
176
177# For normal client use this is typical
178# nsCertType = client, email
179
180# and for everything including object signing:
181# nsCertType = client, email, objsign
182
183# This is typical in keyUsage for a client certificate.
184# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
185
186# This will be displayed in Netscape's comment listbox.
187nsComment = "OpenSSL Generated Certificate"
188
189# PKIX recommendations harmless if included in all certificates.
190subjectKeyIdentifier=hash
191authorityKeyIdentifier=keyid,issuer
192
193# This stuff is for subjectAltName and issuerAltname.
194# Import the email address.
195# subjectAltName=email:copy
196# An alternative to produce certificates that aren't
197# deprecated according to PKIX.
198# subjectAltName=email:move
199
200# Copy subject details
201# issuerAltName=issuer:copy
202
203#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
204#nsBaseUrl
205#nsRevocationUrl
206#nsRenewalUrl
207#nsCaPolicyUrl
208#nsSslServerName
209
210[ v3_req ]
211
212# Extensions to add to a certificate request
213
214basicConstraints = CA:FALSE
215keyUsage = nonRepudiation, digitalSignature, keyEncipherment
216
217[ v3_ca ]
218
219
220# Extensions for a typical CA
221
222
223# PKIX recommendation.
224
225subjectKeyIdentifier=hash
226
227authorityKeyIdentifier=keyid:always,issuer:always
228
229# This is what PKIX recommends but some broken software chokes on critical
230# extensions.
231#basicConstraints = critical,CA:true
232# So we do this instead.
233basicConstraints = CA:true
234
235# Key usage: this is typical for a CA certificate. However since it will
236# prevent it being used as an test self-signed certificate it is best
237# left out by default.
238# keyUsage = cRLSign, keyCertSign
239
240# Some might want this also
241# nsCertType = sslCA, emailCA
242
243# Include email address in subject alt name: another PKIX recommendation
244# subjectAltName=email:copy
245# Copy issuer details
246# issuerAltName=issuer:copy
247
248# DER hex encoding of an extension: beware experts only!
249# obj=DER:02:03
250# Where 'obj' is a standard or added object
251# You can even override a supported extension:
252# basicConstraints= critical, DER:30:03:01:01:FF
253
254[ crl_ext ]
255
256# CRL extensions.
257# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
258
259# issuerAltName=issuer:copy
260authorityKeyIdentifier=keyid:always,issuer:always
261
262[ proxy_cert_ext ]
263# These extensions should be added when creating a proxy certificate
264
265# This goes against PKIX guidelines but some CAs do it and some software
266# requires this to avoid interpreting an end user certificate as a CA.
267
268basicConstraints=CA:FALSE
269
270# Here are some examples of the usage of nsCertType. If it is omitted
271# the certificate can be used for anything *except* object signing.
272
273# This is OK for an SSL server.
274# nsCertType = server
275
276# For an object signing certificate this would be used.
277# nsCertType = objsign
278
279# For normal client use this is typical
280# nsCertType = client, email
281
282# and for everything including object signing:
283# nsCertType = client, email, objsign
284
285# This is typical in keyUsage for a client certificate.
286# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
287
288# This will be displayed in Netscape's comment listbox.
289nsComment = "OpenSSL Generated Certificate"
290
291# PKIX recommendations harmless if included in all certificates.
292subjectKeyIdentifier=hash
293authorityKeyIdentifier=keyid,issuer:always
294
295# This stuff is for subjectAltName and issuerAltname.
296# Import the email address.
297# subjectAltName=email:copy
298# An alternative to produce certificates that aren't
299# deprecated according to PKIX.
300# subjectAltName=email:move
301
302# Copy subject details
303# issuerAltName=issuer:copy
304
305#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
306#nsBaseUrl
307#nsRevocationUrl
308#nsRenewalUrl
309#nsCaPolicyUrl
310#nsSslServerName
311
312# This really needs to be in place for it to be a proxy certificate.
313proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index f8817b0a71..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
1
2This is some preliminary documentation for OpenSSL.
3
4Contents:
5
6 OpenSSL X509V3 extension configuration
7 X509V3 Extension code: programmers guide
8 PKCS#12 Library
9
10
11==============================================================================
12 OpenSSL X509V3 extension configuration
13==============================================================================
14
15OpenSSL X509V3 extension configuration: preliminary documentation.
16
17INTRODUCTION.
18
19For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
20possible to add and print out common X509 V3 certificate and CRL extensions.
21
22BEGINNERS NOTE
23
24For most simple applications you don't need to know too much about extensions:
25the default openssl.cnf values will usually do sensible things.
26
27If you want to know more you can initially quickly look through the sections
28describing how the standard OpenSSL utilities display and add extensions and
29then the list of supported extensions.
30
31For more technical information about the meaning of extensions see:
32
33http://www.imc.org/ietf-pkix/
34http://home.netscape.com/eng/security/certs.html
35
36PRINTING EXTENSIONS.
37
38Extension values are automatically printed out for supported extensions.
39
40openssl x509 -in cert.pem -text
41openssl crl -in crl.pem -text
42
43will give information in the extension printout, for example:
44
45 X509v3 extensions:
46 X509v3 Basic Constraints:
47 CA:TRUE
48 X509v3 Subject Key Identifier:
49 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
50 X509v3 Authority Key Identifier:
51 keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
52 X509v3 Key Usage:
53 Certificate Sign, CRL Sign
54 X509v3 Subject Alternative Name:
55 email:email@1.address, email:email@2.address
56
57CONFIGURATION FILES.
58
59The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
60which certificate extensions to include. In each case a line:
61
62x509_extensions = extension_section
63
64indicates which section contains the extensions. In the case of 'req' the
65extension section is used when the -x509 option is present to create a
66self signed root certificate.
67
68The 'x509' utility also supports extensions when it signs a certificate.
69The -extfile option is used to set the configuration file containing the
70extensions. In this case a line with:
71
72extensions = extension_section
73
74in the nameless (default) section is used. If no such line is included then
75it uses the default section.
76
77You can also add extensions to CRLs: a line
78
79crl_extensions = crl_extension_section
80
81will include extensions when the -gencrl option is used with the 'ca' utility.
82You can add any extension to a CRL but of the supported extensions only
83issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
84CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
85CRL entry extensions can be displayed.
86
87NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
88you should not include a crl_extensions line in the configuration file.
89
90As with all configuration files you can use the inbuilt environment expansion
91to allow the values to be passed in the environment. Therefore if you have
92several extension sections used for different purposes you can have a line:
93
94x509_extensions = $ENV::ENV_EXT
95
96and set the ENV_EXT environment variable before calling the relevant utility.
97
98EXTENSION SYNTAX.
99
100Extensions have the basic form:
101
102extension_name=[critical,] extension_options
103
104the use of the critical option makes the extension critical. Extreme caution
105should be made when using the critical flag. If an extension is marked
106as critical then any client that does not understand the extension should
107reject it as invalid. Some broken software will reject certificates which
108have *any* critical extensions (these violates PKIX but we have to live
109with it).
110
111There are three main types of extension: string extensions, multi-valued
112extensions, and raw extensions.
113
114String extensions simply have a string which contains either the value itself
115or how it is obtained.
116
117For example:
118
119nsComment="This is a Comment"
120
121Multi-valued extensions have a short form and a long form. The short form
122is a list of names and values:
123
124basicConstraints=critical,CA:true,pathlen:1
125
126The long form allows the values to be placed in a separate section:
127
128basicConstraints=critical,@bs_section
129
130[bs_section]
131
132CA=true
133pathlen=1
134
135Both forms are equivalent. However it should be noted that in some cases the
136same name can appear multiple times, for example,
137
138subjectAltName=email:steve@here,email:steve@there
139
140in this case an equivalent long form is:
141
142subjectAltName=@alt_section
143
144[alt_section]
145
146email.1=steve@here
147email.2=steve@there
148
149This is because the configuration file code cannot handle the same name
150occurring twice in the same section.
151
152The syntax of raw extensions is governed by the extension code: it can
153for example contain data in multiple sections. The correct syntax to
154use is defined by the extension code itself: check out the certificate
155policies extension for an example.
156
157There are two ways to encode arbitrary extensions.
158
159The first way is to use the word ASN1 followed by the extension content
160using the same syntax as ASN1_generate_nconf(). For example:
161
1621.2.3.4=critical,ASN1:UTF8String:Some random data
163
1641.2.3.4=ASN1:SEQUENCE:seq_sect
165
166[seq_sect]
167
168field1 = UTF8:field1
169field2 = UTF8:field2
170
171It is also possible to use the word DER to include arbitrary data in any
172extension.
173
1741.2.3.4=critical,DER:01:02:03:04
1751.2.3.4=DER:01020304
176
177The value following DER is a hex dump of the DER encoding of the extension
178Any extension can be placed in this form to override the default behaviour.
179For example:
180
181basicConstraints=critical,DER:00:01:02:03
182
183WARNING: DER should be used with caution. It is possible to create totally
184invalid extensions unless care is taken.
185
186CURRENTLY SUPPORTED EXTENSIONS.
187
188If you aren't sure about extensions then they can be largely ignored: its only
189when you want to do things like restrict certificate usage when you need to
190worry about them.
191
192The only extension that a beginner might want to look at is Basic Constraints.
193If in addition you want to try Netscape object signing the you should also
194look at Netscape Certificate Type.
195
196Literal String extensions.
197
198In each case the 'value' of the extension is placed directly in the
199extension. Currently supported extensions in this category are: nsBaseUrl,
200nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
201nsSslServerName and nsComment.
202
203For example:
204
205nsComment="This is a test comment"
206
207Bit Strings.
208
209Bit string extensions just consist of a list of supported bits, currently
210two extensions are in this category: PKIX keyUsage and the Netscape specific
211nsCertType.
212
213nsCertType (netscape certificate type) takes the flags: client, server, email,
214objsign, reserved, sslCA, emailCA, objCA.
215
216keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
217keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
218encipherOnly, decipherOnly.
219
220For example:
221
222nsCertType=server
223
224keyUsage=digitalSignature, nonRepudiation
225
226Hints on Netscape Certificate Type.
227
228Other than Basic Constraints this is the only extension a beginner might
229want to use, if you want to try Netscape object signing, otherwise it can
230be ignored.
231
232If you want a certificate that can be used just for object signing then:
233
234nsCertType=objsign
235
236will do the job. If you want to use it as a normal end user and server
237certificate as well then
238
239nsCertType=objsign,email,server
240
241is more appropriate. You cannot use a self signed certificate for object
242signing (well Netscape signtool can but it cheats!) so you need to create
243a CA certificate and sign an end user certificate with it.
244
245Side note: If you want to conform to the Netscape specifications then you
246should really also set:
247
248nsCertType=objCA
249
250in the *CA* certificate for just an object signing CA and
251
252nsCertType=objCA,emailCA,sslCA
253
254for everything. Current Netscape software doesn't enforce this so it can
255be omitted.
256
257Basic Constraints.
258
259This is generally the only extension you need to worry about for simple
260applications. If you want your certificate to be usable as a CA certificate
261(in addition to an end user certificate) then you set this to:
262
263basicConstraints=CA:TRUE
264
265if you want to be certain the certificate cannot be used as a CA then do:
266
267basicConstraints=CA:FALSE
268
269The rest of this section describes more advanced usage.
270
271Basic constraints is a multi-valued extension that supports a CA and an
272optional pathlen option. The CA option takes the values true and false and
273pathlen takes an integer. Note if the CA option is false the pathlen option
274should be omitted.
275
276The pathlen parameter indicates the maximum number of CAs that can appear
277below this one in a chain. So if you have a CA with a pathlen of zero it can
278only be used to sign end user certificates and not further CAs. This all
279assumes that the software correctly interprets this extension of course.
280
281Examples:
282
283basicConstraints=CA:TRUE
284basicConstraints=critical,CA:TRUE, pathlen:0
285
286NOTE: for a CA to be considered valid it must have the CA option set to
287TRUE. An end user certificate MUST NOT have the CA value set to true.
288According to PKIX recommendations it should exclude the extension entirely,
289however some software may require CA set to FALSE for end entity certificates.
290
291Extended Key Usage.
292
293This extensions consists of a list of usages.
294
295These can either be object short names of the dotted numerical form of OIDs.
296While any OID can be used only certain values make sense. In particular the
297following PKIX, NS and MS values are meaningful:
298
299Value Meaning
300----- -------
301serverAuth SSL/TLS Web Server Authentication.
302clientAuth SSL/TLS Web Client Authentication.
303codeSigning Code signing.
304emailProtection E-mail Protection (S/MIME).
305timeStamping Trusted Timestamping
306msCodeInd Microsoft Individual Code Signing (authenticode)
307msCodeCom Microsoft Commercial Code Signing (authenticode)
308msCTLSign Microsoft Trust List Signing
309msSGC Microsoft Server Gated Crypto
310msEFS Microsoft Encrypted File System
311nsSGC Netscape Server Gated Crypto
312
313For example, under IE5 a CA can be used for any purpose: by including a list
314of the above usages the CA can be restricted to only authorised uses.
315
316Note: software packages may place additional interpretations on certificate
317use, in particular some usages may only work for selected CAs. Don't for example
318expect just including msSGC or nsSGC will automatically mean that a certificate
319can be used for SGC ("step up" encryption) otherwise anyone could use it.
320
321Examples:
322
323extendedKeyUsage=critical,codeSigning,1.2.3.4
324extendedKeyUsage=nsSGC,msSGC
325
326Subject Key Identifier.
327
328This is really a string extension and can take two possible values. Either
329a hex string giving details of the extension value to include or the word
330'hash' which then automatically follow PKIX guidelines in selecting and
331appropriate key identifier. The use of the hex string is strongly discouraged.
332
333Example: subjectKeyIdentifier=hash
334
335Authority Key Identifier.
336
337The authority key identifier extension permits two options. keyid and issuer:
338both can take the optional value "always".
339
340If the keyid option is present an attempt is made to copy the subject key
341identifier from the parent certificate. If the value "always" is present
342then an error is returned if the option fails.
343
344The issuer option copies the issuer and serial number from the issuer
345certificate. Normally this will only be done if the keyid option fails or
346is not included: the "always" flag will always include the value.
347
348Subject Alternative Name.
349
350The subject alternative name extension allows various literal values to be
351included in the configuration file. These include "email" (an email address)
352"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
353registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
354
355Also the email option include a special 'copy' value. This will automatically
356include and email addresses contained in the certificate subject name in
357the extension.
358
359otherName can include arbitrary data associated with an OID: the value
360should be the OID followed by a semicolon and the content in standard
361ASN1_generate_nconf() format.
362
363Examples:
364
365subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
366subjectAltName=email:my@other.address,RID:1.2.3.4
367subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
368
369Issuer Alternative Name.
370
371The issuer alternative name option supports all the literal options of
372subject alternative name. It does *not* support the email:copy option because
373that would not make sense. It does support an additional issuer:copy option
374that will copy all the subject alternative name values from the issuer
375certificate (if possible).
376
377Example:
378
379issuserAltName = issuer:copy
380
381Authority Info Access.
382
383The authority information access extension gives details about how to access
384certain information relating to the CA. Its syntax is accessOID;location
385where 'location' has the same syntax as subject alternative name (except
386that email:copy is not supported). accessOID can be any valid OID but only
387certain values are meaningful for example OCSP and caIssuers. OCSP gives the
388location of an OCSP responder: this is used by Netscape PSM and other software.
389
390Example:
391
392authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
393authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
394
395CRL distribution points.
396
397This is a multi-valued extension that supports all the literal options of
398subject alternative name. Of the few software packages that currently interpret
399this extension most only interpret the URI option.
400
401Currently each option will set a new DistributionPoint with the fullName
402field set to the given value.
403
404Other fields like cRLissuer and reasons cannot currently be set or displayed:
405at this time no examples were available that used these fields.
406
407If you see this extension with <UNSUPPORTED> when you attempt to print it out
408or it doesn't appear to display correctly then let me know, including the
409certificate (mail me at steve@openssl.org) .
410
411Examples:
412
413crlDistributionPoints=URI:http://www.myhost.com/myca.crl
414crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
415
416Certificate Policies.
417
418This is a RAW extension. It attempts to display the contents of this extension:
419unfortunately this extension is often improperly encoded.
420
421The certificate policies extension will rarely be used in practice: few
422software packages interpret it correctly or at all. IE5 does partially
423support this extension: but it needs the 'ia5org' option because it will
424only correctly support a broken encoding. Of the options below only the
425policy OID, explicitText and CPS options are displayed with IE5.
426
427All the fields of this extension can be set by using the appropriate syntax.
428
429If you follow the PKIX recommendations of not including any qualifiers and just
430using only one OID then you just include the value of that OID. Multiple OIDs
431can be set separated by commas, for example:
432
433certificatePolicies= 1.2.4.5, 1.1.3.4
434
435If you wish to include qualifiers then the policy OID and qualifiers need to
436be specified in a separate section: this is done by using the @section syntax
437instead of a literal OID value.
438
439The section referred to must include the policy OID using the name
440policyIdentifier, cPSuri qualifiers can be included using the syntax:
441
442CPS.nnn=value
443
444userNotice qualifiers can be set using the syntax:
445
446userNotice.nnn=@notice
447
448The value of the userNotice qualifier is specified in the relevant section.
449This section can include explicitText, organization and noticeNumbers
450options. explicitText and organization are text strings, noticeNumbers is a
451comma separated list of numbers. The organization and noticeNumbers options
452(if included) must BOTH be present. If you use the userNotice option with IE5
453then you need the 'ia5org' option at the top level to modify the encoding:
454otherwise it will not be interpreted properly.
455
456Example:
457
458certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
459
460[polsect]
461
462policyIdentifier = 1.3.5.8
463CPS.1="http://my.host.name/"
464CPS.2="http://my.your.name/"
465userNotice.1=@notice
466
467[notice]
468
469explicitText="Explicit Text Here"
470organization="Organisation Name"
471noticeNumbers=1,2,3,4
472
473TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
474according to PKIX it should be of type DisplayText but Verisign uses an
475IA5STRING and IE5 needs this too.
476
477Display only extensions.
478
479Some extensions are only partially supported and currently are only displayed
480but cannot be set. These include private key usage period, CRL number, and
481CRL reason.
482
483==============================================================================
484 X509V3 Extension code: programmers guide
485==============================================================================
486
487The purpose of the extension code is twofold. It allows an extension to be
488created from a string or structure describing its contents and it prints out an
489extension in a human or machine readable form.
490
4911. Initialisation and cleanup.
492
493No special initialisation is needed before calling the extension functions.
494You used to have to call X509V3_add_standard_extensions(); but this is no longer
495required and this function no longer does anything.
496
497void X509V3_EXT_cleanup(void);
498
499This function should be called to cleanup the extension code if any custom
500extensions have been added. If no custom extensions have been added then this
501call does nothing. After this call all custom extension code is freed up but
502you can still use the standard extensions.
503
5042. Printing and parsing extensions.
505
506The simplest way to print out extensions is via the standard X509 printing
507routines: if you use the standard X509_print() function, the supported
508extensions will be printed out automatically.
509
510The following functions allow finer control over extension display:
511
512int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
513int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
514
515These two functions print out an individual extension to a BIO or FILE pointer.
516Currently the flag argument is unused and should be set to 0. The 'indent'
517argument is the number of spaces to indent each line.
518
519void *X509V3_EXT_d2i(X509_EXTENSION *ext);
520
521This function parses an extension and returns its internal structure. The
522precise structure you get back depends on the extension being parsed. If the
523extension if basicConstraints you will get back a pointer to a
524BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
525details about the structures returned. The returned structure should be freed
526after use using the relevant free function, BASIC_CONSTRAINTS_free() for
527example.
528
529void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
530void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
531void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
532void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
533
534These functions combine the operations of searching for extensions and
535parsing them. They search a certificate, a CRL a CRL entry or a stack
536of extensions respectively for extension whose NID is 'nid' and return
537the parsed result of NULL if an error occurred. For example:
538
539BASIC_CONSTRAINTS *bs;
540bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
541
542This will search for the basicConstraints extension and either return
543it value or NULL. NULL can mean either the extension was not found, it
544occurred more than once or it could not be parsed.
545
546If 'idx' is NULL then an extension is only parsed if it occurs precisely
547once. This is standard behaviour because extensions normally cannot occur
548more than once. If however more than one extension of the same type can
549occur it can be used to parse successive extensions for example:
550
551int i;
552void *ext;
553
554i = -1;
555for(;;) {
556 ext = X509_get_ext_d2i(x, nid, crit, &idx);
557 if(ext == NULL) break;
558 /* Do something with ext */
559}
560
561If 'crit' is not NULL and the extension was found then the int it points to
562is set to 1 for critical extensions and 0 for non critical. Therefore if the
563function returns NULL but 'crit' is set to 0 or 1 then the extension was
564found but it could not be parsed.
565
566The int pointed to by crit will be set to -1 if the extension was not found
567and -2 if the extension occurred more than once (this will only happen if
568idx is NULL). In both cases the function will return NULL.
569
5703. Generating extensions.
571
572An extension will typically be generated from a configuration file, or some
573other kind of configuration database.
574
575int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
576 X509 *cert);
577int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
578 X509_CRL *crl);
579
580These functions add all the extensions in the given section to the given
581certificate or CRL. They will normally be called just before the certificate
582or CRL is due to be signed. Both return 0 on error on non zero for success.
583
584In each case 'conf' is the LHASH pointer of the configuration file to use
585and 'section' is the section containing the extension details.
586
587See the 'context functions' section for a description of the ctx parameter.
588
589
590X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
591 char *value);
592
593This function returns an extension based on a name and value pair, if the
594pair will not need to access other sections in a config file (or there is no
595config file) then the 'conf' parameter can be set to NULL.
596
597X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
598 char *value);
599
600This function creates an extension in the same way as X509V3_EXT_conf() but
601takes the NID of the extension rather than its name.
602
603For example to produce basicConstraints with the CA flag and a path length of
60410:
605
606x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
607
608
609X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
610
611This function sets up an extension from its internal structure. The ext_nid
612parameter is the NID of the extension and 'crit' is the critical flag.
613
6144. Context functions.
615
616The following functions set and manipulate an extension context structure.
617The purpose of the extension context is to allow the extension code to
618access various structures relating to the "environment" of the certificate:
619for example the issuers certificate or the certificate request.
620
621void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
622 X509_REQ *req, X509_CRL *crl, int flags);
623
624This function sets up an X509V3_CTX structure with details of the certificate
625environment: specifically the issuers certificate, the subject certificate,
626the certificate request and the CRL: if these are not relevant or not
627available then they can be set to NULL. The 'flags' parameter should be set
628to zero.
629
630X509V3_set_ctx_test(ctx)
631
632This macro is used to set the 'ctx' structure to a 'test' value: this is to
633allow the syntax of an extension (or configuration file) to be tested.
634
635X509V3_set_ctx_nodb(ctx)
636
637This macro is used when no configuration database is present.
638
639void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
640
641This function is used to set the configuration database when it is an LHASH
642structure: typically a configuration file.
643
644The following functions are used to access a configuration database: they
645should only be used in RAW extensions.
646
647char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
648
649This function returns the value of the parameter "name" in "section", or NULL
650if there has been an error.
651
652void X509V3_string_free(X509V3_CTX *ctx, char *str);
653
654This function frees up the string returned by the above function.
655
656STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
657
658This function returns a whole section as a STACK_OF(CONF_VALUE) .
659
660void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
661
662This function frees up the STACK returned by the above function.
663
664Note: it is possible to use the extension code with a custom configuration
665database. To do this the "db_meth" element of the X509V3_CTX structure should
666be set to an X509V3_CTX_METHOD structure. This structure contains the following
667function pointers:
668
669char * (*get_string)(void *db, char *section, char *value);
670STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
671void (*free_string)(void *db, char * string);
672void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
673
674these will be called and passed the 'db' element in the X509V3_CTX structure
675to access the database. If a given function is not implemented or not required
676it can be set to NULL.
677
6785. String helper functions.
679
680There are several "i2s" and "s2i" functions that convert structures to and
681from ASCII strings. In all the "i2s" cases the returned string should be
682freed using Free() after use. Since some of these are part of other extension
683code they may take a 'method' parameter. Unless otherwise stated it can be
684safely set to NULL.
685
686char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
687
688This returns a hex string from an ASN1_OCTET_STRING.
689
690char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
691char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
692
693These return a string decimal representations of an ASN1_INTEGER and an
694ASN1_ENUMERATED type, respectively.
695
696ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
697 X509V3_CTX *ctx, char *str);
698
699This converts an ASCII hex string to an ASN1_OCTET_STRING.
700
701ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
702
703This converts a decimal ASCII string into an ASN1_INTEGER.
704
7056. Multi valued extension helper functions.
706
707The following functions can be used to manipulate STACKs of CONF_VALUE
708structures, as used by multi valued extensions.
709
710int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
711
712This function expects a boolean value in 'value' and sets 'asn1_bool' to
713it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
714strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
715"false", "N", "n", "NO" or "no".
716
717int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
718
719This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
720
721int X509V3_add_value(const char *name, const char *value,
722 STACK_OF(CONF_VALUE) **extlist);
723
724This simply adds a string name and value pair.
725
726int X509V3_add_value_uchar(const char *name, const unsigned char *value,
727 STACK_OF(CONF_VALUE) **extlist);
728
729The same as above but for an unsigned character value.
730
731int X509V3_add_value_bool(const char *name, int asn1_bool,
732 STACK_OF(CONF_VALUE) **extlist);
733
734This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
735
736int X509V3_add_value_bool_nf(char *name, int asn1_bool,
737 STACK_OF(CONF_VALUE) **extlist);
738
739This is the same as above except it adds nothing if asn1_bool is FALSE.
740
741int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
742 STACK_OF(CONF_VALUE) **extlist);
743
744This function adds the value of the ASN1_INTEGER in decimal form.
745
7467. Other helper functions.
747
748<to be added>
749
750ADDING CUSTOM EXTENSIONS.
751
752Currently there are three types of supported extensions.
753
754String extensions are simple strings where the value is placed directly in the
755extensions, and the string returned is printed out.
756
757Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
758or return a STACK_OF(CONF_VALUE).
759
760Raw extensions are just passed a BIO or a value and it is the extensions
761responsibility to handle all the necessary printing.
762
763There are two ways to add an extension. One is simply as an alias to an already
764existing extension. An alias is an extension that is identical in ASN1 structure
765to an existing extension but has a different OBJECT IDENTIFIER. This can be
766done by calling:
767
768int X509V3_EXT_add_alias(int nid_to, int nid_from);
769
770'nid_to' is the new extension NID and 'nid_from' is the already existing
771extension NID.
772
773Alternatively an extension can be written from scratch. This involves writing
774the ASN1 code to encode and decode the extension and functions to print out and
775generate the extension from strings. The relevant functions are then placed in
776a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
777called.
778
779The X509V3_EXT_METHOD structure is described below.
780
781struct {
782int ext_nid;
783int ext_flags;
784X509V3_EXT_NEW ext_new;
785X509V3_EXT_FREE ext_free;
786X509V3_EXT_D2I d2i;
787X509V3_EXT_I2D i2d;
788X509V3_EXT_I2S i2s;
789X509V3_EXT_S2I s2i;
790X509V3_EXT_I2V i2v;
791X509V3_EXT_V2I v2i;
792X509V3_EXT_R2I r2i;
793X509V3_EXT_I2R i2r;
794
795void *usr_data;
796};
797
798The elements have the following meanings.
799
800ext_nid is the NID of the object identifier of the extension.
801
802ext_flags is set of flags. Currently the only external flag is
803 X509V3_EXT_MULTILINE which means a multi valued extensions
804 should be printed on separate lines.
805
806usr_data is an extension specific pointer to any relevant data. This
807 allows extensions to share identical code but have different
808 uses. An example of this is the bit string extension which uses
809 usr_data to contain a list of the bit names.
810
811All the remaining elements are function pointers.
812
813ext_new is a pointer to a function that allocates memory for the
814 extension ASN1 structure: for example ASN1_OBJECT_new().
815
816ext_free is a pointer to a function that free up memory of the extension
817 ASN1 structure: for example ASN1_OBJECT_free().
818
819d2i is the standard ASN1 function that converts a DER buffer into
820 the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
821
822i2d is the standard ASN1 function that converts the internal
823 structure into the DER representation: for example
824 i2d_ASN1_IA5STRING().
825
826The remaining functions are depend on the type of extension. One i2X and
827one X2i should be set and the rest set to NULL. The types set do not need
828to match up, for example the extension could be set using the multi valued
829v2i function and printed out using the raw i2r.
830
831All functions have the X509V3_EXT_METHOD passed to them in the 'method'
832parameter and an X509V3_CTX structure. Extension code can then access the
833parent structure via the 'method' parameter to for example make use of the value
834of usr_data. If the code needs to use detail relating to the request it can
835use the 'ctx' parameter.
836
837A note should be given here about the 'flags' member of the 'ctx' parameter.
838If it has the value CTX_TEST then the configuration syntax is being checked
839and no actual certificate or CRL exists. Therefore any attempt in the config
840file to access such information should silently succeed. If the syntax is OK
841then it should simply return a (possibly bogus) extension, otherwise it
842should return NULL.
843
844char *i2s(struct v3_ext_method *method, void *ext);
845
846This function takes the internal structure in the ext parameter and returns
847a Malloc'ed string representing its value.
848
849void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
850
851This function takes the string representation in the ext parameter and returns
852an allocated internal structure: ext_free() will be used on this internal
853structure after use.
854
855i2v and v2i handle a STACK_OF(CONF_VALUE):
856
857typedef struct
858{
859 char *section;
860 char *name;
861 char *value;
862} CONF_VALUE;
863
864Only the name and value members are currently used.
865
866STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
867
868This function is passed the internal structure in the ext parameter and
869returns a STACK of CONF_VALUE structures. The values of name, value,
870section and the structure itself will be freed up with Free after use.
871Several helper functions are available to add values to this STACK.
872
873void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
874 STACK_OF(CONF_VALUE) *values);
875
876This function takes a STACK_OF(CONF_VALUE) structures and should set the
877values of the external structure. This typically uses the name element to
878determine which structure element to set and the value element to determine
879what to set it to. Several helper functions are available for this
880purpose (see above).
881
882int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
883
884This function is passed the internal extension structure in the ext parameter
885and sends out a human readable version of the extension to out. The 'indent'
886parameter should be noted to determine the necessary amount of indentation
887needed on the output.
888
889void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
890
891This is just passed the string representation of the extension. It is intended
892to be used for more elaborate extensions where the standard single and multi
893valued options are insufficient. They can use the 'ctx' parameter to parse the
894configuration database themselves. See the context functions section for details
895of how to do this.
896
897Note: although this type takes the same parameters as the "r2s" function there
898is a subtle difference. Whereas an "r2i" function can access a configuration
899database an "s2i" function MUST NOT. This is so the internal code can safely
900assume that an "s2i" function will work without a configuration database.
901
902==============================================================================
903 PKCS#12 Library
904==============================================================================
905
906This section describes the internal PKCS#12 support. There are very few
907differences between the old external library and the new internal code at
908present. This may well change because the external library will not be updated
909much in future.
910
911This version now includes a couple of high level PKCS#12 functions which
912generally "do the right thing" and should make it much easier to handle PKCS#12
913structures.
914
915HIGH LEVEL FUNCTIONS.
916
917For most applications you only need concern yourself with the high level
918functions. They can parse and generate simple PKCS#12 files as produced by
919Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
920private key and certificate pair.
921
9221. Initialisation and cleanup.
923
924No special initialisation is needed for the internal PKCS#12 library: the
925standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
926add all algorithms (you should at least add SHA1 though) then you can manually
927initialise the PKCS#12 library with:
928
929PKCS12_PBE_add();
930
931The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
932called or it can be directly freed with:
933
934EVP_PBE_cleanup();
935
936after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
937be called.
938
9392. I/O functions.
940
941i2d_PKCS12_bio(bp, p12)
942
943This writes out a PKCS12 structure to a BIO.
944
945i2d_PKCS12_fp(fp, p12)
946
947This is the same but for a FILE pointer.
948
949d2i_PKCS12_bio(bp, p12)
950
951This reads in a PKCS12 structure from a BIO.
952
953d2i_PKCS12_fp(fp, p12)
954
955This is the same but for a FILE pointer.
956
9573. High level functions.
958
9593.1 Parsing with PKCS12_parse().
960
961int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
962 STACK **ca);
963
964This function takes a PKCS12 structure and a password (ASCII, null terminated)
965and returns the private key, the corresponding certificate and any CA
966certificates. If any of these is not required it can be passed as a NULL.
967The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
968structure. Typically to read in a PKCS#12 file you might do:
969
970p12 = d2i_PKCS12_fp(fp, NULL);
971PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
972PKCS12_free(p12);
973
9743.2 PKCS#12 creation with PKCS12_create().
975
976PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
977 STACK *ca, int nid_key, int nid_cert, int iter,
978 int mac_iter, int keytype);
979
980This function will create a PKCS12 structure from a given password, name,
981private key, certificate and optional STACK of CA certificates. The remaining
9825 parameters can be set to 0 and sensible defaults will be used.
983
984The parameters nid_key and nid_cert are the key and certificate encryption
985algorithms, iter is the encryption iteration count, mac_iter is the MAC
986iteration count and keytype is the type of private key. If you really want
987to know what these last 5 parameters do then read the low level section.
988
989Typically to create a PKCS#12 file the following could be used:
990
991p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
992i2d_PKCS12_fp(fp, p12);
993PKCS12_free(p12);
994
9953.3 Changing a PKCS#12 structure password.
996
997int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
998
999This changes the password of an already existing PKCS#12 structure. oldpass
1000is the old password and newpass is the new one. An error occurs if the old
1001password is incorrect.
1002
1003LOW LEVEL FUNCTIONS.
1004
1005In some cases the high level functions do not provide the necessary
1006functionality. For example if you want to generate or parse more complex
1007PKCS#12 files. The sample pkcs12 application uses the low level functions
1008to display details about the internal structure of a PKCS#12 file.
1009
1010Introduction.
1011
1012This is a brief description of how a PKCS#12 file is represented internally:
1013some knowledge of PKCS#12 is assumed.
1014
1015A PKCS#12 object contains several levels.
1016
1017At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
1018CRL, a private key, encrypted or unencrypted, a set of safebags (so the
1019structure can be nested) or other secrets (not documented at present).
1020A safebag can optionally have attributes, currently these are: a unicode
1021friendlyName (a Unicode string) or a localKeyID (a string of bytes).
1022
1023At the next level is an authSafe which is a set of safebags collected into
1024a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
1025
1026At the top level is the PKCS12 structure itself which contains a set of
1027authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
1028contains a MAC which is a kind of password protected digest to preserve
1029integrity (so any unencrypted stuff below can't be tampered with).
1030
1031The reason for these levels is so various objects can be encrypted in various
1032ways. For example you might want to encrypt a set of private keys with
1033triple-DES and then include the related certificates either unencrypted or
1034with lower encryption. Yes it's the dreaded crypto laws at work again which
1035allow strong encryption on private keys and only weak encryption on other
1036stuff.
1037
1038To build one of these things you turn all certificates and keys into safebags
1039(with optional attributes). You collect the safebags into (one or more) STACKS
1040and convert these into authsafes (encrypted or unencrypted). The authsafes
1041are collected into a STACK and added to a PKCS12 structure. Finally a MAC
1042inserted.
1043
1044Pulling one apart is basically the reverse process. The MAC is verified against
1045the given password. The authsafes are extracted and each authsafe split into
1046a set of safebags (possibly involving decryption). Finally the safebags are
1047decomposed into the original keys and certificates and the attributes used to
1048match up private key and certificate pairs.
1049
1050Anyway here are the functions that do the dirty work.
1051
10521. Construction functions.
1053
10541.1 Safebag functions.
1055
1056M_PKCS12_x5092certbag(x509)
1057
1058This macro takes an X509 structure and returns a certificate bag. The
1059X509 structure can be freed up after calling this function.
1060
1061M_PKCS12_x509crl2certbag(crl)
1062
1063As above but for a CRL.
1064
1065PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
1066
1067Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
1068Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
1069structure contains a private key data in plain text form it should be free'd
1070up as soon as it has been encrypted for security reasons (freeing up the
1071structure zeros out the sensitive data). This can be done with
1072PKCS8_PRIV_KEY_INFO_free().
1073
1074PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
1075
1076This sets the key type when a key is imported into MSIE or Outlook 98. Two
1077values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
1078key that can also be used for signing but its size is limited in the export
1079versions of MS software to 512 bits, it is also the default. KEY_SIG is a
1080signing only key but the keysize is unlimited (well 16K is supposed to work).
1081If you are using the domestic version of MSIE then you can ignore this because
1082KEY_EX is not limited and can be used for both.
1083
1084PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
1085
1086Convert a PKCS8 private key structure into a keybag. This routine embeds the
1087p8 structure in the keybag so p8 should not be freed up or used after it is
1088called. The p8 structure will be freed up when the safebag is freed.
1089
1090PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
1091
1092Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
1093embedded and can be freed up after use.
1094
1095int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1096int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1097
1098Add a local key id or a friendlyname to a safebag.
1099
11001.2 Authsafe functions.
1101
1102PKCS7 *PKCS12_pack_p7data(STACK *sk)
1103Take a stack of safebags and convert them into an unencrypted authsafe. The
1104stack of safebags can be freed up after calling this function.
1105
1106PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
1107
1108As above but encrypted.
1109
11101.3 PKCS12 functions.
1111
1112PKCS12 *PKCS12_init(int mode)
1113
1114Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
1115
1116M_PKCS12_pack_authsafes(p12, safes)
1117
1118This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
1119
1120int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
1121
1122Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
1123that SHA-1 should be used.
1124
11252. Extraction Functions.
1126
11272.1 Safebags.
1128
1129M_PKCS12_bag_type(bag)
1130
1131Return the type of "bag". Returns one of the following
1132
1133NID_keyBag
1134NID_pkcs8ShroudedKeyBag 7
1135NID_certBag 8
1136NID_crlBag 9
1137NID_secretBag 10
1138NID_safeContentsBag 11
1139
1140M_PKCS12_cert_bag_type(bag)
1141
1142Returns type of certificate bag, following are understood.
1143
1144NID_x509Certificate 14
1145NID_sdsiCertificate 15
1146
1147M_PKCS12_crl_bag_type(bag)
1148
1149Returns crl bag type, currently only NID_crlBag is recognised.
1150
1151M_PKCS12_certbag2x509(bag)
1152
1153This macro extracts an X509 certificate from a certificate bag.
1154
1155M_PKCS12_certbag2x509crl(bag)
1156
1157As above but for a CRL.
1158
1159EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
1160
1161Extract a private key from a PKCS8 private key info structure.
1162
1163M_PKCS12_decrypt_skey(bag, pass, passlen)
1164
1165Decrypt a shrouded key bag and return a PKCS8 private key info structure.
1166Works with both RSA and DSA keys
1167
1168char *PKCS12_get_friendlyname(bag)
1169
1170Returns the friendlyName of a bag if present or NULL if none. The returned
1171string is a null terminated ASCII string allocated with Malloc(). It should
1172thus be freed up with Free() after use.
1173
11742.2 AuthSafe functions.
1175
1176M_PKCS12_unpack_p7data(p7)
1177
1178Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
1179
1180#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
1181
1182As above but for an encrypted content info.
1183
11842.3 PKCS12 functions.
1185
1186M_PKCS12_unpack_authsafes(p12)
1187
1188Extract a STACK of authsafes from a PKCS12 structure.
1189
1190M_PKCS12_mac_present(p12)
1191
1192Check to see if a MAC is present.
1193
1194int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
1195
1196Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
1197
1198
1199Notes.
1200
12011. All the function return 0 or NULL on error.
12022. Encryption based functions take a common set of parameters. These are
1203described below.
1204
1205pass, passlen
1206ASCII password and length. The password on the MAC is called the "integrity
1207password" the encryption password is called the "privacy password" in the
1208PKCS#12 documentation. The passwords do not have to be the same. If -1 is
1209passed for the length it is worked out by the function itself (currently
1210this is sometimes done whatever is passed as the length but that may change).
1211
1212salt, saltlen
1213A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
1214default length is used.
1215
1216iter
1217Iteration count. This is a measure of how many times an internal function is
1218called to encrypt the data. The larger this value is the longer it takes, it
1219makes dictionary attacks on passwords harder. NOTE: Some implementations do
1220not support an iteration count on the MAC. If the password for the MAC and
1221encryption is the same then there is no point in having a high iteration
1222count for encryption if the MAC has no count. The MAC could be attacked
1223and the password used for the main decryption.
1224
1225pbe_nid
1226This is the NID of the password based encryption method used. The following are
1227supported.
1228NID_pbe_WithSHA1And128BitRC4
1229NID_pbe_WithSHA1And40BitRC4
1230NID_pbe_WithSHA1And3_Key_TripleDES_CBC
1231NID_pbe_WithSHA1And2_Key_TripleDES_CBC
1232NID_pbe_WithSHA1And128BitRC2_CBC
1233NID_pbe_WithSHA1And40BitRC2_CBC
1234
1235Which you use depends on the implementation you are exporting to. "Export
1236grade" (i.e. cryptographically challenged) products cannot support all
1237algorithms. Typically you may be able to use any encryption on shrouded key
1238bags but they must then be placed in an unencrypted authsafe. Other authsafes
1239may only support 40bit encryption. Of course if you are using SSLeay
1240throughout you can strongly encrypt everything and have high iteration counts
1241on everything.
1242
12433. For decryption routines only the password and length are needed.
1244
12454. Unlike the external version the nid's of objects are the values of the
1246constants: that is NID_certBag is the real nid, therefore there is no
1247PKCS12_obj_offset() function. Note the object constants are not the same as
1248those of the external version. If you use these constants then you will need
1249to recompile your code.
1250
12515. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or
1252macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
1253reused or freed up safely.
1254
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index a5ce778f8e..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,281 +0,0 @@
1Standards related to OpenSSL
2============================
3
4[Please, this is currently a draft. I made a first try at finding
5 documents that describe parts of what OpenSSL implements. There are
6 big gaps, and I've most certainly done something wrong. Please
7 correct whatever is... Also, this note should be removed when this
8 file is reaching a somewhat correct state. -- Richard Levitte]
9
10
11All pointers in here will be either URL's or blobs of text borrowed
12from miscellaneous indexes, like rfc-index.txt (index of RFCs),
131id-index.txt (index of Internet drafts) and the like.
14
15To find the latest possible RFCs, it's recommended to either browse
16ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
17use the search mechanism found there.
18To find the latest possible Internet drafts, it's recommended to
19browse ftp://ftp.isi.edu/internet-drafts/.
20To find the latest possible PKCS, it's recommended to browse
21http://www.rsasecurity.com/rsalabs/pkcs/.
22
23
24Implemented:
25------------
26
27These are documents that describe things that are implemented (in
28whole or at least great parts) in OpenSSL.
29
301319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
31 (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
32
331320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
34 TXT=32407 bytes) (Status: INFORMATIONAL)
35
361321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
37 TXT=35222 bytes) (Status: INFORMATIONAL)
38
392246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
40 (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
41
422268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
43 January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
44
452315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
46 March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
47
48PKCS#8: Private-Key Information Syntax Standard
49
50PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
51
522560 X.509 Internet Public Key Infrastructure Online Certificate
53 Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
54 C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
55 STANDARD)
56
572712 Addition of Kerberos Cipher Suites to Transport Layer Security
58 (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
59 (Status: PROPOSED STANDARD)
60
612898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
62 B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
63 INFORMATIONAL)
64
652986 PKCS #10: Certification Request Syntax Specification Version 1.7.
66 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
67 (Obsoletes RFC2314) (Status: INFORMATIONAL)
68
693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
71
723268 Advanced Encryption Standard (AES) Ciphersuites for Transport
73 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
74 (Status: PROPOSED STANDARD)
75
763279 Algorithms and Identifiers for the Internet X.509 Public Key
77 Infrastructure Certificate and Certificate Revocation List (CRL)
78 Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
79 TXT=53833 bytes) (Status: PROPOSED STANDARD)
80
813280 Internet X.509 Public Key Infrastructure Certificate and
82 Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
83 Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
84 RFC2459) (Status: PROPOSED STANDARD)
85
863447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
87 Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
88 (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
89 INFORMATIONAL)
90
913713 A Description of the Camellia Encryption Algorithm. M. Matsui,
92 J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
93 (Status: INFORMATIONAL)
94
953820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
96 Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
97 June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
98
994132 Addition of Camellia Cipher Suites to Transport Layer Security
100 (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
101 bytes) (Status: PROPOSED STANDARD)
102
1034162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
104 H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
105 (Status: PROPOSED STANDARD)
106
1074269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
108 D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
109 (Obsoletes RFC4009) (Status: INFORMATIONAL)
110
111
112Related:
113--------
114
115These are documents that are close to OpenSSL, for example the
116STARTTLS documents.
117
1181421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
119 Encryption and Authentication Procedures. J. Linn. February 1993.
120 (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
121 STANDARD)
122
1231422 Privacy Enhancement for Internet Electronic Mail: Part II:
124 Certificate-Based Key Management. S. Kent. February 1993. (Format:
125 TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
126
1271423 Privacy Enhancement for Internet Electronic Mail: Part III:
128 Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
129 (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
130 STANDARD)
131
1321424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
133 Certification and Related Services. B. Kaliski. February 1993.
134 (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
135
1362025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
137 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
138
1392510 Internet X.509 Public Key Infrastructure Certificate Management
140 Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
141 bytes) (Status: PROPOSED STANDARD)
142
1432511 Internet X.509 Certificate Request Message Format. M. Myers, C.
144 Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
145 (Status: PROPOSED STANDARD)
146
1472527 Internet X.509 Public Key Infrastructure Certificate Policy and
148 Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
149 (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
150
1512538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
152 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
153 PROPOSED STANDARD)
154
1552539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
156 D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
157 PROPOSED STANDARD)
158
1592559 Internet X.509 Public Key Infrastructure Operational Protocols -
160 LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
161 TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
162
1632585 Internet X.509 Public Key Infrastructure Operational Protocols:
164 FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
165 bytes) (Status: PROPOSED STANDARD)
166
1672587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
168 Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
169 (Status: PROPOSED STANDARD)
170
1712595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
172 (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
173
1742631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
175 (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
176
1772632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
178 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
179
1802716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
181 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
182
1832773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
184 February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
185 EXPERIMENTAL)
186
1872797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
188 Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
189 PROPOSED STANDARD)
190
1912817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
192 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
193 STANDARD)
194
1952818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
196 (Status: INFORMATIONAL)
197
1982876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
199 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
200
2012984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
202 October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
203
2042985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
205 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
206 (Status: INFORMATIONAL)
207
2083029 Internet X.509 Public Key Infrastructure Data Validation and
209 Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
210 R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
211 EXPERIMENTAL)
212
2133039 Internet X.509 Public Key Infrastructure Qualified Certificates
214 Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
215 (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
216
2173058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
218 Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
219 (Status: INFORMATIONAL)
220
2213161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
222 (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
223 (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
224
2253185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
226 October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
227
2283207 SMTP Service Extension for Secure SMTP over Transport Layer
229 Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
230 (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
231
2323217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
233 (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
234
2353274 Compressed Data Content Type for Cryptographic Message Syntax
236 (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
237 PROPOSED STANDARD)
238
2393278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
240 Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
241 Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
242 INFORMATIONAL)
243
2443281 An Internet Attribute Certificate Profile for Authorization. S.
245 Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
246 PROPOSED STANDARD)
247
2483369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
249 (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
250 PROPOSED STANDARD)
251
2523370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
253 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
254 PROPOSED STANDARD)
255
2563377 Lightweight Directory Access Protocol (v3): Technical
257 Specification. J. Hodges, R. Morgan. September 2002. (Format:
258 TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
259 RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
260
2613394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
262 R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
263 INFORMATIONAL)
264
2653436 Transport Layer Security over Stream Control Transmission
266 Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
267 (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
268
2693657 Use of the Camellia Encryption Algorithm in Cryptographic
270 Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
271 (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
272
273"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
274
275
276To be implemented:
277------------------
278
279These are documents that describe things that are planed to be
280implemented in the hopefully short future.
281
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
deleted file mode 100644
index f159d37110..0000000000
--- a/src/lib/libssl/dtls1.h
+++ /dev/null
@@ -1,218 +0,0 @@
1/* ssl/dtls1.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifndef HEADER_DTLS1_H
61#define HEADER_DTLS1_H
62
63#include <openssl/buffer.h>
64#include <openssl/pqueue.h>
65
66#ifdef __cplusplus
67extern "C" {
68#endif
69
70#define DTLS1_VERSION 0xFEFF
71#define DTLS1_BAD_VER 0x0100
72
73#if 0
74/* this alert description is not specified anywhere... */
75#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
76#endif
77
78/* lengths of messages */
79#define DTLS1_COOKIE_LENGTH 32
80
81#define DTLS1_RT_HEADER_LENGTH 13
82
83#define DTLS1_HM_HEADER_LENGTH 12
84
85#define DTLS1_HM_BAD_FRAGMENT -2
86#define DTLS1_HM_FRAGMENT_RETRY -3
87
88#define DTLS1_CCS_HEADER_LENGTH 1
89
90#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
91#define DTLS1_AL_HEADER_LENGTH 7
92#else
93#define DTLS1_AL_HEADER_LENGTH 2
94#endif
95
96
97typedef struct dtls1_bitmap_st
98 {
99 PQ_64BIT map;
100 unsigned long length; /* sizeof the bitmap in bits */
101 PQ_64BIT max_seq_num; /* max record number seen so far */
102 } DTLS1_BITMAP;
103
104struct hm_header_st
105 {
106 unsigned char type;
107 unsigned long msg_len;
108 unsigned short seq;
109 unsigned long frag_off;
110 unsigned long frag_len;
111 unsigned int is_ccs;
112 };
113
114struct ccs_header_st
115 {
116 unsigned char type;
117 unsigned short seq;
118 };
119
120struct dtls1_timeout_st
121 {
122 /* Number of read timeouts so far */
123 unsigned int read_timeouts;
124
125 /* Number of write timeouts so far */
126 unsigned int write_timeouts;
127
128 /* Number of alerts received so far */
129 unsigned int num_alerts;
130 };
131
132typedef struct record_pqueue_st
133 {
134 unsigned short epoch;
135 pqueue q;
136 } record_pqueue;
137
138typedef struct hm_fragment_st
139 {
140 struct hm_header_st msg_header;
141 unsigned char *fragment;
142 } hm_fragment;
143
144typedef struct dtls1_state_st
145 {
146 unsigned int send_cookie;
147 unsigned char cookie[DTLS1_COOKIE_LENGTH];
148 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
149 unsigned int cookie_len;
150
151 /*
152 * The current data and handshake epoch. This is initially
153 * undefined, and starts at zero once the initial handshake is
154 * completed
155 */
156 unsigned short r_epoch;
157 unsigned short w_epoch;
158
159 /* records being received in the current epoch */
160 DTLS1_BITMAP bitmap;
161
162 /* renegotiation starts a new set of sequence numbers */
163 DTLS1_BITMAP next_bitmap;
164
165 /* handshake message numbers */
166 unsigned short handshake_write_seq;
167 unsigned short next_handshake_write_seq;
168
169 unsigned short handshake_read_seq;
170
171 /* Received handshake records (processed and unprocessed) */
172 record_pqueue unprocessed_rcds;
173 record_pqueue processed_rcds;
174
175 /* Buffered handshake messages */
176 pqueue buffered_messages;
177
178 /* Buffered (sent) handshake records */
179 pqueue sent_messages;
180
181 unsigned int mtu; /* max wire packet size */
182
183 struct hm_header_st w_msg_hdr;
184 struct hm_header_st r_msg_hdr;
185
186 struct dtls1_timeout_st timeout;
187
188 /* storage for Alert/Handshake protocol data received but not
189 * yet processed by ssl3_read_bytes: */
190 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
191 unsigned int alert_fragment_len;
192 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
193 unsigned int handshake_fragment_len;
194
195 unsigned int retransmitting;
196
197 } DTLS1_STATE;
198
199typedef struct dtls1_record_data_st
200 {
201 unsigned char *packet;
202 unsigned int packet_length;
203 SSL3_BUFFER rbuf;
204 SSL3_RECORD rrec;
205 } DTLS1_RECORD_DATA;
206
207
208/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
209#define DTLS1_TMO_READ_COUNT 2
210#define DTLS1_TMO_WRITE_COUNT 2
211
212#define DTLS1_TMO_ALERT_COUNT 12
213
214#ifdef __cplusplus
215}
216#endif
217#endif
218
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
deleted file mode 100644
index bc918170e1..0000000000
--- a/src/lib/libssl/s23_clnt.c
+++ /dev/null
@@ -1,615 +0,0 @@
1/* ssl/s23_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65
66static SSL_METHOD *ssl23_get_client_method(int ver);
67static int ssl23_client_hello(SSL *s);
68static int ssl23_get_server_hello(SSL *s);
69static SSL_METHOD *ssl23_get_client_method(int ver)
70 {
71#ifndef OPENSSL_NO_SSL2
72 if (ver == SSL2_VERSION)
73 return(SSLv2_client_method());
74#endif
75 if (ver == SSL3_VERSION)
76 return(SSLv3_client_method());
77 else if (ver == TLS1_VERSION)
78 return(TLSv1_client_method());
79 else
80 return(NULL);
81 }
82
83IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
84 ssl_undefined_function,
85 ssl23_connect,
86 ssl23_get_client_method)
87
88int ssl23_connect(SSL *s)
89 {
90 BUF_MEM *buf=NULL;
91 unsigned long Time=(unsigned long)time(NULL);
92 void (*cb)(const SSL *ssl,int type,int val)=NULL;
93 int ret= -1;
94 int new_state,state;
95
96 RAND_add(&Time,sizeof(Time),0);
97 ERR_clear_error();
98 clear_sys_error();
99
100 if (s->info_callback != NULL)
101 cb=s->info_callback;
102 else if (s->ctx->info_callback != NULL)
103 cb=s->ctx->info_callback;
104
105 s->in_handshake++;
106 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
107
108 for (;;)
109 {
110 state=s->state;
111
112 switch(s->state)
113 {
114 case SSL_ST_BEFORE:
115 case SSL_ST_CONNECT:
116 case SSL_ST_BEFORE|SSL_ST_CONNECT:
117 case SSL_ST_OK|SSL_ST_CONNECT:
118
119 if (s->session != NULL)
120 {
121 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
122 ret= -1;
123 goto end;
124 }
125 s->server=0;
126 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
127
128 /* s->version=TLS1_VERSION; */
129 s->type=SSL_ST_CONNECT;
130
131 if (s->init_buf == NULL)
132 {
133 if ((buf=BUF_MEM_new()) == NULL)
134 {
135 ret= -1;
136 goto end;
137 }
138 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
139 {
140 ret= -1;
141 goto end;
142 }
143 s->init_buf=buf;
144 buf=NULL;
145 }
146
147 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
148
149 ssl3_init_finished_mac(s);
150
151 s->state=SSL23_ST_CW_CLNT_HELLO_A;
152 s->ctx->stats.sess_connect++;
153 s->init_num=0;
154 break;
155
156 case SSL23_ST_CW_CLNT_HELLO_A:
157 case SSL23_ST_CW_CLNT_HELLO_B:
158
159 s->shutdown=0;
160 ret=ssl23_client_hello(s);
161 if (ret <= 0) goto end;
162 s->state=SSL23_ST_CR_SRVR_HELLO_A;
163 s->init_num=0;
164
165 break;
166
167 case SSL23_ST_CR_SRVR_HELLO_A:
168 case SSL23_ST_CR_SRVR_HELLO_B:
169 ret=ssl23_get_server_hello(s);
170 if (ret >= 0) cb=NULL;
171 goto end;
172 /* break; */
173
174 default:
175 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
176 ret= -1;
177 goto end;
178 /* break; */
179 }
180
181 if (s->debug) { (void)BIO_flush(s->wbio); }
182
183 if ((cb != NULL) && (s->state != state))
184 {
185 new_state=s->state;
186 s->state=state;
187 cb(s,SSL_CB_CONNECT_LOOP,1);
188 s->state=new_state;
189 }
190 }
191end:
192 s->in_handshake--;
193 if (buf != NULL)
194 BUF_MEM_free(buf);
195 if (cb != NULL)
196 cb(s,SSL_CB_CONNECT_EXIT,ret);
197 return(ret);
198 }
199
200
201static int ssl23_client_hello(SSL *s)
202 {
203 unsigned char *buf;
204 unsigned char *p,*d;
205 int i,j,ch_len;
206 unsigned long Time,l;
207 int ssl2_compat;
208 int version = 0, version_major, version_minor;
209 SSL_COMP *comp;
210 int ret;
211
212 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
213
214 if (!(s->options & SSL_OP_NO_TLSv1))
215 {
216 version = TLS1_VERSION;
217 }
218 else if (!(s->options & SSL_OP_NO_SSLv3))
219 {
220 version = SSL3_VERSION;
221 }
222 else if (!(s->options & SSL_OP_NO_SSLv2))
223 {
224 version = SSL2_VERSION;
225 }
226#ifndef OPENSSL_NO_TLSEXT
227 if (version != SSL2_VERSION)
228 {
229 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
230
231 if (s->tlsext_hostname != NULL)
232 ssl2_compat = 0;
233 if (s->tlsext_status_type != -1)
234 ssl2_compat = 0;
235 }
236#endif
237
238 buf=(unsigned char *)s->init_buf->data;
239 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
240 {
241#if 0
242 /* don't reuse session-id's */
243 if (!ssl_get_new_session(s,0))
244 {
245 return(-1);
246 }
247#endif
248
249 p=s->s3->client_random;
250 Time=(unsigned long)time(NULL); /* Time */
251 l2n(Time,p);
252 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
253 return -1;
254
255 if (version == TLS1_VERSION)
256 {
257 version_major = TLS1_VERSION_MAJOR;
258 version_minor = TLS1_VERSION_MINOR;
259 }
260#ifdef OPENSSL_FIPS
261 else if(FIPS_mode())
262 {
263 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
264 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
265 return -1;
266 }
267#endif
268 else if (version == SSL3_VERSION)
269 {
270 version_major = SSL3_VERSION_MAJOR;
271 version_minor = SSL3_VERSION_MINOR;
272 }
273 else if (version == SSL2_VERSION)
274 {
275 version_major = SSL2_VERSION_MAJOR;
276 version_minor = SSL2_VERSION_MINOR;
277 }
278 else
279 {
280 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
281 return(-1);
282 }
283
284 s->client_version = version;
285
286 if (ssl2_compat)
287 {
288 /* create SSL 2.0 compatible Client Hello */
289
290 /* two byte record header will be written last */
291 d = &(buf[2]);
292 p = d + 9; /* leave space for message type, version, individual length fields */
293
294 *(d++) = SSL2_MT_CLIENT_HELLO;
295 *(d++) = version_major;
296 *(d++) = version_minor;
297
298 /* Ciphers supported */
299 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
300 if (i == 0)
301 {
302 /* no ciphers */
303 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
304 return -1;
305 }
306 s2n(i,d);
307 p+=i;
308
309 /* put in the session-id length (zero since there is no reuse) */
310#if 0
311 s->session->session_id_length=0;
312#endif
313 s2n(0,d);
314
315 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
316 ch_len=SSL2_CHALLENGE_LENGTH;
317 else
318 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
319
320 /* write out sslv2 challenge */
321 if (SSL3_RANDOM_SIZE < ch_len)
322 i=SSL3_RANDOM_SIZE;
323 else
324 i=ch_len;
325 s2n(i,d);
326 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
327 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
328 return -1;
329
330 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
331 p+=i;
332
333 i= p- &(buf[2]);
334 buf[0]=((i>>8)&0xff)|0x80;
335 buf[1]=(i&0xff);
336
337 /* number of bytes to write */
338 s->init_num=i+2;
339 s->init_off=0;
340
341 ssl3_finish_mac(s,&(buf[2]),i);
342 }
343 else
344 {
345 /* create Client Hello in SSL 3.0/TLS 1.0 format */
346
347 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
348 d = p = &(buf[9]);
349
350 *(p++) = version_major;
351 *(p++) = version_minor;
352
353 /* Random stuff */
354 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
355 p += SSL3_RANDOM_SIZE;
356
357 /* Session ID (zero since there is no reuse) */
358 *(p++) = 0;
359
360 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
361 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
362 if (i == 0)
363 {
364 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
365 return -1;
366 }
367 s2n(i,p);
368 p+=i;
369
370 /* COMPRESSION */
371 if (s->ctx->comp_methods == NULL)
372 j=0;
373 else
374 j=sk_SSL_COMP_num(s->ctx->comp_methods);
375 *(p++)=1+j;
376 for (i=0; i<j; i++)
377 {
378 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
379 *(p++)=comp->id;
380 }
381 *(p++)=0; /* Add the NULL method */
382#ifndef OPENSSL_NO_TLSEXT
383 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
384 {
385 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
386 return -1;
387 }
388#endif
389
390 l = p-d;
391 *p = 42;
392
393 /* fill in 4-byte handshake header */
394 d=&(buf[5]);
395 *(d++)=SSL3_MT_CLIENT_HELLO;
396 l2n3(l,d);
397
398 l += 4;
399
400 if (l > SSL3_RT_MAX_PLAIN_LENGTH)
401 {
402 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
403 return -1;
404 }
405
406 /* fill in 5-byte record header */
407 d=buf;
408 *(d++) = SSL3_RT_HANDSHAKE;
409 *(d++) = version_major;
410 *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
411 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
412 s2n((int)l,d);
413
414 /* number of bytes to write */
415 s->init_num=p-buf;
416 s->init_off=0;
417
418 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
419 }
420
421 s->state=SSL23_ST_CW_CLNT_HELLO_B;
422 s->init_off=0;
423 }
424
425 /* SSL3_ST_CW_CLNT_HELLO_B */
426 ret = ssl23_write_bytes(s);
427
428 if ((ret >= 2) && s->msg_callback)
429 {
430 /* Client Hello has been sent; tell msg_callback */
431
432 if (ssl2_compat)
433 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
434 else
435 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
436 }
437
438 return ret;
439 }
440
441static int ssl23_get_server_hello(SSL *s)
442 {
443 char buf[8];
444 unsigned char *p;
445 int i;
446 int n;
447
448 n=ssl23_read_bytes(s,7);
449
450 if (n != 7) return(n);
451 p=s->packet;
452
453 memcpy(buf,p,n);
454
455 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
456 (p[5] == 0x00) && (p[6] == 0x02))
457 {
458#ifdef OPENSSL_NO_SSL2
459 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
460 goto err;
461#else
462 /* we are talking sslv2 */
463 /* we need to clean up the SSLv3 setup and put in the
464 * sslv2 stuff. */
465 int ch_len;
466
467 if (s->options & SSL_OP_NO_SSLv2)
468 {
469 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
470 goto err;
471 }
472 if (s->s2 == NULL)
473 {
474 if (!ssl2_new(s))
475 goto err;
476 }
477 else
478 ssl2_clear(s);
479
480 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
481 ch_len=SSL2_CHALLENGE_LENGTH;
482 else
483 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
484
485 /* write out sslv2 challenge */
486 i=(SSL3_RANDOM_SIZE < ch_len)
487 ?SSL3_RANDOM_SIZE:ch_len;
488 s->s2->challenge_length=i;
489 memcpy(s->s2->challenge,
490 &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
491
492 if (s->s3 != NULL) ssl3_free(s);
493
494 if (!BUF_MEM_grow_clean(s->init_buf,
495 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
496 {
497 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
498 goto err;
499 }
500
501 s->state=SSL2_ST_GET_SERVER_HELLO_A;
502 if (!(s->client_version == SSL2_VERSION))
503 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
504 s->s2->ssl2_rollback=1;
505
506 /* setup the 5 bytes we have read so we get them from
507 * the sslv2 buffer */
508 s->rstate=SSL_ST_READ_HEADER;
509 s->packet_length=n;
510 s->packet= &(s->s2->rbuf[0]);
511 memcpy(s->packet,buf,n);
512 s->s2->rbuf_left=n;
513 s->s2->rbuf_offs=0;
514
515 /* we have already written one */
516 s->s2->write_sequence=1;
517
518 s->method=SSLv2_client_method();
519 s->handshake_func=s->method->ssl_connect;
520#endif
521 }
522 else if ((p[0] == SSL3_RT_HANDSHAKE) &&
523 (p[1] == SSL3_VERSION_MAJOR) &&
524 ((p[2] == SSL3_VERSION_MINOR) ||
525 (p[2] == TLS1_VERSION_MINOR)) &&
526 (p[5] == SSL3_MT_SERVER_HELLO))
527 {
528 /* we have sslv3 or tls1 */
529
530 if (!ssl_init_wbio_buffer(s,1)) goto err;
531
532 /* we are in this state */
533 s->state=SSL3_ST_CR_SRVR_HELLO_A;
534
535 /* put the 5 bytes we have read into the input buffer
536 * for SSLv3 */
537 s->rstate=SSL_ST_READ_HEADER;
538 s->packet_length=n;
539 s->packet= &(s->s3->rbuf.buf[0]);
540 memcpy(s->packet,buf,n);
541 s->s3->rbuf.left=n;
542 s->s3->rbuf.offset=0;
543
544 if ((p[2] == SSL3_VERSION_MINOR) &&
545 !(s->options & SSL_OP_NO_SSLv3))
546 {
547#ifdef OPENSSL_FIPS
548 if(FIPS_mode())
549 {
550 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
551 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
552 goto err;
553 }
554#endif
555 s->version=SSL3_VERSION;
556 s->method=SSLv3_client_method();
557 }
558 else if ((p[2] == TLS1_VERSION_MINOR) &&
559 !(s->options & SSL_OP_NO_TLSv1))
560 {
561 s->version=TLS1_VERSION;
562 s->method=TLSv1_client_method();
563 }
564 else
565 {
566 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
567 goto err;
568 }
569
570 s->handshake_func=s->method->ssl_connect;
571 }
572 else if ((p[0] == SSL3_RT_ALERT) &&
573 (p[1] == SSL3_VERSION_MAJOR) &&
574 ((p[2] == SSL3_VERSION_MINOR) ||
575 (p[2] == TLS1_VERSION_MINOR)) &&
576 (p[3] == 0) &&
577 (p[4] == 2))
578 {
579 void (*cb)(const SSL *ssl,int type,int val)=NULL;
580 int j;
581
582 /* An alert */
583 if (s->info_callback != NULL)
584 cb=s->info_callback;
585 else if (s->ctx->info_callback != NULL)
586 cb=s->ctx->info_callback;
587
588 i=p[5];
589 if (cb != NULL)
590 {
591 j=(i<<8)|p[6];
592 cb(s,SSL_CB_READ_ALERT,j);
593 }
594
595 s->rwstate=SSL_NOTHING;
596 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
597 goto err;
598 }
599 else
600 {
601 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
602 goto err;
603 }
604 s->init_num=0;
605
606 /* Since, if we are sending a ssl23 client hello, we are not
607 * reusing a session-id */
608 if (!ssl_get_new_session(s,0))
609 goto err;
610
611 return(SSL_connect(s));
612err:
613 return(-1);
614 }
615
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
deleted file mode 100644
index fc2981308d..0000000000
--- a/src/lib/libssl/s23_lib.c
+++ /dev/null
@@ -1,198 +0,0 @@
1/* ssl/s23_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63long ssl23_default_timeout(void)
64 {
65 return(300);
66 }
67
68IMPLEMENT_ssl23_meth_func(sslv23_base_method,
69 ssl_undefined_function,
70 ssl_undefined_function,
71 ssl_bad_method)
72
73int ssl23_num_ciphers(void)
74 {
75 return(ssl3_num_ciphers()
76#ifndef OPENSSL_NO_SSL2
77 + ssl2_num_ciphers()
78#endif
79 );
80 }
81
82SSL_CIPHER *ssl23_get_cipher(unsigned int u)
83 {
84 unsigned int uu=ssl3_num_ciphers();
85
86 if (u < uu)
87 return(ssl3_get_cipher(u));
88 else
89#ifndef OPENSSL_NO_SSL2
90 return(ssl2_get_cipher(u-uu));
91#else
92 return(NULL);
93#endif
94 }
95
96/* This function needs to check if the ciphers required are actually
97 * available */
98SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
99 {
100 SSL_CIPHER c,*cp;
101 unsigned long id;
102 int n;
103
104 n=ssl3_num_ciphers();
105 id=0x03000000|((unsigned long)p[0]<<16L)|
106 ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
107 c.id=id;
108 cp=ssl3_get_cipher_by_char(p);
109#ifndef OPENSSL_NO_SSL2
110 if (cp == NULL)
111 cp=ssl2_get_cipher_by_char(p);
112#endif
113 return(cp);
114 }
115
116int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
117 {
118 long l;
119
120 /* We can write SSLv2 and SSLv3 ciphers */
121 if (p != NULL)
122 {
123 l=c->id;
124 p[0]=((unsigned char)(l>>16L))&0xFF;
125 p[1]=((unsigned char)(l>> 8L))&0xFF;
126 p[2]=((unsigned char)(l ))&0xFF;
127 }
128 return(3);
129 }
130
131int ssl23_read(SSL *s, void *buf, int len)
132 {
133 int n;
134
135 clear_sys_error();
136 if (SSL_in_init(s) && (!s->in_handshake))
137 {
138 n=s->handshake_func(s);
139 if (n < 0) return(n);
140 if (n == 0)
141 {
142 SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
143 return(-1);
144 }
145 return(SSL_read(s,buf,len));
146 }
147 else
148 {
149 ssl_undefined_function(s);
150 return(-1);
151 }
152 }
153
154int ssl23_peek(SSL *s, void *buf, int len)
155 {
156 int n;
157
158 clear_sys_error();
159 if (SSL_in_init(s) && (!s->in_handshake))
160 {
161 n=s->handshake_func(s);
162 if (n < 0) return(n);
163 if (n == 0)
164 {
165 SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
166 return(-1);
167 }
168 return(SSL_peek(s,buf,len));
169 }
170 else
171 {
172 ssl_undefined_function(s);
173 return(-1);
174 }
175 }
176
177int ssl23_write(SSL *s, const void *buf, int len)
178 {
179 int n;
180
181 clear_sys_error();
182 if (SSL_in_init(s) && (!s->in_handshake))
183 {
184 n=s->handshake_func(s);
185 if (n < 0) return(n);
186 if (n == 0)
187 {
188 SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
189 return(-1);
190 }
191 return(SSL_write(s,buf,len));
192 }
193 else
194 {
195 ssl_undefined_function(s);
196 return(-1);
197 }
198 }
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
deleted file mode 100644
index 4ca6a1b258..0000000000
--- a/src/lib/libssl/s23_pkt.c
+++ /dev/null
@@ -1,117 +0,0 @@
1/* ssl/s23_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <errno.h>
61#define USE_SOCKETS
62#include "ssl_locl.h"
63#include <openssl/evp.h>
64#include <openssl/buffer.h>
65
66int ssl23_write_bytes(SSL *s)
67 {
68 int i,num,tot;
69 char *buf;
70
71 buf=s->init_buf->data;
72 tot=s->init_off;
73 num=s->init_num;
74 for (;;)
75 {
76 s->rwstate=SSL_WRITING;
77 i=BIO_write(s->wbio,&(buf[tot]),num);
78 if (i <= 0)
79 {
80 s->init_off=tot;
81 s->init_num=num;
82 return(i);
83 }
84 s->rwstate=SSL_NOTHING;
85 if (i == num) return(tot+i);
86
87 num-=i;
88 tot+=i;
89 }
90 }
91
92/* return regularly only when we have read (at least) 'n' bytes */
93int ssl23_read_bytes(SSL *s, int n)
94 {
95 unsigned char *p;
96 int j;
97
98 if (s->packet_length < (unsigned int)n)
99 {
100 p=s->packet;
101
102 for (;;)
103 {
104 s->rwstate=SSL_READING;
105 j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
106 n-s->packet_length);
107 if (j <= 0)
108 return(j);
109 s->rwstate=SSL_NOTHING;
110 s->packet_length+=j;
111 if (s->packet_length >= (unsigned int)n)
112 return(s->packet_length);
113 }
114 }
115 return(n);
116 }
117
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
deleted file mode 100644
index ba06e7ae2e..0000000000
--- a/src/lib/libssl/s23_srvr.c
+++ /dev/null
@@ -1,581 +0,0 @@
1/* ssl/s23_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#include <openssl/buffer.h>
115#include <openssl/rand.h>
116#include <openssl/objects.h>
117#include <openssl/evp.h>
118
119static SSL_METHOD *ssl23_get_server_method(int ver);
120int ssl23_get_client_hello(SSL *s);
121static SSL_METHOD *ssl23_get_server_method(int ver)
122 {
123#ifndef OPENSSL_NO_SSL2
124 if (ver == SSL2_VERSION)
125 return(SSLv2_server_method());
126#endif
127 if (ver == SSL3_VERSION)
128 return(SSLv3_server_method());
129 else if (ver == TLS1_VERSION)
130 return(TLSv1_server_method());
131 else
132 return(NULL);
133 }
134
135IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
136 ssl23_accept,
137 ssl_undefined_function,
138 ssl23_get_server_method)
139
140int ssl23_accept(SSL *s)
141 {
142 BUF_MEM *buf;
143 unsigned long Time=(unsigned long)time(NULL);
144 void (*cb)(const SSL *ssl,int type,int val)=NULL;
145 int ret= -1;
146 int new_state,state;
147
148 RAND_add(&Time,sizeof(Time),0);
149 ERR_clear_error();
150 clear_sys_error();
151
152 if (s->info_callback != NULL)
153 cb=s->info_callback;
154 else if (s->ctx->info_callback != NULL)
155 cb=s->ctx->info_callback;
156
157 s->in_handshake++;
158 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
159
160 for (;;)
161 {
162 state=s->state;
163
164 switch(s->state)
165 {
166 case SSL_ST_BEFORE:
167 case SSL_ST_ACCEPT:
168 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
169 case SSL_ST_OK|SSL_ST_ACCEPT:
170
171 s->server=1;
172 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
173
174 /* s->version=SSL3_VERSION; */
175 s->type=SSL_ST_ACCEPT;
176
177 if (s->init_buf == NULL)
178 {
179 if ((buf=BUF_MEM_new()) == NULL)
180 {
181 ret= -1;
182 goto end;
183 }
184 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
185 {
186 ret= -1;
187 goto end;
188 }
189 s->init_buf=buf;
190 }
191
192 ssl3_init_finished_mac(s);
193
194 s->state=SSL23_ST_SR_CLNT_HELLO_A;
195 s->ctx->stats.sess_accept++;
196 s->init_num=0;
197 break;
198
199 case SSL23_ST_SR_CLNT_HELLO_A:
200 case SSL23_ST_SR_CLNT_HELLO_B:
201
202 s->shutdown=0;
203 ret=ssl23_get_client_hello(s);
204 if (ret >= 0) cb=NULL;
205 goto end;
206 /* break; */
207
208 default:
209 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
210 ret= -1;
211 goto end;
212 /* break; */
213 }
214
215 if ((cb != NULL) && (s->state != state))
216 {
217 new_state=s->state;
218 s->state=state;
219 cb(s,SSL_CB_ACCEPT_LOOP,1);
220 s->state=new_state;
221 }
222 }
223end:
224 s->in_handshake--;
225 if (cb != NULL)
226 cb(s,SSL_CB_ACCEPT_EXIT,ret);
227 return(ret);
228 }
229
230
231int ssl23_get_client_hello(SSL *s)
232 {
233 char buf_space[11]; /* Request this many bytes in initial read.
234 * We can detect SSL 3.0/TLS 1.0 Client Hellos
235 * ('type == 3') correctly only when the following
236 * is in a single record, which is not guaranteed by
237 * the protocol specification:
238 * Byte Content
239 * 0 type \
240 * 1/2 version > record header
241 * 3/4 length /
242 * 5 msg_type \
243 * 6-8 length > Client Hello message
244 * 9/10 client_version /
245 */
246 char *buf= &(buf_space[0]);
247 unsigned char *p,*d,*d_len,*dd;
248 unsigned int i;
249 unsigned int csl,sil,cl;
250 int n=0,j;
251 int type=0;
252 int v[2];
253
254 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
255 {
256 /* read the initial header */
257 v[0]=v[1]=0;
258
259 if (!ssl3_setup_buffers(s)) goto err;
260
261 n=ssl23_read_bytes(s, sizeof buf_space);
262 if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
263
264 p=s->packet;
265
266 memcpy(buf,p,n);
267
268 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
269 {
270 /*
271 * SSLv2 header
272 */
273 if ((p[3] == 0x00) && (p[4] == 0x02))
274 {
275 v[0]=p[3]; v[1]=p[4];
276 /* SSLv2 */
277 if (!(s->options & SSL_OP_NO_SSLv2))
278 type=1;
279 }
280 else if (p[3] == SSL3_VERSION_MAJOR)
281 {
282 v[0]=p[3]; v[1]=p[4];
283 /* SSLv3/TLSv1 */
284 if (p[4] >= TLS1_VERSION_MINOR)
285 {
286 if (!(s->options & SSL_OP_NO_TLSv1))
287 {
288 s->version=TLS1_VERSION;
289 /* type=2; */ /* done later to survive restarts */
290 s->state=SSL23_ST_SR_CLNT_HELLO_B;
291 }
292 else if (!(s->options & SSL_OP_NO_SSLv3))
293 {
294 s->version=SSL3_VERSION;
295 /* type=2; */
296 s->state=SSL23_ST_SR_CLNT_HELLO_B;
297 }
298 else if (!(s->options & SSL_OP_NO_SSLv2))
299 {
300 type=1;
301 }
302 }
303 else if (!(s->options & SSL_OP_NO_SSLv3))
304 {
305 s->version=SSL3_VERSION;
306 /* type=2; */
307 s->state=SSL23_ST_SR_CLNT_HELLO_B;
308 }
309 else if (!(s->options & SSL_OP_NO_SSLv2))
310 type=1;
311
312 }
313 }
314 else if ((p[0] == SSL3_RT_HANDSHAKE) &&
315 (p[1] == SSL3_VERSION_MAJOR) &&
316 (p[5] == SSL3_MT_CLIENT_HELLO) &&
317 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
318 || (p[9] == p[1])))
319 {
320 /*
321 * SSLv3 or tls1 header
322 */
323
324 v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
325 /* We must look at client_version inside the Client Hello message
326 * to get the correct minor version.
327 * However if we have only a pathologically small fragment of the
328 * Client Hello message, this would be difficult, and we'd have
329 * to read more records to find out.
330 * No known SSL 3.0 client fragments ClientHello like this,
331 * so we simply assume TLS 1.0 to avoid protocol version downgrade
332 * attacks. */
333 if (p[3] == 0 && p[4] < 6)
334 {
335#if 0
336 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
337 goto err;
338#else
339 v[1] = TLS1_VERSION_MINOR;
340#endif
341 }
342 else
343 v[1]=p[10]; /* minor version according to client_version */
344 if (v[1] >= TLS1_VERSION_MINOR)
345 {
346 if (!(s->options & SSL_OP_NO_TLSv1))
347 {
348 s->version=TLS1_VERSION;
349 type=3;
350 }
351 else if (!(s->options & SSL_OP_NO_SSLv3))
352 {
353 s->version=SSL3_VERSION;
354 type=3;
355 }
356 }
357 else
358 {
359 /* client requests SSL 3.0 */
360 if (!(s->options & SSL_OP_NO_SSLv3))
361 {
362 s->version=SSL3_VERSION;
363 type=3;
364 }
365 else if (!(s->options & SSL_OP_NO_TLSv1))
366 {
367 /* we won't be able to use TLS of course,
368 * but this will send an appropriate alert */
369 s->version=TLS1_VERSION;
370 type=3;
371 }
372 }
373 }
374 else if ((strncmp("GET ", (char *)p,4) == 0) ||
375 (strncmp("POST ",(char *)p,5) == 0) ||
376 (strncmp("HEAD ",(char *)p,5) == 0) ||
377 (strncmp("PUT ", (char *)p,4) == 0))
378 {
379 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
380 goto err;
381 }
382 else if (strncmp("CONNECT",(char *)p,7) == 0)
383 {
384 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
385 goto err;
386 }
387 }
388
389#ifdef OPENSSL_FIPS
390 if (FIPS_mode() && (s->version < TLS1_VERSION))
391 {
392 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
393 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
394 goto err;
395 }
396#endif
397
398 if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
399 {
400 /* we have SSLv3/TLSv1 in an SSLv2 header
401 * (other cases skip this state) */
402
403 type=2;
404 p=s->packet;
405 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
406 v[1] = p[4];
407
408 n=((p[0]&0x7f)<<8)|p[1];
409 if (n > (1024*4))
410 {
411 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
412 goto err;
413 }
414
415 j=ssl23_read_bytes(s,n+2);
416 if (j <= 0) return(j);
417
418 ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
419 if (s->msg_callback)
420 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
421
422 p=s->packet;
423 p+=5;
424 n2s(p,csl);
425 n2s(p,sil);
426 n2s(p,cl);
427 d=(unsigned char *)s->init_buf->data;
428 if ((csl+sil+cl+11) != s->packet_length)
429 {
430 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
431 goto err;
432 }
433
434 /* record header: msg_type ... */
435 *(d++) = SSL3_MT_CLIENT_HELLO;
436 /* ... and length (actual value will be written later) */
437 d_len = d;
438 d += 3;
439
440 /* client_version */
441 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
442 *(d++) = v[1];
443
444 /* lets populate the random area */
445 /* get the challenge_length */
446 i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
447 memset(d,0,SSL3_RANDOM_SIZE);
448 memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
449 d+=SSL3_RANDOM_SIZE;
450
451 /* no session-id reuse */
452 *(d++)=0;
453
454 /* ciphers */
455 j=0;
456 dd=d;
457 d+=2;
458 for (i=0; i<csl; i+=3)
459 {
460 if (p[i] != 0) continue;
461 *(d++)=p[i+1];
462 *(d++)=p[i+2];
463 j+=2;
464 }
465 s2n(j,dd);
466
467 /* COMPRESSION */
468 *(d++)=1;
469 *(d++)=0;
470
471 i = (d-(unsigned char *)s->init_buf->data) - 4;
472 l2n3((long)i, d_len);
473
474 /* get the data reused from the init_buf */
475 s->s3->tmp.reuse_message=1;
476 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
477 s->s3->tmp.message_size=i;
478 }
479
480 /* imaginary new state (for program structure): */
481 /* s->state = SSL23_SR_CLNT_HELLO_C */
482
483 if (type == 1)
484 {
485#ifdef OPENSSL_NO_SSL2
486 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
487 goto err;
488#else
489 /* we are talking sslv2 */
490 /* we need to clean up the SSLv3/TLSv1 setup and put in the
491 * sslv2 stuff. */
492
493 if (s->s2 == NULL)
494 {
495 if (!ssl2_new(s))
496 goto err;
497 }
498 else
499 ssl2_clear(s);
500
501 if (s->s3 != NULL) ssl3_free(s);
502
503 if (!BUF_MEM_grow_clean(s->init_buf,
504 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
505 {
506 goto err;
507 }
508
509 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
510 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
511 s->s2->ssl2_rollback=0;
512 else
513 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
514 * (SSL 3.0 draft/RFC 2246, App. E.2) */
515 s->s2->ssl2_rollback=1;
516
517 /* setup the n bytes we have read so we get them from
518 * the sslv2 buffer */
519 s->rstate=SSL_ST_READ_HEADER;
520 s->packet_length=n;
521 s->packet= &(s->s2->rbuf[0]);
522 memcpy(s->packet,buf,n);
523 s->s2->rbuf_left=n;
524 s->s2->rbuf_offs=0;
525
526 s->method=SSLv2_server_method();
527 s->handshake_func=s->method->ssl_accept;
528#endif
529 }
530
531 if ((type == 2) || (type == 3))
532 {
533 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
534
535 if (!ssl_init_wbio_buffer(s,1)) goto err;
536
537 /* we are in this state */
538 s->state=SSL3_ST_SR_CLNT_HELLO_A;
539
540 if (type == 3)
541 {
542 /* put the 'n' bytes we have read into the input buffer
543 * for SSLv3 */
544 s->rstate=SSL_ST_READ_HEADER;
545 s->packet_length=n;
546 s->packet= &(s->s3->rbuf.buf[0]);
547 memcpy(s->packet,buf,n);
548 s->s3->rbuf.left=n;
549 s->s3->rbuf.offset=0;
550 }
551 else
552 {
553 s->packet_length=0;
554 s->s3->rbuf.left=0;
555 s->s3->rbuf.offset=0;
556 }
557
558 if (s->version == TLS1_VERSION)
559 s->method = TLSv1_server_method();
560 else
561 s->method = SSLv3_server_method();
562#if 0 /* ssl3_get_client_hello does this */
563 s->client_version=(v[0]<<8)|v[1];
564#endif
565 s->handshake_func=s->method->ssl_accept;
566 }
567
568 if ((type < 1) || (type > 3))
569 {
570 /* bad, very bad */
571 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
572 goto err;
573 }
574 s->init_num=0;
575
576 if (buf != buf_space) OPENSSL_free(buf);
577 return(SSL_accept(s));
578err:
579 if (buf != buf_space) OPENSSL_free(buf);
580 return(-1);
581 }
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
deleted file mode 100644
index 2ecfbb77cb..0000000000
--- a/src/lib/libssl/s3_both.c
+++ /dev/null
@@ -1,622 +0,0 @@
1/* ssl/s3_both.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <limits.h>
118#include <string.h>
119#include <stdio.h>
120#include "ssl_locl.h"
121#include <openssl/buffer.h>
122#include <openssl/rand.h>
123#include <openssl/objects.h>
124#include <openssl/evp.h>
125#include <openssl/x509.h>
126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type)
129 {
130 int ret;
131
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
133 s->init_num);
134 if (ret < 0) return(-1);
135 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
139
140 if (ret == s->init_num)
141 {
142 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 }
150
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
152 {
153 unsigned char *p,*d;
154 int i;
155 unsigned long l;
156
157 if (s->state == a)
158 {
159 d=(unsigned char *)s->init_buf->data;
160 p= &(d[4]);
161
162 i=s->method->ssl3_enc->final_finish_mac(s,
163 &(s->s3->finish_dgst1),
164 &(s->s3->finish_dgst2),
165 sender,slen,s->s3->tmp.finish_md);
166 s->s3->tmp.finish_md_len = i;
167 memcpy(p, s->s3->tmp.finish_md, i);
168 p+=i;
169 l=i;
170
171#ifdef OPENSSL_SYS_WIN16
172 /* MSVC 1.5 does not clear the top bytes of the word unless
173 * I do this.
174 */
175 l&=0xffff;
176#endif
177
178 *(d++)=SSL3_MT_FINISHED;
179 l2n3(l,d);
180 s->init_num=(int)l+4;
181 s->init_off=0;
182
183 s->state=b;
184 }
185
186 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
187 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
188 }
189
190int ssl3_get_finished(SSL *s, int a, int b)
191 {
192 int al,i,ok;
193 long n;
194 unsigned char *p;
195
196 /* the mac has already been generated when we received the
197 * change cipher spec message and is in s->s3->tmp.peer_finish_md
198 */
199
200 n=s->method->ssl_get_message(s,
201 a,
202 b,
203 SSL3_MT_FINISHED,
204 64, /* should actually be 36+4 :-) */
205 &ok);
206
207 if (!ok) return((int)n);
208
209 /* If this occurs, we have missed a message */
210 if (!s->s3->change_cipher_spec)
211 {
212 al=SSL_AD_UNEXPECTED_MESSAGE;
213 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
214 goto f_err;
215 }
216 s->s3->change_cipher_spec=0;
217
218 p = (unsigned char *)s->init_msg;
219 i = s->s3->tmp.peer_finish_md_len;
220
221 if (i != n)
222 {
223 al=SSL_AD_DECODE_ERROR;
224 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
225 goto f_err;
226 }
227
228 if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
229 {
230 al=SSL_AD_DECRYPT_ERROR;
231 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
232 goto f_err;
233 }
234
235 return(1);
236f_err:
237 ssl3_send_alert(s,SSL3_AL_FATAL,al);
238 return(0);
239 }
240
241/* for these 2 messages, we need to
242 * ssl->enc_read_ctx re-init
243 * ssl->s3->read_sequence zero
244 * ssl->s3->read_mac_secret re-init
245 * ssl->session->read_sym_enc assign
246 * ssl->session->read_compression assign
247 * ssl->session->read_hash assign
248 */
249int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
250 {
251 unsigned char *p;
252
253 if (s->state == a)
254 {
255 p=(unsigned char *)s->init_buf->data;
256 *p=SSL3_MT_CCS;
257 s->init_num=1;
258 s->init_off=0;
259
260 s->state=b;
261 }
262
263 /* SSL3_ST_CW_CHANGE_B */
264 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
265 }
266
267unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
268 {
269 unsigned char *p;
270 int n,i;
271 unsigned long l=7;
272 BUF_MEM *buf;
273 X509_STORE_CTX xs_ctx;
274 X509_OBJECT obj;
275
276 int no_chain;
277
278 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
279 no_chain = 1;
280 else
281 no_chain = 0;
282
283 /* TLSv1 sends a chain with nothing in it, instead of an alert */
284 buf=s->init_buf;
285 if (!BUF_MEM_grow_clean(buf,10))
286 {
287 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
288 return(0);
289 }
290 if (x != NULL)
291 {
292 if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
293 {
294 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
295 return(0);
296 }
297
298 for (;;)
299 {
300 n=i2d_X509(x,NULL);
301 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
302 {
303 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
304 return(0);
305 }
306 p=(unsigned char *)&(buf->data[l]);
307 l2n3(n,p);
308 i2d_X509(x,&p);
309 l+=n+3;
310
311 if (no_chain)
312 break;
313
314 if (X509_NAME_cmp(X509_get_subject_name(x),
315 X509_get_issuer_name(x)) == 0) break;
316
317 i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
318 X509_get_issuer_name(x),&obj);
319 if (i <= 0) break;
320 x=obj.data.x509;
321 /* Count is one too high since the X509_STORE_get uped the
322 * ref count */
323 X509_free(x);
324 }
325 if (!no_chain)
326 X509_STORE_CTX_cleanup(&xs_ctx);
327 }
328
329 /* Thawte special :-) */
330 if (s->ctx->extra_certs != NULL)
331 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
332 {
333 x=sk_X509_value(s->ctx->extra_certs,i);
334 n=i2d_X509(x,NULL);
335 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
336 {
337 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
338 return(0);
339 }
340 p=(unsigned char *)&(buf->data[l]);
341 l2n3(n,p);
342 i2d_X509(x,&p);
343 l+=n+3;
344 }
345
346 l-=7;
347 p=(unsigned char *)&(buf->data[4]);
348 l2n3(l,p);
349 l+=3;
350 p=(unsigned char *)&(buf->data[0]);
351 *(p++)=SSL3_MT_CERTIFICATE;
352 l2n3(l,p);
353 l+=4;
354 return(l);
355 }
356
357/* Obtain handshake message of message type 'mt' (any if mt == -1),
358 * maximum acceptable body length 'max'.
359 * The first four bytes (msg_type and length) are read in state 'st1',
360 * the body is read in state 'stn'.
361 */
362long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
363 {
364 unsigned char *p;
365 unsigned long l;
366 long n;
367 int i,al;
368
369 if (s->s3->tmp.reuse_message)
370 {
371 s->s3->tmp.reuse_message=0;
372 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
373 {
374 al=SSL_AD_UNEXPECTED_MESSAGE;
375 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
376 goto f_err;
377 }
378 *ok=1;
379 s->init_msg = s->init_buf->data + 4;
380 s->init_num = (int)s->s3->tmp.message_size;
381 return s->init_num;
382 }
383
384 p=(unsigned char *)s->init_buf->data;
385
386 if (s->state == st1) /* s->init_num < 4 */
387 {
388 int skip_message;
389
390 do
391 {
392 while (s->init_num < 4)
393 {
394 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
395 &p[s->init_num],4 - s->init_num, 0);
396 if (i <= 0)
397 {
398 s->rwstate=SSL_READING;
399 *ok = 0;
400 return i;
401 }
402 s->init_num+=i;
403 }
404
405 skip_message = 0;
406 if (!s->server)
407 if (p[0] == SSL3_MT_HELLO_REQUEST)
408 /* The server may always send 'Hello Request' messages --
409 * we are doing a handshake anyway now, so ignore them
410 * if their format is correct. Does not count for
411 * 'Finished' MAC. */
412 if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
413 {
414 s->init_num = 0;
415 skip_message = 1;
416
417 if (s->msg_callback)
418 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
419 }
420 }
421 while (skip_message);
422
423 /* s->init_num == 4 */
424
425 if ((mt >= 0) && (*p != mt))
426 {
427 al=SSL_AD_UNEXPECTED_MESSAGE;
428 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
429 goto f_err;
430 }
431 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
432 (st1 == SSL3_ST_SR_CERT_A) &&
433 (stn == SSL3_ST_SR_CERT_B))
434 {
435 /* At this point we have got an MS SGC second client
436 * hello (maybe we should always allow the client to
437 * start a new handshake?). We need to restart the mac.
438 * Don't increment {num,total}_renegotiations because
439 * we have not completed the handshake. */
440 ssl3_init_finished_mac(s);
441 }
442
443 s->s3->tmp.message_type= *(p++);
444
445 n2l3(p,l);
446 if (l > (unsigned long)max)
447 {
448 al=SSL_AD_ILLEGAL_PARAMETER;
449 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
450 goto f_err;
451 }
452 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
453 {
454 al=SSL_AD_ILLEGAL_PARAMETER;
455 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
456 goto f_err;
457 }
458 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
459 {
460 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
461 goto err;
462 }
463 s->s3->tmp.message_size=l;
464 s->state=stn;
465
466 s->init_msg = s->init_buf->data + 4;
467 s->init_num = 0;
468 }
469
470 /* next state (stn) */
471 p = s->init_msg;
472 n = s->s3->tmp.message_size - s->init_num;
473 while (n > 0)
474 {
475 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
476 if (i <= 0)
477 {
478 s->rwstate=SSL_READING;
479 *ok = 0;
480 return i;
481 }
482 s->init_num += i;
483 n -= i;
484 }
485 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
486 if (s->msg_callback)
487 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
488 *ok=1;
489 return s->init_num;
490f_err:
491 ssl3_send_alert(s,SSL3_AL_FATAL,al);
492err:
493 *ok=0;
494 return(-1);
495 }
496
497int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
498 {
499 EVP_PKEY *pk;
500 int ret= -1,i;
501
502 if (pkey == NULL)
503 pk=X509_get_pubkey(x);
504 else
505 pk=pkey;
506 if (pk == NULL) goto err;
507
508 i=pk->type;
509 if (i == EVP_PKEY_RSA)
510 {
511 ret=SSL_PKEY_RSA_ENC;
512 }
513 else if (i == EVP_PKEY_DSA)
514 {
515 ret=SSL_PKEY_DSA_SIGN;
516 }
517#ifndef OPENSSL_NO_EC
518 else if (i == EVP_PKEY_EC)
519 {
520 ret = SSL_PKEY_ECC;
521 }
522#endif
523
524err:
525 if(!pkey) EVP_PKEY_free(pk);
526 return(ret);
527 }
528
529int ssl_verify_alarm_type(long type)
530 {
531 int al;
532
533 switch(type)
534 {
535 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
536 case X509_V_ERR_UNABLE_TO_GET_CRL:
537 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
538 al=SSL_AD_UNKNOWN_CA;
539 break;
540 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
541 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
542 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
543 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
544 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
545 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
546 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
547 case X509_V_ERR_CERT_NOT_YET_VALID:
548 case X509_V_ERR_CRL_NOT_YET_VALID:
549 case X509_V_ERR_CERT_UNTRUSTED:
550 case X509_V_ERR_CERT_REJECTED:
551 al=SSL_AD_BAD_CERTIFICATE;
552 break;
553 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
554 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
555 al=SSL_AD_DECRYPT_ERROR;
556 break;
557 case X509_V_ERR_CERT_HAS_EXPIRED:
558 case X509_V_ERR_CRL_HAS_EXPIRED:
559 al=SSL_AD_CERTIFICATE_EXPIRED;
560 break;
561 case X509_V_ERR_CERT_REVOKED:
562 al=SSL_AD_CERTIFICATE_REVOKED;
563 break;
564 case X509_V_ERR_OUT_OF_MEM:
565 al=SSL_AD_INTERNAL_ERROR;
566 break;
567 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
568 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
569 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
570 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
571 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
572 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
573 case X509_V_ERR_INVALID_CA:
574 al=SSL_AD_UNKNOWN_CA;
575 break;
576 case X509_V_ERR_APPLICATION_VERIFICATION:
577 al=SSL_AD_HANDSHAKE_FAILURE;
578 break;
579 case X509_V_ERR_INVALID_PURPOSE:
580 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
581 break;
582 default:
583 al=SSL_AD_CERTIFICATE_UNKNOWN;
584 break;
585 }
586 return(al);
587 }
588
589int ssl3_setup_buffers(SSL *s)
590 {
591 unsigned char *p;
592 unsigned int extra;
593 size_t len;
594
595 if (s->s3->rbuf.buf == NULL)
596 {
597 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
598 extra=SSL3_RT_MAX_EXTRA;
599 else
600 extra=0;
601 len = SSL3_RT_MAX_PACKET_SIZE + extra;
602 if ((p=OPENSSL_malloc(len)) == NULL)
603 goto err;
604 s->s3->rbuf.buf = p;
605 s->s3->rbuf.len = len;
606 }
607
608 if (s->s3->wbuf.buf == NULL)
609 {
610 len = SSL3_RT_MAX_PACKET_SIZE;
611 len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
612 if ((p=OPENSSL_malloc(len)) == NULL)
613 goto err;
614 s->s3->wbuf.buf = p;
615 s->s3->wbuf.len = len;
616 }
617 s->packet= &(s->s3->rbuf.buf[0]);
618 return(1);
619err:
620 SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
621 return(0);
622 }
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
deleted file mode 100644
index 50308487aa..0000000000
--- a/src/lib/libssl/s3_clnt.c
+++ /dev/null
@@ -1,2744 +0,0 @@
1/* ssl/s3_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124
125#include <stdio.h>
126#include "ssl_locl.h"
127#include "kssl_lcl.h"
128#include <openssl/buffer.h>
129#include <openssl/rand.h>
130#include <openssl/objects.h>
131#include <openssl/evp.h>
132#include <openssl/md5.h>
133#ifdef OPENSSL_FIPS
134#include <openssl/fips.h>
135#endif
136
137#ifndef OPENSSL_NO_DH
138#include <openssl/dh.h>
139#endif
140#include <openssl/bn.h>
141#ifndef OPENSSL_NO_ENGINE
142#include <openssl/engine.h>
143#endif
144
145static SSL_METHOD *ssl3_get_client_method(int ver);
146static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
147#ifndef OPENSSL_NO_TLSEXT
148static int ssl3_check_finished(SSL *s);
149#endif
150
151#ifndef OPENSSL_NO_ECDH
152static int curve_id2nid(int curve_id);
153int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
154#endif
155
156static SSL_METHOD *ssl3_get_client_method(int ver)
157 {
158 if (ver == SSL3_VERSION)
159 return(SSLv3_client_method());
160 else
161 return(NULL);
162 }
163
164IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
165 ssl_undefined_function,
166 ssl3_connect,
167 ssl3_get_client_method)
168
169int ssl3_connect(SSL *s)
170 {
171 BUF_MEM *buf=NULL;
172 unsigned long Time=(unsigned long)time(NULL),l;
173 long num1;
174 void (*cb)(const SSL *ssl,int type,int val)=NULL;
175 int ret= -1;
176 int new_state,state,skip=0;
177
178 RAND_add(&Time,sizeof(Time),0);
179 ERR_clear_error();
180 clear_sys_error();
181
182 if (s->info_callback != NULL)
183 cb=s->info_callback;
184 else if (s->ctx->info_callback != NULL)
185 cb=s->ctx->info_callback;
186
187 s->in_handshake++;
188 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
189
190 for (;;)
191 {
192 state=s->state;
193
194 switch(s->state)
195 {
196 case SSL_ST_RENEGOTIATE:
197 s->new_session=1;
198 s->state=SSL_ST_CONNECT;
199 s->ctx->stats.sess_connect_renegotiate++;
200 /* break */
201 case SSL_ST_BEFORE:
202 case SSL_ST_CONNECT:
203 case SSL_ST_BEFORE|SSL_ST_CONNECT:
204 case SSL_ST_OK|SSL_ST_CONNECT:
205
206 s->server=0;
207 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
208
209 if ((s->version & 0xff00 ) != 0x0300)
210 {
211 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
212 ret = -1;
213 goto end;
214 }
215
216 /* s->version=SSL3_VERSION; */
217 s->type=SSL_ST_CONNECT;
218
219 if (s->init_buf == NULL)
220 {
221 if ((buf=BUF_MEM_new()) == NULL)
222 {
223 ret= -1;
224 goto end;
225 }
226 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
227 {
228 ret= -1;
229 goto end;
230 }
231 s->init_buf=buf;
232 buf=NULL;
233 }
234
235 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
236
237 /* setup buffing BIO */
238 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
239
240 /* don't push the buffering BIO quite yet */
241
242 ssl3_init_finished_mac(s);
243
244 s->state=SSL3_ST_CW_CLNT_HELLO_A;
245 s->ctx->stats.sess_connect++;
246 s->init_num=0;
247 break;
248
249 case SSL3_ST_CW_CLNT_HELLO_A:
250 case SSL3_ST_CW_CLNT_HELLO_B:
251
252 s->shutdown=0;
253 ret=ssl3_client_hello(s);
254 if (ret <= 0) goto end;
255 s->state=SSL3_ST_CR_SRVR_HELLO_A;
256 s->init_num=0;
257
258 /* turn on buffering for the next lot of output */
259 if (s->bbio != s->wbio)
260 s->wbio=BIO_push(s->bbio,s->wbio);
261
262 break;
263
264 case SSL3_ST_CR_SRVR_HELLO_A:
265 case SSL3_ST_CR_SRVR_HELLO_B:
266 ret=ssl3_get_server_hello(s);
267 if (ret <= 0) goto end;
268 if (s->hit)
269 s->state=SSL3_ST_CR_FINISHED_A;
270 else
271 s->state=SSL3_ST_CR_CERT_A;
272 s->init_num=0;
273 break;
274
275 case SSL3_ST_CR_CERT_A:
276 case SSL3_ST_CR_CERT_B:
277#ifndef OPENSSL_NO_TLSEXT
278 ret=ssl3_check_finished(s);
279 if (ret <= 0) goto end;
280 if (ret == 2)
281 {
282 s->hit = 1;
283 if (s->tlsext_ticket_expected)
284 s->state=SSL3_ST_CR_SESSION_TICKET_A;
285 else
286 s->state=SSL3_ST_CR_FINISHED_A;
287 s->init_num=0;
288 break;
289 }
290#endif
291 /* Check if it is anon DH/ECDH */
292 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
293 {
294 ret=ssl3_get_server_certificate(s);
295 if (ret <= 0) goto end;
296#ifndef OPENSSL_NO_TLSEXT
297 if (s->tlsext_status_expected)
298 s->state=SSL3_ST_CR_CERT_STATUS_A;
299 else
300 s->state=SSL3_ST_CR_KEY_EXCH_A;
301 }
302 else
303 {
304 skip = 1;
305 s->state=SSL3_ST_CR_KEY_EXCH_A;
306 }
307#else
308 }
309 else
310 skip=1;
311
312 s->state=SSL3_ST_CR_KEY_EXCH_A;
313#endif
314 s->init_num=0;
315 break;
316
317 case SSL3_ST_CR_KEY_EXCH_A:
318 case SSL3_ST_CR_KEY_EXCH_B:
319 ret=ssl3_get_key_exchange(s);
320 if (ret <= 0) goto end;
321 s->state=SSL3_ST_CR_CERT_REQ_A;
322 s->init_num=0;
323
324 /* at this point we check that we have the
325 * required stuff from the server */
326 if (!ssl3_check_cert_and_algorithm(s))
327 {
328 ret= -1;
329 goto end;
330 }
331 break;
332
333 case SSL3_ST_CR_CERT_REQ_A:
334 case SSL3_ST_CR_CERT_REQ_B:
335 ret=ssl3_get_certificate_request(s);
336 if (ret <= 0) goto end;
337 s->state=SSL3_ST_CR_SRVR_DONE_A;
338 s->init_num=0;
339 break;
340
341 case SSL3_ST_CR_SRVR_DONE_A:
342 case SSL3_ST_CR_SRVR_DONE_B:
343 ret=ssl3_get_server_done(s);
344 if (ret <= 0) goto end;
345 if (s->s3->tmp.cert_req)
346 s->state=SSL3_ST_CW_CERT_A;
347 else
348 s->state=SSL3_ST_CW_KEY_EXCH_A;
349 s->init_num=0;
350
351 break;
352
353 case SSL3_ST_CW_CERT_A:
354 case SSL3_ST_CW_CERT_B:
355 case SSL3_ST_CW_CERT_C:
356 case SSL3_ST_CW_CERT_D:
357 ret=ssl3_send_client_certificate(s);
358 if (ret <= 0) goto end;
359 s->state=SSL3_ST_CW_KEY_EXCH_A;
360 s->init_num=0;
361 break;
362
363 case SSL3_ST_CW_KEY_EXCH_A:
364 case SSL3_ST_CW_KEY_EXCH_B:
365 ret=ssl3_send_client_key_exchange(s);
366 if (ret <= 0) goto end;
367 l=s->s3->tmp.new_cipher->algorithms;
368 /* EAY EAY EAY need to check for DH fix cert
369 * sent back */
370 /* For TLS, cert_req is set to 2, so a cert chain
371 * of nothing is sent, but no verify packet is sent */
372 /* XXX: For now, we do not support client
373 * authentication in ECDH cipher suites with
374 * ECDH (rather than ECDSA) certificates.
375 * We need to skip the certificate verify
376 * message when client's ECDH public key is sent
377 * inside the client certificate.
378 */
379 if (s->s3->tmp.cert_req == 1)
380 {
381 s->state=SSL3_ST_CW_CERT_VRFY_A;
382 }
383 else
384 {
385 s->state=SSL3_ST_CW_CHANGE_A;
386 s->s3->change_cipher_spec=0;
387 }
388
389 s->init_num=0;
390 break;
391
392 case SSL3_ST_CW_CERT_VRFY_A:
393 case SSL3_ST_CW_CERT_VRFY_B:
394 ret=ssl3_send_client_verify(s);
395 if (ret <= 0) goto end;
396 s->state=SSL3_ST_CW_CHANGE_A;
397 s->init_num=0;
398 s->s3->change_cipher_spec=0;
399 break;
400
401 case SSL3_ST_CW_CHANGE_A:
402 case SSL3_ST_CW_CHANGE_B:
403 ret=ssl3_send_change_cipher_spec(s,
404 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
405 if (ret <= 0) goto end;
406 s->state=SSL3_ST_CW_FINISHED_A;
407 s->init_num=0;
408
409 s->session->cipher=s->s3->tmp.new_cipher;
410#ifdef OPENSSL_NO_COMP
411 s->session->compress_meth=0;
412#else
413 if (s->s3->tmp.new_compression == NULL)
414 s->session->compress_meth=0;
415 else
416 s->session->compress_meth=
417 s->s3->tmp.new_compression->id;
418#endif
419 if (!s->method->ssl3_enc->setup_key_block(s))
420 {
421 ret= -1;
422 goto end;
423 }
424
425 if (!s->method->ssl3_enc->change_cipher_state(s,
426 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
427 {
428 ret= -1;
429 goto end;
430 }
431
432 break;
433
434 case SSL3_ST_CW_FINISHED_A:
435 case SSL3_ST_CW_FINISHED_B:
436 ret=ssl3_send_finished(s,
437 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
438 s->method->ssl3_enc->client_finished_label,
439 s->method->ssl3_enc->client_finished_label_len);
440 if (ret <= 0) goto end;
441 s->state=SSL3_ST_CW_FLUSH;
442
443 /* clear flags */
444 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
445 if (s->hit)
446 {
447 s->s3->tmp.next_state=SSL_ST_OK;
448 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
449 {
450 s->state=SSL_ST_OK;
451 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
452 s->s3->delay_buf_pop_ret=0;
453 }
454 }
455 else
456 {
457#ifndef OPENSSL_NO_TLSEXT
458 /* Allow NewSessionTicket if ticket expected */
459 if (s->tlsext_ticket_expected)
460 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
461 else
462#endif
463
464 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
465 }
466 s->init_num=0;
467 break;
468
469#ifndef OPENSSL_NO_TLSEXT
470 case SSL3_ST_CR_SESSION_TICKET_A:
471 case SSL3_ST_CR_SESSION_TICKET_B:
472 ret=ssl3_get_new_session_ticket(s);
473 if (ret <= 0) goto end;
474 s->state=SSL3_ST_CR_FINISHED_A;
475 s->init_num=0;
476 break;
477
478 case SSL3_ST_CR_CERT_STATUS_A:
479 case SSL3_ST_CR_CERT_STATUS_B:
480 ret=ssl3_get_cert_status(s);
481 if (ret <= 0) goto end;
482 s->state=SSL3_ST_CR_KEY_EXCH_A;
483 s->init_num=0;
484 break;
485#endif
486
487 case SSL3_ST_CR_FINISHED_A:
488 case SSL3_ST_CR_FINISHED_B:
489
490 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
491 SSL3_ST_CR_FINISHED_B);
492 if (ret <= 0) goto end;
493
494 if (s->hit)
495 s->state=SSL3_ST_CW_CHANGE_A;
496 else
497 s->state=SSL_ST_OK;
498 s->init_num=0;
499 break;
500
501 case SSL3_ST_CW_FLUSH:
502 /* number of bytes to be flushed */
503 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
504 if (num1 > 0)
505 {
506 s->rwstate=SSL_WRITING;
507 num1=BIO_flush(s->wbio);
508 if (num1 <= 0) { ret= -1; goto end; }
509 s->rwstate=SSL_NOTHING;
510 }
511
512 s->state=s->s3->tmp.next_state;
513 break;
514
515 case SSL_ST_OK:
516 /* clean a few things up */
517 ssl3_cleanup_key_block(s);
518
519 if (s->init_buf != NULL)
520 {
521 BUF_MEM_free(s->init_buf);
522 s->init_buf=NULL;
523 }
524
525 /* If we are not 'joining' the last two packets,
526 * remove the buffering now */
527 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
528 ssl_free_wbio_buffer(s);
529 /* else do it later in ssl3_write */
530
531 s->init_num=0;
532 s->new_session=0;
533
534 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
535 if (s->hit) s->ctx->stats.sess_hit++;
536
537 ret=1;
538 /* s->server=0; */
539 s->handshake_func=ssl3_connect;
540 s->ctx->stats.sess_connect_good++;
541
542 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
543
544 goto end;
545 /* break; */
546
547 default:
548 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
549 ret= -1;
550 goto end;
551 /* break; */
552 }
553
554 /* did we do anything */
555 if (!s->s3->tmp.reuse_message && !skip)
556 {
557 if (s->debug)
558 {
559 if ((ret=BIO_flush(s->wbio)) <= 0)
560 goto end;
561 }
562
563 if ((cb != NULL) && (s->state != state))
564 {
565 new_state=s->state;
566 s->state=state;
567 cb(s,SSL_CB_CONNECT_LOOP,1);
568 s->state=new_state;
569 }
570 }
571 skip=0;
572 }
573end:
574 s->in_handshake--;
575 if (buf != NULL)
576 BUF_MEM_free(buf);
577 if (cb != NULL)
578 cb(s,SSL_CB_CONNECT_EXIT,ret);
579 return(ret);
580 }
581
582
583int ssl3_client_hello(SSL *s)
584 {
585 unsigned char *buf;
586 unsigned char *p,*d;
587 int i;
588 unsigned long Time,l;
589#ifndef OPENSSL_NO_COMP
590 int j;
591 SSL_COMP *comp;
592#endif
593
594 buf=(unsigned char *)s->init_buf->data;
595 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
596 {
597 if ((s->session == NULL) ||
598 (s->session->ssl_version != s->version) ||
599 (s->session->not_resumable))
600 {
601 if (!ssl_get_new_session(s,0))
602 goto err;
603 }
604 /* else use the pre-loaded session */
605
606 p=s->s3->client_random;
607 Time=(unsigned long)time(NULL); /* Time */
608 l2n(Time,p);
609 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
610 goto err;
611
612 /* Do the message type and length last */
613 d=p= &(buf[4]);
614
615 *(p++)=s->version>>8;
616 *(p++)=s->version&0xff;
617 s->client_version=s->version;
618
619 /* Random stuff */
620 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
621 p+=SSL3_RANDOM_SIZE;
622
623 /* Session ID */
624 if (s->new_session)
625 i=0;
626 else
627 i=s->session->session_id_length;
628 *(p++)=i;
629 if (i != 0)
630 {
631 if (i > (int)sizeof(s->session->session_id))
632 {
633 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
634 goto err;
635 }
636 memcpy(p,s->session->session_id,i);
637 p+=i;
638 }
639
640 /* Ciphers supported */
641 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
642 if (i == 0)
643 {
644 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
645 goto err;
646 }
647 s2n(i,p);
648 p+=i;
649
650 /* COMPRESSION */
651#ifdef OPENSSL_NO_COMP
652 *(p++)=1;
653#else
654 if (s->ctx->comp_methods == NULL)
655 j=0;
656 else
657 j=sk_SSL_COMP_num(s->ctx->comp_methods);
658 *(p++)=1+j;
659 for (i=0; i<j; i++)
660 {
661 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
662 *(p++)=comp->id;
663 }
664#endif
665 *(p++)=0; /* Add the NULL method */
666#ifndef OPENSSL_NO_TLSEXT
667 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
668 {
669 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
670 goto err;
671 }
672#endif
673 l=(p-d);
674 d=buf;
675 *(d++)=SSL3_MT_CLIENT_HELLO;
676 l2n3(l,d);
677
678 s->state=SSL3_ST_CW_CLNT_HELLO_B;
679 /* number of bytes to write */
680 s->init_num=p-buf;
681 s->init_off=0;
682 }
683
684 /* SSL3_ST_CW_CLNT_HELLO_B */
685 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
686err:
687 return(-1);
688 }
689
690int ssl3_get_server_hello(SSL *s)
691 {
692 STACK_OF(SSL_CIPHER) *sk;
693 SSL_CIPHER *c;
694 unsigned char *p,*d;
695 int i,al,ok;
696 unsigned int j;
697 long n;
698#ifndef OPENSSL_NO_COMP
699 SSL_COMP *comp;
700#endif
701
702 n=s->method->ssl_get_message(s,
703 SSL3_ST_CR_SRVR_HELLO_A,
704 SSL3_ST_CR_SRVR_HELLO_B,
705 -1,
706 20000, /* ?? */
707 &ok);
708
709 if (!ok) return((int)n);
710
711 if ( SSL_version(s) == DTLS1_VERSION)
712 {
713 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
714 {
715 if ( s->d1->send_cookie == 0)
716 {
717 s->s3->tmp.reuse_message = 1;
718 return 1;
719 }
720 else /* already sent a cookie */
721 {
722 al=SSL_AD_UNEXPECTED_MESSAGE;
723 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
724 goto f_err;
725 }
726 }
727 }
728
729 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
730 {
731 al=SSL_AD_UNEXPECTED_MESSAGE;
732 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
733 goto f_err;
734 }
735
736 d=p=(unsigned char *)s->init_msg;
737
738 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
739 {
740 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
741 s->version=(s->version&0xff00)|p[1];
742 al=SSL_AD_PROTOCOL_VERSION;
743 goto f_err;
744 }
745 p+=2;
746
747 /* load the server hello data */
748 /* load the server random */
749 memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
750 p+=SSL3_RANDOM_SIZE;
751
752 /* get the session-id */
753 j= *(p++);
754
755 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
756 {
757 al=SSL_AD_ILLEGAL_PARAMETER;
758 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
759 goto f_err;
760 }
761
762 if (j != 0 && j == s->session->session_id_length
763 && memcmp(p,s->session->session_id,j) == 0)
764 {
765 if(s->sid_ctx_length != s->session->sid_ctx_length
766 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
767 {
768 /* actually a client application bug */
769 al=SSL_AD_ILLEGAL_PARAMETER;
770 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
771 goto f_err;
772 }
773 s->hit=1;
774 }
775 else /* a miss or crap from the other end */
776 {
777 /* If we were trying for session-id reuse, make a new
778 * SSL_SESSION so we don't stuff up other people */
779 s->hit=0;
780 if (s->session->session_id_length > 0)
781 {
782 if (!ssl_get_new_session(s,0))
783 {
784 al=SSL_AD_INTERNAL_ERROR;
785 goto f_err;
786 }
787 }
788 s->session->session_id_length=j;
789 memcpy(s->session->session_id,p,j); /* j could be 0 */
790 }
791 p+=j;
792 c=ssl_get_cipher_by_char(s,p);
793 if (c == NULL)
794 {
795 /* unknown cipher */
796 al=SSL_AD_ILLEGAL_PARAMETER;
797 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
798 goto f_err;
799 }
800 p+=ssl_put_cipher_by_char(s,NULL,NULL);
801
802 sk=ssl_get_ciphers_by_id(s);
803 i=sk_SSL_CIPHER_find(sk,c);
804 if (i < 0)
805 {
806 /* we did not say we would use this cipher */
807 al=SSL_AD_ILLEGAL_PARAMETER;
808 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
809 goto f_err;
810 }
811
812 /* Depending on the session caching (internal/external), the cipher
813 and/or cipher_id values may not be set. Make sure that
814 cipher_id is set and use it for comparison. */
815 if (s->session->cipher)
816 s->session->cipher_id = s->session->cipher->id;
817 if (s->hit && (s->session->cipher_id != c->id))
818 {
819 if (!(s->options &
820 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
821 {
822 al=SSL_AD_ILLEGAL_PARAMETER;
823 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
824 goto f_err;
825 }
826 }
827 s->s3->tmp.new_cipher=c;
828
829 /* lets get the compression algorithm */
830 /* COMPRESSION */
831#ifdef OPENSSL_NO_COMP
832 if (*(p++) != 0)
833 {
834 al=SSL_AD_ILLEGAL_PARAMETER;
835 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
836 goto f_err;
837 }
838#else
839 j= *(p++);
840 if (j == 0)
841 comp=NULL;
842 else
843 comp=ssl3_comp_find(s->ctx->comp_methods,j);
844
845 if ((j != 0) && (comp == NULL))
846 {
847 al=SSL_AD_ILLEGAL_PARAMETER;
848 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
849 goto f_err;
850 }
851 else
852 {
853 s->s3->tmp.new_compression=comp;
854 }
855#endif
856#ifndef OPENSSL_NO_TLSEXT
857 /* TLS extensions*/
858 if (s->version > SSL3_VERSION)
859 {
860 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
861 {
862 /* 'al' set by ssl_parse_serverhello_tlsext */
863 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
864 goto f_err;
865 }
866 if (ssl_check_serverhello_tlsext(s) <= 0)
867 {
868 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
869 goto err;
870 }
871 }
872#endif
873
874
875 if (p != (d+n))
876 {
877 /* wrong packet length */
878 al=SSL_AD_DECODE_ERROR;
879 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
880 goto err;
881 }
882
883 return(1);
884f_err:
885 ssl3_send_alert(s,SSL3_AL_FATAL,al);
886err:
887 return(-1);
888 }
889
890int ssl3_get_server_certificate(SSL *s)
891 {
892 int al,i,ok,ret= -1;
893 unsigned long n,nc,llen,l;
894 X509 *x=NULL;
895 const unsigned char *q,*p;
896 unsigned char *d;
897 STACK_OF(X509) *sk=NULL;
898 SESS_CERT *sc;
899 EVP_PKEY *pkey=NULL;
900 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
901
902 n=s->method->ssl_get_message(s,
903 SSL3_ST_CR_CERT_A,
904 SSL3_ST_CR_CERT_B,
905 -1,
906 s->max_cert_list,
907 &ok);
908
909 if (!ok) return((int)n);
910
911 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
912 ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
913 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
914 {
915 s->s3->tmp.reuse_message=1;
916 return(1);
917 }
918
919 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
920 {
921 al=SSL_AD_UNEXPECTED_MESSAGE;
922 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
923 goto f_err;
924 }
925 p=d=(unsigned char *)s->init_msg;
926
927 if ((sk=sk_X509_new_null()) == NULL)
928 {
929 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
930 goto err;
931 }
932
933 n2l3(p,llen);
934 if (llen+3 != n)
935 {
936 al=SSL_AD_DECODE_ERROR;
937 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
938 goto f_err;
939 }
940 for (nc=0; nc<llen; )
941 {
942 n2l3(p,l);
943 if ((l+nc+3) > llen)
944 {
945 al=SSL_AD_DECODE_ERROR;
946 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
947 goto f_err;
948 }
949
950 q=p;
951 x=d2i_X509(NULL,&q,l);
952 if (x == NULL)
953 {
954 al=SSL_AD_BAD_CERTIFICATE;
955 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
956 goto f_err;
957 }
958 if (q != (p+l))
959 {
960 al=SSL_AD_DECODE_ERROR;
961 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
962 goto f_err;
963 }
964 if (!sk_X509_push(sk,x))
965 {
966 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
967 goto err;
968 }
969 x=NULL;
970 nc+=l+3;
971 p=q;
972 }
973
974 i=ssl_verify_cert_chain(s,sk);
975 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
976#ifndef OPENSSL_NO_KRB5
977 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
978 != (SSL_aKRB5|SSL_kKRB5)
979#endif /* OPENSSL_NO_KRB5 */
980 )
981 {
982 al=ssl_verify_alarm_type(s->verify_result);
983 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
984 goto f_err;
985 }
986 ERR_clear_error(); /* but we keep s->verify_result */
987
988 sc=ssl_sess_cert_new();
989 if (sc == NULL) goto err;
990
991 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
992 s->session->sess_cert=sc;
993
994 sc->cert_chain=sk;
995 /* Inconsistency alert: cert_chain does include the peer's
996 * certificate, which we don't include in s3_srvr.c */
997 x=sk_X509_value(sk,0);
998 sk=NULL;
999 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1000
1001 pkey=X509_get_pubkey(x);
1002
1003 /* VRS: allow null cert if auth == KRB5 */
1004 need_cert = ((s->s3->tmp.new_cipher->algorithms
1005 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
1006 == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
1007
1008#ifdef KSSL_DEBUG
1009 printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x);
1010 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1011 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
1012 s->s3->tmp.new_cipher->algorithms, need_cert);
1013#endif /* KSSL_DEBUG */
1014
1015 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
1016 {
1017 x=NULL;
1018 al=SSL3_AL_FATAL;
1019 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1020 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1021 goto f_err;
1022 }
1023
1024 i=ssl_cert_type(x,pkey);
1025 if (need_cert && i < 0)
1026 {
1027 x=NULL;
1028 al=SSL3_AL_FATAL;
1029 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1030 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1031 goto f_err;
1032 }
1033
1034 if (need_cert)
1035 {
1036 sc->peer_cert_type=i;
1037 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1038 /* Why would the following ever happen?
1039 * We just created sc a couple of lines ago. */
1040 if (sc->peer_pkeys[i].x509 != NULL)
1041 X509_free(sc->peer_pkeys[i].x509);
1042 sc->peer_pkeys[i].x509=x;
1043 sc->peer_key= &(sc->peer_pkeys[i]);
1044
1045 if (s->session->peer != NULL)
1046 X509_free(s->session->peer);
1047 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1048 s->session->peer=x;
1049 }
1050 else
1051 {
1052 sc->peer_cert_type=i;
1053 sc->peer_key= NULL;
1054
1055 if (s->session->peer != NULL)
1056 X509_free(s->session->peer);
1057 s->session->peer=NULL;
1058 }
1059 s->session->verify_result = s->verify_result;
1060
1061 x=NULL;
1062 ret=1;
1063
1064 if (0)
1065 {
1066f_err:
1067 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1068 }
1069err:
1070 EVP_PKEY_free(pkey);
1071 X509_free(x);
1072 sk_X509_pop_free(sk,X509_free);
1073 return(ret);
1074 }
1075
1076int ssl3_get_key_exchange(SSL *s)
1077 {
1078#ifndef OPENSSL_NO_RSA
1079 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
1080#endif
1081 EVP_MD_CTX md_ctx;
1082 unsigned char *param,*p;
1083 int al,i,j,param_len,ok;
1084 long n,alg;
1085 EVP_PKEY *pkey=NULL;
1086#ifndef OPENSSL_NO_RSA
1087 RSA *rsa=NULL;
1088#endif
1089#ifndef OPENSSL_NO_DH
1090 DH *dh=NULL;
1091#endif
1092#ifndef OPENSSL_NO_ECDH
1093 EC_KEY *ecdh = NULL;
1094 BN_CTX *bn_ctx = NULL;
1095 EC_POINT *srvr_ecpoint = NULL;
1096 int curve_nid = 0;
1097 int encoded_pt_len = 0;
1098#endif
1099
1100 /* use same message size as in ssl3_get_certificate_request()
1101 * as ServerKeyExchange message may be skipped */
1102 n=s->method->ssl_get_message(s,
1103 SSL3_ST_CR_KEY_EXCH_A,
1104 SSL3_ST_CR_KEY_EXCH_B,
1105 -1,
1106 s->max_cert_list,
1107 &ok);
1108
1109 if (!ok) return((int)n);
1110
1111 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1112 {
1113 s->s3->tmp.reuse_message=1;
1114 return(1);
1115 }
1116
1117 param=p=(unsigned char *)s->init_msg;
1118
1119 if (s->session->sess_cert != NULL)
1120 {
1121#ifndef OPENSSL_NO_RSA
1122 if (s->session->sess_cert->peer_rsa_tmp != NULL)
1123 {
1124 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1125 s->session->sess_cert->peer_rsa_tmp=NULL;
1126 }
1127#endif
1128#ifndef OPENSSL_NO_DH
1129 if (s->session->sess_cert->peer_dh_tmp)
1130 {
1131 DH_free(s->session->sess_cert->peer_dh_tmp);
1132 s->session->sess_cert->peer_dh_tmp=NULL;
1133 }
1134#endif
1135#ifndef OPENSSL_NO_ECDH
1136 if (s->session->sess_cert->peer_ecdh_tmp)
1137 {
1138 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1139 s->session->sess_cert->peer_ecdh_tmp=NULL;
1140 }
1141#endif
1142 }
1143 else
1144 {
1145 s->session->sess_cert=ssl_sess_cert_new();
1146 }
1147
1148 param_len=0;
1149 alg=s->s3->tmp.new_cipher->algorithms;
1150 EVP_MD_CTX_init(&md_ctx);
1151
1152#ifndef OPENSSL_NO_RSA
1153 if (alg & SSL_kRSA)
1154 {
1155 if ((rsa=RSA_new()) == NULL)
1156 {
1157 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1158 goto err;
1159 }
1160 n2s(p,i);
1161 param_len=i+2;
1162 if (param_len > n)
1163 {
1164 al=SSL_AD_DECODE_ERROR;
1165 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
1166 goto f_err;
1167 }
1168 if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
1169 {
1170 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1171 goto err;
1172 }
1173 p+=i;
1174
1175 n2s(p,i);
1176 param_len+=i+2;
1177 if (param_len > n)
1178 {
1179 al=SSL_AD_DECODE_ERROR;
1180 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
1181 goto f_err;
1182 }
1183 if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
1184 {
1185 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1186 goto err;
1187 }
1188 p+=i;
1189 n-=param_len;
1190
1191 /* this should be because we are using an export cipher */
1192 if (alg & SSL_aRSA)
1193 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1194 else
1195 {
1196 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1197 goto err;
1198 }
1199 s->session->sess_cert->peer_rsa_tmp=rsa;
1200 rsa=NULL;
1201 }
1202#else /* OPENSSL_NO_RSA */
1203 if (0)
1204 ;
1205#endif
1206#ifndef OPENSSL_NO_DH
1207 else if (alg & SSL_kEDH)
1208 {
1209 if ((dh=DH_new()) == NULL)
1210 {
1211 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
1212 goto err;
1213 }
1214 n2s(p,i);
1215 param_len=i+2;
1216 if (param_len > n)
1217 {
1218 al=SSL_AD_DECODE_ERROR;
1219 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
1220 goto f_err;
1221 }
1222 if (!(dh->p=BN_bin2bn(p,i,NULL)))
1223 {
1224 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1225 goto err;
1226 }
1227 p+=i;
1228
1229 n2s(p,i);
1230 param_len+=i+2;
1231 if (param_len > n)
1232 {
1233 al=SSL_AD_DECODE_ERROR;
1234 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
1235 goto f_err;
1236 }
1237 if (!(dh->g=BN_bin2bn(p,i,NULL)))
1238 {
1239 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1240 goto err;
1241 }
1242 p+=i;
1243
1244 n2s(p,i);
1245 param_len+=i+2;
1246 if (param_len > n)
1247 {
1248 al=SSL_AD_DECODE_ERROR;
1249 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
1250 goto f_err;
1251 }
1252 if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
1253 {
1254 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1255 goto err;
1256 }
1257 p+=i;
1258 n-=param_len;
1259
1260#ifndef OPENSSL_NO_RSA
1261 if (alg & SSL_aRSA)
1262 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1263#else
1264 if (0)
1265 ;
1266#endif
1267#ifndef OPENSSL_NO_DSA
1268 else if (alg & SSL_aDSS)
1269 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1270#endif
1271 /* else anonymous DH, so no certificate or pkey. */
1272
1273 s->session->sess_cert->peer_dh_tmp=dh;
1274 dh=NULL;
1275 }
1276 else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
1277 {
1278 al=SSL_AD_ILLEGAL_PARAMETER;
1279 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1280 goto f_err;
1281 }
1282#endif /* !OPENSSL_NO_DH */
1283
1284#ifndef OPENSSL_NO_ECDH
1285 else if (alg & SSL_kECDHE)
1286 {
1287 EC_GROUP *ngroup;
1288 const EC_GROUP *group;
1289
1290 if ((ecdh=EC_KEY_new()) == NULL)
1291 {
1292 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1293 goto err;
1294 }
1295
1296 /* Extract elliptic curve parameters and the
1297 * server's ephemeral ECDH public key.
1298 * Keep accumulating lengths of various components in
1299 * param_len and make sure it never exceeds n.
1300 */
1301
1302 /* XXX: For now we only support named (not generic) curves
1303 * and the ECParameters in this case is just three bytes.
1304 */
1305 param_len=3;
1306 if ((param_len > n) ||
1307 (*p != NAMED_CURVE_TYPE) ||
1308 ((curve_nid = curve_id2nid(*(p + 2))) == 0))
1309 {
1310 al=SSL_AD_INTERNAL_ERROR;
1311 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1312 goto f_err;
1313 }
1314
1315 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1316 if (ngroup == NULL)
1317 {
1318 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1319 goto err;
1320 }
1321 if (EC_KEY_set_group(ecdh, ngroup) == 0)
1322 {
1323 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1324 goto err;
1325 }
1326 EC_GROUP_free(ngroup);
1327
1328 group = EC_KEY_get0_group(ecdh);
1329
1330 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1331 (EC_GROUP_get_degree(group) > 163))
1332 {
1333 al=SSL_AD_EXPORT_RESTRICTION;
1334 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1335 goto f_err;
1336 }
1337
1338 p+=3;
1339
1340 /* Next, get the encoded ECPoint */
1341 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1342 ((bn_ctx = BN_CTX_new()) == NULL))
1343 {
1344 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1345 goto err;
1346 }
1347
1348 encoded_pt_len = *p; /* length of encoded point */
1349 p+=1;
1350 param_len += (1 + encoded_pt_len);
1351 if ((param_len > n) ||
1352 (EC_POINT_oct2point(group, srvr_ecpoint,
1353 p, encoded_pt_len, bn_ctx) == 0))
1354 {
1355 al=SSL_AD_DECODE_ERROR;
1356 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1357 goto f_err;
1358 }
1359
1360 n-=param_len;
1361 p+=encoded_pt_len;
1362
1363 /* The ECC/TLS specification does not mention
1364 * the use of DSA to sign ECParameters in the server
1365 * key exchange message. We do support RSA and ECDSA.
1366 */
1367 if (0) ;
1368#ifndef OPENSSL_NO_RSA
1369 else if (alg & SSL_aRSA)
1370 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1371#endif
1372#ifndef OPENSSL_NO_ECDSA
1373 else if (alg & SSL_aECDSA)
1374 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1375#endif
1376 /* else anonymous ECDH, so no certificate or pkey. */
1377 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1378 s->session->sess_cert->peer_ecdh_tmp=ecdh;
1379 ecdh=NULL;
1380 BN_CTX_free(bn_ctx);
1381 EC_POINT_free(srvr_ecpoint);
1382 srvr_ecpoint = NULL;
1383 }
1384 else if (alg & SSL_kECDH)
1385 {
1386 al=SSL_AD_UNEXPECTED_MESSAGE;
1387 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1388 goto f_err;
1389 }
1390#endif /* !OPENSSL_NO_ECDH */
1391 if (alg & SSL_aFZA)
1392 {
1393 al=SSL_AD_HANDSHAKE_FAILURE;
1394 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1395 goto f_err;
1396 }
1397
1398
1399 /* p points to the next byte, there are 'n' bytes left */
1400
1401 /* if it was signed, check the signature */
1402 if (pkey != NULL)
1403 {
1404 n2s(p,i);
1405 n-=2;
1406 j=EVP_PKEY_size(pkey);
1407
1408 if ((i != n) || (n > j) || (n <= 0))
1409 {
1410 /* wrong packet length */
1411 al=SSL_AD_DECODE_ERROR;
1412 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
1413 goto f_err;
1414 }
1415
1416#ifndef OPENSSL_NO_RSA
1417 if (pkey->type == EVP_PKEY_RSA)
1418 {
1419 int num;
1420
1421 j=0;
1422 q=md_buf;
1423 for (num=2; num > 0; num--)
1424 {
1425 EVP_MD_CTX_set_flags(&md_ctx,
1426 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1427 EVP_DigestInit_ex(&md_ctx,(num == 2)
1428 ?s->ctx->md5:s->ctx->sha1, NULL);
1429 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1430 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1431 EVP_DigestUpdate(&md_ctx,param,param_len);
1432 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
1433 q+=i;
1434 j+=i;
1435 }
1436 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
1437 pkey->pkey.rsa);
1438 if (i < 0)
1439 {
1440 al=SSL_AD_DECRYPT_ERROR;
1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1442 goto f_err;
1443 }
1444 if (i == 0)
1445 {
1446 /* bad signature */
1447 al=SSL_AD_DECRYPT_ERROR;
1448 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1449 goto f_err;
1450 }
1451 }
1452 else
1453#endif
1454#ifndef OPENSSL_NO_DSA
1455 if (pkey->type == EVP_PKEY_DSA)
1456 {
1457 /* lets do DSS */
1458 EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
1459 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1460 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1461 EVP_VerifyUpdate(&md_ctx,param,param_len);
1462 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1463 {
1464 /* bad signature */
1465 al=SSL_AD_DECRYPT_ERROR;
1466 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1467 goto f_err;
1468 }
1469 }
1470 else
1471#endif
1472#ifndef OPENSSL_NO_ECDSA
1473 if (pkey->type == EVP_PKEY_EC)
1474 {
1475 /* let's do ECDSA */
1476 EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1477 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1478 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1479 EVP_VerifyUpdate(&md_ctx,param,param_len);
1480 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1481 {
1482 /* bad signature */
1483 al=SSL_AD_DECRYPT_ERROR;
1484 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1485 goto f_err;
1486 }
1487 }
1488 else
1489#endif
1490 {
1491 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1492 goto err;
1493 }
1494 }
1495 else
1496 {
1497 /* still data left over */
1498 if (!(alg & SSL_aNULL))
1499 {
1500 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1501 goto err;
1502 }
1503 if (n != 0)
1504 {
1505 al=SSL_AD_DECODE_ERROR;
1506 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
1507 goto f_err;
1508 }
1509 }
1510 EVP_PKEY_free(pkey);
1511 EVP_MD_CTX_cleanup(&md_ctx);
1512 return(1);
1513f_err:
1514 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1515err:
1516 EVP_PKEY_free(pkey);
1517#ifndef OPENSSL_NO_RSA
1518 if (rsa != NULL)
1519 RSA_free(rsa);
1520#endif
1521#ifndef OPENSSL_NO_DH
1522 if (dh != NULL)
1523 DH_free(dh);
1524#endif
1525#ifndef OPENSSL_NO_ECDH
1526 BN_CTX_free(bn_ctx);
1527 EC_POINT_free(srvr_ecpoint);
1528 if (ecdh != NULL)
1529 EC_KEY_free(ecdh);
1530#endif
1531 EVP_MD_CTX_cleanup(&md_ctx);
1532 return(-1);
1533 }
1534
1535int ssl3_get_certificate_request(SSL *s)
1536 {
1537 int ok,ret=0;
1538 unsigned long n,nc,l;
1539 unsigned int llen,ctype_num,i;
1540 X509_NAME *xn=NULL;
1541 const unsigned char *p,*q;
1542 unsigned char *d;
1543 STACK_OF(X509_NAME) *ca_sk=NULL;
1544
1545 n=s->method->ssl_get_message(s,
1546 SSL3_ST_CR_CERT_REQ_A,
1547 SSL3_ST_CR_CERT_REQ_B,
1548 -1,
1549 s->max_cert_list,
1550 &ok);
1551
1552 if (!ok) return((int)n);
1553
1554 s->s3->tmp.cert_req=0;
1555
1556 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
1557 {
1558 s->s3->tmp.reuse_message=1;
1559 return(1);
1560 }
1561
1562 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
1563 {
1564 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1565 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
1566 goto err;
1567 }
1568
1569 /* TLS does not like anon-DH with client cert */
1570 if (s->version > SSL3_VERSION)
1571 {
1572 l=s->s3->tmp.new_cipher->algorithms;
1573 if (l & SSL_aNULL)
1574 {
1575 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1576 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1577 goto err;
1578 }
1579 }
1580
1581 p=d=(unsigned char *)s->init_msg;
1582
1583 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
1584 {
1585 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1586 goto err;
1587 }
1588
1589 /* get the certificate types */
1590 ctype_num= *(p++);
1591 if (ctype_num > SSL3_CT_NUMBER)
1592 ctype_num=SSL3_CT_NUMBER;
1593 for (i=0; i<ctype_num; i++)
1594 s->s3->tmp.ctype[i]= p[i];
1595 p+=ctype_num;
1596
1597 /* get the CA RDNs */
1598 n2s(p,llen);
1599#if 0
1600{
1601FILE *out;
1602out=fopen("/tmp/vsign.der","w");
1603fwrite(p,1,llen,out);
1604fclose(out);
1605}
1606#endif
1607
1608 if ((llen+ctype_num+2+1) != n)
1609 {
1610 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1611 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
1612 goto err;
1613 }
1614
1615 for (nc=0; nc<llen; )
1616 {
1617 n2s(p,l);
1618 if ((l+nc+2) > llen)
1619 {
1620 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1621 goto cont; /* netscape bugs */
1622 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1623 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
1624 goto err;
1625 }
1626
1627 q=p;
1628
1629 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
1630 {
1631 /* If netscape tolerance is on, ignore errors */
1632 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1633 goto cont;
1634 else
1635 {
1636 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1637 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
1638 goto err;
1639 }
1640 }
1641
1642 if (q != (p+l))
1643 {
1644 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1645 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
1646 goto err;
1647 }
1648 if (!sk_X509_NAME_push(ca_sk,xn))
1649 {
1650 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1651 goto err;
1652 }
1653
1654 p+=l;
1655 nc+=l+2;
1656 }
1657
1658 if (0)
1659 {
1660cont:
1661 ERR_clear_error();
1662 }
1663
1664 /* we should setup a certificate to return.... */
1665 s->s3->tmp.cert_req=1;
1666 s->s3->tmp.ctype_num=ctype_num;
1667 if (s->s3->tmp.ca_names != NULL)
1668 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1669 s->s3->tmp.ca_names=ca_sk;
1670 ca_sk=NULL;
1671
1672 ret=1;
1673err:
1674 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
1675 return(ret);
1676 }
1677
1678static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1679 {
1680 return(X509_NAME_cmp(*a,*b));
1681 }
1682#ifndef OPENSSL_NO_TLSEXT
1683int ssl3_get_new_session_ticket(SSL *s)
1684 {
1685 int ok,al,ret=0, ticklen;
1686 long n;
1687 const unsigned char *p;
1688 unsigned char *d;
1689
1690 n=s->method->ssl_get_message(s,
1691 SSL3_ST_CR_SESSION_TICKET_A,
1692 SSL3_ST_CR_SESSION_TICKET_B,
1693 -1,
1694 16384,
1695 &ok);
1696
1697 if (!ok)
1698 return((int)n);
1699
1700 if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
1701 {
1702 s->s3->tmp.reuse_message=1;
1703 return(1);
1704 }
1705 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
1706 {
1707 al=SSL_AD_UNEXPECTED_MESSAGE;
1708 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
1709 goto f_err;
1710 }
1711 if (n < 6)
1712 {
1713 /* need at least ticket_lifetime_hint + ticket length */
1714 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1715 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1716 goto f_err;
1717 }
1718 p=d=(unsigned char *)s->init_msg;
1719 n2l(p, s->session->tlsext_tick_lifetime_hint);
1720 n2s(p, ticklen);
1721 /* ticket_lifetime_hint + ticket_length + ticket */
1722 if (ticklen + 6 != n)
1723 {
1724 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1725 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1726 goto f_err;
1727 }
1728 if (s->session->tlsext_tick)
1729 {
1730 OPENSSL_free(s->session->tlsext_tick);
1731 s->session->tlsext_ticklen = 0;
1732 }
1733 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
1734 if (!s->session->tlsext_tick)
1735 {
1736 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
1737 goto err;
1738 }
1739 memcpy(s->session->tlsext_tick, p, ticklen);
1740 s->session->tlsext_ticklen = ticklen;
1741
1742 ret=1;
1743 return(ret);
1744f_err:
1745 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1746err:
1747 return(-1);
1748 }
1749
1750int ssl3_get_cert_status(SSL *s)
1751 {
1752 int ok, al;
1753 unsigned long resplen;
1754 long n;
1755 const unsigned char *p;
1756
1757 n=s->method->ssl_get_message(s,
1758 SSL3_ST_CR_CERT_STATUS_A,
1759 SSL3_ST_CR_CERT_STATUS_B,
1760 SSL3_MT_CERTIFICATE_STATUS,
1761 16384,
1762 &ok);
1763
1764 if (!ok) return((int)n);
1765 if (n < 4)
1766 {
1767 /* need at least status type + length */
1768 al = SSL_AD_DECODE_ERROR;
1769 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1770 goto f_err;
1771 }
1772 p = (unsigned char *)s->init_msg;
1773 if (*p++ != TLSEXT_STATUSTYPE_ocsp)
1774 {
1775 al = SSL_AD_DECODE_ERROR;
1776 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
1777 goto f_err;
1778 }
1779 n2l3(p, resplen);
1780 if (resplen + 4 != (unsigned long)n)
1781 {
1782 al = SSL_AD_DECODE_ERROR;
1783 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1784 goto f_err;
1785 }
1786 if (s->tlsext_ocsp_resp)
1787 OPENSSL_free(s->tlsext_ocsp_resp);
1788 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
1789 if (!s->tlsext_ocsp_resp)
1790 {
1791 al = SSL_AD_INTERNAL_ERROR;
1792 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1793 goto f_err;
1794 }
1795 s->tlsext_ocsp_resplen = resplen;
1796 if (s->ctx->tlsext_status_cb)
1797 {
1798 int ret;
1799 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1800 if (ret == 0)
1801 {
1802 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1803 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
1804 goto f_err;
1805 }
1806 if (ret < 0)
1807 {
1808 al = SSL_AD_INTERNAL_ERROR;
1809 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1810 goto f_err;
1811 }
1812 }
1813 return 1;
1814f_err:
1815 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1816 return(-1);
1817 }
1818#endif
1819
1820int ssl3_get_server_done(SSL *s)
1821 {
1822 int ok,ret=0;
1823 long n;
1824
1825 n=s->method->ssl_get_message(s,
1826 SSL3_ST_CR_SRVR_DONE_A,
1827 SSL3_ST_CR_SRVR_DONE_B,
1828 SSL3_MT_SERVER_DONE,
1829 30, /* should be very small, like 0 :-) */
1830 &ok);
1831
1832 if (!ok) return((int)n);
1833 if (n > 0)
1834 {
1835 /* should contain no data */
1836 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1837 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
1838 return -1;
1839 }
1840 ret=1;
1841 return(ret);
1842 }
1843
1844
1845int ssl3_send_client_key_exchange(SSL *s)
1846 {
1847 unsigned char *p,*d;
1848 int n;
1849 unsigned long l;
1850#ifndef OPENSSL_NO_RSA
1851 unsigned char *q;
1852 EVP_PKEY *pkey=NULL;
1853#endif
1854#ifndef OPENSSL_NO_KRB5
1855 KSSL_ERR kssl_err;
1856#endif /* OPENSSL_NO_KRB5 */
1857#ifndef OPENSSL_NO_ECDH
1858 EC_KEY *clnt_ecdh = NULL;
1859 const EC_POINT *srvr_ecpoint = NULL;
1860 EVP_PKEY *srvr_pub_pkey = NULL;
1861 unsigned char *encodedPoint = NULL;
1862 int encoded_pt_len = 0;
1863 BN_CTX * bn_ctx = NULL;
1864#endif
1865
1866 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
1867 {
1868 d=(unsigned char *)s->init_buf->data;
1869 p= &(d[4]);
1870
1871 l=s->s3->tmp.new_cipher->algorithms;
1872
1873 /* Fool emacs indentation */
1874 if (0) {}
1875#ifndef OPENSSL_NO_RSA
1876 else if (l & SSL_kRSA)
1877 {
1878 RSA *rsa;
1879 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1880
1881 if (s->session->sess_cert->peer_rsa_tmp != NULL)
1882 rsa=s->session->sess_cert->peer_rsa_tmp;
1883 else
1884 {
1885 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1886 if ((pkey == NULL) ||
1887 (pkey->type != EVP_PKEY_RSA) ||
1888 (pkey->pkey.rsa == NULL))
1889 {
1890 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1891 goto err;
1892 }
1893 rsa=pkey->pkey.rsa;
1894 EVP_PKEY_free(pkey);
1895 }
1896
1897 tmp_buf[0]=s->client_version>>8;
1898 tmp_buf[1]=s->client_version&0xff;
1899 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
1900 goto err;
1901
1902 s->session->master_key_length=sizeof tmp_buf;
1903
1904 q=p;
1905 /* Fix buf for TLS and beyond */
1906 if (s->version > SSL3_VERSION)
1907 p+=2;
1908 n=RSA_public_encrypt(sizeof tmp_buf,
1909 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
1910#ifdef PKCS1_CHECK
1911 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
1912 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
1913#endif
1914 if (n <= 0)
1915 {
1916 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
1917 goto err;
1918 }
1919
1920 /* Fix buf for TLS and beyond */
1921 if (s->version > SSL3_VERSION)
1922 {
1923 s2n(n,q);
1924 n+=2;
1925 }
1926
1927 s->session->master_key_length=
1928 s->method->ssl3_enc->generate_master_secret(s,
1929 s->session->master_key,
1930 tmp_buf,sizeof tmp_buf);
1931 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
1932 }
1933#endif
1934#ifndef OPENSSL_NO_KRB5
1935 else if (l & SSL_kKRB5)
1936 {
1937 krb5_error_code krb5rc;
1938 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1939 /* krb5_data krb5_ap_req; */
1940 krb5_data *enc_ticket;
1941 krb5_data authenticator, *authp = NULL;
1942 EVP_CIPHER_CTX ciph_ctx;
1943 EVP_CIPHER *enc = NULL;
1944 unsigned char iv[EVP_MAX_IV_LENGTH];
1945 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1946 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
1947 + EVP_MAX_IV_LENGTH];
1948 int padl, outl = sizeof(epms);
1949
1950 EVP_CIPHER_CTX_init(&ciph_ctx);
1951
1952#ifdef KSSL_DEBUG
1953 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1954 l, SSL_kKRB5);
1955#endif /* KSSL_DEBUG */
1956
1957 authp = NULL;
1958#ifdef KRB5SENDAUTH
1959 if (KRB5SENDAUTH) authp = &authenticator;
1960#endif /* KRB5SENDAUTH */
1961
1962 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
1963 &kssl_err);
1964 enc = kssl_map_enc(kssl_ctx->enctype);
1965 if (enc == NULL)
1966 goto err;
1967#ifdef KSSL_DEBUG
1968 {
1969 printf("kssl_cget_tkt rtn %d\n", krb5rc);
1970 if (krb5rc && kssl_err.text)
1971 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
1972 }
1973#endif /* KSSL_DEBUG */
1974
1975 if (krb5rc)
1976 {
1977 ssl3_send_alert(s,SSL3_AL_FATAL,
1978 SSL_AD_HANDSHAKE_FAILURE);
1979 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1980 kssl_err.reason);
1981 goto err;
1982 }
1983
1984 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
1985 ** in place of RFC 2712 KerberosWrapper, as in:
1986 **
1987 ** Send ticket (copy to *p, set n = length)
1988 ** n = krb5_ap_req.length;
1989 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
1990 ** if (krb5_ap_req.data)
1991 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
1992 **
1993 ** Now using real RFC 2712 KerberosWrapper
1994 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
1995 ** Note: 2712 "opaque" types are here replaced
1996 ** with a 2-byte length followed by the value.
1997 ** Example:
1998 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
1999 ** Where "xx xx" = length bytes. Shown here with
2000 ** optional authenticator omitted.
2001 */
2002
2003 /* KerberosWrapper.Ticket */
2004 s2n(enc_ticket->length,p);
2005 memcpy(p, enc_ticket->data, enc_ticket->length);
2006 p+= enc_ticket->length;
2007 n = enc_ticket->length + 2;
2008
2009 /* KerberosWrapper.Authenticator */
2010 if (authp && authp->length)
2011 {
2012 s2n(authp->length,p);
2013 memcpy(p, authp->data, authp->length);
2014 p+= authp->length;
2015 n+= authp->length + 2;
2016
2017 free(authp->data);
2018 authp->data = NULL;
2019 authp->length = 0;
2020 }
2021 else
2022 {
2023 s2n(0,p);/* null authenticator length */
2024 n+=2;
2025 }
2026
2027 tmp_buf[0]=s->client_version>>8;
2028 tmp_buf[1]=s->client_version&0xff;
2029 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2030 goto err;
2031
2032 /* 20010420 VRS. Tried it this way; failed.
2033 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
2034 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
2035 ** kssl_ctx->length);
2036 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2037 */
2038
2039 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2040 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
2041 kssl_ctx->key,iv);
2042 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
2043 sizeof tmp_buf);
2044 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
2045 outl += padl;
2046 if (outl > sizeof epms)
2047 {
2048 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2049 goto err;
2050 }
2051 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2052
2053 /* KerberosWrapper.EncryptedPreMasterSecret */
2054 s2n(outl,p);
2055 memcpy(p, epms, outl);
2056 p+=outl;
2057 n+=outl + 2;
2058
2059 s->session->master_key_length=
2060 s->method->ssl3_enc->generate_master_secret(s,
2061 s->session->master_key,
2062 tmp_buf, sizeof tmp_buf);
2063
2064 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2065 OPENSSL_cleanse(epms, outl);
2066 }
2067#endif
2068#ifndef OPENSSL_NO_DH
2069 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2070 {
2071 DH *dh_srvr,*dh_clnt;
2072
2073 if (s->session->sess_cert == NULL)
2074 {
2075 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2076 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2077 goto err;
2078 }
2079
2080 if (s->session->sess_cert->peer_dh_tmp != NULL)
2081 dh_srvr=s->session->sess_cert->peer_dh_tmp;
2082 else
2083 {
2084 /* we get them from the cert */
2085 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2086 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2087 goto err;
2088 }
2089
2090 /* generate a new random key */
2091 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
2092 {
2093 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2094 goto err;
2095 }
2096 if (!DH_generate_key(dh_clnt))
2097 {
2098 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2099 goto err;
2100 }
2101
2102 /* use the 'p' output buffer for the DH key, but
2103 * make sure to clear it out afterwards */
2104
2105 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
2106
2107 if (n <= 0)
2108 {
2109 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2110 goto err;
2111 }
2112
2113 /* generate master key from the result */
2114 s->session->master_key_length=
2115 s->method->ssl3_enc->generate_master_secret(s,
2116 s->session->master_key,p,n);
2117 /* clean up */
2118 memset(p,0,n);
2119
2120 /* send off the data */
2121 n=BN_num_bytes(dh_clnt->pub_key);
2122 s2n(n,p);
2123 BN_bn2bin(dh_clnt->pub_key,p);
2124 n+=2;
2125
2126 DH_free(dh_clnt);
2127
2128 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2129 }
2130#endif
2131
2132#ifndef OPENSSL_NO_ECDH
2133 else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
2134 {
2135 const EC_GROUP *srvr_group = NULL;
2136 EC_KEY *tkey;
2137 int ecdh_clnt_cert = 0;
2138 int field_size = 0;
2139
2140 /* Did we send out the client's
2141 * ECDH share for use in premaster
2142 * computation as part of client certificate?
2143 * If so, set ecdh_clnt_cert to 1.
2144 */
2145 if ((l & SSL_kECDH) && (s->cert != NULL))
2146 {
2147 /* XXX: For now, we do not support client
2148 * authentication using ECDH certificates.
2149 * To add such support, one needs to add
2150 * code that checks for appropriate
2151 * conditions and sets ecdh_clnt_cert to 1.
2152 * For example, the cert have an ECC
2153 * key on the same curve as the server's
2154 * and the key should be authorized for
2155 * key agreement.
2156 *
2157 * One also needs to add code in ssl3_connect
2158 * to skip sending the certificate verify
2159 * message.
2160 *
2161 * if ((s->cert->key->privatekey != NULL) &&
2162 * (s->cert->key->privatekey->type ==
2163 * EVP_PKEY_EC) && ...)
2164 * ecdh_clnt_cert = 1;
2165 */
2166 }
2167
2168 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
2169 {
2170 tkey = s->session->sess_cert->peer_ecdh_tmp;
2171 }
2172 else
2173 {
2174 /* Get the Server Public Key from Cert */
2175 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2176 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2177 if ((srvr_pub_pkey == NULL) ||
2178 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2179 (srvr_pub_pkey->pkey.ec == NULL))
2180 {
2181 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2182 ERR_R_INTERNAL_ERROR);
2183 goto err;
2184 }
2185
2186 tkey = srvr_pub_pkey->pkey.ec;
2187 }
2188
2189 srvr_group = EC_KEY_get0_group(tkey);
2190 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2191
2192 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
2193 {
2194 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2195 ERR_R_INTERNAL_ERROR);
2196 goto err;
2197 }
2198
2199 if ((clnt_ecdh=EC_KEY_new()) == NULL)
2200 {
2201 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2202 goto err;
2203 }
2204
2205 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
2206 {
2207 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2208 goto err;
2209 }
2210 if (ecdh_clnt_cert)
2211 {
2212 /* Reuse key info from our certificate
2213 * We only need our private key to perform
2214 * the ECDH computation.
2215 */
2216 const BIGNUM *priv_key;
2217 tkey = s->cert->key->privatekey->pkey.ec;
2218 priv_key = EC_KEY_get0_private_key(tkey);
2219 if (priv_key == NULL)
2220 {
2221 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2222 goto err;
2223 }
2224 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
2225 {
2226 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2227 goto err;
2228 }
2229 }
2230 else
2231 {
2232 /* Generate a new ECDH key pair */
2233 if (!(EC_KEY_generate_key(clnt_ecdh)))
2234 {
2235 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2236 goto err;
2237 }
2238 }
2239
2240 /* use the 'p' output buffer for the ECDH key, but
2241 * make sure to clear it out afterwards
2242 */
2243
2244 field_size = EC_GROUP_get_degree(srvr_group);
2245 if (field_size <= 0)
2246 {
2247 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2248 ERR_R_ECDH_LIB);
2249 goto err;
2250 }
2251 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2252 if (n <= 0)
2253 {
2254 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2255 ERR_R_ECDH_LIB);
2256 goto err;
2257 }
2258
2259 /* generate master key from the result */
2260 s->session->master_key_length = s->method->ssl3_enc \
2261 -> generate_master_secret(s,
2262 s->session->master_key,
2263 p, n);
2264
2265 memset(p, 0, n); /* clean up */
2266
2267 if (ecdh_clnt_cert)
2268 {
2269 /* Send empty client key exch message */
2270 n = 0;
2271 }
2272 else
2273 {
2274 /* First check the size of encoding and
2275 * allocate memory accordingly.
2276 */
2277 encoded_pt_len =
2278 EC_POINT_point2oct(srvr_group,
2279 EC_KEY_get0_public_key(clnt_ecdh),
2280 POINT_CONVERSION_UNCOMPRESSED,
2281 NULL, 0, NULL);
2282
2283 encodedPoint = (unsigned char *)
2284 OPENSSL_malloc(encoded_pt_len *
2285 sizeof(unsigned char));
2286 bn_ctx = BN_CTX_new();
2287 if ((encodedPoint == NULL) ||
2288 (bn_ctx == NULL))
2289 {
2290 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2291 goto err;
2292 }
2293
2294 /* Encode the public key */
2295 n = EC_POINT_point2oct(srvr_group,
2296 EC_KEY_get0_public_key(clnt_ecdh),
2297 POINT_CONVERSION_UNCOMPRESSED,
2298 encodedPoint, encoded_pt_len, bn_ctx);
2299
2300 *p = n; /* length of encoded point */
2301 /* Encoded point will be copied here */
2302 p += 1;
2303 /* copy the point */
2304 memcpy((unsigned char *)p, encodedPoint, n);
2305 /* increment n to account for length field */
2306 n += 1;
2307 }
2308
2309 /* Free allocated memory */
2310 BN_CTX_free(bn_ctx);
2311 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2312 if (clnt_ecdh != NULL)
2313 EC_KEY_free(clnt_ecdh);
2314 EVP_PKEY_free(srvr_pub_pkey);
2315 }
2316#endif /* !OPENSSL_NO_ECDH */
2317 else
2318 {
2319 ssl3_send_alert(s, SSL3_AL_FATAL,
2320 SSL_AD_HANDSHAKE_FAILURE);
2321 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2322 ERR_R_INTERNAL_ERROR);
2323 goto err;
2324 }
2325
2326 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
2327 l2n3(n,d);
2328
2329 s->state=SSL3_ST_CW_KEY_EXCH_B;
2330 /* number of bytes to write */
2331 s->init_num=n+4;
2332 s->init_off=0;
2333 }
2334
2335 /* SSL3_ST_CW_KEY_EXCH_B */
2336 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2337err:
2338#ifndef OPENSSL_NO_ECDH
2339 BN_CTX_free(bn_ctx);
2340 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2341 if (clnt_ecdh != NULL)
2342 EC_KEY_free(clnt_ecdh);
2343 EVP_PKEY_free(srvr_pub_pkey);
2344#endif
2345 return(-1);
2346 }
2347
2348int ssl3_send_client_verify(SSL *s)
2349 {
2350 unsigned char *p,*d;
2351 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
2352 EVP_PKEY *pkey;
2353#ifndef OPENSSL_NO_RSA
2354 unsigned u=0;
2355#endif
2356 unsigned long n;
2357#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
2358 int j;
2359#endif
2360
2361 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
2362 {
2363 d=(unsigned char *)s->init_buf->data;
2364 p= &(d[4]);
2365 pkey=s->cert->key->privatekey;
2366
2367 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
2368 &(data[MD5_DIGEST_LENGTH]));
2369
2370#ifndef OPENSSL_NO_RSA
2371 if (pkey->type == EVP_PKEY_RSA)
2372 {
2373 s->method->ssl3_enc->cert_verify_mac(s,
2374 &(s->s3->finish_dgst1),&(data[0]));
2375 if (RSA_sign(NID_md5_sha1, data,
2376 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2377 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
2378 {
2379 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
2380 goto err;
2381 }
2382 s2n(u,p);
2383 n=u+2;
2384 }
2385 else
2386#endif
2387#ifndef OPENSSL_NO_DSA
2388 if (pkey->type == EVP_PKEY_DSA)
2389 {
2390 if (!DSA_sign(pkey->save_type,
2391 &(data[MD5_DIGEST_LENGTH]),
2392 SHA_DIGEST_LENGTH,&(p[2]),
2393 (unsigned int *)&j,pkey->pkey.dsa))
2394 {
2395 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
2396 goto err;
2397 }
2398 s2n(j,p);
2399 n=j+2;
2400 }
2401 else
2402#endif
2403#ifndef OPENSSL_NO_ECDSA
2404 if (pkey->type == EVP_PKEY_EC)
2405 {
2406 if (!ECDSA_sign(pkey->save_type,
2407 &(data[MD5_DIGEST_LENGTH]),
2408 SHA_DIGEST_LENGTH,&(p[2]),
2409 (unsigned int *)&j,pkey->pkey.ec))
2410 {
2411 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2412 ERR_R_ECDSA_LIB);
2413 goto err;
2414 }
2415 s2n(j,p);
2416 n=j+2;
2417 }
2418 else
2419#endif
2420 {
2421 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
2422 goto err;
2423 }
2424 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
2425 l2n3(n,d);
2426
2427 s->state=SSL3_ST_CW_CERT_VRFY_B;
2428 s->init_num=(int)n+4;
2429 s->init_off=0;
2430 }
2431 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2432err:
2433 return(-1);
2434 }
2435
2436int ssl3_send_client_certificate(SSL *s)
2437 {
2438 X509 *x509=NULL;
2439 EVP_PKEY *pkey=NULL;
2440 int i;
2441 unsigned long l;
2442
2443 if (s->state == SSL3_ST_CW_CERT_A)
2444 {
2445 if ((s->cert == NULL) ||
2446 (s->cert->key->x509 == NULL) ||
2447 (s->cert->key->privatekey == NULL))
2448 s->state=SSL3_ST_CW_CERT_B;
2449 else
2450 s->state=SSL3_ST_CW_CERT_C;
2451 }
2452
2453 /* We need to get a client cert */
2454 if (s->state == SSL3_ST_CW_CERT_B)
2455 {
2456 /* If we get an error, we need to
2457 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2458 * We then get retied later */
2459 i=0;
2460 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2461 if (i < 0)
2462 {
2463 s->rwstate=SSL_X509_LOOKUP;
2464 return(-1);
2465 }
2466 s->rwstate=SSL_NOTHING;
2467 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
2468 {
2469 s->state=SSL3_ST_CW_CERT_B;
2470 if ( !SSL_use_certificate(s,x509) ||
2471 !SSL_use_PrivateKey(s,pkey))
2472 i=0;
2473 }
2474 else if (i == 1)
2475 {
2476 i=0;
2477 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2478 }
2479
2480 if (x509 != NULL) X509_free(x509);
2481 if (pkey != NULL) EVP_PKEY_free(pkey);
2482 if (i == 0)
2483 {
2484 if (s->version == SSL3_VERSION)
2485 {
2486 s->s3->tmp.cert_req=0;
2487 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
2488 return(1);
2489 }
2490 else
2491 {
2492 s->s3->tmp.cert_req=2;
2493 }
2494 }
2495
2496 /* Ok, we have a cert */
2497 s->state=SSL3_ST_CW_CERT_C;
2498 }
2499
2500 if (s->state == SSL3_ST_CW_CERT_C)
2501 {
2502 s->state=SSL3_ST_CW_CERT_D;
2503 l=ssl3_output_cert_chain(s,
2504 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
2505 s->init_num=(int)l;
2506 s->init_off=0;
2507 }
2508 /* SSL3_ST_CW_CERT_D */
2509 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2510 }
2511
2512#define has_bits(i,m) (((i)&(m)) == (m))
2513
2514int ssl3_check_cert_and_algorithm(SSL *s)
2515 {
2516 int i,idx;
2517 long algs;
2518 EVP_PKEY *pkey=NULL;
2519 SESS_CERT *sc;
2520#ifndef OPENSSL_NO_RSA
2521 RSA *rsa;
2522#endif
2523#ifndef OPENSSL_NO_DH
2524 DH *dh;
2525#endif
2526
2527 sc=s->session->sess_cert;
2528
2529 algs=s->s3->tmp.new_cipher->algorithms;
2530
2531 /* we don't have a certificate */
2532 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
2533 return(1);
2534
2535 if (sc == NULL)
2536 {
2537 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
2538 goto err;
2539 }
2540
2541#ifndef OPENSSL_NO_RSA
2542 rsa=s->session->sess_cert->peer_rsa_tmp;
2543#endif
2544#ifndef OPENSSL_NO_DH
2545 dh=s->session->sess_cert->peer_dh_tmp;
2546#endif
2547
2548 /* This is the passed certificate */
2549
2550 idx=sc->peer_cert_type;
2551#ifndef OPENSSL_NO_ECDH
2552 if (idx == SSL_PKEY_ECC)
2553 {
2554 if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2555 s->s3->tmp.new_cipher) == 0)
2556 { /* check failed */
2557 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2558 goto f_err;
2559 }
2560 else
2561 {
2562 return 1;
2563 }
2564 }
2565#endif
2566 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
2567 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
2568 EVP_PKEY_free(pkey);
2569
2570
2571 /* Check that we have a certificate if we require one */
2572 if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
2573 {
2574 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
2575 goto f_err;
2576 }
2577#ifndef OPENSSL_NO_DSA
2578 else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
2579 {
2580 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
2581 goto f_err;
2582 }
2583#endif
2584#ifndef OPENSSL_NO_RSA
2585 if ((algs & SSL_kRSA) &&
2586 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
2587 {
2588 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2589 goto f_err;
2590 }
2591#endif
2592#ifndef OPENSSL_NO_DH
2593 if ((algs & SSL_kEDH) &&
2594 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
2595 {
2596 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
2597 goto f_err;
2598 }
2599 else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
2600 {
2601 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
2602 goto f_err;
2603 }
2604#ifndef OPENSSL_NO_DSA
2605 else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
2606 {
2607 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
2608 goto f_err;
2609 }
2610#endif
2611#endif
2612
2613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
2614 {
2615#ifndef OPENSSL_NO_RSA
2616 if (algs & SSL_kRSA)
2617 {
2618 if (rsa == NULL
2619 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
2620 {
2621 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
2622 goto f_err;
2623 }
2624 }
2625 else
2626#endif
2627#ifndef OPENSSL_NO_DH
2628 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2629 {
2630 if (dh == NULL
2631 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
2632 {
2633 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
2634 goto f_err;
2635 }
2636 }
2637 else
2638#endif
2639 {
2640 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2641 goto f_err;
2642 }
2643 }
2644 return(1);
2645f_err:
2646 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2647err:
2648 return(0);
2649 }
2650
2651
2652#ifndef OPENSSL_NO_ECDH
2653/* This is the complement of nid2curve_id in s3_srvr.c. */
2654static int curve_id2nid(int curve_id)
2655{
2656 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2657 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2658 static int nid_list[26] =
2659 {
2660 0,
2661 NID_sect163k1, /* sect163k1 (1) */
2662 NID_sect163r1, /* sect163r1 (2) */
2663 NID_sect163r2, /* sect163r2 (3) */
2664 NID_sect193r1, /* sect193r1 (4) */
2665 NID_sect193r2, /* sect193r2 (5) */
2666 NID_sect233k1, /* sect233k1 (6) */
2667 NID_sect233r1, /* sect233r1 (7) */
2668 NID_sect239k1, /* sect239k1 (8) */
2669 NID_sect283k1, /* sect283k1 (9) */
2670 NID_sect283r1, /* sect283r1 (10) */
2671 NID_sect409k1, /* sect409k1 (11) */
2672 NID_sect409r1, /* sect409r1 (12) */
2673 NID_sect571k1, /* sect571k1 (13) */
2674 NID_sect571r1, /* sect571r1 (14) */
2675 NID_secp160k1, /* secp160k1 (15) */
2676 NID_secp160r1, /* secp160r1 (16) */
2677 NID_secp160r2, /* secp160r2 (17) */
2678 NID_secp192k1, /* secp192k1 (18) */
2679 NID_X9_62_prime192v1, /* secp192r1 (19) */
2680 NID_secp224k1, /* secp224k1 (20) */
2681 NID_secp224r1, /* secp224r1 (21) */
2682 NID_secp256k1, /* secp256k1 (22) */
2683 NID_X9_62_prime256v1, /* secp256r1 (23) */
2684 NID_secp384r1, /* secp384r1 (24) */
2685 NID_secp521r1 /* secp521r1 (25) */
2686 };
2687
2688 if ((curve_id < 1) || (curve_id > 25)) return 0;
2689
2690 return nid_list[curve_id];
2691}
2692#endif
2693
2694/* Check to see if handshake is full or resumed. Usually this is just a
2695 * case of checking to see if a cache hit has occurred. In the case of
2696 * session tickets we have to check the next message to be sure.
2697 */
2698
2699#ifndef OPENSSL_NO_TLSEXT
2700static int ssl3_check_finished(SSL *s)
2701 {
2702 int ok;
2703 long n;
2704 /* If we have no ticket or session ID is non-zero length (a match of
2705 * a non-zero session length would never reach here) it cannot be a
2706 * resumed session.
2707 */
2708 if (!s->session->tlsext_tick || s->session->session_id_length)
2709 return 1;
2710 /* this function is called when we really expect a Certificate
2711 * message, so permit appropriate message length */
2712 n=s->method->ssl_get_message(s,
2713 SSL3_ST_CR_CERT_A,
2714 SSL3_ST_CR_CERT_B,
2715 -1,
2716 s->max_cert_list,
2717 &ok);
2718 if (!ok) return((int)n);
2719 s->s3->tmp.reuse_message = 1;
2720 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
2721 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
2722 return 2;
2723
2724 return 1;
2725 }
2726#endif
2727
2728int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
2729 {
2730 int i = 0;
2731#ifndef OPENSSL_NO_ENGINE
2732 if (s->ctx->client_cert_engine)
2733 {
2734 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
2735 SSL_get_client_CA_list(s),
2736 px509, ppkey, NULL, NULL, NULL);
2737 if (i != 0)
2738 return i;
2739 }
2740#endif
2741 if (s->ctx->client_cert_cb)
2742 i = s->ctx->client_cert_cb(s,px509,ppkey);
2743 return i;
2744 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index 5aa7bb21da..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,2626 +0,0 @@
1/* ssl/s3_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124
125#include <stdio.h>
126#include <openssl/objects.h>
127#include "ssl_locl.h"
128#include "kssl_lcl.h"
129#include <openssl/md5.h>
130#ifndef OPENSSL_NO_DH
131#include <openssl/dh.h>
132#endif
133#include <openssl/pq_compat.h>
134
135const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
136
137#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
138
139/* list of available SSLv3 ciphers (sorted by id) */
140OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
141/* The RSA ciphers */
142/* Cipher 01 */
143 {
144 1,
145 SSL3_TXT_RSA_NULL_MD5,
146 SSL3_CK_RSA_NULL_MD5,
147 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
148 SSL_NOT_EXP|SSL_STRONG_NONE,
149 0,
150 0,
151 0,
152 SSL_ALL_CIPHERS,
153 SSL_ALL_STRENGTHS,
154 },
155/* Cipher 02 */
156 {
157 1,
158 SSL3_TXT_RSA_NULL_SHA,
159 SSL3_CK_RSA_NULL_SHA,
160 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
161 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
162 0,
163 0,
164 0,
165 SSL_ALL_CIPHERS,
166 SSL_ALL_STRENGTHS,
167 },
168/* Cipher 03 */
169 {
170 1,
171 SSL3_TXT_RSA_RC4_40_MD5,
172 SSL3_CK_RSA_RC4_40_MD5,
173 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
174 SSL_EXPORT|SSL_EXP40,
175 0,
176 40,
177 128,
178 SSL_ALL_CIPHERS,
179 SSL_ALL_STRENGTHS,
180 },
181/* Cipher 04 */
182 {
183 1,
184 SSL3_TXT_RSA_RC4_128_MD5,
185 SSL3_CK_RSA_RC4_128_MD5,
186 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
187 SSL_NOT_EXP|SSL_MEDIUM,
188 0,
189 128,
190 128,
191 SSL_ALL_CIPHERS,
192 SSL_ALL_STRENGTHS,
193 },
194/* Cipher 05 */
195 {
196 1,
197 SSL3_TXT_RSA_RC4_128_SHA,
198 SSL3_CK_RSA_RC4_128_SHA,
199 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
200 SSL_NOT_EXP|SSL_MEDIUM,
201 0,
202 128,
203 128,
204 SSL_ALL_CIPHERS,
205 SSL_ALL_STRENGTHS,
206 },
207/* Cipher 06 */
208 {
209 1,
210 SSL3_TXT_RSA_RC2_40_MD5,
211 SSL3_CK_RSA_RC2_40_MD5,
212 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
213 SSL_EXPORT|SSL_EXP40,
214 0,
215 40,
216 128,
217 SSL_ALL_CIPHERS,
218 SSL_ALL_STRENGTHS,
219 },
220/* Cipher 07 */
221#ifndef OPENSSL_NO_IDEA
222 {
223 1,
224 SSL3_TXT_RSA_IDEA_128_SHA,
225 SSL3_CK_RSA_IDEA_128_SHA,
226 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
227 SSL_NOT_EXP|SSL_MEDIUM,
228 0,
229 128,
230 128,
231 SSL_ALL_CIPHERS,
232 SSL_ALL_STRENGTHS,
233 },
234#endif
235/* Cipher 08 */
236 {
237 1,
238 SSL3_TXT_RSA_DES_40_CBC_SHA,
239 SSL3_CK_RSA_DES_40_CBC_SHA,
240 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
241 SSL_EXPORT|SSL_EXP40,
242 0,
243 40,
244 56,
245 SSL_ALL_CIPHERS,
246 SSL_ALL_STRENGTHS,
247 },
248/* Cipher 09 */
249 {
250 1,
251 SSL3_TXT_RSA_DES_64_CBC_SHA,
252 SSL3_CK_RSA_DES_64_CBC_SHA,
253 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
254 SSL_NOT_EXP|SSL_LOW,
255 0,
256 56,
257 56,
258 SSL_ALL_CIPHERS,
259 SSL_ALL_STRENGTHS,
260 },
261/* Cipher 0A */
262 {
263 1,
264 SSL3_TXT_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_RSA_DES_192_CBC3_SHA,
266 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
267 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
268 0,
269 168,
270 168,
271 SSL_ALL_CIPHERS,
272 SSL_ALL_STRENGTHS,
273 },
274/* The DH ciphers */
275/* Cipher 0B */
276 {
277 0,
278 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
279 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
280 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
281 SSL_EXPORT|SSL_EXP40,
282 0,
283 40,
284 56,
285 SSL_ALL_CIPHERS,
286 SSL_ALL_STRENGTHS,
287 },
288/* Cipher 0C */
289 {
290 0,
291 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
292 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
293 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
294 SSL_NOT_EXP|SSL_LOW,
295 0,
296 56,
297 56,
298 SSL_ALL_CIPHERS,
299 SSL_ALL_STRENGTHS,
300 },
301/* Cipher 0D */
302 {
303 0,
304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
306 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
307 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
308 0,
309 168,
310 168,
311 SSL_ALL_CIPHERS,
312 SSL_ALL_STRENGTHS,
313 },
314/* Cipher 0E */
315 {
316 0,
317 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
318 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
319 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
320 SSL_EXPORT|SSL_EXP40,
321 0,
322 40,
323 56,
324 SSL_ALL_CIPHERS,
325 SSL_ALL_STRENGTHS,
326 },
327/* Cipher 0F */
328 {
329 0,
330 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
331 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
332 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
333 SSL_NOT_EXP|SSL_LOW,
334 0,
335 56,
336 56,
337 SSL_ALL_CIPHERS,
338 SSL_ALL_STRENGTHS,
339 },
340/* Cipher 10 */
341 {
342 0,
343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
345 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
346 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
347 0,
348 168,
349 168,
350 SSL_ALL_CIPHERS,
351 SSL_ALL_STRENGTHS,
352 },
353
354/* The Ephemeral DH ciphers */
355/* Cipher 11 */
356 {
357 1,
358 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
359 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
360 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
361 SSL_EXPORT|SSL_EXP40,
362 0,
363 40,
364 56,
365 SSL_ALL_CIPHERS,
366 SSL_ALL_STRENGTHS,
367 },
368/* Cipher 12 */
369 {
370 1,
371 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
372 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
373 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
374 SSL_NOT_EXP|SSL_LOW,
375 0,
376 56,
377 56,
378 SSL_ALL_CIPHERS,
379 SSL_ALL_STRENGTHS,
380 },
381/* Cipher 13 */
382 {
383 1,
384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
386 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
387 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
388 0,
389 168,
390 168,
391 SSL_ALL_CIPHERS,
392 SSL_ALL_STRENGTHS,
393 },
394/* Cipher 14 */
395 {
396 1,
397 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
398 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
399 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
400 SSL_EXPORT|SSL_EXP40,
401 0,
402 40,
403 56,
404 SSL_ALL_CIPHERS,
405 SSL_ALL_STRENGTHS,
406 },
407/* Cipher 15 */
408 {
409 1,
410 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
411 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
412 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
413 SSL_NOT_EXP|SSL_LOW,
414 0,
415 56,
416 56,
417 SSL_ALL_CIPHERS,
418 SSL_ALL_STRENGTHS,
419 },
420/* Cipher 16 */
421 {
422 1,
423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
425 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 0,
428 168,
429 168,
430 SSL_ALL_CIPHERS,
431 SSL_ALL_STRENGTHS,
432 },
433/* Cipher 17 */
434 {
435 1,
436 SSL3_TXT_ADH_RC4_40_MD5,
437 SSL3_CK_ADH_RC4_40_MD5,
438 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
439 SSL_EXPORT|SSL_EXP40,
440 0,
441 40,
442 128,
443 SSL_ALL_CIPHERS,
444 SSL_ALL_STRENGTHS,
445 },
446/* Cipher 18 */
447 {
448 1,
449 SSL3_TXT_ADH_RC4_128_MD5,
450 SSL3_CK_ADH_RC4_128_MD5,
451 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
452 SSL_NOT_EXP|SSL_MEDIUM,
453 0,
454 128,
455 128,
456 SSL_ALL_CIPHERS,
457 SSL_ALL_STRENGTHS,
458 },
459/* Cipher 19 */
460 {
461 1,
462 SSL3_TXT_ADH_DES_40_CBC_SHA,
463 SSL3_CK_ADH_DES_40_CBC_SHA,
464 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
465 SSL_EXPORT|SSL_EXP40,
466 0,
467 40,
468 128,
469 SSL_ALL_CIPHERS,
470 SSL_ALL_STRENGTHS,
471 },
472/* Cipher 1A */
473 {
474 1,
475 SSL3_TXT_ADH_DES_64_CBC_SHA,
476 SSL3_CK_ADH_DES_64_CBC_SHA,
477 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
478 SSL_NOT_EXP|SSL_LOW,
479 0,
480 56,
481 56,
482 SSL_ALL_CIPHERS,
483 SSL_ALL_STRENGTHS,
484 },
485/* Cipher 1B */
486 {
487 1,
488 SSL3_TXT_ADH_DES_192_CBC_SHA,
489 SSL3_CK_ADH_DES_192_CBC_SHA,
490 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
491 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
492 0,
493 168,
494 168,
495 SSL_ALL_CIPHERS,
496 SSL_ALL_STRENGTHS,
497 },
498
499/* Fortezza */
500/* Cipher 1C */
501 {
502 0,
503 SSL3_TXT_FZA_DMS_NULL_SHA,
504 SSL3_CK_FZA_DMS_NULL_SHA,
505 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
506 SSL_NOT_EXP|SSL_STRONG_NONE,
507 0,
508 0,
509 0,
510 SSL_ALL_CIPHERS,
511 SSL_ALL_STRENGTHS,
512 },
513
514/* Cipher 1D */
515 {
516 0,
517 SSL3_TXT_FZA_DMS_FZA_SHA,
518 SSL3_CK_FZA_DMS_FZA_SHA,
519 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
520 SSL_NOT_EXP|SSL_STRONG_NONE,
521 0,
522 0,
523 0,
524 SSL_ALL_CIPHERS,
525 SSL_ALL_STRENGTHS,
526 },
527
528#if 0
529/* Cipher 1E */
530 {
531 0,
532 SSL3_TXT_FZA_DMS_RC4_SHA,
533 SSL3_CK_FZA_DMS_RC4_SHA,
534 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
535 SSL_NOT_EXP|SSL_MEDIUM,
536 0,
537 128,
538 128,
539 SSL_ALL_CIPHERS,
540 SSL_ALL_STRENGTHS,
541 },
542#endif
543
544#ifndef OPENSSL_NO_KRB5
545/* The Kerberos ciphers */
546/* Cipher 1E */
547 {
548 1,
549 SSL3_TXT_KRB5_DES_64_CBC_SHA,
550 SSL3_CK_KRB5_DES_64_CBC_SHA,
551 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
552 SSL_NOT_EXP|SSL_LOW,
553 0,
554 56,
555 56,
556 SSL_ALL_CIPHERS,
557 SSL_ALL_STRENGTHS,
558 },
559
560/* Cipher 1F */
561 {
562 1,
563 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
564 SSL3_CK_KRB5_DES_192_CBC3_SHA,
565 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
566 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
567 0,
568 168,
569 168,
570 SSL_ALL_CIPHERS,
571 SSL_ALL_STRENGTHS,
572 },
573
574/* Cipher 20 */
575 {
576 1,
577 SSL3_TXT_KRB5_RC4_128_SHA,
578 SSL3_CK_KRB5_RC4_128_SHA,
579 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
580 SSL_NOT_EXP|SSL_MEDIUM,
581 0,
582 128,
583 128,
584 SSL_ALL_CIPHERS,
585 SSL_ALL_STRENGTHS,
586 },
587
588/* Cipher 21 */
589 {
590 1,
591 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
592 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
593 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3,
594 SSL_NOT_EXP|SSL_MEDIUM,
595 0,
596 128,
597 128,
598 SSL_ALL_CIPHERS,
599 SSL_ALL_STRENGTHS,
600 },
601
602/* Cipher 22 */
603 {
604 1,
605 SSL3_TXT_KRB5_DES_64_CBC_MD5,
606 SSL3_CK_KRB5_DES_64_CBC_MD5,
607 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
608 SSL_NOT_EXP|SSL_LOW,
609 0,
610 56,
611 56,
612 SSL_ALL_CIPHERS,
613 SSL_ALL_STRENGTHS,
614 },
615
616/* Cipher 23 */
617 {
618 1,
619 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
620 SSL3_CK_KRB5_DES_192_CBC3_MD5,
621 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
622 SSL_NOT_EXP|SSL_HIGH,
623 0,
624 168,
625 168,
626 SSL_ALL_CIPHERS,
627 SSL_ALL_STRENGTHS,
628 },
629
630/* Cipher 24 */
631 {
632 1,
633 SSL3_TXT_KRB5_RC4_128_MD5,
634 SSL3_CK_KRB5_RC4_128_MD5,
635 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
636 SSL_NOT_EXP|SSL_MEDIUM,
637 0,
638 128,
639 128,
640 SSL_ALL_CIPHERS,
641 SSL_ALL_STRENGTHS,
642 },
643
644/* Cipher 25 */
645 {
646 1,
647 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
648 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
649 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
650 SSL_NOT_EXP|SSL_MEDIUM,
651 0,
652 128,
653 128,
654 SSL_ALL_CIPHERS,
655 SSL_ALL_STRENGTHS,
656 },
657
658/* Cipher 26 */
659 {
660 1,
661 SSL3_TXT_KRB5_DES_40_CBC_SHA,
662 SSL3_CK_KRB5_DES_40_CBC_SHA,
663 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
664 SSL_EXPORT|SSL_EXP40,
665 0,
666 40,
667 56,
668 SSL_ALL_CIPHERS,
669 SSL_ALL_STRENGTHS,
670 },
671
672/* Cipher 27 */
673 {
674 1,
675 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
676 SSL3_CK_KRB5_RC2_40_CBC_SHA,
677 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
678 SSL_EXPORT|SSL_EXP40,
679 0,
680 40,
681 128,
682 SSL_ALL_CIPHERS,
683 SSL_ALL_STRENGTHS,
684 },
685
686/* Cipher 28 */
687 {
688 1,
689 SSL3_TXT_KRB5_RC4_40_SHA,
690 SSL3_CK_KRB5_RC4_40_SHA,
691 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
692 SSL_EXPORT|SSL_EXP40,
693 0,
694 40,
695 128,
696 SSL_ALL_CIPHERS,
697 SSL_ALL_STRENGTHS,
698 },
699
700/* Cipher 29 */
701 {
702 1,
703 SSL3_TXT_KRB5_DES_40_CBC_MD5,
704 SSL3_CK_KRB5_DES_40_CBC_MD5,
705 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
706 SSL_EXPORT|SSL_EXP40,
707 0,
708 40,
709 56,
710 SSL_ALL_CIPHERS,
711 SSL_ALL_STRENGTHS,
712 },
713
714/* Cipher 2A */
715 {
716 1,
717 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
718 SSL3_CK_KRB5_RC2_40_CBC_MD5,
719 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
720 SSL_EXPORT|SSL_EXP40,
721 0,
722 40,
723 128,
724 SSL_ALL_CIPHERS,
725 SSL_ALL_STRENGTHS,
726 },
727
728/* Cipher 2B */
729 {
730 1,
731 SSL3_TXT_KRB5_RC4_40_MD5,
732 SSL3_CK_KRB5_RC4_40_MD5,
733 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
734 SSL_EXPORT|SSL_EXP40,
735 0,
736 40,
737 128,
738 SSL_ALL_CIPHERS,
739 SSL_ALL_STRENGTHS,
740 },
741#endif /* OPENSSL_NO_KRB5 */
742
743/* New AES ciphersuites */
744/* Cipher 2F */
745 {
746 1,
747 TLS1_TXT_RSA_WITH_AES_128_SHA,
748 TLS1_CK_RSA_WITH_AES_128_SHA,
749 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
750 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
751 0,
752 128,
753 128,
754 SSL_ALL_CIPHERS,
755 SSL_ALL_STRENGTHS,
756 },
757/* Cipher 30 */
758 {
759 0,
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
762 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
763 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
764 0,
765 128,
766 128,
767 SSL_ALL_CIPHERS,
768 SSL_ALL_STRENGTHS,
769 },
770/* Cipher 31 */
771 {
772 0,
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
775 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
776 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
777 0,
778 128,
779 128,
780 SSL_ALL_CIPHERS,
781 SSL_ALL_STRENGTHS,
782 },
783/* Cipher 32 */
784 {
785 1,
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
788 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
789 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
790 0,
791 128,
792 128,
793 SSL_ALL_CIPHERS,
794 SSL_ALL_STRENGTHS,
795 },
796/* Cipher 33 */
797 {
798 1,
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
801 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
802 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
803 0,
804 128,
805 128,
806 SSL_ALL_CIPHERS,
807 SSL_ALL_STRENGTHS,
808 },
809/* Cipher 34 */
810 {
811 1,
812 TLS1_TXT_ADH_WITH_AES_128_SHA,
813 TLS1_CK_ADH_WITH_AES_128_SHA,
814 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
815 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
816 0,
817 128,
818 128,
819 SSL_ALL_CIPHERS,
820 SSL_ALL_STRENGTHS,
821 },
822
823/* Cipher 35 */
824 {
825 1,
826 TLS1_TXT_RSA_WITH_AES_256_SHA,
827 TLS1_CK_RSA_WITH_AES_256_SHA,
828 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
830 0,
831 256,
832 256,
833 SSL_ALL_CIPHERS,
834 SSL_ALL_STRENGTHS,
835 },
836/* Cipher 36 */
837 {
838 0,
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
841 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
843 0,
844 256,
845 256,
846 SSL_ALL_CIPHERS,
847 SSL_ALL_STRENGTHS,
848 },
849/* Cipher 37 */
850 {
851 0,
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
854 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
856 0,
857 256,
858 256,
859 SSL_ALL_CIPHERS,
860 SSL_ALL_STRENGTHS,
861 },
862/* Cipher 38 */
863 {
864 1,
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
867 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
869 0,
870 256,
871 256,
872 SSL_ALL_CIPHERS,
873 SSL_ALL_STRENGTHS,
874 },
875/* Cipher 39 */
876 {
877 1,
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
880 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
881 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
882 0,
883 256,
884 256,
885 SSL_ALL_CIPHERS,
886 SSL_ALL_STRENGTHS,
887 },
888 /* Cipher 3A */
889 {
890 1,
891 TLS1_TXT_ADH_WITH_AES_256_SHA,
892 TLS1_CK_ADH_WITH_AES_256_SHA,
893 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
894 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
895 0,
896 256,
897 256,
898 SSL_ALL_CIPHERS,
899 SSL_ALL_STRENGTHS,
900 },
901
902#ifndef OPENSSL_NO_CAMELLIA
903 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
904
905 /* Cipher 41 */
906 {
907 1,
908 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
909 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
910 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
911 SSL_NOT_EXP|SSL_HIGH,
912 0,
913 128,
914 128,
915 SSL_ALL_CIPHERS,
916 SSL_ALL_STRENGTHS
917 },
918 /* Cipher 42 */
919 {
920 0, /* not implemented (non-ephemeral DH) */
921 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
922 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
923 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
924 SSL_NOT_EXP|SSL_HIGH,
925 0,
926 128,
927 128,
928 SSL_ALL_CIPHERS,
929 SSL_ALL_STRENGTHS
930 },
931 /* Cipher 43 */
932 {
933 0, /* not implemented (non-ephemeral DH) */
934 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
935 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
936 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
937 SSL_NOT_EXP|SSL_HIGH,
938 0,
939 128,
940 128,
941 SSL_ALL_CIPHERS,
942 SSL_ALL_STRENGTHS
943 },
944 /* Cipher 44 */
945 {
946 1,
947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
949 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
950 SSL_NOT_EXP|SSL_HIGH,
951 0,
952 128,
953 128,
954 SSL_ALL_CIPHERS,
955 SSL_ALL_STRENGTHS
956 },
957 /* Cipher 45 */
958 {
959 1,
960 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
961 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
963 SSL_NOT_EXP|SSL_HIGH,
964 0,
965 128,
966 128,
967 SSL_ALL_CIPHERS,
968 SSL_ALL_STRENGTHS
969 },
970 /* Cipher 46 */
971 {
972 1,
973 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
974 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
975 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
976 SSL_NOT_EXP|SSL_HIGH,
977 0,
978 128,
979 128,
980 SSL_ALL_CIPHERS,
981 SSL_ALL_STRENGTHS
982 },
983#endif /* OPENSSL_NO_CAMELLIA */
984
985#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
986 /* New TLS Export CipherSuites from expired ID */
987#if 0
988 /* Cipher 60 */
989 {
990 1,
991 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
992 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
993 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
994 SSL_EXPORT|SSL_EXP56,
995 0,
996 56,
997 128,
998 SSL_ALL_CIPHERS,
999 SSL_ALL_STRENGTHS,
1000 },
1001 /* Cipher 61 */
1002 {
1003 1,
1004 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1005 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1006 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
1007 SSL_EXPORT|SSL_EXP56,
1008 0,
1009 56,
1010 128,
1011 SSL_ALL_CIPHERS,
1012 SSL_ALL_STRENGTHS,
1013 },
1014#endif
1015 /* Cipher 62 */
1016 {
1017 1,
1018 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1019 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1020 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
1021 SSL_EXPORT|SSL_EXP56,
1022 0,
1023 56,
1024 56,
1025 SSL_ALL_CIPHERS,
1026 SSL_ALL_STRENGTHS,
1027 },
1028 /* Cipher 63 */
1029 {
1030 1,
1031 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1032 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1033 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
1034 SSL_EXPORT|SSL_EXP56,
1035 0,
1036 56,
1037 56,
1038 SSL_ALL_CIPHERS,
1039 SSL_ALL_STRENGTHS,
1040 },
1041 /* Cipher 64 */
1042 {
1043 1,
1044 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1045 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1046 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1047 SSL_EXPORT|SSL_EXP56,
1048 0,
1049 56,
1050 128,
1051 SSL_ALL_CIPHERS,
1052 SSL_ALL_STRENGTHS,
1053 },
1054 /* Cipher 65 */
1055 {
1056 1,
1057 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1058 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1059 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
1060 SSL_EXPORT|SSL_EXP56,
1061 0,
1062 56,
1063 128,
1064 SSL_ALL_CIPHERS,
1065 SSL_ALL_STRENGTHS,
1066 },
1067 /* Cipher 66 */
1068 {
1069 1,
1070 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1071 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1072 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
1073 SSL_NOT_EXP|SSL_MEDIUM,
1074 0,
1075 128,
1076 128,
1077 SSL_ALL_CIPHERS,
1078 SSL_ALL_STRENGTHS
1079 },
1080#endif
1081
1082#ifndef OPENSSL_NO_CAMELLIA
1083 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1084
1085 /* Cipher 84 */
1086 {
1087 1,
1088 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1089 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1090 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1091 SSL_NOT_EXP|SSL_HIGH,
1092 0,
1093 256,
1094 256,
1095 SSL_ALL_CIPHERS,
1096 SSL_ALL_STRENGTHS
1097 },
1098 /* Cipher 85 */
1099 {
1100 0, /* not implemented (non-ephemeral DH) */
1101 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1102 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1103 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1104 SSL_NOT_EXP|SSL_HIGH,
1105 0,
1106 256,
1107 256,
1108 SSL_ALL_CIPHERS,
1109 SSL_ALL_STRENGTHS
1110 },
1111 /* Cipher 86 */
1112 {
1113 0, /* not implemented (non-ephemeral DH) */
1114 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1115 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1116 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1117 SSL_NOT_EXP|SSL_HIGH,
1118 0,
1119 256,
1120 256,
1121 SSL_ALL_CIPHERS,
1122 SSL_ALL_STRENGTHS
1123 },
1124 /* Cipher 87 */
1125 {
1126 1,
1127 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1128 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1129 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1130 SSL_NOT_EXP|SSL_HIGH,
1131 0,
1132 256,
1133 256,
1134 SSL_ALL_CIPHERS,
1135 SSL_ALL_STRENGTHS
1136 },
1137 /* Cipher 88 */
1138 {
1139 1,
1140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1142 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1143 SSL_NOT_EXP|SSL_HIGH,
1144 0,
1145 256,
1146 256,
1147 SSL_ALL_CIPHERS,
1148 SSL_ALL_STRENGTHS
1149 },
1150 /* Cipher 89 */
1151 {
1152 1,
1153 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1154 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1155 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1156 SSL_NOT_EXP|SSL_HIGH,
1157 0,
1158 256,
1159 256,
1160 SSL_ALL_CIPHERS,
1161 SSL_ALL_STRENGTHS
1162 },
1163#endif /* OPENSSL_NO_CAMELLIA */
1164
1165#ifndef OPENSSL_NO_SEED
1166 /* SEED ciphersuites from RFC4162 */
1167
1168 /* Cipher 96 */
1169 {
1170 1,
1171 TLS1_TXT_RSA_WITH_SEED_SHA,
1172 TLS1_CK_RSA_WITH_SEED_SHA,
1173 SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1174 SSL_NOT_EXP|SSL_MEDIUM,
1175 0,
1176 128,
1177 128,
1178 SSL_ALL_CIPHERS,
1179 SSL_ALL_STRENGTHS,
1180 },
1181
1182 /* Cipher 97 */
1183 {
1184 0, /* not implemented (non-ephemeral DH) */
1185 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1186 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1187 SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1188 SSL_NOT_EXP|SSL_MEDIUM,
1189 0,
1190 128,
1191 128,
1192 SSL_ALL_CIPHERS,
1193 SSL_ALL_STRENGTHS,
1194 },
1195
1196 /* Cipher 98 */
1197 {
1198 0, /* not implemented (non-ephemeral DH) */
1199 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1200 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1201 SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1202 SSL_NOT_EXP|SSL_MEDIUM,
1203 0,
1204 128,
1205 128,
1206 SSL_ALL_CIPHERS,
1207 SSL_ALL_STRENGTHS,
1208 },
1209
1210 /* Cipher 99 */
1211 {
1212 1,
1213 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1214 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1215 SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_MEDIUM,
1217 0,
1218 128,
1219 128,
1220 SSL_ALL_CIPHERS,
1221 SSL_ALL_STRENGTHS,
1222 },
1223
1224 /* Cipher 9A */
1225 {
1226 1,
1227 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1228 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1229 SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1230 SSL_NOT_EXP|SSL_MEDIUM,
1231 0,
1232 128,
1233 128,
1234 SSL_ALL_CIPHERS,
1235 SSL_ALL_STRENGTHS,
1236 },
1237
1238 /* Cipher 9B */
1239 {
1240 1,
1241 TLS1_TXT_ADH_WITH_SEED_SHA,
1242 TLS1_CK_ADH_WITH_SEED_SHA,
1243 SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1244 SSL_NOT_EXP|SSL_MEDIUM,
1245 0,
1246 128,
1247 128,
1248 SSL_ALL_CIPHERS,
1249 SSL_ALL_STRENGTHS,
1250 },
1251
1252#endif /* OPENSSL_NO_SEED */
1253
1254#ifndef OPENSSL_NO_ECDH
1255 /* Cipher C001 */
1256 {
1257 1,
1258 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1259 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1260 SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1261 SSL_NOT_EXP,
1262 0,
1263 0,
1264 0,
1265 SSL_ALL_CIPHERS,
1266 SSL_ALL_STRENGTHS,
1267 },
1268
1269 /* Cipher C002 */
1270 {
1271 1,
1272 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1273 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1274 SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1275 SSL_NOT_EXP,
1276 0,
1277 128,
1278 128,
1279 SSL_ALL_CIPHERS,
1280 SSL_ALL_STRENGTHS,
1281 },
1282
1283 /* Cipher C003 */
1284 {
1285 1,
1286 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1287 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1288 SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1289 SSL_NOT_EXP|SSL_HIGH,
1290 0,
1291 168,
1292 168,
1293 SSL_ALL_CIPHERS,
1294 SSL_ALL_STRENGTHS,
1295 },
1296
1297 /* Cipher C004 */
1298 {
1299 1,
1300 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1301 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1302 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1303 SSL_NOT_EXP|SSL_HIGH,
1304 0,
1305 128,
1306 128,
1307 SSL_ALL_CIPHERS,
1308 SSL_ALL_STRENGTHS,
1309 },
1310
1311 /* Cipher C005 */
1312 {
1313 1,
1314 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1315 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1316 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1317 SSL_NOT_EXP|SSL_HIGH,
1318 0,
1319 256,
1320 256,
1321 SSL_ALL_CIPHERS,
1322 SSL_ALL_STRENGTHS,
1323 },
1324
1325 /* Cipher C006 */
1326 {
1327 1,
1328 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1329 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1330 SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1331 SSL_NOT_EXP,
1332 0,
1333 0,
1334 0,
1335 SSL_ALL_CIPHERS,
1336 SSL_ALL_STRENGTHS,
1337 },
1338
1339 /* Cipher C007 */
1340 {
1341 1,
1342 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1343 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1344 SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1345 SSL_NOT_EXP,
1346 0,
1347 128,
1348 128,
1349 SSL_ALL_CIPHERS,
1350 SSL_ALL_STRENGTHS,
1351 },
1352
1353 /* Cipher C008 */
1354 {
1355 1,
1356 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1357 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1358 SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1359 SSL_NOT_EXP|SSL_HIGH,
1360 0,
1361 168,
1362 168,
1363 SSL_ALL_CIPHERS,
1364 SSL_ALL_STRENGTHS,
1365 },
1366
1367 /* Cipher C009 */
1368 {
1369 1,
1370 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1371 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1372 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1373 SSL_NOT_EXP|SSL_HIGH,
1374 0,
1375 128,
1376 128,
1377 SSL_ALL_CIPHERS,
1378 SSL_ALL_STRENGTHS,
1379 },
1380
1381 /* Cipher C00A */
1382 {
1383 1,
1384 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1385 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1386 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1387 SSL_NOT_EXP|SSL_HIGH,
1388 0,
1389 256,
1390 256,
1391 SSL_ALL_CIPHERS,
1392 SSL_ALL_STRENGTHS,
1393 },
1394
1395 /* Cipher C00B */
1396 {
1397 1,
1398 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1399 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1400 SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1401 SSL_NOT_EXP,
1402 0,
1403 0,
1404 0,
1405 SSL_ALL_CIPHERS,
1406 SSL_ALL_STRENGTHS,
1407 },
1408
1409 /* Cipher C00C */
1410 {
1411 1,
1412 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1413 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1414 SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1415 SSL_NOT_EXP,
1416 0,
1417 128,
1418 128,
1419 SSL_ALL_CIPHERS,
1420 SSL_ALL_STRENGTHS,
1421 },
1422
1423 /* Cipher C00D */
1424 {
1425 1,
1426 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1427 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1428 SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1429 SSL_NOT_EXP|SSL_HIGH,
1430 0,
1431 168,
1432 168,
1433 SSL_ALL_CIPHERS,
1434 SSL_ALL_STRENGTHS,
1435 },
1436
1437 /* Cipher C00E */
1438 {
1439 1,
1440 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1441 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1442 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1443 SSL_NOT_EXP|SSL_HIGH,
1444 0,
1445 128,
1446 128,
1447 SSL_ALL_CIPHERS,
1448 SSL_ALL_STRENGTHS,
1449 },
1450
1451 /* Cipher C00F */
1452 {
1453 1,
1454 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1456 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_HIGH,
1458 0,
1459 256,
1460 256,
1461 SSL_ALL_CIPHERS,
1462 SSL_ALL_STRENGTHS,
1463 },
1464
1465 /* Cipher C010 */
1466 {
1467 1,
1468 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1469 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1470 SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1471 SSL_NOT_EXP,
1472 0,
1473 0,
1474 0,
1475 SSL_ALL_CIPHERS,
1476 SSL_ALL_STRENGTHS,
1477 },
1478
1479 /* Cipher C011 */
1480 {
1481 1,
1482 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1483 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1484 SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1485 SSL_NOT_EXP,
1486 0,
1487 128,
1488 128,
1489 SSL_ALL_CIPHERS,
1490 SSL_ALL_STRENGTHS,
1491 },
1492
1493 /* Cipher C012 */
1494 {
1495 1,
1496 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1497 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1498 SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1499 SSL_NOT_EXP|SSL_HIGH,
1500 0,
1501 168,
1502 168,
1503 SSL_ALL_CIPHERS,
1504 SSL_ALL_STRENGTHS,
1505 },
1506
1507 /* Cipher C013 */
1508 {
1509 1,
1510 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1511 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1512 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1513 SSL_NOT_EXP|SSL_HIGH,
1514 0,
1515 128,
1516 128,
1517 SSL_ALL_CIPHERS,
1518 SSL_ALL_STRENGTHS,
1519 },
1520
1521 /* Cipher C014 */
1522 {
1523 1,
1524 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1525 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1526 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1527 SSL_NOT_EXP|SSL_HIGH,
1528 0,
1529 256,
1530 256,
1531 SSL_ALL_CIPHERS,
1532 SSL_ALL_STRENGTHS,
1533 },
1534
1535 /* Cipher C015 */
1536 {
1537 1,
1538 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1539 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1540 SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1541 SSL_NOT_EXP,
1542 0,
1543 0,
1544 0,
1545 SSL_ALL_CIPHERS,
1546 SSL_ALL_STRENGTHS,
1547 },
1548
1549 /* Cipher C016 */
1550 {
1551 1,
1552 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1553 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1554 SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
1555 SSL_NOT_EXP,
1556 0,
1557 128,
1558 128,
1559 SSL_ALL_CIPHERS,
1560 SSL_ALL_STRENGTHS,
1561 },
1562
1563 /* Cipher C017 */
1564 {
1565 1,
1566 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1567 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1568 SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
1569 SSL_NOT_EXP|SSL_HIGH,
1570 0,
1571 168,
1572 168,
1573 SSL_ALL_CIPHERS,
1574 SSL_ALL_STRENGTHS,
1575 },
1576
1577 /* Cipher C018 */
1578 {
1579 1,
1580 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1581 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1582 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1583 SSL_NOT_EXP|SSL_HIGH,
1584 0,
1585 128,
1586 128,
1587 SSL_ALL_CIPHERS,
1588 SSL_ALL_STRENGTHS,
1589 },
1590
1591 /* Cipher C019 */
1592 {
1593 1,
1594 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1595 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1596 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1597 SSL_NOT_EXP|SSL_HIGH,
1598 0,
1599 256,
1600 256,
1601 SSL_ALL_CIPHERS,
1602 SSL_ALL_STRENGTHS,
1603 },
1604#endif /* OPENSSL_NO_ECDH */
1605
1606
1607/* end of list */
1608 };
1609
1610SSL3_ENC_METHOD SSLv3_enc_data={
1611 ssl3_enc,
1612 ssl3_mac,
1613 ssl3_setup_key_block,
1614 ssl3_generate_master_secret,
1615 ssl3_change_cipher_state,
1616 ssl3_final_finish_mac,
1617 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1618 ssl3_cert_verify_mac,
1619 SSL3_MD_CLIENT_FINISHED_CONST,4,
1620 SSL3_MD_SERVER_FINISHED_CONST,4,
1621 ssl3_alert_code,
1622 };
1623
1624long ssl3_default_timeout(void)
1625 {
1626 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1627 * is way too long for http, the cache would over fill */
1628 return(60*60*2);
1629 }
1630
1631IMPLEMENT_ssl3_meth_func(sslv3_base_method,
1632 ssl_undefined_function,
1633 ssl_undefined_function,
1634 ssl_bad_method)
1635
1636int ssl3_num_ciphers(void)
1637 {
1638 return(SSL3_NUM_CIPHERS);
1639 }
1640
1641SSL_CIPHER *ssl3_get_cipher(unsigned int u)
1642 {
1643 if (u < SSL3_NUM_CIPHERS)
1644 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
1645 else
1646 return(NULL);
1647 }
1648
1649int ssl3_pending(const SSL *s)
1650 {
1651 if (s->rstate == SSL_ST_READ_BODY)
1652 return 0;
1653
1654 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
1655 }
1656
1657int ssl3_new(SSL *s)
1658 {
1659 SSL3_STATE *s3;
1660
1661 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
1662 memset(s3,0,sizeof *s3);
1663 EVP_MD_CTX_init(&s3->finish_dgst1);
1664 EVP_MD_CTX_init(&s3->finish_dgst2);
1665 pq_64bit_init(&(s3->rrec.seq_num));
1666 pq_64bit_init(&(s3->wrec.seq_num));
1667
1668 s->s3=s3;
1669
1670 s->method->ssl_clear(s);
1671 return(1);
1672err:
1673 return(0);
1674 }
1675
1676void ssl3_free(SSL *s)
1677 {
1678 if(s == NULL)
1679 return;
1680
1681 ssl3_cleanup_key_block(s);
1682 if (s->s3->rbuf.buf != NULL)
1683 OPENSSL_free(s->s3->rbuf.buf);
1684 if (s->s3->wbuf.buf != NULL)
1685 OPENSSL_free(s->s3->wbuf.buf);
1686 if (s->s3->rrec.comp != NULL)
1687 OPENSSL_free(s->s3->rrec.comp);
1688#ifndef OPENSSL_NO_DH
1689 if (s->s3->tmp.dh != NULL)
1690 DH_free(s->s3->tmp.dh);
1691#endif
1692#ifndef OPENSSL_NO_ECDH
1693 if (s->s3->tmp.ecdh != NULL)
1694 EC_KEY_free(s->s3->tmp.ecdh);
1695#endif
1696
1697 if (s->s3->tmp.ca_names != NULL)
1698 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1699 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1700 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1701 pq_64bit_free(&(s->s3->rrec.seq_num));
1702 pq_64bit_free(&(s->s3->wrec.seq_num));
1703
1704 OPENSSL_cleanse(s->s3,sizeof *s->s3);
1705 OPENSSL_free(s->s3);
1706 s->s3=NULL;
1707 }
1708
1709void ssl3_clear(SSL *s)
1710 {
1711 unsigned char *rp,*wp;
1712 size_t rlen, wlen;
1713
1714 ssl3_cleanup_key_block(s);
1715 if (s->s3->tmp.ca_names != NULL)
1716 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1717
1718 if (s->s3->rrec.comp != NULL)
1719 {
1720 OPENSSL_free(s->s3->rrec.comp);
1721 s->s3->rrec.comp=NULL;
1722 }
1723#ifndef OPENSSL_NO_DH
1724 if (s->s3->tmp.dh != NULL)
1725 DH_free(s->s3->tmp.dh);
1726#endif
1727#ifndef OPENSSL_NO_ECDH
1728 if (s->s3->tmp.ecdh != NULL)
1729 EC_KEY_free(s->s3->tmp.ecdh);
1730#endif
1731
1732 rp = s->s3->rbuf.buf;
1733 wp = s->s3->wbuf.buf;
1734 rlen = s->s3->rbuf.len;
1735 wlen = s->s3->wbuf.len;
1736
1737 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1738 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1739
1740 memset(s->s3,0,sizeof *s->s3);
1741 s->s3->rbuf.buf = rp;
1742 s->s3->wbuf.buf = wp;
1743 s->s3->rbuf.len = rlen;
1744 s->s3->wbuf.len = wlen;
1745
1746 ssl_free_wbio_buffer(s);
1747
1748 s->packet_length=0;
1749 s->s3->renegotiate=0;
1750 s->s3->total_renegotiations=0;
1751 s->s3->num_renegotiations=0;
1752 s->s3->in_read_app_data=0;
1753 s->version=SSL3_VERSION;
1754 }
1755
1756long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1757 {
1758 int ret=0;
1759
1760#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1761 if (
1762#ifndef OPENSSL_NO_RSA
1763 cmd == SSL_CTRL_SET_TMP_RSA ||
1764 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1765#endif
1766#ifndef OPENSSL_NO_DSA
1767 cmd == SSL_CTRL_SET_TMP_DH ||
1768 cmd == SSL_CTRL_SET_TMP_DH_CB ||
1769#endif
1770 0)
1771 {
1772 if (!ssl_cert_inst(&s->cert))
1773 {
1774 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
1775 return(0);
1776 }
1777 }
1778#endif
1779
1780 switch (cmd)
1781 {
1782 case SSL_CTRL_GET_SESSION_REUSED:
1783 ret=s->hit;
1784 break;
1785 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
1786 break;
1787 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
1788 ret=s->s3->num_renegotiations;
1789 break;
1790 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
1791 ret=s->s3->num_renegotiations;
1792 s->s3->num_renegotiations=0;
1793 break;
1794 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
1795 ret=s->s3->total_renegotiations;
1796 break;
1797 case SSL_CTRL_GET_FLAGS:
1798 ret=(int)(s->s3->flags);
1799 break;
1800#ifndef OPENSSL_NO_RSA
1801 case SSL_CTRL_NEED_TMP_RSA:
1802 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
1803 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
1804 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
1805 ret = 1;
1806 break;
1807 case SSL_CTRL_SET_TMP_RSA:
1808 {
1809 RSA *rsa = (RSA *)parg;
1810 if (rsa == NULL)
1811 {
1812 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1813 return(ret);
1814 }
1815 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
1816 {
1817 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
1818 return(ret);
1819 }
1820 if (s->cert->rsa_tmp != NULL)
1821 RSA_free(s->cert->rsa_tmp);
1822 s->cert->rsa_tmp = rsa;
1823 ret = 1;
1824 }
1825 break;
1826 case SSL_CTRL_SET_TMP_RSA_CB:
1827 {
1828 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1829 return(ret);
1830 }
1831 break;
1832#endif
1833#ifndef OPENSSL_NO_DH
1834 case SSL_CTRL_SET_TMP_DH:
1835 {
1836 DH *dh = (DH *)parg;
1837 if (dh == NULL)
1838 {
1839 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1840 return(ret);
1841 }
1842 if ((dh = DHparams_dup(dh)) == NULL)
1843 {
1844 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1845 return(ret);
1846 }
1847 if (!(s->options & SSL_OP_SINGLE_DH_USE))
1848 {
1849 if (!DH_generate_key(dh))
1850 {
1851 DH_free(dh);
1852 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1853 return(ret);
1854 }
1855 }
1856 if (s->cert->dh_tmp != NULL)
1857 DH_free(s->cert->dh_tmp);
1858 s->cert->dh_tmp = dh;
1859 ret = 1;
1860 }
1861 break;
1862 case SSL_CTRL_SET_TMP_DH_CB:
1863 {
1864 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1865 return(ret);
1866 }
1867 break;
1868#endif
1869#ifndef OPENSSL_NO_ECDH
1870 case SSL_CTRL_SET_TMP_ECDH:
1871 {
1872 EC_KEY *ecdh = NULL;
1873
1874 if (parg == NULL)
1875 {
1876 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1877 return(ret);
1878 }
1879 if (!EC_KEY_up_ref((EC_KEY *)parg))
1880 {
1881 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1882 return(ret);
1883 }
1884 ecdh = (EC_KEY *)parg;
1885 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
1886 {
1887 if (!EC_KEY_generate_key(ecdh))
1888 {
1889 EC_KEY_free(ecdh);
1890 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1891 return(ret);
1892 }
1893 }
1894 if (s->cert->ecdh_tmp != NULL)
1895 EC_KEY_free(s->cert->ecdh_tmp);
1896 s->cert->ecdh_tmp = ecdh;
1897 ret = 1;
1898 }
1899 break;
1900 case SSL_CTRL_SET_TMP_ECDH_CB:
1901 {
1902 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1903 return(ret);
1904 }
1905 break;
1906#endif /* !OPENSSL_NO_ECDH */
1907#ifndef OPENSSL_NO_TLSEXT
1908 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
1909 if (larg == TLSEXT_NAMETYPE_host_name)
1910 {
1911 if (s->tlsext_hostname != NULL)
1912 OPENSSL_free(s->tlsext_hostname);
1913 s->tlsext_hostname = NULL;
1914
1915 ret = 1;
1916 if (parg == NULL)
1917 break;
1918 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
1919 {
1920 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1921 return 0;
1922 }
1923 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
1924 {
1925 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
1926 return 0;
1927 }
1928 }
1929 else
1930 {
1931 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
1932 return 0;
1933 }
1934 break;
1935 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
1936 s->tlsext_debug_arg=parg;
1937 ret = 1;
1938 break;
1939
1940 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
1941 s->tlsext_status_type=larg;
1942 ret = 1;
1943 break;
1944
1945 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
1946 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
1947 ret = 1;
1948 break;
1949
1950 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
1951 s->tlsext_ocsp_exts = parg;
1952 ret = 1;
1953 break;
1954
1955 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
1956 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
1957 ret = 1;
1958 break;
1959
1960 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
1961 s->tlsext_ocsp_ids = parg;
1962 ret = 1;
1963 break;
1964
1965 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
1966 *(unsigned char **)parg = s->tlsext_ocsp_resp;
1967 return s->tlsext_ocsp_resplen;
1968
1969 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
1970 if (s->tlsext_ocsp_resp)
1971 OPENSSL_free(s->tlsext_ocsp_resp);
1972 s->tlsext_ocsp_resp = parg;
1973 s->tlsext_ocsp_resplen = larg;
1974 ret = 1;
1975 break;
1976
1977#endif /* !OPENSSL_NO_TLSEXT */
1978 default:
1979 break;
1980 }
1981 return(ret);
1982 }
1983
1984long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1985 {
1986 int ret=0;
1987
1988#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1989 if (
1990#ifndef OPENSSL_NO_RSA
1991 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1992#endif
1993#ifndef OPENSSL_NO_DSA
1994 cmd == SSL_CTRL_SET_TMP_DH_CB ||
1995#endif
1996 0)
1997 {
1998 if (!ssl_cert_inst(&s->cert))
1999 {
2000 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2001 return(0);
2002 }
2003 }
2004#endif
2005
2006 switch (cmd)
2007 {
2008#ifndef OPENSSL_NO_RSA
2009 case SSL_CTRL_SET_TMP_RSA_CB:
2010 {
2011 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2012 }
2013 break;
2014#endif
2015#ifndef OPENSSL_NO_DH
2016 case SSL_CTRL_SET_TMP_DH_CB:
2017 {
2018 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2019 }
2020 break;
2021#endif
2022#ifndef OPENSSL_NO_ECDH
2023 case SSL_CTRL_SET_TMP_ECDH_CB:
2024 {
2025 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2026 }
2027 break;
2028#endif
2029#ifndef OPENSSL_NO_TLSEXT
2030 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2031 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2032 unsigned char *, int, void *))fp;
2033 break;
2034#endif
2035 default:
2036 break;
2037 }
2038 return(ret);
2039 }
2040
2041long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2042 {
2043 CERT *cert;
2044
2045 cert=ctx->cert;
2046
2047 switch (cmd)
2048 {
2049#ifndef OPENSSL_NO_RSA
2050 case SSL_CTRL_NEED_TMP_RSA:
2051 if ( (cert->rsa_tmp == NULL) &&
2052 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2053 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2054 )
2055 return(1);
2056 else
2057 return(0);
2058 /* break; */
2059 case SSL_CTRL_SET_TMP_RSA:
2060 {
2061 RSA *rsa;
2062 int i;
2063
2064 rsa=(RSA *)parg;
2065 i=1;
2066 if (rsa == NULL)
2067 i=0;
2068 else
2069 {
2070 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2071 i=0;
2072 }
2073 if (!i)
2074 {
2075 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2076 return(0);
2077 }
2078 else
2079 {
2080 if (cert->rsa_tmp != NULL)
2081 RSA_free(cert->rsa_tmp);
2082 cert->rsa_tmp=rsa;
2083 return(1);
2084 }
2085 }
2086 /* break; */
2087 case SSL_CTRL_SET_TMP_RSA_CB:
2088 {
2089 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2090 return(0);
2091 }
2092 break;
2093#endif
2094#ifndef OPENSSL_NO_DH
2095 case SSL_CTRL_SET_TMP_DH:
2096 {
2097 DH *new=NULL,*dh;
2098
2099 dh=(DH *)parg;
2100 if ((new=DHparams_dup(dh)) == NULL)
2101 {
2102 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2103 return 0;
2104 }
2105 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2106 {
2107 if (!DH_generate_key(new))
2108 {
2109 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2110 DH_free(new);
2111 return 0;
2112 }
2113 }
2114 if (cert->dh_tmp != NULL)
2115 DH_free(cert->dh_tmp);
2116 cert->dh_tmp=new;
2117 return 1;
2118 }
2119 /*break; */
2120 case SSL_CTRL_SET_TMP_DH_CB:
2121 {
2122 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2123 return(0);
2124 }
2125 break;
2126#endif
2127#ifndef OPENSSL_NO_ECDH
2128 case SSL_CTRL_SET_TMP_ECDH:
2129 {
2130 EC_KEY *ecdh = NULL;
2131
2132 if (parg == NULL)
2133 {
2134 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2135 return 0;
2136 }
2137 ecdh = EC_KEY_dup((EC_KEY *)parg);
2138 if (ecdh == NULL)
2139 {
2140 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2141 return 0;
2142 }
2143 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2144 {
2145 if (!EC_KEY_generate_key(ecdh))
2146 {
2147 EC_KEY_free(ecdh);
2148 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2149 return 0;
2150 }
2151 }
2152
2153 if (cert->ecdh_tmp != NULL)
2154 {
2155 EC_KEY_free(cert->ecdh_tmp);
2156 }
2157 cert->ecdh_tmp = ecdh;
2158 return 1;
2159 }
2160 /* break; */
2161 case SSL_CTRL_SET_TMP_ECDH_CB:
2162 {
2163 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2164 return(0);
2165 }
2166 break;
2167#endif /* !OPENSSL_NO_ECDH */
2168#ifndef OPENSSL_NO_TLSEXT
2169 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2170 ctx->tlsext_servername_arg=parg;
2171 break;
2172 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2173 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2174 {
2175 unsigned char *keys = parg;
2176 if (!keys)
2177 return 48;
2178 if (larg != 48)
2179 {
2180 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2181 return 0;
2182 }
2183 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2184 {
2185 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2186 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2187 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2188 }
2189 else
2190 {
2191 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2192 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2193 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2194 }
2195 return 1;
2196 }
2197
2198 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2199 ctx->tlsext_status_arg=parg;
2200 return 1;
2201 break;
2202
2203#endif /* !OPENSSL_NO_TLSEXT */
2204 /* A Thawte special :-) */
2205 case SSL_CTRL_EXTRA_CHAIN_CERT:
2206 if (ctx->extra_certs == NULL)
2207 {
2208 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2209 return(0);
2210 }
2211 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2212 break;
2213
2214 default:
2215 return(0);
2216 }
2217 return(1);
2218 }
2219
2220long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2221 {
2222 CERT *cert;
2223
2224 cert=ctx->cert;
2225
2226 switch (cmd)
2227 {
2228#ifndef OPENSSL_NO_RSA
2229 case SSL_CTRL_SET_TMP_RSA_CB:
2230 {
2231 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2232 }
2233 break;
2234#endif
2235#ifndef OPENSSL_NO_DH
2236 case SSL_CTRL_SET_TMP_DH_CB:
2237 {
2238 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2239 }
2240 break;
2241#endif
2242#ifndef OPENSSL_NO_ECDH
2243 case SSL_CTRL_SET_TMP_ECDH_CB:
2244 {
2245 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2246 }
2247 break;
2248#endif
2249#ifndef OPENSSL_NO_TLSEXT
2250 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2251 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2252 break;
2253
2254 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2255 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2256 break;
2257
2258 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2259 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
2260 unsigned char *,
2261 EVP_CIPHER_CTX *,
2262 HMAC_CTX *, int))fp;
2263 break;
2264
2265#endif
2266 default:
2267 return(0);
2268 }
2269 return(1);
2270 }
2271
2272/* This function needs to check if the ciphers required are actually
2273 * available */
2274SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2275 {
2276 SSL_CIPHER c,*cp;
2277 unsigned long id;
2278
2279 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2280 c.id=id;
2281 cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
2282 (char *)ssl3_ciphers,
2283 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
2284 FP_ICC ssl_cipher_id_cmp);
2285 if (cp == NULL || cp->valid == 0)
2286 return NULL;
2287 else
2288 return cp;
2289 }
2290
2291int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2292 {
2293 long l;
2294
2295 if (p != NULL)
2296 {
2297 l=c->id;
2298 if ((l & 0xff000000) != 0x03000000) return(0);
2299 p[0]=((unsigned char)(l>> 8L))&0xFF;
2300 p[1]=((unsigned char)(l ))&0xFF;
2301 }
2302 return(2);
2303 }
2304
2305SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2306 STACK_OF(SSL_CIPHER) *srvr)
2307 {
2308 SSL_CIPHER *c,*ret=NULL;
2309 STACK_OF(SSL_CIPHER) *prio, *allow;
2310 int i,j,ok;
2311
2312 CERT *cert;
2313 unsigned long alg,mask,emask;
2314
2315 /* Let's see which ciphers we can support */
2316 cert=s->cert;
2317
2318#if 0
2319 /* Do not set the compare functions, because this may lead to a
2320 * reordering by "id". We want to keep the original ordering.
2321 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2322 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2323 */
2324 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2325 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2326#endif
2327
2328#ifdef CIPHER_DEBUG
2329 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
2330 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2331 {
2332 c=sk_SSL_CIPHER_value(srvr,i);
2333 printf("%p:%s\n",c,c->name);
2334 }
2335 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
2336 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2337 {
2338 c=sk_SSL_CIPHER_value(clnt,i);
2339 printf("%p:%s\n",c,c->name);
2340 }
2341#endif
2342
2343 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2344 {
2345 prio = srvr;
2346 allow = clnt;
2347 }
2348 else
2349 {
2350 prio = clnt;
2351 allow = srvr;
2352 }
2353
2354 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2355 {
2356 c=sk_SSL_CIPHER_value(prio,i);
2357
2358 ssl_set_cert_masks(cert,c);
2359 mask=cert->mask;
2360 emask=cert->export_mask;
2361
2362#ifdef KSSL_DEBUG
2363 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
2364#endif /* KSSL_DEBUG */
2365
2366 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
2367#ifndef OPENSSL_NO_KRB5
2368 if (alg & SSL_KRB5)
2369 {
2370 if ( !kssl_keytab_is_available(s->kssl_ctx) )
2371 continue;
2372 }
2373#endif /* OPENSSL_NO_KRB5 */
2374 if (SSL_C_IS_EXPORT(c))
2375 {
2376 ok=((alg & emask) == alg)?1:0;
2377#ifdef CIPHER_DEBUG
2378 printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
2379 c,c->name);
2380#endif
2381 }
2382 else
2383 {
2384 ok=((alg & mask) == alg)?1:0;
2385#ifdef CIPHER_DEBUG
2386 printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
2387 c->name);
2388#endif
2389 }
2390
2391 if (!ok) continue;
2392 j=sk_SSL_CIPHER_find(allow,c);
2393 if (j >= 0)
2394 {
2395 ret=sk_SSL_CIPHER_value(allow,j);
2396 break;
2397 }
2398 }
2399 return(ret);
2400 }
2401
2402int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2403 {
2404 int ret=0;
2405 unsigned long alg;
2406
2407 alg=s->s3->tmp.new_cipher->algorithms;
2408
2409#ifndef OPENSSL_NO_DH
2410 if (alg & (SSL_kDHr|SSL_kEDH))
2411 {
2412# ifndef OPENSSL_NO_RSA
2413 p[ret++]=SSL3_CT_RSA_FIXED_DH;
2414# endif
2415# ifndef OPENSSL_NO_DSA
2416 p[ret++]=SSL3_CT_DSS_FIXED_DH;
2417# endif
2418 }
2419 if ((s->version == SSL3_VERSION) &&
2420 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
2421 {
2422# ifndef OPENSSL_NO_RSA
2423 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
2424# endif
2425# ifndef OPENSSL_NO_DSA
2426 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
2427# endif
2428 }
2429#endif /* !OPENSSL_NO_DH */
2430#ifndef OPENSSL_NO_RSA
2431 p[ret++]=SSL3_CT_RSA_SIGN;
2432#endif
2433#ifndef OPENSSL_NO_DSA
2434 p[ret++]=SSL3_CT_DSS_SIGN;
2435#endif
2436#ifndef OPENSSL_NO_ECDH
2437 /* We should ask for fixed ECDH certificates only
2438 * for SSL_kECDH (and not SSL_kECDHE)
2439 */
2440 if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
2441 {
2442 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2443 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
2444 }
2445#endif
2446
2447#ifndef OPENSSL_NO_ECDSA
2448 /* ECDSA certs can be used with RSA cipher suites as well
2449 * so we don't need to check for SSL_kECDH or SSL_kECDHE
2450 */
2451 if (s->version >= TLS1_VERSION)
2452 {
2453 p[ret++]=TLS_CT_ECDSA_SIGN;
2454 }
2455#endif
2456 return(ret);
2457 }
2458
2459int ssl3_shutdown(SSL *s)
2460 {
2461
2462 /* Don't do anything much if we have not done the handshake or
2463 * we don't want to send messages :-) */
2464 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
2465 {
2466 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2467 return(1);
2468 }
2469
2470 if (!(s->shutdown & SSL_SENT_SHUTDOWN))
2471 {
2472 s->shutdown|=SSL_SENT_SHUTDOWN;
2473#if 1
2474 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
2475#endif
2476 /* our shutdown alert has been sent now, and if it still needs
2477 * to be written, s->s3->alert_dispatch will be true */
2478 }
2479 else if (s->s3->alert_dispatch)
2480 {
2481 /* resend it if not sent */
2482#if 1
2483 s->method->ssl_dispatch_alert(s);
2484#endif
2485 }
2486 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
2487 {
2488 /* If we are waiting for a close from our peer, we are closed */
2489 s->method->ssl_read_bytes(s,0,NULL,0,0);
2490 }
2491
2492 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2493 !s->s3->alert_dispatch)
2494 return(1);
2495 else
2496 return(0);
2497 }
2498
2499int ssl3_write(SSL *s, const void *buf, int len)
2500 {
2501 int ret,n;
2502
2503#if 0
2504 if (s->shutdown & SSL_SEND_SHUTDOWN)
2505 {
2506 s->rwstate=SSL_NOTHING;
2507 return(0);
2508 }
2509#endif
2510 clear_sys_error();
2511 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2512
2513 /* This is an experimental flag that sends the
2514 * last handshake message in the same packet as the first
2515 * use data - used to see if it helps the TCP protocol during
2516 * session-id reuse */
2517 /* The second test is because the buffer may have been removed */
2518 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
2519 {
2520 /* First time through, we write into the buffer */
2521 if (s->s3->delay_buf_pop_ret == 0)
2522 {
2523 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
2524 buf,len);
2525 if (ret <= 0) return(ret);
2526
2527 s->s3->delay_buf_pop_ret=ret;
2528 }
2529
2530 s->rwstate=SSL_WRITING;
2531 n=BIO_flush(s->wbio);
2532 if (n <= 0) return(n);
2533 s->rwstate=SSL_NOTHING;
2534
2535 /* We have flushed the buffer, so remove it */
2536 ssl_free_wbio_buffer(s);
2537 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2538
2539 ret=s->s3->delay_buf_pop_ret;
2540 s->s3->delay_buf_pop_ret=0;
2541 }
2542 else
2543 {
2544 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
2545 buf,len);
2546 if (ret <= 0) return(ret);
2547 }
2548
2549 return(ret);
2550 }
2551
2552static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2553 {
2554 int ret;
2555
2556 clear_sys_error();
2557 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2558 s->s3->in_read_app_data=1;
2559 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2560 if ((ret == -1) && (s->s3->in_read_app_data == 2))
2561 {
2562 /* ssl3_read_bytes decided to call s->handshake_func, which
2563 * called ssl3_read_bytes to read handshake data.
2564 * However, ssl3_read_bytes actually found application data
2565 * and thinks that application data makes sense here; so disable
2566 * handshake processing and try to read application data again. */
2567 s->in_handshake++;
2568 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2569 s->in_handshake--;
2570 }
2571 else
2572 s->s3->in_read_app_data=0;
2573
2574 return(ret);
2575 }
2576
2577int ssl3_read(SSL *s, void *buf, int len)
2578 {
2579 return ssl3_read_internal(s, buf, len, 0);
2580 }
2581
2582int ssl3_peek(SSL *s, void *buf, int len)
2583 {
2584 return ssl3_read_internal(s, buf, len, 1);
2585 }
2586
2587int ssl3_renegotiate(SSL *s)
2588 {
2589 if (s->handshake_func == NULL)
2590 return(1);
2591
2592 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2593 return(0);
2594
2595 if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
2596 return(0);
2597
2598 s->s3->renegotiate=1;
2599 return(1);
2600 }
2601
2602int ssl3_renegotiate_check(SSL *s)
2603 {
2604 int ret=0;
2605
2606 if (s->s3->renegotiate)
2607 {
2608 if ( (s->s3->rbuf.left == 0) &&
2609 (s->s3->wbuf.left == 0) &&
2610 !SSL_in_init(s))
2611 {
2612/*
2613if we are the server, and we have sent a 'RENEGOTIATE' message, we
2614need to go to SSL_ST_ACCEPT.
2615*/
2616 /* SSL_ST_ACCEPT */
2617 s->state=SSL_ST_RENEGOTIATE;
2618 s->s3->renegotiate=0;
2619 s->s3->num_renegotiations++;
2620 s->s3->total_renegotiations++;
2621 ret=1;
2622 }
2623 }
2624 return(ret);
2625 }
2626
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
deleted file mode 100644
index 515739c08c..0000000000
--- a/src/lib/libssl/s3_pkt.c
+++ /dev/null
@@ -1,1328 +0,0 @@
1/* ssl/s3_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <errno.h>
114#define USE_SOCKETS
115#include "ssl_locl.h"
116#include <openssl/evp.h>
117#include <openssl/buffer.h>
118
119static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
120 unsigned int len, int create_empty_fragment);
121static int ssl3_get_record(SSL *s);
122
123int ssl3_read_n(SSL *s, int n, int max, int extend)
124 {
125 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
126 * packet by another n bytes.
127 * The packet will be in the sub-array of s->s3->rbuf.buf specified
128 * by s->packet and s->packet_length.
129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
130 * [plus s->packet_length bytes if extend == 1].)
131 */
132 int i,off,newb;
133
134 if (!extend)
135 {
136 /* start with empty packet ... */
137 if (s->s3->rbuf.left == 0)
138 s->s3->rbuf.offset = 0;
139 s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
140 s->packet_length = 0;
141 /* ... now we can act as if 'extend' was set */
142 }
143
144 /* extend reads should not span multiple packets for DTLS */
145 if ( SSL_version(s) == DTLS1_VERSION &&
146 extend)
147 {
148 if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
149 n = s->s3->rbuf.left;
150 }
151
152 /* if there is enough in the buffer from a previous read, take some */
153 if (s->s3->rbuf.left >= (int)n)
154 {
155 s->packet_length+=n;
156 s->s3->rbuf.left-=n;
157 s->s3->rbuf.offset+=n;
158 return(n);
159 }
160
161 /* else we need to read more data */
162 if (!s->read_ahead)
163 max=n;
164
165 {
166 /* avoid buffer overflow */
167 int max_max = s->s3->rbuf.len - s->packet_length;
168 if (max > max_max)
169 max = max_max;
170 }
171 if (n > max) /* does not happen */
172 {
173 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
174 return -1;
175 }
176
177 off = s->packet_length;
178 newb = s->s3->rbuf.left;
179 /* Move any available bytes to front of buffer:
180 * 'off' bytes already pointed to by 'packet',
181 * 'newb' extra ones at the end */
182 if (s->packet != s->s3->rbuf.buf)
183 {
184 /* off > 0 */
185 memmove(s->s3->rbuf.buf, s->packet, off+newb);
186 s->packet = s->s3->rbuf.buf;
187 }
188
189 while (newb < n)
190 {
191 /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
192 * to read in more until we have off+n (up to off+max if possible) */
193
194 clear_sys_error();
195 if (s->rbio != NULL)
196 {
197 s->rwstate=SSL_READING;
198 i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
199 }
200 else
201 {
202 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
203 i = -1;
204 }
205
206 if (i <= 0)
207 {
208 s->s3->rbuf.left = newb;
209 return(i);
210 }
211 newb+=i;
212 }
213
214 /* done reading, now the book-keeping */
215 s->s3->rbuf.offset = off + n;
216 s->s3->rbuf.left = newb - n;
217 s->packet_length += n;
218 s->rwstate=SSL_NOTHING;
219 return(n);
220 }
221
222/* Call this to get a new input record.
223 * It will return <= 0 if more data is needed, normally due to an error
224 * or non-blocking IO.
225 * When it finishes, one packet has been decoded and can be found in
226 * ssl->s3->rrec.type - is the type of record
227 * ssl->s3->rrec.data, - data
228 * ssl->s3->rrec.length, - number of bytes
229 */
230/* used only by ssl3_read_bytes */
231static int ssl3_get_record(SSL *s)
232 {
233 int ssl_major,ssl_minor,al;
234 int enc_err,n,i,ret= -1;
235 SSL3_RECORD *rr;
236 SSL_SESSION *sess;
237 unsigned char *p;
238 unsigned char md[EVP_MAX_MD_SIZE];
239 short version;
240 unsigned int mac_size;
241 int clear=0;
242 size_t extra;
243 int decryption_failed_or_bad_record_mac = 0;
244 unsigned char *mac = NULL;
245
246 rr= &(s->s3->rrec);
247 sess=s->session;
248
249 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
250 extra=SSL3_RT_MAX_EXTRA;
251 else
252 extra=0;
253 if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
254 {
255 /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
256 * set after ssl3_setup_buffers() was done */
257 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
258 return -1;
259 }
260
261again:
262 /* check if we have the header */
263 if ( (s->rstate != SSL_ST_READ_BODY) ||
264 (s->packet_length < SSL3_RT_HEADER_LENGTH))
265 {
266 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
267 if (n <= 0) return(n); /* error or non-blocking */
268 s->rstate=SSL_ST_READ_BODY;
269
270 p=s->packet;
271
272 /* Pull apart the header into the SSL3_RECORD */
273 rr->type= *(p++);
274 ssl_major= *(p++);
275 ssl_minor= *(p++);
276 version=(ssl_major<<8)|ssl_minor;
277 n2s(p,rr->length);
278
279 /* Lets check version */
280 if (!s->first_packet)
281 {
282 if (version != s->version)
283 {
284 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
285 if ((s->version & 0xFF00) == (version & 0xFF00))
286 /* Send back error using their
287 * minor version number :-) */
288 s->version = (unsigned short)version;
289 al=SSL_AD_PROTOCOL_VERSION;
290 goto f_err;
291 }
292 }
293
294 if ((version>>8) != SSL3_VERSION_MAJOR)
295 {
296 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
297 goto err;
298 }
299
300 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
301 {
302 al=SSL_AD_RECORD_OVERFLOW;
303 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
304 goto f_err;
305 }
306
307 /* now s->rstate == SSL_ST_READ_BODY */
308 }
309
310 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
311
312 if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
313 {
314 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
315 i=rr->length;
316 n=ssl3_read_n(s,i,i,1);
317 if (n <= 0) return(n); /* error or non-blocking io */
318 /* now n == rr->length,
319 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
320 }
321
322 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
323
324 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
325 * and we have that many bytes in s->packet
326 */
327 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
328
329 /* ok, we can now read from 's->packet' data into 'rr'
330 * rr->input points at rr->length bytes, which
331 * need to be copied into rr->data by either
332 * the decryption or by the decompression
333 * When the data is 'copied' into the rr->data buffer,
334 * rr->input will be pointed at the new buffer */
335
336 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
337 * rr->length bytes of encrypted compressed stuff. */
338
339 /* check is not needed I believe */
340 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
341 {
342 al=SSL_AD_RECORD_OVERFLOW;
343 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
344 goto f_err;
345 }
346
347 /* decrypt in place in 'rr->input' */
348 rr->data=rr->input;
349
350 enc_err = s->method->ssl3_enc->enc(s,0);
351 if (enc_err <= 0)
352 {
353 if (enc_err == 0)
354 /* SSLerr() and ssl3_send_alert() have been called */
355 goto err;
356
357 /* Otherwise enc_err == -1, which indicates bad padding
358 * (rec->length has not been changed in this case).
359 * To minimize information leaked via timing, we will perform
360 * the MAC computation anyway. */
361 decryption_failed_or_bad_record_mac = 1;
362 }
363
364#ifdef TLS_DEBUG
365printf("dec %d\n",rr->length);
366{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
367printf("\n");
368#endif
369
370 /* r->length is now the compressed data plus mac */
371 if ( (sess == NULL) ||
372 (s->enc_read_ctx == NULL) ||
373 (s->read_hash == NULL))
374 clear=1;
375
376 if (!clear)
377 {
378 mac_size=EVP_MD_size(s->read_hash);
379
380 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
381 {
382#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
383 al=SSL_AD_RECORD_OVERFLOW;
384 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
385 goto f_err;
386#else
387 decryption_failed_or_bad_record_mac = 1;
388#endif
389 }
390 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
391 if (rr->length >= mac_size)
392 {
393 rr->length -= mac_size;
394 mac = &rr->data[rr->length];
395 }
396 else
397 {
398 /* record (minus padding) is too short to contain a MAC */
399#if 0 /* OK only for stream ciphers */
400 al=SSL_AD_DECODE_ERROR;
401 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
402 goto f_err;
403#else
404 decryption_failed_or_bad_record_mac = 1;
405 rr->length = 0;
406#endif
407 }
408 i=s->method->ssl3_enc->mac(s,md,0);
409 if (mac == NULL || memcmp(md, mac, mac_size) != 0)
410 {
411 decryption_failed_or_bad_record_mac = 1;
412 }
413 }
414
415 if (decryption_failed_or_bad_record_mac)
416 {
417 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
418 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
419 * failure is directly visible from the ciphertext anyway,
420 * we should not reveal which kind of error occured -- this
421 * might become visible to an attacker (e.g. via a logfile) */
422 al=SSL_AD_BAD_RECORD_MAC;
423 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
424 goto f_err;
425 }
426
427 /* r->length is now just compressed */
428 if (s->expand != NULL)
429 {
430 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
431 {
432 al=SSL_AD_RECORD_OVERFLOW;
433 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
434 goto f_err;
435 }
436 if (!ssl3_do_uncompress(s))
437 {
438 al=SSL_AD_DECOMPRESSION_FAILURE;
439 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
440 goto f_err;
441 }
442 }
443
444 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
445 {
446 al=SSL_AD_RECORD_OVERFLOW;
447 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
448 goto f_err;
449 }
450
451 rr->off=0;
452 /* So at this point the following is true
453 * ssl->s3->rrec.type is the type of record
454 * ssl->s3->rrec.length == number of bytes in record
455 * ssl->s3->rrec.off == offset to first valid byte
456 * ssl->s3->rrec.data == where to take bytes from, increment
457 * after use :-).
458 */
459
460 /* we have pulled in a full packet so zero things */
461 s->packet_length=0;
462
463 /* just read a 0 length packet */
464 if (rr->length == 0) goto again;
465
466 return(1);
467
468f_err:
469 ssl3_send_alert(s,SSL3_AL_FATAL,al);
470err:
471 return(ret);
472 }
473
474int ssl3_do_uncompress(SSL *ssl)
475 {
476#ifndef OPENSSL_NO_COMP
477 int i;
478 SSL3_RECORD *rr;
479
480 rr= &(ssl->s3->rrec);
481 i=COMP_expand_block(ssl->expand,rr->comp,
482 SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
483 if (i < 0)
484 return(0);
485 else
486 rr->length=i;
487 rr->data=rr->comp;
488#endif
489 return(1);
490 }
491
492int ssl3_do_compress(SSL *ssl)
493 {
494#ifndef OPENSSL_NO_COMP
495 int i;
496 SSL3_RECORD *wr;
497
498 wr= &(ssl->s3->wrec);
499 i=COMP_compress_block(ssl->compress,wr->data,
500 SSL3_RT_MAX_COMPRESSED_LENGTH,
501 wr->input,(int)wr->length);
502 if (i < 0)
503 return(0);
504 else
505 wr->length=i;
506
507 wr->input=wr->data;
508#endif
509 return(1);
510 }
511
512/* Call this to write data in records of type 'type'
513 * It will return <= 0 if not all data has been sent or non-blocking IO.
514 */
515int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
516 {
517 const unsigned char *buf=buf_;
518 unsigned int tot,n,nw;
519 int i;
520
521 s->rwstate=SSL_NOTHING;
522 tot=s->s3->wnum;
523 s->s3->wnum=0;
524
525 if (SSL_in_init(s) && !s->in_handshake)
526 {
527 i=s->handshake_func(s);
528 if (i < 0) return(i);
529 if (i == 0)
530 {
531 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
532 return -1;
533 }
534 }
535
536 n=(len-tot);
537 for (;;)
538 {
539 if (n > SSL3_RT_MAX_PLAIN_LENGTH)
540 nw=SSL3_RT_MAX_PLAIN_LENGTH;
541 else
542 nw=n;
543
544 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
545 if (i <= 0)
546 {
547 s->s3->wnum=tot;
548 return i;
549 }
550
551 if ((i == (int)n) ||
552 (type == SSL3_RT_APPLICATION_DATA &&
553 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
554 {
555 /* next chunk of data should get another prepended empty fragment
556 * in ciphersuites with known-IV weakness: */
557 s->s3->empty_fragment_done = 0;
558
559 return tot+i;
560 }
561
562 n-=i;
563 tot+=i;
564 }
565 }
566
567static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
568 unsigned int len, int create_empty_fragment)
569 {
570 unsigned char *p,*plen;
571 int i,mac_size,clear=0;
572 int prefix_len = 0;
573 SSL3_RECORD *wr;
574 SSL3_BUFFER *wb;
575 SSL_SESSION *sess;
576
577 /* first check if there is a SSL3_BUFFER still being written
578 * out. This will happen with non blocking IO */
579 if (s->s3->wbuf.left != 0)
580 return(ssl3_write_pending(s,type,buf,len));
581
582 /* If we have an alert to send, lets send it */
583 if (s->s3->alert_dispatch)
584 {
585 i=s->method->ssl_dispatch_alert(s);
586 if (i <= 0)
587 return(i);
588 /* if it went, fall through and send more stuff */
589 }
590
591 if (len == 0 && !create_empty_fragment)
592 return 0;
593
594 wr= &(s->s3->wrec);
595 wb= &(s->s3->wbuf);
596 sess=s->session;
597
598 if ( (sess == NULL) ||
599 (s->enc_write_ctx == NULL) ||
600 (s->write_hash == NULL))
601 clear=1;
602
603 if (clear)
604 mac_size=0;
605 else
606 mac_size=EVP_MD_size(s->write_hash);
607
608 /* 'create_empty_fragment' is true only when this function calls itself */
609 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
610 {
611 /* countermeasure against known-IV weakness in CBC ciphersuites
612 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
613
614 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
615 {
616 /* recursive function call with 'create_empty_fragment' set;
617 * this prepares and buffers the data for an empty fragment
618 * (these 'prefix_len' bytes are sent out later
619 * together with the actual payload) */
620 prefix_len = do_ssl3_write(s, type, buf, 0, 1);
621 if (prefix_len <= 0)
622 goto err;
623
624 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
625 {
626 /* insufficient space */
627 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
628 goto err;
629 }
630 }
631
632 s->s3->empty_fragment_done = 1;
633 }
634
635 p = wb->buf + prefix_len;
636
637 /* write the header */
638
639 *(p++)=type&0xff;
640 wr->type=type;
641
642 *(p++)=(s->version>>8);
643 *(p++)=s->version&0xff;
644
645 /* field where we are to write out packet length */
646 plen=p;
647 p+=2;
648
649 /* lets setup the record stuff. */
650 wr->data=p;
651 wr->length=(int)len;
652 wr->input=(unsigned char *)buf;
653
654 /* we now 'read' from wr->input, wr->length bytes into
655 * wr->data */
656
657 /* first we compress */
658 if (s->compress != NULL)
659 {
660 if (!ssl3_do_compress(s))
661 {
662 SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
663 goto err;
664 }
665 }
666 else
667 {
668 memcpy(wr->data,wr->input,wr->length);
669 wr->input=wr->data;
670 }
671
672 /* we should still have the output to wr->data and the input
673 * from wr->input. Length should be wr->length.
674 * wr->data still points in the wb->buf */
675
676 if (mac_size != 0)
677 {
678 s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
679 wr->length+=mac_size;
680 wr->input=p;
681 wr->data=p;
682 }
683
684 /* ssl3_enc can only have an error on read */
685 s->method->ssl3_enc->enc(s,1);
686
687 /* record length after mac and block padding */
688 s2n(wr->length,plen);
689
690 /* we should now have
691 * wr->data pointing to the encrypted data, which is
692 * wr->length long */
693 wr->type=type; /* not needed but helps for debugging */
694 wr->length+=SSL3_RT_HEADER_LENGTH;
695
696 if (create_empty_fragment)
697 {
698 /* we are in a recursive call;
699 * just return the length, don't write out anything here
700 */
701 return wr->length;
702 }
703
704 /* now let's set up wb */
705 wb->left = prefix_len + wr->length;
706 wb->offset = 0;
707
708 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
709 s->s3->wpend_tot=len;
710 s->s3->wpend_buf=buf;
711 s->s3->wpend_type=type;
712 s->s3->wpend_ret=len;
713
714 /* we now just need to write the buffer */
715 return ssl3_write_pending(s,type,buf,len);
716err:
717 return -1;
718 }
719
720/* if s->s3->wbuf.left != 0, we need to call this */
721int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
722 unsigned int len)
723 {
724 int i;
725
726/* XXXX */
727 if ((s->s3->wpend_tot > (int)len)
728 || ((s->s3->wpend_buf != buf) &&
729 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
730 || (s->s3->wpend_type != type))
731 {
732 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
733 return(-1);
734 }
735
736 for (;;)
737 {
738 clear_sys_error();
739 if (s->wbio != NULL)
740 {
741 s->rwstate=SSL_WRITING;
742 i=BIO_write(s->wbio,
743 (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
744 (unsigned int)s->s3->wbuf.left);
745 }
746 else
747 {
748 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
749 i= -1;
750 }
751 if (i == s->s3->wbuf.left)
752 {
753 s->s3->wbuf.left=0;
754 s->rwstate=SSL_NOTHING;
755 return(s->s3->wpend_ret);
756 }
757 else if (i <= 0) {
758 if (s->version == DTLS1_VERSION ||
759 s->version == DTLS1_BAD_VER) {
760 /* For DTLS, just drop it. That's kind of the whole
761 point in using a datagram service */
762 s->s3->wbuf.left = 0;
763 }
764 return(i);
765 }
766 s->s3->wbuf.offset+=i;
767 s->s3->wbuf.left-=i;
768 }
769 }
770
771/* Return up to 'len' payload bytes received in 'type' records.
772 * 'type' is one of the following:
773 *
774 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
775 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
776 * - 0 (during a shutdown, no data has to be returned)
777 *
778 * If we don't have stored data to work from, read a SSL/TLS record first
779 * (possibly multiple records if we still don't have anything to return).
780 *
781 * This function must handle any surprises the peer may have for us, such as
782 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
783 * a surprise, but handled as if it were), or renegotiation requests.
784 * Also if record payloads contain fragments too small to process, we store
785 * them until there is enough for the respective protocol (the record protocol
786 * may use arbitrary fragmentation and even interleaving):
787 * Change cipher spec protocol
788 * just 1 byte needed, no need for keeping anything stored
789 * Alert protocol
790 * 2 bytes needed (AlertLevel, AlertDescription)
791 * Handshake protocol
792 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
793 * to detect unexpected Client Hello and Hello Request messages
794 * here, anything else is handled by higher layers
795 * Application data protocol
796 * none of our business
797 */
798int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
799 {
800 int al,i,j,ret;
801 unsigned int n;
802 SSL3_RECORD *rr;
803 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
804
805 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
806 if (!ssl3_setup_buffers(s))
807 return(-1);
808
809 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
810 (peek && (type != SSL3_RT_APPLICATION_DATA)))
811 {
812 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
813 return -1;
814 }
815
816 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
817 /* (partially) satisfy request from storage */
818 {
819 unsigned char *src = s->s3->handshake_fragment;
820 unsigned char *dst = buf;
821 unsigned int k;
822
823 /* peek == 0 */
824 n = 0;
825 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
826 {
827 *dst++ = *src++;
828 len--; s->s3->handshake_fragment_len--;
829 n++;
830 }
831 /* move any remaining fragment bytes: */
832 for (k = 0; k < s->s3->handshake_fragment_len; k++)
833 s->s3->handshake_fragment[k] = *src++;
834 return n;
835 }
836
837 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
838
839 if (!s->in_handshake && SSL_in_init(s))
840 {
841 /* type == SSL3_RT_APPLICATION_DATA */
842 i=s->handshake_func(s);
843 if (i < 0) return(i);
844 if (i == 0)
845 {
846 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
847 return(-1);
848 }
849 }
850start:
851 s->rwstate=SSL_NOTHING;
852
853 /* s->s3->rrec.type - is the type of record
854 * s->s3->rrec.data, - data
855 * s->s3->rrec.off, - offset into 'data' for next read
856 * s->s3->rrec.length, - number of bytes. */
857 rr = &(s->s3->rrec);
858
859 /* get new packet if necessary */
860 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
861 {
862 ret=ssl3_get_record(s);
863 if (ret <= 0) return(ret);
864 }
865
866 /* we now have a packet which can be read and processed */
867
868 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
869 * reset by ssl3_get_finished */
870 && (rr->type != SSL3_RT_HANDSHAKE))
871 {
872 al=SSL_AD_UNEXPECTED_MESSAGE;
873 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
874 goto f_err;
875 }
876
877 /* If the other end has shut down, throw anything we read away
878 * (even in 'peek' mode) */
879 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
880 {
881 rr->length=0;
882 s->rwstate=SSL_NOTHING;
883 return(0);
884 }
885
886
887 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
888 {
889 /* make sure that we are not getting application data when we
890 * are doing a handshake for the first time */
891 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
892 (s->enc_read_ctx == NULL))
893 {
894 al=SSL_AD_UNEXPECTED_MESSAGE;
895 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
896 goto f_err;
897 }
898
899 if (len <= 0) return(len);
900
901 if ((unsigned int)len > rr->length)
902 n = rr->length;
903 else
904 n = (unsigned int)len;
905
906 memcpy(buf,&(rr->data[rr->off]),n);
907 if (!peek)
908 {
909 rr->length-=n;
910 rr->off+=n;
911 if (rr->length == 0)
912 {
913 s->rstate=SSL_ST_READ_HEADER;
914 rr->off=0;
915 }
916 }
917 return(n);
918 }
919
920
921 /* If we get here, then type != rr->type; if we have a handshake
922 * message, then it was unexpected (Hello Request or Client Hello). */
923
924 /* In case of record types for which we have 'fragment' storage,
925 * fill that so that we can process the data at a fixed place.
926 */
927 {
928 unsigned int dest_maxlen = 0;
929 unsigned char *dest = NULL;
930 unsigned int *dest_len = NULL;
931
932 if (rr->type == SSL3_RT_HANDSHAKE)
933 {
934 dest_maxlen = sizeof s->s3->handshake_fragment;
935 dest = s->s3->handshake_fragment;
936 dest_len = &s->s3->handshake_fragment_len;
937 }
938 else if (rr->type == SSL3_RT_ALERT)
939 {
940 dest_maxlen = sizeof s->s3->alert_fragment;
941 dest = s->s3->alert_fragment;
942 dest_len = &s->s3->alert_fragment_len;
943 }
944
945 if (dest_maxlen > 0)
946 {
947 n = dest_maxlen - *dest_len; /* available space in 'dest' */
948 if (rr->length < n)
949 n = rr->length; /* available bytes */
950
951 /* now move 'n' bytes: */
952 while (n-- > 0)
953 {
954 dest[(*dest_len)++] = rr->data[rr->off++];
955 rr->length--;
956 }
957
958 if (*dest_len < dest_maxlen)
959 goto start; /* fragment was too small */
960 }
961 }
962
963 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
964 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
965 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
966
967 /* If we are a client, check for an incoming 'Hello Request': */
968 if ((!s->server) &&
969 (s->s3->handshake_fragment_len >= 4) &&
970 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
971 (s->session != NULL) && (s->session->cipher != NULL))
972 {
973 s->s3->handshake_fragment_len = 0;
974
975 if ((s->s3->handshake_fragment[1] != 0) ||
976 (s->s3->handshake_fragment[2] != 0) ||
977 (s->s3->handshake_fragment[3] != 0))
978 {
979 al=SSL_AD_DECODE_ERROR;
980 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
981 goto f_err;
982 }
983
984 if (s->msg_callback)
985 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
986
987 if (SSL_is_init_finished(s) &&
988 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
989 (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) &&
990 !s->s3->renegotiate)
991 {
992 ssl3_renegotiate(s);
993 if (ssl3_renegotiate_check(s))
994 {
995 i=s->handshake_func(s);
996 if (i < 0) return(i);
997 if (i == 0)
998 {
999 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1000 return(-1);
1001 }
1002
1003 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1004 {
1005 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1006 {
1007 BIO *bio;
1008 /* In the case where we try to read application data,
1009 * but we trigger an SSL handshake, we return -1 with
1010 * the retry option set. Otherwise renegotiation may
1011 * cause nasty problems in the blocking world */
1012 s->rwstate=SSL_READING;
1013 bio=SSL_get_rbio(s);
1014 BIO_clear_retry_flags(bio);
1015 BIO_set_retry_read(bio);
1016 return(-1);
1017 }
1018 }
1019 }
1020 }
1021 /* we either finished a handshake or ignored the request,
1022 * now try again to obtain the (application) data we were asked for */
1023 goto start;
1024 }
1025
1026 if (s->s3->alert_fragment_len >= 2)
1027 {
1028 int alert_level = s->s3->alert_fragment[0];
1029 int alert_descr = s->s3->alert_fragment[1];
1030
1031 s->s3->alert_fragment_len = 0;
1032
1033 if (s->msg_callback)
1034 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1035
1036 if (s->info_callback != NULL)
1037 cb=s->info_callback;
1038 else if (s->ctx->info_callback != NULL)
1039 cb=s->ctx->info_callback;
1040
1041 if (cb != NULL)
1042 {
1043 j = (alert_level << 8) | alert_descr;
1044 cb(s, SSL_CB_READ_ALERT, j);
1045 }
1046
1047 if (alert_level == 1) /* warning */
1048 {
1049 s->s3->warn_alert = alert_descr;
1050 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1051 {
1052 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1053 return(0);
1054 }
1055 }
1056 else if (alert_level == 2) /* fatal */
1057 {
1058 char tmp[16];
1059
1060 s->rwstate=SSL_NOTHING;
1061 s->s3->fatal_alert = alert_descr;
1062 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1063 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1064 ERR_add_error_data(2,"SSL alert number ",tmp);
1065 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1066 SSL_CTX_remove_session(s->ctx,s->session);
1067 return(0);
1068 }
1069 else
1070 {
1071 al=SSL_AD_ILLEGAL_PARAMETER;
1072 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1073 goto f_err;
1074 }
1075
1076 goto start;
1077 }
1078
1079 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1080 {
1081 s->rwstate=SSL_NOTHING;
1082 rr->length=0;
1083 return(0);
1084 }
1085
1086 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1087 {
1088 /* 'Change Cipher Spec' is just a single byte, so we know
1089 * exactly what the record payload has to look like */
1090 if ( (rr->length != 1) || (rr->off != 0) ||
1091 (rr->data[0] != SSL3_MT_CCS))
1092 {
1093 al=SSL_AD_ILLEGAL_PARAMETER;
1094 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1095 goto f_err;
1096 }
1097
1098 /* Check we have a cipher to change to */
1099 if (s->s3->tmp.new_cipher == NULL)
1100 {
1101 al=SSL_AD_UNEXPECTED_MESSAGE;
1102 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
1103 goto f_err;
1104 }
1105
1106 rr->length=0;
1107
1108 if (s->msg_callback)
1109 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1110
1111 s->s3->change_cipher_spec=1;
1112 if (!ssl3_do_change_cipher_spec(s))
1113 goto err;
1114 else
1115 goto start;
1116 }
1117
1118 /* Unexpected handshake message (Client Hello, or protocol violation) */
1119 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1120 {
1121 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1122 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1123 (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1124 {
1125#if 0 /* worked only because C operator preferences are not as expected (and
1126 * because this is not really needed for clients except for detecting
1127 * protocol violations): */
1128 s->state=SSL_ST_BEFORE|(s->server)
1129 ?SSL_ST_ACCEPT
1130 :SSL_ST_CONNECT;
1131#else
1132 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1133#endif
1134 s->new_session=1;
1135 }
1136 i=s->handshake_func(s);
1137 if (i < 0) return(i);
1138 if (i == 0)
1139 {
1140 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1141 return(-1);
1142 }
1143
1144 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1145 {
1146 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1147 {
1148 BIO *bio;
1149 /* In the case where we try to read application data,
1150 * but we trigger an SSL handshake, we return -1 with
1151 * the retry option set. Otherwise renegotiation may
1152 * cause nasty problems in the blocking world */
1153 s->rwstate=SSL_READING;
1154 bio=SSL_get_rbio(s);
1155 BIO_clear_retry_flags(bio);
1156 BIO_set_retry_read(bio);
1157 return(-1);
1158 }
1159 }
1160 goto start;
1161 }
1162
1163 switch (rr->type)
1164 {
1165 default:
1166#ifndef OPENSSL_NO_TLS
1167 /* TLS just ignores unknown message types */
1168 if (s->version == TLS1_VERSION)
1169 {
1170 rr->length = 0;
1171 goto start;
1172 }
1173#endif
1174 al=SSL_AD_UNEXPECTED_MESSAGE;
1175 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1176 goto f_err;
1177 case SSL3_RT_CHANGE_CIPHER_SPEC:
1178 case SSL3_RT_ALERT:
1179 case SSL3_RT_HANDSHAKE:
1180 /* we already handled all of these, with the possible exception
1181 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1182 * should not happen when type != rr->type */
1183 al=SSL_AD_UNEXPECTED_MESSAGE;
1184 SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
1185 goto f_err;
1186 case SSL3_RT_APPLICATION_DATA:
1187 /* At this point, we were expecting handshake data,
1188 * but have application data. If the library was
1189 * running inside ssl3_read() (i.e. in_read_app_data
1190 * is set) and it makes sense to read application data
1191 * at this point (session renegotiation not yet started),
1192 * we will indulge it.
1193 */
1194 if (s->s3->in_read_app_data &&
1195 (s->s3->total_renegotiations != 0) &&
1196 ((
1197 (s->state & SSL_ST_CONNECT) &&
1198 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1199 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1200 ) || (
1201 (s->state & SSL_ST_ACCEPT) &&
1202 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1203 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1204 )
1205 ))
1206 {
1207 s->s3->in_read_app_data=2;
1208 return(-1);
1209 }
1210 else
1211 {
1212 al=SSL_AD_UNEXPECTED_MESSAGE;
1213 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1214 goto f_err;
1215 }
1216 }
1217 /* not reached */
1218
1219f_err:
1220 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1221err:
1222 return(-1);
1223 }
1224
1225int ssl3_do_change_cipher_spec(SSL *s)
1226 {
1227 int i;
1228 const char *sender;
1229 int slen;
1230
1231 if (s->state & SSL_ST_ACCEPT)
1232 i=SSL3_CHANGE_CIPHER_SERVER_READ;
1233 else
1234 i=SSL3_CHANGE_CIPHER_CLIENT_READ;
1235
1236 if (s->s3->tmp.key_block == NULL)
1237 {
1238 if (s->session == NULL)
1239 {
1240 /* might happen if dtls1_read_bytes() calls this */
1241 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
1242 return (0);
1243 }
1244
1245 s->session->cipher=s->s3->tmp.new_cipher;
1246 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1247 }
1248
1249 if (!s->method->ssl3_enc->change_cipher_state(s,i))
1250 return(0);
1251
1252 /* we have to record the message digest at
1253 * this point so we can get it before we read
1254 * the finished message */
1255 if (s->state & SSL_ST_CONNECT)
1256 {
1257 sender=s->method->ssl3_enc->server_finished_label;
1258 slen=s->method->ssl3_enc->server_finished_label_len;
1259 }
1260 else
1261 {
1262 sender=s->method->ssl3_enc->client_finished_label;
1263 slen=s->method->ssl3_enc->client_finished_label_len;
1264 }
1265
1266 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
1267 &(s->s3->finish_dgst1),
1268 &(s->s3->finish_dgst2),
1269 sender,slen,s->s3->tmp.peer_finish_md);
1270
1271 return(1);
1272 }
1273
1274void ssl3_send_alert(SSL *s, int level, int desc)
1275 {
1276 /* Map tls/ssl alert value to correct one */
1277 desc=s->method->ssl3_enc->alert_value(desc);
1278 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1279 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1280 if (desc < 0) return;
1281 /* If a fatal one, remove from cache */
1282 if ((level == 2) && (s->session != NULL))
1283 SSL_CTX_remove_session(s->ctx,s->session);
1284
1285 s->s3->alert_dispatch=1;
1286 s->s3->send_alert[0]=level;
1287 s->s3->send_alert[1]=desc;
1288 if (s->s3->wbuf.left == 0) /* data still being written out? */
1289 s->method->ssl_dispatch_alert(s);
1290 /* else data is still being written out, we will get written
1291 * some time in the future */
1292 }
1293
1294int ssl3_dispatch_alert(SSL *s)
1295 {
1296 int i,j;
1297 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1298
1299 s->s3->alert_dispatch=0;
1300 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1301 if (i <= 0)
1302 {
1303 s->s3->alert_dispatch=1;
1304 }
1305 else
1306 {
1307 /* Alert sent to BIO. If it is important, flush it now.
1308 * If the message does not get sent due to non-blocking IO,
1309 * we will not worry too much. */
1310 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1311 (void)BIO_flush(s->wbio);
1312
1313 if (s->msg_callback)
1314 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
1315
1316 if (s->info_callback != NULL)
1317 cb=s->info_callback;
1318 else if (s->ctx->info_callback != NULL)
1319 cb=s->ctx->info_callback;
1320
1321 if (cb != NULL)
1322 {
1323 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1324 cb(s,SSL_CB_WRITE_ALERT,j);
1325 }
1326 }
1327 return(i);
1328 }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
deleted file mode 100644
index 79f3706c31..0000000000
--- a/src/lib/libssl/s3_srvr.c
+++ /dev/null
@@ -1,2853 +0,0 @@
1/* ssl/s3_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124
125#define REUSE_CIPHER_BUG
126#define NETSCAPE_HANG_BUG
127
128#include <stdio.h>
129#include "ssl_locl.h"
130#include "kssl_lcl.h"
131#include <openssl/buffer.h>
132#include <openssl/rand.h>
133#include <openssl/objects.h>
134#include <openssl/evp.h>
135#include <openssl/hmac.h>
136#include <openssl/x509.h>
137#ifndef OPENSSL_NO_DH
138#include <openssl/dh.h>
139#endif
140#include <openssl/bn.h>
141#ifndef OPENSSL_NO_KRB5
142#include <openssl/krb5_asn.h>
143#endif
144#include <openssl/md5.h>
145
146static SSL_METHOD *ssl3_get_server_method(int ver);
147#ifndef OPENSSL_NO_ECDH
148static int nid2curve_id(int nid);
149#endif
150
151static SSL_METHOD *ssl3_get_server_method(int ver)
152 {
153 if (ver == SSL3_VERSION)
154 return(SSLv3_server_method());
155 else
156 return(NULL);
157 }
158
159IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
160 ssl3_accept,
161 ssl_undefined_function,
162 ssl3_get_server_method)
163
164int ssl3_accept(SSL *s)
165 {
166 BUF_MEM *buf;
167 unsigned long l,Time=(unsigned long)time(NULL);
168 void (*cb)(const SSL *ssl,int type,int val)=NULL;
169 long num1;
170 int ret= -1;
171 int new_state,state,skip=0;
172
173 RAND_add(&Time,sizeof(Time),0);
174 ERR_clear_error();
175 clear_sys_error();
176
177 if (s->info_callback != NULL)
178 cb=s->info_callback;
179 else if (s->ctx->info_callback != NULL)
180 cb=s->ctx->info_callback;
181
182 /* init things to blank */
183 s->in_handshake++;
184 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
185
186 if (s->cert == NULL)
187 {
188 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
189 return(-1);
190 }
191
192 for (;;)
193 {
194 state=s->state;
195
196 switch (s->state)
197 {
198 case SSL_ST_RENEGOTIATE:
199 s->new_session=1;
200 /* s->state=SSL_ST_ACCEPT; */
201
202 case SSL_ST_BEFORE:
203 case SSL_ST_ACCEPT:
204 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
205 case SSL_ST_OK|SSL_ST_ACCEPT:
206
207 s->server=1;
208 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
209
210 if ((s->version>>8) != 3)
211 {
212 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
213 return -1;
214 }
215 s->type=SSL_ST_ACCEPT;
216
217 if (s->init_buf == NULL)
218 {
219 if ((buf=BUF_MEM_new()) == NULL)
220 {
221 ret= -1;
222 goto end;
223 }
224 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
225 {
226 ret= -1;
227 goto end;
228 }
229 s->init_buf=buf;
230 }
231
232 if (!ssl3_setup_buffers(s))
233 {
234 ret= -1;
235 goto end;
236 }
237
238 s->init_num=0;
239
240 if (s->state != SSL_ST_RENEGOTIATE)
241 {
242 /* Ok, we now need to push on a buffering BIO so that
243 * the output is sent in a way that TCP likes :-)
244 */
245 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
246
247 ssl3_init_finished_mac(s);
248 s->state=SSL3_ST_SR_CLNT_HELLO_A;
249 s->ctx->stats.sess_accept++;
250 }
251 else
252 {
253 /* s->state == SSL_ST_RENEGOTIATE,
254 * we will just send a HelloRequest */
255 s->ctx->stats.sess_accept_renegotiate++;
256 s->state=SSL3_ST_SW_HELLO_REQ_A;
257 }
258 break;
259
260 case SSL3_ST_SW_HELLO_REQ_A:
261 case SSL3_ST_SW_HELLO_REQ_B:
262
263 s->shutdown=0;
264 ret=ssl3_send_hello_request(s);
265 if (ret <= 0) goto end;
266 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
267 s->state=SSL3_ST_SW_FLUSH;
268 s->init_num=0;
269
270 ssl3_init_finished_mac(s);
271 break;
272
273 case SSL3_ST_SW_HELLO_REQ_C:
274 s->state=SSL_ST_OK;
275 break;
276
277 case SSL3_ST_SR_CLNT_HELLO_A:
278 case SSL3_ST_SR_CLNT_HELLO_B:
279 case SSL3_ST_SR_CLNT_HELLO_C:
280
281 s->shutdown=0;
282 ret=ssl3_get_client_hello(s);
283 if (ret <= 0) goto end;
284 s->new_session = 2;
285 s->state=SSL3_ST_SW_SRVR_HELLO_A;
286 s->init_num=0;
287 break;
288
289 case SSL3_ST_SW_SRVR_HELLO_A:
290 case SSL3_ST_SW_SRVR_HELLO_B:
291 ret=ssl3_send_server_hello(s);
292 if (ret <= 0) goto end;
293#ifndef OPENSSL_NO_TLSEXT
294 if (s->hit)
295 {
296 if (s->tlsext_ticket_expected)
297 s->state=SSL3_ST_SW_SESSION_TICKET_A;
298 else
299 s->state=SSL3_ST_SW_CHANGE_A;
300 }
301#else
302 if (s->hit)
303 s->state=SSL3_ST_SW_CHANGE_A;
304#endif
305 else
306 s->state=SSL3_ST_SW_CERT_A;
307 s->init_num=0;
308 break;
309
310 case SSL3_ST_SW_CERT_A:
311 case SSL3_ST_SW_CERT_B:
312 /* Check if it is anon DH or anon ECDH or KRB5 */
313 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
314 && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
315 {
316 ret=ssl3_send_server_certificate(s);
317 if (ret <= 0) goto end;
318#ifndef OPENSSL_NO_TLSEXT
319 if (s->tlsext_status_expected)
320 s->state=SSL3_ST_SW_CERT_STATUS_A;
321 else
322 s->state=SSL3_ST_SW_KEY_EXCH_A;
323 }
324 else
325 {
326 skip = 1;
327 s->state=SSL3_ST_SW_KEY_EXCH_A;
328 }
329#else
330 }
331 else
332 skip=1;
333
334 s->state=SSL3_ST_SW_KEY_EXCH_A;
335#endif
336 s->init_num=0;
337 break;
338
339 case SSL3_ST_SW_KEY_EXCH_A:
340 case SSL3_ST_SW_KEY_EXCH_B:
341 l=s->s3->tmp.new_cipher->algorithms;
342
343 /* clear this, it may get reset by
344 * send_server_key_exchange */
345 if ((s->options & SSL_OP_EPHEMERAL_RSA)
346#ifndef OPENSSL_NO_KRB5
347 && !(l & SSL_KRB5)
348#endif /* OPENSSL_NO_KRB5 */
349 )
350 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
351 * even when forbidden by protocol specs
352 * (handshake may fail as clients are not required to
353 * be able to handle this) */
354 s->s3->tmp.use_rsa_tmp=1;
355 else
356 s->s3->tmp.use_rsa_tmp=0;
357
358
359 /* only send if a DH key exchange, fortezza or
360 * RSA but we have a sign only certificate
361 *
362 * For ECC ciphersuites, we send a serverKeyExchange
363 * message only if the cipher suite is either
364 * ECDH-anon or ECDHE. In other cases, the
365 * server certificate contains the server's
366 * public key for key exchange.
367 */
368 if (s->s3->tmp.use_rsa_tmp
369 || (l & SSL_kECDHE)
370 || (l & (SSL_DH|SSL_kFZA))
371 || ((l & SSL_kRSA)
372 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
373 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
374 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
375 )
376 )
377 )
378 )
379 {
380 ret=ssl3_send_server_key_exchange(s);
381 if (ret <= 0) goto end;
382 }
383 else
384 skip=1;
385
386 s->state=SSL3_ST_SW_CERT_REQ_A;
387 s->init_num=0;
388 break;
389
390 case SSL3_ST_SW_CERT_REQ_A:
391 case SSL3_ST_SW_CERT_REQ_B:
392 if (/* don't request cert unless asked for it: */
393 !(s->verify_mode & SSL_VERIFY_PEER) ||
394 /* if SSL_VERIFY_CLIENT_ONCE is set,
395 * don't request cert during re-negotiation: */
396 ((s->session->peer != NULL) &&
397 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
398 /* never request cert in anonymous ciphersuites
399 * (see section "Certificate request" in SSL 3 drafts
400 * and in RFC 2246): */
401 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
402 /* ... except when the application insists on verification
403 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
404 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
405 /* never request cert in Kerberos ciphersuites */
406 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
407 {
408 /* no cert request */
409 skip=1;
410 s->s3->tmp.cert_request=0;
411 s->state=SSL3_ST_SW_SRVR_DONE_A;
412 }
413 else
414 {
415 s->s3->tmp.cert_request=1;
416 ret=ssl3_send_certificate_request(s);
417 if (ret <= 0) goto end;
418#ifndef NETSCAPE_HANG_BUG
419 s->state=SSL3_ST_SW_SRVR_DONE_A;
420#else
421 s->state=SSL3_ST_SW_FLUSH;
422 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
423#endif
424 s->init_num=0;
425 }
426 break;
427
428 case SSL3_ST_SW_SRVR_DONE_A:
429 case SSL3_ST_SW_SRVR_DONE_B:
430 ret=ssl3_send_server_done(s);
431 if (ret <= 0) goto end;
432 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
433 s->state=SSL3_ST_SW_FLUSH;
434 s->init_num=0;
435 break;
436
437 case SSL3_ST_SW_FLUSH:
438 /* number of bytes to be flushed */
439 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
440 if (num1 > 0)
441 {
442 s->rwstate=SSL_WRITING;
443 num1=BIO_flush(s->wbio);
444 if (num1 <= 0) { ret= -1; goto end; }
445 s->rwstate=SSL_NOTHING;
446 }
447
448 s->state=s->s3->tmp.next_state;
449 break;
450
451 case SSL3_ST_SR_CERT_A:
452 case SSL3_ST_SR_CERT_B:
453 /* Check for second client hello (MS SGC) */
454 ret = ssl3_check_client_hello(s);
455 if (ret <= 0)
456 goto end;
457 if (ret == 2)
458 s->state = SSL3_ST_SR_CLNT_HELLO_C;
459 else {
460 if (s->s3->tmp.cert_request)
461 {
462 ret=ssl3_get_client_certificate(s);
463 if (ret <= 0) goto end;
464 }
465 s->init_num=0;
466 s->state=SSL3_ST_SR_KEY_EXCH_A;
467 }
468 break;
469
470 case SSL3_ST_SR_KEY_EXCH_A:
471 case SSL3_ST_SR_KEY_EXCH_B:
472 ret=ssl3_get_client_key_exchange(s);
473 if (ret <= 0)
474 goto end;
475 if (ret == 2)
476 {
477 /* For the ECDH ciphersuites when
478 * the client sends its ECDH pub key in
479 * a certificate, the CertificateVerify
480 * message is not sent.
481 */
482 s->state=SSL3_ST_SR_FINISHED_A;
483 s->init_num = 0;
484 }
485 else
486 {
487 s->state=SSL3_ST_SR_CERT_VRFY_A;
488 s->init_num=0;
489
490 /* We need to get hashes here so if there is
491 * a client cert, it can be verified
492 */
493 s->method->ssl3_enc->cert_verify_mac(s,
494 &(s->s3->finish_dgst1),
495 &(s->s3->tmp.cert_verify_md[0]));
496 s->method->ssl3_enc->cert_verify_mac(s,
497 &(s->s3->finish_dgst2),
498 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
499 }
500 break;
501
502 case SSL3_ST_SR_CERT_VRFY_A:
503 case SSL3_ST_SR_CERT_VRFY_B:
504
505 /* we should decide if we expected this one */
506 ret=ssl3_get_cert_verify(s);
507 if (ret <= 0) goto end;
508
509 s->state=SSL3_ST_SR_FINISHED_A;
510 s->init_num=0;
511 break;
512
513 case SSL3_ST_SR_FINISHED_A:
514 case SSL3_ST_SR_FINISHED_B:
515 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
516 SSL3_ST_SR_FINISHED_B);
517 if (ret <= 0) goto end;
518 if (s->hit)
519 s->state=SSL_ST_OK;
520#ifndef OPENSSL_NO_TLSEXT
521 else if (s->tlsext_ticket_expected)
522 s->state=SSL3_ST_SW_SESSION_TICKET_A;
523#endif
524 else
525 s->state=SSL3_ST_SW_CHANGE_A;
526 s->init_num=0;
527 break;
528
529#ifndef OPENSSL_NO_TLSEXT
530 case SSL3_ST_SW_SESSION_TICKET_A:
531 case SSL3_ST_SW_SESSION_TICKET_B:
532 ret=ssl3_send_newsession_ticket(s);
533 if (ret <= 0) goto end;
534 s->state=SSL3_ST_SW_CHANGE_A;
535 s->init_num=0;
536 break;
537
538 case SSL3_ST_SW_CERT_STATUS_A:
539 case SSL3_ST_SW_CERT_STATUS_B:
540 ret=ssl3_send_cert_status(s);
541 if (ret <= 0) goto end;
542 s->state=SSL3_ST_SW_KEY_EXCH_A;
543 s->init_num=0;
544 break;
545
546#endif
547
548 case SSL3_ST_SW_CHANGE_A:
549 case SSL3_ST_SW_CHANGE_B:
550
551 s->session->cipher=s->s3->tmp.new_cipher;
552 if (!s->method->ssl3_enc->setup_key_block(s))
553 { ret= -1; goto end; }
554
555 ret=ssl3_send_change_cipher_spec(s,
556 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
557
558 if (ret <= 0) goto end;
559 s->state=SSL3_ST_SW_FINISHED_A;
560 s->init_num=0;
561
562 if (!s->method->ssl3_enc->change_cipher_state(s,
563 SSL3_CHANGE_CIPHER_SERVER_WRITE))
564 {
565 ret= -1;
566 goto end;
567 }
568
569 break;
570
571 case SSL3_ST_SW_FINISHED_A:
572 case SSL3_ST_SW_FINISHED_B:
573 ret=ssl3_send_finished(s,
574 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
575 s->method->ssl3_enc->server_finished_label,
576 s->method->ssl3_enc->server_finished_label_len);
577 if (ret <= 0) goto end;
578 s->state=SSL3_ST_SW_FLUSH;
579 if (s->hit)
580 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
581 else
582 s->s3->tmp.next_state=SSL_ST_OK;
583 s->init_num=0;
584 break;
585
586 case SSL_ST_OK:
587 /* clean a few things up */
588 ssl3_cleanup_key_block(s);
589
590 BUF_MEM_free(s->init_buf);
591 s->init_buf=NULL;
592
593 /* remove buffering on output */
594 ssl_free_wbio_buffer(s);
595
596 s->init_num=0;
597
598 if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
599 {
600 /* actually not necessarily a 'new' session unless
601 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
602
603 s->new_session=0;
604
605 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
606
607 s->ctx->stats.sess_accept_good++;
608 /* s->server=1; */
609 s->handshake_func=ssl3_accept;
610
611 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
612 }
613
614 ret = 1;
615 goto end;
616 /* break; */
617
618 default:
619 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
620 ret= -1;
621 goto end;
622 /* break; */
623 }
624
625 if (!s->s3->tmp.reuse_message && !skip)
626 {
627 if (s->debug)
628 {
629 if ((ret=BIO_flush(s->wbio)) <= 0)
630 goto end;
631 }
632
633
634 if ((cb != NULL) && (s->state != state))
635 {
636 new_state=s->state;
637 s->state=state;
638 cb(s,SSL_CB_ACCEPT_LOOP,1);
639 s->state=new_state;
640 }
641 }
642 skip=0;
643 }
644end:
645 /* BIO_flush(s->wbio); */
646
647 s->in_handshake--;
648 if (cb != NULL)
649 cb(s,SSL_CB_ACCEPT_EXIT,ret);
650 return(ret);
651 }
652
653int ssl3_send_hello_request(SSL *s)
654 {
655 unsigned char *p;
656
657 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
658 {
659 p=(unsigned char *)s->init_buf->data;
660 *(p++)=SSL3_MT_HELLO_REQUEST;
661 *(p++)=0;
662 *(p++)=0;
663 *(p++)=0;
664
665 s->state=SSL3_ST_SW_HELLO_REQ_B;
666 /* number of bytes to write */
667 s->init_num=4;
668 s->init_off=0;
669 }
670
671 /* SSL3_ST_SW_HELLO_REQ_B */
672 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
673 }
674
675int ssl3_check_client_hello(SSL *s)
676 {
677 int ok;
678 long n;
679
680 /* this function is called when we really expect a Certificate message,
681 * so permit appropriate message length */
682 n=s->method->ssl_get_message(s,
683 SSL3_ST_SR_CERT_A,
684 SSL3_ST_SR_CERT_B,
685 -1,
686 s->max_cert_list,
687 &ok);
688 if (!ok) return((int)n);
689 s->s3->tmp.reuse_message = 1;
690 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
691 {
692 /* Throw away what we have done so far in the current handshake,
693 * which will now be aborted. (A full SSL_clear would be too much.)
694 * I hope that tmp.dh is the only thing that may need to be cleared
695 * when a handshake is not completed ... */
696#ifndef OPENSSL_NO_DH
697 if (s->s3->tmp.dh != NULL)
698 {
699 DH_free(s->s3->tmp.dh);
700 s->s3->tmp.dh = NULL;
701 }
702#endif
703 return 2;
704 }
705 return 1;
706}
707
708int ssl3_get_client_hello(SSL *s)
709 {
710 int i,j,ok,al,ret= -1;
711 unsigned int cookie_len;
712 long n;
713 unsigned long id;
714 unsigned char *p,*d,*q;
715 SSL_CIPHER *c;
716#ifndef OPENSSL_NO_COMP
717 SSL_COMP *comp=NULL;
718#endif
719 STACK_OF(SSL_CIPHER) *ciphers=NULL;
720
721 if (s->new_session
722 && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
723 {
724 al=SSL_AD_HANDSHAKE_FAILURE;
725 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
726 goto f_err;
727 }
728
729 /* We do this so that we will respond with our native type.
730 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
731 * This down switching should be handled by a different method.
732 * If we are SSLv3, we will respond with SSLv3, even if prompted with
733 * TLSv1.
734 */
735 if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
736 {
737 s->state=SSL3_ST_SR_CLNT_HELLO_B;
738 }
739 s->first_packet=1;
740 n=s->method->ssl_get_message(s,
741 SSL3_ST_SR_CLNT_HELLO_B,
742 SSL3_ST_SR_CLNT_HELLO_C,
743 SSL3_MT_CLIENT_HELLO,
744 SSL3_RT_MAX_PLAIN_LENGTH,
745 &ok);
746
747 if (!ok) return((int)n);
748 s->first_packet=0;
749 d=p=(unsigned char *)s->init_msg;
750
751 /* use version from inside client hello, not from record header
752 * (may differ: see RFC 2246, Appendix E, second paragraph) */
753 s->client_version=(((int)p[0])<<8)|(int)p[1];
754 p+=2;
755
756 if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
757 (s->version != DTLS1_VERSION && s->client_version < s->version))
758 {
759 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
760 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
761 {
762 /* similar to ssl3_get_record, send alert using remote version number */
763 s->version = s->client_version;
764 }
765 al = SSL_AD_PROTOCOL_VERSION;
766 goto f_err;
767 }
768
769 /* load the client random */
770 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
771 p+=SSL3_RANDOM_SIZE;
772
773 /* get the session-id */
774 j= *(p++);
775
776 s->hit=0;
777 /* Versions before 0.9.7 always allow session reuse during renegotiation
778 * (i.e. when s->new_session is true), option
779 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
780 * Maybe this optional behaviour should always have been the default,
781 * but we cannot safely change the default behaviour (or new applications
782 * might be written that become totally unsecure when compiled with
783 * an earlier library version)
784 */
785 if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
786 {
787 if (!ssl_get_new_session(s,1))
788 goto err;
789 }
790 else
791 {
792 i=ssl_get_prev_session(s, p, j, d + n);
793 if (i == 1)
794 { /* previous session */
795 s->hit=1;
796 }
797 else if (i == -1)
798 goto err;
799 else /* i == 0 */
800 {
801 if (!ssl_get_new_session(s,1))
802 goto err;
803 }
804 }
805
806 p+=j;
807
808 if (s->version == DTLS1_VERSION)
809 {
810 /* cookie stuff */
811 cookie_len = *(p++);
812
813 if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
814 s->d1->send_cookie == 0)
815 {
816 /* HelloVerifyMessage has already been sent */
817 if ( cookie_len != s->d1->cookie_len)
818 {
819 al = SSL_AD_HANDSHAKE_FAILURE;
820 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
821 goto f_err;
822 }
823 }
824
825 /*
826 * The ClientHello may contain a cookie even if the
827 * HelloVerify message has not been sent--make sure that it
828 * does not cause an overflow.
829 */
830 if ( cookie_len > sizeof(s->d1->rcvd_cookie))
831 {
832 /* too much data */
833 al = SSL_AD_DECODE_ERROR;
834 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
835 goto f_err;
836 }
837
838 /* verify the cookie if appropriate option is set. */
839 if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
840 cookie_len > 0)
841 {
842 memcpy(s->d1->rcvd_cookie, p, cookie_len);
843
844 if ( s->ctx->app_verify_cookie_cb != NULL)
845 {
846 if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
847 cookie_len) == 0)
848 {
849 al=SSL_AD_HANDSHAKE_FAILURE;
850 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
851 SSL_R_COOKIE_MISMATCH);
852 goto f_err;
853 }
854 /* else cookie verification succeeded */
855 }
856 else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
857 s->d1->cookie_len) != 0) /* default verification */
858 {
859 al=SSL_AD_HANDSHAKE_FAILURE;
860 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
861 SSL_R_COOKIE_MISMATCH);
862 goto f_err;
863 }
864 }
865
866 p += cookie_len;
867 }
868
869 n2s(p,i);
870 if ((i == 0) && (j != 0))
871 {
872 /* we need a cipher if we are not resuming a session */
873 al=SSL_AD_ILLEGAL_PARAMETER;
874 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
875 goto f_err;
876 }
877 if ((p+i) >= (d+n))
878 {
879 /* not enough data */
880 al=SSL_AD_DECODE_ERROR;
881 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
882 goto f_err;
883 }
884 if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
885 == NULL))
886 {
887 goto err;
888 }
889 p+=i;
890
891 /* If it is a hit, check that the cipher is in the list */
892 if ((s->hit) && (i > 0))
893 {
894 j=0;
895 id=s->session->cipher->id;
896
897#ifdef CIPHER_DEBUG
898 printf("client sent %d ciphers\n",sk_num(ciphers));
899#endif
900 for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
901 {
902 c=sk_SSL_CIPHER_value(ciphers,i);
903#ifdef CIPHER_DEBUG
904 printf("client [%2d of %2d]:%s\n",
905 i,sk_num(ciphers),SSL_CIPHER_get_name(c));
906#endif
907 if (c->id == id)
908 {
909 j=1;
910 break;
911 }
912 }
913 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
914 {
915 /* Special case as client bug workaround: the previously used cipher may
916 * not be in the current list, the client instead might be trying to
917 * continue using a cipher that before wasn't chosen due to server
918 * preferences. We'll have to reject the connection if the cipher is not
919 * enabled, though. */
920 c = sk_SSL_CIPHER_value(ciphers, 0);
921 if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
922 {
923 s->session->cipher = c;
924 j = 1;
925 }
926 }
927 if (j == 0)
928 {
929 /* we need to have the cipher in the cipher
930 * list if we are asked to reuse it */
931 al=SSL_AD_ILLEGAL_PARAMETER;
932 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
933 goto f_err;
934 }
935 }
936
937 /* compression */
938 i= *(p++);
939 if ((p+i) > (d+n))
940 {
941 /* not enough data */
942 al=SSL_AD_DECODE_ERROR;
943 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
944 goto f_err;
945 }
946 q=p;
947 for (j=0; j<i; j++)
948 {
949 if (p[j] == 0) break;
950 }
951
952 p+=i;
953 if (j >= i)
954 {
955 /* no compress */
956 al=SSL_AD_DECODE_ERROR;
957 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
958 goto f_err;
959 }
960
961#ifndef OPENSSL_NO_TLSEXT
962 /* TLS extensions*/
963 if (s->version > SSL3_VERSION)
964 {
965 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
966 {
967 /* 'al' set by ssl_parse_clienthello_tlsext */
968 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
969 goto f_err;
970 }
971 }
972 if (ssl_check_clienthello_tlsext(s) <= 0) {
973 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
974 goto err;
975 }
976#endif
977 /* Worst case, we will use the NULL compression, but if we have other
978 * options, we will now look for them. We have i-1 compression
979 * algorithms from the client, starting at q. */
980 s->s3->tmp.new_compression=NULL;
981#ifndef OPENSSL_NO_COMP
982 if (s->ctx->comp_methods != NULL)
983 { /* See if we have a match */
984 int m,nn,o,v,done=0;
985
986 nn=sk_SSL_COMP_num(s->ctx->comp_methods);
987 for (m=0; m<nn; m++)
988 {
989 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
990 v=comp->id;
991 for (o=0; o<i; o++)
992 {
993 if (v == q[o])
994 {
995 done=1;
996 break;
997 }
998 }
999 if (done) break;
1000 }
1001 if (done)
1002 s->s3->tmp.new_compression=comp;
1003 else
1004 comp=NULL;
1005 }
1006#endif
1007
1008 /* TLS does not mind if there is extra stuff */
1009#if 0 /* SSL 3.0 does not mind either, so we should disable this test
1010 * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
1011 * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
1012 if (s->version == SSL3_VERSION)
1013 {
1014 if (p < (d+n))
1015 {
1016 /* wrong number of bytes,
1017 * there could be more to follow */
1018 al=SSL_AD_DECODE_ERROR;
1019 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1020 goto f_err;
1021 }
1022 }
1023#endif
1024
1025 /* Given s->session->ciphers and SSL_get_ciphers, we must
1026 * pick a cipher */
1027
1028 if (!s->hit)
1029 {
1030#ifdef OPENSSL_NO_COMP
1031 s->session->compress_meth=0;
1032#else
1033 s->session->compress_meth=(comp == NULL)?0:comp->id;
1034#endif
1035 if (s->session->ciphers != NULL)
1036 sk_SSL_CIPHER_free(s->session->ciphers);
1037 s->session->ciphers=ciphers;
1038 if (ciphers == NULL)
1039 {
1040 al=SSL_AD_ILLEGAL_PARAMETER;
1041 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
1042 goto f_err;
1043 }
1044 ciphers=NULL;
1045 c=ssl3_choose_cipher(s,s->session->ciphers,
1046 SSL_get_ciphers(s));
1047
1048 if (c == NULL)
1049 {
1050 al=SSL_AD_HANDSHAKE_FAILURE;
1051 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1052 goto f_err;
1053 }
1054 s->s3->tmp.new_cipher=c;
1055 }
1056 else
1057 {
1058 /* Session-id reuse */
1059#ifdef REUSE_CIPHER_BUG
1060 STACK_OF(SSL_CIPHER) *sk;
1061 SSL_CIPHER *nc=NULL;
1062 SSL_CIPHER *ec=NULL;
1063
1064 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
1065 {
1066 sk=s->session->ciphers;
1067 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1068 {
1069 c=sk_SSL_CIPHER_value(sk,i);
1070 if (c->algorithms & SSL_eNULL)
1071 nc=c;
1072 if (SSL_C_IS_EXPORT(c))
1073 ec=c;
1074 }
1075 if (nc != NULL)
1076 s->s3->tmp.new_cipher=nc;
1077 else if (ec != NULL)
1078 s->s3->tmp.new_cipher=ec;
1079 else
1080 s->s3->tmp.new_cipher=s->session->cipher;
1081 }
1082 else
1083#endif
1084 s->s3->tmp.new_cipher=s->session->cipher;
1085 }
1086
1087 /* we now have the following setup.
1088 * client_random
1089 * cipher_list - our prefered list of ciphers
1090 * ciphers - the clients prefered list of ciphers
1091 * compression - basically ignored right now
1092 * ssl version is set - sslv3
1093 * s->session - The ssl session has been setup.
1094 * s->hit - session reuse flag
1095 * s->tmp.new_cipher - the new cipher to use.
1096 */
1097
1098 ret=1;
1099 if (0)
1100 {
1101f_err:
1102 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1103 }
1104err:
1105 if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
1106 return(ret);
1107 }
1108
1109int ssl3_send_server_hello(SSL *s)
1110 {
1111 unsigned char *buf;
1112 unsigned char *p,*d;
1113 int i,sl;
1114 unsigned long l,Time;
1115
1116 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
1117 {
1118 buf=(unsigned char *)s->init_buf->data;
1119 p=s->s3->server_random;
1120 Time=(unsigned long)time(NULL); /* Time */
1121 l2n(Time,p);
1122 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
1123 return -1;
1124 /* Do the message type and length last */
1125 d=p= &(buf[4]);
1126
1127 *(p++)=s->version>>8;
1128 *(p++)=s->version&0xff;
1129
1130 /* Random stuff */
1131 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
1132 p+=SSL3_RANDOM_SIZE;
1133
1134 /* now in theory we have 3 options to sending back the
1135 * session id. If it is a re-use, we send back the
1136 * old session-id, if it is a new session, we send
1137 * back the new session-id or we send back a 0 length
1138 * session-id if we want it to be single use.
1139 * Currently I will not implement the '0' length session-id
1140 * 12-Jan-98 - I'll now support the '0' length stuff.
1141 *
1142 * We also have an additional case where stateless session
1143 * resumption is successful: we always send back the old
1144 * session id. In this case s->hit is non zero: this can
1145 * only happen if stateless session resumption is succesful
1146 * if session caching is disabled so existing functionality
1147 * is unaffected.
1148 */
1149 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1150 && !s->hit)
1151 s->session->session_id_length=0;
1152
1153 sl=s->session->session_id_length;
1154 if (sl > (int)sizeof(s->session->session_id))
1155 {
1156 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
1157 return -1;
1158 }
1159 *(p++)=sl;
1160 memcpy(p,s->session->session_id,sl);
1161 p+=sl;
1162
1163 /* put the cipher */
1164 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
1165 p+=i;
1166
1167 /* put the compression method */
1168#ifdef OPENSSL_NO_COMP
1169 *(p++)=0;
1170#else
1171 if (s->s3->tmp.new_compression == NULL)
1172 *(p++)=0;
1173 else
1174 *(p++)=s->s3->tmp.new_compression->id;
1175#endif
1176#ifndef OPENSSL_NO_TLSEXT
1177 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
1178 {
1179 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
1180 return -1;
1181 }
1182#endif
1183 /* do the header */
1184 l=(p-d);
1185 d=buf;
1186 *(d++)=SSL3_MT_SERVER_HELLO;
1187 l2n3(l,d);
1188
1189 s->state=SSL3_ST_SW_SRVR_HELLO_B;
1190 /* number of bytes to write */
1191 s->init_num=p-buf;
1192 s->init_off=0;
1193 }
1194
1195 /* SSL3_ST_SW_SRVR_HELLO_B */
1196 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1197 }
1198
1199int ssl3_send_server_done(SSL *s)
1200 {
1201 unsigned char *p;
1202
1203 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
1204 {
1205 p=(unsigned char *)s->init_buf->data;
1206
1207 /* do the header */
1208 *(p++)=SSL3_MT_SERVER_DONE;
1209 *(p++)=0;
1210 *(p++)=0;
1211 *(p++)=0;
1212
1213 s->state=SSL3_ST_SW_SRVR_DONE_B;
1214 /* number of bytes to write */
1215 s->init_num=4;
1216 s->init_off=0;
1217 }
1218
1219 /* SSL3_ST_SW_SRVR_DONE_B */
1220 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1221 }
1222
1223int ssl3_send_server_key_exchange(SSL *s)
1224 {
1225#ifndef OPENSSL_NO_RSA
1226 unsigned char *q;
1227 int j,num;
1228 RSA *rsa;
1229 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1230 unsigned int u;
1231#endif
1232#ifndef OPENSSL_NO_DH
1233 DH *dh=NULL,*dhp;
1234#endif
1235#ifndef OPENSSL_NO_ECDH
1236 EC_KEY *ecdh=NULL, *ecdhp;
1237 unsigned char *encodedPoint = NULL;
1238 int encodedlen = 0;
1239 int curve_id = 0;
1240 BN_CTX *bn_ctx = NULL;
1241#endif
1242 EVP_PKEY *pkey;
1243 unsigned char *p,*d;
1244 int al,i;
1245 unsigned long type;
1246 int n;
1247 CERT *cert;
1248 BIGNUM *r[4];
1249 int nr[4],kn;
1250 BUF_MEM *buf;
1251 EVP_MD_CTX md_ctx;
1252
1253 EVP_MD_CTX_init(&md_ctx);
1254 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
1255 {
1256 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
1257 cert=s->cert;
1258
1259 buf=s->init_buf;
1260
1261 r[0]=r[1]=r[2]=r[3]=NULL;
1262 n=0;
1263#ifndef OPENSSL_NO_RSA
1264 if (type & SSL_kRSA)
1265 {
1266 rsa=cert->rsa_tmp;
1267 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
1268 {
1269 rsa=s->cert->rsa_tmp_cb(s,
1270 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1271 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1272 if(rsa == NULL)
1273 {
1274 al=SSL_AD_HANDSHAKE_FAILURE;
1275 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1276 goto f_err;
1277 }
1278 RSA_up_ref(rsa);
1279 cert->rsa_tmp=rsa;
1280 }
1281 if (rsa == NULL)
1282 {
1283 al=SSL_AD_HANDSHAKE_FAILURE;
1284 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1285 goto f_err;
1286 }
1287 r[0]=rsa->n;
1288 r[1]=rsa->e;
1289 s->s3->tmp.use_rsa_tmp=1;
1290 }
1291 else
1292#endif
1293#ifndef OPENSSL_NO_DH
1294 if (type & SSL_kEDH)
1295 {
1296 dhp=cert->dh_tmp;
1297 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1298 dhp=s->cert->dh_tmp_cb(s,
1299 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1300 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1301 if (dhp == NULL)
1302 {
1303 al=SSL_AD_HANDSHAKE_FAILURE;
1304 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1305 goto f_err;
1306 }
1307
1308 if (s->s3->tmp.dh != NULL)
1309 {
1310 DH_free(dh);
1311 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1312 goto err;
1313 }
1314
1315 if ((dh=DHparams_dup(dhp)) == NULL)
1316 {
1317 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1318 goto err;
1319 }
1320
1321 s->s3->tmp.dh=dh;
1322 if ((dhp->pub_key == NULL ||
1323 dhp->priv_key == NULL ||
1324 (s->options & SSL_OP_SINGLE_DH_USE)))
1325 {
1326 if(!DH_generate_key(dh))
1327 {
1328 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1329 ERR_R_DH_LIB);
1330 goto err;
1331 }
1332 }
1333 else
1334 {
1335 dh->pub_key=BN_dup(dhp->pub_key);
1336 dh->priv_key=BN_dup(dhp->priv_key);
1337 if ((dh->pub_key == NULL) ||
1338 (dh->priv_key == NULL))
1339 {
1340 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1341 goto err;
1342 }
1343 }
1344 r[0]=dh->p;
1345 r[1]=dh->g;
1346 r[2]=dh->pub_key;
1347 }
1348 else
1349#endif
1350#ifndef OPENSSL_NO_ECDH
1351 if (type & SSL_kECDHE)
1352 {
1353 const EC_GROUP *group;
1354
1355 ecdhp=cert->ecdh_tmp;
1356 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
1357 {
1358 ecdhp=s->cert->ecdh_tmp_cb(s,
1359 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1360 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1361 }
1362 if (ecdhp == NULL)
1363 {
1364 al=SSL_AD_HANDSHAKE_FAILURE;
1365 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1366 goto f_err;
1367 }
1368
1369 if (s->s3->tmp.ecdh != NULL)
1370 {
1371 EC_KEY_free(s->s3->tmp.ecdh);
1372 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1373 goto err;
1374 }
1375
1376 /* Duplicate the ECDH structure. */
1377 if (ecdhp == NULL)
1378 {
1379 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1380 goto err;
1381 }
1382 if (!EC_KEY_up_ref(ecdhp))
1383 {
1384 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1385 goto err;
1386 }
1387 ecdh = ecdhp;
1388
1389 s->s3->tmp.ecdh=ecdh;
1390 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1391 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1392 (s->options & SSL_OP_SINGLE_ECDH_USE))
1393 {
1394 if(!EC_KEY_generate_key(ecdh))
1395 {
1396 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1397 goto err;
1398 }
1399 }
1400
1401 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1402 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1403 (EC_KEY_get0_private_key(ecdh) == NULL))
1404 {
1405 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1406 goto err;
1407 }
1408
1409 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1410 (EC_GROUP_get_degree(group) > 163))
1411 {
1412 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1413 goto err;
1414 }
1415
1416 /* XXX: For now, we only support ephemeral ECDH
1417 * keys over named (not generic) curves. For
1418 * supported named curves, curve_id is non-zero.
1419 */
1420 if ((curve_id =
1421 nid2curve_id(EC_GROUP_get_curve_name(group)))
1422 == 0)
1423 {
1424 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1425 goto err;
1426 }
1427
1428 /* Encode the public key.
1429 * First check the size of encoding and
1430 * allocate memory accordingly.
1431 */
1432 encodedlen = EC_POINT_point2oct(group,
1433 EC_KEY_get0_public_key(ecdh),
1434 POINT_CONVERSION_UNCOMPRESSED,
1435 NULL, 0, NULL);
1436
1437 encodedPoint = (unsigned char *)
1438 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1439 bn_ctx = BN_CTX_new();
1440 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1441 {
1442 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1443 goto err;
1444 }
1445
1446
1447 encodedlen = EC_POINT_point2oct(group,
1448 EC_KEY_get0_public_key(ecdh),
1449 POINT_CONVERSION_UNCOMPRESSED,
1450 encodedPoint, encodedlen, bn_ctx);
1451
1452 if (encodedlen == 0)
1453 {
1454 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1455 goto err;
1456 }
1457
1458 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1459
1460 /* XXX: For now, we only support named (not
1461 * generic) curves in ECDH ephemeral key exchanges.
1462 * In this situation, we need four additional bytes
1463 * to encode the entire ServerECDHParams
1464 * structure.
1465 */
1466 n = 4 + encodedlen;
1467
1468 /* We'll generate the serverKeyExchange message
1469 * explicitly so we can set these to NULLs
1470 */
1471 r[0]=NULL;
1472 r[1]=NULL;
1473 r[2]=NULL;
1474 r[3]=NULL;
1475 }
1476 else
1477#endif /* !OPENSSL_NO_ECDH */
1478 {
1479 al=SSL_AD_HANDSHAKE_FAILURE;
1480 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1481 goto f_err;
1482 }
1483 for (i=0; r[i] != NULL; i++)
1484 {
1485 nr[i]=BN_num_bytes(r[i]);
1486 n+=2+nr[i];
1487 }
1488
1489 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
1490 {
1491 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
1492 == NULL)
1493 {
1494 al=SSL_AD_DECODE_ERROR;
1495 goto f_err;
1496 }
1497 kn=EVP_PKEY_size(pkey);
1498 }
1499 else
1500 {
1501 pkey=NULL;
1502 kn=0;
1503 }
1504
1505 if (!BUF_MEM_grow_clean(buf,n+4+kn))
1506 {
1507 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1508 goto err;
1509 }
1510 d=(unsigned char *)s->init_buf->data;
1511 p= &(d[4]);
1512
1513 for (i=0; r[i] != NULL; i++)
1514 {
1515 s2n(nr[i],p);
1516 BN_bn2bin(r[i],p);
1517 p+=nr[i];
1518 }
1519
1520#ifndef OPENSSL_NO_ECDH
1521 if (type & SSL_kECDHE)
1522 {
1523 /* XXX: For now, we only support named (not generic) curves.
1524 * In this situation, the serverKeyExchange message has:
1525 * [1 byte CurveType], [2 byte CurveName]
1526 * [1 byte length of encoded point], followed by
1527 * the actual encoded point itself
1528 */
1529 *p = NAMED_CURVE_TYPE;
1530 p += 1;
1531 *p = 0;
1532 p += 1;
1533 *p = curve_id;
1534 p += 1;
1535 *p = encodedlen;
1536 p += 1;
1537 memcpy((unsigned char*)p,
1538 (unsigned char *)encodedPoint,
1539 encodedlen);
1540 OPENSSL_free(encodedPoint);
1541 p += encodedlen;
1542 }
1543#endif
1544
1545 /* not anonymous */
1546 if (pkey != NULL)
1547 {
1548 /* n is the length of the params, they start at &(d[4])
1549 * and p points to the space at the end. */
1550#ifndef OPENSSL_NO_RSA
1551 if (pkey->type == EVP_PKEY_RSA)
1552 {
1553 q=md_buf;
1554 j=0;
1555 for (num=2; num > 0; num--)
1556 {
1557 EVP_MD_CTX_set_flags(&md_ctx,
1558 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1559 EVP_DigestInit_ex(&md_ctx,(num == 2)
1560 ?s->ctx->md5:s->ctx->sha1, NULL);
1561 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1562 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1563 EVP_DigestUpdate(&md_ctx,&(d[4]),n);
1564 EVP_DigestFinal_ex(&md_ctx,q,
1565 (unsigned int *)&i);
1566 q+=i;
1567 j+=i;
1568 }
1569 if (RSA_sign(NID_md5_sha1, md_buf, j,
1570 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1571 {
1572 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1573 goto err;
1574 }
1575 s2n(u,p);
1576 n+=u+2;
1577 }
1578 else
1579#endif
1580#if !defined(OPENSSL_NO_DSA)
1581 if (pkey->type == EVP_PKEY_DSA)
1582 {
1583 /* lets do DSS */
1584 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
1585 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1586 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1587 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1588 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1589 (unsigned int *)&i,pkey))
1590 {
1591 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1592 goto err;
1593 }
1594 s2n(i,p);
1595 n+=i+2;
1596 }
1597 else
1598#endif
1599#if !defined(OPENSSL_NO_ECDSA)
1600 if (pkey->type == EVP_PKEY_EC)
1601 {
1602 /* let's do ECDSA */
1603 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1604 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1605 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1606 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1607 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1608 (unsigned int *)&i,pkey))
1609 {
1610 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1611 goto err;
1612 }
1613 s2n(i,p);
1614 n+=i+2;
1615 }
1616 else
1617#endif
1618 {
1619 /* Is this error check actually needed? */
1620 al=SSL_AD_HANDSHAKE_FAILURE;
1621 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1622 goto f_err;
1623 }
1624 }
1625
1626 *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
1627 l2n3(n,d);
1628
1629 /* we should now have things packed up, so lets send
1630 * it off */
1631 s->init_num=n+4;
1632 s->init_off=0;
1633 }
1634
1635 s->state = SSL3_ST_SW_KEY_EXCH_B;
1636 EVP_MD_CTX_cleanup(&md_ctx);
1637 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1638f_err:
1639 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1640err:
1641#ifndef OPENSSL_NO_ECDH
1642 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1643 BN_CTX_free(bn_ctx);
1644#endif
1645 EVP_MD_CTX_cleanup(&md_ctx);
1646 return(-1);
1647 }
1648
1649int ssl3_send_certificate_request(SSL *s)
1650 {
1651 unsigned char *p,*d;
1652 int i,j,nl,off,n;
1653 STACK_OF(X509_NAME) *sk=NULL;
1654 X509_NAME *name;
1655 BUF_MEM *buf;
1656
1657 if (s->state == SSL3_ST_SW_CERT_REQ_A)
1658 {
1659 buf=s->init_buf;
1660
1661 d=p=(unsigned char *)&(buf->data[4]);
1662
1663 /* get the list of acceptable cert types */
1664 p++;
1665 n=ssl3_get_req_cert_type(s,p);
1666 d[0]=n;
1667 p+=n;
1668 n++;
1669
1670 off=n;
1671 p+=2;
1672 n+=2;
1673
1674 sk=SSL_get_client_CA_list(s);
1675 nl=0;
1676 if (sk != NULL)
1677 {
1678 for (i=0; i<sk_X509_NAME_num(sk); i++)
1679 {
1680 name=sk_X509_NAME_value(sk,i);
1681 j=i2d_X509_NAME(name,NULL);
1682 if (!BUF_MEM_grow_clean(buf,4+n+j+2))
1683 {
1684 SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1685 goto err;
1686 }
1687 p=(unsigned char *)&(buf->data[4+n]);
1688 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1689 {
1690 s2n(j,p);
1691 i2d_X509_NAME(name,&p);
1692 n+=2+j;
1693 nl+=2+j;
1694 }
1695 else
1696 {
1697 d=p;
1698 i2d_X509_NAME(name,&p);
1699 j-=2; s2n(j,d); j+=2;
1700 n+=j;
1701 nl+=j;
1702 }
1703 }
1704 }
1705 /* else no CA names */
1706 p=(unsigned char *)&(buf->data[4+off]);
1707 s2n(nl,p);
1708
1709 d=(unsigned char *)buf->data;
1710 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
1711 l2n3(n,d);
1712
1713 /* we should now have things packed up, so lets send
1714 * it off */
1715
1716 s->init_num=n+4;
1717 s->init_off=0;
1718#ifdef NETSCAPE_HANG_BUG
1719 p=(unsigned char *)s->init_buf->data + s->init_num;
1720
1721 /* do the header */
1722 *(p++)=SSL3_MT_SERVER_DONE;
1723 *(p++)=0;
1724 *(p++)=0;
1725 *(p++)=0;
1726 s->init_num += 4;
1727#endif
1728
1729 s->state = SSL3_ST_SW_CERT_REQ_B;
1730 }
1731
1732 /* SSL3_ST_SW_CERT_REQ_B */
1733 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1734err:
1735 return(-1);
1736 }
1737
1738int ssl3_get_client_key_exchange(SSL *s)
1739 {
1740 int i,al,ok;
1741 long n;
1742 unsigned long l;
1743 unsigned char *p;
1744#ifndef OPENSSL_NO_RSA
1745 RSA *rsa=NULL;
1746 EVP_PKEY *pkey=NULL;
1747#endif
1748#ifndef OPENSSL_NO_DH
1749 BIGNUM *pub=NULL;
1750 DH *dh_srvr;
1751#endif
1752#ifndef OPENSSL_NO_KRB5
1753 KSSL_ERR kssl_err;
1754#endif /* OPENSSL_NO_KRB5 */
1755
1756#ifndef OPENSSL_NO_ECDH
1757 EC_KEY *srvr_ecdh = NULL;
1758 EVP_PKEY *clnt_pub_pkey = NULL;
1759 EC_POINT *clnt_ecpoint = NULL;
1760 BN_CTX *bn_ctx = NULL;
1761#endif
1762
1763 n=s->method->ssl_get_message(s,
1764 SSL3_ST_SR_KEY_EXCH_A,
1765 SSL3_ST_SR_KEY_EXCH_B,
1766 SSL3_MT_CLIENT_KEY_EXCHANGE,
1767 2048, /* ??? */
1768 &ok);
1769
1770 if (!ok) return((int)n);
1771 p=(unsigned char *)s->init_msg;
1772
1773 l=s->s3->tmp.new_cipher->algorithms;
1774
1775#ifndef OPENSSL_NO_RSA
1776 if (l & SSL_kRSA)
1777 {
1778 /* FIX THIS UP EAY EAY EAY EAY */
1779 if (s->s3->tmp.use_rsa_tmp)
1780 {
1781 if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
1782 rsa=s->cert->rsa_tmp;
1783 /* Don't do a callback because rsa_tmp should
1784 * be sent already */
1785 if (rsa == NULL)
1786 {
1787 al=SSL_AD_HANDSHAKE_FAILURE;
1788 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
1789 goto f_err;
1790
1791 }
1792 }
1793 else
1794 {
1795 pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
1796 if ( (pkey == NULL) ||
1797 (pkey->type != EVP_PKEY_RSA) ||
1798 (pkey->pkey.rsa == NULL))
1799 {
1800 al=SSL_AD_HANDSHAKE_FAILURE;
1801 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
1802 goto f_err;
1803 }
1804 rsa=pkey->pkey.rsa;
1805 }
1806
1807 /* TLS and [incidentally] DTLS, including pre-0.9.8f */
1808 if (s->version > SSL3_VERSION &&
1809 s->client_version != DTLS1_BAD_VER)
1810 {
1811 n2s(p,i);
1812 if (n != i+2)
1813 {
1814 if (!(s->options & SSL_OP_TLS_D5_BUG))
1815 {
1816 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1817 goto err;
1818 }
1819 else
1820 p-=2;
1821 }
1822 else
1823 n=i;
1824 }
1825
1826 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
1827
1828 al = -1;
1829
1830 if (i != SSL_MAX_MASTER_KEY_LENGTH)
1831 {
1832 al=SSL_AD_DECODE_ERROR;
1833 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
1834 }
1835
1836 if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
1837 {
1838 /* The premaster secret must contain the same version number as the
1839 * ClientHello to detect version rollback attacks (strangely, the
1840 * protocol does not offer such protection for DH ciphersuites).
1841 * However, buggy clients exist that send the negotiated protocol
1842 * version instead if the server does not support the requested
1843 * protocol version.
1844 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
1845 if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
1846 (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
1847 {
1848 al=SSL_AD_DECODE_ERROR;
1849 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
1850
1851 /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
1852 * (http://eprint.iacr.org/2003/052/) exploits the version
1853 * number check as a "bad version oracle" -- an alert would
1854 * reveal that the plaintext corresponding to some ciphertext
1855 * made up by the adversary is properly formatted except
1856 * that the version number is wrong. To avoid such attacks,
1857 * we should treat this just like any other decryption error. */
1858 }
1859 }
1860
1861 if (al != -1)
1862 {
1863 /* Some decryption failure -- use random value instead as countermeasure
1864 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
1865 * (see RFC 2246, section 7.4.7.1). */
1866 ERR_clear_error();
1867 i = SSL_MAX_MASTER_KEY_LENGTH;
1868 p[0] = s->client_version >> 8;
1869 p[1] = s->client_version & 0xff;
1870 if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
1871 goto err;
1872 }
1873
1874 s->session->master_key_length=
1875 s->method->ssl3_enc->generate_master_secret(s,
1876 s->session->master_key,
1877 p,i);
1878 OPENSSL_cleanse(p,i);
1879 }
1880 else
1881#endif
1882#ifndef OPENSSL_NO_DH
1883 if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1884 {
1885 n2s(p,i);
1886 if (n != i+2)
1887 {
1888 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
1889 {
1890 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
1891 goto err;
1892 }
1893 else
1894 {
1895 p-=2;
1896 i=(int)n;
1897 }
1898 }
1899
1900 if (n == 0L) /* the parameters are in the cert */
1901 {
1902 al=SSL_AD_HANDSHAKE_FAILURE;
1903 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
1904 goto f_err;
1905 }
1906 else
1907 {
1908 if (s->s3->tmp.dh == NULL)
1909 {
1910 al=SSL_AD_HANDSHAKE_FAILURE;
1911 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1912 goto f_err;
1913 }
1914 else
1915 dh_srvr=s->s3->tmp.dh;
1916 }
1917
1918 pub=BN_bin2bn(p,i,NULL);
1919 if (pub == NULL)
1920 {
1921 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
1922 goto err;
1923 }
1924
1925 i=DH_compute_key(p,pub,dh_srvr);
1926
1927 if (i <= 0)
1928 {
1929 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1930 goto err;
1931 }
1932
1933 DH_free(s->s3->tmp.dh);
1934 s->s3->tmp.dh=NULL;
1935
1936 BN_clear_free(pub);
1937 pub=NULL;
1938 s->session->master_key_length=
1939 s->method->ssl3_enc->generate_master_secret(s,
1940 s->session->master_key,p,i);
1941 OPENSSL_cleanse(p,i);
1942 }
1943 else
1944#endif
1945#ifndef OPENSSL_NO_KRB5
1946 if (l & SSL_kKRB5)
1947 {
1948 krb5_error_code krb5rc;
1949 krb5_data enc_ticket;
1950 krb5_data authenticator;
1951 krb5_data enc_pms;
1952 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1953 EVP_CIPHER_CTX ciph_ctx;
1954 EVP_CIPHER *enc = NULL;
1955 unsigned char iv[EVP_MAX_IV_LENGTH];
1956 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
1957 + EVP_MAX_BLOCK_LENGTH];
1958 int padl, outl;
1959 krb5_timestamp authtime = 0;
1960 krb5_ticket_times ttimes;
1961
1962 EVP_CIPHER_CTX_init(&ciph_ctx);
1963
1964 if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
1965
1966 n2s(p,i);
1967 enc_ticket.length = i;
1968
1969 if (n < (int)enc_ticket.length + 6)
1970 {
1971 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1972 SSL_R_DATA_LENGTH_TOO_LONG);
1973 goto err;
1974 }
1975
1976 enc_ticket.data = (char *)p;
1977 p+=enc_ticket.length;
1978
1979 n2s(p,i);
1980 authenticator.length = i;
1981
1982 if (n < (int)(enc_ticket.length + authenticator.length) + 6)
1983 {
1984 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1985 SSL_R_DATA_LENGTH_TOO_LONG);
1986 goto err;
1987 }
1988
1989 authenticator.data = (char *)p;
1990 p+=authenticator.length;
1991
1992 n2s(p,i);
1993 enc_pms.length = i;
1994 enc_pms.data = (char *)p;
1995 p+=enc_pms.length;
1996
1997 /* Note that the length is checked again below,
1998 ** after decryption
1999 */
2000 if(enc_pms.length > sizeof pms)
2001 {
2002 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2003 SSL_R_DATA_LENGTH_TOO_LONG);
2004 goto err;
2005 }
2006
2007 if (n != (long)(enc_ticket.length + authenticator.length +
2008 enc_pms.length + 6))
2009 {
2010 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2011 SSL_R_DATA_LENGTH_TOO_LONG);
2012 goto err;
2013 }
2014
2015 if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2016 &kssl_err)) != 0)
2017 {
2018#ifdef KSSL_DEBUG
2019 printf("kssl_sget_tkt rtn %d [%d]\n",
2020 krb5rc, kssl_err.reason);
2021 if (kssl_err.text)
2022 printf("kssl_err text= %s\n", kssl_err.text);
2023#endif /* KSSL_DEBUG */
2024 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2025 kssl_err.reason);
2026 goto err;
2027 }
2028
2029 /* Note: no authenticator is not considered an error,
2030 ** but will return authtime == 0.
2031 */
2032 if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
2033 &authtime, &kssl_err)) != 0)
2034 {
2035#ifdef KSSL_DEBUG
2036 printf("kssl_check_authent rtn %d [%d]\n",
2037 krb5rc, kssl_err.reason);
2038 if (kssl_err.text)
2039 printf("kssl_err text= %s\n", kssl_err.text);
2040#endif /* KSSL_DEBUG */
2041 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2042 kssl_err.reason);
2043 goto err;
2044 }
2045
2046 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
2047 {
2048 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
2049 goto err;
2050 }
2051
2052#ifdef KSSL_DEBUG
2053 kssl_ctx_show(kssl_ctx);
2054#endif /* KSSL_DEBUG */
2055
2056 enc = kssl_map_enc(kssl_ctx->enctype);
2057 if (enc == NULL)
2058 goto err;
2059
2060 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2061
2062 if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
2063 {
2064 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2065 SSL_R_DECRYPTION_FAILED);
2066 goto err;
2067 }
2068 if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
2069 (unsigned char *)enc_pms.data, enc_pms.length))
2070 {
2071 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2072 SSL_R_DECRYPTION_FAILED);
2073 goto err;
2074 }
2075 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2076 {
2077 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2078 SSL_R_DATA_LENGTH_TOO_LONG);
2079 goto err;
2080 }
2081 if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
2082 {
2083 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2084 SSL_R_DECRYPTION_FAILED);
2085 goto err;
2086 }
2087 outl += padl;
2088 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2089 {
2090 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2091 SSL_R_DATA_LENGTH_TOO_LONG);
2092 goto err;
2093 }
2094 if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
2095 {
2096 /* The premaster secret must contain the same version number as the
2097 * ClientHello to detect version rollback attacks (strangely, the
2098 * protocol does not offer such protection for DH ciphersuites).
2099 * However, buggy clients exist that send random bytes instead of
2100 * the protocol version.
2101 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
2102 * (Perhaps we should have a separate BUG value for the Kerberos cipher)
2103 */
2104 if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
2105 {
2106 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2107 SSL_AD_DECODE_ERROR);
2108 goto err;
2109 }
2110 }
2111
2112 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2113
2114 s->session->master_key_length=
2115 s->method->ssl3_enc->generate_master_secret(s,
2116 s->session->master_key, pms, outl);
2117
2118 if (kssl_ctx->client_princ)
2119 {
2120 size_t len = strlen(kssl_ctx->client_princ);
2121 if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
2122 {
2123 s->session->krb5_client_princ_len = len;
2124 memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
2125 }
2126 }
2127
2128
2129 /* Was doing kssl_ctx_free() here,
2130 ** but it caused problems for apache.
2131 ** kssl_ctx = kssl_ctx_free(kssl_ctx);
2132 ** if (s->kssl_ctx) s->kssl_ctx = NULL;
2133 */
2134 }
2135 else
2136#endif /* OPENSSL_NO_KRB5 */
2137
2138#ifndef OPENSSL_NO_ECDH
2139 if ((l & SSL_kECDH) || (l & SSL_kECDHE))
2140 {
2141 int ret = 1;
2142 int field_size = 0;
2143 const EC_KEY *tkey;
2144 const EC_GROUP *group;
2145 const BIGNUM *priv_key;
2146
2147 /* initialize structures for server's ECDH key pair */
2148 if ((srvr_ecdh = EC_KEY_new()) == NULL)
2149 {
2150 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2151 ERR_R_MALLOC_FAILURE);
2152 goto err;
2153 }
2154
2155 /* Let's get server private key and group information */
2156 if (l & SSL_kECDH)
2157 {
2158 /* use the certificate */
2159 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
2160 }
2161 else
2162 {
2163 /* use the ephermeral values we saved when
2164 * generating the ServerKeyExchange msg.
2165 */
2166 tkey = s->s3->tmp.ecdh;
2167 }
2168
2169 group = EC_KEY_get0_group(tkey);
2170 priv_key = EC_KEY_get0_private_key(tkey);
2171
2172 if (!EC_KEY_set_group(srvr_ecdh, group) ||
2173 !EC_KEY_set_private_key(srvr_ecdh, priv_key))
2174 {
2175 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2176 ERR_R_EC_LIB);
2177 goto err;
2178 }
2179
2180 /* Let's get client's public key */
2181 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
2182 {
2183 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2184 ERR_R_MALLOC_FAILURE);
2185 goto err;
2186 }
2187
2188 if (n == 0L)
2189 {
2190 /* Client Publickey was in Client Certificate */
2191
2192 if (l & SSL_kECDHE)
2193 {
2194 al=SSL_AD_HANDSHAKE_FAILURE;
2195 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
2196 goto f_err;
2197 }
2198 if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
2199 == NULL) ||
2200 (clnt_pub_pkey->type != EVP_PKEY_EC))
2201 {
2202 /* XXX: For now, we do not support client
2203 * authentication using ECDH certificates
2204 * so this branch (n == 0L) of the code is
2205 * never executed. When that support is
2206 * added, we ought to ensure the key
2207 * received in the certificate is
2208 * authorized for key agreement.
2209 * ECDH_compute_key implicitly checks that
2210 * the two ECDH shares are for the same
2211 * group.
2212 */
2213 al=SSL_AD_HANDSHAKE_FAILURE;
2214 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2215 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
2216 goto f_err;
2217 }
2218
2219 if (EC_POINT_copy(clnt_ecpoint,
2220 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
2221 {
2222 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2223 ERR_R_EC_LIB);
2224 goto err;
2225 }
2226 ret = 2; /* Skip certificate verify processing */
2227 }
2228 else
2229 {
2230 /* Get client's public key from encoded point
2231 * in the ClientKeyExchange message.
2232 */
2233 if ((bn_ctx = BN_CTX_new()) == NULL)
2234 {
2235 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2236 ERR_R_MALLOC_FAILURE);
2237 goto err;
2238 }
2239
2240 /* Get encoded point length */
2241 i = *p;
2242 p += 1;
2243 if (EC_POINT_oct2point(group,
2244 clnt_ecpoint, p, i, bn_ctx) == 0)
2245 {
2246 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2247 ERR_R_EC_LIB);
2248 goto err;
2249 }
2250 /* p is pointing to somewhere in the buffer
2251 * currently, so set it to the start
2252 */
2253 p=(unsigned char *)s->init_buf->data;
2254 }
2255
2256 /* Compute the shared pre-master secret */
2257 field_size = EC_GROUP_get_degree(group);
2258 if (field_size <= 0)
2259 {
2260 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2261 ERR_R_ECDH_LIB);
2262 goto err;
2263 }
2264 i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
2265 if (i <= 0)
2266 {
2267 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2268 ERR_R_ECDH_LIB);
2269 goto err;
2270 }
2271
2272 EVP_PKEY_free(clnt_pub_pkey);
2273 EC_POINT_free(clnt_ecpoint);
2274 if (srvr_ecdh != NULL)
2275 EC_KEY_free(srvr_ecdh);
2276 BN_CTX_free(bn_ctx);
2277
2278 /* Compute the master secret */
2279 s->session->master_key_length = s->method->ssl3_enc-> \
2280 generate_master_secret(s, s->session->master_key, p, i);
2281
2282 OPENSSL_cleanse(p, i);
2283 return (ret);
2284 }
2285 else
2286#endif
2287 {
2288 al=SSL_AD_HANDSHAKE_FAILURE;
2289 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2290 SSL_R_UNKNOWN_CIPHER_TYPE);
2291 goto f_err;
2292 }
2293
2294 return(1);
2295f_err:
2296 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2297#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
2298err:
2299#endif
2300#ifndef OPENSSL_NO_ECDH
2301 EVP_PKEY_free(clnt_pub_pkey);
2302 EC_POINT_free(clnt_ecpoint);
2303 if (srvr_ecdh != NULL)
2304 EC_KEY_free(srvr_ecdh);
2305 BN_CTX_free(bn_ctx);
2306#endif
2307 return(-1);
2308 }
2309
2310int ssl3_get_cert_verify(SSL *s)
2311 {
2312 EVP_PKEY *pkey=NULL;
2313 unsigned char *p;
2314 int al,ok,ret=0;
2315 long n;
2316 int type=0,i,j;
2317 X509 *peer;
2318
2319 n=s->method->ssl_get_message(s,
2320 SSL3_ST_SR_CERT_VRFY_A,
2321 SSL3_ST_SR_CERT_VRFY_B,
2322 -1,
2323 514, /* 514? */
2324 &ok);
2325
2326 if (!ok) return((int)n);
2327
2328 if (s->session->peer != NULL)
2329 {
2330 peer=s->session->peer;
2331 pkey=X509_get_pubkey(peer);
2332 type=X509_certificate_type(peer,pkey);
2333 }
2334 else
2335 {
2336 peer=NULL;
2337 pkey=NULL;
2338 }
2339
2340 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
2341 {
2342 s->s3->tmp.reuse_message=1;
2343 if ((peer != NULL) && (type | EVP_PKT_SIGN))
2344 {
2345 al=SSL_AD_UNEXPECTED_MESSAGE;
2346 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
2347 goto f_err;
2348 }
2349 ret=1;
2350 goto end;
2351 }
2352
2353 if (peer == NULL)
2354 {
2355 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
2356 al=SSL_AD_UNEXPECTED_MESSAGE;
2357 goto f_err;
2358 }
2359
2360 if (!(type & EVP_PKT_SIGN))
2361 {
2362 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2363 al=SSL_AD_ILLEGAL_PARAMETER;
2364 goto f_err;
2365 }
2366
2367 if (s->s3->change_cipher_spec)
2368 {
2369 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
2370 al=SSL_AD_UNEXPECTED_MESSAGE;
2371 goto f_err;
2372 }
2373
2374 /* we now have a signature that we need to verify */
2375 p=(unsigned char *)s->init_msg;
2376 n2s(p,i);
2377 n-=2;
2378 if (i > n)
2379 {
2380 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
2381 al=SSL_AD_DECODE_ERROR;
2382 goto f_err;
2383 }
2384
2385 j=EVP_PKEY_size(pkey);
2386 if ((i > j) || (n > j) || (n <= 0))
2387 {
2388 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
2389 al=SSL_AD_DECODE_ERROR;
2390 goto f_err;
2391 }
2392
2393#ifndef OPENSSL_NO_RSA
2394 if (pkey->type == EVP_PKEY_RSA)
2395 {
2396 i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
2397 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
2398 pkey->pkey.rsa);
2399 if (i < 0)
2400 {
2401 al=SSL_AD_DECRYPT_ERROR;
2402 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
2403 goto f_err;
2404 }
2405 if (i == 0)
2406 {
2407 al=SSL_AD_DECRYPT_ERROR;
2408 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
2409 goto f_err;
2410 }
2411 }
2412 else
2413#endif
2414#ifndef OPENSSL_NO_DSA
2415 if (pkey->type == EVP_PKEY_DSA)
2416 {
2417 j=DSA_verify(pkey->save_type,
2418 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2419 SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
2420 if (j <= 0)
2421 {
2422 /* bad signature */
2423 al=SSL_AD_DECRYPT_ERROR;
2424 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
2425 goto f_err;
2426 }
2427 }
2428 else
2429#endif
2430#ifndef OPENSSL_NO_ECDSA
2431 if (pkey->type == EVP_PKEY_EC)
2432 {
2433 j=ECDSA_verify(pkey->save_type,
2434 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2435 SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
2436 if (j <= 0)
2437 {
2438 /* bad signature */
2439 al=SSL_AD_DECRYPT_ERROR;
2440 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2441 SSL_R_BAD_ECDSA_SIGNATURE);
2442 goto f_err;
2443 }
2444 }
2445 else
2446#endif
2447 {
2448 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
2449 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
2450 goto f_err;
2451 }
2452
2453
2454 ret=1;
2455 if (0)
2456 {
2457f_err:
2458 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2459 }
2460end:
2461 EVP_PKEY_free(pkey);
2462 return(ret);
2463 }
2464
2465int ssl3_get_client_certificate(SSL *s)
2466 {
2467 int i,ok,al,ret= -1;
2468 X509 *x=NULL;
2469 unsigned long l,nc,llen,n;
2470 const unsigned char *p,*q;
2471 unsigned char *d;
2472 STACK_OF(X509) *sk=NULL;
2473
2474 n=s->method->ssl_get_message(s,
2475 SSL3_ST_SR_CERT_A,
2476 SSL3_ST_SR_CERT_B,
2477 -1,
2478 s->max_cert_list,
2479 &ok);
2480
2481 if (!ok) return((int)n);
2482
2483 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
2484 {
2485 if ( (s->verify_mode & SSL_VERIFY_PEER) &&
2486 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
2487 {
2488 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2489 al=SSL_AD_HANDSHAKE_FAILURE;
2490 goto f_err;
2491 }
2492 /* If tls asked for a client cert, the client must return a 0 list */
2493 if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
2494 {
2495 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
2496 al=SSL_AD_UNEXPECTED_MESSAGE;
2497 goto f_err;
2498 }
2499 s->s3->tmp.reuse_message=1;
2500 return(1);
2501 }
2502
2503 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
2504 {
2505 al=SSL_AD_UNEXPECTED_MESSAGE;
2506 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
2507 goto f_err;
2508 }
2509 p=d=(unsigned char *)s->init_msg;
2510
2511 if ((sk=sk_X509_new_null()) == NULL)
2512 {
2513 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
2514 goto err;
2515 }
2516
2517 n2l3(p,llen);
2518 if (llen+3 != n)
2519 {
2520 al=SSL_AD_DECODE_ERROR;
2521 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
2522 goto f_err;
2523 }
2524 for (nc=0; nc<llen; )
2525 {
2526 n2l3(p,l);
2527 if ((l+nc+3) > llen)
2528 {
2529 al=SSL_AD_DECODE_ERROR;
2530 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
2531 goto f_err;
2532 }
2533
2534 q=p;
2535 x=d2i_X509(NULL,&p,l);
2536 if (x == NULL)
2537 {
2538 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
2539 goto err;
2540 }
2541 if (p != (q+l))
2542 {
2543 al=SSL_AD_DECODE_ERROR;
2544 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
2545 goto f_err;
2546 }
2547 if (!sk_X509_push(sk,x))
2548 {
2549 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
2550 goto err;
2551 }
2552 x=NULL;
2553 nc+=l+3;
2554 }
2555
2556 if (sk_X509_num(sk) <= 0)
2557 {
2558 /* TLS does not mind 0 certs returned */
2559 if (s->version == SSL3_VERSION)
2560 {
2561 al=SSL_AD_HANDSHAKE_FAILURE;
2562 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
2563 goto f_err;
2564 }
2565 /* Fail for TLS only if we required a certificate */
2566 else if ((s->verify_mode & SSL_VERIFY_PEER) &&
2567 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
2568 {
2569 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2570 al=SSL_AD_HANDSHAKE_FAILURE;
2571 goto f_err;
2572 }
2573 }
2574 else
2575 {
2576 i=ssl_verify_cert_chain(s,sk);
2577 if (i <= 0)
2578 {
2579 al=ssl_verify_alarm_type(s->verify_result);
2580 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
2581 goto f_err;
2582 }
2583 }
2584
2585 if (s->session->peer != NULL) /* This should not be needed */
2586 X509_free(s->session->peer);
2587 s->session->peer=sk_X509_shift(sk);
2588 s->session->verify_result = s->verify_result;
2589
2590 /* With the current implementation, sess_cert will always be NULL
2591 * when we arrive here. */
2592 if (s->session->sess_cert == NULL)
2593 {
2594 s->session->sess_cert = ssl_sess_cert_new();
2595 if (s->session->sess_cert == NULL)
2596 {
2597 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
2598 goto err;
2599 }
2600 }
2601 if (s->session->sess_cert->cert_chain != NULL)
2602 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
2603 s->session->sess_cert->cert_chain=sk;
2604 /* Inconsistency alert: cert_chain does *not* include the
2605 * peer's own certificate, while we do include it in s3_clnt.c */
2606
2607 sk=NULL;
2608
2609 ret=1;
2610 if (0)
2611 {
2612f_err:
2613 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2614 }
2615err:
2616 if (x != NULL) X509_free(x);
2617 if (sk != NULL) sk_X509_pop_free(sk,X509_free);
2618 return(ret);
2619 }
2620
2621int ssl3_send_server_certificate(SSL *s)
2622 {
2623 unsigned long l;
2624 X509 *x;
2625
2626 if (s->state == SSL3_ST_SW_CERT_A)
2627 {
2628 x=ssl_get_server_send_cert(s);
2629 if (x == NULL &&
2630 /* VRS: allow null cert if auth == KRB5 */
2631 (s->s3->tmp.new_cipher->algorithms
2632 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
2633 != (SSL_aKRB5|SSL_kKRB5))
2634 {
2635 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
2636 return(0);
2637 }
2638
2639 l=ssl3_output_cert_chain(s,x);
2640 s->state=SSL3_ST_SW_CERT_B;
2641 s->init_num=(int)l;
2642 s->init_off=0;
2643 }
2644
2645 /* SSL3_ST_SW_CERT_B */
2646 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2647 }
2648
2649
2650#ifndef OPENSSL_NO_ECDH
2651/* This is the complement of curve_id2nid in s3_clnt.c. */
2652static int nid2curve_id(int nid)
2653{
2654 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2655 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2656 switch (nid) {
2657 case NID_sect163k1: /* sect163k1 (1) */
2658 return 1;
2659 case NID_sect163r1: /* sect163r1 (2) */
2660 return 2;
2661 case NID_sect163r2: /* sect163r2 (3) */
2662 return 3;
2663 case NID_sect193r1: /* sect193r1 (4) */
2664 return 4;
2665 case NID_sect193r2: /* sect193r2 (5) */
2666 return 5;
2667 case NID_sect233k1: /* sect233k1 (6) */
2668 return 6;
2669 case NID_sect233r1: /* sect233r1 (7) */
2670 return 7;
2671 case NID_sect239k1: /* sect239k1 (8) */
2672 return 8;
2673 case NID_sect283k1: /* sect283k1 (9) */
2674 return 9;
2675 case NID_sect283r1: /* sect283r1 (10) */
2676 return 10;
2677 case NID_sect409k1: /* sect409k1 (11) */
2678 return 11;
2679 case NID_sect409r1: /* sect409r1 (12) */
2680 return 12;
2681 case NID_sect571k1: /* sect571k1 (13) */
2682 return 13;
2683 case NID_sect571r1: /* sect571r1 (14) */
2684 return 14;
2685 case NID_secp160k1: /* secp160k1 (15) */
2686 return 15;
2687 case NID_secp160r1: /* secp160r1 (16) */
2688 return 16;
2689 case NID_secp160r2: /* secp160r2 (17) */
2690 return 17;
2691 case NID_secp192k1: /* secp192k1 (18) */
2692 return 18;
2693 case NID_X9_62_prime192v1: /* secp192r1 (19) */
2694 return 19;
2695 case NID_secp224k1: /* secp224k1 (20) */
2696 return 20;
2697 case NID_secp224r1: /* secp224r1 (21) */
2698 return 21;
2699 case NID_secp256k1: /* secp256k1 (22) */
2700 return 22;
2701 case NID_X9_62_prime256v1: /* secp256r1 (23) */
2702 return 23;
2703 case NID_secp384r1: /* secp384r1 (24) */
2704 return 24;
2705 case NID_secp521r1: /* secp521r1 (25) */
2706 return 25;
2707 default:
2708 return 0;
2709 }
2710}
2711#endif
2712#ifndef OPENSSL_NO_TLSEXT
2713int ssl3_send_newsession_ticket(SSL *s)
2714 {
2715 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
2716 {
2717 unsigned char *p, *senc, *macstart;
2718 int len, slen;
2719 unsigned int hlen;
2720 EVP_CIPHER_CTX ctx;
2721 HMAC_CTX hctx;
2722 unsigned char iv[EVP_MAX_IV_LENGTH];
2723 unsigned char key_name[16];
2724
2725 /* get session encoding length */
2726 slen = i2d_SSL_SESSION(s->session, NULL);
2727 /* Some length values are 16 bits, so forget it if session is
2728 * too long
2729 */
2730 if (slen > 0xFF00)
2731 return -1;
2732 /* Grow buffer if need be: the length calculation is as
2733 * follows 1 (size of message name) + 3 (message length
2734 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
2735 * 16 (key name) + max_iv_len (iv length) +
2736 * session_length + max_enc_block_size (max encrypted session
2737 * length) + max_md_size (HMAC).
2738 */
2739 if (!BUF_MEM_grow(s->init_buf,
2740 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
2741 EVP_MAX_MD_SIZE + slen))
2742 return -1;
2743 senc = OPENSSL_malloc(slen);
2744 if (!senc)
2745 return -1;
2746 p = senc;
2747 i2d_SSL_SESSION(s->session, &p);
2748
2749 p=(unsigned char *)s->init_buf->data;
2750 /* do the header */
2751 *(p++)=SSL3_MT_NEWSESSION_TICKET;
2752 /* Skip message length for now */
2753 p += 3;
2754 EVP_CIPHER_CTX_init(&ctx);
2755 HMAC_CTX_init(&hctx);
2756 /* Initialize HMAC and cipher contexts. If callback present
2757 * it does all the work otherwise use generated values
2758 * from parent ctx.
2759 */
2760 if (s->ctx->tlsext_ticket_key_cb)
2761 {
2762 if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
2763 &hctx, 1) < 0)
2764 {
2765 OPENSSL_free(senc);
2766 return -1;
2767 }
2768 }
2769 else
2770 {
2771 RAND_pseudo_bytes(iv, 16);
2772 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2773 s->ctx->tlsext_tick_aes_key, iv);
2774 HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
2775 tlsext_tick_md(), NULL);
2776 memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
2777 }
2778 l2n(s->session->tlsext_tick_lifetime_hint, p);
2779 /* Skip ticket length for now */
2780 p += 2;
2781 /* Output key name */
2782 macstart = p;
2783 memcpy(p, key_name, 16);
2784 p += 16;
2785 /* output IV */
2786 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
2787 p += EVP_CIPHER_CTX_iv_length(&ctx);
2788 /* Encrypt session data */
2789 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
2790 p += len;
2791 EVP_EncryptFinal(&ctx, p, &len);
2792 p += len;
2793 EVP_CIPHER_CTX_cleanup(&ctx);
2794
2795 HMAC_Update(&hctx, macstart, p - macstart);
2796 HMAC_Final(&hctx, p, &hlen);
2797 HMAC_CTX_cleanup(&hctx);
2798
2799 p += hlen;
2800 /* Now write out lengths: p points to end of data written */
2801 /* Total length */
2802 len = p - (unsigned char *)s->init_buf->data;
2803 p=(unsigned char *)s->init_buf->data + 1;
2804 l2n3(len - 4, p); /* Message length */
2805 p += 4;
2806 s2n(len - 10, p); /* Ticket length */
2807
2808 /* number of bytes to write */
2809 s->init_num= len;
2810 s->state=SSL3_ST_SW_SESSION_TICKET_B;
2811 s->init_off=0;
2812 OPENSSL_free(senc);
2813 }
2814
2815 /* SSL3_ST_SW_SESSION_TICKET_B */
2816 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2817 }
2818
2819int ssl3_send_cert_status(SSL *s)
2820 {
2821 if (s->state == SSL3_ST_SW_CERT_STATUS_A)
2822 {
2823 unsigned char *p;
2824 /* Grow buffer if need be: the length calculation is as
2825 * follows 1 (message type) + 3 (message length) +
2826 * 1 (ocsp response type) + 3 (ocsp response length)
2827 * + (ocsp response)
2828 */
2829 if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
2830 return -1;
2831
2832 p=(unsigned char *)s->init_buf->data;
2833
2834 /* do the header */
2835 *(p++)=SSL3_MT_CERTIFICATE_STATUS;
2836 /* message length */
2837 l2n3(s->tlsext_ocsp_resplen + 4, p);
2838 /* status type */
2839 *(p++)= s->tlsext_status_type;
2840 /* length of OCSP response */
2841 l2n3(s->tlsext_ocsp_resplen, p);
2842 /* actual response */
2843 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
2844 /* number of bytes to write */
2845 s->init_num = 8 + s->tlsext_ocsp_resplen;
2846 s->state=SSL3_ST_SW_CERT_STATUS_B;
2847 s->init_off = 0;
2848 }
2849
2850 /* SSL3_ST_SW_CERT_STATUS_B */
2851 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2852 }
2853#endif
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index b9229d3517..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
1major=15
2minor=1
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index ff8a128d3c..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,2075 +0,0 @@
1/* ssl/ssl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
113 *
114 * Redistribution and use in source and binary forms, with or without
115 * modification, are permitted provided that the following conditions
116 * are met:
117 *
118 * 1. Redistributions of source code must retain the above copyright
119 * notice, this list of conditions and the following disclaimer.
120 *
121 * 2. Redistributions in binary form must reproduce the above copyright
122 * notice, this list of conditions and the following disclaimer in
123 * the documentation and/or other materials provided with the
124 * distribution.
125 *
126 * 3. All advertising materials mentioning features or use of this
127 * software must display the following acknowledgment:
128 * "This product includes software developed by the OpenSSL Project
129 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
130 *
131 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
132 * endorse or promote products derived from this software without
133 * prior written permission. For written permission, please contact
134 * openssl-core@openssl.org.
135 *
136 * 5. Products derived from this software may not be called "OpenSSL"
137 * nor may "OpenSSL" appear in their names without prior written
138 * permission of the OpenSSL Project.
139 *
140 * 6. Redistributions of any form whatsoever must retain the following
141 * acknowledgment:
142 * "This product includes software developed by the OpenSSL Project
143 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
144 *
145 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
146 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
147 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
148 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
149 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
150 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
151 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
152 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
153 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
154 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
155 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
156 * OF THE POSSIBILITY OF SUCH DAMAGE.
157 * ====================================================================
158 *
159 * This product includes cryptographic software written by Eric Young
160 * (eay@cryptsoft.com). This product includes software written by Tim
161 * Hudson (tjh@cryptsoft.com).
162 *
163 */
164/* ====================================================================
165 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
166 * ECC cipher suite support in OpenSSL originally developed by
167 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
168 */
169
170#ifndef HEADER_SSL_H
171#define HEADER_SSL_H
172
173#include <openssl/e_os2.h>
174
175#ifndef OPENSSL_NO_COMP
176#include <openssl/comp.h>
177#endif
178#ifndef OPENSSL_NO_BIO
179#include <openssl/bio.h>
180#endif
181#ifndef OPENSSL_NO_DEPRECATED
182#ifndef OPENSSL_NO_X509
183#include <openssl/x509.h>
184#endif
185#include <openssl/crypto.h>
186#include <openssl/lhash.h>
187#include <openssl/buffer.h>
188#endif
189#include <openssl/pem.h>
190#include <openssl/hmac.h>
191
192#include <openssl/kssl.h>
193#include <openssl/safestack.h>
194#include <openssl/symhacks.h>
195
196#ifdef __cplusplus
197extern "C" {
198#endif
199
200/* SSLeay version number for ASN.1 encoding of the session information */
201/* Version 0 - initial version
202 * Version 1 - added the optional peer certificate
203 */
204#define SSL_SESSION_ASN1_VERSION 0x0001
205
206/* text strings for the ciphers */
207#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
208#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
209#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
210#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
211#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
212#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
213#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
214#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
215#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
216#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
217
218/* VRS Additional Kerberos5 entries
219 */
220#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
221#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
222#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
223#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
224#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
225#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
226#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
227#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
228
229#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
230#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
231#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
232#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
233#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
234#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
235
236#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
237#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
238#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
239#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
240#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
241#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
242#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
243
244#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
245#define SSL_MAX_SID_CTX_LENGTH 32
246
247#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
248#define SSL_MAX_KEY_ARG_LENGTH 8
249#define SSL_MAX_MASTER_KEY_LENGTH 48
250
251/* These are used to specify which ciphers to use and not to use */
252#define SSL_TXT_LOW "LOW"
253#define SSL_TXT_MEDIUM "MEDIUM"
254#define SSL_TXT_HIGH "HIGH"
255#define SSL_TXT_FIPS "FIPS"
256#define SSL_TXT_kFZA "kFZA"
257#define SSL_TXT_aFZA "aFZA"
258#define SSL_TXT_eFZA "eFZA"
259#define SSL_TXT_FZA "FZA"
260
261#define SSL_TXT_aNULL "aNULL"
262#define SSL_TXT_eNULL "eNULL"
263#define SSL_TXT_NULL "NULL"
264
265#define SSL_TXT_kKRB5 "kKRB5"
266#define SSL_TXT_aKRB5 "aKRB5"
267#define SSL_TXT_KRB5 "KRB5"
268
269#define SSL_TXT_kRSA "kRSA"
270#define SSL_TXT_kDHr "kDHr"
271#define SSL_TXT_kDHd "kDHd"
272#define SSL_TXT_kEDH "kEDH"
273#define SSL_TXT_aRSA "aRSA"
274#define SSL_TXT_aDSS "aDSS"
275#define SSL_TXT_aDH "aDH"
276#define SSL_TXT_DSS "DSS"
277#define SSL_TXT_DH "DH"
278#define SSL_TXT_EDH "EDH"
279#define SSL_TXT_ADH "ADH"
280#define SSL_TXT_RSA "RSA"
281#define SSL_TXT_DES "DES"
282#define SSL_TXT_3DES "3DES"
283#define SSL_TXT_RC4 "RC4"
284#define SSL_TXT_RC2 "RC2"
285#define SSL_TXT_IDEA "IDEA"
286#define SSL_TXT_SEED "SEED"
287#define SSL_TXT_AES "AES"
288#define SSL_TXT_CAMELLIA "CAMELLIA"
289#define SSL_TXT_MD5 "MD5"
290#define SSL_TXT_SHA1 "SHA1"
291#define SSL_TXT_SHA "SHA"
292#define SSL_TXT_EXP "EXP"
293#define SSL_TXT_EXPORT "EXPORT"
294#define SSL_TXT_EXP40 "EXPORT40"
295#define SSL_TXT_EXP56 "EXPORT56"
296#define SSL_TXT_SSLV2 "SSLv2"
297#define SSL_TXT_SSLV3 "SSLv3"
298#define SSL_TXT_TLSV1 "TLSv1"
299#define SSL_TXT_ALL "ALL"
300#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */
301
302/*
303 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
304 * ciphers normally not being used.
305 * Example: "RC4" will activate all ciphers using RC4 including ciphers
306 * without authentication, which would normally disabled by DEFAULT (due
307 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
308 * will make sure that it is also disabled in the specific selection.
309 * COMPLEMENTOF* identifiers are portable between version, as adjustments
310 * to the default cipher setup will also be included here.
311 *
312 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
313 * DEFAULT gets, as only selection is being done and no sorting as needed
314 * for DEFAULT.
315 */
316#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
317#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
318
319/* The following cipher list is used by default.
320 * It also is substituted when an application-defined cipher list string
321 * starts with 'DEFAULT'. */
322#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
323
324/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
325#define SSL_SENT_SHUTDOWN 1
326#define SSL_RECEIVED_SHUTDOWN 2
327
328#ifdef __cplusplus
329}
330#endif
331
332#ifdef __cplusplus
333extern "C" {
334#endif
335
336#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
337#define OPENSSL_NO_SSL2
338#endif
339
340#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
341#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
342
343/* This is needed to stop compilers complaining about the
344 * 'struct ssl_st *' function parameters used to prototype callbacks
345 * in SSL_CTX. */
346typedef struct ssl_st *ssl_crock_st;
347
348/* used to hold info on the particular ciphers used */
349typedef struct ssl_cipher_st
350 {
351 int valid;
352 const char *name; /* text name */
353 unsigned long id; /* id, 4 bytes, first is version */
354 unsigned long algorithms; /* what ciphers are used */
355 unsigned long algo_strength; /* strength and export flags */
356 unsigned long algorithm2; /* Extra flags */
357 int strength_bits; /* Number of bits really used */
358 int alg_bits; /* Number of bits for algorithm */
359 unsigned long mask; /* used for matching */
360 unsigned long mask_strength; /* also used for matching */
361 } SSL_CIPHER;
362
363DECLARE_STACK_OF(SSL_CIPHER)
364
365/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
366typedef struct ssl_method_st
367 {
368 int version;
369 int (*ssl_new)(SSL *s);
370 void (*ssl_clear)(SSL *s);
371 void (*ssl_free)(SSL *s);
372 int (*ssl_accept)(SSL *s);
373 int (*ssl_connect)(SSL *s);
374 int (*ssl_read)(SSL *s,void *buf,int len);
375 int (*ssl_peek)(SSL *s,void *buf,int len);
376 int (*ssl_write)(SSL *s,const void *buf,int len);
377 int (*ssl_shutdown)(SSL *s);
378 int (*ssl_renegotiate)(SSL *s);
379 int (*ssl_renegotiate_check)(SSL *s);
380 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
381 max, int *ok);
382 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
383 int peek);
384 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
385 int (*ssl_dispatch_alert)(SSL *s);
386 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
387 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
388 SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
389 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
390 int (*ssl_pending)(const SSL *s);
391 int (*num_ciphers)(void);
392 SSL_CIPHER *(*get_cipher)(unsigned ncipher);
393 struct ssl_method_st *(*get_ssl_method)(int version);
394 long (*get_timeout)(void);
395 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
396 int (*ssl_version)(void);
397 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
398 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
399 } SSL_METHOD;
400
401/* Lets make this into an ASN.1 type structure as follows
402 * SSL_SESSION_ID ::= SEQUENCE {
403 * version INTEGER, -- structure version number
404 * SSLversion INTEGER, -- SSL version number
405 * Cipher OCTET_STRING, -- the 3 byte cipher ID
406 * Session_ID OCTET_STRING, -- the Session ID
407 * Master_key OCTET_STRING, -- the master key
408 * KRB5_principal OCTET_STRING -- optional Kerberos principal
409 * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
410 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
411 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
412 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
413 * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
414 * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
415 * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
416 * }
417 * Look in ssl/ssl_asn1.c for more details
418 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
419 */
420typedef struct ssl_session_st
421 {
422 int ssl_version; /* what ssl version session info is
423 * being kept in here? */
424
425 /* only really used in SSLv2 */
426 unsigned int key_arg_length;
427 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
428 int master_key_length;
429 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
430 /* session_id - valid? */
431 unsigned int session_id_length;
432 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
433 /* this is used to determine whether the session is being reused in
434 * the appropriate context. It is up to the application to set this,
435 * via SSL_new */
436 unsigned int sid_ctx_length;
437 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
438
439#ifndef OPENSSL_NO_KRB5
440 unsigned int krb5_client_princ_len;
441 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
442#endif /* OPENSSL_NO_KRB5 */
443
444 int not_resumable;
445
446 /* The cert is the certificate used to establish this connection */
447 struct sess_cert_st /* SESS_CERT */ *sess_cert;
448
449 /* This is the cert for the other end.
450 * On clients, it will be the same as sess_cert->peer_key->x509
451 * (the latter is not enough as sess_cert is not retained
452 * in the external representation of sessions, see ssl_asn1.c). */
453 X509 *peer;
454 /* when app_verify_callback accepts a session where the peer's certificate
455 * is not ok, we must remember the error for session reuse: */
456 long verify_result; /* only for servers */
457
458 int references;
459 long timeout;
460 long time;
461
462 int compress_meth; /* Need to lookup the method */
463
464 SSL_CIPHER *cipher;
465 unsigned long cipher_id; /* when ASN.1 loaded, this
466 * needs to be used to load
467 * the 'cipher' structure */
468
469 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
470
471 CRYPTO_EX_DATA ex_data; /* application specific data */
472
473 /* These are used to make removal of session-ids more
474 * efficient and to implement a maximum cache size. */
475 struct ssl_session_st *prev,*next;
476#ifndef OPENSSL_NO_TLSEXT
477 char *tlsext_hostname;
478 /* RFC4507 info */
479 unsigned char *tlsext_tick; /* Session ticket */
480 size_t tlsext_ticklen; /* Session ticket length */
481 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
482#endif
483 } SSL_SESSION;
484
485
486#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
487#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
488#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
489#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
490#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
491#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
492#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
493#define SSL_OP_TLS_D5_BUG 0x00000100L
494#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
495
496/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
497 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
498 * the workaround is not needed. Unfortunately some broken SSL/TLS
499 * implementations cannot handle it at all, which is why we include
500 * it in SSL_OP_ALL. */
501#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
502
503/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
504 * This used to be 0x000FFFFFL before 0.9.7. */
505#define SSL_OP_ALL 0x00000FFFL
506
507/* DTLS options */
508#define SSL_OP_NO_QUERY_MTU 0x00001000L
509/* Turn on Cookie Exchange (on relevant for servers) */
510#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
511/* Don't use RFC4507 ticket extension */
512#define SSL_OP_NO_TICKET 0x00004000L
513
514/* As server, disallow session resumption on renegotiation */
515#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
516/* If set, always create a new key when using tmp_ecdh parameters */
517#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
518/* If set, always create a new key when using tmp_dh parameters */
519#define SSL_OP_SINGLE_DH_USE 0x00100000L
520/* Set to always use the tmp_rsa key when doing RSA operations,
521 * even when this violates protocol specs */
522#define SSL_OP_EPHEMERAL_RSA 0x00200000L
523/* Set on servers to choose the cipher according to the server's
524 * preferences */
525#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
526/* If set, a server will allow a client to issue a SSLv3.0 version number
527 * as latest version supported in the premaster secret, even when TLSv1.0
528 * (version 3.1) was announced in the client hello. Normally this is
529 * forbidden to prevent version rollback attacks. */
530#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
531
532#define SSL_OP_NO_SSLv2 0x01000000L
533#define SSL_OP_NO_SSLv3 0x02000000L
534#define SSL_OP_NO_TLSv1 0x04000000L
535
536/* The next flag deliberately changes the ciphertest, this is a check
537 * for the PKCS#1 attack */
538#define SSL_OP_PKCS1_CHECK_1 0x08000000L
539#define SSL_OP_PKCS1_CHECK_2 0x10000000L
540#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
541#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
542
543
544/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
545 * when just a single record has been written): */
546#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
547/* Make it possible to retry SSL_write() with changed buffer location
548 * (buffer contents must stay the same!); this is not the default to avoid
549 * the misconception that non-blocking SSL_write() behaves like
550 * non-blocking write(): */
551#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
552/* Never bother the application with retries if the transport
553 * is blocking: */
554#define SSL_MODE_AUTO_RETRY 0x00000004L
555/* Don't attempt to automatically build certificate chain */
556#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
557
558
559/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
560 * they cannot be used to clear bits. */
561
562#define SSL_CTX_set_options(ctx,op) \
563 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
564#define SSL_CTX_get_options(ctx) \
565 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
566#define SSL_set_options(ssl,op) \
567 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
568#define SSL_get_options(ssl) \
569 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
570
571#define SSL_CTX_set_mode(ctx,op) \
572 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
573#define SSL_CTX_get_mode(ctx) \
574 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
575#define SSL_set_mode(ssl,op) \
576 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
577#define SSL_get_mode(ssl) \
578 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
579#define SSL_set_mtu(ssl, mtu) \
580 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
581
582
583void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
584void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
585#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
586#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
587
588
589
590#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
591#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
592#else
593#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
594#endif
595
596#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
597
598/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
599 * them. It is used to override the generation of SSL/TLS session IDs in a
600 * server. Return value should be zero on an error, non-zero to proceed. Also,
601 * callbacks should themselves check if the id they generate is unique otherwise
602 * the SSL handshake will fail with an error - callbacks can do this using the
603 * 'ssl' value they're passed by;
604 * SSL_has_matching_session_id(ssl, id, *id_len)
605 * The length value passed in is set at the maximum size the session ID can be.
606 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
607 * can alter this length to be less if desired, but under SSLv2 session IDs are
608 * supposed to be fixed at 16 bytes so the id will be padded after the callback
609 * returns in this case. It is also an error for the callback to set the size to
610 * zero. */
611typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
612 unsigned int *id_len);
613
614typedef struct ssl_comp_st
615 {
616 int id;
617 const char *name;
618#ifndef OPENSSL_NO_COMP
619 COMP_METHOD *method;
620#else
621 char *method;
622#endif
623 } SSL_COMP;
624
625DECLARE_STACK_OF(SSL_COMP)
626
627struct ssl_ctx_st
628 {
629 SSL_METHOD *method;
630
631 STACK_OF(SSL_CIPHER) *cipher_list;
632 /* same as above but sorted for lookup */
633 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
634
635 struct x509_store_st /* X509_STORE */ *cert_store;
636 struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
637 /* Most session-ids that will be cached, default is
638 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
639 unsigned long session_cache_size;
640 struct ssl_session_st *session_cache_head;
641 struct ssl_session_st *session_cache_tail;
642
643 /* This can have one of 2 values, ored together,
644 * SSL_SESS_CACHE_CLIENT,
645 * SSL_SESS_CACHE_SERVER,
646 * Default is SSL_SESSION_CACHE_SERVER, which means only
647 * SSL_accept which cache SSL_SESSIONS. */
648 int session_cache_mode;
649
650 /* If timeout is not 0, it is the default timeout value set
651 * when SSL_new() is called. This has been put in to make
652 * life easier to set things up */
653 long session_timeout;
654
655 /* If this callback is not null, it will be called each
656 * time a session id is added to the cache. If this function
657 * returns 1, it means that the callback will do a
658 * SSL_SESSION_free() when it has finished using it. Otherwise,
659 * on 0, it means the callback has finished with it.
660 * If remove_session_cb is not null, it will be called when
661 * a session-id is removed from the cache. After the call,
662 * OpenSSL will SSL_SESSION_free() it. */
663 int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
664 void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
665 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
666 unsigned char *data,int len,int *copy);
667
668 struct
669 {
670 int sess_connect; /* SSL new conn - started */
671 int sess_connect_renegotiate;/* SSL reneg - requested */
672 int sess_connect_good; /* SSL new conne/reneg - finished */
673 int sess_accept; /* SSL new accept - started */
674 int sess_accept_renegotiate;/* SSL reneg - requested */
675 int sess_accept_good; /* SSL accept/reneg - finished */
676 int sess_miss; /* session lookup misses */
677 int sess_timeout; /* reuse attempt on timeouted session */
678 int sess_cache_full; /* session removed due to full cache */
679 int sess_hit; /* session reuse actually done */
680 int sess_cb_hit; /* session-id that was not
681 * in the cache was
682 * passed back via the callback. This
683 * indicates that the application is
684 * supplying session-id's from other
685 * processes - spooky :-) */
686 } stats;
687
688 int references;
689
690 /* if defined, these override the X509_verify_cert() calls */
691 int (*app_verify_callback)(X509_STORE_CTX *, void *);
692 void *app_verify_arg;
693 /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
694 * ('app_verify_callback' was called with just one argument) */
695
696 /* Default password callback. */
697 pem_password_cb *default_passwd_callback;
698
699 /* Default password callback user data. */
700 void *default_passwd_callback_userdata;
701
702 /* get client cert callback */
703 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
704
705 /* cookie generate callback */
706 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
707 unsigned int *cookie_len);
708
709 /* verify cookie callback */
710 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
711 unsigned int cookie_len);
712
713 CRYPTO_EX_DATA ex_data;
714
715 const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
716 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
717 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
718
719 STACK_OF(X509) *extra_certs;
720 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
721
722
723 /* Default values used when no per-SSL value is defined follow */
724
725 void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
726
727 /* what we put in client cert requests */
728 STACK_OF(X509_NAME) *client_CA;
729
730
731 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
732
733 unsigned long options;
734 unsigned long mode;
735 long max_cert_list;
736
737 struct cert_st /* CERT */ *cert;
738 int read_ahead;
739
740 /* callback that allows applications to peek at protocol messages */
741 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
742 void *msg_callback_arg;
743
744 int verify_mode;
745 unsigned int sid_ctx_length;
746 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
747 int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
748
749 /* Default generate session ID callback. */
750 GEN_SESSION_CB generate_session_id;
751
752 X509_VERIFY_PARAM *param;
753
754#if 0
755 int purpose; /* Purpose setting */
756 int trust; /* Trust setting */
757#endif
758
759 int quiet_shutdown;
760
761#ifndef OPENSSL_ENGINE
762 /* Engine to pass requests for client certs to
763 */
764 ENGINE *client_cert_engine;
765#endif
766
767#ifndef OPENSSL_NO_TLSEXT
768 /* TLS extensions servername callback */
769 int (*tlsext_servername_callback)(SSL*, int *, void *);
770 void *tlsext_servername_arg;
771 /* RFC 4507 session ticket keys */
772 unsigned char tlsext_tick_key_name[16];
773 unsigned char tlsext_tick_hmac_key[16];
774 unsigned char tlsext_tick_aes_key[16];
775 /* Callback to support customisation of ticket key setting */
776 int (*tlsext_ticket_key_cb)(SSL *ssl,
777 unsigned char *name, unsigned char *iv,
778 EVP_CIPHER_CTX *ectx,
779 HMAC_CTX *hctx, int enc);
780
781 /* certificate status request info */
782 /* Callback for status request */
783 int (*tlsext_status_cb)(SSL *ssl, void *arg);
784 void *tlsext_status_arg;
785#endif
786
787 };
788
789#define SSL_SESS_CACHE_OFF 0x0000
790#define SSL_SESS_CACHE_CLIENT 0x0001
791#define SSL_SESS_CACHE_SERVER 0x0002
792#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
793#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
794/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
795#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
796#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
797#define SSL_SESS_CACHE_NO_INTERNAL \
798 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
799
800 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
801#define SSL_CTX_sess_number(ctx) \
802 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
803#define SSL_CTX_sess_connect(ctx) \
804 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
805#define SSL_CTX_sess_connect_good(ctx) \
806 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
807#define SSL_CTX_sess_connect_renegotiate(ctx) \
808 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
809#define SSL_CTX_sess_accept(ctx) \
810 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
811#define SSL_CTX_sess_accept_renegotiate(ctx) \
812 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
813#define SSL_CTX_sess_accept_good(ctx) \
814 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
815#define SSL_CTX_sess_hits(ctx) \
816 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
817#define SSL_CTX_sess_cb_hits(ctx) \
818 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
819#define SSL_CTX_sess_misses(ctx) \
820 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
821#define SSL_CTX_sess_timeouts(ctx) \
822 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
823#define SSL_CTX_sess_cache_full(ctx) \
824 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
825
826void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
827int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
828void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
829void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
830void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
831SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
832void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
833void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
834void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
835int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
836#ifndef OPENSSL_NO_ENGINE
837int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
838#endif
839void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
840void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
841
842#define SSL_NOTHING 1
843#define SSL_WRITING 2
844#define SSL_READING 3
845#define SSL_X509_LOOKUP 4
846
847/* These will only be used when doing non-blocking IO */
848#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
849#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
850#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
851#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
852
853struct ssl_st
854 {
855 /* protocol version
856 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
857 */
858 int version;
859 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
860
861 SSL_METHOD *method; /* SSLv3 */
862
863 /* There are 2 BIO's even though they are normally both the
864 * same. This is so data can be read and written to different
865 * handlers */
866
867#ifndef OPENSSL_NO_BIO
868 BIO *rbio; /* used by SSL_read */
869 BIO *wbio; /* used by SSL_write */
870 BIO *bbio; /* used during session-id reuse to concatenate
871 * messages */
872#else
873 char *rbio; /* used by SSL_read */
874 char *wbio; /* used by SSL_write */
875 char *bbio;
876#endif
877 /* This holds a variable that indicates what we were doing
878 * when a 0 or -1 is returned. This is needed for
879 * non-blocking IO so we know what request needs re-doing when
880 * in SSL_accept or SSL_connect */
881 int rwstate;
882
883 /* true when we are actually in SSL_accept() or SSL_connect() */
884 int in_handshake;
885 int (*handshake_func)(SSL *);
886
887 /* Imagine that here's a boolean member "init" that is
888 * switched as soon as SSL_set_{accept/connect}_state
889 * is called for the first time, so that "state" and
890 * "handshake_func" are properly initialized. But as
891 * handshake_func is == 0 until then, we use this
892 * test instead of an "init" member.
893 */
894
895 int server; /* are we the server side? - mostly used by SSL_clear*/
896
897 int new_session;/* 1 if we are to use a new session.
898 * 2 if we are a server and are inside a handshake
899 * (i.e. not just sending a HelloRequest)
900 * NB: For servers, the 'new' session may actually be a previously
901 * cached session or even the previous session unless
902 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
903 int quiet_shutdown;/* don't send shutdown packets */
904 int shutdown; /* we have shut things down, 0x01 sent, 0x02
905 * for received */
906 int state; /* where we are */
907 int rstate; /* where we are when reading */
908
909 BUF_MEM *init_buf; /* buffer used during init */
910 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
911 int init_num; /* amount read/written */
912 int init_off; /* amount read/written */
913
914 /* used internally to point at a raw packet */
915 unsigned char *packet;
916 unsigned int packet_length;
917
918 struct ssl2_state_st *s2; /* SSLv2 variables */
919 struct ssl3_state_st *s3; /* SSLv3 variables */
920 struct dtls1_state_st *d1; /* DTLSv1 variables */
921
922 int read_ahead; /* Read as many input bytes as possible
923 * (for non-blocking reads) */
924
925 /* callback that allows applications to peek at protocol messages */
926 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
927 void *msg_callback_arg;
928
929 int hit; /* reusing a previous session */
930
931 X509_VERIFY_PARAM *param;
932
933#if 0
934 int purpose; /* Purpose setting */
935 int trust; /* Trust setting */
936#endif
937
938 /* crypto */
939 STACK_OF(SSL_CIPHER) *cipher_list;
940 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
941
942 /* These are the ones being used, the ones in SSL_SESSION are
943 * the ones to be 'copied' into these ones */
944
945 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
946 const EVP_MD *read_hash; /* used for mac generation */
947#ifndef OPENSSL_NO_COMP
948 COMP_CTX *expand; /* uncompress */
949#else
950 char *expand;
951#endif
952
953 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
954 const EVP_MD *write_hash; /* used for mac generation */
955#ifndef OPENSSL_NO_COMP
956 COMP_CTX *compress; /* compression */
957#else
958 char *compress;
959#endif
960
961 /* session info */
962
963 /* client cert? */
964 /* This is used to hold the server certificate used */
965 struct cert_st /* CERT */ *cert;
966
967 /* the session_id_context is used to ensure sessions are only reused
968 * in the appropriate context */
969 unsigned int sid_ctx_length;
970 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
971
972 /* This can also be in the session once a session is established */
973 SSL_SESSION *session;
974
975 /* Default generate session ID callback. */
976 GEN_SESSION_CB generate_session_id;
977
978 /* Used in SSL2 and SSL3 */
979 int verify_mode; /* 0 don't care about verify failure.
980 * 1 fail if verify fails */
981 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
982
983 void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
984
985 int error; /* error bytes to be written */
986 int error_code; /* actual code */
987
988#ifndef OPENSSL_NO_KRB5
989 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
990#endif /* OPENSSL_NO_KRB5 */
991
992 SSL_CTX *ctx;
993 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
994 * and SSL_write() calls, good for nbio debuging :-) */
995 int debug;
996
997 /* extra application data */
998 long verify_result;
999 CRYPTO_EX_DATA ex_data;
1000
1001 /* for server side, keep the list of CA_dn we can use */
1002 STACK_OF(X509_NAME) *client_CA;
1003
1004 int references;
1005 unsigned long options; /* protocol behaviour */
1006 unsigned long mode; /* API behaviour */
1007 long max_cert_list;
1008 int first_packet;
1009 int client_version; /* what was passed, used for
1010 * SSLv3/TLS rollback check */
1011#ifndef OPENSSL_NO_TLSEXT
1012 /* TLS extension debug callback */
1013 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1014 unsigned char *data, int len,
1015 void *arg);
1016 void *tlsext_debug_arg;
1017 char *tlsext_hostname;
1018 int servername_done; /* no further mod of servername
1019 0 : call the servername extension callback.
1020 1 : prepare 2, allow last ack just after in server callback.
1021 2 : don't call servername callback, no ack in server hello
1022 */
1023 /* certificate status request info */
1024 /* Status type or -1 if no status type */
1025 int tlsext_status_type;
1026 /* Expect OCSP CertificateStatus message */
1027 int tlsext_status_expected;
1028 /* OCSP status request only */
1029 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
1030 X509_EXTENSIONS *tlsext_ocsp_exts;
1031 /* OCSP response received or to be sent */
1032 unsigned char *tlsext_ocsp_resp;
1033 int tlsext_ocsp_resplen;
1034
1035 /* RFC4507 session ticket expected to be received or sent */
1036 int tlsext_ticket_expected;
1037 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1038#define session_ctx initial_ctx
1039#else
1040#define session_ctx ctx
1041#endif
1042 };
1043
1044#ifdef __cplusplus
1045}
1046#endif
1047
1048#include <openssl/ssl2.h>
1049#include <openssl/ssl3.h>
1050#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1051#include <openssl/dtls1.h> /* Datagram TLS */
1052#include <openssl/ssl23.h>
1053
1054#ifdef __cplusplus
1055extern "C" {
1056#endif
1057
1058/* compatibility */
1059#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
1060#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
1061#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
1062#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
1063#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
1064#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1065
1066/* The following are the possible values for ssl->state are are
1067 * used to indicate where we are up to in the SSL connection establishment.
1068 * The macros that follow are about the only things you should need to use
1069 * and even then, only when using non-blocking IO.
1070 * It can also be useful to work out where you were when the connection
1071 * failed */
1072
1073#define SSL_ST_CONNECT 0x1000
1074#define SSL_ST_ACCEPT 0x2000
1075#define SSL_ST_MASK 0x0FFF
1076#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
1077#define SSL_ST_BEFORE 0x4000
1078#define SSL_ST_OK 0x03
1079#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
1080
1081#define SSL_CB_LOOP 0x01
1082#define SSL_CB_EXIT 0x02
1083#define SSL_CB_READ 0x04
1084#define SSL_CB_WRITE 0x08
1085#define SSL_CB_ALERT 0x4000 /* used in callback */
1086#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
1087#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
1088#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
1089#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
1090#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
1091#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
1092#define SSL_CB_HANDSHAKE_START 0x10
1093#define SSL_CB_HANDSHAKE_DONE 0x20
1094
1095/* Is the SSL_connection established? */
1096#define SSL_get_state(a) SSL_state(a)
1097#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
1098#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
1099#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
1100#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
1101#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
1102
1103/* The following 2 states are kept in ssl->rstate when reads fail,
1104 * you should not need these */
1105#define SSL_ST_READ_HEADER 0xF0
1106#define SSL_ST_READ_BODY 0xF1
1107#define SSL_ST_READ_DONE 0xF2
1108
1109/* Obtain latest Finished message
1110 * -- that we sent (SSL_get_finished)
1111 * -- that we expected from peer (SSL_get_peer_finished).
1112 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
1113size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
1114size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1115
1116/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
1117 * are 'ored' with SSL_VERIFY_PEER if they are desired */
1118#define SSL_VERIFY_NONE 0x00
1119#define SSL_VERIFY_PEER 0x01
1120#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
1121#define SSL_VERIFY_CLIENT_ONCE 0x04
1122
1123#define OpenSSL_add_ssl_algorithms() SSL_library_init()
1124#define SSLeay_add_ssl_algorithms() SSL_library_init()
1125
1126/* this is for backward compatibility */
1127#if 0 /* NEW_SSLEAY */
1128#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
1129#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
1130#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
1131#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
1132#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
1133#endif
1134/* More backward compatibility */
1135#define SSL_get_cipher(s) \
1136 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1137#define SSL_get_cipher_bits(s,np) \
1138 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
1139#define SSL_get_cipher_version(s) \
1140 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
1141#define SSL_get_cipher_name(s) \
1142 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1143#define SSL_get_time(a) SSL_SESSION_get_time(a)
1144#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
1145#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1146#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1147
1148#if 1 /*SSLEAY_MACROS*/
1149#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1150#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1151#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
1152 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
1153#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
1154#define PEM_write_SSL_SESSION(fp,x) \
1155 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
1156 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
1157#define PEM_write_bio_SSL_SESSION(bp,x) \
1158 PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
1159#endif
1160
1161#define SSL_AD_REASON_OFFSET 1000
1162/* These alert types are for SSLv3 and TLSv1 */
1163#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1164#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
1165#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
1166#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
1167#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
1168#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
1169#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
1170#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
1171#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
1172#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
1173#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
1174#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
1175#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
1176#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
1177#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
1178#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
1179#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
1180#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
1181#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
1182#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
1183#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
1184#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
1185#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
1186#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
1187#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
1188#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1189#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1190#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1191
1192#define SSL_ERROR_NONE 0
1193#define SSL_ERROR_SSL 1
1194#define SSL_ERROR_WANT_READ 2
1195#define SSL_ERROR_WANT_WRITE 3
1196#define SSL_ERROR_WANT_X509_LOOKUP 4
1197#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
1198#define SSL_ERROR_ZERO_RETURN 6
1199#define SSL_ERROR_WANT_CONNECT 7
1200#define SSL_ERROR_WANT_ACCEPT 8
1201
1202#define SSL_CTRL_NEED_TMP_RSA 1
1203#define SSL_CTRL_SET_TMP_RSA 2
1204#define SSL_CTRL_SET_TMP_DH 3
1205#define SSL_CTRL_SET_TMP_ECDH 4
1206#define SSL_CTRL_SET_TMP_RSA_CB 5
1207#define SSL_CTRL_SET_TMP_DH_CB 6
1208#define SSL_CTRL_SET_TMP_ECDH_CB 7
1209
1210#define SSL_CTRL_GET_SESSION_REUSED 8
1211#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
1212#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
1213#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
1214#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
1215#define SSL_CTRL_GET_FLAGS 13
1216#define SSL_CTRL_EXTRA_CHAIN_CERT 14
1217
1218#define SSL_CTRL_SET_MSG_CALLBACK 15
1219#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
1220
1221/* only applies to datagram connections */
1222#define SSL_CTRL_SET_MTU 17
1223/* Stats */
1224#define SSL_CTRL_SESS_NUMBER 20
1225#define SSL_CTRL_SESS_CONNECT 21
1226#define SSL_CTRL_SESS_CONNECT_GOOD 22
1227#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
1228#define SSL_CTRL_SESS_ACCEPT 24
1229#define SSL_CTRL_SESS_ACCEPT_GOOD 25
1230#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
1231#define SSL_CTRL_SESS_HIT 27
1232#define SSL_CTRL_SESS_CB_HIT 28
1233#define SSL_CTRL_SESS_MISSES 29
1234#define SSL_CTRL_SESS_TIMEOUTS 30
1235#define SSL_CTRL_SESS_CACHE_FULL 31
1236#define SSL_CTRL_OPTIONS 32
1237#define SSL_CTRL_MODE 33
1238
1239#define SSL_CTRL_GET_READ_AHEAD 40
1240#define SSL_CTRL_SET_READ_AHEAD 41
1241#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
1242#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
1243#define SSL_CTRL_SET_SESS_CACHE_MODE 44
1244#define SSL_CTRL_GET_SESS_CACHE_MODE 45
1245
1246#define SSL_CTRL_GET_MAX_CERT_LIST 50
1247#define SSL_CTRL_SET_MAX_CERT_LIST 51
1248
1249/* see tls1.h for macros based on these */
1250#ifndef OPENSSL_NO_TLSEXT
1251#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1252#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1253#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
1254#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
1255#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1256#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1257#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1258
1259#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1260#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1261#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
1262#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
1263#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
1264#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
1265#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
1266#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
1267#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
1268
1269#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1270#endif
1271
1272#define SSL_session_reused(ssl) \
1273 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1274#define SSL_num_renegotiations(ssl) \
1275 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
1276#define SSL_clear_num_renegotiations(ssl) \
1277 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
1278#define SSL_total_renegotiations(ssl) \
1279 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1280
1281#define SSL_CTX_need_tmp_RSA(ctx) \
1282 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1283#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
1284 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1285#define SSL_CTX_set_tmp_dh(ctx,dh) \
1286 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1287#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
1288 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1289
1290#define SSL_need_tmp_RSA(ssl) \
1291 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1292#define SSL_set_tmp_rsa(ssl,rsa) \
1293 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1294#define SSL_set_tmp_dh(ssl,dh) \
1295 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1296#define SSL_set_tmp_ecdh(ssl,ecdh) \
1297 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1298
1299#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1300 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1301
1302#ifndef OPENSSL_NO_BIO
1303BIO_METHOD *BIO_f_ssl(void);
1304BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
1305BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
1306BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1307int BIO_ssl_copy_session_id(BIO *to,BIO *from);
1308void BIO_ssl_shutdown(BIO *ssl_bio);
1309
1310#endif
1311
1312int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
1313SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
1314void SSL_CTX_free(SSL_CTX *);
1315long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
1316long SSL_CTX_get_timeout(const SSL_CTX *ctx);
1317X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1318void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
1319int SSL_want(const SSL *s);
1320int SSL_clear(SSL *s);
1321
1322void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
1323
1324SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1325int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
1326char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1327const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1328
1329int SSL_get_fd(const SSL *s);
1330int SSL_get_rfd(const SSL *s);
1331int SSL_get_wfd(const SSL *s);
1332const char * SSL_get_cipher_list(const SSL *s,int n);
1333char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
1334int SSL_get_read_ahead(const SSL * s);
1335int SSL_pending(const SSL *s);
1336#ifndef OPENSSL_NO_SOCK
1337int SSL_set_fd(SSL *s, int fd);
1338int SSL_set_rfd(SSL *s, int fd);
1339int SSL_set_wfd(SSL *s, int fd);
1340#endif
1341#ifndef OPENSSL_NO_BIO
1342void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
1343BIO * SSL_get_rbio(const SSL *s);
1344BIO * SSL_get_wbio(const SSL *s);
1345#endif
1346int SSL_set_cipher_list(SSL *s, const char *str);
1347void SSL_set_read_ahead(SSL *s, int yes);
1348int SSL_get_verify_mode(const SSL *s);
1349int SSL_get_verify_depth(const SSL *s);
1350int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
1351void SSL_set_verify(SSL *s, int mode,
1352 int (*callback)(int ok,X509_STORE_CTX *ctx));
1353void SSL_set_verify_depth(SSL *s, int depth);
1354#ifndef OPENSSL_NO_RSA
1355int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1356#endif
1357int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
1358int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1359int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
1360int SSL_use_certificate(SSL *ssl, X509 *x);
1361int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1362
1363#ifndef OPENSSL_NO_STDIO
1364int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
1365int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
1366int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
1367int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1368int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1369int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1370int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
1371STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
1372int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1373 const char *file);
1374#ifndef OPENSSL_SYS_VMS
1375#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
1376int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1377 const char *dir);
1378#endif
1379#endif
1380
1381#endif
1382
1383void SSL_load_error_strings(void );
1384const char *SSL_state_string(const SSL *s);
1385const char *SSL_rstate_string(const SSL *s);
1386const char *SSL_state_string_long(const SSL *s);
1387const char *SSL_rstate_string_long(const SSL *s);
1388long SSL_SESSION_get_time(const SSL_SESSION *s);
1389long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1390long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1391long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1392void SSL_copy_session_id(SSL *to,const SSL *from);
1393
1394SSL_SESSION *SSL_SESSION_new(void);
1395unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
1396int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
1397const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
1398#ifndef OPENSSL_NO_FP_API
1399int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1400#endif
1401#ifndef OPENSSL_NO_BIO
1402int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
1403#endif
1404void SSL_SESSION_free(SSL_SESSION *ses);
1405int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
1406int SSL_set_session(SSL *to, SSL_SESSION *session);
1407int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1408int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
1409int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
1410int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1411int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1412 unsigned int id_len);
1413SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
1414 long length);
1415
1416#ifdef HEADER_X509_H
1417X509 * SSL_get_peer_certificate(const SSL *s);
1418#endif
1419
1420STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1421
1422int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
1423int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
1424int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
1425void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
1426 int (*callback)(int, X509_STORE_CTX *));
1427void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
1428void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
1429#ifndef OPENSSL_NO_RSA
1430int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1431#endif
1432int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1433int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1434int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
1435 const unsigned char *d, long len);
1436int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1437int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1438
1439void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
1440void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1441
1442int SSL_CTX_check_private_key(const SSL_CTX *ctx);
1443int SSL_check_private_key(const SSL *ctx);
1444
1445int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
1446 unsigned int sid_ctx_len);
1447
1448SSL * SSL_new(SSL_CTX *ctx);
1449int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
1450 unsigned int sid_ctx_len);
1451
1452int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1453int SSL_set_purpose(SSL *s, int purpose);
1454int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1455int SSL_set_trust(SSL *s, int trust);
1456
1457void SSL_free(SSL *ssl);
1458int SSL_accept(SSL *ssl);
1459int SSL_connect(SSL *ssl);
1460int SSL_read(SSL *ssl,void *buf,int num);
1461int SSL_peek(SSL *ssl,void *buf,int num);
1462int SSL_write(SSL *ssl,const void *buf,int num);
1463long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
1464long SSL_callback_ctrl(SSL *, int, void (*)(void));
1465long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
1466long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1467
1468int SSL_get_error(const SSL *s,int ret_code);
1469const char *SSL_get_version(const SSL *s);
1470
1471/* This sets the 'default' SSL version that SSL_new() will create */
1472int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
1473
1474SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1475SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1476SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1477
1478SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1479SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1480SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1481
1482SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1483SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1484SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1485
1486SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1487SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1488SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1489
1490SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1491SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1492SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1493
1494STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1495
1496int SSL_do_handshake(SSL *s);
1497int SSL_renegotiate(SSL *s);
1498int SSL_renegotiate_pending(SSL *s);
1499int SSL_shutdown(SSL *s);
1500
1501SSL_METHOD *SSL_get_ssl_method(SSL *s);
1502int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
1503const char *SSL_alert_type_string_long(int value);
1504const char *SSL_alert_type_string(int value);
1505const char *SSL_alert_desc_string_long(int value);
1506const char *SSL_alert_desc_string(int value);
1507
1508void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1509void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1510STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
1511STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1512int SSL_add_client_CA(SSL *ssl,X509 *x);
1513int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
1514
1515void SSL_set_connect_state(SSL *s);
1516void SSL_set_accept_state(SSL *s);
1517
1518long SSL_get_default_timeout(const SSL *s);
1519
1520int SSL_library_init(void );
1521
1522char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
1523STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1524
1525SSL *SSL_dup(SSL *ssl);
1526
1527X509 *SSL_get_certificate(const SSL *ssl);
1528/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1529
1530void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1531int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1532void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1533int SSL_get_quiet_shutdown(const SSL *ssl);
1534void SSL_set_shutdown(SSL *ssl,int mode);
1535int SSL_get_shutdown(const SSL *ssl);
1536int SSL_version(const SSL *ssl);
1537int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1538int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1539 const char *CApath);
1540#define SSL_get0_session SSL_get_session /* just peek at pointer */
1541SSL_SESSION *SSL_get_session(const SSL *ssl);
1542SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1543SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1544SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
1545void SSL_set_info_callback(SSL *ssl,
1546 void (*cb)(const SSL *ssl,int type,int val));
1547void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
1548int SSL_state(const SSL *ssl);
1549
1550void SSL_set_verify_result(SSL *ssl,long v);
1551long SSL_get_verify_result(const SSL *ssl);
1552
1553int SSL_set_ex_data(SSL *ssl,int idx,void *data);
1554void *SSL_get_ex_data(const SSL *ssl,int idx);
1555int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1556 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1557
1558int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
1559void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
1560int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1561 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1562
1563int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
1564void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
1565int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1566 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1567
1568int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1569
1570#define SSL_CTX_sess_set_cache_size(ctx,t) \
1571 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1572#define SSL_CTX_sess_get_cache_size(ctx) \
1573 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1574#define SSL_CTX_set_session_cache_mode(ctx,m) \
1575 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1576#define SSL_CTX_get_session_cache_mode(ctx) \
1577 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1578
1579#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1580#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1581#define SSL_CTX_get_read_ahead(ctx) \
1582 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1583#define SSL_CTX_set_read_ahead(ctx,m) \
1584 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1585#define SSL_CTX_get_max_cert_list(ctx) \
1586 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1587#define SSL_CTX_set_max_cert_list(ctx,m) \
1588 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1589#define SSL_get_max_cert_list(ssl) \
1590 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1591#define SSL_set_max_cert_list(ssl,m) \
1592 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1593
1594 /* NB: the keylength is only applicable when is_export is true */
1595#ifndef OPENSSL_NO_RSA
1596void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1597 RSA *(*cb)(SSL *ssl,int is_export,
1598 int keylength));
1599
1600void SSL_set_tmp_rsa_callback(SSL *ssl,
1601 RSA *(*cb)(SSL *ssl,int is_export,
1602 int keylength));
1603#endif
1604#ifndef OPENSSL_NO_DH
1605void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1606 DH *(*dh)(SSL *ssl,int is_export,
1607 int keylength));
1608void SSL_set_tmp_dh_callback(SSL *ssl,
1609 DH *(*dh)(SSL *ssl,int is_export,
1610 int keylength));
1611#endif
1612#ifndef OPENSSL_NO_ECDH
1613void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
1614 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
1615 int keylength));
1616void SSL_set_tmp_ecdh_callback(SSL *ssl,
1617 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
1618 int keylength));
1619#endif
1620
1621#ifndef OPENSSL_NO_COMP
1622const COMP_METHOD *SSL_get_current_compression(SSL *s);
1623const COMP_METHOD *SSL_get_current_expansion(SSL *s);
1624const char *SSL_COMP_get_name(const COMP_METHOD *comp);
1625STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
1626int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
1627#else
1628const void *SSL_get_current_compression(SSL *s);
1629const void *SSL_get_current_expansion(SSL *s);
1630const char *SSL_COMP_get_name(const void *comp);
1631void *SSL_COMP_get_compression_methods(void);
1632int SSL_COMP_add_compression_method(int id,void *cm);
1633#endif
1634
1635/* BEGIN ERROR CODES */
1636/* The following lines are auto generated by the script mkerr.pl. Any changes
1637 * made after this point may be overwritten when the script is next run.
1638 */
1639void ERR_load_SSL_strings(void);
1640
1641/* Error codes for the SSL functions. */
1642
1643/* Function codes. */
1644#define SSL_F_CLIENT_CERTIFICATE 100
1645#define SSL_F_CLIENT_FINISHED 167
1646#define SSL_F_CLIENT_HELLO 101
1647#define SSL_F_CLIENT_MASTER_KEY 102
1648#define SSL_F_D2I_SSL_SESSION 103
1649#define SSL_F_DO_DTLS1_WRITE 245
1650#define SSL_F_DO_SSL3_WRITE 104
1651#define SSL_F_DTLS1_ACCEPT 246
1652#define SSL_F_DTLS1_BUFFER_RECORD 247
1653#define SSL_F_DTLS1_CLIENT_HELLO 248
1654#define SSL_F_DTLS1_CONNECT 249
1655#define SSL_F_DTLS1_ENC 250
1656#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
1657#define SSL_F_DTLS1_GET_MESSAGE 252
1658#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1659#define SSL_F_DTLS1_GET_RECORD 254
1660#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1661#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277
1662#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
1663#define SSL_F_DTLS1_PROCESS_RECORD 257
1664#define SSL_F_DTLS1_READ_BYTES 258
1665#define SSL_F_DTLS1_READ_FAILED 259
1666#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
1667#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
1668#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
1669#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
1670#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
1671#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
1672#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
1673#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
1674#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
1675#define SSL_F_GET_CLIENT_FINISHED 105
1676#define SSL_F_GET_CLIENT_HELLO 106
1677#define SSL_F_GET_CLIENT_MASTER_KEY 107
1678#define SSL_F_GET_SERVER_FINISHED 108
1679#define SSL_F_GET_SERVER_HELLO 109
1680#define SSL_F_GET_SERVER_VERIFY 110
1681#define SSL_F_I2D_SSL_SESSION 111
1682#define SSL_F_READ_N 112
1683#define SSL_F_REQUEST_CERTIFICATE 113
1684#define SSL_F_SERVER_FINISH 239
1685#define SSL_F_SERVER_HELLO 114
1686#define SSL_F_SERVER_VERIFY 240
1687#define SSL_F_SSL23_ACCEPT 115
1688#define SSL_F_SSL23_CLIENT_HELLO 116
1689#define SSL_F_SSL23_CONNECT 117
1690#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1691#define SSL_F_SSL23_GET_SERVER_HELLO 119
1692#define SSL_F_SSL23_PEEK 237
1693#define SSL_F_SSL23_READ 120
1694#define SSL_F_SSL23_WRITE 121
1695#define SSL_F_SSL2_ACCEPT 122
1696#define SSL_F_SSL2_CONNECT 123
1697#define SSL_F_SSL2_ENC_INIT 124
1698#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
1699#define SSL_F_SSL2_PEEK 234
1700#define SSL_F_SSL2_READ 125
1701#define SSL_F_SSL2_READ_INTERNAL 236
1702#define SSL_F_SSL2_SET_CERTIFICATE 126
1703#define SSL_F_SSL2_WRITE 127
1704#define SSL_F_SSL3_ACCEPT 128
1705#define SSL_F_SSL3_CALLBACK_CTRL 233
1706#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1707#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1708#define SSL_F_SSL3_CLIENT_HELLO 131
1709#define SSL_F_SSL3_CONNECT 132
1710#define SSL_F_SSL3_CTRL 213
1711#define SSL_F_SSL3_CTX_CTRL 133
1712#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279
1713#define SSL_F_SSL3_ENC 134
1714#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1715#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1716#define SSL_F_SSL3_GET_CERT_STATUS 288
1717#define SSL_F_SSL3_GET_CERT_VERIFY 136
1718#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1719#define SSL_F_SSL3_GET_CLIENT_HELLO 138
1720#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
1721#define SSL_F_SSL3_GET_FINISHED 140
1722#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1723#define SSL_F_SSL3_GET_MESSAGE 142
1724#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
1725#define SSL_F_SSL3_GET_RECORD 143
1726#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1727#define SSL_F_SSL3_GET_SERVER_DONE 145
1728#define SSL_F_SSL3_GET_SERVER_HELLO 146
1729#define SSL_F_SSL3_NEW_SESSION_TICKET 284
1730#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1731#define SSL_F_SSL3_PEEK 235
1732#define SSL_F_SSL3_READ_BYTES 148
1733#define SSL_F_SSL3_READ_N 149
1734#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
1735#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
1736#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1737#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1738#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1739#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1740#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1741#define SSL_F_SSL3_SETUP_BUFFERS 156
1742#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1743#define SSL_F_SSL3_WRITE_BYTES 158
1744#define SSL_F_SSL3_WRITE_PENDING 159
1745#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272
1746#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1747#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1748#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273
1749#define SSL_F_SSL_BAD_METHOD 160
1750#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1751#define SSL_F_SSL_CERT_DUP 221
1752#define SSL_F_SSL_CERT_INST 222
1753#define SSL_F_SSL_CERT_INSTANTIATE 214
1754#define SSL_F_SSL_CERT_NEW 162
1755#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1756#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274
1757#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1758#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1759#define SSL_F_SSL_CLEAR 164
1760#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1761#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1762#define SSL_F_SSL_CTRL 232
1763#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1764#define SSL_F_SSL_CTX_NEW 169
1765#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1766#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278
1767#define SSL_F_SSL_CTX_SET_PURPOSE 226
1768#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1769#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
1770#define SSL_F_SSL_CTX_SET_TRUST 229
1771#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
1772#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
1773#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
1774#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
1775#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
1776#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
1777#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
1778#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
1779#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
1780#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
1781#define SSL_F_SSL_DO_HANDSHAKE 180
1782#define SSL_F_SSL_GET_NEW_SESSION 181
1783#define SSL_F_SSL_GET_PREV_SESSION 217
1784#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
1785#define SSL_F_SSL_GET_SIGN_PKEY 183
1786#define SSL_F_SSL_INIT_WBIO_BUFFER 184
1787#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
1788#define SSL_F_SSL_NEW 186
1789#define SSL_F_SSL_PEEK 270
1790#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275
1791#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276
1792#define SSL_F_SSL_READ 223
1793#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
1794#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
1795#define SSL_F_SSL_SESSION_NEW 189
1796#define SSL_F_SSL_SESSION_PRINT_FP 190
1797#define SSL_F_SSL_SESS_CERT_NEW 225
1798#define SSL_F_SSL_SET_CERT 191
1799#define SSL_F_SSL_SET_CIPHER_LIST 271
1800#define SSL_F_SSL_SET_FD 192
1801#define SSL_F_SSL_SET_PKEY 193
1802#define SSL_F_SSL_SET_PURPOSE 227
1803#define SSL_F_SSL_SET_RFD 194
1804#define SSL_F_SSL_SET_SESSION 195
1805#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1806#define SSL_F_SSL_SET_TRUST 228
1807#define SSL_F_SSL_SET_WFD 196
1808#define SSL_F_SSL_SHUTDOWN 224
1809#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
1810#define SSL_F_SSL_UNDEFINED_FUNCTION 197
1811#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
1812#define SSL_F_SSL_USE_CERTIFICATE 198
1813#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
1814#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
1815#define SSL_F_SSL_USE_PRIVATEKEY 201
1816#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
1817#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
1818#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
1819#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
1820#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
1821#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
1822#define SSL_F_SSL_WRITE 208
1823#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
1824#define SSL_F_TLS1_ENC 210
1825#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
1826#define SSL_F_WRITE_PENDING 212
1827
1828/* Reason codes. */
1829#define SSL_R_APP_DATA_IN_HANDSHAKE 100
1830#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
1831#define SSL_R_BAD_ALERT_RECORD 101
1832#define SSL_R_BAD_AUTHENTICATION_TYPE 102
1833#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
1834#define SSL_R_BAD_CHECKSUM 104
1835#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
1836#define SSL_R_BAD_DECOMPRESSION 107
1837#define SSL_R_BAD_DH_G_LENGTH 108
1838#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
1839#define SSL_R_BAD_DH_P_LENGTH 110
1840#define SSL_R_BAD_DIGEST_LENGTH 111
1841#define SSL_R_BAD_DSA_SIGNATURE 112
1842#define SSL_R_BAD_ECC_CERT 304
1843#define SSL_R_BAD_ECDSA_SIGNATURE 305
1844#define SSL_R_BAD_ECPOINT 306
1845#define SSL_R_BAD_HELLO_REQUEST 105
1846#define SSL_R_BAD_LENGTH 271
1847#define SSL_R_BAD_MAC_DECODE 113
1848#define SSL_R_BAD_MESSAGE_TYPE 114
1849#define SSL_R_BAD_PACKET_LENGTH 115
1850#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
1851#define SSL_R_BAD_RESPONSE_ARGUMENT 117
1852#define SSL_R_BAD_RSA_DECRYPT 118
1853#define SSL_R_BAD_RSA_ENCRYPT 119
1854#define SSL_R_BAD_RSA_E_LENGTH 120
1855#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
1856#define SSL_R_BAD_RSA_SIGNATURE 122
1857#define SSL_R_BAD_SIGNATURE 123
1858#define SSL_R_BAD_SSL_FILETYPE 124
1859#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
1860#define SSL_R_BAD_STATE 126
1861#define SSL_R_BAD_WRITE_RETRY 127
1862#define SSL_R_BIO_NOT_SET 128
1863#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
1864#define SSL_R_BN_LIB 130
1865#define SSL_R_CA_DN_LENGTH_MISMATCH 131
1866#define SSL_R_CA_DN_TOO_LONG 132
1867#define SSL_R_CCS_RECEIVED_EARLY 133
1868#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
1869#define SSL_R_CERT_LENGTH_MISMATCH 135
1870#define SSL_R_CHALLENGE_IS_DIFFERENT 136
1871#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
1872#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
1873#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
1874#define SSL_R_CLIENTHELLO_TLSEXT 157
1875#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
1876#define SSL_R_COMPRESSION_FAILURE 141
1877#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
1878#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
1879#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
1880#define SSL_R_CONNECTION_TYPE_NOT_SET 144
1881#define SSL_R_COOKIE_MISMATCH 308
1882#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
1883#define SSL_R_DATA_LENGTH_TOO_LONG 146
1884#define SSL_R_DECRYPTION_FAILED 147
1885#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
1886#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1887#define SSL_R_DIGEST_CHECK_FAILED 149
1888#define SSL_R_DUPLICATE_COMPRESSION_ID 309
1889#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
1890#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1891#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
1892#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
1893#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
1894#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
1895#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
1896#define SSL_R_HTTPS_PROXY_REQUEST 155
1897#define SSL_R_HTTP_REQUEST 156
1898#define SSL_R_ILLEGAL_PADDING 283
1899#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1900#define SSL_R_INVALID_COMMAND 280
1901#define SSL_R_INVALID_PURPOSE 278
1902#define SSL_R_INVALID_STATUS_RESPONSE 316
1903#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275
1904#define SSL_R_INVALID_TRUST 279
1905#define SSL_R_KEY_ARG_TOO_LONG 284
1906#define SSL_R_KRB5 285
1907#define SSL_R_KRB5_C_CC_PRINC 286
1908#define SSL_R_KRB5_C_GET_CRED 287
1909#define SSL_R_KRB5_C_INIT 288
1910#define SSL_R_KRB5_C_MK_REQ 289
1911#define SSL_R_KRB5_S_BAD_TICKET 290
1912#define SSL_R_KRB5_S_INIT 291
1913#define SSL_R_KRB5_S_RD_REQ 292
1914#define SSL_R_KRB5_S_TKT_EXPIRED 293
1915#define SSL_R_KRB5_S_TKT_NYV 294
1916#define SSL_R_KRB5_S_TKT_SKEW 295
1917#define SSL_R_LENGTH_MISMATCH 159
1918#define SSL_R_LENGTH_TOO_SHORT 160
1919#define SSL_R_LIBRARY_BUG 274
1920#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
1921#define SSL_R_MESSAGE_TOO_LONG 296
1922#define SSL_R_MISSING_DH_DSA_CERT 162
1923#define SSL_R_MISSING_DH_KEY 163
1924#define SSL_R_MISSING_DH_RSA_CERT 164
1925#define SSL_R_MISSING_DSA_SIGNING_CERT 165
1926#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
1927#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
1928#define SSL_R_MISSING_RSA_CERTIFICATE 168
1929#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
1930#define SSL_R_MISSING_RSA_SIGNING_CERT 170
1931#define SSL_R_MISSING_TMP_DH_KEY 171
1932#define SSL_R_MISSING_TMP_ECDH_KEY 311
1933#define SSL_R_MISSING_TMP_RSA_KEY 172
1934#define SSL_R_MISSING_TMP_RSA_PKEY 173
1935#define SSL_R_MISSING_VERIFY_MESSAGE 174
1936#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
1937#define SSL_R_NO_CERTIFICATES_RETURNED 176
1938#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
1939#define SSL_R_NO_CERTIFICATE_RETURNED 178
1940#define SSL_R_NO_CERTIFICATE_SET 179
1941#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
1942#define SSL_R_NO_CIPHERS_AVAILABLE 181
1943#define SSL_R_NO_CIPHERS_PASSED 182
1944#define SSL_R_NO_CIPHERS_SPECIFIED 183
1945#define SSL_R_NO_CIPHER_LIST 184
1946#define SSL_R_NO_CIPHER_MATCH 185
1947#define SSL_R_NO_CLIENT_CERT_METHOD 317
1948#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
1949#define SSL_R_NO_COMPRESSION_SPECIFIED 187
1950#define SSL_R_NO_METHOD_SPECIFIED 188
1951#define SSL_R_NO_PRIVATEKEY 189
1952#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
1953#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
1954#define SSL_R_NO_PUBLICKEY 192
1955#define SSL_R_NO_SHARED_CIPHER 193
1956#define SSL_R_NO_VERIFY_CALLBACK 194
1957#define SSL_R_NULL_SSL_CTX 195
1958#define SSL_R_NULL_SSL_METHOD_PASSED 196
1959#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
1960#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
1961#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1962#define SSL_R_PARSE_TLSEXT 223
1963#define SSL_R_PATH_TOO_LONG 270
1964#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
1965#define SSL_R_PEER_ERROR 200
1966#define SSL_R_PEER_ERROR_CERTIFICATE 201
1967#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
1968#define SSL_R_PEER_ERROR_NO_CIPHER 203
1969#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
1970#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
1971#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
1972#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
1973#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
1974#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
1975#define SSL_R_PUBLIC_KEY_NOT_RSA 210
1976#define SSL_R_READ_BIO_NOT_SET 211
1977#define SSL_R_READ_TIMEOUT_EXPIRED 312
1978#define SSL_R_READ_WRONG_PACKET_TYPE 212
1979#define SSL_R_RECORD_LENGTH_MISMATCH 213
1980#define SSL_R_RECORD_TOO_LARGE 214
1981#define SSL_R_RECORD_TOO_SMALL 298
1982#define SSL_R_REQUIRED_CIPHER_MISSING 215
1983#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1984#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
1985#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
1986#define SSL_R_SERVERHELLO_TLSEXT 224
1987#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
1988#define SSL_R_SHORT_READ 219
1989#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1990#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1991#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
1992#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225
1993#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226
1994#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
1995#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1996#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1997#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
1998#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
1999#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
2000#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
2001#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
2002#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
2003#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
2004#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
2005#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
2006#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
2007#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
2008#define SSL_R_SSL_HANDSHAKE_FAILURE 229
2009#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
2010#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
2011#define SSL_R_SSL_SESSION_ID_CONFLICT 302
2012#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
2013#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
2014#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
2015#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
2016#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
2017#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
2018#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
2019#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
2020#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
2021#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
2022#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
2023#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
2024#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2025#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2026#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2027#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2028#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227
2029#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2030#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2031#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
2032#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
2033#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
2034#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
2035#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
2036#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
2037#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
2038#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
2039#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
2040#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
2041#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
2042#define SSL_R_UNEXPECTED_MESSAGE 244
2043#define SSL_R_UNEXPECTED_RECORD 245
2044#define SSL_R_UNINITIALIZED 276
2045#define SSL_R_UNKNOWN_ALERT_TYPE 246
2046#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
2047#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
2048#define SSL_R_UNKNOWN_CIPHER_TYPE 249
2049#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
2050#define SSL_R_UNKNOWN_PKEY_TYPE 251
2051#define SSL_R_UNKNOWN_PROTOCOL 252
2052#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2053#define SSL_R_UNKNOWN_SSL_VERSION 254
2054#define SSL_R_UNKNOWN_STATE 255
2055#define SSL_R_UNSUPPORTED_CIPHER 256
2056#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2057#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2058#define SSL_R_UNSUPPORTED_PROTOCOL 258
2059#define SSL_R_UNSUPPORTED_SSL_VERSION 259
2060#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
2061#define SSL_R_WRITE_BIO_NOT_SET 260
2062#define SSL_R_WRONG_CIPHER_RETURNED 261
2063#define SSL_R_WRONG_MESSAGE_TYPE 262
2064#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2065#define SSL_R_WRONG_SIGNATURE_LENGTH 264
2066#define SSL_R_WRONG_SIGNATURE_SIZE 265
2067#define SSL_R_WRONG_SSL_VERSION 266
2068#define SSL_R_WRONG_VERSION_NUMBER 267
2069#define SSL_R_X509_LIB 268
2070#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
2071
2072#ifdef __cplusplus
2073}
2074#endif
2075#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index 99a52ea0dd..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,268 +0,0 @@
1/* ssl/ssl2.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#ifdef OPENSSL_SYS_MPE
137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
138#else
139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
140#endif
141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
142
143#define SSL2_CHALLENGE_LENGTH 16
144/*#define SSL2_CHALLENGE_LENGTH 32 */
145#define SSL2_MIN_CHALLENGE_LENGTH 16
146#define SSL2_MAX_CHALLENGE_LENGTH 32
147#define SSL2_CONNECTION_ID_LENGTH 16
148#define SSL2_MAX_CONNECTION_ID_LENGTH 16
149#define SSL2_SSL_SESSION_ID_LENGTH 16
150#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
151#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
152#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
153
154#ifndef HEADER_SSL_LOCL_H
155#define CERT char
156#endif
157
158typedef struct ssl2_state_st
159 {
160 int three_byte_header;
161 int clear_text; /* clear text */
162 int escape; /* not used in SSLv2 */
163 int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
164
165 /* non-blocking io info, used to make sure the same
166 * args were passwd */
167 unsigned int wnum; /* number of bytes sent so far */
168 int wpend_tot;
169 const unsigned char *wpend_buf;
170
171 int wpend_off; /* offset to data to write */
172 int wpend_len; /* number of bytes passwd to write */
173 int wpend_ret; /* number of bytes to return to caller */
174
175 /* buffer raw data */
176 int rbuf_left;
177 int rbuf_offs;
178 unsigned char *rbuf;
179 unsigned char *wbuf;
180
181 unsigned char *write_ptr;/* used to point to the start due to
182 * 2/3 byte header. */
183
184 unsigned int padding;
185 unsigned int rlength; /* passed to ssl2_enc */
186 int ract_data_length; /* Set when things are encrypted. */
187 unsigned int wlength; /* passed to ssl2_enc */
188 int wact_data_length; /* Set when things are decrypted. */
189 unsigned char *ract_data;
190 unsigned char *wact_data;
191 unsigned char *mac_data;
192
193 unsigned char *read_key;
194 unsigned char *write_key;
195
196 /* Stuff specifically to do with this SSL session */
197 unsigned int challenge_length;
198 unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
199 unsigned int conn_id_length;
200 unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
201 unsigned int key_material_length;
202 unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
203
204 unsigned long read_sequence;
205 unsigned long write_sequence;
206
207 struct {
208 unsigned int conn_id_length;
209 unsigned int cert_type;
210 unsigned int cert_length;
211 unsigned int csl;
212 unsigned int clear;
213 unsigned int enc;
214 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
215 unsigned int cipher_spec_length;
216 unsigned int session_id_length;
217 unsigned int clen;
218 unsigned int rlen;
219 } tmp;
220 } SSL2_STATE;
221
222/* SSLv2 */
223/* client */
224#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
225#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
226#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
227#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
228#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
229#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
230#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
231#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
232#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
233#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
234#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
235#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
236#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
237#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
238#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
239#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
240#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
241#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
242/* server */
243#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
244#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
245#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
246#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
247#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
248#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
249#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
250#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
251#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
252#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
253#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
254#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
255#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
256#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
257#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
258#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
259#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
260#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
261#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
262#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
263
264#ifdef __cplusplus
265}
266#endif
267#endif
268
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
1/* ssl/ssl23.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
83
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index a1a19cbfcb..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,566 +0,0 @@
1/* ssl/ssl3.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H
119
120#ifndef OPENSSL_NO_COMP
121#include <openssl/comp.h>
122#endif
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125#include <openssl/ssl.h>
126#include <openssl/pq_compat.h>
127
128#ifdef __cplusplus
129extern "C" {
130#endif
131
132#define SSL3_CK_RSA_NULL_MD5 0x03000001
133#define SSL3_CK_RSA_NULL_SHA 0x03000002
134#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
135#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
136#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
137#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
138#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
139#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
140#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
141#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
142
143#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
144#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
145#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
146#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
147#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
148#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
149
150#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
151#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
152#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
153#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
154#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
155#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
156
157#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
158#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
159#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
160#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
161#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
162
163#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
164#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
165#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
166 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
167 of the ietf-tls list */
168#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
169#endif
170
171/* VRS Additional Kerberos5 entries
172 */
173#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
174#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
175#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
176#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
177#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
178#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
179#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
180#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
181
182#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
183#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
184#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
185#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
186#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
187#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
188
189#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
190#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
191#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
192#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
193#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
194#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
195#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
196#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
197#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
198#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
199
200#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
201#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
202#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
203#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
204#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
205#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
206
207#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
208#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
209#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
210#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
211#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
212#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
213
214#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
215#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
216#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
217#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
218#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
219
220#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
221#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
222#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
223
224#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
225#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
226#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
227#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
228#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
229#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
230#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
231#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
232
233#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
234#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
235#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
236#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
237#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
238#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
239
240#define SSL3_SSL_SESSION_ID_LENGTH 32
241#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
242
243#define SSL3_MASTER_SECRET_SIZE 48
244#define SSL3_RANDOM_SIZE 32
245#define SSL3_SESSION_ID_SIZE 32
246#define SSL3_RT_HEADER_LENGTH 5
247
248/* Due to MS stuffing up, this can change.... */
249#if defined(OPENSSL_SYS_WIN16) || \
250 (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
251#define SSL3_RT_MAX_EXTRA (14000)
252#else
253#define SSL3_RT_MAX_EXTRA (16384)
254#endif
255
256#define SSL3_RT_MAX_PLAIN_LENGTH 16384
257#ifdef OPENSSL_NO_COMP
258#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
259#else
260#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
261#endif
262#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
263#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
264#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
265
266#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
267#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
268
269#define SSL3_VERSION 0x0300
270#define SSL3_VERSION_MAJOR 0x03
271#define SSL3_VERSION_MINOR 0x00
272
273#define SSL3_RT_CHANGE_CIPHER_SPEC 20
274#define SSL3_RT_ALERT 21
275#define SSL3_RT_HANDSHAKE 22
276#define SSL3_RT_APPLICATION_DATA 23
277
278#define SSL3_AL_WARNING 1
279#define SSL3_AL_FATAL 2
280
281#define SSL3_AD_CLOSE_NOTIFY 0
282#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
283#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
284#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
285#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
286#define SSL3_AD_NO_CERTIFICATE 41
287#define SSL3_AD_BAD_CERTIFICATE 42
288#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
289#define SSL3_AD_CERTIFICATE_REVOKED 44
290#define SSL3_AD_CERTIFICATE_EXPIRED 45
291#define SSL3_AD_CERTIFICATE_UNKNOWN 46
292#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
293
294typedef struct ssl3_record_st
295 {
296/*r */ int type; /* type of record */
297/*rw*/ unsigned int length; /* How many bytes available */
298/*r */ unsigned int off; /* read/write offset into 'buf' */
299/*rw*/ unsigned char *data; /* pointer to the record data */
300/*rw*/ unsigned char *input; /* where the decode bytes are */
301/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
302/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
303/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */
304 } SSL3_RECORD;
305
306typedef struct ssl3_buffer_st
307 {
308 unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
309 * see ssl3_setup_buffers() */
310 size_t len; /* buffer size */
311 int offset; /* where to 'copy from' */
312 int left; /* how many bytes left */
313 } SSL3_BUFFER;
314
315#define SSL3_CT_RSA_SIGN 1
316#define SSL3_CT_DSS_SIGN 2
317#define SSL3_CT_RSA_FIXED_DH 3
318#define SSL3_CT_DSS_FIXED_DH 4
319#define SSL3_CT_RSA_EPHEMERAL_DH 5
320#define SSL3_CT_DSS_EPHEMERAL_DH 6
321#define SSL3_CT_FORTEZZA_DMS 20
322/* SSL3_CT_NUMBER is used to size arrays and it must be large
323 * enough to contain all of the cert types defined either for
324 * SSLv3 and TLSv1.
325 */
326#define SSL3_CT_NUMBER 7
327
328
329#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
330#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
331#define SSL3_FLAGS_POP_BUFFER 0x0004
332#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
333#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
334
335typedef struct ssl3_state_st
336 {
337 long flags;
338 int delay_buf_pop_ret;
339
340 unsigned char read_sequence[8];
341 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
342 unsigned char write_sequence[8];
343 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
344
345 unsigned char server_random[SSL3_RANDOM_SIZE];
346 unsigned char client_random[SSL3_RANDOM_SIZE];
347
348 /* flags for countermeasure against known-IV weakness */
349 int need_empty_fragments;
350 int empty_fragment_done;
351
352 SSL3_BUFFER rbuf; /* read IO goes into here */
353 SSL3_BUFFER wbuf; /* write IO goes into here */
354
355 SSL3_RECORD rrec; /* each decoded record goes in here */
356 SSL3_RECORD wrec; /* goes out from here */
357
358 /* storage for Alert/Handshake protocol data received but not
359 * yet processed by ssl3_read_bytes: */
360 unsigned char alert_fragment[2];
361 unsigned int alert_fragment_len;
362 unsigned char handshake_fragment[4];
363 unsigned int handshake_fragment_len;
364
365 /* partial write - check the numbers match */
366 unsigned int wnum; /* number of bytes sent so far */
367 int wpend_tot; /* number bytes written */
368 int wpend_type;
369 int wpend_ret; /* number of bytes submitted */
370 const unsigned char *wpend_buf;
371
372 /* used during startup, digest all incoming/outgoing packets */
373 EVP_MD_CTX finish_dgst1;
374 EVP_MD_CTX finish_dgst2;
375
376 /* this is set whenerver we see a change_cipher_spec message
377 * come in when we are not looking for one */
378 int change_cipher_spec;
379
380 int warn_alert;
381 int fatal_alert;
382 /* we allow one fatal and one warning alert to be outstanding,
383 * send close alert via the warning alert */
384 int alert_dispatch;
385 unsigned char send_alert[2];
386
387 /* This flag is set when we should renegotiate ASAP, basically when
388 * there is no more data in the read or write buffers */
389 int renegotiate;
390 int total_renegotiations;
391 int num_renegotiations;
392
393 int in_read_app_data;
394
395 struct {
396 /* actually only needs to be 16+20 */
397 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
398
399 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
400 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
401 int finish_md_len;
402 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
403 int peer_finish_md_len;
404
405 unsigned long message_size;
406 int message_type;
407
408 /* used to hold the new cipher we are going to use */
409 SSL_CIPHER *new_cipher;
410#ifndef OPENSSL_NO_DH
411 DH *dh;
412#endif
413
414#ifndef OPENSSL_NO_ECDH
415 EC_KEY *ecdh; /* holds short lived ECDH key */
416#endif
417
418 /* used when SSL_ST_FLUSH_DATA is entered */
419 int next_state;
420
421 int reuse_message;
422
423 /* used for certificate requests */
424 int cert_req;
425 int ctype_num;
426 char ctype[SSL3_CT_NUMBER];
427 STACK_OF(X509_NAME) *ca_names;
428
429 int use_rsa_tmp;
430
431 int key_block_length;
432 unsigned char *key_block;
433
434 const EVP_CIPHER *new_sym_enc;
435 const EVP_MD *new_hash;
436#ifndef OPENSSL_NO_COMP
437 const SSL_COMP *new_compression;
438#else
439 char *new_compression;
440#endif
441 int cert_request;
442 } tmp;
443
444 } SSL3_STATE;
445
446
447/* SSLv3 */
448/*client */
449/* extra state */
450#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
451/* write to server */
452#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
453#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
454/* read from server */
455#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
456#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
457#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
458#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
459#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
460#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
461#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
462#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
463#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
464#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
465#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
466#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
467/* write to server */
468#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
469#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
470#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
471#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
472#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
473#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
474#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
475#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
476#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
477#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
478#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
479#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
480/* read from server */
481#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
482#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
483#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
484#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
485#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
486#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
487#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
488#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
489
490/* server */
491/* extra state */
492#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
493/* read from client */
494/* Do not change the number values, they do matter */
495#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
496#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
497#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
498/* write to client */
499#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
500#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
501#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
502#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
503#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
504#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
505#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
506#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
507#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
508#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
509#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
510#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
511#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
512#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
513#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
514/* read from client */
515#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
516#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
517#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
518#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
519#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
520#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
521#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
522#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
523#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
524#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
525/* write to client */
526#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
527#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
528#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
529#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
530#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
531#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
532#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
533#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
534
535#define SSL3_MT_HELLO_REQUEST 0
536#define SSL3_MT_CLIENT_HELLO 1
537#define SSL3_MT_SERVER_HELLO 2
538#define SSL3_MT_NEWSESSION_TICKET 4
539#define SSL3_MT_CERTIFICATE 11
540#define SSL3_MT_SERVER_KEY_EXCHANGE 12
541#define SSL3_MT_CERTIFICATE_REQUEST 13
542#define SSL3_MT_SERVER_DONE 14
543#define SSL3_MT_CERTIFICATE_VERIFY 15
544#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
545#define SSL3_MT_FINISHED 20
546#define SSL3_MT_CERTIFICATE_STATUS 22
547#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
548
549
550#define SSL3_MT_CCS 1
551
552/* These are used when changing over to a new cipher */
553#define SSL3_CC_READ 0x01
554#define SSL3_CC_WRITE 0x02
555#define SSL3_CC_CLIENT 0x10
556#define SSL3_CC_SERVER 0x20
557#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
558#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
559#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
560#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
561
562#ifdef __cplusplus
563}
564#endif
565#endif
566
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index 4717c0e6e1..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,132 +0,0 @@
1/* ssl/ssl_algs.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/lhash.h>
62#include "ssl_locl.h"
63
64int SSL_library_init(void)
65 {
66
67#ifndef OPENSSL_NO_DES
68 EVP_add_cipher(EVP_des_cbc());
69 EVP_add_cipher(EVP_des_ede3_cbc());
70#endif
71#ifndef OPENSSL_NO_IDEA
72 EVP_add_cipher(EVP_idea_cbc());
73#endif
74#ifndef OPENSSL_NO_RC4
75 EVP_add_cipher(EVP_rc4());
76#endif
77#ifndef OPENSSL_NO_RC2
78 EVP_add_cipher(EVP_rc2_cbc());
79#endif
80#ifndef OPENSSL_NO_AES
81 EVP_add_cipher(EVP_aes_128_cbc());
82 EVP_add_cipher(EVP_aes_192_cbc());
83 EVP_add_cipher(EVP_aes_256_cbc());
84#endif
85
86#ifndef OPENSSL_NO_CAMELLIA
87 EVP_add_cipher(EVP_camellia_128_cbc());
88 EVP_add_cipher(EVP_camellia_256_cbc());
89#endif
90
91#ifndef OPENSSL_NO_SEED
92 EVP_add_cipher(EVP_seed_cbc());
93#endif
94
95#ifndef OPENSSL_NO_MD2
96 EVP_add_digest(EVP_md2());
97#endif
98#ifndef OPENSSL_NO_MD5
99 EVP_add_digest(EVP_md5());
100 EVP_add_digest_alias(SN_md5,"ssl2-md5");
101 EVP_add_digest_alias(SN_md5,"ssl3-md5");
102#endif
103#ifndef OPENSSL_NO_SHA
104 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
105 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
106 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
107#endif
108#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
109 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
110 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
111 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
112 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
113#endif
114#ifndef OPENSSL_NO_ECDSA
115 EVP_add_digest(EVP_ecdsa());
116#endif
117 /* If you want support for phased out ciphers, add the following */
118#if 0
119 EVP_add_digest(EVP_sha());
120 EVP_add_digest(EVP_dss());
121#endif
122#ifndef OPENSSL_NO_COMP
123 /* This will initialise the built-in compression algorithms.
124 The value returned is a STACK_OF(SSL_COMP), but that can
125 be discarded safely */
126 (void)SSL_COMP_get_compression_methods();
127#endif
128 /* initialize cipher/digest methods table */
129 ssl_load_ciphers();
130 return(1);
131 }
132
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index 0f9a3489dd..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,500 +0,0 @@
1/* ssl/ssl_asn1.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include "ssl_locl.h"
62#include <openssl/asn1_mac.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65
66typedef struct ssl_session_asn1_st
67 {
68 ASN1_INTEGER version;
69 ASN1_INTEGER ssl_version;
70 ASN1_OCTET_STRING cipher;
71 ASN1_OCTET_STRING master_key;
72 ASN1_OCTET_STRING session_id;
73 ASN1_OCTET_STRING session_id_context;
74 ASN1_OCTET_STRING key_arg;
75#ifndef OPENSSL_NO_KRB5
76 ASN1_OCTET_STRING krb5_princ;
77#endif /* OPENSSL_NO_KRB5 */
78 ASN1_INTEGER time;
79 ASN1_INTEGER timeout;
80 ASN1_INTEGER verify_result;
81#ifndef OPENSSL_NO_TLSEXT
82 ASN1_OCTET_STRING tlsext_hostname;
83 ASN1_INTEGER tlsext_tick_lifetime;
84 ASN1_OCTET_STRING tlsext_tick;
85#endif /* OPENSSL_NO_TLSEXT */
86 } SSL_SESSION_ASN1;
87
88int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
89 {
90#define LSIZE2 (sizeof(long)*2)
91 int v1=0,v2=0,v3=0,v4=0,v5=0;
92 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
93 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
94#ifndef OPENSSL_NO_TLSEXT
95 int v6=0,v9=0,v10=0;
96 unsigned char ibuf6[LSIZE2];
97#endif
98 long l;
99 SSL_SESSION_ASN1 a;
100 M_ASN1_I2D_vars(in);
101
102 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
103 return(0);
104
105 /* Note that I cheat in the following 2 assignments. I know
106 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
107 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
108 * This is a bit evil but makes things simple, no dynamic allocation
109 * to clean up :-) */
110 a.version.length=LSIZE2;
111 a.version.type=V_ASN1_INTEGER;
112 a.version.data=ibuf1;
113 ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
114
115 a.ssl_version.length=LSIZE2;
116 a.ssl_version.type=V_ASN1_INTEGER;
117 a.ssl_version.data=ibuf2;
118 ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
119
120 a.cipher.type=V_ASN1_OCTET_STRING;
121 a.cipher.data=buf;
122
123 if (in->cipher == NULL)
124 l=in->cipher_id;
125 else
126 l=in->cipher->id;
127 if (in->ssl_version == SSL2_VERSION)
128 {
129 a.cipher.length=3;
130 buf[0]=((unsigned char)(l>>16L))&0xff;
131 buf[1]=((unsigned char)(l>> 8L))&0xff;
132 buf[2]=((unsigned char)(l ))&0xff;
133 }
134 else
135 {
136 a.cipher.length=2;
137 buf[0]=((unsigned char)(l>>8L))&0xff;
138 buf[1]=((unsigned char)(l ))&0xff;
139 }
140
141 a.master_key.length=in->master_key_length;
142 a.master_key.type=V_ASN1_OCTET_STRING;
143 a.master_key.data=in->master_key;
144
145 a.session_id.length=in->session_id_length;
146 a.session_id.type=V_ASN1_OCTET_STRING;
147 a.session_id.data=in->session_id;
148
149 a.session_id_context.length=in->sid_ctx_length;
150 a.session_id_context.type=V_ASN1_OCTET_STRING;
151 a.session_id_context.data=in->sid_ctx;
152
153 a.key_arg.length=in->key_arg_length;
154 a.key_arg.type=V_ASN1_OCTET_STRING;
155 a.key_arg.data=in->key_arg;
156
157#ifndef OPENSSL_NO_KRB5
158 if (in->krb5_client_princ_len)
159 {
160 a.krb5_princ.length=in->krb5_client_princ_len;
161 a.krb5_princ.type=V_ASN1_OCTET_STRING;
162 a.krb5_princ.data=in->krb5_client_princ;
163 }
164#endif /* OPENSSL_NO_KRB5 */
165
166 if (in->time != 0L)
167 {
168 a.time.length=LSIZE2;
169 a.time.type=V_ASN1_INTEGER;
170 a.time.data=ibuf3;
171 ASN1_INTEGER_set(&(a.time),in->time);
172 }
173
174 if (in->timeout != 0L)
175 {
176 a.timeout.length=LSIZE2;
177 a.timeout.type=V_ASN1_INTEGER;
178 a.timeout.data=ibuf4;
179 ASN1_INTEGER_set(&(a.timeout),in->timeout);
180 }
181
182 if (in->verify_result != X509_V_OK)
183 {
184 a.verify_result.length=LSIZE2;
185 a.verify_result.type=V_ASN1_INTEGER;
186 a.verify_result.data=ibuf5;
187 ASN1_INTEGER_set(&a.verify_result,in->verify_result);
188 }
189
190#ifndef OPENSSL_NO_TLSEXT
191 if (in->tlsext_hostname)
192 {
193 a.tlsext_hostname.length=strlen(in->tlsext_hostname);
194 a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
195 a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
196 }
197 if (in->tlsext_tick)
198 {
199 a.tlsext_tick.length= in->tlsext_ticklen;
200 a.tlsext_tick.type=V_ASN1_OCTET_STRING;
201 a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
202 /* If we have a ticket set session ID to empty because
203 * it will be bogus. If liftime hint is -1 treat as a special
204 * case because the session is being used as a container
205 */
206 if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))
207 a.session_id.length=0;
208 }
209 if (in->tlsext_tick_lifetime_hint > 0)
210 {
211 a.tlsext_tick_lifetime.length=LSIZE2;
212 a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
213 a.tlsext_tick_lifetime.data=ibuf6;
214 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
215 }
216#endif /* OPENSSL_NO_TLSEXT */
217 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
218 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
219 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
220 M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
221 M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
222#ifndef OPENSSL_NO_KRB5
223 if (in->krb5_client_princ_len)
224 M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
225#endif /* OPENSSL_NO_KRB5 */
226 if (in->key_arg_length > 0)
227 M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
228 if (in->time != 0L)
229 M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
230 if (in->timeout != 0L)
231 M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
232 if (in->peer != NULL)
233 M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
234 M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
235 if (in->verify_result != X509_V_OK)
236 M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
237
238#ifndef OPENSSL_NO_TLSEXT
239 if (in->tlsext_tick_lifetime_hint > 0)
240 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
241 if (in->tlsext_tick)
242 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
243 if (in->tlsext_hostname)
244 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
245#endif /* OPENSSL_NO_TLSEXT */
246 M_ASN1_I2D_seq_total();
247
248 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
249 M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
250 M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
251 M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
252 M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
253#ifndef OPENSSL_NO_KRB5
254 if (in->krb5_client_princ_len)
255 M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
256#endif /* OPENSSL_NO_KRB5 */
257 if (in->key_arg_length > 0)
258 M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
259 if (in->time != 0L)
260 M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
261 if (in->timeout != 0L)
262 M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
263 if (in->peer != NULL)
264 M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
265 M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
266 v4);
267 if (in->verify_result != X509_V_OK)
268 M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
269#ifndef OPENSSL_NO_TLSEXT
270 if (in->tlsext_hostname)
271 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
272 if (in->tlsext_tick_lifetime_hint > 0)
273 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
274 if (in->tlsext_tick)
275 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
276#endif /* OPENSSL_NO_TLSEXT */
277 M_ASN1_I2D_finish();
278 }
279
280SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
281 long length)
282 {
283 int version,ssl_version=0,i;
284 long id;
285 ASN1_INTEGER ai,*aip;
286 ASN1_OCTET_STRING os,*osp;
287 M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
288
289 aip= &ai;
290 osp= &os;
291
292 M_ASN1_D2I_Init();
293 M_ASN1_D2I_start_sequence();
294
295 ai.data=NULL; ai.length=0;
296 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
297 version=(int)ASN1_INTEGER_get(aip);
298 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
299
300 /* we don't care about the version right now :-) */
301 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
302 ssl_version=(int)ASN1_INTEGER_get(aip);
303 ret->ssl_version=ssl_version;
304 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
305
306 os.data=NULL; os.length=0;
307 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
308 if (ssl_version == SSL2_VERSION)
309 {
310 if (os.length != 3)
311 {
312 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
313 goto err;
314 }
315 id=0x02000000L|
316 ((unsigned long)os.data[0]<<16L)|
317 ((unsigned long)os.data[1]<< 8L)|
318 (unsigned long)os.data[2];
319 }
320 else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
321 {
322 if (os.length != 2)
323 {
324 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
325 goto err;
326 }
327 id=0x03000000L|
328 ((unsigned long)os.data[0]<<8L)|
329 (unsigned long)os.data[1];
330 }
331 else
332 {
333 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
334 return(NULL);
335 }
336
337 ret->cipher=NULL;
338 ret->cipher_id=id;
339
340 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
341 if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
342 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
343 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
344 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
345
346 if (os.length > i)
347 os.length = i;
348 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
349 os.length = sizeof(ret->session_id);
350
351 ret->session_id_length=os.length;
352 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
353 memcpy(ret->session_id,os.data,os.length);
354
355 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
356 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
357 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
358 else
359 ret->master_key_length=os.length;
360 memcpy(ret->master_key,os.data,ret->master_key_length);
361
362 os.length=0;
363
364#ifndef OPENSSL_NO_KRB5
365 os.length=0;
366 M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
367 if (os.data)
368 {
369 if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
370 ret->krb5_client_princ_len=0;
371 else
372 ret->krb5_client_princ_len=os.length;
373 memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
374 OPENSSL_free(os.data);
375 os.data = NULL;
376 os.length = 0;
377 }
378 else
379 ret->krb5_client_princ_len=0;
380#endif /* OPENSSL_NO_KRB5 */
381
382 M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
383 if (os.length > SSL_MAX_KEY_ARG_LENGTH)
384 ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
385 else
386 ret->key_arg_length=os.length;
387 memcpy(ret->key_arg,os.data,ret->key_arg_length);
388 if (os.data != NULL) OPENSSL_free(os.data);
389
390 ai.length=0;
391 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
392 if (ai.data != NULL)
393 {
394 ret->time=ASN1_INTEGER_get(aip);
395 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
396 }
397 else
398 ret->time=(unsigned long)time(NULL);
399
400 ai.length=0;
401 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
402 if (ai.data != NULL)
403 {
404 ret->timeout=ASN1_INTEGER_get(aip);
405 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
406 }
407 else
408 ret->timeout=3;
409
410 if (ret->peer != NULL)
411 {
412 X509_free(ret->peer);
413 ret->peer=NULL;
414 }
415 M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
416
417 os.length=0;
418 os.data=NULL;
419 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
420
421 if(os.data != NULL)
422 {
423 if (os.length > SSL_MAX_SID_CTX_LENGTH)
424 {
425 ret->sid_ctx_length=os.length;
426 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
427 }
428 else
429 {
430 ret->sid_ctx_length=os.length;
431 memcpy(ret->sid_ctx,os.data,os.length);
432 }
433 OPENSSL_free(os.data); os.data=NULL; os.length=0;
434 }
435 else
436 ret->sid_ctx_length=0;
437
438 ai.length=0;
439 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
440 if (ai.data != NULL)
441 {
442 ret->verify_result=ASN1_INTEGER_get(aip);
443 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
444 }
445 else
446 ret->verify_result=X509_V_OK;
447
448#ifndef OPENSSL_NO_TLSEXT
449 os.length=0;
450 os.data=NULL;
451 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
452 if (os.data)
453 {
454 ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
455 OPENSSL_free(os.data);
456 os.data = NULL;
457 os.length = 0;
458 }
459 else
460 ret->tlsext_hostname=NULL;
461 ai.length=0;
462 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
463 if (ai.data != NULL)
464 {
465 ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
466 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
467 }
468 else if (ret->tlsext_ticklen && ret->session_id_length)
469 ret->tlsext_tick_lifetime_hint = -1;
470 else
471 ret->tlsext_tick_lifetime_hint = 0;
472 os.length=0;
473 os.data=NULL;
474 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
475 if (os.data)
476 {
477 ret->tlsext_tick = os.data;
478 ret->tlsext_ticklen = os.length;
479 os.data = NULL;
480 os.length = 0;
481#if 0
482 /* There are two ways to detect a resumed ticket sesion.
483 * One is to set a random session ID and then the server
484 * must return a match in ServerHello. This allows the normal
485 * client session ID matching to work.
486 */
487 if (ret->session_id_length == 0)
488 {
489 ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH;
490 RAND_pseudo_bytes(ret->session_id,
491 ret->session_id_length);
492 }
493#endif
494 }
495 else
496 ret->tlsext_tick=NULL;
497#endif /* OPENSSL_NO_TLSEXT */
498
499 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
500 }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index a32b2d4446..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,829 +0,0 @@
1/*! \file ssl/ssl_cert.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <stdio.h>
118
119#include "e_os.h"
120#ifndef NO_SYS_TYPES_H
121# include <sys/types.h>
122#endif
123
124#include "o_dir.h"
125#include <openssl/objects.h>
126#include <openssl/bio.h>
127#include <openssl/pem.h>
128#include <openssl/x509v3.h>
129#ifndef OPENSSL_NO_DH
130#include <openssl/dh.h>
131#endif
132#include <openssl/bn.h>
133#include "ssl_locl.h"
134
135int SSL_get_ex_data_X509_STORE_CTX_idx(void)
136 {
137 static volatile int ssl_x509_store_ctx_idx= -1;
138 int got_write_lock = 0;
139
140 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
141
142 if (ssl_x509_store_ctx_idx < 0)
143 {
144 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
145 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
146 got_write_lock = 1;
147
148 if (ssl_x509_store_ctx_idx < 0)
149 {
150 ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
151 0,"SSL for verify callback",NULL,NULL,NULL);
152 }
153 }
154
155 if (got_write_lock)
156 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
157 else
158 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
159
160 return ssl_x509_store_ctx_idx;
161 }
162
163CERT *ssl_cert_new(void)
164 {
165 CERT *ret;
166
167 ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
168 if (ret == NULL)
169 {
170 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
171 return(NULL);
172 }
173 memset(ret,0,sizeof(CERT));
174
175 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
176 ret->references=1;
177
178 return(ret);
179 }
180
181CERT *ssl_cert_dup(CERT *cert)
182 {
183 CERT *ret;
184 int i;
185
186 ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
187 if (ret == NULL)
188 {
189 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
190 return(NULL);
191 }
192
193 memset(ret, 0, sizeof(CERT));
194
195 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
196 /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
197 * if you find that more readable */
198
199 ret->valid = cert->valid;
200 ret->mask = cert->mask;
201 ret->export_mask = cert->export_mask;
202
203#ifndef OPENSSL_NO_RSA
204 if (cert->rsa_tmp != NULL)
205 {
206 RSA_up_ref(cert->rsa_tmp);
207 ret->rsa_tmp = cert->rsa_tmp;
208 }
209 ret->rsa_tmp_cb = cert->rsa_tmp_cb;
210#endif
211
212#ifndef OPENSSL_NO_DH
213 if (cert->dh_tmp != NULL)
214 {
215 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
216 if (ret->dh_tmp == NULL)
217 {
218 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
219 goto err;
220 }
221 if (cert->dh_tmp->priv_key)
222 {
223 BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
224 if (!b)
225 {
226 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
227 goto err;
228 }
229 ret->dh_tmp->priv_key = b;
230 }
231 if (cert->dh_tmp->pub_key)
232 {
233 BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
234 if (!b)
235 {
236 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
237 goto err;
238 }
239 ret->dh_tmp->pub_key = b;
240 }
241 }
242 ret->dh_tmp_cb = cert->dh_tmp_cb;
243#endif
244
245#ifndef OPENSSL_NO_ECDH
246 if (cert->ecdh_tmp)
247 {
248 ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
249 if (ret->ecdh_tmp == NULL)
250 {
251 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
252 goto err;
253 }
254 }
255 ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
256#endif
257
258 for (i = 0; i < SSL_PKEY_NUM; i++)
259 {
260 if (cert->pkeys[i].x509 != NULL)
261 {
262 ret->pkeys[i].x509 = cert->pkeys[i].x509;
263 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
264 CRYPTO_LOCK_X509);
265 }
266
267 if (cert->pkeys[i].privatekey != NULL)
268 {
269 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
270 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
271 CRYPTO_LOCK_EVP_PKEY);
272
273 switch(i)
274 {
275 /* If there was anything special to do for
276 * certain types of keys, we'd do it here.
277 * (Nothing at the moment, I think.) */
278
279 case SSL_PKEY_RSA_ENC:
280 case SSL_PKEY_RSA_SIGN:
281 /* We have an RSA key. */
282 break;
283
284 case SSL_PKEY_DSA_SIGN:
285 /* We have a DSA key. */
286 break;
287
288 case SSL_PKEY_DH_RSA:
289 case SSL_PKEY_DH_DSA:
290 /* We have a DH key. */
291 break;
292
293 case SSL_PKEY_ECC:
294 /* We have an ECC key */
295 break;
296
297 default:
298 /* Can't happen. */
299 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
300 }
301 }
302 }
303
304 /* ret->extra_certs *should* exist, but currently the own certificate
305 * chain is held inside SSL_CTX */
306
307 ret->references=1;
308
309 return(ret);
310
311#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
312err:
313#endif
314#ifndef OPENSSL_NO_RSA
315 if (ret->rsa_tmp != NULL)
316 RSA_free(ret->rsa_tmp);
317#endif
318#ifndef OPENSSL_NO_DH
319 if (ret->dh_tmp != NULL)
320 DH_free(ret->dh_tmp);
321#endif
322#ifndef OPENSSL_NO_ECDH
323 if (ret->ecdh_tmp != NULL)
324 EC_KEY_free(ret->ecdh_tmp);
325#endif
326
327 for (i = 0; i < SSL_PKEY_NUM; i++)
328 {
329 if (ret->pkeys[i].x509 != NULL)
330 X509_free(ret->pkeys[i].x509);
331 if (ret->pkeys[i].privatekey != NULL)
332 EVP_PKEY_free(ret->pkeys[i].privatekey);
333 }
334
335 return NULL;
336 }
337
338
339void ssl_cert_free(CERT *c)
340 {
341 int i;
342
343 if(c == NULL)
344 return;
345
346 i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
347#ifdef REF_PRINT
348 REF_PRINT("CERT",c);
349#endif
350 if (i > 0) return;
351#ifdef REF_CHECK
352 if (i < 0)
353 {
354 fprintf(stderr,"ssl_cert_free, bad reference count\n");
355 abort(); /* ok */
356 }
357#endif
358
359#ifndef OPENSSL_NO_RSA
360 if (c->rsa_tmp) RSA_free(c->rsa_tmp);
361#endif
362#ifndef OPENSSL_NO_DH
363 if (c->dh_tmp) DH_free(c->dh_tmp);
364#endif
365#ifndef OPENSSL_NO_ECDH
366 if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
367#endif
368
369 for (i=0; i<SSL_PKEY_NUM; i++)
370 {
371 if (c->pkeys[i].x509 != NULL)
372 X509_free(c->pkeys[i].x509);
373 if (c->pkeys[i].privatekey != NULL)
374 EVP_PKEY_free(c->pkeys[i].privatekey);
375#if 0
376 if (c->pkeys[i].publickey != NULL)
377 EVP_PKEY_free(c->pkeys[i].publickey);
378#endif
379 }
380 OPENSSL_free(c);
381 }
382
383int ssl_cert_inst(CERT **o)
384 {
385 /* Create a CERT if there isn't already one
386 * (which cannot really happen, as it is initially created in
387 * SSL_CTX_new; but the earlier code usually allows for that one
388 * being non-existant, so we follow that behaviour, as it might
389 * turn out that there actually is a reason for it -- but I'm
390 * not sure that *all* of the existing code could cope with
391 * s->cert being NULL, otherwise we could do without the
392 * initialization in SSL_CTX_new).
393 */
394
395 if (o == NULL)
396 {
397 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
398 return(0);
399 }
400 if (*o == NULL)
401 {
402 if ((*o = ssl_cert_new()) == NULL)
403 {
404 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
405 return(0);
406 }
407 }
408 return(1);
409 }
410
411
412SESS_CERT *ssl_sess_cert_new(void)
413 {
414 SESS_CERT *ret;
415
416 ret = OPENSSL_malloc(sizeof *ret);
417 if (ret == NULL)
418 {
419 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
420 return NULL;
421 }
422
423 memset(ret, 0 ,sizeof *ret);
424 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
425 ret->references = 1;
426
427 return ret;
428 }
429
430void ssl_sess_cert_free(SESS_CERT *sc)
431 {
432 int i;
433
434 if (sc == NULL)
435 return;
436
437 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
438#ifdef REF_PRINT
439 REF_PRINT("SESS_CERT", sc);
440#endif
441 if (i > 0)
442 return;
443#ifdef REF_CHECK
444 if (i < 0)
445 {
446 fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
447 abort(); /* ok */
448 }
449#endif
450
451 /* i == 0 */
452 if (sc->cert_chain != NULL)
453 sk_X509_pop_free(sc->cert_chain, X509_free);
454 for (i = 0; i < SSL_PKEY_NUM; i++)
455 {
456 if (sc->peer_pkeys[i].x509 != NULL)
457 X509_free(sc->peer_pkeys[i].x509);
458#if 0 /* We don't have the peer's private key. These lines are just
459 * here as a reminder that we're still using a not-quite-appropriate
460 * data structure. */
461 if (sc->peer_pkeys[i].privatekey != NULL)
462 EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
463#endif
464 }
465
466#ifndef OPENSSL_NO_RSA
467 if (sc->peer_rsa_tmp != NULL)
468 RSA_free(sc->peer_rsa_tmp);
469#endif
470#ifndef OPENSSL_NO_DH
471 if (sc->peer_dh_tmp != NULL)
472 DH_free(sc->peer_dh_tmp);
473#endif
474#ifndef OPENSSL_NO_ECDH
475 if (sc->peer_ecdh_tmp != NULL)
476 EC_KEY_free(sc->peer_ecdh_tmp);
477#endif
478
479 OPENSSL_free(sc);
480 }
481
482int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
483 {
484 sc->peer_cert_type = type;
485 return(1);
486 }
487
488int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
489 {
490 X509 *x;
491 int i;
492 X509_STORE_CTX ctx;
493
494 if ((sk == NULL) || (sk_X509_num(sk) == 0))
495 return(0);
496
497 x=sk_X509_value(sk,0);
498 if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
499 {
500 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
501 return(0);
502 }
503 if (s->param)
504 X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
505 s->param);
506#if 0
507 if (SSL_get_verify_depth(s) >= 0)
508 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
509#endif
510 X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
511
512 /* We need to inherit the verify parameters. These can be determined by
513 * the context: if its a server it will verify SSL client certificates
514 * or vice versa.
515 */
516
517 X509_STORE_CTX_set_default(&ctx,
518 s->server ? "ssl_client" : "ssl_server");
519
520 if (s->verify_callback)
521 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
522
523 if (s->ctx->app_verify_callback != NULL)
524#if 1 /* new with OpenSSL 0.9.7 */
525 i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
526#else
527 i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
528#endif
529 else
530 {
531#ifndef OPENSSL_NO_X509_VERIFY
532 i=X509_verify_cert(&ctx);
533#else
534 i=0;
535 ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
536 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
537#endif
538 }
539
540 s->verify_result=ctx.error;
541 X509_STORE_CTX_cleanup(&ctx);
542
543 return(i);
544 }
545
546static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
547 {
548 if (*ca_list != NULL)
549 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
550
551 *ca_list=name_list;
552 }
553
554STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
555 {
556 int i;
557 STACK_OF(X509_NAME) *ret;
558 X509_NAME *name;
559
560 ret=sk_X509_NAME_new_null();
561 for (i=0; i<sk_X509_NAME_num(sk); i++)
562 {
563 name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
564 if ((name == NULL) || !sk_X509_NAME_push(ret,name))
565 {
566 sk_X509_NAME_pop_free(ret,X509_NAME_free);
567 return(NULL);
568 }
569 }
570 return(ret);
571 }
572
573void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
574 {
575 set_client_CA_list(&(s->client_CA),name_list);
576 }
577
578void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
579 {
580 set_client_CA_list(&(ctx->client_CA),name_list);
581 }
582
583STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
584 {
585 return(ctx->client_CA);
586 }
587
588STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
589 {
590 if (s->type == SSL_ST_CONNECT)
591 { /* we are in the client */
592 if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
593 (s->s3 != NULL))
594 return(s->s3->tmp.ca_names);
595 else
596 return(NULL);
597 }
598 else
599 {
600 if (s->client_CA != NULL)
601 return(s->client_CA);
602 else
603 return(s->ctx->client_CA);
604 }
605 }
606
607static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
608 {
609 X509_NAME *name;
610
611 if (x == NULL) return(0);
612 if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
613 return(0);
614
615 if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
616 return(0);
617
618 if (!sk_X509_NAME_push(*sk,name))
619 {
620 X509_NAME_free(name);
621 return(0);
622 }
623 return(1);
624 }
625
626int SSL_add_client_CA(SSL *ssl,X509 *x)
627 {
628 return(add_client_CA(&(ssl->client_CA),x));
629 }
630
631int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
632 {
633 return(add_client_CA(&(ctx->client_CA),x));
634 }
635
636static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
637 {
638 return(X509_NAME_cmp(*a,*b));
639 }
640
641#ifndef OPENSSL_NO_STDIO
642/*!
643 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
644 * it doesn't really have anything to do with clients (except that a common use
645 * for a stack of CAs is to send it to the client). Actually, it doesn't have
646 * much to do with CAs, either, since it will load any old cert.
647 * \param file the file containing one or more certs.
648 * \return a ::STACK containing the certs.
649 */
650STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
651 {
652 BIO *in;
653 X509 *x=NULL;
654 X509_NAME *xn=NULL;
655 STACK_OF(X509_NAME) *ret = NULL,*sk;
656
657 sk=sk_X509_NAME_new(xname_cmp);
658
659 in=BIO_new(BIO_s_file_internal());
660
661 if ((sk == NULL) || (in == NULL))
662 {
663 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
664 goto err;
665 }
666
667 if (!BIO_read_filename(in,file))
668 goto err;
669
670 for (;;)
671 {
672 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
673 break;
674 if (ret == NULL)
675 {
676 ret = sk_X509_NAME_new_null();
677 if (ret == NULL)
678 {
679 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
680 goto err;
681 }
682 }
683 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
684 /* check for duplicates */
685 xn=X509_NAME_dup(xn);
686 if (xn == NULL) goto err;
687 if (sk_X509_NAME_find(sk,xn) >= 0)
688 X509_NAME_free(xn);
689 else
690 {
691 sk_X509_NAME_push(sk,xn);
692 sk_X509_NAME_push(ret,xn);
693 }
694 }
695
696 if (0)
697 {
698err:
699 if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
700 ret=NULL;
701 }
702 if (sk != NULL) sk_X509_NAME_free(sk);
703 if (in != NULL) BIO_free(in);
704 if (x != NULL) X509_free(x);
705 if (ret != NULL)
706 ERR_clear_error();
707 return(ret);
708 }
709#endif
710
711/*!
712 * Add a file of certs to a stack.
713 * \param stack the stack to add to.
714 * \param file the file to add from. All certs in this file that are not
715 * already in the stack will be added.
716 * \return 1 for success, 0 for failure. Note that in the case of failure some
717 * certs may have been added to \c stack.
718 */
719
720int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
721 const char *file)
722 {
723 BIO *in;
724 X509 *x=NULL;
725 X509_NAME *xn=NULL;
726 int ret=1;
727 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
728
729 oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
730
731 in=BIO_new(BIO_s_file_internal());
732
733 if (in == NULL)
734 {
735 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
736 goto err;
737 }
738
739 if (!BIO_read_filename(in,file))
740 goto err;
741
742 for (;;)
743 {
744 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
745 break;
746 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
747 xn=X509_NAME_dup(xn);
748 if (xn == NULL) goto err;
749 if (sk_X509_NAME_find(stack,xn) >= 0)
750 X509_NAME_free(xn);
751 else
752 sk_X509_NAME_push(stack,xn);
753 }
754
755 if (0)
756 {
757err:
758 ret=0;
759 }
760 if(in != NULL)
761 BIO_free(in);
762 if(x != NULL)
763 X509_free(x);
764
765 (void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
766
767 return ret;
768 }
769
770/*!
771 * Add a directory of certs to a stack.
772 * \param stack the stack to append to.
773 * \param dir the directory to append from. All files in this directory will be
774 * examined as potential certs. Any that are acceptable to
775 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
776 * included.
777 * \return 1 for success, 0 for failure. Note that in the case of failure some
778 * certs may have been added to \c stack.
779 */
780
781int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
782 const char *dir)
783 {
784 OPENSSL_DIR_CTX *d = NULL;
785 const char *filename;
786 int ret = 0;
787
788 CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
789
790 /* Note that a side effect is that the CAs will be sorted by name */
791
792 while((filename = OPENSSL_DIR_read(&d, dir)))
793 {
794 char buf[1024];
795 int r;
796
797 if(strlen(dir)+strlen(filename)+2 > sizeof buf)
798 {
799 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
800 goto err;
801 }
802
803#ifdef OPENSSL_SYS_VMS
804 r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
805#else
806 r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
807#endif
808 if (r <= 0 || r >= (int)sizeof(buf))
809 goto err;
810 if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
811 goto err;
812 }
813
814 if (errno)
815 {
816 SYSerr(SYS_F_OPENDIR, get_last_sys_error());
817 ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
818 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
819 goto err;
820 }
821
822 ret = 1;
823
824err:
825 if (d) OPENSSL_DIR_end(&d);
826 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
827 return ret;
828 }
829
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index e9c9a08306..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1387 +0,0 @@
1/* ssl/ssl_ciph.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116#include <stdio.h>
117#include <openssl/objects.h>
118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h>
120#endif
121
122#include "ssl_locl.h"
123
124#define SSL_ENC_DES_IDX 0
125#define SSL_ENC_3DES_IDX 1
126#define SSL_ENC_RC4_IDX 2
127#define SSL_ENC_RC2_IDX 3
128#define SSL_ENC_IDEA_IDX 4
129#define SSL_ENC_eFZA_IDX 5
130#define SSL_ENC_NULL_IDX 6
131#define SSL_ENC_AES128_IDX 7
132#define SSL_ENC_AES256_IDX 8
133#define SSL_ENC_CAMELLIA128_IDX 9
134#define SSL_ENC_CAMELLIA256_IDX 10
135#define SSL_ENC_SEED_IDX 11
136#define SSL_ENC_NUM_IDX 12
137
138
139static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
140 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
141 };
142
143#define SSL_COMP_NULL_IDX 0
144#define SSL_COMP_ZLIB_IDX 1
145#define SSL_COMP_NUM_IDX 2
146
147static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
148
149#define SSL_MD_MD5_IDX 0
150#define SSL_MD_SHA1_IDX 1
151#define SSL_MD_NUM_IDX 2
152static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
153 NULL,NULL,
154 };
155
156#define CIPHER_ADD 1
157#define CIPHER_KILL 2
158#define CIPHER_DEL 3
159#define CIPHER_ORD 4
160#define CIPHER_SPECIAL 5
161
162typedef struct cipher_order_st
163 {
164 SSL_CIPHER *cipher;
165 int active;
166 int dead;
167 struct cipher_order_st *next,*prev;
168 } CIPHER_ORDER;
169
170static const SSL_CIPHER cipher_aliases[]={
171 /* Don't include eNULL unless specifically enabled. */
172 /* Don't include ECC in ALL because these ciphers are not yet official. */
173 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
174 /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
175 {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
176 {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
177 {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
178 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
179 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
180 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
181 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
182 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
183 {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
184 {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
185 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
186 {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
187 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
188 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
189 {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},
190 {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
191 {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0},
192 {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0},
193
194 {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0},
195 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
196 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
197 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
198#ifndef OPENSSL_NO_IDEA
199 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
200#endif
201 {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0},
202 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
203 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
204 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
205 {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
206
207 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
208 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
209 {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
210
211 {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
212 {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
213 {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
214 {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
215 {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
216
217 {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
218 {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
219 {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
220
221 {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
222 {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
223 {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
224 {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
225 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
226 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
227 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
228 {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
229 };
230
231void ssl_load_ciphers(void)
232 {
233 ssl_cipher_methods[SSL_ENC_DES_IDX]=
234 EVP_get_cipherbyname(SN_des_cbc);
235 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
236 EVP_get_cipherbyname(SN_des_ede3_cbc);
237 ssl_cipher_methods[SSL_ENC_RC4_IDX]=
238 EVP_get_cipherbyname(SN_rc4);
239 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
240 EVP_get_cipherbyname(SN_rc2_cbc);
241#ifndef OPENSSL_NO_IDEA
242 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
243 EVP_get_cipherbyname(SN_idea_cbc);
244#else
245 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
246#endif
247 ssl_cipher_methods[SSL_ENC_AES128_IDX]=
248 EVP_get_cipherbyname(SN_aes_128_cbc);
249 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
250 EVP_get_cipherbyname(SN_aes_256_cbc);
251 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
252 EVP_get_cipherbyname(SN_camellia_128_cbc);
253 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
254 EVP_get_cipherbyname(SN_camellia_256_cbc);
255 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
256 EVP_get_cipherbyname(SN_seed_cbc);
257
258 ssl_digest_methods[SSL_MD_MD5_IDX]=
259 EVP_get_digestbyname(SN_md5);
260 ssl_digest_methods[SSL_MD_SHA1_IDX]=
261 EVP_get_digestbyname(SN_sha1);
262 }
263
264
265#ifndef OPENSSL_NO_COMP
266
267static int sk_comp_cmp(const SSL_COMP * const *a,
268 const SSL_COMP * const *b)
269 {
270 return((*a)->id-(*b)->id);
271 }
272
273static void load_builtin_compressions(void)
274 {
275 int got_write_lock = 0;
276
277 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
278 if (ssl_comp_methods == NULL)
279 {
280 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
281 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
282 got_write_lock = 1;
283
284 if (ssl_comp_methods == NULL)
285 {
286 SSL_COMP *comp = NULL;
287
288 MemCheck_off();
289 ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
290 if (ssl_comp_methods != NULL)
291 {
292 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
293 if (comp != NULL)
294 {
295 comp->method=COMP_zlib();
296 if (comp->method
297 && comp->method->type == NID_undef)
298 OPENSSL_free(comp);
299 else
300 {
301 comp->id=SSL_COMP_ZLIB_IDX;
302 comp->name=comp->method->name;
303 sk_SSL_COMP_push(ssl_comp_methods,comp);
304 }
305 }
306 }
307 MemCheck_on();
308 }
309 }
310
311 if (got_write_lock)
312 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
313 else
314 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
315 }
316#endif
317
318int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
319 const EVP_MD **md, SSL_COMP **comp)
320 {
321 int i;
322 SSL_CIPHER *c;
323
324 c=s->cipher;
325 if (c == NULL) return(0);
326 if (comp != NULL)
327 {
328 SSL_COMP ctmp;
329#ifndef OPENSSL_NO_COMP
330 load_builtin_compressions();
331#endif
332
333 *comp=NULL;
334 ctmp.id=s->compress_meth;
335 if (ssl_comp_methods != NULL)
336 {
337 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
338 if (i >= 0)
339 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
340 else
341 *comp=NULL;
342 }
343 }
344
345 if ((enc == NULL) || (md == NULL)) return(0);
346
347 switch (c->algorithms & SSL_ENC_MASK)
348 {
349 case SSL_DES:
350 i=SSL_ENC_DES_IDX;
351 break;
352 case SSL_3DES:
353 i=SSL_ENC_3DES_IDX;
354 break;
355 case SSL_RC4:
356 i=SSL_ENC_RC4_IDX;
357 break;
358 case SSL_RC2:
359 i=SSL_ENC_RC2_IDX;
360 break;
361 case SSL_IDEA:
362 i=SSL_ENC_IDEA_IDX;
363 break;
364 case SSL_eNULL:
365 i=SSL_ENC_NULL_IDX;
366 break;
367 case SSL_AES:
368 switch(c->alg_bits)
369 {
370 case 128: i=SSL_ENC_AES128_IDX; break;
371 case 256: i=SSL_ENC_AES256_IDX; break;
372 default: i=-1; break;
373 }
374 break;
375 case SSL_CAMELLIA:
376 switch(c->alg_bits)
377 {
378 case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
379 case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
380 default: i=-1; break;
381 }
382 break;
383 case SSL_SEED:
384 i=SSL_ENC_SEED_IDX;
385 break;
386
387 default:
388 i= -1;
389 break;
390 }
391
392 if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
393 *enc=NULL;
394 else
395 {
396 if (i == SSL_ENC_NULL_IDX)
397 *enc=EVP_enc_null();
398 else
399 *enc=ssl_cipher_methods[i];
400 }
401
402 switch (c->algorithms & SSL_MAC_MASK)
403 {
404 case SSL_MD5:
405 i=SSL_MD_MD5_IDX;
406 break;
407 case SSL_SHA1:
408 i=SSL_MD_SHA1_IDX;
409 break;
410 default:
411 i= -1;
412 break;
413 }
414 if ((i < 0) || (i >= SSL_MD_NUM_IDX))
415 *md=NULL;
416 else
417 *md=ssl_digest_methods[i];
418
419 if ((*enc != NULL) && (*md != NULL))
420 return(1);
421 else
422 return(0);
423 }
424
425#define ITEM_SEP(a) \
426 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
427
428static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
429 CIPHER_ORDER **tail)
430 {
431 if (curr == *tail) return;
432 if (curr == *head)
433 *head=curr->next;
434 if (curr->prev != NULL)
435 curr->prev->next=curr->next;
436 if (curr->next != NULL) /* should always be true */
437 curr->next->prev=curr->prev;
438 (*tail)->next=curr;
439 curr->prev= *tail;
440 curr->next=NULL;
441 *tail=curr;
442 }
443
444struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
445 * where 128-bit and 256-bit algorithms simply will get
446 * separate bits. */
447 unsigned long mask; /* everything except m256 */
448 unsigned long m256; /* applies to 256-bit algorithms only */
449};
450
451static struct disabled_masks ssl_cipher_get_disabled(void)
452 {
453 unsigned long mask;
454 unsigned long m256;
455 struct disabled_masks ret;
456
457 mask = SSL_kFZA;
458#ifdef OPENSSL_NO_RSA
459 mask |= SSL_aRSA|SSL_kRSA;
460#endif
461#ifdef OPENSSL_NO_DSA
462 mask |= SSL_aDSS;
463#endif
464#ifdef OPENSSL_NO_DH
465 mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
466#endif
467#ifdef OPENSSL_NO_KRB5
468 mask |= SSL_kKRB5|SSL_aKRB5;
469#endif
470#ifdef OPENSSL_NO_ECDH
471 mask |= SSL_kECDH|SSL_kECDHE;
472#endif
473#ifdef SSL_FORBID_ENULL
474 mask |= SSL_eNULL;
475#endif
476
477 mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
478 mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
479 mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
480 mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
481 mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
482 mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
483 mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
484
485 mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
486 mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
487
488 /* finally consider algorithms where mask and m256 differ */
489 m256 = mask;
490 mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
491 mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
492 m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
493 m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
494
495 ret.mask = mask;
496 ret.m256 = m256;
497 return ret;
498 }
499
500static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
501 int num_of_ciphers, unsigned long mask, unsigned long m256,
502 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
503 CIPHER_ORDER **tail_p)
504 {
505 int i, co_list_num;
506 SSL_CIPHER *c;
507
508 /*
509 * We have num_of_ciphers descriptions compiled in, depending on the
510 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
511 * These will later be sorted in a linked list with at most num
512 * entries.
513 */
514
515 /* Get the initial list of ciphers */
516 co_list_num = 0; /* actual count of ciphers */
517 for (i = 0; i < num_of_ciphers; i++)
518 {
519 c = ssl_method->get_cipher(i);
520#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
521 /* drop those that use any of that is not available */
522#ifdef OPENSSL_FIPS
523 if ((c != NULL) && c->valid && !IS_MASKED(c)
524 && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
525#else
526 if ((c != NULL) && c->valid && !IS_MASKED(c))
527#endif
528 {
529 co_list[co_list_num].cipher = c;
530 co_list[co_list_num].next = NULL;
531 co_list[co_list_num].prev = NULL;
532 co_list[co_list_num].active = 0;
533 co_list_num++;
534#ifdef KSSL_DEBUG
535 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
536#endif /* KSSL_DEBUG */
537 /*
538 if (!sk_push(ca_list,(char *)c)) goto err;
539 */
540 }
541 }
542
543 /*
544 * Prepare linked list from list entries
545 */
546 for (i = 1; i < co_list_num - 1; i++)
547 {
548 co_list[i].prev = &(co_list[i-1]);
549 co_list[i].next = &(co_list[i+1]);
550 }
551 if (co_list_num > 0)
552 {
553 (*head_p) = &(co_list[0]);
554 (*head_p)->prev = NULL;
555 (*head_p)->next = &(co_list[1]);
556 (*tail_p) = &(co_list[co_list_num - 1]);
557 (*tail_p)->prev = &(co_list[co_list_num - 2]);
558 (*tail_p)->next = NULL;
559 }
560 }
561
562static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
563 int num_of_group_aliases, unsigned long mask,
564 CIPHER_ORDER *head)
565 {
566 CIPHER_ORDER *ciph_curr;
567 SSL_CIPHER **ca_curr;
568 int i;
569
570 /*
571 * First, add the real ciphers as already collected
572 */
573 ciph_curr = head;
574 ca_curr = ca_list;
575 while (ciph_curr != NULL)
576 {
577 *ca_curr = ciph_curr->cipher;
578 ca_curr++;
579 ciph_curr = ciph_curr->next;
580 }
581
582 /*
583 * Now we add the available ones from the cipher_aliases[] table.
584 * They represent either an algorithm, that must be fully
585 * supported (not match any bit in mask) or represent a cipher
586 * strength value (will be added in any case because algorithms=0).
587 */
588 for (i = 0; i < num_of_group_aliases; i++)
589 {
590 if ((i == 0) || /* always fetch "ALL" */
591 !(cipher_aliases[i].algorithms & mask))
592 {
593 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
594 ca_curr++;
595 }
596 }
597
598 *ca_curr = NULL; /* end of list */
599 }
600
601static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
602 unsigned long algorithms, unsigned long mask,
603 unsigned long algo_strength, unsigned long mask_strength,
604 int rule, int strength_bits, CIPHER_ORDER *co_list,
605 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
606 {
607 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
608 SSL_CIPHER *cp;
609 unsigned long ma, ma_s;
610
611#ifdef CIPHER_DEBUG
612 printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
613 rule, algorithms, mask, algo_strength, mask_strength,
614 strength_bits);
615#endif
616
617 curr = head = *head_p;
618 curr2 = head;
619 tail2 = tail = *tail_p;
620 for (;;)
621 {
622 if ((curr == NULL) || (curr == tail2)) break;
623 curr = curr2;
624 curr2 = curr->next;
625
626 cp = curr->cipher;
627
628 /* If explicit cipher suite, match only that one for its own protocol version.
629 * Usual selection criteria will be used for similar ciphersuites from other version! */
630
631 if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
632 {
633 if (cp->id != cipher_id)
634 continue;
635 }
636
637 /*
638 * Selection criteria is either the number of strength_bits
639 * or the algorithm used.
640 */
641 else if (strength_bits == -1)
642 {
643 ma = mask & cp->algorithms;
644 ma_s = mask_strength & cp->algo_strength;
645
646#ifdef CIPHER_DEBUG
647 printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
648 printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
649#endif
650 /*
651 * Select: if none of the mask bit was met from the
652 * cipher or not all of the bits were met, the
653 * selection does not apply.
654 */
655 if (((ma == 0) && (ma_s == 0)) ||
656 ((ma & algorithms) != ma) ||
657 ((ma_s & algo_strength) != ma_s))
658 continue; /* does not apply */
659 }
660 else if (strength_bits != cp->strength_bits)
661 continue; /* does not apply */
662
663#ifdef CIPHER_DEBUG
664 printf("Action = %d\n", rule);
665#endif
666
667 /* add the cipher if it has not been added yet. */
668 if (rule == CIPHER_ADD)
669 {
670 if (!curr->active)
671 {
672 int add_this_cipher = 1;
673
674 if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
675 {
676 /* Make sure "ECCdraft" ciphersuites are activated only if
677 * *explicitly* requested, but not implicitly (such as
678 * as part of the "AES" alias). */
679
680 add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
681 }
682
683 if (add_this_cipher)
684 {
685 ll_append_tail(&head, curr, &tail);
686 curr->active = 1;
687 }
688 }
689 }
690 /* Move the added cipher to this location */
691 else if (rule == CIPHER_ORD)
692 {
693 if (curr->active)
694 {
695 ll_append_tail(&head, curr, &tail);
696 }
697 }
698 else if (rule == CIPHER_DEL)
699 curr->active = 0;
700 else if (rule == CIPHER_KILL)
701 {
702 if (head == curr)
703 head = curr->next;
704 else
705 curr->prev->next = curr->next;
706 if (tail == curr)
707 tail = curr->prev;
708 curr->active = 0;
709 if (curr->next != NULL)
710 curr->next->prev = curr->prev;
711 if (curr->prev != NULL)
712 curr->prev->next = curr->next;
713 curr->next = NULL;
714 curr->prev = NULL;
715 }
716 }
717
718 *head_p = head;
719 *tail_p = tail;
720 }
721
722static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
723 CIPHER_ORDER **head_p,
724 CIPHER_ORDER **tail_p)
725 {
726 int max_strength_bits, i, *number_uses;
727 CIPHER_ORDER *curr;
728
729 /*
730 * This routine sorts the ciphers with descending strength. The sorting
731 * must keep the pre-sorted sequence, so we apply the normal sorting
732 * routine as '+' movement to the end of the list.
733 */
734 max_strength_bits = 0;
735 curr = *head_p;
736 while (curr != NULL)
737 {
738 if (curr->active &&
739 (curr->cipher->strength_bits > max_strength_bits))
740 max_strength_bits = curr->cipher->strength_bits;
741 curr = curr->next;
742 }
743
744 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
745 if (!number_uses)
746 {
747 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
748 return(0);
749 }
750 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
751
752 /*
753 * Now find the strength_bits values actually used
754 */
755 curr = *head_p;
756 while (curr != NULL)
757 {
758 if (curr->active)
759 number_uses[curr->cipher->strength_bits]++;
760 curr = curr->next;
761 }
762 /*
763 * Go through the list of used strength_bits values in descending
764 * order.
765 */
766 for (i = max_strength_bits; i >= 0; i--)
767 if (number_uses[i] > 0)
768 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
769 co_list, head_p, tail_p);
770
771 OPENSSL_free(number_uses);
772 return(1);
773 }
774
775static int ssl_cipher_process_rulestr(const char *rule_str,
776 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
777 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
778 {
779 unsigned long algorithms, mask, algo_strength, mask_strength;
780 const char *l, *start, *buf;
781 int j, multi, found, rule, retval, ok, buflen;
782 unsigned long cipher_id = 0, ssl_version = 0;
783 char ch;
784
785 retval = 1;
786 l = rule_str;
787 for (;;)
788 {
789 ch = *l;
790
791 if (ch == '\0')
792 break; /* done */
793 if (ch == '-')
794 { rule = CIPHER_DEL; l++; }
795 else if (ch == '+')
796 { rule = CIPHER_ORD; l++; }
797 else if (ch == '!')
798 { rule = CIPHER_KILL; l++; }
799 else if (ch == '@')
800 { rule = CIPHER_SPECIAL; l++; }
801 else
802 { rule = CIPHER_ADD; }
803
804 if (ITEM_SEP(ch))
805 {
806 l++;
807 continue;
808 }
809
810 algorithms = mask = algo_strength = mask_strength = 0;
811
812 start=l;
813 for (;;)
814 {
815 ch = *l;
816 buf = l;
817 buflen = 0;
818#ifndef CHARSET_EBCDIC
819 while ( ((ch >= 'A') && (ch <= 'Z')) ||
820 ((ch >= '0') && (ch <= '9')) ||
821 ((ch >= 'a') && (ch <= 'z')) ||
822 (ch == '-'))
823#else
824 while ( isalnum(ch) || (ch == '-'))
825#endif
826 {
827 ch = *(++l);
828 buflen++;
829 }
830
831 if (buflen == 0)
832 {
833 /*
834 * We hit something we cannot deal with,
835 * it is no command or separator nor
836 * alphanumeric, so we call this an error.
837 */
838 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
839 SSL_R_INVALID_COMMAND);
840 retval = found = 0;
841 l++;
842 break;
843 }
844
845 if (rule == CIPHER_SPECIAL)
846 {
847 found = 0; /* unused -- avoid compiler warning */
848 break; /* special treatment */
849 }
850
851 /* check for multi-part specification */
852 if (ch == '+')
853 {
854 multi=1;
855 l++;
856 }
857 else
858 multi=0;
859
860 /*
861 * Now search for the cipher alias in the ca_list. Be careful
862 * with the strncmp, because the "buflen" limitation
863 * will make the rule "ADH:SOME" and the cipher
864 * "ADH-MY-CIPHER" look like a match for buflen=3.
865 * So additionally check whether the cipher name found
866 * has the correct length. We can save a strlen() call:
867 * just checking for the '\0' at the right place is
868 * sufficient, we have to strncmp() anyway. (We cannot
869 * use strcmp(), because buf is not '\0' terminated.)
870 */
871 j = found = 0;
872 cipher_id = 0;
873 ssl_version = 0;
874 while (ca_list[j])
875 {
876 if (!strncmp(buf, ca_list[j]->name, buflen) &&
877 (ca_list[j]->name[buflen] == '\0'))
878 {
879 found = 1;
880 break;
881 }
882 else
883 j++;
884 }
885 if (!found)
886 break; /* ignore this entry */
887
888 /* New algorithms:
889 * 1 - any old restrictions apply outside new mask
890 * 2 - any new restrictions apply outside old mask
891 * 3 - enforce old & new where masks intersect
892 */
893 algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
894 (ca_list[j]->algorithms & ~mask) | /* 2 */
895 (algorithms & ca_list[j]->algorithms); /* 3 */
896 mask |= ca_list[j]->mask;
897 algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
898 (ca_list[j]->algo_strength & ~mask_strength) |
899 (algo_strength & ca_list[j]->algo_strength);
900 mask_strength |= ca_list[j]->mask_strength;
901
902 /* explicit ciphersuite found */
903 if (ca_list[j]->valid)
904 {
905 cipher_id = ca_list[j]->id;
906 ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
907 break;
908 }
909
910 if (!multi) break;
911 }
912
913 /*
914 * Ok, we have the rule, now apply it
915 */
916 if (rule == CIPHER_SPECIAL)
917 { /* special command */
918 ok = 0;
919 if ((buflen == 8) &&
920 !strncmp(buf, "STRENGTH", 8))
921 ok = ssl_cipher_strength_sort(co_list,
922 head_p, tail_p);
923 else
924 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
925 SSL_R_INVALID_COMMAND);
926 if (ok == 0)
927 retval = 0;
928 /*
929 * We do not support any "multi" options
930 * together with "@", so throw away the
931 * rest of the command, if any left, until
932 * end or ':' is found.
933 */
934 while ((*l != '\0') && !ITEM_SEP(*l))
935 l++;
936 }
937 else if (found)
938 {
939 ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
940 algo_strength, mask_strength, rule, -1,
941 co_list, head_p, tail_p);
942 }
943 else
944 {
945 while ((*l != '\0') && !ITEM_SEP(*l))
946 l++;
947 }
948 if (*l == '\0') break; /* done */
949 }
950
951 return(retval);
952 }
953
954STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
955 STACK_OF(SSL_CIPHER) **cipher_list,
956 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
957 const char *rule_str)
958 {
959 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
960 unsigned long disabled_mask;
961 unsigned long disabled_m256;
962 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
963 const char *rule_p;
964 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
965 SSL_CIPHER **ca_list = NULL;
966
967 /*
968 * Return with error if nothing to do.
969 */
970 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
971 return NULL;
972
973 /*
974 * To reduce the work to do we only want to process the compiled
975 * in algorithms, so we first get the mask of disabled ciphers.
976 */
977 {
978 struct disabled_masks d;
979 d = ssl_cipher_get_disabled();
980 disabled_mask = d.mask;
981 disabled_m256 = d.m256;
982 }
983
984 /*
985 * Now we have to collect the available ciphers from the compiled
986 * in ciphers. We cannot get more than the number compiled in, so
987 * it is used for allocation.
988 */
989 num_of_ciphers = ssl_method->num_ciphers();
990#ifdef KSSL_DEBUG
991 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
992#endif /* KSSL_DEBUG */
993 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
994 if (co_list == NULL)
995 {
996 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
997 return(NULL); /* Failure */
998 }
999
1000 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
1001 disabled_m256, co_list, &head, &tail);
1002
1003 /*
1004 * We also need cipher aliases for selecting based on the rule_str.
1005 * There might be two types of entries in the rule_str: 1) names
1006 * of ciphers themselves 2) aliases for groups of ciphers.
1007 * For 1) we need the available ciphers and for 2) the cipher
1008 * groups of cipher_aliases added together in one list (otherwise
1009 * we would be happy with just the cipher_aliases table).
1010 */
1011 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1012 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1013 ca_list =
1014 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1015 if (ca_list == NULL)
1016 {
1017 OPENSSL_free(co_list);
1018 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1019 return(NULL); /* Failure */
1020 }
1021 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1022 (disabled_mask & disabled_m256), head);
1023
1024 /*
1025 * If the rule_string begins with DEFAULT, apply the default rule
1026 * before using the (possibly available) additional rules.
1027 */
1028 ok = 1;
1029 rule_p = rule_str;
1030 if (strncmp(rule_str,"DEFAULT",7) == 0)
1031 {
1032 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1033 co_list, &head, &tail, ca_list);
1034 rule_p += 7;
1035 if (*rule_p == ':')
1036 rule_p++;
1037 }
1038
1039 if (ok && (strlen(rule_p) > 0))
1040 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
1041 ca_list);
1042
1043 OPENSSL_free(ca_list); /* Not needed anymore */
1044
1045 if (!ok)
1046 { /* Rule processing failure */
1047 OPENSSL_free(co_list);
1048 return(NULL);
1049 }
1050 /*
1051 * Allocate new "cipherstack" for the result, return with error
1052 * if we cannot get one.
1053 */
1054 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1055 {
1056 OPENSSL_free(co_list);
1057 return(NULL);
1058 }
1059
1060 /*
1061 * The cipher selection for the list is done. The ciphers are added
1062 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1063 */
1064 for (curr = head; curr != NULL; curr = curr->next)
1065 {
1066#ifdef OPENSSL_FIPS
1067 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1068#else
1069 if (curr->active)
1070#endif
1071 {
1072 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1073#ifdef CIPHER_DEBUG
1074 printf("<%s>\n",curr->cipher->name);
1075#endif
1076 }
1077 }
1078 OPENSSL_free(co_list); /* Not needed any longer */
1079
1080 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1081 if (tmp_cipher_list == NULL)
1082 {
1083 sk_SSL_CIPHER_free(cipherstack);
1084 return NULL;
1085 }
1086 if (*cipher_list != NULL)
1087 sk_SSL_CIPHER_free(*cipher_list);
1088 *cipher_list = cipherstack;
1089 if (*cipher_list_by_id != NULL)
1090 sk_SSL_CIPHER_free(*cipher_list_by_id);
1091 *cipher_list_by_id = tmp_cipher_list;
1092 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1093
1094 return(cipherstack);
1095 }
1096
1097char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1098 {
1099 int is_export,pkl,kl;
1100 const char *ver,*exp_str;
1101 const char *kx,*au,*enc,*mac;
1102 unsigned long alg,alg2,alg_s;
1103#ifdef KSSL_DEBUG
1104 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
1105#else
1106 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1107#endif /* KSSL_DEBUG */
1108
1109 alg=cipher->algorithms;
1110 alg_s=cipher->algo_strength;
1111 alg2=cipher->algorithm2;
1112
1113 is_export=SSL_C_IS_EXPORT(cipher);
1114 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1115 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1116 exp_str=is_export?" export":"";
1117
1118 if (alg & SSL_SSLV2)
1119 ver="SSLv2";
1120 else if (alg & SSL_SSLV3)
1121 ver="SSLv3";
1122 else
1123 ver="unknown";
1124
1125 switch (alg&SSL_MKEY_MASK)
1126 {
1127 case SSL_kRSA:
1128 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1129 break;
1130 case SSL_kDHr:
1131 kx="DH/RSA";
1132 break;
1133 case SSL_kDHd:
1134 kx="DH/DSS";
1135 break;
1136 case SSL_kKRB5: /* VRS */
1137 case SSL_KRB5: /* VRS */
1138 kx="KRB5";
1139 break;
1140 case SSL_kFZA:
1141 kx="Fortezza";
1142 break;
1143 case SSL_kEDH:
1144 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1145 break;
1146 case SSL_kECDH:
1147 case SSL_kECDHE:
1148 kx=is_export?"ECDH(<=163)":"ECDH";
1149 break;
1150 default:
1151 kx="unknown";
1152 }
1153
1154 switch (alg&SSL_AUTH_MASK)
1155 {
1156 case SSL_aRSA:
1157 au="RSA";
1158 break;
1159 case SSL_aDSS:
1160 au="DSS";
1161 break;
1162 case SSL_aDH:
1163 au="DH";
1164 break;
1165 case SSL_aKRB5: /* VRS */
1166 case SSL_KRB5: /* VRS */
1167 au="KRB5";
1168 break;
1169 case SSL_aFZA:
1170 case SSL_aNULL:
1171 au="None";
1172 break;
1173 case SSL_aECDSA:
1174 au="ECDSA";
1175 break;
1176 default:
1177 au="unknown";
1178 break;
1179 }
1180
1181 switch (alg&SSL_ENC_MASK)
1182 {
1183 case SSL_DES:
1184 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1185 break;
1186 case SSL_3DES:
1187 enc="3DES(168)";
1188 break;
1189 case SSL_RC4:
1190 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1191 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1192 break;
1193 case SSL_RC2:
1194 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1195 break;
1196 case SSL_IDEA:
1197 enc="IDEA(128)";
1198 break;
1199 case SSL_eFZA:
1200 enc="Fortezza";
1201 break;
1202 case SSL_eNULL:
1203 enc="None";
1204 break;
1205 case SSL_AES:
1206 switch(cipher->strength_bits)
1207 {
1208 case 128: enc="AES(128)"; break;
1209 case 192: enc="AES(192)"; break;
1210 case 256: enc="AES(256)"; break;
1211 default: enc="AES(?""?""?)"; break;
1212 }
1213 break;
1214 case SSL_CAMELLIA:
1215 switch(cipher->strength_bits)
1216 {
1217 case 128: enc="Camellia(128)"; break;
1218 case 256: enc="Camellia(256)"; break;
1219 default: enc="Camellia(?""?""?)"; break;
1220 }
1221 break;
1222 case SSL_SEED:
1223 enc="SEED(128)";
1224 break;
1225
1226 default:
1227 enc="unknown";
1228 break;
1229 }
1230
1231 switch (alg&SSL_MAC_MASK)
1232 {
1233 case SSL_MD5:
1234 mac="MD5";
1235 break;
1236 case SSL_SHA1:
1237 mac="SHA1";
1238 break;
1239 default:
1240 mac="unknown";
1241 break;
1242 }
1243
1244 if (buf == NULL)
1245 {
1246 len=128;
1247 buf=OPENSSL_malloc(len);
1248 if (buf == NULL) return("OPENSSL_malloc Error");
1249 }
1250 else if (len < 128)
1251 return("Buffer too small");
1252
1253#ifdef KSSL_DEBUG
1254 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1255#else
1256 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1257#endif /* KSSL_DEBUG */
1258 return(buf);
1259 }
1260
1261char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1262 {
1263 int i;
1264
1265 if (c == NULL) return("(NONE)");
1266 i=(int)(c->id>>24L);
1267 if (i == 3)
1268 return("TLSv1/SSLv3");
1269 else if (i == 2)
1270 return("SSLv2");
1271 else
1272 return("unknown");
1273 }
1274
1275/* return the actual cipher being used */
1276const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1277 {
1278 if (c != NULL)
1279 return(c->name);
1280 return("(NONE)");
1281 }
1282
1283/* number of bits for symmetric cipher */
1284int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1285 {
1286 int ret=0;
1287
1288 if (c != NULL)
1289 {
1290 if (alg_bits != NULL) *alg_bits = c->alg_bits;
1291 ret = c->strength_bits;
1292 }
1293 return(ret);
1294 }
1295
1296SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1297 {
1298 SSL_COMP *ctmp;
1299 int i,nn;
1300
1301 if ((n == 0) || (sk == NULL)) return(NULL);
1302 nn=sk_SSL_COMP_num(sk);
1303 for (i=0; i<nn; i++)
1304 {
1305 ctmp=sk_SSL_COMP_value(sk,i);
1306 if (ctmp->id == n)
1307 return(ctmp);
1308 }
1309 return(NULL);
1310 }
1311
1312#ifdef OPENSSL_NO_COMP
1313void *SSL_COMP_get_compression_methods(void)
1314 {
1315 return NULL;
1316 }
1317int SSL_COMP_add_compression_method(int id, void *cm)
1318 {
1319 return 1;
1320 }
1321
1322const char *SSL_COMP_get_name(const void *comp)
1323 {
1324 return NULL;
1325 }
1326#else
1327STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1328 {
1329 load_builtin_compressions();
1330 return(ssl_comp_methods);
1331 }
1332
1333int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1334 {
1335 SSL_COMP *comp;
1336
1337 if (cm == NULL || cm->type == NID_undef)
1338 return 1;
1339
1340 /* According to draft-ietf-tls-compression-04.txt, the
1341 compression number ranges should be the following:
1342
1343 0 to 63: methods defined by the IETF
1344 64 to 192: external party methods assigned by IANA
1345 193 to 255: reserved for private use */
1346 if (id < 193 || id > 255)
1347 {
1348 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1349 return 0;
1350 }
1351
1352 MemCheck_off();
1353 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1354 comp->id=id;
1355 comp->method=cm;
1356 load_builtin_compressions();
1357 if (ssl_comp_methods
1358 && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
1359 {
1360 OPENSSL_free(comp);
1361 MemCheck_on();
1362 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1363 return(1);
1364 }
1365 else if ((ssl_comp_methods == NULL)
1366 || !sk_SSL_COMP_push(ssl_comp_methods,comp))
1367 {
1368 OPENSSL_free(comp);
1369 MemCheck_on();
1370 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1371 return(1);
1372 }
1373 else
1374 {
1375 MemCheck_on();
1376 return(0);
1377 }
1378 }
1379
1380const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1381 {
1382 if (comp)
1383 return comp->name;
1384 return NULL;
1385 }
1386
1387#endif
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 24a994fe01..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,518 +0,0 @@
1/* ssl/ssl_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/ssl.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
70
71static ERR_STRING_DATA SSL_str_functs[]=
72 {
73{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
74{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
75{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
76{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
77{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
78{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
79{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
80{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
81{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
82{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
83{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
84{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
85{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
86{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
87{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
88{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
89{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
90{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
91{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
92{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
93{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
94{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
95{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
96{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
97{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
98{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
99{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
100{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
101{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
102{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
103{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
104{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
105{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
106{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
107{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
108{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
109{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
110{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
111{ERR_FUNC(SSL_F_READ_N), "READ_N"},
112{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
113{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
114{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
115{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
116{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
117{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
118{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
119{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
120{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
121{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
122{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
123{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
124{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
125{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
126{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
127{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
128{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
129{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
130{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
131{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
132{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
133{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
134{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
135{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
136{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
137{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
138{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
139{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
140{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
141{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
142{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
143{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
144{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
145{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
146{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
147{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
148{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
149{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
150{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
151{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
152{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
153{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
154{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
155{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
156{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
157{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
158{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
159{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
160{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
161{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
162{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
163{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
164{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
165{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
166{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
167{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
168{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
169{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
170{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
171{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
172{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
173{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
174{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
175{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
176{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
177{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
178{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
179{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
180{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
181{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
182{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
183{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
184{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
185{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
186{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
187{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
188{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
189{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
190{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
191{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
192{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
193{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
194{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
195{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
196{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
197{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
198{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
199{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
200{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
201{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
202{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
203{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
204{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
205{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
206{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
207{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
208{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
209{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
210{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
211{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
212{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
213{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
214{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
215{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
216{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
217{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
218{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
219{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
220{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
221{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
222{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
223{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
224{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
225{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
226{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
227{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
228{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
229{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
230{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
231{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
232{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
233{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
234{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
235{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
236{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
237{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
238{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
239{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
240{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
241{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
242{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
243{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
244{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
245{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
246{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
247{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
248{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
249{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
250{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
251{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
252{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
253{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
254{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
255{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
256{0,NULL}
257 };
258
259static ERR_STRING_DATA SSL_str_reasons[]=
260 {
261{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
262{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
263{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
264{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
265{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
266{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
267{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
268{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
269{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
270{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
271{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
272{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
273{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
274{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
275{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
276{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
277{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
278{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
279{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
280{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
281{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
282{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
283{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
284{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
285{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
286{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
287{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
288{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
289{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
290{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
291{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
292{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
293{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
294{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
295{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
296{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
297{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
298{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
299{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
300{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
301{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
302{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
303{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
304{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
305{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
306{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
307{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
308{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
309{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
310{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
311{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
312{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
313{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
314{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
315{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
316{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
317{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
318{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
319{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
320{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
321{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
322{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
323{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
324{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
325{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
326{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
327{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
328{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
329{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
330{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
331{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
332{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
333{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
334{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
335{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
336{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
337{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
338{ERR_REASON(SSL_R_KRB5) ,"krb5"},
339{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
340{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
341{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
342{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
343{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
344{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
345{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
346{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
347{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
348{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
349{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
350{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
351{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
352{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
353{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
354{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
355{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
356{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
357{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
358{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
359{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
360{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
361{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
362{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
363{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
364{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
365{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
366{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
367{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
368{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
369{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
370{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
371{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
372{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
373{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
374{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
375{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
376{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
377{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
378{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
379{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
380{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
381{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
382{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
383{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
384{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
385{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
386{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
387{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
388{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
389{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
390{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
391{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
392{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
393{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
394{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"},
395{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
396{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
397{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
398{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
399{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
400{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
401{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
402{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
403{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
404{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
405{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
406{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
407{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
408{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
409{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"},
410{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
411{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
412{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
413{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
414{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
415{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
416{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
417{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
418{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
419{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
420{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
421{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
422{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
423{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
424{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
425{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
426{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
427{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
428{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
429{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
430{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
431{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
432{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
433{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
434{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
435{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
436{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
437{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
438{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
439{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
440{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
441{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
442{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
443{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
444{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
445{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
446{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
447{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
448{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
449{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
450{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
451{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
452{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
453{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
454{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
455{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
456{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
457{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
458{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
459{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
460{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
461{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
462{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
463{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
464{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
465{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
466{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
467{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
468{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
469{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
470{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
471{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
472{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
473{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
474{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
475{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
476{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
477{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
478{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
479{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
480{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
481{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
482{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
483{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
484{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
485{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
486{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
487{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
488{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
489{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
490{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
491{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
492{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
493{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
494{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
495{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
496{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
497{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
498{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
499{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
500{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
501{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
502{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
503{0,NULL}
504 };
505
506#endif
507
508void ERR_load_SSL_strings(void)
509 {
510#ifndef OPENSSL_NO_ERR
511
512 if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
513 {
514 ERR_load_strings(0,SSL_str_functs);
515 ERR_load_strings(0,SSL_str_reasons);
516 }
517#endif
518 }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index ea95a5f983..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ssl/ssl_err2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/ssl.h>
62
63void SSL_load_error_strings(void)
64 {
65#ifndef OPENSSL_NO_ERR
66 ERR_load_crypto_strings();
67 ERR_load_SSL_strings();
68#endif
69 }
70
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 1a961a9e9e..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,2703 +0,0 @@
1/*! \file ssl/ssl_lib.c
2 * \brief Version independent SSL functions.
3 */
4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * All rights reserved.
6 *
7 * This package is an SSL implementation written
8 * by Eric Young (eay@cryptsoft.com).
9 * The implementation was written so as to conform with Netscapes SSL.
10 *
11 * This library is free for commercial and non-commercial use as long as
12 * the following conditions are aheared to. The following conditions
13 * apply to all code found in this distribution, be it the RC4, RSA,
14 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15 * included with this distribution is covered by the same copyright terms
16 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17 *
18 * Copyright remains Eric Young's, and as such any Copyright notices in
19 * the code are not to be removed.
20 * If this package is used in a product, Eric Young should be given attribution
21 * as the author of the parts of the library used.
22 * This can be in the form of a textual message at program startup or
23 * in documentation (online or textual) provided with the package.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the copyright
29 * notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in the
32 * documentation and/or other materials provided with the distribution.
33 * 3. All advertising materials mentioning features or use of this software
34 * must display the following acknowledgement:
35 * "This product includes cryptographic software written by
36 * Eric Young (eay@cryptsoft.com)"
37 * The word 'cryptographic' can be left out if the rouines from the library
38 * being used are not cryptographic related :-).
39 * 4. If you include any Windows specific code (or a derivative thereof) from
40 * the apps directory (application code) you must include an acknowledgement:
41 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42 *
43 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * SUCH DAMAGE.
54 *
55 * The licence and distribution terms for any publically available version or
56 * derivative of this code cannot be changed. i.e. this code cannot simply be
57 * copied and put under another distribution licence
58 * [including the GNU Public Licence.]
59 */
60/* ====================================================================
61 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 *
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 *
70 * 2. Redistributions in binary form must reproduce the above copyright
71 * notice, this list of conditions and the following disclaimer in
72 * the documentation and/or other materials provided with the
73 * distribution.
74 *
75 * 3. All advertising materials mentioning features or use of this
76 * software must display the following acknowledgment:
77 * "This product includes software developed by the OpenSSL Project
78 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
79 *
80 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
81 * endorse or promote products derived from this software without
82 * prior written permission. For written permission, please contact
83 * openssl-core@openssl.org.
84 *
85 * 5. Products derived from this software may not be called "OpenSSL"
86 * nor may "OpenSSL" appear in their names without prior written
87 * permission of the OpenSSL Project.
88 *
89 * 6. Redistributions of any form whatsoever must retain the following
90 * acknowledgment:
91 * "This product includes software developed by the OpenSSL Project
92 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
93 *
94 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
95 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
97 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
98 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
99 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
100 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
101 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
102 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
103 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
104 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
105 * OF THE POSSIBILITY OF SUCH DAMAGE.
106 * ====================================================================
107 *
108 * This product includes cryptographic software written by Eric Young
109 * (eay@cryptsoft.com). This product includes software written by Tim
110 * Hudson (tjh@cryptsoft.com).
111 *
112 */
113/* ====================================================================
114 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
115 * ECC cipher suite support in OpenSSL originally developed by
116 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
117 */
118
119#ifdef REF_CHECK
120# include <assert.h>
121#endif
122#include <stdio.h>
123#include "ssl_locl.h"
124#include "kssl_lcl.h"
125#include <openssl/objects.h>
126#include <openssl/lhash.h>
127#include <openssl/x509v3.h>
128#include <openssl/rand.h>
129#include <openssl/ocsp.h>
130#ifndef OPENSSL_NO_DH
131#include <openssl/dh.h>
132#endif
133#ifndef OPENSSL_NO_ENGINE
134#include <openssl/engine.h>
135#endif
136
137const char *SSL_version_str=OPENSSL_VERSION_TEXT;
138
139SSL3_ENC_METHOD ssl3_undef_enc_method={
140 /* evil casts, but these functions are only called if there's a library bug */
141 (int (*)(SSL *,int))ssl_undefined_function,
142 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
143 ssl_undefined_function,
144 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
145 (int (*)(SSL*, int))ssl_undefined_function,
146 (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
147 0, /* finish_mac_length */
148 (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
149 NULL, /* client_finished_label */
150 0, /* client_finished_label_len */
151 NULL, /* server_finished_label */
152 0, /* server_finished_label_len */
153 (int (*)(int))ssl_undefined_function
154 };
155
156int SSL_clear(SSL *s)
157 {
158
159 if (s->method == NULL)
160 {
161 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
162 return(0);
163 }
164
165 if (ssl_clear_bad_session(s))
166 {
167 SSL_SESSION_free(s->session);
168 s->session=NULL;
169 }
170
171 s->error=0;
172 s->hit=0;
173 s->shutdown=0;
174
175#if 0 /* Disabled since version 1.10 of this file (early return not
176 * needed because SSL_clear is not called when doing renegotiation) */
177 /* This is set if we are doing dynamic renegotiation so keep
178 * the old cipher. It is sort of a SSL_clear_lite :-) */
179 if (s->new_session) return(1);
180#else
181 if (s->new_session)
182 {
183 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
184 return 0;
185 }
186#endif
187
188 s->type=0;
189
190 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
191
192 s->version=s->method->version;
193 s->client_version=s->version;
194 s->rwstate=SSL_NOTHING;
195 s->rstate=SSL_ST_READ_HEADER;
196#if 0
197 s->read_ahead=s->ctx->read_ahead;
198#endif
199
200 if (s->init_buf != NULL)
201 {
202 BUF_MEM_free(s->init_buf);
203 s->init_buf=NULL;
204 }
205
206 ssl_clear_cipher_ctx(s);
207
208 s->first_packet=0;
209
210#if 1
211 /* Check to see if we were changed into a different method, if
212 * so, revert back if we are not doing session-id reuse. */
213 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
214 {
215 s->method->ssl_free(s);
216 s->method=s->ctx->method;
217 if (!s->method->ssl_new(s))
218 return(0);
219 }
220 else
221#endif
222 s->method->ssl_clear(s);
223 return(1);
224 }
225
226/** Used to change an SSL_CTXs default SSL method type */
227int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
228 {
229 STACK_OF(SSL_CIPHER) *sk;
230
231 ctx->method=meth;
232
233 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
234 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
235 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
236 {
237 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
238 return(0);
239 }
240 return(1);
241 }
242
243SSL *SSL_new(SSL_CTX *ctx)
244 {
245 SSL *s;
246
247 if (ctx == NULL)
248 {
249 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
250 return(NULL);
251 }
252 if (ctx->method == NULL)
253 {
254 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
255 return(NULL);
256 }
257
258 s=(SSL *)OPENSSL_malloc(sizeof(SSL));
259 if (s == NULL) goto err;
260 memset(s,0,sizeof(SSL));
261
262#ifndef OPENSSL_NO_KRB5
263 s->kssl_ctx = kssl_ctx_new();
264#endif /* OPENSSL_NO_KRB5 */
265
266 s->options=ctx->options;
267 s->mode=ctx->mode;
268 s->max_cert_list=ctx->max_cert_list;
269
270 if (ctx->cert != NULL)
271 {
272 /* Earlier library versions used to copy the pointer to
273 * the CERT, not its contents; only when setting new
274 * parameters for the per-SSL copy, ssl_cert_new would be
275 * called (and the direct reference to the per-SSL_CTX
276 * settings would be lost, but those still were indirectly
277 * accessed for various purposes, and for that reason they
278 * used to be known as s->ctx->default_cert).
279 * Now we don't look at the SSL_CTX's CERT after having
280 * duplicated it once. */
281
282 s->cert = ssl_cert_dup(ctx->cert);
283 if (s->cert == NULL)
284 goto err;
285 }
286 else
287 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
288
289 s->read_ahead=ctx->read_ahead;
290 s->msg_callback=ctx->msg_callback;
291 s->msg_callback_arg=ctx->msg_callback_arg;
292 s->verify_mode=ctx->verify_mode;
293#if 0
294 s->verify_depth=ctx->verify_depth;
295#endif
296 s->sid_ctx_length=ctx->sid_ctx_length;
297 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
298 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
299 s->verify_callback=ctx->default_verify_callback;
300 s->generate_session_id=ctx->generate_session_id;
301
302 s->param = X509_VERIFY_PARAM_new();
303 if (!s->param)
304 goto err;
305 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
306#if 0
307 s->purpose = ctx->purpose;
308 s->trust = ctx->trust;
309#endif
310 s->quiet_shutdown=ctx->quiet_shutdown;
311
312 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
313 s->ctx=ctx;
314#ifndef OPENSSL_NO_TLSEXT
315 s->tlsext_debug_cb = 0;
316 s->tlsext_debug_arg = NULL;
317 s->tlsext_ticket_expected = 0;
318 s->tlsext_status_type = -1;
319 s->tlsext_status_expected = 0;
320 s->tlsext_ocsp_ids = NULL;
321 s->tlsext_ocsp_exts = NULL;
322 s->tlsext_ocsp_resp = NULL;
323 s->tlsext_ocsp_resplen = -1;
324 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
325 s->initial_ctx=ctx;
326#endif
327 s->verify_result=X509_V_OK;
328
329 s->method=ctx->method;
330
331 if (!s->method->ssl_new(s))
332 goto err;
333
334 s->references=1;
335 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
336
337 SSL_clear(s);
338
339 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
340
341 return(s);
342err:
343 if (s != NULL)
344 {
345 if (s->cert != NULL)
346 ssl_cert_free(s->cert);
347 if (s->ctx != NULL)
348 SSL_CTX_free(s->ctx); /* decrement reference count */
349 OPENSSL_free(s);
350 }
351 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
352 return(NULL);
353 }
354
355int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
356 unsigned int sid_ctx_len)
357 {
358 if(sid_ctx_len > sizeof ctx->sid_ctx)
359 {
360 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
361 return 0;
362 }
363 ctx->sid_ctx_length=sid_ctx_len;
364 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
365
366 return 1;
367 }
368
369int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
370 unsigned int sid_ctx_len)
371 {
372 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
373 {
374 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
375 return 0;
376 }
377 ssl->sid_ctx_length=sid_ctx_len;
378 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
379
380 return 1;
381 }
382
383int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
384 {
385 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
386 ctx->generate_session_id = cb;
387 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
388 return 1;
389 }
390
391int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
392 {
393 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
394 ssl->generate_session_id = cb;
395 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
396 return 1;
397 }
398
399int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
400 unsigned int id_len)
401 {
402 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
403 * we can "construct" a session to give us the desired check - ie. to
404 * find if there's a session in the hash table that would conflict with
405 * any new session built out of this id/id_len and the ssl_version in
406 * use by this SSL. */
407 SSL_SESSION r, *p;
408
409 if(id_len > sizeof r.session_id)
410 return 0;
411
412 r.ssl_version = ssl->version;
413 r.session_id_length = id_len;
414 memcpy(r.session_id, id, id_len);
415 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
416 * callback is calling us to check the uniqueness of a shorter ID, it
417 * must be compared as a padded-out ID because that is what it will be
418 * converted to when the callback has finished choosing it. */
419 if((r.ssl_version == SSL2_VERSION) &&
420 (id_len < SSL2_SSL_SESSION_ID_LENGTH))
421 {
422 memset(r.session_id + id_len, 0,
423 SSL2_SSL_SESSION_ID_LENGTH - id_len);
424 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
425 }
426
427 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
428 p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
429 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
430 return (p != NULL);
431 }
432
433int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
434 {
435 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
436 }
437
438int SSL_set_purpose(SSL *s, int purpose)
439 {
440 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
441 }
442
443int SSL_CTX_set_trust(SSL_CTX *s, int trust)
444 {
445 return X509_VERIFY_PARAM_set_trust(s->param, trust);
446 }
447
448int SSL_set_trust(SSL *s, int trust)
449 {
450 return X509_VERIFY_PARAM_set_trust(s->param, trust);
451 }
452
453void SSL_free(SSL *s)
454 {
455 int i;
456
457 if(s == NULL)
458 return;
459
460 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
461#ifdef REF_PRINT
462 REF_PRINT("SSL",s);
463#endif
464 if (i > 0) return;
465#ifdef REF_CHECK
466 if (i < 0)
467 {
468 fprintf(stderr,"SSL_free, bad reference count\n");
469 abort(); /* ok */
470 }
471#endif
472
473 if (s->param)
474 X509_VERIFY_PARAM_free(s->param);
475
476 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
477
478 if (s->bbio != NULL)
479 {
480 /* If the buffering BIO is in place, pop it off */
481 if (s->bbio == s->wbio)
482 {
483 s->wbio=BIO_pop(s->wbio);
484 }
485 BIO_free(s->bbio);
486 s->bbio=NULL;
487 }
488 if (s->rbio != NULL)
489 BIO_free_all(s->rbio);
490 if ((s->wbio != NULL) && (s->wbio != s->rbio))
491 BIO_free_all(s->wbio);
492
493 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
494
495 /* add extra stuff */
496 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
497 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
498
499 /* Make the next call work :-) */
500 if (s->session != NULL)
501 {
502 ssl_clear_bad_session(s);
503 SSL_SESSION_free(s->session);
504 }
505
506 ssl_clear_cipher_ctx(s);
507
508 if (s->cert != NULL) ssl_cert_free(s->cert);
509 /* Free up if allocated */
510
511 if (s->ctx) SSL_CTX_free(s->ctx);
512#ifndef OPENSSL_NO_TLSEXT
513 if (s->tlsext_hostname)
514 OPENSSL_free(s->tlsext_hostname);
515 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
516 if (s->tlsext_ocsp_exts)
517 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
518 X509_EXTENSION_free);
519 if (s->tlsext_ocsp_ids)
520 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
521 if (s->tlsext_ocsp_resp)
522 OPENSSL_free(s->tlsext_ocsp_resp);
523#endif
524 if (s->client_CA != NULL)
525 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
526
527 if (s->method != NULL) s->method->ssl_free(s);
528
529#ifndef OPENSSL_NO_KRB5
530 if (s->kssl_ctx != NULL)
531 kssl_ctx_free(s->kssl_ctx);
532#endif /* OPENSSL_NO_KRB5 */
533
534 OPENSSL_free(s);
535 }
536
537void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
538 {
539 /* If the output buffering BIO is still in place, remove it
540 */
541 if (s->bbio != NULL)
542 {
543 if (s->wbio == s->bbio)
544 {
545 s->wbio=s->wbio->next_bio;
546 s->bbio->next_bio=NULL;
547 }
548 }
549 if ((s->rbio != NULL) && (s->rbio != rbio))
550 BIO_free_all(s->rbio);
551 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
552 BIO_free_all(s->wbio);
553 s->rbio=rbio;
554 s->wbio=wbio;
555 }
556
557BIO *SSL_get_rbio(const SSL *s)
558 { return(s->rbio); }
559
560BIO *SSL_get_wbio(const SSL *s)
561 { return(s->wbio); }
562
563int SSL_get_fd(const SSL *s)
564 {
565 return(SSL_get_rfd(s));
566 }
567
568int SSL_get_rfd(const SSL *s)
569 {
570 int ret= -1;
571 BIO *b,*r;
572
573 b=SSL_get_rbio(s);
574 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
575 if (r != NULL)
576 BIO_get_fd(r,&ret);
577 return(ret);
578 }
579
580int SSL_get_wfd(const SSL *s)
581 {
582 int ret= -1;
583 BIO *b,*r;
584
585 b=SSL_get_wbio(s);
586 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
587 if (r != NULL)
588 BIO_get_fd(r,&ret);
589 return(ret);
590 }
591
592#ifndef OPENSSL_NO_SOCK
593int SSL_set_fd(SSL *s,int fd)
594 {
595 int ret=0;
596 BIO *bio=NULL;
597
598 bio=BIO_new(BIO_s_socket());
599
600 if (bio == NULL)
601 {
602 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
603 goto err;
604 }
605 BIO_set_fd(bio,fd,BIO_NOCLOSE);
606 SSL_set_bio(s,bio,bio);
607 ret=1;
608err:
609 return(ret);
610 }
611
612int SSL_set_wfd(SSL *s,int fd)
613 {
614 int ret=0;
615 BIO *bio=NULL;
616
617 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
618 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
619 {
620 bio=BIO_new(BIO_s_socket());
621
622 if (bio == NULL)
623 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
624 BIO_set_fd(bio,fd,BIO_NOCLOSE);
625 SSL_set_bio(s,SSL_get_rbio(s),bio);
626 }
627 else
628 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
629 ret=1;
630err:
631 return(ret);
632 }
633
634int SSL_set_rfd(SSL *s,int fd)
635 {
636 int ret=0;
637 BIO *bio=NULL;
638
639 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
640 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
641 {
642 bio=BIO_new(BIO_s_socket());
643
644 if (bio == NULL)
645 {
646 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
647 goto err;
648 }
649 BIO_set_fd(bio,fd,BIO_NOCLOSE);
650 SSL_set_bio(s,bio,SSL_get_wbio(s));
651 }
652 else
653 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
654 ret=1;
655err:
656 return(ret);
657 }
658#endif
659
660
661/* return length of latest Finished message we sent, copy to 'buf' */
662size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
663 {
664 size_t ret = 0;
665
666 if (s->s3 != NULL)
667 {
668 ret = s->s3->tmp.finish_md_len;
669 if (count > ret)
670 count = ret;
671 memcpy(buf, s->s3->tmp.finish_md, count);
672 }
673 return ret;
674 }
675
676/* return length of latest Finished message we expected, copy to 'buf' */
677size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
678 {
679 size_t ret = 0;
680
681 if (s->s3 != NULL)
682 {
683 ret = s->s3->tmp.peer_finish_md_len;
684 if (count > ret)
685 count = ret;
686 memcpy(buf, s->s3->tmp.peer_finish_md, count);
687 }
688 return ret;
689 }
690
691
692int SSL_get_verify_mode(const SSL *s)
693 {
694 return(s->verify_mode);
695 }
696
697int SSL_get_verify_depth(const SSL *s)
698 {
699 return X509_VERIFY_PARAM_get_depth(s->param);
700 }
701
702int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
703 {
704 return(s->verify_callback);
705 }
706
707int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
708 {
709 return(ctx->verify_mode);
710 }
711
712int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
713 {
714 return X509_VERIFY_PARAM_get_depth(ctx->param);
715 }
716
717int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
718 {
719 return(ctx->default_verify_callback);
720 }
721
722void SSL_set_verify(SSL *s,int mode,
723 int (*callback)(int ok,X509_STORE_CTX *ctx))
724 {
725 s->verify_mode=mode;
726 if (callback != NULL)
727 s->verify_callback=callback;
728 }
729
730void SSL_set_verify_depth(SSL *s,int depth)
731 {
732 X509_VERIFY_PARAM_set_depth(s->param, depth);
733 }
734
735void SSL_set_read_ahead(SSL *s,int yes)
736 {
737 s->read_ahead=yes;
738 }
739
740int SSL_get_read_ahead(const SSL *s)
741 {
742 return(s->read_ahead);
743 }
744
745int SSL_pending(const SSL *s)
746 {
747 /* SSL_pending cannot work properly if read-ahead is enabled
748 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
749 * and it is impossible to fix since SSL_pending cannot report
750 * errors that may be observed while scanning the new data.
751 * (Note that SSL_pending() is often used as a boolean value,
752 * so we'd better not return -1.)
753 */
754 return(s->method->ssl_pending(s));
755 }
756
757X509 *SSL_get_peer_certificate(const SSL *s)
758 {
759 X509 *r;
760
761 if ((s == NULL) || (s->session == NULL))
762 r=NULL;
763 else
764 r=s->session->peer;
765
766 if (r == NULL) return(r);
767
768 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
769
770 return(r);
771 }
772
773STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
774 {
775 STACK_OF(X509) *r;
776
777 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
778 r=NULL;
779 else
780 r=s->session->sess_cert->cert_chain;
781
782 /* If we are a client, cert_chain includes the peer's own
783 * certificate; if we are a server, it does not. */
784
785 return(r);
786 }
787
788/* Now in theory, since the calling process own 't' it should be safe to
789 * modify. We need to be able to read f without being hassled */
790void SSL_copy_session_id(SSL *t,const SSL *f)
791 {
792 CERT *tmp;
793
794 /* Do we need to to SSL locking? */
795 SSL_set_session(t,SSL_get_session(f));
796
797 /* what if we are setup as SSLv2 but want to talk SSLv3 or
798 * vice-versa */
799 if (t->method != f->method)
800 {
801 t->method->ssl_free(t); /* cleanup current */
802 t->method=f->method; /* change method */
803 t->method->ssl_new(t); /* setup new */
804 }
805
806 tmp=t->cert;
807 if (f->cert != NULL)
808 {
809 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
810 t->cert=f->cert;
811 }
812 else
813 t->cert=NULL;
814 if (tmp != NULL) ssl_cert_free(tmp);
815 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
816 }
817
818/* Fix this so it checks all the valid key/cert options */
819int SSL_CTX_check_private_key(const SSL_CTX *ctx)
820 {
821 if ( (ctx == NULL) ||
822 (ctx->cert == NULL) ||
823 (ctx->cert->key->x509 == NULL))
824 {
825 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
826 return(0);
827 }
828 if (ctx->cert->key->privatekey == NULL)
829 {
830 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
831 return(0);
832 }
833 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
834 }
835
836/* Fix this function so that it takes an optional type parameter */
837int SSL_check_private_key(const SSL *ssl)
838 {
839 if (ssl == NULL)
840 {
841 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
842 return(0);
843 }
844 if (ssl->cert == NULL)
845 {
846 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
847 return 0;
848 }
849 if (ssl->cert->key->x509 == NULL)
850 {
851 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
852 return(0);
853 }
854 if (ssl->cert->key->privatekey == NULL)
855 {
856 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
857 return(0);
858 }
859 return(X509_check_private_key(ssl->cert->key->x509,
860 ssl->cert->key->privatekey));
861 }
862
863int SSL_accept(SSL *s)
864 {
865 if (s->handshake_func == 0)
866 /* Not properly initialized yet */
867 SSL_set_accept_state(s);
868
869 return(s->method->ssl_accept(s));
870 }
871
872int SSL_connect(SSL *s)
873 {
874 if (s->handshake_func == 0)
875 /* Not properly initialized yet */
876 SSL_set_connect_state(s);
877
878 return(s->method->ssl_connect(s));
879 }
880
881long SSL_get_default_timeout(const SSL *s)
882 {
883 return(s->method->get_timeout());
884 }
885
886int SSL_read(SSL *s,void *buf,int num)
887 {
888 if (s->handshake_func == 0)
889 {
890 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
891 return -1;
892 }
893
894 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
895 {
896 s->rwstate=SSL_NOTHING;
897 return(0);
898 }
899 return(s->method->ssl_read(s,buf,num));
900 }
901
902int SSL_peek(SSL *s,void *buf,int num)
903 {
904 if (s->handshake_func == 0)
905 {
906 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
907 return -1;
908 }
909
910 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
911 {
912 return(0);
913 }
914 return(s->method->ssl_peek(s,buf,num));
915 }
916
917int SSL_write(SSL *s,const void *buf,int num)
918 {
919 if (s->handshake_func == 0)
920 {
921 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
922 return -1;
923 }
924
925 if (s->shutdown & SSL_SENT_SHUTDOWN)
926 {
927 s->rwstate=SSL_NOTHING;
928 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
929 return(-1);
930 }
931 return(s->method->ssl_write(s,buf,num));
932 }
933
934int SSL_shutdown(SSL *s)
935 {
936 /* Note that this function behaves differently from what one might
937 * expect. Return values are 0 for no success (yet),
938 * 1 for success; but calling it once is usually not enough,
939 * even if blocking I/O is used (see ssl3_shutdown).
940 */
941
942 if (s->handshake_func == 0)
943 {
944 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
945 return -1;
946 }
947
948 if ((s != NULL) && !SSL_in_init(s))
949 return(s->method->ssl_shutdown(s));
950 else
951 return(1);
952 }
953
954int SSL_renegotiate(SSL *s)
955 {
956 if (s->new_session == 0)
957 {
958 s->new_session=1;
959 }
960 return(s->method->ssl_renegotiate(s));
961 }
962
963int SSL_renegotiate_pending(SSL *s)
964 {
965 /* becomes true when negotiation is requested;
966 * false again once a handshake has finished */
967 return (s->new_session != 0);
968 }
969
970long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
971 {
972 long l;
973
974 switch (cmd)
975 {
976 case SSL_CTRL_GET_READ_AHEAD:
977 return(s->read_ahead);
978 case SSL_CTRL_SET_READ_AHEAD:
979 l=s->read_ahead;
980 s->read_ahead=larg;
981 return(l);
982
983 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
984 s->msg_callback_arg = parg;
985 return 1;
986
987 case SSL_CTRL_OPTIONS:
988 return(s->options|=larg);
989 case SSL_CTRL_MODE:
990 return(s->mode|=larg);
991 case SSL_CTRL_GET_MAX_CERT_LIST:
992 return(s->max_cert_list);
993 case SSL_CTRL_SET_MAX_CERT_LIST:
994 l=s->max_cert_list;
995 s->max_cert_list=larg;
996 return(l);
997 case SSL_CTRL_SET_MTU:
998 if (SSL_version(s) == DTLS1_VERSION)
999 {
1000 s->d1->mtu = larg;
1001 return larg;
1002 }
1003 return 0;
1004 default:
1005 return(s->method->ssl_ctrl(s,cmd,larg,parg));
1006 }
1007 }
1008
1009long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1010 {
1011 switch(cmd)
1012 {
1013 case SSL_CTRL_SET_MSG_CALLBACK:
1014 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1015 return 1;
1016
1017 default:
1018 return(s->method->ssl_callback_ctrl(s,cmd,fp));
1019 }
1020 }
1021
1022struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
1023 {
1024 return ctx->sessions;
1025 }
1026
1027long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1028 {
1029 long l;
1030
1031 switch (cmd)
1032 {
1033 case SSL_CTRL_GET_READ_AHEAD:
1034 return(ctx->read_ahead);
1035 case SSL_CTRL_SET_READ_AHEAD:
1036 l=ctx->read_ahead;
1037 ctx->read_ahead=larg;
1038 return(l);
1039
1040 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1041 ctx->msg_callback_arg = parg;
1042 return 1;
1043
1044 case SSL_CTRL_GET_MAX_CERT_LIST:
1045 return(ctx->max_cert_list);
1046 case SSL_CTRL_SET_MAX_CERT_LIST:
1047 l=ctx->max_cert_list;
1048 ctx->max_cert_list=larg;
1049 return(l);
1050
1051 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1052 l=ctx->session_cache_size;
1053 ctx->session_cache_size=larg;
1054 return(l);
1055 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1056 return(ctx->session_cache_size);
1057 case SSL_CTRL_SET_SESS_CACHE_MODE:
1058 l=ctx->session_cache_mode;
1059 ctx->session_cache_mode=larg;
1060 return(l);
1061 case SSL_CTRL_GET_SESS_CACHE_MODE:
1062 return(ctx->session_cache_mode);
1063
1064 case SSL_CTRL_SESS_NUMBER:
1065 return(ctx->sessions->num_items);
1066 case SSL_CTRL_SESS_CONNECT:
1067 return(ctx->stats.sess_connect);
1068 case SSL_CTRL_SESS_CONNECT_GOOD:
1069 return(ctx->stats.sess_connect_good);
1070 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1071 return(ctx->stats.sess_connect_renegotiate);
1072 case SSL_CTRL_SESS_ACCEPT:
1073 return(ctx->stats.sess_accept);
1074 case SSL_CTRL_SESS_ACCEPT_GOOD:
1075 return(ctx->stats.sess_accept_good);
1076 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1077 return(ctx->stats.sess_accept_renegotiate);
1078 case SSL_CTRL_SESS_HIT:
1079 return(ctx->stats.sess_hit);
1080 case SSL_CTRL_SESS_CB_HIT:
1081 return(ctx->stats.sess_cb_hit);
1082 case SSL_CTRL_SESS_MISSES:
1083 return(ctx->stats.sess_miss);
1084 case SSL_CTRL_SESS_TIMEOUTS:
1085 return(ctx->stats.sess_timeout);
1086 case SSL_CTRL_SESS_CACHE_FULL:
1087 return(ctx->stats.sess_cache_full);
1088 case SSL_CTRL_OPTIONS:
1089 return(ctx->options|=larg);
1090 case SSL_CTRL_MODE:
1091 return(ctx->mode|=larg);
1092 default:
1093 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
1094 }
1095 }
1096
1097long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1098 {
1099 switch(cmd)
1100 {
1101 case SSL_CTRL_SET_MSG_CALLBACK:
1102 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1103 return 1;
1104
1105 default:
1106 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
1107 }
1108 }
1109
1110int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1111 {
1112 long l;
1113
1114 l=a->id-b->id;
1115 if (l == 0L)
1116 return(0);
1117 else
1118 return((l > 0)?1:-1);
1119 }
1120
1121int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1122 const SSL_CIPHER * const *bp)
1123 {
1124 long l;
1125
1126 l=(*ap)->id-(*bp)->id;
1127 if (l == 0L)
1128 return(0);
1129 else
1130 return((l > 0)?1:-1);
1131 }
1132
1133/** return a STACK of the ciphers available for the SSL and in order of
1134 * preference */
1135STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
1136 {
1137 if (s != NULL)
1138 {
1139 if (s->cipher_list != NULL)
1140 {
1141 return(s->cipher_list);
1142 }
1143 else if ((s->ctx != NULL) &&
1144 (s->ctx->cipher_list != NULL))
1145 {
1146 return(s->ctx->cipher_list);
1147 }
1148 }
1149 return(NULL);
1150 }
1151
1152/** return a STACK of the ciphers available for the SSL and in order of
1153 * algorithm id */
1154STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
1155 {
1156 if (s != NULL)
1157 {
1158 if (s->cipher_list_by_id != NULL)
1159 {
1160 return(s->cipher_list_by_id);
1161 }
1162 else if ((s->ctx != NULL) &&
1163 (s->ctx->cipher_list_by_id != NULL))
1164 {
1165 return(s->ctx->cipher_list_by_id);
1166 }
1167 }
1168 return(NULL);
1169 }
1170
1171/** The old interface to get the same thing as SSL_get_ciphers() */
1172const char *SSL_get_cipher_list(const SSL *s,int n)
1173 {
1174 SSL_CIPHER *c;
1175 STACK_OF(SSL_CIPHER) *sk;
1176
1177 if (s == NULL) return(NULL);
1178 sk=SSL_get_ciphers(s);
1179 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1180 return(NULL);
1181 c=sk_SSL_CIPHER_value(sk,n);
1182 if (c == NULL) return(NULL);
1183 return(c->name);
1184 }
1185
1186/** specify the ciphers to be used by default by the SSL_CTX */
1187int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1188 {
1189 STACK_OF(SSL_CIPHER) *sk;
1190
1191 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1192 &ctx->cipher_list_by_id,str);
1193 /* ssl_create_cipher_list may return an empty stack if it
1194 * was unable to find a cipher matching the given rule string
1195 * (for example if the rule string specifies a cipher which
1196 * has been disabled). This is not an error as far as
1197 * ssl_create_cipher_list is concerned, and hence
1198 * ctx->cipher_list and ctx->cipher_list_by_id has been
1199 * updated. */
1200 if (sk == NULL)
1201 return 0;
1202 else if (sk_SSL_CIPHER_num(sk) == 0)
1203 {
1204 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1205 return 0;
1206 }
1207 return 1;
1208 }
1209
1210/** specify the ciphers to be used by the SSL */
1211int SSL_set_cipher_list(SSL *s,const char *str)
1212 {
1213 STACK_OF(SSL_CIPHER) *sk;
1214
1215 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1216 &s->cipher_list_by_id,str);
1217 /* see comment in SSL_CTX_set_cipher_list */
1218 if (sk == NULL)
1219 return 0;
1220 else if (sk_SSL_CIPHER_num(sk) == 0)
1221 {
1222 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1223 return 0;
1224 }
1225 return 1;
1226 }
1227
1228/* works well for SSLv2, not so good for SSLv3 */
1229char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1230 {
1231 char *end;
1232 STACK_OF(SSL_CIPHER) *sk;
1233 SSL_CIPHER *c;
1234 size_t curlen = 0;
1235 int i;
1236
1237 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1238 (len < 2))
1239 return(NULL);
1240
1241 sk=s->session->ciphers;
1242 buf[0] = '\0';
1243 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1244 {
1245 c=sk_SSL_CIPHER_value(sk,i);
1246 end = buf + curlen;
1247 if (strlcat(buf, c->name, len) >= len ||
1248 (curlen = strlcat(buf, ":", len)) >= len)
1249 {
1250 /* remove truncated cipher from list */
1251 *end = '\0';
1252 break;
1253 }
1254 }
1255 /* remove trailing colon */
1256 if ((end = strrchr(buf, ':')) != NULL)
1257 *end = '\0';
1258 return(buf);
1259 }
1260
1261int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1262 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1263 {
1264 int i,j=0;
1265 SSL_CIPHER *c;
1266 unsigned char *q;
1267#ifndef OPENSSL_NO_KRB5
1268 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1269#endif /* OPENSSL_NO_KRB5 */
1270
1271 if (sk == NULL) return(0);
1272 q=p;
1273
1274 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1275 {
1276 c=sk_SSL_CIPHER_value(sk,i);
1277#ifndef OPENSSL_NO_KRB5
1278 if ((c->algorithms & SSL_KRB5) && nokrb5)
1279 continue;
1280#endif /* OPENSSL_NO_KRB5 */
1281
1282 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1283 p+=j;
1284 }
1285 return(p-q);
1286 }
1287
1288STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1289 STACK_OF(SSL_CIPHER) **skp)
1290 {
1291 SSL_CIPHER *c;
1292 STACK_OF(SSL_CIPHER) *sk;
1293 int i,n;
1294
1295 n=ssl_put_cipher_by_char(s,NULL,NULL);
1296 if ((num%n) != 0)
1297 {
1298 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1299 return(NULL);
1300 }
1301 if ((skp == NULL) || (*skp == NULL))
1302 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1303 else
1304 {
1305 sk= *skp;
1306 sk_SSL_CIPHER_zero(sk);
1307 }
1308
1309 for (i=0; i<num; i+=n)
1310 {
1311 c=ssl_get_cipher_by_char(s,p);
1312 p+=n;
1313 if (c != NULL)
1314 {
1315 if (!sk_SSL_CIPHER_push(sk,c))
1316 {
1317 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1318 goto err;
1319 }
1320 }
1321 }
1322
1323 if (skp != NULL)
1324 *skp=sk;
1325 return(sk);
1326err:
1327 if ((skp == NULL) || (*skp == NULL))
1328 sk_SSL_CIPHER_free(sk);
1329 return(NULL);
1330 }
1331
1332#ifndef OPENSSL_NO_TLSEXT
1333/** return a servername extension value if provided in Client Hello, or NULL.
1334 * So far, only host_name types are defined (RFC 3546).
1335 */
1336
1337const char *SSL_get_servername(const SSL *s, const int type)
1338 {
1339 if (type != TLSEXT_NAMETYPE_host_name)
1340 return NULL;
1341
1342 return s->session && !s->tlsext_hostname ?
1343 s->session->tlsext_hostname :
1344 s->tlsext_hostname;
1345 }
1346
1347int SSL_get_servername_type(const SSL *s)
1348 {
1349 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1350 return TLSEXT_NAMETYPE_host_name;
1351 return -1;
1352 }
1353#endif
1354
1355unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
1356 {
1357 unsigned long l;
1358
1359 l=(unsigned long)
1360 ((unsigned int) a->session_id[0] )|
1361 ((unsigned int) a->session_id[1]<< 8L)|
1362 ((unsigned long)a->session_id[2]<<16L)|
1363 ((unsigned long)a->session_id[3]<<24L);
1364 return(l);
1365 }
1366
1367/* NB: If this function (or indeed the hash function which uses a sort of
1368 * coarser function than this one) is changed, ensure
1369 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1370 * able to construct an SSL_SESSION that will collide with any existing session
1371 * with a matching session ID. */
1372int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
1373 {
1374 if (a->ssl_version != b->ssl_version)
1375 return(1);
1376 if (a->session_id_length != b->session_id_length)
1377 return(1);
1378 return(memcmp(a->session_id,b->session_id,a->session_id_length));
1379 }
1380
1381/* These wrapper functions should remain rather than redeclaring
1382 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1383 * variable. The reason is that the functions aren't static, they're exposed via
1384 * ssl.h. */
1385static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
1386static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
1387
1388SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1389 {
1390 SSL_CTX *ret=NULL;
1391
1392 if (meth == NULL)
1393 {
1394 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1395 return(NULL);
1396 }
1397
1398#ifdef OPENSSL_FIPS
1399 if (FIPS_mode() && (meth->version < TLS1_VERSION))
1400 {
1401 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1402 return NULL;
1403 }
1404#endif
1405
1406 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1407 {
1408 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1409 goto err;
1410 }
1411 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1412 if (ret == NULL)
1413 goto err;
1414
1415 memset(ret,0,sizeof(SSL_CTX));
1416
1417 ret->method=meth;
1418
1419 ret->cert_store=NULL;
1420 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1421 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1422 ret->session_cache_head=NULL;
1423 ret->session_cache_tail=NULL;
1424
1425 /* We take the system default */
1426 ret->session_timeout=meth->get_timeout();
1427
1428 ret->new_session_cb=0;
1429 ret->remove_session_cb=0;
1430 ret->get_session_cb=0;
1431 ret->generate_session_id=0;
1432
1433 memset((char *)&ret->stats,0,sizeof(ret->stats));
1434
1435 ret->references=1;
1436 ret->quiet_shutdown=0;
1437
1438/* ret->cipher=NULL;*/
1439/* ret->s2->challenge=NULL;
1440 ret->master_key=NULL;
1441 ret->key_arg=NULL;
1442 ret->s2->conn_id=NULL; */
1443
1444 ret->info_callback=NULL;
1445
1446 ret->app_verify_callback=0;
1447 ret->app_verify_arg=NULL;
1448
1449 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
1450 ret->read_ahead=0;
1451 ret->msg_callback=0;
1452 ret->msg_callback_arg=NULL;
1453 ret->verify_mode=SSL_VERIFY_NONE;
1454#if 0
1455 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1456#endif
1457 ret->sid_ctx_length=0;
1458 ret->default_verify_callback=NULL;
1459 if ((ret->cert=ssl_cert_new()) == NULL)
1460 goto err;
1461
1462 ret->default_passwd_callback=0;
1463 ret->default_passwd_callback_userdata=NULL;
1464 ret->client_cert_cb=0;
1465 ret->app_gen_cookie_cb=0;
1466 ret->app_verify_cookie_cb=0;
1467
1468 ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
1469 LHASH_COMP_FN(SSL_SESSION_cmp));
1470 if (ret->sessions == NULL) goto err;
1471 ret->cert_store=X509_STORE_new();
1472 if (ret->cert_store == NULL) goto err;
1473
1474 ssl_create_cipher_list(ret->method,
1475 &ret->cipher_list,&ret->cipher_list_by_id,
1476 SSL_DEFAULT_CIPHER_LIST);
1477 if (ret->cipher_list == NULL
1478 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1479 {
1480 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1481 goto err2;
1482 }
1483
1484 ret->param = X509_VERIFY_PARAM_new();
1485 if (!ret->param)
1486 goto err;
1487
1488 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1489 {
1490 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1491 goto err2;
1492 }
1493 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1494 {
1495 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1496 goto err2;
1497 }
1498 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1499 {
1500 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1501 goto err2;
1502 }
1503
1504 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1505 goto err;
1506
1507 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1508
1509 ret->extra_certs=NULL;
1510 ret->comp_methods=SSL_COMP_get_compression_methods();
1511
1512#ifndef OPENSSL_NO_TLSEXT
1513 ret->tlsext_servername_callback = 0;
1514 ret->tlsext_servername_arg = NULL;
1515 /* Setup RFC4507 ticket keys */
1516 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1517 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1518 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1519 ret->options |= SSL_OP_NO_TICKET;
1520
1521 ret->tlsext_status_cb = 0;
1522 ret->tlsext_status_arg = NULL;
1523
1524#endif
1525
1526#ifndef OPENSSL_NO_ENGINE
1527 ret->client_cert_engine = NULL;
1528#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1529#define eng_strx(x) #x
1530#define eng_str(x) eng_strx(x)
1531 /* Use specific client engine automatically... ignore errors */
1532 {
1533 ENGINE *eng;
1534 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1535 if (!eng)
1536 {
1537 ERR_clear_error();
1538 ENGINE_load_builtin_engines();
1539 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1540 }
1541 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1542 ERR_clear_error();
1543 }
1544#endif
1545#endif
1546
1547 return(ret);
1548err:
1549 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1550err2:
1551 if (ret != NULL) SSL_CTX_free(ret);
1552 return(NULL);
1553 }
1554
1555#if 0
1556static void SSL_COMP_free(SSL_COMP *comp)
1557 { OPENSSL_free(comp); }
1558#endif
1559
1560void SSL_CTX_free(SSL_CTX *a)
1561 {
1562 int i;
1563
1564 if (a == NULL) return;
1565
1566 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1567#ifdef REF_PRINT
1568 REF_PRINT("SSL_CTX",a);
1569#endif
1570 if (i > 0) return;
1571#ifdef REF_CHECK
1572 if (i < 0)
1573 {
1574 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1575 abort(); /* ok */
1576 }
1577#endif
1578
1579 if (a->param)
1580 X509_VERIFY_PARAM_free(a->param);
1581
1582 /*
1583 * Free internal session cache. However: the remove_cb() may reference
1584 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1585 * after the sessions were flushed.
1586 * As the ex_data handling routines might also touch the session cache,
1587 * the most secure solution seems to be: empty (flush) the cache, then
1588 * free ex_data, then finally free the cache.
1589 * (See ticket [openssl.org #212].)
1590 */
1591 if (a->sessions != NULL)
1592 SSL_CTX_flush_sessions(a,0);
1593
1594 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1595
1596 if (a->sessions != NULL)
1597 lh_free(a->sessions);
1598
1599 if (a->cert_store != NULL)
1600 X509_STORE_free(a->cert_store);
1601 if (a->cipher_list != NULL)
1602 sk_SSL_CIPHER_free(a->cipher_list);
1603 if (a->cipher_list_by_id != NULL)
1604 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1605 if (a->cert != NULL)
1606 ssl_cert_free(a->cert);
1607 if (a->client_CA != NULL)
1608 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1609 if (a->extra_certs != NULL)
1610 sk_X509_pop_free(a->extra_certs,X509_free);
1611#if 0 /* This should never be done, since it removes a global database */
1612 if (a->comp_methods != NULL)
1613 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1614#else
1615 a->comp_methods = NULL;
1616#endif
1617#ifndef OPENSSL_NO_ENGINE
1618 if (a->client_cert_engine)
1619 ENGINE_finish(a->client_cert_engine);
1620#endif
1621 OPENSSL_free(a);
1622 }
1623
1624void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1625 {
1626 ctx->default_passwd_callback=cb;
1627 }
1628
1629void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1630 {
1631 ctx->default_passwd_callback_userdata=u;
1632 }
1633
1634void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
1635 {
1636 ctx->app_verify_callback=cb;
1637 ctx->app_verify_arg=arg;
1638 }
1639
1640void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1641 {
1642 ctx->verify_mode=mode;
1643 ctx->default_verify_callback=cb;
1644 }
1645
1646void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1647 {
1648 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1649 }
1650
1651void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1652 {
1653 CERT_PKEY *cpk;
1654 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1655 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1656 int rsa_tmp_export,dh_tmp_export,kl;
1657 unsigned long mask,emask;
1658 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1659#ifndef OPENSSL_NO_ECDH
1660 int have_ecdh_tmp;
1661#endif
1662 X509 *x = NULL;
1663 EVP_PKEY *ecc_pkey = NULL;
1664 int signature_nid = 0;
1665
1666 if (c == NULL) return;
1667
1668 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1669
1670#ifndef OPENSSL_NO_RSA
1671 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1672 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1673 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1674#else
1675 rsa_tmp=rsa_tmp_export=0;
1676#endif
1677#ifndef OPENSSL_NO_DH
1678 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1679 dh_tmp_export=(c->dh_tmp_cb != NULL ||
1680 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1681#else
1682 dh_tmp=dh_tmp_export=0;
1683#endif
1684
1685#ifndef OPENSSL_NO_ECDH
1686 have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
1687#endif
1688 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1689 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
1690 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1691 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1692 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1693 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1694 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1695 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1696 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1697 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1698 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1699/* FIX THIS EAY EAY EAY */
1700 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1701 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1702 cpk= &(c->pkeys[SSL_PKEY_ECC]);
1703 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
1704 mask=0;
1705 emask=0;
1706
1707#ifdef CIPHER_DEBUG
1708 printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1709 rsa_tmp,rsa_tmp_export,dh_tmp,
1710 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1711#endif
1712
1713 if (rsa_enc || (rsa_tmp && rsa_sign))
1714 mask|=SSL_kRSA;
1715 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1716 emask|=SSL_kRSA;
1717
1718#if 0
1719 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1720 if ( (dh_tmp || dh_rsa || dh_dsa) &&
1721 (rsa_enc || rsa_sign || dsa_sign))
1722 mask|=SSL_kEDH;
1723 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1724 (rsa_enc || rsa_sign || dsa_sign))
1725 emask|=SSL_kEDH;
1726#endif
1727
1728 if (dh_tmp_export)
1729 emask|=SSL_kEDH;
1730
1731 if (dh_tmp)
1732 mask|=SSL_kEDH;
1733
1734 if (dh_rsa) mask|=SSL_kDHr;
1735 if (dh_rsa_export) emask|=SSL_kDHr;
1736
1737 if (dh_dsa) mask|=SSL_kDHd;
1738 if (dh_dsa_export) emask|=SSL_kDHd;
1739
1740 if (rsa_enc || rsa_sign)
1741 {
1742 mask|=SSL_aRSA;
1743 emask|=SSL_aRSA;
1744 }
1745
1746 if (dsa_sign)
1747 {
1748 mask|=SSL_aDSS;
1749 emask|=SSL_aDSS;
1750 }
1751
1752 mask|=SSL_aNULL;
1753 emask|=SSL_aNULL;
1754
1755#ifndef OPENSSL_NO_KRB5
1756 mask|=SSL_kKRB5|SSL_aKRB5;
1757 emask|=SSL_kKRB5|SSL_aKRB5;
1758#endif
1759
1760 /* An ECC certificate may be usable for ECDH and/or
1761 * ECDSA cipher suites depending on the key usage extension.
1762 */
1763 if (have_ecc_cert)
1764 {
1765 /* This call populates extension flags (ex_flags) */
1766 x = (c->pkeys[SSL_PKEY_ECC]).x509;
1767 X509_check_purpose(x, -1, 0);
1768 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
1769 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
1770 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
1771 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
1772 ecc_pkey = X509_get_pubkey(x);
1773 ecc_pkey_size = (ecc_pkey != NULL) ?
1774 EVP_PKEY_bits(ecc_pkey) : 0;
1775 EVP_PKEY_free(ecc_pkey);
1776 if ((x->sig_alg) && (x->sig_alg->algorithm))
1777 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
1778#ifndef OPENSSL_NO_ECDH
1779 if (ecdh_ok)
1780 {
1781 if ((signature_nid == NID_md5WithRSAEncryption) ||
1782 (signature_nid == NID_md4WithRSAEncryption) ||
1783 (signature_nid == NID_md2WithRSAEncryption))
1784 {
1785 mask|=SSL_kECDH|SSL_aRSA;
1786 if (ecc_pkey_size <= 163)
1787 emask|=SSL_kECDH|SSL_aRSA;
1788 }
1789 if (signature_nid == NID_ecdsa_with_SHA1)
1790 {
1791 mask|=SSL_kECDH|SSL_aECDSA;
1792 if (ecc_pkey_size <= 163)
1793 emask|=SSL_kECDH|SSL_aECDSA;
1794 }
1795 }
1796#endif
1797#ifndef OPENSSL_NO_ECDSA
1798 if (ecdsa_ok)
1799 {
1800 mask|=SSL_aECDSA;
1801 emask|=SSL_aECDSA;
1802 }
1803#endif
1804 }
1805
1806#ifndef OPENSSL_NO_ECDH
1807 if (have_ecdh_tmp)
1808 {
1809 mask|=SSL_kECDHE;
1810 emask|=SSL_kECDHE;
1811 }
1812#endif
1813 c->mask=mask;
1814 c->export_mask=emask;
1815 c->valid=1;
1816 }
1817
1818/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
1819#define ku_reject(x, usage) \
1820 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
1821
1822int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
1823 {
1824 unsigned long alg = cs->algorithms;
1825 EVP_PKEY *pkey = NULL;
1826 int keysize = 0;
1827 int signature_nid = 0;
1828
1829 if (SSL_C_IS_EXPORT(cs))
1830 {
1831 /* ECDH key length in export ciphers must be <= 163 bits */
1832 pkey = X509_get_pubkey(x);
1833 if (pkey == NULL) return 0;
1834 keysize = EVP_PKEY_bits(pkey);
1835 EVP_PKEY_free(pkey);
1836 if (keysize > 163) return 0;
1837 }
1838
1839 /* This call populates the ex_flags field correctly */
1840 X509_check_purpose(x, -1, 0);
1841 if ((x->sig_alg) && (x->sig_alg->algorithm))
1842 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
1843 if (alg & SSL_kECDH)
1844 {
1845 /* key usage, if present, must allow key agreement */
1846 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
1847 {
1848 return 0;
1849 }
1850 if (alg & SSL_aECDSA)
1851 {
1852 /* signature alg must be ECDSA */
1853 if (signature_nid != NID_ecdsa_with_SHA1)
1854 {
1855 return 0;
1856 }
1857 }
1858 if (alg & SSL_aRSA)
1859 {
1860 /* signature alg must be RSA */
1861 if ((signature_nid != NID_md5WithRSAEncryption) &&
1862 (signature_nid != NID_md4WithRSAEncryption) &&
1863 (signature_nid != NID_md2WithRSAEncryption))
1864 {
1865 return 0;
1866 }
1867 }
1868 }
1869 else if (alg & SSL_aECDSA)
1870 {
1871 /* key usage, if present, must allow signing */
1872 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
1873 {
1874 return 0;
1875 }
1876 }
1877
1878 return 1; /* all checks are ok */
1879 }
1880
1881/* THIS NEEDS CLEANING UP */
1882X509 *ssl_get_server_send_cert(SSL *s)
1883 {
1884 unsigned long alg,mask,kalg;
1885 CERT *c;
1886 int i,is_export;
1887
1888 c=s->cert;
1889 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
1890 alg=s->s3->tmp.new_cipher->algorithms;
1891 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
1892 mask=is_export?c->export_mask:c->mask;
1893 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1894
1895 if (kalg & SSL_kECDH)
1896 {
1897 /* we don't need to look at SSL_kECDHE
1898 * since no certificate is needed for
1899 * anon ECDH and for authenticated
1900 * ECDHE, the check for the auth
1901 * algorithm will set i correctly
1902 * NOTE: For ECDH-RSA, we need an ECC
1903 * not an RSA cert but for ECDHE-RSA
1904 * we need an RSA cert. Placing the
1905 * checks for SSL_kECDH before RSA
1906 * checks ensures the correct cert is chosen.
1907 */
1908 i=SSL_PKEY_ECC;
1909 }
1910 else if (kalg & SSL_aECDSA)
1911 {
1912 i=SSL_PKEY_ECC;
1913 }
1914 else if (kalg & SSL_kDHr)
1915 i=SSL_PKEY_DH_RSA;
1916 else if (kalg & SSL_kDHd)
1917 i=SSL_PKEY_DH_DSA;
1918 else if (kalg & SSL_aDSS)
1919 i=SSL_PKEY_DSA_SIGN;
1920 else if (kalg & SSL_aRSA)
1921 {
1922 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
1923 i=SSL_PKEY_RSA_SIGN;
1924 else
1925 i=SSL_PKEY_RSA_ENC;
1926 }
1927 else if (kalg & SSL_aKRB5)
1928 {
1929 /* VRS something else here? */
1930 return(NULL);
1931 }
1932 else /* if (kalg & SSL_aNULL) */
1933 {
1934 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
1935 return(NULL);
1936 }
1937 if (c->pkeys[i].x509 == NULL) return(NULL);
1938
1939 return(c->pkeys[i].x509);
1940 }
1941
1942EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
1943 {
1944 unsigned long alg;
1945 CERT *c;
1946
1947 alg=cipher->algorithms;
1948 c=s->cert;
1949
1950 if ((alg & SSL_aDSS) &&
1951 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
1952 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
1953 else if (alg & SSL_aRSA)
1954 {
1955 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
1956 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
1957 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
1958 return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
1959 else
1960 return(NULL);
1961 }
1962 else if ((alg & SSL_aECDSA) &&
1963 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
1964 return(c->pkeys[SSL_PKEY_ECC].privatekey);
1965 else /* if (alg & SSL_aNULL) */
1966 {
1967 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
1968 return(NULL);
1969 }
1970 }
1971
1972void ssl_update_cache(SSL *s,int mode)
1973 {
1974 int i;
1975
1976 /* If the session_id_length is 0, we are not supposed to cache it,
1977 * and it would be rather hard to do anyway :-) */
1978 if (s->session->session_id_length == 0) return;
1979
1980 i=s->ctx->session_cache_mode;
1981 if ((i & mode) && (!s->hit)
1982 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
1983 || SSL_CTX_add_session(s->ctx,s->session))
1984 && (s->ctx->new_session_cb != NULL))
1985 {
1986 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
1987 if (!s->ctx->new_session_cb(s,s->session))
1988 SSL_SESSION_free(s->session);
1989 }
1990
1991 /* auto flush every 255 connections */
1992 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
1993 ((i & mode) == mode))
1994 {
1995 if ( (((mode & SSL_SESS_CACHE_CLIENT)
1996 ?s->ctx->stats.sess_connect_good
1997 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1998 {
1999 SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
2000 }
2001 }
2002 }
2003
2004SSL_METHOD *SSL_get_ssl_method(SSL *s)
2005 {
2006 return(s->method);
2007 }
2008
2009int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
2010 {
2011 int conn= -1;
2012 int ret=1;
2013
2014 if (s->method != meth)
2015 {
2016 if (s->handshake_func != NULL)
2017 conn=(s->handshake_func == s->method->ssl_connect);
2018
2019 if (s->method->version == meth->version)
2020 s->method=meth;
2021 else
2022 {
2023 s->method->ssl_free(s);
2024 s->method=meth;
2025 ret=s->method->ssl_new(s);
2026 }
2027
2028 if (conn == 1)
2029 s->handshake_func=meth->ssl_connect;
2030 else if (conn == 0)
2031 s->handshake_func=meth->ssl_accept;
2032 }
2033 return(ret);
2034 }
2035
2036int SSL_get_error(const SSL *s,int i)
2037 {
2038 int reason;
2039 unsigned long l;
2040 BIO *bio;
2041
2042 if (i > 0) return(SSL_ERROR_NONE);
2043
2044 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2045 * etc, where we do encode the error */
2046 if ((l=ERR_peek_error()) != 0)
2047 {
2048 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2049 return(SSL_ERROR_SYSCALL);
2050 else
2051 return(SSL_ERROR_SSL);
2052 }
2053
2054 if ((i < 0) && SSL_want_read(s))
2055 {
2056 bio=SSL_get_rbio(s);
2057 if (BIO_should_read(bio))
2058 return(SSL_ERROR_WANT_READ);
2059 else if (BIO_should_write(bio))
2060 /* This one doesn't make too much sense ... We never try
2061 * to write to the rbio, and an application program where
2062 * rbio and wbio are separate couldn't even know what it
2063 * should wait for.
2064 * However if we ever set s->rwstate incorrectly
2065 * (so that we have SSL_want_read(s) instead of
2066 * SSL_want_write(s)) and rbio and wbio *are* the same,
2067 * this test works around that bug; so it might be safer
2068 * to keep it. */
2069 return(SSL_ERROR_WANT_WRITE);
2070 else if (BIO_should_io_special(bio))
2071 {
2072 reason=BIO_get_retry_reason(bio);
2073 if (reason == BIO_RR_CONNECT)
2074 return(SSL_ERROR_WANT_CONNECT);
2075 else if (reason == BIO_RR_ACCEPT)
2076 return(SSL_ERROR_WANT_ACCEPT);
2077 else
2078 return(SSL_ERROR_SYSCALL); /* unknown */
2079 }
2080 }
2081
2082 if ((i < 0) && SSL_want_write(s))
2083 {
2084 bio=SSL_get_wbio(s);
2085 if (BIO_should_write(bio))
2086 return(SSL_ERROR_WANT_WRITE);
2087 else if (BIO_should_read(bio))
2088 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2089 return(SSL_ERROR_WANT_READ);
2090 else if (BIO_should_io_special(bio))
2091 {
2092 reason=BIO_get_retry_reason(bio);
2093 if (reason == BIO_RR_CONNECT)
2094 return(SSL_ERROR_WANT_CONNECT);
2095 else if (reason == BIO_RR_ACCEPT)
2096 return(SSL_ERROR_WANT_ACCEPT);
2097 else
2098 return(SSL_ERROR_SYSCALL);
2099 }
2100 }
2101 if ((i < 0) && SSL_want_x509_lookup(s))
2102 {
2103 return(SSL_ERROR_WANT_X509_LOOKUP);
2104 }
2105
2106 if (i == 0)
2107 {
2108 if (s->version == SSL2_VERSION)
2109 {
2110 /* assume it is the socket being closed */
2111 return(SSL_ERROR_ZERO_RETURN);
2112 }
2113 else
2114 {
2115 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2116 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2117 return(SSL_ERROR_ZERO_RETURN);
2118 }
2119 }
2120 return(SSL_ERROR_SYSCALL);
2121 }
2122
2123int SSL_do_handshake(SSL *s)
2124 {
2125 int ret=1;
2126
2127 if (s->handshake_func == NULL)
2128 {
2129 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
2130 return(-1);
2131 }
2132
2133 s->method->ssl_renegotiate_check(s);
2134
2135 if (SSL_in_init(s) || SSL_in_before(s))
2136 {
2137 ret=s->handshake_func(s);
2138 }
2139 return(ret);
2140 }
2141
2142/* For the next 2 functions, SSL_clear() sets shutdown and so
2143 * one of these calls will reset it */
2144void SSL_set_accept_state(SSL *s)
2145 {
2146 s->server=1;
2147 s->shutdown=0;
2148 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
2149 s->handshake_func=s->method->ssl_accept;
2150 /* clear the current cipher */
2151 ssl_clear_cipher_ctx(s);
2152 }
2153
2154void SSL_set_connect_state(SSL *s)
2155 {
2156 s->server=0;
2157 s->shutdown=0;
2158 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
2159 s->handshake_func=s->method->ssl_connect;
2160 /* clear the current cipher */
2161 ssl_clear_cipher_ctx(s);
2162 }
2163
2164int ssl_undefined_function(SSL *s)
2165 {
2166 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2167 return(0);
2168 }
2169
2170int ssl_undefined_void_function(void)
2171 {
2172 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2173 return(0);
2174 }
2175
2176int ssl_undefined_const_function(const SSL *s)
2177 {
2178 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2179 return(0);
2180 }
2181
2182SSL_METHOD *ssl_bad_method(int ver)
2183 {
2184 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2185 return(NULL);
2186 }
2187
2188const char *SSL_get_version(const SSL *s)
2189 {
2190 if (s->version == TLS1_VERSION)
2191 return("TLSv1");
2192 else if (s->version == SSL3_VERSION)
2193 return("SSLv3");
2194 else if (s->version == SSL2_VERSION)
2195 return("SSLv2");
2196 else
2197 return("unknown");
2198 }
2199
2200SSL *SSL_dup(SSL *s)
2201 {
2202 STACK_OF(X509_NAME) *sk;
2203 X509_NAME *xn;
2204 SSL *ret;
2205 int i;
2206
2207 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2208 return(NULL);
2209
2210 ret->version = s->version;
2211 ret->type = s->type;
2212 ret->method = s->method;
2213
2214 if (s->session != NULL)
2215 {
2216 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2217 SSL_copy_session_id(ret,s);
2218 }
2219 else
2220 {
2221 /* No session has been established yet, so we have to expect
2222 * that s->cert or ret->cert will be changed later --
2223 * they should not both point to the same object,
2224 * and thus we can't use SSL_copy_session_id. */
2225
2226 ret->method->ssl_free(ret);
2227 ret->method = s->method;
2228 ret->method->ssl_new(ret);
2229
2230 if (s->cert != NULL)
2231 {
2232 if (ret->cert != NULL)
2233 {
2234 ssl_cert_free(ret->cert);
2235 }
2236 ret->cert = ssl_cert_dup(s->cert);
2237 if (ret->cert == NULL)
2238 goto err;
2239 }
2240
2241 SSL_set_session_id_context(ret,
2242 s->sid_ctx, s->sid_ctx_length);
2243 }
2244
2245 ret->options=s->options;
2246 ret->mode=s->mode;
2247 SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
2248 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
2249 ret->msg_callback = s->msg_callback;
2250 ret->msg_callback_arg = s->msg_callback_arg;
2251 SSL_set_verify(ret,SSL_get_verify_mode(s),
2252 SSL_get_verify_callback(s));
2253 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
2254 ret->generate_session_id = s->generate_session_id;
2255
2256 SSL_set_info_callback(ret,SSL_get_info_callback(s));
2257
2258 ret->debug=s->debug;
2259
2260 /* copy app data, a little dangerous perhaps */
2261 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
2262 goto err;
2263
2264 /* setup rbio, and wbio */
2265 if (s->rbio != NULL)
2266 {
2267 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2268 goto err;
2269 }
2270 if (s->wbio != NULL)
2271 {
2272 if (s->wbio != s->rbio)
2273 {
2274 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2275 goto err;
2276 }
2277 else
2278 ret->wbio=ret->rbio;
2279 }
2280 ret->rwstate = s->rwstate;
2281 ret->in_handshake = s->in_handshake;
2282 ret->handshake_func = s->handshake_func;
2283 ret->server = s->server;
2284 ret->new_session = s->new_session;
2285 ret->quiet_shutdown = s->quiet_shutdown;
2286 ret->shutdown=s->shutdown;
2287 ret->state=s->state; /* SSL_dup does not really work at any state, though */
2288 ret->rstate=s->rstate;
2289 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
2290 ret->hit=s->hit;
2291
2292 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2293
2294 /* dup the cipher_list and cipher_list_by_id stacks */
2295 if (s->cipher_list != NULL)
2296 {
2297 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2298 goto err;
2299 }
2300 if (s->cipher_list_by_id != NULL)
2301 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
2302 == NULL)
2303 goto err;
2304
2305 /* Dup the client_CA list */
2306 if (s->client_CA != NULL)
2307 {
2308 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2309 ret->client_CA=sk;
2310 for (i=0; i<sk_X509_NAME_num(sk); i++)
2311 {
2312 xn=sk_X509_NAME_value(sk,i);
2313 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
2314 {
2315 X509_NAME_free(xn);
2316 goto err;
2317 }
2318 }
2319 }
2320
2321 if (0)
2322 {
2323err:
2324 if (ret != NULL) SSL_free(ret);
2325 ret=NULL;
2326 }
2327 return(ret);
2328 }
2329
2330void ssl_clear_cipher_ctx(SSL *s)
2331 {
2332 if (s->enc_read_ctx != NULL)
2333 {
2334 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2335 OPENSSL_free(s->enc_read_ctx);
2336 s->enc_read_ctx=NULL;
2337 }
2338 if (s->enc_write_ctx != NULL)
2339 {
2340 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2341 OPENSSL_free(s->enc_write_ctx);
2342 s->enc_write_ctx=NULL;
2343 }
2344#ifndef OPENSSL_NO_COMP
2345 if (s->expand != NULL)
2346 {
2347 COMP_CTX_free(s->expand);
2348 s->expand=NULL;
2349 }
2350 if (s->compress != NULL)
2351 {
2352 COMP_CTX_free(s->compress);
2353 s->compress=NULL;
2354 }
2355#endif
2356 }
2357
2358/* Fix this function so that it takes an optional type parameter */
2359X509 *SSL_get_certificate(const SSL *s)
2360 {
2361 if (s->cert != NULL)
2362 return(s->cert->key->x509);
2363 else
2364 return(NULL);
2365 }
2366
2367/* Fix this function so that it takes an optional type parameter */
2368EVP_PKEY *SSL_get_privatekey(SSL *s)
2369 {
2370 if (s->cert != NULL)
2371 return(s->cert->key->privatekey);
2372 else
2373 return(NULL);
2374 }
2375
2376SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
2377 {
2378 if ((s->session != NULL) && (s->session->cipher != NULL))
2379 return(s->session->cipher);
2380 return(NULL);
2381 }
2382#ifdef OPENSSL_NO_COMP
2383const void *SSL_get_current_compression(SSL *s)
2384 {
2385 return NULL;
2386 }
2387const void *SSL_get_current_expansion(SSL *s)
2388 {
2389 return NULL;
2390 }
2391#else
2392
2393const COMP_METHOD *SSL_get_current_compression(SSL *s)
2394 {
2395 if (s->compress != NULL)
2396 return(s->compress->meth);
2397 return(NULL);
2398 }
2399
2400const COMP_METHOD *SSL_get_current_expansion(SSL *s)
2401 {
2402 if (s->expand != NULL)
2403 return(s->expand->meth);
2404 return(NULL);
2405 }
2406#endif
2407
2408int ssl_init_wbio_buffer(SSL *s,int push)
2409 {
2410 BIO *bbio;
2411
2412 if (s->bbio == NULL)
2413 {
2414 bbio=BIO_new(BIO_f_buffer());
2415 if (bbio == NULL) return(0);
2416 s->bbio=bbio;
2417 }
2418 else
2419 {
2420 bbio=s->bbio;
2421 if (s->bbio == s->wbio)
2422 s->wbio=BIO_pop(s->wbio);
2423 }
2424 (void)BIO_reset(bbio);
2425/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2426 if (!BIO_set_read_buffer_size(bbio,1))
2427 {
2428 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
2429 return(0);
2430 }
2431 if (push)
2432 {
2433 if (s->wbio != bbio)
2434 s->wbio=BIO_push(bbio,s->wbio);
2435 }
2436 else
2437 {
2438 if (s->wbio == bbio)
2439 s->wbio=BIO_pop(bbio);
2440 }
2441 return(1);
2442 }
2443
2444void ssl_free_wbio_buffer(SSL *s)
2445 {
2446 if (s->bbio == NULL) return;
2447
2448 if (s->bbio == s->wbio)
2449 {
2450 /* remove buffering */
2451 s->wbio=BIO_pop(s->wbio);
2452#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2453 assert(s->wbio != NULL);
2454#endif
2455 }
2456 BIO_free(s->bbio);
2457 s->bbio=NULL;
2458 }
2459
2460void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2461 {
2462 ctx->quiet_shutdown=mode;
2463 }
2464
2465int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2466 {
2467 return(ctx->quiet_shutdown);
2468 }
2469
2470void SSL_set_quiet_shutdown(SSL *s,int mode)
2471 {
2472 s->quiet_shutdown=mode;
2473 }
2474
2475int SSL_get_quiet_shutdown(const SSL *s)
2476 {
2477 return(s->quiet_shutdown);
2478 }
2479
2480void SSL_set_shutdown(SSL *s,int mode)
2481 {
2482 s->shutdown=mode;
2483 }
2484
2485int SSL_get_shutdown(const SSL *s)
2486 {
2487 return(s->shutdown);
2488 }
2489
2490int SSL_version(const SSL *s)
2491 {
2492 return(s->version);
2493 }
2494
2495SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
2496 {
2497 return(ssl->ctx);
2498 }
2499
2500SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2501 {
2502 if (ssl->ctx == ctx)
2503 return ssl->ctx;
2504#ifndef OPENSSL_NO_TLSEXT
2505 if (ctx == NULL)
2506 ctx = ssl->initial_ctx;
2507#endif
2508 if (ssl->cert != NULL)
2509 ssl_cert_free(ssl->cert);
2510 ssl->cert = ssl_cert_dup(ctx->cert);
2511 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
2512 if (ssl->ctx != NULL)
2513 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2514 ssl->ctx = ctx;
2515 return(ssl->ctx);
2516 }
2517
2518#ifndef OPENSSL_NO_STDIO
2519int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2520 {
2521 return(X509_STORE_set_default_paths(ctx->cert_store));
2522 }
2523
2524int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2525 const char *CApath)
2526 {
2527 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
2528 }
2529#endif
2530
2531void SSL_set_info_callback(SSL *ssl,
2532 void (*cb)(const SSL *ssl,int type,int val))
2533 {
2534 ssl->info_callback=cb;
2535 }
2536
2537/* One compiler (Diab DCC) doesn't like argument names in returned
2538 function pointer. */
2539void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2540 {
2541 return ssl->info_callback;
2542 }
2543
2544int SSL_state(const SSL *ssl)
2545 {
2546 return(ssl->state);
2547 }
2548
2549void SSL_set_verify_result(SSL *ssl,long arg)
2550 {
2551 ssl->verify_result=arg;
2552 }
2553
2554long SSL_get_verify_result(const SSL *ssl)
2555 {
2556 return(ssl->verify_result);
2557 }
2558
2559int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2560 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2561 {
2562 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2563 new_func, dup_func, free_func);
2564 }
2565
2566int SSL_set_ex_data(SSL *s,int idx,void *arg)
2567 {
2568 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2569 }
2570
2571void *SSL_get_ex_data(const SSL *s,int idx)
2572 {
2573 return(CRYPTO_get_ex_data(&s->ex_data,idx));
2574 }
2575
2576int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2577 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2578 {
2579 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2580 new_func, dup_func, free_func);
2581 }
2582
2583int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
2584 {
2585 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2586 }
2587
2588void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
2589 {
2590 return(CRYPTO_get_ex_data(&s->ex_data,idx));
2591 }
2592
2593int ssl_ok(SSL *s)
2594 {
2595 return(1);
2596 }
2597
2598X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
2599 {
2600 return(ctx->cert_store);
2601 }
2602
2603void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
2604 {
2605 if (ctx->cert_store != NULL)
2606 X509_STORE_free(ctx->cert_store);
2607 ctx->cert_store=store;
2608 }
2609
2610int SSL_want(const SSL *s)
2611 {
2612 return(s->rwstate);
2613 }
2614
2615/*!
2616 * \brief Set the callback for generating temporary RSA keys.
2617 * \param ctx the SSL context.
2618 * \param cb the callback
2619 */
2620
2621#ifndef OPENSSL_NO_RSA
2622void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
2623 int is_export,
2624 int keylength))
2625 {
2626 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2627 }
2628
2629void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
2630 int is_export,
2631 int keylength))
2632 {
2633 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2634 }
2635#endif
2636
2637#ifdef DOXYGEN
2638/*!
2639 * \brief The RSA temporary key callback function.
2640 * \param ssl the SSL session.
2641 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
2642 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
2643 * of the required key in bits.
2644 * \return the temporary RSA key.
2645 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
2646 */
2647
2648RSA *cb(SSL *ssl,int is_export,int keylength)
2649 {}
2650#endif
2651
2652/*!
2653 * \brief Set the callback for generating temporary DH keys.
2654 * \param ctx the SSL context.
2655 * \param dh the callback
2656 */
2657
2658#ifndef OPENSSL_NO_DH
2659void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
2660 int keylength))
2661 {
2662 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2663 }
2664
2665void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2666 int keylength))
2667 {
2668 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2669 }
2670#endif
2671
2672#ifndef OPENSSL_NO_ECDH
2673void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2674 int keylength))
2675 {
2676 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2677 }
2678
2679void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2680 int keylength))
2681 {
2682 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2683 }
2684#endif
2685
2686
2687void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2688 {
2689 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
2690 }
2691void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2692 {
2693 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
2694 }
2695
2696
2697
2698#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
2699#include "../crypto/bio/bss_file.c"
2700#endif
2701
2702IMPLEMENT_STACK_OF(SSL_CIPHER)
2703IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index ed4ddbbae6..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,982 +0,0 @@
1/* ssl/ssl_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#ifndef HEADER_SSL_LOCL_H
118#define HEADER_SSL_LOCL_H
119#include <stdlib.h>
120#include <time.h>
121#include <string.h>
122#include <errno.h>
123
124#include "e_os.h"
125
126#include <openssl/buffer.h>
127#ifndef OPENSSL_NO_COMP
128#include <openssl/comp.h>
129#endif
130#include <openssl/bio.h>
131#include <openssl/stack.h>
132#ifndef OPENSSL_NO_RSA
133#include <openssl/rsa.h>
134#endif
135#ifndef OPENSSL_NO_DSA
136#include <openssl/dsa.h>
137#endif
138#include <openssl/err.h>
139#include <openssl/ssl.h>
140#include <openssl/symhacks.h>
141
142#ifdef OPENSSL_BUILD_SHLIBSSL
143# undef OPENSSL_EXTERN
144# define OPENSSL_EXTERN OPENSSL_EXPORT
145#endif
146
147#define PKCS1_CHECK
148
149#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
150 l|=(((unsigned long)(*((c)++)))<< 8), \
151 l|=(((unsigned long)(*((c)++)))<<16), \
152 l|=(((unsigned long)(*((c)++)))<<24))
153
154/* NOTE - c is not incremented as per c2l */
155#define c2ln(c,l1,l2,n) { \
156 c+=n; \
157 l1=l2=0; \
158 switch (n) { \
159 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
160 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
161 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
162 case 5: l2|=((unsigned long)(*(--(c)))); \
163 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
164 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
165 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
166 case 1: l1|=((unsigned long)(*(--(c)))); \
167 } \
168 }
169
170#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
171 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
172 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
173 *((c)++)=(unsigned char)(((l)>>24)&0xff))
174
175#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
176 l|=((unsigned long)(*((c)++)))<<16, \
177 l|=((unsigned long)(*((c)++)))<< 8, \
178 l|=((unsigned long)(*((c)++))))
179
180#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
181 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
182 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
183 *((c)++)=(unsigned char)(((l) )&0xff))
184
185#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
186 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
187 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
188 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
189 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
190 *((c)++)=(unsigned char)(((l) )&0xff))
191
192#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
193 l|=((BN_ULLONG)(*((c)++)))<<32, \
194 l|=((BN_ULLONG)(*((c)++)))<<24, \
195 l|=((BN_ULLONG)(*((c)++)))<<16, \
196 l|=((BN_ULLONG)(*((c)++)))<< 8, \
197 l|=((BN_ULLONG)(*((c)++))))
198
199/* NOTE - c is not incremented as per l2c */
200#define l2cn(l1,l2,c,n) { \
201 c+=n; \
202 switch (n) { \
203 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
204 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
205 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
206 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
207 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
208 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
209 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
210 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
211 } \
212 }
213
214#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
215 (((unsigned int)(c[1])) )),c+=2)
216#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
217 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
218
219#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
220 (((unsigned long)(c[1]))<< 8)| \
221 (((unsigned long)(c[2])) )),c+=3)
222
223#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
224 c[1]=(unsigned char)(((l)>> 8)&0xff), \
225 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
226
227/* LOCAL STUFF */
228
229#define SSL_DECRYPT 0
230#define SSL_ENCRYPT 1
231
232#define TWO_BYTE_BIT 0x80
233#define SEC_ESC_BIT 0x40
234#define TWO_BYTE_MASK 0x7fff
235#define THREE_BYTE_MASK 0x3fff
236
237#define INC32(a) ((a)=((a)+1)&0xffffffffL)
238#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
239#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
240
241/*
242 * Define the Bitmasks for SSL_CIPHER.algorithms.
243 * This bits are used packed as dense as possible. If new methods/ciphers
244 * etc will be added, the bits a likely to change, so this information
245 * is for internal library use only, even though SSL_CIPHER.algorithms
246 * can be publicly accessed.
247 * Use the according functions for cipher management instead.
248 *
249 * The bit mask handling in the selection and sorting scheme in
250 * ssl_create_cipher_list() has only limited capabilities, reflecting
251 * that the different entities within are mutually exclusive:
252 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
253 */
254#define SSL_MKEY_MASK 0x000000FFL
255#define SSL_kRSA 0x00000001L /* RSA key exchange */
256#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
257#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
258#define SSL_kFZA 0x00000008L
259#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
260#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */
261#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */
262#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
263#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
264
265#define SSL_AUTH_MASK 0x00007F00L
266#define SSL_aRSA 0x00000100L /* Authenticate with RSA */
267#define SSL_aDSS 0x00000200L /* Authenticate with DSS */
268#define SSL_DSS SSL_aDSS
269#define SSL_aFZA 0x00000400L
270#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */
271#define SSL_aDH 0x00001000L /* no Authenticate, ADH */
272#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */
273#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */
274
275#define SSL_NULL (SSL_eNULL)
276#define SSL_ADH (SSL_kEDH|SSL_aNULL)
277#define SSL_RSA (SSL_kRSA|SSL_aRSA)
278#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
279#define SSL_ECDH (SSL_kECDH|SSL_kECDHE)
280#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
281#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
282
283#define SSL_ENC_MASK 0x1C3F8000L
284#define SSL_DES 0x00008000L
285#define SSL_3DES 0x00010000L
286#define SSL_RC4 0x00020000L
287#define SSL_RC2 0x00040000L
288#define SSL_IDEA 0x00080000L
289#define SSL_eFZA 0x00100000L
290#define SSL_eNULL 0x00200000L
291#define SSL_AES 0x04000000L
292#define SSL_CAMELLIA 0x08000000L
293#define SSL_SEED 0x10000000L
294
295#define SSL_MAC_MASK 0x00c00000L
296#define SSL_MD5 0x00400000L
297#define SSL_SHA1 0x00800000L
298#define SSL_SHA (SSL_SHA1)
299
300#define SSL_SSL_MASK 0x03000000L
301#define SSL_SSLV2 0x01000000L
302#define SSL_SSLV3 0x02000000L
303#define SSL_TLSV1 SSL_SSLV3 /* for now */
304
305/* we have used 1fffffff - 3 bits left to go. */
306
307/*
308 * Export and cipher strength information. For each cipher we have to decide
309 * whether it is exportable or not. This information is likely to change
310 * over time, since the export control rules are no static technical issue.
311 *
312 * Independent of the export flag the cipher strength is sorted into classes.
313 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
314 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
315 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
316 * since SSL_EXP64 could be similar to SSL_LOW.
317 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
318 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
319 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
320 * be possible.
321 */
322#define SSL_EXP_MASK 0x00000003L
323#define SSL_NOT_EXP 0x00000001L
324#define SSL_EXPORT 0x00000002L
325
326#define SSL_STRONG_MASK 0x000000fcL
327#define SSL_STRONG_NONE 0x00000004L
328#define SSL_EXP40 0x00000008L
329#define SSL_MICRO (SSL_EXP40)
330#define SSL_EXP56 0x00000010L
331#define SSL_MINI (SSL_EXP56)
332#define SSL_LOW 0x00000020L
333#define SSL_MEDIUM 0x00000040L
334#define SSL_HIGH 0x00000080L
335#define SSL_FIPS 0x00000100L
336
337/* we have used 000001ff - 23 bits left to go */
338
339/*
340 * Macros to check the export status and cipher strength for export ciphers.
341 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
342 * their meaning is different:
343 * *_EXPORT macros check the 'exportable' status.
344 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
345 * is given.
346 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
347 * algorithm structure element to be passed (algorithms, algo_strength) and no
348 * typechecking can be done as they are all of type unsigned long, their
349 * direct usage is discouraged.
350 * Use the SSL_C_* macros instead.
351 */
352#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
353#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
354#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
355#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
356#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
357#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
358
359#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
360 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
361#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
362#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \
363 (c)->algo_strength)
364#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
365
366
367#define SSL_ALL 0xffffffffL
368#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
369 SSL_MAC_MASK)
370#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
371
372/* Mostly for SSLv3 */
373#define SSL_PKEY_RSA_ENC 0
374#define SSL_PKEY_RSA_SIGN 1
375#define SSL_PKEY_DSA_SIGN 2
376#define SSL_PKEY_DH_RSA 3
377#define SSL_PKEY_DH_DSA 4
378#define SSL_PKEY_ECC 5
379#define SSL_PKEY_NUM 6
380
381/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
382 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
383 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
384 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
385 * SSL_aRSA <- RSA_ENC | RSA_SIGN
386 * SSL_aDSS <- DSA_SIGN
387 */
388
389/*
390#define CERT_INVALID 0
391#define CERT_PUBLIC_KEY 1
392#define CERT_PRIVATE_KEY 2
393*/
394
395#ifndef OPENSSL_NO_EC
396/* From ECC-TLS draft, used in encoding the curve type in
397 * ECParameters
398 */
399#define EXPLICIT_PRIME_CURVE_TYPE 1
400#define EXPLICIT_CHAR2_CURVE_TYPE 2
401#define NAMED_CURVE_TYPE 3
402#endif /* OPENSSL_NO_EC */
403
404typedef struct cert_pkey_st
405 {
406 X509 *x509;
407 EVP_PKEY *privatekey;
408 } CERT_PKEY;
409
410typedef struct cert_st
411 {
412 /* Current active set */
413 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
414 * Probably it would make more sense to store
415 * an index, not a pointer. */
416
417 /* The following masks are for the key and auth
418 * algorithms that are supported by the certs below */
419 int valid;
420 unsigned long mask;
421 unsigned long export_mask;
422#ifndef OPENSSL_NO_RSA
423 RSA *rsa_tmp;
424 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
425#endif
426#ifndef OPENSSL_NO_DH
427 DH *dh_tmp;
428 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
429#endif
430#ifndef OPENSSL_NO_ECDH
431 EC_KEY *ecdh_tmp;
432 /* Callback for generating ephemeral ECDH keys */
433 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
434#endif
435
436 CERT_PKEY pkeys[SSL_PKEY_NUM];
437
438 int references; /* >1 only if SSL_copy_session_id is used */
439 } CERT;
440
441
442typedef struct sess_cert_st
443 {
444 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
445
446 /* The 'peer_...' members are used only by clients. */
447 int peer_cert_type;
448
449 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
450 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
451 /* Obviously we don't have the private keys of these,
452 * so maybe we shouldn't even use the CERT_PKEY type here. */
453
454#ifndef OPENSSL_NO_RSA
455 RSA *peer_rsa_tmp; /* not used for SSL 2 */
456#endif
457#ifndef OPENSSL_NO_DH
458 DH *peer_dh_tmp; /* not used for SSL 2 */
459#endif
460#ifndef OPENSSL_NO_ECDH
461 EC_KEY *peer_ecdh_tmp;
462#endif
463
464 int references; /* actually always 1 at the moment */
465 } SESS_CERT;
466
467
468/*#define MAC_DEBUG */
469
470/*#define ERR_DEBUG */
471/*#define ABORT_DEBUG */
472/*#define PKT_DEBUG 1 */
473/*#define DES_DEBUG */
474/*#define DES_OFB_DEBUG */
475/*#define SSL_DEBUG */
476/*#define RSA_DEBUG */
477/*#define IDEA_DEBUG */
478
479#define FP_ICC (int (*)(const void *,const void *))
480#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
481 ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
482#define ssl_get_cipher_by_char(ssl,ptr) \
483 ((ssl)->method->get_cipher_by_char(ptr))
484
485/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
486 * It is a bit of a mess of functions, but hell, think of it as
487 * an opaque structure :-) */
488typedef struct ssl3_enc_method
489 {
490 int (*enc)(SSL *, int);
491 int (*mac)(SSL *, unsigned char *, int);
492 int (*setup_key_block)(SSL *);
493 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
494 int (*change_cipher_state)(SSL *, int);
495 int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
496 int finish_mac_length;
497 int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
498 const char *client_finished_label;
499 int client_finished_label_len;
500 const char *server_finished_label;
501 int server_finished_label_len;
502 int (*alert_value)(int);
503 } SSL3_ENC_METHOD;
504
505#ifndef OPENSSL_NO_COMP
506/* Used for holding the relevant compression methods loaded into SSL_CTX */
507typedef struct ssl3_comp_st
508 {
509 int comp_id; /* The identifier byte for this compression type */
510 char *name; /* Text name used for the compression type */
511 COMP_METHOD *method; /* The method :-) */
512 } SSL3_COMP;
513#endif
514
515extern SSL3_ENC_METHOD ssl3_undef_enc_method;
516OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
517OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
518
519
520SSL_METHOD *ssl_bad_method(int ver);
521SSL_METHOD *sslv2_base_method(void);
522SSL_METHOD *sslv23_base_method(void);
523SSL_METHOD *sslv3_base_method(void);
524
525extern SSL3_ENC_METHOD TLSv1_enc_data;
526extern SSL3_ENC_METHOD SSLv3_enc_data;
527extern SSL3_ENC_METHOD DTLSv1_enc_data;
528
529#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
530SSL_METHOD *func_name(void) \
531 { \
532 static SSL_METHOD func_name##_data= { \
533 TLS1_VERSION, \
534 tls1_new, \
535 tls1_clear, \
536 tls1_free, \
537 s_accept, \
538 s_connect, \
539 ssl3_read, \
540 ssl3_peek, \
541 ssl3_write, \
542 ssl3_shutdown, \
543 ssl3_renegotiate, \
544 ssl3_renegotiate_check, \
545 ssl3_get_message, \
546 ssl3_read_bytes, \
547 ssl3_write_bytes, \
548 ssl3_dispatch_alert, \
549 ssl3_ctrl, \
550 ssl3_ctx_ctrl, \
551 ssl3_get_cipher_by_char, \
552 ssl3_put_cipher_by_char, \
553 ssl3_pending, \
554 ssl3_num_ciphers, \
555 ssl3_get_cipher, \
556 s_get_meth, \
557 tls1_default_timeout, \
558 &TLSv1_enc_data, \
559 ssl_undefined_void_function, \
560 ssl3_callback_ctrl, \
561 ssl3_ctx_callback_ctrl, \
562 }; \
563 return &func_name##_data; \
564 }
565
566#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
567SSL_METHOD *func_name(void) \
568 { \
569 static SSL_METHOD func_name##_data= { \
570 SSL3_VERSION, \
571 ssl3_new, \
572 ssl3_clear, \
573 ssl3_free, \
574 s_accept, \
575 s_connect, \
576 ssl3_read, \
577 ssl3_peek, \
578 ssl3_write, \
579 ssl3_shutdown, \
580 ssl3_renegotiate, \
581 ssl3_renegotiate_check, \
582 ssl3_get_message, \
583 ssl3_read_bytes, \
584 ssl3_write_bytes, \
585 ssl3_dispatch_alert, \
586 ssl3_ctrl, \
587 ssl3_ctx_ctrl, \
588 ssl3_get_cipher_by_char, \
589 ssl3_put_cipher_by_char, \
590 ssl3_pending, \
591 ssl3_num_ciphers, \
592 ssl3_get_cipher, \
593 s_get_meth, \
594 ssl3_default_timeout, \
595 &SSLv3_enc_data, \
596 ssl_undefined_void_function, \
597 ssl3_callback_ctrl, \
598 ssl3_ctx_callback_ctrl, \
599 }; \
600 return &func_name##_data; \
601 }
602
603#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
604SSL_METHOD *func_name(void) \
605 { \
606 static SSL_METHOD func_name##_data= { \
607 TLS1_VERSION, \
608 tls1_new, \
609 tls1_clear, \
610 tls1_free, \
611 s_accept, \
612 s_connect, \
613 ssl23_read, \
614 ssl23_peek, \
615 ssl23_write, \
616 ssl_undefined_function, \
617 ssl_undefined_function, \
618 ssl_ok, \
619 ssl3_get_message, \
620 ssl3_read_bytes, \
621 ssl3_write_bytes, \
622 ssl3_dispatch_alert, \
623 ssl3_ctrl, \
624 ssl3_ctx_ctrl, \
625 ssl23_get_cipher_by_char, \
626 ssl23_put_cipher_by_char, \
627 ssl_undefined_const_function, \
628 ssl23_num_ciphers, \
629 ssl23_get_cipher, \
630 s_get_meth, \
631 ssl23_default_timeout, \
632 &ssl3_undef_enc_method, \
633 ssl_undefined_void_function, \
634 ssl3_callback_ctrl, \
635 ssl3_ctx_callback_ctrl, \
636 }; \
637 return &func_name##_data; \
638 }
639
640#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
641SSL_METHOD *func_name(void) \
642 { \
643 static SSL_METHOD func_name##_data= { \
644 SSL2_VERSION, \
645 ssl2_new, /* local */ \
646 ssl2_clear, /* local */ \
647 ssl2_free, /* local */ \
648 s_accept, \
649 s_connect, \
650 ssl2_read, \
651 ssl2_peek, \
652 ssl2_write, \
653 ssl2_shutdown, \
654 ssl_ok, /* NULL - renegotiate */ \
655 ssl_ok, /* NULL - check renegotiate */ \
656 NULL, /* NULL - ssl_get_message */ \
657 NULL, /* NULL - ssl_get_record */ \
658 NULL, /* NULL - ssl_write_bytes */ \
659 NULL, /* NULL - dispatch_alert */ \
660 ssl2_ctrl, /* local */ \
661 ssl2_ctx_ctrl, /* local */ \
662 ssl2_get_cipher_by_char, \
663 ssl2_put_cipher_by_char, \
664 ssl2_pending, \
665 ssl2_num_ciphers, \
666 ssl2_get_cipher, \
667 s_get_meth, \
668 ssl2_default_timeout, \
669 &ssl3_undef_enc_method, \
670 ssl_undefined_void_function, \
671 ssl2_callback_ctrl, /* local */ \
672 ssl2_ctx_callback_ctrl, /* local */ \
673 }; \
674 return &func_name##_data; \
675 }
676
677#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
678SSL_METHOD *func_name(void) \
679 { \
680 static SSL_METHOD func_name##_data= { \
681 DTLS1_VERSION, \
682 dtls1_new, \
683 dtls1_clear, \
684 dtls1_free, \
685 s_accept, \
686 s_connect, \
687 ssl3_read, \
688 ssl3_peek, \
689 ssl3_write, \
690 ssl3_shutdown, \
691 ssl3_renegotiate, \
692 ssl3_renegotiate_check, \
693 dtls1_get_message, \
694 dtls1_read_bytes, \
695 dtls1_write_app_data_bytes, \
696 dtls1_dispatch_alert, \
697 ssl3_ctrl, \
698 ssl3_ctx_ctrl, \
699 ssl3_get_cipher_by_char, \
700 ssl3_put_cipher_by_char, \
701 ssl3_pending, \
702 ssl3_num_ciphers, \
703 dtls1_get_cipher, \
704 s_get_meth, \
705 dtls1_default_timeout, \
706 &DTLSv1_enc_data, \
707 ssl_undefined_void_function, \
708 ssl3_callback_ctrl, \
709 ssl3_ctx_callback_ctrl, \
710 }; \
711 return &func_name##_data; \
712 }
713
714void ssl_clear_cipher_ctx(SSL *s);
715int ssl_clear_bad_session(SSL *s);
716CERT *ssl_cert_new(void);
717CERT *ssl_cert_dup(CERT *cert);
718int ssl_cert_inst(CERT **o);
719void ssl_cert_free(CERT *c);
720SESS_CERT *ssl_sess_cert_new(void);
721void ssl_sess_cert_free(SESS_CERT *sc);
722int ssl_set_peer_cert_type(SESS_CERT *c, int type);
723int ssl_get_new_session(SSL *s, int session);
724int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
725int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
726int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
727 const SSL_CIPHER * const *bp);
728STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
729 STACK_OF(SSL_CIPHER) **skp);
730int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
731 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
732STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
733 STACK_OF(SSL_CIPHER) **pref,
734 STACK_OF(SSL_CIPHER) **sorted,
735 const char *rule_str);
736void ssl_update_cache(SSL *s, int mode);
737int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
738 const EVP_MD **md,SSL_COMP **comp);
739int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
740int ssl_undefined_function(SSL *s);
741int ssl_undefined_void_function(void);
742int ssl_undefined_const_function(const SSL *s);
743X509 *ssl_get_server_send_cert(SSL *);
744EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
745int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
746void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
747STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
748int ssl_verify_alarm_type(long type);
749void ssl_load_ciphers(void);
750
751int ssl2_enc_init(SSL *s, int client);
752int ssl2_generate_key_material(SSL *s);
753void ssl2_enc(SSL *s,int send_data);
754void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
755SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
756int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
757int ssl2_part_read(SSL *s, unsigned long f, int i);
758int ssl2_do_write(SSL *s);
759int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
760void ssl2_return_error(SSL *s,int reason);
761void ssl2_write_error(SSL *s);
762int ssl2_num_ciphers(void);
763SSL_CIPHER *ssl2_get_cipher(unsigned int u);
764int ssl2_new(SSL *s);
765void ssl2_free(SSL *s);
766int ssl2_accept(SSL *s);
767int ssl2_connect(SSL *s);
768int ssl2_read(SSL *s, void *buf, int len);
769int ssl2_peek(SSL *s, void *buf, int len);
770int ssl2_write(SSL *s, const void *buf, int len);
771int ssl2_shutdown(SSL *s);
772void ssl2_clear(SSL *s);
773long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
774long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
775long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
776long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
777int ssl2_pending(const SSL *s);
778long ssl2_default_timeout(void );
779
780SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
781int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
782void ssl3_init_finished_mac(SSL *s);
783int ssl3_send_server_certificate(SSL *s);
784int ssl3_send_newsession_ticket(SSL *s);
785int ssl3_send_cert_status(SSL *s);
786int ssl3_get_finished(SSL *s,int state_a,int state_b);
787int ssl3_setup_key_block(SSL *s);
788int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
789int ssl3_change_cipher_state(SSL *s,int which);
790void ssl3_cleanup_key_block(SSL *s);
791int ssl3_do_write(SSL *s,int type);
792void ssl3_send_alert(SSL *s,int level, int desc);
793int ssl3_generate_master_secret(SSL *s, unsigned char *out,
794 unsigned char *p, int len);
795int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
796long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
797int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
798int ssl3_num_ciphers(void);
799SSL_CIPHER *ssl3_get_cipher(unsigned int u);
800int ssl3_renegotiate(SSL *ssl);
801int ssl3_renegotiate_check(SSL *ssl);
802int ssl3_dispatch_alert(SSL *s);
803int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
804int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
805int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
806 const char *sender, int slen,unsigned char *p);
807int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
808void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
809int ssl3_enc(SSL *s, int send_data);
810int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
811unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
812SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
813 STACK_OF(SSL_CIPHER) *srvr);
814int ssl3_setup_buffers(SSL *s);
815int ssl3_new(SSL *s);
816void ssl3_free(SSL *s);
817int ssl3_accept(SSL *s);
818int ssl3_connect(SSL *s);
819int ssl3_read(SSL *s, void *buf, int len);
820int ssl3_peek(SSL *s, void *buf, int len);
821int ssl3_write(SSL *s, const void *buf, int len);
822int ssl3_shutdown(SSL *s);
823void ssl3_clear(SSL *s);
824long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
825long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
826long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
827long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
828int ssl3_pending(const SSL *s);
829
830void ssl3_record_sequence_update(unsigned char *seq);
831int ssl3_do_change_cipher_spec(SSL *ssl);
832long ssl3_default_timeout(void );
833
834int ssl23_num_ciphers(void );
835SSL_CIPHER *ssl23_get_cipher(unsigned int u);
836int ssl23_read(SSL *s, void *buf, int len);
837int ssl23_peek(SSL *s, void *buf, int len);
838int ssl23_write(SSL *s, const void *buf, int len);
839int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
840SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
841long ssl23_default_timeout(void );
842
843long tls1_default_timeout(void);
844int dtls1_do_write(SSL *s,int type);
845int ssl3_read_n(SSL *s, int n, int max, int extend);
846int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
847int ssl3_do_compress(SSL *ssl);
848int ssl3_do_uncompress(SSL *ssl);
849int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
850 unsigned int len);
851unsigned char *dtls1_set_message_header(SSL *s,
852 unsigned char *p, unsigned char mt, unsigned long len,
853 unsigned long frag_off, unsigned long frag_len);
854
855int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
856int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
857
858int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
859int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
860unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
861int dtls1_read_failed(SSL *s, int code);
862int dtls1_buffer_message(SSL *s, int ccs);
863int dtls1_retransmit_message(SSL *s, unsigned short seq,
864 unsigned long frag_off, int *found);
865void dtls1_clear_record_buffer(SSL *s);
866void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
867void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
868void dtls1_reset_seq_numbers(SSL *s, int rw);
869long dtls1_default_timeout(void);
870SSL_CIPHER *dtls1_get_cipher(unsigned int u);
871
872
873
874/* some client-only functions */
875int ssl3_client_hello(SSL *s);
876int ssl3_get_server_hello(SSL *s);
877int ssl3_get_certificate_request(SSL *s);
878int ssl3_get_new_session_ticket(SSL *s);
879int ssl3_get_cert_status(SSL *s);
880int ssl3_get_server_done(SSL *s);
881int ssl3_send_client_verify(SSL *s);
882int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
883int ssl3_send_client_certificate(SSL *s);
884int ssl3_send_client_key_exchange(SSL *s);
885int ssl3_get_key_exchange(SSL *s);
886int ssl3_get_server_certificate(SSL *s);
887int ssl3_check_cert_and_algorithm(SSL *s);
888
889int dtls1_client_hello(SSL *s);
890int dtls1_send_client_certificate(SSL *s);
891int dtls1_send_client_key_exchange(SSL *s);
892int dtls1_send_client_verify(SSL *s);
893
894/* some server-only functions */
895int ssl3_get_client_hello(SSL *s);
896int ssl3_send_server_hello(SSL *s);
897int ssl3_send_hello_request(SSL *s);
898int ssl3_send_server_key_exchange(SSL *s);
899int ssl3_send_certificate_request(SSL *s);
900int ssl3_send_server_done(SSL *s);
901int ssl3_check_client_hello(SSL *s);
902int ssl3_get_client_certificate(SSL *s);
903int ssl3_get_client_key_exchange(SSL *s);
904int ssl3_get_cert_verify(SSL *s);
905
906int dtls1_send_hello_request(SSL *s);
907int dtls1_send_server_hello(SSL *s);
908int dtls1_send_server_certificate(SSL *s);
909int dtls1_send_server_key_exchange(SSL *s);
910int dtls1_send_certificate_request(SSL *s);
911int dtls1_send_server_done(SSL *s);
912
913
914
915int ssl23_accept(SSL *s);
916int ssl23_connect(SSL *s);
917int ssl23_read_bytes(SSL *s, int n);
918int ssl23_write_bytes(SSL *s);
919
920int tls1_new(SSL *s);
921void tls1_free(SSL *s);
922void tls1_clear(SSL *s);
923long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
924long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
925SSL_METHOD *tlsv1_base_method(void );
926
927int dtls1_new(SSL *s);
928int dtls1_accept(SSL *s);
929int dtls1_connect(SSL *s);
930void dtls1_free(SSL *s);
931void dtls1_clear(SSL *s);
932long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
933SSL_METHOD *dtlsv1_base_method(void );
934
935long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
936int dtls1_get_record(SSL *s);
937int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
938 unsigned int len, int create_empty_fragement);
939int dtls1_dispatch_alert(SSL *s);
940int dtls1_enc(SSL *s, int snd);
941
942int ssl_init_wbio_buffer(SSL *s, int push);
943void ssl_free_wbio_buffer(SSL *s);
944
945int tls1_change_cipher_state(SSL *s, int which);
946int tls1_setup_key_block(SSL *s);
947int tls1_enc(SSL *s, int snd);
948int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
949 const char *str, int slen, unsigned char *p);
950int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
951int tls1_mac(SSL *ssl, unsigned char *md, int snd);
952int tls1_generate_master_secret(SSL *s, unsigned char *out,
953 unsigned char *p, int len);
954int tls1_alert_code(int code);
955int ssl3_alert_code(int code);
956int ssl_ok(SSL *s);
957
958int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
959
960SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
961
962#ifndef OPENSSL_NO_TLSEXT
963unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
964unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
965int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
966int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
967int ssl_prepare_clienthello_tlsext(SSL *s);
968int ssl_prepare_serverhello_tlsext(SSL *s);
969int ssl_check_clienthello_tlsext(SSL *s);
970int ssl_check_serverhello_tlsext(SSL *s);
971#ifdef OPENSSL_NO_SHA256
972#define tlsext_tick_md EVP_sha1
973#else
974#define tlsext_tick_md EVP_sha256
975#endif
976int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
977 const unsigned char *limit, SSL_SESSION **ret);
978EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
979void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
980#endif
981
982#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 27113eba50..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,779 +0,0 @@
1/* ssl/ssl_rsa.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/bio.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66
67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x)
70 {
71 if (x == NULL)
72 {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74 return(0);
75 }
76 if (!ssl_cert_inst(&ssl->cert))
77 {
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 }
83
84#ifndef OPENSSL_NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86 {
87 int j;
88 BIO *in;
89 int ret=0;
90 X509 *x=NULL;
91
92 in=BIO_new(BIO_s_file_internal());
93 if (in == NULL)
94 {
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end;
97 }
98
99 if (BIO_read_filename(in,file) <= 0)
100 {
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end;
103 }
104 if (type == SSL_FILETYPE_ASN1)
105 {
106 j=ERR_R_ASN1_LIB;
107 x=d2i_X509_bio(in,NULL);
108 }
109 else if (type == SSL_FILETYPE_PEM)
110 {
111 j=ERR_R_PEM_LIB;
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end;
118 }
119
120 if (x == NULL)
121 {
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end;
124 }
125
126 ret=SSL_use_certificate(ssl,x);
127end:
128 if (x != NULL) X509_free(x);
129 if (in != NULL) BIO_free(in);
130 return(ret);
131 }
132#endif
133
134int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
135 {
136 X509 *x;
137 int ret;
138
139 x=d2i_X509(NULL,&d,(long)len);
140 if (x == NULL)
141 {
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143 return(0);
144 }
145
146 ret=SSL_use_certificate(ssl,x);
147 X509_free(x);
148 return(ret);
149 }
150
151#ifndef OPENSSL_NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
153 {
154 EVP_PKEY *pkey;
155 int ret;
156
157 if (rsa == NULL)
158 {
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160 return(0);
161 }
162 if (!ssl_cert_inst(&ssl->cert))
163 {
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165 return(0);
166 }
167 if ((pkey=EVP_PKEY_new()) == NULL)
168 {
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172
173 RSA_up_ref(rsa);
174 EVP_PKEY_assign_RSA(pkey,rsa);
175
176 ret=ssl_set_pkey(ssl->cert,pkey);
177 EVP_PKEY_free(pkey);
178 return(ret);
179 }
180#endif
181
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
183 {
184 int i;
185
186 i=ssl_cert_type(NULL,pkey);
187 if (i < 0)
188 {
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190 return(0);
191 }
192
193 if (c->pkeys[i].x509 != NULL)
194 {
195 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey);
198 EVP_PKEY_free(pktmp);
199 ERR_clear_error();
200
201#ifndef OPENSSL_NO_RSA
202 /* Don't check the public/private key, this is mostly
203 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
206 ;
207 else
208#endif
209 if (!X509_check_private_key(c->pkeys[i].x509,pkey))
210 {
211 X509_free(c->pkeys[i].x509);
212 c->pkeys[i].x509 = NULL;
213 return 0;
214 }
215 }
216
217 if (c->pkeys[i].privatekey != NULL)
218 EVP_PKEY_free(c->pkeys[i].privatekey);
219 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
220 c->pkeys[i].privatekey=pkey;
221 c->key= &(c->pkeys[i]);
222
223 c->valid=0;
224 return(1);
225 }
226
227#ifndef OPENSSL_NO_RSA
228#ifndef OPENSSL_NO_STDIO
229int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
230 {
231 int j,ret=0;
232 BIO *in;
233 RSA *rsa=NULL;
234
235 in=BIO_new(BIO_s_file_internal());
236 if (in == NULL)
237 {
238 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
239 goto end;
240 }
241
242 if (BIO_read_filename(in,file) <= 0)
243 {
244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
245 goto end;
246 }
247 if (type == SSL_FILETYPE_ASN1)
248 {
249 j=ERR_R_ASN1_LIB;
250 rsa=d2i_RSAPrivateKey_bio(in,NULL);
251 }
252 else if (type == SSL_FILETYPE_PEM)
253 {
254 j=ERR_R_PEM_LIB;
255 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
256 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
257 }
258 else
259 {
260 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
261 goto end;
262 }
263 if (rsa == NULL)
264 {
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
266 goto end;
267 }
268 ret=SSL_use_RSAPrivateKey(ssl,rsa);
269 RSA_free(rsa);
270end:
271 if (in != NULL) BIO_free(in);
272 return(ret);
273 }
274#endif
275
276int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
277 {
278 int ret;
279 const unsigned char *p;
280 RSA *rsa;
281
282 p=d;
283 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
284 {
285 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
286 return(0);
287 }
288
289 ret=SSL_use_RSAPrivateKey(ssl,rsa);
290 RSA_free(rsa);
291 return(ret);
292 }
293#endif /* !OPENSSL_NO_RSA */
294
295int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
296 {
297 int ret;
298
299 if (pkey == NULL)
300 {
301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
302 return(0);
303 }
304 if (!ssl_cert_inst(&ssl->cert))
305 {
306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
307 return(0);
308 }
309 ret=ssl_set_pkey(ssl->cert,pkey);
310 return(ret);
311 }
312
313#ifndef OPENSSL_NO_STDIO
314int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
315 {
316 int j,ret=0;
317 BIO *in;
318 EVP_PKEY *pkey=NULL;
319
320 in=BIO_new(BIO_s_file_internal());
321 if (in == NULL)
322 {
323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
324 goto end;
325 }
326
327 if (BIO_read_filename(in,file) <= 0)
328 {
329 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
330 goto end;
331 }
332 if (type == SSL_FILETYPE_PEM)
333 {
334 j=ERR_R_PEM_LIB;
335 pkey=PEM_read_bio_PrivateKey(in,NULL,
336 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
337 }
338 else if (type == SSL_FILETYPE_ASN1)
339 {
340 j = ERR_R_ASN1_LIB;
341 pkey = d2i_PrivateKey_bio(in,NULL);
342 }
343 else
344 {
345 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
346 goto end;
347 }
348 if (pkey == NULL)
349 {
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
351 goto end;
352 }
353 ret=SSL_use_PrivateKey(ssl,pkey);
354 EVP_PKEY_free(pkey);
355end:
356 if (in != NULL) BIO_free(in);
357 return(ret);
358 }
359#endif
360
361int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
362 {
363 int ret;
364 const unsigned char *p;
365 EVP_PKEY *pkey;
366
367 p=d;
368 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
369 {
370 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
371 return(0);
372 }
373
374 ret=SSL_use_PrivateKey(ssl,pkey);
375 EVP_PKEY_free(pkey);
376 return(ret);
377 }
378
379int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
380 {
381 if (x == NULL)
382 {
383 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
384 return(0);
385 }
386 if (!ssl_cert_inst(&ctx->cert))
387 {
388 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
389 return(0);
390 }
391 return(ssl_set_cert(ctx->cert, x));
392 }
393
394static int ssl_set_cert(CERT *c, X509 *x)
395 {
396 EVP_PKEY *pkey;
397 int i;
398
399 pkey=X509_get_pubkey(x);
400 if (pkey == NULL)
401 {
402 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
403 return(0);
404 }
405
406 i=ssl_cert_type(x,pkey);
407 if (i < 0)
408 {
409 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
410 EVP_PKEY_free(pkey);
411 return(0);
412 }
413
414 if (c->pkeys[i].privatekey != NULL)
415 {
416 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
417 ERR_clear_error();
418
419#ifndef OPENSSL_NO_RSA
420 /* Don't check the public/private key, this is mostly
421 * for smart cards. */
422 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
423 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
424 RSA_METHOD_FLAG_NO_CHECK))
425 ;
426 else
427#endif /* OPENSSL_NO_RSA */
428 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
429 {
430 /* don't fail for a cert/key mismatch, just free
431 * current private key (when switching to a different
432 * cert & key, first this function should be used,
433 * then ssl_set_pkey */
434 EVP_PKEY_free(c->pkeys[i].privatekey);
435 c->pkeys[i].privatekey=NULL;
436 /* clear error queue */
437 ERR_clear_error();
438 }
439 }
440
441 EVP_PKEY_free(pkey);
442
443 if (c->pkeys[i].x509 != NULL)
444 X509_free(c->pkeys[i].x509);
445 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
446 c->pkeys[i].x509=x;
447 c->key= &(c->pkeys[i]);
448
449 c->valid=0;
450 return(1);
451 }
452
453#ifndef OPENSSL_NO_STDIO
454int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
455 {
456 int j;
457 BIO *in;
458 int ret=0;
459 X509 *x=NULL;
460
461 in=BIO_new(BIO_s_file_internal());
462 if (in == NULL)
463 {
464 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
465 goto end;
466 }
467
468 if (BIO_read_filename(in,file) <= 0)
469 {
470 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
471 goto end;
472 }
473 if (type == SSL_FILETYPE_ASN1)
474 {
475 j=ERR_R_ASN1_LIB;
476 x=d2i_X509_bio(in,NULL);
477 }
478 else if (type == SSL_FILETYPE_PEM)
479 {
480 j=ERR_R_PEM_LIB;
481 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
482 }
483 else
484 {
485 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
486 goto end;
487 }
488
489 if (x == NULL)
490 {
491 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
492 goto end;
493 }
494
495 ret=SSL_CTX_use_certificate(ctx,x);
496end:
497 if (x != NULL) X509_free(x);
498 if (in != NULL) BIO_free(in);
499 return(ret);
500 }
501#endif
502
503int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
504 {
505 X509 *x;
506 int ret;
507
508 x=d2i_X509(NULL,&d,(long)len);
509 if (x == NULL)
510 {
511 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
512 return(0);
513 }
514
515 ret=SSL_CTX_use_certificate(ctx,x);
516 X509_free(x);
517 return(ret);
518 }
519
520#ifndef OPENSSL_NO_RSA
521int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
522 {
523 int ret;
524 EVP_PKEY *pkey;
525
526 if (rsa == NULL)
527 {
528 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
529 return(0);
530 }
531 if (!ssl_cert_inst(&ctx->cert))
532 {
533 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
534 return(0);
535 }
536 if ((pkey=EVP_PKEY_new()) == NULL)
537 {
538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
539 return(0);
540 }
541
542 RSA_up_ref(rsa);
543 EVP_PKEY_assign_RSA(pkey,rsa);
544
545 ret=ssl_set_pkey(ctx->cert, pkey);
546 EVP_PKEY_free(pkey);
547 return(ret);
548 }
549
550#ifndef OPENSSL_NO_STDIO
551int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
552 {
553 int j,ret=0;
554 BIO *in;
555 RSA *rsa=NULL;
556
557 in=BIO_new(BIO_s_file_internal());
558 if (in == NULL)
559 {
560 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
561 goto end;
562 }
563
564 if (BIO_read_filename(in,file) <= 0)
565 {
566 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
567 goto end;
568 }
569 if (type == SSL_FILETYPE_ASN1)
570 {
571 j=ERR_R_ASN1_LIB;
572 rsa=d2i_RSAPrivateKey_bio(in,NULL);
573 }
574 else if (type == SSL_FILETYPE_PEM)
575 {
576 j=ERR_R_PEM_LIB;
577 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
578 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
579 }
580 else
581 {
582 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
583 goto end;
584 }
585 if (rsa == NULL)
586 {
587 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
588 goto end;
589 }
590 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
591 RSA_free(rsa);
592end:
593 if (in != NULL) BIO_free(in);
594 return(ret);
595 }
596#endif
597
598int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
599 {
600 int ret;
601 const unsigned char *p;
602 RSA *rsa;
603
604 p=d;
605 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
606 {
607 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
608 return(0);
609 }
610
611 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
612 RSA_free(rsa);
613 return(ret);
614 }
615#endif /* !OPENSSL_NO_RSA */
616
617int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
618 {
619 if (pkey == NULL)
620 {
621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
622 return(0);
623 }
624 if (!ssl_cert_inst(&ctx->cert))
625 {
626 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
627 return(0);
628 }
629 return(ssl_set_pkey(ctx->cert,pkey));
630 }
631
632#ifndef OPENSSL_NO_STDIO
633int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
634 {
635 int j,ret=0;
636 BIO *in;
637 EVP_PKEY *pkey=NULL;
638
639 in=BIO_new(BIO_s_file_internal());
640 if (in == NULL)
641 {
642 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
643 goto end;
644 }
645
646 if (BIO_read_filename(in,file) <= 0)
647 {
648 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
649 goto end;
650 }
651 if (type == SSL_FILETYPE_PEM)
652 {
653 j=ERR_R_PEM_LIB;
654 pkey=PEM_read_bio_PrivateKey(in,NULL,
655 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
656 }
657 else if (type == SSL_FILETYPE_ASN1)
658 {
659 j = ERR_R_ASN1_LIB;
660 pkey = d2i_PrivateKey_bio(in,NULL);
661 }
662 else
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
665 goto end;
666 }
667 if (pkey == NULL)
668 {
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
670 goto end;
671 }
672 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
673 EVP_PKEY_free(pkey);
674end:
675 if (in != NULL) BIO_free(in);
676 return(ret);
677 }
678#endif
679
680int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
681 long len)
682 {
683 int ret;
684 const unsigned char *p;
685 EVP_PKEY *pkey;
686
687 p=d;
688 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
689 {
690 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
691 return(0);
692 }
693
694 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
695 EVP_PKEY_free(pkey);
696 return(ret);
697 }
698
699
700#ifndef OPENSSL_NO_STDIO
701/* Read a file that contains our certificate in "PEM" format,
702 * possibly followed by a sequence of CA certificates that should be
703 * sent to the peer in the Certificate message.
704 */
705int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
706 {
707 BIO *in;
708 int ret=0;
709 X509 *x=NULL;
710
711 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
712
713 in=BIO_new(BIO_s_file_internal());
714 if (in == NULL)
715 {
716 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
717 goto end;
718 }
719
720 if (BIO_read_filename(in,file) <= 0)
721 {
722 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
723 goto end;
724 }
725
726 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
727 if (x == NULL)
728 {
729 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
730 goto end;
731 }
732
733 ret=SSL_CTX_use_certificate(ctx,x);
734 if (ERR_peek_error() != 0)
735 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
736 if (ret)
737 {
738 /* If we could set up our certificate, now proceed to
739 * the CA certificates.
740 */
741 X509 *ca;
742 int r;
743 unsigned long err;
744
745 if (ctx->extra_certs != NULL)
746 {
747 sk_X509_pop_free(ctx->extra_certs, X509_free);
748 ctx->extra_certs = NULL;
749 }
750
751 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
752 != NULL)
753 {
754 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
755 if (!r)
756 {
757 X509_free(ca);
758 ret = 0;
759 goto end;
760 }
761 /* Note that we must not free r if it was successfully
762 * added to the chain (while we must free the main
763 * certificate, since its reference count is increased
764 * by SSL_CTX_use_certificate). */
765 }
766 /* When the while loop ends, it's usually just EOF. */
767 err = ERR_peek_last_error();
768 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
769 ERR_clear_error();
770 else
771 ret = 0; /* some real error */
772 }
773
774end:
775 if (x != NULL) X509_free(x);
776 if (in != NULL) BIO_free(in);
777 return(ret);
778 }
779#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index 8391d62212..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,906 +0,0 @@
1/* ssl/ssl_sess.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/lhash.h>
61#include <openssl/rand.h>
62#ifndef OPENSSL_NO_ENGINE
63#include <openssl/engine.h>
64#endif
65#include "ssl_locl.h"
66
67static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
68static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
69static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
70
71SSL_SESSION *SSL_get_session(const SSL *ssl)
72/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
73 {
74 return(ssl->session);
75 }
76
77SSL_SESSION *SSL_get1_session(SSL *ssl)
78/* variant of SSL_get_session: caller really gets something */
79 {
80 SSL_SESSION *sess;
81 /* Need to lock this all up rather than just use CRYPTO_add so that
82 * somebody doesn't free ssl->session between when we check it's
83 * non-null and when we up the reference count. */
84 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
85 sess = ssl->session;
86 if(sess)
87 sess->references++;
88 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
89 return(sess);
90 }
91
92int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
93 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
94 {
95 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
96 new_func, dup_func, free_func);
97 }
98
99int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
100 {
101 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
102 }
103
104void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
105 {
106 return(CRYPTO_get_ex_data(&s->ex_data,idx));
107 }
108
109SSL_SESSION *SSL_SESSION_new(void)
110 {
111 SSL_SESSION *ss;
112
113 ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
114 if (ss == NULL)
115 {
116 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
117 return(0);
118 }
119 memset(ss,0,sizeof(SSL_SESSION));
120
121 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
122 ss->references=1;
123 ss->timeout=60*5+4; /* 5 minute timeout by default */
124 ss->time=(unsigned long)time(NULL);
125 ss->prev=NULL;
126 ss->next=NULL;
127 ss->compress_meth=0;
128#ifndef OPENSSL_NO_TLSEXT
129 ss->tlsext_hostname = NULL;
130#endif
131 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
132 return(ss);
133 }
134
135const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
136 {
137 if(len)
138 *len = s->session_id_length;
139 return s->session_id;
140 }
141
142/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
143 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
144 * until we have no conflict is going to complete in one iteration pretty much
145 * "most" of the time (btw: understatement). So, if it takes us 10 iterations
146 * and we still can't avoid a conflict - well that's a reasonable point to call
147 * it quits. Either the RAND code is broken or someone is trying to open roughly
148 * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
149 * store that many sessions is perhaps a more interesting question ... */
150
151#define MAX_SESS_ID_ATTEMPTS 10
152static int def_generate_session_id(const SSL *ssl, unsigned char *id,
153 unsigned int *id_len)
154{
155 unsigned int retry = 0;
156 do
157 if (RAND_pseudo_bytes(id, *id_len) <= 0)
158 return 0;
159 while(SSL_has_matching_session_id(ssl, id, *id_len) &&
160 (++retry < MAX_SESS_ID_ATTEMPTS));
161 if(retry < MAX_SESS_ID_ATTEMPTS)
162 return 1;
163 /* else - woops a session_id match */
164 /* XXX We should also check the external cache --
165 * but the probability of a collision is negligible, and
166 * we could not prevent the concurrent creation of sessions
167 * with identical IDs since we currently don't have means
168 * to atomically check whether a session ID already exists
169 * and make a reservation for it if it does not
170 * (this problem applies to the internal cache as well).
171 */
172 return 0;
173}
174
175int ssl_get_new_session(SSL *s, int session)
176 {
177 /* This gets used by clients and servers. */
178
179 unsigned int tmp;
180 SSL_SESSION *ss=NULL;
181 GEN_SESSION_CB cb = def_generate_session_id;
182
183 if ((ss=SSL_SESSION_new()) == NULL) return(0);
184
185 /* If the context has a default timeout, use it */
186 if (s->ctx->session_timeout == 0)
187 ss->timeout=SSL_get_default_timeout(s);
188 else
189 ss->timeout=s->ctx->session_timeout;
190
191 if (s->session != NULL)
192 {
193 SSL_SESSION_free(s->session);
194 s->session=NULL;
195 }
196
197 if (session)
198 {
199 if (s->version == SSL2_VERSION)
200 {
201 ss->ssl_version=SSL2_VERSION;
202 ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
203 }
204 else if (s->version == SSL3_VERSION)
205 {
206 ss->ssl_version=SSL3_VERSION;
207 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
208 }
209 else if (s->version == TLS1_VERSION)
210 {
211 ss->ssl_version=TLS1_VERSION;
212 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
213 }
214 else if (s->version == DTLS1_VERSION)
215 {
216 ss->ssl_version=DTLS1_VERSION;
217 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
218 }
219 else
220 {
221 SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
222 SSL_SESSION_free(ss);
223 return(0);
224 }
225#ifndef OPENSSL_NO_TLSEXT
226 /* If RFC4507 ticket use empty session ID */
227 if (s->tlsext_ticket_expected)
228 {
229 ss->session_id_length = 0;
230 goto sess_id_done;
231 }
232#endif
233 /* Choose which callback will set the session ID */
234 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
235 if(s->generate_session_id)
236 cb = s->generate_session_id;
237 else if(s->ctx->generate_session_id)
238 cb = s->ctx->generate_session_id;
239 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
240 /* Choose a session ID */
241 tmp = ss->session_id_length;
242 if(!cb(s, ss->session_id, &tmp))
243 {
244 /* The callback failed */
245 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
246 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
247 SSL_SESSION_free(ss);
248 return(0);
249 }
250 /* Don't allow the callback to set the session length to zero.
251 * nor set it higher than it was. */
252 if(!tmp || (tmp > ss->session_id_length))
253 {
254 /* The callback set an illegal length */
255 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
256 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
257 SSL_SESSION_free(ss);
258 return(0);
259 }
260 /* If the session length was shrunk and we're SSLv2, pad it */
261 if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
262 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
263 else
264 ss->session_id_length = tmp;
265 /* Finally, check for a conflict */
266 if(SSL_has_matching_session_id(s, ss->session_id,
267 ss->session_id_length))
268 {
269 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
270 SSL_R_SSL_SESSION_ID_CONFLICT);
271 SSL_SESSION_free(ss);
272 return(0);
273 }
274#ifndef OPENSSL_NO_TLSEXT
275 sess_id_done:
276 if (s->tlsext_hostname) {
277 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
278 if (ss->tlsext_hostname == NULL) {
279 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
280 SSL_SESSION_free(ss);
281 return 0;
282 }
283 }
284#endif
285 }
286 else
287 {
288 ss->session_id_length=0;
289 }
290
291 if (s->sid_ctx_length > sizeof ss->sid_ctx)
292 {
293 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
294 SSL_SESSION_free(ss);
295 return 0;
296 }
297 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
298 ss->sid_ctx_length=s->sid_ctx_length;
299 s->session=ss;
300 ss->ssl_version=s->version;
301 ss->verify_result = X509_V_OK;
302
303 return(1);
304 }
305
306int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
307 const unsigned char *limit)
308 {
309 /* This is used only by servers. */
310
311 SSL_SESSION *ret=NULL;
312 int fatal = 0;
313#ifndef OPENSSL_NO_TLSEXT
314 int r;
315#endif
316
317 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
318 goto err;
319#ifndef OPENSSL_NO_TLSEXT
320 r = tls1_process_ticket(s, session_id, len, limit, &ret);
321 if (r == -1)
322 {
323 fatal = 1;
324 goto err;
325 }
326 else if (r == 0 || (!ret && !len))
327 goto err;
328 else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
329#else
330 if (len == 0)
331 goto err;
332 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
333#endif
334 {
335 SSL_SESSION data;
336 data.ssl_version=s->version;
337 data.session_id_length=len;
338 if (len == 0)
339 return 0;
340 memcpy(data.session_id,session_id,len);
341 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
342 ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
343 if (ret != NULL)
344 /* don't allow other threads to steal it: */
345 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
346 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
347 }
348
349 if (ret == NULL)
350 {
351 int copy=1;
352
353 s->ctx->stats.sess_miss++;
354 ret=NULL;
355 if (s->ctx->get_session_cb != NULL
356 && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
357 != NULL)
358 {
359 s->ctx->stats.sess_cb_hit++;
360
361 /* Increment reference count now if the session callback
362 * asks us to do so (note that if the session structures
363 * returned by the callback are shared between threads,
364 * it must handle the reference count itself [i.e. copy == 0],
365 * or things won't be thread-safe). */
366 if (copy)
367 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
368
369 /* Add the externally cached session to the internal
370 * cache as well if and only if we are supposed to. */
371 if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
372 /* The following should not return 1, otherwise,
373 * things are very strange */
374 SSL_CTX_add_session(s->ctx,ret);
375 }
376 if (ret == NULL)
377 goto err;
378 }
379
380 /* Now ret is non-NULL, and we own one of its reference counts. */
381
382 if (ret->sid_ctx_length != s->sid_ctx_length
383 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
384 {
385 /* We've found the session named by the client, but we don't
386 * want to use it in this context. */
387
388#if 0 /* The client cannot always know when a session is not appropriate,
389 * so we shouldn't generate an error message. */
390
391 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
392#endif
393 goto err; /* treat like cache miss */
394 }
395
396 if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
397 {
398 /* We can't be sure if this session is being used out of
399 * context, which is especially important for SSL_VERIFY_PEER.
400 * The application should have used SSL[_CTX]_set_session_id_context.
401 *
402 * For this error case, we generate an error instead of treating
403 * the event like a cache miss (otherwise it would be easy for
404 * applications to effectively disable the session cache by
405 * accident without anyone noticing).
406 */
407
408 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
409 fatal = 1;
410 goto err;
411 }
412
413 if (ret->cipher == NULL)
414 {
415 unsigned char buf[5],*p;
416 unsigned long l;
417
418 p=buf;
419 l=ret->cipher_id;
420 l2n(l,p);
421 if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
422 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
423 else
424 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
425 if (ret->cipher == NULL)
426 goto err;
427 }
428
429
430#if 0 /* This is way too late. */
431
432 /* If a thread got the session, then 'swaped', and another got
433 * it and then due to a time-out decided to 'OPENSSL_free' it we could
434 * be in trouble. So I'll increment it now, then double decrement
435 * later - am I speaking rubbish?. */
436 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
437#endif
438
439 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
440 {
441 s->ctx->stats.sess_timeout++;
442 /* remove it from the cache */
443 SSL_CTX_remove_session(s->ctx,ret);
444 goto err;
445 }
446
447 s->ctx->stats.sess_hit++;
448
449 /* ret->time=time(NULL); */ /* rezero timeout? */
450 /* again, just leave the session
451 * if it is the same session, we have just incremented and
452 * then decremented the reference count :-) */
453 if (s->session != NULL)
454 SSL_SESSION_free(s->session);
455 s->session=ret;
456 s->verify_result = s->session->verify_result;
457 return(1);
458
459 err:
460 if (ret != NULL)
461 SSL_SESSION_free(ret);
462 if (fatal)
463 return -1;
464 else
465 return 0;
466 }
467
468int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
469 {
470 int ret=0;
471 SSL_SESSION *s;
472
473 /* add just 1 reference count for the SSL_CTX's session cache
474 * even though it has two ways of access: each session is in a
475 * doubly linked list and an lhash */
476 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
477 /* if session c is in already in cache, we take back the increment later */
478
479 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
480 s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
481
482 /* s != NULL iff we already had a session with the given PID.
483 * In this case, s == c should hold (then we did not really modify
484 * ctx->sessions), or we're in trouble. */
485 if (s != NULL && s != c)
486 {
487 /* We *are* in trouble ... */
488 SSL_SESSION_list_remove(ctx,s);
489 SSL_SESSION_free(s);
490 /* ... so pretend the other session did not exist in cache
491 * (we cannot handle two SSL_SESSION structures with identical
492 * session ID in the same cache, which could happen e.g. when
493 * two threads concurrently obtain the same session from an external
494 * cache) */
495 s = NULL;
496 }
497
498 /* Put at the head of the queue unless it is already in the cache */
499 if (s == NULL)
500 SSL_SESSION_list_add(ctx,c);
501
502 if (s != NULL)
503 {
504 /* existing cache entry -- decrement previously incremented reference
505 * count because it already takes into account the cache */
506
507 SSL_SESSION_free(s); /* s == c */
508 ret=0;
509 }
510 else
511 {
512 /* new cache entry -- remove old ones if cache has become too large */
513
514 ret=1;
515
516 if (SSL_CTX_sess_get_cache_size(ctx) > 0)
517 {
518 while (SSL_CTX_sess_number(ctx) >
519 SSL_CTX_sess_get_cache_size(ctx))
520 {
521 if (!remove_session_lock(ctx,
522 ctx->session_cache_tail, 0))
523 break;
524 else
525 ctx->stats.sess_cache_full++;
526 }
527 }
528 }
529 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
530 return(ret);
531 }
532
533int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
534{
535 return remove_session_lock(ctx, c, 1);
536}
537
538static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
539 {
540 SSL_SESSION *r;
541 int ret=0;
542
543 if ((c != NULL) && (c->session_id_length != 0))
544 {
545 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
546 if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
547 {
548 ret=1;
549 r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
550 SSL_SESSION_list_remove(ctx,c);
551 }
552
553 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
554
555 if (ret)
556 {
557 r->not_resumable=1;
558 if (ctx->remove_session_cb != NULL)
559 ctx->remove_session_cb(ctx,r);
560 SSL_SESSION_free(r);
561 }
562 }
563 else
564 ret=0;
565 return(ret);
566 }
567
568void SSL_SESSION_free(SSL_SESSION *ss)
569 {
570 int i;
571
572 if(ss == NULL)
573 return;
574
575 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
576#ifdef REF_PRINT
577 REF_PRINT("SSL_SESSION",ss);
578#endif
579 if (i > 0) return;
580#ifdef REF_CHECK
581 if (i < 0)
582 {
583 fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
584 abort(); /* ok */
585 }
586#endif
587
588 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
589
590 OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
591 OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
592 OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
593 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
594 if (ss->peer != NULL) X509_free(ss->peer);
595 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
596#ifndef OPENSSL_NO_TLSEXT
597 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
598 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
599#endif
600 OPENSSL_cleanse(ss,sizeof(*ss));
601 OPENSSL_free(ss);
602 }
603
604int SSL_set_session(SSL *s, SSL_SESSION *session)
605 {
606 int ret=0;
607 SSL_METHOD *meth;
608
609 if (session != NULL)
610 {
611 meth=s->ctx->method->get_ssl_method(session->ssl_version);
612 if (meth == NULL)
613 meth=s->method->get_ssl_method(session->ssl_version);
614 if (meth == NULL)
615 {
616 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
617 return(0);
618 }
619
620 if (meth != s->method)
621 {
622 if (!SSL_set_ssl_method(s,meth))
623 return(0);
624 if (s->ctx->session_timeout == 0)
625 session->timeout=SSL_get_default_timeout(s);
626 else
627 session->timeout=s->ctx->session_timeout;
628 }
629
630#ifndef OPENSSL_NO_KRB5
631 if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
632 session->krb5_client_princ_len > 0)
633 {
634 s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
635 memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
636 session->krb5_client_princ_len);
637 s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
638 }
639#endif /* OPENSSL_NO_KRB5 */
640
641 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
642 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
643 if (s->session != NULL)
644 SSL_SESSION_free(s->session);
645 s->session=session;
646 s->verify_result = s->session->verify_result;
647 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
648 ret=1;
649 }
650 else
651 {
652 if (s->session != NULL)
653 {
654 SSL_SESSION_free(s->session);
655 s->session=NULL;
656 }
657
658 meth=s->ctx->method;
659 if (meth != s->method)
660 {
661 if (!SSL_set_ssl_method(s,meth))
662 return(0);
663 }
664 ret=1;
665 }
666 return(ret);
667 }
668
669long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
670 {
671 if (s == NULL) return(0);
672 s->timeout=t;
673 return(1);
674 }
675
676long SSL_SESSION_get_timeout(const SSL_SESSION *s)
677 {
678 if (s == NULL) return(0);
679 return(s->timeout);
680 }
681
682long SSL_SESSION_get_time(const SSL_SESSION *s)
683 {
684 if (s == NULL) return(0);
685 return(s->time);
686 }
687
688long SSL_SESSION_set_time(SSL_SESSION *s, long t)
689 {
690 if (s == NULL) return(0);
691 s->time=t;
692 return(t);
693 }
694
695long SSL_CTX_set_timeout(SSL_CTX *s, long t)
696 {
697 long l;
698 if (s == NULL) return(0);
699 l=s->session_timeout;
700 s->session_timeout=t;
701 return(l);
702 }
703
704long SSL_CTX_get_timeout(const SSL_CTX *s)
705 {
706 if (s == NULL) return(0);
707 return(s->session_timeout);
708 }
709
710typedef struct timeout_param_st
711 {
712 SSL_CTX *ctx;
713 long time;
714 LHASH *cache;
715 } TIMEOUT_PARAM;
716
717static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
718 {
719 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
720 {
721 /* The reason we don't call SSL_CTX_remove_session() is to
722 * save on locking overhead */
723 lh_delete(p->cache,s);
724 SSL_SESSION_list_remove(p->ctx,s);
725 s->not_resumable=1;
726 if (p->ctx->remove_session_cb != NULL)
727 p->ctx->remove_session_cb(p->ctx,s);
728 SSL_SESSION_free(s);
729 }
730 }
731
732static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
733
734void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
735 {
736 unsigned long i;
737 TIMEOUT_PARAM tp;
738
739 tp.ctx=s;
740 tp.cache=s->sessions;
741 if (tp.cache == NULL) return;
742 tp.time=t;
743 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
744 i=tp.cache->down_load;
745 tp.cache->down_load=0;
746 lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
747 tp.cache->down_load=i;
748 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
749 }
750
751int ssl_clear_bad_session(SSL *s)
752 {
753 if ( (s->session != NULL) &&
754 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
755 !(SSL_in_init(s) || SSL_in_before(s)))
756 {
757 SSL_CTX_remove_session(s->ctx,s->session);
758 return(1);
759 }
760 else
761 return(0);
762 }
763
764/* locked by SSL_CTX in the calling function */
765static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
766 {
767 if ((s->next == NULL) || (s->prev == NULL)) return;
768
769 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
770 { /* last element in list */
771 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
772 { /* only one element in list */
773 ctx->session_cache_head=NULL;
774 ctx->session_cache_tail=NULL;
775 }
776 else
777 {
778 ctx->session_cache_tail=s->prev;
779 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
780 }
781 }
782 else
783 {
784 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
785 { /* first element in list */
786 ctx->session_cache_head=s->next;
787 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
788 }
789 else
790 { /* middle of list */
791 s->next->prev=s->prev;
792 s->prev->next=s->next;
793 }
794 }
795 s->prev=s->next=NULL;
796 }
797
798static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
799 {
800 if ((s->next != NULL) && (s->prev != NULL))
801 SSL_SESSION_list_remove(ctx,s);
802
803 if (ctx->session_cache_head == NULL)
804 {
805 ctx->session_cache_head=s;
806 ctx->session_cache_tail=s;
807 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
808 s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
809 }
810 else
811 {
812 s->next=ctx->session_cache_head;
813 s->next->prev=s;
814 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
815 ctx->session_cache_head=s;
816 }
817 }
818
819void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
820 int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
821 {
822 ctx->new_session_cb=cb;
823 }
824
825int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
826 {
827 return ctx->new_session_cb;
828 }
829
830void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
831 void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
832 {
833 ctx->remove_session_cb=cb;
834 }
835
836void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
837 {
838 return ctx->remove_session_cb;
839 }
840
841void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
842 SSL_SESSION *(*cb)(struct ssl_st *ssl,
843 unsigned char *data,int len,int *copy))
844 {
845 ctx->get_session_cb=cb;
846 }
847
848SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
849 unsigned char *data,int len,int *copy)
850 {
851 return ctx->get_session_cb;
852 }
853
854void SSL_CTX_set_info_callback(SSL_CTX *ctx,
855 void (*cb)(const SSL *ssl,int type,int val))
856 {
857 ctx->info_callback=cb;
858 }
859
860void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
861 {
862 return ctx->info_callback;
863 }
864
865void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
866 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
867 {
868 ctx->client_cert_cb=cb;
869 }
870
871int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
872 {
873 return ctx->client_cert_cb;
874 }
875
876#ifndef OPENSSL_NO_ENGINE
877int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
878 {
879 if (!ENGINE_init(e))
880 {
881 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
882 return 0;
883 }
884 if(!ENGINE_get_ssl_client_cert_function(e))
885 {
886 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
887 ENGINE_finish(e);
888 return 0;
889 }
890 ctx->client_cert_engine = e;
891 return 1;
892 }
893#endif
894
895void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
896 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
897 {
898 ctx->app_gen_cookie_cb=cb;
899 }
900
901void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
902 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
903 {
904 ctx->app_verify_cookie_cb=cb;
905 }
906
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 73b02509d4..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,506 +0,0 @@
1/* ssl/ssl_stat.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61
62const char *SSL_state_string_long(const SSL *s)
63 {
64 const char *str;
65
66 switch (s->state)
67 {
68case SSL_ST_BEFORE: str="before SSL initialization"; break;
69case SSL_ST_ACCEPT: str="before accept initialization"; break;
70case SSL_ST_CONNECT: str="before connect initialization"; break;
71case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
72case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
73case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
74case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
75case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
76case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
77#ifndef OPENSSL_NO_SSL2
78case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
79case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
80case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
81case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
82case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
83case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
84case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
85case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
86case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
87case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
88case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
89case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
90case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
91case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
92case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
93case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
94case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
95case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
96case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
97case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
98case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
99case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
100case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
101case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
102case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
103case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
104case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
105case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
106case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
107case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
108case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
109case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
110case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
111case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
112case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
113case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
114case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
115case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
116#endif
117
118#ifndef OPENSSL_NO_SSL3
119/* SSLv3 additions */
120case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
121case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
122case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
123case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
124case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
125case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
126case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
127case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
128case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
129case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
130case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
131case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
132case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
133case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
134case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
135case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
136case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
137case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
138case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
139case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
140case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
141case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
142
143case SSL3_ST_CW_CHANGE_A:
144case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
145case SSL3_ST_CW_CHANGE_B:
146case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
147case SSL3_ST_CW_FINISHED_A:
148case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
149case SSL3_ST_CW_FINISHED_B:
150case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
151case SSL3_ST_CR_CHANGE_A:
152case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
153case SSL3_ST_CR_CHANGE_B:
154case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
155case SSL3_ST_CR_FINISHED_A:
156case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
157case SSL3_ST_CR_FINISHED_B:
158case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
159
160case SSL3_ST_CW_FLUSH:
161case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
162
163case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
164case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
165case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
166case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
167case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
168case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
169case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
170case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
171case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
172case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
173case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
174case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
175case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
176case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
177case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
178case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
179case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
180case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
181case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
182case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
183case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
184case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
185case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
186case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
187#endif
188
189#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
190/* SSLv2/v3 compatibility states */
191/* client */
192case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
193case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
194case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
195case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
196/* server */
197case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
198case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
199#endif
200
201default: str="unknown state"; break;
202 }
203 return(str);
204 }
205
206const char *SSL_rstate_string_long(const SSL *s)
207 {
208 const char *str;
209
210 switch (s->rstate)
211 {
212 case SSL_ST_READ_HEADER: str="read header"; break;
213 case SSL_ST_READ_BODY: str="read body"; break;
214 case SSL_ST_READ_DONE: str="read done"; break;
215 default: str="unknown"; break;
216 }
217 return(str);
218 }
219
220const char *SSL_state_string(const SSL *s)
221 {
222 const char *str;
223
224 switch (s->state)
225 {
226case SSL_ST_BEFORE: str="PINIT "; break;
227case SSL_ST_ACCEPT: str="AINIT "; break;
228case SSL_ST_CONNECT: str="CINIT "; break;
229case SSL_ST_OK: str="SSLOK "; break;
230#ifndef OPENSSL_NO_SSL2
231case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
232case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
233case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
234case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
235case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
236case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
237case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
238case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
239case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
240case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
241case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
242case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
243case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
244case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
245case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
246case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
247case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
248case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
249case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
250case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
251case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
252case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
253case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
254case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
255case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
256case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
257case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
258case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
259case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
260case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
261case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
262case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
263case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
264case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
265case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
266case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
267case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
268case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
269#endif
270
271#ifndef OPENSSL_NO_SSL3
272/* SSLv3 additions */
273case SSL3_ST_SW_FLUSH:
274case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
275case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
276case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
277case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
278case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
279case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
280case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
281case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
282case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
283case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
284case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
285case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
286case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
287case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
288case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
289case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
290case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
291case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
292case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
293case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
294case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
295
296case SSL3_ST_SW_CHANGE_A:
297case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
298case SSL3_ST_SW_CHANGE_B:
299case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
300case SSL3_ST_SW_FINISHED_A:
301case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
302case SSL3_ST_SW_FINISHED_B:
303case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
304case SSL3_ST_SR_CHANGE_A:
305case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
306case SSL3_ST_SR_CHANGE_B:
307case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
308case SSL3_ST_SR_FINISHED_A:
309case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
310case SSL3_ST_SR_FINISHED_B:
311case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
312
313case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
314case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
315case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
316case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
317case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
318case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
319case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
320case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
321case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
322case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
323case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
324case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
325case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
326case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
327case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
328case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
329case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
330case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
331case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
332case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
333case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
334case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
335#endif
336
337#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
338/* SSLv2/v3 compatibility states */
339/* client */
340case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
341case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
342case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
343case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
344/* server */
345case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
346case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
347#endif
348
349default: str="UNKWN "; break;
350 }
351 return(str);
352 }
353
354const char *SSL_alert_type_string_long(int value)
355 {
356 value>>=8;
357 if (value == SSL3_AL_WARNING)
358 return("warning");
359 else if (value == SSL3_AL_FATAL)
360 return("fatal");
361 else
362 return("unknown");
363 }
364
365const char *SSL_alert_type_string(int value)
366 {
367 value>>=8;
368 if (value == SSL3_AL_WARNING)
369 return("W");
370 else if (value == SSL3_AL_FATAL)
371 return("F");
372 else
373 return("U");
374 }
375
376const char *SSL_alert_desc_string(int value)
377 {
378 const char *str;
379
380 switch (value & 0xff)
381 {
382 case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
383 case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
384 case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
385 case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
386 case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
387 case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
388 case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
389 case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
390 case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
391 case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
392 case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
393 case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
394 case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
395 case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
396 case TLS1_AD_UNKNOWN_CA: str="CA"; break;
397 case TLS1_AD_ACCESS_DENIED: str="AD"; break;
398 case TLS1_AD_DECODE_ERROR: str="DE"; break;
399 case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
400 case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
401 case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
402 case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
403 case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
404 case TLS1_AD_USER_CANCELLED: str="US"; break;
405 case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
406 default: str="UK"; break;
407 }
408 return(str);
409 }
410
411const char *SSL_alert_desc_string_long(int value)
412 {
413 const char *str;
414
415 switch (value & 0xff)
416 {
417 case SSL3_AD_CLOSE_NOTIFY:
418 str="close notify";
419 break;
420 case SSL3_AD_UNEXPECTED_MESSAGE:
421 str="unexpected_message";
422 break;
423 case SSL3_AD_BAD_RECORD_MAC:
424 str="bad record mac";
425 break;
426 case SSL3_AD_DECOMPRESSION_FAILURE:
427 str="decompression failure";
428 break;
429 case SSL3_AD_HANDSHAKE_FAILURE:
430 str="handshake failure";
431 break;
432 case SSL3_AD_NO_CERTIFICATE:
433 str="no certificate";
434 break;
435 case SSL3_AD_BAD_CERTIFICATE:
436 str="bad certificate";
437 break;
438 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
439 str="unsupported certificate";
440 break;
441 case SSL3_AD_CERTIFICATE_REVOKED:
442 str="certificate revoked";
443 break;
444 case SSL3_AD_CERTIFICATE_EXPIRED:
445 str="certificate expired";
446 break;
447 case SSL3_AD_CERTIFICATE_UNKNOWN:
448 str="certificate unknown";
449 break;
450 case SSL3_AD_ILLEGAL_PARAMETER:
451 str="illegal parameter";
452 break;
453 case TLS1_AD_DECRYPTION_FAILED:
454 str="decryption failed";
455 break;
456 case TLS1_AD_RECORD_OVERFLOW:
457 str="record overflow";
458 break;
459 case TLS1_AD_UNKNOWN_CA:
460 str="unknown CA";
461 break;
462 case TLS1_AD_ACCESS_DENIED:
463 str="access denied";
464 break;
465 case TLS1_AD_DECODE_ERROR:
466 str="decode error";
467 break;
468 case TLS1_AD_DECRYPT_ERROR:
469 str="decrypt error";
470 break;
471 case TLS1_AD_EXPORT_RESTRICTION:
472 str="export restriction";
473 break;
474 case TLS1_AD_PROTOCOL_VERSION:
475 str="protocol version";
476 break;
477 case TLS1_AD_INSUFFICIENT_SECURITY:
478 str="insufficient security";
479 break;
480 case TLS1_AD_INTERNAL_ERROR:
481 str="internal error";
482 break;
483 case TLS1_AD_USER_CANCELLED:
484 str="user canceled";
485 break;
486 case TLS1_AD_NO_RENEGOTIATION:
487 str="no renegotiation";
488 break;
489 default: str="unknown"; break;
490 }
491 return(str);
492 }
493
494const char *SSL_rstate_string(const SSL *s)
495 {
496 const char *str;
497
498 switch (s->rstate)
499 {
500 case SSL_ST_READ_HEADER:str="RH"; break;
501 case SSL_ST_READ_BODY: str="RB"; break;
502 case SSL_ST_READ_DONE: str="RD"; break;
503 default: str="unknown"; break;
504 }
505 return(str);
506 }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index 06b86750fd..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,203 +0,0 @@
1/* ssl/ssl_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/buffer.h>
61#include "ssl_locl.h"
62
63#ifndef OPENSSL_NO_FP_API
64int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
65 {
66 BIO *b;
67 int ret;
68
69 if ((b=BIO_new(BIO_s_file_internal())) == NULL)
70 {
71 SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
72 return(0);
73 }
74 BIO_set_fp(b,fp,BIO_NOCLOSE);
75 ret=SSL_SESSION_print(b,x);
76 BIO_free(b);
77 return(ret);
78 }
79#endif
80
81int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
82 {
83 unsigned int i;
84 const char *s;
85
86 if (x == NULL) goto err;
87 if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
88 if (x->ssl_version == SSL2_VERSION)
89 s="SSLv2";
90 else if (x->ssl_version == SSL3_VERSION)
91 s="SSLv3";
92 else if (x->ssl_version == TLS1_VERSION)
93 s="TLSv1";
94 else
95 s="unknown";
96 if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
97
98 if (x->cipher == NULL)
99 {
100 if (((x->cipher_id) & 0xff000000) == 0x02000000)
101 {
102 if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
103 goto err;
104 }
105 else
106 {
107 if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
108 goto err;
109 }
110 }
111 else
112 {
113 if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
114 goto err;
115 }
116 if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
117 for (i=0; i<x->session_id_length; i++)
118 {
119 if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
120 }
121 if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
122 for (i=0; i<x->sid_ctx_length; i++)
123 {
124 if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
125 goto err;
126 }
127 if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
128 for (i=0; i<(unsigned int)x->master_key_length; i++)
129 {
130 if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
131 }
132 if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
133 if (x->key_arg_length == 0)
134 {
135 if (BIO_puts(bp,"None") <= 0) goto err;
136 }
137 else
138 for (i=0; i<x->key_arg_length; i++)
139 {
140 if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
141 }
142#ifndef OPENSSL_NO_KRB5
143 if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err;
144 if (x->krb5_client_princ_len == 0)
145 {
146 if (BIO_puts(bp,"None") <= 0) goto err;
147 }
148 else
149 for (i=0; i<x->krb5_client_princ_len; i++)
150 {
151 if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
152 }
153#endif /* OPENSSL_NO_KRB5 */
154#ifndef OPENSSL_NO_TLSEXT
155 if (x->tlsext_tick_lifetime_hint)
156 {
157 if (BIO_printf(bp,
158 "\n TLS session ticket lifetime hint: %ld (seconds)",
159 x->tlsext_tick_lifetime_hint) <=0)
160 goto err;
161 }
162 if (x->tlsext_tick)
163 {
164 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
165 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
166 goto err;
167 }
168#endif
169#ifndef OPENSSL_NO_COMP
170 if (x->compress_meth != 0)
171 {
172 SSL_COMP *comp = NULL;
173
174 ssl_cipher_get_evp(x,NULL,NULL,&comp);
175 if (comp == NULL)
176 {
177 if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
178 }
179 else
180 {
181 if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
182 }
183 }
184#endif
185 if (x->time != 0L)
186 {
187 if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
188 }
189 if (x->timeout != 0L)
190 {
191 if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
192 }
193 if (BIO_puts(bp,"\n") <= 0) goto err;
194
195 if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
196 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
197 X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
198
199 return(1);
200err:
201 return(0);
202 }
203
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
deleted file mode 100644
index 4d1e198cdc..0000000000
--- a/src/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,79 +0,0 @@
1/* ssl/t1_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65
66static SSL_METHOD *tls1_get_client_method(int ver);
67static SSL_METHOD *tls1_get_client_method(int ver)
68 {
69 if (ver == TLS1_VERSION)
70 return(TLSv1_client_method());
71 else
72 return(NULL);
73 }
74
75IMPLEMENT_tls1_meth_func(TLSv1_client_method,
76 ssl_undefined_function,
77 ssl3_connect,
78 tls1_get_client_method)
79
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 7cb3e29a41..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,872 +0,0 @@
1/* ssl/t1_enc.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#ifndef OPENSSL_NO_COMP
115#include <openssl/comp.h>
116#endif
117#include <openssl/evp.h>
118#include <openssl/hmac.h>
119#include <openssl/md5.h>
120#ifdef KSSL_DEBUG
121#include <openssl/des.h>
122#endif
123
124static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
125 int sec_len, unsigned char *seed, int seed_len,
126 unsigned char *out, int olen)
127 {
128 int chunk,n;
129 unsigned int j;
130 HMAC_CTX ctx;
131 HMAC_CTX ctx_tmp;
132 unsigned char A1[EVP_MAX_MD_SIZE];
133 unsigned int A1_len;
134
135 chunk=EVP_MD_size(md);
136
137 HMAC_CTX_init(&ctx);
138 HMAC_CTX_init(&ctx_tmp);
139 HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
140 HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
141 HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
142 HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
143 HMAC_Update(&ctx,seed,seed_len);
144 HMAC_Final(&ctx,A1,&A1_len);
145
146 n=0;
147 for (;;)
148 {
149 HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
150 HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
151 HMAC_Update(&ctx,A1,A1_len);
152 HMAC_Update(&ctx_tmp,A1,A1_len);
153 HMAC_Update(&ctx,seed,seed_len);
154
155 if (olen > chunk)
156 {
157 HMAC_Final(&ctx,out,&j);
158 out+=j;
159 olen-=j;
160 HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
161 }
162 else /* last one */
163 {
164 HMAC_Final(&ctx,A1,&A1_len);
165 memcpy(out,A1,olen);
166 break;
167 }
168 }
169 HMAC_CTX_cleanup(&ctx);
170 HMAC_CTX_cleanup(&ctx_tmp);
171 OPENSSL_cleanse(A1,sizeof(A1));
172 }
173
174static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
175 unsigned char *label, int label_len,
176 const unsigned char *sec, int slen, unsigned char *out1,
177 unsigned char *out2, int olen)
178 {
179 int len,i;
180 const unsigned char *S1,*S2;
181
182 len=slen/2;
183 S1=sec;
184 S2= &(sec[len]);
185 len+=(slen&1); /* add for odd, make longer */
186
187
188 tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
189 tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
190
191 for (i=0; i<olen; i++)
192 out1[i]^=out2[i];
193 }
194
195static void tls1_generate_key_block(SSL *s, unsigned char *km,
196 unsigned char *tmp, int num)
197 {
198 unsigned char *p;
199 unsigned char buf[SSL3_RANDOM_SIZE*2+
200 TLS_MD_MAX_CONST_SIZE];
201 p=buf;
202
203 memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
204 TLS_MD_KEY_EXPANSION_CONST_SIZE);
205 p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
206 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
207 p+=SSL3_RANDOM_SIZE;
208 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
209 p+=SSL3_RANDOM_SIZE;
210
211 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
212 s->session->master_key,s->session->master_key_length,
213 km,tmp,num);
214#ifdef KSSL_DEBUG
215 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
216 s->session->master_key_length);
217 {
218 int i;
219 for (i=0; i < s->session->master_key_length; i++)
220 {
221 printf("%02X", s->session->master_key[i]);
222 }
223 printf("\n"); }
224#endif /* KSSL_DEBUG */
225 }
226
227int tls1_change_cipher_state(SSL *s, int which)
228 {
229 static const unsigned char empty[]="";
230 unsigned char *p,*key_block,*mac_secret;
231 unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
232 SSL3_RANDOM_SIZE*2];
233 unsigned char tmp1[EVP_MAX_KEY_LENGTH];
234 unsigned char tmp2[EVP_MAX_KEY_LENGTH];
235 unsigned char iv1[EVP_MAX_IV_LENGTH*2];
236 unsigned char iv2[EVP_MAX_IV_LENGTH*2];
237 unsigned char *ms,*key,*iv,*er1,*er2;
238 int client_write;
239 EVP_CIPHER_CTX *dd;
240 const EVP_CIPHER *c;
241#ifndef OPENSSL_NO_COMP
242 const SSL_COMP *comp;
243#endif
244 const EVP_MD *m;
245 int is_export,n,i,j,k,exp_label_len,cl;
246 int reuse_dd = 0;
247
248 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
249 c=s->s3->tmp.new_sym_enc;
250 m=s->s3->tmp.new_hash;
251#ifndef OPENSSL_NO_COMP
252 comp=s->s3->tmp.new_compression;
253#endif
254 key_block=s->s3->tmp.key_block;
255
256#ifdef KSSL_DEBUG
257 printf("tls1_change_cipher_state(which= %d) w/\n", which);
258 printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
259 (void *)comp);
260 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c);
261 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
262 c->nid,c->block_size,c->key_len,c->iv_len);
263 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
264 {
265 int ki;
266 for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
267 printf("%02x", key_block[ki]); printf("\n");
268 }
269#endif /* KSSL_DEBUG */
270
271 if (which & SSL3_CC_READ)
272 {
273 if (s->enc_read_ctx != NULL)
274 reuse_dd = 1;
275 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
276 goto err;
277 else
278 /* make sure it's intialized in case we exit later with an error */
279 EVP_CIPHER_CTX_init(s->enc_read_ctx);
280 dd= s->enc_read_ctx;
281 s->read_hash=m;
282#ifndef OPENSSL_NO_COMP
283 if (s->expand != NULL)
284 {
285 COMP_CTX_free(s->expand);
286 s->expand=NULL;
287 }
288 if (comp != NULL)
289 {
290 s->expand=COMP_CTX_new(comp->method);
291 if (s->expand == NULL)
292 {
293 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
294 goto err2;
295 }
296 if (s->s3->rrec.comp == NULL)
297 s->s3->rrec.comp=(unsigned char *)
298 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
299 if (s->s3->rrec.comp == NULL)
300 goto err;
301 }
302#endif
303 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
304 if (s->version != DTLS1_VERSION)
305 memset(&(s->s3->read_sequence[0]),0,8);
306 mac_secret= &(s->s3->read_mac_secret[0]);
307 }
308 else
309 {
310 if (s->enc_write_ctx != NULL)
311 reuse_dd = 1;
312 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
313 goto err;
314 else
315 /* make sure it's intialized in case we exit later with an error */
316 EVP_CIPHER_CTX_init(s->enc_write_ctx);
317 dd= s->enc_write_ctx;
318 s->write_hash=m;
319#ifndef OPENSSL_NO_COMP
320 if (s->compress != NULL)
321 {
322 COMP_CTX_free(s->compress);
323 s->compress=NULL;
324 }
325 if (comp != NULL)
326 {
327 s->compress=COMP_CTX_new(comp->method);
328 if (s->compress == NULL)
329 {
330 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
331 goto err2;
332 }
333 }
334#endif
335 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
336 if (s->version != DTLS1_VERSION)
337 memset(&(s->s3->write_sequence[0]),0,8);
338 mac_secret= &(s->s3->write_mac_secret[0]);
339 }
340
341 if (reuse_dd)
342 EVP_CIPHER_CTX_cleanup(dd);
343
344 p=s->s3->tmp.key_block;
345 i=EVP_MD_size(m);
346 cl=EVP_CIPHER_key_length(c);
347 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
348 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
349 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
350 k=EVP_CIPHER_iv_length(c);
351 er1= &(s->s3->client_random[0]);
352 er2= &(s->s3->server_random[0]);
353 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
354 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
355 {
356 ms= &(p[ 0]); n=i+i;
357 key= &(p[ n]); n+=j+j;
358 iv= &(p[ n]); n+=k+k;
359 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
360 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
361 client_write=1;
362 }
363 else
364 {
365 n=i;
366 ms= &(p[ n]); n+=i+j;
367 key= &(p[ n]); n+=j+k;
368 iv= &(p[ n]); n+=k;
369 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
370 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
371 client_write=0;
372 }
373
374 if (n > s->s3->tmp.key_block_length)
375 {
376 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
377 goto err2;
378 }
379
380 memcpy(mac_secret,ms,i);
381#ifdef TLS_DEBUG
382printf("which = %04X\nmac key=",which);
383{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
384#endif
385 if (is_export)
386 {
387 /* In here I set both the read and write key/iv to the
388 * same value since only the correct one will be used :-).
389 */
390 p=buf;
391 memcpy(p,exp_label,exp_label_len);
392 p+=exp_label_len;
393 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
394 p+=SSL3_RANDOM_SIZE;
395 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
396 p+=SSL3_RANDOM_SIZE;
397 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
398 tmp1,tmp2,EVP_CIPHER_key_length(c));
399 key=tmp1;
400
401 if (k > 0)
402 {
403 p=buf;
404 memcpy(p,TLS_MD_IV_BLOCK_CONST,
405 TLS_MD_IV_BLOCK_CONST_SIZE);
406 p+=TLS_MD_IV_BLOCK_CONST_SIZE;
407 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
408 p+=SSL3_RANDOM_SIZE;
409 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
410 p+=SSL3_RANDOM_SIZE;
411 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
412 iv1,iv2,k*2);
413 if (client_write)
414 iv=iv1;
415 else
416 iv= &(iv1[k]);
417 }
418 }
419
420 s->session->key_arg_length=0;
421#ifdef KSSL_DEBUG
422 {
423 int ki;
424 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
425 printf("\tkey= ");
426 for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]);
427 printf("\n");
428 printf("\t iv= ");
429 for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]);
430 printf("\n");
431 }
432#endif /* KSSL_DEBUG */
433
434 EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
435#ifdef TLS_DEBUG
436printf("which = %04X\nkey=",which);
437{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
438printf("\niv=");
439{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
440printf("\n");
441#endif
442
443 OPENSSL_cleanse(tmp1,sizeof(tmp1));
444 OPENSSL_cleanse(tmp2,sizeof(tmp1));
445 OPENSSL_cleanse(iv1,sizeof(iv1));
446 OPENSSL_cleanse(iv2,sizeof(iv2));
447 return(1);
448err:
449 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
450err2:
451 return(0);
452 }
453
454int tls1_setup_key_block(SSL *s)
455 {
456 unsigned char *p1,*p2;
457 const EVP_CIPHER *c;
458 const EVP_MD *hash;
459 int num;
460 SSL_COMP *comp;
461
462#ifdef KSSL_DEBUG
463 printf ("tls1_setup_key_block()\n");
464#endif /* KSSL_DEBUG */
465
466 if (s->s3->tmp.key_block_length != 0)
467 return(1);
468
469 if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
470 {
471 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
472 return(0);
473 }
474
475 s->s3->tmp.new_sym_enc=c;
476 s->s3->tmp.new_hash=hash;
477
478 num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
479 num*=2;
480
481 ssl3_cleanup_key_block(s);
482
483 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
484 goto err;
485 if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
486 goto err;
487
488 s->s3->tmp.key_block_length=num;
489 s->s3->tmp.key_block=p1;
490
491
492#ifdef TLS_DEBUG
493printf("client random\n");
494{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
495printf("server random\n");
496{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
497printf("pre-master\n");
498{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
499#endif
500 tls1_generate_key_block(s,p1,p2,num);
501 OPENSSL_cleanse(p2,num);
502 OPENSSL_free(p2);
503#ifdef TLS_DEBUG
504printf("\nkey block\n");
505{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
506#endif
507
508 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
509 {
510 /* enable vulnerability countermeasure for CBC ciphers with
511 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
512 */
513 s->s3->need_empty_fragments = 1;
514
515 if (s->session->cipher != NULL)
516 {
517 if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
518 s->s3->need_empty_fragments = 0;
519
520#ifndef OPENSSL_NO_RC4
521 if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
522 s->s3->need_empty_fragments = 0;
523#endif
524 }
525 }
526
527 return(1);
528err:
529 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
530 return(0);
531 }
532
533int tls1_enc(SSL *s, int send)
534 {
535 SSL3_RECORD *rec;
536 EVP_CIPHER_CTX *ds;
537 unsigned long l;
538 int bs,i,ii,j,k,n=0;
539 const EVP_CIPHER *enc;
540
541 if (send)
542 {
543 if (s->write_hash != NULL)
544 n=EVP_MD_size(s->write_hash);
545 ds=s->enc_write_ctx;
546 rec= &(s->s3->wrec);
547 if (s->enc_write_ctx == NULL)
548 enc=NULL;
549 else
550 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
551 }
552 else
553 {
554 if (s->read_hash != NULL)
555 n=EVP_MD_size(s->read_hash);
556 ds=s->enc_read_ctx;
557 rec= &(s->s3->rrec);
558 if (s->enc_read_ctx == NULL)
559 enc=NULL;
560 else
561 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
562 }
563
564#ifdef KSSL_DEBUG
565 printf("tls1_enc(%d)\n", send);
566#endif /* KSSL_DEBUG */
567
568 if ((s->session == NULL) || (ds == NULL) ||
569 (enc == NULL))
570 {
571 memmove(rec->data,rec->input,rec->length);
572 rec->input=rec->data;
573 }
574 else
575 {
576 l=rec->length;
577 bs=EVP_CIPHER_block_size(ds->cipher);
578
579 if ((bs != 1) && send)
580 {
581 i=bs-((int)l%bs);
582
583 /* Add weird padding of upto 256 bytes */
584
585 /* we need to add 'i' padding bytes of value j */
586 j=i-1;
587 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
588 {
589 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
590 j++;
591 }
592 for (k=(int)l; k<(int)(l+i); k++)
593 rec->input[k]=j;
594 l+=i;
595 rec->length+=i;
596 }
597
598#ifdef KSSL_DEBUG
599 {
600 unsigned long ui;
601 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
602 (void *)ds,rec->data,rec->input,l);
603 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
604 ds->buf_len, ds->cipher->key_len,
605 (unsigned long)DES_KEY_SZ,
606 (unsigned long)DES_SCHEDULE_SZ,
607 ds->cipher->iv_len);
608 printf("\t\tIV: ");
609 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
610 printf("\n");
611 printf("\trec->input=");
612 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
613 printf("\n");
614 }
615#endif /* KSSL_DEBUG */
616
617 if (!send)
618 {
619 if (l == 0 || l%bs != 0)
620 {
621 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
622 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
623 return 0;
624 }
625 }
626
627 EVP_Cipher(ds,rec->data,rec->input,l);
628
629#ifdef KSSL_DEBUG
630 {
631 unsigned long ki;
632 printf("\trec->data=");
633 for (ki=0; ki<l; i++)
634 printf(" %02x", rec->data[ki]); printf("\n");
635 }
636#endif /* KSSL_DEBUG */
637
638 if ((bs != 1) && !send)
639 {
640 ii=i=rec->data[l-1]; /* padding_length */
641 i++;
642 /* NB: if compression is in operation the first packet
643 * may not be of even length so the padding bug check
644 * cannot be performed. This bug workaround has been
645 * around since SSLeay so hopefully it is either fixed
646 * now or no buggy implementation supports compression
647 * [steve]
648 */
649 if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
650 && !s->expand)
651 {
652 /* First packet is even in size, so check */
653 if ((memcmp(s->s3->read_sequence,
654 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
655 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
656 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
657 i--;
658 }
659 /* TLS 1.0 does not bound the number of padding bytes by the block size.
660 * All of them must have value 'padding_length'. */
661 if (i > (int)rec->length)
662 {
663 /* Incorrect padding. SSLerr() and ssl3_alert are done
664 * by caller: we don't want to reveal whether this is
665 * a decryption error or a MAC verification failure
666 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
667 return -1;
668 }
669 for (j=(int)(l-i); j<(int)l; j++)
670 {
671 if (rec->data[j] != ii)
672 {
673 /* Incorrect padding */
674 return -1;
675 }
676 }
677 rec->length-=i;
678 }
679 }
680 return(1);
681 }
682
683int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
684 {
685 unsigned int ret;
686 EVP_MD_CTX ctx;
687
688 EVP_MD_CTX_init(&ctx);
689 EVP_MD_CTX_copy_ex(&ctx,in_ctx);
690 EVP_DigestFinal_ex(&ctx,out,&ret);
691 EVP_MD_CTX_cleanup(&ctx);
692 return((int)ret);
693 }
694
695int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
696 const char *str, int slen, unsigned char *out)
697 {
698 unsigned int i;
699 EVP_MD_CTX ctx;
700 unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
701 unsigned char *q,buf2[12];
702
703 q=buf;
704 memcpy(q,str,slen);
705 q+=slen;
706
707 EVP_MD_CTX_init(&ctx);
708 EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
709 EVP_DigestFinal_ex(&ctx,q,&i);
710 q+=i;
711 EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
712 EVP_DigestFinal_ex(&ctx,q,&i);
713 q+=i;
714
715 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
716 s->session->master_key,s->session->master_key_length,
717 out,buf2,sizeof buf2);
718 EVP_MD_CTX_cleanup(&ctx);
719
720 return sizeof buf2;
721 }
722
723int tls1_mac(SSL *ssl, unsigned char *md, int send)
724 {
725 SSL3_RECORD *rec;
726 unsigned char *mac_sec,*seq;
727 const EVP_MD *hash;
728 unsigned int md_size;
729 int i;
730 HMAC_CTX hmac;
731 unsigned char buf[5];
732
733 if (send)
734 {
735 rec= &(ssl->s3->wrec);
736 mac_sec= &(ssl->s3->write_mac_secret[0]);
737 seq= &(ssl->s3->write_sequence[0]);
738 hash=ssl->write_hash;
739 }
740 else
741 {
742 rec= &(ssl->s3->rrec);
743 mac_sec= &(ssl->s3->read_mac_secret[0]);
744 seq= &(ssl->s3->read_sequence[0]);
745 hash=ssl->read_hash;
746 }
747
748 md_size=EVP_MD_size(hash);
749
750 buf[0]=rec->type;
751 if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
752 {
753 buf[1]=TLS1_VERSION_MAJOR;
754 buf[2]=TLS1_VERSION_MINOR;
755 }
756 else {
757 buf[1]=(unsigned char)(ssl->version>>8);
758 buf[2]=(unsigned char)(ssl->version);
759 }
760
761 buf[3]=rec->length>>8;
762 buf[4]=rec->length&0xff;
763
764 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
765 HMAC_CTX_init(&hmac);
766 HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
767
768 if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
769 {
770 unsigned char dtlsseq[8],*p=dtlsseq;
771
772 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
773 memcpy (p,&seq[2],6);
774
775 HMAC_Update(&hmac,dtlsseq,8);
776 }
777 else
778 HMAC_Update(&hmac,seq,8);
779
780 HMAC_Update(&hmac,buf,5);
781 HMAC_Update(&hmac,rec->input,rec->length);
782 HMAC_Final(&hmac,md,&md_size);
783 HMAC_CTX_cleanup(&hmac);
784
785#ifdef TLS_DEBUG
786printf("sec=");
787{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
788printf("seq=");
789{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
790printf("buf=");
791{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
792printf("rec=");
793{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
794#endif
795
796 if ( SSL_version(ssl) != DTLS1_VERSION)
797 {
798 for (i=7; i>=0; i--)
799 {
800 ++seq[i];
801 if (seq[i] != 0) break;
802 }
803 }
804
805#ifdef TLS_DEBUG
806{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
807#endif
808 return(md_size);
809 }
810
811int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
812 int len)
813 {
814 unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
815 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
816
817#ifdef KSSL_DEBUG
818 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len);
819#endif /* KSSL_DEBUG */
820
821 /* Setup the stuff to munge */
822 memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
823 TLS_MD_MASTER_SECRET_CONST_SIZE);
824 memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
825 s->s3->client_random,SSL3_RANDOM_SIZE);
826 memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
827 s->s3->server_random,SSL3_RANDOM_SIZE);
828 tls1_PRF(s->ctx->md5,s->ctx->sha1,
829 buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
830 s->session->master_key,buff,sizeof buff);
831#ifdef KSSL_DEBUG
832 printf ("tls1_generate_master_secret() complete\n");
833#endif /* KSSL_DEBUG */
834 return(SSL3_MASTER_SECRET_SIZE);
835 }
836
837int tls1_alert_code(int code)
838 {
839 switch (code)
840 {
841 case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
842 case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
843 case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
844 case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
845 case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
846 case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
847 case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
848 case SSL_AD_NO_CERTIFICATE: return(-1);
849 case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
850 case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
851 case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
852 case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
853 case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
854 case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
855 case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
856 case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
857 case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
858 case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
859 case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
860 case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
861 case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
862 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
863 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
864 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
865#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
866 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
867 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
868#endif
869 default: return(-1);
870 }
871 }
872
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index 9ce726996d..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,878 +0,0 @@
1/* ssl/t1_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/evp.h>
62#include <openssl/hmac.h>
63#include <openssl/ocsp.h>
64#include "ssl_locl.h"
65
66const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
67
68#ifndef OPENSSL_NO_TLSEXT
69static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
70 const unsigned char *sess_id, int sesslen,
71 SSL_SESSION **psess);
72#endif
73
74SSL3_ENC_METHOD TLSv1_enc_data={
75 tls1_enc,
76 tls1_mac,
77 tls1_setup_key_block,
78 tls1_generate_master_secret,
79 tls1_change_cipher_state,
80 tls1_final_finish_mac,
81 TLS1_FINISH_MAC_LENGTH,
82 tls1_cert_verify_mac,
83 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
84 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
85 tls1_alert_code,
86 };
87
88long tls1_default_timeout(void)
89 {
90 /* 2 hours, the 24 hours mentioned in the TLSv1 spec
91 * is way too long for http, the cache would over fill */
92 return(60*60*2);
93 }
94
95IMPLEMENT_tls1_meth_func(tlsv1_base_method,
96 ssl_undefined_function,
97 ssl_undefined_function,
98 ssl_bad_method)
99
100int tls1_new(SSL *s)
101 {
102 if (!ssl3_new(s)) return(0);
103 s->method->ssl_clear(s);
104 return(1);
105 }
106
107void tls1_free(SSL *s)
108 {
109 ssl3_free(s);
110 }
111
112void tls1_clear(SSL *s)
113 {
114 ssl3_clear(s);
115 s->version=TLS1_VERSION;
116 }
117
118#if 0
119long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
120 {
121 return(0);
122 }
123
124long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
125 {
126 return(0);
127 }
128#endif
129
130#ifndef OPENSSL_NO_TLSEXT
131unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
132 {
133 int extdatalen=0;
134 unsigned char *ret = p;
135
136 ret+=2;
137
138 if (ret>=limit) return NULL; /* this really never occurs, but ... */
139
140 if (s->tlsext_hostname != NULL)
141 {
142 /* Add TLS extension servername to the Client Hello message */
143 unsigned long size_str;
144 long lenmax;
145
146 /* check for enough space.
147 4 for the servername type and entension length
148 2 for servernamelist length
149 1 for the hostname type
150 2 for hostname length
151 + hostname length
152 */
153
154 if ((lenmax = limit - ret - 9) < 0
155 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
156 return NULL;
157
158 /* extension type and length */
159 s2n(TLSEXT_TYPE_server_name,ret);
160 s2n(size_str+5,ret);
161
162 /* length of servername list */
163 s2n(size_str+3,ret);
164
165 /* hostname type, length and hostname */
166 *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
167 s2n(size_str,ret);
168 memcpy(ret, s->tlsext_hostname, size_str);
169 ret+=size_str;
170
171 }
172
173 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
174 {
175 int ticklen;
176 if (s->session && s->session->tlsext_tick)
177 ticklen = s->session->tlsext_ticklen;
178 else
179 ticklen = 0;
180 /* Check for enough room 2 for extension type, 2 for len
181 * rest for ticket
182 */
183 if (limit - ret - 4 - ticklen < 0)
184 return NULL;
185 s2n(TLSEXT_TYPE_session_ticket,ret);
186 s2n(ticklen,ret);
187 if (ticklen)
188 {
189 memcpy(ret, s->session->tlsext_tick, ticklen);
190 ret += ticklen;
191 }
192 }
193
194 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
195 {
196 int i;
197 long extlen, idlen, itmp;
198 OCSP_RESPID *id;
199
200 idlen = 0;
201 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
202 {
203 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
204 itmp = i2d_OCSP_RESPID(id, NULL);
205 if (itmp <= 0)
206 return NULL;
207 idlen += itmp + 2;
208 }
209
210 if (s->tlsext_ocsp_exts)
211 {
212 extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
213 if (extlen < 0)
214 return NULL;
215 }
216 else
217 extlen = 0;
218
219 if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
220 s2n(TLSEXT_TYPE_status_request, ret);
221 if (extlen + idlen > 0xFFF0)
222 return NULL;
223 s2n(extlen + idlen + 5, ret);
224 *(ret++) = TLSEXT_STATUSTYPE_ocsp;
225 s2n(idlen, ret);
226 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
227 {
228 /* save position of id len */
229 unsigned char *q = ret;
230 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
231 /* skip over id len */
232 ret += 2;
233 itmp = i2d_OCSP_RESPID(id, &ret);
234 /* write id len */
235 s2n(itmp, q);
236 }
237 s2n(extlen, ret);
238 if (extlen > 0)
239 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
240 }
241
242 if ((extdatalen = ret-p-2)== 0)
243 return p;
244
245 s2n(extdatalen,p);
246 return ret;
247 }
248
249unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
250 {
251 int extdatalen=0;
252 unsigned char *ret = p;
253
254 ret+=2;
255 if (ret>=limit) return NULL; /* this really never occurs, but ... */
256
257 if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
258 {
259 if (limit - ret - 4 < 0) return NULL;
260
261 s2n(TLSEXT_TYPE_server_name,ret);
262 s2n(0,ret);
263 }
264
265 if (s->tlsext_ticket_expected
266 && !(SSL_get_options(s) & SSL_OP_NO_TICKET))
267 {
268 if (limit - ret - 4 < 0) return NULL;
269 s2n(TLSEXT_TYPE_session_ticket,ret);
270 s2n(0,ret);
271 }
272
273 if (s->tlsext_status_expected)
274 {
275 if ((long)(limit - ret - 4) < 0) return NULL;
276 s2n(TLSEXT_TYPE_status_request,ret);
277 s2n(0,ret);
278 }
279
280 if ((extdatalen = ret-p-2)== 0)
281 return p;
282
283 s2n(extdatalen,p);
284 return ret;
285 }
286
287int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
288 {
289 unsigned short type;
290 unsigned short size;
291 unsigned short len;
292 unsigned char *data = *p;
293 s->servername_done = 0;
294 s->tlsext_status_type = -1;
295
296 if (data >= (d+n-2))
297 return 1;
298 n2s(data,len);
299
300 if (data > (d+n-len))
301 return 1;
302
303 while (data <= (d+n-4))
304 {
305 n2s(data,type);
306 n2s(data,size);
307
308 if (data+size > (d+n))
309 return 1;
310
311 if (s->tlsext_debug_cb)
312 s->tlsext_debug_cb(s, 0, type, data, size,
313 s->tlsext_debug_arg);
314/* The servername extension is treated as follows:
315
316 - Only the hostname type is supported with a maximum length of 255.
317 - The servername is rejected if too long or if it contains zeros,
318 in which case an fatal alert is generated.
319 - The servername field is maintained together with the session cache.
320 - When a session is resumed, the servername call back invoked in order
321 to allow the application to position itself to the right context.
322 - The servername is acknowledged if it is new for a session or when
323 it is identical to a previously used for the same session.
324 Applications can control the behaviour. They can at any time
325 set a 'desirable' servername for a new SSL object. This can be the
326 case for example with HTTPS when a Host: header field is received and
327 a renegotiation is requested. In this case, a possible servername
328 presented in the new client hello is only acknowledged if it matches
329 the value of the Host: field.
330 - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
331 if they provide for changing an explicit servername context for the session,
332 i.e. when the session has been established with a servername extension.
333 - On session reconnect, the servername extension may be absent.
334
335*/
336
337 if (type == TLSEXT_TYPE_server_name)
338 {
339 unsigned char *sdata;
340 int servname_type;
341 int dsize;
342
343 if (size < 2)
344 {
345 *al = SSL_AD_DECODE_ERROR;
346 return 0;
347 }
348 n2s(data,dsize);
349 size -= 2;
350 if (dsize > size )
351 {
352 *al = SSL_AD_DECODE_ERROR;
353 return 0;
354 }
355
356 sdata = data;
357 while (dsize > 3)
358 {
359 servname_type = *(sdata++);
360 n2s(sdata,len);
361 dsize -= 3;
362
363 if (len > dsize)
364 {
365 *al = SSL_AD_DECODE_ERROR;
366 return 0;
367 }
368 if (s->servername_done == 0)
369 switch (servname_type)
370 {
371 case TLSEXT_NAMETYPE_host_name:
372 if (s->session->tlsext_hostname == NULL)
373 {
374 if (len > TLSEXT_MAXLEN_host_name ||
375 ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
376 {
377 *al = TLS1_AD_UNRECOGNIZED_NAME;
378 return 0;
379 }
380 memcpy(s->session->tlsext_hostname, sdata, len);
381 s->session->tlsext_hostname[len]='\0';
382 if (strlen(s->session->tlsext_hostname) != len) {
383 OPENSSL_free(s->session->tlsext_hostname);
384 s->session->tlsext_hostname = NULL;
385 *al = TLS1_AD_UNRECOGNIZED_NAME;
386 return 0;
387 }
388 s->servername_done = 1;
389
390 }
391 else
392 s->servername_done = strlen(s->session->tlsext_hostname) == len
393 && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
394
395 break;
396
397 default:
398 break;
399 }
400
401 dsize -= len;
402 }
403 if (dsize != 0)
404 {
405 *al = SSL_AD_DECODE_ERROR;
406 return 0;
407 }
408
409 }
410 else if (type == TLSEXT_TYPE_status_request
411 && s->ctx->tlsext_status_cb)
412 {
413
414 if (size < 5)
415 {
416 *al = SSL_AD_DECODE_ERROR;
417 return 0;
418 }
419
420 s->tlsext_status_type = *data++;
421 size--;
422 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
423 {
424 const unsigned char *sdata;
425 int dsize;
426 /* Read in responder_id_list */
427 n2s(data,dsize);
428 size -= 2;
429 if (dsize > size )
430 {
431 *al = SSL_AD_DECODE_ERROR;
432 return 0;
433 }
434 while (dsize > 0)
435 {
436 OCSP_RESPID *id;
437 int idsize;
438 if (dsize < 4)
439 {
440 *al = SSL_AD_DECODE_ERROR;
441 return 0;
442 }
443 n2s(data, idsize);
444 dsize -= 2 + idsize;
445 if (dsize < 0)
446 {
447 *al = SSL_AD_DECODE_ERROR;
448 return 0;
449 }
450 sdata = data;
451 data += idsize;
452 id = d2i_OCSP_RESPID(NULL,
453 &sdata, idsize);
454 if (!id)
455 {
456 *al = SSL_AD_DECODE_ERROR;
457 return 0;
458 }
459 if (data != sdata)
460 {
461 OCSP_RESPID_free(id);
462 *al = SSL_AD_DECODE_ERROR;
463 return 0;
464 }
465 if (!s->tlsext_ocsp_ids
466 && !(s->tlsext_ocsp_ids =
467 sk_OCSP_RESPID_new_null()))
468 {
469 OCSP_RESPID_free(id);
470 *al = SSL_AD_INTERNAL_ERROR;
471 return 0;
472 }
473 if (!sk_OCSP_RESPID_push(
474 s->tlsext_ocsp_ids, id))
475 {
476 OCSP_RESPID_free(id);
477 *al = SSL_AD_INTERNAL_ERROR;
478 return 0;
479 }
480 }
481
482 /* Read in request_extensions */
483 n2s(data,dsize);
484 size -= 2;
485 if (dsize > size)
486 {
487 *al = SSL_AD_DECODE_ERROR;
488 return 0;
489 }
490 sdata = data;
491 if (dsize > 0)
492 {
493 s->tlsext_ocsp_exts =
494 d2i_X509_EXTENSIONS(NULL,
495 &sdata, dsize);
496 if (!s->tlsext_ocsp_exts
497 || (data + dsize != sdata))
498 {
499 *al = SSL_AD_DECODE_ERROR;
500 return 0;
501 }
502 }
503 }
504 /* We don't know what to do with any other type
505 * so ignore it.
506 */
507 else
508 s->tlsext_status_type = -1;
509 }
510 /* session ticket processed earlier */
511
512 data+=size;
513 }
514
515 *p = data;
516 return 1;
517 }
518
519int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
520 {
521 unsigned short type;
522 unsigned short size;
523 unsigned short len;
524 unsigned char *data = *p;
525
526 int tlsext_servername = 0;
527
528 if (data >= (d+n-2))
529 return 1;
530
531 n2s(data,len);
532
533 while(data <= (d+n-4))
534 {
535 n2s(data,type);
536 n2s(data,size);
537
538 if (data+size > (d+n))
539 return 1;
540
541 if (s->tlsext_debug_cb)
542 s->tlsext_debug_cb(s, 1, type, data, size,
543 s->tlsext_debug_arg);
544
545 if (type == TLSEXT_TYPE_server_name)
546 {
547 if (s->tlsext_hostname == NULL || size > 0)
548 {
549 *al = TLS1_AD_UNRECOGNIZED_NAME;
550 return 0;
551 }
552 tlsext_servername = 1;
553 }
554 else if (type == TLSEXT_TYPE_session_ticket)
555 {
556 if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
557 || (size > 0))
558 {
559 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
560 return 0;
561 }
562 s->tlsext_ticket_expected = 1;
563 }
564 else if (type == TLSEXT_TYPE_status_request)
565 {
566 /* MUST be empty and only sent if we've requested
567 * a status request message.
568 */
569 if ((s->tlsext_status_type == -1) || (size > 0))
570 {
571 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
572 return 0;
573 }
574 /* Set flag to expect CertificateStatus message */
575 s->tlsext_status_expected = 1;
576 }
577
578 data+=size;
579 }
580
581 if (data != d+n)
582 {
583 *al = SSL_AD_DECODE_ERROR;
584 return 0;
585 }
586
587 if (!s->hit && tlsext_servername == 1)
588 {
589 if (s->tlsext_hostname)
590 {
591 if (s->session->tlsext_hostname == NULL)
592 {
593 s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
594 if (!s->session->tlsext_hostname)
595 {
596 *al = SSL_AD_UNRECOGNIZED_NAME;
597 return 0;
598 }
599 }
600 else
601 {
602 *al = SSL_AD_DECODE_ERROR;
603 return 0;
604 }
605 }
606 }
607
608 *p = data;
609 return 1;
610 }
611
612int ssl_check_clienthello_tlsext(SSL *s)
613 {
614 int ret=SSL_TLSEXT_ERR_NOACK;
615 int al = SSL_AD_UNRECOGNIZED_NAME;
616
617 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
618 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
619 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
620 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
621
622 /* If status request then ask callback what to do.
623 * Note: this must be called after servername callbacks in case
624 * the certificate has changed.
625 */
626 if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
627 {
628 int r;
629 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
630 switch (r)
631 {
632 /* We don't want to send a status request response */
633 case SSL_TLSEXT_ERR_NOACK:
634 s->tlsext_status_expected = 0;
635 break;
636 /* status request response should be sent */
637 case SSL_TLSEXT_ERR_OK:
638 if (s->tlsext_ocsp_resp)
639 s->tlsext_status_expected = 1;
640 else
641 s->tlsext_status_expected = 0;
642 break;
643 /* something bad happened */
644 case SSL_TLSEXT_ERR_ALERT_FATAL:
645 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
646 al = SSL_AD_INTERNAL_ERROR;
647 goto err;
648 }
649 }
650 else
651 s->tlsext_status_expected = 0;
652 err:
653 switch (ret)
654 {
655 case SSL_TLSEXT_ERR_ALERT_FATAL:
656 ssl3_send_alert(s,SSL3_AL_FATAL,al);
657 return -1;
658
659 case SSL_TLSEXT_ERR_ALERT_WARNING:
660 ssl3_send_alert(s,SSL3_AL_WARNING,al);
661 return 1;
662
663 case SSL_TLSEXT_ERR_NOACK:
664 s->servername_done=0;
665 default:
666 return 1;
667 }
668 }
669
670int ssl_check_serverhello_tlsext(SSL *s)
671 {
672 int ret=SSL_TLSEXT_ERR_NOACK;
673 int al = SSL_AD_UNRECOGNIZED_NAME;
674
675 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
676 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
677 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
678 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
679
680 /* If we've requested certificate status and we wont get one
681 * tell the callback
682 */
683 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
684 && s->ctx->tlsext_status_cb)
685 {
686 int r;
687 /* Set resp to NULL, resplen to -1 so callback knows
688 * there is no response.
689 */
690 if (s->tlsext_ocsp_resp)
691 {
692 OPENSSL_free(s->tlsext_ocsp_resp);
693 s->tlsext_ocsp_resp = NULL;
694 }
695 s->tlsext_ocsp_resplen = -1;
696 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
697 if (r == 0)
698 {
699 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
700 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
701 }
702 if (r < 0)
703 {
704 al = SSL_AD_INTERNAL_ERROR;
705 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
706 }
707 }
708
709 switch (ret)
710 {
711 case SSL_TLSEXT_ERR_ALERT_FATAL:
712 ssl3_send_alert(s,SSL3_AL_FATAL,al);
713 return -1;
714
715 case SSL_TLSEXT_ERR_ALERT_WARNING:
716 ssl3_send_alert(s,SSL3_AL_WARNING,al);
717 return 1;
718
719 case SSL_TLSEXT_ERR_NOACK:
720 s->servername_done=0;
721 default:
722 return 1;
723 }
724 }
725
726/* Since the server cache lookup is done early on in the processing of client
727 * hello and other operations depend on the result we need to handle any TLS
728 * session ticket extension at the same time.
729 */
730
731int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
732 const unsigned char *limit, SSL_SESSION **ret)
733 {
734 /* Point after session ID in client hello */
735 const unsigned char *p = session_id + len;
736 unsigned short i;
737
738 /* If tickets disabled behave as if no ticket present
739 * to permit stateful resumption.
740 */
741 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
742 return 1;
743
744 if ((s->version <= SSL3_VERSION) || !limit)
745 return 1;
746 if (p >= limit)
747 return -1;
748 /* Skip past cipher list */
749 n2s(p, i);
750 p+= i;
751 if (p >= limit)
752 return -1;
753 /* Skip past compression algorithm list */
754 i = *(p++);
755 p += i;
756 if (p > limit)
757 return -1;
758 /* Now at start of extensions */
759 if ((p + 2) >= limit)
760 return 1;
761 n2s(p, i);
762 while ((p + 4) <= limit)
763 {
764 unsigned short type, size;
765 n2s(p, type);
766 n2s(p, size);
767 if (p + size > limit)
768 return 1;
769 if (type == TLSEXT_TYPE_session_ticket)
770 {
771 /* If zero length note client will accept a ticket
772 * and indicate cache miss to trigger full handshake
773 */
774 if (size == 0)
775 {
776 s->tlsext_ticket_expected = 1;
777 return 0; /* Cache miss */
778 }
779 return tls_decrypt_ticket(s, p, size, session_id, len,
780 ret);
781 }
782 p += size;
783 }
784 return 1;
785 }
786
787static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
788 const unsigned char *sess_id, int sesslen,
789 SSL_SESSION **psess)
790 {
791 SSL_SESSION *sess;
792 unsigned char *sdec;
793 const unsigned char *p;
794 int slen, mlen, renew_ticket = 0;
795 unsigned char tick_hmac[EVP_MAX_MD_SIZE];
796 HMAC_CTX hctx;
797 EVP_CIPHER_CTX ctx;
798 /* Need at least keyname + iv + some encrypted data */
799 if (eticklen < 48)
800 goto tickerr;
801 /* Initialize session ticket encryption and HMAC contexts */
802 HMAC_CTX_init(&hctx);
803 EVP_CIPHER_CTX_init(&ctx);
804 if (s->ctx->tlsext_ticket_key_cb)
805 {
806 unsigned char *nctick = (unsigned char *)etick;
807 int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
808 &ctx, &hctx, 0);
809 if (rv < 0)
810 return -1;
811 if (rv == 0)
812 goto tickerr;
813 if (rv == 2)
814 renew_ticket = 1;
815 }
816 else
817 {
818 /* Check key name matches */
819 if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
820 goto tickerr;
821 HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
822 tlsext_tick_md(), NULL);
823 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
824 s->ctx->tlsext_tick_aes_key, etick + 16);
825 }
826 /* Attempt to process session ticket, first conduct sanity and
827 * integrity checks on ticket.
828 */
829 mlen = HMAC_size(&hctx);
830 eticklen -= mlen;
831 /* Check HMAC of encrypted ticket */
832 HMAC_Update(&hctx, etick, eticklen);
833 HMAC_Final(&hctx, tick_hmac, NULL);
834 HMAC_CTX_cleanup(&hctx);
835 if (memcmp(tick_hmac, etick + eticklen, mlen))
836 goto tickerr;
837 /* Attempt to decrypt session data */
838 /* Move p after IV to start of encrypted ticket, update length */
839 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
840 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
841 sdec = OPENSSL_malloc(eticklen);
842 if (!sdec)
843 {
844 EVP_CIPHER_CTX_cleanup(&ctx);
845 return -1;
846 }
847 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
848 if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
849 goto tickerr;
850 slen += mlen;
851 EVP_CIPHER_CTX_cleanup(&ctx);
852 p = sdec;
853
854 sess = d2i_SSL_SESSION(NULL, &p, slen);
855 OPENSSL_free(sdec);
856 if (sess)
857 {
858 /* The session ID if non-empty is used by some clients to
859 * detect that the ticket has been accepted. So we copy it to
860 * the session structure. If it is empty set length to zero
861 * as required by standard.
862 */
863 if (sesslen)
864 memcpy(sess->session_id, sess_id, sesslen);
865 sess->session_id_length = sesslen;
866 *psess = sess;
867 s->tlsext_ticket_expected = renew_ticket;
868 return 1;
869 }
870 /* If session decrypt failure indicate a cache miss and set state to
871 * send a new ticket
872 */
873 tickerr:
874 s->tlsext_ticket_expected = 1;
875 return 0;
876 }
877
878#endif
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
deleted file mode 100644
index f5d8df634e..0000000000
--- a/src/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,76 +0,0 @@
1/* ssl/t1_meth.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63static SSL_METHOD *tls1_get_method(int ver);
64static SSL_METHOD *tls1_get_method(int ver)
65 {
66 if (ver == TLS1_VERSION)
67 return(TLSv1_method());
68 else
69 return(NULL);
70 }
71
72IMPLEMENT_tls1_meth_func(TLSv1_method,
73 ssl3_accept,
74 ssl3_connect,
75 tls1_get_method)
76
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
deleted file mode 100644
index b75636abba..0000000000
--- a/src/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,80 +0,0 @@
1/* ssl/t1_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67static SSL_METHOD *tls1_get_server_method(int ver);
68static SSL_METHOD *tls1_get_server_method(int ver)
69 {
70 if (ver == TLS1_VERSION)
71 return(TLSv1_server_method());
72 else
73 return(NULL);
74 }
75
76IMPLEMENT_tls1_meth_func(TLSv1_server_method,
77 ssl3_accept,
78 ssl_undefined_function,
79 tls1_get_server_method)
80
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 546e660626..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha1
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
24commonName = Common Name (eg, YOUR name)
25commonName_value = Dodgy CA
26
27####################################################################
28[ ca ]
29default_ca = CA_default # The default ca section
30
31####################################################################
32[ CA_default ]
33
34dir = ./demoCA # Where everything is kept
35certs = $dir/certs # Where the issued certs are kept
36crl_dir = $dir/crl # Where the issued crl are kept
37database = $dir/index.txt # database index file.
38#unique_subject = no # Set to 'no' to allow creation of
39 # several ctificates with same subject.
40new_certs_dir = $dir/newcerts # default place for new certs.
41
42certificate = $dir/cacert.pem # The CA certificate
43serial = $dir/serial # The current serial number
44crl = $dir/crl.pem # The current CRL
45private_key = $dir/private/cakey.pem# The private key
46RANDFILE = $dir/private/.rand # private random number file
47
48x509_extensions = v3_ca # The extentions to add to the cert
49
50name_opt = ca_default # Subject Name options
51cert_opt = ca_default # Certificate field options
52
53default_days = 365 # how long to certify for
54default_crl_days= 30 # how long before next CRL
55default_md = md5 # which md to use.
56preserve = no # keep passed DN ordering
57
58policy = policy_anything
59
60[ policy_anything ]
61countryName = optional
62stateOrProvinceName = optional
63localityName = optional
64organizationName = optional
65organizationalUnitName = optional
66commonName = supplied
67emailAddress = optional
68
69
70
71[ v3_ca ]
72subjectKeyIdentifier=hash
73authorityKeyIdentifier=keyid:always,issuer:always
74basicConstraints = CA:true,pathlen:1
75keyUsage = cRLSign, keyCertSign
76issuerAltName=issuer:copy
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DH certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CU
17countryName_value = CU
18
19organizationName = Organization Name (eg, company)
20organizationName_value = La Junta de la Revolucion
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Junta
24
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
24
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 876a0d35f8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 512
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
33[ v3_proxy ]
34basicConstraints=CA:FALSE
35subjectKeyIdentifier=hash
36authorityKeyIdentifier=keyid,issuer:always
37proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 373a87e7c2..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 512
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
333.commonName = Common Name (eg, YOUR name)
343.commonName_value = Proxy 2
35
36[ v3_proxy ]
37basicConstraints=CA:FALSE
38subjectKeyIdentifier=hash
39authorityKeyIdentifier=keyid,issuer:always
40proxyCertInfo=critical,@proxy_ext
41
42[ proxy_ext ]
43language=id-ppl-anyLanguage
44pathlen=0
45policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
27
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 98b2e054b7..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
30[ v3_ee ]
31subjectKeyIdentifier=hash
32authorityKeyIdentifier=keyid,issuer:always
33basicConstraints = CA:false
34keyUsage = nonRepudiation, digitalSignature, keyEncipherment
35issuerAltName=issuer:copy
36
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
1
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
1y
2y
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index bdb3218f7a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
deleted file mode 100644
index 2e95b48ba4..0000000000
--- a/src/lib/libssl/test/cms-examples.pl
+++ /dev/null
@@ -1,409 +0,0 @@
1# test/cms-examples.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl script to run tests against S/MIME examples in RFC4134
54# Assumes RFC is in current directory and called "rfc4134.txt"
55
56use MIME::Base64;
57
58my $badttest = 0;
59my $verbose = 1;
60
61my $cmscmd;
62my $exdir = "./";
63my $exfile = "./rfc4134.txt";
64
65if (-f "../apps/openssl")
66 {
67 $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
68 }
69elsif (-f "..\\out32dll\\openssl.exe")
70 {
71 $cmscmd = "..\\out32dll\\openssl.exe cms";
72 }
73elsif (-f "..\\out32\\openssl.exe")
74 {
75 $cmscmd = "..\\out32\\openssl.exe cms";
76 }
77
78my @test_list = (
79 [ "3.1.bin" => "dataout" ],
80 [ "3.2.bin" => "encode, dataout" ],
81 [ "4.1.bin" => "encode, verifyder, cont, dss" ],
82 [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
83 [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
84 [ "4.4.bin" => "encode, verifyder, cont, dss" ],
85 [ "4.5.bin" => "verifyder, cont, rsa" ],
86 [ "4.6.bin" => "encode, verifyder, cont, dss" ],
87 [ "4.7.bin" => "encode, verifyder, cont, dss" ],
88 [ "4.8.eml" => "verifymime, dss" ],
89 [ "4.9.eml" => "verifymime, dss" ],
90 [ "4.10.bin" => "encode, verifyder, cont, dss" ],
91 [ "4.11.bin" => "encode, certsout" ],
92 [ "5.1.bin" => "encode, envelopeder, cont" ],
93 [ "5.2.bin" => "encode, envelopeder, cont" ],
94 [ "5.3.eml" => "envelopemime, cont" ],
95 [ "6.0.bin" => "encode, digest, cont" ],
96 [ "7.1.bin" => "encode, encrypted, cont" ],
97 [ "7.2.bin" => "encode, encrypted, cont" ]
98);
99
100# Extract examples from RFC4134 text.
101# Base64 decode all examples, certificates and
102# private keys are converted to PEM format.
103
104my ( $filename, $data );
105
106my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
107
108$data = "";
109
110open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
111
112while (<IN>) {
113 next unless (/^\|/);
114 s/^\|//;
115 next if (/^\*/);
116 if (/^>(.*)$/) {
117 $filename = $1;
118 next;
119 }
120 if (/^</) {
121 $filename = "$exdir/$filename";
122 if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
123 $data = decode_base64($data);
124 open OUT, ">$filename";
125 binmode OUT;
126 print OUT $data;
127 close OUT;
128 push @cleanup, $filename;
129 }
130 elsif ( $filename =~ /\.cer$/ ) {
131 write_pem( $filename, "CERTIFICATE", $data );
132 }
133 elsif ( $filename =~ /\.pri$/ ) {
134 write_pem( $filename, "PRIVATE KEY", $data );
135 }
136 $data = "";
137 $filename = "";
138 }
139 else {
140 $data .= $_;
141 }
142
143}
144
145my $secretkey =
146 "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
147
148foreach (@test_list) {
149 my ( $file, $tlist ) = @$_;
150 print "Example file $file:\n";
151 if ( $tlist =~ /encode/ ) {
152 run_reencode_test( $exdir, $file );
153 }
154 if ( $tlist =~ /certsout/ ) {
155 run_certsout_test( $exdir, $file );
156 }
157 if ( $tlist =~ /dataout/ ) {
158 run_dataout_test( $exdir, $file );
159 }
160 if ( $tlist =~ /verify/ ) {
161 run_verify_test( $exdir, $tlist, $file );
162 }
163 if ( $tlist =~ /digest/ ) {
164 run_digest_test( $exdir, $tlist, $file );
165 }
166 if ( $tlist =~ /encrypted/ ) {
167 run_encrypted_test( $exdir, $tlist, $file, $secretkey );
168 }
169 if ( $tlist =~ /envelope/ ) {
170 run_envelope_test( $exdir, $tlist, $file );
171 }
172
173}
174
175foreach (@cleanup) {
176 unlink $_;
177}
178
179if ($badtest) {
180 print "\n$badtest TESTS FAILED!!\n";
181}
182else {
183 print "\n***All tests successful***\n";
184}
185
186sub write_pem {
187 my ( $filename, $str, $data ) = @_;
188
189 $filename =~ s/\.[^.]*$/.pem/;
190
191 push @cleanup, $filename;
192
193 open OUT, ">$filename";
194
195 print OUT "-----BEGIN $str-----\n";
196 print OUT $data;
197 print OUT "-----END $str-----\n";
198
199 close OUT;
200}
201
202sub run_reencode_test {
203 my ( $cmsdir, $tfile ) = @_;
204 unlink "tmp.der";
205
206 system( "$cmscmd -cmsout -inform DER -outform DER"
207 . " -in $cmsdir/$tfile -out tmp.der" );
208
209 if ($?) {
210 print "\tReencode command FAILED!!\n";
211 $badtest++;
212 }
213 elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
214 print "\tReencode FAILED!!\n";
215 $badtest++;
216 }
217 else {
218 print "\tReencode passed\n" if $verbose;
219 }
220}
221
222sub run_certsout_test {
223 my ( $cmsdir, $tfile ) = @_;
224 unlink "tmp.der";
225 unlink "tmp.pem";
226
227 system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
228 . " -in $cmsdir/$tfile -out tmp.der" );
229
230 if ($?) {
231 print "\tCertificate output command FAILED!!\n";
232 $badtest++;
233 }
234 else {
235 print "\tCertificate output passed\n" if $verbose;
236 }
237}
238
239sub run_dataout_test {
240 my ( $cmsdir, $tfile ) = @_;
241 unlink "tmp.txt";
242
243 system(
244 "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
245
246 if ($?) {
247 print "\tDataout command FAILED!!\n";
248 $badtest++;
249 }
250 elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
251 print "\tDataout compare FAILED!!\n";
252 $badtest++;
253 }
254 else {
255 print "\tDataout passed\n" if $verbose;
256 }
257}
258
259sub run_verify_test {
260 my ( $cmsdir, $tlist, $tfile ) = @_;
261 unlink "tmp.txt";
262
263 $form = "DER" if $tlist =~ /verifyder/;
264 $form = "SMIME" if $tlist =~ /verifymime/;
265 $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
266 $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
267
268 $cmd =
269 "$cmscmd -verify -inform $form"
270 . " -CAfile $cafile"
271 . " -in $cmsdir/$tfile -out tmp.txt";
272
273 $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
274
275 system("$cmd 2>cms.err 1>cms.out");
276
277 if ($?) {
278 print "\tVerify command FAILED!!\n";
279 $badtest++;
280 }
281 elsif ( $tlist =~ /cont/
282 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
283 {
284 print "\tVerify content compare FAILED!!\n";
285 $badtest++;
286 }
287 else {
288 print "\tVerify passed\n" if $verbose;
289 }
290}
291
292sub run_envelope_test {
293 my ( $cmsdir, $tlist, $tfile ) = @_;
294 unlink "tmp.txt";
295
296 $form = "DER" if $tlist =~ /envelopeder/;
297 $form = "SMIME" if $tlist =~ /envelopemime/;
298
299 $cmd =
300 "$cmscmd -decrypt -inform $form"
301 . " -recip $cmsdir/BobRSASignByCarl.pem"
302 . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
303 . " -in $cmsdir/$tfile -out tmp.txt";
304
305 system("$cmd 2>cms.err 1>cms.out");
306
307 if ($?) {
308 print "\tDecrypt command FAILED!!\n";
309 $badtest++;
310 }
311 elsif ( $tlist =~ /cont/
312 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
313 {
314 print "\tDecrypt content compare FAILED!!\n";
315 $badtest++;
316 }
317 else {
318 print "\tDecrypt passed\n" if $verbose;
319 }
320}
321
322sub run_digest_test {
323 my ( $cmsdir, $tlist, $tfile ) = @_;
324 unlink "tmp.txt";
325
326 my $cmd =
327 "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
328
329 system("$cmd 2>cms.err 1>cms.out");
330
331 if ($?) {
332 print "\tDigest verify command FAILED!!\n";
333 $badtest++;
334 }
335 elsif ( $tlist =~ /cont/
336 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
337 {
338 print "\tDigest verify content compare FAILED!!\n";
339 $badtest++;
340 }
341 else {
342 print "\tDigest verify passed\n" if $verbose;
343 }
344}
345
346sub run_encrypted_test {
347 my ( $cmsdir, $tlist, $tfile, $key ) = @_;
348 unlink "tmp.txt";
349
350 system( "$cmscmd -EncryptedData_decrypt -inform DER"
351 . " -secretkey $key"
352 . " -in $cmsdir/$tfile -out tmp.txt" );
353
354 if ($?) {
355 print "\tEncrypted Data command FAILED!!\n";
356 $badtest++;
357 }
358 elsif ( $tlist =~ /cont/
359 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
360 {
361 print "\tEncrypted Data content compare FAILED!!\n";
362 $badtest++;
363 }
364 else {
365 print "\tEncryptedData verify passed\n" if $verbose;
366 }
367}
368
369sub cmp_files {
370 my ( $f1, $f2 ) = @_;
371 my ( $fp1, $fp2 );
372
373 my ( $rd1, $rd2 );
374
375 if ( !open( $fp1, "<$f1" ) ) {
376 print STDERR "Can't Open file $f1\n";
377 return 0;
378 }
379
380 if ( !open( $fp2, "<$f2" ) ) {
381 print STDERR "Can't Open file $f2\n";
382 return 0;
383 }
384
385 binmode $fp1;
386 binmode $fp2;
387
388 my $ret = 0;
389
390 for ( ; ; ) {
391 $n1 = sysread $fp1, $rd1, 4096;
392 $n2 = sysread $fp2, $rd2, 4096;
393 last if ( $n1 != $n2 );
394 last if ( $rd1 ne $rd2 );
395
396 if ( $n1 == 0 ) {
397 $ret = 1;
398 last;
399 }
400
401 }
402
403 close $fp1;
404 close $fp2;
405
406 return $ret;
407
408}
409
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
deleted file mode 100644
index a84e089ddc..0000000000
--- a/src/lib/libssl/test/cms-test.pl
+++ /dev/null
@@ -1,453 +0,0 @@
1# test/cms-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# CMS, PKCS7 consistency test script. Run extensive tests on
54# OpenSSL PKCS#7 and CMS implementations.
55
56my $ossl_path;
57
58if ( -f "../apps/openssl" ) {
59 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
60}
61elsif ( -f "..\\out32dll\\openssl.exe" ) {
62 $ossl_path = "..\\out32dll\\openssl.exe";
63}
64elsif ( -f "..\\out32\\openssl.exe" ) {
65 $ossl_path = "..\\out32\\openssl.exe";
66}
67else {
68 die "Can't find OpenSSL executable";
69}
70
71my $pk7cmd = "$ossl_path smime ";
72my $cmscmd = "$ossl_path cms ";
73my $smdir = "smime-certs";
74my $halt_err = 1;
75
76my $badcmd = 0;
77my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
78
79my @smime_pkcs7_tests = (
80
81 [
82 "signed content DER format, RSA key",
83 "-sign -in smcont.txt -outform DER -nodetach"
84 . " -certfile $smdir/smroot.pem"
85 . " -signer $smdir/smrsa1.pem -out test.cms",
86 "-verify -in test.cms -inform DER "
87 . " -CAfile $smdir/smroot.pem -out smtst.txt"
88 ],
89
90 [
91 "signed detached content DER format, RSA key",
92 "-sign -in smcont.txt -outform DER"
93 . " -signer $smdir/smrsa1.pem -out test.cms",
94 "-verify -in test.cms -inform DER "
95 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
96 ],
97
98 [
99 "signed content test streaming BER format, RSA",
100 "-sign -in smcont.txt -outform DER -nodetach"
101 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
102 "-verify -in test.cms -inform DER "
103 . " -CAfile $smdir/smroot.pem -out smtst.txt"
104 ],
105
106 [
107 "signed content DER format, DSA key",
108 "-sign -in smcont.txt -outform DER -nodetach"
109 . " -signer $smdir/smdsa1.pem -out test.cms",
110 "-verify -in test.cms -inform DER "
111 . " -CAfile $smdir/smroot.pem -out smtst.txt"
112 ],
113
114 [
115 "signed detached content DER format, DSA key",
116 "-sign -in smcont.txt -outform DER"
117 . " -signer $smdir/smdsa1.pem -out test.cms",
118 "-verify -in test.cms -inform DER "
119 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
120 ],
121
122 [
123 "signed detached content DER format, add RSA signer",
124 "-resign -inform DER -in test.cms -outform DER"
125 . " -signer $smdir/smrsa1.pem -out test2.cms",
126 "-verify -in test2.cms -inform DER "
127 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
128 ],
129
130 [
131 "signed content test streaming BER format, DSA key",
132 "-sign -in smcont.txt -outform DER -nodetach"
133 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
134 "-verify -in test.cms -inform DER "
135 . " -CAfile $smdir/smroot.pem -out smtst.txt"
136 ],
137
138 [
139 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
140 "-sign -in smcont.txt -outform DER -nodetach"
141 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
142 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
143 . " -stream -out test.cms",
144 "-verify -in test.cms -inform DER "
145 . " -CAfile $smdir/smroot.pem -out smtst.txt"
146 ],
147
148 [
149"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
150 "-sign -in smcont.txt -outform DER -noattr -nodetach"
151 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
152 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
153 . " -stream -out test.cms",
154 "-verify -in test.cms -inform DER "
155 . " -CAfile $smdir/smroot.pem -out smtst.txt"
156 ],
157
158 [
159 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
160 "-sign -in smcont.txt -nodetach"
161 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
162 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
163 . " -stream -out test.cms",
164 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
165 ],
166
167 [
168"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
169 "-sign -in smcont.txt"
170 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
171 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
172 . " -stream -out test.cms",
173 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
174 ],
175
176 [
177 "enveloped content test streaming S/MIME format, 3 recipients",
178 "-encrypt -in smcont.txt"
179 . " -stream -out test.cms"
180 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
181 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
182 ],
183
184 [
185"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
186 "-encrypt -in smcont.txt"
187 . " -stream -out test.cms"
188 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
189 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
190 ],
191
192 [
193"enveloped content test streaming S/MIME format, 3 recipients, key only used",
194 "-encrypt -in smcont.txt"
195 . " -stream -out test.cms"
196 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
197 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
198 ],
199
200 [
201"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
202 "-encrypt -in smcont.txt"
203 . " -aes256 -stream -out test.cms"
204 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
205 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
206 ],
207
208);
209
210my @smime_cms_tests = (
211
212 [
213 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
214 "-sign -in smcont.txt -outform DER -nodetach -keyid"
215 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
216 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
217 . " -stream -out test.cms",
218 "-verify -in test.cms -inform DER "
219 . " -CAfile $smdir/smroot.pem -out smtst.txt"
220 ],
221
222 [
223 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
224 "-sign -in smcont.txt -outform PEM -nodetach"
225 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
226 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
227 . " -stream -out test.cms",
228 "-verify -in test.cms -inform PEM "
229 . " -CAfile $smdir/smroot.pem -out smtst.txt"
230 ],
231
232 [
233 "signed content MIME format, RSA key, signed receipt request",
234 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
235 . " -receipt_request_to test@openssl.org -receipt_request_all"
236 . " -out test.cms",
237 "-verify -in test.cms "
238 . " -CAfile $smdir/smroot.pem -out smtst.txt"
239 ],
240
241 [
242 "signed receipt MIME format, RSA key",
243 "-sign_receipt -in test.cms"
244 . " -signer $smdir/smrsa2.pem"
245 . " -out test2.cms",
246 "-verify_receipt test2.cms -in test.cms"
247 . " -CAfile $smdir/smroot.pem"
248 ],
249
250 [
251 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
252 "-encrypt -in smcont.txt"
253 . " -stream -out test.cms -keyid"
254 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
255 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
256 ],
257
258 [
259 "enveloped content test streaming PEM format, KEK",
260 "-encrypt -in smcont.txt -outform PEM -aes128"
261 . " -stream -out test.cms "
262 . " -secretkey 000102030405060708090A0B0C0D0E0F "
263 . " -secretkeyid C0FEE0",
264 "-decrypt -in test.cms -out smtst.txt -inform PEM"
265 . " -secretkey 000102030405060708090A0B0C0D0E0F "
266 . " -secretkeyid C0FEE0"
267 ],
268
269 [
270 "enveloped content test streaming PEM format, KEK, key only",
271 "-encrypt -in smcont.txt -outform PEM -aes128"
272 . " -stream -out test.cms "
273 . " -secretkey 000102030405060708090A0B0C0D0E0F "
274 . " -secretkeyid C0FEE0",
275 "-decrypt -in test.cms -out smtst.txt -inform PEM"
276 . " -secretkey 000102030405060708090A0B0C0D0E0F "
277 ],
278
279 [
280 "data content test streaming PEM format",
281 "-data_create -in smcont.txt -outform PEM -nodetach"
282 . " -stream -out test.cms",
283 "-data_out -in test.cms -inform PEM -out smtst.txt"
284 ],
285
286 [
287 "encrypted content test streaming PEM format, 128 bit RC2 key",
288 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
289 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
290 . " -stream -out test.cms",
291 "-EncryptedData_decrypt -in test.cms -inform PEM "
292 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
293 ],
294
295 [
296 "encrypted content test streaming PEM format, 40 bit RC2 key",
297 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
298 . " -rc2 -secretkey 0001020304"
299 . " -stream -out test.cms",
300 "-EncryptedData_decrypt -in test.cms -inform PEM "
301 . " -secretkey 0001020304 -out smtst.txt"
302 ],
303
304 [
305 "encrypted content test streaming PEM format, triple DES key",
306 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
307 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
308 . " -stream -out test.cms",
309 "-EncryptedData_decrypt -in test.cms -inform PEM "
310 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
311 . " -out smtst.txt"
312 ],
313
314 [
315 "encrypted content test streaming PEM format, 128 bit AES key",
316 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
317 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
318 . " -stream -out test.cms",
319 "-EncryptedData_decrypt -in test.cms -inform PEM "
320 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
321 ],
322
323);
324
325my @smime_cms_comp_tests = (
326
327 [
328 "compressed content test streaming PEM format",
329 "-compress -in smcont.txt -outform PEM -nodetach"
330 . " -stream -out test.cms",
331 "-uncompress -in test.cms -inform PEM -out smtst.txt"
332 ]
333
334);
335
336print "PKCS#7 <=> PKCS#7 consistency tests\n";
337
338run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd );
339
340print "CMS => PKCS#7 compatibility tests\n";
341
342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
343
344print "CMS <= PKCS#7 compatibility tests\n";
345
346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
347
348print "CMS <=> CMS consistency tests\n";
349
350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
351run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
352
353if ( `$ossl_path version -f` =~ /ZLIB/ ) {
354 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
355}
356else {
357 print "Zlib not supported: compression tests skipped\n";
358}
359
360print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
361
362if ($badcmd) {
363 print "$badcmd TESTS FAILED!!\n";
364}
365else {
366 print "ALL TESTS SUCCESSFUL.\n";
367}
368
369unlink "test.cms";
370unlink "test2.cms";
371unlink "smtst.txt";
372unlink "cms.out";
373unlink "cms.err";
374
375sub run_smime_tests {
376 my ( $rv, $aref, $scmd, $vcmd ) = @_;
377
378 foreach $smtst (@$aref) {
379 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
380 if ($ossl8)
381 {
382 # Skip smime resign: 0.9.8 smime doesn't support -resign
383 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
384 # Disable streaming: option not supported in 0.9.8
385 $tnam =~ s/streaming//;
386 $rscmd =~ s/-stream//;
387 $rvcmd =~ s/-stream//;
388 }
389 system("$scmd$rscmd 2>cms.err 1>cms.out");
390 if ($?) {
391 print "$tnam: generation error\n";
392 $$rv++;
393 exit 1 if $halt_err;
394 next;
395 }
396 system("$vcmd$rvcmd 2>cms.err 1>cms.out");
397 if ($?) {
398 print "$tnam: verify error\n";
399 $$rv++;
400 exit 1 if $halt_err;
401 next;
402 }
403 if (!cmp_files("smtst.txt", "smcont.txt")) {
404 print "$tnam: content verify error\n";
405 $$rv++;
406 exit 1 if $halt_err;
407 next;
408 }
409 print "$tnam: OK\n";
410 }
411}
412
413sub cmp_files {
414 my ( $f1, $f2 ) = @_;
415 my ( $fp1, $fp2 );
416
417 my ( $rd1, $rd2 );
418
419 if ( !open( $fp1, "<$f1" ) ) {
420 print STDERR "Can't Open file $f1\n";
421 return 0;
422 }
423
424 if ( !open( $fp2, "<$f2" ) ) {
425 print STDERR "Can't Open file $f2\n";
426 return 0;
427 }
428
429 binmode $fp1;
430 binmode $fp2;
431
432 my $ret = 0;
433
434 for ( ; ; ) {
435 $n1 = sysread $fp1, $rd1, 4096;
436 $n2 = sysread $fp2, $rd2, 4096;
437 last if ( $n1 != $n2 );
438 last if ( $rd1 ne $rd2 );
439
440 if ( $n1 == 0 ) {
441 $ret = 1;
442 last;
443 }
444
445 }
446
447 close $fp1;
448 close $fp2;
449
450 return $ret;
451
452}
453
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
deleted file mode 100644
index 005c2f4822..0000000000
--- a/src/lib/libssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
1/* test/methtest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include "meth.h"
64#include <openssl/err.h>
65
66int main(argc,argv)
67int argc;
68char *argv[];
69 {
70 METHOD_CTX *top,*tmp1,*tmp2;
71
72 top=METH_new(x509_lookup()); /* get a top level context */
73 if (top == NULL) goto err;
74
75 tmp1=METH_new(x509_by_file());
76 if (top == NULL) goto err;
77 METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
78 METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
79 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
80
81 tmp2=METH_new(x509_by_dir());
82 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
83 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
84 METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
85 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
86
87/* tmp=METH_new(x509_by_issuer_dir);
88 METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
89 METH_push(top,METH_X509_BY_ISSUER,tmp);
90
91 tmp=METH_new(x509_by_issuer_primary);
92 METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
93 METH_push(top,METH_X509_BY_ISSUER,tmp);
94*/
95
96 METH_init(top);
97 METH_control(tmp1,METH_CONTROL_DUMP,stdout);
98 METH_control(tmp2,METH_CONTROL_DUMP,stdout);
99 EXIT(0);
100err:
101 ERR_load_crypto_strings();
102 ERR_print_errors_fp(stderr);
103 EXIT(1);
104 return(0);
105 }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN PKCS7-----
2MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
3SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
4AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
5eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
6MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
7bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
8ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
9FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
109XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
11BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
12bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
13BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
14j7Kie1x339mxW/w9VZNTUDQQweHh
15-----END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
1 MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
2 AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
3 EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
4 cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
5 ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
6 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
7 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
8 bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
9 CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
10 Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
11 CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
12 ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
13 l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
14 HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
15 Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
16 c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
17 YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
18 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
19 dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
20 LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
21 ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
22 biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
23 IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
24 AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
25 L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
26 HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
27 slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
28 ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
29 /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
30 aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
31 ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
32 OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
33 MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
34 Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
35 qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
36 sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
37 P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
38 A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
39 KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
40 Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
41 Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
42 hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
43 Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
44 dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
45 KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
46 dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
47 I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
48 ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
49 ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
50 ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
51 MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
52 /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
53 DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
54 b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
deleted file mode 100644
index a172e393ca..0000000000
--- a/src/lib/libssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* test/r160test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
deleted file mode 100644
index e837c0b75b..0000000000
--- a/src/lib/libssl/test/smcont.txt
+++ /dev/null
@@ -1 +0,0 @@
1Some test content for OpenSSL CMS \ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
deleted file mode 100644
index d5677dbfbe..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa1.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
9YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
10C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
119fMUZq1v0ePD4Wo0Xkxo
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
25CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
267WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
27h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
284Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
31kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
32phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
33hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
deleted file mode 100644
index ef86c115d7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
9It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
10VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
11Nf8SimTZYB0/CKje6M5ufA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
25g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
266WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
27j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
28FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
29rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
30FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
31FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
326Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
33jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
deleted file mode 100644
index eeb848dabc..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
9GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
10TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
11Y+XZd0Sv69CatDIRYWvaIA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
25M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
26aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
27pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
28VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
31k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
32rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
33OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
deleted file mode 100644
index 249706c8c7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsap.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN DSA PARAMETERS-----
2MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
3Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
4gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
5qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
6Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
7GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
8Qw5z
9-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
deleted file mode 100644
index a59eb2684c..0000000000
--- a/src/lib/libssl/test/smime-certs/smroot.pem
+++ /dev/null
@@ -1,30 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
39Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
4speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
5AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
6JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
7xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
8U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
9Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
101tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
113Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
123ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
13U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
140J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
21ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
22wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
239HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
2481XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
25BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
26dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
27SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
28l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
29r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
30-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
deleted file mode 100644
index 2cf3148e33..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa1.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
3ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
4JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
5AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
6KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
7JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
8xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
9KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
10Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
11h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
12oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
13QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
14SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
23ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
24yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
28O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
299cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
30I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
deleted file mode 100644
index d41f69c82f..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa2.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
359i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
4WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
5AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
6+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
7dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
8bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
9QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
10M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
11iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
12A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
13jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
146rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
23eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
2400obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
28rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
29ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
30YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
deleted file mode 100644
index c8cbe55151..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa3.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
3ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
4h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
5AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
6iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
7/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
8ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
9hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
10OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
11RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
129XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
13GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
14VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
23Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
24Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
28tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
29jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
30PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 055269eab8..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl crl'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testcrl.pem
9fi
10
11echo testing crl conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index faad3914a8..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ ca ]
10default_ca = CA_default # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir = ./demoCA # Where everything is kept
16certs = $dir/certs # Where the issued certs are kept
17crl_dir = $dir/crl # Where the issued crl are kept
18database = $dir/index.txt # database index file.
19new_certs_dir = $dir/new_certs # default place for new certs.
20
21certificate = $dir/CAcert.pem # The CA certificate
22serial = $dir/serial # The current serial number
23crl = $dir/crl.pem # The current CRL
24private_key = $dir/private/CAkey.pem# The private key
25RANDFILE = $dir/private/.rand # private random number file
26
27default_days = 365 # how long to certify for
28default_crl_days= 30 # how long before next CRL
29default_md = md5 # which md to use.
30
31# A few difference way of specifying how similar the request should look
32# For type CA, the listed attributes must be the same, and the optional
33# and supplied fields are just that :-)
34policy = policy_match
35
36# For the CA policy
37[ policy_match ]
38countryName = match
39stateOrProvinceName = match
40organizationName = match
41organizationalUnitName = optional
42commonName = supplied
43emailAddress = optional
44
45# For the 'anything' policy
46# At this point in time, you must list all acceptable 'object'
47# types.
48[ policy_anything ]
49countryName = optional
50stateOrProvinceName = optional
51localityName = optional
52organizationName = optional
53organizationalUnitName = optional
54commonName = supplied
55emailAddress = optional
56
57####################################################################
58[ req ]
59default_bits = 512
60default_keyfile = testkey.pem
61distinguished_name = req_distinguished_name
62encrypt_rsa_key = no
63
64[ req_distinguished_name ]
65countryName = Country Name (2 letter code)
66countryName_default = AU
67countryName_value = AU
68
69stateOrProvinceName = State or Province Name (full name)
70stateOrProvinceName_default = Queensland
71stateOrProvinceName_value =
72
73localityName = Locality Name (eg, city)
74localityName_value = Brisbane
75
76organizationName = Organization Name (eg, company)
77organizationName_default =
78organizationName_value = CryptSoft Pty Ltd
79
80organizationalUnitName = Organizational Unit Name (eg, section)
81organizationalUnitName_default =
82organizationalUnitName_value = .
83
84commonName = Common Name (eg, YOUR name)
85commonName_value = Eric Young
86
87emailAddress = Email Address
88emailAddress_value = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni
deleted file mode 100644
index e8fb63ee2b..0000000000
--- a/src/lib/libssl/test/test_aesni
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine aesni | grep -v no-aesni; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25 BUFSIZE="16 32 48 64 80 96 128 144 999"
26
27 nerr=0
28
29 for alg in $AES_ALGS; do
30 echo $alg
31 for bufsize in $BUFSIZE; do
32 TEST=`( cat $PROG | \
33 $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
34 $PROG enc -d -k "$HASH" -$alg | \
35 $PROG dgst -hex ) 2>/dev/null`
36 if [ "$TEST" != "$HASH" ]; then
37 echo "-$alg/$bufsize encrypt test failed"
38 nerr=`expr $nerr + 1`
39 fi
40 done
41 for bufsize in $BUFSIZE; do
42 TEST=`( cat $PROG | \
43 $PROG enc -e -k "$HASH" -$alg | \
44 $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
45 $PROG dgst -hex ) 2>/dev/null`
46 if [ "$TEST" != "$HASH" ]; then
47 echo "-$alg/$bufsize decrypt test failed"
48 nerr=`expr $nerr + 1`
49 fi
50 done
51 TEST=`( cat $PROG | \
52 $PROG enc -e -k "$HASH" -$alg -engine aesni | \
53 $PROG enc -d -k "$HASH" -$alg -engine aesni | \
54 $PROG dgst -hex ) 2>/dev/null`
55 if [ "$TEST" != "$HASH" ]; then
56 echo "-$alg en/decrypt test failed"
57 nerr=`expr $nerr + 1`
58 fi
59 done
60
61 if [ $nerr -gt 0 ]; then
62 echo "AESNI engine test failed."
63 exit 1;
64 fi
65else
66 echo "AESNI engine is not available"
67fi
68
69exit 0
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index b109cfe271..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
1#!/bin/sh
2
3SH="/bin/sh"
4if test "$OSTYPE" = msdosdjgpp; then
5 PATH="../apps\;$PATH"
6else
7 PATH="../apps:$PATH"
8fi
9export SH PATH
10
11SSLEAY_CONFIG="-config CAss.cnf"
12export SSLEAY_CONFIG
13
14OPENSSL="`pwd`/../util/opensslwrap.sh"
15export OPENSSL
16
17/bin/rm -fr demoCA
18$SH ../apps/CA.sh -newca <<EOF
19EOF
20
21if [ $? != 0 ]; then
22 exit 1;
23fi
24
25SSLEAY_CONFIG="-config Uss.cnf"
26export SSLEAY_CONFIG
27$SH ../apps/CA.sh -newreq
28if [ $? != 0 ]; then
29 exit 1;
30fi
31
32
33SSLEAY_CONFIG="-config ../apps/openssl.cnf"
34export SSLEAY_CONFIG
35$SH ../apps/CA.sh -sign <<EOF
36y
37y
38EOF
39if [ $? != 0 ]; then
40 exit 1;
41fi
42
43
44$SH ../apps/CA.sh -verify newcert.pem
45if [ $? != 0 ]; then
46 exit 1;
47fi
48
49/bin/rm -fr demoCA newcert.pem newreq.pem
50#usage: CA -newcert|-newreq|-newca|-sign|-verify
51
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN X509 CRL-----
2MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
3F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
4IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
5MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
6MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
7MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
8MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
9MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
10MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
11NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
12NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
13AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
14wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
15JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
16-----END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index f5ce7c0c45..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
1#!/bin/sh
2
3testsrc=Makefile
4test=./p
5cmd="../util/shlib_wrap.sh ../apps/openssl"
6
7cat $testsrc >$test;
8
9echo cat
10$cmd enc < $test > $test.cipher
11$cmd enc < $test.cipher >$test.clear
12cmp $test $test.clear
13if [ $? != 0 ]
14then
15 exit 1
16else
17 /bin/rm $test.cipher $test.clear
18fi
19echo base64
20$cmd enc -a -e < $test > $test.cipher
21$cmd enc -a -d < $test.cipher >$test.clear
22cmp $test $test.clear
23if [ $? != 0 ]
24then
25 exit 1
26else
27 /bin/rm $test.cipher $test.clear
28fi
29
30for i in `$cmd list-cipher-commands`
31do
32 echo $i
33 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
34 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
35 cmp $test $test.$i.clear
36 if [ $? != 0 ]
37 then
38 exit 1
39 else
40 /bin/rm $test.$i.cipher $test.$i.clear
41 fi
42
43 echo $i base64
44 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
45 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
46 cmp $test $test.$i.clear
47 if [ $? != 0 ]
48 then
49 exit 1
50 else
51 /bin/rm $test.$i.cipher $test.$i.clear
52 fi
53done
54rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/sh
2
3T=testcert
4KEY=512
5CA=../certs/testca.pem
6
7/bin/rm -f $T.1 $T.2 $T.key
8
9if test "$OSTYPE" = msdosdjgpp; then
10 PATH=../apps\;$PATH;
11else
12 PATH=../apps:$PATH;
13fi
14export PATH
15
16echo "generating certificate request"
17
18echo "string to make the random number generator think it has entropy" >> ./.rnd
19
20if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
21 req_new='-newkey dsa:../apps/dsa512.pem'
22else
23 req_new='-new'
24 echo "There should be a 2 sequences of .'s and some +'s."
25 echo "There should not be more that at most 80 per line"
26fi
27
28echo "This could take some time."
29
30rm -f testkey.pem testreq.pem
31
32../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
33if [ $? != 0 ]; then
34echo problems creating request
35exit 1
36fi
37
38../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
39if [ $? != 0 ]; then
40echo signature on req is wrong
41exit 1
42fi
43
44exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
1-----BEGIN PKCS7-----
2MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
3cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
4DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
5BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
6HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
7ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
8biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
9aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
10aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
11VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
12UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
13AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
14BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
15ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
16IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
17bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
18L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
19OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
20IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
21ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
22cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
23QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
24MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
25AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
26cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
27AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
28MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
29QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
30dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
31Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
32DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
33TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
34AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
352d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
3647ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
37MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
38QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
39AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
40ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
41BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
42ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
43MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
44sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
45XfZsaiiIgotQHjEA
46-----END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
3QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
4DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
5hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
6gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
7-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
3Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
4rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
5oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
6mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
7rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
8mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
1-----BEGIN SSL SESSION PARAMETERS-----
2MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
3bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
4ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
5YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
6A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
7LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
8CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
9TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
10hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
11CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
12-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
1#!/bin/sh
2
3digest='-sha1'
4reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
5x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
6verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
7dummycnf="../apps/openssl.cnf"
8
9CAkey="keyCA.ss"
10CAcert="certCA.ss"
11CAreq="reqCA.ss"
12CAconf="CAss.cnf"
13CAreq2="req2CA.ss" # temp
14
15Uconf="Uss.cnf"
16Ukey="keyU.ss"
17Ureq="reqU.ss"
18Ucert="certU.ss"
19
20P1conf="P1ss.cnf"
21P1key="keyP1.ss"
22P1req="reqP1.ss"
23P1cert="certP1.ss"
24P1intermediate="tmp_intP1.ss"
25
26P2conf="P2ss.cnf"
27P2key="keyP2.ss"
28P2req="reqP2.ss"
29P2cert="certP2.ss"
30P2intermediate="tmp_intP2.ss"
31
32echo
33echo "make a certificate request using 'req'"
34
35echo "string to make the random number generator think it has entropy" >> ./.rnd
36
37if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
38 req_new='-newkey dsa:../apps/dsa512.pem'
39else
40 req_new='-new'
41fi
42
43$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
44if [ $? != 0 ]; then
45 echo "error using 'req' to generate a certificate request"
46 exit 1
47fi
48echo
49echo "convert the certificate request into a self signed certificate using 'x509'"
50$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
51if [ $? != 0 ]; then
52 echo "error using 'x509' to self sign a certificate request"
53 exit 1
54fi
55
56echo
57echo "convert a certificate into a certificate request using 'x509'"
58$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
59if [ $? != 0 ]; then
60 echo "error using 'x509' convert a certificate to a certificate request"
61 exit 1
62fi
63
64$reqcmd -config $dummycnf -verify -in $CAreq -noout
65if [ $? != 0 ]; then
66 echo first generated request is invalid
67 exit 1
68fi
69
70$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
71if [ $? != 0 ]; then
72 echo second generated request is invalid
73 exit 1
74fi
75
76$verifycmd -CAfile $CAcert $CAcert
77if [ $? != 0 ]; then
78 echo first generated cert is invalid
79 exit 1
80fi
81
82echo
83echo "make a user certificate request using 'req'"
84$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
85if [ $? != 0 ]; then
86 echo "error using 'req' to generate a user certificate request"
87 exit 1
88fi
89
90echo
91echo "sign user certificate request with the just created CA via 'x509'"
92$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
93if [ $? != 0 ]; then
94 echo "error using 'x509' to sign a user certificate request"
95 exit 1
96fi
97
98$verifycmd -CAfile $CAcert $Ucert
99echo
100echo "Certificate details"
101$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
102
103echo
104echo "make a proxy certificate request using 'req'"
105$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
106if [ $? != 0 ]; then
107 echo "error using 'req' to generate a proxy certificate request"
108 exit 1
109fi
110
111echo
112echo "sign proxy certificate request with the just created user certificate via 'x509'"
113$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
114if [ $? != 0 ]; then
115 echo "error using 'x509' to sign a proxy certificate request"
116 exit 1
117fi
118
119cat $Ucert > $P1intermediate
120$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
121echo
122echo "Certificate details"
123$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
124
125echo
126echo "make another proxy certificate request using 'req'"
127$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
128if [ $? != 0 ]; then
129 echo "error using 'req' to generate another proxy certificate request"
130 exit 1
131fi
132
133echo
134echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
135$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
136if [ $? != 0 ]; then
137 echo "error using 'x509' to sign a second proxy certificate request"
138 exit 1
139fi
140
141cat $Ucert $P1cert > $P2intermediate
142$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
143echo
144echo "Certificate details"
145$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
146
147echo
148echo The generated CA certificate is $CAcert
149echo The generated CA private key is $CAkey
150
151echo The generated user certificate is $Ucert
152echo The generated user private key is $Ukey
153
154echo The first generated proxy certificate is $P1cert
155echo The first generated proxy private key is $P1key
156
157echo The second generated proxy certificate is $P2cert
158echo The second generated proxy private key is $P2key
159
160/bin/rm err.ss
161#/bin/rm $P1intermediate
162#/bin/rm $P2intermediate
163exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index 8ac90ae5ee..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,145 +0,0 @@
1#!/bin/sh
2
3if [ "$1" = "" ]; then
4 key=../apps/server.pem
5else
6 key="$1"
7fi
8if [ "$2" = "" ]; then
9 cert=../apps/server.pem
10else
11 cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16 dsa_cert=YES
17else
18 dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22 CA="-CApath ../certs"
23else
24 CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28 extra=""
29else
30 extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42 echo test sslv2 with client authentication
43 $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45 echo test sslv2 with both client and server authentication
46 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2 via BIO pair
74$ssltest -bio_pair -ssl2 $extra || exit 1
75
76echo test sslv2 with server authentication via BIO pair
77$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78
79if [ $dsa_cert = NO ]; then
80 echo test sslv2 with client authentication via BIO pair
81 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82
83 echo test sslv2 with both client and server authentication via BIO pair
84 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85fi
86
87echo test sslv3 via BIO pair
88$ssltest -bio_pair -ssl3 $extra || exit 1
89
90echo test sslv3 with server authentication via BIO pair
91$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92
93echo test sslv3 with client authentication via BIO pair
94$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95
96echo test sslv3 with both client and server authentication via BIO pair
97$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 via BIO pair
100$ssltest $extra || exit 1
101
102if [ $dsa_cert = NO ]; then
103 echo test sslv2/sslv3 w/o DHE via BIO pair
104 $ssltest -bio_pair -no_dhe $extra || exit 1
105fi
106
107echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109
110echo test sslv2/sslv3 with server authentication
111$ssltest -bio_pair -server_auth $CA $extra || exit 1
112
113echo test sslv2/sslv3 with client authentication via BIO pair
114$ssltest -bio_pair -client_auth $CA $extra || exit 1
115
116echo test sslv2/sslv3 with both client and server authentication via BIO pair
117$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118
119echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121
122#############################################################################
123
124if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
125 echo skipping anonymous DH tests
126else
127 echo test tls1 with 1024bit anonymous DH, multiple handshakes
128 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
129fi
130
131if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
132 echo skipping RSA tests
133else
134 echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
135 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
136
137 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
138 echo skipping RSA+DHE tests
139 else
140 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
141 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
142 fi
143fi
144
145exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
1#! /bin/sh
2
3echo 'Testing a lot of proxy conditions.'
4echo 'Some of them may turn out being invalid, which is fine.'
5for auth in A B C BC; do
6 for cond in A B C 'A|B&!C'; do
7 sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
8 if [ $? = 3 ]; then exit 1; fi
9 done
10done
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
3BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
4MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
5RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
6AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
7/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
8Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
9zl9HYIMxATFyqSiD9jsx
10-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 738d569b8f..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
1
2More number for the questions about SSL overheads....
3
4The following numbers were generated on a pentium pro 200, running linux.
5They give an indication of the SSL protocol and encryption overheads.
6
7The program that generated them is an unreleased version of ssl/ssltest.c
8which is the SSLeay ssl protocol testing program. It is a single process that
9talks both sides of the SSL protocol via a non-blocking memory buffer
10interface.
11
12How do I read this? The protocol and cipher are reasonable obvious.
13The next number is the number of connections being made. The next is the
14number of bytes exchanged bewteen the client and server side of the protocol.
15This is the number of bytes that the client sends to the server, and then
16the server sends back. Because this is all happening in one process,
17the data is being encrypted, decrypted, encrypted and then decrypted again.
18It is a round trip of that many bytes. Because the one process performs
19both the client and server sides of the protocol and it sends this many bytes
20each direction, multiply this number by 4 to generate the number
21of bytes encrypted/decrypted/MACed. The first time value is how many seconds
22elapsed doing a full SSL handshake, the second is the cost of one
23full handshake and the rest being session-id reuse.
24
25SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
26SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
27SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
28SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
29SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
30SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
31SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
32
33SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
34SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
35SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
36SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
37SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
38SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
39
40SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
41SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
42SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
43SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
44SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
45SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
46SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
47
48SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
49SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
50SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
51SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
52SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
53SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
54SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
55
56What does this all mean? Well for a server, with no session-id reuse, with
57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
58a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
59about 49 connections a second. Reality will be quite different :-).
60
61Remeber the first number is 1000 full ssl handshakes, the second is
621 full and 999 with session-id reuse. The RSA overheads for each exchange
63would be one public and one private operation, but the protocol/MAC/cipher
64cost would be quite similar in both the client and server.
65
66eric (adding numbers to speculation)
67
68--- Appendix ---
69- The time measured is user time but these number a very rough.
70- Remember this is the cost of both client and server sides of the protocol.
71- The TCP/kernel overhead of connection establishment is normally the
72 killer in SSL. Often delays in the TCP protocol will make session-id
73 reuse look slower that new sessions, but this would not be the case on
74 a loaded server.
75- The TCP round trip latencies, while slowing indervidual connections,
76 would have minimal impact on throughput.
77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
78- the required number of bytes are processed.
79- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
80- A 512bit server key was being used except where noted.
81- No server key verification was being performed on the client side of the
82 protocol. This would slow things down very little.
83- The library being used is SSLeay 0.8.x.
84- The normal mesauring system was commands of the form
85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
86 This modified version of ssltest should be in the next public release of
87 SSLeay.
88
89The general cipher performace number for this platform are
90
91SSLeay 0.8.2a 04-Sep-1997
92built on Fri Sep 5 17:37:05 EST 1997
93options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
94C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
95The 'numbers' are in 1000s of bytes per second processed.
96type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
97md2 131.02k 368.41k 500.57k 549.21k 566.09k
98mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
99md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
100sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
101sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
102rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
103des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
104des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
105idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
106rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
107blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
108 sign verify
109rsa 512 bits 0.0100s 0.0011s
110rsa 1024 bits 0.0451s 0.0012s
111rsa 2048 bits 0.2605s 0.0086s
112rsa 4096 bits 1.6883s 0.0302s
113
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 3e435ffbf9..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testp7.pem
9fi
10
11echo testing pkcs7 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp fff.p f.p
36if [ $? != 0 ]; then exit 1; fi
37cmp fff.p ff.p1
38if [ $? != 0 ]; then exit 1; fi
39cmp fff.p ff.p3
40if [ $? != 0 ]; then exit 1; fi
41
42cmp f.p ff.p1
43if [ $? != 0 ]; then exit 1; fi
44cmp f.p ff.p3
45if [ $? != 0 ]; then exit 1; fi
46
47/bin/rm -f f.* ff.* fff.*
48exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e88f..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=pkcs7-1.pem
9fi
10
11echo "testing pkcs7 conversions (2)"
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp f.p ff.p1
36if [ $? != 0 ]; then exit 1; fi
37cmp f.p ff.p3
38if [ $? != 0 ]; then exit 1; fi
39
40/bin/rm -f f.* ff.* fff.*
41exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 77f37dcf3a..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testreq.pem
9fi
10
11if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
12 echo "skipping req conversion test for $t"
13 exit 0
14fi
15
16echo testing req conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -verify -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -verify -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 249ac1ddcc..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
4 echo skipping rsa conversion test
5 exit 0
6fi
7
8cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
9
10if [ "$1"x != "x" ]; then
11 t=$1
12else
13 t=testrsa.pem
14fi
15
16echo testing rsa conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index 6adbd531ce..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testsid.pem
9fi
10
11echo testing session-id conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 4a15b98d17..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl x509'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testx509.pem
9fi
10
11echo testing X509 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> n"
18$cmd -in fff.p -inform p -outform n >f.n
19if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27echo "n -> d"
28$cmd -in f.n -inform n -outform d >ff.d2
29if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34echo "d -> n"
35$cmd -in f.d -inform d -outform n >ff.n1
36if [ $? != 0 ]; then exit 1; fi
37echo "n -> n"
38$cmd -in f.n -inform n -outform n >ff.n2
39if [ $? != 0 ]; then exit 1; fi
40echo "p -> n"
41$cmd -in f.p -inform p -outform n >ff.n3
42if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47echo "n -> p"
48$cmd -in f.n -inform n -outform p >ff.p2
49if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58cmp fff.p ff.p2
59if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63cmp f.n ff.n1
64if [ $? != 0 ]; then exit 1; fi
65cmp f.n ff.n2
66if [ $? != 0 ]; then exit 1; fi
67cmp f.n ff.n3
68if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72cmp f.p ff.p2
73if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
3NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
4dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
5ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
6ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
7ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
8miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
9AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
10Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
11DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
12MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
13AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
14X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
15WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
3YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
4ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
5dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
6WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
7BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
8FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
96ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
10G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
11YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
12b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
13F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
14lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
15jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index 2d1d293e1a..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,407 +0,0 @@
1/* ssl/tls1.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * ECC cipher suite support in OpenSSL originally written by
68 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
69 *
70 */
71
72#ifndef HEADER_TLS1_H
73#define HEADER_TLS1_H
74
75#include <openssl/buffer.h>
76
77#ifdef __cplusplus
78extern "C" {
79#endif
80
81#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
82
83#define TLS1_VERSION 0x0301
84#define TLS1_VERSION_MAJOR 0x03
85#define TLS1_VERSION_MINOR 0x01
86
87#define TLS1_AD_DECRYPTION_FAILED 21
88#define TLS1_AD_RECORD_OVERFLOW 22
89#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
90#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
91#define TLS1_AD_DECODE_ERROR 50 /* fatal */
92#define TLS1_AD_DECRYPT_ERROR 51
93#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
94#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
95#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
96#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
97#define TLS1_AD_USER_CANCELLED 90
98#define TLS1_AD_NO_RENEGOTIATION 100
99/* codes 110-114 are from RFC3546 */
100#define TLS1_AD_UNSUPPORTED_EXTENSION 110
101#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
102#define TLS1_AD_UNRECOGNIZED_NAME 112
103#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
104#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
105#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
106
107/* ExtensionType values from RFC 3546 */
108#define TLSEXT_TYPE_server_name 0
109#define TLSEXT_TYPE_max_fragment_length 1
110#define TLSEXT_TYPE_client_certificate_url 2
111#define TLSEXT_TYPE_trusted_ca_keys 3
112#define TLSEXT_TYPE_truncated_hmac 4
113#define TLSEXT_TYPE_status_request 5
114#define TLSEXT_TYPE_elliptic_curves 10
115#define TLSEXT_TYPE_ec_point_formats 11
116#define TLSEXT_TYPE_session_ticket 35
117
118/* NameType value from RFC 3546 */
119#define TLSEXT_NAMETYPE_host_name 0
120/* status request value from RFC 3546 */
121#define TLSEXT_STATUSTYPE_ocsp 1
122
123#ifndef OPENSSL_NO_TLSEXT
124
125#define TLSEXT_MAXLEN_host_name 255
126
127const char *SSL_get_servername(const SSL *s, const int type) ;
128int SSL_get_servername_type(const SSL *s) ;
129
130#define SSL_set_tlsext_host_name(s,name) \
131SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
132
133#define SSL_set_tlsext_debug_callback(ssl, cb) \
134SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
135
136#define SSL_set_tlsext_debug_arg(ssl, arg) \
137SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
138
139#define SSL_set_tlsext_status_type(ssl, type) \
140SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
141
142#define SSL_get_tlsext_status_exts(ssl, arg) \
143SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
144
145#define SSL_set_tlsext_status_exts(ssl, arg) \
146SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
147
148#define SSL_get_tlsext_status_ids(ssl, arg) \
149SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
150
151#define SSL_set_tlsext_status_ids(ssl, arg) \
152SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
153
154#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
155SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
156
157#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
158SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
159
160#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
161SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
162
163#define SSL_TLSEXT_ERR_OK 0
164#define SSL_TLSEXT_ERR_ALERT_WARNING 1
165#define SSL_TLSEXT_ERR_ALERT_FATAL 2
166#define SSL_TLSEXT_ERR_NOACK 3
167
168#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
169SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
170
171#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
172 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
173#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
174 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
175
176#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
177SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
178
179#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
180SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
181
182#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
183SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
184
185#endif
186
187/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
188 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
189 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
190 * shouldn't. */
191#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
192#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
193#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
194#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
195#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
196#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
197#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
198
199/* AES ciphersuites from RFC3268 */
200
201#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
202#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
203#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
204#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
205#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
206#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
207
208#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
209#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
210#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
211#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
212#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
213#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
214
215/* Camellia ciphersuites from RFC4132 */
216#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
217#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
218#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
219#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
220#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
221#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
222
223#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
224#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
225#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
226#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
227#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
228#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
229
230/* SEED ciphersuites from RFC4162 */
231#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
232#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
233#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
234#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
235#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
236#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
237
238/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
239#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
240#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
241#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
242#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
243#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
244
245#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
246#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
247#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
248#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
249#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
250
251#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
252#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
253#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
254#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
255#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
256
257#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
258#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
259#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
260#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
261#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
262
263#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
264#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
265#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
266#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
267#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
268
269/* XXX
270 * Inconsistency alert:
271 * The OpenSSL names of ciphers with ephemeral DH here include the string
272 * "DHE", while elsewhere it has always been "EDH".
273 * (The alias for the list of all such ciphers also is "EDH".)
274 * The specifications speak of "EDH"; maybe we should allow both forms
275 * for everything. */
276#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
277#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
278#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
279#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
280#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
281#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
282#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
283
284/* AES ciphersuites from RFC3268 */
285#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
286#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
287#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
288#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
289#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
290#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
291
292#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
293#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
294#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
295#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
296#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
297#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
298
299/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
300#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
301#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
302#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
303#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
304#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
305
306#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
307#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
308#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
309#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
310#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
311
312#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
313#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
314#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
315#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
316#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
317
318#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
319#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
320#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
321#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
322#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
323
324#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
325#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
326#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
327#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
328#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
329
330/* Camellia ciphersuites from RFC4132 */
331#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
332#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
333#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
334#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
335#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
336#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
337
338#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
339#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
340#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
341#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
342#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
343#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
344
345/* SEED ciphersuites from RFC4162 */
346#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
347#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
348#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
349#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
350#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
351#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
352
353#define TLS_CT_RSA_SIGN 1
354#define TLS_CT_DSS_SIGN 2
355#define TLS_CT_RSA_FIXED_DH 3
356#define TLS_CT_DSS_FIXED_DH 4
357#define TLS_CT_ECDSA_SIGN 64
358#define TLS_CT_RSA_FIXED_ECDH 65
359#define TLS_CT_ECDSA_FIXED_ECDH 66
360#define TLS_CT_NUMBER 7
361
362#define TLS1_FINISH_MAC_LENGTH 12
363
364#define TLS_MD_MAX_CONST_SIZE 20
365#define TLS_MD_CLIENT_FINISH_CONST "client finished"
366#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
367#define TLS_MD_SERVER_FINISH_CONST "server finished"
368#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
369#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
370#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
371#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
372#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
373#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
374#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
375#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
376#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
377#define TLS_MD_IV_BLOCK_CONST "IV block"
378#define TLS_MD_IV_BLOCK_CONST_SIZE 8
379#define TLS_MD_MASTER_SECRET_CONST "master secret"
380#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
381
382#ifdef CHARSET_EBCDIC
383#undef TLS_MD_CLIENT_FINISH_CONST
384#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/
385#undef TLS_MD_SERVER_FINISH_CONST
386#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/
387#undef TLS_MD_SERVER_WRITE_KEY_CONST
388#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
389#undef TLS_MD_KEY_EXPANSION_CONST
390#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/
391#undef TLS_MD_CLIENT_WRITE_KEY_CONST
392#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/
393#undef TLS_MD_SERVER_WRITE_KEY_CONST
394#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
395#undef TLS_MD_IV_BLOCK_CONST
396#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/
397#undef TLS_MD_MASTER_SECRET_CONST
398#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
399#endif
400
401#ifdef __cplusplus
402}
403#endif
404#endif
405
406
407
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-25 01:11:19 +0000