summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2011-02-12 15:54:20 +0000
committercvs2svn <admin@example.com>2011-02-12 15:54:20 +0000
commitb9388eba740387eaff0dcb9492cdefc1adcf40ff (patch)
tree26cf8fda7724fe56961aa26b7da50db9634c08a2 /src/lib/libssl
parentd1c27f232cfde582e176b277933b485ea84ac845 (diff)
downloadopenbsd-OPENBSD_4_9.tar.gz
openbsd-OPENBSD_4_9.tar.bz2
openbsd-OPENBSD_4_9.zip
This commit was manufactured by cvs2git to create branch 'OPENBSD_4_9'.OPENBSD_4_9
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/LICENSE127
-rw-r--r--src/lib/libssl/bio_ssl.c599
-rw-r--r--src/lib/libssl/d1_both.c1418
-rw-r--r--src/lib/libssl/d1_clnt.c1534
-rw-r--r--src/lib/libssl/d1_enc.c293
-rw-r--r--src/lib/libssl/d1_lib.c394
-rw-r--r--src/lib/libssl/d1_meth.c77
-rw-r--r--src/lib/libssl/d1_pkt.c1773
-rw-r--r--src/lib/libssl/d1_srvr.c1551
-rw-r--r--src/lib/libssl/doc/openssl.cnf350
-rw-r--r--src/lib/libssl/doc/openssl.txt1254
-rw-r--r--src/lib/libssl/doc/standards.txt285
-rw-r--r--src/lib/libssl/dtls1.h267
-rw-r--r--src/lib/libssl/s23_clnt.c696
-rw-r--r--src/lib/libssl/s23_lib.c194
-rw-r--r--src/lib/libssl/s23_pkt.c117
-rw-r--r--src/lib/libssl/s23_srvr.c594
-rw-r--r--src/lib/libssl/s3_both.c813
-rw-r--r--src/lib/libssl/s3_clnt.c3047
-rw-r--r--src/lib/libssl/s3_lib.c3329
-rw-r--r--src/lib/libssl/s3_pkt.c1457
-rw-r--r--src/lib/libssl/s3_srvr.c3185
-rw-r--r--src/lib/libssl/shlib_version2
-rw-r--r--src/lib/libssl/ssl.h2302
-rw-r--r--src/lib/libssl/ssl2.h268
-rw-r--r--src/lib/libssl/ssl23.h83
-rw-r--r--src/lib/libssl/ssl3.h637
-rw-r--r--src/lib/libssl/ssl_algs.c140
-rw-r--r--src/lib/libssl/ssl_asn1.c593
-rw-r--r--src/lib/libssl/ssl_cert.c834
-rw-r--r--src/lib/libssl/ssl_ciph.c1748
-rw-r--r--src/lib/libssl/ssl_err.c571
-rw-r--r--src/lib/libssl/ssl_err2.c70
-rw-r--r--src/lib/libssl/ssl_lib.c3059
-rw-r--r--src/lib/libssl/ssl_locl.h1078
-rw-r--r--src/lib/libssl/ssl_rsa.c779
-rw-r--r--src/lib/libssl/ssl_sess.c1095
-rw-r--r--src/lib/libssl/ssl_stat.c567
-rw-r--r--src/lib/libssl/ssl_txt.c240
-rw-r--r--src/lib/libssl/t1_clnt.c79
-rw-r--r--src/lib/libssl/t1_enc.c1051
-rw-r--r--src/lib/libssl/t1_lib.c1745
-rw-r--r--src/lib/libssl/t1_meth.c76
-rw-r--r--src/lib/libssl/t1_reneg.c292
-rw-r--r--src/lib/libssl/t1_srvr.c80
-rw-r--r--src/lib/libssl/test/CAss.cnf76
-rw-r--r--src/lib/libssl/test/CAssdh.cnf24
-rw-r--r--src/lib/libssl/test/CAssdsa.cnf23
-rw-r--r--src/lib/libssl/test/CAssrsa.cnf24
-rw-r--r--src/lib/libssl/test/CAtsa.cnf163
-rw-r--r--src/lib/libssl/test/P1ss.cnf37
-rw-r--r--src/lib/libssl/test/P2ss.cnf45
-rw-r--r--src/lib/libssl/test/Sssdsa.cnf27
-rw-r--r--src/lib/libssl/test/Sssrsa.cnf26
-rw-r--r--src/lib/libssl/test/Uss.cnf36
-rw-r--r--src/lib/libssl/test/VMSca-response.11
-rw-r--r--src/lib/libssl/test/VMSca-response.22
-rwxr-xr-xsrc/lib/libssl/test/asn1test.c22
-rw-r--r--src/lib/libssl/test/bctest111
-rw-r--r--src/lib/libssl/test/cms-examples.pl409
-rw-r--r--src/lib/libssl/test/cms-test.pl453
-rw-r--r--src/lib/libssl/test/methtest.c105
-rw-r--r--src/lib/libssl/test/pkcs7-1.pem15
-rw-r--r--src/lib/libssl/test/pkcs7.pem54
-rw-r--r--src/lib/libssl/test/pkits-test.pl940
-rw-r--r--src/lib/libssl/test/r160test.c57
-rw-r--r--src/lib/libssl/test/smcont.txt1
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa1.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa2.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa3.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsap.pem9
-rw-r--r--src/lib/libssl/test/smime-certs/smroot.pem30
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa1.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa2.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa3.pem31
-rw-r--r--src/lib/libssl/test/tcrl78
-rw-r--r--src/lib/libssl/test/test.cnf88
-rw-r--r--src/lib/libssl/test/test_aesni69
-rwxr-xr-xsrc/lib/libssl/test/test_padlock64
-rw-r--r--src/lib/libssl/test/testca51
-rw-r--r--src/lib/libssl/test/testcrl.pem16
-rw-r--r--src/lib/libssl/test/testenc54
-rw-r--r--src/lib/libssl/test/testgen44
-rw-r--r--src/lib/libssl/test/testp7.pem46
-rw-r--r--src/lib/libssl/test/testreq2.pem7
-rw-r--r--src/lib/libssl/test/testrsa.pem9
-rw-r--r--src/lib/libssl/test/testsid.pem12
-rw-r--r--src/lib/libssl/test/testss163
-rw-r--r--src/lib/libssl/test/testssl151
-rw-r--r--src/lib/libssl/test/testsslproxy10
-rw-r--r--src/lib/libssl/test/testtsa238
-rw-r--r--src/lib/libssl/test/testx509.pem10
-rw-r--r--src/lib/libssl/test/times113
-rw-r--r--src/lib/libssl/test/tpkcs748
-rw-r--r--src/lib/libssl/test/tpkcs7d41
-rw-r--r--src/lib/libssl/test/treq83
-rw-r--r--src/lib/libssl/test/trsa83
-rw-r--r--src/lib/libssl/test/tsid78
-rw-r--r--src/lib/libssl/test/tx50978
-rw-r--r--src/lib/libssl/test/v3-cert1.pem16
-rw-r--r--src/lib/libssl/test/v3-cert2.pem16
-rw-r--r--src/lib/libssl/tls1.h532
102 files changed, 0 insertions, 45826 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index a2c4adcbe6..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,127 +0,0 @@
1
2 LICENSE ISSUES
3 ==============
4
5 The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
6 the OpenSSL License and the original SSLeay license apply to the toolkit.
7 See below for the actual license texts. Actually both licenses are BSD-style
8 Open Source licenses. In case of any license issues related to OpenSSL
9 please contact openssl-core@openssl.org.
10
11 OpenSSL License
12 ---------------
13
14/* ====================================================================
15 * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 *
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 *
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in
26 * the documentation and/or other materials provided with the
27 * distribution.
28 *
29 * 3. All advertising materials mentioning features or use of this
30 * software must display the following acknowledgment:
31 * "This product includes software developed by the OpenSSL Project
32 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
33 *
34 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
35 * endorse or promote products derived from this software without
36 * prior written permission. For written permission, please contact
37 * openssl-core@openssl.org.
38 *
39 * 5. Products derived from this software may not be called "OpenSSL"
40 * nor may "OpenSSL" appear in their names without prior written
41 * permission of the OpenSSL Project.
42 *
43 * 6. Redistributions of any form whatsoever must retain the following
44 * acknowledgment:
45 * "This product includes software developed by the OpenSSL Project
46 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
49 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
51 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
52 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
54 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
55 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
57 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
59 * OF THE POSSIBILITY OF SUCH DAMAGE.
60 * ====================================================================
61 *
62 * This product includes cryptographic software written by Eric Young
63 * (eay@cryptsoft.com). This product includes software written by Tim
64 * Hudson (tjh@cryptsoft.com).
65 *
66 */
67
68 Original SSLeay License
69 -----------------------
70
71/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
72 * All rights reserved.
73 *
74 * This package is an SSL implementation written
75 * by Eric Young (eay@cryptsoft.com).
76 * The implementation was written so as to conform with Netscapes SSL.
77 *
78 * This library is free for commercial and non-commercial use as long as
79 * the following conditions are aheared to. The following conditions
80 * apply to all code found in this distribution, be it the RC4, RSA,
81 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
82 * included with this distribution is covered by the same copyright terms
83 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
84 *
85 * Copyright remains Eric Young's, and as such any Copyright notices in
86 * the code are not to be removed.
87 * If this package is used in a product, Eric Young should be given attribution
88 * as the author of the parts of the library used.
89 * This can be in the form of a textual message at program startup or
90 * in documentation (online or textual) provided with the package.
91 *
92 * Redistribution and use in source and binary forms, with or without
93 * modification, are permitted provided that the following conditions
94 * are met:
95 * 1. Redistributions of source code must retain the copyright
96 * notice, this list of conditions and the following disclaimer.
97 * 2. Redistributions in binary form must reproduce the above copyright
98 * notice, this list of conditions and the following disclaimer in the
99 * documentation and/or other materials provided with the distribution.
100 * 3. All advertising materials mentioning features or use of this software
101 * must display the following acknowledgement:
102 * "This product includes cryptographic software written by
103 * Eric Young (eay@cryptsoft.com)"
104 * The word 'cryptographic' can be left out if the rouines from the library
105 * being used are not cryptographic related :-).
106 * 4. If you include any Windows specific code (or a derivative thereof) from
107 * the apps directory (application code) you must include an acknowledgement:
108 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
109 *
110 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
111 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
112 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
113 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
114 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
115 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
116 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
117 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
118 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
119 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
120 * SUCH DAMAGE.
121 *
122 * The licence and distribution terms for any publically available version or
123 * derivative of this code cannot be changed. i.e. this code cannot simply be
124 * copied and put under another distribution licence
125 * [including the GNU Public Licence.]
126 */
127
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index af319af302..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,599 +0,0 @@
1/* ssl/bio_ssl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <errno.h>
63#include <openssl/crypto.h>
64#include <openssl/bio.h>
65#include <openssl/err.h>
66#include <openssl/ssl.h>
67
68static int ssl_write(BIO *h, const char *buf, int num);
69static int ssl_read(BIO *h, char *buf, int size);
70static int ssl_puts(BIO *h, const char *str);
71static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st
76 {
77 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates;
80 unsigned long renegotiate_count;
81 unsigned long byte_count;
82 unsigned long renegotiate_timeout;
83 unsigned long last_time;
84 } BIO_SSL;
85
86static BIO_METHOD methods_sslp=
87 {
88 BIO_TYPE_SSL,"ssl",
89 ssl_write,
90 ssl_read,
91 ssl_puts,
92 NULL, /* ssl_gets, */
93 ssl_ctrl,
94 ssl_new,
95 ssl_free,
96 ssl_callback_ctrl,
97 };
98
99BIO_METHOD *BIO_f_ssl(void)
100 {
101 return(&methods_sslp);
102 }
103
104static int ssl_new(BIO *bi)
105 {
106 BIO_SSL *bs;
107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL)
110 {
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 }
120
121static int ssl_free(BIO *a)
122 {
123 BIO_SSL *bs;
124
125 if (a == NULL) return(0);
126 bs=(BIO_SSL *)a->ptr;
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
128 if (a->shutdown)
129 {
130 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl);
132 a->init=0;
133 a->flags=0;
134 }
135 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr);
137 return(1);
138 }
139
140static int ssl_read(BIO *b, char *out, int outl)
141 {
142 int ret=1;
143 BIO_SSL *sb;
144 SSL *ssl;
145 int retry_reason=0;
146 int r=0;
147
148 if (out == NULL) return(0);
149 sb=(BIO_SSL *)b->ptr;
150 ssl=sb->ssl;
151
152 BIO_clear_retry_flags(b);
153
154#if 0
155 if (!SSL_is_init_finished(ssl))
156 {
157/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0)
159 {
160
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1;
163 goto end;
164 }
165 }
166#endif
167/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl);
169
170 switch (SSL_get_error(ssl,ret))
171 {
172 case SSL_ERROR_NONE:
173 if (ret <= 0) break;
174 if (sb->renegotiate_count > 0)
175 {
176 sb->byte_count+=ret;
177 if (sb->byte_count > sb->renegotiate_count)
178 {
179 sb->byte_count=0;
180 sb->num_renegotiates++;
181 SSL_renegotiate(ssl);
182 r=1;
183 }
184 }
185 if ((sb->renegotiate_timeout > 0) && (!r))
186 {
187 unsigned long tm;
188
189 tm=(unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout)
191 {
192 sb->last_time=tm;
193 sb->num_renegotiates++;
194 SSL_renegotiate(ssl);
195 }
196 }
197
198 break;
199 case SSL_ERROR_WANT_READ:
200 BIO_set_retry_read(b);
201 break;
202 case SSL_ERROR_WANT_WRITE:
203 BIO_set_retry_write(b);
204 break;
205 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP;
208 break;
209 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT;
212 break;
213 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT;
216 break;
217 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN:
220 default:
221 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 }
227
228static int ssl_write(BIO *b, const char *out, int outl)
229 {
230 int ret,r=0;
231 int retry_reason=0;
232 SSL *ssl;
233 BIO_SSL *bs;
234
235 if (out == NULL) return(0);
236 bs=(BIO_SSL *)b->ptr;
237 ssl=bs->ssl;
238
239 BIO_clear_retry_flags(b);
240
241/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl);
244
245 switch (SSL_get_error(ssl,ret))
246 {
247 case SSL_ERROR_NONE:
248 if (ret <= 0) break;
249 if (bs->renegotiate_count > 0)
250 {
251 bs->byte_count+=ret;
252 if (bs->byte_count > bs->renegotiate_count)
253 {
254 bs->byte_count=0;
255 bs->num_renegotiates++;
256 SSL_renegotiate(ssl);
257 r=1;
258 }
259 }
260 if ((bs->renegotiate_timeout > 0) && (!r))
261 {
262 unsigned long tm;
263
264 tm=(unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout)
266 {
267 bs->last_time=tm;
268 bs->num_renegotiates++;
269 SSL_renegotiate(ssl);
270 }
271 }
272 break;
273 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b);
275 break;
276 case SSL_ERROR_WANT_READ:
277 BIO_set_retry_read(b);
278 break;
279 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP;
282 break;
283 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL:
288 default:
289 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 }
295
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
297 {
298 SSL **sslp,*ssl;
299 BIO_SSL *bs;
300 BIO *dbio,*bio;
301 long ret=1;
302
303 bs=(BIO_SSL *)b->ptr;
304 ssl=bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0);
307 switch (cmd)
308 {
309 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl);
311
312 if (ssl->handshake_func == ssl->method->ssl_connect)
313 SSL_set_connect_state(ssl);
314 else if (ssl->handshake_func == ssl->method->ssl_accept)
315 SSL_set_accept_state(ssl);
316
317 SSL_clear(ssl);
318
319 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
321 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
323 else
324 ret=1;
325 break;
326 case BIO_CTRL_INFO:
327 ret=0;
328 break;
329 case BIO_C_SSL_MODE:
330 if (num) /* client mode */
331 SSL_set_connect_state(ssl);
332 else
333 SSL_set_accept_state(ssl);
334 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout;
337 if (num < 60) num=5;
338 bs->renegotiate_timeout=(unsigned long)num;
339 bs->last_time=(unsigned long)time(NULL);
340 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count;
343 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num;
345 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates;
348 break;
349 case BIO_C_SET_SSL:
350 if (ssl != NULL)
351 ssl_free(b);
352 b->shutdown=(int)num;
353 ssl=(SSL *)ptr;
354 ((BIO_SSL *)b->ptr)->ssl=ssl;
355 bio=SSL_get_rbio(ssl);
356 if (bio != NULL)
357 {
358 if (b->next_bio != NULL)
359 BIO_push(bio,b->next_bio);
360 b->next_bio=bio;
361 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
362 }
363 b->init=1;
364 break;
365 case BIO_C_GET_SSL:
366 if (ptr != NULL)
367 {
368 sslp=(SSL **)ptr;
369 *sslp=ssl;
370 }
371 else
372 ret=0;
373 break;
374 case BIO_CTRL_GET_CLOSE:
375 ret=b->shutdown;
376 break;
377 case BIO_CTRL_SET_CLOSE:
378 b->shutdown=(int)num;
379 break;
380 case BIO_CTRL_WPENDING:
381 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
382 break;
383 case BIO_CTRL_PENDING:
384 ret=SSL_pending(ssl);
385 if (ret == 0)
386 ret=BIO_pending(ssl->rbio);
387 break;
388 case BIO_CTRL_FLUSH:
389 BIO_clear_retry_flags(b);
390 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
391 BIO_copy_next_retry(b);
392 break;
393 case BIO_CTRL_PUSH:
394 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
395 {
396 SSL_set_bio(ssl,b->next_bio,b->next_bio);
397 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
398 }
399 break;
400 case BIO_CTRL_POP:
401 /* Only detach if we are the BIO explicitly being popped */
402 if (b == ptr)
403 {
404 /* Shouldn't happen in practice because the
405 * rbio and wbio are the same when pushed.
406 */
407 if (ssl->rbio != ssl->wbio)
408 BIO_free_all(ssl->wbio);
409 if (b->next_bio != NULL)
410 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
411 ssl->wbio=NULL;
412 ssl->rbio=NULL;
413 }
414 break;
415 case BIO_C_DO_STATE_MACHINE:
416 BIO_clear_retry_flags(b);
417
418 b->retry_reason=0;
419 ret=(int)SSL_do_handshake(ssl);
420
421 switch (SSL_get_error(ssl,(int)ret))
422 {
423 case SSL_ERROR_WANT_READ:
424 BIO_set_flags(b,
425 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
426 break;
427 case SSL_ERROR_WANT_WRITE:
428 BIO_set_flags(b,
429 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
430 break;
431 case SSL_ERROR_WANT_CONNECT:
432 BIO_set_flags(b,
433 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
434 b->retry_reason=b->next_bio->retry_reason;
435 break;
436 default:
437 break;
438 }
439 break;
440 case BIO_CTRL_DUP:
441 dbio=(BIO *)ptr;
442 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
443 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
444 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
445 ((BIO_SSL *)dbio->ptr)->renegotiate_count=
446 ((BIO_SSL *)b->ptr)->renegotiate_count;
447 ((BIO_SSL *)dbio->ptr)->byte_count=
448 ((BIO_SSL *)b->ptr)->byte_count;
449 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
450 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
451 ((BIO_SSL *)dbio->ptr)->last_time=
452 ((BIO_SSL *)b->ptr)->last_time;
453 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
454 break;
455 case BIO_C_GET_FD:
456 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
457 break;
458 case BIO_CTRL_SET_CALLBACK:
459 {
460#if 0 /* FIXME: Should this be used? -- Richard Levitte */
461 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
462 ret = -1;
463#else
464 ret=0;
465#endif
466 }
467 break;
468 case BIO_CTRL_GET_CALLBACK:
469 {
470 void (**fptr)(const SSL *xssl,int type,int val);
471
472 fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
473 *fptr=SSL_get_info_callback(ssl);
474 }
475 break;
476 default:
477 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
478 break;
479 }
480 return(ret);
481 }
482
483static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
484 {
485 SSL *ssl;
486 BIO_SSL *bs;
487 long ret=1;
488
489 bs=(BIO_SSL *)b->ptr;
490 ssl=bs->ssl;
491 switch (cmd)
492 {
493 case BIO_CTRL_SET_CALLBACK:
494 {
495 /* FIXME: setting this via a completely different prototype
496 seems like a crap idea */
497 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
498 }
499 break;
500 default:
501 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
502 break;
503 }
504 return(ret);
505 }
506
507static int ssl_puts(BIO *bp, const char *str)
508 {
509 int n,ret;
510
511 n=strlen(str);
512 ret=BIO_write(bp,str,n);
513 return(ret);
514 }
515
516BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
517 {
518#ifndef OPENSSL_NO_SOCK
519 BIO *ret=NULL,*buf=NULL,*ssl=NULL;
520
521 if ((buf=BIO_new(BIO_f_buffer())) == NULL)
522 return(NULL);
523 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
524 goto err;
525 if ((ret=BIO_push(buf,ssl)) == NULL)
526 goto err;
527 return(ret);
528err:
529 if (buf != NULL) BIO_free(buf);
530 if (ssl != NULL) BIO_free(ssl);
531#endif
532 return(NULL);
533 }
534
535BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
536 {
537 BIO *ret=NULL,*con=NULL,*ssl=NULL;
538
539 if ((con=BIO_new(BIO_s_connect())) == NULL)
540 return(NULL);
541 if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
542 goto err;
543 if ((ret=BIO_push(ssl,con)) == NULL)
544 goto err;
545 return(ret);
546err:
547 if (con != NULL) BIO_free(con);
548 return(NULL);
549 }
550
551BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
552 {
553 BIO *ret;
554 SSL *ssl;
555
556 if ((ret=BIO_new(BIO_f_ssl())) == NULL)
557 return(NULL);
558 if ((ssl=SSL_new(ctx)) == NULL)
559 {
560 BIO_free(ret);
561 return(NULL);
562 }
563 if (client)
564 SSL_set_connect_state(ssl);
565 else
566 SSL_set_accept_state(ssl);
567
568 BIO_set_ssl(ret,ssl,BIO_CLOSE);
569 return(ret);
570 }
571
572int BIO_ssl_copy_session_id(BIO *t, BIO *f)
573 {
574 t=BIO_find_type(t,BIO_TYPE_SSL);
575 f=BIO_find_type(f,BIO_TYPE_SSL);
576 if ((t == NULL) || (f == NULL))
577 return(0);
578 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
579 (((BIO_SSL *)f->ptr)->ssl == NULL))
580 return(0);
581 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
582 return(1);
583 }
584
585void BIO_ssl_shutdown(BIO *b)
586 {
587 SSL *s;
588
589 while (b != NULL)
590 {
591 if (b->method->type == BIO_TYPE_SSL)
592 {
593 s=((BIO_SSL *)b->ptr)->ssl;
594 SSL_shutdown(s);
595 break;
596 }
597 b=b->next_bio;
598 }
599 }
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
deleted file mode 100644
index 4ce4064cc9..0000000000
--- a/src/lib/libssl/d1_both.c
+++ /dev/null
@@ -1,1418 +0,0 @@
1/* ssl/d1_both.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <string.h>
118#include <stdio.h>
119#include "ssl_locl.h"
120#include <openssl/buffer.h>
121#include <openssl/rand.h>
122#include <openssl/objects.h>
123#include <openssl/evp.h>
124#include <openssl/x509.h>
125
126#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
127
128#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
129 if ((end) - (start) <= 8) { \
130 long ii; \
131 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
132 } else { \
133 long ii; \
134 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
135 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
136 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
137 } }
138
139#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
140 long ii; \
141 OPENSSL_assert((msg_len) > 0); \
142 is_complete = 1; \
143 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
144 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
145 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
146
147#if 0
148#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
149 long ii; \
150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
152 printf("\n"); }
153#endif
154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
156static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
157
158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160
161static unsigned int dtls1_min_mtu(void);
162static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
163static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
164 unsigned long frag_len);
165static unsigned char *dtls1_write_message_header(SSL *s,
166 unsigned char *p);
167static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
168 unsigned long len, unsigned short seq_num, unsigned long frag_off,
169 unsigned long frag_len);
170static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
171 long max, int *ok);
172
173static hm_fragment *
174dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
175 {
176 hm_fragment *frag = NULL;
177 unsigned char *buf = NULL;
178 unsigned char *bitmask = NULL;
179
180 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
181 if ( frag == NULL)
182 return NULL;
183
184 if (frag_len)
185 {
186 buf = (unsigned char *)OPENSSL_malloc(frag_len);
187 if ( buf == NULL)
188 {
189 OPENSSL_free(frag);
190 return NULL;
191 }
192 }
193
194 /* zero length fragment gets zero frag->fragment */
195 frag->fragment = buf;
196
197 /* Initialize reassembly bitmask if necessary */
198 if (reassembly)
199 {
200 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
201 if (bitmask == NULL)
202 {
203 if (buf != NULL) OPENSSL_free(buf);
204 OPENSSL_free(frag);
205 return NULL;
206 }
207 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
208 }
209
210 frag->reassembly = bitmask;
211
212 return frag;
213 }
214
215static void
216dtls1_hm_fragment_free(hm_fragment *frag)
217 {
218 if (frag->fragment) OPENSSL_free(frag->fragment);
219 if (frag->reassembly) OPENSSL_free(frag->reassembly);
220 OPENSSL_free(frag);
221 }
222
223/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
224int dtls1_do_write(SSL *s, int type)
225 {
226 int ret;
227 int curr_mtu;
228 unsigned int len, frag_off, mac_size, blocksize;
229
230 /* AHA! Figure out the MTU, and stick to the right size */
231 if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
232 {
233 s->d1->mtu =
234 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
235
236 /* I've seen the kernel return bogus numbers when it doesn't know
237 * (initial write), so just make sure we have a reasonable number */
238 if ( s->d1->mtu < dtls1_min_mtu())
239 {
240 s->d1->mtu = 0;
241 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
242 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
243 s->d1->mtu, NULL);
244 }
245 }
246#if 0
247 mtu = s->d1->mtu;
248
249 fprintf(stderr, "using MTU = %d\n", mtu);
250
251 mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
252
253 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
254
255 if ( curr_mtu > 0)
256 mtu = curr_mtu;
257 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
258 return ret;
259
260 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
261 {
262 ret = BIO_flush(SSL_get_wbio(s));
263 if ( ret <= 0)
264 return ret;
265 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
266 }
267
268 OPENSSL_assert(mtu > 0); /* should have something reasonable now */
269
270#endif
271
272 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
273 OPENSSL_assert(s->init_num ==
274 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
275
276 if (s->write_hash)
277 mac_size = EVP_MD_CTX_size(s->write_hash);
278 else
279 mac_size = 0;
280
281 if (s->enc_write_ctx &&
282 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
283 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
284 else
285 blocksize = 0;
286
287 frag_off = 0;
288 while( s->init_num)
289 {
290 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
291 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
292
293 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
294 {
295 /* grr.. we could get an error if MTU picked was wrong */
296 ret = BIO_flush(SSL_get_wbio(s));
297 if ( ret <= 0)
298 return ret;
299 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
300 mac_size - blocksize;
301 }
302
303 if ( s->init_num > curr_mtu)
304 len = curr_mtu;
305 else
306 len = s->init_num;
307
308
309 /* XDTLS: this function is too long. split out the CCS part */
310 if ( type == SSL3_RT_HANDSHAKE)
311 {
312 if ( s->init_off != 0)
313 {
314 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
315 s->init_off -= DTLS1_HM_HEADER_LENGTH;
316 s->init_num += DTLS1_HM_HEADER_LENGTH;
317
318 /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
319 if ( len <= DTLS1_HM_HEADER_LENGTH)
320 len += DTLS1_HM_HEADER_LENGTH;
321 }
322
323 dtls1_fix_message_header(s, frag_off,
324 len - DTLS1_HM_HEADER_LENGTH);
325
326 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
327
328 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
329 }
330
331 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
332 len);
333 if (ret < 0)
334 {
335 /* might need to update MTU here, but we don't know
336 * which previous packet caused the failure -- so can't
337 * really retransmit anything. continue as if everything
338 * is fine and wait for an alert to handle the
339 * retransmit
340 */
341 if ( BIO_ctrl(SSL_get_wbio(s),
342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
343 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
344 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
345 else
346 return(-1);
347 }
348 else
349 {
350
351 /* bad if this assert fails, only part of the handshake
352 * message got sent. but why would this happen? */
353 OPENSSL_assert(len == (unsigned int)ret);
354
355 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
356 {
357 /* should not be done for 'Hello Request's, but in that case
358 * we'll ignore the result anyway */
359 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
360 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
361 int xlen;
362
363 if (frag_off == 0 && s->version != DTLS1_BAD_VER)
364 {
365 /* reconstruct message header is if it
366 * is being sent in single fragment */
367 *p++ = msg_hdr->type;
368 l2n3(msg_hdr->msg_len,p);
369 s2n (msg_hdr->seq,p);
370 l2n3(0,p);
371 l2n3(msg_hdr->msg_len,p);
372 p -= DTLS1_HM_HEADER_LENGTH;
373 xlen = ret;
374 }
375 else
376 {
377 p += DTLS1_HM_HEADER_LENGTH;
378 xlen = ret - DTLS1_HM_HEADER_LENGTH;
379 }
380
381 ssl3_finish_mac(s, p, xlen);
382 }
383
384 if (ret == s->init_num)
385 {
386 if (s->msg_callback)
387 s->msg_callback(1, s->version, type, s->init_buf->data,
388 (size_t)(s->init_off + s->init_num), s,
389 s->msg_callback_arg);
390
391 s->init_off = 0; /* done writing this message */
392 s->init_num = 0;
393
394 return(1);
395 }
396 s->init_off+=ret;
397 s->init_num-=ret;
398 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
399 }
400 }
401 return(0);
402 }
403
404
405/* Obtain handshake message of message type 'mt' (any if mt == -1),
406 * maximum acceptable body length 'max'.
407 * Read an entire handshake message. Handshake messages arrive in
408 * fragments.
409 */
410long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
411 {
412 int i, al;
413 struct hm_header_st *msg_hdr;
414 unsigned char *p;
415 unsigned long msg_len;
416
417 /* s3->tmp is used to store messages that are unexpected, caused
418 * by the absence of an optional handshake message */
419 if (s->s3->tmp.reuse_message)
420 {
421 s->s3->tmp.reuse_message=0;
422 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
423 {
424 al=SSL_AD_UNEXPECTED_MESSAGE;
425 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
426 goto f_err;
427 }
428 *ok=1;
429 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
430 s->init_num = (int)s->s3->tmp.message_size;
431 return s->init_num;
432 }
433
434 msg_hdr = &s->d1->r_msg_hdr;
435 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
436
437again:
438 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
439 if ( i == DTLS1_HM_BAD_FRAGMENT ||
440 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
441 goto again;
442 else if ( i <= 0 && !*ok)
443 return i;
444
445 p = (unsigned char *)s->init_buf->data;
446 msg_len = msg_hdr->msg_len;
447
448 /* reconstruct message header */
449 *(p++) = msg_hdr->type;
450 l2n3(msg_len,p);
451 s2n (msg_hdr->seq,p);
452 l2n3(0,p);
453 l2n3(msg_len,p);
454 if (s->version != DTLS1_BAD_VER) {
455 p -= DTLS1_HM_HEADER_LENGTH;
456 msg_len += DTLS1_HM_HEADER_LENGTH;
457 }
458
459 ssl3_finish_mac(s, p, msg_len);
460 if (s->msg_callback)
461 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
462 p, msg_len,
463 s, s->msg_callback_arg);
464
465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
466
467 s->d1->handshake_read_seq++;
468 /* we just read a handshake message from the other side:
469 * this means that we don't need to retransmit of the
470 * buffered messages.
471 * XDTLS: may be able clear out this
472 * buffer a little sooner (i.e if an out-of-order
473 * handshake message/record is received at the record
474 * layer.
475 * XDTLS: exception is that the server needs to
476 * know that change cipher spec and finished messages
477 * have been received by the client before clearing this
478 * buffer. this can simply be done by waiting for the
479 * first data segment, but is there a better way? */
480 dtls1_clear_record_buffer(s);
481
482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
483 return s->init_num;
484
485f_err:
486 ssl3_send_alert(s,SSL3_AL_FATAL,al);
487 *ok = 0;
488 return -1;
489 }
490
491
492static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
493 {
494 size_t frag_off,frag_len,msg_len;
495
496 msg_len = msg_hdr->msg_len;
497 frag_off = msg_hdr->frag_off;
498 frag_len = msg_hdr->frag_len;
499
500 /* sanity checking */
501 if ( (frag_off+frag_len) > msg_len)
502 {
503 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
504 return SSL_AD_ILLEGAL_PARAMETER;
505 }
506
507 if ( (frag_off+frag_len) > (unsigned long)max)
508 {
509 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
510 return SSL_AD_ILLEGAL_PARAMETER;
511 }
512
513 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
514 {
515 /* msg_len is limited to 2^24, but is effectively checked
516 * against max above */
517 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH))
518 {
519 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
520 return SSL_AD_INTERNAL_ERROR;
521 }
522
523 s->s3->tmp.message_size = msg_len;
524 s->d1->r_msg_hdr.msg_len = msg_len;
525 s->s3->tmp.message_type = msg_hdr->type;
526 s->d1->r_msg_hdr.type = msg_hdr->type;
527 s->d1->r_msg_hdr.seq = msg_hdr->seq;
528 }
529 else if (msg_len != s->d1->r_msg_hdr.msg_len)
530 {
531 /* They must be playing with us! BTW, failure to enforce
532 * upper limit would open possibility for buffer overrun. */
533 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
534 return SSL_AD_ILLEGAL_PARAMETER;
535 }
536
537 return 0; /* no error */
538 }
539
540
541static int
542dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
543 {
544 /* (0) check whether the desired fragment is available
545 * if so:
546 * (1) copy over the fragment to s->init_buf->data[]
547 * (2) update s->init_num
548 */
549 pitem *item;
550 hm_fragment *frag;
551 int al;
552
553 *ok = 0;
554 item = pqueue_peek(s->d1->buffered_messages);
555 if ( item == NULL)
556 return 0;
557
558 frag = (hm_fragment *)item->data;
559
560 /* Don't return if reassembly still in progress */
561 if (frag->reassembly != NULL)
562 return 0;
563
564 if ( s->d1->handshake_read_seq == frag->msg_header.seq)
565 {
566 unsigned long frag_len = frag->msg_header.frag_len;
567 pqueue_pop(s->d1->buffered_messages);
568
569 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
570
571 if (al==0) /* no alert */
572 {
573 unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
574 memcpy(&p[frag->msg_header.frag_off],
575 frag->fragment,frag->msg_header.frag_len);
576 }
577
578 dtls1_hm_fragment_free(frag);
579 pitem_free(item);
580
581 if (al==0)
582 {
583 *ok = 1;
584 return frag_len;
585 }
586
587 ssl3_send_alert(s,SSL3_AL_FATAL,al);
588 s->init_num = 0;
589 *ok = 0;
590 return -1;
591 }
592 else
593 return 0;
594 }
595
596
597static int
598dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
599 {
600 hm_fragment *frag = NULL;
601 pitem *item = NULL;
602 int i = -1, is_complete;
603 unsigned char seq64be[8];
604 unsigned long frag_len = msg_hdr->frag_len, max_len;
605
606 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
607 goto err;
608
609 /* Determine maximum allowed message size. Depends on (user set)
610 * maximum certificate length, but 16k is minimum.
611 */
612 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
613 max_len = s->max_cert_list;
614 else
615 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
616
617 if ((msg_hdr->frag_off+frag_len) > max_len)
618 goto err;
619
620 /* Try to find item in queue */
621 memset(seq64be,0,sizeof(seq64be));
622 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
623 seq64be[7] = (unsigned char) msg_hdr->seq;
624 item = pqueue_find(s->d1->buffered_messages, seq64be);
625
626 if (item == NULL)
627 {
628 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
629 if ( frag == NULL)
630 goto err;
631 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
632 frag->msg_header.frag_len = frag->msg_header.msg_len;
633 frag->msg_header.frag_off = 0;
634 }
635 else
636 frag = (hm_fragment*) item->data;
637
638 /* If message is already reassembled, this must be a
639 * retransmit and can be dropped.
640 */
641 if (frag->reassembly == NULL)
642 {
643 unsigned char devnull [256];
644
645 while (frag_len)
646 {
647 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
648 devnull,
649 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
650 if (i<=0) goto err;
651 frag_len -= i;
652 }
653 return DTLS1_HM_FRAGMENT_RETRY;
654 }
655
656 /* read the body of the fragment (header has already been read */
657 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
658 frag->fragment + msg_hdr->frag_off,frag_len,0);
659 if (i<=0 || (unsigned long)i!=frag_len)
660 goto err;
661
662 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
663 (long)(msg_hdr->frag_off + frag_len));
664
665 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
666 is_complete);
667
668 if (is_complete)
669 {
670 OPENSSL_free(frag->reassembly);
671 frag->reassembly = NULL;
672 }
673
674 if (item == NULL)
675 {
676 memset(seq64be,0,sizeof(seq64be));
677 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
678 seq64be[7] = (unsigned char)(msg_hdr->seq);
679
680 item = pitem_new(seq64be, frag);
681 if (item == NULL)
682 {
683 goto err;
684 i = -1;
685 }
686
687 pqueue_insert(s->d1->buffered_messages, item);
688 }
689
690 return DTLS1_HM_FRAGMENT_RETRY;
691
692err:
693 if (frag != NULL) dtls1_hm_fragment_free(frag);
694 if (item != NULL) OPENSSL_free(item);
695 *ok = 0;
696 return i;
697 }
698
699
700static int
701dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
702{
703 int i=-1;
704 hm_fragment *frag = NULL;
705 pitem *item = NULL;
706 unsigned char seq64be[8];
707 unsigned long frag_len = msg_hdr->frag_len;
708
709 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
710 goto err;
711
712 /* Try to find item in queue, to prevent duplicate entries */
713 memset(seq64be,0,sizeof(seq64be));
714 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
715 seq64be[7] = (unsigned char) msg_hdr->seq;
716 item = pqueue_find(s->d1->buffered_messages, seq64be);
717
718 /* If we already have an entry and this one is a fragment,
719 * don't discard it and rather try to reassemble it.
720 */
721 if (item != NULL && frag_len < msg_hdr->msg_len)
722 item = NULL;
723
724 /* Discard the message if sequence number was already there, is
725 * too far in the future, already in the queue or if we received
726 * a FINISHED before the SERVER_HELLO, which then must be a stale
727 * retransmit.
728 */
729 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
730 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
731 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
732 {
733 unsigned char devnull [256];
734
735 while (frag_len)
736 {
737 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
738 devnull,
739 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
740 if (i<=0) goto err;
741 frag_len -= i;
742 }
743 }
744 else
745 {
746 if (frag_len && frag_len < msg_hdr->msg_len)
747 return dtls1_reassemble_fragment(s, msg_hdr, ok);
748
749 frag = dtls1_hm_fragment_new(frag_len, 0);
750 if ( frag == NULL)
751 goto err;
752
753 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
754
755 if (frag_len)
756 {
757 /* read the body of the fragment (header has already been read */
758 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
759 frag->fragment,frag_len,0);
760 if (i<=0 || (unsigned long)i!=frag_len)
761 goto err;
762 }
763
764 memset(seq64be,0,sizeof(seq64be));
765 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
766 seq64be[7] = (unsigned char)(msg_hdr->seq);
767
768 item = pitem_new(seq64be, frag);
769 if ( item == NULL)
770 goto err;
771
772 pqueue_insert(s->d1->buffered_messages, item);
773 }
774
775 return DTLS1_HM_FRAGMENT_RETRY;
776
777err:
778 if ( frag != NULL) dtls1_hm_fragment_free(frag);
779 if ( item != NULL) OPENSSL_free(item);
780 *ok = 0;
781 return i;
782 }
783
784
785static long
786dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
787 {
788 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
789 unsigned long len, frag_off, frag_len;
790 int i,al;
791 struct hm_header_st msg_hdr;
792
793 /* see if we have the required fragment already */
794 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
795 {
796 if (*ok) s->init_num = frag_len;
797 return frag_len;
798 }
799
800 /* read handshake message header */
801 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
802 DTLS1_HM_HEADER_LENGTH, 0);
803 if (i <= 0) /* nbio, or an error */
804 {
805 s->rwstate=SSL_READING;
806 *ok = 0;
807 return i;
808 }
809 OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
810
811 /* parse the message fragment header */
812 dtls1_get_message_header(wire, &msg_hdr);
813
814 /*
815 * if this is a future (or stale) message it gets buffered
816 * (or dropped)--no further processing at this time
817 */
818 if ( msg_hdr.seq != s->d1->handshake_read_seq)
819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
820
821 len = msg_hdr.msg_len;
822 frag_off = msg_hdr.frag_off;
823 frag_len = msg_hdr.frag_len;
824
825 if (frag_len && frag_len < len)
826 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
827
828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
829 wire[0] == SSL3_MT_HELLO_REQUEST)
830 {
831 /* The server may always send 'Hello Request' messages --
832 * we are doing a handshake anyway now, so ignore them
833 * if their format is correct. Does not count for
834 * 'Finished' MAC. */
835 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
836 {
837 if (s->msg_callback)
838 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
839 wire, DTLS1_HM_HEADER_LENGTH, s,
840 s->msg_callback_arg);
841
842 s->init_num = 0;
843 return dtls1_get_message_fragment(s, st1, stn,
844 max, ok);
845 }
846 else /* Incorrectly formated Hello request */
847 {
848 al=SSL_AD_UNEXPECTED_MESSAGE;
849 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
850 goto f_err;
851 }
852 }
853
854 if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
855 goto f_err;
856
857 /* XDTLS: ressurect this when restart is in place */
858 s->state=stn;
859
860 if ( frag_len > 0)
861 {
862 unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
863
864 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
865 &p[frag_off],frag_len,0);
866 /* XDTLS: fix this--message fragments cannot span multiple packets */
867 if (i <= 0)
868 {
869 s->rwstate=SSL_READING;
870 *ok = 0;
871 return i;
872 }
873 }
874 else
875 i = 0;
876
877 /* XDTLS: an incorrectly formatted fragment should cause the
878 * handshake to fail */
879 OPENSSL_assert(i == (int)frag_len);
880
881 *ok = 1;
882
883 /* Note that s->init_num is *not* used as current offset in
884 * s->init_buf->data, but as a counter summing up fragments'
885 * lengths: as soon as they sum up to handshake packet
886 * length, we assume we have got all the fragments. */
887 s->init_num = frag_len;
888 return frag_len;
889
890f_err:
891 ssl3_send_alert(s,SSL3_AL_FATAL,al);
892 s->init_num = 0;
893
894 *ok=0;
895 return(-1);
896 }
897
898int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
899 {
900 unsigned char *p,*d;
901 int i;
902 unsigned long l;
903
904 if (s->state == a)
905 {
906 d=(unsigned char *)s->init_buf->data;
907 p= &(d[DTLS1_HM_HEADER_LENGTH]);
908
909 i=s->method->ssl3_enc->final_finish_mac(s,
910 sender,slen,s->s3->tmp.finish_md);
911 s->s3->tmp.finish_md_len = i;
912 memcpy(p, s->s3->tmp.finish_md, i);
913 p+=i;
914 l=i;
915
916 /* Copy the finished so we can use it for
917 * renegotiation checks
918 */
919 if(s->type == SSL_ST_CONNECT)
920 {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_client_finished,
923 s->s3->tmp.finish_md, i);
924 s->s3->previous_client_finished_len=i;
925 }
926 else
927 {
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
929 memcpy(s->s3->previous_server_finished,
930 s->s3->tmp.finish_md, i);
931 s->s3->previous_server_finished_len=i;
932 }
933
934#ifdef OPENSSL_SYS_WIN16
935 /* MSVC 1.5 does not clear the top bytes of the word unless
936 * I do this.
937 */
938 l&=0xffff;
939#endif
940
941 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
942 s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
943 s->init_off=0;
944
945 /* buffer the message to handle re-xmits */
946 dtls1_buffer_message(s, 0);
947
948 s->state=b;
949 }
950
951 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
952 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
953 }
954
955/* for these 2 messages, we need to
956 * ssl->enc_read_ctx re-init
957 * ssl->s3->read_sequence zero
958 * ssl->s3->read_mac_secret re-init
959 * ssl->session->read_sym_enc assign
960 * ssl->session->read_compression assign
961 * ssl->session->read_hash assign
962 */
963int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
964 {
965 unsigned char *p;
966
967 if (s->state == a)
968 {
969 p=(unsigned char *)s->init_buf->data;
970 *p++=SSL3_MT_CCS;
971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
972 s->init_num=DTLS1_CCS_HEADER_LENGTH;
973
974 if (s->version == DTLS1_BAD_VER) {
975 s->d1->next_handshake_write_seq++;
976 s2n(s->d1->handshake_write_seq,p);
977 s->init_num+=2;
978 }
979
980 s->init_off=0;
981
982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
983 s->d1->handshake_write_seq, 0, 0);
984
985 /* buffer the message to handle re-xmits */
986 dtls1_buffer_message(s, 1);
987
988 s->state=b;
989 }
990
991 /* SSL3_ST_CW_CHANGE_B */
992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
993 }
994
995static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
996 {
997 int n;
998 unsigned char *p;
999
1000 n=i2d_X509(x,NULL);
1001 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
1002 {
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1004 return 0;
1005 }
1006 p=(unsigned char *)&(buf->data[*l]);
1007 l2n3(n,p);
1008 i2d_X509(x,&p);
1009 *l+=n+3;
1010
1011 return 1;
1012 }
1013unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
1014 {
1015 unsigned char *p;
1016 int i;
1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
1018 BUF_MEM *buf;
1019
1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */
1021 buf=s->init_buf;
1022 if (!BUF_MEM_grow_clean(buf,10))
1023 {
1024 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
1025 return(0);
1026 }
1027 if (x != NULL)
1028 {
1029 X509_STORE_CTX xs_ctx;
1030
1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
1032 {
1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
1034 return(0);
1035 }
1036
1037 X509_verify_cert(&xs_ctx);
1038 /* Don't leave errors in the queue */
1039 ERR_clear_error();
1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
1041 {
1042 x = sk_X509_value(xs_ctx.chain, i);
1043
1044 if (!dtls1_add_cert_to_buf(buf, &l, x))
1045 {
1046 X509_STORE_CTX_cleanup(&xs_ctx);
1047 return 0;
1048 }
1049 }
1050 X509_STORE_CTX_cleanup(&xs_ctx);
1051 }
1052 /* Thawte special :-) */
1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
1054 {
1055 x=sk_X509_value(s->ctx->extra_certs,i);
1056 if (!dtls1_add_cert_to_buf(buf, &l, x))
1057 return 0;
1058 }
1059
1060 l-= (3 + DTLS1_HM_HEADER_LENGTH);
1061
1062 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1063 l2n3(l,p);
1064 l+=3;
1065 p=(unsigned char *)&(buf->data[0]);
1066 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1067
1068 l+=DTLS1_HM_HEADER_LENGTH;
1069 return(l);
1070 }
1071
1072int dtls1_read_failed(SSL *s, int code)
1073 {
1074 if ( code > 0)
1075 {
1076 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1077 return 1;
1078 }
1079
1080 if (!dtls1_is_timer_expired(s))
1081 {
1082 /* not a timeout, none of our business,
1083 let higher layers handle this. in fact it's probably an error */
1084 return code;
1085 }
1086
1087 if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */
1088 {
1089 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1090 return code;
1091 }
1092
1093#if 0 /* for now, each alert contains only one record number */
1094 item = pqueue_peek(state->rcvd_records);
1095 if ( item )
1096 {
1097 /* send an alert immediately for all the missing records */
1098 }
1099 else
1100#endif
1101
1102#if 0 /* no more alert sending, just retransmit the last set of messages */
1103 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1104 ssl3_send_alert(s,SSL3_AL_WARNING,
1105 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1106#endif
1107
1108 return dtls1_handle_timeout(s);
1109 }
1110
1111int
1112dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1113 {
1114 /* The index of the retransmission queue actually is the message sequence number,
1115 * since the queue only contains messages of a single handshake. However, the
1116 * ChangeCipherSpec has no message sequence number and so using only the sequence
1117 * will result in the CCS and Finished having the same index. To prevent this,
1118 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
1119 * This does not only differ CSS and Finished, it also maintains the order of the
1120 * index (important for priority queues) and fits in the unsigned short variable.
1121 */
1122 return seq * 2 - is_ccs;
1123 }
1124
1125int
1126dtls1_retransmit_buffered_messages(SSL *s)
1127 {
1128 pqueue sent = s->d1->sent_messages;
1129 piterator iter;
1130 pitem *item;
1131 hm_fragment *frag;
1132 int found = 0;
1133
1134 iter = pqueue_iterator(sent);
1135
1136 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
1137 {
1138 frag = (hm_fragment *)item->data;
1139 if ( dtls1_retransmit_message(s,
1140 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
1141 0, &found) <= 0 && found)
1142 {
1143 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1144 return -1;
1145 }
1146 }
1147
1148 return 1;
1149 }
1150
1151int
1152dtls1_buffer_message(SSL *s, int is_ccs)
1153 {
1154 pitem *item;
1155 hm_fragment *frag;
1156 unsigned char seq64be[8];
1157
1158 /* this function is called immediately after a message has
1159 * been serialized */
1160 OPENSSL_assert(s->init_off == 0);
1161
1162 frag = dtls1_hm_fragment_new(s->init_num, 0);
1163
1164 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1165
1166 if ( is_ccs)
1167 {
1168 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1169 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
1170 }
1171 else
1172 {
1173 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1174 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1175 }
1176
1177 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1178 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
1179 frag->msg_header.type = s->d1->w_msg_hdr.type;
1180 frag->msg_header.frag_off = 0;
1181 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1182 frag->msg_header.is_ccs = is_ccs;
1183
1184 /* save current state*/
1185 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1186 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1187 frag->msg_header.saved_retransmit_state.compress = s->compress;
1188 frag->msg_header.saved_retransmit_state.session = s->session;
1189 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1190
1191 memset(seq64be,0,sizeof(seq64be));
1192 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1193 frag->msg_header.is_ccs)>>8);
1194 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1195 frag->msg_header.is_ccs));
1196
1197 item = pitem_new(seq64be, frag);
1198 if ( item == NULL)
1199 {
1200 dtls1_hm_fragment_free(frag);
1201 return 0;
1202 }
1203
1204#if 0
1205 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
1206 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
1207 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
1208#endif
1209
1210 pqueue_insert(s->d1->sent_messages, item);
1211 return 1;
1212 }
1213
1214int
1215dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1216 int *found)
1217 {
1218 int ret;
1219 /* XDTLS: for now assuming that read/writes are blocking */
1220 pitem *item;
1221 hm_fragment *frag ;
1222 unsigned long header_length;
1223 unsigned char seq64be[8];
1224 struct dtls1_retransmit_state saved_state;
1225 unsigned char save_write_sequence[8];
1226
1227 /*
1228 OPENSSL_assert(s->init_num == 0);
1229 OPENSSL_assert(s->init_off == 0);
1230 */
1231
1232 /* XDTLS: the requested message ought to be found, otherwise error */
1233 memset(seq64be,0,sizeof(seq64be));
1234 seq64be[6] = (unsigned char)(seq>>8);
1235 seq64be[7] = (unsigned char)seq;
1236
1237 item = pqueue_find(s->d1->sent_messages, seq64be);
1238 if ( item == NULL)
1239 {
1240 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1241 *found = 0;
1242 return 0;
1243 }
1244
1245 *found = 1;
1246 frag = (hm_fragment *)item->data;
1247
1248 if ( frag->msg_header.is_ccs)
1249 header_length = DTLS1_CCS_HEADER_LENGTH;
1250 else
1251 header_length = DTLS1_HM_HEADER_LENGTH;
1252
1253 memcpy(s->init_buf->data, frag->fragment,
1254 frag->msg_header.msg_len + header_length);
1255 s->init_num = frag->msg_header.msg_len + header_length;
1256
1257 dtls1_set_message_header_int(s, frag->msg_header.type,
1258 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1259 frag->msg_header.frag_len);
1260
1261 /* save current state */
1262 saved_state.enc_write_ctx = s->enc_write_ctx;
1263 saved_state.write_hash = s->write_hash;
1264 saved_state.compress = s->compress;
1265 saved_state.session = s->session;
1266 saved_state.epoch = s->d1->w_epoch;
1267 saved_state.epoch = s->d1->w_epoch;
1268
1269 s->d1->retransmitting = 1;
1270
1271 /* restore state in which the message was originally sent */
1272 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1273 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1274 s->compress = frag->msg_header.saved_retransmit_state.compress;
1275 s->session = frag->msg_header.saved_retransmit_state.session;
1276 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1277
1278 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1279 {
1280 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1281 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1282 }
1283
1284 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1285 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1286
1287 /* restore current state */
1288 s->enc_write_ctx = saved_state.enc_write_ctx;
1289 s->write_hash = saved_state.write_hash;
1290 s->compress = saved_state.compress;
1291 s->session = saved_state.session;
1292 s->d1->w_epoch = saved_state.epoch;
1293
1294 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1295 {
1296 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1297 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1298 }
1299
1300 s->d1->retransmitting = 0;
1301
1302 (void)BIO_flush(SSL_get_wbio(s));
1303 return ret;
1304 }
1305
1306/* call this function when the buffered messages are no longer needed */
1307void
1308dtls1_clear_record_buffer(SSL *s)
1309 {
1310 pitem *item;
1311
1312 for(item = pqueue_pop(s->d1->sent_messages);
1313 item != NULL; item = pqueue_pop(s->d1->sent_messages))
1314 {
1315 dtls1_hm_fragment_free((hm_fragment *)item->data);
1316 pitem_free(item);
1317 }
1318 }
1319
1320
1321unsigned char *
1322dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1323 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1324 {
1325 if ( frag_off == 0)
1326 {
1327 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1328 s->d1->next_handshake_write_seq++;
1329 }
1330
1331 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1332 frag_off, frag_len);
1333
1334 return p += DTLS1_HM_HEADER_LENGTH;
1335 }
1336
1337
1338/* don't actually do the writing, wait till the MTU has been retrieved */
1339static void
1340dtls1_set_message_header_int(SSL *s, unsigned char mt,
1341 unsigned long len, unsigned short seq_num, unsigned long frag_off,
1342 unsigned long frag_len)
1343 {
1344 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1345
1346 msg_hdr->type = mt;
1347 msg_hdr->msg_len = len;
1348 msg_hdr->seq = seq_num;
1349 msg_hdr->frag_off = frag_off;
1350 msg_hdr->frag_len = frag_len;
1351 }
1352
1353static void
1354dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1355 unsigned long frag_len)
1356 {
1357 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1358
1359 msg_hdr->frag_off = frag_off;
1360 msg_hdr->frag_len = frag_len;
1361 }
1362
1363static unsigned char *
1364dtls1_write_message_header(SSL *s, unsigned char *p)
1365 {
1366 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1367
1368 *p++ = msg_hdr->type;
1369 l2n3(msg_hdr->msg_len, p);
1370
1371 s2n(msg_hdr->seq, p);
1372 l2n3(msg_hdr->frag_off, p);
1373 l2n3(msg_hdr->frag_len, p);
1374
1375 return p;
1376 }
1377
1378static unsigned int
1379dtls1_min_mtu(void)
1380 {
1381 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1382 sizeof(g_probable_mtu[0])) - 1]);
1383 }
1384
1385static unsigned int
1386dtls1_guess_mtu(unsigned int curr_mtu)
1387 {
1388 unsigned int i;
1389
1390 if ( curr_mtu == 0 )
1391 return g_probable_mtu[0] ;
1392
1393 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
1394 if ( curr_mtu > g_probable_mtu[i])
1395 return g_probable_mtu[i];
1396
1397 return curr_mtu;
1398 }
1399
1400void
1401dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1402 {
1403 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1404 msg_hdr->type = *(data++);
1405 n2l3(data, msg_hdr->msg_len);
1406
1407 n2s(data, msg_hdr->seq);
1408 n2l3(data, msg_hdr->frag_off);
1409 n2l3(data, msg_hdr->frag_len);
1410 }
1411
1412void
1413dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1414 {
1415 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1416
1417 ccs_hdr->type = *(data++);
1418 }
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
deleted file mode 100644
index 5bc9eb6603..0000000000
--- a/src/lib/libssl/d1_clnt.c
+++ /dev/null
@@ -1,1534 +0,0 @@
1/* ssl/d1_clnt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_KRB5
119#include "kssl_lcl.h"
120#endif
121#include <openssl/buffer.h>
122#include <openssl/rand.h>
123#include <openssl/objects.h>
124#include <openssl/evp.h>
125#include <openssl/md5.h>
126#include <openssl/bn.h>
127#ifndef OPENSSL_NO_DH
128#include <openssl/dh.h>
129#endif
130
131static const SSL_METHOD *dtls1_get_client_method(int ver);
132static int dtls1_get_hello_verify(SSL *s);
133
134static const SSL_METHOD *dtls1_get_client_method(int ver)
135 {
136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
137 return(DTLSv1_client_method());
138 else
139 return(NULL);
140 }
141
142IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
143 ssl_undefined_function,
144 dtls1_connect,
145 dtls1_get_client_method)
146
147int dtls1_connect(SSL *s)
148 {
149 BUF_MEM *buf=NULL;
150 unsigned long Time=(unsigned long)time(NULL);
151 void (*cb)(const SSL *ssl,int type,int val)=NULL;
152 int ret= -1;
153 int new_state,state,skip=0;;
154
155 RAND_add(&Time,sizeof(Time),0);
156 ERR_clear_error();
157 clear_sys_error();
158
159 if (s->info_callback != NULL)
160 cb=s->info_callback;
161 else if (s->ctx->info_callback != NULL)
162 cb=s->ctx->info_callback;
163
164 s->in_handshake++;
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
166
167 for (;;)
168 {
169 state=s->state;
170
171 switch(s->state)
172 {
173 case SSL_ST_RENEGOTIATE:
174 s->new_session=1;
175 s->state=SSL_ST_CONNECT;
176 s->ctx->stats.sess_connect_renegotiate++;
177 /* break */
178 case SSL_ST_BEFORE:
179 case SSL_ST_CONNECT:
180 case SSL_ST_BEFORE|SSL_ST_CONNECT:
181 case SSL_ST_OK|SSL_ST_CONNECT:
182
183 s->server=0;
184 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
185
186 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
187 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
188 {
189 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
190 ret = -1;
191 goto end;
192 }
193
194 /* s->version=SSL3_VERSION; */
195 s->type=SSL_ST_CONNECT;
196
197 if (s->init_buf == NULL)
198 {
199 if ((buf=BUF_MEM_new()) == NULL)
200 {
201 ret= -1;
202 goto end;
203 }
204 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
205 {
206 ret= -1;
207 goto end;
208 }
209 s->init_buf=buf;
210 buf=NULL;
211 }
212
213 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
214
215 /* setup buffing BIO */
216 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
217
218 /* don't push the buffering BIO quite yet */
219
220 s->state=SSL3_ST_CW_CLNT_HELLO_A;
221 s->ctx->stats.sess_connect++;
222 s->init_num=0;
223 /* mark client_random uninitialized */
224 memset(s->s3->client_random,0,sizeof(s->s3->client_random));
225 s->d1->send_cookie = 0;
226 s->hit = 0;
227 break;
228
229 case SSL3_ST_CW_CLNT_HELLO_A:
230 case SSL3_ST_CW_CLNT_HELLO_B:
231
232 s->shutdown=0;
233
234 /* every DTLS ClientHello resets Finished MAC */
235 ssl3_init_finished_mac(s);
236
237 dtls1_start_timer(s);
238 ret=dtls1_client_hello(s);
239 if (ret <= 0) goto end;
240
241 if ( s->d1->send_cookie)
242 {
243 s->state=SSL3_ST_CW_FLUSH;
244 s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
245 }
246 else
247 s->state=SSL3_ST_CR_SRVR_HELLO_A;
248
249 s->init_num=0;
250
251 /* turn on buffering for the next lot of output */
252 if (s->bbio != s->wbio)
253 s->wbio=BIO_push(s->bbio,s->wbio);
254
255 break;
256
257 case SSL3_ST_CR_SRVR_HELLO_A:
258 case SSL3_ST_CR_SRVR_HELLO_B:
259 ret=ssl3_get_server_hello(s);
260 if (ret <= 0) goto end;
261 else
262 {
263 dtls1_stop_timer(s);
264 if (s->hit)
265 s->state=SSL3_ST_CR_FINISHED_A;
266 else
267 s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
268 }
269 s->init_num=0;
270 break;
271
272 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
273 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
274
275 ret = dtls1_get_hello_verify(s);
276 if ( ret <= 0)
277 goto end;
278 dtls1_stop_timer(s);
279 if ( s->d1->send_cookie) /* start again, with a cookie */
280 s->state=SSL3_ST_CW_CLNT_HELLO_A;
281 else
282 s->state = SSL3_ST_CR_CERT_A;
283 s->init_num = 0;
284 break;
285
286 case SSL3_ST_CR_CERT_A:
287 case SSL3_ST_CR_CERT_B:
288#ifndef OPENSSL_NO_TLSEXT
289 ret=ssl3_check_finished(s);
290 if (ret <= 0) goto end;
291 if (ret == 2)
292 {
293 s->hit = 1;
294 if (s->tlsext_ticket_expected)
295 s->state=SSL3_ST_CR_SESSION_TICKET_A;
296 else
297 s->state=SSL3_ST_CR_FINISHED_A;
298 s->init_num=0;
299 break;
300 }
301#endif
302 /* Check if it is anon DH or PSK */
303 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
304 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
305 {
306 ret=ssl3_get_server_certificate(s);
307 if (ret <= 0) goto end;
308#ifndef OPENSSL_NO_TLSEXT
309 if (s->tlsext_status_expected)
310 s->state=SSL3_ST_CR_CERT_STATUS_A;
311 else
312 s->state=SSL3_ST_CR_KEY_EXCH_A;
313 }
314 else
315 {
316 skip = 1;
317 s->state=SSL3_ST_CR_KEY_EXCH_A;
318 }
319#else
320 }
321 else
322 skip=1;
323
324 s->state=SSL3_ST_CR_KEY_EXCH_A;
325#endif
326 s->init_num=0;
327 break;
328
329 case SSL3_ST_CR_KEY_EXCH_A:
330 case SSL3_ST_CR_KEY_EXCH_B:
331 ret=ssl3_get_key_exchange(s);
332 if (ret <= 0) goto end;
333 s->state=SSL3_ST_CR_CERT_REQ_A;
334 s->init_num=0;
335
336 /* at this point we check that we have the
337 * required stuff from the server */
338 if (!ssl3_check_cert_and_algorithm(s))
339 {
340 ret= -1;
341 goto end;
342 }
343 break;
344
345 case SSL3_ST_CR_CERT_REQ_A:
346 case SSL3_ST_CR_CERT_REQ_B:
347 ret=ssl3_get_certificate_request(s);
348 if (ret <= 0) goto end;
349 s->state=SSL3_ST_CR_SRVR_DONE_A;
350 s->init_num=0;
351 break;
352
353 case SSL3_ST_CR_SRVR_DONE_A:
354 case SSL3_ST_CR_SRVR_DONE_B:
355 ret=ssl3_get_server_done(s);
356 if (ret <= 0) goto end;
357 if (s->s3->tmp.cert_req)
358 s->state=SSL3_ST_CW_CERT_A;
359 else
360 s->state=SSL3_ST_CW_KEY_EXCH_A;
361 s->init_num=0;
362
363 break;
364
365 case SSL3_ST_CW_CERT_A:
366 case SSL3_ST_CW_CERT_B:
367 case SSL3_ST_CW_CERT_C:
368 case SSL3_ST_CW_CERT_D:
369 dtls1_start_timer(s);
370 ret=dtls1_send_client_certificate(s);
371 if (ret <= 0) goto end;
372 s->state=SSL3_ST_CW_KEY_EXCH_A;
373 s->init_num=0;
374 break;
375
376 case SSL3_ST_CW_KEY_EXCH_A:
377 case SSL3_ST_CW_KEY_EXCH_B:
378 dtls1_start_timer(s);
379 ret=dtls1_send_client_key_exchange(s);
380 if (ret <= 0) goto end;
381 /* EAY EAY EAY need to check for DH fix cert
382 * sent back */
383 /* For TLS, cert_req is set to 2, so a cert chain
384 * of nothing is sent, but no verify packet is sent */
385 if (s->s3->tmp.cert_req == 1)
386 {
387 s->state=SSL3_ST_CW_CERT_VRFY_A;
388 }
389 else
390 {
391 s->state=SSL3_ST_CW_CHANGE_A;
392 s->s3->change_cipher_spec=0;
393 }
394
395 s->init_num=0;
396 break;
397
398 case SSL3_ST_CW_CERT_VRFY_A:
399 case SSL3_ST_CW_CERT_VRFY_B:
400 dtls1_start_timer(s);
401 ret=dtls1_send_client_verify(s);
402 if (ret <= 0) goto end;
403 s->state=SSL3_ST_CW_CHANGE_A;
404 s->init_num=0;
405 s->s3->change_cipher_spec=0;
406 break;
407
408 case SSL3_ST_CW_CHANGE_A:
409 case SSL3_ST_CW_CHANGE_B:
410 dtls1_start_timer(s);
411 ret=dtls1_send_change_cipher_spec(s,
412 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
413 if (ret <= 0) goto end;
414 s->state=SSL3_ST_CW_FINISHED_A;
415 s->init_num=0;
416
417 s->session->cipher=s->s3->tmp.new_cipher;
418#ifdef OPENSSL_NO_COMP
419 s->session->compress_meth=0;
420#else
421 if (s->s3->tmp.new_compression == NULL)
422 s->session->compress_meth=0;
423 else
424 s->session->compress_meth=
425 s->s3->tmp.new_compression->id;
426#endif
427 if (!s->method->ssl3_enc->setup_key_block(s))
428 {
429 ret= -1;
430 goto end;
431 }
432
433 if (!s->method->ssl3_enc->change_cipher_state(s,
434 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
435 {
436 ret= -1;
437 goto end;
438 }
439
440 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
441 break;
442
443 case SSL3_ST_CW_FINISHED_A:
444 case SSL3_ST_CW_FINISHED_B:
445 dtls1_start_timer(s);
446 ret=dtls1_send_finished(s,
447 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
448 s->method->ssl3_enc->client_finished_label,
449 s->method->ssl3_enc->client_finished_label_len);
450 if (ret <= 0) goto end;
451 s->state=SSL3_ST_CW_FLUSH;
452
453 /* clear flags */
454 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
455 if (s->hit)
456 {
457 s->s3->tmp.next_state=SSL_ST_OK;
458 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
459 {
460 s->state=SSL_ST_OK;
461 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
462 s->s3->delay_buf_pop_ret=0;
463 }
464 }
465 else
466 {
467#ifndef OPENSSL_NO_TLSEXT
468 /* Allow NewSessionTicket if ticket expected */
469 if (s->tlsext_ticket_expected)
470 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
471 else
472#endif
473
474 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
475 }
476 s->init_num=0;
477 break;
478
479#ifndef OPENSSL_NO_TLSEXT
480 case SSL3_ST_CR_SESSION_TICKET_A:
481 case SSL3_ST_CR_SESSION_TICKET_B:
482 ret=ssl3_get_new_session_ticket(s);
483 if (ret <= 0) goto end;
484 s->state=SSL3_ST_CR_FINISHED_A;
485 s->init_num=0;
486 break;
487
488 case SSL3_ST_CR_CERT_STATUS_A:
489 case SSL3_ST_CR_CERT_STATUS_B:
490 ret=ssl3_get_cert_status(s);
491 if (ret <= 0) goto end;
492 s->state=SSL3_ST_CR_KEY_EXCH_A;
493 s->init_num=0;
494 break;
495#endif
496
497 case SSL3_ST_CR_FINISHED_A:
498 case SSL3_ST_CR_FINISHED_B:
499 s->d1->change_cipher_spec_ok = 1;
500 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
501 SSL3_ST_CR_FINISHED_B);
502 if (ret <= 0) goto end;
503 dtls1_stop_timer(s);
504
505 if (s->hit)
506 s->state=SSL3_ST_CW_CHANGE_A;
507 else
508 s->state=SSL_ST_OK;
509 s->init_num=0;
510 break;
511
512 case SSL3_ST_CW_FLUSH:
513 s->rwstate=SSL_WRITING;
514 if (BIO_flush(s->wbio) <= 0)
515 {
516 ret= -1;
517 goto end;
518 }
519 s->rwstate=SSL_NOTHING;
520 s->state=s->s3->tmp.next_state;
521 break;
522
523 case SSL_ST_OK:
524 /* clean a few things up */
525 ssl3_cleanup_key_block(s);
526
527#if 0
528 if (s->init_buf != NULL)
529 {
530 BUF_MEM_free(s->init_buf);
531 s->init_buf=NULL;
532 }
533#endif
534
535 /* If we are not 'joining' the last two packets,
536 * remove the buffering now */
537 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
538 ssl_free_wbio_buffer(s);
539 /* else do it later in ssl3_write */
540
541 s->init_num=0;
542 s->new_session=0;
543
544 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
545 if (s->hit) s->ctx->stats.sess_hit++;
546
547 ret=1;
548 /* s->server=0; */
549 s->handshake_func=dtls1_connect;
550 s->ctx->stats.sess_connect_good++;
551
552 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
553
554 /* done with handshaking */
555 s->d1->handshake_read_seq = 0;
556 s->d1->next_handshake_write_seq = 0;
557 goto end;
558 /* break; */
559
560 default:
561 SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
562 ret= -1;
563 goto end;
564 /* break; */
565 }
566
567 /* did we do anything */
568 if (!s->s3->tmp.reuse_message && !skip)
569 {
570 if (s->debug)
571 {
572 if ((ret=BIO_flush(s->wbio)) <= 0)
573 goto end;
574 }
575
576 if ((cb != NULL) && (s->state != state))
577 {
578 new_state=s->state;
579 s->state=state;
580 cb(s,SSL_CB_CONNECT_LOOP,1);
581 s->state=new_state;
582 }
583 }
584 skip=0;
585 }
586end:
587 s->in_handshake--;
588 if (buf != NULL)
589 BUF_MEM_free(buf);
590 if (cb != NULL)
591 cb(s,SSL_CB_CONNECT_EXIT,ret);
592 return(ret);
593 }
594
595int dtls1_client_hello(SSL *s)
596 {
597 unsigned char *buf;
598 unsigned char *p,*d;
599 unsigned int i,j;
600 unsigned long Time,l;
601 SSL_COMP *comp;
602
603 buf=(unsigned char *)s->init_buf->data;
604 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
605 {
606 SSL_SESSION *sess = s->session;
607 if ((s->session == NULL) ||
608 (s->session->ssl_version != s->version) ||
609#ifdef OPENSSL_NO_TLSEXT
610 !sess->session_id_length ||
611#else
612 (!sess->session_id_length && !sess->tlsext_tick) ||
613#endif
614 (s->session->not_resumable))
615 {
616 if (!ssl_get_new_session(s,0))
617 goto err;
618 }
619 /* else use the pre-loaded session */
620
621 p=s->s3->client_random;
622
623 /* if client_random is initialized, reuse it, we are
624 * required to use same upon reply to HelloVerify */
625 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
626 if (i==sizeof(s->s3->client_random))
627 {
628 Time=(unsigned long)time(NULL); /* Time */
629 l2n(Time,p);
630 RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
631 }
632
633 /* Do the message type and length last */
634 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
635
636 *(p++)=s->version>>8;
637 *(p++)=s->version&0xff;
638 s->client_version=s->version;
639
640 /* Random stuff */
641 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
642 p+=SSL3_RANDOM_SIZE;
643
644 /* Session ID */
645 if (s->new_session)
646 i=0;
647 else
648 i=s->session->session_id_length;
649 *(p++)=i;
650 if (i != 0)
651 {
652 if (i > sizeof s->session->session_id)
653 {
654 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
655 goto err;
656 }
657 memcpy(p,s->session->session_id,i);
658 p+=i;
659 }
660
661 /* cookie stuff */
662 if ( s->d1->cookie_len > sizeof(s->d1->cookie))
663 {
664 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
665 goto err;
666 }
667 *(p++) = s->d1->cookie_len;
668 memcpy(p, s->d1->cookie, s->d1->cookie_len);
669 p += s->d1->cookie_len;
670
671 /* Ciphers supported */
672 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
673 if (i == 0)
674 {
675 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
676 goto err;
677 }
678 s2n(i,p);
679 p+=i;
680
681 /* COMPRESSION */
682 if (s->ctx->comp_methods == NULL)
683 j=0;
684 else
685 j=sk_SSL_COMP_num(s->ctx->comp_methods);
686 *(p++)=1+j;
687 for (i=0; i<j; i++)
688 {
689 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
690 *(p++)=comp->id;
691 }
692 *(p++)=0; /* Add the NULL method */
693
694#ifndef OPENSSL_NO_TLSEXT
695 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
696 {
697 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
698 goto err;
699 }
700#endif
701
702 l=(p-d);
703 d=buf;
704
705 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
706
707 s->state=SSL3_ST_CW_CLNT_HELLO_B;
708 /* number of bytes to write */
709 s->init_num=p-buf;
710 s->init_off=0;
711
712 /* buffer the message to handle re-xmits */
713 dtls1_buffer_message(s, 0);
714 }
715
716 /* SSL3_ST_CW_CLNT_HELLO_B */
717 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
718err:
719 return(-1);
720 }
721
722static int dtls1_get_hello_verify(SSL *s)
723 {
724 int n, al, ok = 0;
725 unsigned char *data;
726 unsigned int cookie_len;
727
728 n=s->method->ssl_get_message(s,
729 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
730 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
731 -1,
732 s->max_cert_list,
733 &ok);
734
735 if (!ok) return((int)n);
736
737 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
738 {
739 s->d1->send_cookie = 0;
740 s->s3->tmp.reuse_message=1;
741 return(1);
742 }
743
744 data = (unsigned char *)s->init_msg;
745
746 if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
747 {
748 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
749 s->version=(s->version&0xff00)|data[1];
750 al = SSL_AD_PROTOCOL_VERSION;
751 goto f_err;
752 }
753 data+=2;
754
755 cookie_len = *(data++);
756 if ( cookie_len > sizeof(s->d1->cookie))
757 {
758 al=SSL_AD_ILLEGAL_PARAMETER;
759 goto f_err;
760 }
761
762 memcpy(s->d1->cookie, data, cookie_len);
763 s->d1->cookie_len = cookie_len;
764
765 s->d1->send_cookie = 1;
766 return 1;
767
768f_err:
769 ssl3_send_alert(s, SSL3_AL_FATAL, al);
770 return -1;
771 }
772
773int dtls1_send_client_key_exchange(SSL *s)
774 {
775 unsigned char *p,*d;
776 int n;
777 unsigned long alg_k;
778#ifndef OPENSSL_NO_RSA
779 unsigned char *q;
780 EVP_PKEY *pkey=NULL;
781#endif
782#ifndef OPENSSL_NO_KRB5
783 KSSL_ERR kssl_err;
784#endif /* OPENSSL_NO_KRB5 */
785#ifndef OPENSSL_NO_ECDH
786 EC_KEY *clnt_ecdh = NULL;
787 const EC_POINT *srvr_ecpoint = NULL;
788 EVP_PKEY *srvr_pub_pkey = NULL;
789 unsigned char *encodedPoint = NULL;
790 int encoded_pt_len = 0;
791 BN_CTX * bn_ctx = NULL;
792#endif
793
794 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
795 {
796 d=(unsigned char *)s->init_buf->data;
797 p= &(d[DTLS1_HM_HEADER_LENGTH]);
798
799 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
800
801 /* Fool emacs indentation */
802 if (0) {}
803#ifndef OPENSSL_NO_RSA
804 else if (alg_k & SSL_kRSA)
805 {
806 RSA *rsa;
807 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
808
809 if (s->session->sess_cert->peer_rsa_tmp != NULL)
810 rsa=s->session->sess_cert->peer_rsa_tmp;
811 else
812 {
813 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
814 if ((pkey == NULL) ||
815 (pkey->type != EVP_PKEY_RSA) ||
816 (pkey->pkey.rsa == NULL))
817 {
818 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
819 goto err;
820 }
821 rsa=pkey->pkey.rsa;
822 EVP_PKEY_free(pkey);
823 }
824
825 tmp_buf[0]=s->client_version>>8;
826 tmp_buf[1]=s->client_version&0xff;
827 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
828 goto err;
829
830 s->session->master_key_length=sizeof tmp_buf;
831
832 q=p;
833 /* Fix buf for TLS and [incidentally] DTLS */
834 if (s->version > SSL3_VERSION)
835 p+=2;
836 n=RSA_public_encrypt(sizeof tmp_buf,
837 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
838#ifdef PKCS1_CHECK
839 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
840 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
841#endif
842 if (n <= 0)
843 {
844 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
845 goto err;
846 }
847
848 /* Fix buf for TLS and [incidentally] DTLS */
849 if (s->version > SSL3_VERSION)
850 {
851 s2n(n,q);
852 n+=2;
853 }
854
855 s->session->master_key_length=
856 s->method->ssl3_enc->generate_master_secret(s,
857 s->session->master_key,
858 tmp_buf,sizeof tmp_buf);
859 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
860 }
861#endif
862#ifndef OPENSSL_NO_KRB5
863 else if (alg_k & SSL_kKRB5)
864 {
865 krb5_error_code krb5rc;
866 KSSL_CTX *kssl_ctx = s->kssl_ctx;
867 /* krb5_data krb5_ap_req; */
868 krb5_data *enc_ticket;
869 krb5_data authenticator, *authp = NULL;
870 EVP_CIPHER_CTX ciph_ctx;
871 const EVP_CIPHER *enc = NULL;
872 unsigned char iv[EVP_MAX_IV_LENGTH];
873 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
874 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
875 + EVP_MAX_IV_LENGTH];
876 int padl, outl = sizeof(epms);
877
878 EVP_CIPHER_CTX_init(&ciph_ctx);
879
880#ifdef KSSL_DEBUG
881 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
882 alg_k, SSL_kKRB5);
883#endif /* KSSL_DEBUG */
884
885 authp = NULL;
886#ifdef KRB5SENDAUTH
887 if (KRB5SENDAUTH) authp = &authenticator;
888#endif /* KRB5SENDAUTH */
889
890 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
891 &kssl_err);
892 enc = kssl_map_enc(kssl_ctx->enctype);
893 if (enc == NULL)
894 goto err;
895#ifdef KSSL_DEBUG
896 {
897 printf("kssl_cget_tkt rtn %d\n", krb5rc);
898 if (krb5rc && kssl_err.text)
899 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
900 }
901#endif /* KSSL_DEBUG */
902
903 if (krb5rc)
904 {
905 ssl3_send_alert(s,SSL3_AL_FATAL,
906 SSL_AD_HANDSHAKE_FAILURE);
907 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
908 kssl_err.reason);
909 goto err;
910 }
911
912 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
913 ** in place of RFC 2712 KerberosWrapper, as in:
914 **
915 ** Send ticket (copy to *p, set n = length)
916 ** n = krb5_ap_req.length;
917 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
918 ** if (krb5_ap_req.data)
919 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
920 **
921 ** Now using real RFC 2712 KerberosWrapper
922 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
923 ** Note: 2712 "opaque" types are here replaced
924 ** with a 2-byte length followed by the value.
925 ** Example:
926 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
927 ** Where "xx xx" = length bytes. Shown here with
928 ** optional authenticator omitted.
929 */
930
931 /* KerberosWrapper.Ticket */
932 s2n(enc_ticket->length,p);
933 memcpy(p, enc_ticket->data, enc_ticket->length);
934 p+= enc_ticket->length;
935 n = enc_ticket->length + 2;
936
937 /* KerberosWrapper.Authenticator */
938 if (authp && authp->length)
939 {
940 s2n(authp->length,p);
941 memcpy(p, authp->data, authp->length);
942 p+= authp->length;
943 n+= authp->length + 2;
944
945 free(authp->data);
946 authp->data = NULL;
947 authp->length = 0;
948 }
949 else
950 {
951 s2n(0,p);/* null authenticator length */
952 n+=2;
953 }
954
955 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
956 goto err;
957
958 /* 20010420 VRS. Tried it this way; failed.
959 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
960 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
961 ** kssl_ctx->length);
962 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
963 */
964
965 memset(iv, 0, sizeof iv); /* per RFC 1510 */
966 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
967 kssl_ctx->key,iv);
968 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
969 sizeof tmp_buf);
970 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
971 outl += padl;
972 if (outl > (int)sizeof epms)
973 {
974 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
975 goto err;
976 }
977 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
978
979 /* KerberosWrapper.EncryptedPreMasterSecret */
980 s2n(outl,p);
981 memcpy(p, epms, outl);
982 p+=outl;
983 n+=outl + 2;
984
985 s->session->master_key_length=
986 s->method->ssl3_enc->generate_master_secret(s,
987 s->session->master_key,
988 tmp_buf, sizeof tmp_buf);
989
990 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
991 OPENSSL_cleanse(epms, outl);
992 }
993#endif
994#ifndef OPENSSL_NO_DH
995 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
996 {
997 DH *dh_srvr,*dh_clnt;
998
999 if (s->session->sess_cert->peer_dh_tmp != NULL)
1000 dh_srvr=s->session->sess_cert->peer_dh_tmp;
1001 else
1002 {
1003 /* we get them from the cert */
1004 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1005 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1006 goto err;
1007 }
1008
1009 /* generate a new random key */
1010 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
1011 {
1012 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1013 goto err;
1014 }
1015 if (!DH_generate_key(dh_clnt))
1016 {
1017 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1018 goto err;
1019 }
1020
1021 /* use the 'p' output buffer for the DH key, but
1022 * make sure to clear it out afterwards */
1023
1024 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
1025
1026 if (n <= 0)
1027 {
1028 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1029 goto err;
1030 }
1031
1032 /* generate master key from the result */
1033 s->session->master_key_length=
1034 s->method->ssl3_enc->generate_master_secret(s,
1035 s->session->master_key,p,n);
1036 /* clean up */
1037 memset(p,0,n);
1038
1039 /* send off the data */
1040 n=BN_num_bytes(dh_clnt->pub_key);
1041 s2n(n,p);
1042 BN_bn2bin(dh_clnt->pub_key,p);
1043 n+=2;
1044
1045 DH_free(dh_clnt);
1046
1047 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1048 }
1049#endif
1050#ifndef OPENSSL_NO_ECDH
1051 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
1052 {
1053 const EC_GROUP *srvr_group = NULL;
1054 EC_KEY *tkey;
1055 int ecdh_clnt_cert = 0;
1056 int field_size = 0;
1057
1058 /* Did we send out the client's
1059 * ECDH share for use in premaster
1060 * computation as part of client certificate?
1061 * If so, set ecdh_clnt_cert to 1.
1062 */
1063 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
1064 {
1065 /* XXX: For now, we do not support client
1066 * authentication using ECDH certificates.
1067 * To add such support, one needs to add
1068 * code that checks for appropriate
1069 * conditions and sets ecdh_clnt_cert to 1.
1070 * For example, the cert have an ECC
1071 * key on the same curve as the server's
1072 * and the key should be authorized for
1073 * key agreement.
1074 *
1075 * One also needs to add code in ssl3_connect
1076 * to skip sending the certificate verify
1077 * message.
1078 *
1079 * if ((s->cert->key->privatekey != NULL) &&
1080 * (s->cert->key->privatekey->type ==
1081 * EVP_PKEY_EC) && ...)
1082 * ecdh_clnt_cert = 1;
1083 */
1084 }
1085
1086 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
1087 {
1088 tkey = s->session->sess_cert->peer_ecdh_tmp;
1089 }
1090 else
1091 {
1092 /* Get the Server Public Key from Cert */
1093 srvr_pub_pkey = X509_get_pubkey(s->session-> \
1094 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1095 if ((srvr_pub_pkey == NULL) ||
1096 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1097 (srvr_pub_pkey->pkey.ec == NULL))
1098 {
1099 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1100 ERR_R_INTERNAL_ERROR);
1101 goto err;
1102 }
1103
1104 tkey = srvr_pub_pkey->pkey.ec;
1105 }
1106
1107 srvr_group = EC_KEY_get0_group(tkey);
1108 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
1109
1110 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
1111 {
1112 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1113 ERR_R_INTERNAL_ERROR);
1114 goto err;
1115 }
1116
1117 if ((clnt_ecdh=EC_KEY_new()) == NULL)
1118 {
1119 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1120 goto err;
1121 }
1122
1123 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
1124 {
1125 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1126 goto err;
1127 }
1128 if (ecdh_clnt_cert)
1129 {
1130 /* Reuse key info from our certificate
1131 * We only need our private key to perform
1132 * the ECDH computation.
1133 */
1134 const BIGNUM *priv_key;
1135 tkey = s->cert->key->privatekey->pkey.ec;
1136 priv_key = EC_KEY_get0_private_key(tkey);
1137 if (priv_key == NULL)
1138 {
1139 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1140 goto err;
1141 }
1142 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
1143 {
1144 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1145 goto err;
1146 }
1147 }
1148 else
1149 {
1150 /* Generate a new ECDH key pair */
1151 if (!(EC_KEY_generate_key(clnt_ecdh)))
1152 {
1153 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1154 goto err;
1155 }
1156 }
1157
1158 /* use the 'p' output buffer for the ECDH key, but
1159 * make sure to clear it out afterwards
1160 */
1161
1162 field_size = EC_GROUP_get_degree(srvr_group);
1163 if (field_size <= 0)
1164 {
1165 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1166 ERR_R_ECDH_LIB);
1167 goto err;
1168 }
1169 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1170 if (n <= 0)
1171 {
1172 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1173 ERR_R_ECDH_LIB);
1174 goto err;
1175 }
1176
1177 /* generate master key from the result */
1178 s->session->master_key_length = s->method->ssl3_enc \
1179 -> generate_master_secret(s,
1180 s->session->master_key,
1181 p, n);
1182
1183 memset(p, 0, n); /* clean up */
1184
1185 if (ecdh_clnt_cert)
1186 {
1187 /* Send empty client key exch message */
1188 n = 0;
1189 }
1190 else
1191 {
1192 /* First check the size of encoding and
1193 * allocate memory accordingly.
1194 */
1195 encoded_pt_len =
1196 EC_POINT_point2oct(srvr_group,
1197 EC_KEY_get0_public_key(clnt_ecdh),
1198 POINT_CONVERSION_UNCOMPRESSED,
1199 NULL, 0, NULL);
1200
1201 encodedPoint = (unsigned char *)
1202 OPENSSL_malloc(encoded_pt_len *
1203 sizeof(unsigned char));
1204 bn_ctx = BN_CTX_new();
1205 if ((encodedPoint == NULL) ||
1206 (bn_ctx == NULL))
1207 {
1208 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1209 goto err;
1210 }
1211
1212 /* Encode the public key */
1213 n = EC_POINT_point2oct(srvr_group,
1214 EC_KEY_get0_public_key(clnt_ecdh),
1215 POINT_CONVERSION_UNCOMPRESSED,
1216 encodedPoint, encoded_pt_len, bn_ctx);
1217
1218 *p = n; /* length of encoded point */
1219 /* Encoded point will be copied here */
1220 p += 1;
1221 /* copy the point */
1222 memcpy((unsigned char *)p, encodedPoint, n);
1223 /* increment n to account for length field */
1224 n += 1;
1225 }
1226
1227 /* Free allocated memory */
1228 BN_CTX_free(bn_ctx);
1229 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1230 if (clnt_ecdh != NULL)
1231 EC_KEY_free(clnt_ecdh);
1232 EVP_PKEY_free(srvr_pub_pkey);
1233 }
1234#endif /* !OPENSSL_NO_ECDH */
1235
1236#ifndef OPENSSL_NO_PSK
1237 else if (alg_k & SSL_kPSK)
1238 {
1239 char identity[PSK_MAX_IDENTITY_LEN];
1240 unsigned char *t = NULL;
1241 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
1242 unsigned int pre_ms_len = 0, psk_len = 0;
1243 int psk_err = 1;
1244
1245 n = 0;
1246 if (s->psk_client_callback == NULL)
1247 {
1248 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1249 SSL_R_PSK_NO_CLIENT_CB);
1250 goto err;
1251 }
1252
1253 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
1254 identity, PSK_MAX_IDENTITY_LEN,
1255 psk_or_pre_ms, sizeof(psk_or_pre_ms));
1256 if (psk_len > PSK_MAX_PSK_LEN)
1257 {
1258 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1259 ERR_R_INTERNAL_ERROR);
1260 goto psk_err;
1261 }
1262 else if (psk_len == 0)
1263 {
1264 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1265 SSL_R_PSK_IDENTITY_NOT_FOUND);
1266 goto psk_err;
1267 }
1268
1269 /* create PSK pre_master_secret */
1270 pre_ms_len = 2+psk_len+2+psk_len;
1271 t = psk_or_pre_ms;
1272 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
1273 s2n(psk_len, t);
1274 memset(t, 0, psk_len);
1275 t+=psk_len;
1276 s2n(psk_len, t);
1277
1278 if (s->session->psk_identity_hint != NULL)
1279 OPENSSL_free(s->session->psk_identity_hint);
1280 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
1281 if (s->ctx->psk_identity_hint != NULL &&
1282 s->session->psk_identity_hint == NULL)
1283 {
1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1285 ERR_R_MALLOC_FAILURE);
1286 goto psk_err;
1287 }
1288
1289 if (s->session->psk_identity != NULL)
1290 OPENSSL_free(s->session->psk_identity);
1291 s->session->psk_identity = BUF_strdup(identity);
1292 if (s->session->psk_identity == NULL)
1293 {
1294 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1295 ERR_R_MALLOC_FAILURE);
1296 goto psk_err;
1297 }
1298
1299 s->session->master_key_length =
1300 s->method->ssl3_enc->generate_master_secret(s,
1301 s->session->master_key,
1302 psk_or_pre_ms, pre_ms_len);
1303 n = strlen(identity);
1304 s2n(n, p);
1305 memcpy(p, identity, n);
1306 n+=2;
1307 psk_err = 0;
1308 psk_err:
1309 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1310 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1311 if (psk_err != 0)
1312 {
1313 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1314 goto err;
1315 }
1316 }
1317#endif
1318 else
1319 {
1320 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1321 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1322 goto err;
1323 }
1324
1325 d = dtls1_set_message_header(s, d,
1326 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1327 /*
1328 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1329 l2n3(n,d);
1330 l2n(s->d1->handshake_write_seq,d);
1331 s->d1->handshake_write_seq++;
1332 */
1333
1334 s->state=SSL3_ST_CW_KEY_EXCH_B;
1335 /* number of bytes to write */
1336 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1337 s->init_off=0;
1338
1339 /* buffer the message to handle re-xmits */
1340 dtls1_buffer_message(s, 0);
1341 }
1342
1343 /* SSL3_ST_CW_KEY_EXCH_B */
1344 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1345err:
1346#ifndef OPENSSL_NO_ECDH
1347 BN_CTX_free(bn_ctx);
1348 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1349 if (clnt_ecdh != NULL)
1350 EC_KEY_free(clnt_ecdh);
1351 EVP_PKEY_free(srvr_pub_pkey);
1352#endif
1353 return(-1);
1354 }
1355
1356int dtls1_send_client_verify(SSL *s)
1357 {
1358 unsigned char *p,*d;
1359 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1360 EVP_PKEY *pkey;
1361#ifndef OPENSSL_NO_RSA
1362 unsigned u=0;
1363#endif
1364 unsigned long n;
1365#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1366 int j;
1367#endif
1368
1369 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
1370 {
1371 d=(unsigned char *)s->init_buf->data;
1372 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1373 pkey=s->cert->key->privatekey;
1374
1375 s->method->ssl3_enc->cert_verify_mac(s,
1376 NID_sha1,
1377 &(data[MD5_DIGEST_LENGTH]));
1378
1379#ifndef OPENSSL_NO_RSA
1380 if (pkey->type == EVP_PKEY_RSA)
1381 {
1382 s->method->ssl3_enc->cert_verify_mac(s,
1383 NID_md5,
1384 &(data[0]));
1385 if (RSA_sign(NID_md5_sha1, data,
1386 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1387 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
1388 {
1389 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1390 goto err;
1391 }
1392 s2n(u,p);
1393 n=u+2;
1394 }
1395 else
1396#endif
1397#ifndef OPENSSL_NO_DSA
1398 if (pkey->type == EVP_PKEY_DSA)
1399 {
1400 if (!DSA_sign(pkey->save_type,
1401 &(data[MD5_DIGEST_LENGTH]),
1402 SHA_DIGEST_LENGTH,&(p[2]),
1403 (unsigned int *)&j,pkey->pkey.dsa))
1404 {
1405 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1406 goto err;
1407 }
1408 s2n(j,p);
1409 n=j+2;
1410 }
1411 else
1412#endif
1413#ifndef OPENSSL_NO_ECDSA
1414 if (pkey->type == EVP_PKEY_EC)
1415 {
1416 if (!ECDSA_sign(pkey->save_type,
1417 &(data[MD5_DIGEST_LENGTH]),
1418 SHA_DIGEST_LENGTH,&(p[2]),
1419 (unsigned int *)&j,pkey->pkey.ec))
1420 {
1421 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1422 ERR_R_ECDSA_LIB);
1423 goto err;
1424 }
1425 s2n(j,p);
1426 n=j+2;
1427 }
1428 else
1429#endif
1430 {
1431 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
1432 goto err;
1433 }
1434
1435 d = dtls1_set_message_header(s, d,
1436 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
1437
1438 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
1439 s->init_off=0;
1440
1441 /* buffer the message to handle re-xmits */
1442 dtls1_buffer_message(s, 0);
1443
1444 s->state = SSL3_ST_CW_CERT_VRFY_B;
1445 }
1446
1447 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1448 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1449err:
1450 return(-1);
1451 }
1452
1453int dtls1_send_client_certificate(SSL *s)
1454 {
1455 X509 *x509=NULL;
1456 EVP_PKEY *pkey=NULL;
1457 int i;
1458 unsigned long l;
1459
1460 if (s->state == SSL3_ST_CW_CERT_A)
1461 {
1462 if ((s->cert == NULL) ||
1463 (s->cert->key->x509 == NULL) ||
1464 (s->cert->key->privatekey == NULL))
1465 s->state=SSL3_ST_CW_CERT_B;
1466 else
1467 s->state=SSL3_ST_CW_CERT_C;
1468 }
1469
1470 /* We need to get a client cert */
1471 if (s->state == SSL3_ST_CW_CERT_B)
1472 {
1473 /* If we get an error, we need to
1474 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1475 * We then get retied later */
1476 i=0;
1477 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1478 if (i < 0)
1479 {
1480 s->rwstate=SSL_X509_LOOKUP;
1481 return(-1);
1482 }
1483 s->rwstate=SSL_NOTHING;
1484 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
1485 {
1486 s->state=SSL3_ST_CW_CERT_B;
1487 if ( !SSL_use_certificate(s,x509) ||
1488 !SSL_use_PrivateKey(s,pkey))
1489 i=0;
1490 }
1491 else if (i == 1)
1492 {
1493 i=0;
1494 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1495 }
1496
1497 if (x509 != NULL) X509_free(x509);
1498 if (pkey != NULL) EVP_PKEY_free(pkey);
1499 if (i == 0)
1500 {
1501 if (s->version == SSL3_VERSION)
1502 {
1503 s->s3->tmp.cert_req=0;
1504 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
1505 return(1);
1506 }
1507 else
1508 {
1509 s->s3->tmp.cert_req=2;
1510 }
1511 }
1512
1513 /* Ok, we have a cert */
1514 s->state=SSL3_ST_CW_CERT_C;
1515 }
1516
1517 if (s->state == SSL3_ST_CW_CERT_C)
1518 {
1519 s->state=SSL3_ST_CW_CERT_D;
1520 l=dtls1_output_cert_chain(s,
1521 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
1522 s->init_num=(int)l;
1523 s->init_off=0;
1524
1525 /* set header called by dtls1_output_cert_chain() */
1526
1527 /* buffer the message to handle re-xmits */
1528 dtls1_buffer_message(s, 0);
1529 }
1530 /* SSL3_ST_CW_CERT_D */
1531 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1532 }
1533
1534
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index 8fa57347a9..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,293 +0,0 @@
1/* ssl/d1_enc.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h>
120#endif
121#include <openssl/evp.h>
122#include <openssl/hmac.h>
123#include <openssl/md5.h>
124#include <openssl/rand.h>
125#ifdef KSSL_DEBUG
126#include <openssl/des.h>
127#endif
128
129int dtls1_enc(SSL *s, int send)
130 {
131 SSL3_RECORD *rec;
132 EVP_CIPHER_CTX *ds;
133 unsigned long l;
134 int bs,i,ii,j,k,n=0;
135 const EVP_CIPHER *enc;
136
137 if (send)
138 {
139 if (EVP_MD_CTX_md(s->write_hash))
140 {
141 n=EVP_MD_CTX_size(s->write_hash);
142 if (n < 0)
143 return -1;
144 }
145 ds=s->enc_write_ctx;
146 rec= &(s->s3->wrec);
147 if (s->enc_write_ctx == NULL)
148 enc=NULL;
149 else
150 {
151 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
152 if ( rec->data != rec->input)
153 /* we can't write into the input stream */
154 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
155 __FILE__, __LINE__);
156 else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
157 {
158 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
159 return -1;
160 }
161 }
162 }
163 else
164 {
165 if (EVP_MD_CTX_md(s->read_hash))
166 {
167 n=EVP_MD_CTX_size(s->read_hash);
168 if (n < 0)
169 return -1;
170 }
171 ds=s->enc_read_ctx;
172 rec= &(s->s3->rrec);
173 if (s->enc_read_ctx == NULL)
174 enc=NULL;
175 else
176 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
177 }
178
179#ifdef KSSL_DEBUG
180 printf("dtls1_enc(%d)\n", send);
181#endif /* KSSL_DEBUG */
182
183 if ((s->session == NULL) || (ds == NULL) ||
184 (enc == NULL))
185 {
186 memmove(rec->data,rec->input,rec->length);
187 rec->input=rec->data;
188 }
189 else
190 {
191 l=rec->length;
192 bs=EVP_CIPHER_block_size(ds->cipher);
193
194 if ((bs != 1) && send)
195 {
196 i=bs-((int)l%bs);
197
198 /* Add weird padding of upto 256 bytes */
199
200 /* we need to add 'i' padding bytes of value j */
201 j=i-1;
202 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
203 {
204 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
205 j++;
206 }
207 for (k=(int)l; k<(int)(l+i); k++)
208 rec->input[k]=j;
209 l+=i;
210 rec->length+=i;
211 }
212
213#ifdef KSSL_DEBUG
214 {
215 unsigned long ui;
216 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
217 ds,rec->data,rec->input,l);
218 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
219 ds->buf_len, ds->cipher->key_len,
220 DES_KEY_SZ, DES_SCHEDULE_SZ,
221 ds->cipher->iv_len);
222 printf("\t\tIV: ");
223 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
224 printf("\n");
225 printf("\trec->input=");
226 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
227 printf("\n");
228 }
229#endif /* KSSL_DEBUG */
230
231 if (!send)
232 {
233 if (l == 0 || l%bs != 0)
234 {
235 SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
236 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
237 return 0;
238 }
239 }
240
241 EVP_Cipher(ds,rec->data,rec->input,l);
242
243#ifdef KSSL_DEBUG
244 {
245 unsigned long i;
246 printf("\trec->data=");
247 for (i=0; i<l; i++)
248 printf(" %02x", rec->data[i]); printf("\n");
249 }
250#endif /* KSSL_DEBUG */
251
252 if ((bs != 1) && !send)
253 {
254 ii=i=rec->data[l-1]; /* padding_length */
255 i++;
256 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
257 {
258 /* First packet is even in size, so check */
259 if ((memcmp(s->s3->read_sequence,
260 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
261 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
262 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
263 i--;
264 }
265 /* TLS 1.0 does not bound the number of padding bytes by the block size.
266 * All of them must have value 'padding_length'. */
267 if (i > (int)rec->length)
268 {
269 /* Incorrect padding. SSLerr() and ssl3_alert are done
270 * by caller: we don't want to reveal whether this is
271 * a decryption error or a MAC verification failure
272 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
273 */
274 return -1;
275 }
276 for (j=(int)(l-i); j<(int)l; j++)
277 {
278 if (rec->data[j] != ii)
279 {
280 /* Incorrect padding */
281 return -1;
282 }
283 }
284 rec->length-=i;
285
286 rec->data += bs; /* skip the implicit IV */
287 rec->input += bs;
288 rec->length -= bs;
289 }
290 }
291 return(1);
292 }
293
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
deleted file mode 100644
index 96b220e87c..0000000000
--- a/src/lib/libssl/d1_lib.c
+++ /dev/null
@@ -1,394 +0,0 @@
1/* ssl/d1_lib.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#define USE_SOCKETS
62#include <openssl/objects.h>
63#include "ssl_locl.h"
64
65#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
66#include <sys/timeb.h>
67#endif
68
69static void get_current_time(struct timeval *t);
70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client);
72
73SSL3_ENC_METHOD DTLSv1_enc_data={
74 dtls1_enc,
75 tls1_mac,
76 tls1_setup_key_block,
77 tls1_generate_master_secret,
78 tls1_change_cipher_state,
79 tls1_final_finish_mac,
80 TLS1_FINISH_MAC_LENGTH,
81 tls1_cert_verify_mac,
82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
84 tls1_alert_code,
85 };
86
87long dtls1_default_timeout(void)
88 {
89 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
90 * is way too long for http, the cache would over fill */
91 return(60*60*2);
92 }
93
94int dtls1_new(SSL *s)
95 {
96 DTLS1_STATE *d1;
97
98 if (!ssl3_new(s)) return(0);
99 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
100 memset(d1,0, sizeof *d1);
101
102 /* d1->handshake_epoch=0; */
103
104 d1->unprocessed_rcds.q=pqueue_new();
105 d1->processed_rcds.q=pqueue_new();
106 d1->buffered_messages = pqueue_new();
107 d1->sent_messages=pqueue_new();
108 d1->buffered_app_data.q=pqueue_new();
109
110 if ( s->server)
111 {
112 d1->cookie_len = sizeof(s->d1->cookie);
113 }
114
115 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
116 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
117 {
118 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
119 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
120 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
121 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
122 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
123 OPENSSL_free(d1);
124 return (0);
125 }
126
127 s->d1=d1;
128 s->method->ssl_clear(s);
129 return(1);
130 }
131
132void dtls1_free(SSL *s)
133 {
134 pitem *item = NULL;
135 hm_fragment *frag = NULL;
136
137 ssl3_free(s);
138
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
140 {
141 OPENSSL_free(item->data);
142 pitem_free(item);
143 }
144 pqueue_free(s->d1->unprocessed_rcds.q);
145
146 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
147 {
148 OPENSSL_free(item->data);
149 pitem_free(item);
150 }
151 pqueue_free(s->d1->processed_rcds.q);
152
153 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
154 {
155 frag = (hm_fragment *)item->data;
156 OPENSSL_free(frag->fragment);
157 OPENSSL_free(frag);
158 pitem_free(item);
159 }
160 pqueue_free(s->d1->buffered_messages);
161
162 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
163 {
164 frag = (hm_fragment *)item->data;
165 OPENSSL_free(frag->fragment);
166 OPENSSL_free(frag);
167 pitem_free(item);
168 }
169 pqueue_free(s->d1->sent_messages);
170
171 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
172 {
173 frag = (hm_fragment *)item->data;
174 OPENSSL_free(frag->fragment);
175 OPENSSL_free(frag);
176 pitem_free(item);
177 }
178 pqueue_free(s->d1->buffered_app_data.q);
179
180 OPENSSL_free(s->d1);
181 }
182
183void dtls1_clear(SSL *s)
184 {
185 ssl3_clear(s);
186 if (s->options & SSL_OP_CISCO_ANYCONNECT)
187 s->version=DTLS1_BAD_VER;
188 else
189 s->version=DTLS1_VERSION;
190 }
191
192long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
193 {
194 int ret=0;
195
196 switch (cmd)
197 {
198 case DTLS_CTRL_GET_TIMEOUT:
199 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
200 {
201 ret = 1;
202 }
203 break;
204 case DTLS_CTRL_HANDLE_TIMEOUT:
205 ret = dtls1_handle_timeout(s);
206 break;
207 case DTLS_CTRL_LISTEN:
208 ret = dtls1_listen(s, parg);
209 break;
210
211 default:
212 ret = ssl3_ctrl(s, cmd, larg, parg);
213 break;
214 }
215 return(ret);
216 }
217
218/*
219 * As it's impossible to use stream ciphers in "datagram" mode, this
220 * simple filter is designed to disengage them in DTLS. Unfortunately
221 * there is no universal way to identify stream SSL_CIPHER, so we have
222 * to explicitly list their SSL_* codes. Currently RC4 is the only one
223 * available, but if new ones emerge, they will have to be added...
224 */
225const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
226 {
227 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
228
229 if (ciph != NULL)
230 {
231 if (ciph->algorithm_enc == SSL_RC4)
232 return NULL;
233 }
234
235 return ciph;
236 }
237
238void dtls1_start_timer(SSL *s)
239 {
240 /* If timer is not set, initialize duration with 1 second */
241 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
242 {
243 s->d1->timeout_duration = 1;
244 }
245
246 /* Set timeout to current time */
247 get_current_time(&(s->d1->next_timeout));
248
249 /* Add duration to current time */
250 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
251 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
252 }
253
254struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
255 {
256 struct timeval timenow;
257
258 /* If no timeout is set, just return NULL */
259 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
260 {
261 return NULL;
262 }
263
264 /* Get current time */
265 get_current_time(&timenow);
266
267 /* If timer already expired, set remaining time to 0 */
268 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
269 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
270 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
271 {
272 memset(timeleft, 0, sizeof(struct timeval));
273 return timeleft;
274 }
275
276 /* Calculate time left until timer expires */
277 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
278 timeleft->tv_sec -= timenow.tv_sec;
279 timeleft->tv_usec -= timenow.tv_usec;
280 if (timeleft->tv_usec < 0)
281 {
282 timeleft->tv_sec--;
283 timeleft->tv_usec += 1000000;
284 }
285
286 /* If remaining time is less than 15 ms, set it to 0
287 * to prevent issues because of small devergences with
288 * socket timeouts.
289 */
290 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
291 {
292 memset(timeleft, 0, sizeof(struct timeval));
293 }
294
295
296 return timeleft;
297 }
298
299int dtls1_is_timer_expired(SSL *s)
300 {
301 struct timeval timeleft;
302
303 /* Get time left until timeout, return false if no timer running */
304 if (dtls1_get_timeout(s, &timeleft) == NULL)
305 {
306 return 0;
307 }
308
309 /* Return false if timer is not expired yet */
310 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
311 {
312 return 0;
313 }
314
315 /* Timer expired, so return true */
316 return 1;
317 }
318
319void dtls1_double_timeout(SSL *s)
320 {
321 s->d1->timeout_duration *= 2;
322 if (s->d1->timeout_duration > 60)
323 s->d1->timeout_duration = 60;
324 dtls1_start_timer(s);
325 }
326
327void dtls1_stop_timer(SSL *s)
328 {
329 /* Reset everything */
330 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
331 s->d1->timeout_duration = 1;
332 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
333 }
334
335int dtls1_handle_timeout(SSL *s)
336 {
337 DTLS1_STATE *state;
338
339 /* if no timer is expired, don't do anything */
340 if (!dtls1_is_timer_expired(s))
341 {
342 return 0;
343 }
344
345 dtls1_double_timeout(s);
346 state = s->d1;
347 state->timeout.num_alerts++;
348 if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
349 {
350 /* fail the connection, enough alerts have been sent */
351 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
352 return 0;
353 }
354
355 state->timeout.read_timeouts++;
356 if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
357 {
358 state->timeout.read_timeouts = 1;
359 }
360
361 dtls1_start_timer(s);
362 return dtls1_retransmit_buffered_messages(s);
363 }
364
365static void get_current_time(struct timeval *t)
366{
367#ifdef OPENSSL_SYS_WIN32
368 struct _timeb tb;
369 _ftime(&tb);
370 t->tv_sec = (long)tb.time;
371 t->tv_usec = (long)tb.millitm * 1000;
372#elif defined(OPENSSL_SYS_VMS)
373 struct timeb tb;
374 ftime(&tb);
375 t->tv_sec = (long)tb.time;
376 t->tv_usec = (long)tb.millitm * 1000;
377#else
378 gettimeofday(t, NULL);
379#endif
380}
381
382int dtls1_listen(SSL *s, struct sockaddr *client)
383 {
384 int ret;
385
386 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
387 s->d1->listen = 1;
388
389 ret = SSL_accept(s);
390 if (ret <= 0) return ret;
391
392 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
393 return 1;
394 }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
deleted file mode 100644
index 5c4004bfe3..0000000000
--- a/src/lib/libssl/d1_meth.c
+++ /dev/null
@@ -1,77 +0,0 @@
1/* ssl/d1_meth.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include <openssl/objects.h>
62#include "ssl_locl.h"
63
64static const SSL_METHOD *dtls1_get_method(int ver);
65static const SSL_METHOD *dtls1_get_method(int ver)
66 {
67 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method());
69 else
70 return(NULL);
71 }
72
73IMPLEMENT_dtls1_meth_func(DTLSv1_method,
74 dtls1_accept,
75 dtls1_connect,
76 dtls1_get_method)
77
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
deleted file mode 100644
index a5439d544f..0000000000
--- a/src/lib/libssl/d1_pkt.c
+++ /dev/null
@@ -1,1773 +0,0 @@
1/* ssl/d1_pkt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include <errno.h>
118#define USE_SOCKETS
119#include "ssl_locl.h"
120#include <openssl/evp.h>
121#include <openssl/buffer.h>
122#include <openssl/pqueue.h>
123#include <openssl/rand.h>
124
125/* mod 128 saturating subtract of two 64-bit values in big-endian order */
126static int satsub64be(const unsigned char *v1,const unsigned char *v2)
127{ int ret,sat,brw,i;
128
129 if (sizeof(long) == 8) do
130 { const union { long one; char little; } is_endian = {1};
131 long l;
132
133 if (is_endian.little) break;
134 /* not reached on little-endians */
135 /* following test is redundant, because input is
136 * always aligned, but I take no chances... */
137 if (((size_t)v1|(size_t)v2)&0x7) break;
138
139 l = *((long *)v1);
140 l -= *((long *)v2);
141 if (l>128) return 128;
142 else if (l<-128) return -128;
143 else return (int)l;
144 } while (0);
145
146 ret = (int)v1[7]-(int)v2[7];
147 sat = 0;
148 brw = ret>>8; /* brw is either 0 or -1 */
149 if (ret & 0x80)
150 { for (i=6;i>=0;i--)
151 { brw += (int)v1[i]-(int)v2[i];
152 sat |= ~brw;
153 brw >>= 8;
154 }
155 }
156 else
157 { for (i=6;i>=0;i--)
158 { brw += (int)v1[i]-(int)v2[i];
159 sat |= brw;
160 brw >>= 8;
161 }
162 }
163 brw <<= 8; /* brw is either 0 or -256 */
164
165 if (sat&0xff) return brw | 0x80;
166 else return brw + (ret&0xFF);
167}
168
169static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
170 int len, int peek);
171static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
172static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
173static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
174 unsigned int *is_next_epoch);
175#if 0
176static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
177 unsigned short *priority, unsigned long *offset);
178#endif
179static int dtls1_buffer_record(SSL *s, record_pqueue *q,
180 unsigned char *priority);
181static int dtls1_process_record(SSL *s);
182static void dtls1_clear_timeouts(SSL *s);
183
184/* copy buffered record into SSL structure */
185static int
186dtls1_copy_record(SSL *s, pitem *item)
187 {
188 DTLS1_RECORD_DATA *rdata;
189
190 rdata = (DTLS1_RECORD_DATA *)item->data;
191
192 if (s->s3->rbuf.buf != NULL)
193 OPENSSL_free(s->s3->rbuf.buf);
194
195 s->packet = rdata->packet;
196 s->packet_length = rdata->packet_length;
197 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
198 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
199
200 /* Set proper sequence number for mac calculation */
201 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
202
203 return(1);
204 }
205
206
207static int
208dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
209 {
210 DTLS1_RECORD_DATA *rdata;
211 pitem *item;
212
213 /* Limit the size of the queue to prevent DOS attacks */
214 if (pqueue_size(queue->q) >= 100)
215 return 0;
216
217 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
218 item = pitem_new(priority, rdata);
219 if (rdata == NULL || item == NULL)
220 {
221 if (rdata != NULL) OPENSSL_free(rdata);
222 if (item != NULL) pitem_free(item);
223
224 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
225 return(0);
226 }
227
228 rdata->packet = s->packet;
229 rdata->packet_length = s->packet_length;
230 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
231 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
232
233 item->data = rdata;
234
235 /* insert should not fail, since duplicates are dropped */
236 if (pqueue_insert(queue->q, item) == NULL)
237 {
238 OPENSSL_free(rdata);
239 pitem_free(item);
240 return(0);
241 }
242
243 s->packet = NULL;
244 s->packet_length = 0;
245 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
246 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
247
248 if (!ssl3_setup_buffers(s))
249 {
250 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
251 OPENSSL_free(rdata);
252 pitem_free(item);
253 return(0);
254 }
255
256 return(1);
257 }
258
259
260static int
261dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
262 {
263 pitem *item;
264
265 item = pqueue_pop(queue->q);
266 if (item)
267 {
268 dtls1_copy_record(s, item);
269
270 OPENSSL_free(item->data);
271 pitem_free(item);
272
273 return(1);
274 }
275
276 return(0);
277 }
278
279
280/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
281 * yet */
282#define dtls1_get_unprocessed_record(s) \
283 dtls1_retrieve_buffered_record((s), \
284 &((s)->d1->unprocessed_rcds))
285
286/* retrieve a buffered record that belongs to the current epoch, ie, processed */
287#define dtls1_get_processed_record(s) \
288 dtls1_retrieve_buffered_record((s), \
289 &((s)->d1->processed_rcds))
290
291static int
292dtls1_process_buffered_records(SSL *s)
293 {
294 pitem *item;
295
296 item = pqueue_peek(s->d1->unprocessed_rcds.q);
297 if (item)
298 {
299 DTLS1_RECORD_DATA *rdata;
300 rdata = (DTLS1_RECORD_DATA *)item->data;
301
302 /* Check if epoch is current. */
303 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
304 return(1); /* Nothing to do. */
305
306 /* Process all the records. */
307 while (pqueue_peek(s->d1->unprocessed_rcds.q))
308 {
309 dtls1_get_unprocessed_record(s);
310 if ( ! dtls1_process_record(s))
311 return(0);
312 dtls1_buffer_record(s, &(s->d1->processed_rcds),
313 s->s3->rrec.seq_num);
314 }
315 }
316
317 /* sync epoch numbers once all the unprocessed records
318 * have been processed */
319 s->d1->processed_rcds.epoch = s->d1->r_epoch;
320 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
321
322 return(1);
323 }
324
325
326#if 0
327
328static int
329dtls1_get_buffered_record(SSL *s)
330 {
331 pitem *item;
332 PQ_64BIT priority =
333 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
334 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
335
336 if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
337 nothing buffered */
338 return 0;
339
340
341 item = pqueue_peek(s->d1->rcvd_records);
342 if (item && item->priority == priority)
343 {
344 /* Check if we've received the record of interest. It must be
345 * a handshake record, since data records as passed up without
346 * buffering */
347 DTLS1_RECORD_DATA *rdata;
348 item = pqueue_pop(s->d1->rcvd_records);
349 rdata = (DTLS1_RECORD_DATA *)item->data;
350
351 if (s->s3->rbuf.buf != NULL)
352 OPENSSL_free(s->s3->rbuf.buf);
353
354 s->packet = rdata->packet;
355 s->packet_length = rdata->packet_length;
356 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
357 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
358
359 OPENSSL_free(item->data);
360 pitem_free(item);
361
362 /* s->d1->next_expected_seq_num++; */
363 return(1);
364 }
365
366 return 0;
367 }
368
369#endif
370
371static int
372dtls1_process_record(SSL *s)
373{
374 int i,al;
375 int clear=0;
376 int enc_err;
377 SSL_SESSION *sess;
378 SSL3_RECORD *rr;
379 unsigned int mac_size;
380 unsigned char md[EVP_MAX_MD_SIZE];
381
382
383 rr= &(s->s3->rrec);
384 sess = s->session;
385
386 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
387 * and we have that many bytes in s->packet
388 */
389 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
390
391 /* ok, we can now read from 's->packet' data into 'rr'
392 * rr->input points at rr->length bytes, which
393 * need to be copied into rr->data by either
394 * the decryption or by the decompression
395 * When the data is 'copied' into the rr->data buffer,
396 * rr->input will be pointed at the new buffer */
397
398 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
399 * rr->length bytes of encrypted compressed stuff. */
400
401 /* check is not needed I believe */
402 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
403 {
404 al=SSL_AD_RECORD_OVERFLOW;
405 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
406 goto f_err;
407 }
408
409 /* decrypt in place in 'rr->input' */
410 rr->data=rr->input;
411
412 enc_err = s->method->ssl3_enc->enc(s,0);
413 if (enc_err <= 0)
414 {
415 if (enc_err == 0)
416 /* SSLerr() and ssl3_send_alert() have been called */
417 goto err;
418
419 /* otherwise enc_err == -1 */
420 goto err;
421 }
422
423#ifdef TLS_DEBUG
424printf("dec %d\n",rr->length);
425{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
426printf("\n");
427#endif
428
429 /* r->length is now the compressed data plus mac */
430 if ( (sess == NULL) ||
431 (s->enc_read_ctx == NULL) ||
432 (s->read_hash == NULL))
433 clear=1;
434
435 if (!clear)
436 {
437 /* !clear => s->read_hash != NULL => mac_size != -1 */
438 int t;
439 t=EVP_MD_CTX_size(s->read_hash);
440 OPENSSL_assert(t >= 0);
441 mac_size=t;
442
443 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
444 {
445#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
446 al=SSL_AD_RECORD_OVERFLOW;
447 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
448 goto f_err;
449#else
450 goto err;
451#endif
452 }
453 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
454 if (rr->length < mac_size)
455 {
456#if 0 /* OK only for stream ciphers */
457 al=SSL_AD_DECODE_ERROR;
458 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
459 goto f_err;
460#else
461 goto err;
462#endif
463 }
464 rr->length-=mac_size;
465 i=s->method->ssl3_enc->mac(s,md,0);
466 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
467 {
468 goto err;
469 }
470 }
471
472 /* r->length is now just compressed */
473 if (s->expand != NULL)
474 {
475 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
476 {
477 al=SSL_AD_RECORD_OVERFLOW;
478 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
479 goto f_err;
480 }
481 if (!ssl3_do_uncompress(s))
482 {
483 al=SSL_AD_DECOMPRESSION_FAILURE;
484 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
485 goto f_err;
486 }
487 }
488
489 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
490 {
491 al=SSL_AD_RECORD_OVERFLOW;
492 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
493 goto f_err;
494 }
495
496 rr->off=0;
497 /* So at this point the following is true
498 * ssl->s3->rrec.type is the type of record
499 * ssl->s3->rrec.length == number of bytes in record
500 * ssl->s3->rrec.off == offset to first valid byte
501 * ssl->s3->rrec.data == where to take bytes from, increment
502 * after use :-).
503 */
504
505 /* we have pulled in a full packet so zero things */
506 s->packet_length=0;
507 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
508 return(1);
509
510f_err:
511 ssl3_send_alert(s,SSL3_AL_FATAL,al);
512err:
513 return(0);
514}
515
516
517/* Call this to get a new input record.
518 * It will return <= 0 if more data is needed, normally due to an error
519 * or non-blocking IO.
520 * When it finishes, one packet has been decoded and can be found in
521 * ssl->s3->rrec.type - is the type of record
522 * ssl->s3->rrec.data, - data
523 * ssl->s3->rrec.length, - number of bytes
524 */
525/* used only by dtls1_read_bytes */
526int dtls1_get_record(SSL *s)
527 {
528 int ssl_major,ssl_minor;
529 int i,n;
530 SSL3_RECORD *rr;
531 SSL_SESSION *sess;
532 unsigned char *p = NULL;
533 unsigned short version;
534 DTLS1_BITMAP *bitmap;
535 unsigned int is_next_epoch;
536
537 rr= &(s->s3->rrec);
538 sess=s->session;
539
540 /* The epoch may have changed. If so, process all the
541 * pending records. This is a non-blocking operation. */
542 dtls1_process_buffered_records(s);
543
544 /* if we're renegotiating, then there may be buffered records */
545 if (dtls1_get_processed_record(s))
546 return 1;
547
548 /* get something from the wire */
549again:
550 /* check if we have the header */
551 if ( (s->rstate != SSL_ST_READ_BODY) ||
552 (s->packet_length < DTLS1_RT_HEADER_LENGTH))
553 {
554 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
555 /* read timeout is handled by dtls1_read_bytes */
556 if (n <= 0) return(n); /* error or non-blocking */
557
558 /* this packet contained a partial record, dump it */
559 if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
560 {
561 s->packet_length = 0;
562 goto again;
563 }
564
565 s->rstate=SSL_ST_READ_BODY;
566
567 p=s->packet;
568
569 /* Pull apart the header into the DTLS1_RECORD */
570 rr->type= *(p++);
571 ssl_major= *(p++);
572 ssl_minor= *(p++);
573 version=(ssl_major<<8)|ssl_minor;
574
575 /* sequence number is 64 bits, with top 2 bytes = epoch */
576 n2s(p,rr->epoch);
577
578 memcpy(&(s->s3->read_sequence[2]), p, 6);
579 p+=6;
580
581 n2s(p,rr->length);
582
583 /* Lets check version */
584 if (!s->first_packet)
585 {
586 if (version != s->version)
587 {
588 /* unexpected version, silently discard */
589 rr->length = 0;
590 s->packet_length = 0;
591 goto again;
592 }
593 }
594
595 if ((version & 0xff00) != (s->version & 0xff00))
596 {
597 /* wrong version, silently discard record */
598 rr->length = 0;
599 s->packet_length = 0;
600 goto again;
601 }
602
603 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
604 {
605 /* record too long, silently discard it */
606 rr->length = 0;
607 s->packet_length = 0;
608 goto again;
609 }
610
611 /* now s->rstate == SSL_ST_READ_BODY */
612 }
613
614 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
615
616 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
617 {
618 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
619 i=rr->length;
620 n=ssl3_read_n(s,i,i,1);
621 if (n <= 0) return(n); /* error or non-blocking io */
622
623 /* this packet contained a partial record, dump it */
624 if ( n != i)
625 {
626 rr->length = 0;
627 s->packet_length = 0;
628 goto again;
629 }
630
631 /* now n == rr->length,
632 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
633 }
634 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
635
636 /* match epochs. NULL means the packet is dropped on the floor */
637 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
638 if ( bitmap == NULL)
639 {
640 rr->length = 0;
641 s->packet_length = 0; /* dump this record */
642 goto again; /* get another record */
643 }
644
645 /* Check whether this is a repeat, or aged record.
646 * Don't check if we're listening and this message is
647 * a ClientHello. They can look as if they're replayed,
648 * since they arrive from different connections and
649 * would be dropped unnecessarily.
650 */
651 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
652 *p == SSL3_MT_CLIENT_HELLO) &&
653 !dtls1_record_replay_check(s, bitmap))
654 {
655 rr->length = 0;
656 s->packet_length=0; /* dump this record */
657 goto again; /* get another record */
658 }
659
660 /* just read a 0 length packet */
661 if (rr->length == 0) goto again;
662
663 /* If this record is from the next epoch (either HM or ALERT),
664 * and a handshake is currently in progress, buffer it since it
665 * cannot be processed at this time. */
666 if (is_next_epoch)
667 {
668 if (SSL_in_init(s) || s->in_handshake)
669 {
670 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
671 }
672 rr->length = 0;
673 s->packet_length = 0;
674 goto again;
675 }
676
677 if (!dtls1_process_record(s))
678 {
679 rr->length = 0;
680 s->packet_length = 0; /* dump this record */
681 goto again; /* get another record */
682 }
683
684 dtls1_clear_timeouts(s); /* done waiting */
685 return(1);
686
687 }
688
689/* Return up to 'len' payload bytes received in 'type' records.
690 * 'type' is one of the following:
691 *
692 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
693 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
694 * - 0 (during a shutdown, no data has to be returned)
695 *
696 * If we don't have stored data to work from, read a SSL/TLS record first
697 * (possibly multiple records if we still don't have anything to return).
698 *
699 * This function must handle any surprises the peer may have for us, such as
700 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
701 * a surprise, but handled as if it were), or renegotiation requests.
702 * Also if record payloads contain fragments too small to process, we store
703 * them until there is enough for the respective protocol (the record protocol
704 * may use arbitrary fragmentation and even interleaving):
705 * Change cipher spec protocol
706 * just 1 byte needed, no need for keeping anything stored
707 * Alert protocol
708 * 2 bytes needed (AlertLevel, AlertDescription)
709 * Handshake protocol
710 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
711 * to detect unexpected Client Hello and Hello Request messages
712 * here, anything else is handled by higher layers
713 * Application data protocol
714 * none of our business
715 */
716int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
717 {
718 int al,i,j,ret;
719 unsigned int n;
720 SSL3_RECORD *rr;
721 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
722
723 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
724 if (!ssl3_setup_buffers(s))
725 return(-1);
726
727 /* XXX: check what the second '&& type' is about */
728 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
729 (type != SSL3_RT_HANDSHAKE) && type) ||
730 (peek && (type != SSL3_RT_APPLICATION_DATA)))
731 {
732 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
733 return -1;
734 }
735
736 /* check whether there's a handshake message (client hello?) waiting */
737 if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
738 return ret;
739
740 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
741
742 if (!s->in_handshake && SSL_in_init(s))
743 {
744 /* type == SSL3_RT_APPLICATION_DATA */
745 i=s->handshake_func(s);
746 if (i < 0) return(i);
747 if (i == 0)
748 {
749 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
750 return(-1);
751 }
752 }
753
754start:
755 s->rwstate=SSL_NOTHING;
756
757 /* s->s3->rrec.type - is the type of record
758 * s->s3->rrec.data, - data
759 * s->s3->rrec.off, - offset into 'data' for next read
760 * s->s3->rrec.length, - number of bytes. */
761 rr = &(s->s3->rrec);
762
763 /* We are not handshaking and have no data yet,
764 * so process data buffered during the last handshake
765 * in advance, if any.
766 */
767 if (s->state == SSL_ST_OK && rr->length == 0)
768 {
769 pitem *item;
770 item = pqueue_pop(s->d1->buffered_app_data.q);
771 if (item)
772 {
773 dtls1_copy_record(s, item);
774
775 OPENSSL_free(item->data);
776 pitem_free(item);
777 }
778 }
779
780 /* Check for timeout */
781 if (dtls1_handle_timeout(s) > 0)
782 goto start;
783
784 /* get new packet if necessary */
785 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
786 {
787 ret=dtls1_get_record(s);
788 if (ret <= 0)
789 {
790 ret = dtls1_read_failed(s, ret);
791 /* anything other than a timeout is an error */
792 if (ret <= 0)
793 return(ret);
794 else
795 goto start;
796 }
797 }
798
799 /* we now have a packet which can be read and processed */
800
801 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
802 * reset by ssl3_get_finished */
803 && (rr->type != SSL3_RT_HANDSHAKE))
804 {
805 /* We now have application data between CCS and Finished.
806 * Most likely the packets were reordered on their way, so
807 * buffer the application data for later processing rather
808 * than dropping the connection.
809 */
810 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
811 rr->length = 0;
812 goto start;
813 }
814
815 /* If the other end has shut down, throw anything we read away
816 * (even in 'peek' mode) */
817 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
818 {
819 rr->length=0;
820 s->rwstate=SSL_NOTHING;
821 return(0);
822 }
823
824
825 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
826 {
827 /* make sure that we are not getting application data when we
828 * are doing a handshake for the first time */
829 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
830 (s->enc_read_ctx == NULL))
831 {
832 al=SSL_AD_UNEXPECTED_MESSAGE;
833 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
834 goto f_err;
835 }
836
837 if (len <= 0) return(len);
838
839 if ((unsigned int)len > rr->length)
840 n = rr->length;
841 else
842 n = (unsigned int)len;
843
844 memcpy(buf,&(rr->data[rr->off]),n);
845 if (!peek)
846 {
847 rr->length-=n;
848 rr->off+=n;
849 if (rr->length == 0)
850 {
851 s->rstate=SSL_ST_READ_HEADER;
852 rr->off=0;
853 }
854 }
855 return(n);
856 }
857
858
859 /* If we get here, then type != rr->type; if we have a handshake
860 * message, then it was unexpected (Hello Request or Client Hello). */
861
862 /* In case of record types for which we have 'fragment' storage,
863 * fill that so that we can process the data at a fixed place.
864 */
865 {
866 unsigned int k, dest_maxlen = 0;
867 unsigned char *dest = NULL;
868 unsigned int *dest_len = NULL;
869
870 if (rr->type == SSL3_RT_HANDSHAKE)
871 {
872 dest_maxlen = sizeof s->d1->handshake_fragment;
873 dest = s->d1->handshake_fragment;
874 dest_len = &s->d1->handshake_fragment_len;
875 }
876 else if (rr->type == SSL3_RT_ALERT)
877 {
878 dest_maxlen = sizeof(s->d1->alert_fragment);
879 dest = s->d1->alert_fragment;
880 dest_len = &s->d1->alert_fragment_len;
881 }
882 /* else it's a CCS message, or application data or wrong */
883 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
884 {
885 /* Application data while renegotiating
886 * is allowed. Try again reading.
887 */
888 if (rr->type == SSL3_RT_APPLICATION_DATA)
889 {
890 BIO *bio;
891 s->s3->in_read_app_data=2;
892 bio=SSL_get_rbio(s);
893 s->rwstate=SSL_READING;
894 BIO_clear_retry_flags(bio);
895 BIO_set_retry_read(bio);
896 return(-1);
897 }
898
899 /* Not certain if this is the right error handling */
900 al=SSL_AD_UNEXPECTED_MESSAGE;
901 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
902 goto f_err;
903 }
904
905 if (dest_maxlen > 0)
906 {
907 /* XDTLS: In a pathalogical case, the Client Hello
908 * may be fragmented--don't always expect dest_maxlen bytes */
909 if ( rr->length < dest_maxlen)
910 {
911#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
912 /*
913 * for normal alerts rr->length is 2, while
914 * dest_maxlen is 7 if we were to handle this
915 * non-existing alert...
916 */
917 FIX ME
918#endif
919 s->rstate=SSL_ST_READ_HEADER;
920 rr->length = 0;
921 goto start;
922 }
923
924 /* now move 'n' bytes: */
925 for ( k = 0; k < dest_maxlen; k++)
926 {
927 dest[k] = rr->data[rr->off++];
928 rr->length--;
929 }
930 *dest_len = dest_maxlen;
931 }
932 }
933
934 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
935 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
936 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
937
938 /* If we are a client, check for an incoming 'Hello Request': */
939 if ((!s->server) &&
940 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
941 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
942 (s->session != NULL) && (s->session->cipher != NULL))
943 {
944 s->d1->handshake_fragment_len = 0;
945
946 if ((s->d1->handshake_fragment[1] != 0) ||
947 (s->d1->handshake_fragment[2] != 0) ||
948 (s->d1->handshake_fragment[3] != 0))
949 {
950 al=SSL_AD_DECODE_ERROR;
951 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
952 goto err;
953 }
954
955 /* no need to check sequence number on HELLO REQUEST messages */
956
957 if (s->msg_callback)
958 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
959 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
960
961 if (SSL_is_init_finished(s) &&
962 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
963 !s->s3->renegotiate)
964 {
965 ssl3_renegotiate(s);
966 if (ssl3_renegotiate_check(s))
967 {
968 i=s->handshake_func(s);
969 if (i < 0) return(i);
970 if (i == 0)
971 {
972 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
973 return(-1);
974 }
975
976 if (!(s->mode & SSL_MODE_AUTO_RETRY))
977 {
978 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
979 {
980 BIO *bio;
981 /* In the case where we try to read application data,
982 * but we trigger an SSL handshake, we return -1 with
983 * the retry option set. Otherwise renegotiation may
984 * cause nasty problems in the blocking world */
985 s->rwstate=SSL_READING;
986 bio=SSL_get_rbio(s);
987 BIO_clear_retry_flags(bio);
988 BIO_set_retry_read(bio);
989 return(-1);
990 }
991 }
992 }
993 }
994 /* we either finished a handshake or ignored the request,
995 * now try again to obtain the (application) data we were asked for */
996 goto start;
997 }
998
999 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
1000 {
1001 int alert_level = s->d1->alert_fragment[0];
1002 int alert_descr = s->d1->alert_fragment[1];
1003
1004 s->d1->alert_fragment_len = 0;
1005
1006 if (s->msg_callback)
1007 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1008 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
1009
1010 if (s->info_callback != NULL)
1011 cb=s->info_callback;
1012 else if (s->ctx->info_callback != NULL)
1013 cb=s->ctx->info_callback;
1014
1015 if (cb != NULL)
1016 {
1017 j = (alert_level << 8) | alert_descr;
1018 cb(s, SSL_CB_READ_ALERT, j);
1019 }
1020
1021 if (alert_level == 1) /* warning */
1022 {
1023 s->s3->warn_alert = alert_descr;
1024 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1025 {
1026 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1027 return(0);
1028 }
1029#if 0
1030 /* XXX: this is a possible improvement in the future */
1031 /* now check if it's a missing record */
1032 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1033 {
1034 unsigned short seq;
1035 unsigned int frag_off;
1036 unsigned char *p = &(s->d1->alert_fragment[2]);
1037
1038 n2s(p, seq);
1039 n2l3(p, frag_off);
1040
1041 dtls1_retransmit_message(s,
1042 dtls1_get_queue_priority(frag->msg_header.seq, 0),
1043 frag_off, &found);
1044 if ( ! found && SSL_in_init(s))
1045 {
1046 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
1047 /* requested a message not yet sent,
1048 send an alert ourselves */
1049 ssl3_send_alert(s,SSL3_AL_WARNING,
1050 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1051 }
1052 }
1053#endif
1054 }
1055 else if (alert_level == 2) /* fatal */
1056 {
1057 char tmp[16];
1058
1059 s->rwstate=SSL_NOTHING;
1060 s->s3->fatal_alert = alert_descr;
1061 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1062 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1063 ERR_add_error_data(2,"SSL alert number ",tmp);
1064 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1065 SSL_CTX_remove_session(s->ctx,s->session);
1066 return(0);
1067 }
1068 else
1069 {
1070 al=SSL_AD_ILLEGAL_PARAMETER;
1071 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1072 goto f_err;
1073 }
1074
1075 goto start;
1076 }
1077
1078 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1079 {
1080 s->rwstate=SSL_NOTHING;
1081 rr->length=0;
1082 return(0);
1083 }
1084
1085 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1086 {
1087 struct ccs_header_st ccs_hdr;
1088 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
1089
1090 dtls1_get_ccs_header(rr->data, &ccs_hdr);
1091
1092 if (s->version == DTLS1_BAD_VER)
1093 ccs_hdr_len = 3;
1094
1095 /* 'Change Cipher Spec' is just a single byte, so we know
1096 * exactly what the record payload has to look like */
1097 /* XDTLS: check that epoch is consistent */
1098 if ( (rr->length != ccs_hdr_len) ||
1099 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
1100 {
1101 i=SSL_AD_ILLEGAL_PARAMETER;
1102 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1103 goto err;
1104 }
1105
1106 rr->length=0;
1107
1108 if (s->msg_callback)
1109 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1110 rr->data, 1, s, s->msg_callback_arg);
1111
1112 /* We can't process a CCS now, because previous handshake
1113 * messages are still missing, so just drop it.
1114 */
1115 if (!s->d1->change_cipher_spec_ok)
1116 {
1117 goto start;
1118 }
1119
1120 s->d1->change_cipher_spec_ok = 0;
1121
1122 s->s3->change_cipher_spec=1;
1123 if (!ssl3_do_change_cipher_spec(s))
1124 goto err;
1125
1126 /* do this whenever CCS is processed */
1127 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1128
1129 if (s->version == DTLS1_BAD_VER)
1130 s->d1->handshake_read_seq++;
1131
1132 goto start;
1133 }
1134
1135 /* Unexpected handshake message (Client Hello, or protocol violation) */
1136 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1137 !s->in_handshake)
1138 {
1139 struct hm_header_st msg_hdr;
1140
1141 /* this may just be a stale retransmit */
1142 dtls1_get_message_header(rr->data, &msg_hdr);
1143 if( rr->epoch != s->d1->r_epoch)
1144 {
1145 rr->length = 0;
1146 goto start;
1147 }
1148
1149 /* If we are server, we may have a repeated FINISHED of the
1150 * client here, then retransmit our CCS and FINISHED.
1151 */
1152 if (msg_hdr.type == SSL3_MT_FINISHED)
1153 {
1154 dtls1_retransmit_buffered_messages(s);
1155 rr->length = 0;
1156 goto start;
1157 }
1158
1159 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1160 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1161 {
1162#if 0 /* worked only because C operator preferences are not as expected (and
1163 * because this is not really needed for clients except for detecting
1164 * protocol violations): */
1165 s->state=SSL_ST_BEFORE|(s->server)
1166 ?SSL_ST_ACCEPT
1167 :SSL_ST_CONNECT;
1168#else
1169 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1170#endif
1171 s->new_session=1;
1172 }
1173 i=s->handshake_func(s);
1174 if (i < 0) return(i);
1175 if (i == 0)
1176 {
1177 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1178 return(-1);
1179 }
1180
1181 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1182 {
1183 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1184 {
1185 BIO *bio;
1186 /* In the case where we try to read application data,
1187 * but we trigger an SSL handshake, we return -1 with
1188 * the retry option set. Otherwise renegotiation may
1189 * cause nasty problems in the blocking world */
1190 s->rwstate=SSL_READING;
1191 bio=SSL_get_rbio(s);
1192 BIO_clear_retry_flags(bio);
1193 BIO_set_retry_read(bio);
1194 return(-1);
1195 }
1196 }
1197 goto start;
1198 }
1199
1200 switch (rr->type)
1201 {
1202 default:
1203#ifndef OPENSSL_NO_TLS
1204 /* TLS just ignores unknown message types */
1205 if (s->version == TLS1_VERSION)
1206 {
1207 rr->length = 0;
1208 goto start;
1209 }
1210#endif
1211 al=SSL_AD_UNEXPECTED_MESSAGE;
1212 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1213 goto f_err;
1214 case SSL3_RT_CHANGE_CIPHER_SPEC:
1215 case SSL3_RT_ALERT:
1216 case SSL3_RT_HANDSHAKE:
1217 /* we already handled all of these, with the possible exception
1218 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1219 * should not happen when type != rr->type */
1220 al=SSL_AD_UNEXPECTED_MESSAGE;
1221 SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
1222 goto f_err;
1223 case SSL3_RT_APPLICATION_DATA:
1224 /* At this point, we were expecting handshake data,
1225 * but have application data. If the library was
1226 * running inside ssl3_read() (i.e. in_read_app_data
1227 * is set) and it makes sense to read application data
1228 * at this point (session renegotiation not yet started),
1229 * we will indulge it.
1230 */
1231 if (s->s3->in_read_app_data &&
1232 (s->s3->total_renegotiations != 0) &&
1233 ((
1234 (s->state & SSL_ST_CONNECT) &&
1235 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1236 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1237 ) || (
1238 (s->state & SSL_ST_ACCEPT) &&
1239 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1240 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1241 )
1242 ))
1243 {
1244 s->s3->in_read_app_data=2;
1245 return(-1);
1246 }
1247 else
1248 {
1249 al=SSL_AD_UNEXPECTED_MESSAGE;
1250 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1251 goto f_err;
1252 }
1253 }
1254 /* not reached */
1255
1256f_err:
1257 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1258err:
1259 return(-1);
1260 }
1261
1262int
1263dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1264 {
1265 int i;
1266
1267 if (SSL_in_init(s) && !s->in_handshake)
1268 {
1269 i=s->handshake_func(s);
1270 if (i < 0) return(i);
1271 if (i == 0)
1272 {
1273 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1274 return -1;
1275 }
1276 }
1277
1278 if (len > SSL3_RT_MAX_PLAIN_LENGTH)
1279 {
1280 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG);
1281 return -1;
1282 }
1283
1284 i = dtls1_write_bytes(s, type, buf_, len);
1285 return i;
1286 }
1287
1288
1289 /* this only happens when a client hello is received and a handshake
1290 * is started. */
1291static int
1292have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1293 int len, int peek)
1294 {
1295
1296 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1297 /* (partially) satisfy request from storage */
1298 {
1299 unsigned char *src = s->d1->handshake_fragment;
1300 unsigned char *dst = buf;
1301 unsigned int k,n;
1302
1303 /* peek == 0 */
1304 n = 0;
1305 while ((len > 0) && (s->d1->handshake_fragment_len > 0))
1306 {
1307 *dst++ = *src++;
1308 len--; s->d1->handshake_fragment_len--;
1309 n++;
1310 }
1311 /* move any remaining fragment bytes: */
1312 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1313 s->d1->handshake_fragment[k] = *src++;
1314 return n;
1315 }
1316
1317 return 0;
1318 }
1319
1320
1321
1322
1323/* Call this to write data in records of type 'type'
1324 * It will return <= 0 if not all data has been sent or non-blocking IO.
1325 */
1326int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1327 {
1328 int i;
1329
1330 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1331 s->rwstate=SSL_NOTHING;
1332 i=do_dtls1_write(s, type, buf, len, 0);
1333 return i;
1334 }
1335
1336int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1337 {
1338 unsigned char *p,*pseq;
1339 int i,mac_size,clear=0;
1340 int prefix_len = 0;
1341 SSL3_RECORD *wr;
1342 SSL3_BUFFER *wb;
1343 SSL_SESSION *sess;
1344 int bs;
1345
1346 /* first check if there is a SSL3_BUFFER still being written
1347 * out. This will happen with non blocking IO */
1348 if (s->s3->wbuf.left != 0)
1349 {
1350 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1351 return(ssl3_write_pending(s,type,buf,len));
1352 }
1353
1354 /* If we have an alert to send, lets send it */
1355 if (s->s3->alert_dispatch)
1356 {
1357 i=s->method->ssl_dispatch_alert(s);
1358 if (i <= 0)
1359 return(i);
1360 /* if it went, fall through and send more stuff */
1361 }
1362
1363 if (len == 0 && !create_empty_fragment)
1364 return 0;
1365
1366 wr= &(s->s3->wrec);
1367 wb= &(s->s3->wbuf);
1368 sess=s->session;
1369
1370 if ( (sess == NULL) ||
1371 (s->enc_write_ctx == NULL) ||
1372 (EVP_MD_CTX_md(s->write_hash) == NULL))
1373 clear=1;
1374
1375 if (clear)
1376 mac_size=0;
1377 else
1378 {
1379 mac_size=EVP_MD_CTX_size(s->write_hash);
1380 if (mac_size < 0)
1381 goto err;
1382 }
1383
1384 /* DTLS implements explicit IV, so no need for empty fragments */
1385#if 0
1386 /* 'create_empty_fragment' is true only when this function calls itself */
1387 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
1388 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
1389 {
1390 /* countermeasure against known-IV weakness in CBC ciphersuites
1391 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1392 */
1393
1394 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
1395 {
1396 /* recursive function call with 'create_empty_fragment' set;
1397 * this prepares and buffers the data for an empty fragment
1398 * (these 'prefix_len' bytes are sent out later
1399 * together with the actual payload) */
1400 prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
1401 if (prefix_len <= 0)
1402 goto err;
1403
1404 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
1405 {
1406 /* insufficient space */
1407 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1408 goto err;
1409 }
1410 }
1411
1412 s->s3->empty_fragment_done = 1;
1413 }
1414#endif
1415 p = wb->buf + prefix_len;
1416
1417 /* write the header */
1418
1419 *(p++)=type&0xff;
1420 wr->type=type;
1421
1422 *(p++)=(s->version>>8);
1423 *(p++)=s->version&0xff;
1424
1425 /* field where we are to write out packet epoch, seq num and len */
1426 pseq=p;
1427 p+=10;
1428
1429 /* lets setup the record stuff. */
1430
1431 /* Make space for the explicit IV in case of CBC.
1432 * (this is a bit of a boundary violation, but what the heck).
1433 */
1434 if ( s->enc_write_ctx &&
1435 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1436 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1437 else
1438 bs = 0;
1439
1440 wr->data=p + bs; /* make room for IV in case of CBC */
1441 wr->length=(int)len;
1442 wr->input=(unsigned char *)buf;
1443
1444 /* we now 'read' from wr->input, wr->length bytes into
1445 * wr->data */
1446
1447 /* first we compress */
1448 if (s->compress != NULL)
1449 {
1450 if (!ssl3_do_compress(s))
1451 {
1452 SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
1453 goto err;
1454 }
1455 }
1456 else
1457 {
1458 memcpy(wr->data,wr->input,wr->length);
1459 wr->input=wr->data;
1460 }
1461
1462 /* we should still have the output to wr->data and the input
1463 * from wr->input. Length should be wr->length.
1464 * wr->data still points in the wb->buf */
1465
1466 if (mac_size != 0)
1467 {
1468 if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1469 goto err;
1470 wr->length+=mac_size;
1471 }
1472
1473 /* this is true regardless of mac size */
1474 wr->input=p;
1475 wr->data=p;
1476
1477
1478 /* ssl3_enc can only have an error on read */
1479 if (bs) /* bs != 0 in case of CBC */
1480 {
1481 RAND_pseudo_bytes(p,bs);
1482 /* master IV and last CBC residue stand for
1483 * the rest of randomness */
1484 wr->length += bs;
1485 }
1486
1487 s->method->ssl3_enc->enc(s,1);
1488
1489 /* record length after mac and block padding */
1490/* if (type == SSL3_RT_APPLICATION_DATA ||
1491 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1492
1493 /* there's only one epoch between handshake and app data */
1494
1495 s2n(s->d1->w_epoch, pseq);
1496
1497 /* XDTLS: ?? */
1498/* else
1499 s2n(s->d1->handshake_epoch, pseq); */
1500
1501 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1502 pseq+=6;
1503 s2n(wr->length,pseq);
1504
1505 /* we should now have
1506 * wr->data pointing to the encrypted data, which is
1507 * wr->length long */
1508 wr->type=type; /* not needed but helps for debugging */
1509 wr->length+=DTLS1_RT_HEADER_LENGTH;
1510
1511#if 0 /* this is now done at the message layer */
1512 /* buffer the record, making it easy to handle retransmits */
1513 if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
1514 dtls1_buffer_record(s, wr->data, wr->length,
1515 *((PQ_64BIT *)&(s->s3->write_sequence[0])));
1516#endif
1517
1518 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1519
1520 if (create_empty_fragment)
1521 {
1522 /* we are in a recursive call;
1523 * just return the length, don't write out anything here
1524 */
1525 return wr->length;
1526 }
1527
1528 /* now let's set up wb */
1529 wb->left = prefix_len + wr->length;
1530 wb->offset = 0;
1531
1532 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1533 s->s3->wpend_tot=len;
1534 s->s3->wpend_buf=buf;
1535 s->s3->wpend_type=type;
1536 s->s3->wpend_ret=len;
1537
1538 /* we now just need to write the buffer */
1539 return ssl3_write_pending(s,type,buf,len);
1540err:
1541 return -1;
1542 }
1543
1544
1545
1546static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1547 {
1548 int cmp;
1549 unsigned int shift;
1550 const unsigned char *seq = s->s3->read_sequence;
1551
1552 cmp = satsub64be(seq,bitmap->max_seq_num);
1553 if (cmp > 0)
1554 {
1555 memcpy (s->s3->rrec.seq_num,seq,8);
1556 return 1; /* this record in new */
1557 }
1558 shift = -cmp;
1559 if (shift >= sizeof(bitmap->map)*8)
1560 return 0; /* stale, outside the window */
1561 else if (bitmap->map & (1UL<<shift))
1562 return 0; /* record previously received */
1563
1564 memcpy (s->s3->rrec.seq_num,seq,8);
1565 return 1;
1566 }
1567
1568
1569static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1570 {
1571 int cmp;
1572 unsigned int shift;
1573 const unsigned char *seq = s->s3->read_sequence;
1574
1575 cmp = satsub64be(seq,bitmap->max_seq_num);
1576 if (cmp > 0)
1577 {
1578 shift = cmp;
1579 if (shift < sizeof(bitmap->map)*8)
1580 bitmap->map <<= shift, bitmap->map |= 1UL;
1581 else
1582 bitmap->map = 1UL;
1583 memcpy(bitmap->max_seq_num,seq,8);
1584 }
1585 else {
1586 shift = -cmp;
1587 if (shift < sizeof(bitmap->map)*8)
1588 bitmap->map |= 1UL<<shift;
1589 }
1590 }
1591
1592
1593int dtls1_dispatch_alert(SSL *s)
1594 {
1595 int i,j;
1596 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1597 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1598 unsigned char *ptr = &buf[0];
1599
1600 s->s3->alert_dispatch=0;
1601
1602 memset(buf, 0x00, sizeof(buf));
1603 *ptr++ = s->s3->send_alert[0];
1604 *ptr++ = s->s3->send_alert[1];
1605
1606#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1607 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1608 {
1609 s2n(s->d1->handshake_read_seq, ptr);
1610#if 0
1611 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
1612
1613 else
1614 s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
1615#endif
1616
1617#if 0
1618 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
1619#endif
1620 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1621 }
1622#endif
1623
1624 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1625 if (i <= 0)
1626 {
1627 s->s3->alert_dispatch=1;
1628 /* fprintf( stderr, "not done with alert\n" ); */
1629 }
1630 else
1631 {
1632 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1633#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1634 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1635#endif
1636 )
1637 (void)BIO_flush(s->wbio);
1638
1639 if (s->msg_callback)
1640 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
1641 2, s, s->msg_callback_arg);
1642
1643 if (s->info_callback != NULL)
1644 cb=s->info_callback;
1645 else if (s->ctx->info_callback != NULL)
1646 cb=s->ctx->info_callback;
1647
1648 if (cb != NULL)
1649 {
1650 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1651 cb(s,SSL_CB_WRITE_ALERT,j);
1652 }
1653 }
1654 return(i);
1655 }
1656
1657
1658static DTLS1_BITMAP *
1659dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1660 {
1661
1662 *is_next_epoch = 0;
1663
1664 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1665 if (rr->epoch == s->d1->r_epoch)
1666 return &s->d1->bitmap;
1667
1668 /* Only HM and ALERT messages can be from the next epoch */
1669 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1670 (rr->type == SSL3_RT_HANDSHAKE ||
1671 rr->type == SSL3_RT_ALERT))
1672 {
1673 *is_next_epoch = 1;
1674 return &s->d1->next_bitmap;
1675 }
1676
1677 return NULL;
1678 }
1679
1680#if 0
1681static int
1682dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
1683 unsigned long *offset)
1684 {
1685
1686 /* alerts are passed up immediately */
1687 if ( rr->type == SSL3_RT_APPLICATION_DATA ||
1688 rr->type == SSL3_RT_ALERT)
1689 return 0;
1690
1691 /* Only need to buffer if a handshake is underway.
1692 * (this implies that Hello Request and Client Hello are passed up
1693 * immediately) */
1694 if ( SSL_in_init(s))
1695 {
1696 unsigned char *data = rr->data;
1697 /* need to extract the HM/CCS sequence number here */
1698 if ( rr->type == SSL3_RT_HANDSHAKE ||
1699 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1700 {
1701 unsigned short seq_num;
1702 struct hm_header_st msg_hdr;
1703 struct ccs_header_st ccs_hdr;
1704
1705 if ( rr->type == SSL3_RT_HANDSHAKE)
1706 {
1707 dtls1_get_message_header(data, &msg_hdr);
1708 seq_num = msg_hdr.seq;
1709 *offset = msg_hdr.frag_off;
1710 }
1711 else
1712 {
1713 dtls1_get_ccs_header(data, &ccs_hdr);
1714 seq_num = ccs_hdr.seq;
1715 *offset = 0;
1716 }
1717
1718 /* this is either a record we're waiting for, or a
1719 * retransmit of something we happened to previously
1720 * receive (higher layers will drop the repeat silently */
1721 if ( seq_num < s->d1->handshake_read_seq)
1722 return 0;
1723 if (rr->type == SSL3_RT_HANDSHAKE &&
1724 seq_num == s->d1->handshake_read_seq &&
1725 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
1726 return 0;
1727 else if ( seq_num == s->d1->handshake_read_seq &&
1728 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
1729 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
1730 return 0;
1731 else
1732 {
1733 *priority = seq_num;
1734 return 1;
1735 }
1736 }
1737 else /* unknown record type */
1738 return 0;
1739 }
1740
1741 return 0;
1742 }
1743#endif
1744
1745void
1746dtls1_reset_seq_numbers(SSL *s, int rw)
1747 {
1748 unsigned char *seq;
1749 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1750
1751 if ( rw & SSL3_CC_READ)
1752 {
1753 seq = s->s3->read_sequence;
1754 s->d1->r_epoch++;
1755 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1756 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1757 }
1758 else
1759 {
1760 seq = s->s3->write_sequence;
1761 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1762 s->d1->w_epoch++;
1763 }
1764
1765 memset(seq, 0x00, seq_bytes);
1766 }
1767
1768
1769static void
1770dtls1_clear_timeouts(SSL *s)
1771 {
1772 memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
1773 }
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
deleted file mode 100644
index 301ceda7a5..0000000000
--- a/src/lib/libssl/d1_srvr.c
+++ /dev/null
@@ -1,1551 +0,0 @@
1/* ssl/d1_srvr.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#include <openssl/buffer.h>
119#include <openssl/rand.h>
120#include <openssl/objects.h>
121#include <openssl/evp.h>
122#include <openssl/x509.h>
123#include <openssl/md5.h>
124#include <openssl/bn.h>
125#ifndef OPENSSL_NO_DH
126#include <openssl/dh.h>
127#endif
128
129static const SSL_METHOD *dtls1_get_server_method(int ver);
130static int dtls1_send_hello_verify_request(SSL *s);
131
132static const SSL_METHOD *dtls1_get_server_method(int ver)
133 {
134 if (ver == DTLS1_VERSION)
135 return(DTLSv1_server_method());
136 else
137 return(NULL);
138 }
139
140IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
141 dtls1_accept,
142 ssl_undefined_function,
143 dtls1_get_server_method)
144
145int dtls1_accept(SSL *s)
146 {
147 BUF_MEM *buf;
148 unsigned long Time=(unsigned long)time(NULL);
149 void (*cb)(const SSL *ssl,int type,int val)=NULL;
150 unsigned long alg_k;
151 int ret= -1;
152 int new_state,state,skip=0;
153
154 RAND_add(&Time,sizeof(Time),0);
155 ERR_clear_error();
156 clear_sys_error();
157
158 if (s->info_callback != NULL)
159 cb=s->info_callback;
160 else if (s->ctx->info_callback != NULL)
161 cb=s->ctx->info_callback;
162
163 /* init things to blank */
164 s->in_handshake++;
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
166
167 if (s->cert == NULL)
168 {
169 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
170 return(-1);
171 }
172
173 for (;;)
174 {
175 state=s->state;
176
177 switch (s->state)
178 {
179 case SSL_ST_RENEGOTIATE:
180 s->new_session=1;
181 /* s->state=SSL_ST_ACCEPT; */
182
183 case SSL_ST_BEFORE:
184 case SSL_ST_ACCEPT:
185 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
186 case SSL_ST_OK|SSL_ST_ACCEPT:
187
188 s->server=1;
189 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
190
191 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
192 {
193 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
194 return -1;
195 }
196 s->type=SSL_ST_ACCEPT;
197
198 if (s->init_buf == NULL)
199 {
200 if ((buf=BUF_MEM_new()) == NULL)
201 {
202 ret= -1;
203 goto end;
204 }
205 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
206 {
207 ret= -1;
208 goto end;
209 }
210 s->init_buf=buf;
211 }
212
213 if (!ssl3_setup_buffers(s))
214 {
215 ret= -1;
216 goto end;
217 }
218
219 s->init_num=0;
220
221 if (s->state != SSL_ST_RENEGOTIATE)
222 {
223 /* Ok, we now need to push on a buffering BIO so that
224 * the output is sent in a way that TCP likes :-)
225 */
226 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
227
228 ssl3_init_finished_mac(s);
229 s->state=SSL3_ST_SR_CLNT_HELLO_A;
230 s->ctx->stats.sess_accept++;
231 }
232 else
233 {
234 /* s->state == SSL_ST_RENEGOTIATE,
235 * we will just send a HelloRequest */
236 s->ctx->stats.sess_accept_renegotiate++;
237 s->state=SSL3_ST_SW_HELLO_REQ_A;
238 }
239
240 break;
241
242 case SSL3_ST_SW_HELLO_REQ_A:
243 case SSL3_ST_SW_HELLO_REQ_B:
244
245 s->shutdown=0;
246 dtls1_start_timer(s);
247 ret=dtls1_send_hello_request(s);
248 if (ret <= 0) goto end;
249 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
250 s->state=SSL3_ST_SW_FLUSH;
251 s->init_num=0;
252
253 ssl3_init_finished_mac(s);
254 break;
255
256 case SSL3_ST_SW_HELLO_REQ_C:
257 s->state=SSL_ST_OK;
258 break;
259
260 case SSL3_ST_SR_CLNT_HELLO_A:
261 case SSL3_ST_SR_CLNT_HELLO_B:
262 case SSL3_ST_SR_CLNT_HELLO_C:
263
264 s->shutdown=0;
265 ret=ssl3_get_client_hello(s);
266 if (ret <= 0) goto end;
267 dtls1_stop_timer(s);
268
269 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
270 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
271 else
272 s->state = SSL3_ST_SW_SRVR_HELLO_A;
273
274 s->init_num=0;
275
276 /* If we're just listening, stop here */
277 if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
278 {
279 ret = 2;
280 s->d1->listen = 0;
281 goto end;
282 }
283
284 break;
285
286 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
287 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
288
289 dtls1_start_timer(s);
290 ret = dtls1_send_hello_verify_request(s);
291 if ( ret <= 0) goto end;
292 s->state=SSL3_ST_SW_FLUSH;
293 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
294
295 /* HelloVerifyRequest resets Finished MAC */
296 if (s->version != DTLS1_BAD_VER)
297 ssl3_init_finished_mac(s);
298 break;
299
300 case SSL3_ST_SW_SRVR_HELLO_A:
301 case SSL3_ST_SW_SRVR_HELLO_B:
302 s->new_session = 2;
303 dtls1_start_timer(s);
304 ret=dtls1_send_server_hello(s);
305 if (ret <= 0) goto end;
306
307#ifndef OPENSSL_NO_TLSEXT
308 if (s->hit)
309 {
310 if (s->tlsext_ticket_expected)
311 s->state=SSL3_ST_SW_SESSION_TICKET_A;
312 else
313 s->state=SSL3_ST_SW_CHANGE_A;
314 }
315#else
316 if (s->hit)
317 s->state=SSL3_ST_SW_CHANGE_A;
318#endif
319 else
320 s->state=SSL3_ST_SW_CERT_A;
321 s->init_num=0;
322 break;
323
324 case SSL3_ST_SW_CERT_A:
325 case SSL3_ST_SW_CERT_B:
326 /* Check if it is anon DH or normal PSK */
327 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
328 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
329 {
330 dtls1_start_timer(s);
331 ret=dtls1_send_server_certificate(s);
332 if (ret <= 0) goto end;
333#ifndef OPENSSL_NO_TLSEXT
334 if (s->tlsext_status_expected)
335 s->state=SSL3_ST_SW_CERT_STATUS_A;
336 else
337 s->state=SSL3_ST_SW_KEY_EXCH_A;
338 }
339 else
340 {
341 skip = 1;
342 s->state=SSL3_ST_SW_KEY_EXCH_A;
343 }
344#else
345 }
346 else
347 skip=1;
348
349 s->state=SSL3_ST_SW_KEY_EXCH_A;
350#endif
351 s->init_num=0;
352 break;
353
354 case SSL3_ST_SW_KEY_EXCH_A:
355 case SSL3_ST_SW_KEY_EXCH_B:
356 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
357
358 /* clear this, it may get reset by
359 * send_server_key_exchange */
360 if ((s->options & SSL_OP_EPHEMERAL_RSA)
361#ifndef OPENSSL_NO_KRB5
362 && !(alg_k & SSL_kKRB5)
363#endif /* OPENSSL_NO_KRB5 */
364 )
365 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
366 * even when forbidden by protocol specs
367 * (handshake may fail as clients are not required to
368 * be able to handle this) */
369 s->s3->tmp.use_rsa_tmp=1;
370 else
371 s->s3->tmp.use_rsa_tmp=0;
372
373 /* only send if a DH key exchange or
374 * RSA but we have a sign only certificate */
375 if (s->s3->tmp.use_rsa_tmp
376 /* PSK: send ServerKeyExchange if PSK identity
377 * hint if provided */
378#ifndef OPENSSL_NO_PSK
379 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
380#endif
381 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
382 || (alg_k & SSL_kEECDH)
383 || ((alg_k & SSL_kRSA)
384 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
385 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
386 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
387 )
388 )
389 )
390 )
391 {
392 dtls1_start_timer(s);
393 ret=dtls1_send_server_key_exchange(s);
394 if (ret <= 0) goto end;
395 }
396 else
397 skip=1;
398
399 s->state=SSL3_ST_SW_CERT_REQ_A;
400 s->init_num=0;
401 break;
402
403 case SSL3_ST_SW_CERT_REQ_A:
404 case SSL3_ST_SW_CERT_REQ_B:
405 if (/* don't request cert unless asked for it: */
406 !(s->verify_mode & SSL_VERIFY_PEER) ||
407 /* if SSL_VERIFY_CLIENT_ONCE is set,
408 * don't request cert during re-negotiation: */
409 ((s->session->peer != NULL) &&
410 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
411 /* never request cert in anonymous ciphersuites
412 * (see section "Certificate request" in SSL 3 drafts
413 * and in RFC 2246): */
414 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
415 /* ... except when the application insists on verification
416 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
417 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
418 /* never request cert in Kerberos ciphersuites */
419 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
420 /* With normal PSK Certificates and
421 * Certificate Requests are omitted */
422 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
423 {
424 /* no cert request */
425 skip=1;
426 s->s3->tmp.cert_request=0;
427 s->state=SSL3_ST_SW_SRVR_DONE_A;
428 }
429 else
430 {
431 s->s3->tmp.cert_request=1;
432 dtls1_start_timer(s);
433 ret=dtls1_send_certificate_request(s);
434 if (ret <= 0) goto end;
435#ifndef NETSCAPE_HANG_BUG
436 s->state=SSL3_ST_SW_SRVR_DONE_A;
437#else
438 s->state=SSL3_ST_SW_FLUSH;
439 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
440#endif
441 s->init_num=0;
442 }
443 break;
444
445 case SSL3_ST_SW_SRVR_DONE_A:
446 case SSL3_ST_SW_SRVR_DONE_B:
447 dtls1_start_timer(s);
448 ret=dtls1_send_server_done(s);
449 if (ret <= 0) goto end;
450 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
451 s->state=SSL3_ST_SW_FLUSH;
452 s->init_num=0;
453 break;
454
455 case SSL3_ST_SW_FLUSH:
456 s->rwstate=SSL_WRITING;
457 if (BIO_flush(s->wbio) <= 0)
458 {
459 ret= -1;
460 goto end;
461 }
462 s->rwstate=SSL_NOTHING;
463 s->state=s->s3->tmp.next_state;
464 break;
465
466 case SSL3_ST_SR_CERT_A:
467 case SSL3_ST_SR_CERT_B:
468 /* Check for second client hello (MS SGC) */
469 ret = ssl3_check_client_hello(s);
470 if (ret <= 0)
471 goto end;
472 dtls1_stop_timer(s);
473 if (ret == 2)
474 s->state = SSL3_ST_SR_CLNT_HELLO_C;
475 else {
476 /* could be sent for a DH cert, even if we
477 * have not asked for it :-) */
478 ret=ssl3_get_client_certificate(s);
479 if (ret <= 0) goto end;
480 dtls1_stop_timer(s);
481 s->init_num=0;
482 s->state=SSL3_ST_SR_KEY_EXCH_A;
483 }
484 break;
485
486 case SSL3_ST_SR_KEY_EXCH_A:
487 case SSL3_ST_SR_KEY_EXCH_B:
488 ret=ssl3_get_client_key_exchange(s);
489 if (ret <= 0) goto end;
490 dtls1_stop_timer(s);
491 s->state=SSL3_ST_SR_CERT_VRFY_A;
492 s->init_num=0;
493
494 if (ret == 2)
495 {
496 /* For the ECDH ciphersuites when
497 * the client sends its ECDH pub key in
498 * a certificate, the CertificateVerify
499 * message is not sent.
500 */
501 s->state=SSL3_ST_SR_FINISHED_A;
502 s->init_num = 0;
503 }
504 else
505 {
506 s->state=SSL3_ST_SR_CERT_VRFY_A;
507 s->init_num=0;
508
509 /* We need to get hashes here so if there is
510 * a client cert, it can be verified */
511 s->method->ssl3_enc->cert_verify_mac(s,
512 NID_md5,
513 &(s->s3->tmp.cert_verify_md[0]));
514 s->method->ssl3_enc->cert_verify_mac(s,
515 NID_sha1,
516 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
517 }
518 break;
519
520 case SSL3_ST_SR_CERT_VRFY_A:
521 case SSL3_ST_SR_CERT_VRFY_B:
522
523 s->d1->change_cipher_spec_ok = 1;
524 /* we should decide if we expected this one */
525 ret=ssl3_get_cert_verify(s);
526 if (ret <= 0) goto end;
527 dtls1_stop_timer(s);
528
529 s->state=SSL3_ST_SR_FINISHED_A;
530 s->init_num=0;
531 break;
532
533 case SSL3_ST_SR_FINISHED_A:
534 case SSL3_ST_SR_FINISHED_B:
535 s->d1->change_cipher_spec_ok = 1;
536 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
537 SSL3_ST_SR_FINISHED_B);
538 if (ret <= 0) goto end;
539 dtls1_stop_timer(s);
540 if (s->hit)
541 s->state=SSL_ST_OK;
542#ifndef OPENSSL_NO_TLSEXT
543 else if (s->tlsext_ticket_expected)
544 s->state=SSL3_ST_SW_SESSION_TICKET_A;
545#endif
546 else
547 s->state=SSL3_ST_SW_CHANGE_A;
548 s->init_num=0;
549 break;
550
551#ifndef OPENSSL_NO_TLSEXT
552 case SSL3_ST_SW_SESSION_TICKET_A:
553 case SSL3_ST_SW_SESSION_TICKET_B:
554 ret=dtls1_send_newsession_ticket(s);
555 if (ret <= 0) goto end;
556 s->state=SSL3_ST_SW_CHANGE_A;
557 s->init_num=0;
558 break;
559
560 case SSL3_ST_SW_CERT_STATUS_A:
561 case SSL3_ST_SW_CERT_STATUS_B:
562 ret=ssl3_send_cert_status(s);
563 if (ret <= 0) goto end;
564 s->state=SSL3_ST_SW_KEY_EXCH_A;
565 s->init_num=0;
566 break;
567
568#endif
569
570 case SSL3_ST_SW_CHANGE_A:
571 case SSL3_ST_SW_CHANGE_B:
572
573 s->session->cipher=s->s3->tmp.new_cipher;
574 if (!s->method->ssl3_enc->setup_key_block(s))
575 { ret= -1; goto end; }
576
577 ret=dtls1_send_change_cipher_spec(s,
578 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
579
580 if (ret <= 0) goto end;
581 s->state=SSL3_ST_SW_FINISHED_A;
582 s->init_num=0;
583
584 if (!s->method->ssl3_enc->change_cipher_state(s,
585 SSL3_CHANGE_CIPHER_SERVER_WRITE))
586 {
587 ret= -1;
588 goto end;
589 }
590
591 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
592 break;
593
594 case SSL3_ST_SW_FINISHED_A:
595 case SSL3_ST_SW_FINISHED_B:
596 ret=dtls1_send_finished(s,
597 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
598 s->method->ssl3_enc->server_finished_label,
599 s->method->ssl3_enc->server_finished_label_len);
600 if (ret <= 0) goto end;
601 s->state=SSL3_ST_SW_FLUSH;
602 if (s->hit)
603 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
604 else
605 s->s3->tmp.next_state=SSL_ST_OK;
606 s->init_num=0;
607 break;
608
609 case SSL_ST_OK:
610 /* clean a few things up */
611 ssl3_cleanup_key_block(s);
612
613#if 0
614 BUF_MEM_free(s->init_buf);
615 s->init_buf=NULL;
616#endif
617
618 /* remove buffering on output */
619 ssl_free_wbio_buffer(s);
620
621 s->init_num=0;
622
623 if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
624 {
625 /* actually not necessarily a 'new' session unless
626 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
627
628 s->new_session=0;
629
630 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
631
632 s->ctx->stats.sess_accept_good++;
633 /* s->server=1; */
634 s->handshake_func=dtls1_accept;
635
636 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
637 }
638
639 ret = 1;
640
641 /* done handshaking, next message is client hello */
642 s->d1->handshake_read_seq = 0;
643 /* next message is server hello */
644 s->d1->handshake_write_seq = 0;
645 s->d1->next_handshake_write_seq = 0;
646 goto end;
647 /* break; */
648
649 default:
650 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
651 ret= -1;
652 goto end;
653 /* break; */
654 }
655
656 if (!s->s3->tmp.reuse_message && !skip)
657 {
658 if (s->debug)
659 {
660 if ((ret=BIO_flush(s->wbio)) <= 0)
661 goto end;
662 }
663
664
665 if ((cb != NULL) && (s->state != state))
666 {
667 new_state=s->state;
668 s->state=state;
669 cb(s,SSL_CB_ACCEPT_LOOP,1);
670 s->state=new_state;
671 }
672 }
673 skip=0;
674 }
675end:
676 /* BIO_flush(s->wbio); */
677
678 s->in_handshake--;
679 if (cb != NULL)
680 cb(s,SSL_CB_ACCEPT_EXIT,ret);
681 return(ret);
682 }
683
684int dtls1_send_hello_request(SSL *s)
685 {
686 unsigned char *p;
687
688 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
689 {
690 p=(unsigned char *)s->init_buf->data;
691 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
692
693 s->state=SSL3_ST_SW_HELLO_REQ_B;
694 /* number of bytes to write */
695 s->init_num=DTLS1_HM_HEADER_LENGTH;
696 s->init_off=0;
697
698 /* no need to buffer this message, since there are no retransmit
699 * requests for it */
700 }
701
702 /* SSL3_ST_SW_HELLO_REQ_B */
703 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
704 }
705
706int dtls1_send_hello_verify_request(SSL *s)
707 {
708 unsigned int msg_len;
709 unsigned char *msg, *buf, *p;
710
711 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
712 {
713 buf = (unsigned char *)s->init_buf->data;
714
715 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
716 *(p++) = s->version >> 8;
717 *(p++) = s->version & 0xFF;
718
719 if (s->ctx->app_gen_cookie_cb == NULL ||
720 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
721 &(s->d1->cookie_len)) == 0)
722 {
723 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
724 return 0;
725 }
726
727 *(p++) = (unsigned char) s->d1->cookie_len;
728 memcpy(p, s->d1->cookie, s->d1->cookie_len);
729 p += s->d1->cookie_len;
730 msg_len = p - msg;
731
732 dtls1_set_message_header(s, buf,
733 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
734
735 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
736 /* number of bytes to write */
737 s->init_num=p-buf;
738 s->init_off=0;
739
740 /* buffer the message to handle re-xmits */
741 dtls1_buffer_message(s, 0);
742 }
743
744 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
745 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
746 }
747
748int dtls1_send_server_hello(SSL *s)
749 {
750 unsigned char *buf;
751 unsigned char *p,*d;
752 int i;
753 unsigned int sl;
754 unsigned long l,Time;
755
756 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
757 {
758 buf=(unsigned char *)s->init_buf->data;
759 p=s->s3->server_random;
760 Time=(unsigned long)time(NULL); /* Time */
761 l2n(Time,p);
762 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
763 /* Do the message type and length last */
764 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
765
766 *(p++)=s->version>>8;
767 *(p++)=s->version&0xff;
768
769 /* Random stuff */
770 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
771 p+=SSL3_RANDOM_SIZE;
772
773 /* now in theory we have 3 options to sending back the
774 * session id. If it is a re-use, we send back the
775 * old session-id, if it is a new session, we send
776 * back the new session-id or we send back a 0 length
777 * session-id if we want it to be single use.
778 * Currently I will not implement the '0' length session-id
779 * 12-Jan-98 - I'll now support the '0' length stuff.
780 */
781 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
782 s->session->session_id_length=0;
783
784 sl=s->session->session_id_length;
785 if (sl > sizeof s->session->session_id)
786 {
787 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
788 return -1;
789 }
790 *(p++)=sl;
791 memcpy(p,s->session->session_id,sl);
792 p+=sl;
793
794 /* put the cipher */
795 if (s->s3->tmp.new_cipher == NULL)
796 return -1;
797 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
798 p+=i;
799
800 /* put the compression method */
801#ifdef OPENSSL_NO_COMP
802 *(p++)=0;
803#else
804 if (s->s3->tmp.new_compression == NULL)
805 *(p++)=0;
806 else
807 *(p++)=s->s3->tmp.new_compression->id;
808#endif
809
810#ifndef OPENSSL_NO_TLSEXT
811 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
812 {
813 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
814 return -1;
815 }
816#endif
817
818 /* do the header */
819 l=(p-d);
820 d=buf;
821
822 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
823
824 s->state=SSL3_ST_SW_SRVR_HELLO_B;
825 /* number of bytes to write */
826 s->init_num=p-buf;
827 s->init_off=0;
828
829 /* buffer the message to handle re-xmits */
830 dtls1_buffer_message(s, 0);
831 }
832
833 /* SSL3_ST_SW_SRVR_HELLO_B */
834 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
835 }
836
837int dtls1_send_server_done(SSL *s)
838 {
839 unsigned char *p;
840
841 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
842 {
843 p=(unsigned char *)s->init_buf->data;
844
845 /* do the header */
846 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
847
848 s->state=SSL3_ST_SW_SRVR_DONE_B;
849 /* number of bytes to write */
850 s->init_num=DTLS1_HM_HEADER_LENGTH;
851 s->init_off=0;
852
853 /* buffer the message to handle re-xmits */
854 dtls1_buffer_message(s, 0);
855 }
856
857 /* SSL3_ST_SW_SRVR_DONE_B */
858 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
859 }
860
861int dtls1_send_server_key_exchange(SSL *s)
862 {
863#ifndef OPENSSL_NO_RSA
864 unsigned char *q;
865 int j,num;
866 RSA *rsa;
867 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
868 unsigned int u;
869#endif
870#ifndef OPENSSL_NO_DH
871 DH *dh=NULL,*dhp;
872#endif
873#ifndef OPENSSL_NO_ECDH
874 EC_KEY *ecdh=NULL, *ecdhp;
875 unsigned char *encodedPoint = NULL;
876 int encodedlen = 0;
877 int curve_id = 0;
878 BN_CTX *bn_ctx = NULL;
879#endif
880 EVP_PKEY *pkey;
881 unsigned char *p,*d;
882 int al,i;
883 unsigned long type;
884 int n;
885 CERT *cert;
886 BIGNUM *r[4];
887 int nr[4],kn;
888 BUF_MEM *buf;
889 EVP_MD_CTX md_ctx;
890
891 EVP_MD_CTX_init(&md_ctx);
892 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
893 {
894 type=s->s3->tmp.new_cipher->algorithm_mkey;
895 cert=s->cert;
896
897 buf=s->init_buf;
898
899 r[0]=r[1]=r[2]=r[3]=NULL;
900 n=0;
901#ifndef OPENSSL_NO_RSA
902 if (type & SSL_kRSA)
903 {
904 rsa=cert->rsa_tmp;
905 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
906 {
907 rsa=s->cert->rsa_tmp_cb(s,
908 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
909 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
910 if(rsa == NULL)
911 {
912 al=SSL_AD_HANDSHAKE_FAILURE;
913 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
914 goto f_err;
915 }
916 RSA_up_ref(rsa);
917 cert->rsa_tmp=rsa;
918 }
919 if (rsa == NULL)
920 {
921 al=SSL_AD_HANDSHAKE_FAILURE;
922 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
923 goto f_err;
924 }
925 r[0]=rsa->n;
926 r[1]=rsa->e;
927 s->s3->tmp.use_rsa_tmp=1;
928 }
929 else
930#endif
931#ifndef OPENSSL_NO_DH
932 if (type & SSL_kEDH)
933 {
934 dhp=cert->dh_tmp;
935 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
936 dhp=s->cert->dh_tmp_cb(s,
937 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
938 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
939 if (dhp == NULL)
940 {
941 al=SSL_AD_HANDSHAKE_FAILURE;
942 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
943 goto f_err;
944 }
945
946 if (s->s3->tmp.dh != NULL)
947 {
948 DH_free(dh);
949 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
950 goto err;
951 }
952
953 if ((dh=DHparams_dup(dhp)) == NULL)
954 {
955 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
956 goto err;
957 }
958
959 s->s3->tmp.dh=dh;
960 if ((dhp->pub_key == NULL ||
961 dhp->priv_key == NULL ||
962 (s->options & SSL_OP_SINGLE_DH_USE)))
963 {
964 if(!DH_generate_key(dh))
965 {
966 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
967 ERR_R_DH_LIB);
968 goto err;
969 }
970 }
971 else
972 {
973 dh->pub_key=BN_dup(dhp->pub_key);
974 dh->priv_key=BN_dup(dhp->priv_key);
975 if ((dh->pub_key == NULL) ||
976 (dh->priv_key == NULL))
977 {
978 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
979 goto err;
980 }
981 }
982 r[0]=dh->p;
983 r[1]=dh->g;
984 r[2]=dh->pub_key;
985 }
986 else
987#endif
988#ifndef OPENSSL_NO_ECDH
989 if (type & SSL_kEECDH)
990 {
991 const EC_GROUP *group;
992
993 ecdhp=cert->ecdh_tmp;
994 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
995 {
996 ecdhp=s->cert->ecdh_tmp_cb(s,
997 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
998 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
999 }
1000 if (ecdhp == NULL)
1001 {
1002 al=SSL_AD_HANDSHAKE_FAILURE;
1003 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1004 goto f_err;
1005 }
1006
1007 if (s->s3->tmp.ecdh != NULL)
1008 {
1009 EC_KEY_free(s->s3->tmp.ecdh);
1010 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1011 goto err;
1012 }
1013
1014 /* Duplicate the ECDH structure. */
1015 if (ecdhp == NULL)
1016 {
1017 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1018 goto err;
1019 }
1020 if (!EC_KEY_up_ref(ecdhp))
1021 {
1022 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1023 goto err;
1024 }
1025 ecdh = ecdhp;
1026
1027 s->s3->tmp.ecdh=ecdh;
1028 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1029 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1030 (s->options & SSL_OP_SINGLE_ECDH_USE))
1031 {
1032 if(!EC_KEY_generate_key(ecdh))
1033 {
1034 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1035 goto err;
1036 }
1037 }
1038
1039 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1040 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1041 (EC_KEY_get0_private_key(ecdh) == NULL))
1042 {
1043 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1044 goto err;
1045 }
1046
1047 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1048 (EC_GROUP_get_degree(group) > 163))
1049 {
1050 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1051 goto err;
1052 }
1053
1054 /* XXX: For now, we only support ephemeral ECDH
1055 * keys over named (not generic) curves. For
1056 * supported named curves, curve_id is non-zero.
1057 */
1058 if ((curve_id =
1059 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1060 == 0)
1061 {
1062 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1063 goto err;
1064 }
1065
1066 /* Encode the public key.
1067 * First check the size of encoding and
1068 * allocate memory accordingly.
1069 */
1070 encodedlen = EC_POINT_point2oct(group,
1071 EC_KEY_get0_public_key(ecdh),
1072 POINT_CONVERSION_UNCOMPRESSED,
1073 NULL, 0, NULL);
1074
1075 encodedPoint = (unsigned char *)
1076 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1077 bn_ctx = BN_CTX_new();
1078 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1079 {
1080 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1081 goto err;
1082 }
1083
1084
1085 encodedlen = EC_POINT_point2oct(group,
1086 EC_KEY_get0_public_key(ecdh),
1087 POINT_CONVERSION_UNCOMPRESSED,
1088 encodedPoint, encodedlen, bn_ctx);
1089
1090 if (encodedlen == 0)
1091 {
1092 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1093 goto err;
1094 }
1095
1096 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1097
1098 /* XXX: For now, we only support named (not
1099 * generic) curves in ECDH ephemeral key exchanges.
1100 * In this situation, we need four additional bytes
1101 * to encode the entire ServerECDHParams
1102 * structure.
1103 */
1104 n = 4 + encodedlen;
1105
1106 /* We'll generate the serverKeyExchange message
1107 * explicitly so we can set these to NULLs
1108 */
1109 r[0]=NULL;
1110 r[1]=NULL;
1111 r[2]=NULL;
1112 r[3]=NULL;
1113 }
1114 else
1115#endif /* !OPENSSL_NO_ECDH */
1116#ifndef OPENSSL_NO_PSK
1117 if (type & SSL_kPSK)
1118 {
1119 /* reserve size for record length and PSK identity hint*/
1120 n+=2+strlen(s->ctx->psk_identity_hint);
1121 }
1122 else
1123#endif /* !OPENSSL_NO_PSK */
1124 {
1125 al=SSL_AD_HANDSHAKE_FAILURE;
1126 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1127 goto f_err;
1128 }
1129 for (i=0; r[i] != NULL; i++)
1130 {
1131 nr[i]=BN_num_bytes(r[i]);
1132 n+=2+nr[i];
1133 }
1134
1135 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1136 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1137 {
1138 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
1139 == NULL)
1140 {
1141 al=SSL_AD_DECODE_ERROR;
1142 goto f_err;
1143 }
1144 kn=EVP_PKEY_size(pkey);
1145 }
1146 else
1147 {
1148 pkey=NULL;
1149 kn=0;
1150 }
1151
1152 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
1153 {
1154 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1155 goto err;
1156 }
1157 d=(unsigned char *)s->init_buf->data;
1158 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1159
1160 for (i=0; r[i] != NULL; i++)
1161 {
1162 s2n(nr[i],p);
1163 BN_bn2bin(r[i],p);
1164 p+=nr[i];
1165 }
1166
1167#ifndef OPENSSL_NO_ECDH
1168 if (type & SSL_kEECDH)
1169 {
1170 /* XXX: For now, we only support named (not generic) curves.
1171 * In this situation, the serverKeyExchange message has:
1172 * [1 byte CurveType], [2 byte CurveName]
1173 * [1 byte length of encoded point], followed by
1174 * the actual encoded point itself
1175 */
1176 *p = NAMED_CURVE_TYPE;
1177 p += 1;
1178 *p = 0;
1179 p += 1;
1180 *p = curve_id;
1181 p += 1;
1182 *p = encodedlen;
1183 p += 1;
1184 memcpy((unsigned char*)p,
1185 (unsigned char *)encodedPoint,
1186 encodedlen);
1187 OPENSSL_free(encodedPoint);
1188 p += encodedlen;
1189 }
1190#endif
1191
1192#ifndef OPENSSL_NO_PSK
1193 if (type & SSL_kPSK)
1194 {
1195 /* copy PSK identity hint */
1196 s2n(strlen(s->ctx->psk_identity_hint), p);
1197 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1198 p+=strlen(s->ctx->psk_identity_hint);
1199 }
1200#endif
1201
1202 /* not anonymous */
1203 if (pkey != NULL)
1204 {
1205 /* n is the length of the params, they start at
1206 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
1207 * at the end. */
1208#ifndef OPENSSL_NO_RSA
1209 if (pkey->type == EVP_PKEY_RSA)
1210 {
1211 q=md_buf;
1212 j=0;
1213 for (num=2; num > 0; num--)
1214 {
1215 EVP_DigestInit_ex(&md_ctx,(num == 2)
1216 ?s->ctx->md5:s->ctx->sha1, NULL);
1217 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1218 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1219 EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1220 EVP_DigestFinal_ex(&md_ctx,q,
1221 (unsigned int *)&i);
1222 q+=i;
1223 j+=i;
1224 }
1225 if (RSA_sign(NID_md5_sha1, md_buf, j,
1226 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1227 {
1228 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1229 goto err;
1230 }
1231 s2n(u,p);
1232 n+=u+2;
1233 }
1234 else
1235#endif
1236#if !defined(OPENSSL_NO_DSA)
1237 if (pkey->type == EVP_PKEY_DSA)
1238 {
1239 /* lets do DSS */
1240 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
1241 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1242 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1243 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1244 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1245 (unsigned int *)&i,pkey))
1246 {
1247 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1248 goto err;
1249 }
1250 s2n(i,p);
1251 n+=i+2;
1252 }
1253 else
1254#endif
1255#if !defined(OPENSSL_NO_ECDSA)
1256 if (pkey->type == EVP_PKEY_EC)
1257 {
1258 /* let's do ECDSA */
1259 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1260 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1261 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1262 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1263 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1264 (unsigned int *)&i,pkey))
1265 {
1266 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1267 goto err;
1268 }
1269 s2n(i,p);
1270 n+=i+2;
1271 }
1272 else
1273#endif
1274 {
1275 /* Is this error check actually needed? */
1276 al=SSL_AD_HANDSHAKE_FAILURE;
1277 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1278 goto f_err;
1279 }
1280 }
1281
1282 d = dtls1_set_message_header(s, d,
1283 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
1284
1285 /* we should now have things packed up, so lets send
1286 * it off */
1287 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1288 s->init_off=0;
1289
1290 /* buffer the message to handle re-xmits */
1291 dtls1_buffer_message(s, 0);
1292 }
1293
1294 s->state = SSL3_ST_SW_KEY_EXCH_B;
1295 EVP_MD_CTX_cleanup(&md_ctx);
1296 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1297f_err:
1298 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1299err:
1300#ifndef OPENSSL_NO_ECDH
1301 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1302 BN_CTX_free(bn_ctx);
1303#endif
1304 EVP_MD_CTX_cleanup(&md_ctx);
1305 return(-1);
1306 }
1307
1308int dtls1_send_certificate_request(SSL *s)
1309 {
1310 unsigned char *p,*d;
1311 int i,j,nl,off,n;
1312 STACK_OF(X509_NAME) *sk=NULL;
1313 X509_NAME *name;
1314 BUF_MEM *buf;
1315 unsigned int msg_len;
1316
1317 if (s->state == SSL3_ST_SW_CERT_REQ_A)
1318 {
1319 buf=s->init_buf;
1320
1321 d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1322
1323 /* get the list of acceptable cert types */
1324 p++;
1325 n=ssl3_get_req_cert_type(s,p);
1326 d[0]=n;
1327 p+=n;
1328 n++;
1329
1330 off=n;
1331 p+=2;
1332 n+=2;
1333
1334 sk=SSL_get_client_CA_list(s);
1335 nl=0;
1336 if (sk != NULL)
1337 {
1338 for (i=0; i<sk_X509_NAME_num(sk); i++)
1339 {
1340 name=sk_X509_NAME_value(sk,i);
1341 j=i2d_X509_NAME(name,NULL);
1342 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
1343 {
1344 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1345 goto err;
1346 }
1347 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
1348 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1349 {
1350 s2n(j,p);
1351 i2d_X509_NAME(name,&p);
1352 n+=2+j;
1353 nl+=2+j;
1354 }
1355 else
1356 {
1357 d=p;
1358 i2d_X509_NAME(name,&p);
1359 j-=2; s2n(j,d); j+=2;
1360 n+=j;
1361 nl+=j;
1362 }
1363 }
1364 }
1365 /* else no CA names */
1366 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
1367 s2n(nl,p);
1368
1369 d=(unsigned char *)buf->data;
1370 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
1371 l2n3(n,d);
1372 s2n(s->d1->handshake_write_seq,d);
1373 s->d1->handshake_write_seq++;
1374
1375 /* we should now have things packed up, so lets send
1376 * it off */
1377
1378 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1379 s->init_off=0;
1380#ifdef NETSCAPE_HANG_BUG
1381/* XXX: what to do about this? */
1382 p=(unsigned char *)s->init_buf->data + s->init_num;
1383
1384 /* do the header */
1385 *(p++)=SSL3_MT_SERVER_DONE;
1386 *(p++)=0;
1387 *(p++)=0;
1388 *(p++)=0;
1389 s->init_num += 4;
1390#endif
1391
1392 /* XDTLS: set message header ? */
1393 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1394 dtls1_set_message_header(s, (void *)s->init_buf->data,
1395 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1396
1397 /* buffer the message to handle re-xmits */
1398 dtls1_buffer_message(s, 0);
1399
1400 s->state = SSL3_ST_SW_CERT_REQ_B;
1401 }
1402
1403 /* SSL3_ST_SW_CERT_REQ_B */
1404 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1405err:
1406 return(-1);
1407 }
1408
1409int dtls1_send_server_certificate(SSL *s)
1410 {
1411 unsigned long l;
1412 X509 *x;
1413
1414 if (s->state == SSL3_ST_SW_CERT_A)
1415 {
1416 x=ssl_get_server_send_cert(s);
1417 if (x == NULL)
1418 {
1419 /* VRS: allow null cert if auth == KRB5 */
1420 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
1421 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
1422 {
1423 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
1424 return(0);
1425 }
1426 }
1427
1428 l=dtls1_output_cert_chain(s,x);
1429 s->state=SSL3_ST_SW_CERT_B;
1430 s->init_num=(int)l;
1431 s->init_off=0;
1432
1433 /* buffer the message to handle re-xmits */
1434 dtls1_buffer_message(s, 0);
1435 }
1436
1437 /* SSL3_ST_SW_CERT_B */
1438 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1439 }
1440
1441#ifndef OPENSSL_NO_TLSEXT
1442int dtls1_send_newsession_ticket(SSL *s)
1443 {
1444 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
1445 {
1446 unsigned char *p, *senc, *macstart;
1447 int len, slen;
1448 unsigned int hlen, msg_len;
1449 EVP_CIPHER_CTX ctx;
1450 HMAC_CTX hctx;
1451 SSL_CTX *tctx = s->initial_ctx;
1452 unsigned char iv[EVP_MAX_IV_LENGTH];
1453 unsigned char key_name[16];
1454
1455 /* get session encoding length */
1456 slen = i2d_SSL_SESSION(s->session, NULL);
1457 /* Some length values are 16 bits, so forget it if session is
1458 * too long
1459 */
1460 if (slen > 0xFF00)
1461 return -1;
1462 /* Grow buffer if need be: the length calculation is as
1463 * follows 12 (DTLS handshake message header) +
1464 * 4 (ticket lifetime hint) + 2 (ticket length) +
1465 * 16 (key name) + max_iv_len (iv length) +
1466 * session_length + max_enc_block_size (max encrypted session
1467 * length) + max_md_size (HMAC).
1468 */
1469 if (!BUF_MEM_grow(s->init_buf,
1470 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1471 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1472 return -1;
1473 senc = OPENSSL_malloc(slen);
1474 if (!senc)
1475 return -1;
1476 p = senc;
1477 i2d_SSL_SESSION(s->session, &p);
1478
1479 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1480 EVP_CIPHER_CTX_init(&ctx);
1481 HMAC_CTX_init(&hctx);
1482 /* Initialize HMAC and cipher contexts. If callback present
1483 * it does all the work otherwise use generated values
1484 * from parent ctx.
1485 */
1486 if (tctx->tlsext_ticket_key_cb)
1487 {
1488 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1489 &hctx, 1) < 0)
1490 {
1491 OPENSSL_free(senc);
1492 return -1;
1493 }
1494 }
1495 else
1496 {
1497 RAND_pseudo_bytes(iv, 16);
1498 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1499 tctx->tlsext_tick_aes_key, iv);
1500 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1501 tlsext_tick_md(), NULL);
1502 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1503 }
1504 l2n(s->session->tlsext_tick_lifetime_hint, p);
1505 /* Skip ticket length for now */
1506 p += 2;
1507 /* Output key name */
1508 macstart = p;
1509 memcpy(p, key_name, 16);
1510 p += 16;
1511 /* output IV */
1512 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
1513 p += EVP_CIPHER_CTX_iv_length(&ctx);
1514 /* Encrypt session data */
1515 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
1516 p += len;
1517 EVP_EncryptFinal(&ctx, p, &len);
1518 p += len;
1519 EVP_CIPHER_CTX_cleanup(&ctx);
1520
1521 HMAC_Update(&hctx, macstart, p - macstart);
1522 HMAC_Final(&hctx, p, &hlen);
1523 HMAC_CTX_cleanup(&hctx);
1524
1525 p += hlen;
1526 /* Now write out lengths: p points to end of data written */
1527 /* Total length */
1528 len = p - (unsigned char *)(s->init_buf->data);
1529 /* Ticket length */
1530 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1531 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1532
1533 /* number of bytes to write */
1534 s->init_num= len;
1535 s->state=SSL3_ST_SW_SESSION_TICKET_B;
1536 s->init_off=0;
1537 OPENSSL_free(senc);
1538
1539 /* XDTLS: set message header ? */
1540 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1541 dtls1_set_message_header(s, (void *)s->init_buf->data,
1542 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1543
1544 /* buffer the message to handle re-xmits */
1545 dtls1_buffer_message(s, 0);
1546 }
1547
1548 /* SSL3_ST_SW_SESSION_TICKET_B */
1549 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1550 }
1551#endif
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index 9d2cd5bfa5..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,350 +0,0 @@
1#
2# OpenSSL example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6# This definition stops the following lines choking if HOME isn't
7# defined.
8HOME = .
9RANDFILE = $ENV::HOME/.rnd
10
11# Extra OBJECT IDENTIFIER info:
12#oid_file = $ENV::HOME/.oid
13oid_section = new_oids
14
15# To use this configuration file with the "-extfile" option of the
16# "openssl x509" utility, name here the section containing the
17# X.509v3 extensions to use:
18# extensions =
19# (Alternatively, use a configuration file that has only
20# X.509v3 extensions in its main [= default] section.)
21
22[ new_oids ]
23
24# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
25# Add a simple OID like this:
26# testoid1=1.2.3.4
27# Or use config file substitution like this:
28# testoid2=${testoid1}.5.6
29
30# Policies used by the TSA examples.
31tsa_policy1 = 1.2.3.4.1
32tsa_policy2 = 1.2.3.4.5.6
33tsa_policy3 = 1.2.3.4.5.7
34
35####################################################################
36[ ca ]
37default_ca = CA_default # The default ca section
38
39####################################################################
40[ CA_default ]
41
42dir = ./demoCA # Where everything is kept
43certs = $dir/certs # Where the issued certs are kept
44crl_dir = $dir/crl # Where the issued crl are kept
45database = $dir/index.txt # database index file.
46#unique_subject = no # Set to 'no' to allow creation of
47 # several ctificates with same subject.
48new_certs_dir = $dir/newcerts # default place for new certs.
49
50certificate = $dir/cacert.pem # The CA certificate
51serial = $dir/serial # The current serial number
52crlnumber = $dir/crlnumber # the current crl number
53 # must be commented out to leave a V1 CRL
54crl = $dir/crl.pem # The current CRL
55private_key = $dir/private/cakey.pem# The private key
56RANDFILE = $dir/private/.rand # private random number file
57
58x509_extensions = usr_cert # The extentions to add to the cert
59
60# Comment out the following two lines for the "traditional"
61# (and highly broken) format.
62name_opt = ca_default # Subject Name options
63cert_opt = ca_default # Certificate field options
64
65# Extension copying option: use with caution.
66# copy_extensions = copy
67
68# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
69# so this is commented out by default to leave a V1 CRL.
70# crlnumber must also be commented out to leave a V1 CRL.
71# crl_extensions = crl_ext
72
73default_days = 365 # how long to certify for
74default_crl_days= 30 # how long before next CRL
75default_md = default # use public key default MD
76preserve = no # keep passed DN ordering
77
78# A few difference way of specifying how similar the request should look
79# For type CA, the listed attributes must be the same, and the optional
80# and supplied fields are just that :-)
81policy = policy_match
82
83# For the CA policy
84[ policy_match ]
85countryName = match
86stateOrProvinceName = match
87organizationName = match
88organizationalUnitName = optional
89commonName = supplied
90emailAddress = optional
91
92# For the 'anything' policy
93# At this point in time, you must list all acceptable 'object'
94# types.
95[ policy_anything ]
96countryName = optional
97stateOrProvinceName = optional
98localityName = optional
99organizationName = optional
100organizationalUnitName = optional
101commonName = supplied
102emailAddress = optional
103
104####################################################################
105[ req ]
106default_bits = 1024
107default_keyfile = privkey.pem
108distinguished_name = req_distinguished_name
109attributes = req_attributes
110x509_extensions = v3_ca # The extentions to add to the self signed cert
111
112# Passwords for private keys if not present they will be prompted for
113# input_password = secret
114# output_password = secret
115
116# This sets a mask for permitted string types. There are several options.
117# default: PrintableString, T61String, BMPString.
118# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
119# utf8only: only UTF8Strings (PKIX recommendation after 2004).
120# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
121# MASK:XXXX a literal mask value.
122# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
123string_mask = utf8only
124
125# req_extensions = v3_req # The extensions to add to a certificate request
126
127[ req_distinguished_name ]
128countryName = Country Name (2 letter code)
129countryName_default = AU
130countryName_min = 2
131countryName_max = 2
132
133stateOrProvinceName = State or Province Name (full name)
134stateOrProvinceName_default = Some-State
135
136localityName = Locality Name (eg, city)
137
1380.organizationName = Organization Name (eg, company)
1390.organizationName_default = Internet Widgits Pty Ltd
140
141# we can do this but it is not needed normally :-)
142#1.organizationName = Second Organization Name (eg, company)
143#1.organizationName_default = World Wide Web Pty Ltd
144
145organizationalUnitName = Organizational Unit Name (eg, section)
146#organizationalUnitName_default =
147
148commonName = Common Name (eg, YOUR name)
149commonName_max = 64
150
151emailAddress = Email Address
152emailAddress_max = 64
153
154# SET-ex3 = SET extension number 3
155
156[ req_attributes ]
157challengePassword = A challenge password
158challengePassword_min = 4
159challengePassword_max = 20
160
161unstructuredName = An optional company name
162
163[ usr_cert ]
164
165# These extensions are added when 'ca' signs a request.
166
167# This goes against PKIX guidelines but some CAs do it and some software
168# requires this to avoid interpreting an end user certificate as a CA.
169
170basicConstraints=CA:FALSE
171
172# Here are some examples of the usage of nsCertType. If it is omitted
173# the certificate can be used for anything *except* object signing.
174
175# This is OK for an SSL server.
176# nsCertType = server
177
178# For an object signing certificate this would be used.
179# nsCertType = objsign
180
181# For normal client use this is typical
182# nsCertType = client, email
183
184# and for everything including object signing:
185# nsCertType = client, email, objsign
186
187# This is typical in keyUsage for a client certificate.
188# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
189
190# This will be displayed in Netscape's comment listbox.
191nsComment = "OpenSSL Generated Certificate"
192
193# PKIX recommendations harmless if included in all certificates.
194subjectKeyIdentifier=hash
195authorityKeyIdentifier=keyid,issuer
196
197# This stuff is for subjectAltName and issuerAltname.
198# Import the email address.
199# subjectAltName=email:copy
200# An alternative to produce certificates that aren't
201# deprecated according to PKIX.
202# subjectAltName=email:move
203
204# Copy subject details
205# issuerAltName=issuer:copy
206
207#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
208#nsBaseUrl
209#nsRevocationUrl
210#nsRenewalUrl
211#nsCaPolicyUrl
212#nsSslServerName
213
214# This is required for TSA certificates.
215# extendedKeyUsage = critical,timeStamping
216
217[ v3_req ]
218
219# Extensions to add to a certificate request
220
221basicConstraints = CA:FALSE
222keyUsage = nonRepudiation, digitalSignature, keyEncipherment
223
224[ v3_ca ]
225
226
227# Extensions for a typical CA
228
229
230# PKIX recommendation.
231
232subjectKeyIdentifier=hash
233
234authorityKeyIdentifier=keyid:always,issuer
235
236# This is what PKIX recommends but some broken software chokes on critical
237# extensions.
238#basicConstraints = critical,CA:true
239# So we do this instead.
240basicConstraints = CA:true
241
242# Key usage: this is typical for a CA certificate. However since it will
243# prevent it being used as an test self-signed certificate it is best
244# left out by default.
245# keyUsage = cRLSign, keyCertSign
246
247# Some might want this also
248# nsCertType = sslCA, emailCA
249
250# Include email address in subject alt name: another PKIX recommendation
251# subjectAltName=email:copy
252# Copy issuer details
253# issuerAltName=issuer:copy
254
255# DER hex encoding of an extension: beware experts only!
256# obj=DER:02:03
257# Where 'obj' is a standard or added object
258# You can even override a supported extension:
259# basicConstraints= critical, DER:30:03:01:01:FF
260
261[ crl_ext ]
262
263# CRL extensions.
264# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
265
266# issuerAltName=issuer:copy
267authorityKeyIdentifier=keyid:always
268
269[ proxy_cert_ext ]
270# These extensions should be added when creating a proxy certificate
271
272# This goes against PKIX guidelines but some CAs do it and some software
273# requires this to avoid interpreting an end user certificate as a CA.
274
275basicConstraints=CA:FALSE
276
277# Here are some examples of the usage of nsCertType. If it is omitted
278# the certificate can be used for anything *except* object signing.
279
280# This is OK for an SSL server.
281# nsCertType = server
282
283# For an object signing certificate this would be used.
284# nsCertType = objsign
285
286# For normal client use this is typical
287# nsCertType = client, email
288
289# and for everything including object signing:
290# nsCertType = client, email, objsign
291
292# This is typical in keyUsage for a client certificate.
293# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
294
295# This will be displayed in Netscape's comment listbox.
296nsComment = "OpenSSL Generated Certificate"
297
298# PKIX recommendations harmless if included in all certificates.
299subjectKeyIdentifier=hash
300authorityKeyIdentifier=keyid,issuer
301
302# This stuff is for subjectAltName and issuerAltname.
303# Import the email address.
304# subjectAltName=email:copy
305# An alternative to produce certificates that aren't
306# deprecated according to PKIX.
307# subjectAltName=email:move
308
309# Copy subject details
310# issuerAltName=issuer:copy
311
312#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
313#nsBaseUrl
314#nsRevocationUrl
315#nsRenewalUrl
316#nsCaPolicyUrl
317#nsSslServerName
318
319# This really needs to be in place for it to be a proxy certificate.
320proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
321
322####################################################################
323[ tsa ]
324
325default_tsa = tsa_config1 # the default TSA section
326
327[ tsa_config1 ]
328
329# These are used by the TSA reply generation only.
330dir = ./demoCA # TSA root directory
331serial = $dir/tsaserial # The current serial number (mandatory)
332crypto_device = builtin # OpenSSL engine to use for signing
333signer_cert = $dir/tsacert.pem # The TSA signing certificate
334 # (optional)
335certs = $dir/cacert.pem # Certificate chain to include in reply
336 # (optional)
337signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
338
339default_policy = tsa_policy1 # Policy if request did not specify it
340 # (optional)
341other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
342digests = md5, sha1 # Acceptable message digests (mandatory)
343accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
344clock_precision_digits = 0 # number of digits after dot. (optional)
345ordering = yes # Is ordering defined for timestamps?
346 # (optional, default: no)
347tsa_name = yes # Must the TSA name be included in the reply?
348 # (optional, default: no)
349ess_cert_id_chain = no # Must the ESS cert id chain be included?
350 # (optional, default: no)
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index f8817b0a71..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
1
2This is some preliminary documentation for OpenSSL.
3
4Contents:
5
6 OpenSSL X509V3 extension configuration
7 X509V3 Extension code: programmers guide
8 PKCS#12 Library
9
10
11==============================================================================
12 OpenSSL X509V3 extension configuration
13==============================================================================
14
15OpenSSL X509V3 extension configuration: preliminary documentation.
16
17INTRODUCTION.
18
19For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
20possible to add and print out common X509 V3 certificate and CRL extensions.
21
22BEGINNERS NOTE
23
24For most simple applications you don't need to know too much about extensions:
25the default openssl.cnf values will usually do sensible things.
26
27If you want to know more you can initially quickly look through the sections
28describing how the standard OpenSSL utilities display and add extensions and
29then the list of supported extensions.
30
31For more technical information about the meaning of extensions see:
32
33http://www.imc.org/ietf-pkix/
34http://home.netscape.com/eng/security/certs.html
35
36PRINTING EXTENSIONS.
37
38Extension values are automatically printed out for supported extensions.
39
40openssl x509 -in cert.pem -text
41openssl crl -in crl.pem -text
42
43will give information in the extension printout, for example:
44
45 X509v3 extensions:
46 X509v3 Basic Constraints:
47 CA:TRUE
48 X509v3 Subject Key Identifier:
49 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
50 X509v3 Authority Key Identifier:
51 keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
52 X509v3 Key Usage:
53 Certificate Sign, CRL Sign
54 X509v3 Subject Alternative Name:
55 email:email@1.address, email:email@2.address
56
57CONFIGURATION FILES.
58
59The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
60which certificate extensions to include. In each case a line:
61
62x509_extensions = extension_section
63
64indicates which section contains the extensions. In the case of 'req' the
65extension section is used when the -x509 option is present to create a
66self signed root certificate.
67
68The 'x509' utility also supports extensions when it signs a certificate.
69The -extfile option is used to set the configuration file containing the
70extensions. In this case a line with:
71
72extensions = extension_section
73
74in the nameless (default) section is used. If no such line is included then
75it uses the default section.
76
77You can also add extensions to CRLs: a line
78
79crl_extensions = crl_extension_section
80
81will include extensions when the -gencrl option is used with the 'ca' utility.
82You can add any extension to a CRL but of the supported extensions only
83issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
84CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
85CRL entry extensions can be displayed.
86
87NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
88you should not include a crl_extensions line in the configuration file.
89
90As with all configuration files you can use the inbuilt environment expansion
91to allow the values to be passed in the environment. Therefore if you have
92several extension sections used for different purposes you can have a line:
93
94x509_extensions = $ENV::ENV_EXT
95
96and set the ENV_EXT environment variable before calling the relevant utility.
97
98EXTENSION SYNTAX.
99
100Extensions have the basic form:
101
102extension_name=[critical,] extension_options
103
104the use of the critical option makes the extension critical. Extreme caution
105should be made when using the critical flag. If an extension is marked
106as critical then any client that does not understand the extension should
107reject it as invalid. Some broken software will reject certificates which
108have *any* critical extensions (these violates PKIX but we have to live
109with it).
110
111There are three main types of extension: string extensions, multi-valued
112extensions, and raw extensions.
113
114String extensions simply have a string which contains either the value itself
115or how it is obtained.
116
117For example:
118
119nsComment="This is a Comment"
120
121Multi-valued extensions have a short form and a long form. The short form
122is a list of names and values:
123
124basicConstraints=critical,CA:true,pathlen:1
125
126The long form allows the values to be placed in a separate section:
127
128basicConstraints=critical,@bs_section
129
130[bs_section]
131
132CA=true
133pathlen=1
134
135Both forms are equivalent. However it should be noted that in some cases the
136same name can appear multiple times, for example,
137
138subjectAltName=email:steve@here,email:steve@there
139
140in this case an equivalent long form is:
141
142subjectAltName=@alt_section
143
144[alt_section]
145
146email.1=steve@here
147email.2=steve@there
148
149This is because the configuration file code cannot handle the same name
150occurring twice in the same section.
151
152The syntax of raw extensions is governed by the extension code: it can
153for example contain data in multiple sections. The correct syntax to
154use is defined by the extension code itself: check out the certificate
155policies extension for an example.
156
157There are two ways to encode arbitrary extensions.
158
159The first way is to use the word ASN1 followed by the extension content
160using the same syntax as ASN1_generate_nconf(). For example:
161
1621.2.3.4=critical,ASN1:UTF8String:Some random data
163
1641.2.3.4=ASN1:SEQUENCE:seq_sect
165
166[seq_sect]
167
168field1 = UTF8:field1
169field2 = UTF8:field2
170
171It is also possible to use the word DER to include arbitrary data in any
172extension.
173
1741.2.3.4=critical,DER:01:02:03:04
1751.2.3.4=DER:01020304
176
177The value following DER is a hex dump of the DER encoding of the extension
178Any extension can be placed in this form to override the default behaviour.
179For example:
180
181basicConstraints=critical,DER:00:01:02:03
182
183WARNING: DER should be used with caution. It is possible to create totally
184invalid extensions unless care is taken.
185
186CURRENTLY SUPPORTED EXTENSIONS.
187
188If you aren't sure about extensions then they can be largely ignored: its only
189when you want to do things like restrict certificate usage when you need to
190worry about them.
191
192The only extension that a beginner might want to look at is Basic Constraints.
193If in addition you want to try Netscape object signing the you should also
194look at Netscape Certificate Type.
195
196Literal String extensions.
197
198In each case the 'value' of the extension is placed directly in the
199extension. Currently supported extensions in this category are: nsBaseUrl,
200nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
201nsSslServerName and nsComment.
202
203For example:
204
205nsComment="This is a test comment"
206
207Bit Strings.
208
209Bit string extensions just consist of a list of supported bits, currently
210two extensions are in this category: PKIX keyUsage and the Netscape specific
211nsCertType.
212
213nsCertType (netscape certificate type) takes the flags: client, server, email,
214objsign, reserved, sslCA, emailCA, objCA.
215
216keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
217keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
218encipherOnly, decipherOnly.
219
220For example:
221
222nsCertType=server
223
224keyUsage=digitalSignature, nonRepudiation
225
226Hints on Netscape Certificate Type.
227
228Other than Basic Constraints this is the only extension a beginner might
229want to use, if you want to try Netscape object signing, otherwise it can
230be ignored.
231
232If you want a certificate that can be used just for object signing then:
233
234nsCertType=objsign
235
236will do the job. If you want to use it as a normal end user and server
237certificate as well then
238
239nsCertType=objsign,email,server
240
241is more appropriate. You cannot use a self signed certificate for object
242signing (well Netscape signtool can but it cheats!) so you need to create
243a CA certificate and sign an end user certificate with it.
244
245Side note: If you want to conform to the Netscape specifications then you
246should really also set:
247
248nsCertType=objCA
249
250in the *CA* certificate for just an object signing CA and
251
252nsCertType=objCA,emailCA,sslCA
253
254for everything. Current Netscape software doesn't enforce this so it can
255be omitted.
256
257Basic Constraints.
258
259This is generally the only extension you need to worry about for simple
260applications. If you want your certificate to be usable as a CA certificate
261(in addition to an end user certificate) then you set this to:
262
263basicConstraints=CA:TRUE
264
265if you want to be certain the certificate cannot be used as a CA then do:
266
267basicConstraints=CA:FALSE
268
269The rest of this section describes more advanced usage.
270
271Basic constraints is a multi-valued extension that supports a CA and an
272optional pathlen option. The CA option takes the values true and false and
273pathlen takes an integer. Note if the CA option is false the pathlen option
274should be omitted.
275
276The pathlen parameter indicates the maximum number of CAs that can appear
277below this one in a chain. So if you have a CA with a pathlen of zero it can
278only be used to sign end user certificates and not further CAs. This all
279assumes that the software correctly interprets this extension of course.
280
281Examples:
282
283basicConstraints=CA:TRUE
284basicConstraints=critical,CA:TRUE, pathlen:0
285
286NOTE: for a CA to be considered valid it must have the CA option set to
287TRUE. An end user certificate MUST NOT have the CA value set to true.
288According to PKIX recommendations it should exclude the extension entirely,
289however some software may require CA set to FALSE for end entity certificates.
290
291Extended Key Usage.
292
293This extensions consists of a list of usages.
294
295These can either be object short names of the dotted numerical form of OIDs.
296While any OID can be used only certain values make sense. In particular the
297following PKIX, NS and MS values are meaningful:
298
299Value Meaning
300----- -------
301serverAuth SSL/TLS Web Server Authentication.
302clientAuth SSL/TLS Web Client Authentication.
303codeSigning Code signing.
304emailProtection E-mail Protection (S/MIME).
305timeStamping Trusted Timestamping
306msCodeInd Microsoft Individual Code Signing (authenticode)
307msCodeCom Microsoft Commercial Code Signing (authenticode)
308msCTLSign Microsoft Trust List Signing
309msSGC Microsoft Server Gated Crypto
310msEFS Microsoft Encrypted File System
311nsSGC Netscape Server Gated Crypto
312
313For example, under IE5 a CA can be used for any purpose: by including a list
314of the above usages the CA can be restricted to only authorised uses.
315
316Note: software packages may place additional interpretations on certificate
317use, in particular some usages may only work for selected CAs. Don't for example
318expect just including msSGC or nsSGC will automatically mean that a certificate
319can be used for SGC ("step up" encryption) otherwise anyone could use it.
320
321Examples:
322
323extendedKeyUsage=critical,codeSigning,1.2.3.4
324extendedKeyUsage=nsSGC,msSGC
325
326Subject Key Identifier.
327
328This is really a string extension and can take two possible values. Either
329a hex string giving details of the extension value to include or the word
330'hash' which then automatically follow PKIX guidelines in selecting and
331appropriate key identifier. The use of the hex string is strongly discouraged.
332
333Example: subjectKeyIdentifier=hash
334
335Authority Key Identifier.
336
337The authority key identifier extension permits two options. keyid and issuer:
338both can take the optional value "always".
339
340If the keyid option is present an attempt is made to copy the subject key
341identifier from the parent certificate. If the value "always" is present
342then an error is returned if the option fails.
343
344The issuer option copies the issuer and serial number from the issuer
345certificate. Normally this will only be done if the keyid option fails or
346is not included: the "always" flag will always include the value.
347
348Subject Alternative Name.
349
350The subject alternative name extension allows various literal values to be
351included in the configuration file. These include "email" (an email address)
352"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
353registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
354
355Also the email option include a special 'copy' value. This will automatically
356include and email addresses contained in the certificate subject name in
357the extension.
358
359otherName can include arbitrary data associated with an OID: the value
360should be the OID followed by a semicolon and the content in standard
361ASN1_generate_nconf() format.
362
363Examples:
364
365subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
366subjectAltName=email:my@other.address,RID:1.2.3.4
367subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
368
369Issuer Alternative Name.
370
371The issuer alternative name option supports all the literal options of
372subject alternative name. It does *not* support the email:copy option because
373that would not make sense. It does support an additional issuer:copy option
374that will copy all the subject alternative name values from the issuer
375certificate (if possible).
376
377Example:
378
379issuserAltName = issuer:copy
380
381Authority Info Access.
382
383The authority information access extension gives details about how to access
384certain information relating to the CA. Its syntax is accessOID;location
385where 'location' has the same syntax as subject alternative name (except
386that email:copy is not supported). accessOID can be any valid OID but only
387certain values are meaningful for example OCSP and caIssuers. OCSP gives the
388location of an OCSP responder: this is used by Netscape PSM and other software.
389
390Example:
391
392authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
393authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
394
395CRL distribution points.
396
397This is a multi-valued extension that supports all the literal options of
398subject alternative name. Of the few software packages that currently interpret
399this extension most only interpret the URI option.
400
401Currently each option will set a new DistributionPoint with the fullName
402field set to the given value.
403
404Other fields like cRLissuer and reasons cannot currently be set or displayed:
405at this time no examples were available that used these fields.
406
407If you see this extension with <UNSUPPORTED> when you attempt to print it out
408or it doesn't appear to display correctly then let me know, including the
409certificate (mail me at steve@openssl.org) .
410
411Examples:
412
413crlDistributionPoints=URI:http://www.myhost.com/myca.crl
414crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
415
416Certificate Policies.
417
418This is a RAW extension. It attempts to display the contents of this extension:
419unfortunately this extension is often improperly encoded.
420
421The certificate policies extension will rarely be used in practice: few
422software packages interpret it correctly or at all. IE5 does partially
423support this extension: but it needs the 'ia5org' option because it will
424only correctly support a broken encoding. Of the options below only the
425policy OID, explicitText and CPS options are displayed with IE5.
426
427All the fields of this extension can be set by using the appropriate syntax.
428
429If you follow the PKIX recommendations of not including any qualifiers and just
430using only one OID then you just include the value of that OID. Multiple OIDs
431can be set separated by commas, for example:
432
433certificatePolicies= 1.2.4.5, 1.1.3.4
434
435If you wish to include qualifiers then the policy OID and qualifiers need to
436be specified in a separate section: this is done by using the @section syntax
437instead of a literal OID value.
438
439The section referred to must include the policy OID using the name
440policyIdentifier, cPSuri qualifiers can be included using the syntax:
441
442CPS.nnn=value
443
444userNotice qualifiers can be set using the syntax:
445
446userNotice.nnn=@notice
447
448The value of the userNotice qualifier is specified in the relevant section.
449This section can include explicitText, organization and noticeNumbers
450options. explicitText and organization are text strings, noticeNumbers is a
451comma separated list of numbers. The organization and noticeNumbers options
452(if included) must BOTH be present. If you use the userNotice option with IE5
453then you need the 'ia5org' option at the top level to modify the encoding:
454otherwise it will not be interpreted properly.
455
456Example:
457
458certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
459
460[polsect]
461
462policyIdentifier = 1.3.5.8
463CPS.1="http://my.host.name/"
464CPS.2="http://my.your.name/"
465userNotice.1=@notice
466
467[notice]
468
469explicitText="Explicit Text Here"
470organization="Organisation Name"
471noticeNumbers=1,2,3,4
472
473TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
474according to PKIX it should be of type DisplayText but Verisign uses an
475IA5STRING and IE5 needs this too.
476
477Display only extensions.
478
479Some extensions are only partially supported and currently are only displayed
480but cannot be set. These include private key usage period, CRL number, and
481CRL reason.
482
483==============================================================================
484 X509V3 Extension code: programmers guide
485==============================================================================
486
487The purpose of the extension code is twofold. It allows an extension to be
488created from a string or structure describing its contents and it prints out an
489extension in a human or machine readable form.
490
4911. Initialisation and cleanup.
492
493No special initialisation is needed before calling the extension functions.
494You used to have to call X509V3_add_standard_extensions(); but this is no longer
495required and this function no longer does anything.
496
497void X509V3_EXT_cleanup(void);
498
499This function should be called to cleanup the extension code if any custom
500extensions have been added. If no custom extensions have been added then this
501call does nothing. After this call all custom extension code is freed up but
502you can still use the standard extensions.
503
5042. Printing and parsing extensions.
505
506The simplest way to print out extensions is via the standard X509 printing
507routines: if you use the standard X509_print() function, the supported
508extensions will be printed out automatically.
509
510The following functions allow finer control over extension display:
511
512int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
513int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
514
515These two functions print out an individual extension to a BIO or FILE pointer.
516Currently the flag argument is unused and should be set to 0. The 'indent'
517argument is the number of spaces to indent each line.
518
519void *X509V3_EXT_d2i(X509_EXTENSION *ext);
520
521This function parses an extension and returns its internal structure. The
522precise structure you get back depends on the extension being parsed. If the
523extension if basicConstraints you will get back a pointer to a
524BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
525details about the structures returned. The returned structure should be freed
526after use using the relevant free function, BASIC_CONSTRAINTS_free() for
527example.
528
529void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
530void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
531void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
532void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
533
534These functions combine the operations of searching for extensions and
535parsing them. They search a certificate, a CRL a CRL entry or a stack
536of extensions respectively for extension whose NID is 'nid' and return
537the parsed result of NULL if an error occurred. For example:
538
539BASIC_CONSTRAINTS *bs;
540bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
541
542This will search for the basicConstraints extension and either return
543it value or NULL. NULL can mean either the extension was not found, it
544occurred more than once or it could not be parsed.
545
546If 'idx' is NULL then an extension is only parsed if it occurs precisely
547once. This is standard behaviour because extensions normally cannot occur
548more than once. If however more than one extension of the same type can
549occur it can be used to parse successive extensions for example:
550
551int i;
552void *ext;
553
554i = -1;
555for(;;) {
556 ext = X509_get_ext_d2i(x, nid, crit, &idx);
557 if(ext == NULL) break;
558 /* Do something with ext */
559}
560
561If 'crit' is not NULL and the extension was found then the int it points to
562is set to 1 for critical extensions and 0 for non critical. Therefore if the
563function returns NULL but 'crit' is set to 0 or 1 then the extension was
564found but it could not be parsed.
565
566The int pointed to by crit will be set to -1 if the extension was not found
567and -2 if the extension occurred more than once (this will only happen if
568idx is NULL). In both cases the function will return NULL.
569
5703. Generating extensions.
571
572An extension will typically be generated from a configuration file, or some
573other kind of configuration database.
574
575int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
576 X509 *cert);
577int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
578 X509_CRL *crl);
579
580These functions add all the extensions in the given section to the given
581certificate or CRL. They will normally be called just before the certificate
582or CRL is due to be signed. Both return 0 on error on non zero for success.
583
584In each case 'conf' is the LHASH pointer of the configuration file to use
585and 'section' is the section containing the extension details.
586
587See the 'context functions' section for a description of the ctx parameter.
588
589
590X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
591 char *value);
592
593This function returns an extension based on a name and value pair, if the
594pair will not need to access other sections in a config file (or there is no
595config file) then the 'conf' parameter can be set to NULL.
596
597X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
598 char *value);
599
600This function creates an extension in the same way as X509V3_EXT_conf() but
601takes the NID of the extension rather than its name.
602
603For example to produce basicConstraints with the CA flag and a path length of
60410:
605
606x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
607
608
609X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
610
611This function sets up an extension from its internal structure. The ext_nid
612parameter is the NID of the extension and 'crit' is the critical flag.
613
6144. Context functions.
615
616The following functions set and manipulate an extension context structure.
617The purpose of the extension context is to allow the extension code to
618access various structures relating to the "environment" of the certificate:
619for example the issuers certificate or the certificate request.
620
621void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
622 X509_REQ *req, X509_CRL *crl, int flags);
623
624This function sets up an X509V3_CTX structure with details of the certificate
625environment: specifically the issuers certificate, the subject certificate,
626the certificate request and the CRL: if these are not relevant or not
627available then they can be set to NULL. The 'flags' parameter should be set
628to zero.
629
630X509V3_set_ctx_test(ctx)
631
632This macro is used to set the 'ctx' structure to a 'test' value: this is to
633allow the syntax of an extension (or configuration file) to be tested.
634
635X509V3_set_ctx_nodb(ctx)
636
637This macro is used when no configuration database is present.
638
639void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
640
641This function is used to set the configuration database when it is an LHASH
642structure: typically a configuration file.
643
644The following functions are used to access a configuration database: they
645should only be used in RAW extensions.
646
647char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
648
649This function returns the value of the parameter "name" in "section", or NULL
650if there has been an error.
651
652void X509V3_string_free(X509V3_CTX *ctx, char *str);
653
654This function frees up the string returned by the above function.
655
656STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
657
658This function returns a whole section as a STACK_OF(CONF_VALUE) .
659
660void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
661
662This function frees up the STACK returned by the above function.
663
664Note: it is possible to use the extension code with a custom configuration
665database. To do this the "db_meth" element of the X509V3_CTX structure should
666be set to an X509V3_CTX_METHOD structure. This structure contains the following
667function pointers:
668
669char * (*get_string)(void *db, char *section, char *value);
670STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
671void (*free_string)(void *db, char * string);
672void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
673
674these will be called and passed the 'db' element in the X509V3_CTX structure
675to access the database. If a given function is not implemented or not required
676it can be set to NULL.
677
6785. String helper functions.
679
680There are several "i2s" and "s2i" functions that convert structures to and
681from ASCII strings. In all the "i2s" cases the returned string should be
682freed using Free() after use. Since some of these are part of other extension
683code they may take a 'method' parameter. Unless otherwise stated it can be
684safely set to NULL.
685
686char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
687
688This returns a hex string from an ASN1_OCTET_STRING.
689
690char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
691char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
692
693These return a string decimal representations of an ASN1_INTEGER and an
694ASN1_ENUMERATED type, respectively.
695
696ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
697 X509V3_CTX *ctx, char *str);
698
699This converts an ASCII hex string to an ASN1_OCTET_STRING.
700
701ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
702
703This converts a decimal ASCII string into an ASN1_INTEGER.
704
7056. Multi valued extension helper functions.
706
707The following functions can be used to manipulate STACKs of CONF_VALUE
708structures, as used by multi valued extensions.
709
710int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
711
712This function expects a boolean value in 'value' and sets 'asn1_bool' to
713it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
714strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
715"false", "N", "n", "NO" or "no".
716
717int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
718
719This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
720
721int X509V3_add_value(const char *name, const char *value,
722 STACK_OF(CONF_VALUE) **extlist);
723
724This simply adds a string name and value pair.
725
726int X509V3_add_value_uchar(const char *name, const unsigned char *value,
727 STACK_OF(CONF_VALUE) **extlist);
728
729The same as above but for an unsigned character value.
730
731int X509V3_add_value_bool(const char *name, int asn1_bool,
732 STACK_OF(CONF_VALUE) **extlist);
733
734This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
735
736int X509V3_add_value_bool_nf(char *name, int asn1_bool,
737 STACK_OF(CONF_VALUE) **extlist);
738
739This is the same as above except it adds nothing if asn1_bool is FALSE.
740
741int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
742 STACK_OF(CONF_VALUE) **extlist);
743
744This function adds the value of the ASN1_INTEGER in decimal form.
745
7467. Other helper functions.
747
748<to be added>
749
750ADDING CUSTOM EXTENSIONS.
751
752Currently there are three types of supported extensions.
753
754String extensions are simple strings where the value is placed directly in the
755extensions, and the string returned is printed out.
756
757Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
758or return a STACK_OF(CONF_VALUE).
759
760Raw extensions are just passed a BIO or a value and it is the extensions
761responsibility to handle all the necessary printing.
762
763There are two ways to add an extension. One is simply as an alias to an already
764existing extension. An alias is an extension that is identical in ASN1 structure
765to an existing extension but has a different OBJECT IDENTIFIER. This can be
766done by calling:
767
768int X509V3_EXT_add_alias(int nid_to, int nid_from);
769
770'nid_to' is the new extension NID and 'nid_from' is the already existing
771extension NID.
772
773Alternatively an extension can be written from scratch. This involves writing
774the ASN1 code to encode and decode the extension and functions to print out and
775generate the extension from strings. The relevant functions are then placed in
776a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
777called.
778
779The X509V3_EXT_METHOD structure is described below.
780
781struct {
782int ext_nid;
783int ext_flags;
784X509V3_EXT_NEW ext_new;
785X509V3_EXT_FREE ext_free;
786X509V3_EXT_D2I d2i;
787X509V3_EXT_I2D i2d;
788X509V3_EXT_I2S i2s;
789X509V3_EXT_S2I s2i;
790X509V3_EXT_I2V i2v;
791X509V3_EXT_V2I v2i;
792X509V3_EXT_R2I r2i;
793X509V3_EXT_I2R i2r;
794
795void *usr_data;
796};
797
798The elements have the following meanings.
799
800ext_nid is the NID of the object identifier of the extension.
801
802ext_flags is set of flags. Currently the only external flag is
803 X509V3_EXT_MULTILINE which means a multi valued extensions
804 should be printed on separate lines.
805
806usr_data is an extension specific pointer to any relevant data. This
807 allows extensions to share identical code but have different
808 uses. An example of this is the bit string extension which uses
809 usr_data to contain a list of the bit names.
810
811All the remaining elements are function pointers.
812
813ext_new is a pointer to a function that allocates memory for the
814 extension ASN1 structure: for example ASN1_OBJECT_new().
815
816ext_free is a pointer to a function that free up memory of the extension
817 ASN1 structure: for example ASN1_OBJECT_free().
818
819d2i is the standard ASN1 function that converts a DER buffer into
820 the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
821
822i2d is the standard ASN1 function that converts the internal
823 structure into the DER representation: for example
824 i2d_ASN1_IA5STRING().
825
826The remaining functions are depend on the type of extension. One i2X and
827one X2i should be set and the rest set to NULL. The types set do not need
828to match up, for example the extension could be set using the multi valued
829v2i function and printed out using the raw i2r.
830
831All functions have the X509V3_EXT_METHOD passed to them in the 'method'
832parameter and an X509V3_CTX structure. Extension code can then access the
833parent structure via the 'method' parameter to for example make use of the value
834of usr_data. If the code needs to use detail relating to the request it can
835use the 'ctx' parameter.
836
837A note should be given here about the 'flags' member of the 'ctx' parameter.
838If it has the value CTX_TEST then the configuration syntax is being checked
839and no actual certificate or CRL exists. Therefore any attempt in the config
840file to access such information should silently succeed. If the syntax is OK
841then it should simply return a (possibly bogus) extension, otherwise it
842should return NULL.
843
844char *i2s(struct v3_ext_method *method, void *ext);
845
846This function takes the internal structure in the ext parameter and returns
847a Malloc'ed string representing its value.
848
849void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
850
851This function takes the string representation in the ext parameter and returns
852an allocated internal structure: ext_free() will be used on this internal
853structure after use.
854
855i2v and v2i handle a STACK_OF(CONF_VALUE):
856
857typedef struct
858{
859 char *section;
860 char *name;
861 char *value;
862} CONF_VALUE;
863
864Only the name and value members are currently used.
865
866STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
867
868This function is passed the internal structure in the ext parameter and
869returns a STACK of CONF_VALUE structures. The values of name, value,
870section and the structure itself will be freed up with Free after use.
871Several helper functions are available to add values to this STACK.
872
873void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
874 STACK_OF(CONF_VALUE) *values);
875
876This function takes a STACK_OF(CONF_VALUE) structures and should set the
877values of the external structure. This typically uses the name element to
878determine which structure element to set and the value element to determine
879what to set it to. Several helper functions are available for this
880purpose (see above).
881
882int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
883
884This function is passed the internal extension structure in the ext parameter
885and sends out a human readable version of the extension to out. The 'indent'
886parameter should be noted to determine the necessary amount of indentation
887needed on the output.
888
889void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
890
891This is just passed the string representation of the extension. It is intended
892to be used for more elaborate extensions where the standard single and multi
893valued options are insufficient. They can use the 'ctx' parameter to parse the
894configuration database themselves. See the context functions section for details
895of how to do this.
896
897Note: although this type takes the same parameters as the "r2s" function there
898is a subtle difference. Whereas an "r2i" function can access a configuration
899database an "s2i" function MUST NOT. This is so the internal code can safely
900assume that an "s2i" function will work without a configuration database.
901
902==============================================================================
903 PKCS#12 Library
904==============================================================================
905
906This section describes the internal PKCS#12 support. There are very few
907differences between the old external library and the new internal code at
908present. This may well change because the external library will not be updated
909much in future.
910
911This version now includes a couple of high level PKCS#12 functions which
912generally "do the right thing" and should make it much easier to handle PKCS#12
913structures.
914
915HIGH LEVEL FUNCTIONS.
916
917For most applications you only need concern yourself with the high level
918functions. They can parse and generate simple PKCS#12 files as produced by
919Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
920private key and certificate pair.
921
9221. Initialisation and cleanup.
923
924No special initialisation is needed for the internal PKCS#12 library: the
925standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
926add all algorithms (you should at least add SHA1 though) then you can manually
927initialise the PKCS#12 library with:
928
929PKCS12_PBE_add();
930
931The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
932called or it can be directly freed with:
933
934EVP_PBE_cleanup();
935
936after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
937be called.
938
9392. I/O functions.
940
941i2d_PKCS12_bio(bp, p12)
942
943This writes out a PKCS12 structure to a BIO.
944
945i2d_PKCS12_fp(fp, p12)
946
947This is the same but for a FILE pointer.
948
949d2i_PKCS12_bio(bp, p12)
950
951This reads in a PKCS12 structure from a BIO.
952
953d2i_PKCS12_fp(fp, p12)
954
955This is the same but for a FILE pointer.
956
9573. High level functions.
958
9593.1 Parsing with PKCS12_parse().
960
961int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
962 STACK **ca);
963
964This function takes a PKCS12 structure and a password (ASCII, null terminated)
965and returns the private key, the corresponding certificate and any CA
966certificates. If any of these is not required it can be passed as a NULL.
967The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
968structure. Typically to read in a PKCS#12 file you might do:
969
970p12 = d2i_PKCS12_fp(fp, NULL);
971PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
972PKCS12_free(p12);
973
9743.2 PKCS#12 creation with PKCS12_create().
975
976PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
977 STACK *ca, int nid_key, int nid_cert, int iter,
978 int mac_iter, int keytype);
979
980This function will create a PKCS12 structure from a given password, name,
981private key, certificate and optional STACK of CA certificates. The remaining
9825 parameters can be set to 0 and sensible defaults will be used.
983
984The parameters nid_key and nid_cert are the key and certificate encryption
985algorithms, iter is the encryption iteration count, mac_iter is the MAC
986iteration count and keytype is the type of private key. If you really want
987to know what these last 5 parameters do then read the low level section.
988
989Typically to create a PKCS#12 file the following could be used:
990
991p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
992i2d_PKCS12_fp(fp, p12);
993PKCS12_free(p12);
994
9953.3 Changing a PKCS#12 structure password.
996
997int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
998
999This changes the password of an already existing PKCS#12 structure. oldpass
1000is the old password and newpass is the new one. An error occurs if the old
1001password is incorrect.
1002
1003LOW LEVEL FUNCTIONS.
1004
1005In some cases the high level functions do not provide the necessary
1006functionality. For example if you want to generate or parse more complex
1007PKCS#12 files. The sample pkcs12 application uses the low level functions
1008to display details about the internal structure of a PKCS#12 file.
1009
1010Introduction.
1011
1012This is a brief description of how a PKCS#12 file is represented internally:
1013some knowledge of PKCS#12 is assumed.
1014
1015A PKCS#12 object contains several levels.
1016
1017At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
1018CRL, a private key, encrypted or unencrypted, a set of safebags (so the
1019structure can be nested) or other secrets (not documented at present).
1020A safebag can optionally have attributes, currently these are: a unicode
1021friendlyName (a Unicode string) or a localKeyID (a string of bytes).
1022
1023At the next level is an authSafe which is a set of safebags collected into
1024a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
1025
1026At the top level is the PKCS12 structure itself which contains a set of
1027authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
1028contains a MAC which is a kind of password protected digest to preserve
1029integrity (so any unencrypted stuff below can't be tampered with).
1030
1031The reason for these levels is so various objects can be encrypted in various
1032ways. For example you might want to encrypt a set of private keys with
1033triple-DES and then include the related certificates either unencrypted or
1034with lower encryption. Yes it's the dreaded crypto laws at work again which
1035allow strong encryption on private keys and only weak encryption on other
1036stuff.
1037
1038To build one of these things you turn all certificates and keys into safebags
1039(with optional attributes). You collect the safebags into (one or more) STACKS
1040and convert these into authsafes (encrypted or unencrypted). The authsafes
1041are collected into a STACK and added to a PKCS12 structure. Finally a MAC
1042inserted.
1043
1044Pulling one apart is basically the reverse process. The MAC is verified against
1045the given password. The authsafes are extracted and each authsafe split into
1046a set of safebags (possibly involving decryption). Finally the safebags are
1047decomposed into the original keys and certificates and the attributes used to
1048match up private key and certificate pairs.
1049
1050Anyway here are the functions that do the dirty work.
1051
10521. Construction functions.
1053
10541.1 Safebag functions.
1055
1056M_PKCS12_x5092certbag(x509)
1057
1058This macro takes an X509 structure and returns a certificate bag. The
1059X509 structure can be freed up after calling this function.
1060
1061M_PKCS12_x509crl2certbag(crl)
1062
1063As above but for a CRL.
1064
1065PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
1066
1067Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
1068Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
1069structure contains a private key data in plain text form it should be free'd
1070up as soon as it has been encrypted for security reasons (freeing up the
1071structure zeros out the sensitive data). This can be done with
1072PKCS8_PRIV_KEY_INFO_free().
1073
1074PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
1075
1076This sets the key type when a key is imported into MSIE or Outlook 98. Two
1077values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
1078key that can also be used for signing but its size is limited in the export
1079versions of MS software to 512 bits, it is also the default. KEY_SIG is a
1080signing only key but the keysize is unlimited (well 16K is supposed to work).
1081If you are using the domestic version of MSIE then you can ignore this because
1082KEY_EX is not limited and can be used for both.
1083
1084PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
1085
1086Convert a PKCS8 private key structure into a keybag. This routine embeds the
1087p8 structure in the keybag so p8 should not be freed up or used after it is
1088called. The p8 structure will be freed up when the safebag is freed.
1089
1090PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
1091
1092Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
1093embedded and can be freed up after use.
1094
1095int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1096int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1097
1098Add a local key id or a friendlyname to a safebag.
1099
11001.2 Authsafe functions.
1101
1102PKCS7 *PKCS12_pack_p7data(STACK *sk)
1103Take a stack of safebags and convert them into an unencrypted authsafe. The
1104stack of safebags can be freed up after calling this function.
1105
1106PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
1107
1108As above but encrypted.
1109
11101.3 PKCS12 functions.
1111
1112PKCS12 *PKCS12_init(int mode)
1113
1114Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
1115
1116M_PKCS12_pack_authsafes(p12, safes)
1117
1118This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
1119
1120int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
1121
1122Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
1123that SHA-1 should be used.
1124
11252. Extraction Functions.
1126
11272.1 Safebags.
1128
1129M_PKCS12_bag_type(bag)
1130
1131Return the type of "bag". Returns one of the following
1132
1133NID_keyBag
1134NID_pkcs8ShroudedKeyBag 7
1135NID_certBag 8
1136NID_crlBag 9
1137NID_secretBag 10
1138NID_safeContentsBag 11
1139
1140M_PKCS12_cert_bag_type(bag)
1141
1142Returns type of certificate bag, following are understood.
1143
1144NID_x509Certificate 14
1145NID_sdsiCertificate 15
1146
1147M_PKCS12_crl_bag_type(bag)
1148
1149Returns crl bag type, currently only NID_crlBag is recognised.
1150
1151M_PKCS12_certbag2x509(bag)
1152
1153This macro extracts an X509 certificate from a certificate bag.
1154
1155M_PKCS12_certbag2x509crl(bag)
1156
1157As above but for a CRL.
1158
1159EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
1160
1161Extract a private key from a PKCS8 private key info structure.
1162
1163M_PKCS12_decrypt_skey(bag, pass, passlen)
1164
1165Decrypt a shrouded key bag and return a PKCS8 private key info structure.
1166Works with both RSA and DSA keys
1167
1168char *PKCS12_get_friendlyname(bag)
1169
1170Returns the friendlyName of a bag if present or NULL if none. The returned
1171string is a null terminated ASCII string allocated with Malloc(). It should
1172thus be freed up with Free() after use.
1173
11742.2 AuthSafe functions.
1175
1176M_PKCS12_unpack_p7data(p7)
1177
1178Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
1179
1180#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
1181
1182As above but for an encrypted content info.
1183
11842.3 PKCS12 functions.
1185
1186M_PKCS12_unpack_authsafes(p12)
1187
1188Extract a STACK of authsafes from a PKCS12 structure.
1189
1190M_PKCS12_mac_present(p12)
1191
1192Check to see if a MAC is present.
1193
1194int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
1195
1196Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
1197
1198
1199Notes.
1200
12011. All the function return 0 or NULL on error.
12022. Encryption based functions take a common set of parameters. These are
1203described below.
1204
1205pass, passlen
1206ASCII password and length. The password on the MAC is called the "integrity
1207password" the encryption password is called the "privacy password" in the
1208PKCS#12 documentation. The passwords do not have to be the same. If -1 is
1209passed for the length it is worked out by the function itself (currently
1210this is sometimes done whatever is passed as the length but that may change).
1211
1212salt, saltlen
1213A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
1214default length is used.
1215
1216iter
1217Iteration count. This is a measure of how many times an internal function is
1218called to encrypt the data. The larger this value is the longer it takes, it
1219makes dictionary attacks on passwords harder. NOTE: Some implementations do
1220not support an iteration count on the MAC. If the password for the MAC and
1221encryption is the same then there is no point in having a high iteration
1222count for encryption if the MAC has no count. The MAC could be attacked
1223and the password used for the main decryption.
1224
1225pbe_nid
1226This is the NID of the password based encryption method used. The following are
1227supported.
1228NID_pbe_WithSHA1And128BitRC4
1229NID_pbe_WithSHA1And40BitRC4
1230NID_pbe_WithSHA1And3_Key_TripleDES_CBC
1231NID_pbe_WithSHA1And2_Key_TripleDES_CBC
1232NID_pbe_WithSHA1And128BitRC2_CBC
1233NID_pbe_WithSHA1And40BitRC2_CBC
1234
1235Which you use depends on the implementation you are exporting to. "Export
1236grade" (i.e. cryptographically challenged) products cannot support all
1237algorithms. Typically you may be able to use any encryption on shrouded key
1238bags but they must then be placed in an unencrypted authsafe. Other authsafes
1239may only support 40bit encryption. Of course if you are using SSLeay
1240throughout you can strongly encrypt everything and have high iteration counts
1241on everything.
1242
12433. For decryption routines only the password and length are needed.
1244
12454. Unlike the external version the nid's of objects are the values of the
1246constants: that is NID_certBag is the real nid, therefore there is no
1247PKCS12_obj_offset() function. Note the object constants are not the same as
1248those of the external version. If you use these constants then you will need
1249to recompile your code.
1250
12515. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or
1252macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
1253reused or freed up safely.
1254
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index 7bada8d35f..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,285 +0,0 @@
1Standards related to OpenSSL
2============================
3
4[Please, this is currently a draft. I made a first try at finding
5 documents that describe parts of what OpenSSL implements. There are
6 big gaps, and I've most certainly done something wrong. Please
7 correct whatever is... Also, this note should be removed when this
8 file is reaching a somewhat correct state. -- Richard Levitte]
9
10
11All pointers in here will be either URL's or blobs of text borrowed
12from miscellaneous indexes, like rfc-index.txt (index of RFCs),
131id-index.txt (index of Internet drafts) and the like.
14
15To find the latest possible RFCs, it's recommended to either browse
16ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
17use the search mechanism found there.
18To find the latest possible Internet drafts, it's recommended to
19browse ftp://ftp.isi.edu/internet-drafts/.
20To find the latest possible PKCS, it's recommended to browse
21http://www.rsasecurity.com/rsalabs/pkcs/.
22
23
24Implemented:
25------------
26
27These are documents that describe things that are implemented (in
28whole or at least great parts) in OpenSSL.
29
301319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
31 (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
32
331320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
34 TXT=32407 bytes) (Status: INFORMATIONAL)
35
361321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
37 TXT=35222 bytes) (Status: INFORMATIONAL)
38
392246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
40 (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
41
422268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
43 January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
44
452315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
46 March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
47
48PKCS#8: Private-Key Information Syntax Standard
49
50PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
51
522560 X.509 Internet Public Key Infrastructure Online Certificate
53 Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
54 C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
55 STANDARD)
56
572712 Addition of Kerberos Cipher Suites to Transport Layer Security
58 (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
59 (Status: PROPOSED STANDARD)
60
612898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
62 B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
63 INFORMATIONAL)
64
652986 PKCS #10: Certification Request Syntax Specification Version 1.7.
66 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
67 (Obsoletes RFC2314) (Status: INFORMATIONAL)
68
693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
71
723161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
73 C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
74 (Status: PROPOSED STANDARD)
75
763268 Advanced Encryption Standard (AES) Ciphersuites for Transport
77 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
78 (Status: PROPOSED STANDARD)
79
803279 Algorithms and Identifiers for the Internet X.509 Public Key
81 Infrastructure Certificate and Certificate Revocation List (CRL)
82 Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
83 TXT=53833 bytes) (Status: PROPOSED STANDARD)
84
853280 Internet X.509 Public Key Infrastructure Certificate and
86 Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
87 Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
88 RFC2459) (Status: PROPOSED STANDARD)
89
903447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
91 Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
92 (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
93 INFORMATIONAL)
94
953713 A Description of the Camellia Encryption Algorithm. M. Matsui,
96 J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
97 (Status: INFORMATIONAL)
98
993820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
100 Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
101 June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
102
1034132 Addition of Camellia Cipher Suites to Transport Layer Security
104 (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
105 bytes) (Status: PROPOSED STANDARD)
106
1074162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
108 H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
109 (Status: PROPOSED STANDARD)
110
1114269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
112 D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
113 (Obsoletes RFC4009) (Status: INFORMATIONAL)
114
115
116Related:
117--------
118
119These are documents that are close to OpenSSL, for example the
120STARTTLS documents.
121
1221421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
123 Encryption and Authentication Procedures. J. Linn. February 1993.
124 (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
125 STANDARD)
126
1271422 Privacy Enhancement for Internet Electronic Mail: Part II:
128 Certificate-Based Key Management. S. Kent. February 1993. (Format:
129 TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
130
1311423 Privacy Enhancement for Internet Electronic Mail: Part III:
132 Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
133 (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
134 STANDARD)
135
1361424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
137 Certification and Related Services. B. Kaliski. February 1993.
138 (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
139
1402025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
141 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
142
1432510 Internet X.509 Public Key Infrastructure Certificate Management
144 Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
145 bytes) (Status: PROPOSED STANDARD)
146
1472511 Internet X.509 Certificate Request Message Format. M. Myers, C.
148 Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
149 (Status: PROPOSED STANDARD)
150
1512527 Internet X.509 Public Key Infrastructure Certificate Policy and
152 Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
153 (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
154
1552538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
156 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
157 PROPOSED STANDARD)
158
1592539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
160 D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
161 PROPOSED STANDARD)
162
1632559 Internet X.509 Public Key Infrastructure Operational Protocols -
164 LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
165 TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
166
1672585 Internet X.509 Public Key Infrastructure Operational Protocols:
168 FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
169 bytes) (Status: PROPOSED STANDARD)
170
1712587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
172 Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
173 (Status: PROPOSED STANDARD)
174
1752595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
176 (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
177
1782631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
179 (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
180
1812632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
182 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
183
1842716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
185 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
186
1872773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
188 February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
189 EXPERIMENTAL)
190
1912797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
192 Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
193 PROPOSED STANDARD)
194
1952817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
196 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
197 STANDARD)
198
1992818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
200 (Status: INFORMATIONAL)
201
2022876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
203 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
204
2052984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
206 October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
207
2082985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
209 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
210 (Status: INFORMATIONAL)
211
2123029 Internet X.509 Public Key Infrastructure Data Validation and
213 Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
214 R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
215 EXPERIMENTAL)
216
2173039 Internet X.509 Public Key Infrastructure Qualified Certificates
218 Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
219 (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
220
2213058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
222 Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
223 (Status: INFORMATIONAL)
224
2253161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
226 (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
227 (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
228
2293185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
230 October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
231
2323207 SMTP Service Extension for Secure SMTP over Transport Layer
233 Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
234 (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
235
2363217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
237 (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
238
2393274 Compressed Data Content Type for Cryptographic Message Syntax
240 (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
241 PROPOSED STANDARD)
242
2433278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
244 Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
245 Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
246 INFORMATIONAL)
247
2483281 An Internet Attribute Certificate Profile for Authorization. S.
249 Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
250 PROPOSED STANDARD)
251
2523369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
253 (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
254 PROPOSED STANDARD)
255
2563370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
257 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
258 PROPOSED STANDARD)
259
2603377 Lightweight Directory Access Protocol (v3): Technical
261 Specification. J. Hodges, R. Morgan. September 2002. (Format:
262 TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
263 RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
264
2653394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
266 R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
267 INFORMATIONAL)
268
2693436 Transport Layer Security over Stream Control Transmission
270 Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
271 (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
272
2733657 Use of the Camellia Encryption Algorithm in Cryptographic
274 Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
275 (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
276
277"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
278
279
280To be implemented:
281------------------
282
283These are documents that describe things that are planed to be
284implemented in the hopefully short future.
285
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
deleted file mode 100644
index 2900d1d8ae..0000000000
--- a/src/lib/libssl/dtls1.h
+++ /dev/null
@@ -1,267 +0,0 @@
1/* ssl/dtls1.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifndef HEADER_DTLS1_H
61#define HEADER_DTLS1_H
62
63#include <openssl/buffer.h>
64#include <openssl/pqueue.h>
65#ifdef OPENSSL_SYS_VMS
66#include <resource.h>
67#include <sys/timeb.h>
68#endif
69#ifdef OPENSSL_SYS_WIN32
70/* Needed for struct timeval */
71#include <winsock.h>
72#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
73#include <sys/timeval.h>
74#else
75#include <sys/time.h>
76#endif
77
78#ifdef __cplusplus
79extern "C" {
80#endif
81
82#define DTLS1_VERSION 0xFEFF
83#define DTLS1_BAD_VER 0x0100
84
85#if 0
86/* this alert description is not specified anywhere... */
87#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
88#endif
89
90/* lengths of messages */
91#define DTLS1_COOKIE_LENGTH 256
92
93#define DTLS1_RT_HEADER_LENGTH 13
94
95#define DTLS1_HM_HEADER_LENGTH 12
96
97#define DTLS1_HM_BAD_FRAGMENT -2
98#define DTLS1_HM_FRAGMENT_RETRY -3
99
100#define DTLS1_CCS_HEADER_LENGTH 1
101
102#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
103#define DTLS1_AL_HEADER_LENGTH 7
104#else
105#define DTLS1_AL_HEADER_LENGTH 2
106#endif
107
108
109typedef struct dtls1_bitmap_st
110 {
111 unsigned long map; /* track 32 packets on 32-bit systems
112 and 64 - on 64-bit systems */
113 unsigned char max_seq_num[8]; /* max record number seen so far,
114 64-bit value in big-endian
115 encoding */
116 } DTLS1_BITMAP;
117
118struct dtls1_retransmit_state
119 {
120 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
121 EVP_MD_CTX *write_hash; /* used for mac generation */
122#ifndef OPENSSL_NO_COMP
123 COMP_CTX *compress; /* compression */
124#else
125 char *compress;
126#endif
127 SSL_SESSION *session;
128 unsigned short epoch;
129 };
130
131struct hm_header_st
132 {
133 unsigned char type;
134 unsigned long msg_len;
135 unsigned short seq;
136 unsigned long frag_off;
137 unsigned long frag_len;
138 unsigned int is_ccs;
139 struct dtls1_retransmit_state saved_retransmit_state;
140 };
141
142struct ccs_header_st
143 {
144 unsigned char type;
145 unsigned short seq;
146 };
147
148struct dtls1_timeout_st
149 {
150 /* Number of read timeouts so far */
151 unsigned int read_timeouts;
152
153 /* Number of write timeouts so far */
154 unsigned int write_timeouts;
155
156 /* Number of alerts received so far */
157 unsigned int num_alerts;
158 };
159
160typedef struct record_pqueue_st
161 {
162 unsigned short epoch;
163 pqueue q;
164 } record_pqueue;
165
166typedef struct hm_fragment_st
167 {
168 struct hm_header_st msg_header;
169 unsigned char *fragment;
170 unsigned char *reassembly;
171 } hm_fragment;
172
173typedef struct dtls1_state_st
174 {
175 unsigned int send_cookie;
176 unsigned char cookie[DTLS1_COOKIE_LENGTH];
177 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
178 unsigned int cookie_len;
179
180 /*
181 * The current data and handshake epoch. This is initially
182 * undefined, and starts at zero once the initial handshake is
183 * completed
184 */
185 unsigned short r_epoch;
186 unsigned short w_epoch;
187
188 /* records being received in the current epoch */
189 DTLS1_BITMAP bitmap;
190
191 /* renegotiation starts a new set of sequence numbers */
192 DTLS1_BITMAP next_bitmap;
193
194 /* handshake message numbers */
195 unsigned short handshake_write_seq;
196 unsigned short next_handshake_write_seq;
197
198 unsigned short handshake_read_seq;
199
200 /* save last sequence number for retransmissions */
201 unsigned char last_write_sequence[8];
202
203 /* Received handshake records (processed and unprocessed) */
204 record_pqueue unprocessed_rcds;
205 record_pqueue processed_rcds;
206
207 /* Buffered handshake messages */
208 pqueue buffered_messages;
209
210 /* Buffered (sent) handshake records */
211 pqueue sent_messages;
212
213 /* Buffered application records.
214 * Only for records between CCS and Finished
215 * to prevent either protocol violation or
216 * unnecessary message loss.
217 */
218 record_pqueue buffered_app_data;
219
220 /* Is set when listening for new connections with dtls1_listen() */
221 unsigned int listen;
222
223 unsigned int mtu; /* max DTLS packet size */
224
225 struct hm_header_st w_msg_hdr;
226 struct hm_header_st r_msg_hdr;
227
228 struct dtls1_timeout_st timeout;
229
230 /* Indicates when the last handshake msg sent will timeout */
231 struct timeval next_timeout;
232
233 /* Timeout duration */
234 unsigned short timeout_duration;
235
236 /* storage for Alert/Handshake protocol data received but not
237 * yet processed by ssl3_read_bytes: */
238 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
239 unsigned int alert_fragment_len;
240 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
241 unsigned int handshake_fragment_len;
242
243 unsigned int retransmitting;
244 unsigned int change_cipher_spec_ok;
245
246 } DTLS1_STATE;
247
248typedef struct dtls1_record_data_st
249 {
250 unsigned char *packet;
251 unsigned int packet_length;
252 SSL3_BUFFER rbuf;
253 SSL3_RECORD rrec;
254 } DTLS1_RECORD_DATA;
255
256
257/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
258#define DTLS1_TMO_READ_COUNT 2
259#define DTLS1_TMO_WRITE_COUNT 2
260
261#define DTLS1_TMO_ALERT_COUNT 12
262
263#ifdef __cplusplus
264}
265#endif
266#endif
267
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
deleted file mode 100644
index c4d8bf2eb3..0000000000
--- a/src/lib/libssl/s23_clnt.c
+++ /dev/null
@@ -1,696 +0,0 @@
1/* ssl/s23_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#include <openssl/buffer.h>
115#include <openssl/rand.h>
116#include <openssl/objects.h>
117#include <openssl/evp.h>
118
119static const SSL_METHOD *ssl23_get_client_method(int ver);
120static int ssl23_client_hello(SSL *s);
121static int ssl23_get_server_hello(SSL *s);
122static const SSL_METHOD *ssl23_get_client_method(int ver)
123 {
124#ifndef OPENSSL_NO_SSL2
125 if (ver == SSL2_VERSION)
126 return(SSLv2_client_method());
127#endif
128 if (ver == SSL3_VERSION)
129 return(SSLv3_client_method());
130 else if (ver == TLS1_VERSION)
131 return(TLSv1_client_method());
132 else
133 return(NULL);
134 }
135
136IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
137 ssl_undefined_function,
138 ssl23_connect,
139 ssl23_get_client_method)
140
141int ssl23_connect(SSL *s)
142 {
143 BUF_MEM *buf=NULL;
144 unsigned long Time=(unsigned long)time(NULL);
145 void (*cb)(const SSL *ssl,int type,int val)=NULL;
146 int ret= -1;
147 int new_state,state;
148
149 RAND_add(&Time,sizeof(Time),0);
150 ERR_clear_error();
151 clear_sys_error();
152
153 if (s->info_callback != NULL)
154 cb=s->info_callback;
155 else if (s->ctx->info_callback != NULL)
156 cb=s->ctx->info_callback;
157
158 s->in_handshake++;
159 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
160
161 for (;;)
162 {
163 state=s->state;
164
165 switch(s->state)
166 {
167 case SSL_ST_BEFORE:
168 case SSL_ST_CONNECT:
169 case SSL_ST_BEFORE|SSL_ST_CONNECT:
170 case SSL_ST_OK|SSL_ST_CONNECT:
171
172 if (s->session != NULL)
173 {
174 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
175 ret= -1;
176 goto end;
177 }
178 s->server=0;
179 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
180
181 /* s->version=TLS1_VERSION; */
182 s->type=SSL_ST_CONNECT;
183
184 if (s->init_buf == NULL)
185 {
186 if ((buf=BUF_MEM_new()) == NULL)
187 {
188 ret= -1;
189 goto end;
190 }
191 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
192 {
193 ret= -1;
194 goto end;
195 }
196 s->init_buf=buf;
197 buf=NULL;
198 }
199
200 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
201
202 ssl3_init_finished_mac(s);
203
204 s->state=SSL23_ST_CW_CLNT_HELLO_A;
205 s->ctx->stats.sess_connect++;
206 s->init_num=0;
207 break;
208
209 case SSL23_ST_CW_CLNT_HELLO_A:
210 case SSL23_ST_CW_CLNT_HELLO_B:
211
212 s->shutdown=0;
213 ret=ssl23_client_hello(s);
214 if (ret <= 0) goto end;
215 s->state=SSL23_ST_CR_SRVR_HELLO_A;
216 s->init_num=0;
217
218 break;
219
220 case SSL23_ST_CR_SRVR_HELLO_A:
221 case SSL23_ST_CR_SRVR_HELLO_B:
222 ret=ssl23_get_server_hello(s);
223 if (ret >= 0) cb=NULL;
224 goto end;
225 /* break; */
226
227 default:
228 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
229 ret= -1;
230 goto end;
231 /* break; */
232 }
233
234 if (s->debug) { (void)BIO_flush(s->wbio); }
235
236 if ((cb != NULL) && (s->state != state))
237 {
238 new_state=s->state;
239 s->state=state;
240 cb(s,SSL_CB_CONNECT_LOOP,1);
241 s->state=new_state;
242 }
243 }
244end:
245 s->in_handshake--;
246 if (buf != NULL)
247 BUF_MEM_free(buf);
248 if (cb != NULL)
249 cb(s,SSL_CB_CONNECT_EXIT,ret);
250 return(ret);
251 }
252
253static int ssl23_no_ssl2_ciphers(SSL *s)
254 {
255 SSL_CIPHER *cipher;
256 STACK_OF(SSL_CIPHER) *ciphers;
257 int i;
258 ciphers = SSL_get_ciphers(s);
259 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
260 {
261 cipher = sk_SSL_CIPHER_value(ciphers, i);
262 if (cipher->algorithm_ssl == SSL_SSLV2)
263 return 0;
264 }
265 return 1;
266 }
267
268static int ssl23_client_hello(SSL *s)
269 {
270 unsigned char *buf;
271 unsigned char *p,*d;
272 int i,ch_len;
273 unsigned long Time,l;
274 int ssl2_compat;
275 int version = 0, version_major, version_minor;
276#ifndef OPENSSL_NO_COMP
277 int j;
278 SSL_COMP *comp;
279#endif
280 int ret;
281
282 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
283
284 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
285 ssl2_compat = 0;
286
287 if (!(s->options & SSL_OP_NO_TLSv1))
288 {
289 version = TLS1_VERSION;
290 }
291 else if (!(s->options & SSL_OP_NO_SSLv3))
292 {
293 version = SSL3_VERSION;
294 }
295 else if (!(s->options & SSL_OP_NO_SSLv2))
296 {
297 version = SSL2_VERSION;
298 }
299#ifndef OPENSSL_NO_TLSEXT
300 if (version != SSL2_VERSION)
301 {
302 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
303
304 if (s->tlsext_hostname != NULL)
305 ssl2_compat = 0;
306 if (s->tlsext_status_type != -1)
307 ssl2_compat = 0;
308#ifdef TLSEXT_TYPE_opaque_prf_input
309 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
310 ssl2_compat = 0;
311#endif
312 }
313#endif
314
315 buf=(unsigned char *)s->init_buf->data;
316 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
317 {
318#if 0
319 /* don't reuse session-id's */
320 if (!ssl_get_new_session(s,0))
321 {
322 return(-1);
323 }
324#endif
325
326 p=s->s3->client_random;
327 Time=(unsigned long)time(NULL); /* Time */
328 l2n(Time,p);
329 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
330 return -1;
331
332 if (version == TLS1_VERSION)
333 {
334 version_major = TLS1_VERSION_MAJOR;
335 version_minor = TLS1_VERSION_MINOR;
336 }
337 else if (version == SSL3_VERSION)
338 {
339 version_major = SSL3_VERSION_MAJOR;
340 version_minor = SSL3_VERSION_MINOR;
341 }
342 else if (version == SSL2_VERSION)
343 {
344 version_major = SSL2_VERSION_MAJOR;
345 version_minor = SSL2_VERSION_MINOR;
346 }
347 else
348 {
349 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
350 return(-1);
351 }
352
353 s->client_version = version;
354
355 if (ssl2_compat)
356 {
357 /* create SSL 2.0 compatible Client Hello */
358
359 /* two byte record header will be written last */
360 d = &(buf[2]);
361 p = d + 9; /* leave space for message type, version, individual length fields */
362
363 *(d++) = SSL2_MT_CLIENT_HELLO;
364 *(d++) = version_major;
365 *(d++) = version_minor;
366
367 /* Ciphers supported */
368 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
369 if (i == 0)
370 {
371 /* no ciphers */
372 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
373 return -1;
374 }
375 s2n(i,d);
376 p+=i;
377
378 /* put in the session-id length (zero since there is no reuse) */
379#if 0
380 s->session->session_id_length=0;
381#endif
382 s2n(0,d);
383
384 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
385 ch_len=SSL2_CHALLENGE_LENGTH;
386 else
387 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
388
389 /* write out sslv2 challenge */
390 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
391 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
392 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
393 check in for futurproofing */
394 if (SSL3_RANDOM_SIZE < ch_len)
395 i=SSL3_RANDOM_SIZE;
396 else
397 i=ch_len;
398 s2n(i,d);
399 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
400 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
401 return -1;
402
403 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
404 p+=i;
405
406 i= p- &(buf[2]);
407 buf[0]=((i>>8)&0xff)|0x80;
408 buf[1]=(i&0xff);
409
410 /* number of bytes to write */
411 s->init_num=i+2;
412 s->init_off=0;
413
414 ssl3_finish_mac(s,&(buf[2]),i);
415 }
416 else
417 {
418 /* create Client Hello in SSL 3.0/TLS 1.0 format */
419
420 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
421 d = p = &(buf[9]);
422
423 *(p++) = version_major;
424 *(p++) = version_minor;
425
426 /* Random stuff */
427 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
428 p += SSL3_RANDOM_SIZE;
429
430 /* Session ID (zero since there is no reuse) */
431 *(p++) = 0;
432
433 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
434 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
435 if (i == 0)
436 {
437 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
438 return -1;
439 }
440 s2n(i,p);
441 p+=i;
442
443 /* COMPRESSION */
444#ifdef OPENSSL_NO_COMP
445 *(p++)=1;
446#else
447 if ((s->options & SSL_OP_NO_COMPRESSION)
448 || !s->ctx->comp_methods)
449 j=0;
450 else
451 j=sk_SSL_COMP_num(s->ctx->comp_methods);
452 *(p++)=1+j;
453 for (i=0; i<j; i++)
454 {
455 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
456 *(p++)=comp->id;
457 }
458#endif
459 *(p++)=0; /* Add the NULL method */
460
461#ifndef OPENSSL_NO_TLSEXT
462 /* TLS extensions*/
463 if (ssl_prepare_clienthello_tlsext(s) <= 0)
464 {
465 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
466 return -1;
467 }
468 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
469 {
470 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
471 return -1;
472 }
473#endif
474
475 l = p-d;
476
477 /* fill in 4-byte handshake header */
478 d=&(buf[5]);
479 *(d++)=SSL3_MT_CLIENT_HELLO;
480 l2n3(l,d);
481
482 l += 4;
483
484 if (l > SSL3_RT_MAX_PLAIN_LENGTH)
485 {
486 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
487 return -1;
488 }
489
490 /* fill in 5-byte record header */
491 d=buf;
492 *(d++) = SSL3_RT_HANDSHAKE;
493 *(d++) = version_major;
494 *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
495 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
496 s2n((int)l,d);
497
498 /* number of bytes to write */
499 s->init_num=p-buf;
500 s->init_off=0;
501
502 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
503 }
504
505 s->state=SSL23_ST_CW_CLNT_HELLO_B;
506 s->init_off=0;
507 }
508
509 /* SSL3_ST_CW_CLNT_HELLO_B */
510 ret = ssl23_write_bytes(s);
511
512 if ((ret >= 2) && s->msg_callback)
513 {
514 /* Client Hello has been sent; tell msg_callback */
515
516 if (ssl2_compat)
517 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
518 else
519 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
520 }
521
522 return ret;
523 }
524
525static int ssl23_get_server_hello(SSL *s)
526 {
527 char buf[8];
528 unsigned char *p;
529 int i;
530 int n;
531
532 n=ssl23_read_bytes(s,7);
533
534 if (n != 7) return(n);
535 p=s->packet;
536
537 memcpy(buf,p,n);
538
539 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
540 (p[5] == 0x00) && (p[6] == 0x02))
541 {
542#ifdef OPENSSL_NO_SSL2
543 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
544 goto err;
545#else
546 /* we are talking sslv2 */
547 /* we need to clean up the SSLv3 setup and put in the
548 * sslv2 stuff. */
549 int ch_len;
550
551 if (s->options & SSL_OP_NO_SSLv2)
552 {
553 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
554 goto err;
555 }
556 if (s->s2 == NULL)
557 {
558 if (!ssl2_new(s))
559 goto err;
560 }
561 else
562 ssl2_clear(s);
563
564 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
565 ch_len=SSL2_CHALLENGE_LENGTH;
566 else
567 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
568
569 /* write out sslv2 challenge */
570 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
571 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
572 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
573 futurproofing */
574 i=(SSL3_RANDOM_SIZE < ch_len)
575 ?SSL3_RANDOM_SIZE:ch_len;
576 s->s2->challenge_length=i;
577 memcpy(s->s2->challenge,
578 &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
579
580 if (s->s3 != NULL) ssl3_free(s);
581
582 if (!BUF_MEM_grow_clean(s->init_buf,
583 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
584 {
585 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
586 goto err;
587 }
588
589 s->state=SSL2_ST_GET_SERVER_HELLO_A;
590 if (!(s->client_version == SSL2_VERSION))
591 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
592 s->s2->ssl2_rollback=1;
593
594 /* setup the 7 bytes we have read so we get them from
595 * the sslv2 buffer */
596 s->rstate=SSL_ST_READ_HEADER;
597 s->packet_length=n;
598 s->packet= &(s->s2->rbuf[0]);
599 memcpy(s->packet,buf,n);
600 s->s2->rbuf_left=n;
601 s->s2->rbuf_offs=0;
602
603 /* we have already written one */
604 s->s2->write_sequence=1;
605
606 s->method=SSLv2_client_method();
607 s->handshake_func=s->method->ssl_connect;
608#endif
609 }
610 else if (p[1] == SSL3_VERSION_MAJOR &&
611 (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&
612 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
613 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
614 {
615 /* we have sslv3 or tls1 (server hello or alert) */
616
617 if ((p[2] == SSL3_VERSION_MINOR) &&
618 !(s->options & SSL_OP_NO_SSLv3))
619 {
620 s->version=SSL3_VERSION;
621 s->method=SSLv3_client_method();
622 }
623 else if ((p[2] == TLS1_VERSION_MINOR) &&
624 !(s->options & SSL_OP_NO_TLSv1))
625 {
626 s->version=TLS1_VERSION;
627 s->method=TLSv1_client_method();
628 }
629 else
630 {
631 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
632 goto err;
633 }
634
635 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
636 {
637 /* fatal alert */
638
639 void (*cb)(const SSL *ssl,int type,int val)=NULL;
640 int j;
641
642 if (s->info_callback != NULL)
643 cb=s->info_callback;
644 else if (s->ctx->info_callback != NULL)
645 cb=s->ctx->info_callback;
646
647 i=p[5];
648 if (cb != NULL)
649 {
650 j=(i<<8)|p[6];
651 cb(s,SSL_CB_READ_ALERT,j);
652 }
653
654 if (s->msg_callback)
655 s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
656
657 s->rwstate=SSL_NOTHING;
658 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
659 goto err;
660 }
661
662 if (!ssl_init_wbio_buffer(s,1)) goto err;
663
664 /* we are in this state */
665 s->state=SSL3_ST_CR_SRVR_HELLO_A;
666
667 /* put the 7 bytes we have read into the input buffer
668 * for SSLv3 */
669 s->rstate=SSL_ST_READ_HEADER;
670 s->packet_length=n;
671 if (s->s3->rbuf.buf == NULL)
672 if (!ssl3_setup_read_buffer(s))
673 goto err;
674 s->packet= &(s->s3->rbuf.buf[0]);
675 memcpy(s->packet,buf,n);
676 s->s3->rbuf.left=n;
677 s->s3->rbuf.offset=0;
678
679 s->handshake_func=s->method->ssl_connect;
680 }
681 else
682 {
683 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
684 goto err;
685 }
686 s->init_num=0;
687
688 /* Since, if we are sending a ssl23 client hello, we are not
689 * reusing a session-id */
690 if (!ssl_get_new_session(s,0))
691 goto err;
692
693 return(SSL_connect(s));
694err:
695 return(-1);
696 }
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
deleted file mode 100644
index e3fce53430..0000000000
--- a/src/lib/libssl/s23_lib.c
+++ /dev/null
@@ -1,194 +0,0 @@
1/* ssl/s23_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63long ssl23_default_timeout(void)
64 {
65 return(300);
66 }
67
68int ssl23_num_ciphers(void)
69 {
70 return(ssl3_num_ciphers()
71#ifndef OPENSSL_NO_SSL2
72 + ssl2_num_ciphers()
73#endif
74 );
75 }
76
77const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
78 {
79 unsigned int uu=ssl3_num_ciphers();
80
81 if (u < uu)
82 return(ssl3_get_cipher(u));
83 else
84#ifndef OPENSSL_NO_SSL2
85 return(ssl2_get_cipher(u-uu));
86#else
87 return(NULL);
88#endif
89 }
90
91/* This function needs to check if the ciphers required are actually
92 * available */
93const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
94 {
95 SSL_CIPHER c;
96 const SSL_CIPHER *cp;
97 unsigned long id;
98 int n;
99
100 n=ssl3_num_ciphers();
101 id=0x03000000|((unsigned long)p[0]<<16L)|
102 ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
103 c.id=id;
104 cp=ssl3_get_cipher_by_char(p);
105#ifndef OPENSSL_NO_SSL2
106 if (cp == NULL)
107 cp=ssl2_get_cipher_by_char(p);
108#endif
109 return(cp);
110 }
111
112int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
113 {
114 long l;
115
116 /* We can write SSLv2 and SSLv3 ciphers */
117 if (p != NULL)
118 {
119 l=c->id;
120 p[0]=((unsigned char)(l>>16L))&0xFF;
121 p[1]=((unsigned char)(l>> 8L))&0xFF;
122 p[2]=((unsigned char)(l ))&0xFF;
123 }
124 return(3);
125 }
126
127int ssl23_read(SSL *s, void *buf, int len)
128 {
129 int n;
130
131 clear_sys_error();
132 if (SSL_in_init(s) && (!s->in_handshake))
133 {
134 n=s->handshake_func(s);
135 if (n < 0) return(n);
136 if (n == 0)
137 {
138 SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
139 return(-1);
140 }
141 return(SSL_read(s,buf,len));
142 }
143 else
144 {
145 ssl_undefined_function(s);
146 return(-1);
147 }
148 }
149
150int ssl23_peek(SSL *s, void *buf, int len)
151 {
152 int n;
153
154 clear_sys_error();
155 if (SSL_in_init(s) && (!s->in_handshake))
156 {
157 n=s->handshake_func(s);
158 if (n < 0) return(n);
159 if (n == 0)
160 {
161 SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
162 return(-1);
163 }
164 return(SSL_peek(s,buf,len));
165 }
166 else
167 {
168 ssl_undefined_function(s);
169 return(-1);
170 }
171 }
172
173int ssl23_write(SSL *s, const void *buf, int len)
174 {
175 int n;
176
177 clear_sys_error();
178 if (SSL_in_init(s) && (!s->in_handshake))
179 {
180 n=s->handshake_func(s);
181 if (n < 0) return(n);
182 if (n == 0)
183 {
184 SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
185 return(-1);
186 }
187 return(SSL_write(s,buf,len));
188 }
189 else
190 {
191 ssl_undefined_function(s);
192 return(-1);
193 }
194 }
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
deleted file mode 100644
index 4ca6a1b258..0000000000
--- a/src/lib/libssl/s23_pkt.c
+++ /dev/null
@@ -1,117 +0,0 @@
1/* ssl/s23_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <errno.h>
61#define USE_SOCKETS
62#include "ssl_locl.h"
63#include <openssl/evp.h>
64#include <openssl/buffer.h>
65
66int ssl23_write_bytes(SSL *s)
67 {
68 int i,num,tot;
69 char *buf;
70
71 buf=s->init_buf->data;
72 tot=s->init_off;
73 num=s->init_num;
74 for (;;)
75 {
76 s->rwstate=SSL_WRITING;
77 i=BIO_write(s->wbio,&(buf[tot]),num);
78 if (i <= 0)
79 {
80 s->init_off=tot;
81 s->init_num=num;
82 return(i);
83 }
84 s->rwstate=SSL_NOTHING;
85 if (i == num) return(tot+i);
86
87 num-=i;
88 tot+=i;
89 }
90 }
91
92/* return regularly only when we have read (at least) 'n' bytes */
93int ssl23_read_bytes(SSL *s, int n)
94 {
95 unsigned char *p;
96 int j;
97
98 if (s->packet_length < (unsigned int)n)
99 {
100 p=s->packet;
101
102 for (;;)
103 {
104 s->rwstate=SSL_READING;
105 j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
106 n-s->packet_length);
107 if (j <= 0)
108 return(j);
109 s->rwstate=SSL_NOTHING;
110 s->packet_length+=j;
111 if (s->packet_length >= (unsigned int)n)
112 return(s->packet_length);
113 }
114 }
115 return(n);
116 }
117
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
deleted file mode 100644
index 836dd1f1cf..0000000000
--- a/src/lib/libssl/s23_srvr.c
+++ /dev/null
@@ -1,594 +0,0 @@
1/* ssl/s23_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#include <openssl/buffer.h>
115#include <openssl/rand.h>
116#include <openssl/objects.h>
117#include <openssl/evp.h>
118
119static const SSL_METHOD *ssl23_get_server_method(int ver);
120int ssl23_get_client_hello(SSL *s);
121static const SSL_METHOD *ssl23_get_server_method(int ver)
122 {
123#ifndef OPENSSL_NO_SSL2
124 if (ver == SSL2_VERSION)
125 return(SSLv2_server_method());
126#endif
127 if (ver == SSL3_VERSION)
128 return(SSLv3_server_method());
129 else if (ver == TLS1_VERSION)
130 return(TLSv1_server_method());
131 else
132 return(NULL);
133 }
134
135IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
136 ssl23_accept,
137 ssl_undefined_function,
138 ssl23_get_server_method)
139
140int ssl23_accept(SSL *s)
141 {
142 BUF_MEM *buf;
143 unsigned long Time=(unsigned long)time(NULL);
144 void (*cb)(const SSL *ssl,int type,int val)=NULL;
145 int ret= -1;
146 int new_state,state;
147
148 RAND_add(&Time,sizeof(Time),0);
149 ERR_clear_error();
150 clear_sys_error();
151
152 if (s->info_callback != NULL)
153 cb=s->info_callback;
154 else if (s->ctx->info_callback != NULL)
155 cb=s->ctx->info_callback;
156
157 s->in_handshake++;
158 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
159
160 for (;;)
161 {
162 state=s->state;
163
164 switch(s->state)
165 {
166 case SSL_ST_BEFORE:
167 case SSL_ST_ACCEPT:
168 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
169 case SSL_ST_OK|SSL_ST_ACCEPT:
170
171 s->server=1;
172 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
173
174 /* s->version=SSL3_VERSION; */
175 s->type=SSL_ST_ACCEPT;
176
177 if (s->init_buf == NULL)
178 {
179 if ((buf=BUF_MEM_new()) == NULL)
180 {
181 ret= -1;
182 goto end;
183 }
184 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
185 {
186 ret= -1;
187 goto end;
188 }
189 s->init_buf=buf;
190 }
191
192 ssl3_init_finished_mac(s);
193
194 s->state=SSL23_ST_SR_CLNT_HELLO_A;
195 s->ctx->stats.sess_accept++;
196 s->init_num=0;
197 break;
198
199 case SSL23_ST_SR_CLNT_HELLO_A:
200 case SSL23_ST_SR_CLNT_HELLO_B:
201
202 s->shutdown=0;
203 ret=ssl23_get_client_hello(s);
204 if (ret >= 0) cb=NULL;
205 goto end;
206 /* break; */
207
208 default:
209 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
210 ret= -1;
211 goto end;
212 /* break; */
213 }
214
215 if ((cb != NULL) && (s->state != state))
216 {
217 new_state=s->state;
218 s->state=state;
219 cb(s,SSL_CB_ACCEPT_LOOP,1);
220 s->state=new_state;
221 }
222 }
223end:
224 s->in_handshake--;
225 if (cb != NULL)
226 cb(s,SSL_CB_ACCEPT_EXIT,ret);
227 return(ret);
228 }
229
230
231int ssl23_get_client_hello(SSL *s)
232 {
233 char buf_space[11]; /* Request this many bytes in initial read.
234 * We can detect SSL 3.0/TLS 1.0 Client Hellos
235 * ('type == 3') correctly only when the following
236 * is in a single record, which is not guaranteed by
237 * the protocol specification:
238 * Byte Content
239 * 0 type \
240 * 1/2 version > record header
241 * 3/4 length /
242 * 5 msg_type \
243 * 6-8 length > Client Hello message
244 * 9/10 client_version /
245 */
246 char *buf= &(buf_space[0]);
247 unsigned char *p,*d,*d_len,*dd;
248 unsigned int i;
249 unsigned int csl,sil,cl;
250 int n=0,j;
251 int type=0;
252 int v[2];
253
254 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
255 {
256 /* read the initial header */
257 v[0]=v[1]=0;
258
259 if (!ssl3_setup_buffers(s)) goto err;
260
261 n=ssl23_read_bytes(s, sizeof buf_space);
262 if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
263
264 p=s->packet;
265
266 memcpy(buf,p,n);
267
268 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
269 {
270 /*
271 * SSLv2 header
272 */
273 if ((p[3] == 0x00) && (p[4] == 0x02))
274 {
275 v[0]=p[3]; v[1]=p[4];
276 /* SSLv2 */
277 if (!(s->options & SSL_OP_NO_SSLv2))
278 type=1;
279 }
280 else if (p[3] == SSL3_VERSION_MAJOR)
281 {
282 v[0]=p[3]; v[1]=p[4];
283 /* SSLv3/TLSv1 */
284 if (p[4] >= TLS1_VERSION_MINOR)
285 {
286 if (!(s->options & SSL_OP_NO_TLSv1))
287 {
288 s->version=TLS1_VERSION;
289 /* type=2; */ /* done later to survive restarts */
290 s->state=SSL23_ST_SR_CLNT_HELLO_B;
291 }
292 else if (!(s->options & SSL_OP_NO_SSLv3))
293 {
294 s->version=SSL3_VERSION;
295 /* type=2; */
296 s->state=SSL23_ST_SR_CLNT_HELLO_B;
297 }
298 else if (!(s->options & SSL_OP_NO_SSLv2))
299 {
300 type=1;
301 }
302 }
303 else if (!(s->options & SSL_OP_NO_SSLv3))
304 {
305 s->version=SSL3_VERSION;
306 /* type=2; */
307 s->state=SSL23_ST_SR_CLNT_HELLO_B;
308 }
309 else if (!(s->options & SSL_OP_NO_SSLv2))
310 type=1;
311
312 }
313 }
314 else if ((p[0] == SSL3_RT_HANDSHAKE) &&
315 (p[1] == SSL3_VERSION_MAJOR) &&
316 (p[5] == SSL3_MT_CLIENT_HELLO) &&
317 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
318 || (p[9] >= p[1])))
319 {
320 /*
321 * SSLv3 or tls1 header
322 */
323
324 v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
325 /* We must look at client_version inside the Client Hello message
326 * to get the correct minor version.
327 * However if we have only a pathologically small fragment of the
328 * Client Hello message, this would be difficult, and we'd have
329 * to read more records to find out.
330 * No known SSL 3.0 client fragments ClientHello like this,
331 * so we simply assume TLS 1.0 to avoid protocol version downgrade
332 * attacks. */
333 if (p[3] == 0 && p[4] < 6)
334 {
335#if 0
336 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
337 goto err;
338#else
339 v[1] = TLS1_VERSION_MINOR;
340#endif
341 }
342 /* if major version number > 3 set minor to a value
343 * which will use the highest version 3 we support.
344 * If TLS 2.0 ever appears we will need to revise
345 * this....
346 */
347 else if (p[9] > SSL3_VERSION_MAJOR)
348 v[1]=0xff;
349 else
350 v[1]=p[10]; /* minor version according to client_version */
351 if (v[1] >= TLS1_VERSION_MINOR)
352 {
353 if (!(s->options & SSL_OP_NO_TLSv1))
354 {
355 s->version=TLS1_VERSION;
356 type=3;
357 }
358 else if (!(s->options & SSL_OP_NO_SSLv3))
359 {
360 s->version=SSL3_VERSION;
361 type=3;
362 }
363 }
364 else
365 {
366 /* client requests SSL 3.0 */
367 if (!(s->options & SSL_OP_NO_SSLv3))
368 {
369 s->version=SSL3_VERSION;
370 type=3;
371 }
372 else if (!(s->options & SSL_OP_NO_TLSv1))
373 {
374 /* we won't be able to use TLS of course,
375 * but this will send an appropriate alert */
376 s->version=TLS1_VERSION;
377 type=3;
378 }
379 }
380 }
381 else if ((strncmp("GET ", (char *)p,4) == 0) ||
382 (strncmp("POST ",(char *)p,5) == 0) ||
383 (strncmp("HEAD ",(char *)p,5) == 0) ||
384 (strncmp("PUT ", (char *)p,4) == 0))
385 {
386 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
387 goto err;
388 }
389 else if (strncmp("CONNECT",(char *)p,7) == 0)
390 {
391 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
392 goto err;
393 }
394 }
395
396 if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
397 {
398 /* we have SSLv3/TLSv1 in an SSLv2 header
399 * (other cases skip this state) */
400
401 type=2;
402 p=s->packet;
403 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
404 v[1] = p[4];
405
406 n=((p[0]&0x7f)<<8)|p[1];
407 if (n > (1024*4))
408 {
409 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
410 goto err;
411 }
412
413 j=ssl23_read_bytes(s,n+2);
414 if (j <= 0) return(j);
415
416 ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
417 if (s->msg_callback)
418 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
419
420 p=s->packet;
421 p+=5;
422 n2s(p,csl);
423 n2s(p,sil);
424 n2s(p,cl);
425 d=(unsigned char *)s->init_buf->data;
426 if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
427 * Client Hello, can we? Error condition should be
428 * '>' otherweise */
429 {
430 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
431 goto err;
432 }
433
434 /* record header: msg_type ... */
435 *(d++) = SSL3_MT_CLIENT_HELLO;
436 /* ... and length (actual value will be written later) */
437 d_len = d;
438 d += 3;
439
440 /* client_version */
441 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
442 *(d++) = v[1];
443
444 /* lets populate the random area */
445 /* get the challenge_length */
446 i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
447 memset(d,0,SSL3_RANDOM_SIZE);
448 memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
449 d+=SSL3_RANDOM_SIZE;
450
451 /* no session-id reuse */
452 *(d++)=0;
453
454 /* ciphers */
455 j=0;
456 dd=d;
457 d+=2;
458 for (i=0; i<csl; i+=3)
459 {
460 if (p[i] != 0) continue;
461 *(d++)=p[i+1];
462 *(d++)=p[i+2];
463 j+=2;
464 }
465 s2n(j,dd);
466
467 /* COMPRESSION */
468 *(d++)=1;
469 *(d++)=0;
470
471#if 0
472 /* copy any remaining data with may be extensions */
473 p = p+csl+sil+cl;
474 while (p < s->packet+s->packet_length)
475 {
476 *(d++)=*(p++);
477 }
478#endif
479
480 i = (d-(unsigned char *)s->init_buf->data) - 4;
481 l2n3((long)i, d_len);
482
483 /* get the data reused from the init_buf */
484 s->s3->tmp.reuse_message=1;
485 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
486 s->s3->tmp.message_size=i;
487 }
488
489 /* imaginary new state (for program structure): */
490 /* s->state = SSL23_SR_CLNT_HELLO_C */
491
492 if (type == 1)
493 {
494#ifdef OPENSSL_NO_SSL2
495 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
496 goto err;
497#else
498 /* we are talking sslv2 */
499 /* we need to clean up the SSLv3/TLSv1 setup and put in the
500 * sslv2 stuff. */
501
502 if (s->s2 == NULL)
503 {
504 if (!ssl2_new(s))
505 goto err;
506 }
507 else
508 ssl2_clear(s);
509
510 if (s->s3 != NULL) ssl3_free(s);
511
512 if (!BUF_MEM_grow_clean(s->init_buf,
513 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
514 {
515 goto err;
516 }
517
518 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
519 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
520 s->s2->ssl2_rollback=0;
521 else
522 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
523 * (SSL 3.0 draft/RFC 2246, App. E.2) */
524 s->s2->ssl2_rollback=1;
525
526 /* setup the n bytes we have read so we get them from
527 * the sslv2 buffer */
528 s->rstate=SSL_ST_READ_HEADER;
529 s->packet_length=n;
530 s->packet= &(s->s2->rbuf[0]);
531 memcpy(s->packet,buf,n);
532 s->s2->rbuf_left=n;
533 s->s2->rbuf_offs=0;
534
535 s->method=SSLv2_server_method();
536 s->handshake_func=s->method->ssl_accept;
537#endif
538 }
539
540 if ((type == 2) || (type == 3))
541 {
542 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
543
544 if (!ssl_init_wbio_buffer(s,1)) goto err;
545
546 /* we are in this state */
547 s->state=SSL3_ST_SR_CLNT_HELLO_A;
548
549 if (type == 3)
550 {
551 /* put the 'n' bytes we have read into the input buffer
552 * for SSLv3 */
553 s->rstate=SSL_ST_READ_HEADER;
554 s->packet_length=n;
555 if (s->s3->rbuf.buf == NULL)
556 if (!ssl3_setup_read_buffer(s))
557 goto err;
558
559 s->packet= &(s->s3->rbuf.buf[0]);
560 memcpy(s->packet,buf,n);
561 s->s3->rbuf.left=n;
562 s->s3->rbuf.offset=0;
563 }
564 else
565 {
566 s->packet_length=0;
567 s->s3->rbuf.left=0;
568 s->s3->rbuf.offset=0;
569 }
570
571 if (s->version == TLS1_VERSION)
572 s->method = TLSv1_server_method();
573 else
574 s->method = SSLv3_server_method();
575#if 0 /* ssl3_get_client_hello does this */
576 s->client_version=(v[0]<<8)|v[1];
577#endif
578 s->handshake_func=s->method->ssl_accept;
579 }
580
581 if ((type < 1) || (type > 3))
582 {
583 /* bad, very bad */
584 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
585 goto err;
586 }
587 s->init_num=0;
588
589 if (buf != buf_space) OPENSSL_free(buf);
590 return(SSL_accept(s));
591err:
592 if (buf != buf_space) OPENSSL_free(buf);
593 return(-1);
594 }
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
deleted file mode 100644
index a6d869df59..0000000000
--- a/src/lib/libssl/s3_both.c
+++ /dev/null
@@ -1,813 +0,0 @@
1/* ssl/s3_both.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <limits.h>
118#include <string.h>
119#include <stdio.h>
120#include "ssl_locl.h"
121#include <openssl/buffer.h>
122#include <openssl/rand.h>
123#include <openssl/objects.h>
124#include <openssl/evp.h>
125#include <openssl/x509.h>
126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type)
129 {
130 int ret;
131
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
133 s->init_num);
134 if (ret < 0) return(-1);
135 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
139
140 if (ret == s->init_num)
141 {
142 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 }
150
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
152 {
153 unsigned char *p,*d;
154 int i;
155 unsigned long l;
156
157 if (s->state == a)
158 {
159 d=(unsigned char *)s->init_buf->data;
160 p= &(d[4]);
161
162 i=s->method->ssl3_enc->final_finish_mac(s,
163 sender,slen,s->s3->tmp.finish_md);
164 s->s3->tmp.finish_md_len = i;
165 memcpy(p, s->s3->tmp.finish_md, i);
166 p+=i;
167 l=i;
168
169 /* Copy the finished so we can use it for
170 renegotiation checks */
171 if(s->type == SSL_ST_CONNECT)
172 {
173 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
174 memcpy(s->s3->previous_client_finished,
175 s->s3->tmp.finish_md, i);
176 s->s3->previous_client_finished_len=i;
177 }
178 else
179 {
180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181 memcpy(s->s3->previous_server_finished,
182 s->s3->tmp.finish_md, i);
183 s->s3->previous_server_finished_len=i;
184 }
185
186#ifdef OPENSSL_SYS_WIN16
187 /* MSVC 1.5 does not clear the top bytes of the word unless
188 * I do this.
189 */
190 l&=0xffff;
191#endif
192
193 *(d++)=SSL3_MT_FINISHED;
194 l2n3(l,d);
195 s->init_num=(int)l+4;
196 s->init_off=0;
197
198 s->state=b;
199 }
200
201 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
202 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
203 }
204
205int ssl3_get_finished(SSL *s, int a, int b)
206 {
207 int al,i,ok;
208 long n;
209 unsigned char *p;
210
211 /* the mac has already been generated when we received the
212 * change cipher spec message and is in s->s3->tmp.peer_finish_md
213 */
214
215 n=s->method->ssl_get_message(s,
216 a,
217 b,
218 SSL3_MT_FINISHED,
219 64, /* should actually be 36+4 :-) */
220 &ok);
221
222 if (!ok) return((int)n);
223
224 /* If this occurs, we have missed a message */
225 if (!s->s3->change_cipher_spec)
226 {
227 al=SSL_AD_UNEXPECTED_MESSAGE;
228 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
229 goto f_err;
230 }
231 s->s3->change_cipher_spec=0;
232
233 p = (unsigned char *)s->init_msg;
234 i = s->s3->tmp.peer_finish_md_len;
235
236 if (i != n)
237 {
238 al=SSL_AD_DECODE_ERROR;
239 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
240 goto f_err;
241 }
242
243 if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
244 {
245 al=SSL_AD_DECRYPT_ERROR;
246 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
247 goto f_err;
248 }
249
250 /* Copy the finished so we can use it for
251 renegotiation checks */
252 if(s->type == SSL_ST_ACCEPT)
253 {
254 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
255 memcpy(s->s3->previous_client_finished,
256 s->s3->tmp.peer_finish_md, i);
257 s->s3->previous_client_finished_len=i;
258 }
259 else
260 {
261 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
262 memcpy(s->s3->previous_server_finished,
263 s->s3->tmp.peer_finish_md, i);
264 s->s3->previous_server_finished_len=i;
265 }
266
267 return(1);
268f_err:
269 ssl3_send_alert(s,SSL3_AL_FATAL,al);
270 return(0);
271 }
272
273/* for these 2 messages, we need to
274 * ssl->enc_read_ctx re-init
275 * ssl->s3->read_sequence zero
276 * ssl->s3->read_mac_secret re-init
277 * ssl->session->read_sym_enc assign
278 * ssl->session->read_compression assign
279 * ssl->session->read_hash assign
280 */
281int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
282 {
283 unsigned char *p;
284
285 if (s->state == a)
286 {
287 p=(unsigned char *)s->init_buf->data;
288 *p=SSL3_MT_CCS;
289 s->init_num=1;
290 s->init_off=0;
291
292 s->state=b;
293 }
294
295 /* SSL3_ST_CW_CHANGE_B */
296 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
297 }
298
299static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
300 {
301 int n;
302 unsigned char *p;
303
304 n=i2d_X509(x,NULL);
305 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
306 {
307 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
308 return(-1);
309 }
310 p=(unsigned char *)&(buf->data[*l]);
311 l2n3(n,p);
312 i2d_X509(x,&p);
313 *l+=n+3;
314
315 return(0);
316 }
317
318unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
319 {
320 unsigned char *p;
321 int i;
322 unsigned long l=7;
323 BUF_MEM *buf;
324 int no_chain;
325
326 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
327 no_chain = 1;
328 else
329 no_chain = 0;
330
331 /* TLSv1 sends a chain with nothing in it, instead of an alert */
332 buf=s->init_buf;
333 if (!BUF_MEM_grow_clean(buf,10))
334 {
335 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
336 return(0);
337 }
338 if (x != NULL)
339 {
340 if (no_chain)
341 {
342 if (ssl3_add_cert_to_buf(buf, &l, x))
343 return(0);
344 }
345 else
346 {
347 X509_STORE_CTX xs_ctx;
348
349 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
350 {
351 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
352 return(0);
353 }
354 X509_verify_cert(&xs_ctx);
355 /* Don't leave errors in the queue */
356 ERR_clear_error();
357 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
358 {
359 x = sk_X509_value(xs_ctx.chain, i);
360
361 if (ssl3_add_cert_to_buf(buf, &l, x))
362 {
363 X509_STORE_CTX_cleanup(&xs_ctx);
364 return 0;
365 }
366 }
367 X509_STORE_CTX_cleanup(&xs_ctx);
368 }
369 }
370 /* Thawte special :-) */
371 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
372 {
373 x=sk_X509_value(s->ctx->extra_certs,i);
374 if (ssl3_add_cert_to_buf(buf, &l, x))
375 return(0);
376 }
377
378 l-=7;
379 p=(unsigned char *)&(buf->data[4]);
380 l2n3(l,p);
381 l+=3;
382 p=(unsigned char *)&(buf->data[0]);
383 *(p++)=SSL3_MT_CERTIFICATE;
384 l2n3(l,p);
385 l+=4;
386 return(l);
387 }
388
389/* Obtain handshake message of message type 'mt' (any if mt == -1),
390 * maximum acceptable body length 'max'.
391 * The first four bytes (msg_type and length) are read in state 'st1',
392 * the body is read in state 'stn'.
393 */
394long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
395 {
396 unsigned char *p;
397 unsigned long l;
398 long n;
399 int i,al;
400
401 if (s->s3->tmp.reuse_message)
402 {
403 s->s3->tmp.reuse_message=0;
404 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
405 {
406 al=SSL_AD_UNEXPECTED_MESSAGE;
407 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
408 goto f_err;
409 }
410 *ok=1;
411 s->init_msg = s->init_buf->data + 4;
412 s->init_num = (int)s->s3->tmp.message_size;
413 return s->init_num;
414 }
415
416 p=(unsigned char *)s->init_buf->data;
417
418 if (s->state == st1) /* s->init_num < 4 */
419 {
420 int skip_message;
421
422 do
423 {
424 while (s->init_num < 4)
425 {
426 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
427 &p[s->init_num],4 - s->init_num, 0);
428 if (i <= 0)
429 {
430 s->rwstate=SSL_READING;
431 *ok = 0;
432 return i;
433 }
434 s->init_num+=i;
435 }
436
437 skip_message = 0;
438 if (!s->server)
439 if (p[0] == SSL3_MT_HELLO_REQUEST)
440 /* The server may always send 'Hello Request' messages --
441 * we are doing a handshake anyway now, so ignore them
442 * if their format is correct. Does not count for
443 * 'Finished' MAC. */
444 if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
445 {
446 s->init_num = 0;
447 skip_message = 1;
448
449 if (s->msg_callback)
450 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
451 }
452 }
453 while (skip_message);
454
455 /* s->init_num == 4 */
456
457 if ((mt >= 0) && (*p != mt))
458 {
459 al=SSL_AD_UNEXPECTED_MESSAGE;
460 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
461 goto f_err;
462 }
463 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
464 (st1 == SSL3_ST_SR_CERT_A) &&
465 (stn == SSL3_ST_SR_CERT_B))
466 {
467 /* At this point we have got an MS SGC second client
468 * hello (maybe we should always allow the client to
469 * start a new handshake?). We need to restart the mac.
470 * Don't increment {num,total}_renegotiations because
471 * we have not completed the handshake. */
472 ssl3_init_finished_mac(s);
473 }
474
475 s->s3->tmp.message_type= *(p++);
476
477 n2l3(p,l);
478 if (l > (unsigned long)max)
479 {
480 al=SSL_AD_ILLEGAL_PARAMETER;
481 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
482 goto f_err;
483 }
484 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
485 {
486 al=SSL_AD_ILLEGAL_PARAMETER;
487 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
488 goto f_err;
489 }
490 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
491 {
492 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
493 goto err;
494 }
495 s->s3->tmp.message_size=l;
496 s->state=stn;
497
498 s->init_msg = s->init_buf->data + 4;
499 s->init_num = 0;
500 }
501
502 /* next state (stn) */
503 p = s->init_msg;
504 n = s->s3->tmp.message_size - s->init_num;
505 while (n > 0)
506 {
507 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
508 if (i <= 0)
509 {
510 s->rwstate=SSL_READING;
511 *ok = 0;
512 return i;
513 }
514 s->init_num += i;
515 n -= i;
516 }
517 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
518 if (s->msg_callback)
519 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
520 *ok=1;
521 return s->init_num;
522f_err:
523 ssl3_send_alert(s,SSL3_AL_FATAL,al);
524err:
525 *ok=0;
526 return(-1);
527 }
528
529int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
530 {
531 EVP_PKEY *pk;
532 int ret= -1,i;
533
534 if (pkey == NULL)
535 pk=X509_get_pubkey(x);
536 else
537 pk=pkey;
538 if (pk == NULL) goto err;
539
540 i=pk->type;
541 if (i == EVP_PKEY_RSA)
542 {
543 ret=SSL_PKEY_RSA_ENC;
544 }
545 else if (i == EVP_PKEY_DSA)
546 {
547 ret=SSL_PKEY_DSA_SIGN;
548 }
549#ifndef OPENSSL_NO_EC
550 else if (i == EVP_PKEY_EC)
551 {
552 ret = SSL_PKEY_ECC;
553 }
554#endif
555 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc)
556 {
557 ret = SSL_PKEY_GOST94;
558 }
559 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
560 {
561 ret = SSL_PKEY_GOST01;
562 }
563err:
564 if(!pkey) EVP_PKEY_free(pk);
565 return(ret);
566 }
567
568int ssl_verify_alarm_type(long type)
569 {
570 int al;
571
572 switch(type)
573 {
574 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
575 case X509_V_ERR_UNABLE_TO_GET_CRL:
576 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
577 al=SSL_AD_UNKNOWN_CA;
578 break;
579 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
580 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
581 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
582 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
583 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
584 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
585 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
586 case X509_V_ERR_CERT_NOT_YET_VALID:
587 case X509_V_ERR_CRL_NOT_YET_VALID:
588 case X509_V_ERR_CERT_UNTRUSTED:
589 case X509_V_ERR_CERT_REJECTED:
590 al=SSL_AD_BAD_CERTIFICATE;
591 break;
592 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
593 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
594 al=SSL_AD_DECRYPT_ERROR;
595 break;
596 case X509_V_ERR_CERT_HAS_EXPIRED:
597 case X509_V_ERR_CRL_HAS_EXPIRED:
598 al=SSL_AD_CERTIFICATE_EXPIRED;
599 break;
600 case X509_V_ERR_CERT_REVOKED:
601 al=SSL_AD_CERTIFICATE_REVOKED;
602 break;
603 case X509_V_ERR_OUT_OF_MEM:
604 al=SSL_AD_INTERNAL_ERROR;
605 break;
606 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
607 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
608 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
609 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
610 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
611 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
612 case X509_V_ERR_INVALID_CA:
613 al=SSL_AD_UNKNOWN_CA;
614 break;
615 case X509_V_ERR_APPLICATION_VERIFICATION:
616 al=SSL_AD_HANDSHAKE_FAILURE;
617 break;
618 case X509_V_ERR_INVALID_PURPOSE:
619 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
620 break;
621 default:
622 al=SSL_AD_CERTIFICATE_UNKNOWN;
623 break;
624 }
625 return(al);
626 }
627
628#ifndef OPENSSL_NO_BUF_FREELISTS
629/* On some platforms, malloc() performance is bad enough that you can't just
630 * free() and malloc() buffers all the time, so we need to use freelists from
631 * unused buffers. Currently, each freelist holds memory chunks of only a
632 * given size (list->chunklen); other sized chunks are freed and malloced.
633 * This doesn't help much if you're using many different SSL option settings
634 * with a given context. (The options affecting buffer size are
635 * max_send_fragment, read buffer vs write buffer,
636 * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
637 * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
638 * possible size is not an option, since max_send_fragment can take on many
639 * different values.
640 *
641 * If you are on a platform with a slow malloc(), and you're using SSL
642 * connections with many different settings for these options, and you need to
643 * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
644 * - Link against a faster malloc implementation.
645 * - Use a separate SSL_CTX for each option set.
646 * - Improve this code.
647 */
648static void *
649freelist_extract(SSL_CTX *ctx, int for_read, int sz)
650 {
651 SSL3_BUF_FREELIST *list;
652 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
653 void *result = NULL;
654
655 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
656 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
657 if (list != NULL && sz == (int)list->chunklen)
658 ent = list->head;
659 if (ent != NULL)
660 {
661 list->head = ent->next;
662 result = ent;
663 if (--list->len == 0)
664 list->chunklen = 0;
665 }
666 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
667 if (!result)
668 result = OPENSSL_malloc(sz);
669 return result;
670}
671
672static void
673freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
674 {
675 SSL3_BUF_FREELIST *list;
676 SSL3_BUF_FREELIST_ENTRY *ent;
677
678 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
679 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
680 if (list != NULL &&
681 (sz == list->chunklen || list->chunklen == 0) &&
682 list->len < ctx->freelist_max_len &&
683 sz >= sizeof(*ent))
684 {
685 list->chunklen = sz;
686 ent = mem;
687 ent->next = list->head;
688 list->head = ent;
689 ++list->len;
690 mem = NULL;
691 }
692
693 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
694 if (mem)
695 OPENSSL_free(mem);
696 }
697#else
698#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
699#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
700#endif
701
702int ssl3_setup_read_buffer(SSL *s)
703 {
704 unsigned char *p;
705 size_t len,align=0,headerlen;
706
707 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
708 headerlen = DTLS1_RT_HEADER_LENGTH;
709 else
710 headerlen = SSL3_RT_HEADER_LENGTH;
711
712#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
713 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
714#endif
715
716 if (s->s3->rbuf.buf == NULL)
717 {
718 len = SSL3_RT_MAX_PLAIN_LENGTH
719 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
720 + headerlen + align;
721 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
722 {
723 s->s3->init_extra = 1;
724 len += SSL3_RT_MAX_EXTRA;
725 }
726#ifndef OPENSSL_NO_COMP
727 if (!(s->options & SSL_OP_NO_COMPRESSION))
728 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
729#endif
730 if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
731 goto err;
732 s->s3->rbuf.buf = p;
733 s->s3->rbuf.len = len;
734 }
735
736 s->packet= &(s->s3->rbuf.buf[0]);
737 return 1;
738
739err:
740 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
741 return 0;
742 }
743
744int ssl3_setup_write_buffer(SSL *s)
745 {
746 unsigned char *p;
747 size_t len,align=0,headerlen;
748
749 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
750 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
751 else
752 headerlen = SSL3_RT_HEADER_LENGTH;
753
754#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
755 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
756#endif
757
758 if (s->s3->wbuf.buf == NULL)
759 {
760 len = s->max_send_fragment
761 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
762 + headerlen + align;
763#ifndef OPENSSL_NO_COMP
764 if (!(s->options & SSL_OP_NO_COMPRESSION))
765 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
766#endif
767 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
768 len += headerlen + align
769 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
770
771 if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
772 goto err;
773 s->s3->wbuf.buf = p;
774 s->s3->wbuf.len = len;
775 }
776
777 return 1;
778
779err:
780 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
781 return 0;
782 }
783
784
785int ssl3_setup_buffers(SSL *s)
786 {
787 if (!ssl3_setup_read_buffer(s))
788 return 0;
789 if (!ssl3_setup_write_buffer(s))
790 return 0;
791 return 1;
792 }
793
794int ssl3_release_write_buffer(SSL *s)
795 {
796 if (s->s3->wbuf.buf != NULL)
797 {
798 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
799 s->s3->wbuf.buf = NULL;
800 }
801 return 1;
802 }
803
804int ssl3_release_read_buffer(SSL *s)
805 {
806 if (s->s3->rbuf.buf != NULL)
807 {
808 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
809 s->s3->rbuf.buf = NULL;
810 }
811 return 1;
812 }
813
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
deleted file mode 100644
index 8cc291b922..0000000000
--- a/src/lib/libssl/s3_clnt.c
+++ /dev/null
@@ -1,3047 +0,0 @@
1/* ssl/s3_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152#include "ssl_locl.h"
153#include "kssl_lcl.h"
154#include <openssl/buffer.h>
155#include <openssl/rand.h>
156#include <openssl/objects.h>
157#include <openssl/evp.h>
158#include <openssl/md5.h>
159#ifndef OPENSSL_NO_DH
160#include <openssl/dh.h>
161#endif
162#include <openssl/bn.h>
163#ifndef OPENSSL_NO_ENGINE
164#include <openssl/engine.h>
165#endif
166
167static const SSL_METHOD *ssl3_get_client_method(int ver);
168static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
169
170static const SSL_METHOD *ssl3_get_client_method(int ver)
171 {
172 if (ver == SSL3_VERSION)
173 return(SSLv3_client_method());
174 else
175 return(NULL);
176 }
177
178IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
179 ssl_undefined_function,
180 ssl3_connect,
181 ssl3_get_client_method)
182
183int ssl3_connect(SSL *s)
184 {
185 BUF_MEM *buf=NULL;
186 unsigned long Time=(unsigned long)time(NULL);
187 void (*cb)(const SSL *ssl,int type,int val)=NULL;
188 int ret= -1;
189 int new_state,state,skip=0;
190
191 RAND_add(&Time,sizeof(Time),0);
192 ERR_clear_error();
193 clear_sys_error();
194
195 if (s->info_callback != NULL)
196 cb=s->info_callback;
197 else if (s->ctx->info_callback != NULL)
198 cb=s->ctx->info_callback;
199
200 s->in_handshake++;
201 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
202
203 for (;;)
204 {
205 state=s->state;
206
207 switch(s->state)
208 {
209 case SSL_ST_RENEGOTIATE:
210 s->new_session=1;
211 s->state=SSL_ST_CONNECT;
212 s->ctx->stats.sess_connect_renegotiate++;
213 /* break */
214 case SSL_ST_BEFORE:
215 case SSL_ST_CONNECT:
216 case SSL_ST_BEFORE|SSL_ST_CONNECT:
217 case SSL_ST_OK|SSL_ST_CONNECT:
218
219 s->server=0;
220 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
221
222 if ((s->version & 0xff00 ) != 0x0300)
223 {
224 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
225 ret = -1;
226 goto end;
227 }
228
229 /* s->version=SSL3_VERSION; */
230 s->type=SSL_ST_CONNECT;
231
232 if (s->init_buf == NULL)
233 {
234 if ((buf=BUF_MEM_new()) == NULL)
235 {
236 ret= -1;
237 goto end;
238 }
239 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
240 {
241 ret= -1;
242 goto end;
243 }
244 s->init_buf=buf;
245 buf=NULL;
246 }
247
248 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
249
250 /* setup buffing BIO */
251 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
252
253 /* don't push the buffering BIO quite yet */
254
255 ssl3_init_finished_mac(s);
256
257 s->state=SSL3_ST_CW_CLNT_HELLO_A;
258 s->ctx->stats.sess_connect++;
259 s->init_num=0;
260 break;
261
262 case SSL3_ST_CW_CLNT_HELLO_A:
263 case SSL3_ST_CW_CLNT_HELLO_B:
264
265 s->shutdown=0;
266 ret=ssl3_client_hello(s);
267 if (ret <= 0) goto end;
268 s->state=SSL3_ST_CR_SRVR_HELLO_A;
269 s->init_num=0;
270
271 /* turn on buffering for the next lot of output */
272 if (s->bbio != s->wbio)
273 s->wbio=BIO_push(s->bbio,s->wbio);
274
275 break;
276
277 case SSL3_ST_CR_SRVR_HELLO_A:
278 case SSL3_ST_CR_SRVR_HELLO_B:
279 ret=ssl3_get_server_hello(s);
280 if (ret <= 0) goto end;
281
282 if (s->hit)
283 s->state=SSL3_ST_CR_FINISHED_A;
284 else
285 s->state=SSL3_ST_CR_CERT_A;
286 s->init_num=0;
287 break;
288
289 case SSL3_ST_CR_CERT_A:
290 case SSL3_ST_CR_CERT_B:
291#ifndef OPENSSL_NO_TLSEXT
292 ret=ssl3_check_finished(s);
293 if (ret <= 0) goto end;
294 if (ret == 2)
295 {
296 s->hit = 1;
297 if (s->tlsext_ticket_expected)
298 s->state=SSL3_ST_CR_SESSION_TICKET_A;
299 else
300 s->state=SSL3_ST_CR_FINISHED_A;
301 s->init_num=0;
302 break;
303 }
304#endif
305 /* Check if it is anon DH/ECDH */
306 /* or PSK */
307 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
308 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
309 {
310 ret=ssl3_get_server_certificate(s);
311 if (ret <= 0) goto end;
312#ifndef OPENSSL_NO_TLSEXT
313 if (s->tlsext_status_expected)
314 s->state=SSL3_ST_CR_CERT_STATUS_A;
315 else
316 s->state=SSL3_ST_CR_KEY_EXCH_A;
317 }
318 else
319 {
320 skip = 1;
321 s->state=SSL3_ST_CR_KEY_EXCH_A;
322 }
323#else
324 }
325 else
326 skip=1;
327
328 s->state=SSL3_ST_CR_KEY_EXCH_A;
329#endif
330 s->init_num=0;
331 break;
332
333 case SSL3_ST_CR_KEY_EXCH_A:
334 case SSL3_ST_CR_KEY_EXCH_B:
335 ret=ssl3_get_key_exchange(s);
336 if (ret <= 0) goto end;
337 s->state=SSL3_ST_CR_CERT_REQ_A;
338 s->init_num=0;
339
340 /* at this point we check that we have the
341 * required stuff from the server */
342 if (!ssl3_check_cert_and_algorithm(s))
343 {
344 ret= -1;
345 goto end;
346 }
347 break;
348
349 case SSL3_ST_CR_CERT_REQ_A:
350 case SSL3_ST_CR_CERT_REQ_B:
351 ret=ssl3_get_certificate_request(s);
352 if (ret <= 0) goto end;
353 s->state=SSL3_ST_CR_SRVR_DONE_A;
354 s->init_num=0;
355 break;
356
357 case SSL3_ST_CR_SRVR_DONE_A:
358 case SSL3_ST_CR_SRVR_DONE_B:
359 ret=ssl3_get_server_done(s);
360 if (ret <= 0) goto end;
361 if (s->s3->tmp.cert_req)
362 s->state=SSL3_ST_CW_CERT_A;
363 else
364 s->state=SSL3_ST_CW_KEY_EXCH_A;
365 s->init_num=0;
366
367 break;
368
369 case SSL3_ST_CW_CERT_A:
370 case SSL3_ST_CW_CERT_B:
371 case SSL3_ST_CW_CERT_C:
372 case SSL3_ST_CW_CERT_D:
373 ret=ssl3_send_client_certificate(s);
374 if (ret <= 0) goto end;
375 s->state=SSL3_ST_CW_KEY_EXCH_A;
376 s->init_num=0;
377 break;
378
379 case SSL3_ST_CW_KEY_EXCH_A:
380 case SSL3_ST_CW_KEY_EXCH_B:
381 ret=ssl3_send_client_key_exchange(s);
382 if (ret <= 0) goto end;
383 /* EAY EAY EAY need to check for DH fix cert
384 * sent back */
385 /* For TLS, cert_req is set to 2, so a cert chain
386 * of nothing is sent, but no verify packet is sent */
387 /* XXX: For now, we do not support client
388 * authentication in ECDH cipher suites with
389 * ECDH (rather than ECDSA) certificates.
390 * We need to skip the certificate verify
391 * message when client's ECDH public key is sent
392 * inside the client certificate.
393 */
394 if (s->s3->tmp.cert_req == 1)
395 {
396 s->state=SSL3_ST_CW_CERT_VRFY_A;
397 }
398 else
399 {
400 s->state=SSL3_ST_CW_CHANGE_A;
401 s->s3->change_cipher_spec=0;
402 }
403 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
404 {
405 s->state=SSL3_ST_CW_CHANGE_A;
406 s->s3->change_cipher_spec=0;
407 }
408
409 s->init_num=0;
410 break;
411
412 case SSL3_ST_CW_CERT_VRFY_A:
413 case SSL3_ST_CW_CERT_VRFY_B:
414 ret=ssl3_send_client_verify(s);
415 if (ret <= 0) goto end;
416 s->state=SSL3_ST_CW_CHANGE_A;
417 s->init_num=0;
418 s->s3->change_cipher_spec=0;
419 break;
420
421 case SSL3_ST_CW_CHANGE_A:
422 case SSL3_ST_CW_CHANGE_B:
423 ret=ssl3_send_change_cipher_spec(s,
424 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
425 if (ret <= 0) goto end;
426 s->state=SSL3_ST_CW_FINISHED_A;
427 s->init_num=0;
428
429 s->session->cipher=s->s3->tmp.new_cipher;
430#ifdef OPENSSL_NO_COMP
431 s->session->compress_meth=0;
432#else
433 if (s->s3->tmp.new_compression == NULL)
434 s->session->compress_meth=0;
435 else
436 s->session->compress_meth=
437 s->s3->tmp.new_compression->id;
438#endif
439 if (!s->method->ssl3_enc->setup_key_block(s))
440 {
441 ret= -1;
442 goto end;
443 }
444
445 if (!s->method->ssl3_enc->change_cipher_state(s,
446 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
447 {
448 ret= -1;
449 goto end;
450 }
451
452 break;
453
454 case SSL3_ST_CW_FINISHED_A:
455 case SSL3_ST_CW_FINISHED_B:
456 ret=ssl3_send_finished(s,
457 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
458 s->method->ssl3_enc->client_finished_label,
459 s->method->ssl3_enc->client_finished_label_len);
460 if (ret <= 0) goto end;
461 s->state=SSL3_ST_CW_FLUSH;
462
463 /* clear flags */
464 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
465 if (s->hit)
466 {
467 s->s3->tmp.next_state=SSL_ST_OK;
468 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
469 {
470 s->state=SSL_ST_OK;
471 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
472 s->s3->delay_buf_pop_ret=0;
473 }
474 }
475 else
476 {
477#ifndef OPENSSL_NO_TLSEXT
478 /* Allow NewSessionTicket if ticket expected */
479 if (s->tlsext_ticket_expected)
480 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
481 else
482#endif
483
484 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
485 }
486 s->init_num=0;
487 break;
488
489#ifndef OPENSSL_NO_TLSEXT
490 case SSL3_ST_CR_SESSION_TICKET_A:
491 case SSL3_ST_CR_SESSION_TICKET_B:
492 ret=ssl3_get_new_session_ticket(s);
493 if (ret <= 0) goto end;
494 s->state=SSL3_ST_CR_FINISHED_A;
495 s->init_num=0;
496 break;
497
498 case SSL3_ST_CR_CERT_STATUS_A:
499 case SSL3_ST_CR_CERT_STATUS_B:
500 ret=ssl3_get_cert_status(s);
501 if (ret <= 0) goto end;
502 s->state=SSL3_ST_CR_KEY_EXCH_A;
503 s->init_num=0;
504 break;
505#endif
506
507 case SSL3_ST_CR_FINISHED_A:
508 case SSL3_ST_CR_FINISHED_B:
509
510 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
511 SSL3_ST_CR_FINISHED_B);
512 if (ret <= 0) goto end;
513
514 if (s->hit)
515 s->state=SSL3_ST_CW_CHANGE_A;
516 else
517 s->state=SSL_ST_OK;
518 s->init_num=0;
519 break;
520
521 case SSL3_ST_CW_FLUSH:
522 s->rwstate=SSL_WRITING;
523 if (BIO_flush(s->wbio) <= 0)
524 {
525 ret= -1;
526 goto end;
527 }
528 s->rwstate=SSL_NOTHING;
529 s->state=s->s3->tmp.next_state;
530 break;
531
532 case SSL_ST_OK:
533 /* clean a few things up */
534 ssl3_cleanup_key_block(s);
535
536 if (s->init_buf != NULL)
537 {
538 BUF_MEM_free(s->init_buf);
539 s->init_buf=NULL;
540 }
541
542 /* If we are not 'joining' the last two packets,
543 * remove the buffering now */
544 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
545 ssl_free_wbio_buffer(s);
546 /* else do it later in ssl3_write */
547
548 s->init_num=0;
549 s->new_session=0;
550
551 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
552 if (s->hit) s->ctx->stats.sess_hit++;
553
554 ret=1;
555 /* s->server=0; */
556 s->handshake_func=ssl3_connect;
557 s->ctx->stats.sess_connect_good++;
558
559 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
560
561 goto end;
562 /* break; */
563
564 default:
565 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
566 ret= -1;
567 goto end;
568 /* break; */
569 }
570
571 /* did we do anything */
572 if (!s->s3->tmp.reuse_message && !skip)
573 {
574 if (s->debug)
575 {
576 if ((ret=BIO_flush(s->wbio)) <= 0)
577 goto end;
578 }
579
580 if ((cb != NULL) && (s->state != state))
581 {
582 new_state=s->state;
583 s->state=state;
584 cb(s,SSL_CB_CONNECT_LOOP,1);
585 s->state=new_state;
586 }
587 }
588 skip=0;
589 }
590end:
591 s->in_handshake--;
592 if (buf != NULL)
593 BUF_MEM_free(buf);
594 if (cb != NULL)
595 cb(s,SSL_CB_CONNECT_EXIT,ret);
596 return(ret);
597 }
598
599
600int ssl3_client_hello(SSL *s)
601 {
602 unsigned char *buf;
603 unsigned char *p,*d;
604 int i;
605 unsigned long Time,l;
606#ifndef OPENSSL_NO_COMP
607 int j;
608 SSL_COMP *comp;
609#endif
610
611 buf=(unsigned char *)s->init_buf->data;
612 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
613 {
614 SSL_SESSION *sess = s->session;
615 if ((sess == NULL) ||
616 (sess->ssl_version != s->version) ||
617#ifdef OPENSSL_NO_TLSEXT
618 !sess->session_id_length ||
619#else
620 (!sess->session_id_length && !sess->tlsext_tick) ||
621#endif
622 (sess->not_resumable))
623 {
624 if (!ssl_get_new_session(s,0))
625 goto err;
626 }
627 /* else use the pre-loaded session */
628
629 p=s->s3->client_random;
630 Time=(unsigned long)time(NULL); /* Time */
631 l2n(Time,p);
632 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
633 goto err;
634
635 /* Do the message type and length last */
636 d=p= &(buf[4]);
637
638 *(p++)=s->version>>8;
639 *(p++)=s->version&0xff;
640 s->client_version=s->version;
641
642 /* Random stuff */
643 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
644 p+=SSL3_RANDOM_SIZE;
645
646 /* Session ID */
647 if (s->new_session)
648 i=0;
649 else
650 i=s->session->session_id_length;
651 *(p++)=i;
652 if (i != 0)
653 {
654 if (i > (int)sizeof(s->session->session_id))
655 {
656 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
657 goto err;
658 }
659 memcpy(p,s->session->session_id,i);
660 p+=i;
661 }
662
663 /* Ciphers supported */
664 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
665 if (i == 0)
666 {
667 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
668 goto err;
669 }
670 s2n(i,p);
671 p+=i;
672
673 /* COMPRESSION */
674#ifdef OPENSSL_NO_COMP
675 *(p++)=1;
676#else
677
678 if ((s->options & SSL_OP_NO_COMPRESSION)
679 || !s->ctx->comp_methods)
680 j=0;
681 else
682 j=sk_SSL_COMP_num(s->ctx->comp_methods);
683 *(p++)=1+j;
684 for (i=0; i<j; i++)
685 {
686 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
687 *(p++)=comp->id;
688 }
689#endif
690 *(p++)=0; /* Add the NULL method */
691
692#ifndef OPENSSL_NO_TLSEXT
693 /* TLS extensions*/
694 if (ssl_prepare_clienthello_tlsext(s) <= 0)
695 {
696 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
697 goto err;
698 }
699 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
700 {
701 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
702 goto err;
703 }
704#endif
705
706 l=(p-d);
707 d=buf;
708 *(d++)=SSL3_MT_CLIENT_HELLO;
709 l2n3(l,d);
710
711 s->state=SSL3_ST_CW_CLNT_HELLO_B;
712 /* number of bytes to write */
713 s->init_num=p-buf;
714 s->init_off=0;
715 }
716
717 /* SSL3_ST_CW_CLNT_HELLO_B */
718 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
719err:
720 return(-1);
721 }
722
723int ssl3_get_server_hello(SSL *s)
724 {
725 STACK_OF(SSL_CIPHER) *sk;
726 const SSL_CIPHER *c;
727 unsigned char *p,*d;
728 int i,al,ok;
729 unsigned int j;
730 long n;
731#ifndef OPENSSL_NO_COMP
732 SSL_COMP *comp;
733#endif
734
735 n=s->method->ssl_get_message(s,
736 SSL3_ST_CR_SRVR_HELLO_A,
737 SSL3_ST_CR_SRVR_HELLO_B,
738 -1,
739 20000, /* ?? */
740 &ok);
741
742 if (!ok) return((int)n);
743
744 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
745 {
746 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
747 {
748 if ( s->d1->send_cookie == 0)
749 {
750 s->s3->tmp.reuse_message = 1;
751 return 1;
752 }
753 else /* already sent a cookie */
754 {
755 al=SSL_AD_UNEXPECTED_MESSAGE;
756 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
757 goto f_err;
758 }
759 }
760 }
761
762 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
763 {
764 al=SSL_AD_UNEXPECTED_MESSAGE;
765 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
766 goto f_err;
767 }
768
769 d=p=(unsigned char *)s->init_msg;
770
771 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
772 {
773 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
774 s->version=(s->version&0xff00)|p[1];
775 al=SSL_AD_PROTOCOL_VERSION;
776 goto f_err;
777 }
778 p+=2;
779
780 /* load the server hello data */
781 /* load the server random */
782 memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
783 p+=SSL3_RANDOM_SIZE;
784
785 /* get the session-id */
786 j= *(p++);
787
788 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
789 {
790 al=SSL_AD_ILLEGAL_PARAMETER;
791 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
792 goto f_err;
793 }
794
795#ifndef OPENSSL_NO_TLSEXT
796 /* check if we want to resume the session based on external pre-shared secret */
797 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
798 {
799 SSL_CIPHER *pref_cipher=NULL;
800 s->session->master_key_length=sizeof(s->session->master_key);
801 if (s->tls_session_secret_cb(s, s->session->master_key,
802 &s->session->master_key_length,
803 NULL, &pref_cipher,
804 s->tls_session_secret_cb_arg))
805 {
806 s->session->cipher = pref_cipher ?
807 pref_cipher : ssl_get_cipher_by_char(s, p+j);
808 }
809 }
810#endif /* OPENSSL_NO_TLSEXT */
811
812 if (j != 0 && j == s->session->session_id_length
813 && memcmp(p,s->session->session_id,j) == 0)
814 {
815 if(s->sid_ctx_length != s->session->sid_ctx_length
816 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
817 {
818 /* actually a client application bug */
819 al=SSL_AD_ILLEGAL_PARAMETER;
820 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
821 goto f_err;
822 }
823 s->hit=1;
824 }
825 else /* a miss or crap from the other end */
826 {
827 /* If we were trying for session-id reuse, make a new
828 * SSL_SESSION so we don't stuff up other people */
829 s->hit=0;
830 if (s->session->session_id_length > 0)
831 {
832 if (!ssl_get_new_session(s,0))
833 {
834 al=SSL_AD_INTERNAL_ERROR;
835 goto f_err;
836 }
837 }
838 s->session->session_id_length=j;
839 memcpy(s->session->session_id,p,j); /* j could be 0 */
840 }
841 p+=j;
842 c=ssl_get_cipher_by_char(s,p);
843 if (c == NULL)
844 {
845 /* unknown cipher */
846 al=SSL_AD_ILLEGAL_PARAMETER;
847 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
848 goto f_err;
849 }
850 p+=ssl_put_cipher_by_char(s,NULL,NULL);
851
852 sk=ssl_get_ciphers_by_id(s);
853 i=sk_SSL_CIPHER_find(sk,c);
854 if (i < 0)
855 {
856 /* we did not say we would use this cipher */
857 al=SSL_AD_ILLEGAL_PARAMETER;
858 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
859 goto f_err;
860 }
861
862 /* Depending on the session caching (internal/external), the cipher
863 and/or cipher_id values may not be set. Make sure that
864 cipher_id is set and use it for comparison. */
865 if (s->session->cipher)
866 s->session->cipher_id = s->session->cipher->id;
867 if (s->hit && (s->session->cipher_id != c->id))
868 {
869/* Workaround is now obsolete */
870#if 0
871 if (!(s->options &
872 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
873#endif
874 {
875 al=SSL_AD_ILLEGAL_PARAMETER;
876 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
877 goto f_err;
878 }
879 }
880 s->s3->tmp.new_cipher=c;
881 if (!ssl3_digest_cached_records(s))
882 goto f_err;
883
884 /* lets get the compression algorithm */
885 /* COMPRESSION */
886#ifdef OPENSSL_NO_COMP
887 if (*(p++) != 0)
888 {
889 al=SSL_AD_ILLEGAL_PARAMETER;
890 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
891 goto f_err;
892 }
893 /* If compression is disabled we'd better not try to resume a session
894 * using compression.
895 */
896 if (s->session->compress_meth != 0)
897 {
898 al=SSL_AD_INTERNAL_ERROR;
899 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
900 goto f_err;
901 }
902#else
903 j= *(p++);
904 if (s->hit && j != s->session->compress_meth)
905 {
906 al=SSL_AD_ILLEGAL_PARAMETER;
907 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
908 goto f_err;
909 }
910 if (j == 0)
911 comp=NULL;
912 else if (s->options & SSL_OP_NO_COMPRESSION)
913 {
914 al=SSL_AD_ILLEGAL_PARAMETER;
915 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
916 goto f_err;
917 }
918 else
919 comp=ssl3_comp_find(s->ctx->comp_methods,j);
920
921 if ((j != 0) && (comp == NULL))
922 {
923 al=SSL_AD_ILLEGAL_PARAMETER;
924 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
925 goto f_err;
926 }
927 else
928 {
929 s->s3->tmp.new_compression=comp;
930 }
931#endif
932
933#ifndef OPENSSL_NO_TLSEXT
934 /* TLS extensions*/
935 if (s->version >= SSL3_VERSION)
936 {
937 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
938 {
939 /* 'al' set by ssl_parse_serverhello_tlsext */
940 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
941 goto f_err;
942 }
943 if (ssl_check_serverhello_tlsext(s) <= 0)
944 {
945 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
946 goto err;
947 }
948 }
949#endif
950
951 if (p != (d+n))
952 {
953 /* wrong packet length */
954 al=SSL_AD_DECODE_ERROR;
955 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
956 goto err;
957 }
958
959 return(1);
960f_err:
961 ssl3_send_alert(s,SSL3_AL_FATAL,al);
962err:
963 return(-1);
964 }
965
966int ssl3_get_server_certificate(SSL *s)
967 {
968 int al,i,ok,ret= -1;
969 unsigned long n,nc,llen,l;
970 X509 *x=NULL;
971 const unsigned char *q,*p;
972 unsigned char *d;
973 STACK_OF(X509) *sk=NULL;
974 SESS_CERT *sc;
975 EVP_PKEY *pkey=NULL;
976 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
977
978 n=s->method->ssl_get_message(s,
979 SSL3_ST_CR_CERT_A,
980 SSL3_ST_CR_CERT_B,
981 -1,
982 s->max_cert_list,
983 &ok);
984
985 if (!ok) return((int)n);
986
987 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
988 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
989 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
990 {
991 s->s3->tmp.reuse_message=1;
992 return(1);
993 }
994
995 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
996 {
997 al=SSL_AD_UNEXPECTED_MESSAGE;
998 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
999 goto f_err;
1000 }
1001 p=d=(unsigned char *)s->init_msg;
1002
1003 if ((sk=sk_X509_new_null()) == NULL)
1004 {
1005 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1006 goto err;
1007 }
1008
1009 n2l3(p,llen);
1010 if (llen+3 != n)
1011 {
1012 al=SSL_AD_DECODE_ERROR;
1013 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
1014 goto f_err;
1015 }
1016 for (nc=0; nc<llen; )
1017 {
1018 n2l3(p,l);
1019 if ((l+nc+3) > llen)
1020 {
1021 al=SSL_AD_DECODE_ERROR;
1022 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1023 goto f_err;
1024 }
1025
1026 q=p;
1027 x=d2i_X509(NULL,&q,l);
1028 if (x == NULL)
1029 {
1030 al=SSL_AD_BAD_CERTIFICATE;
1031 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
1032 goto f_err;
1033 }
1034 if (q != (p+l))
1035 {
1036 al=SSL_AD_DECODE_ERROR;
1037 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1038 goto f_err;
1039 }
1040 if (!sk_X509_push(sk,x))
1041 {
1042 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1043 goto err;
1044 }
1045 x=NULL;
1046 nc+=l+3;
1047 p=q;
1048 }
1049
1050 i=ssl_verify_cert_chain(s,sk);
1051 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
1052#ifndef OPENSSL_NO_KRB5
1053 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1054 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1055#endif /* OPENSSL_NO_KRB5 */
1056 )
1057 {
1058 al=ssl_verify_alarm_type(s->verify_result);
1059 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
1060 goto f_err;
1061 }
1062 ERR_clear_error(); /* but we keep s->verify_result */
1063
1064 sc=ssl_sess_cert_new();
1065 if (sc == NULL) goto err;
1066
1067 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
1068 s->session->sess_cert=sc;
1069
1070 sc->cert_chain=sk;
1071 /* Inconsistency alert: cert_chain does include the peer's
1072 * certificate, which we don't include in s3_srvr.c */
1073 x=sk_X509_value(sk,0);
1074 sk=NULL;
1075 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1076
1077 pkey=X509_get_pubkey(x);
1078
1079 /* VRS: allow null cert if auth == KRB5 */
1080 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1081 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1082 ? 0 : 1;
1083
1084#ifdef KSSL_DEBUG
1085 printf("pkey,x = %p, %p\n", pkey,x);
1086 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1087 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1088 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1089#endif /* KSSL_DEBUG */
1090
1091 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
1092 {
1093 x=NULL;
1094 al=SSL3_AL_FATAL;
1095 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1096 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1097 goto f_err;
1098 }
1099
1100 i=ssl_cert_type(x,pkey);
1101 if (need_cert && i < 0)
1102 {
1103 x=NULL;
1104 al=SSL3_AL_FATAL;
1105 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1106 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1107 goto f_err;
1108 }
1109
1110 if (need_cert)
1111 {
1112 sc->peer_cert_type=i;
1113 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1114 /* Why would the following ever happen?
1115 * We just created sc a couple of lines ago. */
1116 if (sc->peer_pkeys[i].x509 != NULL)
1117 X509_free(sc->peer_pkeys[i].x509);
1118 sc->peer_pkeys[i].x509=x;
1119 sc->peer_key= &(sc->peer_pkeys[i]);
1120
1121 if (s->session->peer != NULL)
1122 X509_free(s->session->peer);
1123 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1124 s->session->peer=x;
1125 }
1126 else
1127 {
1128 sc->peer_cert_type=i;
1129 sc->peer_key= NULL;
1130
1131 if (s->session->peer != NULL)
1132 X509_free(s->session->peer);
1133 s->session->peer=NULL;
1134 }
1135 s->session->verify_result = s->verify_result;
1136
1137 x=NULL;
1138 ret=1;
1139
1140 if (0)
1141 {
1142f_err:
1143 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1144 }
1145err:
1146 EVP_PKEY_free(pkey);
1147 X509_free(x);
1148 sk_X509_pop_free(sk,X509_free);
1149 return(ret);
1150 }
1151
1152int ssl3_get_key_exchange(SSL *s)
1153 {
1154#ifndef OPENSSL_NO_RSA
1155 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
1156#endif
1157 EVP_MD_CTX md_ctx;
1158 unsigned char *param,*p;
1159 int al,i,j,param_len,ok;
1160 long n,alg_k,alg_a;
1161 EVP_PKEY *pkey=NULL;
1162#ifndef OPENSSL_NO_RSA
1163 RSA *rsa=NULL;
1164#endif
1165#ifndef OPENSSL_NO_DH
1166 DH *dh=NULL;
1167#endif
1168#ifndef OPENSSL_NO_ECDH
1169 EC_KEY *ecdh = NULL;
1170 BN_CTX *bn_ctx = NULL;
1171 EC_POINT *srvr_ecpoint = NULL;
1172 int curve_nid = 0;
1173 int encoded_pt_len = 0;
1174#endif
1175
1176 /* use same message size as in ssl3_get_certificate_request()
1177 * as ServerKeyExchange message may be skipped */
1178 n=s->method->ssl_get_message(s,
1179 SSL3_ST_CR_KEY_EXCH_A,
1180 SSL3_ST_CR_KEY_EXCH_B,
1181 -1,
1182 s->max_cert_list,
1183 &ok);
1184 if (!ok) return((int)n);
1185
1186 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1187 {
1188#ifndef OPENSSL_NO_PSK
1189 /* In plain PSK ciphersuite, ServerKeyExchange can be
1190 omitted if no identity hint is sent. Set
1191 session->sess_cert anyway to avoid problems
1192 later.*/
1193 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
1194 {
1195 s->session->sess_cert=ssl_sess_cert_new();
1196 if (s->ctx->psk_identity_hint)
1197 OPENSSL_free(s->ctx->psk_identity_hint);
1198 s->ctx->psk_identity_hint = NULL;
1199 }
1200#endif
1201 s->s3->tmp.reuse_message=1;
1202 return(1);
1203 }
1204
1205 param=p=(unsigned char *)s->init_msg;
1206 if (s->session->sess_cert != NULL)
1207 {
1208#ifndef OPENSSL_NO_RSA
1209 if (s->session->sess_cert->peer_rsa_tmp != NULL)
1210 {
1211 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1212 s->session->sess_cert->peer_rsa_tmp=NULL;
1213 }
1214#endif
1215#ifndef OPENSSL_NO_DH
1216 if (s->session->sess_cert->peer_dh_tmp)
1217 {
1218 DH_free(s->session->sess_cert->peer_dh_tmp);
1219 s->session->sess_cert->peer_dh_tmp=NULL;
1220 }
1221#endif
1222#ifndef OPENSSL_NO_ECDH
1223 if (s->session->sess_cert->peer_ecdh_tmp)
1224 {
1225 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1226 s->session->sess_cert->peer_ecdh_tmp=NULL;
1227 }
1228#endif
1229 }
1230 else
1231 {
1232 s->session->sess_cert=ssl_sess_cert_new();
1233 }
1234
1235 param_len=0;
1236 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1237 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
1238 EVP_MD_CTX_init(&md_ctx);
1239
1240#ifndef OPENSSL_NO_PSK
1241 if (alg_k & SSL_kPSK)
1242 {
1243 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1244
1245 al=SSL_AD_HANDSHAKE_FAILURE;
1246 n2s(p,i);
1247 param_len=i+2;
1248 /* Store PSK identity hint for later use, hint is used
1249 * in ssl3_send_client_key_exchange. Assume that the
1250 * maximum length of a PSK identity hint can be as
1251 * long as the maximum length of a PSK identity. */
1252 if (i > PSK_MAX_IDENTITY_LEN)
1253 {
1254 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1255 SSL_R_DATA_LENGTH_TOO_LONG);
1256 goto f_err;
1257 }
1258 if (param_len > n)
1259 {
1260 al=SSL_AD_DECODE_ERROR;
1261 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1262 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1263 goto f_err;
1264 }
1265 /* If received PSK identity hint contains NULL
1266 * characters, the hint is truncated from the first
1267 * NULL. p may not be ending with NULL, so create a
1268 * NULL-terminated string. */
1269 memcpy(tmp_id_hint, p, i);
1270 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
1271 if (s->ctx->psk_identity_hint != NULL)
1272 OPENSSL_free(s->ctx->psk_identity_hint);
1273 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1274 if (s->ctx->psk_identity_hint == NULL)
1275 {
1276 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1277 goto f_err;
1278 }
1279
1280 p+=i;
1281 n-=param_len;
1282 }
1283 else
1284#endif /* !OPENSSL_NO_PSK */
1285#ifndef OPENSSL_NO_RSA
1286 if (alg_k & SSL_kRSA)
1287 {
1288 if ((rsa=RSA_new()) == NULL)
1289 {
1290 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1291 goto err;
1292 }
1293 n2s(p,i);
1294 param_len=i+2;
1295 if (param_len > n)
1296 {
1297 al=SSL_AD_DECODE_ERROR;
1298 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
1299 goto f_err;
1300 }
1301 if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
1302 {
1303 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1304 goto err;
1305 }
1306 p+=i;
1307
1308 n2s(p,i);
1309 param_len+=i+2;
1310 if (param_len > n)
1311 {
1312 al=SSL_AD_DECODE_ERROR;
1313 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
1314 goto f_err;
1315 }
1316 if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
1317 {
1318 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1319 goto err;
1320 }
1321 p+=i;
1322 n-=param_len;
1323
1324 /* this should be because we are using an export cipher */
1325 if (alg_a & SSL_aRSA)
1326 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1327 else
1328 {
1329 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1330 goto err;
1331 }
1332 s->session->sess_cert->peer_rsa_tmp=rsa;
1333 rsa=NULL;
1334 }
1335#else /* OPENSSL_NO_RSA */
1336 if (0)
1337 ;
1338#endif
1339#ifndef OPENSSL_NO_DH
1340 else if (alg_k & SSL_kEDH)
1341 {
1342 if ((dh=DH_new()) == NULL)
1343 {
1344 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
1345 goto err;
1346 }
1347 n2s(p,i);
1348 param_len=i+2;
1349 if (param_len > n)
1350 {
1351 al=SSL_AD_DECODE_ERROR;
1352 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
1353 goto f_err;
1354 }
1355 if (!(dh->p=BN_bin2bn(p,i,NULL)))
1356 {
1357 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1358 goto err;
1359 }
1360 p+=i;
1361
1362 n2s(p,i);
1363 param_len+=i+2;
1364 if (param_len > n)
1365 {
1366 al=SSL_AD_DECODE_ERROR;
1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
1368 goto f_err;
1369 }
1370 if (!(dh->g=BN_bin2bn(p,i,NULL)))
1371 {
1372 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1373 goto err;
1374 }
1375 p+=i;
1376
1377 n2s(p,i);
1378 param_len+=i+2;
1379 if (param_len > n)
1380 {
1381 al=SSL_AD_DECODE_ERROR;
1382 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
1383 goto f_err;
1384 }
1385 if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
1386 {
1387 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1388 goto err;
1389 }
1390 p+=i;
1391 n-=param_len;
1392
1393#ifndef OPENSSL_NO_RSA
1394 if (alg_a & SSL_aRSA)
1395 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1396#else
1397 if (0)
1398 ;
1399#endif
1400#ifndef OPENSSL_NO_DSA
1401 else if (alg_a & SSL_aDSS)
1402 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1403#endif
1404 /* else anonymous DH, so no certificate or pkey. */
1405
1406 s->session->sess_cert->peer_dh_tmp=dh;
1407 dh=NULL;
1408 }
1409 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
1410 {
1411 al=SSL_AD_ILLEGAL_PARAMETER;
1412 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1413 goto f_err;
1414 }
1415#endif /* !OPENSSL_NO_DH */
1416
1417#ifndef OPENSSL_NO_ECDH
1418 else if (alg_k & SSL_kEECDH)
1419 {
1420 EC_GROUP *ngroup;
1421 const EC_GROUP *group;
1422
1423 if ((ecdh=EC_KEY_new()) == NULL)
1424 {
1425 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1426 goto err;
1427 }
1428
1429 /* Extract elliptic curve parameters and the
1430 * server's ephemeral ECDH public key.
1431 * Keep accumulating lengths of various components in
1432 * param_len and make sure it never exceeds n.
1433 */
1434
1435 /* XXX: For now we only support named (not generic) curves
1436 * and the ECParameters in this case is just three bytes.
1437 */
1438 param_len=3;
1439 if ((param_len > n) ||
1440 (*p != NAMED_CURVE_TYPE) ||
1441 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
1442 {
1443 al=SSL_AD_INTERNAL_ERROR;
1444 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1445 goto f_err;
1446 }
1447
1448 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1449 if (ngroup == NULL)
1450 {
1451 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1452 goto err;
1453 }
1454 if (EC_KEY_set_group(ecdh, ngroup) == 0)
1455 {
1456 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1457 goto err;
1458 }
1459 EC_GROUP_free(ngroup);
1460
1461 group = EC_KEY_get0_group(ecdh);
1462
1463 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1464 (EC_GROUP_get_degree(group) > 163))
1465 {
1466 al=SSL_AD_EXPORT_RESTRICTION;
1467 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1468 goto f_err;
1469 }
1470
1471 p+=3;
1472
1473 /* Next, get the encoded ECPoint */
1474 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1475 ((bn_ctx = BN_CTX_new()) == NULL))
1476 {
1477 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1478 goto err;
1479 }
1480
1481 encoded_pt_len = *p; /* length of encoded point */
1482 p+=1;
1483 param_len += (1 + encoded_pt_len);
1484 if ((param_len > n) ||
1485 (EC_POINT_oct2point(group, srvr_ecpoint,
1486 p, encoded_pt_len, bn_ctx) == 0))
1487 {
1488 al=SSL_AD_DECODE_ERROR;
1489 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1490 goto f_err;
1491 }
1492
1493 n-=param_len;
1494 p+=encoded_pt_len;
1495
1496 /* The ECC/TLS specification does not mention
1497 * the use of DSA to sign ECParameters in the server
1498 * key exchange message. We do support RSA and ECDSA.
1499 */
1500 if (0) ;
1501#ifndef OPENSSL_NO_RSA
1502 else if (alg_a & SSL_aRSA)
1503 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1504#endif
1505#ifndef OPENSSL_NO_ECDSA
1506 else if (alg_a & SSL_aECDSA)
1507 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1508#endif
1509 /* else anonymous ECDH, so no certificate or pkey. */
1510 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1511 s->session->sess_cert->peer_ecdh_tmp=ecdh;
1512 ecdh=NULL;
1513 BN_CTX_free(bn_ctx);
1514 EC_POINT_free(srvr_ecpoint);
1515 srvr_ecpoint = NULL;
1516 }
1517 else if (alg_k)
1518 {
1519 al=SSL_AD_UNEXPECTED_MESSAGE;
1520 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1521 goto f_err;
1522 }
1523#endif /* !OPENSSL_NO_ECDH */
1524
1525
1526 /* p points to the next byte, there are 'n' bytes left */
1527
1528 /* if it was signed, check the signature */
1529 if (pkey != NULL)
1530 {
1531 n2s(p,i);
1532 n-=2;
1533 j=EVP_PKEY_size(pkey);
1534
1535 if ((i != n) || (n > j) || (n <= 0))
1536 {
1537 /* wrong packet length */
1538 al=SSL_AD_DECODE_ERROR;
1539 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
1540 goto f_err;
1541 }
1542
1543#ifndef OPENSSL_NO_RSA
1544 if (pkey->type == EVP_PKEY_RSA)
1545 {
1546 int num;
1547
1548 j=0;
1549 q=md_buf;
1550 for (num=2; num > 0; num--)
1551 {
1552 EVP_DigestInit_ex(&md_ctx,(num == 2)
1553 ?s->ctx->md5:s->ctx->sha1, NULL);
1554 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1555 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1556 EVP_DigestUpdate(&md_ctx,param,param_len);
1557 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
1558 q+=i;
1559 j+=i;
1560 }
1561 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
1562 pkey->pkey.rsa);
1563 if (i < 0)
1564 {
1565 al=SSL_AD_DECRYPT_ERROR;
1566 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1567 goto f_err;
1568 }
1569 if (i == 0)
1570 {
1571 /* bad signature */
1572 al=SSL_AD_DECRYPT_ERROR;
1573 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1574 goto f_err;
1575 }
1576 }
1577 else
1578#endif
1579#ifndef OPENSSL_NO_DSA
1580 if (pkey->type == EVP_PKEY_DSA)
1581 {
1582 /* lets do DSS */
1583 EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
1584 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1585 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1586 EVP_VerifyUpdate(&md_ctx,param,param_len);
1587 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1588 {
1589 /* bad signature */
1590 al=SSL_AD_DECRYPT_ERROR;
1591 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1592 goto f_err;
1593 }
1594 }
1595 else
1596#endif
1597#ifndef OPENSSL_NO_ECDSA
1598 if (pkey->type == EVP_PKEY_EC)
1599 {
1600 /* let's do ECDSA */
1601 EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1602 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1603 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1604 EVP_VerifyUpdate(&md_ctx,param,param_len);
1605 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1606 {
1607 /* bad signature */
1608 al=SSL_AD_DECRYPT_ERROR;
1609 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1610 goto f_err;
1611 }
1612 }
1613 else
1614#endif
1615 {
1616 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1617 goto err;
1618 }
1619 }
1620 else
1621 {
1622 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
1623 /* aNULL or kPSK do not need public keys */
1624 {
1625 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1626 goto err;
1627 }
1628 /* still data left over */
1629 if (n != 0)
1630 {
1631 al=SSL_AD_DECODE_ERROR;
1632 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
1633 goto f_err;
1634 }
1635 }
1636 EVP_PKEY_free(pkey);
1637 EVP_MD_CTX_cleanup(&md_ctx);
1638 return(1);
1639f_err:
1640 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1641err:
1642 EVP_PKEY_free(pkey);
1643#ifndef OPENSSL_NO_RSA
1644 if (rsa != NULL)
1645 RSA_free(rsa);
1646#endif
1647#ifndef OPENSSL_NO_DH
1648 if (dh != NULL)
1649 DH_free(dh);
1650#endif
1651#ifndef OPENSSL_NO_ECDH
1652 BN_CTX_free(bn_ctx);
1653 EC_POINT_free(srvr_ecpoint);
1654 if (ecdh != NULL)
1655 EC_KEY_free(ecdh);
1656#endif
1657 EVP_MD_CTX_cleanup(&md_ctx);
1658 return(-1);
1659 }
1660
1661int ssl3_get_certificate_request(SSL *s)
1662 {
1663 int ok,ret=0;
1664 unsigned long n,nc,l;
1665 unsigned int llen,ctype_num,i;
1666 X509_NAME *xn=NULL;
1667 const unsigned char *p,*q;
1668 unsigned char *d;
1669 STACK_OF(X509_NAME) *ca_sk=NULL;
1670
1671 n=s->method->ssl_get_message(s,
1672 SSL3_ST_CR_CERT_REQ_A,
1673 SSL3_ST_CR_CERT_REQ_B,
1674 -1,
1675 s->max_cert_list,
1676 &ok);
1677
1678 if (!ok) return((int)n);
1679
1680 s->s3->tmp.cert_req=0;
1681
1682 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
1683 {
1684 s->s3->tmp.reuse_message=1;
1685 return(1);
1686 }
1687
1688 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
1689 {
1690 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1691 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
1692 goto err;
1693 }
1694
1695 /* TLS does not like anon-DH with client cert */
1696 if (s->version > SSL3_VERSION)
1697 {
1698 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1699 {
1700 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1701 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1702 goto err;
1703 }
1704 }
1705
1706 p=d=(unsigned char *)s->init_msg;
1707
1708 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
1709 {
1710 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1711 goto err;
1712 }
1713
1714 /* get the certificate types */
1715 ctype_num= *(p++);
1716 if (ctype_num > SSL3_CT_NUMBER)
1717 ctype_num=SSL3_CT_NUMBER;
1718 for (i=0; i<ctype_num; i++)
1719 s->s3->tmp.ctype[i]= p[i];
1720 p+=ctype_num;
1721
1722 /* get the CA RDNs */
1723 n2s(p,llen);
1724#if 0
1725{
1726FILE *out;
1727out=fopen("/tmp/vsign.der","w");
1728fwrite(p,1,llen,out);
1729fclose(out);
1730}
1731#endif
1732
1733 if ((llen+ctype_num+2+1) != n)
1734 {
1735 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1736 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
1737 goto err;
1738 }
1739
1740 for (nc=0; nc<llen; )
1741 {
1742 n2s(p,l);
1743 if ((l+nc+2) > llen)
1744 {
1745 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1746 goto cont; /* netscape bugs */
1747 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1748 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
1749 goto err;
1750 }
1751
1752 q=p;
1753
1754 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
1755 {
1756 /* If netscape tolerance is on, ignore errors */
1757 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1758 goto cont;
1759 else
1760 {
1761 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1762 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
1763 goto err;
1764 }
1765 }
1766
1767 if (q != (p+l))
1768 {
1769 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1770 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
1771 goto err;
1772 }
1773 if (!sk_X509_NAME_push(ca_sk,xn))
1774 {
1775 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1776 goto err;
1777 }
1778
1779 p+=l;
1780 nc+=l+2;
1781 }
1782
1783 if (0)
1784 {
1785cont:
1786 ERR_clear_error();
1787 }
1788
1789 /* we should setup a certificate to return.... */
1790 s->s3->tmp.cert_req=1;
1791 s->s3->tmp.ctype_num=ctype_num;
1792 if (s->s3->tmp.ca_names != NULL)
1793 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1794 s->s3->tmp.ca_names=ca_sk;
1795 ca_sk=NULL;
1796
1797 ret=1;
1798err:
1799 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
1800 return(ret);
1801 }
1802
1803static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1804 {
1805 return(X509_NAME_cmp(*a,*b));
1806 }
1807#ifndef OPENSSL_NO_TLSEXT
1808int ssl3_get_new_session_ticket(SSL *s)
1809 {
1810 int ok,al,ret=0, ticklen;
1811 long n;
1812 const unsigned char *p;
1813 unsigned char *d;
1814
1815 n=s->method->ssl_get_message(s,
1816 SSL3_ST_CR_SESSION_TICKET_A,
1817 SSL3_ST_CR_SESSION_TICKET_B,
1818 -1,
1819 16384,
1820 &ok);
1821
1822 if (!ok)
1823 return((int)n);
1824
1825 if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
1826 {
1827 s->s3->tmp.reuse_message=1;
1828 return(1);
1829 }
1830 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
1831 {
1832 al=SSL_AD_UNEXPECTED_MESSAGE;
1833 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
1834 goto f_err;
1835 }
1836 if (n < 6)
1837 {
1838 /* need at least ticket_lifetime_hint + ticket length */
1839 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1840 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1841 goto f_err;
1842 }
1843
1844 p=d=(unsigned char *)s->init_msg;
1845 n2l(p, s->session->tlsext_tick_lifetime_hint);
1846 n2s(p, ticklen);
1847 /* ticket_lifetime_hint + ticket_length + ticket */
1848 if (ticklen + 6 != n)
1849 {
1850 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1851 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1852 goto f_err;
1853 }
1854 if (s->session->tlsext_tick)
1855 {
1856 OPENSSL_free(s->session->tlsext_tick);
1857 s->session->tlsext_ticklen = 0;
1858 }
1859 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
1860 if (!s->session->tlsext_tick)
1861 {
1862 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
1863 goto err;
1864 }
1865 memcpy(s->session->tlsext_tick, p, ticklen);
1866 s->session->tlsext_ticklen = ticklen;
1867 /* There are two ways to detect a resumed ticket sesion.
1868 * One is to set an appropriate session ID and then the server
1869 * must return a match in ServerHello. This allows the normal
1870 * client session ID matching to work and we know much
1871 * earlier that the ticket has been accepted.
1872 *
1873 * The other way is to set zero length session ID when the
1874 * ticket is presented and rely on the handshake to determine
1875 * session resumption.
1876 *
1877 * We choose the former approach because this fits in with
1878 * assumptions elsewhere in OpenSSL. The session ID is set
1879 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1880 * ticket.
1881 */
1882 EVP_Digest(p, ticklen,
1883 s->session->session_id, &s->session->session_id_length,
1884#ifndef OPENSSL_NO_SHA256
1885 EVP_sha256(), NULL);
1886#else
1887 EVP_sha1(), NULL);
1888#endif
1889 ret=1;
1890 return(ret);
1891f_err:
1892 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1893err:
1894 return(-1);
1895 }
1896
1897int ssl3_get_cert_status(SSL *s)
1898 {
1899 int ok, al;
1900 unsigned long resplen,n;
1901 const unsigned char *p;
1902
1903 n=s->method->ssl_get_message(s,
1904 SSL3_ST_CR_CERT_STATUS_A,
1905 SSL3_ST_CR_CERT_STATUS_B,
1906 SSL3_MT_CERTIFICATE_STATUS,
1907 16384,
1908 &ok);
1909
1910 if (!ok) return((int)n);
1911 if (n < 4)
1912 {
1913 /* need at least status type + length */
1914 al = SSL_AD_DECODE_ERROR;
1915 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1916 goto f_err;
1917 }
1918 p = (unsigned char *)s->init_msg;
1919 if (*p++ != TLSEXT_STATUSTYPE_ocsp)
1920 {
1921 al = SSL_AD_DECODE_ERROR;
1922 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
1923 goto f_err;
1924 }
1925 n2l3(p, resplen);
1926 if (resplen + 4 != n)
1927 {
1928 al = SSL_AD_DECODE_ERROR;
1929 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1930 goto f_err;
1931 }
1932 if (s->tlsext_ocsp_resp)
1933 OPENSSL_free(s->tlsext_ocsp_resp);
1934 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
1935 if (!s->tlsext_ocsp_resp)
1936 {
1937 al = SSL_AD_INTERNAL_ERROR;
1938 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1939 goto f_err;
1940 }
1941 s->tlsext_ocsp_resplen = resplen;
1942 if (s->ctx->tlsext_status_cb)
1943 {
1944 int ret;
1945 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1946 if (ret == 0)
1947 {
1948 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1949 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
1950 goto f_err;
1951 }
1952 if (ret < 0)
1953 {
1954 al = SSL_AD_INTERNAL_ERROR;
1955 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1956 goto f_err;
1957 }
1958 }
1959 return 1;
1960f_err:
1961 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1962 return(-1);
1963 }
1964#endif
1965
1966int ssl3_get_server_done(SSL *s)
1967 {
1968 int ok,ret=0;
1969 long n;
1970
1971 n=s->method->ssl_get_message(s,
1972 SSL3_ST_CR_SRVR_DONE_A,
1973 SSL3_ST_CR_SRVR_DONE_B,
1974 SSL3_MT_SERVER_DONE,
1975 30, /* should be very small, like 0 :-) */
1976 &ok);
1977
1978 if (!ok) return((int)n);
1979 if (n > 0)
1980 {
1981 /* should contain no data */
1982 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1983 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
1984 return -1;
1985 }
1986 ret=1;
1987 return(ret);
1988 }
1989
1990
1991int ssl3_send_client_key_exchange(SSL *s)
1992 {
1993 unsigned char *p,*d;
1994 int n;
1995 unsigned long alg_k;
1996#ifndef OPENSSL_NO_RSA
1997 unsigned char *q;
1998 EVP_PKEY *pkey=NULL;
1999#endif
2000#ifndef OPENSSL_NO_KRB5
2001 KSSL_ERR kssl_err;
2002#endif /* OPENSSL_NO_KRB5 */
2003#ifndef OPENSSL_NO_ECDH
2004 EC_KEY *clnt_ecdh = NULL;
2005 const EC_POINT *srvr_ecpoint = NULL;
2006 EVP_PKEY *srvr_pub_pkey = NULL;
2007 unsigned char *encodedPoint = NULL;
2008 int encoded_pt_len = 0;
2009 BN_CTX * bn_ctx = NULL;
2010#endif
2011
2012 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
2013 {
2014 d=(unsigned char *)s->init_buf->data;
2015 p= &(d[4]);
2016
2017 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2018
2019 /* Fool emacs indentation */
2020 if (0) {}
2021#ifndef OPENSSL_NO_RSA
2022 else if (alg_k & SSL_kRSA)
2023 {
2024 RSA *rsa;
2025 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2026
2027 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2028 rsa=s->session->sess_cert->peer_rsa_tmp;
2029 else
2030 {
2031 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
2032 if ((pkey == NULL) ||
2033 (pkey->type != EVP_PKEY_RSA) ||
2034 (pkey->pkey.rsa == NULL))
2035 {
2036 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2037 goto err;
2038 }
2039 rsa=pkey->pkey.rsa;
2040 EVP_PKEY_free(pkey);
2041 }
2042
2043 tmp_buf[0]=s->client_version>>8;
2044 tmp_buf[1]=s->client_version&0xff;
2045 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2046 goto err;
2047
2048 s->session->master_key_length=sizeof tmp_buf;
2049
2050 q=p;
2051 /* Fix buf for TLS and beyond */
2052 if (s->version > SSL3_VERSION)
2053 p+=2;
2054 n=RSA_public_encrypt(sizeof tmp_buf,
2055 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
2056#ifdef PKCS1_CHECK
2057 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
2058 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
2059#endif
2060 if (n <= 0)
2061 {
2062 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
2063 goto err;
2064 }
2065
2066 /* Fix buf for TLS and beyond */
2067 if (s->version > SSL3_VERSION)
2068 {
2069 s2n(n,q);
2070 n+=2;
2071 }
2072
2073 s->session->master_key_length=
2074 s->method->ssl3_enc->generate_master_secret(s,
2075 s->session->master_key,
2076 tmp_buf,sizeof tmp_buf);
2077 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
2078 }
2079#endif
2080#ifndef OPENSSL_NO_KRB5
2081 else if (alg_k & SSL_kKRB5)
2082 {
2083 krb5_error_code krb5rc;
2084 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2085 /* krb5_data krb5_ap_req; */
2086 krb5_data *enc_ticket;
2087 krb5_data authenticator, *authp = NULL;
2088 EVP_CIPHER_CTX ciph_ctx;
2089 const EVP_CIPHER *enc = NULL;
2090 unsigned char iv[EVP_MAX_IV_LENGTH];
2091 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2092 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
2093 + EVP_MAX_IV_LENGTH];
2094 int padl, outl = sizeof(epms);
2095
2096 EVP_CIPHER_CTX_init(&ciph_ctx);
2097
2098#ifdef KSSL_DEBUG
2099 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2100 alg_k, SSL_kKRB5);
2101#endif /* KSSL_DEBUG */
2102
2103 authp = NULL;
2104#ifdef KRB5SENDAUTH
2105 if (KRB5SENDAUTH) authp = &authenticator;
2106#endif /* KRB5SENDAUTH */
2107
2108 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
2109 &kssl_err);
2110 enc = kssl_map_enc(kssl_ctx->enctype);
2111 if (enc == NULL)
2112 goto err;
2113#ifdef KSSL_DEBUG
2114 {
2115 printf("kssl_cget_tkt rtn %d\n", krb5rc);
2116 if (krb5rc && kssl_err.text)
2117 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
2118 }
2119#endif /* KSSL_DEBUG */
2120
2121 if (krb5rc)
2122 {
2123 ssl3_send_alert(s,SSL3_AL_FATAL,
2124 SSL_AD_HANDSHAKE_FAILURE);
2125 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2126 kssl_err.reason);
2127 goto err;
2128 }
2129
2130 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
2131 ** in place of RFC 2712 KerberosWrapper, as in:
2132 **
2133 ** Send ticket (copy to *p, set n = length)
2134 ** n = krb5_ap_req.length;
2135 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
2136 ** if (krb5_ap_req.data)
2137 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
2138 **
2139 ** Now using real RFC 2712 KerberosWrapper
2140 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
2141 ** Note: 2712 "opaque" types are here replaced
2142 ** with a 2-byte length followed by the value.
2143 ** Example:
2144 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
2145 ** Where "xx xx" = length bytes. Shown here with
2146 ** optional authenticator omitted.
2147 */
2148
2149 /* KerberosWrapper.Ticket */
2150 s2n(enc_ticket->length,p);
2151 memcpy(p, enc_ticket->data, enc_ticket->length);
2152 p+= enc_ticket->length;
2153 n = enc_ticket->length + 2;
2154
2155 /* KerberosWrapper.Authenticator */
2156 if (authp && authp->length)
2157 {
2158 s2n(authp->length,p);
2159 memcpy(p, authp->data, authp->length);
2160 p+= authp->length;
2161 n+= authp->length + 2;
2162
2163 free(authp->data);
2164 authp->data = NULL;
2165 authp->length = 0;
2166 }
2167 else
2168 {
2169 s2n(0,p);/* null authenticator length */
2170 n+=2;
2171 }
2172
2173 tmp_buf[0]=s->client_version>>8;
2174 tmp_buf[1]=s->client_version&0xff;
2175 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2176 goto err;
2177
2178 /* 20010420 VRS. Tried it this way; failed.
2179 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
2180 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
2181 ** kssl_ctx->length);
2182 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2183 */
2184
2185 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2186 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
2187 kssl_ctx->key,iv);
2188 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
2189 sizeof tmp_buf);
2190 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
2191 outl += padl;
2192 if (outl > (int)sizeof epms)
2193 {
2194 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2195 goto err;
2196 }
2197 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2198
2199 /* KerberosWrapper.EncryptedPreMasterSecret */
2200 s2n(outl,p);
2201 memcpy(p, epms, outl);
2202 p+=outl;
2203 n+=outl + 2;
2204
2205 s->session->master_key_length=
2206 s->method->ssl3_enc->generate_master_secret(s,
2207 s->session->master_key,
2208 tmp_buf, sizeof tmp_buf);
2209
2210 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2211 OPENSSL_cleanse(epms, outl);
2212 }
2213#endif
2214#ifndef OPENSSL_NO_DH
2215 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2216 {
2217 DH *dh_srvr,*dh_clnt;
2218
2219 if (s->session->sess_cert == NULL)
2220 {
2221 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2222 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2223 goto err;
2224 }
2225
2226 if (s->session->sess_cert->peer_dh_tmp != NULL)
2227 dh_srvr=s->session->sess_cert->peer_dh_tmp;
2228 else
2229 {
2230 /* we get them from the cert */
2231 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2232 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2233 goto err;
2234 }
2235
2236 /* generate a new random key */
2237 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
2238 {
2239 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2240 goto err;
2241 }
2242 if (!DH_generate_key(dh_clnt))
2243 {
2244 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2245 goto err;
2246 }
2247
2248 /* use the 'p' output buffer for the DH key, but
2249 * make sure to clear it out afterwards */
2250
2251 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
2252
2253 if (n <= 0)
2254 {
2255 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2256 goto err;
2257 }
2258
2259 /* generate master key from the result */
2260 s->session->master_key_length=
2261 s->method->ssl3_enc->generate_master_secret(s,
2262 s->session->master_key,p,n);
2263 /* clean up */
2264 memset(p,0,n);
2265
2266 /* send off the data */
2267 n=BN_num_bytes(dh_clnt->pub_key);
2268 s2n(n,p);
2269 BN_bn2bin(dh_clnt->pub_key,p);
2270 n+=2;
2271
2272 DH_free(dh_clnt);
2273
2274 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2275 }
2276#endif
2277
2278#ifndef OPENSSL_NO_ECDH
2279 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2280 {
2281 const EC_GROUP *srvr_group = NULL;
2282 EC_KEY *tkey;
2283 int ecdh_clnt_cert = 0;
2284 int field_size = 0;
2285
2286 /* Did we send out the client's
2287 * ECDH share for use in premaster
2288 * computation as part of client certificate?
2289 * If so, set ecdh_clnt_cert to 1.
2290 */
2291 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
2292 {
2293 /* XXX: For now, we do not support client
2294 * authentication using ECDH certificates.
2295 * To add such support, one needs to add
2296 * code that checks for appropriate
2297 * conditions and sets ecdh_clnt_cert to 1.
2298 * For example, the cert have an ECC
2299 * key on the same curve as the server's
2300 * and the key should be authorized for
2301 * key agreement.
2302 *
2303 * One also needs to add code in ssl3_connect
2304 * to skip sending the certificate verify
2305 * message.
2306 *
2307 * if ((s->cert->key->privatekey != NULL) &&
2308 * (s->cert->key->privatekey->type ==
2309 * EVP_PKEY_EC) && ...)
2310 * ecdh_clnt_cert = 1;
2311 */
2312 }
2313
2314 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
2315 {
2316 tkey = s->session->sess_cert->peer_ecdh_tmp;
2317 }
2318 else
2319 {
2320 /* Get the Server Public Key from Cert */
2321 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2322 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2323 if ((srvr_pub_pkey == NULL) ||
2324 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2325 (srvr_pub_pkey->pkey.ec == NULL))
2326 {
2327 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2328 ERR_R_INTERNAL_ERROR);
2329 goto err;
2330 }
2331
2332 tkey = srvr_pub_pkey->pkey.ec;
2333 }
2334
2335 srvr_group = EC_KEY_get0_group(tkey);
2336 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2337
2338 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
2339 {
2340 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2341 ERR_R_INTERNAL_ERROR);
2342 goto err;
2343 }
2344
2345 if ((clnt_ecdh=EC_KEY_new()) == NULL)
2346 {
2347 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2348 goto err;
2349 }
2350
2351 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
2352 {
2353 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2354 goto err;
2355 }
2356 if (ecdh_clnt_cert)
2357 {
2358 /* Reuse key info from our certificate
2359 * We only need our private key to perform
2360 * the ECDH computation.
2361 */
2362 const BIGNUM *priv_key;
2363 tkey = s->cert->key->privatekey->pkey.ec;
2364 priv_key = EC_KEY_get0_private_key(tkey);
2365 if (priv_key == NULL)
2366 {
2367 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2368 goto err;
2369 }
2370 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
2371 {
2372 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2373 goto err;
2374 }
2375 }
2376 else
2377 {
2378 /* Generate a new ECDH key pair */
2379 if (!(EC_KEY_generate_key(clnt_ecdh)))
2380 {
2381 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2382 goto err;
2383 }
2384 }
2385
2386 /* use the 'p' output buffer for the ECDH key, but
2387 * make sure to clear it out afterwards
2388 */
2389
2390 field_size = EC_GROUP_get_degree(srvr_group);
2391 if (field_size <= 0)
2392 {
2393 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2394 ERR_R_ECDH_LIB);
2395 goto err;
2396 }
2397 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2398 if (n <= 0)
2399 {
2400 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2401 ERR_R_ECDH_LIB);
2402 goto err;
2403 }
2404
2405 /* generate master key from the result */
2406 s->session->master_key_length = s->method->ssl3_enc \
2407 -> generate_master_secret(s,
2408 s->session->master_key,
2409 p, n);
2410
2411 memset(p, 0, n); /* clean up */
2412
2413 if (ecdh_clnt_cert)
2414 {
2415 /* Send empty client key exch message */
2416 n = 0;
2417 }
2418 else
2419 {
2420 /* First check the size of encoding and
2421 * allocate memory accordingly.
2422 */
2423 encoded_pt_len =
2424 EC_POINT_point2oct(srvr_group,
2425 EC_KEY_get0_public_key(clnt_ecdh),
2426 POINT_CONVERSION_UNCOMPRESSED,
2427 NULL, 0, NULL);
2428
2429 encodedPoint = (unsigned char *)
2430 OPENSSL_malloc(encoded_pt_len *
2431 sizeof(unsigned char));
2432 bn_ctx = BN_CTX_new();
2433 if ((encodedPoint == NULL) ||
2434 (bn_ctx == NULL))
2435 {
2436 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2437 goto err;
2438 }
2439
2440 /* Encode the public key */
2441 n = EC_POINT_point2oct(srvr_group,
2442 EC_KEY_get0_public_key(clnt_ecdh),
2443 POINT_CONVERSION_UNCOMPRESSED,
2444 encodedPoint, encoded_pt_len, bn_ctx);
2445
2446 *p = n; /* length of encoded point */
2447 /* Encoded point will be copied here */
2448 p += 1;
2449 /* copy the point */
2450 memcpy((unsigned char *)p, encodedPoint, n);
2451 /* increment n to account for length field */
2452 n += 1;
2453 }
2454
2455 /* Free allocated memory */
2456 BN_CTX_free(bn_ctx);
2457 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2458 if (clnt_ecdh != NULL)
2459 EC_KEY_free(clnt_ecdh);
2460 EVP_PKEY_free(srvr_pub_pkey);
2461 }
2462#endif /* !OPENSSL_NO_ECDH */
2463 else if (alg_k & SSL_kGOST)
2464 {
2465 /* GOST key exchange message creation */
2466 EVP_PKEY_CTX *pkey_ctx;
2467 X509 *peer_cert;
2468 size_t msglen;
2469 unsigned int md_len;
2470 int keytype;
2471 unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
2472 EVP_MD_CTX *ukm_hash;
2473 EVP_PKEY *pub_key;
2474
2475 /* Get server sertificate PKEY and create ctx from it */
2476 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
2477 if (!peer_cert)
2478 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
2479 if (!peer_cert) {
2480 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2481 goto err;
2482 }
2483
2484 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
2485 /* If we have send a certificate, and certificate key
2486
2487 * parameters match those of server certificate, use
2488 * certificate key for key exchange
2489 */
2490
2491 /* Otherwise, generate ephemeral key pair */
2492
2493 EVP_PKEY_encrypt_init(pkey_ctx);
2494 /* Generate session key */
2495 RAND_bytes(premaster_secret,32);
2496 /* If we have client certificate, use its secret as peer key */
2497 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2498 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
2499 /* If there was an error - just ignore it. Ephemeral key
2500 * would be used
2501 */
2502 ERR_clear_error();
2503 }
2504 }
2505 /* Compute shared IV and store it in algorithm-specific
2506 * context data */
2507 ukm_hash = EVP_MD_CTX_create();
2508 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
2509 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
2510 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
2511 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2512 EVP_MD_CTX_destroy(ukm_hash);
2513 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
2514 8,shared_ukm)<0) {
2515 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2516 SSL_R_LIBRARY_BUG);
2517 goto err;
2518 }
2519 /* Make GOST keytransport blob message */
2520 /*Encapsulate it into sequence */
2521 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2522 msglen=255;
2523 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
2524 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2525 SSL_R_LIBRARY_BUG);
2526 goto err;
2527 }
2528 if (msglen >= 0x80)
2529 {
2530 *(p++)=0x81;
2531 *(p++)= msglen & 0xff;
2532 n=msglen+3;
2533 }
2534 else
2535 {
2536 *(p++)= msglen & 0xff;
2537 n=msglen+2;
2538 }
2539 memcpy(p, tmp, msglen);
2540 /* Check if pubkey from client certificate was used */
2541 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2542 {
2543 /* Set flag "skip certificate verify" */
2544 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2545 }
2546 EVP_PKEY_CTX_free(pkey_ctx);
2547 s->session->master_key_length=
2548 s->method->ssl3_enc->generate_master_secret(s,
2549 s->session->master_key,premaster_secret,32);
2550 EVP_PKEY_free(pub_key);
2551
2552 }
2553#ifndef OPENSSL_NO_PSK
2554 else if (alg_k & SSL_kPSK)
2555 {
2556 char identity[PSK_MAX_IDENTITY_LEN];
2557 unsigned char *t = NULL;
2558 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2559 unsigned int pre_ms_len = 0, psk_len = 0;
2560 int psk_err = 1;
2561
2562 n = 0;
2563 if (s->psk_client_callback == NULL)
2564 {
2565 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2566 SSL_R_PSK_NO_CLIENT_CB);
2567 goto err;
2568 }
2569
2570 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2571 identity, PSK_MAX_IDENTITY_LEN,
2572 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2573 if (psk_len > PSK_MAX_PSK_LEN)
2574 {
2575 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2576 ERR_R_INTERNAL_ERROR);
2577 goto psk_err;
2578 }
2579 else if (psk_len == 0)
2580 {
2581 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2582 SSL_R_PSK_IDENTITY_NOT_FOUND);
2583 goto psk_err;
2584 }
2585
2586 /* create PSK pre_master_secret */
2587 pre_ms_len = 2+psk_len+2+psk_len;
2588 t = psk_or_pre_ms;
2589 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2590 s2n(psk_len, t);
2591 memset(t, 0, psk_len);
2592 t+=psk_len;
2593 s2n(psk_len, t);
2594
2595 if (s->session->psk_identity_hint != NULL)
2596 OPENSSL_free(s->session->psk_identity_hint);
2597 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2598 if (s->ctx->psk_identity_hint != NULL &&
2599 s->session->psk_identity_hint == NULL)
2600 {
2601 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2602 ERR_R_MALLOC_FAILURE);
2603 goto psk_err;
2604 }
2605
2606 if (s->session->psk_identity != NULL)
2607 OPENSSL_free(s->session->psk_identity);
2608 s->session->psk_identity = BUF_strdup(identity);
2609 if (s->session->psk_identity == NULL)
2610 {
2611 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2612 ERR_R_MALLOC_FAILURE);
2613 goto psk_err;
2614 }
2615
2616 s->session->master_key_length =
2617 s->method->ssl3_enc->generate_master_secret(s,
2618 s->session->master_key,
2619 psk_or_pre_ms, pre_ms_len);
2620 n = strlen(identity);
2621 s2n(n, p);
2622 memcpy(p, identity, n);
2623 n+=2;
2624 psk_err = 0;
2625 psk_err:
2626 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2627 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2628 if (psk_err != 0)
2629 {
2630 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2631 goto err;
2632 }
2633 }
2634#endif
2635 else
2636 {
2637 ssl3_send_alert(s, SSL3_AL_FATAL,
2638 SSL_AD_HANDSHAKE_FAILURE);
2639 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2640 ERR_R_INTERNAL_ERROR);
2641 goto err;
2642 }
2643
2644 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
2645 l2n3(n,d);
2646
2647 s->state=SSL3_ST_CW_KEY_EXCH_B;
2648 /* number of bytes to write */
2649 s->init_num=n+4;
2650 s->init_off=0;
2651 }
2652
2653 /* SSL3_ST_CW_KEY_EXCH_B */
2654 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2655err:
2656#ifndef OPENSSL_NO_ECDH
2657 BN_CTX_free(bn_ctx);
2658 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2659 if (clnt_ecdh != NULL)
2660 EC_KEY_free(clnt_ecdh);
2661 EVP_PKEY_free(srvr_pub_pkey);
2662#endif
2663 return(-1);
2664 }
2665
2666int ssl3_send_client_verify(SSL *s)
2667 {
2668 unsigned char *p,*d;
2669 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
2670 EVP_PKEY *pkey;
2671 EVP_PKEY_CTX *pctx=NULL;
2672#ifndef OPENSSL_NO_RSA
2673 unsigned u=0;
2674#endif
2675 unsigned long n;
2676 int j;
2677
2678 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
2679 {
2680 d=(unsigned char *)s->init_buf->data;
2681 p= &(d[4]);
2682 pkey=s->cert->key->privatekey;
2683/* Create context from key and test if sha1 is allowed as digest */
2684 pctx = EVP_PKEY_CTX_new(pkey,NULL);
2685 EVP_PKEY_sign_init(pctx);
2686 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
2687 {
2688 s->method->ssl3_enc->cert_verify_mac(s,
2689 NID_sha1,
2690 &(data[MD5_DIGEST_LENGTH]));
2691 }
2692 else
2693 {
2694 ERR_clear_error();
2695 }
2696#ifndef OPENSSL_NO_RSA
2697 if (pkey->type == EVP_PKEY_RSA)
2698 {
2699 s->method->ssl3_enc->cert_verify_mac(s,
2700 NID_md5,
2701 &(data[0]));
2702 if (RSA_sign(NID_md5_sha1, data,
2703 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2704 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
2705 {
2706 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
2707 goto err;
2708 }
2709 s2n(u,p);
2710 n=u+2;
2711 }
2712 else
2713#endif
2714#ifndef OPENSSL_NO_DSA
2715 if (pkey->type == EVP_PKEY_DSA)
2716 {
2717 if (!DSA_sign(pkey->save_type,
2718 &(data[MD5_DIGEST_LENGTH]),
2719 SHA_DIGEST_LENGTH,&(p[2]),
2720 (unsigned int *)&j,pkey->pkey.dsa))
2721 {
2722 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
2723 goto err;
2724 }
2725 s2n(j,p);
2726 n=j+2;
2727 }
2728 else
2729#endif
2730#ifndef OPENSSL_NO_ECDSA
2731 if (pkey->type == EVP_PKEY_EC)
2732 {
2733 if (!ECDSA_sign(pkey->save_type,
2734 &(data[MD5_DIGEST_LENGTH]),
2735 SHA_DIGEST_LENGTH,&(p[2]),
2736 (unsigned int *)&j,pkey->pkey.ec))
2737 {
2738 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2739 ERR_R_ECDSA_LIB);
2740 goto err;
2741 }
2742 s2n(j,p);
2743 n=j+2;
2744 }
2745 else
2746#endif
2747 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
2748 {
2749 unsigned char signbuf[64];
2750 int i;
2751 size_t sigsize=64;
2752 s->method->ssl3_enc->cert_verify_mac(s,
2753 NID_id_GostR3411_94,
2754 data);
2755 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
2756 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2757 ERR_R_INTERNAL_ERROR);
2758 goto err;
2759 }
2760 for (i=63,j=0; i>=0; j++, i--) {
2761 p[2+j]=signbuf[i];
2762 }
2763 s2n(j,p);
2764 n=j+2;
2765 }
2766 else
2767 {
2768 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
2769 goto err;
2770 }
2771 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
2772 l2n3(n,d);
2773
2774 s->state=SSL3_ST_CW_CERT_VRFY_B;
2775 s->init_num=(int)n+4;
2776 s->init_off=0;
2777 }
2778 EVP_PKEY_CTX_free(pctx);
2779 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2780err:
2781 EVP_PKEY_CTX_free(pctx);
2782 return(-1);
2783 }
2784
2785int ssl3_send_client_certificate(SSL *s)
2786 {
2787 X509 *x509=NULL;
2788 EVP_PKEY *pkey=NULL;
2789 int i;
2790 unsigned long l;
2791
2792 if (s->state == SSL3_ST_CW_CERT_A)
2793 {
2794 if ((s->cert == NULL) ||
2795 (s->cert->key->x509 == NULL) ||
2796 (s->cert->key->privatekey == NULL))
2797 s->state=SSL3_ST_CW_CERT_B;
2798 else
2799 s->state=SSL3_ST_CW_CERT_C;
2800 }
2801
2802 /* We need to get a client cert */
2803 if (s->state == SSL3_ST_CW_CERT_B)
2804 {
2805 /* If we get an error, we need to
2806 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2807 * We then get retied later */
2808 i=0;
2809 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2810 if (i < 0)
2811 {
2812 s->rwstate=SSL_X509_LOOKUP;
2813 return(-1);
2814 }
2815 s->rwstate=SSL_NOTHING;
2816 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
2817 {
2818 s->state=SSL3_ST_CW_CERT_B;
2819 if ( !SSL_use_certificate(s,x509) ||
2820 !SSL_use_PrivateKey(s,pkey))
2821 i=0;
2822 }
2823 else if (i == 1)
2824 {
2825 i=0;
2826 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2827 }
2828
2829 if (x509 != NULL) X509_free(x509);
2830 if (pkey != NULL) EVP_PKEY_free(pkey);
2831 if (i == 0)
2832 {
2833 if (s->version == SSL3_VERSION)
2834 {
2835 s->s3->tmp.cert_req=0;
2836 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
2837 return(1);
2838 }
2839 else
2840 {
2841 s->s3->tmp.cert_req=2;
2842 }
2843 }
2844
2845 /* Ok, we have a cert */
2846 s->state=SSL3_ST_CW_CERT_C;
2847 }
2848
2849 if (s->state == SSL3_ST_CW_CERT_C)
2850 {
2851 s->state=SSL3_ST_CW_CERT_D;
2852 l=ssl3_output_cert_chain(s,
2853 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
2854 s->init_num=(int)l;
2855 s->init_off=0;
2856 }
2857 /* SSL3_ST_CW_CERT_D */
2858 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2859 }
2860
2861#define has_bits(i,m) (((i)&(m)) == (m))
2862
2863int ssl3_check_cert_and_algorithm(SSL *s)
2864 {
2865 int i,idx;
2866 long alg_k,alg_a;
2867 EVP_PKEY *pkey=NULL;
2868 SESS_CERT *sc;
2869#ifndef OPENSSL_NO_RSA
2870 RSA *rsa;
2871#endif
2872#ifndef OPENSSL_NO_DH
2873 DH *dh;
2874#endif
2875
2876 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2877 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
2878
2879 /* we don't have a certificate */
2880 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
2881 return(1);
2882
2883 sc=s->session->sess_cert;
2884 if (sc == NULL)
2885 {
2886 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
2887 goto err;
2888 }
2889
2890#ifndef OPENSSL_NO_RSA
2891 rsa=s->session->sess_cert->peer_rsa_tmp;
2892#endif
2893#ifndef OPENSSL_NO_DH
2894 dh=s->session->sess_cert->peer_dh_tmp;
2895#endif
2896
2897 /* This is the passed certificate */
2898
2899 idx=sc->peer_cert_type;
2900#ifndef OPENSSL_NO_ECDH
2901 if (idx == SSL_PKEY_ECC)
2902 {
2903 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2904 s->s3->tmp.new_cipher) == 0)
2905 { /* check failed */
2906 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2907 goto f_err;
2908 }
2909 else
2910 {
2911 return 1;
2912 }
2913 }
2914#endif
2915 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
2916 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
2917 EVP_PKEY_free(pkey);
2918
2919
2920 /* Check that we have a certificate if we require one */
2921 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
2922 {
2923 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
2924 goto f_err;
2925 }
2926#ifndef OPENSSL_NO_DSA
2927 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
2928 {
2929 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
2930 goto f_err;
2931 }
2932#endif
2933#ifndef OPENSSL_NO_RSA
2934 if ((alg_k & SSL_kRSA) &&
2935 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
2936 {
2937 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2938 goto f_err;
2939 }
2940#endif
2941#ifndef OPENSSL_NO_DH
2942 if ((alg_k & SSL_kEDH) &&
2943 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
2944 {
2945 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
2946 goto f_err;
2947 }
2948 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
2949 {
2950 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
2951 goto f_err;
2952 }
2953#ifndef OPENSSL_NO_DSA
2954 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
2955 {
2956 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
2957 goto f_err;
2958 }
2959#endif
2960#endif
2961
2962 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
2963 {
2964#ifndef OPENSSL_NO_RSA
2965 if (alg_k & SSL_kRSA)
2966 {
2967 if (rsa == NULL
2968 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
2969 {
2970 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
2971 goto f_err;
2972 }
2973 }
2974 else
2975#endif
2976#ifndef OPENSSL_NO_DH
2977 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2978 {
2979 if (dh == NULL
2980 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
2981 {
2982 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
2983 goto f_err;
2984 }
2985 }
2986 else
2987#endif
2988 {
2989 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2990 goto f_err;
2991 }
2992 }
2993 return(1);
2994f_err:
2995 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2996err:
2997 return(0);
2998 }
2999
3000/* Check to see if handshake is full or resumed. Usually this is just a
3001 * case of checking to see if a cache hit has occurred. In the case of
3002 * session tickets we have to check the next message to be sure.
3003 */
3004
3005#ifndef OPENSSL_NO_TLSEXT
3006int ssl3_check_finished(SSL *s)
3007 {
3008 int ok;
3009 long n;
3010 /* If we have no ticket it cannot be a resumed session. */
3011 if (!s->session->tlsext_tick)
3012 return 1;
3013 /* this function is called when we really expect a Certificate
3014 * message, so permit appropriate message length */
3015 n=s->method->ssl_get_message(s,
3016 SSL3_ST_CR_CERT_A,
3017 SSL3_ST_CR_CERT_B,
3018 -1,
3019 s->max_cert_list,
3020 &ok);
3021 if (!ok) return((int)n);
3022 s->s3->tmp.reuse_message = 1;
3023 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
3024 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
3025 return 2;
3026
3027 return 1;
3028 }
3029#endif
3030
3031int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
3032 {
3033 int i = 0;
3034#ifndef OPENSSL_NO_ENGINE
3035 if (s->ctx->client_cert_engine)
3036 {
3037 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
3038 SSL_get_client_CA_list(s),
3039 px509, ppkey, NULL, NULL, NULL);
3040 if (i != 0)
3041 return i;
3042 }
3043#endif
3044 if (s->ctx->client_cert_cb)
3045 i = s->ctx->client_cert_cb(s,px509,ppkey);
3046 return i;
3047 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index d6b047c995..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,3329 +0,0 @@
1/* ssl/s3_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152#include <openssl/objects.h>
153#include "ssl_locl.h"
154#include "kssl_lcl.h"
155#ifndef OPENSSL_NO_TLSEXT
156#ifndef OPENSSL_NO_EC
157#include "../crypto/ec/ec_lcl.h"
158#endif /* OPENSSL_NO_EC */
159#endif /* OPENSSL_NO_TLSEXT */
160#include <openssl/md5.h>
161#ifndef OPENSSL_NO_DH
162#include <openssl/dh.h>
163#endif
164
165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169/* list of available SSLv3 ciphers (sorted by id) */
170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172/* The RSA ciphers */
173/* Cipher 01 */
174 {
175 1,
176 SSL3_TXT_RSA_NULL_MD5,
177 SSL3_CK_RSA_NULL_MD5,
178 SSL_kRSA,
179 SSL_aRSA,
180 SSL_eNULL,
181 SSL_MD5,
182 SSL_SSLV3,
183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 0,
186 0,
187 },
188
189/* Cipher 02 */
190 {
191 1,
192 SSL3_TXT_RSA_NULL_SHA,
193 SSL3_CK_RSA_NULL_SHA,
194 SSL_kRSA,
195 SSL_aRSA,
196 SSL_eNULL,
197 SSL_SHA1,
198 SSL_SSLV3,
199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 0,
202 0,
203 },
204
205/* Cipher 03 */
206 {
207 1,
208 SSL3_TXT_RSA_RC4_40_MD5,
209 SSL3_CK_RSA_RC4_40_MD5,
210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_RC4,
213 SSL_MD5,
214 SSL_SSLV3,
215 SSL_EXPORT|SSL_EXP40,
216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 40,
218 128,
219 },
220
221/* Cipher 04 */
222 {
223 1,
224 SSL3_TXT_RSA_RC4_128_MD5,
225 SSL3_CK_RSA_RC4_128_MD5,
226 SSL_kRSA,
227 SSL_aRSA,
228 SSL_RC4,
229 SSL_MD5,
230 SSL_SSLV3,
231 SSL_NOT_EXP|SSL_MEDIUM,
232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 128,
234 128,
235 },
236
237/* Cipher 05 */
238 {
239 1,
240 SSL3_TXT_RSA_RC4_128_SHA,
241 SSL3_CK_RSA_RC4_128_SHA,
242 SSL_kRSA,
243 SSL_aRSA,
244 SSL_RC4,
245 SSL_SHA1,
246 SSL_SSLV3,
247 SSL_NOT_EXP|SSL_MEDIUM,
248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 128,
250 128,
251 },
252
253/* Cipher 06 */
254 {
255 1,
256 SSL3_TXT_RSA_RC2_40_MD5,
257 SSL3_CK_RSA_RC2_40_MD5,
258 SSL_kRSA,
259 SSL_aRSA,
260 SSL_RC2,
261 SSL_MD5,
262 SSL_SSLV3,
263 SSL_EXPORT|SSL_EXP40,
264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 40,
266 128,
267 },
268
269/* Cipher 07 */
270#ifndef OPENSSL_NO_IDEA
271 {
272 1,
273 SSL3_TXT_RSA_IDEA_128_SHA,
274 SSL3_CK_RSA_IDEA_128_SHA,
275 SSL_kRSA,
276 SSL_aRSA,
277 SSL_IDEA,
278 SSL_SHA1,
279 SSL_SSLV3,
280 SSL_NOT_EXP|SSL_MEDIUM,
281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 128,
283 128,
284 },
285#endif
286
287/* Cipher 08 */
288 {
289 1,
290 SSL3_TXT_RSA_DES_40_CBC_SHA,
291 SSL3_CK_RSA_DES_40_CBC_SHA,
292 SSL_kRSA,
293 SSL_aRSA,
294 SSL_DES,
295 SSL_SHA1,
296 SSL_SSLV3,
297 SSL_EXPORT|SSL_EXP40,
298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 40,
300 56,
301 },
302
303/* Cipher 09 */
304 {
305 1,
306 SSL3_TXT_RSA_DES_64_CBC_SHA,
307 SSL3_CK_RSA_DES_64_CBC_SHA,
308 SSL_kRSA,
309 SSL_aRSA,
310 SSL_DES,
311 SSL_SHA1,
312 SSL_SSLV3,
313 SSL_NOT_EXP|SSL_LOW,
314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 56,
316 56,
317 },
318
319/* Cipher 0A */
320 {
321 1,
322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 SSL3_CK_RSA_DES_192_CBC3_SHA,
324 SSL_kRSA,
325 SSL_aRSA,
326 SSL_3DES,
327 SSL_SHA1,
328 SSL_SSLV3,
329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 168,
332 168,
333 },
334
335/* The DH ciphers */
336/* Cipher 0B */
337 {
338 0,
339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 SSL_kDHd,
342 SSL_aDH,
343 SSL_DES,
344 SSL_SHA1,
345 SSL_SSLV3,
346 SSL_EXPORT|SSL_EXP40,
347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 40,
349 56,
350 },
351
352/* Cipher 0C */
353 {
354 0, /* not implemented (non-ephemeral DH) */
355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 SSL_kDHd,
358 SSL_aDH,
359 SSL_DES,
360 SSL_SHA1,
361 SSL_SSLV3,
362 SSL_NOT_EXP|SSL_LOW,
363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 56,
365 56,
366 },
367
368/* Cipher 0D */
369 {
370 0, /* not implemented (non-ephemeral DH) */
371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 SSL_kDHd,
374 SSL_aDH,
375 SSL_3DES,
376 SSL_SHA1,
377 SSL_SSLV3,
378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 168,
381 168,
382 },
383
384/* Cipher 0E */
385 {
386 0, /* not implemented (non-ephemeral DH) */
387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 SSL_kDHr,
390 SSL_aDH,
391 SSL_DES,
392 SSL_SHA1,
393 SSL_SSLV3,
394 SSL_EXPORT|SSL_EXP40,
395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 40,
397 56,
398 },
399
400/* Cipher 0F */
401 {
402 0, /* not implemented (non-ephemeral DH) */
403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 SSL_kDHr,
406 SSL_aDH,
407 SSL_DES,
408 SSL_SHA1,
409 SSL_SSLV3,
410 SSL_NOT_EXP|SSL_LOW,
411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 56,
413 56,
414 },
415
416/* Cipher 10 */
417 {
418 0, /* not implemented (non-ephemeral DH) */
419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 SSL_kDHr,
422 SSL_aDH,
423 SSL_3DES,
424 SSL_SHA1,
425 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168,
429 168,
430 },
431
432/* The Ephemeral DH ciphers */
433/* Cipher 11 */
434 {
435 1,
436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 SSL_kEDH,
439 SSL_aDSS,
440 SSL_DES,
441 SSL_SHA1,
442 SSL_SSLV3,
443 SSL_EXPORT|SSL_EXP40,
444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 40,
446 56,
447 },
448
449/* Cipher 12 */
450 {
451 1,
452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 SSL_kEDH,
455 SSL_aDSS,
456 SSL_DES,
457 SSL_SHA1,
458 SSL_SSLV3,
459 SSL_NOT_EXP|SSL_LOW,
460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 56,
462 56,
463 },
464
465/* Cipher 13 */
466 {
467 1,
468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 SSL_kEDH,
471 SSL_aDSS,
472 SSL_3DES,
473 SSL_SHA1,
474 SSL_SSLV3,
475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 168,
478 168,
479 },
480
481/* Cipher 14 */
482 {
483 1,
484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 SSL_kEDH,
487 SSL_aRSA,
488 SSL_DES,
489 SSL_SHA1,
490 SSL_SSLV3,
491 SSL_EXPORT|SSL_EXP40,
492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 40,
494 56,
495 },
496
497/* Cipher 15 */
498 {
499 1,
500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 SSL_kEDH,
503 SSL_aRSA,
504 SSL_DES,
505 SSL_SHA1,
506 SSL_SSLV3,
507 SSL_NOT_EXP|SSL_LOW,
508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 56,
510 56,
511 },
512
513/* Cipher 16 */
514 {
515 1,
516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 SSL_kEDH,
519 SSL_aRSA,
520 SSL_3DES,
521 SSL_SHA1,
522 SSL_SSLV3,
523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 168,
526 168,
527 },
528
529/* Cipher 17 */
530 {
531 1,
532 SSL3_TXT_ADH_RC4_40_MD5,
533 SSL3_CK_ADH_RC4_40_MD5,
534 SSL_kEDH,
535 SSL_aNULL,
536 SSL_RC4,
537 SSL_MD5,
538 SSL_SSLV3,
539 SSL_EXPORT|SSL_EXP40,
540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 40,
542 128,
543 },
544
545/* Cipher 18 */
546 {
547 1,
548 SSL3_TXT_ADH_RC4_128_MD5,
549 SSL3_CK_ADH_RC4_128_MD5,
550 SSL_kEDH,
551 SSL_aNULL,
552 SSL_RC4,
553 SSL_MD5,
554 SSL_SSLV3,
555 SSL_NOT_EXP|SSL_MEDIUM,
556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 128,
558 128,
559 },
560
561/* Cipher 19 */
562 {
563 1,
564 SSL3_TXT_ADH_DES_40_CBC_SHA,
565 SSL3_CK_ADH_DES_40_CBC_SHA,
566 SSL_kEDH,
567 SSL_aNULL,
568 SSL_DES,
569 SSL_SHA1,
570 SSL_SSLV3,
571 SSL_EXPORT|SSL_EXP40,
572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 40,
574 128,
575 },
576
577/* Cipher 1A */
578 {
579 1,
580 SSL3_TXT_ADH_DES_64_CBC_SHA,
581 SSL3_CK_ADH_DES_64_CBC_SHA,
582 SSL_kEDH,
583 SSL_aNULL,
584 SSL_DES,
585 SSL_SHA1,
586 SSL_SSLV3,
587 SSL_NOT_EXP|SSL_LOW,
588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 56,
590 56,
591 },
592
593/* Cipher 1B */
594 {
595 1,
596 SSL3_TXT_ADH_DES_192_CBC_SHA,
597 SSL3_CK_ADH_DES_192_CBC_SHA,
598 SSL_kEDH,
599 SSL_aNULL,
600 SSL_3DES,
601 SSL_SHA1,
602 SSL_SSLV3,
603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 168,
606 168,
607 },
608
609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0
611/* Cipher 1C */
612 {
613 0,
614 SSL3_TXT_FZA_DMS_NULL_SHA,
615 SSL3_CK_FZA_DMS_NULL_SHA,
616 SSL_kFZA,
617 SSL_aFZA,
618 SSL_eNULL,
619 SSL_SHA1,
620 SSL_SSLV3,
621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 0,
624 0,
625 },
626
627/* Cipher 1D */
628 {
629 0,
630 SSL3_TXT_FZA_DMS_FZA_SHA,
631 SSL3_CK_FZA_DMS_FZA_SHA,
632 SSL_kFZA,
633 SSL_aFZA,
634 SSL_eFZA,
635 SSL_SHA1,
636 SSL_SSLV3,
637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 0,
640 0,
641 },
642
643/* Cipher 1E */
644 {
645 0,
646 SSL3_TXT_FZA_DMS_RC4_SHA,
647 SSL3_CK_FZA_DMS_RC4_SHA,
648 SSL_kFZA,
649 SSL_aFZA,
650 SSL_RC4,
651 SSL_SHA1,
652 SSL_SSLV3,
653 SSL_NOT_EXP|SSL_MEDIUM,
654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 128,
656 128,
657 },
658#endif
659
660#ifndef OPENSSL_NO_KRB5
661/* The Kerberos ciphers*/
662/* Cipher 1E */
663 {
664 1,
665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 SSL3_CK_KRB5_DES_64_CBC_SHA,
667 SSL_kKRB5,
668 SSL_aKRB5,
669 SSL_DES,
670 SSL_SHA1,
671 SSL_SSLV3,
672 SSL_NOT_EXP|SSL_LOW,
673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 56,
675 56,
676 },
677
678/* Cipher 1F */
679 {
680 1,
681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 SSL_kKRB5,
684 SSL_aKRB5,
685 SSL_3DES,
686 SSL_SHA1,
687 SSL_SSLV3,
688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 168,
691 168,
692 },
693
694/* Cipher 20 */
695 {
696 1,
697 SSL3_TXT_KRB5_RC4_128_SHA,
698 SSL3_CK_KRB5_RC4_128_SHA,
699 SSL_kKRB5,
700 SSL_aKRB5,
701 SSL_RC4,
702 SSL_SHA1,
703 SSL_SSLV3,
704 SSL_NOT_EXP|SSL_MEDIUM,
705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 128,
707 128,
708 },
709
710/* Cipher 21 */
711 {
712 1,
713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 SSL_kKRB5,
716 SSL_aKRB5,
717 SSL_IDEA,
718 SSL_SHA1,
719 SSL_SSLV3,
720 SSL_NOT_EXP|SSL_MEDIUM,
721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 128,
723 128,
724 },
725
726/* Cipher 22 */
727 {
728 1,
729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 SSL3_CK_KRB5_DES_64_CBC_MD5,
731 SSL_kKRB5,
732 SSL_aKRB5,
733 SSL_DES,
734 SSL_MD5,
735 SSL_SSLV3,
736 SSL_NOT_EXP|SSL_LOW,
737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 56,
739 56,
740 },
741
742/* Cipher 23 */
743 {
744 1,
745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 SSL_kKRB5,
748 SSL_aKRB5,
749 SSL_3DES,
750 SSL_MD5,
751 SSL_SSLV3,
752 SSL_NOT_EXP|SSL_HIGH,
753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 168,
755 168,
756 },
757
758/* Cipher 24 */
759 {
760 1,
761 SSL3_TXT_KRB5_RC4_128_MD5,
762 SSL3_CK_KRB5_RC4_128_MD5,
763 SSL_kKRB5,
764 SSL_aKRB5,
765 SSL_RC4,
766 SSL_MD5,
767 SSL_SSLV3,
768 SSL_NOT_EXP|SSL_MEDIUM,
769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 128,
771 128,
772 },
773
774/* Cipher 25 */
775 {
776 1,
777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 SSL_kKRB5,
780 SSL_aKRB5,
781 SSL_IDEA,
782 SSL_MD5,
783 SSL_SSLV3,
784 SSL_NOT_EXP|SSL_MEDIUM,
785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 128,
787 128,
788 },
789
790/* Cipher 26 */
791 {
792 1,
793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 SSL3_CK_KRB5_DES_40_CBC_SHA,
795 SSL_kKRB5,
796 SSL_aKRB5,
797 SSL_DES,
798 SSL_SHA1,
799 SSL_SSLV3,
800 SSL_EXPORT|SSL_EXP40,
801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 40,
803 56,
804 },
805
806/* Cipher 27 */
807 {
808 1,
809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 SSL_kKRB5,
812 SSL_aKRB5,
813 SSL_RC2,
814 SSL_SHA1,
815 SSL_SSLV3,
816 SSL_EXPORT|SSL_EXP40,
817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 40,
819 128,
820 },
821
822/* Cipher 28 */
823 {
824 1,
825 SSL3_TXT_KRB5_RC4_40_SHA,
826 SSL3_CK_KRB5_RC4_40_SHA,
827 SSL_kKRB5,
828 SSL_aKRB5,
829 SSL_RC4,
830 SSL_SHA1,
831 SSL_SSLV3,
832 SSL_EXPORT|SSL_EXP40,
833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 40,
835 128,
836 },
837
838/* Cipher 29 */
839 {
840 1,
841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 SSL3_CK_KRB5_DES_40_CBC_MD5,
843 SSL_kKRB5,
844 SSL_aKRB5,
845 SSL_DES,
846 SSL_MD5,
847 SSL_SSLV3,
848 SSL_EXPORT|SSL_EXP40,
849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 40,
851 56,
852 },
853
854/* Cipher 2A */
855 {
856 1,
857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 SSL_kKRB5,
860 SSL_aKRB5,
861 SSL_RC2,
862 SSL_MD5,
863 SSL_SSLV3,
864 SSL_EXPORT|SSL_EXP40,
865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 40,
867 128,
868 },
869
870/* Cipher 2B */
871 {
872 1,
873 SSL3_TXT_KRB5_RC4_40_MD5,
874 SSL3_CK_KRB5_RC4_40_MD5,
875 SSL_kKRB5,
876 SSL_aKRB5,
877 SSL_RC4,
878 SSL_MD5,
879 SSL_SSLV3,
880 SSL_EXPORT|SSL_EXP40,
881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 40,
883 128,
884 },
885#endif /* OPENSSL_NO_KRB5 */
886
887/* New AES ciphersuites */
888/* Cipher 2F */
889 {
890 1,
891 TLS1_TXT_RSA_WITH_AES_128_SHA,
892 TLS1_CK_RSA_WITH_AES_128_SHA,
893 SSL_kRSA,
894 SSL_aRSA,
895 SSL_AES128,
896 SSL_SHA1,
897 SSL_TLSV1,
898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 128,
901 128,
902 },
903/* Cipher 30 */
904 {
905 0,
906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 SSL_kDHd,
909 SSL_aDH,
910 SSL_AES128,
911 SSL_SHA1,
912 SSL_TLSV1,
913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 128,
916 128,
917 },
918/* Cipher 31 */
919 {
920 0,
921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 SSL_kDHr,
924 SSL_aDH,
925 SSL_AES128,
926 SSL_SHA1,
927 SSL_TLSV1,
928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 128,
931 128,
932 },
933/* Cipher 32 */
934 {
935 1,
936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 SSL_kEDH,
939 SSL_aDSS,
940 SSL_AES128,
941 SSL_SHA1,
942 SSL_TLSV1,
943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 128,
946 128,
947 },
948/* Cipher 33 */
949 {
950 1,
951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 SSL_kEDH,
954 SSL_aRSA,
955 SSL_AES128,
956 SSL_SHA1,
957 SSL_TLSV1,
958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 128,
961 128,
962 },
963/* Cipher 34 */
964 {
965 1,
966 TLS1_TXT_ADH_WITH_AES_128_SHA,
967 TLS1_CK_ADH_WITH_AES_128_SHA,
968 SSL_kEDH,
969 SSL_aNULL,
970 SSL_AES128,
971 SSL_SHA1,
972 SSL_TLSV1,
973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 128,
976 128,
977 },
978
979/* Cipher 35 */
980 {
981 1,
982 TLS1_TXT_RSA_WITH_AES_256_SHA,
983 TLS1_CK_RSA_WITH_AES_256_SHA,
984 SSL_kRSA,
985 SSL_aRSA,
986 SSL_AES256,
987 SSL_SHA1,
988 SSL_TLSV1,
989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 256,
992 256,
993 },
994/* Cipher 36 */
995 {
996 0,
997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 SSL_kDHd,
1000 SSL_aDH,
1001 SSL_AES256,
1002 SSL_SHA1,
1003 SSL_TLSV1,
1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 256,
1007 256,
1008 },
1009
1010/* Cipher 37 */
1011 {
1012 0, /* not implemented (non-ephemeral DH) */
1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 SSL_kDHr,
1016 SSL_aDH,
1017 SSL_AES256,
1018 SSL_SHA1,
1019 SSL_TLSV1,
1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 256,
1023 256,
1024 },
1025
1026/* Cipher 38 */
1027 {
1028 1,
1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 SSL_kEDH,
1032 SSL_aDSS,
1033 SSL_AES256,
1034 SSL_SHA1,
1035 SSL_TLSV1,
1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 256,
1039 256,
1040 },
1041
1042/* Cipher 39 */
1043 {
1044 1,
1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 SSL_kEDH,
1048 SSL_aRSA,
1049 SSL_AES256,
1050 SSL_SHA1,
1051 SSL_TLSV1,
1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 256,
1055 256,
1056 },
1057
1058 /* Cipher 3A */
1059 {
1060 1,
1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 TLS1_CK_ADH_WITH_AES_256_SHA,
1063 SSL_kEDH,
1064 SSL_aNULL,
1065 SSL_AES256,
1066 SSL_SHA1,
1067 SSL_TLSV1,
1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 256,
1071 256,
1072 },
1073
1074#ifndef OPENSSL_NO_CAMELLIA
1075 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076
1077 /* Cipher 41 */
1078 {
1079 1,
1080 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082 SSL_kRSA,
1083 SSL_aRSA,
1084 SSL_CAMELLIA128,
1085 SSL_SHA1,
1086 SSL_TLSV1,
1087 SSL_NOT_EXP|SSL_HIGH,
1088 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089 128,
1090 128,
1091 },
1092
1093 /* Cipher 42 */
1094 {
1095 0, /* not implemented (non-ephemeral DH) */
1096 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098 SSL_kDHd,
1099 SSL_aDH,
1100 SSL_CAMELLIA128,
1101 SSL_SHA1,
1102 SSL_TLSV1,
1103 SSL_NOT_EXP|SSL_HIGH,
1104 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105 128,
1106 128,
1107 },
1108
1109 /* Cipher 43 */
1110 {
1111 0, /* not implemented (non-ephemeral DH) */
1112 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114 SSL_kDHr,
1115 SSL_aDH,
1116 SSL_CAMELLIA128,
1117 SSL_SHA1,
1118 SSL_TLSV1,
1119 SSL_NOT_EXP|SSL_HIGH,
1120 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121 128,
1122 128,
1123 },
1124
1125 /* Cipher 44 */
1126 {
1127 1,
1128 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130 SSL_kEDH,
1131 SSL_aDSS,
1132 SSL_CAMELLIA128,
1133 SSL_SHA1,
1134 SSL_TLSV1,
1135 SSL_NOT_EXP|SSL_HIGH,
1136 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137 128,
1138 128,
1139 },
1140
1141 /* Cipher 45 */
1142 {
1143 1,
1144 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146 SSL_kEDH,
1147 SSL_aRSA,
1148 SSL_CAMELLIA128,
1149 SSL_SHA1,
1150 SSL_TLSV1,
1151 SSL_NOT_EXP|SSL_HIGH,
1152 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153 128,
1154 128,
1155 },
1156
1157 /* Cipher 46 */
1158 {
1159 1,
1160 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162 SSL_kEDH,
1163 SSL_aNULL,
1164 SSL_CAMELLIA128,
1165 SSL_SHA1,
1166 SSL_TLSV1,
1167 SSL_NOT_EXP|SSL_HIGH,
1168 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169 128,
1170 128,
1171 },
1172#endif /* OPENSSL_NO_CAMELLIA */
1173
1174#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175 /* New TLS Export CipherSuites from expired ID */
1176#if 0
1177 /* Cipher 60 */
1178 {
1179 1,
1180 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182 SSL_kRSA,
1183 SSL_aRSA,
1184 SSL_RC4,
1185 SSL_MD5,
1186 SSL_TLSV1,
1187 SSL_EXPORT|SSL_EXP56,
1188 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189 56,
1190 128,
1191 },
1192
1193 /* Cipher 61 */
1194 {
1195 1,
1196 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198 SSL_kRSA,
1199 SSL_aRSA,
1200 SSL_RC2,
1201 SSL_MD5,
1202 SSL_TLSV1,
1203 SSL_EXPORT|SSL_EXP56,
1204 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205 56,
1206 128,
1207 },
1208#endif
1209
1210 /* Cipher 62 */
1211 {
1212 1,
1213 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215 SSL_kRSA,
1216 SSL_aRSA,
1217 SSL_DES,
1218 SSL_SHA1,
1219 SSL_TLSV1,
1220 SSL_EXPORT|SSL_EXP56,
1221 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222 56,
1223 56,
1224 },
1225
1226 /* Cipher 63 */
1227 {
1228 1,
1229 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231 SSL_kEDH,
1232 SSL_aDSS,
1233 SSL_DES,
1234 SSL_SHA1,
1235 SSL_TLSV1,
1236 SSL_EXPORT|SSL_EXP56,
1237 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238 56,
1239 56,
1240 },
1241
1242 /* Cipher 64 */
1243 {
1244 1,
1245 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247 SSL_kRSA,
1248 SSL_aRSA,
1249 SSL_RC4,
1250 SSL_SHA1,
1251 SSL_TLSV1,
1252 SSL_EXPORT|SSL_EXP56,
1253 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254 56,
1255 128,
1256 },
1257
1258 /* Cipher 65 */
1259 {
1260 1,
1261 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263 SSL_kEDH,
1264 SSL_aDSS,
1265 SSL_RC4,
1266 SSL_SHA1,
1267 SSL_TLSV1,
1268 SSL_EXPORT|SSL_EXP56,
1269 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270 56,
1271 128,
1272 },
1273
1274 /* Cipher 66 */
1275 {
1276 1,
1277 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279 SSL_kEDH,
1280 SSL_aDSS,
1281 SSL_RC4,
1282 SSL_SHA1,
1283 SSL_TLSV1,
1284 SSL_NOT_EXP|SSL_MEDIUM,
1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 128,
1287 128,
1288 },
1289#endif
1290 {
1291 1,
1292 "GOST94-GOST89-GOST89",
1293 0x3000080,
1294 SSL_kGOST,
1295 SSL_aGOST94,
1296 SSL_eGOST2814789CNT,
1297 SSL_GOST89MAC,
1298 SSL_TLSV1,
1299 SSL_NOT_EXP|SSL_HIGH,
1300 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301 256,
1302 256
1303 },
1304 {
1305 1,
1306 "GOST2001-GOST89-GOST89",
1307 0x3000081,
1308 SSL_kGOST,
1309 SSL_aGOST01,
1310 SSL_eGOST2814789CNT,
1311 SSL_GOST89MAC,
1312 SSL_TLSV1,
1313 SSL_NOT_EXP|SSL_HIGH,
1314 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315 256,
1316 256
1317 },
1318 {
1319 1,
1320 "GOST94-NULL-GOST94",
1321 0x3000082,
1322 SSL_kGOST,
1323 SSL_aGOST94,
1324 SSL_eNULL,
1325 SSL_GOST94,
1326 SSL_TLSV1,
1327 SSL_NOT_EXP|SSL_STRONG_NONE,
1328 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329 0,
1330 0
1331 },
1332 {
1333 1,
1334 "GOST2001-NULL-GOST94",
1335 0x3000083,
1336 SSL_kGOST,
1337 SSL_aGOST01,
1338 SSL_eNULL,
1339 SSL_GOST94,
1340 SSL_TLSV1,
1341 SSL_NOT_EXP|SSL_STRONG_NONE,
1342 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343 0,
1344 0
1345 },
1346
1347#ifndef OPENSSL_NO_CAMELLIA
1348 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349
1350 /* Cipher 84 */
1351 {
1352 1,
1353 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355 SSL_kRSA,
1356 SSL_aRSA,
1357 SSL_CAMELLIA256,
1358 SSL_SHA1,
1359 SSL_TLSV1,
1360 SSL_NOT_EXP|SSL_HIGH,
1361 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362 256,
1363 256,
1364 },
1365 /* Cipher 85 */
1366 {
1367 0, /* not implemented (non-ephemeral DH) */
1368 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370 SSL_kDHd,
1371 SSL_aDH,
1372 SSL_CAMELLIA256,
1373 SSL_SHA1,
1374 SSL_TLSV1,
1375 SSL_NOT_EXP|SSL_HIGH,
1376 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377 256,
1378 256,
1379 },
1380
1381 /* Cipher 86 */
1382 {
1383 0, /* not implemented (non-ephemeral DH) */
1384 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386 SSL_kDHr,
1387 SSL_aDH,
1388 SSL_CAMELLIA256,
1389 SSL_SHA1,
1390 SSL_TLSV1,
1391 SSL_NOT_EXP|SSL_HIGH,
1392 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393 256,
1394 256,
1395 },
1396
1397 /* Cipher 87 */
1398 {
1399 1,
1400 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402 SSL_kEDH,
1403 SSL_aDSS,
1404 SSL_CAMELLIA256,
1405 SSL_SHA1,
1406 SSL_TLSV1,
1407 SSL_NOT_EXP|SSL_HIGH,
1408 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409 256,
1410 256,
1411 },
1412
1413 /* Cipher 88 */
1414 {
1415 1,
1416 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418 SSL_kEDH,
1419 SSL_aRSA,
1420 SSL_CAMELLIA256,
1421 SSL_SHA1,
1422 SSL_TLSV1,
1423 SSL_NOT_EXP|SSL_HIGH,
1424 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425 256,
1426 256,
1427 },
1428
1429 /* Cipher 89 */
1430 {
1431 1,
1432 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434 SSL_kEDH,
1435 SSL_aNULL,
1436 SSL_CAMELLIA256,
1437 SSL_SHA1,
1438 SSL_TLSV1,
1439 SSL_NOT_EXP|SSL_HIGH,
1440 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441 256,
1442 256,
1443 },
1444#endif /* OPENSSL_NO_CAMELLIA */
1445
1446#ifndef OPENSSL_NO_PSK
1447 /* Cipher 8A */
1448 {
1449 1,
1450 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451 TLS1_CK_PSK_WITH_RC4_128_SHA,
1452 SSL_kPSK,
1453 SSL_aPSK,
1454 SSL_RC4,
1455 SSL_SHA1,
1456 SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_MEDIUM,
1458 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459 128,
1460 128,
1461 },
1462
1463 /* Cipher 8B */
1464 {
1465 1,
1466 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468 SSL_kPSK,
1469 SSL_aPSK,
1470 SSL_3DES,
1471 SSL_SHA1,
1472 SSL_TLSV1,
1473 SSL_NOT_EXP|SSL_HIGH,
1474 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475 168,
1476 168,
1477 },
1478
1479 /* Cipher 8C */
1480 {
1481 1,
1482 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484 SSL_kPSK,
1485 SSL_aPSK,
1486 SSL_AES128,
1487 SSL_SHA1,
1488 SSL_TLSV1,
1489 SSL_NOT_EXP|SSL_HIGH,
1490 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 128,
1492 128,
1493 },
1494
1495 /* Cipher 8D */
1496 {
1497 1,
1498 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500 SSL_kPSK,
1501 SSL_aPSK,
1502 SSL_AES256,
1503 SSL_SHA1,
1504 SSL_TLSV1,
1505 SSL_NOT_EXP|SSL_HIGH,
1506 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507 256,
1508 256,
1509 },
1510#endif /* OPENSSL_NO_PSK */
1511
1512#ifndef OPENSSL_NO_SEED
1513 /* SEED ciphersuites from RFC4162 */
1514
1515 /* Cipher 96 */
1516 {
1517 1,
1518 TLS1_TXT_RSA_WITH_SEED_SHA,
1519 TLS1_CK_RSA_WITH_SEED_SHA,
1520 SSL_kRSA,
1521 SSL_aRSA,
1522 SSL_SEED,
1523 SSL_SHA1,
1524 SSL_TLSV1,
1525 SSL_NOT_EXP|SSL_MEDIUM,
1526 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527 128,
1528 128,
1529 },
1530
1531 /* Cipher 97 */
1532 {
1533 0, /* not implemented (non-ephemeral DH) */
1534 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536 SSL_kDHd,
1537 SSL_aDH,
1538 SSL_SEED,
1539 SSL_SHA1,
1540 SSL_TLSV1,
1541 SSL_NOT_EXP|SSL_MEDIUM,
1542 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543 128,
1544 128,
1545 },
1546
1547 /* Cipher 98 */
1548 {
1549 0, /* not implemented (non-ephemeral DH) */
1550 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552 SSL_kDHr,
1553 SSL_aDH,
1554 SSL_SEED,
1555 SSL_SHA1,
1556 SSL_TLSV1,
1557 SSL_NOT_EXP|SSL_MEDIUM,
1558 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559 128,
1560 128,
1561 },
1562
1563 /* Cipher 99 */
1564 {
1565 1,
1566 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568 SSL_kEDH,
1569 SSL_aDSS,
1570 SSL_SEED,
1571 SSL_SHA1,
1572 SSL_TLSV1,
1573 SSL_NOT_EXP|SSL_MEDIUM,
1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 128,
1576 128,
1577 },
1578
1579 /* Cipher 9A */
1580 {
1581 1,
1582 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584 SSL_kEDH,
1585 SSL_aRSA,
1586 SSL_SEED,
1587 SSL_SHA1,
1588 SSL_TLSV1,
1589 SSL_NOT_EXP|SSL_MEDIUM,
1590 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591 128,
1592 128,
1593 },
1594
1595 /* Cipher 9B */
1596 {
1597 1,
1598 TLS1_TXT_ADH_WITH_SEED_SHA,
1599 TLS1_CK_ADH_WITH_SEED_SHA,
1600 SSL_kEDH,
1601 SSL_aNULL,
1602 SSL_SEED,
1603 SSL_SHA1,
1604 SSL_TLSV1,
1605 SSL_NOT_EXP|SSL_MEDIUM,
1606 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607 128,
1608 128,
1609 },
1610
1611#endif /* OPENSSL_NO_SEED */
1612
1613#ifndef OPENSSL_NO_ECDH
1614 /* Cipher C001 */
1615 {
1616 1,
1617 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619 SSL_kECDHe,
1620 SSL_aECDH,
1621 SSL_eNULL,
1622 SSL_SHA1,
1623 SSL_TLSV1,
1624 SSL_NOT_EXP|SSL_STRONG_NONE,
1625 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626 0,
1627 0,
1628 },
1629
1630 /* Cipher C002 */
1631 {
1632 1,
1633 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635 SSL_kECDHe,
1636 SSL_aECDH,
1637 SSL_RC4,
1638 SSL_SHA1,
1639 SSL_TLSV1,
1640 SSL_NOT_EXP|SSL_MEDIUM,
1641 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642 128,
1643 128,
1644 },
1645
1646 /* Cipher C003 */
1647 {
1648 1,
1649 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651 SSL_kECDHe,
1652 SSL_aECDH,
1653 SSL_3DES,
1654 SSL_SHA1,
1655 SSL_TLSV1,
1656 SSL_NOT_EXP|SSL_HIGH,
1657 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658 168,
1659 168,
1660 },
1661
1662 /* Cipher C004 */
1663 {
1664 1,
1665 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667 SSL_kECDHe,
1668 SSL_aECDH,
1669 SSL_AES128,
1670 SSL_SHA1,
1671 SSL_TLSV1,
1672 SSL_NOT_EXP|SSL_HIGH,
1673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674 128,
1675 128,
1676 },
1677
1678 /* Cipher C005 */
1679 {
1680 1,
1681 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683 SSL_kECDHe,
1684 SSL_aECDH,
1685 SSL_AES256,
1686 SSL_SHA1,
1687 SSL_TLSV1,
1688 SSL_NOT_EXP|SSL_HIGH,
1689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690 256,
1691 256,
1692 },
1693
1694 /* Cipher C006 */
1695 {
1696 1,
1697 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699 SSL_kEECDH,
1700 SSL_aECDSA,
1701 SSL_eNULL,
1702 SSL_SHA1,
1703 SSL_TLSV1,
1704 SSL_NOT_EXP|SSL_STRONG_NONE,
1705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706 0,
1707 0,
1708 },
1709
1710 /* Cipher C007 */
1711 {
1712 1,
1713 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715 SSL_kEECDH,
1716 SSL_aECDSA,
1717 SSL_RC4,
1718 SSL_SHA1,
1719 SSL_TLSV1,
1720 SSL_NOT_EXP|SSL_MEDIUM,
1721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722 128,
1723 128,
1724 },
1725
1726 /* Cipher C008 */
1727 {
1728 1,
1729 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731 SSL_kEECDH,
1732 SSL_aECDSA,
1733 SSL_3DES,
1734 SSL_SHA1,
1735 SSL_TLSV1,
1736 SSL_NOT_EXP|SSL_HIGH,
1737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738 168,
1739 168,
1740 },
1741
1742 /* Cipher C009 */
1743 {
1744 1,
1745 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747 SSL_kEECDH,
1748 SSL_aECDSA,
1749 SSL_AES128,
1750 SSL_SHA1,
1751 SSL_TLSV1,
1752 SSL_NOT_EXP|SSL_HIGH,
1753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754 128,
1755 128,
1756 },
1757
1758 /* Cipher C00A */
1759 {
1760 1,
1761 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763 SSL_kEECDH,
1764 SSL_aECDSA,
1765 SSL_AES256,
1766 SSL_SHA1,
1767 SSL_TLSV1,
1768 SSL_NOT_EXP|SSL_HIGH,
1769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770 256,
1771 256,
1772 },
1773
1774 /* Cipher C00B */
1775 {
1776 1,
1777 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779 SSL_kECDHr,
1780 SSL_aECDH,
1781 SSL_eNULL,
1782 SSL_SHA1,
1783 SSL_TLSV1,
1784 SSL_NOT_EXP|SSL_STRONG_NONE,
1785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786 0,
1787 0,
1788 },
1789
1790 /* Cipher C00C */
1791 {
1792 1,
1793 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795 SSL_kECDHr,
1796 SSL_aECDH,
1797 SSL_RC4,
1798 SSL_SHA1,
1799 SSL_TLSV1,
1800 SSL_NOT_EXP|SSL_MEDIUM,
1801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802 128,
1803 128,
1804 },
1805
1806 /* Cipher C00D */
1807 {
1808 1,
1809 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811 SSL_kECDHr,
1812 SSL_aECDH,
1813 SSL_3DES,
1814 SSL_SHA1,
1815 SSL_TLSV1,
1816 SSL_NOT_EXP|SSL_HIGH,
1817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818 168,
1819 168,
1820 },
1821
1822 /* Cipher C00E */
1823 {
1824 1,
1825 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827 SSL_kECDHr,
1828 SSL_aECDH,
1829 SSL_AES128,
1830 SSL_SHA1,
1831 SSL_TLSV1,
1832 SSL_NOT_EXP|SSL_HIGH,
1833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834 128,
1835 128,
1836 },
1837
1838 /* Cipher C00F */
1839 {
1840 1,
1841 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843 SSL_kECDHr,
1844 SSL_aECDH,
1845 SSL_AES256,
1846 SSL_SHA1,
1847 SSL_TLSV1,
1848 SSL_NOT_EXP|SSL_HIGH,
1849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850 256,
1851 256,
1852 },
1853
1854 /* Cipher C010 */
1855 {
1856 1,
1857 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859 SSL_kEECDH,
1860 SSL_aRSA,
1861 SSL_eNULL,
1862 SSL_SHA1,
1863 SSL_TLSV1,
1864 SSL_NOT_EXP|SSL_STRONG_NONE,
1865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866 0,
1867 0,
1868 },
1869
1870 /* Cipher C011 */
1871 {
1872 1,
1873 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875 SSL_kEECDH,
1876 SSL_aRSA,
1877 SSL_RC4,
1878 SSL_SHA1,
1879 SSL_TLSV1,
1880 SSL_NOT_EXP|SSL_MEDIUM,
1881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882 128,
1883 128,
1884 },
1885
1886 /* Cipher C012 */
1887 {
1888 1,
1889 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891 SSL_kEECDH,
1892 SSL_aRSA,
1893 SSL_3DES,
1894 SSL_SHA1,
1895 SSL_TLSV1,
1896 SSL_NOT_EXP|SSL_HIGH,
1897 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898 168,
1899 168,
1900 },
1901
1902 /* Cipher C013 */
1903 {
1904 1,
1905 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907 SSL_kEECDH,
1908 SSL_aRSA,
1909 SSL_AES128,
1910 SSL_SHA1,
1911 SSL_TLSV1,
1912 SSL_NOT_EXP|SSL_HIGH,
1913 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914 128,
1915 128,
1916 },
1917
1918 /* Cipher C014 */
1919 {
1920 1,
1921 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923 SSL_kEECDH,
1924 SSL_aRSA,
1925 SSL_AES256,
1926 SSL_SHA1,
1927 SSL_TLSV1,
1928 SSL_NOT_EXP|SSL_HIGH,
1929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930 256,
1931 256,
1932 },
1933
1934 /* Cipher C015 */
1935 {
1936 1,
1937 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939 SSL_kEECDH,
1940 SSL_aNULL,
1941 SSL_eNULL,
1942 SSL_SHA1,
1943 SSL_TLSV1,
1944 SSL_NOT_EXP|SSL_STRONG_NONE,
1945 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946 0,
1947 0,
1948 },
1949
1950 /* Cipher C016 */
1951 {
1952 1,
1953 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955 SSL_kEECDH,
1956 SSL_aNULL,
1957 SSL_RC4,
1958 SSL_SHA1,
1959 SSL_TLSV1,
1960 SSL_NOT_EXP|SSL_MEDIUM,
1961 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962 128,
1963 128,
1964 },
1965
1966 /* Cipher C017 */
1967 {
1968 1,
1969 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971 SSL_kEECDH,
1972 SSL_aNULL,
1973 SSL_3DES,
1974 SSL_SHA1,
1975 SSL_TLSV1,
1976 SSL_NOT_EXP|SSL_HIGH,
1977 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978 168,
1979 168,
1980 },
1981
1982 /* Cipher C018 */
1983 {
1984 1,
1985 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987 SSL_kEECDH,
1988 SSL_aNULL,
1989 SSL_AES128,
1990 SSL_SHA1,
1991 SSL_TLSV1,
1992 SSL_NOT_EXP|SSL_HIGH,
1993 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994 128,
1995 128,
1996 },
1997
1998 /* Cipher C019 */
1999 {
2000 1,
2001 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003 SSL_kEECDH,
2004 SSL_aNULL,
2005 SSL_AES256,
2006 SSL_SHA1,
2007 SSL_TLSV1,
2008 SSL_NOT_EXP|SSL_HIGH,
2009 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010 256,
2011 256,
2012 },
2013#endif /* OPENSSL_NO_ECDH */
2014
2015#ifdef TEMP_GOST_TLS
2016/* Cipher FF00 */
2017 {
2018 1,
2019 "GOST-MD5",
2020 0x0300ff00,
2021 SSL_kRSA,
2022 SSL_aRSA,
2023 SSL_eGOST2814789CNT,
2024 SSL_MD5,
2025 SSL_TLSV1,
2026 SSL_NOT_EXP|SSL_HIGH,
2027 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028 256,
2029 256,
2030 },
2031 {
2032 1,
2033 "GOST-GOST94",
2034 0x0300ff01,
2035 SSL_kRSA,
2036 SSL_aRSA,
2037 SSL_eGOST2814789CNT,
2038 SSL_GOST94,
2039 SSL_TLSV1,
2040 SSL_NOT_EXP|SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042 256,
2043 256
2044 },
2045 {
2046 1,
2047 "GOST-GOST89MAC",
2048 0x0300ff02,
2049 SSL_kRSA,
2050 SSL_aRSA,
2051 SSL_eGOST2814789CNT,
2052 SSL_GOST89MAC,
2053 SSL_TLSV1,
2054 SSL_NOT_EXP|SSL_HIGH,
2055 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056 256,
2057 256
2058 },
2059 {
2060 1,
2061 "GOST-GOST89STREAM",
2062 0x0300ff03,
2063 SSL_kRSA,
2064 SSL_aRSA,
2065 SSL_eGOST2814789CNT,
2066 SSL_GOST89MAC,
2067 SSL_TLSV1,
2068 SSL_NOT_EXP|SSL_HIGH,
2069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070 256,
2071 256
2072 },
2073#endif
2074
2075/* end of list */
2076 };
2077
2078SSL3_ENC_METHOD SSLv3_enc_data={
2079 ssl3_enc,
2080 n_ssl3_mac,
2081 ssl3_setup_key_block,
2082 ssl3_generate_master_secret,
2083 ssl3_change_cipher_state,
2084 ssl3_final_finish_mac,
2085 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2086 ssl3_cert_verify_mac,
2087 SSL3_MD_CLIENT_FINISHED_CONST,4,
2088 SSL3_MD_SERVER_FINISHED_CONST,4,
2089 ssl3_alert_code,
2090 };
2091
2092long ssl3_default_timeout(void)
2093 {
2094 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2095 * is way too long for http, the cache would over fill */
2096 return(60*60*2);
2097 }
2098
2099int ssl3_num_ciphers(void)
2100 {
2101 return(SSL3_NUM_CIPHERS);
2102 }
2103
2104const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2105 {
2106 if (u < SSL3_NUM_CIPHERS)
2107 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2108 else
2109 return(NULL);
2110 }
2111
2112int ssl3_pending(const SSL *s)
2113 {
2114 if (s->rstate == SSL_ST_READ_BODY)
2115 return 0;
2116
2117 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2118 }
2119
2120int ssl3_new(SSL *s)
2121 {
2122 SSL3_STATE *s3;
2123
2124 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2125 memset(s3,0,sizeof *s3);
2126 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2127 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2128
2129 s->s3=s3;
2130
2131 s->method->ssl_clear(s);
2132 return(1);
2133err:
2134 return(0);
2135 }
2136
2137void ssl3_free(SSL *s)
2138 {
2139 if(s == NULL)
2140 return;
2141
2142#ifdef TLSEXT_TYPE_opaque_prf_input
2143 if (s->s3->client_opaque_prf_input != NULL)
2144 OPENSSL_free(s->s3->client_opaque_prf_input);
2145 if (s->s3->server_opaque_prf_input != NULL)
2146 OPENSSL_free(s->s3->server_opaque_prf_input);
2147#endif
2148
2149 ssl3_cleanup_key_block(s);
2150 if (s->s3->rbuf.buf != NULL)
2151 ssl3_release_read_buffer(s);
2152 if (s->s3->wbuf.buf != NULL)
2153 ssl3_release_write_buffer(s);
2154 if (s->s3->rrec.comp != NULL)
2155 OPENSSL_free(s->s3->rrec.comp);
2156#ifndef OPENSSL_NO_DH
2157 if (s->s3->tmp.dh != NULL)
2158 DH_free(s->s3->tmp.dh);
2159#endif
2160#ifndef OPENSSL_NO_ECDH
2161 if (s->s3->tmp.ecdh != NULL)
2162 EC_KEY_free(s->s3->tmp.ecdh);
2163#endif
2164
2165 if (s->s3->tmp.ca_names != NULL)
2166 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2167 if (s->s3->handshake_buffer) {
2168 BIO_free(s->s3->handshake_buffer);
2169 }
2170 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2171 OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172 OPENSSL_free(s->s3);
2173 s->s3=NULL;
2174 }
2175
2176void ssl3_clear(SSL *s)
2177 {
2178 unsigned char *rp,*wp;
2179 size_t rlen, wlen;
2180
2181#ifdef TLSEXT_TYPE_opaque_prf_input
2182 if (s->s3->client_opaque_prf_input != NULL)
2183 OPENSSL_free(s->s3->client_opaque_prf_input);
2184 s->s3->client_opaque_prf_input = NULL;
2185 if (s->s3->server_opaque_prf_input != NULL)
2186 OPENSSL_free(s->s3->server_opaque_prf_input);
2187 s->s3->server_opaque_prf_input = NULL;
2188#endif
2189
2190 ssl3_cleanup_key_block(s);
2191 if (s->s3->tmp.ca_names != NULL)
2192 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2193
2194 if (s->s3->rrec.comp != NULL)
2195 {
2196 OPENSSL_free(s->s3->rrec.comp);
2197 s->s3->rrec.comp=NULL;
2198 }
2199#ifndef OPENSSL_NO_DH
2200 if (s->s3->tmp.dh != NULL)
2201 DH_free(s->s3->tmp.dh);
2202#endif
2203#ifndef OPENSSL_NO_ECDH
2204 if (s->s3->tmp.ecdh != NULL)
2205 EC_KEY_free(s->s3->tmp.ecdh);
2206#endif
2207
2208 rp = s->s3->rbuf.buf;
2209 wp = s->s3->wbuf.buf;
2210 rlen = s->s3->rbuf.len;
2211 wlen = s->s3->wbuf.len;
2212 if (s->s3->handshake_buffer) {
2213 BIO_free(s->s3->handshake_buffer);
2214 s->s3->handshake_buffer = NULL;
2215 }
2216 if (s->s3->handshake_dgst) {
2217 ssl3_free_digest_list(s);
2218 }
2219 memset(s->s3,0,sizeof *s->s3);
2220 s->s3->rbuf.buf = rp;
2221 s->s3->wbuf.buf = wp;
2222 s->s3->rbuf.len = rlen;
2223 s->s3->wbuf.len = wlen;
2224
2225 ssl_free_wbio_buffer(s);
2226
2227 s->packet_length=0;
2228 s->s3->renegotiate=0;
2229 s->s3->total_renegotiations=0;
2230 s->s3->num_renegotiations=0;
2231 s->s3->in_read_app_data=0;
2232 s->version=SSL3_VERSION;
2233 }
2234
2235long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2236 {
2237 int ret=0;
2238
2239#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2240 if (
2241#ifndef OPENSSL_NO_RSA
2242 cmd == SSL_CTRL_SET_TMP_RSA ||
2243 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2244#endif
2245#ifndef OPENSSL_NO_DSA
2246 cmd == SSL_CTRL_SET_TMP_DH ||
2247 cmd == SSL_CTRL_SET_TMP_DH_CB ||
2248#endif
2249 0)
2250 {
2251 if (!ssl_cert_inst(&s->cert))
2252 {
2253 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2254 return(0);
2255 }
2256 }
2257#endif
2258
2259 switch (cmd)
2260 {
2261 case SSL_CTRL_GET_SESSION_REUSED:
2262 ret=s->hit;
2263 break;
2264 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2265 break;
2266 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2267 ret=s->s3->num_renegotiations;
2268 break;
2269 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2270 ret=s->s3->num_renegotiations;
2271 s->s3->num_renegotiations=0;
2272 break;
2273 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2274 ret=s->s3->total_renegotiations;
2275 break;
2276 case SSL_CTRL_GET_FLAGS:
2277 ret=(int)(s->s3->flags);
2278 break;
2279#ifndef OPENSSL_NO_RSA
2280 case SSL_CTRL_NEED_TMP_RSA:
2281 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2282 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2283 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2284 ret = 1;
2285 break;
2286 case SSL_CTRL_SET_TMP_RSA:
2287 {
2288 RSA *rsa = (RSA *)parg;
2289 if (rsa == NULL)
2290 {
2291 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2292 return(ret);
2293 }
2294 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2295 {
2296 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2297 return(ret);
2298 }
2299 if (s->cert->rsa_tmp != NULL)
2300 RSA_free(s->cert->rsa_tmp);
2301 s->cert->rsa_tmp = rsa;
2302 ret = 1;
2303 }
2304 break;
2305 case SSL_CTRL_SET_TMP_RSA_CB:
2306 {
2307 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2308 return(ret);
2309 }
2310 break;
2311#endif
2312#ifndef OPENSSL_NO_DH
2313 case SSL_CTRL_SET_TMP_DH:
2314 {
2315 DH *dh = (DH *)parg;
2316 if (dh == NULL)
2317 {
2318 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2319 return(ret);
2320 }
2321 if ((dh = DHparams_dup(dh)) == NULL)
2322 {
2323 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2324 return(ret);
2325 }
2326 if (!(s->options & SSL_OP_SINGLE_DH_USE))
2327 {
2328 if (!DH_generate_key(dh))
2329 {
2330 DH_free(dh);
2331 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2332 return(ret);
2333 }
2334 }
2335 if (s->cert->dh_tmp != NULL)
2336 DH_free(s->cert->dh_tmp);
2337 s->cert->dh_tmp = dh;
2338 ret = 1;
2339 }
2340 break;
2341 case SSL_CTRL_SET_TMP_DH_CB:
2342 {
2343 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2344 return(ret);
2345 }
2346 break;
2347#endif
2348#ifndef OPENSSL_NO_ECDH
2349 case SSL_CTRL_SET_TMP_ECDH:
2350 {
2351 EC_KEY *ecdh = NULL;
2352
2353 if (parg == NULL)
2354 {
2355 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2356 return(ret);
2357 }
2358 if (!EC_KEY_up_ref((EC_KEY *)parg))
2359 {
2360 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2361 return(ret);
2362 }
2363 ecdh = (EC_KEY *)parg;
2364 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2365 {
2366 if (!EC_KEY_generate_key(ecdh))
2367 {
2368 EC_KEY_free(ecdh);
2369 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2370 return(ret);
2371 }
2372 }
2373 if (s->cert->ecdh_tmp != NULL)
2374 EC_KEY_free(s->cert->ecdh_tmp);
2375 s->cert->ecdh_tmp = ecdh;
2376 ret = 1;
2377 }
2378 break;
2379 case SSL_CTRL_SET_TMP_ECDH_CB:
2380 {
2381 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2382 return(ret);
2383 }
2384 break;
2385#endif /* !OPENSSL_NO_ECDH */
2386#ifndef OPENSSL_NO_TLSEXT
2387 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2388 if (larg == TLSEXT_NAMETYPE_host_name)
2389 {
2390 if (s->tlsext_hostname != NULL)
2391 OPENSSL_free(s->tlsext_hostname);
2392 s->tlsext_hostname = NULL;
2393
2394 ret = 1;
2395 if (parg == NULL)
2396 break;
2397 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2398 {
2399 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2400 return 0;
2401 }
2402 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2403 {
2404 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2405 return 0;
2406 }
2407 }
2408 else
2409 {
2410 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2411 return 0;
2412 }
2413 break;
2414 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2415 s->tlsext_debug_arg=parg;
2416 ret = 1;
2417 break;
2418
2419#ifdef TLSEXT_TYPE_opaque_prf_input
2420 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2421 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2422 * (including the cert chain and everything) */
2423 {
2424 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2425 break;
2426 }
2427 if (s->tlsext_opaque_prf_input != NULL)
2428 OPENSSL_free(s->tlsext_opaque_prf_input);
2429 if ((size_t)larg == 0)
2430 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2431 else
2432 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2433 if (s->tlsext_opaque_prf_input != NULL)
2434 {
2435 s->tlsext_opaque_prf_input_len = (size_t)larg;
2436 ret = 1;
2437 }
2438 else
2439 s->tlsext_opaque_prf_input_len = 0;
2440 break;
2441#endif
2442
2443 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2444 s->tlsext_status_type=larg;
2445 ret = 1;
2446 break;
2447
2448 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2449 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2450 ret = 1;
2451 break;
2452
2453 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2454 s->tlsext_ocsp_exts = parg;
2455 ret = 1;
2456 break;
2457
2458 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2459 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2460 ret = 1;
2461 break;
2462
2463 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2464 s->tlsext_ocsp_ids = parg;
2465 ret = 1;
2466 break;
2467
2468 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2469 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2470 return s->tlsext_ocsp_resplen;
2471
2472 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2473 if (s->tlsext_ocsp_resp)
2474 OPENSSL_free(s->tlsext_ocsp_resp);
2475 s->tlsext_ocsp_resp = parg;
2476 s->tlsext_ocsp_resplen = larg;
2477 ret = 1;
2478 break;
2479
2480#endif /* !OPENSSL_NO_TLSEXT */
2481 default:
2482 break;
2483 }
2484 return(ret);
2485 }
2486
2487long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2488 {
2489 int ret=0;
2490
2491#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2492 if (
2493#ifndef OPENSSL_NO_RSA
2494 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2495#endif
2496#ifndef OPENSSL_NO_DSA
2497 cmd == SSL_CTRL_SET_TMP_DH_CB ||
2498#endif
2499 0)
2500 {
2501 if (!ssl_cert_inst(&s->cert))
2502 {
2503 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2504 return(0);
2505 }
2506 }
2507#endif
2508
2509 switch (cmd)
2510 {
2511#ifndef OPENSSL_NO_RSA
2512 case SSL_CTRL_SET_TMP_RSA_CB:
2513 {
2514 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2515 }
2516 break;
2517#endif
2518#ifndef OPENSSL_NO_DH
2519 case SSL_CTRL_SET_TMP_DH_CB:
2520 {
2521 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2522 }
2523 break;
2524#endif
2525#ifndef OPENSSL_NO_ECDH
2526 case SSL_CTRL_SET_TMP_ECDH_CB:
2527 {
2528 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2529 }
2530 break;
2531#endif
2532#ifndef OPENSSL_NO_TLSEXT
2533 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2534 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2535 unsigned char *, int, void *))fp;
2536 break;
2537#endif
2538 default:
2539 break;
2540 }
2541 return(ret);
2542 }
2543
2544long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2545 {
2546 CERT *cert;
2547
2548 cert=ctx->cert;
2549
2550 switch (cmd)
2551 {
2552#ifndef OPENSSL_NO_RSA
2553 case SSL_CTRL_NEED_TMP_RSA:
2554 if ( (cert->rsa_tmp == NULL) &&
2555 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2556 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2557 )
2558 return(1);
2559 else
2560 return(0);
2561 /* break; */
2562 case SSL_CTRL_SET_TMP_RSA:
2563 {
2564 RSA *rsa;
2565 int i;
2566
2567 rsa=(RSA *)parg;
2568 i=1;
2569 if (rsa == NULL)
2570 i=0;
2571 else
2572 {
2573 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2574 i=0;
2575 }
2576 if (!i)
2577 {
2578 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2579 return(0);
2580 }
2581 else
2582 {
2583 if (cert->rsa_tmp != NULL)
2584 RSA_free(cert->rsa_tmp);
2585 cert->rsa_tmp=rsa;
2586 return(1);
2587 }
2588 }
2589 /* break; */
2590 case SSL_CTRL_SET_TMP_RSA_CB:
2591 {
2592 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2593 return(0);
2594 }
2595 break;
2596#endif
2597#ifndef OPENSSL_NO_DH
2598 case SSL_CTRL_SET_TMP_DH:
2599 {
2600 DH *new=NULL,*dh;
2601
2602 dh=(DH *)parg;
2603 if ((new=DHparams_dup(dh)) == NULL)
2604 {
2605 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2606 return 0;
2607 }
2608 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2609 {
2610 if (!DH_generate_key(new))
2611 {
2612 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2613 DH_free(new);
2614 return 0;
2615 }
2616 }
2617 if (cert->dh_tmp != NULL)
2618 DH_free(cert->dh_tmp);
2619 cert->dh_tmp=new;
2620 return 1;
2621 }
2622 /*break; */
2623 case SSL_CTRL_SET_TMP_DH_CB:
2624 {
2625 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2626 return(0);
2627 }
2628 break;
2629#endif
2630#ifndef OPENSSL_NO_ECDH
2631 case SSL_CTRL_SET_TMP_ECDH:
2632 {
2633 EC_KEY *ecdh = NULL;
2634
2635 if (parg == NULL)
2636 {
2637 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2638 return 0;
2639 }
2640 ecdh = EC_KEY_dup((EC_KEY *)parg);
2641 if (ecdh == NULL)
2642 {
2643 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2644 return 0;
2645 }
2646 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2647 {
2648 if (!EC_KEY_generate_key(ecdh))
2649 {
2650 EC_KEY_free(ecdh);
2651 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2652 return 0;
2653 }
2654 }
2655
2656 if (cert->ecdh_tmp != NULL)
2657 {
2658 EC_KEY_free(cert->ecdh_tmp);
2659 }
2660 cert->ecdh_tmp = ecdh;
2661 return 1;
2662 }
2663 /* break; */
2664 case SSL_CTRL_SET_TMP_ECDH_CB:
2665 {
2666 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2667 return(0);
2668 }
2669 break;
2670#endif /* !OPENSSL_NO_ECDH */
2671#ifndef OPENSSL_NO_TLSEXT
2672 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2673 ctx->tlsext_servername_arg=parg;
2674 break;
2675 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2676 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2677 {
2678 unsigned char *keys = parg;
2679 if (!keys)
2680 return 48;
2681 if (larg != 48)
2682 {
2683 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2684 return 0;
2685 }
2686 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2687 {
2688 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2689 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2690 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2691 }
2692 else
2693 {
2694 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2695 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2696 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2697 }
2698 return 1;
2699 }
2700
2701#ifdef TLSEXT_TYPE_opaque_prf_input
2702 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2703 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2704 return 1;
2705#endif
2706
2707 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2708 ctx->tlsext_status_arg=parg;
2709 return 1;
2710 break;
2711
2712#endif /* !OPENSSL_NO_TLSEXT */
2713
2714 /* A Thawte special :-) */
2715 case SSL_CTRL_EXTRA_CHAIN_CERT:
2716 if (ctx->extra_certs == NULL)
2717 {
2718 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2719 return(0);
2720 }
2721 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2722 break;
2723
2724 default:
2725 return(0);
2726 }
2727 return(1);
2728 }
2729
2730long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2731 {
2732 CERT *cert;
2733
2734 cert=ctx->cert;
2735
2736 switch (cmd)
2737 {
2738#ifndef OPENSSL_NO_RSA
2739 case SSL_CTRL_SET_TMP_RSA_CB:
2740 {
2741 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2742 }
2743 break;
2744#endif
2745#ifndef OPENSSL_NO_DH
2746 case SSL_CTRL_SET_TMP_DH_CB:
2747 {
2748 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2749 }
2750 break;
2751#endif
2752#ifndef OPENSSL_NO_ECDH
2753 case SSL_CTRL_SET_TMP_ECDH_CB:
2754 {
2755 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2756 }
2757 break;
2758#endif
2759#ifndef OPENSSL_NO_TLSEXT
2760 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2761 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2762 break;
2763
2764#ifdef TLSEXT_TYPE_opaque_prf_input
2765 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2766 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2767 break;
2768#endif
2769
2770 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2771 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2772 break;
2773
2774 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2775 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
2776 unsigned char *,
2777 EVP_CIPHER_CTX *,
2778 HMAC_CTX *, int))fp;
2779 break;
2780
2781#endif
2782 default:
2783 return(0);
2784 }
2785 return(1);
2786 }
2787
2788/* This function needs to check if the ciphers required are actually
2789 * available */
2790const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2791 {
2792 SSL_CIPHER c;
2793 const SSL_CIPHER *cp;
2794 unsigned long id;
2795
2796 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2797 c.id=id;
2798 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2799 if (cp == NULL || cp->valid == 0)
2800 return NULL;
2801 else
2802 return cp;
2803 }
2804
2805int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2806 {
2807 long l;
2808
2809 if (p != NULL)
2810 {
2811 l=c->id;
2812 if ((l & 0xff000000) != 0x03000000) return(0);
2813 p[0]=((unsigned char)(l>> 8L))&0xFF;
2814 p[1]=((unsigned char)(l ))&0xFF;
2815 }
2816 return(2);
2817 }
2818
2819SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2820 STACK_OF(SSL_CIPHER) *srvr)
2821 {
2822 SSL_CIPHER *c,*ret=NULL;
2823 STACK_OF(SSL_CIPHER) *prio, *allow;
2824 int i,ii,ok;
2825#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2826 unsigned int j;
2827 int ec_ok, ec_nid;
2828 unsigned char ec_search1 = 0, ec_search2 = 0;
2829#endif
2830 CERT *cert;
2831 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2832
2833 /* Let's see which ciphers we can support */
2834 cert=s->cert;
2835
2836#if 0
2837 /* Do not set the compare functions, because this may lead to a
2838 * reordering by "id". We want to keep the original ordering.
2839 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2840 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2841 */
2842 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2843 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2844#endif
2845
2846#ifdef CIPHER_DEBUG
2847 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2848 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2849 {
2850 c=sk_SSL_CIPHER_value(srvr,i);
2851 printf("%p:%s\n",(void *)c,c->name);
2852 }
2853 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2854 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2855 {
2856 c=sk_SSL_CIPHER_value(clnt,i);
2857 printf("%p:%s\n",(void *)c,c->name);
2858 }
2859#endif
2860
2861 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2862 {
2863 prio = srvr;
2864 allow = clnt;
2865 }
2866 else
2867 {
2868 prio = clnt;
2869 allow = srvr;
2870 }
2871
2872 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2873 {
2874 c=sk_SSL_CIPHER_value(prio,i);
2875
2876 ssl_set_cert_masks(cert,c);
2877 mask_k = cert->mask_k;
2878 mask_a = cert->mask_a;
2879 emask_k = cert->export_mask_k;
2880 emask_a = cert->export_mask_a;
2881
2882#ifdef KSSL_DEBUG
2883/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2884#endif /* KSSL_DEBUG */
2885
2886 alg_k=c->algorithm_mkey;
2887 alg_a=c->algorithm_auth;
2888
2889#ifndef OPENSSL_NO_KRB5
2890 if (alg_k & SSL_kKRB5)
2891 {
2892 if ( !kssl_keytab_is_available(s->kssl_ctx) )
2893 continue;
2894 }
2895#endif /* OPENSSL_NO_KRB5 */
2896#ifndef OPENSSL_NO_PSK
2897 /* with PSK there must be server callback set */
2898 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2899 continue;
2900#endif /* OPENSSL_NO_PSK */
2901
2902 if (SSL_C_IS_EXPORT(c))
2903 {
2904 ok = (alg_k & emask_k) && (alg_a & emask_a);
2905#ifdef CIPHER_DEBUG
2906 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2907 (void *)c,c->name);
2908#endif
2909 }
2910 else
2911 {
2912 ok = (alg_k & mask_k) && (alg_a & mask_a);
2913#ifdef CIPHER_DEBUG
2914 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2915 c->name);
2916#endif
2917 }
2918
2919#ifndef OPENSSL_NO_TLSEXT
2920#ifndef OPENSSL_NO_EC
2921 if (
2922 /* if we are considering an ECC cipher suite that uses our certificate */
2923 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2924 /* and we have an ECC certificate */
2925 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2926 /* and the client specified a Supported Point Formats extension */
2927 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2928 /* and our certificate's point is compressed */
2929 && (
2930 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2931 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2932 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2933 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2934 && (
2935 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2936 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2937 )
2938 )
2939 )
2940 {
2941 ec_ok = 0;
2942 /* if our certificate's curve is over a field type that the client does not support
2943 * then do not allow this cipher suite to be negotiated */
2944 if (
2945 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2946 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2947 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2948 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2949 )
2950 {
2951 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2952 {
2953 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2954 {
2955 ec_ok = 1;
2956 break;
2957 }
2958 }
2959 }
2960 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2961 {
2962 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2963 {
2964 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2965 {
2966 ec_ok = 1;
2967 break;
2968 }
2969 }
2970 }
2971 ok = ok && ec_ok;
2972 }
2973 if (
2974 /* if we are considering an ECC cipher suite that uses our certificate */
2975 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2976 /* and we have an ECC certificate */
2977 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2978 /* and the client specified an EllipticCurves extension */
2979 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2980 )
2981 {
2982 ec_ok = 0;
2983 if (
2984 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2985 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2986 )
2987 {
2988 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2989 if ((ec_nid == 0)
2990 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2991 )
2992 {
2993 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2994 {
2995 ec_search1 = 0xFF;
2996 ec_search2 = 0x01;
2997 }
2998 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2999 {
3000 ec_search1 = 0xFF;
3001 ec_search2 = 0x02;
3002 }
3003 }
3004 else
3005 {
3006 ec_search1 = 0x00;
3007 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3008 }
3009 if ((ec_search1 != 0) || (ec_search2 != 0))
3010 {
3011 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3012 {
3013 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3014 {
3015 ec_ok = 1;
3016 break;
3017 }
3018 }
3019 }
3020 }
3021 ok = ok && ec_ok;
3022 }
3023 if (
3024 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3025 (alg_k & SSL_kEECDH)
3026 /* and we have an ephemeral EC key */
3027 && (s->cert->ecdh_tmp != NULL)
3028 /* and the client specified an EllipticCurves extension */
3029 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3030 )
3031 {
3032 ec_ok = 0;
3033 if (s->cert->ecdh_tmp->group != NULL)
3034 {
3035 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3036 if ((ec_nid == 0)
3037 && (s->cert->ecdh_tmp->group->meth != NULL)
3038 )
3039 {
3040 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3041 {
3042 ec_search1 = 0xFF;
3043 ec_search2 = 0x01;
3044 }
3045 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3046 {
3047 ec_search1 = 0xFF;
3048 ec_search2 = 0x02;
3049 }
3050 }
3051 else
3052 {
3053 ec_search1 = 0x00;
3054 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3055 }
3056 if ((ec_search1 != 0) || (ec_search2 != 0))
3057 {
3058 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3059 {
3060 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3061 {
3062 ec_ok = 1;
3063 break;
3064 }
3065 }
3066 }
3067 }
3068 ok = ok && ec_ok;
3069 }
3070#endif /* OPENSSL_NO_EC */
3071#endif /* OPENSSL_NO_TLSEXT */
3072
3073 if (!ok) continue;
3074 ii=sk_SSL_CIPHER_find(allow,c);
3075 if (ii >= 0)
3076 {
3077 ret=sk_SSL_CIPHER_value(allow,ii);
3078 break;
3079 }
3080 }
3081 return(ret);
3082 }
3083
3084int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3085 {
3086 int ret=0;
3087 unsigned long alg_k;
3088
3089 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3090
3091#ifndef OPENSSL_NO_GOST
3092 if (s->version >= TLS1_VERSION)
3093 {
3094 if (alg_k & SSL_kGOST)
3095 {
3096 p[ret++]=TLS_CT_GOST94_SIGN;
3097 p[ret++]=TLS_CT_GOST01_SIGN;
3098 return(ret);
3099 }
3100 }
3101#endif
3102
3103#ifndef OPENSSL_NO_DH
3104 if (alg_k & (SSL_kDHr|SSL_kEDH))
3105 {
3106# ifndef OPENSSL_NO_RSA
3107 p[ret++]=SSL3_CT_RSA_FIXED_DH;
3108# endif
3109# ifndef OPENSSL_NO_DSA
3110 p[ret++]=SSL3_CT_DSS_FIXED_DH;
3111# endif
3112 }
3113 if ((s->version == SSL3_VERSION) &&
3114 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3115 {
3116# ifndef OPENSSL_NO_RSA
3117 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3118# endif
3119# ifndef OPENSSL_NO_DSA
3120 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3121# endif
3122 }
3123#endif /* !OPENSSL_NO_DH */
3124#ifndef OPENSSL_NO_RSA
3125 p[ret++]=SSL3_CT_RSA_SIGN;
3126#endif
3127#ifndef OPENSSL_NO_DSA
3128 p[ret++]=SSL3_CT_DSS_SIGN;
3129#endif
3130#ifndef OPENSSL_NO_ECDH
3131 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3132 {
3133 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3134 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3135 }
3136#endif
3137
3138#ifndef OPENSSL_NO_ECDSA
3139 /* ECDSA certs can be used with RSA cipher suites as well
3140 * so we don't need to check for SSL_kECDH or SSL_kEECDH
3141 */
3142 if (s->version >= TLS1_VERSION)
3143 {
3144 p[ret++]=TLS_CT_ECDSA_SIGN;
3145 }
3146#endif
3147 return(ret);
3148 }
3149
3150int ssl3_shutdown(SSL *s)
3151 {
3152 int ret;
3153
3154 /* Don't do anything much if we have not done the handshake or
3155 * we don't want to send messages :-) */
3156 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3157 {
3158 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3159 return(1);
3160 }
3161
3162 if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3163 {
3164 s->shutdown|=SSL_SENT_SHUTDOWN;
3165#if 1
3166 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3167#endif
3168 /* our shutdown alert has been sent now, and if it still needs
3169 * to be written, s->s3->alert_dispatch will be true */
3170 if (s->s3->alert_dispatch)
3171 return(-1); /* return WANT_WRITE */
3172 }
3173 else if (s->s3->alert_dispatch)
3174 {
3175 /* resend it if not sent */
3176#if 1
3177 ret=s->method->ssl_dispatch_alert(s);
3178 if(ret == -1)
3179 {
3180 /* we only get to return -1 here the 2nd/Nth
3181 * invocation, we must have already signalled
3182 * return 0 upon a previous invoation,
3183 * return WANT_WRITE */
3184 return(ret);
3185 }
3186#endif
3187 }
3188 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3189 {
3190 /* If we are waiting for a close from our peer, we are closed */
3191 s->method->ssl_read_bytes(s,0,NULL,0,0);
3192 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3193 {
3194 return(-1); /* return WANT_READ */
3195 }
3196 }
3197
3198 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3199 !s->s3->alert_dispatch)
3200 return(1);
3201 else
3202 return(0);
3203 }
3204
3205int ssl3_write(SSL *s, const void *buf, int len)
3206 {
3207 int ret,n;
3208
3209#if 0
3210 if (s->shutdown & SSL_SEND_SHUTDOWN)
3211 {
3212 s->rwstate=SSL_NOTHING;
3213 return(0);
3214 }
3215#endif
3216 clear_sys_error();
3217 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3218
3219 /* This is an experimental flag that sends the
3220 * last handshake message in the same packet as the first
3221 * use data - used to see if it helps the TCP protocol during
3222 * session-id reuse */
3223 /* The second test is because the buffer may have been removed */
3224 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3225 {
3226 /* First time through, we write into the buffer */
3227 if (s->s3->delay_buf_pop_ret == 0)
3228 {
3229 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3230 buf,len);
3231 if (ret <= 0) return(ret);
3232
3233 s->s3->delay_buf_pop_ret=ret;
3234 }
3235
3236 s->rwstate=SSL_WRITING;
3237 n=BIO_flush(s->wbio);
3238 if (n <= 0) return(n);
3239 s->rwstate=SSL_NOTHING;
3240
3241 /* We have flushed the buffer, so remove it */
3242 ssl_free_wbio_buffer(s);
3243 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3244
3245 ret=s->s3->delay_buf_pop_ret;
3246 s->s3->delay_buf_pop_ret=0;
3247 }
3248 else
3249 {
3250 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3251 buf,len);
3252 if (ret <= 0) return(ret);
3253 }
3254
3255 return(ret);
3256 }
3257
3258static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3259 {
3260 int ret;
3261
3262 clear_sys_error();
3263 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3264 s->s3->in_read_app_data=1;
3265 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3266 if ((ret == -1) && (s->s3->in_read_app_data == 2))
3267 {
3268 /* ssl3_read_bytes decided to call s->handshake_func, which
3269 * called ssl3_read_bytes to read handshake data.
3270 * However, ssl3_read_bytes actually found application data
3271 * and thinks that application data makes sense here; so disable
3272 * handshake processing and try to read application data again. */
3273 s->in_handshake++;
3274 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3275 s->in_handshake--;
3276 }
3277 else
3278 s->s3->in_read_app_data=0;
3279
3280 return(ret);
3281 }
3282
3283int ssl3_read(SSL *s, void *buf, int len)
3284 {
3285 return ssl3_read_internal(s, buf, len, 0);
3286 }
3287
3288int ssl3_peek(SSL *s, void *buf, int len)
3289 {
3290 return ssl3_read_internal(s, buf, len, 1);
3291 }
3292
3293int ssl3_renegotiate(SSL *s)
3294 {
3295 if (s->handshake_func == NULL)
3296 return(1);
3297
3298 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3299 return(0);
3300
3301 s->s3->renegotiate=1;
3302 return(1);
3303 }
3304
3305int ssl3_renegotiate_check(SSL *s)
3306 {
3307 int ret=0;
3308
3309 if (s->s3->renegotiate)
3310 {
3311 if ( (s->s3->rbuf.left == 0) &&
3312 (s->s3->wbuf.left == 0) &&
3313 !SSL_in_init(s))
3314 {
3315/*
3316if we are the server, and we have sent a 'RENEGOTIATE' message, we
3317need to go to SSL_ST_ACCEPT.
3318*/
3319 /* SSL_ST_ACCEPT */
3320 s->state=SSL_ST_RENEGOTIATE;
3321 s->s3->renegotiate=0;
3322 s->s3->num_renegotiations++;
3323 s->s3->total_renegotiations++;
3324 ret=1;
3325 }
3326 }
3327 return(ret);
3328 }
3329
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
deleted file mode 100644
index e3f6050a26..0000000000
--- a/src/lib/libssl/s3_pkt.c
+++ /dev/null
@@ -1,1457 +0,0 @@
1/* ssl/s3_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <errno.h>
114#define USE_SOCKETS
115#include "ssl_locl.h"
116#include <openssl/evp.h>
117#include <openssl/buffer.h>
118
119static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
120 unsigned int len, int create_empty_fragment);
121static int ssl3_get_record(SSL *s);
122
123int ssl3_read_n(SSL *s, int n, int max, int extend)
124 {
125 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
126 * packet by another n bytes.
127 * The packet will be in the sub-array of s->s3->rbuf.buf specified
128 * by s->packet and s->packet_length.
129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
130 * [plus s->packet_length bytes if extend == 1].)
131 */
132 int i,len,left;
133 long align=0;
134 unsigned char *pkt;
135 SSL3_BUFFER *rb;
136
137 if (n <= 0) return n;
138
139 rb = &(s->s3->rbuf);
140 if (rb->buf == NULL)
141 if (!ssl3_setup_read_buffer(s))
142 return -1;
143
144 left = rb->left;
145#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
146 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
147 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
148#endif
149
150 if (!extend)
151 {
152 /* start with empty packet ... */
153 if (left == 0)
154 rb->offset = align;
155 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
156 {
157 /* check if next packet length is large
158 * enough to justify payload alignment... */
159 pkt = rb->buf + rb->offset;
160 if (pkt[0] == SSL3_RT_APPLICATION_DATA
161 && (pkt[3]<<8|pkt[4]) >= 128)
162 {
163 /* Note that even if packet is corrupted
164 * and its length field is insane, we can
165 * only be led to wrong decision about
166 * whether memmove will occur or not.
167 * Header values has no effect on memmove
168 * arguments and therefore no buffer
169 * overrun can be triggered. */
170 memmove (rb->buf+align,pkt,left);
171 rb->offset = align;
172 }
173 }
174 s->packet = rb->buf + rb->offset;
175 s->packet_length = 0;
176 /* ... now we can act as if 'extend' was set */
177 }
178
179 /* For DTLS/UDP reads should not span multiple packets
180 * because the read operation returns the whole packet
181 * at once (as long as it fits into the buffer). */
182 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
183 {
184 if (left > 0 && n > left)
185 n = left;
186 }
187
188 /* if there is enough in the buffer from a previous read, take some */
189 if (left >= n)
190 {
191 s->packet_length+=n;
192 rb->left=left-n;
193 rb->offset+=n;
194 return(n);
195 }
196
197 /* else we need to read more data */
198
199 len = s->packet_length;
200 pkt = rb->buf+align;
201 /* Move any available bytes to front of buffer:
202 * 'len' bytes already pointed to by 'packet',
203 * 'left' extra ones at the end */
204 if (s->packet != pkt) /* len > 0 */
205 {
206 memmove(pkt, s->packet, len+left);
207 s->packet = pkt;
208 rb->offset = len + align;
209 }
210
211 if (n > (int)(rb->len - rb->offset)) /* does not happen */
212 {
213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
214 return -1;
215 }
216
217 if (!s->read_ahead)
218 /* ignore max parameter */
219 max = n;
220 else
221 {
222 if (max < n)
223 max = n;
224 if (max > (int)(rb->len - rb->offset))
225 max = rb->len - rb->offset;
226 }
227
228 while (left < n)
229 {
230 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
231 * and need to read in more until we have len+n (up to
232 * len+max if possible) */
233
234 clear_sys_error();
235 if (s->rbio != NULL)
236 {
237 s->rwstate=SSL_READING;
238 i=BIO_read(s->rbio,pkt+len+left, max-left);
239 }
240 else
241 {
242 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
243 i = -1;
244 }
245
246 if (i <= 0)
247 {
248 rb->left = left;
249 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
250 if (len+left == 0)
251 ssl3_release_read_buffer(s);
252 return(i);
253 }
254 left+=i;
255 /* reads should *never* span multiple packets for DTLS because
256 * the underlying transport protocol is message oriented as opposed
257 * to byte oriented as in the TLS case. */
258 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
259 {
260 if (n > left)
261 n = left; /* makes the while condition false */
262 }
263 }
264
265 /* done reading, now the book-keeping */
266 rb->offset += n;
267 rb->left = left - n;
268 s->packet_length += n;
269 s->rwstate=SSL_NOTHING;
270 return(n);
271 }
272
273/* Call this to get a new input record.
274 * It will return <= 0 if more data is needed, normally due to an error
275 * or non-blocking IO.
276 * When it finishes, one packet has been decoded and can be found in
277 * ssl->s3->rrec.type - is the type of record
278 * ssl->s3->rrec.data, - data
279 * ssl->s3->rrec.length, - number of bytes
280 */
281/* used only by ssl3_read_bytes */
282static int ssl3_get_record(SSL *s)
283 {
284 int ssl_major,ssl_minor,al;
285 int enc_err,n,i,ret= -1;
286 SSL3_RECORD *rr;
287 SSL_SESSION *sess;
288 unsigned char *p;
289 unsigned char md[EVP_MAX_MD_SIZE];
290 short version;
291 int mac_size;
292 int clear=0;
293 size_t extra;
294 int decryption_failed_or_bad_record_mac = 0;
295 unsigned char *mac = NULL;
296
297 rr= &(s->s3->rrec);
298 sess=s->session;
299
300 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
301 extra=SSL3_RT_MAX_EXTRA;
302 else
303 extra=0;
304 if (extra && !s->s3->init_extra)
305 {
306 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
307 * set after ssl3_setup_buffers() was done */
308 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
309 return -1;
310 }
311
312again:
313 /* check if we have the header */
314 if ( (s->rstate != SSL_ST_READ_BODY) ||
315 (s->packet_length < SSL3_RT_HEADER_LENGTH))
316 {
317 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
318 if (n <= 0) return(n); /* error or non-blocking */
319 s->rstate=SSL_ST_READ_BODY;
320
321 p=s->packet;
322
323 /* Pull apart the header into the SSL3_RECORD */
324 rr->type= *(p++);
325 ssl_major= *(p++);
326 ssl_minor= *(p++);
327 version=(ssl_major<<8)|ssl_minor;
328 n2s(p,rr->length);
329#if 0
330fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
331#endif
332
333 /* Lets check version */
334 if (!s->first_packet)
335 {
336 if (version != s->version)
337 {
338 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
339 if ((s->version & 0xFF00) == (version & 0xFF00))
340 /* Send back error using their minor version number :-) */
341 s->version = (unsigned short)version;
342 al=SSL_AD_PROTOCOL_VERSION;
343 goto f_err;
344 }
345 }
346
347 if ((version>>8) != SSL3_VERSION_MAJOR)
348 {
349 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
350 goto err;
351 }
352
353 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
354 {
355 al=SSL_AD_RECORD_OVERFLOW;
356 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
357 goto f_err;
358 }
359
360 /* now s->rstate == SSL_ST_READ_BODY */
361 }
362
363 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
364
365 if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
366 {
367 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
368 i=rr->length;
369 n=ssl3_read_n(s,i,i,1);
370 if (n <= 0) return(n); /* error or non-blocking io */
371 /* now n == rr->length,
372 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
373 }
374
375 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
376
377 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
378 * and we have that many bytes in s->packet
379 */
380 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
381
382 /* ok, we can now read from 's->packet' data into 'rr'
383 * rr->input points at rr->length bytes, which
384 * need to be copied into rr->data by either
385 * the decryption or by the decompression
386 * When the data is 'copied' into the rr->data buffer,
387 * rr->input will be pointed at the new buffer */
388
389 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
390 * rr->length bytes of encrypted compressed stuff. */
391
392 /* check is not needed I believe */
393 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
394 {
395 al=SSL_AD_RECORD_OVERFLOW;
396 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
397 goto f_err;
398 }
399
400 /* decrypt in place in 'rr->input' */
401 rr->data=rr->input;
402
403 enc_err = s->method->ssl3_enc->enc(s,0);
404 if (enc_err <= 0)
405 {
406 if (enc_err == 0)
407 /* SSLerr() and ssl3_send_alert() have been called */
408 goto err;
409
410 /* Otherwise enc_err == -1, which indicates bad padding
411 * (rec->length has not been changed in this case).
412 * To minimize information leaked via timing, we will perform
413 * the MAC computation anyway. */
414 decryption_failed_or_bad_record_mac = 1;
415 }
416
417#ifdef TLS_DEBUG
418printf("dec %d\n",rr->length);
419{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
420printf("\n");
421#endif
422
423 /* r->length is now the compressed data plus mac */
424 if ( (sess == NULL) ||
425 (s->enc_read_ctx == NULL) ||
426 (EVP_MD_CTX_md(s->read_hash) == NULL))
427 clear=1;
428
429 if (!clear)
430 {
431 /* !clear => s->read_hash != NULL => mac_size != -1 */
432 mac_size=EVP_MD_CTX_size(s->read_hash);
433 OPENSSL_assert(mac_size >= 0);
434
435 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
436 {
437#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
438 al=SSL_AD_RECORD_OVERFLOW;
439 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
440 goto f_err;
441#else
442 decryption_failed_or_bad_record_mac = 1;
443#endif
444 }
445 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
446 if (rr->length >= (unsigned int)mac_size)
447 {
448 rr->length -= mac_size;
449 mac = &rr->data[rr->length];
450 }
451 else
452 {
453 /* record (minus padding) is too short to contain a MAC */
454#if 0 /* OK only for stream ciphers */
455 al=SSL_AD_DECODE_ERROR;
456 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
457 goto f_err;
458#else
459 decryption_failed_or_bad_record_mac = 1;
460 rr->length = 0;
461#endif
462 }
463 i=s->method->ssl3_enc->mac(s,md,0);
464 if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0)
465 {
466 decryption_failed_or_bad_record_mac = 1;
467 }
468 }
469
470 if (decryption_failed_or_bad_record_mac)
471 {
472 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
473 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
474 * failure is directly visible from the ciphertext anyway,
475 * we should not reveal which kind of error occured -- this
476 * might become visible to an attacker (e.g. via a logfile) */
477 al=SSL_AD_BAD_RECORD_MAC;
478 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
479 goto f_err;
480 }
481
482 /* r->length is now just compressed */
483 if (s->expand != NULL)
484 {
485 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
486 {
487 al=SSL_AD_RECORD_OVERFLOW;
488 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
489 goto f_err;
490 }
491 if (!ssl3_do_uncompress(s))
492 {
493 al=SSL_AD_DECOMPRESSION_FAILURE;
494 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
495 goto f_err;
496 }
497 }
498
499 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
500 {
501 al=SSL_AD_RECORD_OVERFLOW;
502 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
503 goto f_err;
504 }
505
506 rr->off=0;
507 /* So at this point the following is true
508 * ssl->s3->rrec.type is the type of record
509 * ssl->s3->rrec.length == number of bytes in record
510 * ssl->s3->rrec.off == offset to first valid byte
511 * ssl->s3->rrec.data == where to take bytes from, increment
512 * after use :-).
513 */
514
515 /* we have pulled in a full packet so zero things */
516 s->packet_length=0;
517
518 /* just read a 0 length packet */
519 if (rr->length == 0) goto again;
520
521#if 0
522fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
523#endif
524
525 return(1);
526
527f_err:
528 ssl3_send_alert(s,SSL3_AL_FATAL,al);
529err:
530 return(ret);
531 }
532
533int ssl3_do_uncompress(SSL *ssl)
534 {
535#ifndef OPENSSL_NO_COMP
536 int i;
537 SSL3_RECORD *rr;
538
539 rr= &(ssl->s3->rrec);
540 i=COMP_expand_block(ssl->expand,rr->comp,
541 SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
542 if (i < 0)
543 return(0);
544 else
545 rr->length=i;
546 rr->data=rr->comp;
547#endif
548 return(1);
549 }
550
551int ssl3_do_compress(SSL *ssl)
552 {
553#ifndef OPENSSL_NO_COMP
554 int i;
555 SSL3_RECORD *wr;
556
557 wr= &(ssl->s3->wrec);
558 i=COMP_compress_block(ssl->compress,wr->data,
559 SSL3_RT_MAX_COMPRESSED_LENGTH,
560 wr->input,(int)wr->length);
561 if (i < 0)
562 return(0);
563 else
564 wr->length=i;
565
566 wr->input=wr->data;
567#endif
568 return(1);
569 }
570
571/* Call this to write data in records of type 'type'
572 * It will return <= 0 if not all data has been sent or non-blocking IO.
573 */
574int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
575 {
576 const unsigned char *buf=buf_;
577 unsigned int tot,n,nw;
578 int i;
579
580 s->rwstate=SSL_NOTHING;
581 tot=s->s3->wnum;
582 s->s3->wnum=0;
583
584 if (SSL_in_init(s) && !s->in_handshake)
585 {
586 i=s->handshake_func(s);
587 if (i < 0) return(i);
588 if (i == 0)
589 {
590 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
591 return -1;
592 }
593 }
594
595 n=(len-tot);
596 for (;;)
597 {
598 if (n > s->max_send_fragment)
599 nw=s->max_send_fragment;
600 else
601 nw=n;
602
603 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
604 if (i <= 0)
605 {
606 s->s3->wnum=tot;
607 return i;
608 }
609
610 if ((i == (int)n) ||
611 (type == SSL3_RT_APPLICATION_DATA &&
612 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
613 {
614 /* next chunk of data should get another prepended empty fragment
615 * in ciphersuites with known-IV weakness: */
616 s->s3->empty_fragment_done = 0;
617
618 return tot+i;
619 }
620
621 n-=i;
622 tot+=i;
623 }
624 }
625
626static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
627 unsigned int len, int create_empty_fragment)
628 {
629 unsigned char *p,*plen;
630 int i,mac_size,clear=0;
631 int prefix_len=0;
632 long align=0;
633 SSL3_RECORD *wr;
634 SSL3_BUFFER *wb=&(s->s3->wbuf);
635 SSL_SESSION *sess;
636
637 if (wb->buf == NULL)
638 if (!ssl3_setup_write_buffer(s))
639 return -1;
640
641 /* first check if there is a SSL3_BUFFER still being written
642 * out. This will happen with non blocking IO */
643 if (wb->left != 0)
644 return(ssl3_write_pending(s,type,buf,len));
645
646 /* If we have an alert to send, lets send it */
647 if (s->s3->alert_dispatch)
648 {
649 i=s->method->ssl_dispatch_alert(s);
650 if (i <= 0)
651 return(i);
652 /* if it went, fall through and send more stuff */
653 }
654
655 if (len == 0 && !create_empty_fragment)
656 return 0;
657
658 wr= &(s->s3->wrec);
659 sess=s->session;
660
661 if ( (sess == NULL) ||
662 (s->enc_write_ctx == NULL) ||
663 (EVP_MD_CTX_md(s->write_hash) == NULL))
664 clear=1;
665
666 if (clear)
667 mac_size=0;
668 else
669 {
670 mac_size=EVP_MD_CTX_size(s->write_hash);
671 if (mac_size < 0)
672 goto err;
673 }
674
675 /* 'create_empty_fragment' is true only when this function calls itself */
676 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
677 {
678 /* countermeasure against known-IV weakness in CBC ciphersuites
679 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
680
681 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
682 {
683 /* recursive function call with 'create_empty_fragment' set;
684 * this prepares and buffers the data for an empty fragment
685 * (these 'prefix_len' bytes are sent out later
686 * together with the actual payload) */
687 prefix_len = do_ssl3_write(s, type, buf, 0, 1);
688 if (prefix_len <= 0)
689 goto err;
690
691 if (prefix_len >
692 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
693 {
694 /* insufficient space */
695 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
696 goto err;
697 }
698 }
699
700 s->s3->empty_fragment_done = 1;
701 }
702
703 if (create_empty_fragment)
704 {
705#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
706 /* extra fragment would be couple of cipher blocks,
707 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
708 * if we want to align the real payload, then we can
709 * just pretent we simply have two headers. */
710 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
711 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
712#endif
713 p = wb->buf + align;
714 wb->offset = align;
715 }
716 else if (prefix_len)
717 {
718 p = wb->buf + wb->offset + prefix_len;
719 }
720 else
721 {
722#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
723 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
724 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
725#endif
726 p = wb->buf + align;
727 wb->offset = align;
728 }
729
730 /* write the header */
731
732 *(p++)=type&0xff;
733 wr->type=type;
734
735 *(p++)=(s->version>>8);
736 *(p++)=s->version&0xff;
737
738 /* field where we are to write out packet length */
739 plen=p;
740 p+=2;
741
742 /* lets setup the record stuff. */
743 wr->data=p;
744 wr->length=(int)len;
745 wr->input=(unsigned char *)buf;
746
747 /* we now 'read' from wr->input, wr->length bytes into
748 * wr->data */
749
750 /* first we compress */
751 if (s->compress != NULL)
752 {
753 if (!ssl3_do_compress(s))
754 {
755 SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
756 goto err;
757 }
758 }
759 else
760 {
761 memcpy(wr->data,wr->input,wr->length);
762 wr->input=wr->data;
763 }
764
765 /* we should still have the output to wr->data and the input
766 * from wr->input. Length should be wr->length.
767 * wr->data still points in the wb->buf */
768
769 if (mac_size != 0)
770 {
771 if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
772 goto err;
773 wr->length+=mac_size;
774 wr->input=p;
775 wr->data=p;
776 }
777
778 /* ssl3_enc can only have an error on read */
779 s->method->ssl3_enc->enc(s,1);
780
781 /* record length after mac and block padding */
782 s2n(wr->length,plen);
783
784 /* we should now have
785 * wr->data pointing to the encrypted data, which is
786 * wr->length long */
787 wr->type=type; /* not needed but helps for debugging */
788 wr->length+=SSL3_RT_HEADER_LENGTH;
789
790 if (create_empty_fragment)
791 {
792 /* we are in a recursive call;
793 * just return the length, don't write out anything here
794 */
795 return wr->length;
796 }
797
798 /* now let's set up wb */
799 wb->left = prefix_len + wr->length;
800
801 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
802 s->s3->wpend_tot=len;
803 s->s3->wpend_buf=buf;
804 s->s3->wpend_type=type;
805 s->s3->wpend_ret=len;
806
807 /* we now just need to write the buffer */
808 return ssl3_write_pending(s,type,buf,len);
809err:
810 return -1;
811 }
812
813/* if s->s3->wbuf.left != 0, we need to call this */
814int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
815 unsigned int len)
816 {
817 int i;
818 SSL3_BUFFER *wb=&(s->s3->wbuf);
819
820/* XXXX */
821 if ((s->s3->wpend_tot > (int)len)
822 || ((s->s3->wpend_buf != buf) &&
823 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
824 || (s->s3->wpend_type != type))
825 {
826 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
827 return(-1);
828 }
829
830 for (;;)
831 {
832 clear_sys_error();
833 if (s->wbio != NULL)
834 {
835 s->rwstate=SSL_WRITING;
836 i=BIO_write(s->wbio,
837 (char *)&(wb->buf[wb->offset]),
838 (unsigned int)wb->left);
839 }
840 else
841 {
842 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
843 i= -1;
844 }
845 if (i == wb->left)
846 {
847 wb->left=0;
848 wb->offset+=i;
849 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
850 ssl3_release_write_buffer(s);
851 s->rwstate=SSL_NOTHING;
852 return(s->s3->wpend_ret);
853 }
854 else if (i <= 0) {
855 if (s->version == DTLS1_VERSION ||
856 s->version == DTLS1_BAD_VER) {
857 /* For DTLS, just drop it. That's kind of the whole
858 point in using a datagram service */
859 wb->left = 0;
860 }
861 return(i);
862 }
863 wb->offset+=i;
864 wb->left-=i;
865 }
866 }
867
868/* Return up to 'len' payload bytes received in 'type' records.
869 * 'type' is one of the following:
870 *
871 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
872 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
873 * - 0 (during a shutdown, no data has to be returned)
874 *
875 * If we don't have stored data to work from, read a SSL/TLS record first
876 * (possibly multiple records if we still don't have anything to return).
877 *
878 * This function must handle any surprises the peer may have for us, such as
879 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
880 * a surprise, but handled as if it were), or renegotiation requests.
881 * Also if record payloads contain fragments too small to process, we store
882 * them until there is enough for the respective protocol (the record protocol
883 * may use arbitrary fragmentation and even interleaving):
884 * Change cipher spec protocol
885 * just 1 byte needed, no need for keeping anything stored
886 * Alert protocol
887 * 2 bytes needed (AlertLevel, AlertDescription)
888 * Handshake protocol
889 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
890 * to detect unexpected Client Hello and Hello Request messages
891 * here, anything else is handled by higher layers
892 * Application data protocol
893 * none of our business
894 */
895int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
896 {
897 int al,i,j,ret;
898 unsigned int n;
899 SSL3_RECORD *rr;
900 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
901
902 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
903 if (!ssl3_setup_read_buffer(s))
904 return(-1);
905
906 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
907 (peek && (type != SSL3_RT_APPLICATION_DATA)))
908 {
909 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
910 return -1;
911 }
912
913 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
914 /* (partially) satisfy request from storage */
915 {
916 unsigned char *src = s->s3->handshake_fragment;
917 unsigned char *dst = buf;
918 unsigned int k;
919
920 /* peek == 0 */
921 n = 0;
922 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
923 {
924 *dst++ = *src++;
925 len--; s->s3->handshake_fragment_len--;
926 n++;
927 }
928 /* move any remaining fragment bytes: */
929 for (k = 0; k < s->s3->handshake_fragment_len; k++)
930 s->s3->handshake_fragment[k] = *src++;
931 return n;
932 }
933
934 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
935
936 if (!s->in_handshake && SSL_in_init(s))
937 {
938 /* type == SSL3_RT_APPLICATION_DATA */
939 i=s->handshake_func(s);
940 if (i < 0) return(i);
941 if (i == 0)
942 {
943 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
944 return(-1);
945 }
946 }
947start:
948 s->rwstate=SSL_NOTHING;
949
950 /* s->s3->rrec.type - is the type of record
951 * s->s3->rrec.data, - data
952 * s->s3->rrec.off, - offset into 'data' for next read
953 * s->s3->rrec.length, - number of bytes. */
954 rr = &(s->s3->rrec);
955
956 /* get new packet if necessary */
957 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
958 {
959 ret=ssl3_get_record(s);
960 if (ret <= 0) return(ret);
961 }
962
963 /* we now have a packet which can be read and processed */
964
965 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
966 * reset by ssl3_get_finished */
967 && (rr->type != SSL3_RT_HANDSHAKE))
968 {
969 al=SSL_AD_UNEXPECTED_MESSAGE;
970 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
971 goto f_err;
972 }
973
974 /* If the other end has shut down, throw anything we read away
975 * (even in 'peek' mode) */
976 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
977 {
978 rr->length=0;
979 s->rwstate=SSL_NOTHING;
980 return(0);
981 }
982
983
984 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
985 {
986 /* make sure that we are not getting application data when we
987 * are doing a handshake for the first time */
988 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
989 (s->enc_read_ctx == NULL))
990 {
991 al=SSL_AD_UNEXPECTED_MESSAGE;
992 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
993 goto f_err;
994 }
995
996 if (len <= 0) return(len);
997
998 if ((unsigned int)len > rr->length)
999 n = rr->length;
1000 else
1001 n = (unsigned int)len;
1002
1003 memcpy(buf,&(rr->data[rr->off]),n);
1004 if (!peek)
1005 {
1006 rr->length-=n;
1007 rr->off+=n;
1008 if (rr->length == 0)
1009 {
1010 s->rstate=SSL_ST_READ_HEADER;
1011 rr->off=0;
1012 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1013 ssl3_release_read_buffer(s);
1014 }
1015 }
1016 return(n);
1017 }
1018
1019
1020 /* If we get here, then type != rr->type; if we have a handshake
1021 * message, then it was unexpected (Hello Request or Client Hello). */
1022
1023 /* In case of record types for which we have 'fragment' storage,
1024 * fill that so that we can process the data at a fixed place.
1025 */
1026 {
1027 unsigned int dest_maxlen = 0;
1028 unsigned char *dest = NULL;
1029 unsigned int *dest_len = NULL;
1030
1031 if (rr->type == SSL3_RT_HANDSHAKE)
1032 {
1033 dest_maxlen = sizeof s->s3->handshake_fragment;
1034 dest = s->s3->handshake_fragment;
1035 dest_len = &s->s3->handshake_fragment_len;
1036 }
1037 else if (rr->type == SSL3_RT_ALERT)
1038 {
1039 dest_maxlen = sizeof s->s3->alert_fragment;
1040 dest = s->s3->alert_fragment;
1041 dest_len = &s->s3->alert_fragment_len;
1042 }
1043
1044 if (dest_maxlen > 0)
1045 {
1046 n = dest_maxlen - *dest_len; /* available space in 'dest' */
1047 if (rr->length < n)
1048 n = rr->length; /* available bytes */
1049
1050 /* now move 'n' bytes: */
1051 while (n-- > 0)
1052 {
1053 dest[(*dest_len)++] = rr->data[rr->off++];
1054 rr->length--;
1055 }
1056
1057 if (*dest_len < dest_maxlen)
1058 goto start; /* fragment was too small */
1059 }
1060 }
1061
1062 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1063 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1064 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1065
1066 /* If we are a client, check for an incoming 'Hello Request': */
1067 if ((!s->server) &&
1068 (s->s3->handshake_fragment_len >= 4) &&
1069 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1070 (s->session != NULL) && (s->session->cipher != NULL))
1071 {
1072 s->s3->handshake_fragment_len = 0;
1073
1074 if ((s->s3->handshake_fragment[1] != 0) ||
1075 (s->s3->handshake_fragment[2] != 0) ||
1076 (s->s3->handshake_fragment[3] != 0))
1077 {
1078 al=SSL_AD_DECODE_ERROR;
1079 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1080 goto f_err;
1081 }
1082
1083 if (s->msg_callback)
1084 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
1085
1086 if (SSL_is_init_finished(s) &&
1087 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1088 !s->s3->renegotiate)
1089 {
1090 ssl3_renegotiate(s);
1091 if (ssl3_renegotiate_check(s))
1092 {
1093 i=s->handshake_func(s);
1094 if (i < 0) return(i);
1095 if (i == 0)
1096 {
1097 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1098 return(-1);
1099 }
1100
1101 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1102 {
1103 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1104 {
1105 BIO *bio;
1106 /* In the case where we try to read application data,
1107 * but we trigger an SSL handshake, we return -1 with
1108 * the retry option set. Otherwise renegotiation may
1109 * cause nasty problems in the blocking world */
1110 s->rwstate=SSL_READING;
1111 bio=SSL_get_rbio(s);
1112 BIO_clear_retry_flags(bio);
1113 BIO_set_retry_read(bio);
1114 return(-1);
1115 }
1116 }
1117 }
1118 }
1119 /* we either finished a handshake or ignored the request,
1120 * now try again to obtain the (application) data we were asked for */
1121 goto start;
1122 }
1123 /* If we are a server and get a client hello when renegotiation isn't
1124 * allowed send back a no renegotiation alert and carry on.
1125 * WARNING: experimental code, needs reviewing (steve)
1126 */
1127 if (s->server &&
1128 SSL_is_init_finished(s) &&
1129 !s->s3->send_connection_binding &&
1130 (s->version > SSL3_VERSION) &&
1131 (s->s3->handshake_fragment_len >= 4) &&
1132 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1133 (s->session != NULL) && (s->session->cipher != NULL) &&
1134 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1135
1136 {
1137 /*s->s3->handshake_fragment_len = 0;*/
1138 rr->length = 0;
1139 ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1140 goto start;
1141 }
1142 if (s->s3->alert_fragment_len >= 2)
1143 {
1144 int alert_level = s->s3->alert_fragment[0];
1145 int alert_descr = s->s3->alert_fragment[1];
1146
1147 s->s3->alert_fragment_len = 0;
1148
1149 if (s->msg_callback)
1150 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1151
1152 if (s->info_callback != NULL)
1153 cb=s->info_callback;
1154 else if (s->ctx->info_callback != NULL)
1155 cb=s->ctx->info_callback;
1156
1157 if (cb != NULL)
1158 {
1159 j = (alert_level << 8) | alert_descr;
1160 cb(s, SSL_CB_READ_ALERT, j);
1161 }
1162
1163 if (alert_level == 1) /* warning */
1164 {
1165 s->s3->warn_alert = alert_descr;
1166 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1167 {
1168 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1169 return(0);
1170 }
1171 /* This is a warning but we receive it if we requested
1172 * renegotiation and the peer denied it. Terminate with
1173 * a fatal alert because if application tried to
1174 * renegotiatie it presumably had a good reason and
1175 * expects it to succeed.
1176 *
1177 * In future we might have a renegotiation where we
1178 * don't care if the peer refused it where we carry on.
1179 */
1180 else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
1181 {
1182 al = SSL_AD_HANDSHAKE_FAILURE;
1183 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1184 goto f_err;
1185 }
1186 }
1187 else if (alert_level == 2) /* fatal */
1188 {
1189 char tmp[16];
1190
1191 s->rwstate=SSL_NOTHING;
1192 s->s3->fatal_alert = alert_descr;
1193 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1194 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1195 ERR_add_error_data(2,"SSL alert number ",tmp);
1196 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1197 SSL_CTX_remove_session(s->ctx,s->session);
1198 return(0);
1199 }
1200 else
1201 {
1202 al=SSL_AD_ILLEGAL_PARAMETER;
1203 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1204 goto f_err;
1205 }
1206
1207 goto start;
1208 }
1209
1210 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1211 {
1212 s->rwstate=SSL_NOTHING;
1213 rr->length=0;
1214 return(0);
1215 }
1216
1217 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1218 {
1219 /* 'Change Cipher Spec' is just a single byte, so we know
1220 * exactly what the record payload has to look like */
1221 if ( (rr->length != 1) || (rr->off != 0) ||
1222 (rr->data[0] != SSL3_MT_CCS))
1223 {
1224 al=SSL_AD_ILLEGAL_PARAMETER;
1225 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1226 goto f_err;
1227 }
1228
1229 /* Check we have a cipher to change to */
1230 if (s->s3->tmp.new_cipher == NULL)
1231 {
1232 al=SSL_AD_UNEXPECTED_MESSAGE;
1233 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
1234 goto f_err;
1235 }
1236
1237 rr->length=0;
1238
1239 if (s->msg_callback)
1240 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1241
1242 s->s3->change_cipher_spec=1;
1243 if (!ssl3_do_change_cipher_spec(s))
1244 goto err;
1245 else
1246 goto start;
1247 }
1248
1249 /* Unexpected handshake message (Client Hello, or protocol violation) */
1250 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1251 {
1252 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1253 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1254 {
1255#if 0 /* worked only because C operator preferences are not as expected (and
1256 * because this is not really needed for clients except for detecting
1257 * protocol violations): */
1258 s->state=SSL_ST_BEFORE|(s->server)
1259 ?SSL_ST_ACCEPT
1260 :SSL_ST_CONNECT;
1261#else
1262 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1263#endif
1264 s->new_session=1;
1265 }
1266 i=s->handshake_func(s);
1267 if (i < 0) return(i);
1268 if (i == 0)
1269 {
1270 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1271 return(-1);
1272 }
1273
1274 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1275 {
1276 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1277 {
1278 BIO *bio;
1279 /* In the case where we try to read application data,
1280 * but we trigger an SSL handshake, we return -1 with
1281 * the retry option set. Otherwise renegotiation may
1282 * cause nasty problems in the blocking world */
1283 s->rwstate=SSL_READING;
1284 bio=SSL_get_rbio(s);
1285 BIO_clear_retry_flags(bio);
1286 BIO_set_retry_read(bio);
1287 return(-1);
1288 }
1289 }
1290 goto start;
1291 }
1292
1293 switch (rr->type)
1294 {
1295 default:
1296#ifndef OPENSSL_NO_TLS
1297 /* TLS just ignores unknown message types */
1298 if (s->version == TLS1_VERSION)
1299 {
1300 rr->length = 0;
1301 goto start;
1302 }
1303#endif
1304 al=SSL_AD_UNEXPECTED_MESSAGE;
1305 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1306 goto f_err;
1307 case SSL3_RT_CHANGE_CIPHER_SPEC:
1308 case SSL3_RT_ALERT:
1309 case SSL3_RT_HANDSHAKE:
1310 /* we already handled all of these, with the possible exception
1311 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1312 * should not happen when type != rr->type */
1313 al=SSL_AD_UNEXPECTED_MESSAGE;
1314 SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
1315 goto f_err;
1316 case SSL3_RT_APPLICATION_DATA:
1317 /* At this point, we were expecting handshake data,
1318 * but have application data. If the library was
1319 * running inside ssl3_read() (i.e. in_read_app_data
1320 * is set) and it makes sense to read application data
1321 * at this point (session renegotiation not yet started),
1322 * we will indulge it.
1323 */
1324 if (s->s3->in_read_app_data &&
1325 (s->s3->total_renegotiations != 0) &&
1326 ((
1327 (s->state & SSL_ST_CONNECT) &&
1328 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1329 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1330 ) || (
1331 (s->state & SSL_ST_ACCEPT) &&
1332 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1333 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1334 )
1335 ))
1336 {
1337 s->s3->in_read_app_data=2;
1338 return(-1);
1339 }
1340 else
1341 {
1342 al=SSL_AD_UNEXPECTED_MESSAGE;
1343 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1344 goto f_err;
1345 }
1346 }
1347 /* not reached */
1348
1349f_err:
1350 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1351err:
1352 return(-1);
1353 }
1354
1355int ssl3_do_change_cipher_spec(SSL *s)
1356 {
1357 int i;
1358 const char *sender;
1359 int slen;
1360
1361 if (s->state & SSL_ST_ACCEPT)
1362 i=SSL3_CHANGE_CIPHER_SERVER_READ;
1363 else
1364 i=SSL3_CHANGE_CIPHER_CLIENT_READ;
1365
1366 if (s->s3->tmp.key_block == NULL)
1367 {
1368 if (s->session == NULL)
1369 {
1370 /* might happen if dtls1_read_bytes() calls this */
1371 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
1372 return (0);
1373 }
1374
1375 s->session->cipher=s->s3->tmp.new_cipher;
1376 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1377 }
1378
1379 if (!s->method->ssl3_enc->change_cipher_state(s,i))
1380 return(0);
1381
1382 /* we have to record the message digest at
1383 * this point so we can get it before we read
1384 * the finished message */
1385 if (s->state & SSL_ST_CONNECT)
1386 {
1387 sender=s->method->ssl3_enc->server_finished_label;
1388 slen=s->method->ssl3_enc->server_finished_label_len;
1389 }
1390 else
1391 {
1392 sender=s->method->ssl3_enc->client_finished_label;
1393 slen=s->method->ssl3_enc->client_finished_label_len;
1394 }
1395
1396 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
1397 sender,slen,s->s3->tmp.peer_finish_md);
1398
1399 return(1);
1400 }
1401
1402int ssl3_send_alert(SSL *s, int level, int desc)
1403 {
1404 /* Map tls/ssl alert value to correct one */
1405 desc=s->method->ssl3_enc->alert_value(desc);
1406 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1407 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1408 if (desc < 0) return -1;
1409 /* If a fatal one, remove from cache */
1410 if ((level == 2) && (s->session != NULL))
1411 SSL_CTX_remove_session(s->ctx,s->session);
1412
1413 s->s3->alert_dispatch=1;
1414 s->s3->send_alert[0]=level;
1415 s->s3->send_alert[1]=desc;
1416 if (s->s3->wbuf.left == 0) /* data still being written out? */
1417 return s->method->ssl_dispatch_alert(s);
1418 /* else data is still being written out, we will get written
1419 * some time in the future */
1420 return -1;
1421 }
1422
1423int ssl3_dispatch_alert(SSL *s)
1424 {
1425 int i,j;
1426 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1427
1428 s->s3->alert_dispatch=0;
1429 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1430 if (i <= 0)
1431 {
1432 s->s3->alert_dispatch=1;
1433 }
1434 else
1435 {
1436 /* Alert sent to BIO. If it is important, flush it now.
1437 * If the message does not get sent due to non-blocking IO,
1438 * we will not worry too much. */
1439 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1440 (void)BIO_flush(s->wbio);
1441
1442 if (s->msg_callback)
1443 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
1444
1445 if (s->info_callback != NULL)
1446 cb=s->info_callback;
1447 else if (s->ctx->info_callback != NULL)
1448 cb=s->ctx->info_callback;
1449
1450 if (cb != NULL)
1451 {
1452 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1453 cb(s,SSL_CB_WRITE_ALERT,j);
1454 }
1455 }
1456 return(i);
1457 }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
deleted file mode 100644
index 61ee0a3e42..0000000000
--- a/src/lib/libssl/s3_srvr.c
+++ /dev/null
@@ -1,3185 +0,0 @@
1/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#define REUSE_CIPHER_BUG
152#define NETSCAPE_HANG_BUG
153
154#include <stdio.h>
155#include "ssl_locl.h"
156#include "kssl_lcl.h"
157#include <openssl/buffer.h>
158#include <openssl/rand.h>
159#include <openssl/objects.h>
160#include <openssl/evp.h>
161#include <openssl/hmac.h>
162#include <openssl/x509.h>
163#ifndef OPENSSL_NO_DH
164#include <openssl/dh.h>
165#endif
166#include <openssl/bn.h>
167#ifndef OPENSSL_NO_KRB5
168#include <openssl/krb5_asn.h>
169#endif
170#include <openssl/md5.h>
171
172static const SSL_METHOD *ssl3_get_server_method(int ver);
173
174static const SSL_METHOD *ssl3_get_server_method(int ver)
175 {
176 if (ver == SSL3_VERSION)
177 return(SSLv3_server_method());
178 else
179 return(NULL);
180 }
181
182IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
183 ssl3_accept,
184 ssl_undefined_function,
185 ssl3_get_server_method)
186
187int ssl3_accept(SSL *s)
188 {
189 BUF_MEM *buf;
190 unsigned long alg_k,Time=(unsigned long)time(NULL);
191 void (*cb)(const SSL *ssl,int type,int val)=NULL;
192 int ret= -1;
193 int new_state,state,skip=0;
194
195 RAND_add(&Time,sizeof(Time),0);
196 ERR_clear_error();
197 clear_sys_error();
198
199 if (s->info_callback != NULL)
200 cb=s->info_callback;
201 else if (s->ctx->info_callback != NULL)
202 cb=s->ctx->info_callback;
203
204 /* init things to blank */
205 s->in_handshake++;
206 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
207
208 if (s->cert == NULL)
209 {
210 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
211 return(-1);
212 }
213
214 for (;;)
215 {
216 state=s->state;
217
218 switch (s->state)
219 {
220 case SSL_ST_RENEGOTIATE:
221 s->new_session=1;
222 /* s->state=SSL_ST_ACCEPT; */
223
224 case SSL_ST_BEFORE:
225 case SSL_ST_ACCEPT:
226 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
227 case SSL_ST_OK|SSL_ST_ACCEPT:
228
229 s->server=1;
230 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
231
232 if ((s->version>>8) != 3)
233 {
234 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
235 return -1;
236 }
237 s->type=SSL_ST_ACCEPT;
238
239 if (s->init_buf == NULL)
240 {
241 if ((buf=BUF_MEM_new()) == NULL)
242 {
243 ret= -1;
244 goto end;
245 }
246 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
247 {
248 ret= -1;
249 goto end;
250 }
251 s->init_buf=buf;
252 }
253
254 if (!ssl3_setup_buffers(s))
255 {
256 ret= -1;
257 goto end;
258 }
259
260 s->init_num=0;
261
262 if (s->state != SSL_ST_RENEGOTIATE)
263 {
264 /* Ok, we now need to push on a buffering BIO so that
265 * the output is sent in a way that TCP likes :-)
266 */
267 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
268
269 ssl3_init_finished_mac(s);
270 s->state=SSL3_ST_SR_CLNT_HELLO_A;
271 s->ctx->stats.sess_accept++;
272 }
273 else if (!s->s3->send_connection_binding &&
274 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
275 {
276 /* Server attempting to renegotiate with
277 * client that doesn't support secure
278 * renegotiation.
279 */
280 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
281 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
282 ret = -1;
283 goto end;
284 }
285 else
286 {
287 /* s->state == SSL_ST_RENEGOTIATE,
288 * we will just send a HelloRequest */
289 s->ctx->stats.sess_accept_renegotiate++;
290 s->state=SSL3_ST_SW_HELLO_REQ_A;
291 }
292 break;
293
294 case SSL3_ST_SW_HELLO_REQ_A:
295 case SSL3_ST_SW_HELLO_REQ_B:
296
297 s->shutdown=0;
298 ret=ssl3_send_hello_request(s);
299 if (ret <= 0) goto end;
300 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
301 s->state=SSL3_ST_SW_FLUSH;
302 s->init_num=0;
303
304 ssl3_init_finished_mac(s);
305 break;
306
307 case SSL3_ST_SW_HELLO_REQ_C:
308 s->state=SSL_ST_OK;
309 break;
310
311 case SSL3_ST_SR_CLNT_HELLO_A:
312 case SSL3_ST_SR_CLNT_HELLO_B:
313 case SSL3_ST_SR_CLNT_HELLO_C:
314
315 s->shutdown=0;
316 ret=ssl3_get_client_hello(s);
317 if (ret <= 0) goto end;
318
319 s->new_session = 2;
320 s->state=SSL3_ST_SW_SRVR_HELLO_A;
321 s->init_num=0;
322 break;
323
324 case SSL3_ST_SW_SRVR_HELLO_A:
325 case SSL3_ST_SW_SRVR_HELLO_B:
326 ret=ssl3_send_server_hello(s);
327 if (ret <= 0) goto end;
328#ifndef OPENSSL_NO_TLSEXT
329 if (s->hit)
330 {
331 if (s->tlsext_ticket_expected)
332 s->state=SSL3_ST_SW_SESSION_TICKET_A;
333 else
334 s->state=SSL3_ST_SW_CHANGE_A;
335 }
336#else
337 if (s->hit)
338 s->state=SSL3_ST_SW_CHANGE_A;
339#endif
340 else
341 s->state=SSL3_ST_SW_CERT_A;
342 s->init_num=0;
343 break;
344
345 case SSL3_ST_SW_CERT_A:
346 case SSL3_ST_SW_CERT_B:
347 /* Check if it is anon DH or anon ECDH, */
348 /* normal PSK or KRB5 */
349 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
350 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
351 && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
352 {
353 ret=ssl3_send_server_certificate(s);
354 if (ret <= 0) goto end;
355#ifndef OPENSSL_NO_TLSEXT
356 if (s->tlsext_status_expected)
357 s->state=SSL3_ST_SW_CERT_STATUS_A;
358 else
359 s->state=SSL3_ST_SW_KEY_EXCH_A;
360 }
361 else
362 {
363 skip = 1;
364 s->state=SSL3_ST_SW_KEY_EXCH_A;
365 }
366#else
367 }
368 else
369 skip=1;
370
371 s->state=SSL3_ST_SW_KEY_EXCH_A;
372#endif
373 s->init_num=0;
374 break;
375
376 case SSL3_ST_SW_KEY_EXCH_A:
377 case SSL3_ST_SW_KEY_EXCH_B:
378 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
379
380 /* clear this, it may get reset by
381 * send_server_key_exchange */
382 if ((s->options & SSL_OP_EPHEMERAL_RSA)
383#ifndef OPENSSL_NO_KRB5
384 && !(alg_k & SSL_kKRB5)
385#endif /* OPENSSL_NO_KRB5 */
386 )
387 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
388 * even when forbidden by protocol specs
389 * (handshake may fail as clients are not required to
390 * be able to handle this) */
391 s->s3->tmp.use_rsa_tmp=1;
392 else
393 s->s3->tmp.use_rsa_tmp=0;
394
395
396 /* only send if a DH key exchange, fortezza or
397 * RSA but we have a sign only certificate
398 *
399 * PSK: may send PSK identity hints
400 *
401 * For ECC ciphersuites, we send a serverKeyExchange
402 * message only if the cipher suite is either
403 * ECDH-anon or ECDHE. In other cases, the
404 * server certificate contains the server's
405 * public key for key exchange.
406 */
407 if (s->s3->tmp.use_rsa_tmp
408 /* PSK: send ServerKeyExchange if PSK identity
409 * hint if provided */
410#ifndef OPENSSL_NO_PSK
411 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
412#endif
413 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
414 || (alg_k & SSL_kEECDH)
415 || ((alg_k & SSL_kRSA)
416 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
417 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
418 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
419 )
420 )
421 )
422 )
423 {
424 ret=ssl3_send_server_key_exchange(s);
425 if (ret <= 0) goto end;
426 }
427 else
428 skip=1;
429
430 s->state=SSL3_ST_SW_CERT_REQ_A;
431 s->init_num=0;
432 break;
433
434 case SSL3_ST_SW_CERT_REQ_A:
435 case SSL3_ST_SW_CERT_REQ_B:
436 if (/* don't request cert unless asked for it: */
437 !(s->verify_mode & SSL_VERIFY_PEER) ||
438 /* if SSL_VERIFY_CLIENT_ONCE is set,
439 * don't request cert during re-negotiation: */
440 ((s->session->peer != NULL) &&
441 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
442 /* never request cert in anonymous ciphersuites
443 * (see section "Certificate request" in SSL 3 drafts
444 * and in RFC 2246): */
445 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
446 /* ... except when the application insists on verification
447 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
448 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
449 /* never request cert in Kerberos ciphersuites */
450 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
451 /* With normal PSK Certificates and
452 * Certificate Requests are omitted */
453 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
454 {
455 /* no cert request */
456 skip=1;
457 s->s3->tmp.cert_request=0;
458 s->state=SSL3_ST_SW_SRVR_DONE_A;
459 }
460 else
461 {
462 s->s3->tmp.cert_request=1;
463 ret=ssl3_send_certificate_request(s);
464 if (ret <= 0) goto end;
465#ifndef NETSCAPE_HANG_BUG
466 s->state=SSL3_ST_SW_SRVR_DONE_A;
467#else
468 s->state=SSL3_ST_SW_FLUSH;
469 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
470#endif
471 s->init_num=0;
472 }
473 break;
474
475 case SSL3_ST_SW_SRVR_DONE_A:
476 case SSL3_ST_SW_SRVR_DONE_B:
477 ret=ssl3_send_server_done(s);
478 if (ret <= 0) goto end;
479 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
480 s->state=SSL3_ST_SW_FLUSH;
481 s->init_num=0;
482 break;
483
484 case SSL3_ST_SW_FLUSH:
485
486 /* This code originally checked to see if
487 * any data was pending using BIO_CTRL_INFO
488 * and then flushed. This caused problems
489 * as documented in PR#1939. The proposed
490 * fix doesn't completely resolve this issue
491 * as buggy implementations of BIO_CTRL_PENDING
492 * still exist. So instead we just flush
493 * unconditionally.
494 */
495
496 s->rwstate=SSL_WRITING;
497 if (BIO_flush(s->wbio) <= 0)
498 {
499 ret= -1;
500 goto end;
501 }
502 s->rwstate=SSL_NOTHING;
503
504 s->state=s->s3->tmp.next_state;
505 break;
506
507 case SSL3_ST_SR_CERT_A:
508 case SSL3_ST_SR_CERT_B:
509 /* Check for second client hello (MS SGC) */
510 ret = ssl3_check_client_hello(s);
511 if (ret <= 0)
512 goto end;
513 if (ret == 2)
514 s->state = SSL3_ST_SR_CLNT_HELLO_C;
515 else {
516 if (s->s3->tmp.cert_request)
517 {
518 ret=ssl3_get_client_certificate(s);
519 if (ret <= 0) goto end;
520 }
521 s->init_num=0;
522 s->state=SSL3_ST_SR_KEY_EXCH_A;
523 }
524 break;
525
526 case SSL3_ST_SR_KEY_EXCH_A:
527 case SSL3_ST_SR_KEY_EXCH_B:
528 ret=ssl3_get_client_key_exchange(s);
529 if (ret <= 0)
530 goto end;
531 if (ret == 2)
532 {
533 /* For the ECDH ciphersuites when
534 * the client sends its ECDH pub key in
535 * a certificate, the CertificateVerify
536 * message is not sent.
537 * Also for GOST ciphersuites when
538 * the client uses its key from the certificate
539 * for key exchange.
540 */
541 s->state=SSL3_ST_SR_FINISHED_A;
542 s->init_num = 0;
543 }
544 else
545 {
546 int offset=0;
547 int dgst_num;
548
549 s->state=SSL3_ST_SR_CERT_VRFY_A;
550 s->init_num=0;
551
552 /* We need to get hashes here so if there is
553 * a client cert, it can be verified
554 * FIXME - digest processing for CertificateVerify
555 * should be generalized. But it is next step
556 */
557 if (s->s3->handshake_buffer)
558 if (!ssl3_digest_cached_records(s))
559 return -1;
560 for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
561 if (s->s3->handshake_dgst[dgst_num])
562 {
563 int dgst_size;
564
565 s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
566 dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
567 if (dgst_size < 0)
568 {
569 ret = -1;
570 goto end;
571 }
572 offset+=dgst_size;
573 }
574 }
575 break;
576
577 case SSL3_ST_SR_CERT_VRFY_A:
578 case SSL3_ST_SR_CERT_VRFY_B:
579
580 /* we should decide if we expected this one */
581 ret=ssl3_get_cert_verify(s);
582 if (ret <= 0) goto end;
583
584 s->state=SSL3_ST_SR_FINISHED_A;
585 s->init_num=0;
586 break;
587
588 case SSL3_ST_SR_FINISHED_A:
589 case SSL3_ST_SR_FINISHED_B:
590 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
591 SSL3_ST_SR_FINISHED_B);
592 if (ret <= 0) goto end;
593#ifndef OPENSSL_NO_TLSEXT
594 if (s->tlsext_ticket_expected)
595 s->state=SSL3_ST_SW_SESSION_TICKET_A;
596 else if (s->hit)
597 s->state=SSL_ST_OK;
598#else
599 if (s->hit)
600 s->state=SSL_ST_OK;
601#endif
602 else
603 s->state=SSL3_ST_SW_CHANGE_A;
604 s->init_num=0;
605 break;
606
607#ifndef OPENSSL_NO_TLSEXT
608 case SSL3_ST_SW_SESSION_TICKET_A:
609 case SSL3_ST_SW_SESSION_TICKET_B:
610 ret=ssl3_send_newsession_ticket(s);
611 if (ret <= 0) goto end;
612 s->state=SSL3_ST_SW_CHANGE_A;
613 s->init_num=0;
614 break;
615
616 case SSL3_ST_SW_CERT_STATUS_A:
617 case SSL3_ST_SW_CERT_STATUS_B:
618 ret=ssl3_send_cert_status(s);
619 if (ret <= 0) goto end;
620 s->state=SSL3_ST_SW_KEY_EXCH_A;
621 s->init_num=0;
622 break;
623
624#endif
625
626 case SSL3_ST_SW_CHANGE_A:
627 case SSL3_ST_SW_CHANGE_B:
628
629 s->session->cipher=s->s3->tmp.new_cipher;
630 if (!s->method->ssl3_enc->setup_key_block(s))
631 { ret= -1; goto end; }
632
633 ret=ssl3_send_change_cipher_spec(s,
634 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
635
636 if (ret <= 0) goto end;
637 s->state=SSL3_ST_SW_FINISHED_A;
638 s->init_num=0;
639
640 if (!s->method->ssl3_enc->change_cipher_state(s,
641 SSL3_CHANGE_CIPHER_SERVER_WRITE))
642 {
643 ret= -1;
644 goto end;
645 }
646
647 break;
648
649 case SSL3_ST_SW_FINISHED_A:
650 case SSL3_ST_SW_FINISHED_B:
651 ret=ssl3_send_finished(s,
652 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
653 s->method->ssl3_enc->server_finished_label,
654 s->method->ssl3_enc->server_finished_label_len);
655 if (ret <= 0) goto end;
656 s->state=SSL3_ST_SW_FLUSH;
657 if (s->hit)
658 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
659 else
660 s->s3->tmp.next_state=SSL_ST_OK;
661 s->init_num=0;
662 break;
663
664 case SSL_ST_OK:
665 /* clean a few things up */
666 ssl3_cleanup_key_block(s);
667
668 BUF_MEM_free(s->init_buf);
669 s->init_buf=NULL;
670
671 /* remove buffering on output */
672 ssl_free_wbio_buffer(s);
673
674 s->init_num=0;
675
676 if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
677 {
678 /* actually not necessarily a 'new' session unless
679 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
680
681 s->new_session=0;
682
683 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
684
685 s->ctx->stats.sess_accept_good++;
686 /* s->server=1; */
687 s->handshake_func=ssl3_accept;
688
689 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
690 }
691
692 ret = 1;
693 goto end;
694 /* break; */
695
696 default:
697 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
698 ret= -1;
699 goto end;
700 /* break; */
701 }
702
703 if (!s->s3->tmp.reuse_message && !skip)
704 {
705 if (s->debug)
706 {
707 if ((ret=BIO_flush(s->wbio)) <= 0)
708 goto end;
709 }
710
711
712 if ((cb != NULL) && (s->state != state))
713 {
714 new_state=s->state;
715 s->state=state;
716 cb(s,SSL_CB_ACCEPT_LOOP,1);
717 s->state=new_state;
718 }
719 }
720 skip=0;
721 }
722end:
723 /* BIO_flush(s->wbio); */
724
725 s->in_handshake--;
726 if (cb != NULL)
727 cb(s,SSL_CB_ACCEPT_EXIT,ret);
728 return(ret);
729 }
730
731int ssl3_send_hello_request(SSL *s)
732 {
733 unsigned char *p;
734
735 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
736 {
737 p=(unsigned char *)s->init_buf->data;
738 *(p++)=SSL3_MT_HELLO_REQUEST;
739 *(p++)=0;
740 *(p++)=0;
741 *(p++)=0;
742
743 s->state=SSL3_ST_SW_HELLO_REQ_B;
744 /* number of bytes to write */
745 s->init_num=4;
746 s->init_off=0;
747 }
748
749 /* SSL3_ST_SW_HELLO_REQ_B */
750 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
751 }
752
753int ssl3_check_client_hello(SSL *s)
754 {
755 int ok;
756 long n;
757
758 /* this function is called when we really expect a Certificate message,
759 * so permit appropriate message length */
760 n=s->method->ssl_get_message(s,
761 SSL3_ST_SR_CERT_A,
762 SSL3_ST_SR_CERT_B,
763 -1,
764 s->max_cert_list,
765 &ok);
766 if (!ok) return((int)n);
767 s->s3->tmp.reuse_message = 1;
768 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
769 {
770 /* Throw away what we have done so far in the current handshake,
771 * which will now be aborted. (A full SSL_clear would be too much.)
772 * I hope that tmp.dh is the only thing that may need to be cleared
773 * when a handshake is not completed ... */
774#ifndef OPENSSL_NO_DH
775 if (s->s3->tmp.dh != NULL)
776 {
777 DH_free(s->s3->tmp.dh);
778 s->s3->tmp.dh = NULL;
779 }
780#endif
781 return 2;
782 }
783 return 1;
784}
785
786int ssl3_get_client_hello(SSL *s)
787 {
788 int i,j,ok,al,ret= -1;
789 unsigned int cookie_len;
790 long n;
791 unsigned long id;
792 unsigned char *p,*d,*q;
793 SSL_CIPHER *c;
794#ifndef OPENSSL_NO_COMP
795 SSL_COMP *comp=NULL;
796#endif
797 STACK_OF(SSL_CIPHER) *ciphers=NULL;
798
799 /* We do this so that we will respond with our native type.
800 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
801 * This down switching should be handled by a different method.
802 * If we are SSLv3, we will respond with SSLv3, even if prompted with
803 * TLSv1.
804 */
805 if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
806 {
807 s->state=SSL3_ST_SR_CLNT_HELLO_B;
808 }
809 s->first_packet=1;
810 n=s->method->ssl_get_message(s,
811 SSL3_ST_SR_CLNT_HELLO_B,
812 SSL3_ST_SR_CLNT_HELLO_C,
813 SSL3_MT_CLIENT_HELLO,
814 SSL3_RT_MAX_PLAIN_LENGTH,
815 &ok);
816
817 if (!ok) return((int)n);
818 s->first_packet=0;
819 d=p=(unsigned char *)s->init_msg;
820
821 /* use version from inside client hello, not from record header
822 * (may differ: see RFC 2246, Appendix E, second paragraph) */
823 s->client_version=(((int)p[0])<<8)|(int)p[1];
824 p+=2;
825
826 if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
827 (s->version != DTLS1_VERSION && s->client_version < s->version))
828 {
829 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
830 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
831 {
832 /* similar to ssl3_get_record, send alert using remote version number */
833 s->version = s->client_version;
834 }
835 al = SSL_AD_PROTOCOL_VERSION;
836 goto f_err;
837 }
838
839 /* If we require cookies and this ClientHello doesn't
840 * contain one, just return since we do not want to
841 * allocate any memory yet. So check cookie length...
842 */
843 if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
844 {
845 unsigned int session_length, cookie_length;
846
847 session_length = *(p + SSL3_RANDOM_SIZE);
848 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
849
850 if (cookie_length == 0)
851 return 1;
852 }
853
854 /* load the client random */
855 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
856 p+=SSL3_RANDOM_SIZE;
857
858 /* get the session-id */
859 j= *(p++);
860
861 s->hit=0;
862 /* Versions before 0.9.7 always allow session reuse during renegotiation
863 * (i.e. when s->new_session is true), option
864 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
865 * Maybe this optional behaviour should always have been the default,
866 * but we cannot safely change the default behaviour (or new applications
867 * might be written that become totally unsecure when compiled with
868 * an earlier library version)
869 */
870 if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
871 {
872 if (!ssl_get_new_session(s,1))
873 goto err;
874 }
875 else
876 {
877 i=ssl_get_prev_session(s, p, j, d + n);
878 if (i == 1)
879 { /* previous session */
880 s->hit=1;
881 }
882 else if (i == -1)
883 goto err;
884 else /* i == 0 */
885 {
886 if (!ssl_get_new_session(s,1))
887 goto err;
888 }
889 }
890
891 p+=j;
892
893 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
894 {
895 /* cookie stuff */
896 cookie_len = *(p++);
897
898 /*
899 * The ClientHello may contain a cookie even if the
900 * HelloVerify message has not been sent--make sure that it
901 * does not cause an overflow.
902 */
903 if ( cookie_len > sizeof(s->d1->rcvd_cookie))
904 {
905 /* too much data */
906 al = SSL_AD_DECODE_ERROR;
907 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
908 goto f_err;
909 }
910
911 /* verify the cookie if appropriate option is set. */
912 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
913 cookie_len > 0)
914 {
915 memcpy(s->d1->rcvd_cookie, p, cookie_len);
916
917 if ( s->ctx->app_verify_cookie_cb != NULL)
918 {
919 if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
920 cookie_len) == 0)
921 {
922 al=SSL_AD_HANDSHAKE_FAILURE;
923 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
924 SSL_R_COOKIE_MISMATCH);
925 goto f_err;
926 }
927 /* else cookie verification succeeded */
928 }
929 else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
930 s->d1->cookie_len) != 0) /* default verification */
931 {
932 al=SSL_AD_HANDSHAKE_FAILURE;
933 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
934 SSL_R_COOKIE_MISMATCH);
935 goto f_err;
936 }
937
938 ret = 2;
939 }
940
941 p += cookie_len;
942 }
943
944 n2s(p,i);
945 if ((i == 0) && (j != 0))
946 {
947 /* we need a cipher if we are not resuming a session */
948 al=SSL_AD_ILLEGAL_PARAMETER;
949 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
950 goto f_err;
951 }
952 if ((p+i) >= (d+n))
953 {
954 /* not enough data */
955 al=SSL_AD_DECODE_ERROR;
956 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
957 goto f_err;
958 }
959 if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
960 == NULL))
961 {
962 goto err;
963 }
964 p+=i;
965
966 /* If it is a hit, check that the cipher is in the list */
967 if ((s->hit) && (i > 0))
968 {
969 j=0;
970 id=s->session->cipher->id;
971
972#ifdef CIPHER_DEBUG
973 printf("client sent %d ciphers\n",sk_num(ciphers));
974#endif
975 for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
976 {
977 c=sk_SSL_CIPHER_value(ciphers,i);
978#ifdef CIPHER_DEBUG
979 printf("client [%2d of %2d]:%s\n",
980 i,sk_num(ciphers),SSL_CIPHER_get_name(c));
981#endif
982 if (c->id == id)
983 {
984 j=1;
985 break;
986 }
987 }
988/* Disabled because it can be used in a ciphersuite downgrade
989 * attack: CVE-2010-4180.
990 */
991#if 0
992 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
993 {
994 /* Special case as client bug workaround: the previously used cipher may
995 * not be in the current list, the client instead might be trying to
996 * continue using a cipher that before wasn't chosen due to server
997 * preferences. We'll have to reject the connection if the cipher is not
998 * enabled, though. */
999 c = sk_SSL_CIPHER_value(ciphers, 0);
1000 if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
1001 {
1002 s->session->cipher = c;
1003 j = 1;
1004 }
1005 }
1006#endif
1007 if (j == 0)
1008 {
1009 /* we need to have the cipher in the cipher
1010 * list if we are asked to reuse it */
1011 al=SSL_AD_ILLEGAL_PARAMETER;
1012 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
1013 goto f_err;
1014 }
1015 }
1016
1017 /* compression */
1018 i= *(p++);
1019 if ((p+i) > (d+n))
1020 {
1021 /* not enough data */
1022 al=SSL_AD_DECODE_ERROR;
1023 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1024 goto f_err;
1025 }
1026 q=p;
1027 for (j=0; j<i; j++)
1028 {
1029 if (p[j] == 0) break;
1030 }
1031
1032 p+=i;
1033 if (j >= i)
1034 {
1035 /* no compress */
1036 al=SSL_AD_DECODE_ERROR;
1037 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
1038 goto f_err;
1039 }
1040
1041#ifndef OPENSSL_NO_TLSEXT
1042 /* TLS extensions*/
1043 if (s->version >= SSL3_VERSION)
1044 {
1045 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
1046 {
1047 /* 'al' set by ssl_parse_clienthello_tlsext */
1048 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
1049 goto f_err;
1050 }
1051 }
1052 if (ssl_check_clienthello_tlsext(s) <= 0) {
1053 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
1054 goto err;
1055 }
1056
1057 /* Check if we want to use external pre-shared secret for this
1058 * handshake for not reused session only. We need to generate
1059 * server_random before calling tls_session_secret_cb in order to allow
1060 * SessionTicket processing to use it in key derivation. */
1061 {
1062 unsigned long Time;
1063 unsigned char *pos;
1064 Time=(unsigned long)time(NULL); /* Time */
1065 pos=s->s3->server_random;
1066 l2n(Time,pos);
1067 if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
1068 {
1069 al=SSL_AD_INTERNAL_ERROR;
1070 goto f_err;
1071 }
1072 }
1073
1074 if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
1075 {
1076 SSL_CIPHER *pref_cipher=NULL;
1077
1078 s->session->master_key_length=sizeof(s->session->master_key);
1079 if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
1080 ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
1081 {
1082 s->hit=1;
1083 s->session->ciphers=ciphers;
1084 s->session->verify_result=X509_V_OK;
1085
1086 ciphers=NULL;
1087
1088 /* check if some cipher was preferred by call back */
1089 pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
1090 if (pref_cipher == NULL)
1091 {
1092 al=SSL_AD_HANDSHAKE_FAILURE;
1093 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1094 goto f_err;
1095 }
1096
1097 s->session->cipher=pref_cipher;
1098
1099 if (s->cipher_list)
1100 sk_SSL_CIPHER_free(s->cipher_list);
1101
1102 if (s->cipher_list_by_id)
1103 sk_SSL_CIPHER_free(s->cipher_list_by_id);
1104
1105 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1106 s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1107 }
1108 }
1109#endif
1110
1111 /* Worst case, we will use the NULL compression, but if we have other
1112 * options, we will now look for them. We have i-1 compression
1113 * algorithms from the client, starting at q. */
1114 s->s3->tmp.new_compression=NULL;
1115#ifndef OPENSSL_NO_COMP
1116 /* This only happens if we have a cache hit */
1117 if (s->session->compress_meth != 0)
1118 {
1119 int m, comp_id = s->session->compress_meth;
1120 /* Perform sanity checks on resumed compression algorithm */
1121 /* Can't disable compression */
1122 if (s->options & SSL_OP_NO_COMPRESSION)
1123 {
1124 al=SSL_AD_INTERNAL_ERROR;
1125 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1126 goto f_err;
1127 }
1128 /* Look for resumed compression method */
1129 for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
1130 {
1131 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1132 if (comp_id == comp->id)
1133 {
1134 s->s3->tmp.new_compression=comp;
1135 break;
1136 }
1137 }
1138 if (s->s3->tmp.new_compression == NULL)
1139 {
1140 al=SSL_AD_INTERNAL_ERROR;
1141 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
1142 goto f_err;
1143 }
1144 /* Look for resumed method in compression list */
1145 for (m = 0; m < i; m++)
1146 {
1147 if (q[m] == comp_id)
1148 break;
1149 }
1150 if (m >= i)
1151 {
1152 al=SSL_AD_ILLEGAL_PARAMETER;
1153 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1154 goto f_err;
1155 }
1156 }
1157 else if (s->hit)
1158 comp = NULL;
1159 else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
1160 { /* See if we have a match */
1161 int m,nn,o,v,done=0;
1162
1163 nn=sk_SSL_COMP_num(s->ctx->comp_methods);
1164 for (m=0; m<nn; m++)
1165 {
1166 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1167 v=comp->id;
1168 for (o=0; o<i; o++)
1169 {
1170 if (v == q[o])
1171 {
1172 done=1;
1173 break;
1174 }
1175 }
1176 if (done) break;
1177 }
1178 if (done)
1179 s->s3->tmp.new_compression=comp;
1180 else
1181 comp=NULL;
1182 }
1183#else
1184 /* If compression is disabled we'd better not try to resume a session
1185 * using compression.
1186 */
1187 if (s->session->compress_meth != 0)
1188 {
1189 al=SSL_AD_INTERNAL_ERROR;
1190 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1191 goto f_err;
1192 }
1193#endif
1194
1195 /* Given s->session->ciphers and SSL_get_ciphers, we must
1196 * pick a cipher */
1197
1198 if (!s->hit)
1199 {
1200#ifdef OPENSSL_NO_COMP
1201 s->session->compress_meth=0;
1202#else
1203 s->session->compress_meth=(comp == NULL)?0:comp->id;
1204#endif
1205 if (s->session->ciphers != NULL)
1206 sk_SSL_CIPHER_free(s->session->ciphers);
1207 s->session->ciphers=ciphers;
1208 if (ciphers == NULL)
1209 {
1210 al=SSL_AD_ILLEGAL_PARAMETER;
1211 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
1212 goto f_err;
1213 }
1214 ciphers=NULL;
1215 c=ssl3_choose_cipher(s,s->session->ciphers,
1216 SSL_get_ciphers(s));
1217
1218 if (c == NULL)
1219 {
1220 al=SSL_AD_HANDSHAKE_FAILURE;
1221 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1222 goto f_err;
1223 }
1224 s->s3->tmp.new_cipher=c;
1225 }
1226 else
1227 {
1228 /* Session-id reuse */
1229#ifdef REUSE_CIPHER_BUG
1230 STACK_OF(SSL_CIPHER) *sk;
1231 SSL_CIPHER *nc=NULL;
1232 SSL_CIPHER *ec=NULL;
1233
1234 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
1235 {
1236 sk=s->session->ciphers;
1237 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1238 {
1239 c=sk_SSL_CIPHER_value(sk,i);
1240 if (c->algorithm_enc & SSL_eNULL)
1241 nc=c;
1242 if (SSL_C_IS_EXPORT(c))
1243 ec=c;
1244 }
1245 if (nc != NULL)
1246 s->s3->tmp.new_cipher=nc;
1247 else if (ec != NULL)
1248 s->s3->tmp.new_cipher=ec;
1249 else
1250 s->s3->tmp.new_cipher=s->session->cipher;
1251 }
1252 else
1253#endif
1254 s->s3->tmp.new_cipher=s->session->cipher;
1255 }
1256
1257 if (!ssl3_digest_cached_records(s))
1258 goto f_err;
1259
1260 /* we now have the following setup.
1261 * client_random
1262 * cipher_list - our prefered list of ciphers
1263 * ciphers - the clients prefered list of ciphers
1264 * compression - basically ignored right now
1265 * ssl version is set - sslv3
1266 * s->session - The ssl session has been setup.
1267 * s->hit - session reuse flag
1268 * s->tmp.new_cipher - the new cipher to use.
1269 */
1270
1271 if (ret < 0) ret=1;
1272 if (0)
1273 {
1274f_err:
1275 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1276 }
1277err:
1278 if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
1279 return(ret);
1280 }
1281
1282int ssl3_send_server_hello(SSL *s)
1283 {
1284 unsigned char *buf;
1285 unsigned char *p,*d;
1286 int i,sl;
1287 unsigned long l;
1288#ifdef OPENSSL_NO_TLSEXT
1289 unsigned long Time;
1290#endif
1291
1292 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
1293 {
1294 buf=(unsigned char *)s->init_buf->data;
1295#ifdef OPENSSL_NO_TLSEXT
1296 p=s->s3->server_random;
1297 /* Generate server_random if it was not needed previously */
1298 Time=(unsigned long)time(NULL); /* Time */
1299 l2n(Time,p);
1300 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
1301 return -1;
1302#endif
1303 /* Do the message type and length last */
1304 d=p= &(buf[4]);
1305
1306 *(p++)=s->version>>8;
1307 *(p++)=s->version&0xff;
1308
1309 /* Random stuff */
1310 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
1311 p+=SSL3_RANDOM_SIZE;
1312
1313 /* now in theory we have 3 options to sending back the
1314 * session id. If it is a re-use, we send back the
1315 * old session-id, if it is a new session, we send
1316 * back the new session-id or we send back a 0 length
1317 * session-id if we want it to be single use.
1318 * Currently I will not implement the '0' length session-id
1319 * 12-Jan-98 - I'll now support the '0' length stuff.
1320 *
1321 * We also have an additional case where stateless session
1322 * resumption is successful: we always send back the old
1323 * session id. In this case s->hit is non zero: this can
1324 * only happen if stateless session resumption is succesful
1325 * if session caching is disabled so existing functionality
1326 * is unaffected.
1327 */
1328 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1329 && !s->hit)
1330 s->session->session_id_length=0;
1331
1332 sl=s->session->session_id_length;
1333 if (sl > (int)sizeof(s->session->session_id))
1334 {
1335 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
1336 return -1;
1337 }
1338 *(p++)=sl;
1339 memcpy(p,s->session->session_id,sl);
1340 p+=sl;
1341
1342 /* put the cipher */
1343 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
1344 p+=i;
1345
1346 /* put the compression method */
1347#ifdef OPENSSL_NO_COMP
1348 *(p++)=0;
1349#else
1350 if (s->s3->tmp.new_compression == NULL)
1351 *(p++)=0;
1352 else
1353 *(p++)=s->s3->tmp.new_compression->id;
1354#endif
1355#ifndef OPENSSL_NO_TLSEXT
1356 if (ssl_prepare_serverhello_tlsext(s) <= 0)
1357 {
1358 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1359 return -1;
1360 }
1361 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
1362 {
1363 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
1364 return -1;
1365 }
1366#endif
1367 /* do the header */
1368 l=(p-d);
1369 d=buf;
1370 *(d++)=SSL3_MT_SERVER_HELLO;
1371 l2n3(l,d);
1372
1373 s->state=SSL3_ST_SW_SRVR_HELLO_B;
1374 /* number of bytes to write */
1375 s->init_num=p-buf;
1376 s->init_off=0;
1377 }
1378
1379 /* SSL3_ST_SW_SRVR_HELLO_B */
1380 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1381 }
1382
1383int ssl3_send_server_done(SSL *s)
1384 {
1385 unsigned char *p;
1386
1387 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
1388 {
1389 p=(unsigned char *)s->init_buf->data;
1390
1391 /* do the header */
1392 *(p++)=SSL3_MT_SERVER_DONE;
1393 *(p++)=0;
1394 *(p++)=0;
1395 *(p++)=0;
1396
1397 s->state=SSL3_ST_SW_SRVR_DONE_B;
1398 /* number of bytes to write */
1399 s->init_num=4;
1400 s->init_off=0;
1401 }
1402
1403 /* SSL3_ST_SW_SRVR_DONE_B */
1404 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1405 }
1406
1407int ssl3_send_server_key_exchange(SSL *s)
1408 {
1409#ifndef OPENSSL_NO_RSA
1410 unsigned char *q;
1411 int j,num;
1412 RSA *rsa;
1413 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1414 unsigned int u;
1415#endif
1416#ifndef OPENSSL_NO_DH
1417 DH *dh=NULL,*dhp;
1418#endif
1419#ifndef OPENSSL_NO_ECDH
1420 EC_KEY *ecdh=NULL, *ecdhp;
1421 unsigned char *encodedPoint = NULL;
1422 int encodedlen = 0;
1423 int curve_id = 0;
1424 BN_CTX *bn_ctx = NULL;
1425#endif
1426 EVP_PKEY *pkey;
1427 unsigned char *p,*d;
1428 int al,i;
1429 unsigned long type;
1430 int n;
1431 CERT *cert;
1432 BIGNUM *r[4];
1433 int nr[4],kn;
1434 BUF_MEM *buf;
1435 EVP_MD_CTX md_ctx;
1436
1437 EVP_MD_CTX_init(&md_ctx);
1438 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
1439 {
1440 type=s->s3->tmp.new_cipher->algorithm_mkey;
1441 cert=s->cert;
1442
1443 buf=s->init_buf;
1444
1445 r[0]=r[1]=r[2]=r[3]=NULL;
1446 n=0;
1447#ifndef OPENSSL_NO_RSA
1448 if (type & SSL_kRSA)
1449 {
1450 rsa=cert->rsa_tmp;
1451 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
1452 {
1453 rsa=s->cert->rsa_tmp_cb(s,
1454 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1455 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1456 if(rsa == NULL)
1457 {
1458 al=SSL_AD_HANDSHAKE_FAILURE;
1459 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1460 goto f_err;
1461 }
1462 RSA_up_ref(rsa);
1463 cert->rsa_tmp=rsa;
1464 }
1465 if (rsa == NULL)
1466 {
1467 al=SSL_AD_HANDSHAKE_FAILURE;
1468 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1469 goto f_err;
1470 }
1471 r[0]=rsa->n;
1472 r[1]=rsa->e;
1473 s->s3->tmp.use_rsa_tmp=1;
1474 }
1475 else
1476#endif
1477#ifndef OPENSSL_NO_DH
1478 if (type & SSL_kEDH)
1479 {
1480 dhp=cert->dh_tmp;
1481 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1482 dhp=s->cert->dh_tmp_cb(s,
1483 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1484 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1485 if (dhp == NULL)
1486 {
1487 al=SSL_AD_HANDSHAKE_FAILURE;
1488 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1489 goto f_err;
1490 }
1491
1492 if (s->s3->tmp.dh != NULL)
1493 {
1494 DH_free(dh);
1495 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1496 goto err;
1497 }
1498
1499 if ((dh=DHparams_dup(dhp)) == NULL)
1500 {
1501 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1502 goto err;
1503 }
1504
1505 s->s3->tmp.dh=dh;
1506 if ((dhp->pub_key == NULL ||
1507 dhp->priv_key == NULL ||
1508 (s->options & SSL_OP_SINGLE_DH_USE)))
1509 {
1510 if(!DH_generate_key(dh))
1511 {
1512 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1513 ERR_R_DH_LIB);
1514 goto err;
1515 }
1516 }
1517 else
1518 {
1519 dh->pub_key=BN_dup(dhp->pub_key);
1520 dh->priv_key=BN_dup(dhp->priv_key);
1521 if ((dh->pub_key == NULL) ||
1522 (dh->priv_key == NULL))
1523 {
1524 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1525 goto err;
1526 }
1527 }
1528 r[0]=dh->p;
1529 r[1]=dh->g;
1530 r[2]=dh->pub_key;
1531 }
1532 else
1533#endif
1534#ifndef OPENSSL_NO_ECDH
1535 if (type & SSL_kEECDH)
1536 {
1537 const EC_GROUP *group;
1538
1539 ecdhp=cert->ecdh_tmp;
1540 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
1541 {
1542 ecdhp=s->cert->ecdh_tmp_cb(s,
1543 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1544 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1545 }
1546 if (ecdhp == NULL)
1547 {
1548 al=SSL_AD_HANDSHAKE_FAILURE;
1549 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1550 goto f_err;
1551 }
1552
1553 if (s->s3->tmp.ecdh != NULL)
1554 {
1555 EC_KEY_free(s->s3->tmp.ecdh);
1556 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1557 goto err;
1558 }
1559
1560 /* Duplicate the ECDH structure. */
1561 if (ecdhp == NULL)
1562 {
1563 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1564 goto err;
1565 }
1566 if (!EC_KEY_up_ref(ecdhp))
1567 {
1568 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1569 goto err;
1570 }
1571 ecdh = ecdhp;
1572
1573 s->s3->tmp.ecdh=ecdh;
1574 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1575 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1576 (s->options & SSL_OP_SINGLE_ECDH_USE))
1577 {
1578 if(!EC_KEY_generate_key(ecdh))
1579 {
1580 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1581 goto err;
1582 }
1583 }
1584
1585 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1586 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1587 (EC_KEY_get0_private_key(ecdh) == NULL))
1588 {
1589 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1590 goto err;
1591 }
1592
1593 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1594 (EC_GROUP_get_degree(group) > 163))
1595 {
1596 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1597 goto err;
1598 }
1599
1600 /* XXX: For now, we only support ephemeral ECDH
1601 * keys over named (not generic) curves. For
1602 * supported named curves, curve_id is non-zero.
1603 */
1604 if ((curve_id =
1605 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1606 == 0)
1607 {
1608 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1609 goto err;
1610 }
1611
1612 /* Encode the public key.
1613 * First check the size of encoding and
1614 * allocate memory accordingly.
1615 */
1616 encodedlen = EC_POINT_point2oct(group,
1617 EC_KEY_get0_public_key(ecdh),
1618 POINT_CONVERSION_UNCOMPRESSED,
1619 NULL, 0, NULL);
1620
1621 encodedPoint = (unsigned char *)
1622 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1623 bn_ctx = BN_CTX_new();
1624 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1625 {
1626 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1627 goto err;
1628 }
1629
1630
1631 encodedlen = EC_POINT_point2oct(group,
1632 EC_KEY_get0_public_key(ecdh),
1633 POINT_CONVERSION_UNCOMPRESSED,
1634 encodedPoint, encodedlen, bn_ctx);
1635
1636 if (encodedlen == 0)
1637 {
1638 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1639 goto err;
1640 }
1641
1642 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1643
1644 /* XXX: For now, we only support named (not
1645 * generic) curves in ECDH ephemeral key exchanges.
1646 * In this situation, we need four additional bytes
1647 * to encode the entire ServerECDHParams
1648 * structure.
1649 */
1650 n = 4 + encodedlen;
1651
1652 /* We'll generate the serverKeyExchange message
1653 * explicitly so we can set these to NULLs
1654 */
1655 r[0]=NULL;
1656 r[1]=NULL;
1657 r[2]=NULL;
1658 r[3]=NULL;
1659 }
1660 else
1661#endif /* !OPENSSL_NO_ECDH */
1662#ifndef OPENSSL_NO_PSK
1663 if (type & SSL_kPSK)
1664 {
1665 /* reserve size for record length and PSK identity hint*/
1666 n+=2+strlen(s->ctx->psk_identity_hint);
1667 }
1668 else
1669#endif /* !OPENSSL_NO_PSK */
1670 {
1671 al=SSL_AD_HANDSHAKE_FAILURE;
1672 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1673 goto f_err;
1674 }
1675 for (i=0; r[i] != NULL; i++)
1676 {
1677 nr[i]=BN_num_bytes(r[i]);
1678 n+=2+nr[i];
1679 }
1680
1681 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1682 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1683 {
1684 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
1685 == NULL)
1686 {
1687 al=SSL_AD_DECODE_ERROR;
1688 goto f_err;
1689 }
1690 kn=EVP_PKEY_size(pkey);
1691 }
1692 else
1693 {
1694 pkey=NULL;
1695 kn=0;
1696 }
1697
1698 if (!BUF_MEM_grow_clean(buf,n+4+kn))
1699 {
1700 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1701 goto err;
1702 }
1703 d=(unsigned char *)s->init_buf->data;
1704 p= &(d[4]);
1705
1706 for (i=0; r[i] != NULL; i++)
1707 {
1708 s2n(nr[i],p);
1709 BN_bn2bin(r[i],p);
1710 p+=nr[i];
1711 }
1712
1713#ifndef OPENSSL_NO_ECDH
1714 if (type & SSL_kEECDH)
1715 {
1716 /* XXX: For now, we only support named (not generic) curves.
1717 * In this situation, the serverKeyExchange message has:
1718 * [1 byte CurveType], [2 byte CurveName]
1719 * [1 byte length of encoded point], followed by
1720 * the actual encoded point itself
1721 */
1722 *p = NAMED_CURVE_TYPE;
1723 p += 1;
1724 *p = 0;
1725 p += 1;
1726 *p = curve_id;
1727 p += 1;
1728 *p = encodedlen;
1729 p += 1;
1730 memcpy((unsigned char*)p,
1731 (unsigned char *)encodedPoint,
1732 encodedlen);
1733 OPENSSL_free(encodedPoint);
1734 p += encodedlen;
1735 }
1736#endif
1737
1738#ifndef OPENSSL_NO_PSK
1739 if (type & SSL_kPSK)
1740 {
1741 /* copy PSK identity hint */
1742 s2n(strlen(s->ctx->psk_identity_hint), p);
1743 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1744 p+=strlen(s->ctx->psk_identity_hint);
1745 }
1746#endif
1747
1748 /* not anonymous */
1749 if (pkey != NULL)
1750 {
1751 /* n is the length of the params, they start at &(d[4])
1752 * and p points to the space at the end. */
1753#ifndef OPENSSL_NO_RSA
1754 if (pkey->type == EVP_PKEY_RSA)
1755 {
1756 q=md_buf;
1757 j=0;
1758 for (num=2; num > 0; num--)
1759 {
1760 EVP_DigestInit_ex(&md_ctx,(num == 2)
1761 ?s->ctx->md5:s->ctx->sha1, NULL);
1762 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1763 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1764 EVP_DigestUpdate(&md_ctx,&(d[4]),n);
1765 EVP_DigestFinal_ex(&md_ctx,q,
1766 (unsigned int *)&i);
1767 q+=i;
1768 j+=i;
1769 }
1770 if (RSA_sign(NID_md5_sha1, md_buf, j,
1771 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1772 {
1773 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1774 goto err;
1775 }
1776 s2n(u,p);
1777 n+=u+2;
1778 }
1779 else
1780#endif
1781#if !defined(OPENSSL_NO_DSA)
1782 if (pkey->type == EVP_PKEY_DSA)
1783 {
1784 /* lets do DSS */
1785 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
1786 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1787 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1788 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1789 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1790 (unsigned int *)&i,pkey))
1791 {
1792 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1793 goto err;
1794 }
1795 s2n(i,p);
1796 n+=i+2;
1797 }
1798 else
1799#endif
1800#if !defined(OPENSSL_NO_ECDSA)
1801 if (pkey->type == EVP_PKEY_EC)
1802 {
1803 /* let's do ECDSA */
1804 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1805 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1806 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1807 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1808 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1809 (unsigned int *)&i,pkey))
1810 {
1811 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1812 goto err;
1813 }
1814 s2n(i,p);
1815 n+=i+2;
1816 }
1817 else
1818#endif
1819 {
1820 /* Is this error check actually needed? */
1821 al=SSL_AD_HANDSHAKE_FAILURE;
1822 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1823 goto f_err;
1824 }
1825 }
1826
1827 *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
1828 l2n3(n,d);
1829
1830 /* we should now have things packed up, so lets send
1831 * it off */
1832 s->init_num=n+4;
1833 s->init_off=0;
1834 }
1835
1836 s->state = SSL3_ST_SW_KEY_EXCH_B;
1837 EVP_MD_CTX_cleanup(&md_ctx);
1838 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1839f_err:
1840 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1841err:
1842#ifndef OPENSSL_NO_ECDH
1843 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1844 BN_CTX_free(bn_ctx);
1845#endif
1846 EVP_MD_CTX_cleanup(&md_ctx);
1847 return(-1);
1848 }
1849
1850int ssl3_send_certificate_request(SSL *s)
1851 {
1852 unsigned char *p,*d;
1853 int i,j,nl,off,n;
1854 STACK_OF(X509_NAME) *sk=NULL;
1855 X509_NAME *name;
1856 BUF_MEM *buf;
1857
1858 if (s->state == SSL3_ST_SW_CERT_REQ_A)
1859 {
1860 buf=s->init_buf;
1861
1862 d=p=(unsigned char *)&(buf->data[4]);
1863
1864 /* get the list of acceptable cert types */
1865 p++;
1866 n=ssl3_get_req_cert_type(s,p);
1867 d[0]=n;
1868 p+=n;
1869 n++;
1870
1871 off=n;
1872 p+=2;
1873 n+=2;
1874
1875 sk=SSL_get_client_CA_list(s);
1876 nl=0;
1877 if (sk != NULL)
1878 {
1879 for (i=0; i<sk_X509_NAME_num(sk); i++)
1880 {
1881 name=sk_X509_NAME_value(sk,i);
1882 j=i2d_X509_NAME(name,NULL);
1883 if (!BUF_MEM_grow_clean(buf,4+n+j+2))
1884 {
1885 SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1886 goto err;
1887 }
1888 p=(unsigned char *)&(buf->data[4+n]);
1889 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1890 {
1891 s2n(j,p);
1892 i2d_X509_NAME(name,&p);
1893 n+=2+j;
1894 nl+=2+j;
1895 }
1896 else
1897 {
1898 d=p;
1899 i2d_X509_NAME(name,&p);
1900 j-=2; s2n(j,d); j+=2;
1901 n+=j;
1902 nl+=j;
1903 }
1904 }
1905 }
1906 /* else no CA names */
1907 p=(unsigned char *)&(buf->data[4+off]);
1908 s2n(nl,p);
1909
1910 d=(unsigned char *)buf->data;
1911 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
1912 l2n3(n,d);
1913
1914 /* we should now have things packed up, so lets send
1915 * it off */
1916
1917 s->init_num=n+4;
1918 s->init_off=0;
1919#ifdef NETSCAPE_HANG_BUG
1920 p=(unsigned char *)s->init_buf->data + s->init_num;
1921
1922 /* do the header */
1923 *(p++)=SSL3_MT_SERVER_DONE;
1924 *(p++)=0;
1925 *(p++)=0;
1926 *(p++)=0;
1927 s->init_num += 4;
1928#endif
1929
1930 s->state = SSL3_ST_SW_CERT_REQ_B;
1931 }
1932
1933 /* SSL3_ST_SW_CERT_REQ_B */
1934 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1935err:
1936 return(-1);
1937 }
1938
1939int ssl3_get_client_key_exchange(SSL *s)
1940 {
1941 int i,al,ok;
1942 long n;
1943 unsigned long alg_k;
1944 unsigned char *p;
1945#ifndef OPENSSL_NO_RSA
1946 RSA *rsa=NULL;
1947 EVP_PKEY *pkey=NULL;
1948#endif
1949#ifndef OPENSSL_NO_DH
1950 BIGNUM *pub=NULL;
1951 DH *dh_srvr;
1952#endif
1953#ifndef OPENSSL_NO_KRB5
1954 KSSL_ERR kssl_err;
1955#endif /* OPENSSL_NO_KRB5 */
1956
1957#ifndef OPENSSL_NO_ECDH
1958 EC_KEY *srvr_ecdh = NULL;
1959 EVP_PKEY *clnt_pub_pkey = NULL;
1960 EC_POINT *clnt_ecpoint = NULL;
1961 BN_CTX *bn_ctx = NULL;
1962#endif
1963
1964 n=s->method->ssl_get_message(s,
1965 SSL3_ST_SR_KEY_EXCH_A,
1966 SSL3_ST_SR_KEY_EXCH_B,
1967 SSL3_MT_CLIENT_KEY_EXCHANGE,
1968 2048, /* ??? */
1969 &ok);
1970
1971 if (!ok) return((int)n);
1972 p=(unsigned char *)s->init_msg;
1973
1974 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1975
1976#ifndef OPENSSL_NO_RSA
1977 if (alg_k & SSL_kRSA)
1978 {
1979 /* FIX THIS UP EAY EAY EAY EAY */
1980 if (s->s3->tmp.use_rsa_tmp)
1981 {
1982 if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
1983 rsa=s->cert->rsa_tmp;
1984 /* Don't do a callback because rsa_tmp should
1985 * be sent already */
1986 if (rsa == NULL)
1987 {
1988 al=SSL_AD_HANDSHAKE_FAILURE;
1989 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
1990 goto f_err;
1991
1992 }
1993 }
1994 else
1995 {
1996 pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
1997 if ( (pkey == NULL) ||
1998 (pkey->type != EVP_PKEY_RSA) ||
1999 (pkey->pkey.rsa == NULL))
2000 {
2001 al=SSL_AD_HANDSHAKE_FAILURE;
2002 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
2003 goto f_err;
2004 }
2005 rsa=pkey->pkey.rsa;
2006 }
2007
2008 /* TLS and [incidentally] DTLS{0xFEFF} */
2009 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
2010 {
2011 n2s(p,i);
2012 if (n != i+2)
2013 {
2014 if (!(s->options & SSL_OP_TLS_D5_BUG))
2015 {
2016 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
2017 goto err;
2018 }
2019 else
2020 p-=2;
2021 }
2022 else
2023 n=i;
2024 }
2025
2026 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
2027
2028 al = -1;
2029
2030 if (i != SSL_MAX_MASTER_KEY_LENGTH)
2031 {
2032 al=SSL_AD_DECODE_ERROR;
2033 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
2034 }
2035
2036 if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
2037 {
2038 /* The premaster secret must contain the same version number as the
2039 * ClientHello to detect version rollback attacks (strangely, the
2040 * protocol does not offer such protection for DH ciphersuites).
2041 * However, buggy clients exist that send the negotiated protocol
2042 * version instead if the server does not support the requested
2043 * protocol version.
2044 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
2045 if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
2046 (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
2047 {
2048 al=SSL_AD_DECODE_ERROR;
2049 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
2050
2051 /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
2052 * (http://eprint.iacr.org/2003/052/) exploits the version
2053 * number check as a "bad version oracle" -- an alert would
2054 * reveal that the plaintext corresponding to some ciphertext
2055 * made up by the adversary is properly formatted except
2056 * that the version number is wrong. To avoid such attacks,
2057 * we should treat this just like any other decryption error. */
2058 }
2059 }
2060
2061 if (al != -1)
2062 {
2063 /* Some decryption failure -- use random value instead as countermeasure
2064 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
2065 * (see RFC 2246, section 7.4.7.1). */
2066 ERR_clear_error();
2067 i = SSL_MAX_MASTER_KEY_LENGTH;
2068 p[0] = s->client_version >> 8;
2069 p[1] = s->client_version & 0xff;
2070 if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
2071 goto err;
2072 }
2073
2074 s->session->master_key_length=
2075 s->method->ssl3_enc->generate_master_secret(s,
2076 s->session->master_key,
2077 p,i);
2078 OPENSSL_cleanse(p,i);
2079 }
2080 else
2081#endif
2082#ifndef OPENSSL_NO_DH
2083 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2084 {
2085 n2s(p,i);
2086 if (n != i+2)
2087 {
2088 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
2089 {
2090 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
2091 goto err;
2092 }
2093 else
2094 {
2095 p-=2;
2096 i=(int)n;
2097 }
2098 }
2099
2100 if (n == 0L) /* the parameters are in the cert */
2101 {
2102 al=SSL_AD_HANDSHAKE_FAILURE;
2103 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
2104 goto f_err;
2105 }
2106 else
2107 {
2108 if (s->s3->tmp.dh == NULL)
2109 {
2110 al=SSL_AD_HANDSHAKE_FAILURE;
2111 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
2112 goto f_err;
2113 }
2114 else
2115 dh_srvr=s->s3->tmp.dh;
2116 }
2117
2118 pub=BN_bin2bn(p,i,NULL);
2119 if (pub == NULL)
2120 {
2121 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
2122 goto err;
2123 }
2124
2125 i=DH_compute_key(p,pub,dh_srvr);
2126
2127 if (i <= 0)
2128 {
2129 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2130 goto err;
2131 }
2132
2133 DH_free(s->s3->tmp.dh);
2134 s->s3->tmp.dh=NULL;
2135
2136 BN_clear_free(pub);
2137 pub=NULL;
2138 s->session->master_key_length=
2139 s->method->ssl3_enc->generate_master_secret(s,
2140 s->session->master_key,p,i);
2141 OPENSSL_cleanse(p,i);
2142 }
2143 else
2144#endif
2145#ifndef OPENSSL_NO_KRB5
2146 if (alg_k & SSL_kKRB5)
2147 {
2148 krb5_error_code krb5rc;
2149 krb5_data enc_ticket;
2150 krb5_data authenticator;
2151 krb5_data enc_pms;
2152 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2153 EVP_CIPHER_CTX ciph_ctx;
2154 const EVP_CIPHER *enc = NULL;
2155 unsigned char iv[EVP_MAX_IV_LENGTH];
2156 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
2157 + EVP_MAX_BLOCK_LENGTH];
2158 int padl, outl;
2159 krb5_timestamp authtime = 0;
2160 krb5_ticket_times ttimes;
2161
2162 EVP_CIPHER_CTX_init(&ciph_ctx);
2163
2164 if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
2165
2166 n2s(p,i);
2167 enc_ticket.length = i;
2168
2169 if (n < (long)(enc_ticket.length + 6))
2170 {
2171 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2172 SSL_R_DATA_LENGTH_TOO_LONG);
2173 goto err;
2174 }
2175
2176 enc_ticket.data = (char *)p;
2177 p+=enc_ticket.length;
2178
2179 n2s(p,i);
2180 authenticator.length = i;
2181
2182 if (n < (long)(enc_ticket.length + authenticator.length + 6))
2183 {
2184 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2185 SSL_R_DATA_LENGTH_TOO_LONG);
2186 goto err;
2187 }
2188
2189 authenticator.data = (char *)p;
2190 p+=authenticator.length;
2191
2192 n2s(p,i);
2193 enc_pms.length = i;
2194 enc_pms.data = (char *)p;
2195 p+=enc_pms.length;
2196
2197 /* Note that the length is checked again below,
2198 ** after decryption
2199 */
2200 if(enc_pms.length > sizeof pms)
2201 {
2202 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2203 SSL_R_DATA_LENGTH_TOO_LONG);
2204 goto err;
2205 }
2206
2207 if (n != (long)(enc_ticket.length + authenticator.length +
2208 enc_pms.length + 6))
2209 {
2210 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2211 SSL_R_DATA_LENGTH_TOO_LONG);
2212 goto err;
2213 }
2214
2215 if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2216 &kssl_err)) != 0)
2217 {
2218#ifdef KSSL_DEBUG
2219 printf("kssl_sget_tkt rtn %d [%d]\n",
2220 krb5rc, kssl_err.reason);
2221 if (kssl_err.text)
2222 printf("kssl_err text= %s\n", kssl_err.text);
2223#endif /* KSSL_DEBUG */
2224 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2225 kssl_err.reason);
2226 goto err;
2227 }
2228
2229 /* Note: no authenticator is not considered an error,
2230 ** but will return authtime == 0.
2231 */
2232 if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
2233 &authtime, &kssl_err)) != 0)
2234 {
2235#ifdef KSSL_DEBUG
2236 printf("kssl_check_authent rtn %d [%d]\n",
2237 krb5rc, kssl_err.reason);
2238 if (kssl_err.text)
2239 printf("kssl_err text= %s\n", kssl_err.text);
2240#endif /* KSSL_DEBUG */
2241 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2242 kssl_err.reason);
2243 goto err;
2244 }
2245
2246 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
2247 {
2248 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
2249 goto err;
2250 }
2251
2252#ifdef KSSL_DEBUG
2253 kssl_ctx_show(kssl_ctx);
2254#endif /* KSSL_DEBUG */
2255
2256 enc = kssl_map_enc(kssl_ctx->enctype);
2257 if (enc == NULL)
2258 goto err;
2259
2260 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2261
2262 if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
2263 {
2264 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2265 SSL_R_DECRYPTION_FAILED);
2266 goto err;
2267 }
2268 if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
2269 (unsigned char *)enc_pms.data, enc_pms.length))
2270 {
2271 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2272 SSL_R_DECRYPTION_FAILED);
2273 goto err;
2274 }
2275 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2276 {
2277 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2278 SSL_R_DATA_LENGTH_TOO_LONG);
2279 goto err;
2280 }
2281 if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
2282 {
2283 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2284 SSL_R_DECRYPTION_FAILED);
2285 goto err;
2286 }
2287 outl += padl;
2288 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2289 {
2290 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2291 SSL_R_DATA_LENGTH_TOO_LONG);
2292 goto err;
2293 }
2294 if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
2295 {
2296 /* The premaster secret must contain the same version number as the
2297 * ClientHello to detect version rollback attacks (strangely, the
2298 * protocol does not offer such protection for DH ciphersuites).
2299 * However, buggy clients exist that send random bytes instead of
2300 * the protocol version.
2301 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
2302 * (Perhaps we should have a separate BUG value for the Kerberos cipher)
2303 */
2304 if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
2305 {
2306 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2307 SSL_AD_DECODE_ERROR);
2308 goto err;
2309 }
2310 }
2311
2312 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2313
2314 s->session->master_key_length=
2315 s->method->ssl3_enc->generate_master_secret(s,
2316 s->session->master_key, pms, outl);
2317
2318 if (kssl_ctx->client_princ)
2319 {
2320 size_t len = strlen(kssl_ctx->client_princ);
2321 if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
2322 {
2323 s->session->krb5_client_princ_len = len;
2324 memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
2325 }
2326 }
2327
2328
2329 /* Was doing kssl_ctx_free() here,
2330 ** but it caused problems for apache.
2331 ** kssl_ctx = kssl_ctx_free(kssl_ctx);
2332 ** if (s->kssl_ctx) s->kssl_ctx = NULL;
2333 */
2334 }
2335 else
2336#endif /* OPENSSL_NO_KRB5 */
2337
2338#ifndef OPENSSL_NO_ECDH
2339 if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2340 {
2341 int ret = 1;
2342 int field_size = 0;
2343 const EC_KEY *tkey;
2344 const EC_GROUP *group;
2345 const BIGNUM *priv_key;
2346
2347 /* initialize structures for server's ECDH key pair */
2348 if ((srvr_ecdh = EC_KEY_new()) == NULL)
2349 {
2350 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2351 ERR_R_MALLOC_FAILURE);
2352 goto err;
2353 }
2354
2355 /* Let's get server private key and group information */
2356 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2357 {
2358 /* use the certificate */
2359 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
2360 }
2361 else
2362 {
2363 /* use the ephermeral values we saved when
2364 * generating the ServerKeyExchange msg.
2365 */
2366 tkey = s->s3->tmp.ecdh;
2367 }
2368
2369 group = EC_KEY_get0_group(tkey);
2370 priv_key = EC_KEY_get0_private_key(tkey);
2371
2372 if (!EC_KEY_set_group(srvr_ecdh, group) ||
2373 !EC_KEY_set_private_key(srvr_ecdh, priv_key))
2374 {
2375 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2376 ERR_R_EC_LIB);
2377 goto err;
2378 }
2379
2380 /* Let's get client's public key */
2381 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
2382 {
2383 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2384 ERR_R_MALLOC_FAILURE);
2385 goto err;
2386 }
2387
2388 if (n == 0L)
2389 {
2390 /* Client Publickey was in Client Certificate */
2391
2392 if (alg_k & SSL_kEECDH)
2393 {
2394 al=SSL_AD_HANDSHAKE_FAILURE;
2395 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
2396 goto f_err;
2397 }
2398 if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
2399 == NULL) ||
2400 (clnt_pub_pkey->type != EVP_PKEY_EC))
2401 {
2402 /* XXX: For now, we do not support client
2403 * authentication using ECDH certificates
2404 * so this branch (n == 0L) of the code is
2405 * never executed. When that support is
2406 * added, we ought to ensure the key
2407 * received in the certificate is
2408 * authorized for key agreement.
2409 * ECDH_compute_key implicitly checks that
2410 * the two ECDH shares are for the same
2411 * group.
2412 */
2413 al=SSL_AD_HANDSHAKE_FAILURE;
2414 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2415 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
2416 goto f_err;
2417 }
2418
2419 if (EC_POINT_copy(clnt_ecpoint,
2420 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
2421 {
2422 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2423 ERR_R_EC_LIB);
2424 goto err;
2425 }
2426 ret = 2; /* Skip certificate verify processing */
2427 }
2428 else
2429 {
2430 /* Get client's public key from encoded point
2431 * in the ClientKeyExchange message.
2432 */
2433 if ((bn_ctx = BN_CTX_new()) == NULL)
2434 {
2435 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2436 ERR_R_MALLOC_FAILURE);
2437 goto err;
2438 }
2439
2440 /* Get encoded point length */
2441 i = *p;
2442 p += 1;
2443 if (EC_POINT_oct2point(group,
2444 clnt_ecpoint, p, i, bn_ctx) == 0)
2445 {
2446 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2447 ERR_R_EC_LIB);
2448 goto err;
2449 }
2450 /* p is pointing to somewhere in the buffer
2451 * currently, so set it to the start
2452 */
2453 p=(unsigned char *)s->init_buf->data;
2454 }
2455
2456 /* Compute the shared pre-master secret */
2457 field_size = EC_GROUP_get_degree(group);
2458 if (field_size <= 0)
2459 {
2460 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2461 ERR_R_ECDH_LIB);
2462 goto err;
2463 }
2464 i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
2465 if (i <= 0)
2466 {
2467 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2468 ERR_R_ECDH_LIB);
2469 goto err;
2470 }
2471
2472 EVP_PKEY_free(clnt_pub_pkey);
2473 EC_POINT_free(clnt_ecpoint);
2474 EC_KEY_free(srvr_ecdh);
2475 BN_CTX_free(bn_ctx);
2476 EC_KEY_free(s->s3->tmp.ecdh);
2477 s->s3->tmp.ecdh = NULL;
2478
2479 /* Compute the master secret */
2480 s->session->master_key_length = s->method->ssl3_enc-> \
2481 generate_master_secret(s, s->session->master_key, p, i);
2482
2483 OPENSSL_cleanse(p, i);
2484 return (ret);
2485 }
2486 else
2487#endif
2488#ifndef OPENSSL_NO_PSK
2489 if (alg_k & SSL_kPSK)
2490 {
2491 unsigned char *t = NULL;
2492 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2493 unsigned int pre_ms_len = 0, psk_len = 0;
2494 int psk_err = 1;
2495 char tmp_id[PSK_MAX_IDENTITY_LEN+1];
2496
2497 al=SSL_AD_HANDSHAKE_FAILURE;
2498
2499 n2s(p,i);
2500 if (n != i+2)
2501 {
2502 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2503 SSL_R_LENGTH_MISMATCH);
2504 goto psk_err;
2505 }
2506 if (i > PSK_MAX_IDENTITY_LEN)
2507 {
2508 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2509 SSL_R_DATA_LENGTH_TOO_LONG);
2510 goto psk_err;
2511 }
2512 if (s->psk_server_callback == NULL)
2513 {
2514 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2515 SSL_R_PSK_NO_SERVER_CB);
2516 goto psk_err;
2517 }
2518
2519 /* Create guaranteed NULL-terminated identity
2520 * string for the callback */
2521 memcpy(tmp_id, p, i);
2522 memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
2523 psk_len = s->psk_server_callback(s, tmp_id,
2524 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2525 OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
2526
2527 if (psk_len > PSK_MAX_PSK_LEN)
2528 {
2529 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2530 ERR_R_INTERNAL_ERROR);
2531 goto psk_err;
2532 }
2533 else if (psk_len == 0)
2534 {
2535 /* PSK related to the given identity not found */
2536 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2537 SSL_R_PSK_IDENTITY_NOT_FOUND);
2538 al=SSL_AD_UNKNOWN_PSK_IDENTITY;
2539 goto psk_err;
2540 }
2541
2542 /* create PSK pre_master_secret */
2543 pre_ms_len=2+psk_len+2+psk_len;
2544 t = psk_or_pre_ms;
2545 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2546 s2n(psk_len, t);
2547 memset(t, 0, psk_len);
2548 t+=psk_len;
2549 s2n(psk_len, t);
2550
2551 if (s->session->psk_identity != NULL)
2552 OPENSSL_free(s->session->psk_identity);
2553 s->session->psk_identity = BUF_strdup((char *)p);
2554 if (s->session->psk_identity == NULL)
2555 {
2556 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2557 ERR_R_MALLOC_FAILURE);
2558 goto psk_err;
2559 }
2560
2561 if (s->session->psk_identity_hint != NULL)
2562 OPENSSL_free(s->session->psk_identity_hint);
2563 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2564 if (s->ctx->psk_identity_hint != NULL &&
2565 s->session->psk_identity_hint == NULL)
2566 {
2567 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2568 ERR_R_MALLOC_FAILURE);
2569 goto psk_err;
2570 }
2571
2572 s->session->master_key_length=
2573 s->method->ssl3_enc->generate_master_secret(s,
2574 s->session->master_key, psk_or_pre_ms, pre_ms_len);
2575 psk_err = 0;
2576 psk_err:
2577 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2578 if (psk_err != 0)
2579 goto f_err;
2580 }
2581 else
2582#endif
2583 if (alg_k & SSL_kGOST)
2584 {
2585 int ret = 0;
2586 EVP_PKEY_CTX *pkey_ctx;
2587 EVP_PKEY *client_pub_pkey = NULL;
2588 unsigned char premaster_secret[32], *start;
2589 size_t outlen=32, inlen;
2590
2591 /* Get our certificate private key*/
2592 pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL);
2593 EVP_PKEY_decrypt_init(pkey_ctx);
2594 /* If client certificate is present and is of the same type, maybe
2595 * use it for key exchange. Don't mind errors from
2596 * EVP_PKEY_derive_set_peer, because it is completely valid to use
2597 * a client certificate for authorization only. */
2598 client_pub_pkey = X509_get_pubkey(s->session->peer);
2599 if (client_pub_pkey)
2600 {
2601 if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
2602 ERR_clear_error();
2603 }
2604 /* Decrypt session key */
2605 if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)))
2606 {
2607 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2608 goto gerr;
2609 }
2610 if (p[1] == 0x81)
2611 {
2612 start = p+3;
2613 inlen = p[2];
2614 }
2615 else if (p[1] < 0x80)
2616 {
2617 start = p+2;
2618 inlen = p[1];
2619 }
2620 else
2621 {
2622 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2623 goto gerr;
2624 }
2625 if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0)
2626
2627 {
2628 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2629 goto gerr;
2630 }
2631 /* Generate master secret */
2632 s->session->master_key_length=
2633 s->method->ssl3_enc->generate_master_secret(s,
2634 s->session->master_key,premaster_secret,32);
2635 /* Check if pubkey from client certificate was used */
2636 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2637 ret = 2;
2638 else
2639 ret = 1;
2640 gerr:
2641 EVP_PKEY_free(client_pub_pkey);
2642 EVP_PKEY_CTX_free(pkey_ctx);
2643 if (ret)
2644 return ret;
2645 else
2646 goto err;
2647 }
2648 else
2649 {
2650 al=SSL_AD_HANDSHAKE_FAILURE;
2651 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2652 SSL_R_UNKNOWN_CIPHER_TYPE);
2653 goto f_err;
2654 }
2655
2656 return(1);
2657f_err:
2658 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2659#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
2660err:
2661#endif
2662#ifndef OPENSSL_NO_ECDH
2663 EVP_PKEY_free(clnt_pub_pkey);
2664 EC_POINT_free(clnt_ecpoint);
2665 if (srvr_ecdh != NULL)
2666 EC_KEY_free(srvr_ecdh);
2667 BN_CTX_free(bn_ctx);
2668#endif
2669 return(-1);
2670 }
2671
2672int ssl3_get_cert_verify(SSL *s)
2673 {
2674 EVP_PKEY *pkey=NULL;
2675 unsigned char *p;
2676 int al,ok,ret=0;
2677 long n;
2678 int type=0,i,j;
2679 X509 *peer;
2680
2681 n=s->method->ssl_get_message(s,
2682 SSL3_ST_SR_CERT_VRFY_A,
2683 SSL3_ST_SR_CERT_VRFY_B,
2684 -1,
2685 514, /* 514? */
2686 &ok);
2687
2688 if (!ok) return((int)n);
2689
2690 if (s->session->peer != NULL)
2691 {
2692 peer=s->session->peer;
2693 pkey=X509_get_pubkey(peer);
2694 type=X509_certificate_type(peer,pkey);
2695 }
2696 else
2697 {
2698 peer=NULL;
2699 pkey=NULL;
2700 }
2701
2702 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
2703 {
2704 s->s3->tmp.reuse_message=1;
2705 if ((peer != NULL) && (type | EVP_PKT_SIGN))
2706 {
2707 al=SSL_AD_UNEXPECTED_MESSAGE;
2708 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
2709 goto f_err;
2710 }
2711 ret=1;
2712 goto end;
2713 }
2714
2715 if (peer == NULL)
2716 {
2717 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
2718 al=SSL_AD_UNEXPECTED_MESSAGE;
2719 goto f_err;
2720 }
2721
2722 if (!(type & EVP_PKT_SIGN))
2723 {
2724 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2725 al=SSL_AD_ILLEGAL_PARAMETER;
2726 goto f_err;
2727 }
2728
2729 if (s->s3->change_cipher_spec)
2730 {
2731 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
2732 al=SSL_AD_UNEXPECTED_MESSAGE;
2733 goto f_err;
2734 }
2735
2736 /* we now have a signature that we need to verify */
2737 p=(unsigned char *)s->init_msg;
2738 /* Check for broken implementations of GOST ciphersuites */
2739 /* If key is GOST and n is exactly 64, it is bare
2740 * signature without length field */
2741 if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
2742 pkey->type == NID_id_GostR3410_2001) )
2743 {
2744 i=64;
2745 }
2746 else
2747 {
2748 n2s(p,i);
2749 n-=2;
2750 if (i > n)
2751 {
2752 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
2753 al=SSL_AD_DECODE_ERROR;
2754 goto f_err;
2755 }
2756 }
2757 j=EVP_PKEY_size(pkey);
2758 if ((i > j) || (n > j) || (n <= 0))
2759 {
2760 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
2761 al=SSL_AD_DECODE_ERROR;
2762 goto f_err;
2763 }
2764
2765#ifndef OPENSSL_NO_RSA
2766 if (pkey->type == EVP_PKEY_RSA)
2767 {
2768 i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
2769 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
2770 pkey->pkey.rsa);
2771 if (i < 0)
2772 {
2773 al=SSL_AD_DECRYPT_ERROR;
2774 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
2775 goto f_err;
2776 }
2777 if (i == 0)
2778 {
2779 al=SSL_AD_DECRYPT_ERROR;
2780 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
2781 goto f_err;
2782 }
2783 }
2784 else
2785#endif
2786#ifndef OPENSSL_NO_DSA
2787 if (pkey->type == EVP_PKEY_DSA)
2788 {
2789 j=DSA_verify(pkey->save_type,
2790 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2791 SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
2792 if (j <= 0)
2793 {
2794 /* bad signature */
2795 al=SSL_AD_DECRYPT_ERROR;
2796 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
2797 goto f_err;
2798 }
2799 }
2800 else
2801#endif
2802#ifndef OPENSSL_NO_ECDSA
2803 if (pkey->type == EVP_PKEY_EC)
2804 {
2805 j=ECDSA_verify(pkey->save_type,
2806 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2807 SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
2808 if (j <= 0)
2809 {
2810 /* bad signature */
2811 al=SSL_AD_DECRYPT_ERROR;
2812 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2813 SSL_R_BAD_ECDSA_SIGNATURE);
2814 goto f_err;
2815 }
2816 }
2817 else
2818#endif
2819 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
2820 { unsigned char signature[64];
2821 int idx;
2822 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
2823 EVP_PKEY_verify_init(pctx);
2824 if (i!=64) {
2825 fprintf(stderr,"GOST signature length is %d",i);
2826 }
2827 for (idx=0;idx<64;idx++) {
2828 signature[63-idx]=p[idx];
2829 }
2830 j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
2831 EVP_PKEY_CTX_free(pctx);
2832 if (j<=0)
2833 {
2834 al=SSL_AD_DECRYPT_ERROR;
2835 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2836 SSL_R_BAD_ECDSA_SIGNATURE);
2837 goto f_err;
2838 }
2839 }
2840 else
2841 {
2842 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
2843 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
2844 goto f_err;
2845 }
2846
2847
2848 ret=1;
2849 if (0)
2850 {
2851f_err:
2852 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2853 }
2854end:
2855 EVP_PKEY_free(pkey);
2856 return(ret);
2857 }
2858
2859int ssl3_get_client_certificate(SSL *s)
2860 {
2861 int i,ok,al,ret= -1;
2862 X509 *x=NULL;
2863 unsigned long l,nc,llen,n;
2864 const unsigned char *p,*q;
2865 unsigned char *d;
2866 STACK_OF(X509) *sk=NULL;
2867
2868 n=s->method->ssl_get_message(s,
2869 SSL3_ST_SR_CERT_A,
2870 SSL3_ST_SR_CERT_B,
2871 -1,
2872 s->max_cert_list,
2873 &ok);
2874
2875 if (!ok) return((int)n);
2876
2877 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
2878 {
2879 if ( (s->verify_mode & SSL_VERIFY_PEER) &&
2880 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
2881 {
2882 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2883 al=SSL_AD_HANDSHAKE_FAILURE;
2884 goto f_err;
2885 }
2886 /* If tls asked for a client cert, the client must return a 0 list */
2887 if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
2888 {
2889 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
2890 al=SSL_AD_UNEXPECTED_MESSAGE;
2891 goto f_err;
2892 }
2893 s->s3->tmp.reuse_message=1;
2894 return(1);
2895 }
2896
2897 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
2898 {
2899 al=SSL_AD_UNEXPECTED_MESSAGE;
2900 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
2901 goto f_err;
2902 }
2903 p=d=(unsigned char *)s->init_msg;
2904
2905 if ((sk=sk_X509_new_null()) == NULL)
2906 {
2907 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
2908 goto err;
2909 }
2910
2911 n2l3(p,llen);
2912 if (llen+3 != n)
2913 {
2914 al=SSL_AD_DECODE_ERROR;
2915 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
2916 goto f_err;
2917 }
2918 for (nc=0; nc<llen; )
2919 {
2920 n2l3(p,l);
2921 if ((l+nc+3) > llen)
2922 {
2923 al=SSL_AD_DECODE_ERROR;
2924 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
2925 goto f_err;
2926 }
2927
2928 q=p;
2929 x=d2i_X509(NULL,&p,l);
2930 if (x == NULL)
2931 {
2932 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
2933 goto err;
2934 }
2935 if (p != (q+l))
2936 {
2937 al=SSL_AD_DECODE_ERROR;
2938 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
2939 goto f_err;
2940 }
2941 if (!sk_X509_push(sk,x))
2942 {
2943 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
2944 goto err;
2945 }
2946 x=NULL;
2947 nc+=l+3;
2948 }
2949
2950 if (sk_X509_num(sk) <= 0)
2951 {
2952 /* TLS does not mind 0 certs returned */
2953 if (s->version == SSL3_VERSION)
2954 {
2955 al=SSL_AD_HANDSHAKE_FAILURE;
2956 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
2957 goto f_err;
2958 }
2959 /* Fail for TLS only if we required a certificate */
2960 else if ((s->verify_mode & SSL_VERIFY_PEER) &&
2961 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
2962 {
2963 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2964 al=SSL_AD_HANDSHAKE_FAILURE;
2965 goto f_err;
2966 }
2967 }
2968 else
2969 {
2970 i=ssl_verify_cert_chain(s,sk);
2971 if (i <= 0)
2972 {
2973 al=ssl_verify_alarm_type(s->verify_result);
2974 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
2975 goto f_err;
2976 }
2977 }
2978
2979 if (s->session->peer != NULL) /* This should not be needed */
2980 X509_free(s->session->peer);
2981 s->session->peer=sk_X509_shift(sk);
2982 s->session->verify_result = s->verify_result;
2983
2984 /* With the current implementation, sess_cert will always be NULL
2985 * when we arrive here. */
2986 if (s->session->sess_cert == NULL)
2987 {
2988 s->session->sess_cert = ssl_sess_cert_new();
2989 if (s->session->sess_cert == NULL)
2990 {
2991 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
2992 goto err;
2993 }
2994 }
2995 if (s->session->sess_cert->cert_chain != NULL)
2996 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
2997 s->session->sess_cert->cert_chain=sk;
2998 /* Inconsistency alert: cert_chain does *not* include the
2999 * peer's own certificate, while we do include it in s3_clnt.c */
3000
3001 sk=NULL;
3002
3003 ret=1;
3004 if (0)
3005 {
3006f_err:
3007 ssl3_send_alert(s,SSL3_AL_FATAL,al);
3008 }
3009err:
3010 if (x != NULL) X509_free(x);
3011 if (sk != NULL) sk_X509_pop_free(sk,X509_free);
3012 return(ret);
3013 }
3014
3015int ssl3_send_server_certificate(SSL *s)
3016 {
3017 unsigned long l;
3018 X509 *x;
3019
3020 if (s->state == SSL3_ST_SW_CERT_A)
3021 {
3022 x=ssl_get_server_send_cert(s);
3023 if (x == NULL)
3024 {
3025 /* VRS: allow null cert if auth == KRB5 */
3026 if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
3027 (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
3028 {
3029 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
3030 return(0);
3031 }
3032 }
3033
3034 l=ssl3_output_cert_chain(s,x);
3035 s->state=SSL3_ST_SW_CERT_B;
3036 s->init_num=(int)l;
3037 s->init_off=0;
3038 }
3039
3040 /* SSL3_ST_SW_CERT_B */
3041 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3042 }
3043#ifndef OPENSSL_NO_TLSEXT
3044int ssl3_send_newsession_ticket(SSL *s)
3045 {
3046 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
3047 {
3048 unsigned char *p, *senc, *macstart;
3049 int len, slen;
3050 unsigned int hlen;
3051 EVP_CIPHER_CTX ctx;
3052 HMAC_CTX hctx;
3053 SSL_CTX *tctx = s->initial_ctx;
3054 unsigned char iv[EVP_MAX_IV_LENGTH];
3055 unsigned char key_name[16];
3056
3057 /* get session encoding length */
3058 slen = i2d_SSL_SESSION(s->session, NULL);
3059 /* Some length values are 16 bits, so forget it if session is
3060 * too long
3061 */
3062 if (slen > 0xFF00)
3063 return -1;
3064 /* Grow buffer if need be: the length calculation is as
3065 * follows 1 (size of message name) + 3 (message length
3066 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
3067 * 16 (key name) + max_iv_len (iv length) +
3068 * session_length + max_enc_block_size (max encrypted session
3069 * length) + max_md_size (HMAC).
3070 */
3071 if (!BUF_MEM_grow(s->init_buf,
3072 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
3073 EVP_MAX_MD_SIZE + slen))
3074 return -1;
3075 senc = OPENSSL_malloc(slen);
3076 if (!senc)
3077 return -1;
3078 p = senc;
3079 i2d_SSL_SESSION(s->session, &p);
3080
3081 p=(unsigned char *)s->init_buf->data;
3082 /* do the header */
3083 *(p++)=SSL3_MT_NEWSESSION_TICKET;
3084 /* Skip message length for now */
3085 p += 3;
3086 EVP_CIPHER_CTX_init(&ctx);
3087 HMAC_CTX_init(&hctx);
3088 /* Initialize HMAC and cipher contexts. If callback present
3089 * it does all the work otherwise use generated values
3090 * from parent ctx.
3091 */
3092 if (tctx->tlsext_ticket_key_cb)
3093 {
3094 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
3095 &hctx, 1) < 0)
3096 {
3097 OPENSSL_free(senc);
3098 return -1;
3099 }
3100 }
3101 else
3102 {
3103 RAND_pseudo_bytes(iv, 16);
3104 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
3105 tctx->tlsext_tick_aes_key, iv);
3106 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
3107 tlsext_tick_md(), NULL);
3108 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
3109 }
3110 l2n(s->session->tlsext_tick_lifetime_hint, p);
3111 /* Skip ticket length for now */
3112 p += 2;
3113 /* Output key name */
3114 macstart = p;
3115 memcpy(p, key_name, 16);
3116 p += 16;
3117 /* output IV */
3118 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
3119 p += EVP_CIPHER_CTX_iv_length(&ctx);
3120 /* Encrypt session data */
3121 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
3122 p += len;
3123 EVP_EncryptFinal(&ctx, p, &len);
3124 p += len;
3125 EVP_CIPHER_CTX_cleanup(&ctx);
3126
3127 HMAC_Update(&hctx, macstart, p - macstart);
3128 HMAC_Final(&hctx, p, &hlen);
3129 HMAC_CTX_cleanup(&hctx);
3130
3131 p += hlen;
3132 /* Now write out lengths: p points to end of data written */
3133 /* Total length */
3134 len = p - (unsigned char *)s->init_buf->data;
3135 p=(unsigned char *)s->init_buf->data + 1;
3136 l2n3(len - 4, p); /* Message length */
3137 p += 4;
3138 s2n(len - 10, p); /* Ticket length */
3139
3140 /* number of bytes to write */
3141 s->init_num= len;
3142 s->state=SSL3_ST_SW_SESSION_TICKET_B;
3143 s->init_off=0;
3144 OPENSSL_free(senc);
3145 }
3146
3147 /* SSL3_ST_SW_SESSION_TICKET_B */
3148 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3149 }
3150
3151int ssl3_send_cert_status(SSL *s)
3152 {
3153 if (s->state == SSL3_ST_SW_CERT_STATUS_A)
3154 {
3155 unsigned char *p;
3156 /* Grow buffer if need be: the length calculation is as
3157 * follows 1 (message type) + 3 (message length) +
3158 * 1 (ocsp response type) + 3 (ocsp response length)
3159 * + (ocsp response)
3160 */
3161 if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
3162 return -1;
3163
3164 p=(unsigned char *)s->init_buf->data;
3165
3166 /* do the header */
3167 *(p++)=SSL3_MT_CERTIFICATE_STATUS;
3168 /* message length */
3169 l2n3(s->tlsext_ocsp_resplen + 4, p);
3170 /* status type */
3171 *(p++)= s->tlsext_status_type;
3172 /* length of OCSP response */
3173 l2n3(s->tlsext_ocsp_resplen, p);
3174 /* actual response */
3175 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
3176 /* number of bytes to write */
3177 s->init_num = 8 + s->tlsext_ocsp_resplen;
3178 s->state=SSL3_ST_SW_CERT_STATUS_B;
3179 s->init_off = 0;
3180 }
3181
3182 /* SSL3_ST_SW_CERT_STATUS_B */
3183 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3184 }
3185#endif
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index 84e2c2920d..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
1major=16
2minor=0
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index e4c3f65010..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,2302 +0,0 @@
1/* ssl/ssl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_H
144#define HEADER_SSL_H
145
146#include <openssl/e_os2.h>
147
148#ifndef OPENSSL_NO_COMP
149#include <openssl/comp.h>
150#endif
151#ifndef OPENSSL_NO_BIO
152#include <openssl/bio.h>
153#endif
154#ifndef OPENSSL_NO_DEPRECATED
155#ifndef OPENSSL_NO_X509
156#include <openssl/x509.h>
157#endif
158#include <openssl/crypto.h>
159#include <openssl/lhash.h>
160#include <openssl/buffer.h>
161#endif
162#include <openssl/pem.h>
163#include <openssl/hmac.h>
164
165#include <openssl/kssl.h>
166#include <openssl/safestack.h>
167#include <openssl/symhacks.h>
168
169#ifdef __cplusplus
170extern "C" {
171#endif
172
173/* SSLeay version number for ASN.1 encoding of the session information */
174/* Version 0 - initial version
175 * Version 1 - added the optional peer certificate
176 */
177#define SSL_SESSION_ASN1_VERSION 0x0001
178
179/* text strings for the ciphers */
180#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
181#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
182#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
183#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
184#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
185#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
186#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
187#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
188#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
189#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
190
191/* VRS Additional Kerberos5 entries
192 */
193#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
194#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
195#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
196#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
197#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
198#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
199#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
200#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
201
202#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
203#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
204#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
205#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
206#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
207#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
208
209#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
210#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
211#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
212#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
213#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
214#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
215#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
216
217#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
218#define SSL_MAX_SID_CTX_LENGTH 32
219
220#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
221#define SSL_MAX_KEY_ARG_LENGTH 8
222#define SSL_MAX_MASTER_KEY_LENGTH 48
223
224
225/* These are used to specify which ciphers to use and not to use */
226
227#define SSL_TXT_EXP40 "EXPORT40"
228#define SSL_TXT_EXP56 "EXPORT56"
229#define SSL_TXT_LOW "LOW"
230#define SSL_TXT_MEDIUM "MEDIUM"
231#define SSL_TXT_HIGH "HIGH"
232#define SSL_TXT_FIPS "FIPS"
233
234#define SSL_TXT_kFZA "kFZA" /* unused! */
235#define SSL_TXT_aFZA "aFZA" /* unused! */
236#define SSL_TXT_eFZA "eFZA" /* unused! */
237#define SSL_TXT_FZA "FZA" /* unused! */
238
239#define SSL_TXT_aNULL "aNULL"
240#define SSL_TXT_eNULL "eNULL"
241#define SSL_TXT_NULL "NULL"
242
243#define SSL_TXT_kRSA "kRSA"
244#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
245#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
246#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
247#define SSL_TXT_kEDH "kEDH"
248#define SSL_TXT_kKRB5 "kKRB5"
249#define SSL_TXT_kECDHr "kECDHr"
250#define SSL_TXT_kECDHe "kECDHe"
251#define SSL_TXT_kECDH "kECDH"
252#define SSL_TXT_kEECDH "kEECDH"
253#define SSL_TXT_kPSK "kPSK"
254#define SSL_TXT_kGOST "kGOST"
255
256#define SSL_TXT_aRSA "aRSA"
257#define SSL_TXT_aDSS "aDSS"
258#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
259#define SSL_TXT_aECDH "aECDH"
260#define SSL_TXT_aKRB5 "aKRB5"
261#define SSL_TXT_aECDSA "aECDSA"
262#define SSL_TXT_aPSK "aPSK"
263#define SSL_TXT_aGOST94 "aGOST94"
264#define SSL_TXT_aGOST01 "aGOST01"
265#define SSL_TXT_aGOST "aGOST"
266
267#define SSL_TXT_DSS "DSS"
268#define SSL_TXT_DH "DH"
269#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */
270#define SSL_TXT_ADH "ADH"
271#define SSL_TXT_RSA "RSA"
272#define SSL_TXT_ECDH "ECDH"
273#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
274#define SSL_TXT_AECDH "AECDH"
275#define SSL_TXT_ECDSA "ECDSA"
276#define SSL_TXT_KRB5 "KRB5"
277#define SSL_TXT_PSK "PSK"
278
279#define SSL_TXT_DES "DES"
280#define SSL_TXT_3DES "3DES"
281#define SSL_TXT_RC4 "RC4"
282#define SSL_TXT_RC2 "RC2"
283#define SSL_TXT_IDEA "IDEA"
284#define SSL_TXT_SEED "SEED"
285#define SSL_TXT_AES128 "AES128"
286#define SSL_TXT_AES256 "AES256"
287#define SSL_TXT_AES "AES"
288#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
289#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
290#define SSL_TXT_CAMELLIA "CAMELLIA"
291
292#define SSL_TXT_MD5 "MD5"
293#define SSL_TXT_SHA1 "SHA1"
294#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
295#define SSL_TXT_GOST94 "GOST94"
296#define SSL_TXT_GOST89MAC "GOST89MAC"
297
298#define SSL_TXT_SSLV2 "SSLv2"
299#define SSL_TXT_SSLV3 "SSLv3"
300#define SSL_TXT_TLSV1 "TLSv1"
301
302#define SSL_TXT_EXP "EXP"
303#define SSL_TXT_EXPORT "EXPORT"
304
305#define SSL_TXT_ALL "ALL"
306
307/*
308 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
309 * ciphers normally not being used.
310 * Example: "RC4" will activate all ciphers using RC4 including ciphers
311 * without authentication, which would normally disabled by DEFAULT (due
312 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
313 * will make sure that it is also disabled in the specific selection.
314 * COMPLEMENTOF* identifiers are portable between version, as adjustments
315 * to the default cipher setup will also be included here.
316 *
317 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
318 * DEFAULT gets, as only selection is being done and no sorting as needed
319 * for DEFAULT.
320 */
321#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
322#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
323
324/* The following cipher list is used by default.
325 * It also is substituted when an application-defined cipher list string
326 * starts with 'DEFAULT'. */
327#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
328/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
329 * starts with a reasonable order, and all we have to do for DEFAULT is
330 * throwing out anonymous and unencrypted ciphersuites!
331 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
332 * some of them.)
333 */
334
335/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
336#define SSL_SENT_SHUTDOWN 1
337#define SSL_RECEIVED_SHUTDOWN 2
338
339#ifdef __cplusplus
340}
341#endif
342
343#ifdef __cplusplus
344extern "C" {
345#endif
346
347#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
348#define OPENSSL_NO_SSL2
349#endif
350
351#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
352#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
353
354/* This is needed to stop compilers complaining about the
355 * 'struct ssl_st *' function parameters used to prototype callbacks
356 * in SSL_CTX. */
357typedef struct ssl_st *ssl_crock_st;
358typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
359
360/* used to hold info on the particular ciphers used */
361typedef struct ssl_cipher_st
362 {
363 int valid;
364 const char *name; /* text name */
365 unsigned long id; /* id, 4 bytes, first is version */
366
367 /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
368 unsigned long algorithm_mkey; /* key exchange algorithm */
369 unsigned long algorithm_auth; /* server authentication */
370 unsigned long algorithm_enc; /* symmetric encryption */
371 unsigned long algorithm_mac; /* symmetric authentication */
372 unsigned long algorithm_ssl; /* (major) protocol version */
373
374 unsigned long algo_strength; /* strength and export flags */
375 unsigned long algorithm2; /* Extra flags */
376 int strength_bits; /* Number of bits really used */
377 int alg_bits; /* Number of bits for algorithm */
378 } SSL_CIPHER;
379
380DECLARE_STACK_OF(SSL_CIPHER)
381
382typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
383typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
384
385/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
386typedef struct ssl_method_st
387 {
388 int version;
389 int (*ssl_new)(SSL *s);
390 void (*ssl_clear)(SSL *s);
391 void (*ssl_free)(SSL *s);
392 int (*ssl_accept)(SSL *s);
393 int (*ssl_connect)(SSL *s);
394 int (*ssl_read)(SSL *s,void *buf,int len);
395 int (*ssl_peek)(SSL *s,void *buf,int len);
396 int (*ssl_write)(SSL *s,const void *buf,int len);
397 int (*ssl_shutdown)(SSL *s);
398 int (*ssl_renegotiate)(SSL *s);
399 int (*ssl_renegotiate_check)(SSL *s);
400 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
401 max, int *ok);
402 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
403 int peek);
404 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
405 int (*ssl_dispatch_alert)(SSL *s);
406 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
407 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
408 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
409 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
410 int (*ssl_pending)(const SSL *s);
411 int (*num_ciphers)(void);
412 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
413 const struct ssl_method_st *(*get_ssl_method)(int version);
414 long (*get_timeout)(void);
415 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
416 int (*ssl_version)(void);
417 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
418 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
419 } SSL_METHOD;
420
421/* Lets make this into an ASN.1 type structure as follows
422 * SSL_SESSION_ID ::= SEQUENCE {
423 * version INTEGER, -- structure version number
424 * SSLversion INTEGER, -- SSL version number
425 * Cipher OCTET STRING, -- the 3 byte cipher ID
426 * Session_ID OCTET STRING, -- the Session ID
427 * Master_key OCTET STRING, -- the master key
428 * KRB5_principal OCTET STRING -- optional Kerberos principal
429 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
430 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
431 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
432 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
433 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
434 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
435 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
436 * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension
437 * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
438 * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
439 * }
440 * Look in ssl/ssl_asn1.c for more details
441 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
442 */
443typedef struct ssl_session_st
444 {
445 int ssl_version; /* what ssl version session info is
446 * being kept in here? */
447
448 /* only really used in SSLv2 */
449 unsigned int key_arg_length;
450 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
451 int master_key_length;
452 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
453 /* session_id - valid? */
454 unsigned int session_id_length;
455 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
456 /* this is used to determine whether the session is being reused in
457 * the appropriate context. It is up to the application to set this,
458 * via SSL_new */
459 unsigned int sid_ctx_length;
460 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
461
462#ifndef OPENSSL_NO_KRB5
463 unsigned int krb5_client_princ_len;
464 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
465#endif /* OPENSSL_NO_KRB5 */
466#ifndef OPENSSL_NO_PSK
467 char *psk_identity_hint;
468 char *psk_identity;
469#endif
470 int not_resumable;
471
472 /* The cert is the certificate used to establish this connection */
473 struct sess_cert_st /* SESS_CERT */ *sess_cert;
474
475 /* This is the cert for the other end.
476 * On clients, it will be the same as sess_cert->peer_key->x509
477 * (the latter is not enough as sess_cert is not retained
478 * in the external representation of sessions, see ssl_asn1.c). */
479 X509 *peer;
480 /* when app_verify_callback accepts a session where the peer's certificate
481 * is not ok, we must remember the error for session reuse: */
482 long verify_result; /* only for servers */
483
484 int references;
485 long timeout;
486 long time;
487
488 unsigned int compress_meth; /* Need to lookup the method */
489
490 const SSL_CIPHER *cipher;
491 unsigned long cipher_id; /* when ASN.1 loaded, this
492 * needs to be used to load
493 * the 'cipher' structure */
494
495 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
496
497 CRYPTO_EX_DATA ex_data; /* application specific data */
498
499 /* These are used to make removal of session-ids more
500 * efficient and to implement a maximum cache size. */
501 struct ssl_session_st *prev,*next;
502#ifndef OPENSSL_NO_TLSEXT
503 char *tlsext_hostname;
504#ifndef OPENSSL_NO_EC
505 size_t tlsext_ecpointformatlist_length;
506 unsigned char *tlsext_ecpointformatlist; /* peer's list */
507 size_t tlsext_ellipticcurvelist_length;
508 unsigned char *tlsext_ellipticcurvelist; /* peer's list */
509#endif /* OPENSSL_NO_EC */
510 /* RFC4507 info */
511 unsigned char *tlsext_tick; /* Session ticket */
512 size_t tlsext_ticklen; /* Session ticket length */
513 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
514#endif
515 } SSL_SESSION;
516
517
518#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
519#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
520/* Allow initial connection to servers that don't support RI */
521#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
522#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
523#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
524#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
525#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
526#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
527#define SSL_OP_TLS_D5_BUG 0x00000100L
528#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
529
530/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
531 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
532 * the workaround is not needed. Unfortunately some broken SSL/TLS
533 * implementations cannot handle it at all, which is why we include
534 * it in SSL_OP_ALL. */
535#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
536
537/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
538 * This used to be 0x000FFFFFL before 0.9.7. */
539#define SSL_OP_ALL 0x80000FFFL
540
541/* DTLS options */
542#define SSL_OP_NO_QUERY_MTU 0x00001000L
543/* Turn on Cookie Exchange (on relevant for servers) */
544#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
545/* Don't use RFC4507 ticket extension */
546#define SSL_OP_NO_TICKET 0x00004000L
547/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
548#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
549
550/* As server, disallow session resumption on renegotiation */
551#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
552/* Don't use compression even if supported */
553#define SSL_OP_NO_COMPRESSION 0x00020000L
554/* Permit unsafe legacy renegotiation */
555#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
556/* If set, always create a new key when using tmp_ecdh parameters */
557#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
558/* If set, always create a new key when using tmp_dh parameters */
559#define SSL_OP_SINGLE_DH_USE 0x00100000L
560/* Set to always use the tmp_rsa key when doing RSA operations,
561 * even when this violates protocol specs */
562#define SSL_OP_EPHEMERAL_RSA 0x00200000L
563/* Set on servers to choose the cipher according to the server's
564 * preferences */
565#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
566/* If set, a server will allow a client to issue a SSLv3.0 version number
567 * as latest version supported in the premaster secret, even when TLSv1.0
568 * (version 3.1) was announced in the client hello. Normally this is
569 * forbidden to prevent version rollback attacks. */
570#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
571
572#define SSL_OP_NO_SSLv2 0x01000000L
573#define SSL_OP_NO_SSLv3 0x02000000L
574#define SSL_OP_NO_TLSv1 0x04000000L
575
576/* The next flag deliberately changes the ciphertest, this is a check
577 * for the PKCS#1 attack */
578#define SSL_OP_PKCS1_CHECK_1 0x08000000L
579#define SSL_OP_PKCS1_CHECK_2 0x10000000L
580#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
581#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
582/* Make server add server-hello extension from early version of
583 * cryptopro draft, when GOST ciphersuite is negotiated.
584 * Required for interoperability with CryptoPro CSP 3.x
585 */
586#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
587
588/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
589 * when just a single record has been written): */
590#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
591/* Make it possible to retry SSL_write() with changed buffer location
592 * (buffer contents must stay the same!); this is not the default to avoid
593 * the misconception that non-blocking SSL_write() behaves like
594 * non-blocking write(): */
595#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
596/* Never bother the application with retries if the transport
597 * is blocking: */
598#define SSL_MODE_AUTO_RETRY 0x00000004L
599/* Don't attempt to automatically build certificate chain */
600#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
601/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
602 * TLS only.) "Released" buffers are put onto a free-list in the context
603 * or just freed (depending on the context's setting for freelist_max_len). */
604#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
605
606/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
607 * they cannot be used to clear bits. */
608
609#define SSL_CTX_set_options(ctx,op) \
610 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
611#define SSL_CTX_clear_options(ctx,op) \
612 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
613#define SSL_CTX_get_options(ctx) \
614 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
615#define SSL_set_options(ssl,op) \
616 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
617#define SSL_clear_options(ssl,op) \
618 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
619#define SSL_get_options(ssl) \
620 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
621
622#define SSL_CTX_set_mode(ctx,op) \
623 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
624#define SSL_CTX_clear_mode(ctx,op) \
625 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
626#define SSL_CTX_get_mode(ctx) \
627 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
628#define SSL_clear_mode(ssl,op) \
629 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
630#define SSL_set_mode(ssl,op) \
631 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
632#define SSL_get_mode(ssl) \
633 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
634#define SSL_set_mtu(ssl, mtu) \
635 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
636
637#define SSL_get_secure_renegotiation_support(ssl) \
638 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
639
640void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
641void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
642#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
643#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
644
645
646
647#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
648#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
649#else
650#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
651#endif
652
653#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
654
655/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
656 * them. It is used to override the generation of SSL/TLS session IDs in a
657 * server. Return value should be zero on an error, non-zero to proceed. Also,
658 * callbacks should themselves check if the id they generate is unique otherwise
659 * the SSL handshake will fail with an error - callbacks can do this using the
660 * 'ssl' value they're passed by;
661 * SSL_has_matching_session_id(ssl, id, *id_len)
662 * The length value passed in is set at the maximum size the session ID can be.
663 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
664 * can alter this length to be less if desired, but under SSLv2 session IDs are
665 * supposed to be fixed at 16 bytes so the id will be padded after the callback
666 * returns in this case. It is also an error for the callback to set the size to
667 * zero. */
668typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
669 unsigned int *id_len);
670
671typedef struct ssl_comp_st
672 {
673 int id;
674 const char *name;
675#ifndef OPENSSL_NO_COMP
676 COMP_METHOD *method;
677#else
678 char *method;
679#endif
680 } SSL_COMP;
681
682DECLARE_STACK_OF(SSL_COMP)
683DECLARE_LHASH_OF(SSL_SESSION);
684
685struct ssl_ctx_st
686 {
687 const SSL_METHOD *method;
688
689 STACK_OF(SSL_CIPHER) *cipher_list;
690 /* same as above but sorted for lookup */
691 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
692
693 struct x509_store_st /* X509_STORE */ *cert_store;
694 LHASH_OF(SSL_SESSION) *sessions;
695 /* Most session-ids that will be cached, default is
696 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
697 unsigned long session_cache_size;
698 struct ssl_session_st *session_cache_head;
699 struct ssl_session_st *session_cache_tail;
700
701 /* This can have one of 2 values, ored together,
702 * SSL_SESS_CACHE_CLIENT,
703 * SSL_SESS_CACHE_SERVER,
704 * Default is SSL_SESSION_CACHE_SERVER, which means only
705 * SSL_accept which cache SSL_SESSIONS. */
706 int session_cache_mode;
707
708 /* If timeout is not 0, it is the default timeout value set
709 * when SSL_new() is called. This has been put in to make
710 * life easier to set things up */
711 long session_timeout;
712
713 /* If this callback is not null, it will be called each
714 * time a session id is added to the cache. If this function
715 * returns 1, it means that the callback will do a
716 * SSL_SESSION_free() when it has finished using it. Otherwise,
717 * on 0, it means the callback has finished with it.
718 * If remove_session_cb is not null, it will be called when
719 * a session-id is removed from the cache. After the call,
720 * OpenSSL will SSL_SESSION_free() it. */
721 int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
722 void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
723 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
724 unsigned char *data,int len,int *copy);
725
726 struct
727 {
728 int sess_connect; /* SSL new conn - started */
729 int sess_connect_renegotiate;/* SSL reneg - requested */
730 int sess_connect_good; /* SSL new conne/reneg - finished */
731 int sess_accept; /* SSL new accept - started */
732 int sess_accept_renegotiate;/* SSL reneg - requested */
733 int sess_accept_good; /* SSL accept/reneg - finished */
734 int sess_miss; /* session lookup misses */
735 int sess_timeout; /* reuse attempt on timeouted session */
736 int sess_cache_full; /* session removed due to full cache */
737 int sess_hit; /* session reuse actually done */
738 int sess_cb_hit; /* session-id that was not
739 * in the cache was
740 * passed back via the callback. This
741 * indicates that the application is
742 * supplying session-id's from other
743 * processes - spooky :-) */
744 } stats;
745
746 int references;
747
748 /* if defined, these override the X509_verify_cert() calls */
749 int (*app_verify_callback)(X509_STORE_CTX *, void *);
750 void *app_verify_arg;
751 /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
752 * ('app_verify_callback' was called with just one argument) */
753
754 /* Default password callback. */
755 pem_password_cb *default_passwd_callback;
756
757 /* Default password callback user data. */
758 void *default_passwd_callback_userdata;
759
760 /* get client cert callback */
761 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
762
763 /* cookie generate callback */
764 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
765 unsigned int *cookie_len);
766
767 /* verify cookie callback */
768 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
769 unsigned int cookie_len);
770
771 CRYPTO_EX_DATA ex_data;
772
773 const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
774 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
775 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
776
777 STACK_OF(X509) *extra_certs;
778 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
779
780
781 /* Default values used when no per-SSL value is defined follow */
782
783 void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
784
785 /* what we put in client cert requests */
786 STACK_OF(X509_NAME) *client_CA;
787
788
789 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
790
791 unsigned long options;
792 unsigned long mode;
793 long max_cert_list;
794
795 struct cert_st /* CERT */ *cert;
796 int read_ahead;
797
798 /* callback that allows applications to peek at protocol messages */
799 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
800 void *msg_callback_arg;
801
802 int verify_mode;
803 unsigned int sid_ctx_length;
804 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
805 int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
806
807 /* Default generate session ID callback. */
808 GEN_SESSION_CB generate_session_id;
809
810 X509_VERIFY_PARAM *param;
811
812#if 0
813 int purpose; /* Purpose setting */
814 int trust; /* Trust setting */
815#endif
816
817 int quiet_shutdown;
818
819 /* Maximum amount of data to send in one fragment.
820 * actual record size can be more than this due to
821 * padding and MAC overheads.
822 */
823 unsigned int max_send_fragment;
824
825#ifndef OPENSSL_ENGINE
826 /* Engine to pass requests for client certs to
827 */
828 ENGINE *client_cert_engine;
829#endif
830
831#ifndef OPENSSL_NO_TLSEXT
832 /* TLS extensions servername callback */
833 int (*tlsext_servername_callback)(SSL*, int *, void *);
834 void *tlsext_servername_arg;
835 /* RFC 4507 session ticket keys */
836 unsigned char tlsext_tick_key_name[16];
837 unsigned char tlsext_tick_hmac_key[16];
838 unsigned char tlsext_tick_aes_key[16];
839 /* Callback to support customisation of ticket key setting */
840 int (*tlsext_ticket_key_cb)(SSL *ssl,
841 unsigned char *name, unsigned char *iv,
842 EVP_CIPHER_CTX *ectx,
843 HMAC_CTX *hctx, int enc);
844
845 /* certificate status request info */
846 /* Callback for status request */
847 int (*tlsext_status_cb)(SSL *ssl, void *arg);
848 void *tlsext_status_arg;
849
850 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
851 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
852 void *tlsext_opaque_prf_input_callback_arg;
853#endif
854
855#ifndef OPENSSL_NO_PSK
856 char *psk_identity_hint;
857 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
858 unsigned int max_identity_len, unsigned char *psk,
859 unsigned int max_psk_len);
860 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
861 unsigned char *psk, unsigned int max_psk_len);
862#endif
863
864#ifndef OPENSSL_NO_BUF_FREELISTS
865#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
866 unsigned int freelist_max_len;
867 struct ssl3_buf_freelist_st *wbuf_freelist;
868 struct ssl3_buf_freelist_st *rbuf_freelist;
869#endif
870 };
871
872#define SSL_SESS_CACHE_OFF 0x0000
873#define SSL_SESS_CACHE_CLIENT 0x0001
874#define SSL_SESS_CACHE_SERVER 0x0002
875#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
876#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
877/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
878#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
879#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
880#define SSL_SESS_CACHE_NO_INTERNAL \
881 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
882
883LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
884#define SSL_CTX_sess_number(ctx) \
885 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
886#define SSL_CTX_sess_connect(ctx) \
887 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
888#define SSL_CTX_sess_connect_good(ctx) \
889 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
890#define SSL_CTX_sess_connect_renegotiate(ctx) \
891 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
892#define SSL_CTX_sess_accept(ctx) \
893 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
894#define SSL_CTX_sess_accept_renegotiate(ctx) \
895 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
896#define SSL_CTX_sess_accept_good(ctx) \
897 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
898#define SSL_CTX_sess_hits(ctx) \
899 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
900#define SSL_CTX_sess_cb_hits(ctx) \
901 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
902#define SSL_CTX_sess_misses(ctx) \
903 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
904#define SSL_CTX_sess_timeouts(ctx) \
905 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
906#define SSL_CTX_sess_cache_full(ctx) \
907 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
908
909void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
910int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
911void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
912void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
913void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
914SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
915void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
916void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
917void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
918int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
919#ifndef OPENSSL_NO_ENGINE
920int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
921#endif
922void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
923void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
924
925#ifndef OPENSSL_NO_PSK
926/* the maximum length of the buffer given to callbacks containing the
927 * resulting identity/psk */
928#define PSK_MAX_IDENTITY_LEN 128
929#define PSK_MAX_PSK_LEN 256
930void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
931 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
932 char *identity, unsigned int max_identity_len, unsigned char *psk,
933 unsigned int max_psk_len));
934void SSL_set_psk_client_callback(SSL *ssl,
935 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
936 char *identity, unsigned int max_identity_len, unsigned char *psk,
937 unsigned int max_psk_len));
938void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
939 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
940 unsigned char *psk, unsigned int max_psk_len));
941void SSL_set_psk_server_callback(SSL *ssl,
942 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
943 unsigned char *psk, unsigned int max_psk_len));
944int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
945int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
946const char *SSL_get_psk_identity_hint(const SSL *s);
947const char *SSL_get_psk_identity(const SSL *s);
948#endif
949
950#define SSL_NOTHING 1
951#define SSL_WRITING 2
952#define SSL_READING 3
953#define SSL_X509_LOOKUP 4
954
955/* These will only be used when doing non-blocking IO */
956#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
957#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
958#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
959#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
960
961#define SSL_MAC_FLAG_READ_MAC_STREAM 1
962#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
963
964struct ssl_st
965 {
966 /* protocol version
967 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
968 */
969 int version;
970 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
971
972 const SSL_METHOD *method; /* SSLv3 */
973
974 /* There are 2 BIO's even though they are normally both the
975 * same. This is so data can be read and written to different
976 * handlers */
977
978#ifndef OPENSSL_NO_BIO
979 BIO *rbio; /* used by SSL_read */
980 BIO *wbio; /* used by SSL_write */
981 BIO *bbio; /* used during session-id reuse to concatenate
982 * messages */
983#else
984 char *rbio; /* used by SSL_read */
985 char *wbio; /* used by SSL_write */
986 char *bbio;
987#endif
988 /* This holds a variable that indicates what we were doing
989 * when a 0 or -1 is returned. This is needed for
990 * non-blocking IO so we know what request needs re-doing when
991 * in SSL_accept or SSL_connect */
992 int rwstate;
993
994 /* true when we are actually in SSL_accept() or SSL_connect() */
995 int in_handshake;
996 int (*handshake_func)(SSL *);
997
998 /* Imagine that here's a boolean member "init" that is
999 * switched as soon as SSL_set_{accept/connect}_state
1000 * is called for the first time, so that "state" and
1001 * "handshake_func" are properly initialized. But as
1002 * handshake_func is == 0 until then, we use this
1003 * test instead of an "init" member.
1004 */
1005
1006 int server; /* are we the server side? - mostly used by SSL_clear*/
1007
1008 int new_session;/* 1 if we are to use a new session.
1009 * 2 if we are a server and are inside a handshake
1010 * (i.e. not just sending a HelloRequest)
1011 * NB: For servers, the 'new' session may actually be a previously
1012 * cached session or even the previous session unless
1013 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1014 int quiet_shutdown;/* don't send shutdown packets */
1015 int shutdown; /* we have shut things down, 0x01 sent, 0x02
1016 * for received */
1017 int state; /* where we are */
1018 int rstate; /* where we are when reading */
1019
1020 BUF_MEM *init_buf; /* buffer used during init */
1021 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
1022 int init_num; /* amount read/written */
1023 int init_off; /* amount read/written */
1024
1025 /* used internally to point at a raw packet */
1026 unsigned char *packet;
1027 unsigned int packet_length;
1028
1029 struct ssl2_state_st *s2; /* SSLv2 variables */
1030 struct ssl3_state_st *s3; /* SSLv3 variables */
1031 struct dtls1_state_st *d1; /* DTLSv1 variables */
1032
1033 int read_ahead; /* Read as many input bytes as possible
1034 * (for non-blocking reads) */
1035
1036 /* callback that allows applications to peek at protocol messages */
1037 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
1038 void *msg_callback_arg;
1039
1040 int hit; /* reusing a previous session */
1041
1042 X509_VERIFY_PARAM *param;
1043
1044#if 0
1045 int purpose; /* Purpose setting */
1046 int trust; /* Trust setting */
1047#endif
1048
1049 /* crypto */
1050 STACK_OF(SSL_CIPHER) *cipher_list;
1051 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1052
1053 /* These are the ones being used, the ones in SSL_SESSION are
1054 * the ones to be 'copied' into these ones */
1055 int mac_flags;
1056 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1057 EVP_MD_CTX *read_hash; /* used for mac generation */
1058#ifndef OPENSSL_NO_COMP
1059 COMP_CTX *expand; /* uncompress */
1060#else
1061 char *expand;
1062#endif
1063
1064 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1065 EVP_MD_CTX *write_hash; /* used for mac generation */
1066#ifndef OPENSSL_NO_COMP
1067 COMP_CTX *compress; /* compression */
1068#else
1069 char *compress;
1070#endif
1071
1072 /* session info */
1073
1074 /* client cert? */
1075 /* This is used to hold the server certificate used */
1076 struct cert_st /* CERT */ *cert;
1077
1078 /* the session_id_context is used to ensure sessions are only reused
1079 * in the appropriate context */
1080 unsigned int sid_ctx_length;
1081 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1082
1083 /* This can also be in the session once a session is established */
1084 SSL_SESSION *session;
1085
1086 /* Default generate session ID callback. */
1087 GEN_SESSION_CB generate_session_id;
1088
1089 /* Used in SSL2 and SSL3 */
1090 int verify_mode; /* 0 don't care about verify failure.
1091 * 1 fail if verify fails */
1092 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
1093
1094 void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
1095
1096 int error; /* error bytes to be written */
1097 int error_code; /* actual code */
1098
1099#ifndef OPENSSL_NO_KRB5
1100 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
1101#endif /* OPENSSL_NO_KRB5 */
1102
1103#ifndef OPENSSL_NO_PSK
1104 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
1105 unsigned int max_identity_len, unsigned char *psk,
1106 unsigned int max_psk_len);
1107 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1108 unsigned char *psk, unsigned int max_psk_len);
1109#endif
1110
1111 SSL_CTX *ctx;
1112 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
1113 * and SSL_write() calls, good for nbio debuging :-) */
1114 int debug;
1115
1116 /* extra application data */
1117 long verify_result;
1118 CRYPTO_EX_DATA ex_data;
1119
1120 /* for server side, keep the list of CA_dn we can use */
1121 STACK_OF(X509_NAME) *client_CA;
1122
1123 int references;
1124 unsigned long options; /* protocol behaviour */
1125 unsigned long mode; /* API behaviour */
1126 long max_cert_list;
1127 int first_packet;
1128 int client_version; /* what was passed, used for
1129 * SSLv3/TLS rollback check */
1130 unsigned int max_send_fragment;
1131#ifndef OPENSSL_NO_TLSEXT
1132 /* TLS extension debug callback */
1133 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1134 unsigned char *data, int len,
1135 void *arg);
1136 void *tlsext_debug_arg;
1137 char *tlsext_hostname;
1138 int servername_done; /* no further mod of servername
1139 0 : call the servername extension callback.
1140 1 : prepare 2, allow last ack just after in server callback.
1141 2 : don't call servername callback, no ack in server hello
1142 */
1143 /* certificate status request info */
1144 /* Status type or -1 if no status type */
1145 int tlsext_status_type;
1146 /* Expect OCSP CertificateStatus message */
1147 int tlsext_status_expected;
1148 /* OCSP status request only */
1149 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
1150 X509_EXTENSIONS *tlsext_ocsp_exts;
1151 /* OCSP response received or to be sent */
1152 unsigned char *tlsext_ocsp_resp;
1153 int tlsext_ocsp_resplen;
1154
1155 /* RFC4507 session ticket expected to be received or sent */
1156 int tlsext_ticket_expected;
1157#ifndef OPENSSL_NO_EC
1158 size_t tlsext_ecpointformatlist_length;
1159 unsigned char *tlsext_ecpointformatlist; /* our list */
1160 size_t tlsext_ellipticcurvelist_length;
1161 unsigned char *tlsext_ellipticcurvelist; /* our list */
1162#endif /* OPENSSL_NO_EC */
1163
1164 /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
1165 void *tlsext_opaque_prf_input;
1166 size_t tlsext_opaque_prf_input_len;
1167
1168 /* TLS Session Ticket extension override */
1169 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1170
1171 /* TLS Session Ticket extension callback */
1172 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
1173 void *tls_session_ticket_ext_cb_arg;
1174
1175 /* TLS pre-shared secret session resumption */
1176 tls_session_secret_cb_fn tls_session_secret_cb;
1177 void *tls_session_secret_cb_arg;
1178
1179 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1180#define session_ctx initial_ctx
1181#else
1182#define session_ctx ctx
1183#endif /* OPENSSL_NO_TLSEXT */
1184 };
1185
1186#ifdef __cplusplus
1187}
1188#endif
1189
1190#include <openssl/ssl2.h>
1191#include <openssl/ssl3.h>
1192#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1193#include <openssl/dtls1.h> /* Datagram TLS */
1194#include <openssl/ssl23.h>
1195
1196#ifdef __cplusplus
1197extern "C" {
1198#endif
1199
1200/* compatibility */
1201#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
1202#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
1203#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
1204#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
1205#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
1206#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1207
1208/* The following are the possible values for ssl->state are are
1209 * used to indicate where we are up to in the SSL connection establishment.
1210 * The macros that follow are about the only things you should need to use
1211 * and even then, only when using non-blocking IO.
1212 * It can also be useful to work out where you were when the connection
1213 * failed */
1214
1215#define SSL_ST_CONNECT 0x1000
1216#define SSL_ST_ACCEPT 0x2000
1217#define SSL_ST_MASK 0x0FFF
1218#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
1219#define SSL_ST_BEFORE 0x4000
1220#define SSL_ST_OK 0x03
1221#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
1222
1223#define SSL_CB_LOOP 0x01
1224#define SSL_CB_EXIT 0x02
1225#define SSL_CB_READ 0x04
1226#define SSL_CB_WRITE 0x08
1227#define SSL_CB_ALERT 0x4000 /* used in callback */
1228#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
1229#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
1230#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
1231#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
1232#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
1233#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
1234#define SSL_CB_HANDSHAKE_START 0x10
1235#define SSL_CB_HANDSHAKE_DONE 0x20
1236
1237/* Is the SSL_connection established? */
1238#define SSL_get_state(a) SSL_state(a)
1239#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
1240#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
1241#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
1242#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
1243#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
1244
1245/* The following 2 states are kept in ssl->rstate when reads fail,
1246 * you should not need these */
1247#define SSL_ST_READ_HEADER 0xF0
1248#define SSL_ST_READ_BODY 0xF1
1249#define SSL_ST_READ_DONE 0xF2
1250
1251/* Obtain latest Finished message
1252 * -- that we sent (SSL_get_finished)
1253 * -- that we expected from peer (SSL_get_peer_finished).
1254 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
1255size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
1256size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1257
1258/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
1259 * are 'ored' with SSL_VERIFY_PEER if they are desired */
1260#define SSL_VERIFY_NONE 0x00
1261#define SSL_VERIFY_PEER 0x01
1262#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
1263#define SSL_VERIFY_CLIENT_ONCE 0x04
1264
1265#define OpenSSL_add_ssl_algorithms() SSL_library_init()
1266#define SSLeay_add_ssl_algorithms() SSL_library_init()
1267
1268/* this is for backward compatibility */
1269#if 0 /* NEW_SSLEAY */
1270#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
1271#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
1272#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
1273#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
1274#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
1275#endif
1276/* More backward compatibility */
1277#define SSL_get_cipher(s) \
1278 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1279#define SSL_get_cipher_bits(s,np) \
1280 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
1281#define SSL_get_cipher_version(s) \
1282 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
1283#define SSL_get_cipher_name(s) \
1284 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1285#define SSL_get_time(a) SSL_SESSION_get_time(a)
1286#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
1287#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1288#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1289
1290#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1291#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1292
1293DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1294
1295#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
1296
1297/* These alert types are for SSLv3 and TLSv1 */
1298#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1299#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
1300#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
1301#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
1302#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
1303#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
1304#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
1305#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
1306#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
1307#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
1308#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
1309#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
1310#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
1311#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
1312#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
1313#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
1314#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
1315#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
1316#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
1317#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
1318#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
1319#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
1320#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
1321#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
1322#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
1323#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1324#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1325#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1326#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1327#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1328
1329#define SSL_ERROR_NONE 0
1330#define SSL_ERROR_SSL 1
1331#define SSL_ERROR_WANT_READ 2
1332#define SSL_ERROR_WANT_WRITE 3
1333#define SSL_ERROR_WANT_X509_LOOKUP 4
1334#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
1335#define SSL_ERROR_ZERO_RETURN 6
1336#define SSL_ERROR_WANT_CONNECT 7
1337#define SSL_ERROR_WANT_ACCEPT 8
1338
1339#define SSL_CTRL_NEED_TMP_RSA 1
1340#define SSL_CTRL_SET_TMP_RSA 2
1341#define SSL_CTRL_SET_TMP_DH 3
1342#define SSL_CTRL_SET_TMP_ECDH 4
1343#define SSL_CTRL_SET_TMP_RSA_CB 5
1344#define SSL_CTRL_SET_TMP_DH_CB 6
1345#define SSL_CTRL_SET_TMP_ECDH_CB 7
1346
1347#define SSL_CTRL_GET_SESSION_REUSED 8
1348#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
1349#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
1350#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
1351#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
1352#define SSL_CTRL_GET_FLAGS 13
1353#define SSL_CTRL_EXTRA_CHAIN_CERT 14
1354
1355#define SSL_CTRL_SET_MSG_CALLBACK 15
1356#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
1357
1358/* only applies to datagram connections */
1359#define SSL_CTRL_SET_MTU 17
1360/* Stats */
1361#define SSL_CTRL_SESS_NUMBER 20
1362#define SSL_CTRL_SESS_CONNECT 21
1363#define SSL_CTRL_SESS_CONNECT_GOOD 22
1364#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
1365#define SSL_CTRL_SESS_ACCEPT 24
1366#define SSL_CTRL_SESS_ACCEPT_GOOD 25
1367#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
1368#define SSL_CTRL_SESS_HIT 27
1369#define SSL_CTRL_SESS_CB_HIT 28
1370#define SSL_CTRL_SESS_MISSES 29
1371#define SSL_CTRL_SESS_TIMEOUTS 30
1372#define SSL_CTRL_SESS_CACHE_FULL 31
1373#define SSL_CTRL_OPTIONS 32
1374#define SSL_CTRL_MODE 33
1375
1376#define SSL_CTRL_GET_READ_AHEAD 40
1377#define SSL_CTRL_SET_READ_AHEAD 41
1378#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
1379#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
1380#define SSL_CTRL_SET_SESS_CACHE_MODE 44
1381#define SSL_CTRL_GET_SESS_CACHE_MODE 45
1382
1383#define SSL_CTRL_GET_MAX_CERT_LIST 50
1384#define SSL_CTRL_SET_MAX_CERT_LIST 51
1385
1386#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1387
1388/* see tls1.h for macros based on these */
1389#ifndef OPENSSL_NO_TLSEXT
1390#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1391#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1392#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
1393#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
1394#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1395#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1396#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1397#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
1398#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
1399#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1400#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1401#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1402#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
1403#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
1404#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
1405#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
1406#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
1407#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
1408#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
1409
1410#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1411#endif
1412
1413#define DTLS_CTRL_GET_TIMEOUT 73
1414#define DTLS_CTRL_HANDLE_TIMEOUT 74
1415#define DTLS_CTRL_LISTEN 75
1416
1417#define SSL_CTRL_GET_RI_SUPPORT 76
1418#define SSL_CTRL_CLEAR_OPTIONS 77
1419#define SSL_CTRL_CLEAR_MODE 78
1420
1421#define DTLSv1_get_timeout(ssl, arg) \
1422 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1423#define DTLSv1_handle_timeout(ssl) \
1424 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1425#define DTLSv1_listen(ssl, peer) \
1426 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
1427
1428#define SSL_session_reused(ssl) \
1429 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1430#define SSL_num_renegotiations(ssl) \
1431 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
1432#define SSL_clear_num_renegotiations(ssl) \
1433 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
1434#define SSL_total_renegotiations(ssl) \
1435 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1436
1437#define SSL_CTX_need_tmp_RSA(ctx) \
1438 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1439#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
1440 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1441#define SSL_CTX_set_tmp_dh(ctx,dh) \
1442 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1443#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
1444 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1445
1446#define SSL_need_tmp_RSA(ssl) \
1447 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1448#define SSL_set_tmp_rsa(ssl,rsa) \
1449 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1450#define SSL_set_tmp_dh(ssl,dh) \
1451 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1452#define SSL_set_tmp_ecdh(ssl,ecdh) \
1453 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1454
1455#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1456 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1457
1458#ifndef OPENSSL_NO_BIO
1459BIO_METHOD *BIO_f_ssl(void);
1460BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
1461BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
1462BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1463int BIO_ssl_copy_session_id(BIO *to,BIO *from);
1464void BIO_ssl_shutdown(BIO *ssl_bio);
1465
1466#endif
1467
1468int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
1469SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1470void SSL_CTX_free(SSL_CTX *);
1471long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
1472long SSL_CTX_get_timeout(const SSL_CTX *ctx);
1473X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1474void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
1475int SSL_want(const SSL *s);
1476int SSL_clear(SSL *s);
1477
1478void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
1479
1480const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1481int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
1482char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1483const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1484
1485int SSL_get_fd(const SSL *s);
1486int SSL_get_rfd(const SSL *s);
1487int SSL_get_wfd(const SSL *s);
1488const char * SSL_get_cipher_list(const SSL *s,int n);
1489char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
1490int SSL_get_read_ahead(const SSL * s);
1491int SSL_pending(const SSL *s);
1492#ifndef OPENSSL_NO_SOCK
1493int SSL_set_fd(SSL *s, int fd);
1494int SSL_set_rfd(SSL *s, int fd);
1495int SSL_set_wfd(SSL *s, int fd);
1496#endif
1497#ifndef OPENSSL_NO_BIO
1498void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
1499BIO * SSL_get_rbio(const SSL *s);
1500BIO * SSL_get_wbio(const SSL *s);
1501#endif
1502int SSL_set_cipher_list(SSL *s, const char *str);
1503void SSL_set_read_ahead(SSL *s, int yes);
1504int SSL_get_verify_mode(const SSL *s);
1505int SSL_get_verify_depth(const SSL *s);
1506int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
1507void SSL_set_verify(SSL *s, int mode,
1508 int (*callback)(int ok,X509_STORE_CTX *ctx));
1509void SSL_set_verify_depth(SSL *s, int depth);
1510#ifndef OPENSSL_NO_RSA
1511int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1512#endif
1513int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
1514int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1515int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
1516int SSL_use_certificate(SSL *ssl, X509 *x);
1517int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1518
1519#ifndef OPENSSL_NO_STDIO
1520int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
1521int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
1522int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
1523int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1524int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1525int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1526int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
1527STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
1528int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1529 const char *file);
1530#ifndef OPENSSL_SYS_VMS
1531#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
1532int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1533 const char *dir);
1534#endif
1535#endif
1536
1537#endif
1538
1539void SSL_load_error_strings(void );
1540const char *SSL_state_string(const SSL *s);
1541const char *SSL_rstate_string(const SSL *s);
1542const char *SSL_state_string_long(const SSL *s);
1543const char *SSL_rstate_string_long(const SSL *s);
1544long SSL_SESSION_get_time(const SSL_SESSION *s);
1545long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1546long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1547long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1548void SSL_copy_session_id(SSL *to,const SSL *from);
1549
1550SSL_SESSION *SSL_SESSION_new(void);
1551const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1552 unsigned int *len);
1553#ifndef OPENSSL_NO_FP_API
1554int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1555#endif
1556#ifndef OPENSSL_NO_BIO
1557int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
1558#endif
1559void SSL_SESSION_free(SSL_SESSION *ses);
1560int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
1561int SSL_set_session(SSL *to, SSL_SESSION *session);
1562int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1563int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
1564int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
1565int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1566int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1567 unsigned int id_len);
1568SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
1569 long length);
1570
1571#ifdef HEADER_X509_H
1572X509 * SSL_get_peer_certificate(const SSL *s);
1573#endif
1574
1575STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1576
1577int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
1578int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
1579int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
1580void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
1581 int (*callback)(int, X509_STORE_CTX *));
1582void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
1583void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
1584#ifndef OPENSSL_NO_RSA
1585int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1586#endif
1587int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1588int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1589int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
1590 const unsigned char *d, long len);
1591int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1592int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1593
1594void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
1595void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1596
1597int SSL_CTX_check_private_key(const SSL_CTX *ctx);
1598int SSL_check_private_key(const SSL *ctx);
1599
1600int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
1601 unsigned int sid_ctx_len);
1602
1603SSL * SSL_new(SSL_CTX *ctx);
1604int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
1605 unsigned int sid_ctx_len);
1606
1607int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1608int SSL_set_purpose(SSL *s, int purpose);
1609int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1610int SSL_set_trust(SSL *s, int trust);
1611
1612int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1613int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1614
1615void SSL_free(SSL *ssl);
1616int SSL_accept(SSL *ssl);
1617int SSL_connect(SSL *ssl);
1618int SSL_read(SSL *ssl,void *buf,int num);
1619int SSL_peek(SSL *ssl,void *buf,int num);
1620int SSL_write(SSL *ssl,const void *buf,int num);
1621long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
1622long SSL_callback_ctrl(SSL *, int, void (*)(void));
1623long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
1624long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1625
1626int SSL_get_error(const SSL *s,int ret_code);
1627const char *SSL_get_version(const SSL *s);
1628
1629/* This sets the 'default' SSL version that SSL_new() will create */
1630int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1631
1632#ifndef OPENSSL_NO_SSL2
1633const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1634const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1635const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1636#endif
1637
1638const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1639const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1640const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1641
1642const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1643const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1644const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1645
1646const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1647const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1648const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1649
1650const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1651const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1652const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1653
1654STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1655
1656int SSL_do_handshake(SSL *s);
1657int SSL_renegotiate(SSL *s);
1658int SSL_renegotiate_pending(SSL *s);
1659int SSL_shutdown(SSL *s);
1660
1661const SSL_METHOD *SSL_get_ssl_method(SSL *s);
1662int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
1663const char *SSL_alert_type_string_long(int value);
1664const char *SSL_alert_type_string(int value);
1665const char *SSL_alert_desc_string_long(int value);
1666const char *SSL_alert_desc_string(int value);
1667
1668void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1669void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1670STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
1671STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1672int SSL_add_client_CA(SSL *ssl,X509 *x);
1673int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
1674
1675void SSL_set_connect_state(SSL *s);
1676void SSL_set_accept_state(SSL *s);
1677
1678long SSL_get_default_timeout(const SSL *s);
1679
1680int SSL_library_init(void );
1681
1682char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
1683STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1684
1685SSL *SSL_dup(SSL *ssl);
1686
1687X509 *SSL_get_certificate(const SSL *ssl);
1688/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1689
1690void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1691int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1692void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1693int SSL_get_quiet_shutdown(const SSL *ssl);
1694void SSL_set_shutdown(SSL *ssl,int mode);
1695int SSL_get_shutdown(const SSL *ssl);
1696int SSL_version(const SSL *ssl);
1697int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1698int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1699 const char *CApath);
1700#define SSL_get0_session SSL_get_session /* just peek at pointer */
1701SSL_SESSION *SSL_get_session(const SSL *ssl);
1702SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1703SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1704SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
1705void SSL_set_info_callback(SSL *ssl,
1706 void (*cb)(const SSL *ssl,int type,int val));
1707void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
1708int SSL_state(const SSL *ssl);
1709
1710void SSL_set_verify_result(SSL *ssl,long v);
1711long SSL_get_verify_result(const SSL *ssl);
1712
1713int SSL_set_ex_data(SSL *ssl,int idx,void *data);
1714void *SSL_get_ex_data(const SSL *ssl,int idx);
1715int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1716 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1717
1718int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
1719void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
1720int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1721 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1722
1723int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
1724void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
1725int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1726 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1727
1728int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1729
1730#define SSL_CTX_sess_set_cache_size(ctx,t) \
1731 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1732#define SSL_CTX_sess_get_cache_size(ctx) \
1733 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1734#define SSL_CTX_set_session_cache_mode(ctx,m) \
1735 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1736#define SSL_CTX_get_session_cache_mode(ctx) \
1737 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1738
1739#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1740#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1741#define SSL_CTX_get_read_ahead(ctx) \
1742 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1743#define SSL_CTX_set_read_ahead(ctx,m) \
1744 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1745#define SSL_CTX_get_max_cert_list(ctx) \
1746 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1747#define SSL_CTX_set_max_cert_list(ctx,m) \
1748 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1749#define SSL_get_max_cert_list(ssl) \
1750 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1751#define SSL_set_max_cert_list(ssl,m) \
1752 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1753
1754#define SSL_CTX_set_max_send_fragment(ctx,m) \
1755 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1756#define SSL_set_max_send_fragment(ssl,m) \
1757 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1758
1759 /* NB: the keylength is only applicable when is_export is true */
1760#ifndef OPENSSL_NO_RSA
1761void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1762 RSA *(*cb)(SSL *ssl,int is_export,
1763 int keylength));
1764
1765void SSL_set_tmp_rsa_callback(SSL *ssl,
1766 RSA *(*cb)(SSL *ssl,int is_export,
1767 int keylength));
1768#endif
1769#ifndef OPENSSL_NO_DH
1770void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1771 DH *(*dh)(SSL *ssl,int is_export,
1772 int keylength));
1773void SSL_set_tmp_dh_callback(SSL *ssl,
1774 DH *(*dh)(SSL *ssl,int is_export,
1775 int keylength));
1776#endif
1777#ifndef OPENSSL_NO_ECDH
1778void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
1779 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
1780 int keylength));
1781void SSL_set_tmp_ecdh_callback(SSL *ssl,
1782 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
1783 int keylength));
1784#endif
1785
1786#ifndef OPENSSL_NO_COMP
1787const COMP_METHOD *SSL_get_current_compression(SSL *s);
1788const COMP_METHOD *SSL_get_current_expansion(SSL *s);
1789const char *SSL_COMP_get_name(const COMP_METHOD *comp);
1790STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
1791int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
1792#else
1793const void *SSL_get_current_compression(SSL *s);
1794const void *SSL_get_current_expansion(SSL *s);
1795const char *SSL_COMP_get_name(const void *comp);
1796void *SSL_COMP_get_compression_methods(void);
1797int SSL_COMP_add_compression_method(int id,void *cm);
1798#endif
1799
1800/* TLS extensions functions */
1801int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1802
1803int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1804 void *arg);
1805
1806/* Pre-shared secret session resumption functions */
1807int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
1808
1809/* BEGIN ERROR CODES */
1810/* The following lines are auto generated by the script mkerr.pl. Any changes
1811 * made after this point may be overwritten when the script is next run.
1812 */
1813void ERR_load_SSL_strings(void);
1814
1815/* Error codes for the SSL functions. */
1816
1817/* Function codes. */
1818#define SSL_F_CLIENT_CERTIFICATE 100
1819#define SSL_F_CLIENT_FINISHED 167
1820#define SSL_F_CLIENT_HELLO 101
1821#define SSL_F_CLIENT_MASTER_KEY 102
1822#define SSL_F_D2I_SSL_SESSION 103
1823#define SSL_F_DO_DTLS1_WRITE 245
1824#define SSL_F_DO_SSL3_WRITE 104
1825#define SSL_F_DTLS1_ACCEPT 246
1826#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
1827#define SSL_F_DTLS1_BUFFER_RECORD 247
1828#define SSL_F_DTLS1_CLIENT_HELLO 248
1829#define SSL_F_DTLS1_CONNECT 249
1830#define SSL_F_DTLS1_ENC 250
1831#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
1832#define SSL_F_DTLS1_GET_MESSAGE 252
1833#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1834#define SSL_F_DTLS1_GET_RECORD 254
1835#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
1836#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1837#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
1838#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
1839#define SSL_F_DTLS1_PROCESS_RECORD 257
1840#define SSL_F_DTLS1_READ_BYTES 258
1841#define SSL_F_DTLS1_READ_FAILED 259
1842#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
1843#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
1844#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
1845#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
1846#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
1847#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
1848#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
1849#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
1850#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
1851#define SSL_F_GET_CLIENT_FINISHED 105
1852#define SSL_F_GET_CLIENT_HELLO 106
1853#define SSL_F_GET_CLIENT_MASTER_KEY 107
1854#define SSL_F_GET_SERVER_FINISHED 108
1855#define SSL_F_GET_SERVER_HELLO 109
1856#define SSL_F_GET_SERVER_VERIFY 110
1857#define SSL_F_I2D_SSL_SESSION 111
1858#define SSL_F_READ_N 112
1859#define SSL_F_REQUEST_CERTIFICATE 113
1860#define SSL_F_SERVER_FINISH 239
1861#define SSL_F_SERVER_HELLO 114
1862#define SSL_F_SERVER_VERIFY 240
1863#define SSL_F_SSL23_ACCEPT 115
1864#define SSL_F_SSL23_CLIENT_HELLO 116
1865#define SSL_F_SSL23_CONNECT 117
1866#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1867#define SSL_F_SSL23_GET_SERVER_HELLO 119
1868#define SSL_F_SSL23_PEEK 237
1869#define SSL_F_SSL23_READ 120
1870#define SSL_F_SSL23_WRITE 121
1871#define SSL_F_SSL2_ACCEPT 122
1872#define SSL_F_SSL2_CONNECT 123
1873#define SSL_F_SSL2_ENC_INIT 124
1874#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
1875#define SSL_F_SSL2_PEEK 234
1876#define SSL_F_SSL2_READ 125
1877#define SSL_F_SSL2_READ_INTERNAL 236
1878#define SSL_F_SSL2_SET_CERTIFICATE 126
1879#define SSL_F_SSL2_WRITE 127
1880#define SSL_F_SSL3_ACCEPT 128
1881#define SSL_F_SSL3_ADD_CERT_TO_BUF 296
1882#define SSL_F_SSL3_CALLBACK_CTRL 233
1883#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1884#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1885#define SSL_F_SSL3_CLIENT_HELLO 131
1886#define SSL_F_SSL3_CONNECT 132
1887#define SSL_F_SSL3_CTRL 213
1888#define SSL_F_SSL3_CTX_CTRL 133
1889#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
1890#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
1891#define SSL_F_SSL3_ENC 134
1892#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1893#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1894#define SSL_F_SSL3_GET_CERT_STATUS 289
1895#define SSL_F_SSL3_GET_CERT_VERIFY 136
1896#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1897#define SSL_F_SSL3_GET_CLIENT_HELLO 138
1898#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
1899#define SSL_F_SSL3_GET_FINISHED 140
1900#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1901#define SSL_F_SSL3_GET_MESSAGE 142
1902#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
1903#define SSL_F_SSL3_GET_RECORD 143
1904#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1905#define SSL_F_SSL3_GET_SERVER_DONE 145
1906#define SSL_F_SSL3_GET_SERVER_HELLO 146
1907#define SSL_F_SSL3_HANDSHAKE_MAC 285
1908#define SSL_F_SSL3_NEW_SESSION_TICKET 287
1909#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1910#define SSL_F_SSL3_PEEK 235
1911#define SSL_F_SSL3_READ_BYTES 148
1912#define SSL_F_SSL3_READ_N 149
1913#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
1914#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
1915#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1916#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1917#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1918#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1919#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1920#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1921#define SSL_F_SSL3_SETUP_READ_BUFFER 156
1922#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
1923#define SSL_F_SSL3_WRITE_BYTES 158
1924#define SSL_F_SSL3_WRITE_PENDING 159
1925#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
1926#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
1927#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1928#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1929#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
1930#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
1931#define SSL_F_SSL_BAD_METHOD 160
1932#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1933#define SSL_F_SSL_CERT_DUP 221
1934#define SSL_F_SSL_CERT_INST 222
1935#define SSL_F_SSL_CERT_INSTANTIATE 214
1936#define SSL_F_SSL_CERT_NEW 162
1937#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1938#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
1939#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
1940#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1941#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1942#define SSL_F_SSL_CLEAR 164
1943#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1944#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1945#define SSL_F_SSL_CTRL 232
1946#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1947#define SSL_F_SSL_CTX_NEW 169
1948#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1949#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
1950#define SSL_F_SSL_CTX_SET_PURPOSE 226
1951#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1952#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
1953#define SSL_F_SSL_CTX_SET_TRUST 229
1954#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
1955#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
1956#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
1957#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
1958#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
1959#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
1960#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
1961#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
1962#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
1963#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
1964#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
1965#define SSL_F_SSL_DO_HANDSHAKE 180
1966#define SSL_F_SSL_GET_NEW_SESSION 181
1967#define SSL_F_SSL_GET_PREV_SESSION 217
1968#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
1969#define SSL_F_SSL_GET_SIGN_PKEY 183
1970#define SSL_F_SSL_INIT_WBIO_BUFFER 184
1971#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
1972#define SSL_F_SSL_NEW 186
1973#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
1974#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
1975#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
1976#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
1977#define SSL_F_SSL_PEEK 270
1978#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
1979#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
1980#define SSL_F_SSL_READ 223
1981#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
1982#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
1983#define SSL_F_SSL_SESSION_NEW 189
1984#define SSL_F_SSL_SESSION_PRINT_FP 190
1985#define SSL_F_SSL_SESS_CERT_NEW 225
1986#define SSL_F_SSL_SET_CERT 191
1987#define SSL_F_SSL_SET_CIPHER_LIST 271
1988#define SSL_F_SSL_SET_FD 192
1989#define SSL_F_SSL_SET_PKEY 193
1990#define SSL_F_SSL_SET_PURPOSE 227
1991#define SSL_F_SSL_SET_RFD 194
1992#define SSL_F_SSL_SET_SESSION 195
1993#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1994#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
1995#define SSL_F_SSL_SET_TRUST 228
1996#define SSL_F_SSL_SET_WFD 196
1997#define SSL_F_SSL_SHUTDOWN 224
1998#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
1999#define SSL_F_SSL_UNDEFINED_FUNCTION 197
2000#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
2001#define SSL_F_SSL_USE_CERTIFICATE 198
2002#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
2003#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
2004#define SSL_F_SSL_USE_PRIVATEKEY 201
2005#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
2006#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
2007#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
2008#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
2009#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
2010#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
2011#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
2012#define SSL_F_SSL_WRITE 208
2013#define SSL_F_TLS1_CERT_VERIFY_MAC 286
2014#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2015#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
2016#define SSL_F_TLS1_ENC 210
2017#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2018#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2019#define SSL_F_TLS1_PRF 284
2020#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
2021#define SSL_F_WRITE_PENDING 212
2022
2023/* Reason codes. */
2024#define SSL_R_APP_DATA_IN_HANDSHAKE 100
2025#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2026#define SSL_R_BAD_ALERT_RECORD 101
2027#define SSL_R_BAD_AUTHENTICATION_TYPE 102
2028#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
2029#define SSL_R_BAD_CHECKSUM 104
2030#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
2031#define SSL_R_BAD_DECOMPRESSION 107
2032#define SSL_R_BAD_DH_G_LENGTH 108
2033#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
2034#define SSL_R_BAD_DH_P_LENGTH 110
2035#define SSL_R_BAD_DIGEST_LENGTH 111
2036#define SSL_R_BAD_DSA_SIGNATURE 112
2037#define SSL_R_BAD_ECC_CERT 304
2038#define SSL_R_BAD_ECDSA_SIGNATURE 305
2039#define SSL_R_BAD_ECPOINT 306
2040#define SSL_R_BAD_HANDSHAKE_LENGTH 332
2041#define SSL_R_BAD_HELLO_REQUEST 105
2042#define SSL_R_BAD_LENGTH 271
2043#define SSL_R_BAD_MAC_DECODE 113
2044#define SSL_R_BAD_MAC_LENGTH 333
2045#define SSL_R_BAD_MESSAGE_TYPE 114
2046#define SSL_R_BAD_PACKET_LENGTH 115
2047#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
2048#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
2049#define SSL_R_BAD_RESPONSE_ARGUMENT 117
2050#define SSL_R_BAD_RSA_DECRYPT 118
2051#define SSL_R_BAD_RSA_ENCRYPT 119
2052#define SSL_R_BAD_RSA_E_LENGTH 120
2053#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
2054#define SSL_R_BAD_RSA_SIGNATURE 122
2055#define SSL_R_BAD_SIGNATURE 123
2056#define SSL_R_BAD_SSL_FILETYPE 124
2057#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
2058#define SSL_R_BAD_STATE 126
2059#define SSL_R_BAD_WRITE_RETRY 127
2060#define SSL_R_BIO_NOT_SET 128
2061#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
2062#define SSL_R_BN_LIB 130
2063#define SSL_R_CA_DN_LENGTH_MISMATCH 131
2064#define SSL_R_CA_DN_TOO_LONG 132
2065#define SSL_R_CCS_RECEIVED_EARLY 133
2066#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
2067#define SSL_R_CERT_LENGTH_MISMATCH 135
2068#define SSL_R_CHALLENGE_IS_DIFFERENT 136
2069#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
2070#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
2071#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
2072#define SSL_R_CLIENTHELLO_TLSEXT 226
2073#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
2074#define SSL_R_COMPRESSION_DISABLED 343
2075#define SSL_R_COMPRESSION_FAILURE 141
2076#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
2077#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
2078#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
2079#define SSL_R_CONNECTION_TYPE_NOT_SET 144
2080#define SSL_R_COOKIE_MISMATCH 308
2081#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
2082#define SSL_R_DATA_LENGTH_TOO_LONG 146
2083#define SSL_R_DECRYPTION_FAILED 147
2084#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
2085#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
2086#define SSL_R_DIGEST_CHECK_FAILED 149
2087#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
2088#define SSL_R_DUPLICATE_COMPRESSION_ID 309
2089#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
2090#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
2091#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2092#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
2093#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
2094#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
2095#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
2096#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
2097#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
2098#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
2099#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
2100#define SSL_R_HTTPS_PROXY_REQUEST 155
2101#define SSL_R_HTTP_REQUEST 156
2102#define SSL_R_ILLEGAL_PADDING 283
2103#define SSL_R_INCONSISTENT_COMPRESSION 340
2104#define SSL_R_INVALID_CHALLENGE_LENGTH 158
2105#define SSL_R_INVALID_COMMAND 280
2106#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
2107#define SSL_R_INVALID_PURPOSE 278
2108#define SSL_R_INVALID_STATUS_RESPONSE 328
2109#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
2110#define SSL_R_INVALID_TRUST 279
2111#define SSL_R_KEY_ARG_TOO_LONG 284
2112#define SSL_R_KRB5 285
2113#define SSL_R_KRB5_C_CC_PRINC 286
2114#define SSL_R_KRB5_C_GET_CRED 287
2115#define SSL_R_KRB5_C_INIT 288
2116#define SSL_R_KRB5_C_MK_REQ 289
2117#define SSL_R_KRB5_S_BAD_TICKET 290
2118#define SSL_R_KRB5_S_INIT 291
2119#define SSL_R_KRB5_S_RD_REQ 292
2120#define SSL_R_KRB5_S_TKT_EXPIRED 293
2121#define SSL_R_KRB5_S_TKT_NYV 294
2122#define SSL_R_KRB5_S_TKT_SKEW 295
2123#define SSL_R_LENGTH_MISMATCH 159
2124#define SSL_R_LENGTH_TOO_SHORT 160
2125#define SSL_R_LIBRARY_BUG 274
2126#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
2127#define SSL_R_MESSAGE_TOO_LONG 296
2128#define SSL_R_MISSING_DH_DSA_CERT 162
2129#define SSL_R_MISSING_DH_KEY 163
2130#define SSL_R_MISSING_DH_RSA_CERT 164
2131#define SSL_R_MISSING_DSA_SIGNING_CERT 165
2132#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
2133#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
2134#define SSL_R_MISSING_RSA_CERTIFICATE 168
2135#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
2136#define SSL_R_MISSING_RSA_SIGNING_CERT 170
2137#define SSL_R_MISSING_TMP_DH_KEY 171
2138#define SSL_R_MISSING_TMP_ECDH_KEY 311
2139#define SSL_R_MISSING_TMP_RSA_KEY 172
2140#define SSL_R_MISSING_TMP_RSA_PKEY 173
2141#define SSL_R_MISSING_VERIFY_MESSAGE 174
2142#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
2143#define SSL_R_NO_CERTIFICATES_RETURNED 176
2144#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
2145#define SSL_R_NO_CERTIFICATE_RETURNED 178
2146#define SSL_R_NO_CERTIFICATE_SET 179
2147#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
2148#define SSL_R_NO_CIPHERS_AVAILABLE 181
2149#define SSL_R_NO_CIPHERS_PASSED 182
2150#define SSL_R_NO_CIPHERS_SPECIFIED 183
2151#define SSL_R_NO_CIPHER_LIST 184
2152#define SSL_R_NO_CIPHER_MATCH 185
2153#define SSL_R_NO_CLIENT_CERT_METHOD 331
2154#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
2155#define SSL_R_NO_COMPRESSION_SPECIFIED 187
2156#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
2157#define SSL_R_NO_METHOD_SPECIFIED 188
2158#define SSL_R_NO_PRIVATEKEY 189
2159#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
2160#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
2161#define SSL_R_NO_PUBLICKEY 192
2162#define SSL_R_NO_RENEGOTIATION 339
2163#define SSL_R_NO_REQUIRED_DIGEST 324
2164#define SSL_R_NO_SHARED_CIPHER 193
2165#define SSL_R_NO_VERIFY_CALLBACK 194
2166#define SSL_R_NULL_SSL_CTX 195
2167#define SSL_R_NULL_SSL_METHOD_PASSED 196
2168#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2169#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2170#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2171#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
2172#define SSL_R_PACKET_LENGTH_TOO_LONG 198
2173#define SSL_R_PARSE_TLSEXT 227
2174#define SSL_R_PATH_TOO_LONG 270
2175#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
2176#define SSL_R_PEER_ERROR 200
2177#define SSL_R_PEER_ERROR_CERTIFICATE 201
2178#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
2179#define SSL_R_PEER_ERROR_NO_CIPHER 203
2180#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
2181#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
2182#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
2183#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
2184#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
2185#define SSL_R_PSK_NO_CLIENT_CB 224
2186#define SSL_R_PSK_NO_SERVER_CB 225
2187#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
2188#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
2189#define SSL_R_PUBLIC_KEY_NOT_RSA 210
2190#define SSL_R_READ_BIO_NOT_SET 211
2191#define SSL_R_READ_TIMEOUT_EXPIRED 312
2192#define SSL_R_READ_WRONG_PACKET_TYPE 212
2193#define SSL_R_RECORD_LENGTH_MISMATCH 213
2194#define SSL_R_RECORD_TOO_LARGE 214
2195#define SSL_R_RECORD_TOO_SMALL 298
2196#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
2197#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
2198#define SSL_R_RENEGOTIATION_MISMATCH 337
2199#define SSL_R_REQUIRED_CIPHER_MISSING 215
2200#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
2201#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
2202#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
2203#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
2204#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
2205#define SSL_R_SERVERHELLO_TLSEXT 275
2206#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
2207#define SSL_R_SHORT_READ 219
2208#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
2209#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
2210#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
2211#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
2212#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
2213#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
2214#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
2215#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
2216#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
2217#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
2218#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
2219#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
2220#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
2221#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
2222#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
2223#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
2224#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
2225#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
2226#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
2227#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
2228#define SSL_R_SSL_HANDSHAKE_FAILURE 229
2229#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
2230#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
2231#define SSL_R_SSL_SESSION_ID_CONFLICT 302
2232#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
2233#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
2234#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
2235#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
2236#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
2237#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
2238#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
2239#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
2240#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
2241#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
2242#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
2243#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
2244#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2245#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2246#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2247#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
2248#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
2249#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
2250#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2251#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2252#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2253#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2254#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2255#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2256#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
2257#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
2258#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
2259#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
2260#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
2261#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
2262#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
2263#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
2264#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
2265#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
2266#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
2267#define SSL_R_UNEXPECTED_MESSAGE 244
2268#define SSL_R_UNEXPECTED_RECORD 245
2269#define SSL_R_UNINITIALIZED 276
2270#define SSL_R_UNKNOWN_ALERT_TYPE 246
2271#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
2272#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
2273#define SSL_R_UNKNOWN_CIPHER_TYPE 249
2274#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
2275#define SSL_R_UNKNOWN_PKEY_TYPE 251
2276#define SSL_R_UNKNOWN_PROTOCOL 252
2277#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2278#define SSL_R_UNKNOWN_SSL_VERSION 254
2279#define SSL_R_UNKNOWN_STATE 255
2280#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
2281#define SSL_R_UNSUPPORTED_CIPHER 256
2282#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2283#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
2284#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2285#define SSL_R_UNSUPPORTED_PROTOCOL 258
2286#define SSL_R_UNSUPPORTED_SSL_VERSION 259
2287#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
2288#define SSL_R_WRITE_BIO_NOT_SET 260
2289#define SSL_R_WRONG_CIPHER_RETURNED 261
2290#define SSL_R_WRONG_MESSAGE_TYPE 262
2291#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2292#define SSL_R_WRONG_SIGNATURE_LENGTH 264
2293#define SSL_R_WRONG_SIGNATURE_SIZE 265
2294#define SSL_R_WRONG_SSL_VERSION 266
2295#define SSL_R_WRONG_VERSION_NUMBER 267
2296#define SSL_R_X509_LIB 268
2297#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
2298
2299#ifdef __cplusplus
2300}
2301#endif
2302#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index 99a52ea0dd..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,268 +0,0 @@
1/* ssl/ssl2.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#ifdef OPENSSL_SYS_MPE
137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
138#else
139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
140#endif
141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
142
143#define SSL2_CHALLENGE_LENGTH 16
144/*#define SSL2_CHALLENGE_LENGTH 32 */
145#define SSL2_MIN_CHALLENGE_LENGTH 16
146#define SSL2_MAX_CHALLENGE_LENGTH 32
147#define SSL2_CONNECTION_ID_LENGTH 16
148#define SSL2_MAX_CONNECTION_ID_LENGTH 16
149#define SSL2_SSL_SESSION_ID_LENGTH 16
150#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
151#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
152#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
153
154#ifndef HEADER_SSL_LOCL_H
155#define CERT char
156#endif
157
158typedef struct ssl2_state_st
159 {
160 int three_byte_header;
161 int clear_text; /* clear text */
162 int escape; /* not used in SSLv2 */
163 int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
164
165 /* non-blocking io info, used to make sure the same
166 * args were passwd */
167 unsigned int wnum; /* number of bytes sent so far */
168 int wpend_tot;
169 const unsigned char *wpend_buf;
170
171 int wpend_off; /* offset to data to write */
172 int wpend_len; /* number of bytes passwd to write */
173 int wpend_ret; /* number of bytes to return to caller */
174
175 /* buffer raw data */
176 int rbuf_left;
177 int rbuf_offs;
178 unsigned char *rbuf;
179 unsigned char *wbuf;
180
181 unsigned char *write_ptr;/* used to point to the start due to
182 * 2/3 byte header. */
183
184 unsigned int padding;
185 unsigned int rlength; /* passed to ssl2_enc */
186 int ract_data_length; /* Set when things are encrypted. */
187 unsigned int wlength; /* passed to ssl2_enc */
188 int wact_data_length; /* Set when things are decrypted. */
189 unsigned char *ract_data;
190 unsigned char *wact_data;
191 unsigned char *mac_data;
192
193 unsigned char *read_key;
194 unsigned char *write_key;
195
196 /* Stuff specifically to do with this SSL session */
197 unsigned int challenge_length;
198 unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
199 unsigned int conn_id_length;
200 unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
201 unsigned int key_material_length;
202 unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
203
204 unsigned long read_sequence;
205 unsigned long write_sequence;
206
207 struct {
208 unsigned int conn_id_length;
209 unsigned int cert_type;
210 unsigned int cert_length;
211 unsigned int csl;
212 unsigned int clear;
213 unsigned int enc;
214 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
215 unsigned int cipher_spec_length;
216 unsigned int session_id_length;
217 unsigned int clen;
218 unsigned int rlen;
219 } tmp;
220 } SSL2_STATE;
221
222/* SSLv2 */
223/* client */
224#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
225#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
226#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
227#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
228#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
229#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
230#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
231#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
232#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
233#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
234#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
235#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
236#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
237#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
238#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
239#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
240#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
241#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
242/* server */
243#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
244#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
245#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
246#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
247#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
248#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
249#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
250#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
251#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
252#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
253#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
254#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
255#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
256#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
257#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
258#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
259#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
260#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
261#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
262#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
263
264#ifdef __cplusplus
265}
266#endif
267#endif
268
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
1/* ssl/ssl23.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
83
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index baaa89e717..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,637 +0,0 @@
1/* ssl/ssl3.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H
119
120#ifndef OPENSSL_NO_COMP
121#include <openssl/comp.h>
122#endif
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125#include <openssl/ssl.h>
126
127#ifdef __cplusplus
128extern "C" {
129#endif
130
131/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
132#define SSL3_CK_SCSV 0x030000FF
133
134#define SSL3_CK_RSA_NULL_MD5 0x03000001
135#define SSL3_CK_RSA_NULL_SHA 0x03000002
136#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
137#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
138#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
139#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
140#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
141#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
142#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
143#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
144
145#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
146#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
147#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
148#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
149#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
150#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
151
152#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
153#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
154#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
155#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
156#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
157#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
158
159#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
160#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
161#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
162#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
163#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
164
165#if 0
166 #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
167 #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
168 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
169 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
170 of the ietf-tls list */
171 #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
172 #endif
173#endif
174
175/* VRS Additional Kerberos5 entries
176 */
177#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
178#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
179#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
180#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
181#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
182#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
183#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
184#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
185
186#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
187#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
188#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
189#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
190#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
191#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
192
193#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
194#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
195#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
196#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
197#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
198#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
199#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
200#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
201#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
202#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
203
204#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
205#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
206#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
207#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
208#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
209#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
210
211#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
212#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
213#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
214#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
215#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
216#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
217
218#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
219#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
220#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
221#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
222#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
223
224#if 0
225 #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
226 #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
227 #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
228#endif
229
230#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
231#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
232#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
233#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
234#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
235#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
236#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
237#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
238
239#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
240#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
241#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
242#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
243#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
244#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
245
246#define SSL3_SSL_SESSION_ID_LENGTH 32
247#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
248
249#define SSL3_MASTER_SECRET_SIZE 48
250#define SSL3_RANDOM_SIZE 32
251#define SSL3_SESSION_ID_SIZE 32
252#define SSL3_RT_HEADER_LENGTH 5
253
254#ifndef SSL3_ALIGN_PAYLOAD
255 /* Some will argue that this increases memory footprint, but it's
256 * not actually true. Point is that malloc has to return at least
257 * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
258 * 3 bytes in either case. Suggested pre-gaping simply moves these
259 * wasted bytes from the end of allocated region to its front,
260 * but makes data payload aligned, which improves performance:-) */
261# define SSL3_ALIGN_PAYLOAD 8
262#else
263# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
264# error "insane SSL3_ALIGN_PAYLOAD"
265# undef SSL3_ALIGN_PAYLOAD
266# endif
267#endif
268
269/* This is the maximum MAC (digest) size used by the SSL library.
270 * Currently maximum of 20 is used by SHA1, but we reserve for
271 * future extension for 512-bit hashes.
272 */
273
274#define SSL3_RT_MAX_MD_SIZE 64
275
276/* Maximum block size used in all ciphersuites. Currently 16 for AES.
277 */
278
279#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
280
281#define SSL3_RT_MAX_EXTRA (16384)
282
283/* Maximum plaintext length: defined by SSL/TLS standards */
284#define SSL3_RT_MAX_PLAIN_LENGTH 16384
285/* Maximum compression overhead: defined by SSL/TLS standards */
286#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
287
288/* The standards give a maximum encryption overhead of 1024 bytes.
289 * In practice the value is lower than this. The overhead is the maximum
290 * number of padding bytes (256) plus the mac size.
291 */
292#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
293
294/* OpenSSL currently only uses a padding length of at most one block so
295 * the send overhead is smaller.
296 */
297
298#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
299 (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
300
301/* If compression isn't used don't include the compression overhead */
302
303#ifdef OPENSSL_NO_COMP
304#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
305#else
306#define SSL3_RT_MAX_COMPRESSED_LENGTH \
307 (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
308#endif
309#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
310 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
311#define SSL3_RT_MAX_PACKET_SIZE \
312 (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
313
314#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
315#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
316
317#define SSL3_VERSION 0x0300
318#define SSL3_VERSION_MAJOR 0x03
319#define SSL3_VERSION_MINOR 0x00
320
321#define SSL3_RT_CHANGE_CIPHER_SPEC 20
322#define SSL3_RT_ALERT 21
323#define SSL3_RT_HANDSHAKE 22
324#define SSL3_RT_APPLICATION_DATA 23
325
326#define SSL3_AL_WARNING 1
327#define SSL3_AL_FATAL 2
328
329#define SSL3_AD_CLOSE_NOTIFY 0
330#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
331#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
332#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
333#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
334#define SSL3_AD_NO_CERTIFICATE 41
335#define SSL3_AD_BAD_CERTIFICATE 42
336#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
337#define SSL3_AD_CERTIFICATE_REVOKED 44
338#define SSL3_AD_CERTIFICATE_EXPIRED 45
339#define SSL3_AD_CERTIFICATE_UNKNOWN 46
340#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
341
342typedef struct ssl3_record_st
343 {
344/*r */ int type; /* type of record */
345/*rw*/ unsigned int length; /* How many bytes available */
346/*r */ unsigned int off; /* read/write offset into 'buf' */
347/*rw*/ unsigned char *data; /* pointer to the record data */
348/*rw*/ unsigned char *input; /* where the decode bytes are */
349/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
350/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
351/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
352 } SSL3_RECORD;
353
354typedef struct ssl3_buffer_st
355 {
356 unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
357 * see ssl3_setup_buffers() */
358 size_t len; /* buffer size */
359 int offset; /* where to 'copy from' */
360 int left; /* how many bytes left */
361 } SSL3_BUFFER;
362
363#define SSL3_CT_RSA_SIGN 1
364#define SSL3_CT_DSS_SIGN 2
365#define SSL3_CT_RSA_FIXED_DH 3
366#define SSL3_CT_DSS_FIXED_DH 4
367#define SSL3_CT_RSA_EPHEMERAL_DH 5
368#define SSL3_CT_DSS_EPHEMERAL_DH 6
369#define SSL3_CT_FORTEZZA_DMS 20
370/* SSL3_CT_NUMBER is used to size arrays and it must be large
371 * enough to contain all of the cert types defined either for
372 * SSLv3 and TLSv1.
373 */
374#define SSL3_CT_NUMBER 9
375
376
377#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
378#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
379#define SSL3_FLAGS_POP_BUFFER 0x0004
380#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
381#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
382
383typedef struct ssl3_state_st
384 {
385 long flags;
386 int delay_buf_pop_ret;
387
388 unsigned char read_sequence[8];
389 int read_mac_secret_size;
390 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
391 unsigned char write_sequence[8];
392 int write_mac_secret_size;
393 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
394
395 unsigned char server_random[SSL3_RANDOM_SIZE];
396 unsigned char client_random[SSL3_RANDOM_SIZE];
397
398 /* flags for countermeasure against known-IV weakness */
399 int need_empty_fragments;
400 int empty_fragment_done;
401
402 /* The value of 'extra' when the buffers were initialized */
403 int init_extra;
404
405 SSL3_BUFFER rbuf; /* read IO goes into here */
406 SSL3_BUFFER wbuf; /* write IO goes into here */
407
408 SSL3_RECORD rrec; /* each decoded record goes in here */
409 SSL3_RECORD wrec; /* goes out from here */
410
411 /* storage for Alert/Handshake protocol data received but not
412 * yet processed by ssl3_read_bytes: */
413 unsigned char alert_fragment[2];
414 unsigned int alert_fragment_len;
415 unsigned char handshake_fragment[4];
416 unsigned int handshake_fragment_len;
417
418 /* partial write - check the numbers match */
419 unsigned int wnum; /* number of bytes sent so far */
420 int wpend_tot; /* number bytes written */
421 int wpend_type;
422 int wpend_ret; /* number of bytes submitted */
423 const unsigned char *wpend_buf;
424
425 /* used during startup, digest all incoming/outgoing packets */
426 BIO *handshake_buffer;
427 /* When set of handshake digests is determined, buffer is hashed
428 * and freed and MD_CTX-es for all required digests are stored in
429 * this array */
430 EVP_MD_CTX **handshake_dgst;
431 /* this is set whenerver we see a change_cipher_spec message
432 * come in when we are not looking for one */
433 int change_cipher_spec;
434
435 int warn_alert;
436 int fatal_alert;
437 /* we allow one fatal and one warning alert to be outstanding,
438 * send close alert via the warning alert */
439 int alert_dispatch;
440 unsigned char send_alert[2];
441
442 /* This flag is set when we should renegotiate ASAP, basically when
443 * there is no more data in the read or write buffers */
444 int renegotiate;
445 int total_renegotiations;
446 int num_renegotiations;
447
448 int in_read_app_data;
449
450 /* Opaque PRF input as used for the current handshake.
451 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
452 * (otherwise, they are merely present to improve binary compatibility) */
453 void *client_opaque_prf_input;
454 size_t client_opaque_prf_input_len;
455 void *server_opaque_prf_input;
456 size_t server_opaque_prf_input_len;
457
458 struct {
459 /* actually only needs to be 16+20 */
460 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
461
462 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
463 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
464 int finish_md_len;
465 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
466 int peer_finish_md_len;
467
468 unsigned long message_size;
469 int message_type;
470
471 /* used to hold the new cipher we are going to use */
472 const SSL_CIPHER *new_cipher;
473#ifndef OPENSSL_NO_DH
474 DH *dh;
475#endif
476
477#ifndef OPENSSL_NO_ECDH
478 EC_KEY *ecdh; /* holds short lived ECDH key */
479#endif
480
481 /* used when SSL_ST_FLUSH_DATA is entered */
482 int next_state;
483
484 int reuse_message;
485
486 /* used for certificate requests */
487 int cert_req;
488 int ctype_num;
489 char ctype[SSL3_CT_NUMBER];
490 STACK_OF(X509_NAME) *ca_names;
491
492 int use_rsa_tmp;
493
494 int key_block_length;
495 unsigned char *key_block;
496
497 const EVP_CIPHER *new_sym_enc;
498 const EVP_MD *new_hash;
499 int new_mac_pkey_type;
500 int new_mac_secret_size;
501#ifndef OPENSSL_NO_COMP
502 const SSL_COMP *new_compression;
503#else
504 char *new_compression;
505#endif
506 int cert_request;
507 } tmp;
508
509 /* Connection binding to prevent renegotiation attacks */
510 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
511 unsigned char previous_client_finished_len;
512 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
513 unsigned char previous_server_finished_len;
514 int send_connection_binding; /* TODOEKR */
515 } SSL3_STATE;
516
517
518/* SSLv3 */
519/*client */
520/* extra state */
521#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
522/* write to server */
523#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
524#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
525/* read from server */
526#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
527#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
528#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
529#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
530#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
531#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
532#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
533#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
534#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
535#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
536#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
537#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
538/* write to server */
539#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
540#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
541#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
542#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
543#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
544#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
545#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
546#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
547#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
548#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
549#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
550#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
551/* read from server */
552#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
553#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
554#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
555#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
556#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
557#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
558#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
559#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
560
561/* server */
562/* extra state */
563#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
564/* read from client */
565/* Do not change the number values, they do matter */
566#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
567#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
568#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
569/* write to client */
570#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
571#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
572#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
573#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
574#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
575#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
576#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
577#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
578#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
579#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
580#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
581#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
582#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
583#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
584#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
585/* read from client */
586#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
587#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
588#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
589#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
590#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
591#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
592#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
593#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
594#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
595#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
596/* write to client */
597#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
598#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
599#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
600#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
601#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
602#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
603#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
604#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
605
606#define SSL3_MT_HELLO_REQUEST 0
607#define SSL3_MT_CLIENT_HELLO 1
608#define SSL3_MT_SERVER_HELLO 2
609#define SSL3_MT_NEWSESSION_TICKET 4
610#define SSL3_MT_CERTIFICATE 11
611#define SSL3_MT_SERVER_KEY_EXCHANGE 12
612#define SSL3_MT_CERTIFICATE_REQUEST 13
613#define SSL3_MT_SERVER_DONE 14
614#define SSL3_MT_CERTIFICATE_VERIFY 15
615#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
616#define SSL3_MT_FINISHED 20
617#define SSL3_MT_CERTIFICATE_STATUS 22
618#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
619
620
621#define SSL3_MT_CCS 1
622
623/* These are used when changing over to a new cipher */
624#define SSL3_CC_READ 0x01
625#define SSL3_CC_WRITE 0x02
626#define SSL3_CC_CLIENT 0x10
627#define SSL3_CC_SERVER 0x20
628#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
629#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
630#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
631#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
632
633#ifdef __cplusplus
634}
635#endif
636#endif
637
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index 0967b2dfe4..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,140 +0,0 @@
1/* ssl/ssl_algs.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/lhash.h>
62#include "ssl_locl.h"
63
64int SSL_library_init(void)
65 {
66
67#ifndef OPENSSL_NO_DES
68 EVP_add_cipher(EVP_des_cbc());
69 EVP_add_cipher(EVP_des_ede3_cbc());
70#endif
71#ifndef OPENSSL_NO_IDEA
72 EVP_add_cipher(EVP_idea_cbc());
73#endif
74#ifndef OPENSSL_NO_RC4
75 EVP_add_cipher(EVP_rc4());
76#endif
77#ifndef OPENSSL_NO_RC2
78 EVP_add_cipher(EVP_rc2_cbc());
79 /* Not actually used for SSL/TLS but this makes PKCS#12 work
80 * if an application only calls SSL_library_init().
81 */
82 EVP_add_cipher(EVP_rc2_40_cbc());
83#endif
84#ifndef OPENSSL_NO_AES
85 EVP_add_cipher(EVP_aes_128_cbc());
86 EVP_add_cipher(EVP_aes_192_cbc());
87 EVP_add_cipher(EVP_aes_256_cbc());
88#endif
89#ifndef OPENSSL_NO_CAMELLIA
90 EVP_add_cipher(EVP_camellia_128_cbc());
91 EVP_add_cipher(EVP_camellia_256_cbc());
92#endif
93
94#ifndef OPENSSL_NO_SEED
95 EVP_add_cipher(EVP_seed_cbc());
96#endif
97
98#ifndef OPENSSL_NO_MD5
99 EVP_add_digest(EVP_md5());
100 EVP_add_digest_alias(SN_md5,"ssl2-md5");
101 EVP_add_digest_alias(SN_md5,"ssl3-md5");
102#endif
103#ifndef OPENSSL_NO_SHA
104 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
105 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
106 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
107#endif
108#ifndef OPENSSL_NO_SHA256
109 EVP_add_digest(EVP_sha224());
110 EVP_add_digest(EVP_sha256());
111#endif
112#ifndef OPENSSL_NO_SHA512
113 EVP_add_digest(EVP_sha384());
114 EVP_add_digest(EVP_sha512());
115#endif
116#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
117 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
118 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
119 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
120 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
121#endif
122#ifndef OPENSSL_NO_ECDSA
123 EVP_add_digest(EVP_ecdsa());
124#endif
125 /* If you want support for phased out ciphers, add the following */
126#if 0
127 EVP_add_digest(EVP_sha());
128 EVP_add_digest(EVP_dss());
129#endif
130#ifndef OPENSSL_NO_COMP
131 /* This will initialise the built-in compression algorithms.
132 The value returned is a STACK_OF(SSL_COMP), but that can
133 be discarded safely */
134 (void)SSL_COMP_get_compression_methods();
135#endif
136 /* initialize cipher/digest methods table */
137 ssl_load_ciphers();
138 return(1);
139 }
140
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index 28709978b5..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,593 +0,0 @@
1/* ssl/ssl_asn1.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include <stdlib.h>
87#include "ssl_locl.h"
88#include <openssl/asn1_mac.h>
89#include <openssl/objects.h>
90#include <openssl/x509.h>
91
92typedef struct ssl_session_asn1_st
93 {
94 ASN1_INTEGER version;
95 ASN1_INTEGER ssl_version;
96 ASN1_OCTET_STRING cipher;
97 ASN1_OCTET_STRING comp_id;
98 ASN1_OCTET_STRING master_key;
99 ASN1_OCTET_STRING session_id;
100 ASN1_OCTET_STRING session_id_context;
101 ASN1_OCTET_STRING key_arg;
102#ifndef OPENSSL_NO_KRB5
103 ASN1_OCTET_STRING krb5_princ;
104#endif /* OPENSSL_NO_KRB5 */
105 ASN1_INTEGER time;
106 ASN1_INTEGER timeout;
107 ASN1_INTEGER verify_result;
108#ifndef OPENSSL_NO_TLSEXT
109 ASN1_OCTET_STRING tlsext_hostname;
110 ASN1_INTEGER tlsext_tick_lifetime;
111 ASN1_OCTET_STRING tlsext_tick;
112#endif /* OPENSSL_NO_TLSEXT */
113#ifndef OPENSSL_NO_PSK
114 ASN1_OCTET_STRING psk_identity_hint;
115 ASN1_OCTET_STRING psk_identity;
116#endif /* OPENSSL_NO_PSK */
117 } SSL_SESSION_ASN1;
118
119int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
120 {
121#define LSIZE2 (sizeof(long)*2)
122 int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
123 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
124 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
125#ifndef OPENSSL_NO_TLSEXT
126 int v6=0,v9=0,v10=0;
127 unsigned char ibuf6[LSIZE2];
128#endif
129#ifndef OPENSSL_NO_COMP
130 unsigned char cbuf;
131 int v11=0;
132#endif
133 long l;
134 SSL_SESSION_ASN1 a;
135 M_ASN1_I2D_vars(in);
136
137 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
138 return(0);
139
140 /* Note that I cheat in the following 2 assignments. I know
141 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
142 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
143 * This is a bit evil but makes things simple, no dynamic allocation
144 * to clean up :-) */
145 a.version.length=LSIZE2;
146 a.version.type=V_ASN1_INTEGER;
147 a.version.data=ibuf1;
148 ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
149
150 a.ssl_version.length=LSIZE2;
151 a.ssl_version.type=V_ASN1_INTEGER;
152 a.ssl_version.data=ibuf2;
153 ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
154
155 a.cipher.type=V_ASN1_OCTET_STRING;
156 a.cipher.data=buf;
157
158 if (in->cipher == NULL)
159 l=in->cipher_id;
160 else
161 l=in->cipher->id;
162 if (in->ssl_version == SSL2_VERSION)
163 {
164 a.cipher.length=3;
165 buf[0]=((unsigned char)(l>>16L))&0xff;
166 buf[1]=((unsigned char)(l>> 8L))&0xff;
167 buf[2]=((unsigned char)(l ))&0xff;
168 }
169 else
170 {
171 a.cipher.length=2;
172 buf[0]=((unsigned char)(l>>8L))&0xff;
173 buf[1]=((unsigned char)(l ))&0xff;
174 }
175
176#ifndef OPENSSL_NO_COMP
177 if (in->compress_meth)
178 {
179 cbuf = (unsigned char)in->compress_meth;
180 a.comp_id.length = 1;
181 a.comp_id.type = V_ASN1_OCTET_STRING;
182 a.comp_id.data = &cbuf;
183 }
184#endif
185
186 a.master_key.length=in->master_key_length;
187 a.master_key.type=V_ASN1_OCTET_STRING;
188 a.master_key.data=in->master_key;
189
190 a.session_id.length=in->session_id_length;
191 a.session_id.type=V_ASN1_OCTET_STRING;
192 a.session_id.data=in->session_id;
193
194 a.session_id_context.length=in->sid_ctx_length;
195 a.session_id_context.type=V_ASN1_OCTET_STRING;
196 a.session_id_context.data=in->sid_ctx;
197
198 a.key_arg.length=in->key_arg_length;
199 a.key_arg.type=V_ASN1_OCTET_STRING;
200 a.key_arg.data=in->key_arg;
201
202#ifndef OPENSSL_NO_KRB5
203 if (in->krb5_client_princ_len)
204 {
205 a.krb5_princ.length=in->krb5_client_princ_len;
206 a.krb5_princ.type=V_ASN1_OCTET_STRING;
207 a.krb5_princ.data=in->krb5_client_princ;
208 }
209#endif /* OPENSSL_NO_KRB5 */
210
211 if (in->time != 0L)
212 {
213 a.time.length=LSIZE2;
214 a.time.type=V_ASN1_INTEGER;
215 a.time.data=ibuf3;
216 ASN1_INTEGER_set(&(a.time),in->time);
217 }
218
219 if (in->timeout != 0L)
220 {
221 a.timeout.length=LSIZE2;
222 a.timeout.type=V_ASN1_INTEGER;
223 a.timeout.data=ibuf4;
224 ASN1_INTEGER_set(&(a.timeout),in->timeout);
225 }
226
227 if (in->verify_result != X509_V_OK)
228 {
229 a.verify_result.length=LSIZE2;
230 a.verify_result.type=V_ASN1_INTEGER;
231 a.verify_result.data=ibuf5;
232 ASN1_INTEGER_set(&a.verify_result,in->verify_result);
233 }
234
235#ifndef OPENSSL_NO_TLSEXT
236 if (in->tlsext_hostname)
237 {
238 a.tlsext_hostname.length=strlen(in->tlsext_hostname);
239 a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
240 a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
241 }
242 if (in->tlsext_tick)
243 {
244 a.tlsext_tick.length= in->tlsext_ticklen;
245 a.tlsext_tick.type=V_ASN1_OCTET_STRING;
246 a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
247 }
248 if (in->tlsext_tick_lifetime_hint > 0)
249 {
250 a.tlsext_tick_lifetime.length=LSIZE2;
251 a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
252 a.tlsext_tick_lifetime.data=ibuf6;
253 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
254 }
255#endif /* OPENSSL_NO_TLSEXT */
256#ifndef OPENSSL_NO_PSK
257 if (in->psk_identity_hint)
258 {
259 a.psk_identity_hint.length=strlen(in->psk_identity_hint);
260 a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
261 a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
262 }
263 if (in->psk_identity)
264 {
265 a.psk_identity.length=strlen(in->psk_identity);
266 a.psk_identity.type=V_ASN1_OCTET_STRING;
267 a.psk_identity.data=(unsigned char *)(in->psk_identity);
268 }
269#endif /* OPENSSL_NO_PSK */
270
271 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
272 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
273 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
274 M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
275 M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
276#ifndef OPENSSL_NO_KRB5
277 if (in->krb5_client_princ_len)
278 M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
279#endif /* OPENSSL_NO_KRB5 */
280 if (in->key_arg_length > 0)
281 M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
282 if (in->time != 0L)
283 M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
284 if (in->timeout != 0L)
285 M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
286 if (in->peer != NULL)
287 M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
288 M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
289 if (in->verify_result != X509_V_OK)
290 M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
291
292#ifndef OPENSSL_NO_TLSEXT
293 if (in->tlsext_tick_lifetime_hint > 0)
294 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
295 if (in->tlsext_tick)
296 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
297 if (in->tlsext_hostname)
298 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
299#ifndef OPENSSL_NO_COMP
300 if (in->compress_meth)
301 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
302#endif
303#endif /* OPENSSL_NO_TLSEXT */
304#ifndef OPENSSL_NO_PSK
305 if (in->psk_identity_hint)
306 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
307 if (in->psk_identity)
308 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
309#endif /* OPENSSL_NO_PSK */
310
311 M_ASN1_I2D_seq_total();
312
313 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
314 M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
315 M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
316 M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
317 M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
318#ifndef OPENSSL_NO_KRB5
319 if (in->krb5_client_princ_len)
320 M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
321#endif /* OPENSSL_NO_KRB5 */
322 if (in->key_arg_length > 0)
323 M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
324 if (in->time != 0L)
325 M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
326 if (in->timeout != 0L)
327 M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
328 if (in->peer != NULL)
329 M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
330 M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
331 v4);
332 if (in->verify_result != X509_V_OK)
333 M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
334#ifndef OPENSSL_NO_TLSEXT
335 if (in->tlsext_hostname)
336 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
337#endif /* OPENSSL_NO_TLSEXT */
338#ifndef OPENSSL_NO_PSK
339 if (in->psk_identity_hint)
340 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
341 if (in->psk_identity)
342 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
343#endif /* OPENSSL_NO_PSK */
344#ifndef OPENSSL_NO_TLSEXT
345 if (in->tlsext_tick_lifetime_hint > 0)
346 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
347 if (in->tlsext_tick)
348 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
349#endif /* OPENSSL_NO_TLSEXT */
350#ifndef OPENSSL_NO_COMP
351 if (in->compress_meth)
352 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
353#endif
354 M_ASN1_I2D_finish();
355 }
356
357SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
358 long length)
359 {
360 int version,ssl_version=0,i;
361 long id;
362 ASN1_INTEGER ai,*aip;
363 ASN1_OCTET_STRING os,*osp;
364 M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
365
366 aip= &ai;
367 osp= &os;
368
369 M_ASN1_D2I_Init();
370 M_ASN1_D2I_start_sequence();
371
372 ai.data=NULL; ai.length=0;
373 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
374 version=(int)ASN1_INTEGER_get(aip);
375 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
376
377 /* we don't care about the version right now :-) */
378 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
379 ssl_version=(int)ASN1_INTEGER_get(aip);
380 ret->ssl_version=ssl_version;
381 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
382
383 os.data=NULL; os.length=0;
384 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
385 if (ssl_version == SSL2_VERSION)
386 {
387 if (os.length != 3)
388 {
389 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
390 goto err;
391 }
392 id=0x02000000L|
393 ((unsigned long)os.data[0]<<16L)|
394 ((unsigned long)os.data[1]<< 8L)|
395 (unsigned long)os.data[2];
396 }
397 else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
398 {
399 if (os.length != 2)
400 {
401 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
402 goto err;
403 }
404 id=0x03000000L|
405 ((unsigned long)os.data[0]<<8L)|
406 (unsigned long)os.data[1];
407 }
408 else
409 {
410 c.error=SSL_R_UNKNOWN_SSL_VERSION;
411 goto err;
412 }
413
414 ret->cipher=NULL;
415 ret->cipher_id=id;
416
417 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
418 if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
419 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
420 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
421 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
422
423 if (os.length > i)
424 os.length = i;
425 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
426 os.length = sizeof(ret->session_id);
427
428 ret->session_id_length=os.length;
429 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
430 memcpy(ret->session_id,os.data,os.length);
431
432 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
433 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
434 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
435 else
436 ret->master_key_length=os.length;
437 memcpy(ret->master_key,os.data,ret->master_key_length);
438
439 os.length=0;
440
441#ifndef OPENSSL_NO_KRB5
442 os.length=0;
443 M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
444 if (os.data)
445 {
446 if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
447 ret->krb5_client_princ_len=0;
448 else
449 ret->krb5_client_princ_len=os.length;
450 memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
451 OPENSSL_free(os.data);
452 os.data = NULL;
453 os.length = 0;
454 }
455 else
456 ret->krb5_client_princ_len=0;
457#endif /* OPENSSL_NO_KRB5 */
458
459 M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
460 if (os.length > SSL_MAX_KEY_ARG_LENGTH)
461 ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
462 else
463 ret->key_arg_length=os.length;
464 memcpy(ret->key_arg,os.data,ret->key_arg_length);
465 if (os.data != NULL) OPENSSL_free(os.data);
466
467 ai.length=0;
468 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
469 if (ai.data != NULL)
470 {
471 ret->time=ASN1_INTEGER_get(aip);
472 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
473 }
474 else
475 ret->time=(unsigned long)time(NULL);
476
477 ai.length=0;
478 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
479 if (ai.data != NULL)
480 {
481 ret->timeout=ASN1_INTEGER_get(aip);
482 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
483 }
484 else
485 ret->timeout=3;
486
487 if (ret->peer != NULL)
488 {
489 X509_free(ret->peer);
490 ret->peer=NULL;
491 }
492 M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
493
494 os.length=0;
495 os.data=NULL;
496 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
497
498 if(os.data != NULL)
499 {
500 if (os.length > SSL_MAX_SID_CTX_LENGTH)
501 {
502 c.error=SSL_R_BAD_LENGTH;
503 goto err;
504 }
505 else
506 {
507 ret->sid_ctx_length=os.length;
508 memcpy(ret->sid_ctx,os.data,os.length);
509 }
510 OPENSSL_free(os.data); os.data=NULL; os.length=0;
511 }
512 else
513 ret->sid_ctx_length=0;
514
515 ai.length=0;
516 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
517 if (ai.data != NULL)
518 {
519 ret->verify_result=ASN1_INTEGER_get(aip);
520 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
521 }
522 else
523 ret->verify_result=X509_V_OK;
524
525#ifndef OPENSSL_NO_TLSEXT
526 os.length=0;
527 os.data=NULL;
528 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
529 if (os.data)
530 {
531 ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
532 OPENSSL_free(os.data);
533 os.data = NULL;
534 os.length = 0;
535 }
536 else
537 ret->tlsext_hostname=NULL;
538#endif /* OPENSSL_NO_TLSEXT */
539
540#ifndef OPENSSL_NO_PSK
541 os.length=0;
542 os.data=NULL;
543 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
544 if (os.data)
545 {
546 ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
547 OPENSSL_free(os.data);
548 os.data = NULL;
549 os.length = 0;
550 }
551 else
552 ret->psk_identity_hint=NULL;
553#endif /* OPENSSL_NO_PSK */
554
555#ifndef OPENSSL_NO_TLSEXT
556 ai.length=0;
557 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
558 if (ai.data != NULL)
559 {
560 ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
561 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
562 }
563 else if (ret->tlsext_ticklen && ret->session_id_length)
564 ret->tlsext_tick_lifetime_hint = -1;
565 else
566 ret->tlsext_tick_lifetime_hint=0;
567 os.length=0;
568 os.data=NULL;
569 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
570 if (os.data)
571 {
572 ret->tlsext_tick = os.data;
573 ret->tlsext_ticklen = os.length;
574 os.data = NULL;
575 os.length = 0;
576 }
577 else
578 ret->tlsext_tick=NULL;
579#endif /* OPENSSL_NO_TLSEXT */
580#ifndef OPENSSL_NO_COMP
581 os.length=0;
582 os.data=NULL;
583 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
584 if (os.data)
585 {
586 ret->compress_meth = os.data[0];
587 OPENSSL_free(os.data);
588 os.data = NULL;
589 }
590#endif
591
592 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
593 }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index 27256eea81..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,834 +0,0 @@
1/*! \file ssl/ssl_cert.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <stdio.h>
118
119#include "e_os.h"
120#ifndef NO_SYS_TYPES_H
121# include <sys/types.h>
122#endif
123
124#include "o_dir.h"
125#include <openssl/objects.h>
126#include <openssl/bio.h>
127#include <openssl/pem.h>
128#include <openssl/x509v3.h>
129#ifndef OPENSSL_NO_DH
130#include <openssl/dh.h>
131#endif
132#include <openssl/bn.h>
133#include "ssl_locl.h"
134
135int SSL_get_ex_data_X509_STORE_CTX_idx(void)
136 {
137 static volatile int ssl_x509_store_ctx_idx= -1;
138 int got_write_lock = 0;
139
140 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
141
142 if (ssl_x509_store_ctx_idx < 0)
143 {
144 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
145 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
146 got_write_lock = 1;
147
148 if (ssl_x509_store_ctx_idx < 0)
149 {
150 ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
151 0,"SSL for verify callback",NULL,NULL,NULL);
152 }
153 }
154
155 if (got_write_lock)
156 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
157 else
158 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
159
160 return ssl_x509_store_ctx_idx;
161 }
162
163CERT *ssl_cert_new(void)
164 {
165 CERT *ret;
166
167 ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
168 if (ret == NULL)
169 {
170 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
171 return(NULL);
172 }
173 memset(ret,0,sizeof(CERT));
174
175 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
176 ret->references=1;
177
178 return(ret);
179 }
180
181CERT *ssl_cert_dup(CERT *cert)
182 {
183 CERT *ret;
184 int i;
185
186 ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
187 if (ret == NULL)
188 {
189 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
190 return(NULL);
191 }
192
193 memset(ret, 0, sizeof(CERT));
194
195 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
196 /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
197 * if you find that more readable */
198
199 ret->valid = cert->valid;
200 ret->mask_k = cert->mask_k;
201 ret->mask_a = cert->mask_a;
202 ret->export_mask_k = cert->export_mask_k;
203 ret->export_mask_a = cert->export_mask_a;
204
205#ifndef OPENSSL_NO_RSA
206 if (cert->rsa_tmp != NULL)
207 {
208 RSA_up_ref(cert->rsa_tmp);
209 ret->rsa_tmp = cert->rsa_tmp;
210 }
211 ret->rsa_tmp_cb = cert->rsa_tmp_cb;
212#endif
213
214#ifndef OPENSSL_NO_DH
215 if (cert->dh_tmp != NULL)
216 {
217 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
218 if (ret->dh_tmp == NULL)
219 {
220 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
221 goto err;
222 }
223 if (cert->dh_tmp->priv_key)
224 {
225 BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
226 if (!b)
227 {
228 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
229 goto err;
230 }
231 ret->dh_tmp->priv_key = b;
232 }
233 if (cert->dh_tmp->pub_key)
234 {
235 BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
236 if (!b)
237 {
238 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
239 goto err;
240 }
241 ret->dh_tmp->pub_key = b;
242 }
243 }
244 ret->dh_tmp_cb = cert->dh_tmp_cb;
245#endif
246
247#ifndef OPENSSL_NO_ECDH
248 if (cert->ecdh_tmp)
249 {
250 ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
251 if (ret->ecdh_tmp == NULL)
252 {
253 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
254 goto err;
255 }
256 }
257 ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
258#endif
259
260 for (i = 0; i < SSL_PKEY_NUM; i++)
261 {
262 if (cert->pkeys[i].x509 != NULL)
263 {
264 ret->pkeys[i].x509 = cert->pkeys[i].x509;
265 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
266 CRYPTO_LOCK_X509);
267 }
268
269 if (cert->pkeys[i].privatekey != NULL)
270 {
271 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
272 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
273 CRYPTO_LOCK_EVP_PKEY);
274
275 switch(i)
276 {
277 /* If there was anything special to do for
278 * certain types of keys, we'd do it here.
279 * (Nothing at the moment, I think.) */
280
281 case SSL_PKEY_RSA_ENC:
282 case SSL_PKEY_RSA_SIGN:
283 /* We have an RSA key. */
284 break;
285
286 case SSL_PKEY_DSA_SIGN:
287 /* We have a DSA key. */
288 break;
289
290 case SSL_PKEY_DH_RSA:
291 case SSL_PKEY_DH_DSA:
292 /* We have a DH key. */
293 break;
294
295 case SSL_PKEY_ECC:
296 /* We have an ECC key */
297 break;
298
299 default:
300 /* Can't happen. */
301 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
302 }
303 }
304 }
305
306 /* ret->extra_certs *should* exist, but currently the own certificate
307 * chain is held inside SSL_CTX */
308
309 ret->references=1;
310
311 return(ret);
312
313#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
314err:
315#endif
316#ifndef OPENSSL_NO_RSA
317 if (ret->rsa_tmp != NULL)
318 RSA_free(ret->rsa_tmp);
319#endif
320#ifndef OPENSSL_NO_DH
321 if (ret->dh_tmp != NULL)
322 DH_free(ret->dh_tmp);
323#endif
324#ifndef OPENSSL_NO_ECDH
325 if (ret->ecdh_tmp != NULL)
326 EC_KEY_free(ret->ecdh_tmp);
327#endif
328
329 for (i = 0; i < SSL_PKEY_NUM; i++)
330 {
331 if (ret->pkeys[i].x509 != NULL)
332 X509_free(ret->pkeys[i].x509);
333 if (ret->pkeys[i].privatekey != NULL)
334 EVP_PKEY_free(ret->pkeys[i].privatekey);
335 }
336
337 return NULL;
338 }
339
340
341void ssl_cert_free(CERT *c)
342 {
343 int i;
344
345 if(c == NULL)
346 return;
347
348 i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
349#ifdef REF_PRINT
350 REF_PRINT("CERT",c);
351#endif
352 if (i > 0) return;
353#ifdef REF_CHECK
354 if (i < 0)
355 {
356 fprintf(stderr,"ssl_cert_free, bad reference count\n");
357 abort(); /* ok */
358 }
359#endif
360
361#ifndef OPENSSL_NO_RSA
362 if (c->rsa_tmp) RSA_free(c->rsa_tmp);
363#endif
364#ifndef OPENSSL_NO_DH
365 if (c->dh_tmp) DH_free(c->dh_tmp);
366#endif
367#ifndef OPENSSL_NO_ECDH
368 if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
369#endif
370
371 for (i=0; i<SSL_PKEY_NUM; i++)
372 {
373 if (c->pkeys[i].x509 != NULL)
374 X509_free(c->pkeys[i].x509);
375 if (c->pkeys[i].privatekey != NULL)
376 EVP_PKEY_free(c->pkeys[i].privatekey);
377#if 0
378 if (c->pkeys[i].publickey != NULL)
379 EVP_PKEY_free(c->pkeys[i].publickey);
380#endif
381 }
382 OPENSSL_free(c);
383 }
384
385int ssl_cert_inst(CERT **o)
386 {
387 /* Create a CERT if there isn't already one
388 * (which cannot really happen, as it is initially created in
389 * SSL_CTX_new; but the earlier code usually allows for that one
390 * being non-existant, so we follow that behaviour, as it might
391 * turn out that there actually is a reason for it -- but I'm
392 * not sure that *all* of the existing code could cope with
393 * s->cert being NULL, otherwise we could do without the
394 * initialization in SSL_CTX_new).
395 */
396
397 if (o == NULL)
398 {
399 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
400 return(0);
401 }
402 if (*o == NULL)
403 {
404 if ((*o = ssl_cert_new()) == NULL)
405 {
406 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
407 return(0);
408 }
409 }
410 return(1);
411 }
412
413
414SESS_CERT *ssl_sess_cert_new(void)
415 {
416 SESS_CERT *ret;
417
418 ret = OPENSSL_malloc(sizeof *ret);
419 if (ret == NULL)
420 {
421 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
422 return NULL;
423 }
424
425 memset(ret, 0 ,sizeof *ret);
426 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
427 ret->references = 1;
428
429 return ret;
430 }
431
432void ssl_sess_cert_free(SESS_CERT *sc)
433 {
434 int i;
435
436 if (sc == NULL)
437 return;
438
439 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
440#ifdef REF_PRINT
441 REF_PRINT("SESS_CERT", sc);
442#endif
443 if (i > 0)
444 return;
445#ifdef REF_CHECK
446 if (i < 0)
447 {
448 fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
449 abort(); /* ok */
450 }
451#endif
452
453 /* i == 0 */
454 if (sc->cert_chain != NULL)
455 sk_X509_pop_free(sc->cert_chain, X509_free);
456 for (i = 0; i < SSL_PKEY_NUM; i++)
457 {
458 if (sc->peer_pkeys[i].x509 != NULL)
459 X509_free(sc->peer_pkeys[i].x509);
460#if 0 /* We don't have the peer's private key. These lines are just
461 * here as a reminder that we're still using a not-quite-appropriate
462 * data structure. */
463 if (sc->peer_pkeys[i].privatekey != NULL)
464 EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
465#endif
466 }
467
468#ifndef OPENSSL_NO_RSA
469 if (sc->peer_rsa_tmp != NULL)
470 RSA_free(sc->peer_rsa_tmp);
471#endif
472#ifndef OPENSSL_NO_DH
473 if (sc->peer_dh_tmp != NULL)
474 DH_free(sc->peer_dh_tmp);
475#endif
476#ifndef OPENSSL_NO_ECDH
477 if (sc->peer_ecdh_tmp != NULL)
478 EC_KEY_free(sc->peer_ecdh_tmp);
479#endif
480
481 OPENSSL_free(sc);
482 }
483
484int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
485 {
486 sc->peer_cert_type = type;
487 return(1);
488 }
489
490int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
491 {
492 X509 *x;
493 int i;
494 X509_STORE_CTX ctx;
495
496 if ((sk == NULL) || (sk_X509_num(sk) == 0))
497 return(0);
498
499 x=sk_X509_value(sk,0);
500 if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
501 {
502 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
503 return(0);
504 }
505#if 0
506 if (SSL_get_verify_depth(s) >= 0)
507 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
508#endif
509 X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
510
511 /* We need to inherit the verify parameters. These can be determined by
512 * the context: if its a server it will verify SSL client certificates
513 * or vice versa.
514 */
515
516 X509_STORE_CTX_set_default(&ctx,
517 s->server ? "ssl_client" : "ssl_server");
518 /* Anything non-default in "param" should overwrite anything in the
519 * ctx.
520 */
521 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
522
523 if (s->verify_callback)
524 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
525
526 if (s->ctx->app_verify_callback != NULL)
527#if 1 /* new with OpenSSL 0.9.7 */
528 i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
529#else
530 i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
531#endif
532 else
533 {
534#ifndef OPENSSL_NO_X509_VERIFY
535 i=X509_verify_cert(&ctx);
536#else
537 i=0;
538 ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
539 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
540#endif
541 }
542
543 s->verify_result=ctx.error;
544 X509_STORE_CTX_cleanup(&ctx);
545
546 return(i);
547 }
548
549static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
550 {
551 if (*ca_list != NULL)
552 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
553
554 *ca_list=name_list;
555 }
556
557STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
558 {
559 int i;
560 STACK_OF(X509_NAME) *ret;
561 X509_NAME *name;
562
563 ret=sk_X509_NAME_new_null();
564 for (i=0; i<sk_X509_NAME_num(sk); i++)
565 {
566 name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
567 if ((name == NULL) || !sk_X509_NAME_push(ret,name))
568 {
569 sk_X509_NAME_pop_free(ret,X509_NAME_free);
570 return(NULL);
571 }
572 }
573 return(ret);
574 }
575
576void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
577 {
578 set_client_CA_list(&(s->client_CA),name_list);
579 }
580
581void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
582 {
583 set_client_CA_list(&(ctx->client_CA),name_list);
584 }
585
586STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
587 {
588 return(ctx->client_CA);
589 }
590
591STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
592 {
593 if (s->type == SSL_ST_CONNECT)
594 { /* we are in the client */
595 if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
596 (s->s3 != NULL))
597 return(s->s3->tmp.ca_names);
598 else
599 return(NULL);
600 }
601 else
602 {
603 if (s->client_CA != NULL)
604 return(s->client_CA);
605 else
606 return(s->ctx->client_CA);
607 }
608 }
609
610static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
611 {
612 X509_NAME *name;
613
614 if (x == NULL) return(0);
615 if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
616 return(0);
617
618 if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
619 return(0);
620
621 if (!sk_X509_NAME_push(*sk,name))
622 {
623 X509_NAME_free(name);
624 return(0);
625 }
626 return(1);
627 }
628
629int SSL_add_client_CA(SSL *ssl,X509 *x)
630 {
631 return(add_client_CA(&(ssl->client_CA),x));
632 }
633
634int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
635 {
636 return(add_client_CA(&(ctx->client_CA),x));
637 }
638
639static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
640 {
641 return(X509_NAME_cmp(*a,*b));
642 }
643
644#ifndef OPENSSL_NO_STDIO
645/*!
646 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
647 * it doesn't really have anything to do with clients (except that a common use
648 * for a stack of CAs is to send it to the client). Actually, it doesn't have
649 * much to do with CAs, either, since it will load any old cert.
650 * \param file the file containing one or more certs.
651 * \return a ::STACK containing the certs.
652 */
653STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
654 {
655 BIO *in;
656 X509 *x=NULL;
657 X509_NAME *xn=NULL;
658 STACK_OF(X509_NAME) *ret = NULL,*sk;
659
660 sk=sk_X509_NAME_new(xname_cmp);
661
662 in=BIO_new(BIO_s_file_internal());
663
664 if ((sk == NULL) || (in == NULL))
665 {
666 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
667 goto err;
668 }
669
670 if (!BIO_read_filename(in,file))
671 goto err;
672
673 for (;;)
674 {
675 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
676 break;
677 if (ret == NULL)
678 {
679 ret = sk_X509_NAME_new_null();
680 if (ret == NULL)
681 {
682 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
683 goto err;
684 }
685 }
686 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
687 /* check for duplicates */
688 xn=X509_NAME_dup(xn);
689 if (xn == NULL) goto err;
690 if (sk_X509_NAME_find(sk,xn) >= 0)
691 X509_NAME_free(xn);
692 else
693 {
694 sk_X509_NAME_push(sk,xn);
695 sk_X509_NAME_push(ret,xn);
696 }
697 }
698
699 if (0)
700 {
701err:
702 if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
703 ret=NULL;
704 }
705 if (sk != NULL) sk_X509_NAME_free(sk);
706 if (in != NULL) BIO_free(in);
707 if (x != NULL) X509_free(x);
708 if (ret != NULL)
709 ERR_clear_error();
710 return(ret);
711 }
712#endif
713
714/*!
715 * Add a file of certs to a stack.
716 * \param stack the stack to add to.
717 * \param file the file to add from. All certs in this file that are not
718 * already in the stack will be added.
719 * \return 1 for success, 0 for failure. Note that in the case of failure some
720 * certs may have been added to \c stack.
721 */
722
723int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
724 const char *file)
725 {
726 BIO *in;
727 X509 *x=NULL;
728 X509_NAME *xn=NULL;
729 int ret=1;
730 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
731
732 oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
733
734 in=BIO_new(BIO_s_file_internal());
735
736 if (in == NULL)
737 {
738 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
739 goto err;
740 }
741
742 if (!BIO_read_filename(in,file))
743 goto err;
744
745 for (;;)
746 {
747 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
748 break;
749 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
750 xn=X509_NAME_dup(xn);
751 if (xn == NULL) goto err;
752 if (sk_X509_NAME_find(stack,xn) >= 0)
753 X509_NAME_free(xn);
754 else
755 sk_X509_NAME_push(stack,xn);
756 }
757
758 ERR_clear_error();
759
760 if (0)
761 {
762err:
763 ret=0;
764 }
765 if(in != NULL)
766 BIO_free(in);
767 if(x != NULL)
768 X509_free(x);
769
770 (void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
771
772 return ret;
773 }
774
775/*!
776 * Add a directory of certs to a stack.
777 * \param stack the stack to append to.
778 * \param dir the directory to append from. All files in this directory will be
779 * examined as potential certs. Any that are acceptable to
780 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
781 * included.
782 * \return 1 for success, 0 for failure. Note that in the case of failure some
783 * certs may have been added to \c stack.
784 */
785
786int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
787 const char *dir)
788 {
789 OPENSSL_DIR_CTX *d = NULL;
790 const char *filename;
791 int ret = 0;
792
793 CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
794
795 /* Note that a side effect is that the CAs will be sorted by name */
796
797 while((filename = OPENSSL_DIR_read(&d, dir)))
798 {
799 char buf[1024];
800 int r;
801
802 if(strlen(dir)+strlen(filename)+2 > sizeof buf)
803 {
804 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
805 goto err;
806 }
807
808#ifdef OPENSSL_SYS_VMS
809 r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
810#else
811 r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
812#endif
813 if (r <= 0 || r >= (int)sizeof(buf))
814 goto err;
815 if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
816 goto err;
817 }
818
819 if (errno)
820 {
821 SYSerr(SYS_F_OPENDIR, get_last_sys_error());
822 ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
823 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
824 goto err;
825 }
826
827 ret = 1;
828
829err:
830 if (d) OPENSSL_DIR_end(&d);
831 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
832 return ret;
833 }
834
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index bee3507ea1..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1748 +0,0 @@
1/* ssl/ssl_ciph.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144#include <openssl/objects.h>
145#ifndef OPENSSL_NO_COMP
146#include <openssl/comp.h>
147#endif
148#ifndef OPENSSL_NO_ENGINE
149#include <openssl/engine.h>
150#endif
151#include "ssl_locl.h"
152
153#define SSL_ENC_DES_IDX 0
154#define SSL_ENC_3DES_IDX 1
155#define SSL_ENC_RC4_IDX 2
156#define SSL_ENC_RC2_IDX 3
157#define SSL_ENC_IDEA_IDX 4
158#define SSL_ENC_NULL_IDX 5
159#define SSL_ENC_AES128_IDX 6
160#define SSL_ENC_AES256_IDX 7
161#define SSL_ENC_CAMELLIA128_IDX 8
162#define SSL_ENC_CAMELLIA256_IDX 9
163#define SSL_ENC_GOST89_IDX 10
164#define SSL_ENC_SEED_IDX 11
165#define SSL_ENC_NUM_IDX 12
166
167
168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
169 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
170 };
171
172#define SSL_COMP_NULL_IDX 0
173#define SSL_COMP_ZLIB_IDX 1
174#define SSL_COMP_NUM_IDX 2
175
176static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
177
178#define SSL_MD_MD5_IDX 0
179#define SSL_MD_SHA1_IDX 1
180#define SSL_MD_GOST94_IDX 2
181#define SSL_MD_GOST89MAC_IDX 3
182/*Constant SSL_MAX_DIGEST equal to size of digests array should be
183 * defined in the
184 * ssl_locl.h */
185#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
186static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
187 NULL,NULL,NULL,NULL
188 };
189/* PKEY_TYPE for GOST89MAC is known in advance, but, because
190 * implementation is engine-provided, we'll fill it only if
191 * corresponding EVP_PKEY_METHOD is found
192 */
193static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
194 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
195 };
196
197static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
198 0,0,0,0
199 };
200
201static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
202 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
203 SSL_HANDSHAKE_MAC_GOST94,0
204 };
205
206#define CIPHER_ADD 1
207#define CIPHER_KILL 2
208#define CIPHER_DEL 3
209#define CIPHER_ORD 4
210#define CIPHER_SPECIAL 5
211
212typedef struct cipher_order_st
213 {
214 const SSL_CIPHER *cipher;
215 int active;
216 int dead;
217 struct cipher_order_st *next,*prev;
218 } CIPHER_ORDER;
219
220static const SSL_CIPHER cipher_aliases[]={
221 /* "ALL" doesn't include eNULL (must be specifically enabled) */
222 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
223 /* "COMPLEMENTOFALL" */
224 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
225
226 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
227 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
228
229 /* key exchange aliases
230 * (some of those using only a single bit here combine
231 * multiple key exchange algs according to the RFCs,
232 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
233 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
234
235 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
236 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
237 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
238 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
239 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
240
241 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
242
243 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
244 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
245 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
246 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
247 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
248
249 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
250 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
251
252 /* server authentication aliases */
253 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
254 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
255 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
256 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
257 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
258 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
259 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
260 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
261 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
262 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
263 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
264 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
265 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
266
267 /* aliases combining key exchange and server authentication */
268 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
269 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
270 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
271 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
272 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
273 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
274 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
275 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
276
277
278 /* symmetric encryption aliases */
279 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
280 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
281 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
282 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
283 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
284 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
285 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
286 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
287 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
288 {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
289 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
290 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
291 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
292
293 /* MAC aliases */
294 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
295 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
296 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
297 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
298 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
299
300 /* protocol version aliases */
301 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
302 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
303 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
304
305 /* export flag */
306 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
307 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
308
309 /* strength classes */
310 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
311 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
312 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
313 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
314 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
315 /* FIPS 140-2 approved ciphersuite */
316 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
317 };
318/* Search for public key algorithm with given name and
319 * return its pkey_id if it is available. Otherwise return 0
320 */
321#ifdef OPENSSL_NO_ENGINE
322
323static int get_optional_pkey_id(const char *pkey_name)
324 {
325 const EVP_PKEY_ASN1_METHOD *ameth;
326 int pkey_id=0;
327 ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
328 if (ameth)
329 {
330 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
331 }
332 return pkey_id;
333 }
334
335#else
336
337static int get_optional_pkey_id(const char *pkey_name)
338 {
339 const EVP_PKEY_ASN1_METHOD *ameth;
340 ENGINE *tmpeng = NULL;
341 int pkey_id=0;
342 ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
343 if (ameth)
344 {
345 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
346 }
347 if (tmpeng) ENGINE_finish(tmpeng);
348 return pkey_id;
349 }
350
351#endif
352
353void ssl_load_ciphers(void)
354 {
355 ssl_cipher_methods[SSL_ENC_DES_IDX]=
356 EVP_get_cipherbyname(SN_des_cbc);
357 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
358 EVP_get_cipherbyname(SN_des_ede3_cbc);
359 ssl_cipher_methods[SSL_ENC_RC4_IDX]=
360 EVP_get_cipherbyname(SN_rc4);
361 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
362 EVP_get_cipherbyname(SN_rc2_cbc);
363#ifndef OPENSSL_NO_IDEA
364 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
365 EVP_get_cipherbyname(SN_idea_cbc);
366#else
367 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
368#endif
369 ssl_cipher_methods[SSL_ENC_AES128_IDX]=
370 EVP_get_cipherbyname(SN_aes_128_cbc);
371 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
372 EVP_get_cipherbyname(SN_aes_256_cbc);
373 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
374 EVP_get_cipherbyname(SN_camellia_128_cbc);
375 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
376 EVP_get_cipherbyname(SN_camellia_256_cbc);
377 ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
378 EVP_get_cipherbyname(SN_gost89_cnt);
379 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
380 EVP_get_cipherbyname(SN_seed_cbc);
381
382 ssl_digest_methods[SSL_MD_MD5_IDX]=
383 EVP_get_digestbyname(SN_md5);
384 ssl_mac_secret_size[SSL_MD_MD5_IDX]=
385 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
386 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
387 ssl_digest_methods[SSL_MD_SHA1_IDX]=
388 EVP_get_digestbyname(SN_sha1);
389 ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
390 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
391 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
392 ssl_digest_methods[SSL_MD_GOST94_IDX]=
393 EVP_get_digestbyname(SN_id_GostR3411_94);
394 if (ssl_digest_methods[SSL_MD_GOST94_IDX])
395 {
396 ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
397 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
398 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
399 }
400 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
401 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
402 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
403 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
404 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
405 }
406
407 }
408#ifndef OPENSSL_NO_COMP
409
410static int sk_comp_cmp(const SSL_COMP * const *a,
411 const SSL_COMP * const *b)
412 {
413 return((*a)->id-(*b)->id);
414 }
415
416static void load_builtin_compressions(void)
417 {
418 int got_write_lock = 0;
419
420 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
421 if (ssl_comp_methods == NULL)
422 {
423 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
424 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
425 got_write_lock = 1;
426
427 if (ssl_comp_methods == NULL)
428 {
429 SSL_COMP *comp = NULL;
430
431 MemCheck_off();
432 ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
433 if (ssl_comp_methods != NULL)
434 {
435 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
436 if (comp != NULL)
437 {
438 comp->method=COMP_zlib();
439 if (comp->method
440 && comp->method->type == NID_undef)
441 OPENSSL_free(comp);
442 else
443 {
444 comp->id=SSL_COMP_ZLIB_IDX;
445 comp->name=comp->method->name;
446 sk_SSL_COMP_push(ssl_comp_methods,comp);
447 }
448 }
449 }
450 MemCheck_on();
451 }
452 }
453
454 if (got_write_lock)
455 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
456 else
457 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
458 }
459#endif
460
461int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
462 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
463 {
464 int i;
465 const SSL_CIPHER *c;
466
467 c=s->cipher;
468 if (c == NULL) return(0);
469 if (comp != NULL)
470 {
471 SSL_COMP ctmp;
472#ifndef OPENSSL_NO_COMP
473 load_builtin_compressions();
474#endif
475
476 *comp=NULL;
477 ctmp.id=s->compress_meth;
478 if (ssl_comp_methods != NULL)
479 {
480 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
481 if (i >= 0)
482 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
483 else
484 *comp=NULL;
485 }
486 }
487
488 if ((enc == NULL) || (md == NULL)) return(0);
489
490 switch (c->algorithm_enc)
491 {
492 case SSL_DES:
493 i=SSL_ENC_DES_IDX;
494 break;
495 case SSL_3DES:
496 i=SSL_ENC_3DES_IDX;
497 break;
498 case SSL_RC4:
499 i=SSL_ENC_RC4_IDX;
500 break;
501 case SSL_RC2:
502 i=SSL_ENC_RC2_IDX;
503 break;
504 case SSL_IDEA:
505 i=SSL_ENC_IDEA_IDX;
506 break;
507 case SSL_eNULL:
508 i=SSL_ENC_NULL_IDX;
509 break;
510 case SSL_AES128:
511 i=SSL_ENC_AES128_IDX;
512 break;
513 case SSL_AES256:
514 i=SSL_ENC_AES256_IDX;
515 break;
516 case SSL_CAMELLIA128:
517 i=SSL_ENC_CAMELLIA128_IDX;
518 break;
519 case SSL_CAMELLIA256:
520 i=SSL_ENC_CAMELLIA256_IDX;
521 break;
522 case SSL_eGOST2814789CNT:
523 i=SSL_ENC_GOST89_IDX;
524 break;
525 case SSL_SEED:
526 i=SSL_ENC_SEED_IDX;
527 break;
528 default:
529 i= -1;
530 break;
531 }
532
533 if ((i < 0) || (i > SSL_ENC_NUM_IDX))
534 *enc=NULL;
535 else
536 {
537 if (i == SSL_ENC_NULL_IDX)
538 *enc=EVP_enc_null();
539 else
540 *enc=ssl_cipher_methods[i];
541 }
542
543 switch (c->algorithm_mac)
544 {
545 case SSL_MD5:
546 i=SSL_MD_MD5_IDX;
547 break;
548 case SSL_SHA1:
549 i=SSL_MD_SHA1_IDX;
550 break;
551 case SSL_GOST94:
552 i = SSL_MD_GOST94_IDX;
553 break;
554 case SSL_GOST89MAC:
555 i = SSL_MD_GOST89MAC_IDX;
556 break;
557 default:
558 i= -1;
559 break;
560 }
561 if ((i < 0) || (i > SSL_MD_NUM_IDX))
562 {
563 *md=NULL;
564 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
565 if (mac_secret_size!=NULL) *mac_secret_size = 0;
566
567 }
568 else
569 {
570 *md=ssl_digest_methods[i];
571 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
572 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
573 }
574
575 if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
576 return(1);
577 else
578 return(0);
579 }
580
581int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
582{
583 if (idx <0||idx>=SSL_MD_NUM_IDX)
584 {
585 return 0;
586 }
587 if (ssl_handshake_digest_flag[idx]==0) return 0;
588 *mask = ssl_handshake_digest_flag[idx];
589 *md = ssl_digest_methods[idx];
590 return 1;
591}
592
593#define ITEM_SEP(a) \
594 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
595
596static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
597 CIPHER_ORDER **tail)
598 {
599 if (curr == *tail) return;
600 if (curr == *head)
601 *head=curr->next;
602 if (curr->prev != NULL)
603 curr->prev->next=curr->next;
604 if (curr->next != NULL)
605 curr->next->prev=curr->prev;
606 (*tail)->next=curr;
607 curr->prev= *tail;
608 curr->next=NULL;
609 *tail=curr;
610 }
611
612static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
613 CIPHER_ORDER **tail)
614 {
615 if (curr == *head) return;
616 if (curr == *tail)
617 *tail=curr->prev;
618 if (curr->next != NULL)
619 curr->next->prev=curr->prev;
620 if (curr->prev != NULL)
621 curr->prev->next=curr->next;
622 (*head)->prev=curr;
623 curr->next= *head;
624 curr->prev=NULL;
625 *head=curr;
626 }
627
628static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
629 {
630 *mkey = 0;
631 *auth = 0;
632 *enc = 0;
633 *mac = 0;
634 *ssl = 0;
635
636#ifdef OPENSSL_NO_RSA
637 *mkey |= SSL_kRSA;
638 *auth |= SSL_aRSA;
639#endif
640#ifdef OPENSSL_NO_DSA
641 *auth |= SSL_aDSS;
642#endif
643 *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
644 *auth |= SSL_aDH;
645#ifdef OPENSSL_NO_DH
646 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
647 *auth |= SSL_aDH;
648#endif
649#ifdef OPENSSL_NO_KRB5
650 *mkey |= SSL_kKRB5;
651 *auth |= SSL_aKRB5;
652#endif
653#ifdef OPENSSL_NO_ECDSA
654 *auth |= SSL_aECDSA;
655#endif
656#ifdef OPENSSL_NO_ECDH
657 *mkey |= SSL_kECDHe|SSL_kECDHr;
658 *auth |= SSL_aECDH;
659#endif
660#ifdef OPENSSL_NO_PSK
661 *mkey |= SSL_kPSK;
662 *auth |= SSL_aPSK;
663#endif
664 /* Check for presence of GOST 34.10 algorithms, and if they
665 * do not present, disable appropriate auth and key exchange */
666 if (!get_optional_pkey_id("gost94")) {
667 *auth |= SSL_aGOST94;
668 }
669 if (!get_optional_pkey_id("gost2001")) {
670 *auth |= SSL_aGOST01;
671 }
672 /* Disable GOST key exchange if no GOST signature algs are available * */
673 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
674 *mkey |= SSL_kGOST;
675 }
676#ifdef SSL_FORBID_ENULL
677 *enc |= SSL_eNULL;
678#endif
679
680
681
682 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
683 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
684 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
685 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
686 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
687 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
688 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
689 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
690 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
691 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
692 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
693
694 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
695 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
696 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
697 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
698
699 }
700
701static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
702 int num_of_ciphers,
703 unsigned long disabled_mkey, unsigned long disabled_auth,
704 unsigned long disabled_enc, unsigned long disabled_mac,
705 unsigned long disabled_ssl,
706 CIPHER_ORDER *co_list,
707 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
708 {
709 int i, co_list_num;
710 const SSL_CIPHER *c;
711
712 /*
713 * We have num_of_ciphers descriptions compiled in, depending on the
714 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
715 * These will later be sorted in a linked list with at most num
716 * entries.
717 */
718
719 /* Get the initial list of ciphers */
720 co_list_num = 0; /* actual count of ciphers */
721 for (i = 0; i < num_of_ciphers; i++)
722 {
723 c = ssl_method->get_cipher(i);
724 /* drop those that use any of that is not available */
725 if ((c != NULL) && c->valid &&
726 !(c->algorithm_mkey & disabled_mkey) &&
727 !(c->algorithm_auth & disabled_auth) &&
728 !(c->algorithm_enc & disabled_enc) &&
729 !(c->algorithm_mac & disabled_mac) &&
730 !(c->algorithm_ssl & disabled_ssl))
731 {
732 co_list[co_list_num].cipher = c;
733 co_list[co_list_num].next = NULL;
734 co_list[co_list_num].prev = NULL;
735 co_list[co_list_num].active = 0;
736 co_list_num++;
737#ifdef KSSL_DEBUG
738 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
739#endif /* KSSL_DEBUG */
740 /*
741 if (!sk_push(ca_list,(char *)c)) goto err;
742 */
743 }
744 }
745
746 /*
747 * Prepare linked list from list entries
748 */
749 if (co_list_num > 0)
750 {
751 co_list[0].prev = NULL;
752
753 if (co_list_num > 1)
754 {
755 co_list[0].next = &co_list[1];
756
757 for (i = 1; i < co_list_num - 1; i++)
758 {
759 co_list[i].prev = &co_list[i - 1];
760 co_list[i].next = &co_list[i + 1];
761 }
762
763 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
764 }
765
766 co_list[co_list_num - 1].next = NULL;
767
768 *head_p = &co_list[0];
769 *tail_p = &co_list[co_list_num - 1];
770 }
771 }
772
773static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
774 int num_of_group_aliases,
775 unsigned long disabled_mkey, unsigned long disabled_auth,
776 unsigned long disabled_enc, unsigned long disabled_mac,
777 unsigned long disabled_ssl,
778 CIPHER_ORDER *head)
779 {
780 CIPHER_ORDER *ciph_curr;
781 const SSL_CIPHER **ca_curr;
782 int i;
783 unsigned long mask_mkey = ~disabled_mkey;
784 unsigned long mask_auth = ~disabled_auth;
785 unsigned long mask_enc = ~disabled_enc;
786 unsigned long mask_mac = ~disabled_mac;
787 unsigned long mask_ssl = ~disabled_ssl;
788
789 /*
790 * First, add the real ciphers as already collected
791 */
792 ciph_curr = head;
793 ca_curr = ca_list;
794 while (ciph_curr != NULL)
795 {
796 *ca_curr = ciph_curr->cipher;
797 ca_curr++;
798 ciph_curr = ciph_curr->next;
799 }
800
801 /*
802 * Now we add the available ones from the cipher_aliases[] table.
803 * They represent either one or more algorithms, some of which
804 * in any affected category must be supported (set in enabled_mask),
805 * or represent a cipher strength value (will be added in any case because algorithms=0).
806 */
807 for (i = 0; i < num_of_group_aliases; i++)
808 {
809 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
810 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
811 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
812 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
813 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
814
815 if (algorithm_mkey)
816 if ((algorithm_mkey & mask_mkey) == 0)
817 continue;
818
819 if (algorithm_auth)
820 if ((algorithm_auth & mask_auth) == 0)
821 continue;
822
823 if (algorithm_enc)
824 if ((algorithm_enc & mask_enc) == 0)
825 continue;
826
827 if (algorithm_mac)
828 if ((algorithm_mac & mask_mac) == 0)
829 continue;
830
831 if (algorithm_ssl)
832 if ((algorithm_ssl & mask_ssl) == 0)
833 continue;
834
835 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
836 ca_curr++;
837 }
838
839 *ca_curr = NULL; /* end of list */
840 }
841
842static void ssl_cipher_apply_rule(unsigned long cipher_id,
843 unsigned long alg_mkey, unsigned long alg_auth,
844 unsigned long alg_enc, unsigned long alg_mac,
845 unsigned long alg_ssl,
846 unsigned long algo_strength,
847 int rule, int strength_bits,
848 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
849 {
850 CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
851 const SSL_CIPHER *cp;
852 int reverse = 0;
853
854#ifdef CIPHER_DEBUG
855 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
856 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
857#endif
858
859 if (rule == CIPHER_DEL)
860 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
861
862 head = *head_p;
863 tail = *tail_p;
864
865 if (reverse)
866 {
867 curr = tail;
868 last = head;
869 }
870 else
871 {
872 curr = head;
873 last = tail;
874 }
875
876 curr2 = curr;
877 for (;;)
878 {
879 if ((curr == NULL) || (curr == last)) break;
880 curr = curr2;
881 curr2 = reverse ? curr->prev : curr->next;
882
883 cp = curr->cipher;
884
885 /*
886 * Selection criteria is either the value of strength_bits
887 * or the algorithms used.
888 */
889 if (strength_bits >= 0)
890 {
891 if (strength_bits != cp->strength_bits)
892 continue;
893 }
894 else
895 {
896#ifdef CIPHER_DEBUG
897 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
898#endif
899
900 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
901 continue;
902 if (alg_auth && !(alg_auth & cp->algorithm_auth))
903 continue;
904 if (alg_enc && !(alg_enc & cp->algorithm_enc))
905 continue;
906 if (alg_mac && !(alg_mac & cp->algorithm_mac))
907 continue;
908 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
909 continue;
910 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
911 continue;
912 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
913 continue;
914 }
915
916#ifdef CIPHER_DEBUG
917 printf("Action = %d\n", rule);
918#endif
919
920 /* add the cipher if it has not been added yet. */
921 if (rule == CIPHER_ADD)
922 {
923 /* reverse == 0 */
924 if (!curr->active)
925 {
926 ll_append_tail(&head, curr, &tail);
927 curr->active = 1;
928 }
929 }
930 /* Move the added cipher to this location */
931 else if (rule == CIPHER_ORD)
932 {
933 /* reverse == 0 */
934 if (curr->active)
935 {
936 ll_append_tail(&head, curr, &tail);
937 }
938 }
939 else if (rule == CIPHER_DEL)
940 {
941 /* reverse == 1 */
942 if (curr->active)
943 {
944 /* most recently deleted ciphersuites get best positions
945 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
946 * works in reverse to maintain the order) */
947 ll_append_head(&head, curr, &tail);
948 curr->active = 0;
949 }
950 }
951 else if (rule == CIPHER_KILL)
952 {
953 /* reverse == 0 */
954 if (head == curr)
955 head = curr->next;
956 else
957 curr->prev->next = curr->next;
958 if (tail == curr)
959 tail = curr->prev;
960 curr->active = 0;
961 if (curr->next != NULL)
962 curr->next->prev = curr->prev;
963 if (curr->prev != NULL)
964 curr->prev->next = curr->next;
965 curr->next = NULL;
966 curr->prev = NULL;
967 }
968 }
969
970 *head_p = head;
971 *tail_p = tail;
972 }
973
974static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
975 CIPHER_ORDER **tail_p)
976 {
977 int max_strength_bits, i, *number_uses;
978 CIPHER_ORDER *curr;
979
980 /*
981 * This routine sorts the ciphers with descending strength. The sorting
982 * must keep the pre-sorted sequence, so we apply the normal sorting
983 * routine as '+' movement to the end of the list.
984 */
985 max_strength_bits = 0;
986 curr = *head_p;
987 while (curr != NULL)
988 {
989 if (curr->active &&
990 (curr->cipher->strength_bits > max_strength_bits))
991 max_strength_bits = curr->cipher->strength_bits;
992 curr = curr->next;
993 }
994
995 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
996 if (!number_uses)
997 {
998 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
999 return(0);
1000 }
1001 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
1002
1003 /*
1004 * Now find the strength_bits values actually used
1005 */
1006 curr = *head_p;
1007 while (curr != NULL)
1008 {
1009 if (curr->active)
1010 number_uses[curr->cipher->strength_bits]++;
1011 curr = curr->next;
1012 }
1013 /*
1014 * Go through the list of used strength_bits values in descending
1015 * order.
1016 */
1017 for (i = max_strength_bits; i >= 0; i--)
1018 if (number_uses[i] > 0)
1019 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
1020
1021 OPENSSL_free(number_uses);
1022 return(1);
1023 }
1024
1025static int ssl_cipher_process_rulestr(const char *rule_str,
1026 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
1027 const SSL_CIPHER **ca_list)
1028 {
1029 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
1030 const char *l, *start, *buf;
1031 int j, multi, found, rule, retval, ok, buflen;
1032 unsigned long cipher_id = 0;
1033 char ch;
1034
1035 retval = 1;
1036 l = rule_str;
1037 for (;;)
1038 {
1039 ch = *l;
1040
1041 if (ch == '\0')
1042 break; /* done */
1043 if (ch == '-')
1044 { rule = CIPHER_DEL; l++; }
1045 else if (ch == '+')
1046 { rule = CIPHER_ORD; l++; }
1047 else if (ch == '!')
1048 { rule = CIPHER_KILL; l++; }
1049 else if (ch == '@')
1050 { rule = CIPHER_SPECIAL; l++; }
1051 else
1052 { rule = CIPHER_ADD; }
1053
1054 if (ITEM_SEP(ch))
1055 {
1056 l++;
1057 continue;
1058 }
1059
1060 alg_mkey = 0;
1061 alg_auth = 0;
1062 alg_enc = 0;
1063 alg_mac = 0;
1064 alg_ssl = 0;
1065 algo_strength = 0;
1066
1067 start=l;
1068 for (;;)
1069 {
1070 ch = *l;
1071 buf = l;
1072 buflen = 0;
1073#ifndef CHARSET_EBCDIC
1074 while ( ((ch >= 'A') && (ch <= 'Z')) ||
1075 ((ch >= '0') && (ch <= '9')) ||
1076 ((ch >= 'a') && (ch <= 'z')) ||
1077 (ch == '-'))
1078#else
1079 while ( isalnum(ch) || (ch == '-'))
1080#endif
1081 {
1082 ch = *(++l);
1083 buflen++;
1084 }
1085
1086 if (buflen == 0)
1087 {
1088 /*
1089 * We hit something we cannot deal with,
1090 * it is no command or separator nor
1091 * alphanumeric, so we call this an error.
1092 */
1093 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1094 SSL_R_INVALID_COMMAND);
1095 retval = found = 0;
1096 l++;
1097 break;
1098 }
1099
1100 if (rule == CIPHER_SPECIAL)
1101 {
1102 found = 0; /* unused -- avoid compiler warning */
1103 break; /* special treatment */
1104 }
1105
1106 /* check for multi-part specification */
1107 if (ch == '+')
1108 {
1109 multi=1;
1110 l++;
1111 }
1112 else
1113 multi=0;
1114
1115 /*
1116 * Now search for the cipher alias in the ca_list. Be careful
1117 * with the strncmp, because the "buflen" limitation
1118 * will make the rule "ADH:SOME" and the cipher
1119 * "ADH-MY-CIPHER" look like a match for buflen=3.
1120 * So additionally check whether the cipher name found
1121 * has the correct length. We can save a strlen() call:
1122 * just checking for the '\0' at the right place is
1123 * sufficient, we have to strncmp() anyway. (We cannot
1124 * use strcmp(), because buf is not '\0' terminated.)
1125 */
1126 j = found = 0;
1127 cipher_id = 0;
1128 while (ca_list[j])
1129 {
1130 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1131 (ca_list[j]->name[buflen] == '\0'))
1132 {
1133 found = 1;
1134 break;
1135 }
1136 else
1137 j++;
1138 }
1139
1140 if (!found)
1141 break; /* ignore this entry */
1142
1143 if (ca_list[j]->algorithm_mkey)
1144 {
1145 if (alg_mkey)
1146 {
1147 alg_mkey &= ca_list[j]->algorithm_mkey;
1148 if (!alg_mkey) { found = 0; break; }
1149 }
1150 else
1151 alg_mkey = ca_list[j]->algorithm_mkey;
1152 }
1153
1154 if (ca_list[j]->algorithm_auth)
1155 {
1156 if (alg_auth)
1157 {
1158 alg_auth &= ca_list[j]->algorithm_auth;
1159 if (!alg_auth) { found = 0; break; }
1160 }
1161 else
1162 alg_auth = ca_list[j]->algorithm_auth;
1163 }
1164
1165 if (ca_list[j]->algorithm_enc)
1166 {
1167 if (alg_enc)
1168 {
1169 alg_enc &= ca_list[j]->algorithm_enc;
1170 if (!alg_enc) { found = 0; break; }
1171 }
1172 else
1173 alg_enc = ca_list[j]->algorithm_enc;
1174 }
1175
1176 if (ca_list[j]->algorithm_mac)
1177 {
1178 if (alg_mac)
1179 {
1180 alg_mac &= ca_list[j]->algorithm_mac;
1181 if (!alg_mac) { found = 0; break; }
1182 }
1183 else
1184 alg_mac = ca_list[j]->algorithm_mac;
1185 }
1186
1187 if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1188 {
1189 if (algo_strength & SSL_EXP_MASK)
1190 {
1191 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1192 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1193 }
1194 else
1195 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1196 }
1197
1198 if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1199 {
1200 if (algo_strength & SSL_STRONG_MASK)
1201 {
1202 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1203 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1204 }
1205 else
1206 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1207 }
1208
1209 if (ca_list[j]->valid)
1210 {
1211 /* explicit ciphersuite found; its protocol version
1212 * does not become part of the search pattern!*/
1213
1214 cipher_id = ca_list[j]->id;
1215 }
1216 else
1217 {
1218 /* not an explicit ciphersuite; only in this case, the
1219 * protocol version is considered part of the search pattern */
1220
1221 if (ca_list[j]->algorithm_ssl)
1222 {
1223 if (alg_ssl)
1224 {
1225 alg_ssl &= ca_list[j]->algorithm_ssl;
1226 if (!alg_ssl) { found = 0; break; }
1227 }
1228 else
1229 alg_ssl = ca_list[j]->algorithm_ssl;
1230 }
1231 }
1232
1233 if (!multi) break;
1234 }
1235
1236 /*
1237 * Ok, we have the rule, now apply it
1238 */
1239 if (rule == CIPHER_SPECIAL)
1240 { /* special command */
1241 ok = 0;
1242 if ((buflen == 8) &&
1243 !strncmp(buf, "STRENGTH", 8))
1244 ok = ssl_cipher_strength_sort(head_p, tail_p);
1245 else
1246 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1247 SSL_R_INVALID_COMMAND);
1248 if (ok == 0)
1249 retval = 0;
1250 /*
1251 * We do not support any "multi" options
1252 * together with "@", so throw away the
1253 * rest of the command, if any left, until
1254 * end or ':' is found.
1255 */
1256 while ((*l != '\0') && !ITEM_SEP(*l))
1257 l++;
1258 }
1259 else if (found)
1260 {
1261 ssl_cipher_apply_rule(cipher_id,
1262 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
1263 rule, -1, head_p, tail_p);
1264 }
1265 else
1266 {
1267 while ((*l != '\0') && !ITEM_SEP(*l))
1268 l++;
1269 }
1270 if (*l == '\0') break; /* done */
1271 }
1272
1273 return(retval);
1274 }
1275
1276STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1277 STACK_OF(SSL_CIPHER) **cipher_list,
1278 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1279 const char *rule_str)
1280 {
1281 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1282 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1283 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1284 const char *rule_p;
1285 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1286 const SSL_CIPHER **ca_list = NULL;
1287
1288 /*
1289 * Return with error if nothing to do.
1290 */
1291 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
1292 return NULL;
1293
1294 /*
1295 * To reduce the work to do we only want to process the compiled
1296 * in algorithms, so we first get the mask of disabled ciphers.
1297 */
1298 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1299
1300 /*
1301 * Now we have to collect the available ciphers from the compiled
1302 * in ciphers. We cannot get more than the number compiled in, so
1303 * it is used for allocation.
1304 */
1305 num_of_ciphers = ssl_method->num_ciphers();
1306#ifdef KSSL_DEBUG
1307 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1308#endif /* KSSL_DEBUG */
1309 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
1310 if (co_list == NULL)
1311 {
1312 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1313 return(NULL); /* Failure */
1314 }
1315
1316 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1317 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1318 co_list, &head, &tail);
1319
1320
1321 /* Now arrange all ciphers by preference: */
1322
1323 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1324 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1325 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1326
1327 /* AES is our preferred symmetric cipher */
1328 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1329
1330 /* Temporarily enable everything else for sorting */
1331 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1332
1333 /* Low priority for MD5 */
1334 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1335
1336 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1337 * (For applications that allow them, they aren't too bad, but we prefer
1338 * authenticated ciphers.) */
1339 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1340
1341 /* Move ciphers without forward secrecy to the end */
1342 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1343 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1344 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1345 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1346 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1347
1348 /* RC4 is sort-of broken -- move the the end */
1349 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1350
1351 /* Now sort by symmetric encryption strength. The above ordering remains
1352 * in force within each class */
1353 if (!ssl_cipher_strength_sort(&head, &tail))
1354 {
1355 OPENSSL_free(co_list);
1356 return NULL;
1357 }
1358
1359 /* Now disable everything (maintaining the ordering!) */
1360 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1361
1362
1363 /*
1364 * We also need cipher aliases for selecting based on the rule_str.
1365 * There might be two types of entries in the rule_str: 1) names
1366 * of ciphers themselves 2) aliases for groups of ciphers.
1367 * For 1) we need the available ciphers and for 2) the cipher
1368 * groups of cipher_aliases added together in one list (otherwise
1369 * we would be happy with just the cipher_aliases table).
1370 */
1371 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1372 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1373 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1374 if (ca_list == NULL)
1375 {
1376 OPENSSL_free(co_list);
1377 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1378 return(NULL); /* Failure */
1379 }
1380 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1381 disabled_mkey, disabled_auth, disabled_enc,
1382 disabled_mac, disabled_ssl, head);
1383
1384 /*
1385 * If the rule_string begins with DEFAULT, apply the default rule
1386 * before using the (possibly available) additional rules.
1387 */
1388 ok = 1;
1389 rule_p = rule_str;
1390 if (strncmp(rule_str,"DEFAULT",7) == 0)
1391 {
1392 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1393 &head, &tail, ca_list);
1394 rule_p += 7;
1395 if (*rule_p == ':')
1396 rule_p++;
1397 }
1398
1399 if (ok && (strlen(rule_p) > 0))
1400 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1401
1402 OPENSSL_free((void *)ca_list); /* Not needed anymore */
1403
1404 if (!ok)
1405 { /* Rule processing failure */
1406 OPENSSL_free(co_list);
1407 return(NULL);
1408 }
1409
1410 /*
1411 * Allocate new "cipherstack" for the result, return with error
1412 * if we cannot get one.
1413 */
1414 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1415 {
1416 OPENSSL_free(co_list);
1417 return(NULL);
1418 }
1419
1420 /*
1421 * The cipher selection for the list is done. The ciphers are added
1422 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1423 */
1424 for (curr = head; curr != NULL; curr = curr->next)
1425 {
1426 if (curr->active)
1427 {
1428 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1429#ifdef CIPHER_DEBUG
1430 printf("<%s>\n",curr->cipher->name);
1431#endif
1432 }
1433 }
1434 OPENSSL_free(co_list); /* Not needed any longer */
1435
1436 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1437 if (tmp_cipher_list == NULL)
1438 {
1439 sk_SSL_CIPHER_free(cipherstack);
1440 return NULL;
1441 }
1442 if (*cipher_list != NULL)
1443 sk_SSL_CIPHER_free(*cipher_list);
1444 *cipher_list = cipherstack;
1445 if (*cipher_list_by_id != NULL)
1446 sk_SSL_CIPHER_free(*cipher_list_by_id);
1447 *cipher_list_by_id = tmp_cipher_list;
1448 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1449
1450 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1451 return(cipherstack);
1452 }
1453
1454char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1455 {
1456 int is_export,pkl,kl;
1457 const char *ver,*exp_str;
1458 const char *kx,*au,*enc,*mac;
1459 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s;
1460#ifdef KSSL_DEBUG
1461 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1462#else
1463 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1464#endif /* KSSL_DEBUG */
1465
1466 alg_mkey = cipher->algorithm_mkey;
1467 alg_auth = cipher->algorithm_auth;
1468 alg_enc = cipher->algorithm_enc;
1469 alg_mac = cipher->algorithm_mac;
1470 alg_ssl = cipher->algorithm_ssl;
1471
1472 alg_s=cipher->algo_strength;
1473 alg2=cipher->algorithm2;
1474
1475 is_export=SSL_C_IS_EXPORT(cipher);
1476 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1477 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1478 exp_str=is_export?" export":"";
1479
1480 if (alg_ssl & SSL_SSLV2)
1481 ver="SSLv2";
1482 else if (alg_ssl & SSL_SSLV3)
1483 ver="SSLv3";
1484 else
1485 ver="unknown";
1486
1487 switch (alg_mkey)
1488 {
1489 case SSL_kRSA:
1490 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1491 break;
1492 case SSL_kDHr:
1493 kx="DH/RSA";
1494 break;
1495 case SSL_kDHd:
1496 kx="DH/DSS";
1497 break;
1498 case SSL_kKRB5:
1499 kx="KRB5";
1500 break;
1501 case SSL_kEDH:
1502 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1503 break;
1504 case SSL_kECDHr:
1505 kx="ECDH/RSA";
1506 break;
1507 case SSL_kECDHe:
1508 kx="ECDH/ECDSA";
1509 break;
1510 case SSL_kEECDH:
1511 kx="ECDH";
1512 break;
1513 case SSL_kPSK:
1514 kx="PSK";
1515 break;
1516 default:
1517 kx="unknown";
1518 }
1519
1520 switch (alg_auth)
1521 {
1522 case SSL_aRSA:
1523 au="RSA";
1524 break;
1525 case SSL_aDSS:
1526 au="DSS";
1527 break;
1528 case SSL_aDH:
1529 au="DH";
1530 break;
1531 case SSL_aKRB5:
1532 au="KRB5";
1533 break;
1534 case SSL_aECDH:
1535 au="ECDH";
1536 break;
1537 case SSL_aNULL:
1538 au="None";
1539 break;
1540 case SSL_aECDSA:
1541 au="ECDSA";
1542 break;
1543 case SSL_aPSK:
1544 au="PSK";
1545 break;
1546 default:
1547 au="unknown";
1548 break;
1549 }
1550
1551 switch (alg_enc)
1552 {
1553 case SSL_DES:
1554 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1555 break;
1556 case SSL_3DES:
1557 enc="3DES(168)";
1558 break;
1559 case SSL_RC4:
1560 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1561 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1562 break;
1563 case SSL_RC2:
1564 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1565 break;
1566 case SSL_IDEA:
1567 enc="IDEA(128)";
1568 break;
1569 case SSL_eNULL:
1570 enc="None";
1571 break;
1572 case SSL_AES128:
1573 enc="AES(128)";
1574 break;
1575 case SSL_AES256:
1576 enc="AES(256)";
1577 break;
1578 case SSL_CAMELLIA128:
1579 enc="Camellia(128)";
1580 break;
1581 case SSL_CAMELLIA256:
1582 enc="Camellia(256)";
1583 break;
1584 case SSL_SEED:
1585 enc="SEED(128)";
1586 break;
1587 default:
1588 enc="unknown";
1589 break;
1590 }
1591
1592 switch (alg_mac)
1593 {
1594 case SSL_MD5:
1595 mac="MD5";
1596 break;
1597 case SSL_SHA1:
1598 mac="SHA1";
1599 break;
1600 default:
1601 mac="unknown";
1602 break;
1603 }
1604
1605 if (buf == NULL)
1606 {
1607 len=128;
1608 buf=OPENSSL_malloc(len);
1609 if (buf == NULL) return("OPENSSL_malloc Error");
1610 }
1611 else if (len < 128)
1612 return("Buffer too small");
1613
1614#ifdef KSSL_DEBUG
1615 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1616#else
1617 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1618#endif /* KSSL_DEBUG */
1619 return(buf);
1620 }
1621
1622char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1623 {
1624 int i;
1625
1626 if (c == NULL) return("(NONE)");
1627 i=(int)(c->id>>24L);
1628 if (i == 3)
1629 return("TLSv1/SSLv3");
1630 else if (i == 2)
1631 return("SSLv2");
1632 else
1633 return("unknown");
1634 }
1635
1636/* return the actual cipher being used */
1637const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1638 {
1639 if (c != NULL)
1640 return(c->name);
1641 return("(NONE)");
1642 }
1643
1644/* number of bits for symmetric cipher */
1645int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1646 {
1647 int ret=0;
1648
1649 if (c != NULL)
1650 {
1651 if (alg_bits != NULL) *alg_bits = c->alg_bits;
1652 ret = c->strength_bits;
1653 }
1654 return(ret);
1655 }
1656
1657SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1658 {
1659 SSL_COMP *ctmp;
1660 int i,nn;
1661
1662 if ((n == 0) || (sk == NULL)) return(NULL);
1663 nn=sk_SSL_COMP_num(sk);
1664 for (i=0; i<nn; i++)
1665 {
1666 ctmp=sk_SSL_COMP_value(sk,i);
1667 if (ctmp->id == n)
1668 return(ctmp);
1669 }
1670 return(NULL);
1671 }
1672
1673#ifdef OPENSSL_NO_COMP
1674void *SSL_COMP_get_compression_methods(void)
1675 {
1676 return NULL;
1677 }
1678int SSL_COMP_add_compression_method(int id, void *cm)
1679 {
1680 return 1;
1681 }
1682
1683const char *SSL_COMP_get_name(const void *comp)
1684 {
1685 return NULL;
1686 }
1687#else
1688STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1689 {
1690 load_builtin_compressions();
1691 return(ssl_comp_methods);
1692 }
1693
1694int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1695 {
1696 SSL_COMP *comp;
1697
1698 if (cm == NULL || cm->type == NID_undef)
1699 return 1;
1700
1701 /* According to draft-ietf-tls-compression-04.txt, the
1702 compression number ranges should be the following:
1703
1704 0 to 63: methods defined by the IETF
1705 64 to 192: external party methods assigned by IANA
1706 193 to 255: reserved for private use */
1707 if (id < 193 || id > 255)
1708 {
1709 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1710 return 0;
1711 }
1712
1713 MemCheck_off();
1714 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1715 comp->id=id;
1716 comp->method=cm;
1717 load_builtin_compressions();
1718 if (ssl_comp_methods
1719 && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
1720 {
1721 OPENSSL_free(comp);
1722 MemCheck_on();
1723 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1724 return(1);
1725 }
1726 else if ((ssl_comp_methods == NULL)
1727 || !sk_SSL_COMP_push(ssl_comp_methods,comp))
1728 {
1729 OPENSSL_free(comp);
1730 MemCheck_on();
1731 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1732 return(1);
1733 }
1734 else
1735 {
1736 MemCheck_on();
1737 return(0);
1738 }
1739 }
1740
1741const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1742 {
1743 if (comp)
1744 return comp->name;
1745 return NULL;
1746 }
1747
1748#endif
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 0eed464749..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,571 +0,0 @@
1/* ssl/ssl_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/ssl.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
70
71static ERR_STRING_DATA SSL_str_functs[]=
72 {
73{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
74{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
75{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
76{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
77{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
78{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
79{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
80{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
81{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
82{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
83{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
84{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
85{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
86{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
87{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
88{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
89{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
90{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
91{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
92{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
93{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
94{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
95{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
96{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
97{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
98{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
99{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
100{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
101{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
102{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
103{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
104{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
105{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
106{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
107{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
108{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
109{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
110{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
111{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
112{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
113{ERR_FUNC(SSL_F_READ_N), "READ_N"},
114{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
115{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
116{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
117{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
118{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
119{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
120{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
121{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
122{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
123{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
124{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
125{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
126{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
127{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
128{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
129{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
130{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
131{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
132{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
133{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
134{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
135{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
136{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
137{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
138{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
139{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
140{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
141{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
142{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
143{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
144{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"},
145{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
146{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
147{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
148{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
149{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
150{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
151{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
152{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
153{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
154{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
155{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
156{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
157{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
158{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
159{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
160{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
161{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
162{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
163{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
164{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
165{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
166{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
167{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
168{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
169{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
170{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
171{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
172{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
173{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
174{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
175{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
176{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
177{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
178{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
179{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
180{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
181{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
182{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
183{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
184{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
185{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
186{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
187{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
188{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
189{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
190{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
191{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
192{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
193{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
194{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
195{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
196{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
197{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
198{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
199{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
200{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
201{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
202{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
203{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
204{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
205{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
206{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
207{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
208{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
209{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
210{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
211{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
212{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
213{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
214{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
215{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
216{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
217{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
218{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
219{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
220{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
221{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
222{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
223{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
224{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
225{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
226{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
227{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
228{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
229{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
230{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
231{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
232{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
233{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
234{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
235{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
236{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
237{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
238{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
239{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
240{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
241{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
242{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
243{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
244{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
245{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
246{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
247{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
248{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
249{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
250{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
251{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
252{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
253{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
254{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
255{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
256{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
257{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
258{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
259{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
260{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
261{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
262{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
263{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
264{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
265{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
266{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
267{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
268{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
269{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
270{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"},
271{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
272{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
273{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
274{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
275{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
276{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
277{0,NULL}
278 };
279
280static ERR_STRING_DATA SSL_str_reasons[]=
281 {
282{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
283{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
284{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
285{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
286{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
287{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
288{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
289{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
290{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
291{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
292{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
293{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
294{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
295{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
296{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
297{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
298{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"},
299{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
300{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
301{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
302{ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"},
303{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
304{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
305{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
306{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"},
307{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
308{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
309{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
310{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
311{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
312{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
313{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
314{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
315{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
316{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
317{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
318{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
319{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
320{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
321{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
322{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
323{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
324{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
325{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
326{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
327{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
328{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
329{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
330{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
331{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
332{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"},
333{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
334{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
335{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
336{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
337{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
338{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
339{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
340{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
341{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
342{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
343{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
344{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
345{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"},
346{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
347{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},
348{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
349{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
350{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
351{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
352{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
353{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
354{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
355{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
356{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
357{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
358{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
359{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
360{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
361{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
362{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
363{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
364{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
365{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
366{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
367{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
368{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
369{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
370{ERR_REASON(SSL_R_KRB5) ,"krb5"},
371{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
372{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
373{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
374{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
375{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
376{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
377{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
378{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
379{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
380{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
381{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
382{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
383{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
384{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
385{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
386{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
387{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
388{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
389{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
390{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
391{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
392{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
393{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
394{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
395{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
396{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
397{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
398{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
399{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
400{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
401{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
402{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
403{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
404{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
405{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
406{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
407{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
408{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
409{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
410{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
411{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
412{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
413{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
414{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
415{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
416{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
417{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
418{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
419{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
420{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"},
421{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"},
422{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
423{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
424{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
425{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
426{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
427{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
428{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
429{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
430{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
431{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"},
432{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
433{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
434{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
435{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
436{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
437{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
438{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
439{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
440{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
441{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
442{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"},
443{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"},
444{ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"},
445{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
446{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
447{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
448{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
449{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"},
450{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
451{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
452{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
453{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
454{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"},
455{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
456{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
457{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
458{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
459{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
460{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
461{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
462{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
463{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
464{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
465{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
466{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
467{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
468{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
469{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"},
470{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
471{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
472{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
473{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
474{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
475{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
476{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
477{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
478{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
479{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
480{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
481{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
482{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
483{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
484{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
485{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
486{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
487{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
488{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
489{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
490{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
491{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
492{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
493{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
494{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
495{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
496{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
497{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
498{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
499{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
500{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
501{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
502{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
503{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
504{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
505{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
506{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
507{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
508{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
509{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
510{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
511{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
512{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
513{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
514{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
515{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
516{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
517{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
518{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
519{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
520{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
521{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
522{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
523{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
524{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
525{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
526{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
527{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
528{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
529{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
530{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
531{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
532{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
533{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
534{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
535{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
536{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
537{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
538{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
539{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
540{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
541{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
542{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
543{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
544{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
545{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
546{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
547{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
548{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
549{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
550{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
551{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
552{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
553{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
554{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
555{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
556{0,NULL}
557 };
558
559#endif
560
561void ERR_load_SSL_strings(void)
562 {
563#ifndef OPENSSL_NO_ERR
564
565 if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
566 {
567 ERR_load_strings(0,SSL_str_functs);
568 ERR_load_strings(0,SSL_str_reasons);
569 }
570#endif
571 }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index ea95a5f983..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ssl/ssl_err2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/ssl.h>
62
63void SSL_load_error_strings(void)
64 {
65#ifndef OPENSSL_NO_ERR
66 ERR_load_crypto_strings();
67 ERR_load_SSL_strings();
68#endif
69 }
70
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 497515f9ec..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3059 +0,0 @@
1/*! \file ssl/ssl_lib.c
2 * \brief Version independent SSL functions.
3 */
4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * All rights reserved.
6 *
7 * This package is an SSL implementation written
8 * by Eric Young (eay@cryptsoft.com).
9 * The implementation was written so as to conform with Netscapes SSL.
10 *
11 * This library is free for commercial and non-commercial use as long as
12 * the following conditions are aheared to. The following conditions
13 * apply to all code found in this distribution, be it the RC4, RSA,
14 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15 * included with this distribution is covered by the same copyright terms
16 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17 *
18 * Copyright remains Eric Young's, and as such any Copyright notices in
19 * the code are not to be removed.
20 * If this package is used in a product, Eric Young should be given attribution
21 * as the author of the parts of the library used.
22 * This can be in the form of a textual message at program startup or
23 * in documentation (online or textual) provided with the package.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the copyright
29 * notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in the
32 * documentation and/or other materials provided with the distribution.
33 * 3. All advertising materials mentioning features or use of this software
34 * must display the following acknowledgement:
35 * "This product includes cryptographic software written by
36 * Eric Young (eay@cryptsoft.com)"
37 * The word 'cryptographic' can be left out if the rouines from the library
38 * being used are not cryptographic related :-).
39 * 4. If you include any Windows specific code (or a derivative thereof) from
40 * the apps directory (application code) you must include an acknowledgement:
41 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42 *
43 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * SUCH DAMAGE.
54 *
55 * The licence and distribution terms for any publically available version or
56 * derivative of this code cannot be changed. i.e. this code cannot simply be
57 * copied and put under another distribution licence
58 * [including the GNU Public Licence.]
59 */
60/* ====================================================================
61 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 *
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 *
70 * 2. Redistributions in binary form must reproduce the above copyright
71 * notice, this list of conditions and the following disclaimer in
72 * the documentation and/or other materials provided with the
73 * distribution.
74 *
75 * 3. All advertising materials mentioning features or use of this
76 * software must display the following acknowledgment:
77 * "This product includes software developed by the OpenSSL Project
78 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
79 *
80 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
81 * endorse or promote products derived from this software without
82 * prior written permission. For written permission, please contact
83 * openssl-core@openssl.org.
84 *
85 * 5. Products derived from this software may not be called "OpenSSL"
86 * nor may "OpenSSL" appear in their names without prior written
87 * permission of the OpenSSL Project.
88 *
89 * 6. Redistributions of any form whatsoever must retain the following
90 * acknowledgment:
91 * "This product includes software developed by the OpenSSL Project
92 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
93 *
94 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
95 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
97 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
98 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
99 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
100 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
101 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
102 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
103 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
104 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
105 * OF THE POSSIBILITY OF SUCH DAMAGE.
106 * ====================================================================
107 *
108 * This product includes cryptographic software written by Eric Young
109 * (eay@cryptsoft.com). This product includes software written by Tim
110 * Hudson (tjh@cryptsoft.com).
111 *
112 */
113/* ====================================================================
114 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
115 * ECC cipher suite support in OpenSSL originally developed by
116 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
117 */
118/* ====================================================================
119 * Copyright 2005 Nokia. All rights reserved.
120 *
121 * The portions of the attached software ("Contribution") is developed by
122 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * license.
124 *
125 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
126 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
127 * support (see RFC 4279) to OpenSSL.
128 *
129 * No patent licenses or other rights except those expressly stated in
130 * the OpenSSL open source license shall be deemed granted or received
131 * expressly, by implication, estoppel, or otherwise.
132 *
133 * No assurances are provided by Nokia that the Contribution does not
134 * infringe the patent or other intellectual property rights of any third
135 * party or that the license provides you with all the necessary rights
136 * to make use of the Contribution.
137 *
138 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
139 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
140 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
141 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
142 * OTHERWISE.
143 */
144
145#ifdef REF_CHECK
146# include <assert.h>
147#endif
148#include <stdio.h>
149#include "ssl_locl.h"
150#include "kssl_lcl.h"
151#include <openssl/objects.h>
152#include <openssl/lhash.h>
153#include <openssl/x509v3.h>
154#include <openssl/rand.h>
155#include <openssl/ocsp.h>
156#ifndef OPENSSL_NO_DH
157#include <openssl/dh.h>
158#endif
159#ifndef OPENSSL_NO_ENGINE
160#include <openssl/engine.h>
161#endif
162
163const char *SSL_version_str=OPENSSL_VERSION_TEXT;
164
165SSL3_ENC_METHOD ssl3_undef_enc_method={
166 /* evil casts, but these functions are only called if there's a library bug */
167 (int (*)(SSL *,int))ssl_undefined_function,
168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 ssl_undefined_function,
170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
171 (int (*)(SSL*, int))ssl_undefined_function,
172 (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function,
173 0, /* finish_mac_length */
174 (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
175 NULL, /* client_finished_label */
176 0, /* client_finished_label_len */
177 NULL, /* server_finished_label */
178 0, /* server_finished_label_len */
179 (int (*)(int))ssl_undefined_function
180 };
181
182int SSL_clear(SSL *s)
183 {
184
185 if (s->method == NULL)
186 {
187 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
188 return(0);
189 }
190
191 if (ssl_clear_bad_session(s))
192 {
193 SSL_SESSION_free(s->session);
194 s->session=NULL;
195 }
196
197 s->error=0;
198 s->hit=0;
199 s->shutdown=0;
200
201#if 0 /* Disabled since version 1.10 of this file (early return not
202 * needed because SSL_clear is not called when doing renegotiation) */
203 /* This is set if we are doing dynamic renegotiation so keep
204 * the old cipher. It is sort of a SSL_clear_lite :-) */
205 if (s->new_session) return(1);
206#else
207 if (s->new_session)
208 {
209 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
210 return 0;
211 }
212#endif
213
214 s->type=0;
215
216 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
217
218 s->version=s->method->version;
219 s->client_version=s->version;
220 s->rwstate=SSL_NOTHING;
221 s->rstate=SSL_ST_READ_HEADER;
222#if 0
223 s->read_ahead=s->ctx->read_ahead;
224#endif
225
226 if (s->init_buf != NULL)
227 {
228 BUF_MEM_free(s->init_buf);
229 s->init_buf=NULL;
230 }
231
232 ssl_clear_cipher_ctx(s);
233 ssl_clear_hash_ctx(&s->read_hash);
234 ssl_clear_hash_ctx(&s->write_hash);
235
236 s->first_packet=0;
237
238#if 1
239 /* Check to see if we were changed into a different method, if
240 * so, revert back if we are not doing session-id reuse. */
241 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
242 {
243 s->method->ssl_free(s);
244 s->method=s->ctx->method;
245 if (!s->method->ssl_new(s))
246 return(0);
247 }
248 else
249#endif
250 s->method->ssl_clear(s);
251 return(1);
252 }
253
254/** Used to change an SSL_CTXs default SSL method type */
255int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
256 {
257 STACK_OF(SSL_CIPHER) *sk;
258
259 ctx->method=meth;
260
261 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
262 &(ctx->cipher_list_by_id),
263 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
264 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
265 {
266 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
267 return(0);
268 }
269 return(1);
270 }
271
272SSL *SSL_new(SSL_CTX *ctx)
273 {
274 SSL *s;
275
276 if (ctx == NULL)
277 {
278 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
279 return(NULL);
280 }
281 if (ctx->method == NULL)
282 {
283 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
284 return(NULL);
285 }
286
287 s=(SSL *)OPENSSL_malloc(sizeof(SSL));
288 if (s == NULL) goto err;
289 memset(s,0,sizeof(SSL));
290
291#ifndef OPENSSL_NO_KRB5
292 s->kssl_ctx = kssl_ctx_new();
293#endif /* OPENSSL_NO_KRB5 */
294
295 s->options=ctx->options;
296 s->mode=ctx->mode;
297 s->max_cert_list=ctx->max_cert_list;
298
299 if (ctx->cert != NULL)
300 {
301 /* Earlier library versions used to copy the pointer to
302 * the CERT, not its contents; only when setting new
303 * parameters for the per-SSL copy, ssl_cert_new would be
304 * called (and the direct reference to the per-SSL_CTX
305 * settings would be lost, but those still were indirectly
306 * accessed for various purposes, and for that reason they
307 * used to be known as s->ctx->default_cert).
308 * Now we don't look at the SSL_CTX's CERT after having
309 * duplicated it once. */
310
311 s->cert = ssl_cert_dup(ctx->cert);
312 if (s->cert == NULL)
313 goto err;
314 }
315 else
316 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
317
318 s->read_ahead=ctx->read_ahead;
319 s->msg_callback=ctx->msg_callback;
320 s->msg_callback_arg=ctx->msg_callback_arg;
321 s->verify_mode=ctx->verify_mode;
322#if 0
323 s->verify_depth=ctx->verify_depth;
324#endif
325 s->sid_ctx_length=ctx->sid_ctx_length;
326 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
327 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
328 s->verify_callback=ctx->default_verify_callback;
329 s->generate_session_id=ctx->generate_session_id;
330
331 s->param = X509_VERIFY_PARAM_new();
332 if (!s->param)
333 goto err;
334 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
335#if 0
336 s->purpose = ctx->purpose;
337 s->trust = ctx->trust;
338#endif
339 s->quiet_shutdown=ctx->quiet_shutdown;
340 s->max_send_fragment = ctx->max_send_fragment;
341
342 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
343 s->ctx=ctx;
344#ifndef OPENSSL_NO_TLSEXT
345 s->tlsext_debug_cb = 0;
346 s->tlsext_debug_arg = NULL;
347 s->tlsext_ticket_expected = 0;
348 s->tlsext_status_type = -1;
349 s->tlsext_status_expected = 0;
350 s->tlsext_ocsp_ids = NULL;
351 s->tlsext_ocsp_exts = NULL;
352 s->tlsext_ocsp_resp = NULL;
353 s->tlsext_ocsp_resplen = -1;
354 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
355 s->initial_ctx=ctx;
356#endif
357
358 s->verify_result=X509_V_OK;
359
360 s->method=ctx->method;
361
362 if (!s->method->ssl_new(s))
363 goto err;
364
365 s->references=1;
366 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
367
368 SSL_clear(s);
369
370 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
371
372#ifndef OPENSSL_NO_PSK
373 s->psk_client_callback=ctx->psk_client_callback;
374 s->psk_server_callback=ctx->psk_server_callback;
375#endif
376
377 return(s);
378err:
379 if (s != NULL)
380 {
381 if (s->cert != NULL)
382 ssl_cert_free(s->cert);
383 if (s->ctx != NULL)
384 SSL_CTX_free(s->ctx); /* decrement reference count */
385 OPENSSL_free(s);
386 }
387 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
388 return(NULL);
389 }
390
391int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
392 unsigned int sid_ctx_len)
393 {
394 if(sid_ctx_len > sizeof ctx->sid_ctx)
395 {
396 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
397 return 0;
398 }
399 ctx->sid_ctx_length=sid_ctx_len;
400 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
401
402 return 1;
403 }
404
405int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
406 unsigned int sid_ctx_len)
407 {
408 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
409 {
410 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
411 return 0;
412 }
413 ssl->sid_ctx_length=sid_ctx_len;
414 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
415
416 return 1;
417 }
418
419int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
420 {
421 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
422 ctx->generate_session_id = cb;
423 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
424 return 1;
425 }
426
427int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
428 {
429 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
430 ssl->generate_session_id = cb;
431 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
432 return 1;
433 }
434
435int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
436 unsigned int id_len)
437 {
438 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
439 * we can "construct" a session to give us the desired check - ie. to
440 * find if there's a session in the hash table that would conflict with
441 * any new session built out of this id/id_len and the ssl_version in
442 * use by this SSL. */
443 SSL_SESSION r, *p;
444
445 if(id_len > sizeof r.session_id)
446 return 0;
447
448 r.ssl_version = ssl->version;
449 r.session_id_length = id_len;
450 memcpy(r.session_id, id, id_len);
451 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
452 * callback is calling us to check the uniqueness of a shorter ID, it
453 * must be compared as a padded-out ID because that is what it will be
454 * converted to when the callback has finished choosing it. */
455 if((r.ssl_version == SSL2_VERSION) &&
456 (id_len < SSL2_SSL_SESSION_ID_LENGTH))
457 {
458 memset(r.session_id + id_len, 0,
459 SSL2_SSL_SESSION_ID_LENGTH - id_len);
460 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
461 }
462
463 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
464 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
465 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
466 return (p != NULL);
467 }
468
469int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
470 {
471 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
472 }
473
474int SSL_set_purpose(SSL *s, int purpose)
475 {
476 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
477 }
478
479int SSL_CTX_set_trust(SSL_CTX *s, int trust)
480 {
481 return X509_VERIFY_PARAM_set_trust(s->param, trust);
482 }
483
484int SSL_set_trust(SSL *s, int trust)
485 {
486 return X509_VERIFY_PARAM_set_trust(s->param, trust);
487 }
488
489int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
490 {
491 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
492 }
493
494int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
495 {
496 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
497 }
498
499void SSL_free(SSL *s)
500 {
501 int i;
502
503 if(s == NULL)
504 return;
505
506 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
507#ifdef REF_PRINT
508 REF_PRINT("SSL",s);
509#endif
510 if (i > 0) return;
511#ifdef REF_CHECK
512 if (i < 0)
513 {
514 fprintf(stderr,"SSL_free, bad reference count\n");
515 abort(); /* ok */
516 }
517#endif
518
519 if (s->param)
520 X509_VERIFY_PARAM_free(s->param);
521
522 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
523
524 if (s->bbio != NULL)
525 {
526 /* If the buffering BIO is in place, pop it off */
527 if (s->bbio == s->wbio)
528 {
529 s->wbio=BIO_pop(s->wbio);
530 }
531 BIO_free(s->bbio);
532 s->bbio=NULL;
533 }
534 if (s->rbio != NULL)
535 BIO_free_all(s->rbio);
536 if ((s->wbio != NULL) && (s->wbio != s->rbio))
537 BIO_free_all(s->wbio);
538
539 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
540
541 /* add extra stuff */
542 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
543 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
544
545 /* Make the next call work :-) */
546 if (s->session != NULL)
547 {
548 ssl_clear_bad_session(s);
549 SSL_SESSION_free(s->session);
550 }
551
552 ssl_clear_cipher_ctx(s);
553 ssl_clear_hash_ctx(&s->read_hash);
554 ssl_clear_hash_ctx(&s->write_hash);
555
556 if (s->cert != NULL) ssl_cert_free(s->cert);
557 /* Free up if allocated */
558
559#ifndef OPENSSL_NO_TLSEXT
560 if (s->tlsext_hostname)
561 OPENSSL_free(s->tlsext_hostname);
562 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
563#ifndef OPENSSL_NO_EC
564 if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
565 if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
566#endif /* OPENSSL_NO_EC */
567 if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
568 if (s->tlsext_ocsp_exts)
569 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
570 X509_EXTENSION_free);
571 if (s->tlsext_ocsp_ids)
572 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
573 if (s->tlsext_ocsp_resp)
574 OPENSSL_free(s->tlsext_ocsp_resp);
575#endif
576
577 if (s->client_CA != NULL)
578 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
579
580 if (s->method != NULL) s->method->ssl_free(s);
581
582 if (s->ctx) SSL_CTX_free(s->ctx);
583
584#ifndef OPENSSL_NO_KRB5
585 if (s->kssl_ctx != NULL)
586 kssl_ctx_free(s->kssl_ctx);
587#endif /* OPENSSL_NO_KRB5 */
588
589 OPENSSL_free(s);
590 }
591
592void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
593 {
594 /* If the output buffering BIO is still in place, remove it
595 */
596 if (s->bbio != NULL)
597 {
598 if (s->wbio == s->bbio)
599 {
600 s->wbio=s->wbio->next_bio;
601 s->bbio->next_bio=NULL;
602 }
603 }
604 if ((s->rbio != NULL) && (s->rbio != rbio))
605 BIO_free_all(s->rbio);
606 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
607 BIO_free_all(s->wbio);
608 s->rbio=rbio;
609 s->wbio=wbio;
610 }
611
612BIO *SSL_get_rbio(const SSL *s)
613 { return(s->rbio); }
614
615BIO *SSL_get_wbio(const SSL *s)
616 { return(s->wbio); }
617
618int SSL_get_fd(const SSL *s)
619 {
620 return(SSL_get_rfd(s));
621 }
622
623int SSL_get_rfd(const SSL *s)
624 {
625 int ret= -1;
626 BIO *b,*r;
627
628 b=SSL_get_rbio(s);
629 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
630 if (r != NULL)
631 BIO_get_fd(r,&ret);
632 return(ret);
633 }
634
635int SSL_get_wfd(const SSL *s)
636 {
637 int ret= -1;
638 BIO *b,*r;
639
640 b=SSL_get_wbio(s);
641 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
642 if (r != NULL)
643 BIO_get_fd(r,&ret);
644 return(ret);
645 }
646
647#ifndef OPENSSL_NO_SOCK
648int SSL_set_fd(SSL *s,int fd)
649 {
650 int ret=0;
651 BIO *bio=NULL;
652
653 bio=BIO_new(BIO_s_socket());
654
655 if (bio == NULL)
656 {
657 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
658 goto err;
659 }
660 BIO_set_fd(bio,fd,BIO_NOCLOSE);
661 SSL_set_bio(s,bio,bio);
662 ret=1;
663err:
664 return(ret);
665 }
666
667int SSL_set_wfd(SSL *s,int fd)
668 {
669 int ret=0;
670 BIO *bio=NULL;
671
672 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
673 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
674 {
675 bio=BIO_new(BIO_s_socket());
676
677 if (bio == NULL)
678 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
679 BIO_set_fd(bio,fd,BIO_NOCLOSE);
680 SSL_set_bio(s,SSL_get_rbio(s),bio);
681 }
682 else
683 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
684 ret=1;
685err:
686 return(ret);
687 }
688
689int SSL_set_rfd(SSL *s,int fd)
690 {
691 int ret=0;
692 BIO *bio=NULL;
693
694 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
695 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
696 {
697 bio=BIO_new(BIO_s_socket());
698
699 if (bio == NULL)
700 {
701 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
702 goto err;
703 }
704 BIO_set_fd(bio,fd,BIO_NOCLOSE);
705 SSL_set_bio(s,bio,SSL_get_wbio(s));
706 }
707 else
708 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
709 ret=1;
710err:
711 return(ret);
712 }
713#endif
714
715
716/* return length of latest Finished message we sent, copy to 'buf' */
717size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
718 {
719 size_t ret = 0;
720
721 if (s->s3 != NULL)
722 {
723 ret = s->s3->tmp.finish_md_len;
724 if (count > ret)
725 count = ret;
726 memcpy(buf, s->s3->tmp.finish_md, count);
727 }
728 return ret;
729 }
730
731/* return length of latest Finished message we expected, copy to 'buf' */
732size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
733 {
734 size_t ret = 0;
735
736 if (s->s3 != NULL)
737 {
738 ret = s->s3->tmp.peer_finish_md_len;
739 if (count > ret)
740 count = ret;
741 memcpy(buf, s->s3->tmp.peer_finish_md, count);
742 }
743 return ret;
744 }
745
746
747int SSL_get_verify_mode(const SSL *s)
748 {
749 return(s->verify_mode);
750 }
751
752int SSL_get_verify_depth(const SSL *s)
753 {
754 return X509_VERIFY_PARAM_get_depth(s->param);
755 }
756
757int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
758 {
759 return(s->verify_callback);
760 }
761
762int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
763 {
764 return(ctx->verify_mode);
765 }
766
767int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
768 {
769 return X509_VERIFY_PARAM_get_depth(ctx->param);
770 }
771
772int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
773 {
774 return(ctx->default_verify_callback);
775 }
776
777void SSL_set_verify(SSL *s,int mode,
778 int (*callback)(int ok,X509_STORE_CTX *ctx))
779 {
780 s->verify_mode=mode;
781 if (callback != NULL)
782 s->verify_callback=callback;
783 }
784
785void SSL_set_verify_depth(SSL *s,int depth)
786 {
787 X509_VERIFY_PARAM_set_depth(s->param, depth);
788 }
789
790void SSL_set_read_ahead(SSL *s,int yes)
791 {
792 s->read_ahead=yes;
793 }
794
795int SSL_get_read_ahead(const SSL *s)
796 {
797 return(s->read_ahead);
798 }
799
800int SSL_pending(const SSL *s)
801 {
802 /* SSL_pending cannot work properly if read-ahead is enabled
803 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
804 * and it is impossible to fix since SSL_pending cannot report
805 * errors that may be observed while scanning the new data.
806 * (Note that SSL_pending() is often used as a boolean value,
807 * so we'd better not return -1.)
808 */
809 return(s->method->ssl_pending(s));
810 }
811
812X509 *SSL_get_peer_certificate(const SSL *s)
813 {
814 X509 *r;
815
816 if ((s == NULL) || (s->session == NULL))
817 r=NULL;
818 else
819 r=s->session->peer;
820
821 if (r == NULL) return(r);
822
823 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
824
825 return(r);
826 }
827
828STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
829 {
830 STACK_OF(X509) *r;
831
832 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
833 r=NULL;
834 else
835 r=s->session->sess_cert->cert_chain;
836
837 /* If we are a client, cert_chain includes the peer's own
838 * certificate; if we are a server, it does not. */
839
840 return(r);
841 }
842
843/* Now in theory, since the calling process own 't' it should be safe to
844 * modify. We need to be able to read f without being hassled */
845void SSL_copy_session_id(SSL *t,const SSL *f)
846 {
847 CERT *tmp;
848
849 /* Do we need to to SSL locking? */
850 SSL_set_session(t,SSL_get_session(f));
851
852 /* what if we are setup as SSLv2 but want to talk SSLv3 or
853 * vice-versa */
854 if (t->method != f->method)
855 {
856 t->method->ssl_free(t); /* cleanup current */
857 t->method=f->method; /* change method */
858 t->method->ssl_new(t); /* setup new */
859 }
860
861 tmp=t->cert;
862 if (f->cert != NULL)
863 {
864 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
865 t->cert=f->cert;
866 }
867 else
868 t->cert=NULL;
869 if (tmp != NULL) ssl_cert_free(tmp);
870 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
871 }
872
873/* Fix this so it checks all the valid key/cert options */
874int SSL_CTX_check_private_key(const SSL_CTX *ctx)
875 {
876 if ( (ctx == NULL) ||
877 (ctx->cert == NULL) ||
878 (ctx->cert->key->x509 == NULL))
879 {
880 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
881 return(0);
882 }
883 if (ctx->cert->key->privatekey == NULL)
884 {
885 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
886 return(0);
887 }
888 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
889 }
890
891/* Fix this function so that it takes an optional type parameter */
892int SSL_check_private_key(const SSL *ssl)
893 {
894 if (ssl == NULL)
895 {
896 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
897 return(0);
898 }
899 if (ssl->cert == NULL)
900 {
901 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
902 return 0;
903 }
904 if (ssl->cert->key->x509 == NULL)
905 {
906 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
907 return(0);
908 }
909 if (ssl->cert->key->privatekey == NULL)
910 {
911 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
912 return(0);
913 }
914 return(X509_check_private_key(ssl->cert->key->x509,
915 ssl->cert->key->privatekey));
916 }
917
918int SSL_accept(SSL *s)
919 {
920 if (s->handshake_func == 0)
921 /* Not properly initialized yet */
922 SSL_set_accept_state(s);
923
924 return(s->method->ssl_accept(s));
925 }
926
927int SSL_connect(SSL *s)
928 {
929 if (s->handshake_func == 0)
930 /* Not properly initialized yet */
931 SSL_set_connect_state(s);
932
933 return(s->method->ssl_connect(s));
934 }
935
936long SSL_get_default_timeout(const SSL *s)
937 {
938 return(s->method->get_timeout());
939 }
940
941int SSL_read(SSL *s,void *buf,int num)
942 {
943 if (s->handshake_func == 0)
944 {
945 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
946 return -1;
947 }
948
949 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
950 {
951 s->rwstate=SSL_NOTHING;
952 return(0);
953 }
954 return(s->method->ssl_read(s,buf,num));
955 }
956
957int SSL_peek(SSL *s,void *buf,int num)
958 {
959 if (s->handshake_func == 0)
960 {
961 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
962 return -1;
963 }
964
965 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
966 {
967 return(0);
968 }
969 return(s->method->ssl_peek(s,buf,num));
970 }
971
972int SSL_write(SSL *s,const void *buf,int num)
973 {
974 if (s->handshake_func == 0)
975 {
976 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
977 return -1;
978 }
979
980 if (s->shutdown & SSL_SENT_SHUTDOWN)
981 {
982 s->rwstate=SSL_NOTHING;
983 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
984 return(-1);
985 }
986 return(s->method->ssl_write(s,buf,num));
987 }
988
989int SSL_shutdown(SSL *s)
990 {
991 /* Note that this function behaves differently from what one might
992 * expect. Return values are 0 for no success (yet),
993 * 1 for success; but calling it once is usually not enough,
994 * even if blocking I/O is used (see ssl3_shutdown).
995 */
996
997 if (s->handshake_func == 0)
998 {
999 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
1000 return -1;
1001 }
1002
1003 if ((s != NULL) && !SSL_in_init(s))
1004 return(s->method->ssl_shutdown(s));
1005 else
1006 return(1);
1007 }
1008
1009int SSL_renegotiate(SSL *s)
1010 {
1011 if (s->new_session == 0)
1012 {
1013 s->new_session=1;
1014 }
1015 return(s->method->ssl_renegotiate(s));
1016 }
1017
1018int SSL_renegotiate_pending(SSL *s)
1019 {
1020 /* becomes true when negotiation is requested;
1021 * false again once a handshake has finished */
1022 return (s->new_session != 0);
1023 }
1024
1025long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1026 {
1027 long l;
1028
1029 switch (cmd)
1030 {
1031 case SSL_CTRL_GET_READ_AHEAD:
1032 return(s->read_ahead);
1033 case SSL_CTRL_SET_READ_AHEAD:
1034 l=s->read_ahead;
1035 s->read_ahead=larg;
1036 return(l);
1037
1038 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1039 s->msg_callback_arg = parg;
1040 return 1;
1041
1042 case SSL_CTRL_OPTIONS:
1043 return(s->options|=larg);
1044 case SSL_CTRL_CLEAR_OPTIONS:
1045 return(s->options&=~larg);
1046 case SSL_CTRL_MODE:
1047 return(s->mode|=larg);
1048 case SSL_CTRL_CLEAR_MODE:
1049 return(s->mode &=~larg);
1050 case SSL_CTRL_GET_MAX_CERT_LIST:
1051 return(s->max_cert_list);
1052 case SSL_CTRL_SET_MAX_CERT_LIST:
1053 l=s->max_cert_list;
1054 s->max_cert_list=larg;
1055 return(l);
1056 case SSL_CTRL_SET_MTU:
1057 if (SSL_version(s) == DTLS1_VERSION ||
1058 SSL_version(s) == DTLS1_BAD_VER)
1059 {
1060 s->d1->mtu = larg;
1061 return larg;
1062 }
1063 return 0;
1064 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1065 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1066 return 0;
1067 s->max_send_fragment = larg;
1068 return 1;
1069 case SSL_CTRL_GET_RI_SUPPORT:
1070 if (s->s3)
1071 return s->s3->send_connection_binding;
1072 else return 0;
1073 default:
1074 return(s->method->ssl_ctrl(s,cmd,larg,parg));
1075 }
1076 }
1077
1078long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1079 {
1080 switch(cmd)
1081 {
1082 case SSL_CTRL_SET_MSG_CALLBACK:
1083 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1084 return 1;
1085
1086 default:
1087 return(s->method->ssl_callback_ctrl(s,cmd,fp));
1088 }
1089 }
1090
1091LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
1092 {
1093 return ctx->sessions;
1094 }
1095
1096long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1097 {
1098 long l;
1099
1100 switch (cmd)
1101 {
1102 case SSL_CTRL_GET_READ_AHEAD:
1103 return(ctx->read_ahead);
1104 case SSL_CTRL_SET_READ_AHEAD:
1105 l=ctx->read_ahead;
1106 ctx->read_ahead=larg;
1107 return(l);
1108
1109 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1110 ctx->msg_callback_arg = parg;
1111 return 1;
1112
1113 case SSL_CTRL_GET_MAX_CERT_LIST:
1114 return(ctx->max_cert_list);
1115 case SSL_CTRL_SET_MAX_CERT_LIST:
1116 l=ctx->max_cert_list;
1117 ctx->max_cert_list=larg;
1118 return(l);
1119
1120 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1121 l=ctx->session_cache_size;
1122 ctx->session_cache_size=larg;
1123 return(l);
1124 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1125 return(ctx->session_cache_size);
1126 case SSL_CTRL_SET_SESS_CACHE_MODE:
1127 l=ctx->session_cache_mode;
1128 ctx->session_cache_mode=larg;
1129 return(l);
1130 case SSL_CTRL_GET_SESS_CACHE_MODE:
1131 return(ctx->session_cache_mode);
1132
1133 case SSL_CTRL_SESS_NUMBER:
1134 return(lh_SSL_SESSION_num_items(ctx->sessions));
1135 case SSL_CTRL_SESS_CONNECT:
1136 return(ctx->stats.sess_connect);
1137 case SSL_CTRL_SESS_CONNECT_GOOD:
1138 return(ctx->stats.sess_connect_good);
1139 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1140 return(ctx->stats.sess_connect_renegotiate);
1141 case SSL_CTRL_SESS_ACCEPT:
1142 return(ctx->stats.sess_accept);
1143 case SSL_CTRL_SESS_ACCEPT_GOOD:
1144 return(ctx->stats.sess_accept_good);
1145 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1146 return(ctx->stats.sess_accept_renegotiate);
1147 case SSL_CTRL_SESS_HIT:
1148 return(ctx->stats.sess_hit);
1149 case SSL_CTRL_SESS_CB_HIT:
1150 return(ctx->stats.sess_cb_hit);
1151 case SSL_CTRL_SESS_MISSES:
1152 return(ctx->stats.sess_miss);
1153 case SSL_CTRL_SESS_TIMEOUTS:
1154 return(ctx->stats.sess_timeout);
1155 case SSL_CTRL_SESS_CACHE_FULL:
1156 return(ctx->stats.sess_cache_full);
1157 case SSL_CTRL_OPTIONS:
1158 return(ctx->options|=larg);
1159 case SSL_CTRL_CLEAR_OPTIONS:
1160 return(ctx->options&=~larg);
1161 case SSL_CTRL_MODE:
1162 return(ctx->mode|=larg);
1163 case SSL_CTRL_CLEAR_MODE:
1164 return(ctx->mode&=~larg);
1165 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1166 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1167 return 0;
1168 ctx->max_send_fragment = larg;
1169 return 1;
1170 default:
1171 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
1172 }
1173 }
1174
1175long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1176 {
1177 switch(cmd)
1178 {
1179 case SSL_CTRL_SET_MSG_CALLBACK:
1180 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1181 return 1;
1182
1183 default:
1184 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
1185 }
1186 }
1187
1188int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1189 {
1190 long l;
1191
1192 l=a->id-b->id;
1193 if (l == 0L)
1194 return(0);
1195 else
1196 return((l > 0)?1:-1);
1197 }
1198
1199int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1200 const SSL_CIPHER * const *bp)
1201 {
1202 long l;
1203
1204 l=(*ap)->id-(*bp)->id;
1205 if (l == 0L)
1206 return(0);
1207 else
1208 return((l > 0)?1:-1);
1209 }
1210
1211/** return a STACK of the ciphers available for the SSL and in order of
1212 * preference */
1213STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
1214 {
1215 if (s != NULL)
1216 {
1217 if (s->cipher_list != NULL)
1218 {
1219 return(s->cipher_list);
1220 }
1221 else if ((s->ctx != NULL) &&
1222 (s->ctx->cipher_list != NULL))
1223 {
1224 return(s->ctx->cipher_list);
1225 }
1226 }
1227 return(NULL);
1228 }
1229
1230/** return a STACK of the ciphers available for the SSL and in order of
1231 * algorithm id */
1232STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
1233 {
1234 if (s != NULL)
1235 {
1236 if (s->cipher_list_by_id != NULL)
1237 {
1238 return(s->cipher_list_by_id);
1239 }
1240 else if ((s->ctx != NULL) &&
1241 (s->ctx->cipher_list_by_id != NULL))
1242 {
1243 return(s->ctx->cipher_list_by_id);
1244 }
1245 }
1246 return(NULL);
1247 }
1248
1249/** The old interface to get the same thing as SSL_get_ciphers() */
1250const char *SSL_get_cipher_list(const SSL *s,int n)
1251 {
1252 SSL_CIPHER *c;
1253 STACK_OF(SSL_CIPHER) *sk;
1254
1255 if (s == NULL) return(NULL);
1256 sk=SSL_get_ciphers(s);
1257 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1258 return(NULL);
1259 c=sk_SSL_CIPHER_value(sk,n);
1260 if (c == NULL) return(NULL);
1261 return(c->name);
1262 }
1263
1264/** specify the ciphers to be used by default by the SSL_CTX */
1265int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1266 {
1267 STACK_OF(SSL_CIPHER) *sk;
1268
1269 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1270 &ctx->cipher_list_by_id,str);
1271 /* ssl_create_cipher_list may return an empty stack if it
1272 * was unable to find a cipher matching the given rule string
1273 * (for example if the rule string specifies a cipher which
1274 * has been disabled). This is not an error as far as
1275 * ssl_create_cipher_list is concerned, and hence
1276 * ctx->cipher_list and ctx->cipher_list_by_id has been
1277 * updated. */
1278 if (sk == NULL)
1279 return 0;
1280 else if (sk_SSL_CIPHER_num(sk) == 0)
1281 {
1282 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1283 return 0;
1284 }
1285 return 1;
1286 }
1287
1288/** specify the ciphers to be used by the SSL */
1289int SSL_set_cipher_list(SSL *s,const char *str)
1290 {
1291 STACK_OF(SSL_CIPHER) *sk;
1292
1293 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1294 &s->cipher_list_by_id,str);
1295 /* see comment in SSL_CTX_set_cipher_list */
1296 if (sk == NULL)
1297 return 0;
1298 else if (sk_SSL_CIPHER_num(sk) == 0)
1299 {
1300 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1301 return 0;
1302 }
1303 return 1;
1304 }
1305
1306/* works well for SSLv2, not so good for SSLv3 */
1307char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1308 {
1309 char *end;
1310 STACK_OF(SSL_CIPHER) *sk;
1311 SSL_CIPHER *c;
1312 size_t curlen = 0;
1313 int i;
1314
1315 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1316 (len < 2))
1317 return(NULL);
1318
1319 sk=s->session->ciphers;
1320 buf[0] = '\0';
1321 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1322 {
1323 c=sk_SSL_CIPHER_value(sk,i);
1324 end = buf + curlen;
1325 if (strlcat(buf, c->name, len) >= len ||
1326 (curlen = strlcat(buf, ":", len)) >= len)
1327 {
1328 /* remove truncated cipher from list */
1329 *end = '\0';
1330 break;
1331 }
1332 }
1333 /* remove trailing colon */
1334 if ((end = strrchr(buf, ':')) != NULL)
1335 *end = '\0';
1336 return(buf);
1337 }
1338
1339int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1340 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1341 {
1342 int i,j=0;
1343 SSL_CIPHER *c;
1344 unsigned char *q;
1345#ifndef OPENSSL_NO_KRB5
1346 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1347#endif /* OPENSSL_NO_KRB5 */
1348
1349 if (sk == NULL) return(0);
1350 q=p;
1351
1352 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1353 {
1354 c=sk_SSL_CIPHER_value(sk,i);
1355#ifndef OPENSSL_NO_KRB5
1356 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
1357 nokrb5)
1358 continue;
1359#endif /* OPENSSL_NO_KRB5 */
1360#ifndef OPENSSL_NO_PSK
1361 /* with PSK there must be client callback set */
1362 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
1363 s->psk_client_callback == NULL)
1364 continue;
1365#endif /* OPENSSL_NO_PSK */
1366 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1367 p+=j;
1368 }
1369 /* If p == q, no ciphers and caller indicates an error. Otherwise
1370 * add SCSV if not renegotiating.
1371 */
1372 if (p != q && !s->new_session)
1373 {
1374 static SSL_CIPHER scsv =
1375 {
1376 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1377 };
1378 j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
1379 p+=j;
1380#ifdef OPENSSL_RI_DEBUG
1381 fprintf(stderr, "SCSV sent by client\n");
1382#endif
1383 }
1384
1385 return(p-q);
1386 }
1387
1388STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1389 STACK_OF(SSL_CIPHER) **skp)
1390 {
1391 const SSL_CIPHER *c;
1392 STACK_OF(SSL_CIPHER) *sk;
1393 int i,n;
1394 if (s->s3)
1395 s->s3->send_connection_binding = 0;
1396
1397 n=ssl_put_cipher_by_char(s,NULL,NULL);
1398 if ((num%n) != 0)
1399 {
1400 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1401 return(NULL);
1402 }
1403 if ((skp == NULL) || (*skp == NULL))
1404 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1405 else
1406 {
1407 sk= *skp;
1408 sk_SSL_CIPHER_zero(sk);
1409 }
1410
1411 for (i=0; i<num; i+=n)
1412 {
1413 /* Check for SCSV */
1414 if (s->s3 && (n != 3 || !p[0]) &&
1415 (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1416 (p[n-1] == (SSL3_CK_SCSV & 0xff)))
1417 {
1418 /* SCSV fatal if renegotiating */
1419 if (s->new_session)
1420 {
1421 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1422 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1423 goto err;
1424 }
1425 s->s3->send_connection_binding = 1;
1426 p += n;
1427#ifdef OPENSSL_RI_DEBUG
1428 fprintf(stderr, "SCSV received by server\n");
1429#endif
1430 continue;
1431 }
1432
1433 c=ssl_get_cipher_by_char(s,p);
1434 p+=n;
1435 if (c != NULL)
1436 {
1437 if (!sk_SSL_CIPHER_push(sk,c))
1438 {
1439 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1440 goto err;
1441 }
1442 }
1443 }
1444
1445 if (skp != NULL)
1446 *skp=sk;
1447 return(sk);
1448err:
1449 if ((skp == NULL) || (*skp == NULL))
1450 sk_SSL_CIPHER_free(sk);
1451 return(NULL);
1452 }
1453
1454
1455#ifndef OPENSSL_NO_TLSEXT
1456/** return a servername extension value if provided in Client Hello, or NULL.
1457 * So far, only host_name types are defined (RFC 3546).
1458 */
1459
1460const char *SSL_get_servername(const SSL *s, const int type)
1461 {
1462 if (type != TLSEXT_NAMETYPE_host_name)
1463 return NULL;
1464
1465 return s->session && !s->tlsext_hostname ?
1466 s->session->tlsext_hostname :
1467 s->tlsext_hostname;
1468 }
1469
1470int SSL_get_servername_type(const SSL *s)
1471 {
1472 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1473 return TLSEXT_NAMETYPE_host_name;
1474 return -1;
1475 }
1476#endif
1477
1478static unsigned long ssl_session_hash(const SSL_SESSION *a)
1479 {
1480 unsigned long l;
1481
1482 l=(unsigned long)
1483 ((unsigned int) a->session_id[0] )|
1484 ((unsigned int) a->session_id[1]<< 8L)|
1485 ((unsigned long)a->session_id[2]<<16L)|
1486 ((unsigned long)a->session_id[3]<<24L);
1487 return(l);
1488 }
1489
1490/* NB: If this function (or indeed the hash function which uses a sort of
1491 * coarser function than this one) is changed, ensure
1492 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1493 * able to construct an SSL_SESSION that will collide with any existing session
1494 * with a matching session ID. */
1495static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
1496 {
1497 if (a->ssl_version != b->ssl_version)
1498 return(1);
1499 if (a->session_id_length != b->session_id_length)
1500 return(1);
1501 return(memcmp(a->session_id,b->session_id,a->session_id_length));
1502 }
1503
1504/* These wrapper functions should remain rather than redeclaring
1505 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1506 * variable. The reason is that the functions aren't static, they're exposed via
1507 * ssl.h. */
1508static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1509static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1510
1511SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1512 {
1513 SSL_CTX *ret=NULL;
1514
1515 if (meth == NULL)
1516 {
1517 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1518 return(NULL);
1519 }
1520
1521 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1522 {
1523 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1524 goto err;
1525 }
1526 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1527 if (ret == NULL)
1528 goto err;
1529
1530 memset(ret,0,sizeof(SSL_CTX));
1531
1532 ret->method=meth;
1533
1534 ret->cert_store=NULL;
1535 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1536 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1537 ret->session_cache_head=NULL;
1538 ret->session_cache_tail=NULL;
1539
1540 /* We take the system default */
1541 ret->session_timeout=meth->get_timeout();
1542
1543 ret->new_session_cb=0;
1544 ret->remove_session_cb=0;
1545 ret->get_session_cb=0;
1546 ret->generate_session_id=0;
1547
1548 memset((char *)&ret->stats,0,sizeof(ret->stats));
1549
1550 ret->references=1;
1551 ret->quiet_shutdown=0;
1552
1553/* ret->cipher=NULL;*/
1554/* ret->s2->challenge=NULL;
1555 ret->master_key=NULL;
1556 ret->key_arg=NULL;
1557 ret->s2->conn_id=NULL; */
1558
1559 ret->info_callback=NULL;
1560
1561 ret->app_verify_callback=0;
1562 ret->app_verify_arg=NULL;
1563
1564 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
1565 ret->read_ahead=0;
1566 ret->msg_callback=0;
1567 ret->msg_callback_arg=NULL;
1568 ret->verify_mode=SSL_VERIFY_NONE;
1569#if 0
1570 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1571#endif
1572 ret->sid_ctx_length=0;
1573 ret->default_verify_callback=NULL;
1574 if ((ret->cert=ssl_cert_new()) == NULL)
1575 goto err;
1576
1577 ret->default_passwd_callback=0;
1578 ret->default_passwd_callback_userdata=NULL;
1579 ret->client_cert_cb=0;
1580 ret->app_gen_cookie_cb=0;
1581 ret->app_verify_cookie_cb=0;
1582
1583 ret->sessions=lh_SSL_SESSION_new();
1584 if (ret->sessions == NULL) goto err;
1585 ret->cert_store=X509_STORE_new();
1586 if (ret->cert_store == NULL) goto err;
1587
1588 ssl_create_cipher_list(ret->method,
1589 &ret->cipher_list,&ret->cipher_list_by_id,
1590 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
1591 if (ret->cipher_list == NULL
1592 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1593 {
1594 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1595 goto err2;
1596 }
1597
1598 ret->param = X509_VERIFY_PARAM_new();
1599 if (!ret->param)
1600 goto err;
1601
1602 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1603 {
1604 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1605 goto err2;
1606 }
1607 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1608 {
1609 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1610 goto err2;
1611 }
1612 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1613 {
1614 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1615 goto err2;
1616 }
1617
1618 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1619 goto err;
1620
1621 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1622
1623 ret->extra_certs=NULL;
1624 ret->comp_methods=SSL_COMP_get_compression_methods();
1625
1626 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1627
1628#ifndef OPENSSL_NO_TLSEXT
1629 ret->tlsext_servername_callback = 0;
1630 ret->tlsext_servername_arg = NULL;
1631 /* Setup RFC4507 ticket keys */
1632 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1633 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1634 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1635 ret->options |= SSL_OP_NO_TICKET;
1636
1637 ret->tlsext_status_cb = 0;
1638 ret->tlsext_status_arg = NULL;
1639
1640#endif
1641#ifndef OPENSSL_NO_PSK
1642 ret->psk_identity_hint=NULL;
1643 ret->psk_client_callback=NULL;
1644 ret->psk_server_callback=NULL;
1645#endif
1646#ifndef OPENSSL_NO_BUF_FREELISTS
1647 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1648 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1649 if (!ret->rbuf_freelist)
1650 goto err;
1651 ret->rbuf_freelist->chunklen = 0;
1652 ret->rbuf_freelist->len = 0;
1653 ret->rbuf_freelist->head = NULL;
1654 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1655 if (!ret->wbuf_freelist)
1656 {
1657 OPENSSL_free(ret->rbuf_freelist);
1658 goto err;
1659 }
1660 ret->wbuf_freelist->chunklen = 0;
1661 ret->wbuf_freelist->len = 0;
1662 ret->wbuf_freelist->head = NULL;
1663#endif
1664#ifndef OPENSSL_NO_ENGINE
1665 ret->client_cert_engine = NULL;
1666#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1667#define eng_strx(x) #x
1668#define eng_str(x) eng_strx(x)
1669 /* Use specific client engine automatically... ignore errors */
1670 {
1671 ENGINE *eng;
1672 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1673 if (!eng)
1674 {
1675 ERR_clear_error();
1676 ENGINE_load_builtin_engines();
1677 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1678 }
1679 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1680 ERR_clear_error();
1681 }
1682#endif
1683#endif
1684 /* Default is to connect to non-RI servers. When RI is more widely
1685 * deployed might change this.
1686 */
1687 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1688
1689 return(ret);
1690err:
1691 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1692err2:
1693 if (ret != NULL) SSL_CTX_free(ret);
1694 return(NULL);
1695 }
1696
1697#if 0
1698static void SSL_COMP_free(SSL_COMP *comp)
1699 { OPENSSL_free(comp); }
1700#endif
1701
1702#ifndef OPENSSL_NO_BUF_FREELISTS
1703static void
1704ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1705 {
1706 SSL3_BUF_FREELIST_ENTRY *ent, *next;
1707 for (ent = list->head; ent; ent = next)
1708 {
1709 next = ent->next;
1710 OPENSSL_free(ent);
1711 }
1712 OPENSSL_free(list);
1713 }
1714#endif
1715
1716void SSL_CTX_free(SSL_CTX *a)
1717 {
1718 int i;
1719
1720 if (a == NULL) return;
1721
1722 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1723#ifdef REF_PRINT
1724 REF_PRINT("SSL_CTX",a);
1725#endif
1726 if (i > 0) return;
1727#ifdef REF_CHECK
1728 if (i < 0)
1729 {
1730 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1731 abort(); /* ok */
1732 }
1733#endif
1734
1735 if (a->param)
1736 X509_VERIFY_PARAM_free(a->param);
1737
1738 /*
1739 * Free internal session cache. However: the remove_cb() may reference
1740 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1741 * after the sessions were flushed.
1742 * As the ex_data handling routines might also touch the session cache,
1743 * the most secure solution seems to be: empty (flush) the cache, then
1744 * free ex_data, then finally free the cache.
1745 * (See ticket [openssl.org #212].)
1746 */
1747 if (a->sessions != NULL)
1748 SSL_CTX_flush_sessions(a,0);
1749
1750 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1751
1752 if (a->sessions != NULL)
1753 lh_SSL_SESSION_free(a->sessions);
1754
1755 if (a->cert_store != NULL)
1756 X509_STORE_free(a->cert_store);
1757 if (a->cipher_list != NULL)
1758 sk_SSL_CIPHER_free(a->cipher_list);
1759 if (a->cipher_list_by_id != NULL)
1760 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1761 if (a->cert != NULL)
1762 ssl_cert_free(a->cert);
1763 if (a->client_CA != NULL)
1764 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1765 if (a->extra_certs != NULL)
1766 sk_X509_pop_free(a->extra_certs,X509_free);
1767#if 0 /* This should never be done, since it removes a global database */
1768 if (a->comp_methods != NULL)
1769 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1770#else
1771 a->comp_methods = NULL;
1772#endif
1773
1774#ifndef OPENSSL_NO_PSK
1775 if (a->psk_identity_hint)
1776 OPENSSL_free(a->psk_identity_hint);
1777#endif
1778#ifndef OPENSSL_NO_ENGINE
1779 if (a->client_cert_engine)
1780 ENGINE_finish(a->client_cert_engine);
1781#endif
1782
1783#ifndef OPENSSL_NO_BUF_FREELISTS
1784 if (a->wbuf_freelist)
1785 ssl_buf_freelist_free(a->wbuf_freelist);
1786 if (a->rbuf_freelist)
1787 ssl_buf_freelist_free(a->rbuf_freelist);
1788#endif
1789
1790 OPENSSL_free(a);
1791 }
1792
1793void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1794 {
1795 ctx->default_passwd_callback=cb;
1796 }
1797
1798void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1799 {
1800 ctx->default_passwd_callback_userdata=u;
1801 }
1802
1803void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
1804 {
1805 ctx->app_verify_callback=cb;
1806 ctx->app_verify_arg=arg;
1807 }
1808
1809void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1810 {
1811 ctx->verify_mode=mode;
1812 ctx->default_verify_callback=cb;
1813 }
1814
1815void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1816 {
1817 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1818 }
1819
1820void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1821 {
1822 CERT_PKEY *cpk;
1823 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1824 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1825 int rsa_tmp_export,dh_tmp_export,kl;
1826 unsigned long mask_k,mask_a,emask_k,emask_a;
1827 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1828#ifndef OPENSSL_NO_ECDH
1829 int have_ecdh_tmp;
1830#endif
1831 X509 *x = NULL;
1832 EVP_PKEY *ecc_pkey = NULL;
1833 int signature_nid = 0;
1834
1835 if (c == NULL) return;
1836
1837 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1838
1839#ifndef OPENSSL_NO_RSA
1840 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1841 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1842 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1843#else
1844 rsa_tmp=rsa_tmp_export=0;
1845#endif
1846#ifndef OPENSSL_NO_DH
1847 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1848 dh_tmp_export=(c->dh_tmp_cb != NULL ||
1849 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1850#else
1851 dh_tmp=dh_tmp_export=0;
1852#endif
1853
1854#ifndef OPENSSL_NO_ECDH
1855 have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
1856#endif
1857 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1858 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
1859 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1860 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1861 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1862 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1863 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1864 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1865 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1866 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1867 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1868/* FIX THIS EAY EAY EAY */
1869 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1870 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1871 cpk= &(c->pkeys[SSL_PKEY_ECC]);
1872 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
1873 mask_k=0;
1874 mask_a=0;
1875 emask_k=0;
1876 emask_a=0;
1877
1878
1879
1880#ifdef CIPHER_DEBUG
1881 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1882 rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
1883 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1884#endif
1885
1886 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
1887 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
1888 mask_k |= SSL_kGOST;
1889 mask_a |= SSL_aGOST01;
1890 }
1891 cpk = &(c->pkeys[SSL_PKEY_GOST94]);
1892 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
1893 mask_k |= SSL_kGOST;
1894 mask_a |= SSL_aGOST94;
1895 }
1896
1897 if (rsa_enc || (rsa_tmp && rsa_sign))
1898 mask_k|=SSL_kRSA;
1899 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1900 emask_k|=SSL_kRSA;
1901
1902#if 0
1903 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1904 if ( (dh_tmp || dh_rsa || dh_dsa) &&
1905 (rsa_enc || rsa_sign || dsa_sign))
1906 mask_k|=SSL_kEDH;
1907 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1908 (rsa_enc || rsa_sign || dsa_sign))
1909 emask_k|=SSL_kEDH;
1910#endif
1911
1912 if (dh_tmp_export)
1913 emask_k|=SSL_kEDH;
1914
1915 if (dh_tmp)
1916 mask_k|=SSL_kEDH;
1917
1918 if (dh_rsa) mask_k|=SSL_kDHr;
1919 if (dh_rsa_export) emask_k|=SSL_kDHr;
1920
1921 if (dh_dsa) mask_k|=SSL_kDHd;
1922 if (dh_dsa_export) emask_k|=SSL_kDHd;
1923
1924 if (rsa_enc || rsa_sign)
1925 {
1926 mask_a|=SSL_aRSA;
1927 emask_a|=SSL_aRSA;
1928 }
1929
1930 if (dsa_sign)
1931 {
1932 mask_a|=SSL_aDSS;
1933 emask_a|=SSL_aDSS;
1934 }
1935
1936 mask_a|=SSL_aNULL;
1937 emask_a|=SSL_aNULL;
1938
1939#ifndef OPENSSL_NO_KRB5
1940 mask_k|=SSL_kKRB5;
1941 mask_a|=SSL_aKRB5;
1942 emask_k|=SSL_kKRB5;
1943 emask_a|=SSL_aKRB5;
1944#endif
1945
1946 /* An ECC certificate may be usable for ECDH and/or
1947 * ECDSA cipher suites depending on the key usage extension.
1948 */
1949 if (have_ecc_cert)
1950 {
1951 /* This call populates extension flags (ex_flags) */
1952 x = (c->pkeys[SSL_PKEY_ECC]).x509;
1953 X509_check_purpose(x, -1, 0);
1954 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
1955 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
1956 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
1957 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
1958 ecc_pkey = X509_get_pubkey(x);
1959 ecc_pkey_size = (ecc_pkey != NULL) ?
1960 EVP_PKEY_bits(ecc_pkey) : 0;
1961 EVP_PKEY_free(ecc_pkey);
1962 if ((x->sig_alg) && (x->sig_alg->algorithm))
1963 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
1964#ifndef OPENSSL_NO_ECDH
1965 if (ecdh_ok)
1966 {
1967 const char *sig = OBJ_nid2ln(signature_nid);
1968 if (sig == NULL)
1969 {
1970 ERR_clear_error();
1971 sig = "unknown";
1972 }
1973
1974 if (strstr(sig, "WithRSA"))
1975 {
1976 mask_k|=SSL_kECDHr;
1977 mask_a|=SSL_aECDH;
1978 if (ecc_pkey_size <= 163)
1979 {
1980 emask_k|=SSL_kECDHr;
1981 emask_a|=SSL_aECDH;
1982 }
1983 }
1984
1985 if (signature_nid == NID_ecdsa_with_SHA1)
1986 {
1987 mask_k|=SSL_kECDHe;
1988 mask_a|=SSL_aECDH;
1989 if (ecc_pkey_size <= 163)
1990 {
1991 emask_k|=SSL_kECDHe;
1992 emask_a|=SSL_aECDH;
1993 }
1994 }
1995 }
1996#endif
1997#ifndef OPENSSL_NO_ECDSA
1998 if (ecdsa_ok)
1999 {
2000 mask_a|=SSL_aECDSA;
2001 emask_a|=SSL_aECDSA;
2002 }
2003#endif
2004 }
2005
2006#ifndef OPENSSL_NO_ECDH
2007 if (have_ecdh_tmp)
2008 {
2009 mask_k|=SSL_kEECDH;
2010 emask_k|=SSL_kEECDH;
2011 }
2012#endif
2013
2014#ifndef OPENSSL_NO_PSK
2015 mask_k |= SSL_kPSK;
2016 mask_a |= SSL_aPSK;
2017 emask_k |= SSL_kPSK;
2018 emask_a |= SSL_aPSK;
2019#endif
2020
2021 c->mask_k=mask_k;
2022 c->mask_a=mask_a;
2023 c->export_mask_k=emask_k;
2024 c->export_mask_a=emask_a;
2025 c->valid=1;
2026 }
2027
2028/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2029#define ku_reject(x, usage) \
2030 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2031
2032#ifndef OPENSSL_NO_EC
2033
2034int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
2035 {
2036 unsigned long alg_k, alg_a;
2037 EVP_PKEY *pkey = NULL;
2038 int keysize = 0;
2039 int signature_nid = 0;
2040
2041 alg_k = cs->algorithm_mkey;
2042 alg_a = cs->algorithm_auth;
2043
2044 if (SSL_C_IS_EXPORT(cs))
2045 {
2046 /* ECDH key length in export ciphers must be <= 163 bits */
2047 pkey = X509_get_pubkey(x);
2048 if (pkey == NULL) return 0;
2049 keysize = EVP_PKEY_bits(pkey);
2050 EVP_PKEY_free(pkey);
2051 if (keysize > 163) return 0;
2052 }
2053
2054 /* This call populates the ex_flags field correctly */
2055 X509_check_purpose(x, -1, 0);
2056 if ((x->sig_alg) && (x->sig_alg->algorithm))
2057 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2058 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
2059 {
2060 /* key usage, if present, must allow key agreement */
2061 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
2062 {
2063 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2064 return 0;
2065 }
2066 if (alg_k & SSL_kECDHe)
2067 {
2068 /* signature alg must be ECDSA */
2069 if (signature_nid != NID_ecdsa_with_SHA1)
2070 {
2071 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2072 return 0;
2073 }
2074 }
2075 if (alg_k & SSL_kECDHr)
2076 {
2077 /* signature alg must be RSA */
2078
2079 const char *sig = OBJ_nid2ln(signature_nid);
2080 if (sig == NULL)
2081 {
2082 ERR_clear_error();
2083 sig = "unknown";
2084 }
2085 if (strstr(sig, "WithRSA") == NULL)
2086 {
2087 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2088 return 0;
2089 }
2090 }
2091 }
2092 if (alg_a & SSL_aECDSA)
2093 {
2094 /* key usage, if present, must allow signing */
2095 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
2096 {
2097 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2098 return 0;
2099 }
2100 }
2101
2102 return 1; /* all checks are ok */
2103 }
2104
2105#endif
2106
2107/* THIS NEEDS CLEANING UP */
2108X509 *ssl_get_server_send_cert(SSL *s)
2109 {
2110 unsigned long alg_k,alg_a,mask_k,mask_a;
2111 CERT *c;
2112 int i,is_export;
2113
2114 c=s->cert;
2115 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2116 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
2117 if (is_export)
2118 {
2119 mask_k = c->export_mask_k;
2120 mask_a = c->export_mask_a;
2121 }
2122 else
2123 {
2124 mask_k = c->mask_k;
2125 mask_a = c->mask_a;
2126 }
2127
2128 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2129 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2130
2131 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2132 {
2133 /* we don't need to look at SSL_kEECDH
2134 * since no certificate is needed for
2135 * anon ECDH and for authenticated
2136 * EECDH, the check for the auth
2137 * algorithm will set i correctly
2138 * NOTE: For ECDH-RSA, we need an ECC
2139 * not an RSA cert but for EECDH-RSA
2140 * we need an RSA cert. Placing the
2141 * checks for SSL_kECDH before RSA
2142 * checks ensures the correct cert is chosen.
2143 */
2144 i=SSL_PKEY_ECC;
2145 }
2146 else if (alg_a & SSL_aECDSA)
2147 {
2148 i=SSL_PKEY_ECC;
2149 }
2150 else if (alg_k & SSL_kDHr)
2151 i=SSL_PKEY_DH_RSA;
2152 else if (alg_k & SSL_kDHd)
2153 i=SSL_PKEY_DH_DSA;
2154 else if (alg_a & SSL_aDSS)
2155 i=SSL_PKEY_DSA_SIGN;
2156 else if (alg_a & SSL_aRSA)
2157 {
2158 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2159 i=SSL_PKEY_RSA_SIGN;
2160 else
2161 i=SSL_PKEY_RSA_ENC;
2162 }
2163 else if (alg_a & SSL_aKRB5)
2164 {
2165 /* VRS something else here? */
2166 return(NULL);
2167 }
2168 else if (alg_a & SSL_aGOST94)
2169 i=SSL_PKEY_GOST94;
2170 else if (alg_a & SSL_aGOST01)
2171 i=SSL_PKEY_GOST01;
2172 else /* if (alg_a & SSL_aNULL) */
2173 {
2174 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
2175 return(NULL);
2176 }
2177 if (c->pkeys[i].x509 == NULL) return(NULL);
2178
2179 return(c->pkeys[i].x509);
2180 }
2181
2182EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
2183 {
2184 unsigned long alg_a;
2185 CERT *c;
2186
2187 alg_a = cipher->algorithm_auth;
2188 c=s->cert;
2189
2190 if ((alg_a & SSL_aDSS) &&
2191 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2192 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
2193 else if (alg_a & SSL_aRSA)
2194 {
2195 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2196 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
2197 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2198 return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
2199 else
2200 return(NULL);
2201 }
2202 else if ((alg_a & SSL_aECDSA) &&
2203 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2204 return(c->pkeys[SSL_PKEY_ECC].privatekey);
2205 else /* if (alg_a & SSL_aNULL) */
2206 {
2207 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
2208 return(NULL);
2209 }
2210 }
2211
2212void ssl_update_cache(SSL *s,int mode)
2213 {
2214 int i;
2215
2216 /* If the session_id_length is 0, we are not supposed to cache it,
2217 * and it would be rather hard to do anyway :-) */
2218 if (s->session->session_id_length == 0) return;
2219
2220 i=s->session_ctx->session_cache_mode;
2221 if ((i & mode) && (!s->hit)
2222 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2223 || SSL_CTX_add_session(s->session_ctx,s->session))
2224 && (s->session_ctx->new_session_cb != NULL))
2225 {
2226 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
2227 if (!s->session_ctx->new_session_cb(s,s->session))
2228 SSL_SESSION_free(s->session);
2229 }
2230
2231 /* auto flush every 255 connections */
2232 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2233 ((i & mode) == mode))
2234 {
2235 if ( (((mode & SSL_SESS_CACHE_CLIENT)
2236 ?s->session_ctx->stats.sess_connect_good
2237 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
2238 {
2239 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2240 }
2241 }
2242 }
2243
2244const SSL_METHOD *SSL_get_ssl_method(SSL *s)
2245 {
2246 return(s->method);
2247 }
2248
2249int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2250 {
2251 int conn= -1;
2252 int ret=1;
2253
2254 if (s->method != meth)
2255 {
2256 if (s->handshake_func != NULL)
2257 conn=(s->handshake_func == s->method->ssl_connect);
2258
2259 if (s->method->version == meth->version)
2260 s->method=meth;
2261 else
2262 {
2263 s->method->ssl_free(s);
2264 s->method=meth;
2265 ret=s->method->ssl_new(s);
2266 }
2267
2268 if (conn == 1)
2269 s->handshake_func=meth->ssl_connect;
2270 else if (conn == 0)
2271 s->handshake_func=meth->ssl_accept;
2272 }
2273 return(ret);
2274 }
2275
2276int SSL_get_error(const SSL *s,int i)
2277 {
2278 int reason;
2279 unsigned long l;
2280 BIO *bio;
2281
2282 if (i > 0) return(SSL_ERROR_NONE);
2283
2284 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2285 * etc, where we do encode the error */
2286 if ((l=ERR_peek_error()) != 0)
2287 {
2288 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2289 return(SSL_ERROR_SYSCALL);
2290 else
2291 return(SSL_ERROR_SSL);
2292 }
2293
2294 if ((i < 0) && SSL_want_read(s))
2295 {
2296 bio=SSL_get_rbio(s);
2297 if (BIO_should_read(bio))
2298 return(SSL_ERROR_WANT_READ);
2299 else if (BIO_should_write(bio))
2300 /* This one doesn't make too much sense ... We never try
2301 * to write to the rbio, and an application program where
2302 * rbio and wbio are separate couldn't even know what it
2303 * should wait for.
2304 * However if we ever set s->rwstate incorrectly
2305 * (so that we have SSL_want_read(s) instead of
2306 * SSL_want_write(s)) and rbio and wbio *are* the same,
2307 * this test works around that bug; so it might be safer
2308 * to keep it. */
2309 return(SSL_ERROR_WANT_WRITE);
2310 else if (BIO_should_io_special(bio))
2311 {
2312 reason=BIO_get_retry_reason(bio);
2313 if (reason == BIO_RR_CONNECT)
2314 return(SSL_ERROR_WANT_CONNECT);
2315 else if (reason == BIO_RR_ACCEPT)
2316 return(SSL_ERROR_WANT_ACCEPT);
2317 else
2318 return(SSL_ERROR_SYSCALL); /* unknown */
2319 }
2320 }
2321
2322 if ((i < 0) && SSL_want_write(s))
2323 {
2324 bio=SSL_get_wbio(s);
2325 if (BIO_should_write(bio))
2326 return(SSL_ERROR_WANT_WRITE);
2327 else if (BIO_should_read(bio))
2328 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2329 return(SSL_ERROR_WANT_READ);
2330 else if (BIO_should_io_special(bio))
2331 {
2332 reason=BIO_get_retry_reason(bio);
2333 if (reason == BIO_RR_CONNECT)
2334 return(SSL_ERROR_WANT_CONNECT);
2335 else if (reason == BIO_RR_ACCEPT)
2336 return(SSL_ERROR_WANT_ACCEPT);
2337 else
2338 return(SSL_ERROR_SYSCALL);
2339 }
2340 }
2341 if ((i < 0) && SSL_want_x509_lookup(s))
2342 {
2343 return(SSL_ERROR_WANT_X509_LOOKUP);
2344 }
2345
2346 if (i == 0)
2347 {
2348 if (s->version == SSL2_VERSION)
2349 {
2350 /* assume it is the socket being closed */
2351 return(SSL_ERROR_ZERO_RETURN);
2352 }
2353 else
2354 {
2355 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2356 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2357 return(SSL_ERROR_ZERO_RETURN);
2358 }
2359 }
2360 return(SSL_ERROR_SYSCALL);
2361 }
2362
2363int SSL_do_handshake(SSL *s)
2364 {
2365 int ret=1;
2366
2367 if (s->handshake_func == NULL)
2368 {
2369 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
2370 return(-1);
2371 }
2372
2373 s->method->ssl_renegotiate_check(s);
2374
2375 if (SSL_in_init(s) || SSL_in_before(s))
2376 {
2377 ret=s->handshake_func(s);
2378 }
2379 return(ret);
2380 }
2381
2382/* For the next 2 functions, SSL_clear() sets shutdown and so
2383 * one of these calls will reset it */
2384void SSL_set_accept_state(SSL *s)
2385 {
2386 s->server=1;
2387 s->shutdown=0;
2388 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
2389 s->handshake_func=s->method->ssl_accept;
2390 /* clear the current cipher */
2391 ssl_clear_cipher_ctx(s);
2392 ssl_clear_hash_ctx(&s->read_hash);
2393 ssl_clear_hash_ctx(&s->write_hash);
2394 }
2395
2396void SSL_set_connect_state(SSL *s)
2397 {
2398 s->server=0;
2399 s->shutdown=0;
2400 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
2401 s->handshake_func=s->method->ssl_connect;
2402 /* clear the current cipher */
2403 ssl_clear_cipher_ctx(s);
2404 ssl_clear_hash_ctx(&s->read_hash);
2405 ssl_clear_hash_ctx(&s->write_hash);
2406 }
2407
2408int ssl_undefined_function(SSL *s)
2409 {
2410 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2411 return(0);
2412 }
2413
2414int ssl_undefined_void_function(void)
2415 {
2416 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2417 return(0);
2418 }
2419
2420int ssl_undefined_const_function(const SSL *s)
2421 {
2422 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2423 return(0);
2424 }
2425
2426SSL_METHOD *ssl_bad_method(int ver)
2427 {
2428 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2429 return(NULL);
2430 }
2431
2432const char *SSL_get_version(const SSL *s)
2433 {
2434 if (s->version == TLS1_VERSION)
2435 return("TLSv1");
2436 else if (s->version == SSL3_VERSION)
2437 return("SSLv3");
2438 else if (s->version == SSL2_VERSION)
2439 return("SSLv2");
2440 else
2441 return("unknown");
2442 }
2443
2444SSL *SSL_dup(SSL *s)
2445 {
2446 STACK_OF(X509_NAME) *sk;
2447 X509_NAME *xn;
2448 SSL *ret;
2449 int i;
2450
2451 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2452 return(NULL);
2453
2454 ret->version = s->version;
2455 ret->type = s->type;
2456 ret->method = s->method;
2457
2458 if (s->session != NULL)
2459 {
2460 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2461 SSL_copy_session_id(ret,s);
2462 }
2463 else
2464 {
2465 /* No session has been established yet, so we have to expect
2466 * that s->cert or ret->cert will be changed later --
2467 * they should not both point to the same object,
2468 * and thus we can't use SSL_copy_session_id. */
2469
2470 ret->method->ssl_free(ret);
2471 ret->method = s->method;
2472 ret->method->ssl_new(ret);
2473
2474 if (s->cert != NULL)
2475 {
2476 if (ret->cert != NULL)
2477 {
2478 ssl_cert_free(ret->cert);
2479 }
2480 ret->cert = ssl_cert_dup(s->cert);
2481 if (ret->cert == NULL)
2482 goto err;
2483 }
2484
2485 SSL_set_session_id_context(ret,
2486 s->sid_ctx, s->sid_ctx_length);
2487 }
2488
2489 ret->options=s->options;
2490 ret->mode=s->mode;
2491 SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
2492 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
2493 ret->msg_callback = s->msg_callback;
2494 ret->msg_callback_arg = s->msg_callback_arg;
2495 SSL_set_verify(ret,SSL_get_verify_mode(s),
2496 SSL_get_verify_callback(s));
2497 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
2498 ret->generate_session_id = s->generate_session_id;
2499
2500 SSL_set_info_callback(ret,SSL_get_info_callback(s));
2501
2502 ret->debug=s->debug;
2503
2504 /* copy app data, a little dangerous perhaps */
2505 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
2506 goto err;
2507
2508 /* setup rbio, and wbio */
2509 if (s->rbio != NULL)
2510 {
2511 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2512 goto err;
2513 }
2514 if (s->wbio != NULL)
2515 {
2516 if (s->wbio != s->rbio)
2517 {
2518 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2519 goto err;
2520 }
2521 else
2522 ret->wbio=ret->rbio;
2523 }
2524 ret->rwstate = s->rwstate;
2525 ret->in_handshake = s->in_handshake;
2526 ret->handshake_func = s->handshake_func;
2527 ret->server = s->server;
2528 ret->new_session = s->new_session;
2529 ret->quiet_shutdown = s->quiet_shutdown;
2530 ret->shutdown=s->shutdown;
2531 ret->state=s->state; /* SSL_dup does not really work at any state, though */
2532 ret->rstate=s->rstate;
2533 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
2534 ret->hit=s->hit;
2535
2536 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2537
2538 /* dup the cipher_list and cipher_list_by_id stacks */
2539 if (s->cipher_list != NULL)
2540 {
2541 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2542 goto err;
2543 }
2544 if (s->cipher_list_by_id != NULL)
2545 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
2546 == NULL)
2547 goto err;
2548
2549 /* Dup the client_CA list */
2550 if (s->client_CA != NULL)
2551 {
2552 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2553 ret->client_CA=sk;
2554 for (i=0; i<sk_X509_NAME_num(sk); i++)
2555 {
2556 xn=sk_X509_NAME_value(sk,i);
2557 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
2558 {
2559 X509_NAME_free(xn);
2560 goto err;
2561 }
2562 }
2563 }
2564
2565 if (0)
2566 {
2567err:
2568 if (ret != NULL) SSL_free(ret);
2569 ret=NULL;
2570 }
2571 return(ret);
2572 }
2573
2574void ssl_clear_cipher_ctx(SSL *s)
2575 {
2576 if (s->enc_read_ctx != NULL)
2577 {
2578 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2579 OPENSSL_free(s->enc_read_ctx);
2580 s->enc_read_ctx=NULL;
2581 }
2582 if (s->enc_write_ctx != NULL)
2583 {
2584 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2585 OPENSSL_free(s->enc_write_ctx);
2586 s->enc_write_ctx=NULL;
2587 }
2588#ifndef OPENSSL_NO_COMP
2589 if (s->expand != NULL)
2590 {
2591 COMP_CTX_free(s->expand);
2592 s->expand=NULL;
2593 }
2594 if (s->compress != NULL)
2595 {
2596 COMP_CTX_free(s->compress);
2597 s->compress=NULL;
2598 }
2599#endif
2600 }
2601
2602/* Fix this function so that it takes an optional type parameter */
2603X509 *SSL_get_certificate(const SSL *s)
2604 {
2605 if (s->cert != NULL)
2606 return(s->cert->key->x509);
2607 else
2608 return(NULL);
2609 }
2610
2611/* Fix this function so that it takes an optional type parameter */
2612EVP_PKEY *SSL_get_privatekey(SSL *s)
2613 {
2614 if (s->cert != NULL)
2615 return(s->cert->key->privatekey);
2616 else
2617 return(NULL);
2618 }
2619
2620const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
2621 {
2622 if ((s->session != NULL) && (s->session->cipher != NULL))
2623 return(s->session->cipher);
2624 return(NULL);
2625 }
2626#ifdef OPENSSL_NO_COMP
2627const void *SSL_get_current_compression(SSL *s)
2628 {
2629 return NULL;
2630 }
2631const void *SSL_get_current_expansion(SSL *s)
2632 {
2633 return NULL;
2634 }
2635#else
2636
2637const COMP_METHOD *SSL_get_current_compression(SSL *s)
2638 {
2639 if (s->compress != NULL)
2640 return(s->compress->meth);
2641 return(NULL);
2642 }
2643
2644const COMP_METHOD *SSL_get_current_expansion(SSL *s)
2645 {
2646 if (s->expand != NULL)
2647 return(s->expand->meth);
2648 return(NULL);
2649 }
2650#endif
2651
2652int ssl_init_wbio_buffer(SSL *s,int push)
2653 {
2654 BIO *bbio;
2655
2656 if (s->bbio == NULL)
2657 {
2658 bbio=BIO_new(BIO_f_buffer());
2659 if (bbio == NULL) return(0);
2660 s->bbio=bbio;
2661 }
2662 else
2663 {
2664 bbio=s->bbio;
2665 if (s->bbio == s->wbio)
2666 s->wbio=BIO_pop(s->wbio);
2667 }
2668 (void)BIO_reset(bbio);
2669/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2670 if (!BIO_set_read_buffer_size(bbio,1))
2671 {
2672 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
2673 return(0);
2674 }
2675 if (push)
2676 {
2677 if (s->wbio != bbio)
2678 s->wbio=BIO_push(bbio,s->wbio);
2679 }
2680 else
2681 {
2682 if (s->wbio == bbio)
2683 s->wbio=BIO_pop(bbio);
2684 }
2685 return(1);
2686 }
2687
2688void ssl_free_wbio_buffer(SSL *s)
2689 {
2690 if (s->bbio == NULL) return;
2691
2692 if (s->bbio == s->wbio)
2693 {
2694 /* remove buffering */
2695 s->wbio=BIO_pop(s->wbio);
2696#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2697 assert(s->wbio != NULL);
2698#endif
2699 }
2700 BIO_free(s->bbio);
2701 s->bbio=NULL;
2702 }
2703
2704void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2705 {
2706 ctx->quiet_shutdown=mode;
2707 }
2708
2709int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2710 {
2711 return(ctx->quiet_shutdown);
2712 }
2713
2714void SSL_set_quiet_shutdown(SSL *s,int mode)
2715 {
2716 s->quiet_shutdown=mode;
2717 }
2718
2719int SSL_get_quiet_shutdown(const SSL *s)
2720 {
2721 return(s->quiet_shutdown);
2722 }
2723
2724void SSL_set_shutdown(SSL *s,int mode)
2725 {
2726 s->shutdown=mode;
2727 }
2728
2729int SSL_get_shutdown(const SSL *s)
2730 {
2731 return(s->shutdown);
2732 }
2733
2734int SSL_version(const SSL *s)
2735 {
2736 return(s->version);
2737 }
2738
2739SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
2740 {
2741 return(ssl->ctx);
2742 }
2743
2744SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2745 {
2746 if (ssl->ctx == ctx)
2747 return ssl->ctx;
2748#ifndef OPENSSL_NO_TLSEXT
2749 if (ctx == NULL)
2750 ctx = ssl->initial_ctx;
2751#endif
2752 if (ssl->cert != NULL)
2753 ssl_cert_free(ssl->cert);
2754 ssl->cert = ssl_cert_dup(ctx->cert);
2755 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
2756 if (ssl->ctx != NULL)
2757 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2758 ssl->ctx = ctx;
2759 return(ssl->ctx);
2760 }
2761
2762#ifndef OPENSSL_NO_STDIO
2763int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2764 {
2765 return(X509_STORE_set_default_paths(ctx->cert_store));
2766 }
2767
2768int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2769 const char *CApath)
2770 {
2771 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
2772 }
2773#endif
2774
2775void SSL_set_info_callback(SSL *ssl,
2776 void (*cb)(const SSL *ssl,int type,int val))
2777 {
2778 ssl->info_callback=cb;
2779 }
2780
2781/* One compiler (Diab DCC) doesn't like argument names in returned
2782 function pointer. */
2783void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2784 {
2785 return ssl->info_callback;
2786 }
2787
2788int SSL_state(const SSL *ssl)
2789 {
2790 return(ssl->state);
2791 }
2792
2793void SSL_set_verify_result(SSL *ssl,long arg)
2794 {
2795 ssl->verify_result=arg;
2796 }
2797
2798long SSL_get_verify_result(const SSL *ssl)
2799 {
2800 return(ssl->verify_result);
2801 }
2802
2803int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2804 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2805 {
2806 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2807 new_func, dup_func, free_func);
2808 }
2809
2810int SSL_set_ex_data(SSL *s,int idx,void *arg)
2811 {
2812 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2813 }
2814
2815void *SSL_get_ex_data(const SSL *s,int idx)
2816 {
2817 return(CRYPTO_get_ex_data(&s->ex_data,idx));
2818 }
2819
2820int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2821 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2822 {
2823 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2824 new_func, dup_func, free_func);
2825 }
2826
2827int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
2828 {
2829 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2830 }
2831
2832void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
2833 {
2834 return(CRYPTO_get_ex_data(&s->ex_data,idx));
2835 }
2836
2837int ssl_ok(SSL *s)
2838 {
2839 return(1);
2840 }
2841
2842X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
2843 {
2844 return(ctx->cert_store);
2845 }
2846
2847void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
2848 {
2849 if (ctx->cert_store != NULL)
2850 X509_STORE_free(ctx->cert_store);
2851 ctx->cert_store=store;
2852 }
2853
2854int SSL_want(const SSL *s)
2855 {
2856 return(s->rwstate);
2857 }
2858
2859/*!
2860 * \brief Set the callback for generating temporary RSA keys.
2861 * \param ctx the SSL context.
2862 * \param cb the callback
2863 */
2864
2865#ifndef OPENSSL_NO_RSA
2866void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
2867 int is_export,
2868 int keylength))
2869 {
2870 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2871 }
2872
2873void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
2874 int is_export,
2875 int keylength))
2876 {
2877 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2878 }
2879#endif
2880
2881#ifdef DOXYGEN
2882/*!
2883 * \brief The RSA temporary key callback function.
2884 * \param ssl the SSL session.
2885 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
2886 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
2887 * of the required key in bits.
2888 * \return the temporary RSA key.
2889 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
2890 */
2891
2892RSA *cb(SSL *ssl,int is_export,int keylength)
2893 {}
2894#endif
2895
2896/*!
2897 * \brief Set the callback for generating temporary DH keys.
2898 * \param ctx the SSL context.
2899 * \param dh the callback
2900 */
2901
2902#ifndef OPENSSL_NO_DH
2903void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
2904 int keylength))
2905 {
2906 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2907 }
2908
2909void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2910 int keylength))
2911 {
2912 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2913 }
2914#endif
2915
2916#ifndef OPENSSL_NO_ECDH
2917void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2918 int keylength))
2919 {
2920 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2921 }
2922
2923void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2924 int keylength))
2925 {
2926 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2927 }
2928#endif
2929
2930#ifndef OPENSSL_NO_PSK
2931int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
2932 {
2933 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
2934 {
2935 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
2936 return 0;
2937 }
2938 if (ctx->psk_identity_hint != NULL)
2939 OPENSSL_free(ctx->psk_identity_hint);
2940 if (identity_hint != NULL)
2941 {
2942 ctx->psk_identity_hint = BUF_strdup(identity_hint);
2943 if (ctx->psk_identity_hint == NULL)
2944 return 0;
2945 }
2946 else
2947 ctx->psk_identity_hint = NULL;
2948 return 1;
2949 }
2950
2951int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
2952 {
2953 if (s == NULL)
2954 return 0;
2955
2956 if (s->session == NULL)
2957 return 1; /* session not created yet, ignored */
2958
2959 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
2960 {
2961 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
2962 return 0;
2963 }
2964 if (s->session->psk_identity_hint != NULL)
2965 OPENSSL_free(s->session->psk_identity_hint);
2966 if (identity_hint != NULL)
2967 {
2968 s->session->psk_identity_hint = BUF_strdup(identity_hint);
2969 if (s->session->psk_identity_hint == NULL)
2970 return 0;
2971 }
2972 else
2973 s->session->psk_identity_hint = NULL;
2974 return 1;
2975 }
2976
2977const char *SSL_get_psk_identity_hint(const SSL *s)
2978 {
2979 if (s == NULL || s->session == NULL)
2980 return NULL;
2981 return(s->session->psk_identity_hint);
2982 }
2983
2984const char *SSL_get_psk_identity(const SSL *s)
2985 {
2986 if (s == NULL || s->session == NULL)
2987 return NULL;
2988 return(s->session->psk_identity);
2989 }
2990
2991void SSL_set_psk_client_callback(SSL *s,
2992 unsigned int (*cb)(SSL *ssl, const char *hint,
2993 char *identity, unsigned int max_identity_len, unsigned char *psk,
2994 unsigned int max_psk_len))
2995 {
2996 s->psk_client_callback = cb;
2997 }
2998
2999void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3000 unsigned int (*cb)(SSL *ssl, const char *hint,
3001 char *identity, unsigned int max_identity_len, unsigned char *psk,
3002 unsigned int max_psk_len))
3003 {
3004 ctx->psk_client_callback = cb;
3005 }
3006
3007void SSL_set_psk_server_callback(SSL *s,
3008 unsigned int (*cb)(SSL *ssl, const char *identity,
3009 unsigned char *psk, unsigned int max_psk_len))
3010 {
3011 s->psk_server_callback = cb;
3012 }
3013
3014void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3015 unsigned int (*cb)(SSL *ssl, const char *identity,
3016 unsigned char *psk, unsigned int max_psk_len))
3017 {
3018 ctx->psk_server_callback = cb;
3019 }
3020#endif
3021
3022void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3023 {
3024 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3025 }
3026void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3027 {
3028 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3029 }
3030
3031/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3032 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
3033 * any. If EVP_MD pointer is passed, initializes ctx with this md
3034 * Returns newly allocated ctx;
3035 */
3036
3037EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
3038{
3039 ssl_clear_hash_ctx(hash);
3040 *hash = EVP_MD_CTX_create();
3041 if (md) EVP_DigestInit_ex(*hash,md,NULL);
3042 return *hash;
3043}
3044void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3045{
3046
3047 if (*hash) EVP_MD_CTX_destroy(*hash);
3048 *hash=NULL;
3049}
3050
3051#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
3052#include "../crypto/bio/bss_file.c"
3053#endif
3054
3055IMPLEMENT_STACK_OF(SSL_CIPHER)
3056IMPLEMENT_STACK_OF(SSL_COMP)
3057IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3058 ssl_cipher_id);
3059
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index 4c78393f3f..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,1078 +0,0 @@
1/* ssl/ssl_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_LOCL_H
144#define HEADER_SSL_LOCL_H
145#include <stdlib.h>
146#include <time.h>
147#include <string.h>
148#include <errno.h>
149
150#include "e_os.h"
151
152#include <openssl/buffer.h>
153#ifndef OPENSSL_NO_COMP
154#include <openssl/comp.h>
155#endif
156#include <openssl/bio.h>
157#include <openssl/stack.h>
158#ifndef OPENSSL_NO_RSA
159#include <openssl/rsa.h>
160#endif
161#ifndef OPENSSL_NO_DSA
162#include <openssl/dsa.h>
163#endif
164#include <openssl/err.h>
165#include <openssl/ssl.h>
166#include <openssl/symhacks.h>
167
168#ifdef OPENSSL_BUILD_SHLIBSSL
169# undef OPENSSL_EXTERN
170# define OPENSSL_EXTERN OPENSSL_EXPORT
171#endif
172
173#define PKCS1_CHECK
174
175#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
176 l|=(((unsigned long)(*((c)++)))<< 8), \
177 l|=(((unsigned long)(*((c)++)))<<16), \
178 l|=(((unsigned long)(*((c)++)))<<24))
179
180/* NOTE - c is not incremented as per c2l */
181#define c2ln(c,l1,l2,n) { \
182 c+=n; \
183 l1=l2=0; \
184 switch (n) { \
185 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
186 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
187 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
188 case 5: l2|=((unsigned long)(*(--(c)))); \
189 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
190 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
191 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
192 case 1: l1|=((unsigned long)(*(--(c)))); \
193 } \
194 }
195
196#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
197 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
198 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
199 *((c)++)=(unsigned char)(((l)>>24)&0xff))
200
201#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
202 l|=((unsigned long)(*((c)++)))<<16, \
203 l|=((unsigned long)(*((c)++)))<< 8, \
204 l|=((unsigned long)(*((c)++))))
205
206#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
207 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
208 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
209 *((c)++)=(unsigned char)(((l) )&0xff))
210
211#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
212 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
213 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
214 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
215 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
216 *((c)++)=(unsigned char)(((l) )&0xff))
217
218#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
219 l|=((BN_ULLONG)(*((c)++)))<<32, \
220 l|=((BN_ULLONG)(*((c)++)))<<24, \
221 l|=((BN_ULLONG)(*((c)++)))<<16, \
222 l|=((BN_ULLONG)(*((c)++)))<< 8, \
223 l|=((BN_ULLONG)(*((c)++))))
224
225/* NOTE - c is not incremented as per l2c */
226#define l2cn(l1,l2,c,n) { \
227 c+=n; \
228 switch (n) { \
229 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
230 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
231 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
232 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
233 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
234 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
235 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
236 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
237 } \
238 }
239
240#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
241 (((unsigned int)(c[1])) )),c+=2)
242#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
243 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
244
245#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
246 (((unsigned long)(c[1]))<< 8)| \
247 (((unsigned long)(c[2])) )),c+=3)
248
249#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
250 c[1]=(unsigned char)(((l)>> 8)&0xff), \
251 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
252
253/* LOCAL STUFF */
254
255#define SSL_DECRYPT 0
256#define SSL_ENCRYPT 1
257
258#define TWO_BYTE_BIT 0x80
259#define SEC_ESC_BIT 0x40
260#define TWO_BYTE_MASK 0x7fff
261#define THREE_BYTE_MASK 0x3fff
262
263#define INC32(a) ((a)=((a)+1)&0xffffffffL)
264#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
265#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
266
267/*
268 * Define the Bitmasks for SSL_CIPHER.algorithms.
269 * This bits are used packed as dense as possible. If new methods/ciphers
270 * etc will be added, the bits a likely to change, so this information
271 * is for internal library use only, even though SSL_CIPHER.algorithms
272 * can be publicly accessed.
273 * Use the according functions for cipher management instead.
274 *
275 * The bit mask handling in the selection and sorting scheme in
276 * ssl_create_cipher_list() has only limited capabilities, reflecting
277 * that the different entities within are mutually exclusive:
278 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
279 */
280
281/* Bits for algorithm_mkey (key exchange algorithm) */
282#define SSL_kRSA 0x00000001L /* RSA key exchange */
283#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
284#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
285#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
286#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
287#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
288#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
289#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
290#define SSL_kPSK 0x00000100L /* PSK */
291#define SSL_kGOST 0x00000200L /* GOST key exchange */
292
293/* Bits for algorithm_auth (server authentication) */
294#define SSL_aRSA 0x00000001L /* RSA auth */
295#define SSL_aDSS 0x00000002L /* DSS auth */
296#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
297#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
298#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
299#define SSL_aKRB5 0x00000020L /* KRB5 auth */
300#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
301#define SSL_aPSK 0x00000080L /* PSK auth */
302#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
303#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
304
305
306/* Bits for algorithm_enc (symmetric encryption) */
307#define SSL_DES 0x00000001L
308#define SSL_3DES 0x00000002L
309#define SSL_RC4 0x00000004L
310#define SSL_RC2 0x00000008L
311#define SSL_IDEA 0x00000010L
312#define SSL_eNULL 0x00000020L
313#define SSL_AES128 0x00000040L
314#define SSL_AES256 0x00000080L
315#define SSL_CAMELLIA128 0x00000100L
316#define SSL_CAMELLIA256 0x00000200L
317#define SSL_eGOST2814789CNT 0x00000400L
318#define SSL_SEED 0x00000800L
319
320#define SSL_AES (SSL_AES128|SSL_AES256)
321#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
322
323
324/* Bits for algorithm_mac (symmetric authentication) */
325#define SSL_MD5 0x00000001L
326#define SSL_SHA1 0x00000002L
327#define SSL_GOST94 0x00000004L
328#define SSL_GOST89MAC 0x00000008L
329
330/* Bits for algorithm_ssl (protocol version) */
331#define SSL_SSLV2 0x00000001L
332#define SSL_SSLV3 0x00000002L
333#define SSL_TLSV1 SSL_SSLV3 /* for now */
334
335
336/* Bits for algorithm2 (handshake digests and other extra flags) */
337
338#define SSL_HANDSHAKE_MAC_MD5 0x10
339#define SSL_HANDSHAKE_MAC_SHA 0x20
340#define SSL_HANDSHAKE_MAC_GOST94 0x40
341#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
342
343/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
344 * make sure to update this constant too */
345#define SSL_MAX_DIGEST 4
346
347#define TLS1_PRF_DGST_SHIFT 8
348#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
349#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
350#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
351#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
352
353/* Stream MAC for GOST ciphersuites from cryptopro draft
354 * (currently this also goes into algorithm2) */
355#define TLS1_STREAM_MAC 0x04
356
357
358
359/*
360 * Export and cipher strength information. For each cipher we have to decide
361 * whether it is exportable or not. This information is likely to change
362 * over time, since the export control rules are no static technical issue.
363 *
364 * Independent of the export flag the cipher strength is sorted into classes.
365 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
366 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
367 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
368 * since SSL_EXP64 could be similar to SSL_LOW.
369 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
370 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
371 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
372 * be possible.
373 */
374#define SSL_EXP_MASK 0x00000003L
375#define SSL_STRONG_MASK 0x000001fcL
376
377#define SSL_NOT_EXP 0x00000001L
378#define SSL_EXPORT 0x00000002L
379
380#define SSL_STRONG_NONE 0x00000004L
381#define SSL_EXP40 0x00000008L
382#define SSL_MICRO (SSL_EXP40)
383#define SSL_EXP56 0x00000010L
384#define SSL_MINI (SSL_EXP56)
385#define SSL_LOW 0x00000020L
386#define SSL_MEDIUM 0x00000040L
387#define SSL_HIGH 0x00000080L
388#define SSL_FIPS 0x00000100L
389
390/* we have used 000001ff - 23 bits left to go */
391
392/*
393 * Macros to check the export status and cipher strength for export ciphers.
394 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
395 * their meaning is different:
396 * *_EXPORT macros check the 'exportable' status.
397 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
398 * is given.
399 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
400 * algorithm structure element to be passed (algorithms, algo_strength) and no
401 * typechecking can be done as they are all of type unsigned long, their
402 * direct usage is discouraged.
403 * Use the SSL_C_* macros instead.
404 */
405#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
406#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
407#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
408#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
409#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
410#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
411
412#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
413 (a) == SSL_DES ? 8 : 7)
414#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
415#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
416 (c)->algo_strength)
417#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
418
419
420
421
422/* Mostly for SSLv3 */
423#define SSL_PKEY_RSA_ENC 0
424#define SSL_PKEY_RSA_SIGN 1
425#define SSL_PKEY_DSA_SIGN 2
426#define SSL_PKEY_DH_RSA 3
427#define SSL_PKEY_DH_DSA 4
428#define SSL_PKEY_ECC 5
429#define SSL_PKEY_GOST94 6
430#define SSL_PKEY_GOST01 7
431#define SSL_PKEY_NUM 8
432
433/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
434 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
435 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
436 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
437 * SSL_aRSA <- RSA_ENC | RSA_SIGN
438 * SSL_aDSS <- DSA_SIGN
439 */
440
441/*
442#define CERT_INVALID 0
443#define CERT_PUBLIC_KEY 1
444#define CERT_PRIVATE_KEY 2
445*/
446
447#ifndef OPENSSL_NO_EC
448/* From ECC-TLS draft, used in encoding the curve type in
449 * ECParameters
450 */
451#define EXPLICIT_PRIME_CURVE_TYPE 1
452#define EXPLICIT_CHAR2_CURVE_TYPE 2
453#define NAMED_CURVE_TYPE 3
454#endif /* OPENSSL_NO_EC */
455
456typedef struct cert_pkey_st
457 {
458 X509 *x509;
459 EVP_PKEY *privatekey;
460 } CERT_PKEY;
461
462typedef struct cert_st
463 {
464 /* Current active set */
465 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
466 * Probably it would make more sense to store
467 * an index, not a pointer. */
468
469 /* The following masks are for the key and auth
470 * algorithms that are supported by the certs below */
471 int valid;
472 unsigned long mask_k;
473 unsigned long mask_a;
474 unsigned long export_mask_k;
475 unsigned long export_mask_a;
476#ifndef OPENSSL_NO_RSA
477 RSA *rsa_tmp;
478 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
479#endif
480#ifndef OPENSSL_NO_DH
481 DH *dh_tmp;
482 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
483#endif
484#ifndef OPENSSL_NO_ECDH
485 EC_KEY *ecdh_tmp;
486 /* Callback for generating ephemeral ECDH keys */
487 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
488#endif
489
490 CERT_PKEY pkeys[SSL_PKEY_NUM];
491
492 int references; /* >1 only if SSL_copy_session_id is used */
493 } CERT;
494
495
496typedef struct sess_cert_st
497 {
498 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
499
500 /* The 'peer_...' members are used only by clients. */
501 int peer_cert_type;
502
503 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
504 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
505 /* Obviously we don't have the private keys of these,
506 * so maybe we shouldn't even use the CERT_PKEY type here. */
507
508#ifndef OPENSSL_NO_RSA
509 RSA *peer_rsa_tmp; /* not used for SSL 2 */
510#endif
511#ifndef OPENSSL_NO_DH
512 DH *peer_dh_tmp; /* not used for SSL 2 */
513#endif
514#ifndef OPENSSL_NO_ECDH
515 EC_KEY *peer_ecdh_tmp;
516#endif
517
518 int references; /* actually always 1 at the moment */
519 } SESS_CERT;
520
521
522/*#define MAC_DEBUG */
523
524/*#define ERR_DEBUG */
525/*#define ABORT_DEBUG */
526/*#define PKT_DEBUG 1 */
527/*#define DES_DEBUG */
528/*#define DES_OFB_DEBUG */
529/*#define SSL_DEBUG */
530/*#define RSA_DEBUG */
531/*#define IDEA_DEBUG */
532
533#define FP_ICC (int (*)(const void *,const void *))
534#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
535 ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
536#define ssl_get_cipher_by_char(ssl,ptr) \
537 ((ssl)->method->get_cipher_by_char(ptr))
538
539/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
540 * It is a bit of a mess of functions, but hell, think of it as
541 * an opaque structure :-) */
542typedef struct ssl3_enc_method
543 {
544 int (*enc)(SSL *, int);
545 int (*mac)(SSL *, unsigned char *, int);
546 int (*setup_key_block)(SSL *);
547 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
548 int (*change_cipher_state)(SSL *, int);
549 int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
550 int finish_mac_length;
551 int (*cert_verify_mac)(SSL *, int, unsigned char *);
552 const char *client_finished_label;
553 int client_finished_label_len;
554 const char *server_finished_label;
555 int server_finished_label_len;
556 int (*alert_value)(int);
557 } SSL3_ENC_METHOD;
558
559#ifndef OPENSSL_NO_COMP
560/* Used for holding the relevant compression methods loaded into SSL_CTX */
561typedef struct ssl3_comp_st
562 {
563 int comp_id; /* The identifier byte for this compression type */
564 char *name; /* Text name used for the compression type */
565 COMP_METHOD *method; /* The method :-) */
566 } SSL3_COMP;
567#endif
568
569#ifndef OPENSSL_NO_BUF_FREELISTS
570typedef struct ssl3_buf_freelist_st
571 {
572 size_t chunklen;
573 unsigned int len;
574 struct ssl3_buf_freelist_entry_st *head;
575 } SSL3_BUF_FREELIST;
576
577typedef struct ssl3_buf_freelist_entry_st
578 {
579 struct ssl3_buf_freelist_entry_st *next;
580 } SSL3_BUF_FREELIST_ENTRY;
581#endif
582
583extern SSL3_ENC_METHOD ssl3_undef_enc_method;
584OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
585OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
586
587
588SSL_METHOD *ssl_bad_method(int ver);
589
590extern SSL3_ENC_METHOD TLSv1_enc_data;
591extern SSL3_ENC_METHOD SSLv3_enc_data;
592extern SSL3_ENC_METHOD DTLSv1_enc_data;
593
594#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
595const SSL_METHOD *func_name(void) \
596 { \
597 static const SSL_METHOD func_name##_data= { \
598 TLS1_VERSION, \
599 tls1_new, \
600 tls1_clear, \
601 tls1_free, \
602 s_accept, \
603 s_connect, \
604 ssl3_read, \
605 ssl3_peek, \
606 ssl3_write, \
607 ssl3_shutdown, \
608 ssl3_renegotiate, \
609 ssl3_renegotiate_check, \
610 ssl3_get_message, \
611 ssl3_read_bytes, \
612 ssl3_write_bytes, \
613 ssl3_dispatch_alert, \
614 ssl3_ctrl, \
615 ssl3_ctx_ctrl, \
616 ssl3_get_cipher_by_char, \
617 ssl3_put_cipher_by_char, \
618 ssl3_pending, \
619 ssl3_num_ciphers, \
620 ssl3_get_cipher, \
621 s_get_meth, \
622 tls1_default_timeout, \
623 &TLSv1_enc_data, \
624 ssl_undefined_void_function, \
625 ssl3_callback_ctrl, \
626 ssl3_ctx_callback_ctrl, \
627 }; \
628 return &func_name##_data; \
629 }
630
631#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
632const SSL_METHOD *func_name(void) \
633 { \
634 static const SSL_METHOD func_name##_data= { \
635 SSL3_VERSION, \
636 ssl3_new, \
637 ssl3_clear, \
638 ssl3_free, \
639 s_accept, \
640 s_connect, \
641 ssl3_read, \
642 ssl3_peek, \
643 ssl3_write, \
644 ssl3_shutdown, \
645 ssl3_renegotiate, \
646 ssl3_renegotiate_check, \
647 ssl3_get_message, \
648 ssl3_read_bytes, \
649 ssl3_write_bytes, \
650 ssl3_dispatch_alert, \
651 ssl3_ctrl, \
652 ssl3_ctx_ctrl, \
653 ssl3_get_cipher_by_char, \
654 ssl3_put_cipher_by_char, \
655 ssl3_pending, \
656 ssl3_num_ciphers, \
657 ssl3_get_cipher, \
658 s_get_meth, \
659 ssl3_default_timeout, \
660 &SSLv3_enc_data, \
661 ssl_undefined_void_function, \
662 ssl3_callback_ctrl, \
663 ssl3_ctx_callback_ctrl, \
664 }; \
665 return &func_name##_data; \
666 }
667
668#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
669const SSL_METHOD *func_name(void) \
670 { \
671 static const SSL_METHOD func_name##_data= { \
672 TLS1_VERSION, \
673 tls1_new, \
674 tls1_clear, \
675 tls1_free, \
676 s_accept, \
677 s_connect, \
678 ssl23_read, \
679 ssl23_peek, \
680 ssl23_write, \
681 ssl_undefined_function, \
682 ssl_undefined_function, \
683 ssl_ok, \
684 ssl3_get_message, \
685 ssl3_read_bytes, \
686 ssl3_write_bytes, \
687 ssl3_dispatch_alert, \
688 ssl3_ctrl, \
689 ssl3_ctx_ctrl, \
690 ssl23_get_cipher_by_char, \
691 ssl23_put_cipher_by_char, \
692 ssl_undefined_const_function, \
693 ssl23_num_ciphers, \
694 ssl23_get_cipher, \
695 s_get_meth, \
696 ssl23_default_timeout, \
697 &ssl3_undef_enc_method, \
698 ssl_undefined_void_function, \
699 ssl3_callback_ctrl, \
700 ssl3_ctx_callback_ctrl, \
701 }; \
702 return &func_name##_data; \
703 }
704
705#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
706const SSL_METHOD *func_name(void) \
707 { \
708 static const SSL_METHOD func_name##_data= { \
709 SSL2_VERSION, \
710 ssl2_new, /* local */ \
711 ssl2_clear, /* local */ \
712 ssl2_free, /* local */ \
713 s_accept, \
714 s_connect, \
715 ssl2_read, \
716 ssl2_peek, \
717 ssl2_write, \
718 ssl2_shutdown, \
719 ssl_ok, /* NULL - renegotiate */ \
720 ssl_ok, /* NULL - check renegotiate */ \
721 NULL, /* NULL - ssl_get_message */ \
722 NULL, /* NULL - ssl_get_record */ \
723 NULL, /* NULL - ssl_write_bytes */ \
724 NULL, /* NULL - dispatch_alert */ \
725 ssl2_ctrl, /* local */ \
726 ssl2_ctx_ctrl, /* local */ \
727 ssl2_get_cipher_by_char, \
728 ssl2_put_cipher_by_char, \
729 ssl2_pending, \
730 ssl2_num_ciphers, \
731 ssl2_get_cipher, \
732 s_get_meth, \
733 ssl2_default_timeout, \
734 &ssl3_undef_enc_method, \
735 ssl_undefined_void_function, \
736 ssl2_callback_ctrl, /* local */ \
737 ssl2_ctx_callback_ctrl, /* local */ \
738 }; \
739 return &func_name##_data; \
740 }
741
742#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
743const SSL_METHOD *func_name(void) \
744 { \
745 static const SSL_METHOD func_name##_data= { \
746 DTLS1_VERSION, \
747 dtls1_new, \
748 dtls1_clear, \
749 dtls1_free, \
750 s_accept, \
751 s_connect, \
752 ssl3_read, \
753 ssl3_peek, \
754 ssl3_write, \
755 ssl3_shutdown, \
756 ssl3_renegotiate, \
757 ssl3_renegotiate_check, \
758 dtls1_get_message, \
759 dtls1_read_bytes, \
760 dtls1_write_app_data_bytes, \
761 dtls1_dispatch_alert, \
762 dtls1_ctrl, \
763 ssl3_ctx_ctrl, \
764 ssl3_get_cipher_by_char, \
765 ssl3_put_cipher_by_char, \
766 ssl3_pending, \
767 ssl3_num_ciphers, \
768 dtls1_get_cipher, \
769 s_get_meth, \
770 dtls1_default_timeout, \
771 &DTLSv1_enc_data, \
772 ssl_undefined_void_function, \
773 ssl3_callback_ctrl, \
774 ssl3_ctx_callback_ctrl, \
775 }; \
776 return &func_name##_data; \
777 }
778
779void ssl_clear_cipher_ctx(SSL *s);
780int ssl_clear_bad_session(SSL *s);
781CERT *ssl_cert_new(void);
782CERT *ssl_cert_dup(CERT *cert);
783int ssl_cert_inst(CERT **o);
784void ssl_cert_free(CERT *c);
785SESS_CERT *ssl_sess_cert_new(void);
786void ssl_sess_cert_free(SESS_CERT *sc);
787int ssl_set_peer_cert_type(SESS_CERT *c, int type);
788int ssl_get_new_session(SSL *s, int session);
789int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
790int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
791DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
792 ssl_cipher_id);
793int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
794 const SSL_CIPHER * const *bp);
795STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
796 STACK_OF(SSL_CIPHER) **skp);
797int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
798 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
799STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
800 STACK_OF(SSL_CIPHER) **pref,
801 STACK_OF(SSL_CIPHER) **sorted,
802 const char *rule_str);
803void ssl_update_cache(SSL *s, int mode);
804int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
805 const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
806int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
807int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
808int ssl_undefined_function(SSL *s);
809int ssl_undefined_void_function(void);
810int ssl_undefined_const_function(const SSL *s);
811X509 *ssl_get_server_send_cert(SSL *);
812EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
813int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
814void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
815STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
816int ssl_verify_alarm_type(long type);
817void ssl_load_ciphers(void);
818
819int ssl2_enc_init(SSL *s, int client);
820int ssl2_generate_key_material(SSL *s);
821void ssl2_enc(SSL *s,int send_data);
822void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
823const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
824int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
825int ssl2_part_read(SSL *s, unsigned long f, int i);
826int ssl2_do_write(SSL *s);
827int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
828void ssl2_return_error(SSL *s,int reason);
829void ssl2_write_error(SSL *s);
830int ssl2_num_ciphers(void);
831const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
832int ssl2_new(SSL *s);
833void ssl2_free(SSL *s);
834int ssl2_accept(SSL *s);
835int ssl2_connect(SSL *s);
836int ssl2_read(SSL *s, void *buf, int len);
837int ssl2_peek(SSL *s, void *buf, int len);
838int ssl2_write(SSL *s, const void *buf, int len);
839int ssl2_shutdown(SSL *s);
840void ssl2_clear(SSL *s);
841long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
842long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
843long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
844long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
845int ssl2_pending(const SSL *s);
846long ssl2_default_timeout(void );
847
848const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
849int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
850void ssl3_init_finished_mac(SSL *s);
851int ssl3_send_server_certificate(SSL *s);
852int ssl3_send_newsession_ticket(SSL *s);
853int ssl3_send_cert_status(SSL *s);
854int ssl3_get_finished(SSL *s,int state_a,int state_b);
855int ssl3_setup_key_block(SSL *s);
856int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
857int ssl3_change_cipher_state(SSL *s,int which);
858void ssl3_cleanup_key_block(SSL *s);
859int ssl3_do_write(SSL *s,int type);
860int ssl3_send_alert(SSL *s,int level, int desc);
861int ssl3_generate_master_secret(SSL *s, unsigned char *out,
862 unsigned char *p, int len);
863int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
864long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
865int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
866int ssl3_num_ciphers(void);
867const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
868int ssl3_renegotiate(SSL *ssl);
869int ssl3_renegotiate_check(SSL *ssl);
870int ssl3_dispatch_alert(SSL *s);
871int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
872int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
873int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
874int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
875void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
876int ssl3_enc(SSL *s, int send_data);
877int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
878void ssl3_free_digest_list(SSL *s);
879unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
880SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
881 STACK_OF(SSL_CIPHER) *srvr);
882int ssl3_setup_buffers(SSL *s);
883int ssl3_setup_read_buffer(SSL *s);
884int ssl3_setup_write_buffer(SSL *s);
885int ssl3_release_read_buffer(SSL *s);
886int ssl3_release_write_buffer(SSL *s);
887int ssl3_digest_cached_records(SSL *s);
888int ssl3_new(SSL *s);
889void ssl3_free(SSL *s);
890int ssl3_accept(SSL *s);
891int ssl3_connect(SSL *s);
892int ssl3_read(SSL *s, void *buf, int len);
893int ssl3_peek(SSL *s, void *buf, int len);
894int ssl3_write(SSL *s, const void *buf, int len);
895int ssl3_shutdown(SSL *s);
896void ssl3_clear(SSL *s);
897long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
898long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
899long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
900long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
901int ssl3_pending(const SSL *s);
902
903void ssl3_record_sequence_update(unsigned char *seq);
904int ssl3_do_change_cipher_spec(SSL *ssl);
905long ssl3_default_timeout(void );
906
907int ssl23_num_ciphers(void );
908const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
909int ssl23_read(SSL *s, void *buf, int len);
910int ssl23_peek(SSL *s, void *buf, int len);
911int ssl23_write(SSL *s, const void *buf, int len);
912int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
913const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
914long ssl23_default_timeout(void );
915
916long tls1_default_timeout(void);
917int dtls1_do_write(SSL *s,int type);
918int ssl3_read_n(SSL *s, int n, int max, int extend);
919int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
920int ssl3_do_compress(SSL *ssl);
921int ssl3_do_uncompress(SSL *ssl);
922int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
923 unsigned int len);
924unsigned char *dtls1_set_message_header(SSL *s,
925 unsigned char *p, unsigned char mt, unsigned long len,
926 unsigned long frag_off, unsigned long frag_len);
927
928int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
929int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
930
931int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
932int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
933unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
934int dtls1_read_failed(SSL *s, int code);
935int dtls1_buffer_message(SSL *s, int ccs);
936int dtls1_retransmit_message(SSL *s, unsigned short seq,
937 unsigned long frag_off, int *found);
938int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
939int dtls1_retransmit_buffered_messages(SSL *s);
940void dtls1_clear_record_buffer(SSL *s);
941void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
942void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
943void dtls1_reset_seq_numbers(SSL *s, int rw);
944long dtls1_default_timeout(void);
945struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
946int dtls1_handle_timeout(SSL *s);
947const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
948void dtls1_start_timer(SSL *s);
949void dtls1_stop_timer(SSL *s);
950int dtls1_is_timer_expired(SSL *s);
951void dtls1_double_timeout(SSL *s);
952int dtls1_send_newsession_ticket(SSL *s);
953
954/* some client-only functions */
955int ssl3_client_hello(SSL *s);
956int ssl3_get_server_hello(SSL *s);
957int ssl3_get_certificate_request(SSL *s);
958int ssl3_get_new_session_ticket(SSL *s);
959int ssl3_get_cert_status(SSL *s);
960int ssl3_get_server_done(SSL *s);
961int ssl3_send_client_verify(SSL *s);
962int ssl3_send_client_certificate(SSL *s);
963int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
964int ssl3_send_client_key_exchange(SSL *s);
965int ssl3_get_key_exchange(SSL *s);
966int ssl3_get_server_certificate(SSL *s);
967int ssl3_check_cert_and_algorithm(SSL *s);
968#ifndef OPENSSL_NO_TLSEXT
969int ssl3_check_finished(SSL *s);
970#endif
971
972int dtls1_client_hello(SSL *s);
973int dtls1_send_client_certificate(SSL *s);
974int dtls1_send_client_key_exchange(SSL *s);
975int dtls1_send_client_verify(SSL *s);
976
977/* some server-only functions */
978int ssl3_get_client_hello(SSL *s);
979int ssl3_send_server_hello(SSL *s);
980int ssl3_send_hello_request(SSL *s);
981int ssl3_send_server_key_exchange(SSL *s);
982int ssl3_send_certificate_request(SSL *s);
983int ssl3_send_server_done(SSL *s);
984int ssl3_check_client_hello(SSL *s);
985int ssl3_get_client_certificate(SSL *s);
986int ssl3_get_client_key_exchange(SSL *s);
987int ssl3_get_cert_verify(SSL *s);
988
989int dtls1_send_hello_request(SSL *s);
990int dtls1_send_server_hello(SSL *s);
991int dtls1_send_server_certificate(SSL *s);
992int dtls1_send_server_key_exchange(SSL *s);
993int dtls1_send_certificate_request(SSL *s);
994int dtls1_send_server_done(SSL *s);
995
996
997
998int ssl23_accept(SSL *s);
999int ssl23_connect(SSL *s);
1000int ssl23_read_bytes(SSL *s, int n);
1001int ssl23_write_bytes(SSL *s);
1002
1003int tls1_new(SSL *s);
1004void tls1_free(SSL *s);
1005void tls1_clear(SSL *s);
1006long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1007long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
1008
1009int dtls1_new(SSL *s);
1010int dtls1_accept(SSL *s);
1011int dtls1_connect(SSL *s);
1012void dtls1_free(SSL *s);
1013void dtls1_clear(SSL *s);
1014long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1015
1016long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
1017int dtls1_get_record(SSL *s);
1018int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
1019 unsigned int len, int create_empty_fragement);
1020int dtls1_dispatch_alert(SSL *s);
1021int dtls1_enc(SSL *s, int snd);
1022
1023int ssl_init_wbio_buffer(SSL *s, int push);
1024void ssl_free_wbio_buffer(SSL *s);
1025
1026int tls1_change_cipher_state(SSL *s, int which);
1027int tls1_setup_key_block(SSL *s);
1028int tls1_enc(SSL *s, int snd);
1029int tls1_final_finish_mac(SSL *s,
1030 const char *str, int slen, unsigned char *p);
1031int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
1032int tls1_mac(SSL *ssl, unsigned char *md, int snd);
1033int tls1_generate_master_secret(SSL *s, unsigned char *out,
1034 unsigned char *p, int len);
1035int tls1_alert_code(int code);
1036int ssl3_alert_code(int code);
1037int ssl_ok(SSL *s);
1038
1039#ifndef OPENSSL_NO_ECDH
1040int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
1041#endif
1042
1043SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
1044
1045#ifndef OPENSSL_NO_EC
1046int tls1_ec_curve_id2nid(int curve_id);
1047int tls1_ec_nid2curve_id(int nid);
1048#endif /* OPENSSL_NO_EC */
1049
1050#ifndef OPENSSL_NO_TLSEXT
1051unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1052unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1053int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1054int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1055int ssl_prepare_clienthello_tlsext(SSL *s);
1056int ssl_prepare_serverhello_tlsext(SSL *s);
1057int ssl_check_clienthello_tlsext(SSL *s);
1058int ssl_check_serverhello_tlsext(SSL *s);
1059
1060#ifdef OPENSSL_NO_SHA256
1061#define tlsext_tick_md EVP_sha1
1062#else
1063#define tlsext_tick_md EVP_sha256
1064#endif
1065int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
1066 const unsigned char *limit, SSL_SESSION **ret);
1067#endif
1068EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
1069void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
1070int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1071 int maxlen);
1072int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1073 int *al);
1074int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1075 int maxlen);
1076int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1077 int *al);
1078#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index c0960b5712..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,779 +0,0 @@
1/* ssl/ssl_rsa.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/bio.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66
67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x)
70 {
71 if (x == NULL)
72 {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74 return(0);
75 }
76 if (!ssl_cert_inst(&ssl->cert))
77 {
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 }
83
84#ifndef OPENSSL_NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86 {
87 int j;
88 BIO *in;
89 int ret=0;
90 X509 *x=NULL;
91
92 in=BIO_new(BIO_s_file_internal());
93 if (in == NULL)
94 {
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end;
97 }
98
99 if (BIO_read_filename(in,file) <= 0)
100 {
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end;
103 }
104 if (type == SSL_FILETYPE_ASN1)
105 {
106 j=ERR_R_ASN1_LIB;
107 x=d2i_X509_bio(in,NULL);
108 }
109 else if (type == SSL_FILETYPE_PEM)
110 {
111 j=ERR_R_PEM_LIB;
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end;
118 }
119
120 if (x == NULL)
121 {
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end;
124 }
125
126 ret=SSL_use_certificate(ssl,x);
127end:
128 if (x != NULL) X509_free(x);
129 if (in != NULL) BIO_free(in);
130 return(ret);
131 }
132#endif
133
134int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
135 {
136 X509 *x;
137 int ret;
138
139 x=d2i_X509(NULL,&d,(long)len);
140 if (x == NULL)
141 {
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143 return(0);
144 }
145
146 ret=SSL_use_certificate(ssl,x);
147 X509_free(x);
148 return(ret);
149 }
150
151#ifndef OPENSSL_NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
153 {
154 EVP_PKEY *pkey;
155 int ret;
156
157 if (rsa == NULL)
158 {
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160 return(0);
161 }
162 if (!ssl_cert_inst(&ssl->cert))
163 {
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165 return(0);
166 }
167 if ((pkey=EVP_PKEY_new()) == NULL)
168 {
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172
173 RSA_up_ref(rsa);
174 EVP_PKEY_assign_RSA(pkey,rsa);
175
176 ret=ssl_set_pkey(ssl->cert,pkey);
177 EVP_PKEY_free(pkey);
178 return(ret);
179 }
180#endif
181
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
183 {
184 int i;
185
186 i=ssl_cert_type(NULL,pkey);
187 if (i < 0)
188 {
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190 return(0);
191 }
192
193 if (c->pkeys[i].x509 != NULL)
194 {
195 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey);
198 EVP_PKEY_free(pktmp);
199 ERR_clear_error();
200
201#ifndef OPENSSL_NO_RSA
202 /* Don't check the public/private key, this is mostly
203 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
206 ;
207 else
208#endif
209 if (!X509_check_private_key(c->pkeys[i].x509,pkey))
210 {
211 X509_free(c->pkeys[i].x509);
212 c->pkeys[i].x509 = NULL;
213 return 0;
214 }
215 }
216
217 if (c->pkeys[i].privatekey != NULL)
218 EVP_PKEY_free(c->pkeys[i].privatekey);
219 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
220 c->pkeys[i].privatekey=pkey;
221 c->key= &(c->pkeys[i]);
222
223 c->valid=0;
224 return(1);
225 }
226
227#ifndef OPENSSL_NO_RSA
228#ifndef OPENSSL_NO_STDIO
229int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
230 {
231 int j,ret=0;
232 BIO *in;
233 RSA *rsa=NULL;
234
235 in=BIO_new(BIO_s_file_internal());
236 if (in == NULL)
237 {
238 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
239 goto end;
240 }
241
242 if (BIO_read_filename(in,file) <= 0)
243 {
244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
245 goto end;
246 }
247 if (type == SSL_FILETYPE_ASN1)
248 {
249 j=ERR_R_ASN1_LIB;
250 rsa=d2i_RSAPrivateKey_bio(in,NULL);
251 }
252 else if (type == SSL_FILETYPE_PEM)
253 {
254 j=ERR_R_PEM_LIB;
255 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
256 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
257 }
258 else
259 {
260 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
261 goto end;
262 }
263 if (rsa == NULL)
264 {
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
266 goto end;
267 }
268 ret=SSL_use_RSAPrivateKey(ssl,rsa);
269 RSA_free(rsa);
270end:
271 if (in != NULL) BIO_free(in);
272 return(ret);
273 }
274#endif
275
276int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
277 {
278 int ret;
279 const unsigned char *p;
280 RSA *rsa;
281
282 p=d;
283 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
284 {
285 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
286 return(0);
287 }
288
289 ret=SSL_use_RSAPrivateKey(ssl,rsa);
290 RSA_free(rsa);
291 return(ret);
292 }
293#endif /* !OPENSSL_NO_RSA */
294
295int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
296 {
297 int ret;
298
299 if (pkey == NULL)
300 {
301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
302 return(0);
303 }
304 if (!ssl_cert_inst(&ssl->cert))
305 {
306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
307 return(0);
308 }
309 ret=ssl_set_pkey(ssl->cert,pkey);
310 return(ret);
311 }
312
313#ifndef OPENSSL_NO_STDIO
314int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
315 {
316 int j,ret=0;
317 BIO *in;
318 EVP_PKEY *pkey=NULL;
319
320 in=BIO_new(BIO_s_file_internal());
321 if (in == NULL)
322 {
323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
324 goto end;
325 }
326
327 if (BIO_read_filename(in,file) <= 0)
328 {
329 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
330 goto end;
331 }
332 if (type == SSL_FILETYPE_PEM)
333 {
334 j=ERR_R_PEM_LIB;
335 pkey=PEM_read_bio_PrivateKey(in,NULL,
336 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
337 }
338 else if (type == SSL_FILETYPE_ASN1)
339 {
340 j = ERR_R_ASN1_LIB;
341 pkey = d2i_PrivateKey_bio(in,NULL);
342 }
343 else
344 {
345 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
346 goto end;
347 }
348 if (pkey == NULL)
349 {
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
351 goto end;
352 }
353 ret=SSL_use_PrivateKey(ssl,pkey);
354 EVP_PKEY_free(pkey);
355end:
356 if (in != NULL) BIO_free(in);
357 return(ret);
358 }
359#endif
360
361int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
362 {
363 int ret;
364 const unsigned char *p;
365 EVP_PKEY *pkey;
366
367 p=d;
368 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
369 {
370 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
371 return(0);
372 }
373
374 ret=SSL_use_PrivateKey(ssl,pkey);
375 EVP_PKEY_free(pkey);
376 return(ret);
377 }
378
379int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
380 {
381 if (x == NULL)
382 {
383 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
384 return(0);
385 }
386 if (!ssl_cert_inst(&ctx->cert))
387 {
388 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
389 return(0);
390 }
391 return(ssl_set_cert(ctx->cert, x));
392 }
393
394static int ssl_set_cert(CERT *c, X509 *x)
395 {
396 EVP_PKEY *pkey;
397 int i;
398
399 pkey=X509_get_pubkey(x);
400 if (pkey == NULL)
401 {
402 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
403 return(0);
404 }
405
406 i=ssl_cert_type(x,pkey);
407 if (i < 0)
408 {
409 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
410 EVP_PKEY_free(pkey);
411 return(0);
412 }
413
414 if (c->pkeys[i].privatekey != NULL)
415 {
416 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
417 ERR_clear_error();
418
419#ifndef OPENSSL_NO_RSA
420 /* Don't check the public/private key, this is mostly
421 * for smart cards. */
422 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
423 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
424 RSA_METHOD_FLAG_NO_CHECK))
425 ;
426 else
427#endif /* OPENSSL_NO_RSA */
428 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
429 {
430 /* don't fail for a cert/key mismatch, just free
431 * current private key (when switching to a different
432 * cert & key, first this function should be used,
433 * then ssl_set_pkey */
434 EVP_PKEY_free(c->pkeys[i].privatekey);
435 c->pkeys[i].privatekey=NULL;
436 /* clear error queue */
437 ERR_clear_error();
438 }
439 }
440
441 EVP_PKEY_free(pkey);
442
443 if (c->pkeys[i].x509 != NULL)
444 X509_free(c->pkeys[i].x509);
445 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
446 c->pkeys[i].x509=x;
447 c->key= &(c->pkeys[i]);
448
449 c->valid=0;
450 return(1);
451 }
452
453#ifndef OPENSSL_NO_STDIO
454int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
455 {
456 int j;
457 BIO *in;
458 int ret=0;
459 X509 *x=NULL;
460
461 in=BIO_new(BIO_s_file_internal());
462 if (in == NULL)
463 {
464 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
465 goto end;
466 }
467
468 if (BIO_read_filename(in,file) <= 0)
469 {
470 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
471 goto end;
472 }
473 if (type == SSL_FILETYPE_ASN1)
474 {
475 j=ERR_R_ASN1_LIB;
476 x=d2i_X509_bio(in,NULL);
477 }
478 else if (type == SSL_FILETYPE_PEM)
479 {
480 j=ERR_R_PEM_LIB;
481 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
482 }
483 else
484 {
485 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
486 goto end;
487 }
488
489 if (x == NULL)
490 {
491 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
492 goto end;
493 }
494
495 ret=SSL_CTX_use_certificate(ctx,x);
496end:
497 if (x != NULL) X509_free(x);
498 if (in != NULL) BIO_free(in);
499 return(ret);
500 }
501#endif
502
503int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
504 {
505 X509 *x;
506 int ret;
507
508 x=d2i_X509(NULL,&d,(long)len);
509 if (x == NULL)
510 {
511 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
512 return(0);
513 }
514
515 ret=SSL_CTX_use_certificate(ctx,x);
516 X509_free(x);
517 return(ret);
518 }
519
520#ifndef OPENSSL_NO_RSA
521int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
522 {
523 int ret;
524 EVP_PKEY *pkey;
525
526 if (rsa == NULL)
527 {
528 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
529 return(0);
530 }
531 if (!ssl_cert_inst(&ctx->cert))
532 {
533 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
534 return(0);
535 }
536 if ((pkey=EVP_PKEY_new()) == NULL)
537 {
538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
539 return(0);
540 }
541
542 RSA_up_ref(rsa);
543 EVP_PKEY_assign_RSA(pkey,rsa);
544
545 ret=ssl_set_pkey(ctx->cert, pkey);
546 EVP_PKEY_free(pkey);
547 return(ret);
548 }
549
550#ifndef OPENSSL_NO_STDIO
551int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
552 {
553 int j,ret=0;
554 BIO *in;
555 RSA *rsa=NULL;
556
557 in=BIO_new(BIO_s_file_internal());
558 if (in == NULL)
559 {
560 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
561 goto end;
562 }
563
564 if (BIO_read_filename(in,file) <= 0)
565 {
566 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
567 goto end;
568 }
569 if (type == SSL_FILETYPE_ASN1)
570 {
571 j=ERR_R_ASN1_LIB;
572 rsa=d2i_RSAPrivateKey_bio(in,NULL);
573 }
574 else if (type == SSL_FILETYPE_PEM)
575 {
576 j=ERR_R_PEM_LIB;
577 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
578 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
579 }
580 else
581 {
582 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
583 goto end;
584 }
585 if (rsa == NULL)
586 {
587 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
588 goto end;
589 }
590 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
591 RSA_free(rsa);
592end:
593 if (in != NULL) BIO_free(in);
594 return(ret);
595 }
596#endif
597
598int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
599 {
600 int ret;
601 const unsigned char *p;
602 RSA *rsa;
603
604 p=d;
605 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
606 {
607 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
608 return(0);
609 }
610
611 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
612 RSA_free(rsa);
613 return(ret);
614 }
615#endif /* !OPENSSL_NO_RSA */
616
617int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
618 {
619 if (pkey == NULL)
620 {
621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
622 return(0);
623 }
624 if (!ssl_cert_inst(&ctx->cert))
625 {
626 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
627 return(0);
628 }
629 return(ssl_set_pkey(ctx->cert,pkey));
630 }
631
632#ifndef OPENSSL_NO_STDIO
633int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
634 {
635 int j,ret=0;
636 BIO *in;
637 EVP_PKEY *pkey=NULL;
638
639 in=BIO_new(BIO_s_file_internal());
640 if (in == NULL)
641 {
642 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
643 goto end;
644 }
645
646 if (BIO_read_filename(in,file) <= 0)
647 {
648 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
649 goto end;
650 }
651 if (type == SSL_FILETYPE_PEM)
652 {
653 j=ERR_R_PEM_LIB;
654 pkey=PEM_read_bio_PrivateKey(in,NULL,
655 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
656 }
657 else if (type == SSL_FILETYPE_ASN1)
658 {
659 j = ERR_R_ASN1_LIB;
660 pkey = d2i_PrivateKey_bio(in,NULL);
661 }
662 else
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
665 goto end;
666 }
667 if (pkey == NULL)
668 {
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
670 goto end;
671 }
672 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
673 EVP_PKEY_free(pkey);
674end:
675 if (in != NULL) BIO_free(in);
676 return(ret);
677 }
678#endif
679
680int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
681 long len)
682 {
683 int ret;
684 const unsigned char *p;
685 EVP_PKEY *pkey;
686
687 p=d;
688 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
689 {
690 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
691 return(0);
692 }
693
694 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
695 EVP_PKEY_free(pkey);
696 return(ret);
697 }
698
699
700#ifndef OPENSSL_NO_STDIO
701/* Read a file that contains our certificate in "PEM" format,
702 * possibly followed by a sequence of CA certificates that should be
703 * sent to the peer in the Certificate message.
704 */
705int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
706 {
707 BIO *in;
708 int ret=0;
709 X509 *x=NULL;
710
711 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
712
713 in=BIO_new(BIO_s_file_internal());
714 if (in == NULL)
715 {
716 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
717 goto end;
718 }
719
720 if (BIO_read_filename(in,file) <= 0)
721 {
722 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
723 goto end;
724 }
725
726 x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
727 if (x == NULL)
728 {
729 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
730 goto end;
731 }
732
733 ret=SSL_CTX_use_certificate(ctx,x);
734 if (ERR_peek_error() != 0)
735 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
736 if (ret)
737 {
738 /* If we could set up our certificate, now proceed to
739 * the CA certificates.
740 */
741 X509 *ca;
742 int r;
743 unsigned long err;
744
745 if (ctx->extra_certs != NULL)
746 {
747 sk_X509_pop_free(ctx->extra_certs, X509_free);
748 ctx->extra_certs = NULL;
749 }
750
751 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
752 != NULL)
753 {
754 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
755 if (!r)
756 {
757 X509_free(ca);
758 ret = 0;
759 goto end;
760 }
761 /* Note that we must not free r if it was successfully
762 * added to the chain (while we must free the main
763 * certificate, since its reference count is increased
764 * by SSL_CTX_use_certificate). */
765 }
766 /* When the while loop ends, it's usually just EOF. */
767 err = ERR_peek_last_error();
768 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
769 ERR_clear_error();
770 else
771 ret = 0; /* some real error */
772 }
773
774end:
775 if (x != NULL) X509_free(x);
776 if (in != NULL) BIO_free(in);
777 return(ret);
778 }
779#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index 8e5d8a0972..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,1095 +0,0 @@
1/* ssl/ssl_sess.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139#include <openssl/lhash.h>
140#include <openssl/rand.h>
141#ifndef OPENSSL_NO_ENGINE
142#include <openssl/engine.h>
143#endif
144#include "ssl_locl.h"
145
146static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
147static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
148static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
149
150SSL_SESSION *SSL_get_session(const SSL *ssl)
151/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
152 {
153 return(ssl->session);
154 }
155
156SSL_SESSION *SSL_get1_session(SSL *ssl)
157/* variant of SSL_get_session: caller really gets something */
158 {
159 SSL_SESSION *sess;
160 /* Need to lock this all up rather than just use CRYPTO_add so that
161 * somebody doesn't free ssl->session between when we check it's
162 * non-null and when we up the reference count. */
163 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
164 sess = ssl->session;
165 if(sess)
166 sess->references++;
167 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
168 return(sess);
169 }
170
171int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
172 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
173 {
174 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
175 new_func, dup_func, free_func);
176 }
177
178int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
179 {
180 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
181 }
182
183void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
184 {
185 return(CRYPTO_get_ex_data(&s->ex_data,idx));
186 }
187
188SSL_SESSION *SSL_SESSION_new(void)
189 {
190 SSL_SESSION *ss;
191
192 ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
193 if (ss == NULL)
194 {
195 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
196 return(0);
197 }
198 memset(ss,0,sizeof(SSL_SESSION));
199
200 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
201 ss->references=1;
202 ss->timeout=60*5+4; /* 5 minute timeout by default */
203 ss->time=(unsigned long)time(NULL);
204 ss->prev=NULL;
205 ss->next=NULL;
206 ss->compress_meth=0;
207#ifndef OPENSSL_NO_TLSEXT
208 ss->tlsext_hostname = NULL;
209#ifndef OPENSSL_NO_EC
210 ss->tlsext_ecpointformatlist_length = 0;
211 ss->tlsext_ecpointformatlist = NULL;
212 ss->tlsext_ellipticcurvelist_length = 0;
213 ss->tlsext_ellipticcurvelist = NULL;
214#endif
215#endif
216 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
217#ifndef OPENSSL_NO_PSK
218 ss->psk_identity_hint=NULL;
219 ss->psk_identity=NULL;
220#endif
221 return(ss);
222 }
223
224const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
225 {
226 if(len)
227 *len = s->session_id_length;
228 return s->session_id;
229 }
230
231/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
232 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
233 * until we have no conflict is going to complete in one iteration pretty much
234 * "most" of the time (btw: understatement). So, if it takes us 10 iterations
235 * and we still can't avoid a conflict - well that's a reasonable point to call
236 * it quits. Either the RAND code is broken or someone is trying to open roughly
237 * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
238 * store that many sessions is perhaps a more interesting question ... */
239
240#define MAX_SESS_ID_ATTEMPTS 10
241static int def_generate_session_id(const SSL *ssl, unsigned char *id,
242 unsigned int *id_len)
243{
244 unsigned int retry = 0;
245 do
246 if (RAND_pseudo_bytes(id, *id_len) <= 0)
247 return 0;
248 while(SSL_has_matching_session_id(ssl, id, *id_len) &&
249 (++retry < MAX_SESS_ID_ATTEMPTS));
250 if(retry < MAX_SESS_ID_ATTEMPTS)
251 return 1;
252 /* else - woops a session_id match */
253 /* XXX We should also check the external cache --
254 * but the probability of a collision is negligible, and
255 * we could not prevent the concurrent creation of sessions
256 * with identical IDs since we currently don't have means
257 * to atomically check whether a session ID already exists
258 * and make a reservation for it if it does not
259 * (this problem applies to the internal cache as well).
260 */
261 return 0;
262}
263
264int ssl_get_new_session(SSL *s, int session)
265 {
266 /* This gets used by clients and servers. */
267
268 unsigned int tmp;
269 SSL_SESSION *ss=NULL;
270 GEN_SESSION_CB cb = def_generate_session_id;
271
272 if ((ss=SSL_SESSION_new()) == NULL) return(0);
273
274 /* If the context has a default timeout, use it */
275 if (s->session_ctx->session_timeout == 0)
276 ss->timeout=SSL_get_default_timeout(s);
277 else
278 ss->timeout=s->session_ctx->session_timeout;
279
280 if (s->session != NULL)
281 {
282 SSL_SESSION_free(s->session);
283 s->session=NULL;
284 }
285
286 if (session)
287 {
288 if (s->version == SSL2_VERSION)
289 {
290 ss->ssl_version=SSL2_VERSION;
291 ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
292 }
293 else if (s->version == SSL3_VERSION)
294 {
295 ss->ssl_version=SSL3_VERSION;
296 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
297 }
298 else if (s->version == TLS1_VERSION)
299 {
300 ss->ssl_version=TLS1_VERSION;
301 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
302 }
303 else if (s->version == DTLS1_BAD_VER)
304 {
305 ss->ssl_version=DTLS1_BAD_VER;
306 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
307 }
308 else if (s->version == DTLS1_VERSION)
309 {
310 ss->ssl_version=DTLS1_VERSION;
311 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
312 }
313 else
314 {
315 SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
316 SSL_SESSION_free(ss);
317 return(0);
318 }
319#ifndef OPENSSL_NO_TLSEXT
320 /* If RFC4507 ticket use empty session ID */
321 if (s->tlsext_ticket_expected)
322 {
323 ss->session_id_length = 0;
324 goto sess_id_done;
325 }
326#endif
327 /* Choose which callback will set the session ID */
328 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
329 if(s->generate_session_id)
330 cb = s->generate_session_id;
331 else if(s->session_ctx->generate_session_id)
332 cb = s->session_ctx->generate_session_id;
333 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
334 /* Choose a session ID */
335 tmp = ss->session_id_length;
336 if(!cb(s, ss->session_id, &tmp))
337 {
338 /* The callback failed */
339 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
340 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
341 SSL_SESSION_free(ss);
342 return(0);
343 }
344 /* Don't allow the callback to set the session length to zero.
345 * nor set it higher than it was. */
346 if(!tmp || (tmp > ss->session_id_length))
347 {
348 /* The callback set an illegal length */
349 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
350 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
351 SSL_SESSION_free(ss);
352 return(0);
353 }
354 /* If the session length was shrunk and we're SSLv2, pad it */
355 if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
356 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
357 else
358 ss->session_id_length = tmp;
359 /* Finally, check for a conflict */
360 if(SSL_has_matching_session_id(s, ss->session_id,
361 ss->session_id_length))
362 {
363 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
364 SSL_R_SSL_SESSION_ID_CONFLICT);
365 SSL_SESSION_free(ss);
366 return(0);
367 }
368#ifndef OPENSSL_NO_TLSEXT
369 sess_id_done:
370 if (s->tlsext_hostname) {
371 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
372 if (ss->tlsext_hostname == NULL) {
373 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
374 SSL_SESSION_free(ss);
375 return 0;
376 }
377 }
378#ifndef OPENSSL_NO_EC
379 if (s->tlsext_ecpointformatlist)
380 {
381 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
382 if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
383 {
384 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
385 SSL_SESSION_free(ss);
386 return 0;
387 }
388 ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
389 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
390 }
391 if (s->tlsext_ellipticcurvelist)
392 {
393 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
394 if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
395 {
396 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
397 SSL_SESSION_free(ss);
398 return 0;
399 }
400 ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
401 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
402 }
403#endif
404#endif
405 }
406 else
407 {
408 ss->session_id_length=0;
409 }
410
411 if (s->sid_ctx_length > sizeof ss->sid_ctx)
412 {
413 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
414 SSL_SESSION_free(ss);
415 return 0;
416 }
417 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
418 ss->sid_ctx_length=s->sid_ctx_length;
419 s->session=ss;
420 ss->ssl_version=s->version;
421 ss->verify_result = X509_V_OK;
422
423 return(1);
424 }
425
426int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
427 const unsigned char *limit)
428 {
429 /* This is used only by servers. */
430
431 SSL_SESSION *ret=NULL;
432 int fatal = 0;
433#ifndef OPENSSL_NO_TLSEXT
434 int r;
435#endif
436
437 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
438 goto err;
439#ifndef OPENSSL_NO_TLSEXT
440 r = tls1_process_ticket(s, session_id, len, limit, &ret);
441 if (r == -1)
442 {
443 fatal = 1;
444 goto err;
445 }
446 else if (r == 0 || (!ret && !len))
447 goto err;
448 else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
449#else
450 if (len == 0)
451 goto err;
452 if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
453#endif
454 {
455 SSL_SESSION data;
456 data.ssl_version=s->version;
457 data.session_id_length=len;
458 if (len == 0)
459 return 0;
460 memcpy(data.session_id,session_id,len);
461 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
462 ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data);
463 if (ret != NULL)
464 /* don't allow other threads to steal it: */
465 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
466 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
467 }
468
469 if (ret == NULL)
470 {
471 int copy=1;
472
473 s->session_ctx->stats.sess_miss++;
474 ret=NULL;
475 if (s->session_ctx->get_session_cb != NULL
476 && (ret=s->session_ctx->get_session_cb(s,session_id,len,&copy))
477 != NULL)
478 {
479 s->session_ctx->stats.sess_cb_hit++;
480
481 /* Increment reference count now if the session callback
482 * asks us to do so (note that if the session structures
483 * returned by the callback are shared between threads,
484 * it must handle the reference count itself [i.e. copy == 0],
485 * or things won't be thread-safe). */
486 if (copy)
487 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
488
489 /* Add the externally cached session to the internal
490 * cache as well if and only if we are supposed to. */
491 if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
492 /* The following should not return 1, otherwise,
493 * things are very strange */
494 SSL_CTX_add_session(s->session_ctx,ret);
495 }
496 if (ret == NULL)
497 goto err;
498 }
499
500 /* Now ret is non-NULL, and we own one of its reference counts. */
501
502 if (ret->sid_ctx_length != s->sid_ctx_length
503 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
504 {
505 /* We've found the session named by the client, but we don't
506 * want to use it in this context. */
507
508#if 0 /* The client cannot always know when a session is not appropriate,
509 * so we shouldn't generate an error message. */
510
511 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
512#endif
513 goto err; /* treat like cache miss */
514 }
515
516 if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
517 {
518 /* We can't be sure if this session is being used out of
519 * context, which is especially important for SSL_VERIFY_PEER.
520 * The application should have used SSL[_CTX]_set_session_id_context.
521 *
522 * For this error case, we generate an error instead of treating
523 * the event like a cache miss (otherwise it would be easy for
524 * applications to effectively disable the session cache by
525 * accident without anyone noticing).
526 */
527
528 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
529 fatal = 1;
530 goto err;
531 }
532
533 if (ret->cipher == NULL)
534 {
535 unsigned char buf[5],*p;
536 unsigned long l;
537
538 p=buf;
539 l=ret->cipher_id;
540 l2n(l,p);
541 if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
542 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
543 else
544 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
545 if (ret->cipher == NULL)
546 goto err;
547 }
548
549
550#if 0 /* This is way too late. */
551
552 /* If a thread got the session, then 'swaped', and another got
553 * it and then due to a time-out decided to 'OPENSSL_free' it we could
554 * be in trouble. So I'll increment it now, then double decrement
555 * later - am I speaking rubbish?. */
556 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
557#endif
558
559 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
560 {
561 s->session_ctx->stats.sess_timeout++;
562 /* remove it from the cache */
563 SSL_CTX_remove_session(s->session_ctx,ret);
564 goto err;
565 }
566
567 s->session_ctx->stats.sess_hit++;
568
569 /* ret->time=time(NULL); */ /* rezero timeout? */
570 /* again, just leave the session
571 * if it is the same session, we have just incremented and
572 * then decremented the reference count :-) */
573 if (s->session != NULL)
574 SSL_SESSION_free(s->session);
575 s->session=ret;
576 s->verify_result = s->session->verify_result;
577 return(1);
578
579 err:
580 if (ret != NULL)
581 SSL_SESSION_free(ret);
582 if (fatal)
583 return -1;
584 else
585 return 0;
586 }
587
588int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
589 {
590 int ret=0;
591 SSL_SESSION *s;
592
593 /* add just 1 reference count for the SSL_CTX's session cache
594 * even though it has two ways of access: each session is in a
595 * doubly linked list and an lhash */
596 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
597 /* if session c is in already in cache, we take back the increment later */
598
599 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
600 s=lh_SSL_SESSION_insert(ctx->sessions,c);
601
602 /* s != NULL iff we already had a session with the given PID.
603 * In this case, s == c should hold (then we did not really modify
604 * ctx->sessions), or we're in trouble. */
605 if (s != NULL && s != c)
606 {
607 /* We *are* in trouble ... */
608 SSL_SESSION_list_remove(ctx,s);
609 SSL_SESSION_free(s);
610 /* ... so pretend the other session did not exist in cache
611 * (we cannot handle two SSL_SESSION structures with identical
612 * session ID in the same cache, which could happen e.g. when
613 * two threads concurrently obtain the same session from an external
614 * cache) */
615 s = NULL;
616 }
617
618 /* Put at the head of the queue unless it is already in the cache */
619 if (s == NULL)
620 SSL_SESSION_list_add(ctx,c);
621
622 if (s != NULL)
623 {
624 /* existing cache entry -- decrement previously incremented reference
625 * count because it already takes into account the cache */
626
627 SSL_SESSION_free(s); /* s == c */
628 ret=0;
629 }
630 else
631 {
632 /* new cache entry -- remove old ones if cache has become too large */
633
634 ret=1;
635
636 if (SSL_CTX_sess_get_cache_size(ctx) > 0)
637 {
638 while (SSL_CTX_sess_number(ctx) >
639 SSL_CTX_sess_get_cache_size(ctx))
640 {
641 if (!remove_session_lock(ctx,
642 ctx->session_cache_tail, 0))
643 break;
644 else
645 ctx->stats.sess_cache_full++;
646 }
647 }
648 }
649 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
650 return(ret);
651 }
652
653int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
654{
655 return remove_session_lock(ctx, c, 1);
656}
657
658static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
659 {
660 SSL_SESSION *r;
661 int ret=0;
662
663 if ((c != NULL) && (c->session_id_length != 0))
664 {
665 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
666 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c)
667 {
668 ret=1;
669 r=lh_SSL_SESSION_delete(ctx->sessions,c);
670 SSL_SESSION_list_remove(ctx,c);
671 }
672
673 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
674
675 if (ret)
676 {
677 r->not_resumable=1;
678 if (ctx->remove_session_cb != NULL)
679 ctx->remove_session_cb(ctx,r);
680 SSL_SESSION_free(r);
681 }
682 }
683 else
684 ret=0;
685 return(ret);
686 }
687
688void SSL_SESSION_free(SSL_SESSION *ss)
689 {
690 int i;
691
692 if(ss == NULL)
693 return;
694
695 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
696#ifdef REF_PRINT
697 REF_PRINT("SSL_SESSION",ss);
698#endif
699 if (i > 0) return;
700#ifdef REF_CHECK
701 if (i < 0)
702 {
703 fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
704 abort(); /* ok */
705 }
706#endif
707
708 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
709
710 OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
711 OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
712 OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
713 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
714 if (ss->peer != NULL) X509_free(ss->peer);
715 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
716#ifndef OPENSSL_NO_TLSEXT
717 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
718 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
719#ifndef OPENSSL_NO_EC
720 ss->tlsext_ecpointformatlist_length = 0;
721 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
722 ss->tlsext_ellipticcurvelist_length = 0;
723 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
724#endif /* OPENSSL_NO_EC */
725#endif
726#ifndef OPENSSL_NO_PSK
727 if (ss->psk_identity_hint != NULL)
728 OPENSSL_free(ss->psk_identity_hint);
729 if (ss->psk_identity != NULL)
730 OPENSSL_free(ss->psk_identity);
731#endif
732 OPENSSL_cleanse(ss,sizeof(*ss));
733 OPENSSL_free(ss);
734 }
735
736int SSL_set_session(SSL *s, SSL_SESSION *session)
737 {
738 int ret=0;
739 const SSL_METHOD *meth;
740
741 if (session != NULL)
742 {
743 meth=s->ctx->method->get_ssl_method(session->ssl_version);
744 if (meth == NULL)
745 meth=s->method->get_ssl_method(session->ssl_version);
746 if (meth == NULL)
747 {
748 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
749 return(0);
750 }
751
752 if (meth != s->method)
753 {
754 if (!SSL_set_ssl_method(s,meth))
755 return(0);
756 if (s->ctx->session_timeout == 0)
757 session->timeout=SSL_get_default_timeout(s);
758 else
759 session->timeout=s->ctx->session_timeout;
760 }
761
762#ifndef OPENSSL_NO_KRB5
763 if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
764 session->krb5_client_princ_len > 0)
765 {
766 s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
767 memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
768 session->krb5_client_princ_len);
769 s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
770 }
771#endif /* OPENSSL_NO_KRB5 */
772
773 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
774 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
775 if (s->session != NULL)
776 SSL_SESSION_free(s->session);
777 s->session=session;
778 s->verify_result = s->session->verify_result;
779 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
780 ret=1;
781 }
782 else
783 {
784 if (s->session != NULL)
785 {
786 SSL_SESSION_free(s->session);
787 s->session=NULL;
788 }
789
790 meth=s->ctx->method;
791 if (meth != s->method)
792 {
793 if (!SSL_set_ssl_method(s,meth))
794 return(0);
795 }
796 ret=1;
797 }
798 return(ret);
799 }
800
801long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
802 {
803 if (s == NULL) return(0);
804 s->timeout=t;
805 return(1);
806 }
807
808long SSL_SESSION_get_timeout(const SSL_SESSION *s)
809 {
810 if (s == NULL) return(0);
811 return(s->timeout);
812 }
813
814long SSL_SESSION_get_time(const SSL_SESSION *s)
815 {
816 if (s == NULL) return(0);
817 return(s->time);
818 }
819
820long SSL_SESSION_set_time(SSL_SESSION *s, long t)
821 {
822 if (s == NULL) return(0);
823 s->time=t;
824 return(t);
825 }
826
827long SSL_CTX_set_timeout(SSL_CTX *s, long t)
828 {
829 long l;
830 if (s == NULL) return(0);
831 l=s->session_timeout;
832 s->session_timeout=t;
833 return(l);
834 }
835
836long SSL_CTX_get_timeout(const SSL_CTX *s)
837 {
838 if (s == NULL) return(0);
839 return(s->session_timeout);
840 }
841
842#ifndef OPENSSL_NO_TLSEXT
843int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
844 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
845 {
846 if (s == NULL) return(0);
847 s->tls_session_secret_cb = tls_session_secret_cb;
848 s->tls_session_secret_cb_arg = arg;
849 return(1);
850 }
851
852int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
853 void *arg)
854 {
855 if (s == NULL) return(0);
856 s->tls_session_ticket_ext_cb = cb;
857 s->tls_session_ticket_ext_cb_arg = arg;
858 return(1);
859 }
860
861int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
862 {
863 if (s->version >= TLS1_VERSION)
864 {
865 if (s->tlsext_session_ticket)
866 {
867 OPENSSL_free(s->tlsext_session_ticket);
868 s->tlsext_session_ticket = NULL;
869 }
870
871 s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
872 if (!s->tlsext_session_ticket)
873 {
874 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
875 return 0;
876 }
877
878 if (ext_data)
879 {
880 s->tlsext_session_ticket->length = ext_len;
881 s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
882 memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
883 }
884 else
885 {
886 s->tlsext_session_ticket->length = 0;
887 s->tlsext_session_ticket->data = NULL;
888 }
889
890 return 1;
891 }
892
893 return 0;
894 }
895#endif /* OPENSSL_NO_TLSEXT */
896
897typedef struct timeout_param_st
898 {
899 SSL_CTX *ctx;
900 long time;
901 LHASH_OF(SSL_SESSION) *cache;
902 } TIMEOUT_PARAM;
903
904static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
905 {
906 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
907 {
908 /* The reason we don't call SSL_CTX_remove_session() is to
909 * save on locking overhead */
910 (void)lh_SSL_SESSION_delete(p->cache,s);
911 SSL_SESSION_list_remove(p->ctx,s);
912 s->not_resumable=1;
913 if (p->ctx->remove_session_cb != NULL)
914 p->ctx->remove_session_cb(p->ctx,s);
915 SSL_SESSION_free(s);
916 }
917 }
918
919static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
920
921void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
922 {
923 unsigned long i;
924 TIMEOUT_PARAM tp;
925
926 tp.ctx=s;
927 tp.cache=s->sessions;
928 if (tp.cache == NULL) return;
929 tp.time=t;
930 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
931 i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
932 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
933 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
934 TIMEOUT_PARAM, &tp);
935 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
936 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
937 }
938
939int ssl_clear_bad_session(SSL *s)
940 {
941 if ( (s->session != NULL) &&
942 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
943 !(SSL_in_init(s) || SSL_in_before(s)))
944 {
945 SSL_CTX_remove_session(s->ctx,s->session);
946 return(1);
947 }
948 else
949 return(0);
950 }
951
952/* locked by SSL_CTX in the calling function */
953static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
954 {
955 if ((s->next == NULL) || (s->prev == NULL)) return;
956
957 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
958 { /* last element in list */
959 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
960 { /* only one element in list */
961 ctx->session_cache_head=NULL;
962 ctx->session_cache_tail=NULL;
963 }
964 else
965 {
966 ctx->session_cache_tail=s->prev;
967 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
968 }
969 }
970 else
971 {
972 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
973 { /* first element in list */
974 ctx->session_cache_head=s->next;
975 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
976 }
977 else
978 { /* middle of list */
979 s->next->prev=s->prev;
980 s->prev->next=s->next;
981 }
982 }
983 s->prev=s->next=NULL;
984 }
985
986static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
987 {
988 if ((s->next != NULL) && (s->prev != NULL))
989 SSL_SESSION_list_remove(ctx,s);
990
991 if (ctx->session_cache_head == NULL)
992 {
993 ctx->session_cache_head=s;
994 ctx->session_cache_tail=s;
995 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
996 s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
997 }
998 else
999 {
1000 s->next=ctx->session_cache_head;
1001 s->next->prev=s;
1002 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
1003 ctx->session_cache_head=s;
1004 }
1005 }
1006
1007void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1008 int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
1009 {
1010 ctx->new_session_cb=cb;
1011 }
1012
1013int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
1014 {
1015 return ctx->new_session_cb;
1016 }
1017
1018void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1019 void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
1020 {
1021 ctx->remove_session_cb=cb;
1022 }
1023
1024void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
1025 {
1026 return ctx->remove_session_cb;
1027 }
1028
1029void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1030 SSL_SESSION *(*cb)(struct ssl_st *ssl,
1031 unsigned char *data,int len,int *copy))
1032 {
1033 ctx->get_session_cb=cb;
1034 }
1035
1036SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
1037 unsigned char *data,int len,int *copy)
1038 {
1039 return ctx->get_session_cb;
1040 }
1041
1042void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1043 void (*cb)(const SSL *ssl,int type,int val))
1044 {
1045 ctx->info_callback=cb;
1046 }
1047
1048void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
1049 {
1050 return ctx->info_callback;
1051 }
1052
1053void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1054 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
1055 {
1056 ctx->client_cert_cb=cb;
1057 }
1058
1059int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
1060 {
1061 return ctx->client_cert_cb;
1062 }
1063
1064#ifndef OPENSSL_NO_ENGINE
1065int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1066 {
1067 if (!ENGINE_init(e))
1068 {
1069 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
1070 return 0;
1071 }
1072 if(!ENGINE_get_ssl_client_cert_function(e))
1073 {
1074 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
1075 ENGINE_finish(e);
1076 return 0;
1077 }
1078 ctx->client_cert_engine = e;
1079 return 1;
1080 }
1081#endif
1082
1083void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1084 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
1085 {
1086 ctx->app_gen_cookie_cb=cb;
1087 }
1088
1089void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1090 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
1091 {
1092 ctx->app_verify_cookie_cb=cb;
1093 }
1094
1095IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 144b81e55f..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,567 +0,0 @@
1/* ssl/ssl_stat.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include "ssl_locl.h"
87
88const char *SSL_state_string_long(const SSL *s)
89 {
90 const char *str;
91
92 switch (s->state)
93 {
94case SSL_ST_BEFORE: str="before SSL initialization"; break;
95case SSL_ST_ACCEPT: str="before accept initialization"; break;
96case SSL_ST_CONNECT: str="before connect initialization"; break;
97case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
98case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
99case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
100case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
101case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
102case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
103#ifndef OPENSSL_NO_SSL2
104case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
105case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
106case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
107case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
108case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
109case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
110case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
111case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
112case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
113case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
114case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
115case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
116case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
117case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
118case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
119case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
120case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
121case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
122case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
123case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
124case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
125case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
126case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
127case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
128case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
129case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
130case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
131case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
132case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
133case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
134case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
135case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
136case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
137case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
138case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
139case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
140case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
141case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
142#endif
143
144#ifndef OPENSSL_NO_SSL3
145/* SSLv3 additions */
146case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
147case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
148case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
149case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
150case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
151case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
152case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
153case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
154case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
155case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
156case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
157case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
158case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
159case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
160case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
161case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
162case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
163case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
164case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
165case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
166case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
167case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
168
169case SSL3_ST_CW_CHANGE_A:
170case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
171case SSL3_ST_CW_CHANGE_B:
172case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
173case SSL3_ST_CW_FINISHED_A:
174case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
175case SSL3_ST_CW_FINISHED_B:
176case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
177case SSL3_ST_CR_CHANGE_A:
178case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
179case SSL3_ST_CR_CHANGE_B:
180case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
181case SSL3_ST_CR_FINISHED_A:
182case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
183case SSL3_ST_CR_FINISHED_B:
184case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
185
186case SSL3_ST_CW_FLUSH:
187case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
188
189case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
190case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
191case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
192case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
193case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
194case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
195case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
196case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
197case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
198case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
199case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
200case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
201case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
202case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
203case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
204case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
205case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
206case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
207case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
208case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
209case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
210case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
211case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
212case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
213#endif
214
215#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
216/* SSLv2/v3 compatibility states */
217/* client */
218case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
219case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
220case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
221case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
222/* server */
223case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
224case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
225#endif
226
227/* DTLS */
228case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
229case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
230case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
231case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
232
233default: str="unknown state"; break;
234 }
235 return(str);
236 }
237
238const char *SSL_rstate_string_long(const SSL *s)
239 {
240 const char *str;
241
242 switch (s->rstate)
243 {
244 case SSL_ST_READ_HEADER: str="read header"; break;
245 case SSL_ST_READ_BODY: str="read body"; break;
246 case SSL_ST_READ_DONE: str="read done"; break;
247 default: str="unknown"; break;
248 }
249 return(str);
250 }
251
252const char *SSL_state_string(const SSL *s)
253 {
254 const char *str;
255
256 switch (s->state)
257 {
258case SSL_ST_BEFORE: str="PINIT "; break;
259case SSL_ST_ACCEPT: str="AINIT "; break;
260case SSL_ST_CONNECT: str="CINIT "; break;
261case SSL_ST_OK: str="SSLOK "; break;
262#ifndef OPENSSL_NO_SSL2
263case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
264case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
265case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
266case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
267case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
268case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
269case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
270case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
271case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
272case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
273case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
274case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
275case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
276case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
277case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
278case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
279case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
280case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
281case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
282case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
283case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
284case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
285case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
286case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
287case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
288case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
289case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
290case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
291case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
292case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
293case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
294case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
295case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
296case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
297case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
298case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
299case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
300case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
301#endif
302
303#ifndef OPENSSL_NO_SSL3
304/* SSLv3 additions */
305case SSL3_ST_SW_FLUSH:
306case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
307case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
308case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
309case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
310case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
311case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
312case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
313case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
314case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
315case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
316case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
317case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
318case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
319case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
320case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
321case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
322case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
323case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
324case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
325case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
326case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
327
328case SSL3_ST_SW_CHANGE_A:
329case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
330case SSL3_ST_SW_CHANGE_B:
331case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
332case SSL3_ST_SW_FINISHED_A:
333case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
334case SSL3_ST_SW_FINISHED_B:
335case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
336case SSL3_ST_SR_CHANGE_A:
337case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
338case SSL3_ST_SR_CHANGE_B:
339case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
340case SSL3_ST_SR_FINISHED_A:
341case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
342case SSL3_ST_SR_FINISHED_B:
343case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
344
345case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
346case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
347case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
348case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
349case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
350case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
351case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
352case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
353case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
354case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
355case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
356case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
357case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
358case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
359case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
360case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
361case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
362case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
363case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
364case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
365case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
366case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
367#endif
368
369#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
370/* SSLv2/v3 compatibility states */
371/* client */
372case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
373case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
374case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
375case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
376/* server */
377case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
378case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
379#endif
380/* DTLS */
381case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
382case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
383case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
384case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
385
386default: str="UNKWN "; break;
387 }
388 return(str);
389 }
390
391const char *SSL_alert_type_string_long(int value)
392 {
393 value>>=8;
394 if (value == SSL3_AL_WARNING)
395 return("warning");
396 else if (value == SSL3_AL_FATAL)
397 return("fatal");
398 else
399 return("unknown");
400 }
401
402const char *SSL_alert_type_string(int value)
403 {
404 value>>=8;
405 if (value == SSL3_AL_WARNING)
406 return("W");
407 else if (value == SSL3_AL_FATAL)
408 return("F");
409 else
410 return("U");
411 }
412
413const char *SSL_alert_desc_string(int value)
414 {
415 const char *str;
416
417 switch (value & 0xff)
418 {
419 case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
420 case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
421 case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
422 case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
423 case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
424 case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
425 case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
426 case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
427 case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
428 case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
429 case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
430 case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
431 case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
432 case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
433 case TLS1_AD_UNKNOWN_CA: str="CA"; break;
434 case TLS1_AD_ACCESS_DENIED: str="AD"; break;
435 case TLS1_AD_DECODE_ERROR: str="DE"; break;
436 case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
437 case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
438 case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
439 case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
440 case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
441 case TLS1_AD_USER_CANCELLED: str="US"; break;
442 case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
443 case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break;
444 case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break;
445 case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break;
446 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
447 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
448 case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break;
449 default: str="UK"; break;
450 }
451 return(str);
452 }
453
454const char *SSL_alert_desc_string_long(int value)
455 {
456 const char *str;
457
458 switch (value & 0xff)
459 {
460 case SSL3_AD_CLOSE_NOTIFY:
461 str="close notify";
462 break;
463 case SSL3_AD_UNEXPECTED_MESSAGE:
464 str="unexpected_message";
465 break;
466 case SSL3_AD_BAD_RECORD_MAC:
467 str="bad record mac";
468 break;
469 case SSL3_AD_DECOMPRESSION_FAILURE:
470 str="decompression failure";
471 break;
472 case SSL3_AD_HANDSHAKE_FAILURE:
473 str="handshake failure";
474 break;
475 case SSL3_AD_NO_CERTIFICATE:
476 str="no certificate";
477 break;
478 case SSL3_AD_BAD_CERTIFICATE:
479 str="bad certificate";
480 break;
481 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
482 str="unsupported certificate";
483 break;
484 case SSL3_AD_CERTIFICATE_REVOKED:
485 str="certificate revoked";
486 break;
487 case SSL3_AD_CERTIFICATE_EXPIRED:
488 str="certificate expired";
489 break;
490 case SSL3_AD_CERTIFICATE_UNKNOWN:
491 str="certificate unknown";
492 break;
493 case SSL3_AD_ILLEGAL_PARAMETER:
494 str="illegal parameter";
495 break;
496 case TLS1_AD_DECRYPTION_FAILED:
497 str="decryption failed";
498 break;
499 case TLS1_AD_RECORD_OVERFLOW:
500 str="record overflow";
501 break;
502 case TLS1_AD_UNKNOWN_CA:
503 str="unknown CA";
504 break;
505 case TLS1_AD_ACCESS_DENIED:
506 str="access denied";
507 break;
508 case TLS1_AD_DECODE_ERROR:
509 str="decode error";
510 break;
511 case TLS1_AD_DECRYPT_ERROR:
512 str="decrypt error";
513 break;
514 case TLS1_AD_EXPORT_RESTRICTION:
515 str="export restriction";
516 break;
517 case TLS1_AD_PROTOCOL_VERSION:
518 str="protocol version";
519 break;
520 case TLS1_AD_INSUFFICIENT_SECURITY:
521 str="insufficient security";
522 break;
523 case TLS1_AD_INTERNAL_ERROR:
524 str="internal error";
525 break;
526 case TLS1_AD_USER_CANCELLED:
527 str="user canceled";
528 break;
529 case TLS1_AD_NO_RENEGOTIATION:
530 str="no renegotiation";
531 break;
532 case TLS1_AD_UNSUPPORTED_EXTENSION:
533 str="unsupported extension";
534 break;
535 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
536 str="certificate unobtainable";
537 break;
538 case TLS1_AD_UNRECOGNIZED_NAME:
539 str="unrecognized name";
540 break;
541 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
542 str="bad certificate status response";
543 break;
544 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
545 str="bad certificate hash value";
546 break;
547 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
548 str="unknown PSK identity";
549 break;
550 default: str="unknown"; break;
551 }
552 return(str);
553 }
554
555const char *SSL_rstate_string(const SSL *s)
556 {
557 const char *str;
558
559 switch (s->rstate)
560 {
561 case SSL_ST_READ_HEADER:str="RH"; break;
562 case SSL_ST_READ_BODY: str="RB"; break;
563 case SSL_ST_READ_DONE: str="RD"; break;
564 default: str="unknown"; break;
565 }
566 return(str);
567 }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index 3122440e26..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,240 +0,0 @@
1/* ssl/ssl_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include <openssl/buffer.h>
87#include "ssl_locl.h"
88
89#ifndef OPENSSL_NO_FP_API
90int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
91 {
92 BIO *b;
93 int ret;
94
95 if ((b=BIO_new(BIO_s_file_internal())) == NULL)
96 {
97 SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
98 return(0);
99 }
100 BIO_set_fp(b,fp,BIO_NOCLOSE);
101 ret=SSL_SESSION_print(b,x);
102 BIO_free(b);
103 return(ret);
104 }
105#endif
106
107int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
108 {
109 unsigned int i;
110 const char *s;
111
112 if (x == NULL) goto err;
113 if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
114 if (x->ssl_version == SSL2_VERSION)
115 s="SSLv2";
116 else if (x->ssl_version == SSL3_VERSION)
117 s="SSLv3";
118 else if (x->ssl_version == TLS1_VERSION)
119 s="TLSv1";
120 else if (x->ssl_version == DTLS1_VERSION)
121 s="DTLSv1";
122 else if (x->ssl_version == DTLS1_BAD_VER)
123 s="DTLSv1-bad";
124 else
125 s="unknown";
126 if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
127
128 if (x->cipher == NULL)
129 {
130 if (((x->cipher_id) & 0xff000000) == 0x02000000)
131 {
132 if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
133 goto err;
134 }
135 else
136 {
137 if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
138 goto err;
139 }
140 }
141 else
142 {
143 if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
144 goto err;
145 }
146 if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
147 for (i=0; i<x->session_id_length; i++)
148 {
149 if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
150 }
151 if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
152 for (i=0; i<x->sid_ctx_length; i++)
153 {
154 if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
155 goto err;
156 }
157 if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
158 for (i=0; i<(unsigned int)x->master_key_length; i++)
159 {
160 if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
161 }
162 if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
163 if (x->key_arg_length == 0)
164 {
165 if (BIO_puts(bp,"None") <= 0) goto err;
166 }
167 else
168 for (i=0; i<x->key_arg_length; i++)
169 {
170 if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
171 }
172#ifndef OPENSSL_NO_KRB5
173 if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err;
174 if (x->krb5_client_princ_len == 0)
175 {
176 if (BIO_puts(bp,"None") <= 0) goto err;
177 }
178 else
179 for (i=0; i<x->krb5_client_princ_len; i++)
180 {
181 if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
182 }
183#endif /* OPENSSL_NO_KRB5 */
184#ifndef OPENSSL_NO_PSK
185 if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err;
186 if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
187 if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err;
188 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
189#endif
190#ifndef OPENSSL_NO_TLSEXT
191 if (x->tlsext_tick_lifetime_hint)
192 {
193 if (BIO_printf(bp,
194 "\n TLS session ticket lifetime hint: %ld (seconds)",
195 x->tlsext_tick_lifetime_hint) <=0)
196 goto err;
197 }
198 if (x->tlsext_tick)
199 {
200 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
201 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
202 goto err;
203 }
204#endif
205
206#ifndef OPENSSL_NO_COMP
207 if (x->compress_meth != 0)
208 {
209 SSL_COMP *comp = NULL;
210
211 ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp);
212 if (comp == NULL)
213 {
214 if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
215 }
216 else
217 {
218 if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
219 }
220 }
221#endif
222 if (x->time != 0L)
223 {
224 if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
225 }
226 if (x->timeout != 0L)
227 {
228 if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
229 }
230 if (BIO_puts(bp,"\n") <= 0) goto err;
231
232 if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
233 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
234 X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
235
236 return(1);
237err:
238 return(0);
239 }
240
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
deleted file mode 100644
index c87af17712..0000000000
--- a/src/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,79 +0,0 @@
1/* ssl/t1_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65
66static const SSL_METHOD *tls1_get_client_method(int ver);
67static const SSL_METHOD *tls1_get_client_method(int ver)
68 {
69 if (ver == TLS1_VERSION)
70 return(TLSv1_client_method());
71 else
72 return(NULL);
73 }
74
75IMPLEMENT_tls1_meth_func(TLSv1_client_method,
76 ssl_undefined_function,
77 ssl3_connect,
78 tls1_get_client_method)
79
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 9719541f2b..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,1051 +0,0 @@
1/* ssl/t1_enc.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139#include "ssl_locl.h"
140#ifndef OPENSSL_NO_COMP
141#include <openssl/comp.h>
142#endif
143#include <openssl/evp.h>
144#include <openssl/hmac.h>
145#include <openssl/md5.h>
146#ifdef KSSL_DEBUG
147#include <openssl/des.h>
148#endif
149
150/* seed1 through seed5 are virtually concatenated */
151static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
152 int sec_len,
153 const void *seed1, int seed1_len,
154 const void *seed2, int seed2_len,
155 const void *seed3, int seed3_len,
156 const void *seed4, int seed4_len,
157 const void *seed5, int seed5_len,
158 unsigned char *out, int olen)
159 {
160 int chunk,n;
161 unsigned int j;
162 HMAC_CTX ctx;
163 HMAC_CTX ctx_tmp;
164 unsigned char A1[EVP_MAX_MD_SIZE];
165 unsigned int A1_len;
166 int ret = 0;
167
168 chunk=EVP_MD_size(md);
169 OPENSSL_assert(chunk >= 0);
170
171 HMAC_CTX_init(&ctx);
172 HMAC_CTX_init(&ctx_tmp);
173 if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
174 goto err;
175 if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
176 goto err;
177 if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
178 goto err;
179 if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
180 goto err;
181 if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
182 goto err;
183 if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
184 goto err;
185 if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
186 goto err;
187 if (!HMAC_Final(&ctx,A1,&A1_len))
188 goto err;
189
190 n=0;
191 for (;;)
192 {
193 if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
194 goto err;
195 if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
196 goto err;
197 if (!HMAC_Update(&ctx,A1,A1_len))
198 goto err;
199 if (!HMAC_Update(&ctx_tmp,A1,A1_len))
200 goto err;
201 if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
202 goto err;
203 if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
204 goto err;
205 if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
206 goto err;
207 if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
208 goto err;
209 if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
210 goto err;
211
212 if (olen > chunk)
213 {
214 if (!HMAC_Final(&ctx,out,&j))
215 goto err;
216 out+=j;
217 olen-=j;
218 if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
219 goto err;
220 }
221 else /* last one */
222 {
223 if (!HMAC_Final(&ctx,A1,&A1_len))
224 goto err;
225 memcpy(out,A1,olen);
226 break;
227 }
228 }
229 ret = 1;
230err:
231 HMAC_CTX_cleanup(&ctx);
232 HMAC_CTX_cleanup(&ctx_tmp);
233 OPENSSL_cleanse(A1,sizeof(A1));
234 return ret;
235 }
236
237/* seed1 through seed5 are virtually concatenated */
238static int tls1_PRF(long digest_mask,
239 const void *seed1, int seed1_len,
240 const void *seed2, int seed2_len,
241 const void *seed3, int seed3_len,
242 const void *seed4, int seed4_len,
243 const void *seed5, int seed5_len,
244 const unsigned char *sec, int slen,
245 unsigned char *out1,
246 unsigned char *out2, int olen)
247 {
248 int len,i,idx,count;
249 const unsigned char *S1;
250 long m;
251 const EVP_MD *md;
252 int ret = 0;
253
254 /* Count number of digests and partition sec evenly */
255 count=0;
256 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
257 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
258 }
259 len=slen/count;
260 S1=sec;
261 memset(out1,0,olen);
262 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
263 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
264 if (!md) {
265 SSLerr(SSL_F_TLS1_PRF,
266 SSL_R_UNSUPPORTED_DIGEST_TYPE);
267 goto err;
268 }
269 if (!tls1_P_hash(md ,S1,len+(slen&1),
270 seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
271 out2,olen))
272 goto err;
273 S1+=len;
274 for (i=0; i<olen; i++)
275 {
276 out1[i]^=out2[i];
277 }
278 }
279 }
280 ret = 1;
281err:
282 return ret;
283}
284static int tls1_generate_key_block(SSL *s, unsigned char *km,
285 unsigned char *tmp, int num)
286 {
287 int ret;
288 ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
289 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
290 s->s3->server_random,SSL3_RANDOM_SIZE,
291 s->s3->client_random,SSL3_RANDOM_SIZE,
292 NULL,0,NULL,0,
293 s->session->master_key,s->session->master_key_length,
294 km,tmp,num);
295#ifdef KSSL_DEBUG
296 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
297 s->session->master_key_length);
298 {
299 int i;
300 for (i=0; i < s->session->master_key_length; i++)
301 {
302 printf("%02X", s->session->master_key[i]);
303 }
304 printf("\n"); }
305#endif /* KSSL_DEBUG */
306 return ret;
307 }
308
309int tls1_change_cipher_state(SSL *s, int which)
310 {
311 static const unsigned char empty[]="";
312 unsigned char *p,*key_block,*mac_secret;
313 unsigned char *exp_label;
314 unsigned char tmp1[EVP_MAX_KEY_LENGTH];
315 unsigned char tmp2[EVP_MAX_KEY_LENGTH];
316 unsigned char iv1[EVP_MAX_IV_LENGTH*2];
317 unsigned char iv2[EVP_MAX_IV_LENGTH*2];
318 unsigned char *ms,*key,*iv,*er1,*er2;
319 int client_write;
320 EVP_CIPHER_CTX *dd;
321 const EVP_CIPHER *c;
322#ifndef OPENSSL_NO_COMP
323 const SSL_COMP *comp;
324#endif
325 const EVP_MD *m;
326 int mac_type;
327 int *mac_secret_size;
328 EVP_MD_CTX *mac_ctx;
329 EVP_PKEY *mac_key;
330 int is_export,n,i,j,k,exp_label_len,cl;
331 int reuse_dd = 0;
332
333 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
334 c=s->s3->tmp.new_sym_enc;
335 m=s->s3->tmp.new_hash;
336 mac_type = s->s3->tmp.new_mac_pkey_type;
337#ifndef OPENSSL_NO_COMP
338 comp=s->s3->tmp.new_compression;
339#endif
340 key_block=s->s3->tmp.key_block;
341
342#ifdef KSSL_DEBUG
343 printf("tls1_change_cipher_state(which= %d) w/\n", which);
344 printf("\talg= %ld/%ld, comp= %p\n",
345 s->s3->tmp.new_cipher->algorithm_mkey,
346 s->s3->tmp.new_cipher->algorithm_auth,
347 comp);
348 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
349 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
350 c->nid,c->block_size,c->key_len,c->iv_len);
351 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
352 {
353 int i;
354 for (i=0; i<s->s3->tmp.key_block_length; i++)
355 printf("%02x", key_block[i]); printf("\n");
356 }
357#endif /* KSSL_DEBUG */
358
359 if (which & SSL3_CC_READ)
360 {
361 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
362 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
363 else
364 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
365
366 if (s->enc_read_ctx != NULL)
367 reuse_dd = 1;
368 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
369 goto err;
370 else
371 /* make sure it's intialized in case we exit later with an error */
372 EVP_CIPHER_CTX_init(s->enc_read_ctx);
373 dd= s->enc_read_ctx;
374 mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
375#ifndef OPENSSL_NO_COMP
376 if (s->expand != NULL)
377 {
378 COMP_CTX_free(s->expand);
379 s->expand=NULL;
380 }
381 if (comp != NULL)
382 {
383 s->expand=COMP_CTX_new(comp->method);
384 if (s->expand == NULL)
385 {
386 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
387 goto err2;
388 }
389 if (s->s3->rrec.comp == NULL)
390 s->s3->rrec.comp=(unsigned char *)
391 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
392 if (s->s3->rrec.comp == NULL)
393 goto err;
394 }
395#endif
396 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
397 if (s->version != DTLS1_VERSION)
398 memset(&(s->s3->read_sequence[0]),0,8);
399 mac_secret= &(s->s3->read_mac_secret[0]);
400 mac_secret_size=&(s->s3->read_mac_secret_size);
401 }
402 else
403 {
404 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
405 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
406 else
407 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
408 if (s->enc_write_ctx != NULL)
409 reuse_dd = 1;
410 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
411 goto err;
412 else
413 /* make sure it's intialized in case we exit later with an error */
414 EVP_CIPHER_CTX_init(s->enc_write_ctx);
415 dd= s->enc_write_ctx;
416 mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
417#ifndef OPENSSL_NO_COMP
418 if (s->compress != NULL)
419 {
420 COMP_CTX_free(s->compress);
421 s->compress=NULL;
422 }
423 if (comp != NULL)
424 {
425 s->compress=COMP_CTX_new(comp->method);
426 if (s->compress == NULL)
427 {
428 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
429 goto err2;
430 }
431 }
432#endif
433 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
434 if (s->version != DTLS1_VERSION)
435 memset(&(s->s3->write_sequence[0]),0,8);
436 mac_secret= &(s->s3->write_mac_secret[0]);
437 mac_secret_size = &(s->s3->write_mac_secret_size);
438 }
439
440 if (reuse_dd)
441 EVP_CIPHER_CTX_cleanup(dd);
442
443 p=s->s3->tmp.key_block;
444 i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
445
446 cl=EVP_CIPHER_key_length(c);
447 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
448 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
449 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
450 k=EVP_CIPHER_iv_length(c);
451 er1= &(s->s3->client_random[0]);
452 er2= &(s->s3->server_random[0]);
453 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
454 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
455 {
456 ms= &(p[ 0]); n=i+i;
457 key= &(p[ n]); n+=j+j;
458 iv= &(p[ n]); n+=k+k;
459 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
460 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
461 client_write=1;
462 }
463 else
464 {
465 n=i;
466 ms= &(p[ n]); n+=i+j;
467 key= &(p[ n]); n+=j+k;
468 iv= &(p[ n]); n+=k;
469 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
470 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
471 client_write=0;
472 }
473
474 if (n > s->s3->tmp.key_block_length)
475 {
476 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
477 goto err2;
478 }
479
480 memcpy(mac_secret,ms,i);
481 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
482 mac_secret,*mac_secret_size);
483 EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
484 EVP_PKEY_free(mac_key);
485#ifdef TLS_DEBUG
486printf("which = %04X\nmac key=",which);
487{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
488#endif
489 if (is_export)
490 {
491 /* In here I set both the read and write key/iv to the
492 * same value since only the correct one will be used :-).
493 */
494 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
495 exp_label,exp_label_len,
496 s->s3->client_random,SSL3_RANDOM_SIZE,
497 s->s3->server_random,SSL3_RANDOM_SIZE,
498 NULL,0,NULL,0,
499 key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
500 goto err2;
501 key=tmp1;
502
503 if (k > 0)
504 {
505 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
506 TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
507 s->s3->client_random,SSL3_RANDOM_SIZE,
508 s->s3->server_random,SSL3_RANDOM_SIZE,
509 NULL,0,NULL,0,
510 empty,0,iv1,iv2,k*2))
511 goto err2;
512 if (client_write)
513 iv=iv1;
514 else
515 iv= &(iv1[k]);
516 }
517 }
518
519 s->session->key_arg_length=0;
520#ifdef KSSL_DEBUG
521 {
522 int i;
523 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
524 printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
525 printf("\n");
526 printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
527 printf("\n");
528 }
529#endif /* KSSL_DEBUG */
530
531 EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
532#ifdef TLS_DEBUG
533printf("which = %04X\nkey=",which);
534{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
535printf("\niv=");
536{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
537printf("\n");
538#endif
539
540 OPENSSL_cleanse(tmp1,sizeof(tmp1));
541 OPENSSL_cleanse(tmp2,sizeof(tmp1));
542 OPENSSL_cleanse(iv1,sizeof(iv1));
543 OPENSSL_cleanse(iv2,sizeof(iv2));
544 return(1);
545err:
546 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
547err2:
548 return(0);
549 }
550
551int tls1_setup_key_block(SSL *s)
552 {
553 unsigned char *p1,*p2=NULL;
554 const EVP_CIPHER *c;
555 const EVP_MD *hash;
556 int num;
557 SSL_COMP *comp;
558 int mac_type= NID_undef,mac_secret_size=0;
559 int ret=0;
560
561#ifdef KSSL_DEBUG
562 printf ("tls1_setup_key_block()\n");
563#endif /* KSSL_DEBUG */
564
565 if (s->s3->tmp.key_block_length != 0)
566 return(1);
567
568 if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp))
569 {
570 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
571 return(0);
572 }
573
574 s->s3->tmp.new_sym_enc=c;
575 s->s3->tmp.new_hash=hash;
576 s->s3->tmp.new_mac_pkey_type = mac_type;
577 s->s3->tmp.new_mac_secret_size = mac_secret_size;
578 num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
579 num*=2;
580
581 ssl3_cleanup_key_block(s);
582
583 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
584 {
585 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
586 goto err;
587 }
588
589 s->s3->tmp.key_block_length=num;
590 s->s3->tmp.key_block=p1;
591
592 if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
593 {
594 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
595 goto err;
596 }
597
598#ifdef TLS_DEBUG
599printf("client random\n");
600{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
601printf("server random\n");
602{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
603printf("pre-master\n");
604{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
605#endif
606 if (!tls1_generate_key_block(s,p1,p2,num))
607 goto err;
608#ifdef TLS_DEBUG
609printf("\nkey block\n");
610{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
611#endif
612
613 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
614 {
615 /* enable vulnerability countermeasure for CBC ciphers with
616 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
617 */
618 s->s3->need_empty_fragments = 1;
619
620 if (s->session->cipher != NULL)
621 {
622 if (s->session->cipher->algorithm_enc == SSL_eNULL)
623 s->s3->need_empty_fragments = 0;
624
625#ifndef OPENSSL_NO_RC4
626 if (s->session->cipher->algorithm_enc == SSL_RC4)
627 s->s3->need_empty_fragments = 0;
628#endif
629 }
630 }
631
632 ret = 1;
633err:
634 if (p2)
635 {
636 OPENSSL_cleanse(p2,num);
637 OPENSSL_free(p2);
638 }
639 return(ret);
640 }
641
642int tls1_enc(SSL *s, int send)
643 {
644 SSL3_RECORD *rec;
645 EVP_CIPHER_CTX *ds;
646 unsigned long l;
647 int bs,i,ii,j,k,n=0;
648 const EVP_CIPHER *enc;
649
650 if (send)
651 {
652 if (EVP_MD_CTX_md(s->write_hash))
653 {
654 n=EVP_MD_CTX_size(s->write_hash);
655 OPENSSL_assert(n >= 0);
656 }
657 ds=s->enc_write_ctx;
658 rec= &(s->s3->wrec);
659 if (s->enc_write_ctx == NULL)
660 enc=NULL;
661 else
662 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
663 }
664 else
665 {
666 if (EVP_MD_CTX_md(s->read_hash))
667 {
668 n=EVP_MD_CTX_size(s->read_hash);
669 OPENSSL_assert(n >= 0);
670 }
671 ds=s->enc_read_ctx;
672 rec= &(s->s3->rrec);
673 if (s->enc_read_ctx == NULL)
674 enc=NULL;
675 else
676 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
677 }
678
679#ifdef KSSL_DEBUG
680 printf("tls1_enc(%d)\n", send);
681#endif /* KSSL_DEBUG */
682
683 if ((s->session == NULL) || (ds == NULL) ||
684 (enc == NULL))
685 {
686 memmove(rec->data,rec->input,rec->length);
687 rec->input=rec->data;
688 }
689 else
690 {
691 l=rec->length;
692 bs=EVP_CIPHER_block_size(ds->cipher);
693
694 if ((bs != 1) && send)
695 {
696 i=bs-((int)l%bs);
697
698 /* Add weird padding of upto 256 bytes */
699
700 /* we need to add 'i' padding bytes of value j */
701 j=i-1;
702 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
703 {
704 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
705 j++;
706 }
707 for (k=(int)l; k<(int)(l+i); k++)
708 rec->input[k]=j;
709 l+=i;
710 rec->length+=i;
711 }
712
713#ifdef KSSL_DEBUG
714 {
715 unsigned long ui;
716 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
717 ds,rec->data,rec->input,l);
718 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
719 ds->buf_len, ds->cipher->key_len,
720 DES_KEY_SZ, DES_SCHEDULE_SZ,
721 ds->cipher->iv_len);
722 printf("\t\tIV: ");
723 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
724 printf("\n");
725 printf("\trec->input=");
726 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
727 printf("\n");
728 }
729#endif /* KSSL_DEBUG */
730
731 if (!send)
732 {
733 if (l == 0 || l%bs != 0)
734 {
735 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
736 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
737 return 0;
738 }
739 }
740
741 EVP_Cipher(ds,rec->data,rec->input,l);
742
743#ifdef KSSL_DEBUG
744 {
745 unsigned long i;
746 printf("\trec->data=");
747 for (i=0; i<l; i++)
748 printf(" %02x", rec->data[i]); printf("\n");
749 }
750#endif /* KSSL_DEBUG */
751
752 if ((bs != 1) && !send)
753 {
754 ii=i=rec->data[l-1]; /* padding_length */
755 i++;
756 /* NB: if compression is in operation the first packet
757 * may not be of even length so the padding bug check
758 * cannot be performed. This bug workaround has been
759 * around since SSLeay so hopefully it is either fixed
760 * now or no buggy implementation supports compression
761 * [steve]
762 */
763 if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
764 && !s->expand)
765 {
766 /* First packet is even in size, so check */
767 if ((memcmp(s->s3->read_sequence,
768 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
769 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
770 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
771 i--;
772 }
773 /* TLS 1.0 does not bound the number of padding bytes by the block size.
774 * All of them must have value 'padding_length'. */
775 if (i > (int)rec->length)
776 {
777 /* Incorrect padding. SSLerr() and ssl3_alert are done
778 * by caller: we don't want to reveal whether this is
779 * a decryption error or a MAC verification failure
780 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
781 return -1;
782 }
783 for (j=(int)(l-i); j<(int)l; j++)
784 {
785 if (rec->data[j] != ii)
786 {
787 /* Incorrect padding */
788 return -1;
789 }
790 }
791 rec->length-=i;
792 }
793 }
794 return(1);
795 }
796int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
797 {
798 unsigned int ret;
799 EVP_MD_CTX ctx, *d=NULL;
800 int i;
801
802 if (s->s3->handshake_buffer)
803 if (!ssl3_digest_cached_records(s))
804 return 0;
805
806 for (i=0;i<SSL_MAX_DIGEST;i++)
807 {
808 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
809 {
810 d=s->s3->handshake_dgst[i];
811 break;
812 }
813 }
814 if (!d) {
815 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
816 return 0;
817 }
818
819 EVP_MD_CTX_init(&ctx);
820 EVP_MD_CTX_copy_ex(&ctx,d);
821 EVP_DigestFinal_ex(&ctx,out,&ret);
822 EVP_MD_CTX_cleanup(&ctx);
823 return((int)ret);
824 }
825
826int tls1_final_finish_mac(SSL *s,
827 const char *str, int slen, unsigned char *out)
828 {
829 unsigned int i;
830 EVP_MD_CTX ctx;
831 unsigned char buf[2*EVP_MAX_MD_SIZE];
832 unsigned char *q,buf2[12];
833 int idx;
834 long mask;
835 int err=0;
836 const EVP_MD *md;
837
838 q=buf;
839
840 if (s->s3->handshake_buffer)
841 if (!ssl3_digest_cached_records(s))
842 return 0;
843
844 EVP_MD_CTX_init(&ctx);
845
846 for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
847 {
848 if (mask & s->s3->tmp.new_cipher->algorithm2)
849 {
850 int hashsize = EVP_MD_size(md);
851 if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
852 {
853 /* internal error: 'buf' is too small for this cipersuite! */
854 err = 1;
855 }
856 else
857 {
858 EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
859 EVP_DigestFinal_ex(&ctx,q,&i);
860 if (i != (unsigned int)hashsize) /* can't really happen */
861 err = 1;
862 q+=i;
863 }
864 }
865 }
866
867 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
868 str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
869 s->session->master_key,s->session->master_key_length,
870 out,buf2,sizeof buf2))
871 err = 1;
872 EVP_MD_CTX_cleanup(&ctx);
873
874 if (err)
875 return 0;
876 else
877 return sizeof buf2;
878 }
879
880int tls1_mac(SSL *ssl, unsigned char *md, int send)
881 {
882 SSL3_RECORD *rec;
883 unsigned char *mac_sec,*seq;
884 EVP_MD_CTX *hash;
885 size_t md_size;
886 int i;
887 EVP_MD_CTX hmac, *mac_ctx;
888 unsigned char buf[5];
889 int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
890 int t;
891
892 if (send)
893 {
894 rec= &(ssl->s3->wrec);
895 mac_sec= &(ssl->s3->write_mac_secret[0]);
896 seq= &(ssl->s3->write_sequence[0]);
897 hash=ssl->write_hash;
898 }
899 else
900 {
901 rec= &(ssl->s3->rrec);
902 mac_sec= &(ssl->s3->read_mac_secret[0]);
903 seq= &(ssl->s3->read_sequence[0]);
904 hash=ssl->read_hash;
905 }
906
907 t=EVP_MD_CTX_size(hash);
908 OPENSSL_assert(t >= 0);
909 md_size=t;
910
911 buf[0]=rec->type;
912 buf[1]=(unsigned char)(ssl->version>>8);
913 buf[2]=(unsigned char)(ssl->version);
914 buf[3]=rec->length>>8;
915 buf[4]=rec->length&0xff;
916
917 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
918 if (stream_mac)
919 {
920 mac_ctx = hash;
921 }
922 else
923 {
924 EVP_MD_CTX_copy(&hmac,hash);
925 mac_ctx = &hmac;
926 }
927
928 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
929 {
930 unsigned char dtlsseq[8],*p=dtlsseq;
931
932 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
933 memcpy (p,&seq[2],6);
934
935 EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
936 }
937 else
938 EVP_DigestSignUpdate(mac_ctx,seq,8);
939
940 EVP_DigestSignUpdate(mac_ctx,buf,5);
941 EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
942 t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
943 OPENSSL_assert(t > 0);
944
945 if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
946#ifdef TLS_DEBUG
947printf("sec=");
948{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
949printf("seq=");
950{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
951printf("buf=");
952{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
953printf("rec=");
954{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
955#endif
956
957 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
958 {
959 for (i=7; i>=0; i--)
960 {
961 ++seq[i];
962 if (seq[i] != 0) break;
963 }
964 }
965
966#ifdef TLS_DEBUG
967{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
968#endif
969 return(md_size);
970 }
971
972int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
973 int len)
974 {
975 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
976 const void *co = NULL, *so = NULL;
977 int col = 0, sol = 0;
978
979#ifdef KSSL_DEBUG
980 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
981#endif /* KSSL_DEBUG */
982
983#ifdef TLSEXT_TYPE_opaque_prf_input
984 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
985 s->s3->client_opaque_prf_input_len > 0 &&
986 s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
987 {
988 co = s->s3->client_opaque_prf_input;
989 col = s->s3->server_opaque_prf_input_len;
990 so = s->s3->server_opaque_prf_input;
991 sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
992 }
993#endif
994
995 tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
996 TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
997 s->s3->client_random,SSL3_RANDOM_SIZE,
998 co, col,
999 s->s3->server_random,SSL3_RANDOM_SIZE,
1000 so, sol,
1001 p,len,
1002 s->session->master_key,buff,sizeof buff);
1003
1004#ifdef KSSL_DEBUG
1005 printf ("tls1_generate_master_secret() complete\n");
1006#endif /* KSSL_DEBUG */
1007 return(SSL3_MASTER_SECRET_SIZE);
1008 }
1009
1010int tls1_alert_code(int code)
1011 {
1012 switch (code)
1013 {
1014 case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
1015 case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
1016 case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
1017 case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
1018 case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
1019 case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
1020 case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
1021 case SSL_AD_NO_CERTIFICATE: return(-1);
1022 case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
1023 case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
1024 case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
1025 case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
1026 case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
1027 case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
1028 case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
1029 case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
1030 case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
1031 case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
1032 case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
1033 case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
1034 case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
1035 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
1036 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
1037 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
1038 case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
1039 case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
1040 case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
1041 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
1042 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
1043 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
1044#if 0 /* not appropriate for TLS, not used for DTLS */
1045 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
1046 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1047#endif
1048 default: return(-1);
1049 }
1050 }
1051
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index 0baa70663a..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,1745 +0,0 @@
1/* ssl/t1_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <openssl/objects.h>
114#include <openssl/evp.h>
115#include <openssl/hmac.h>
116#include <openssl/ocsp.h>
117#include "ssl_locl.h"
118
119const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
120
121#ifndef OPENSSL_NO_TLSEXT
122static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
123 const unsigned char *sess_id, int sesslen,
124 SSL_SESSION **psess);
125#endif
126
127SSL3_ENC_METHOD TLSv1_enc_data={
128 tls1_enc,
129 tls1_mac,
130 tls1_setup_key_block,
131 tls1_generate_master_secret,
132 tls1_change_cipher_state,
133 tls1_final_finish_mac,
134 TLS1_FINISH_MAC_LENGTH,
135 tls1_cert_verify_mac,
136 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
137 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
138 tls1_alert_code,
139 };
140
141long tls1_default_timeout(void)
142 {
143 /* 2 hours, the 24 hours mentioned in the TLSv1 spec
144 * is way too long for http, the cache would over fill */
145 return(60*60*2);
146 }
147
148int tls1_new(SSL *s)
149 {
150 if (!ssl3_new(s)) return(0);
151 s->method->ssl_clear(s);
152 return(1);
153 }
154
155void tls1_free(SSL *s)
156 {
157#ifndef OPENSSL_NO_TLSEXT
158 if (s->tlsext_session_ticket)
159 {
160 OPENSSL_free(s->tlsext_session_ticket);
161 }
162#endif /* OPENSSL_NO_TLSEXT */
163 ssl3_free(s);
164 }
165
166void tls1_clear(SSL *s)
167 {
168 ssl3_clear(s);
169 s->version=TLS1_VERSION;
170 }
171
172#ifndef OPENSSL_NO_EC
173static int nid_list[] =
174 {
175 NID_sect163k1, /* sect163k1 (1) */
176 NID_sect163r1, /* sect163r1 (2) */
177 NID_sect163r2, /* sect163r2 (3) */
178 NID_sect193r1, /* sect193r1 (4) */
179 NID_sect193r2, /* sect193r2 (5) */
180 NID_sect233k1, /* sect233k1 (6) */
181 NID_sect233r1, /* sect233r1 (7) */
182 NID_sect239k1, /* sect239k1 (8) */
183 NID_sect283k1, /* sect283k1 (9) */
184 NID_sect283r1, /* sect283r1 (10) */
185 NID_sect409k1, /* sect409k1 (11) */
186 NID_sect409r1, /* sect409r1 (12) */
187 NID_sect571k1, /* sect571k1 (13) */
188 NID_sect571r1, /* sect571r1 (14) */
189 NID_secp160k1, /* secp160k1 (15) */
190 NID_secp160r1, /* secp160r1 (16) */
191 NID_secp160r2, /* secp160r2 (17) */
192 NID_secp192k1, /* secp192k1 (18) */
193 NID_X9_62_prime192v1, /* secp192r1 (19) */
194 NID_secp224k1, /* secp224k1 (20) */
195 NID_secp224r1, /* secp224r1 (21) */
196 NID_secp256k1, /* secp256k1 (22) */
197 NID_X9_62_prime256v1, /* secp256r1 (23) */
198 NID_secp384r1, /* secp384r1 (24) */
199 NID_secp521r1 /* secp521r1 (25) */
200 };
201
202int tls1_ec_curve_id2nid(int curve_id)
203 {
204 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
205 if ((curve_id < 1) || ((unsigned int)curve_id >
206 sizeof(nid_list)/sizeof(nid_list[0])))
207 return 0;
208 return nid_list[curve_id-1];
209 }
210
211int tls1_ec_nid2curve_id(int nid)
212 {
213 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
214 switch (nid)
215 {
216 case NID_sect163k1: /* sect163k1 (1) */
217 return 1;
218 case NID_sect163r1: /* sect163r1 (2) */
219 return 2;
220 case NID_sect163r2: /* sect163r2 (3) */
221 return 3;
222 case NID_sect193r1: /* sect193r1 (4) */
223 return 4;
224 case NID_sect193r2: /* sect193r2 (5) */
225 return 5;
226 case NID_sect233k1: /* sect233k1 (6) */
227 return 6;
228 case NID_sect233r1: /* sect233r1 (7) */
229 return 7;
230 case NID_sect239k1: /* sect239k1 (8) */
231 return 8;
232 case NID_sect283k1: /* sect283k1 (9) */
233 return 9;
234 case NID_sect283r1: /* sect283r1 (10) */
235 return 10;
236 case NID_sect409k1: /* sect409k1 (11) */
237 return 11;
238 case NID_sect409r1: /* sect409r1 (12) */
239 return 12;
240 case NID_sect571k1: /* sect571k1 (13) */
241 return 13;
242 case NID_sect571r1: /* sect571r1 (14) */
243 return 14;
244 case NID_secp160k1: /* secp160k1 (15) */
245 return 15;
246 case NID_secp160r1: /* secp160r1 (16) */
247 return 16;
248 case NID_secp160r2: /* secp160r2 (17) */
249 return 17;
250 case NID_secp192k1: /* secp192k1 (18) */
251 return 18;
252 case NID_X9_62_prime192v1: /* secp192r1 (19) */
253 return 19;
254 case NID_secp224k1: /* secp224k1 (20) */
255 return 20;
256 case NID_secp224r1: /* secp224r1 (21) */
257 return 21;
258 case NID_secp256k1: /* secp256k1 (22) */
259 return 22;
260 case NID_X9_62_prime256v1: /* secp256r1 (23) */
261 return 23;
262 case NID_secp384r1: /* secp384r1 (24) */
263 return 24;
264 case NID_secp521r1: /* secp521r1 (25) */
265 return 25;
266 default:
267 return 0;
268 }
269 }
270#endif /* OPENSSL_NO_EC */
271
272#ifndef OPENSSL_NO_TLSEXT
273unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
274 {
275 int extdatalen=0;
276 unsigned char *ret = p;
277
278 /* don't add extensions for SSLv3 unless doing secure renegotiation */
279 if (s->client_version == SSL3_VERSION
280 && !s->s3->send_connection_binding)
281 return p;
282
283 ret+=2;
284
285 if (ret>=limit) return NULL; /* this really never occurs, but ... */
286
287 if (s->tlsext_hostname != NULL)
288 {
289 /* Add TLS extension servername to the Client Hello message */
290 unsigned long size_str;
291 long lenmax;
292
293 /* check for enough space.
294 4 for the servername type and entension length
295 2 for servernamelist length
296 1 for the hostname type
297 2 for hostname length
298 + hostname length
299 */
300
301 if ((lenmax = limit - ret - 9) < 0
302 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
303 return NULL;
304
305 /* extension type and length */
306 s2n(TLSEXT_TYPE_server_name,ret);
307 s2n(size_str+5,ret);
308
309 /* length of servername list */
310 s2n(size_str+3,ret);
311
312 /* hostname type, length and hostname */
313 *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
314 s2n(size_str,ret);
315 memcpy(ret, s->tlsext_hostname, size_str);
316 ret+=size_str;
317 }
318
319 /* Add RI if renegotiating */
320 if (s->new_session)
321 {
322 int el;
323
324 if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
325 {
326 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
327 return NULL;
328 }
329
330 if((limit - p - 4 - el) < 0) return NULL;
331
332 s2n(TLSEXT_TYPE_renegotiate,ret);
333 s2n(el,ret);
334
335 if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
336 {
337 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
338 return NULL;
339 }
340
341 ret += el;
342 }
343
344#ifndef OPENSSL_NO_EC
345 if (s->tlsext_ecpointformatlist != NULL &&
346 s->version != DTLS1_VERSION)
347 {
348 /* Add TLS extension ECPointFormats to the ClientHello message */
349 long lenmax;
350
351 if ((lenmax = limit - ret - 5) < 0) return NULL;
352 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
353 if (s->tlsext_ecpointformatlist_length > 255)
354 {
355 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
356 return NULL;
357 }
358
359 s2n(TLSEXT_TYPE_ec_point_formats,ret);
360 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
361 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
362 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
363 ret+=s->tlsext_ecpointformatlist_length;
364 }
365 if (s->tlsext_ellipticcurvelist != NULL &&
366 s->version != DTLS1_VERSION)
367 {
368 /* Add TLS extension EllipticCurves to the ClientHello message */
369 long lenmax;
370
371 if ((lenmax = limit - ret - 6) < 0) return NULL;
372 if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
373 if (s->tlsext_ellipticcurvelist_length > 65532)
374 {
375 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
376 return NULL;
377 }
378
379 s2n(TLSEXT_TYPE_elliptic_curves,ret);
380 s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
381
382 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
383 * elliptic_curve_list, but the examples use two bytes.
384 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
385 * resolves this to two bytes.
386 */
387 s2n(s->tlsext_ellipticcurvelist_length, ret);
388 memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
389 ret+=s->tlsext_ellipticcurvelist_length;
390 }
391#endif /* OPENSSL_NO_EC */
392
393 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
394 {
395 int ticklen;
396 if (!s->new_session && s->session && s->session->tlsext_tick)
397 ticklen = s->session->tlsext_ticklen;
398 else if (s->session && s->tlsext_session_ticket &&
399 s->tlsext_session_ticket->data)
400 {
401 ticklen = s->tlsext_session_ticket->length;
402 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
403 if (!s->session->tlsext_tick)
404 return NULL;
405 memcpy(s->session->tlsext_tick,
406 s->tlsext_session_ticket->data,
407 ticklen);
408 s->session->tlsext_ticklen = ticklen;
409 }
410 else
411 ticklen = 0;
412 if (ticklen == 0 && s->tlsext_session_ticket &&
413 s->tlsext_session_ticket->data == NULL)
414 goto skip_ext;
415 /* Check for enough room 2 for extension type, 2 for len
416 * rest for ticket
417 */
418 if ((long)(limit - ret - 4 - ticklen) < 0) return NULL;
419 s2n(TLSEXT_TYPE_session_ticket,ret);
420 s2n(ticklen,ret);
421 if (ticklen)
422 {
423 memcpy(ret, s->session->tlsext_tick, ticklen);
424 ret += ticklen;
425 }
426 }
427 skip_ext:
428
429#ifdef TLSEXT_TYPE_opaque_prf_input
430 if (s->s3->client_opaque_prf_input != NULL &&
431 s->version != DTLS1_VERSION)
432 {
433 size_t col = s->s3->client_opaque_prf_input_len;
434
435 if ((long)(limit - ret - 6 - col < 0))
436 return NULL;
437 if (col > 0xFFFD) /* can't happen */
438 return NULL;
439
440 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
441 s2n(col + 2, ret);
442 s2n(col, ret);
443 memcpy(ret, s->s3->client_opaque_prf_input, col);
444 ret += col;
445 }
446#endif
447
448 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
449 s->version != DTLS1_VERSION)
450 {
451 int i;
452 long extlen, idlen, itmp;
453 OCSP_RESPID *id;
454
455 idlen = 0;
456 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
457 {
458 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
459 itmp = i2d_OCSP_RESPID(id, NULL);
460 if (itmp <= 0)
461 return NULL;
462 idlen += itmp + 2;
463 }
464
465 if (s->tlsext_ocsp_exts)
466 {
467 extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
468 if (extlen < 0)
469 return NULL;
470 }
471 else
472 extlen = 0;
473
474 if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
475 s2n(TLSEXT_TYPE_status_request, ret);
476 if (extlen + idlen > 0xFFF0)
477 return NULL;
478 s2n(extlen + idlen + 5, ret);
479 *(ret++) = TLSEXT_STATUSTYPE_ocsp;
480 s2n(idlen, ret);
481 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
482 {
483 /* save position of id len */
484 unsigned char *q = ret;
485 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
486 /* skip over id len */
487 ret += 2;
488 itmp = i2d_OCSP_RESPID(id, &ret);
489 /* write id len */
490 s2n(itmp, q);
491 }
492 s2n(extlen, ret);
493 if (extlen > 0)
494 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
495 }
496
497 if ((extdatalen = ret-p-2)== 0)
498 return p;
499
500 s2n(extdatalen,p);
501 return ret;
502 }
503
504unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
505 {
506 int extdatalen=0;
507 unsigned char *ret = p;
508
509 /* don't add extensions for SSLv3, unless doing secure renegotiation */
510 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
511 return p;
512
513 ret+=2;
514 if (ret>=limit) return NULL; /* this really never occurs, but ... */
515
516 if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
517 {
518 if ((long)(limit - ret - 4) < 0) return NULL;
519
520 s2n(TLSEXT_TYPE_server_name,ret);
521 s2n(0,ret);
522 }
523
524 if(s->s3->send_connection_binding)
525 {
526 int el;
527
528 if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
529 {
530 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
531 return NULL;
532 }
533
534 if((limit - p - 4 - el) < 0) return NULL;
535
536 s2n(TLSEXT_TYPE_renegotiate,ret);
537 s2n(el,ret);
538
539 if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
540 {
541 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
542 return NULL;
543 }
544
545 ret += el;
546 }
547
548#ifndef OPENSSL_NO_EC
549 if (s->tlsext_ecpointformatlist != NULL &&
550 s->version != DTLS1_VERSION)
551 {
552 /* Add TLS extension ECPointFormats to the ServerHello message */
553 long lenmax;
554
555 if ((lenmax = limit - ret - 5) < 0) return NULL;
556 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
557 if (s->tlsext_ecpointformatlist_length > 255)
558 {
559 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
560 return NULL;
561 }
562
563 s2n(TLSEXT_TYPE_ec_point_formats,ret);
564 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
565 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
566 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
567 ret+=s->tlsext_ecpointformatlist_length;
568
569 }
570 /* Currently the server should not respond with a SupportedCurves extension */
571#endif /* OPENSSL_NO_EC */
572
573 if (s->tlsext_ticket_expected
574 && !(SSL_get_options(s) & SSL_OP_NO_TICKET))
575 {
576 if ((long)(limit - ret - 4) < 0) return NULL;
577 s2n(TLSEXT_TYPE_session_ticket,ret);
578 s2n(0,ret);
579 }
580
581 if (s->tlsext_status_expected)
582 {
583 if ((long)(limit - ret - 4) < 0) return NULL;
584 s2n(TLSEXT_TYPE_status_request,ret);
585 s2n(0,ret);
586 }
587
588#ifdef TLSEXT_TYPE_opaque_prf_input
589 if (s->s3->server_opaque_prf_input != NULL &&
590 s->version != DTLS1_VERSION)
591 {
592 size_t sol = s->s3->server_opaque_prf_input_len;
593
594 if ((long)(limit - ret - 6 - sol) < 0)
595 return NULL;
596 if (sol > 0xFFFD) /* can't happen */
597 return NULL;
598
599 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
600 s2n(sol + 2, ret);
601 s2n(sol, ret);
602 memcpy(ret, s->s3->server_opaque_prf_input, sol);
603 ret += sol;
604 }
605#endif
606 if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
607 && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
608 { const unsigned char cryptopro_ext[36] = {
609 0xfd, 0xe8, /*65000*/
610 0x00, 0x20, /*32 bytes length*/
611 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
612 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
613 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
614 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17};
615 if (limit-ret<36) return NULL;
616 memcpy(ret,cryptopro_ext,36);
617 ret+=36;
618
619 }
620
621 if ((extdatalen = ret-p-2)== 0)
622 return p;
623
624 s2n(extdatalen,p);
625 return ret;
626 }
627
628int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
629 {
630 unsigned short type;
631 unsigned short size;
632 unsigned short len;
633 unsigned char *data = *p;
634 int renegotiate_seen = 0;
635
636 s->servername_done = 0;
637 s->tlsext_status_type = -1;
638
639 if (data >= (d+n-2))
640 goto ri_check;
641 n2s(data,len);
642
643 if (data > (d+n-len))
644 goto ri_check;
645
646 while (data <= (d+n-4))
647 {
648 n2s(data,type);
649 n2s(data,size);
650
651 if (data+size > (d+n))
652 goto ri_check;
653#if 0
654 fprintf(stderr,"Received extension type %d size %d\n",type,size);
655#endif
656 if (s->tlsext_debug_cb)
657 s->tlsext_debug_cb(s, 0, type, data, size,
658 s->tlsext_debug_arg);
659/* The servername extension is treated as follows:
660
661 - Only the hostname type is supported with a maximum length of 255.
662 - The servername is rejected if too long or if it contains zeros,
663 in which case an fatal alert is generated.
664 - The servername field is maintained together with the session cache.
665 - When a session is resumed, the servername call back invoked in order
666 to allow the application to position itself to the right context.
667 - The servername is acknowledged if it is new for a session or when
668 it is identical to a previously used for the same session.
669 Applications can control the behaviour. They can at any time
670 set a 'desirable' servername for a new SSL object. This can be the
671 case for example with HTTPS when a Host: header field is received and
672 a renegotiation is requested. In this case, a possible servername
673 presented in the new client hello is only acknowledged if it matches
674 the value of the Host: field.
675 - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
676 if they provide for changing an explicit servername context for the session,
677 i.e. when the session has been established with a servername extension.
678 - On session reconnect, the servername extension may be absent.
679
680*/
681
682 if (type == TLSEXT_TYPE_server_name)
683 {
684 unsigned char *sdata;
685 int servname_type;
686 int dsize;
687
688 if (size < 2)
689 {
690 *al = SSL_AD_DECODE_ERROR;
691 return 0;
692 }
693 n2s(data,dsize);
694 size -= 2;
695 if (dsize > size )
696 {
697 *al = SSL_AD_DECODE_ERROR;
698 return 0;
699 }
700
701 sdata = data;
702 while (dsize > 3)
703 {
704 servname_type = *(sdata++);
705 n2s(sdata,len);
706 dsize -= 3;
707
708 if (len > dsize)
709 {
710 *al = SSL_AD_DECODE_ERROR;
711 return 0;
712 }
713 if (s->servername_done == 0)
714 switch (servname_type)
715 {
716 case TLSEXT_NAMETYPE_host_name:
717 if (!s->hit)
718 {
719 if(s->session->tlsext_hostname)
720 {
721 *al = SSL_AD_DECODE_ERROR;
722 return 0;
723 }
724 if (len > TLSEXT_MAXLEN_host_name)
725 {
726 *al = TLS1_AD_UNRECOGNIZED_NAME;
727 return 0;
728 }
729 if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
730 {
731 *al = TLS1_AD_INTERNAL_ERROR;
732 return 0;
733 }
734 memcpy(s->session->tlsext_hostname, sdata, len);
735 s->session->tlsext_hostname[len]='\0';
736 if (strlen(s->session->tlsext_hostname) != len) {
737 OPENSSL_free(s->session->tlsext_hostname);
738 s->session->tlsext_hostname = NULL;
739 *al = TLS1_AD_UNRECOGNIZED_NAME;
740 return 0;
741 }
742 s->servername_done = 1;
743
744 }
745 else
746 s->servername_done = s->session->tlsext_hostname
747 && strlen(s->session->tlsext_hostname) == len
748 && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
749
750 break;
751
752 default:
753 break;
754 }
755
756 dsize -= len;
757 }
758 if (dsize != 0)
759 {
760 *al = SSL_AD_DECODE_ERROR;
761 return 0;
762 }
763
764 }
765
766#ifndef OPENSSL_NO_EC
767 else if (type == TLSEXT_TYPE_ec_point_formats &&
768 s->version != DTLS1_VERSION)
769 {
770 unsigned char *sdata = data;
771 int ecpointformatlist_length = *(sdata++);
772
773 if (ecpointformatlist_length != size - 1)
774 {
775 *al = TLS1_AD_DECODE_ERROR;
776 return 0;
777 }
778 if (!s->hit)
779 {
780 if(s->session->tlsext_ecpointformatlist)
781 {
782 OPENSSL_free(s->session->tlsext_ecpointformatlist);
783 s->session->tlsext_ecpointformatlist = NULL;
784 }
785 s->session->tlsext_ecpointformatlist_length = 0;
786 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
787 {
788 *al = TLS1_AD_INTERNAL_ERROR;
789 return 0;
790 }
791 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
792 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
793 }
794#if 0
795 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
796 sdata = s->session->tlsext_ecpointformatlist;
797 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
798 fprintf(stderr,"%i ",*(sdata++));
799 fprintf(stderr,"\n");
800#endif
801 }
802 else if (type == TLSEXT_TYPE_elliptic_curves &&
803 s->version != DTLS1_VERSION)
804 {
805 unsigned char *sdata = data;
806 int ellipticcurvelist_length = (*(sdata++) << 8);
807 ellipticcurvelist_length += (*(sdata++));
808
809 if (ellipticcurvelist_length != size - 2)
810 {
811 *al = TLS1_AD_DECODE_ERROR;
812 return 0;
813 }
814 if (!s->hit)
815 {
816 if(s->session->tlsext_ellipticcurvelist)
817 {
818 *al = TLS1_AD_DECODE_ERROR;
819 return 0;
820 }
821 s->session->tlsext_ellipticcurvelist_length = 0;
822 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
823 {
824 *al = TLS1_AD_INTERNAL_ERROR;
825 return 0;
826 }
827 s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
828 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
829 }
830#if 0
831 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
832 sdata = s->session->tlsext_ellipticcurvelist;
833 for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
834 fprintf(stderr,"%i ",*(sdata++));
835 fprintf(stderr,"\n");
836#endif
837 }
838#endif /* OPENSSL_NO_EC */
839#ifdef TLSEXT_TYPE_opaque_prf_input
840 else if (type == TLSEXT_TYPE_opaque_prf_input &&
841 s->version != DTLS1_VERSION)
842 {
843 unsigned char *sdata = data;
844
845 if (size < 2)
846 {
847 *al = SSL_AD_DECODE_ERROR;
848 return 0;
849 }
850 n2s(sdata, s->s3->client_opaque_prf_input_len);
851 if (s->s3->client_opaque_prf_input_len != size - 2)
852 {
853 *al = SSL_AD_DECODE_ERROR;
854 return 0;
855 }
856
857 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
858 OPENSSL_free(s->s3->client_opaque_prf_input);
859 if (s->s3->client_opaque_prf_input_len == 0)
860 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
861 else
862 s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
863 if (s->s3->client_opaque_prf_input == NULL)
864 {
865 *al = TLS1_AD_INTERNAL_ERROR;
866 return 0;
867 }
868 }
869#endif
870 else if (type == TLSEXT_TYPE_session_ticket)
871 {
872 if (s->tls_session_ticket_ext_cb &&
873 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
874 {
875 *al = TLS1_AD_INTERNAL_ERROR;
876 return 0;
877 }
878 }
879 else if (type == TLSEXT_TYPE_renegotiate)
880 {
881 if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
882 return 0;
883 renegotiate_seen = 1;
884 }
885 else if (type == TLSEXT_TYPE_status_request &&
886 s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
887 {
888
889 if (size < 5)
890 {
891 *al = SSL_AD_DECODE_ERROR;
892 return 0;
893 }
894
895 s->tlsext_status_type = *data++;
896 size--;
897 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
898 {
899 const unsigned char *sdata;
900 int dsize;
901 /* Read in responder_id_list */
902 n2s(data,dsize);
903 size -= 2;
904 if (dsize > size )
905 {
906 *al = SSL_AD_DECODE_ERROR;
907 return 0;
908 }
909 while (dsize > 0)
910 {
911 OCSP_RESPID *id;
912 int idsize;
913 if (dsize < 4)
914 {
915 *al = SSL_AD_DECODE_ERROR;
916 return 0;
917 }
918 n2s(data, idsize);
919 dsize -= 2 + idsize;
920 size -= 2 + idsize;
921 if (dsize < 0)
922 {
923 *al = SSL_AD_DECODE_ERROR;
924 return 0;
925 }
926 sdata = data;
927 data += idsize;
928 id = d2i_OCSP_RESPID(NULL,
929 &sdata, idsize);
930 if (!id)
931 {
932 *al = SSL_AD_DECODE_ERROR;
933 return 0;
934 }
935 if (data != sdata)
936 {
937 OCSP_RESPID_free(id);
938 *al = SSL_AD_DECODE_ERROR;
939 return 0;
940 }
941 if (!s->tlsext_ocsp_ids
942 && !(s->tlsext_ocsp_ids =
943 sk_OCSP_RESPID_new_null()))
944 {
945 OCSP_RESPID_free(id);
946 *al = SSL_AD_INTERNAL_ERROR;
947 return 0;
948 }
949 if (!sk_OCSP_RESPID_push(
950 s->tlsext_ocsp_ids, id))
951 {
952 OCSP_RESPID_free(id);
953 *al = SSL_AD_INTERNAL_ERROR;
954 return 0;
955 }
956 }
957
958 /* Read in request_extensions */
959 if (size < 2)
960 {
961 *al = SSL_AD_DECODE_ERROR;
962 return 0;
963 }
964 n2s(data,dsize);
965 size -= 2;
966 if (dsize != size)
967 {
968 *al = SSL_AD_DECODE_ERROR;
969 return 0;
970 }
971 sdata = data;
972 if (dsize > 0)
973 {
974 s->tlsext_ocsp_exts =
975 d2i_X509_EXTENSIONS(NULL,
976 &sdata, dsize);
977 if (!s->tlsext_ocsp_exts
978 || (data + dsize != sdata))
979 {
980 *al = SSL_AD_DECODE_ERROR;
981 return 0;
982 }
983 }
984 }
985 /* We don't know what to do with any other type
986 * so ignore it.
987 */
988 else
989 s->tlsext_status_type = -1;
990 }
991
992 /* session ticket processed earlier */
993 data+=size;
994 }
995
996 *p = data;
997
998 ri_check:
999
1000 /* Need RI if renegotiating */
1001
1002 if (!renegotiate_seen && s->new_session &&
1003 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1004 {
1005 *al = SSL_AD_HANDSHAKE_FAILURE;
1006 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
1007 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1008 return 0;
1009 }
1010
1011 return 1;
1012 }
1013
1014int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
1015 {
1016 unsigned short type;
1017 unsigned short size;
1018 unsigned short len;
1019 unsigned char *data = *p;
1020 int tlsext_servername = 0;
1021 int renegotiate_seen = 0;
1022
1023 if (data >= (d+n-2))
1024 goto ri_check;
1025
1026 n2s(data,len);
1027
1028 while(data <= (d+n-4))
1029 {
1030 n2s(data,type);
1031 n2s(data,size);
1032
1033 if (data+size > (d+n))
1034 goto ri_check;
1035
1036 if (s->tlsext_debug_cb)
1037 s->tlsext_debug_cb(s, 1, type, data, size,
1038 s->tlsext_debug_arg);
1039
1040 if (type == TLSEXT_TYPE_server_name)
1041 {
1042 if (s->tlsext_hostname == NULL || size > 0)
1043 {
1044 *al = TLS1_AD_UNRECOGNIZED_NAME;
1045 return 0;
1046 }
1047 tlsext_servername = 1;
1048 }
1049
1050#ifndef OPENSSL_NO_EC
1051 else if (type == TLSEXT_TYPE_ec_point_formats &&
1052 s->version != DTLS1_VERSION)
1053 {
1054 unsigned char *sdata = data;
1055 int ecpointformatlist_length = *(sdata++);
1056
1057 if (ecpointformatlist_length != size - 1)
1058 {
1059 *al = TLS1_AD_DECODE_ERROR;
1060 return 0;
1061 }
1062 s->session->tlsext_ecpointformatlist_length = 0;
1063 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
1064 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
1065 {
1066 *al = TLS1_AD_INTERNAL_ERROR;
1067 return 0;
1068 }
1069 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
1070 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
1071#if 0
1072 fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
1073 sdata = s->session->tlsext_ecpointformatlist;
1074 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1075 fprintf(stderr,"%i ",*(sdata++));
1076 fprintf(stderr,"\n");
1077#endif
1078 }
1079#endif /* OPENSSL_NO_EC */
1080
1081 else if (type == TLSEXT_TYPE_session_ticket)
1082 {
1083 if (s->tls_session_ticket_ext_cb &&
1084 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
1085 {
1086 *al = TLS1_AD_INTERNAL_ERROR;
1087 return 0;
1088 }
1089 if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
1090 || (size > 0))
1091 {
1092 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1093 return 0;
1094 }
1095 s->tlsext_ticket_expected = 1;
1096 }
1097#ifdef TLSEXT_TYPE_opaque_prf_input
1098 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1099 s->version != DTLS1_VERSION)
1100 {
1101 unsigned char *sdata = data;
1102
1103 if (size < 2)
1104 {
1105 *al = SSL_AD_DECODE_ERROR;
1106 return 0;
1107 }
1108 n2s(sdata, s->s3->server_opaque_prf_input_len);
1109 if (s->s3->server_opaque_prf_input_len != size - 2)
1110 {
1111 *al = SSL_AD_DECODE_ERROR;
1112 return 0;
1113 }
1114
1115 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1116 OPENSSL_free(s->s3->server_opaque_prf_input);
1117 if (s->s3->server_opaque_prf_input_len == 0)
1118 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1119 else
1120 s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
1121
1122 if (s->s3->server_opaque_prf_input == NULL)
1123 {
1124 *al = TLS1_AD_INTERNAL_ERROR;
1125 return 0;
1126 }
1127 }
1128#endif
1129 else if (type == TLSEXT_TYPE_status_request &&
1130 s->version != DTLS1_VERSION)
1131 {
1132 /* MUST be empty and only sent if we've requested
1133 * a status request message.
1134 */
1135 if ((s->tlsext_status_type == -1) || (size > 0))
1136 {
1137 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1138 return 0;
1139 }
1140 /* Set flag to expect CertificateStatus message */
1141 s->tlsext_status_expected = 1;
1142 }
1143 else if (type == TLSEXT_TYPE_renegotiate)
1144 {
1145 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1146 return 0;
1147 renegotiate_seen = 1;
1148 }
1149 data+=size;
1150 }
1151
1152 if (data != d+n)
1153 {
1154 *al = SSL_AD_DECODE_ERROR;
1155 return 0;
1156 }
1157
1158 if (!s->hit && tlsext_servername == 1)
1159 {
1160 if (s->tlsext_hostname)
1161 {
1162 if (s->session->tlsext_hostname == NULL)
1163 {
1164 s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
1165 if (!s->session->tlsext_hostname)
1166 {
1167 *al = SSL_AD_UNRECOGNIZED_NAME;
1168 return 0;
1169 }
1170 }
1171 else
1172 {
1173 *al = SSL_AD_DECODE_ERROR;
1174 return 0;
1175 }
1176 }
1177 }
1178
1179 *p = data;
1180
1181 ri_check:
1182
1183 /* Determine if we need to see RI. Strictly speaking if we want to
1184 * avoid an attack we should *always* see RI even on initial server
1185 * hello because the client doesn't see any renegotiation during an
1186 * attack. However this would mean we could not connect to any server
1187 * which doesn't support RI so for the immediate future tolerate RI
1188 * absence on initial connect only.
1189 */
1190 if (!renegotiate_seen
1191 && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
1192 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1193 {
1194 *al = SSL_AD_HANDSHAKE_FAILURE;
1195 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
1196 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1197 return 0;
1198 }
1199
1200 return 1;
1201 }
1202
1203
1204int ssl_prepare_clienthello_tlsext(SSL *s)
1205 {
1206#ifndef OPENSSL_NO_EC
1207 /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats
1208 * and elliptic curves we support.
1209 */
1210 int using_ecc = 0;
1211 int i;
1212 unsigned char *j;
1213 unsigned long alg_k, alg_a;
1214 STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
1215
1216 for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
1217 {
1218 SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
1219
1220 alg_k = c->algorithm_mkey;
1221 alg_a = c->algorithm_auth;
1222 if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA)))
1223 {
1224 using_ecc = 1;
1225 break;
1226 }
1227 }
1228 using_ecc = using_ecc && (s->version == TLS1_VERSION);
1229 if (using_ecc)
1230 {
1231 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1232 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1233 {
1234 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1235 return -1;
1236 }
1237 s->tlsext_ecpointformatlist_length = 3;
1238 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1239 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1240 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1241
1242 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1243 if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
1244 s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2;
1245 if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
1246 {
1247 s->tlsext_ellipticcurvelist_length = 0;
1248 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1249 return -1;
1250 }
1251 for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=
1252 sizeof(nid_list)/sizeof(nid_list[0]); i++)
1253 s2n(i,j);
1254 }
1255#endif /* OPENSSL_NO_EC */
1256
1257#ifdef TLSEXT_TYPE_opaque_prf_input
1258 {
1259 int r = 1;
1260
1261 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1262 {
1263 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1264 if (!r)
1265 return -1;
1266 }
1267
1268 if (s->tlsext_opaque_prf_input != NULL)
1269 {
1270 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1271 OPENSSL_free(s->s3->client_opaque_prf_input);
1272
1273 if (s->tlsext_opaque_prf_input_len == 0)
1274 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1275 else
1276 s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1277 if (s->s3->client_opaque_prf_input == NULL)
1278 {
1279 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1280 return -1;
1281 }
1282 s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1283 }
1284
1285 if (r == 2)
1286 /* at callback's request, insist on receiving an appropriate server opaque PRF input */
1287 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1288 }
1289#endif
1290
1291 return 1;
1292 }
1293
1294int ssl_prepare_serverhello_tlsext(SSL *s)
1295 {
1296#ifndef OPENSSL_NO_EC
1297 /* If we are server and using an ECC cipher suite, send the point formats we support
1298 * if the client sent us an ECPointsFormat extension. Note that the server is not
1299 * supposed to send an EllipticCurves extension.
1300 */
1301
1302 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1303 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1304 int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
1305 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1306
1307 if (using_ecc)
1308 {
1309 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1310 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1311 {
1312 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1313 return -1;
1314 }
1315 s->tlsext_ecpointformatlist_length = 3;
1316 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1317 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1318 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1319 }
1320#endif /* OPENSSL_NO_EC */
1321
1322 return 1;
1323 }
1324
1325int ssl_check_clienthello_tlsext(SSL *s)
1326 {
1327 int ret=SSL_TLSEXT_ERR_NOACK;
1328 int al = SSL_AD_UNRECOGNIZED_NAME;
1329
1330#ifndef OPENSSL_NO_EC
1331 /* The handling of the ECPointFormats extension is done elsewhere, namely in
1332 * ssl3_choose_cipher in s3_lib.c.
1333 */
1334 /* The handling of the EllipticCurves extension is done elsewhere, namely in
1335 * ssl3_choose_cipher in s3_lib.c.
1336 */
1337#endif
1338
1339 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1340 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1341 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1342 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1343
1344 /* If status request then ask callback what to do.
1345 * Note: this must be called after servername callbacks in case
1346 * the certificate has changed.
1347 */
1348 if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
1349 {
1350 int r;
1351 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1352 switch (r)
1353 {
1354 /* We don't want to send a status request response */
1355 case SSL_TLSEXT_ERR_NOACK:
1356 s->tlsext_status_expected = 0;
1357 break;
1358 /* status request response should be sent */
1359 case SSL_TLSEXT_ERR_OK:
1360 if (s->tlsext_ocsp_resp)
1361 s->tlsext_status_expected = 1;
1362 else
1363 s->tlsext_status_expected = 0;
1364 break;
1365 /* something bad happened */
1366 case SSL_TLSEXT_ERR_ALERT_FATAL:
1367 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1368 al = SSL_AD_INTERNAL_ERROR;
1369 goto err;
1370 }
1371 }
1372 else
1373 s->tlsext_status_expected = 0;
1374
1375#ifdef TLSEXT_TYPE_opaque_prf_input
1376 {
1377 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
1378 * but we might be sending an alert in response to the client hello,
1379 * so this has to happen here in ssl_check_clienthello_tlsext(). */
1380
1381 int r = 1;
1382
1383 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1384 {
1385 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1386 if (!r)
1387 {
1388 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1389 al = SSL_AD_INTERNAL_ERROR;
1390 goto err;
1391 }
1392 }
1393
1394 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1395 OPENSSL_free(s->s3->server_opaque_prf_input);
1396 s->s3->server_opaque_prf_input = NULL;
1397
1398 if (s->tlsext_opaque_prf_input != NULL)
1399 {
1400 if (s->s3->client_opaque_prf_input != NULL &&
1401 s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len)
1402 {
1403 /* can only use this extension if we have a server opaque PRF input
1404 * of the same length as the client opaque PRF input! */
1405
1406 if (s->tlsext_opaque_prf_input_len == 0)
1407 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1408 else
1409 s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1410 if (s->s3->server_opaque_prf_input == NULL)
1411 {
1412 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1413 al = SSL_AD_INTERNAL_ERROR;
1414 goto err;
1415 }
1416 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1417 }
1418 }
1419
1420 if (r == 2 && s->s3->server_opaque_prf_input == NULL)
1421 {
1422 /* The callback wants to enforce use of the extension,
1423 * but we can't do that with the client opaque PRF input;
1424 * abort the handshake.
1425 */
1426 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1427 al = SSL_AD_HANDSHAKE_FAILURE;
1428 }
1429 }
1430
1431#endif
1432 err:
1433 switch (ret)
1434 {
1435 case SSL_TLSEXT_ERR_ALERT_FATAL:
1436 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1437 return -1;
1438
1439 case SSL_TLSEXT_ERR_ALERT_WARNING:
1440 ssl3_send_alert(s,SSL3_AL_WARNING,al);
1441 return 1;
1442
1443 case SSL_TLSEXT_ERR_NOACK:
1444 s->servername_done=0;
1445 default:
1446 return 1;
1447 }
1448 }
1449
1450int ssl_check_serverhello_tlsext(SSL *s)
1451 {
1452 int ret=SSL_TLSEXT_ERR_NOACK;
1453 int al = SSL_AD_UNRECOGNIZED_NAME;
1454
1455#ifndef OPENSSL_NO_EC
1456 /* If we are client and using an elliptic curve cryptography cipher suite, then server
1457 * must return a an EC point formats lists containing uncompressed.
1458 */
1459 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1460 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1461 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
1462 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
1463 {
1464 /* we are using an ECC cipher */
1465 size_t i;
1466 unsigned char *list;
1467 int found_uncompressed = 0;
1468 if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
1469 {
1470 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1471 return -1;
1472 }
1473 list = s->session->tlsext_ecpointformatlist;
1474 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1475 {
1476 if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed)
1477 {
1478 found_uncompressed = 1;
1479 break;
1480 }
1481 }
1482 if (!found_uncompressed)
1483 {
1484 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1485 return -1;
1486 }
1487 }
1488 ret = SSL_TLSEXT_ERR_OK;
1489#endif /* OPENSSL_NO_EC */
1490
1491 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1492 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1493 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1494 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1495
1496#ifdef TLSEXT_TYPE_opaque_prf_input
1497 if (s->s3->server_opaque_prf_input_len > 0)
1498 {
1499 /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
1500 * So first verify that we really have a value from the server too. */
1501
1502 if (s->s3->server_opaque_prf_input == NULL)
1503 {
1504 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1505 al = SSL_AD_HANDSHAKE_FAILURE;
1506 }
1507
1508 /* Anytime the server *has* sent an opaque PRF input, we need to check
1509 * that we have a client opaque PRF input of the same size. */
1510 if (s->s3->client_opaque_prf_input == NULL ||
1511 s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len)
1512 {
1513 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1514 al = SSL_AD_ILLEGAL_PARAMETER;
1515 }
1516 }
1517#endif
1518
1519 /* If we've requested certificate status and we wont get one
1520 * tell the callback
1521 */
1522 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
1523 && s->ctx && s->ctx->tlsext_status_cb)
1524 {
1525 int r;
1526 /* Set resp to NULL, resplen to -1 so callback knows
1527 * there is no response.
1528 */
1529 if (s->tlsext_ocsp_resp)
1530 {
1531 OPENSSL_free(s->tlsext_ocsp_resp);
1532 s->tlsext_ocsp_resp = NULL;
1533 }
1534 s->tlsext_ocsp_resplen = -1;
1535 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1536 if (r == 0)
1537 {
1538 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1539 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1540 }
1541 if (r < 0)
1542 {
1543 al = SSL_AD_INTERNAL_ERROR;
1544 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1545 }
1546 }
1547
1548 switch (ret)
1549 {
1550 case SSL_TLSEXT_ERR_ALERT_FATAL:
1551 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1552 return -1;
1553
1554 case SSL_TLSEXT_ERR_ALERT_WARNING:
1555 ssl3_send_alert(s,SSL3_AL_WARNING,al);
1556 return 1;
1557
1558 case SSL_TLSEXT_ERR_NOACK:
1559 s->servername_done=0;
1560 default:
1561 return 1;
1562 }
1563 }
1564
1565/* Since the server cache lookup is done early on in the processing of client
1566 * hello and other operations depend on the result we need to handle any TLS
1567 * session ticket extension at the same time.
1568 */
1569
1570int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
1571 const unsigned char *limit, SSL_SESSION **ret)
1572 {
1573 /* Point after session ID in client hello */
1574 const unsigned char *p = session_id + len;
1575 unsigned short i;
1576
1577 /* If tickets disabled behave as if no ticket present
1578 * to permit stateful resumption.
1579 */
1580 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
1581 return 1;
1582
1583 if ((s->version <= SSL3_VERSION) || !limit)
1584 return 1;
1585 if (p >= limit)
1586 return -1;
1587 /* Skip past DTLS cookie */
1588 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
1589 {
1590 i = *(p++);
1591 p+= i;
1592 if (p >= limit)
1593 return -1;
1594 }
1595 /* Skip past cipher list */
1596 n2s(p, i);
1597 p+= i;
1598 if (p >= limit)
1599 return -1;
1600 /* Skip past compression algorithm list */
1601 i = *(p++);
1602 p += i;
1603 if (p > limit)
1604 return -1;
1605 /* Now at start of extensions */
1606 if ((p + 2) >= limit)
1607 return 1;
1608 n2s(p, i);
1609 while ((p + 4) <= limit)
1610 {
1611 unsigned short type, size;
1612 n2s(p, type);
1613 n2s(p, size);
1614 if (p + size > limit)
1615 return 1;
1616 if (type == TLSEXT_TYPE_session_ticket)
1617 {
1618 /* If tickets disabled indicate cache miss which will
1619 * trigger a full handshake
1620 */
1621 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
1622 return 1;
1623 /* If zero length note client will accept a ticket
1624 * and indicate cache miss to trigger full handshake
1625 */
1626 if (size == 0)
1627 {
1628 s->tlsext_ticket_expected = 1;
1629 return 0; /* Cache miss */
1630 }
1631 if (s->tls_session_secret_cb)
1632 {
1633 /* Indicate cache miss here and instead of
1634 * generating the session from ticket now,
1635 * trigger abbreviated handshake based on
1636 * external mechanism to calculate the master
1637 * secret later. */
1638 return 0;
1639 }
1640 return tls_decrypt_ticket(s, p, size, session_id, len,
1641 ret);
1642 }
1643 p += size;
1644 }
1645 return 1;
1646 }
1647
1648static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
1649 const unsigned char *sess_id, int sesslen,
1650 SSL_SESSION **psess)
1651 {
1652 SSL_SESSION *sess;
1653 unsigned char *sdec;
1654 const unsigned char *p;
1655 int slen, mlen, renew_ticket = 0;
1656 unsigned char tick_hmac[EVP_MAX_MD_SIZE];
1657 HMAC_CTX hctx;
1658 EVP_CIPHER_CTX ctx;
1659 SSL_CTX *tctx = s->initial_ctx;
1660 /* Need at least keyname + iv + some encrypted data */
1661 if (eticklen < 48)
1662 goto tickerr;
1663 /* Initialize session ticket encryption and HMAC contexts */
1664 HMAC_CTX_init(&hctx);
1665 EVP_CIPHER_CTX_init(&ctx);
1666 if (tctx->tlsext_ticket_key_cb)
1667 {
1668 unsigned char *nctick = (unsigned char *)etick;
1669 int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
1670 &ctx, &hctx, 0);
1671 if (rv < 0)
1672 return -1;
1673 if (rv == 0)
1674 goto tickerr;
1675 if (rv == 2)
1676 renew_ticket = 1;
1677 }
1678 else
1679 {
1680 /* Check key name matches */
1681 if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
1682 goto tickerr;
1683 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1684 tlsext_tick_md(), NULL);
1685 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1686 tctx->tlsext_tick_aes_key, etick + 16);
1687 }
1688 /* Attempt to process session ticket, first conduct sanity and
1689 * integrity checks on ticket.
1690 */
1691 mlen = HMAC_size(&hctx);
1692 if (mlen < 0)
1693 {
1694 EVP_CIPHER_CTX_cleanup(&ctx);
1695 return -1;
1696 }
1697 eticklen -= mlen;
1698 /* Check HMAC of encrypted ticket */
1699 HMAC_Update(&hctx, etick, eticklen);
1700 HMAC_Final(&hctx, tick_hmac, NULL);
1701 HMAC_CTX_cleanup(&hctx);
1702 if (memcmp(tick_hmac, etick + eticklen, mlen))
1703 goto tickerr;
1704 /* Attempt to decrypt session data */
1705 /* Move p after IV to start of encrypted ticket, update length */
1706 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
1707 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
1708 sdec = OPENSSL_malloc(eticklen);
1709 if (!sdec)
1710 {
1711 EVP_CIPHER_CTX_cleanup(&ctx);
1712 return -1;
1713 }
1714 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
1715 if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
1716 goto tickerr;
1717 slen += mlen;
1718 EVP_CIPHER_CTX_cleanup(&ctx);
1719 p = sdec;
1720
1721 sess = d2i_SSL_SESSION(NULL, &p, slen);
1722 OPENSSL_free(sdec);
1723 if (sess)
1724 {
1725 /* The session ID if non-empty is used by some clients to
1726 * detect that the ticket has been accepted. So we copy it to
1727 * the session structure. If it is empty set length to zero
1728 * as required by standard.
1729 */
1730 if (sesslen)
1731 memcpy(sess->session_id, sess_id, sesslen);
1732 sess->session_id_length = sesslen;
1733 *psess = sess;
1734 s->tlsext_ticket_expected = renew_ticket;
1735 return 1;
1736 }
1737 /* If session decrypt failure indicate a cache miss and set state to
1738 * send a new ticket
1739 */
1740 tickerr:
1741 s->tlsext_ticket_expected = 1;
1742 return 0;
1743 }
1744
1745#endif
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
deleted file mode 100644
index 6ce7c0bbf5..0000000000
--- a/src/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,76 +0,0 @@
1/* ssl/t1_meth.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63static const SSL_METHOD *tls1_get_method(int ver);
64static const SSL_METHOD *tls1_get_method(int ver)
65 {
66 if (ver == TLS1_VERSION)
67 return(TLSv1_method());
68 else
69 return(NULL);
70 }
71
72IMPLEMENT_tls1_meth_func(TLSv1_method,
73 ssl3_accept,
74 ssl3_connect,
75 tls1_get_method)
76
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
deleted file mode 100644
index 9c2cc3c712..0000000000
--- a/src/lib/libssl/t1_reneg.c
+++ /dev/null
@@ -1,292 +0,0 @@
1/* ssl/t1_reneg.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111#include <stdio.h>
112#include <openssl/objects.h>
113#include "ssl_locl.h"
114
115/* Add the client's renegotiation binding */
116int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
117 int maxlen)
118 {
119 if(p)
120 {
121 if((s->s3->previous_client_finished_len+1) > maxlen)
122 {
123 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
124 return 0;
125 }
126
127 /* Length byte */
128 *p = s->s3->previous_client_finished_len;
129 p++;
130
131 memcpy(p, s->s3->previous_client_finished,
132 s->s3->previous_client_finished_len);
133#ifdef OPENSSL_RI_DEBUG
134 fprintf(stderr, "%s RI extension sent by client\n",
135 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
136#endif
137 }
138
139 *len=s->s3->previous_client_finished_len + 1;
140
141
142 return 1;
143 }
144
145/* Parse the client's renegotiation binding and abort if it's not
146 right */
147int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
148 int *al)
149 {
150 int ilen;
151
152 /* Parse the length byte */
153 if(len < 1)
154 {
155 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al=SSL_AD_ILLEGAL_PARAMETER;
157 return 0;
158 }
159 ilen = *d;
160 d++;
161
162 /* Consistency check */
163 if((ilen+1) != len)
164 {
165 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al=SSL_AD_ILLEGAL_PARAMETER;
167 return 0;
168 }
169
170 /* Check that the extension matches */
171 if(ilen != s->s3->previous_client_finished_len)
172 {
173 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
174 *al=SSL_AD_HANDSHAKE_FAILURE;
175 return 0;
176 }
177
178 if(memcmp(d, s->s3->previous_client_finished,
179 s->s3->previous_client_finished_len))
180 {
181 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
182 *al=SSL_AD_HANDSHAKE_FAILURE;
183 return 0;
184 }
185#ifdef OPENSSL_RI_DEBUG
186 fprintf(stderr, "%s RI extension received by server\n",
187 ilen ? "Non-empty" : "Empty");
188#endif
189
190 s->s3->send_connection_binding=1;
191
192 return 1;
193 }
194
195/* Add the server's renegotiation binding */
196int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
197 int maxlen)
198 {
199 if(p)
200 {
201 if((s->s3->previous_client_finished_len +
202 s->s3->previous_server_finished_len + 1) > maxlen)
203 {
204 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
205 return 0;
206 }
207
208 /* Length byte */
209 *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
210 p++;
211
212 memcpy(p, s->s3->previous_client_finished,
213 s->s3->previous_client_finished_len);
214 p += s->s3->previous_client_finished_len;
215
216 memcpy(p, s->s3->previous_server_finished,
217 s->s3->previous_server_finished_len);
218#ifdef OPENSSL_RI_DEBUG
219 fprintf(stderr, "%s RI extension sent by server\n",
220 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
221#endif
222 }
223
224 *len=s->s3->previous_client_finished_len
225 + s->s3->previous_server_finished_len + 1;
226
227 return 1;
228 }
229
230/* Parse the server's renegotiation binding and abort if it's not
231 right */
232int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
233 int *al)
234 {
235 int expected_len=s->s3->previous_client_finished_len
236 + s->s3->previous_server_finished_len;
237 int ilen;
238
239 /* Check for logic errors */
240 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
241 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
242
243 /* Parse the length byte */
244 if(len < 1)
245 {
246 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
247 *al=SSL_AD_ILLEGAL_PARAMETER;
248 return 0;
249 }
250 ilen = *d;
251 d++;
252
253 /* Consistency check */
254 if(ilen+1 != len)
255 {
256 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
257 *al=SSL_AD_ILLEGAL_PARAMETER;
258 return 0;
259 }
260
261 /* Check that the extension matches */
262 if(ilen != expected_len)
263 {
264 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
265 *al=SSL_AD_HANDSHAKE_FAILURE;
266 return 0;
267 }
268
269 if(memcmp(d, s->s3->previous_client_finished,
270 s->s3->previous_client_finished_len))
271 {
272 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
273 *al=SSL_AD_HANDSHAKE_FAILURE;
274 return 0;
275 }
276 d += s->s3->previous_client_finished_len;
277
278 if(memcmp(d, s->s3->previous_server_finished,
279 s->s3->previous_server_finished_len))
280 {
281 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
282 *al=SSL_AD_ILLEGAL_PARAMETER;
283 return 0;
284 }
285#ifdef OPENSSL_RI_DEBUG
286 fprintf(stderr, "%s RI extension received by client\n",
287 ilen ? "Non-empty" : "Empty");
288#endif
289 s->s3->send_connection_binding=1;
290
291 return 1;
292 }
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
deleted file mode 100644
index 42525e9e89..0000000000
--- a/src/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,80 +0,0 @@
1/* ssl/t1_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67static const SSL_METHOD *tls1_get_server_method(int ver);
68static const SSL_METHOD *tls1_get_server_method(int ver)
69 {
70 if (ver == TLS1_VERSION)
71 return(TLSv1_server_method());
72 else
73 return(NULL);
74 }
75
76IMPLEMENT_tls1_meth_func(TLSv1_server_method,
77 ssl3_accept,
78 ssl_undefined_function,
79 tls1_get_server_method)
80
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 546e660626..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha1
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
24commonName = Common Name (eg, YOUR name)
25commonName_value = Dodgy CA
26
27####################################################################
28[ ca ]
29default_ca = CA_default # The default ca section
30
31####################################################################
32[ CA_default ]
33
34dir = ./demoCA # Where everything is kept
35certs = $dir/certs # Where the issued certs are kept
36crl_dir = $dir/crl # Where the issued crl are kept
37database = $dir/index.txt # database index file.
38#unique_subject = no # Set to 'no' to allow creation of
39 # several ctificates with same subject.
40new_certs_dir = $dir/newcerts # default place for new certs.
41
42certificate = $dir/cacert.pem # The CA certificate
43serial = $dir/serial # The current serial number
44crl = $dir/crl.pem # The current CRL
45private_key = $dir/private/cakey.pem# The private key
46RANDFILE = $dir/private/.rand # private random number file
47
48x509_extensions = v3_ca # The extentions to add to the cert
49
50name_opt = ca_default # Subject Name options
51cert_opt = ca_default # Certificate field options
52
53default_days = 365 # how long to certify for
54default_crl_days= 30 # how long before next CRL
55default_md = md5 # which md to use.
56preserve = no # keep passed DN ordering
57
58policy = policy_anything
59
60[ policy_anything ]
61countryName = optional
62stateOrProvinceName = optional
63localityName = optional
64organizationName = optional
65organizationalUnitName = optional
66commonName = supplied
67emailAddress = optional
68
69
70
71[ v3_ca ]
72subjectKeyIdentifier=hash
73authorityKeyIdentifier=keyid:always,issuer:always
74basicConstraints = CA:true,pathlen:1
75keyUsage = cRLSign, keyCertSign
76issuerAltName=issuer:copy
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DH certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CU
17countryName_value = CU
18
19organizationName = Organization Name (eg, company)
20organizationName_value = La Junta de la Revolucion
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Junta
24
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
24
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
deleted file mode 100644
index f5a275bfc2..0000000000
--- a/src/lib/libssl/test/CAtsa.cnf
+++ /dev/null
@@ -1,163 +0,0 @@
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha1 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 1024
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extentions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = md5, sha1 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147
148[ tsa_config2 ]
149
150# This configuration uses a certificate which doesn't have timeStamping usage.
151# These are used by the TSA reply generation only.
152dir = . # TSA root directory
153serial = $dir/tsa_serial # The current serial number (mandatory)
154signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
155 # (optional)
156certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
157 # (optional)
158signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
159
160default_policy = tsa_policy1 # Policy if request did not specify it
161 # (optional)
162other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163digests = md5, sha1 # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 876a0d35f8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 512
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
33[ v3_proxy ]
34basicConstraints=CA:FALSE
35subjectKeyIdentifier=hash
36authorityKeyIdentifier=keyid,issuer:always
37proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 373a87e7c2..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 512
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
333.commonName = Common Name (eg, YOUR name)
343.commonName_value = Proxy 2
35
36[ v3_proxy ]
37basicConstraints=CA:FALSE
38subjectKeyIdentifier=hash
39authorityKeyIdentifier=keyid,issuer:always
40proxyCertInfo=critical,@proxy_ext
41
42[ proxy_ext ]
43language=id-ppl-anyLanguage
44pathlen=0
45policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
27
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 98b2e054b7..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
30[ v3_ee ]
31subjectKeyIdentifier=hash
32authorityKeyIdentifier=keyid,issuer:always
33basicConstraints = CA:false
34keyUsage = nonRepudiation, digitalSignature, keyEncipherment
35issuerAltName=issuer:copy
36
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
1
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
1y
2y
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
deleted file mode 100755
index 9f53d80344..0000000000
--- a/src/lib/libssl/test/asn1test.c
+++ /dev/null
@@ -1,22 +0,0 @@
1#include <openssl/x509.h>
2#include <openssl/asn1_mac.h>
3
4typedef struct X
5 {
6 STACK_OF(X509_EXTENSION) *ext;
7 } X;
8
9/* This isn't meant to run particularly, it's just to test type checking */
10int main(int argc, char **argv)
11 {
12 X *x = NULL;
13 unsigned char **pp = NULL;
14
15 M_ASN1_I2D_vars(x);
16 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
17 i2d_X509_EXTENSION);
18 M_ASN1_I2D_seq_total();
19 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
20 i2d_X509_EXTENSION);
21 M_ASN1_I2D_finish();
22 }
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index bdb3218f7a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
deleted file mode 100644
index 2e95b48ba4..0000000000
--- a/src/lib/libssl/test/cms-examples.pl
+++ /dev/null
@@ -1,409 +0,0 @@
1# test/cms-examples.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl script to run tests against S/MIME examples in RFC4134
54# Assumes RFC is in current directory and called "rfc4134.txt"
55
56use MIME::Base64;
57
58my $badttest = 0;
59my $verbose = 1;
60
61my $cmscmd;
62my $exdir = "./";
63my $exfile = "./rfc4134.txt";
64
65if (-f "../apps/openssl")
66 {
67 $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
68 }
69elsif (-f "..\\out32dll\\openssl.exe")
70 {
71 $cmscmd = "..\\out32dll\\openssl.exe cms";
72 }
73elsif (-f "..\\out32\\openssl.exe")
74 {
75 $cmscmd = "..\\out32\\openssl.exe cms";
76 }
77
78my @test_list = (
79 [ "3.1.bin" => "dataout" ],
80 [ "3.2.bin" => "encode, dataout" ],
81 [ "4.1.bin" => "encode, verifyder, cont, dss" ],
82 [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
83 [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
84 [ "4.4.bin" => "encode, verifyder, cont, dss" ],
85 [ "4.5.bin" => "verifyder, cont, rsa" ],
86 [ "4.6.bin" => "encode, verifyder, cont, dss" ],
87 [ "4.7.bin" => "encode, verifyder, cont, dss" ],
88 [ "4.8.eml" => "verifymime, dss" ],
89 [ "4.9.eml" => "verifymime, dss" ],
90 [ "4.10.bin" => "encode, verifyder, cont, dss" ],
91 [ "4.11.bin" => "encode, certsout" ],
92 [ "5.1.bin" => "encode, envelopeder, cont" ],
93 [ "5.2.bin" => "encode, envelopeder, cont" ],
94 [ "5.3.eml" => "envelopemime, cont" ],
95 [ "6.0.bin" => "encode, digest, cont" ],
96 [ "7.1.bin" => "encode, encrypted, cont" ],
97 [ "7.2.bin" => "encode, encrypted, cont" ]
98);
99
100# Extract examples from RFC4134 text.
101# Base64 decode all examples, certificates and
102# private keys are converted to PEM format.
103
104my ( $filename, $data );
105
106my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
107
108$data = "";
109
110open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
111
112while (<IN>) {
113 next unless (/^\|/);
114 s/^\|//;
115 next if (/^\*/);
116 if (/^>(.*)$/) {
117 $filename = $1;
118 next;
119 }
120 if (/^</) {
121 $filename = "$exdir/$filename";
122 if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
123 $data = decode_base64($data);
124 open OUT, ">$filename";
125 binmode OUT;
126 print OUT $data;
127 close OUT;
128 push @cleanup, $filename;
129 }
130 elsif ( $filename =~ /\.cer$/ ) {
131 write_pem( $filename, "CERTIFICATE", $data );
132 }
133 elsif ( $filename =~ /\.pri$/ ) {
134 write_pem( $filename, "PRIVATE KEY", $data );
135 }
136 $data = "";
137 $filename = "";
138 }
139 else {
140 $data .= $_;
141 }
142
143}
144
145my $secretkey =
146 "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
147
148foreach (@test_list) {
149 my ( $file, $tlist ) = @$_;
150 print "Example file $file:\n";
151 if ( $tlist =~ /encode/ ) {
152 run_reencode_test( $exdir, $file );
153 }
154 if ( $tlist =~ /certsout/ ) {
155 run_certsout_test( $exdir, $file );
156 }
157 if ( $tlist =~ /dataout/ ) {
158 run_dataout_test( $exdir, $file );
159 }
160 if ( $tlist =~ /verify/ ) {
161 run_verify_test( $exdir, $tlist, $file );
162 }
163 if ( $tlist =~ /digest/ ) {
164 run_digest_test( $exdir, $tlist, $file );
165 }
166 if ( $tlist =~ /encrypted/ ) {
167 run_encrypted_test( $exdir, $tlist, $file, $secretkey );
168 }
169 if ( $tlist =~ /envelope/ ) {
170 run_envelope_test( $exdir, $tlist, $file );
171 }
172
173}
174
175foreach (@cleanup) {
176 unlink $_;
177}
178
179if ($badtest) {
180 print "\n$badtest TESTS FAILED!!\n";
181}
182else {
183 print "\n***All tests successful***\n";
184}
185
186sub write_pem {
187 my ( $filename, $str, $data ) = @_;
188
189 $filename =~ s/\.[^.]*$/.pem/;
190
191 push @cleanup, $filename;
192
193 open OUT, ">$filename";
194
195 print OUT "-----BEGIN $str-----\n";
196 print OUT $data;
197 print OUT "-----END $str-----\n";
198
199 close OUT;
200}
201
202sub run_reencode_test {
203 my ( $cmsdir, $tfile ) = @_;
204 unlink "tmp.der";
205
206 system( "$cmscmd -cmsout -inform DER -outform DER"
207 . " -in $cmsdir/$tfile -out tmp.der" );
208
209 if ($?) {
210 print "\tReencode command FAILED!!\n";
211 $badtest++;
212 }
213 elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
214 print "\tReencode FAILED!!\n";
215 $badtest++;
216 }
217 else {
218 print "\tReencode passed\n" if $verbose;
219 }
220}
221
222sub run_certsout_test {
223 my ( $cmsdir, $tfile ) = @_;
224 unlink "tmp.der";
225 unlink "tmp.pem";
226
227 system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
228 . " -in $cmsdir/$tfile -out tmp.der" );
229
230 if ($?) {
231 print "\tCertificate output command FAILED!!\n";
232 $badtest++;
233 }
234 else {
235 print "\tCertificate output passed\n" if $verbose;
236 }
237}
238
239sub run_dataout_test {
240 my ( $cmsdir, $tfile ) = @_;
241 unlink "tmp.txt";
242
243 system(
244 "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
245
246 if ($?) {
247 print "\tDataout command FAILED!!\n";
248 $badtest++;
249 }
250 elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
251 print "\tDataout compare FAILED!!\n";
252 $badtest++;
253 }
254 else {
255 print "\tDataout passed\n" if $verbose;
256 }
257}
258
259sub run_verify_test {
260 my ( $cmsdir, $tlist, $tfile ) = @_;
261 unlink "tmp.txt";
262
263 $form = "DER" if $tlist =~ /verifyder/;
264 $form = "SMIME" if $tlist =~ /verifymime/;
265 $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
266 $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
267
268 $cmd =
269 "$cmscmd -verify -inform $form"
270 . " -CAfile $cafile"
271 . " -in $cmsdir/$tfile -out tmp.txt";
272
273 $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
274
275 system("$cmd 2>cms.err 1>cms.out");
276
277 if ($?) {
278 print "\tVerify command FAILED!!\n";
279 $badtest++;
280 }
281 elsif ( $tlist =~ /cont/
282 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
283 {
284 print "\tVerify content compare FAILED!!\n";
285 $badtest++;
286 }
287 else {
288 print "\tVerify passed\n" if $verbose;
289 }
290}
291
292sub run_envelope_test {
293 my ( $cmsdir, $tlist, $tfile ) = @_;
294 unlink "tmp.txt";
295
296 $form = "DER" if $tlist =~ /envelopeder/;
297 $form = "SMIME" if $tlist =~ /envelopemime/;
298
299 $cmd =
300 "$cmscmd -decrypt -inform $form"
301 . " -recip $cmsdir/BobRSASignByCarl.pem"
302 . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
303 . " -in $cmsdir/$tfile -out tmp.txt";
304
305 system("$cmd 2>cms.err 1>cms.out");
306
307 if ($?) {
308 print "\tDecrypt command FAILED!!\n";
309 $badtest++;
310 }
311 elsif ( $tlist =~ /cont/
312 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
313 {
314 print "\tDecrypt content compare FAILED!!\n";
315 $badtest++;
316 }
317 else {
318 print "\tDecrypt passed\n" if $verbose;
319 }
320}
321
322sub run_digest_test {
323 my ( $cmsdir, $tlist, $tfile ) = @_;
324 unlink "tmp.txt";
325
326 my $cmd =
327 "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
328
329 system("$cmd 2>cms.err 1>cms.out");
330
331 if ($?) {
332 print "\tDigest verify command FAILED!!\n";
333 $badtest++;
334 }
335 elsif ( $tlist =~ /cont/
336 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
337 {
338 print "\tDigest verify content compare FAILED!!\n";
339 $badtest++;
340 }
341 else {
342 print "\tDigest verify passed\n" if $verbose;
343 }
344}
345
346sub run_encrypted_test {
347 my ( $cmsdir, $tlist, $tfile, $key ) = @_;
348 unlink "tmp.txt";
349
350 system( "$cmscmd -EncryptedData_decrypt -inform DER"
351 . " -secretkey $key"
352 . " -in $cmsdir/$tfile -out tmp.txt" );
353
354 if ($?) {
355 print "\tEncrypted Data command FAILED!!\n";
356 $badtest++;
357 }
358 elsif ( $tlist =~ /cont/
359 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
360 {
361 print "\tEncrypted Data content compare FAILED!!\n";
362 $badtest++;
363 }
364 else {
365 print "\tEncryptedData verify passed\n" if $verbose;
366 }
367}
368
369sub cmp_files {
370 my ( $f1, $f2 ) = @_;
371 my ( $fp1, $fp2 );
372
373 my ( $rd1, $rd2 );
374
375 if ( !open( $fp1, "<$f1" ) ) {
376 print STDERR "Can't Open file $f1\n";
377 return 0;
378 }
379
380 if ( !open( $fp2, "<$f2" ) ) {
381 print STDERR "Can't Open file $f2\n";
382 return 0;
383 }
384
385 binmode $fp1;
386 binmode $fp2;
387
388 my $ret = 0;
389
390 for ( ; ; ) {
391 $n1 = sysread $fp1, $rd1, 4096;
392 $n2 = sysread $fp2, $rd2, 4096;
393 last if ( $n1 != $n2 );
394 last if ( $rd1 ne $rd2 );
395
396 if ( $n1 == 0 ) {
397 $ret = 1;
398 last;
399 }
400
401 }
402
403 close $fp1;
404 close $fp2;
405
406 return $ret;
407
408}
409
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
deleted file mode 100644
index 9c50dff3e9..0000000000
--- a/src/lib/libssl/test/cms-test.pl
+++ /dev/null
@@ -1,453 +0,0 @@
1# test/cms-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# CMS, PKCS7 consistency test script. Run extensive tests on
54# OpenSSL PKCS#7 and CMS implementations.
55
56my $ossl_path;
57my $redir = " 2>cms.err 1>cms.out";
58# Make MSYS work
59if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
60 $ossl_path = "cmd /c ..\\apps\\openssl";
61}
62elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
63 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
64}
65elsif ( -f "..\\out32dll\\openssl.exe" ) {
66 $ossl_path = "..\\out32dll\\openssl.exe";
67}
68elsif ( -f "..\\out32\\openssl.exe" ) {
69 $ossl_path = "..\\out32\\openssl.exe";
70}
71else {
72 die "Can't find OpenSSL executable";
73}
74
75my $pk7cmd = "$ossl_path smime ";
76my $cmscmd = "$ossl_path cms ";
77my $smdir = "smime-certs";
78my $halt_err = 1;
79
80my $badcmd = 0;
81my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
82
83my @smime_pkcs7_tests = (
84
85 [
86 "signed content DER format, RSA key",
87 "-sign -in smcont.txt -outform DER -nodetach"
88 . " -certfile $smdir/smroot.pem"
89 . " -signer $smdir/smrsa1.pem -out test.cms",
90 "-verify -in test.cms -inform DER "
91 . " -CAfile $smdir/smroot.pem -out smtst.txt"
92 ],
93
94 [
95 "signed detached content DER format, RSA key",
96 "-sign -in smcont.txt -outform DER"
97 . " -signer $smdir/smrsa1.pem -out test.cms",
98 "-verify -in test.cms -inform DER "
99 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
100 ],
101
102 [
103 "signed content test streaming BER format, RSA",
104 "-sign -in smcont.txt -outform DER -nodetach"
105 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
106 "-verify -in test.cms -inform DER "
107 . " -CAfile $smdir/smroot.pem -out smtst.txt"
108 ],
109
110 [
111 "signed content DER format, DSA key",
112 "-sign -in smcont.txt -outform DER -nodetach"
113 . " -signer $smdir/smdsa1.pem -out test.cms",
114 "-verify -in test.cms -inform DER "
115 . " -CAfile $smdir/smroot.pem -out smtst.txt"
116 ],
117
118 [
119 "signed detached content DER format, DSA key",
120 "-sign -in smcont.txt -outform DER"
121 . " -signer $smdir/smdsa1.pem -out test.cms",
122 "-verify -in test.cms -inform DER "
123 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
124 ],
125
126 [
127 "signed detached content DER format, add RSA signer",
128 "-resign -inform DER -in test.cms -outform DER"
129 . " -signer $smdir/smrsa1.pem -out test2.cms",
130 "-verify -in test2.cms -inform DER "
131 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
132 ],
133
134 [
135 "signed content test streaming BER format, DSA key",
136 "-sign -in smcont.txt -outform DER -nodetach"
137 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
138 "-verify -in test.cms -inform DER "
139 . " -CAfile $smdir/smroot.pem -out smtst.txt"
140 ],
141
142 [
143 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
144 "-sign -in smcont.txt -outform DER -nodetach"
145 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
146 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
147 . " -stream -out test.cms",
148 "-verify -in test.cms -inform DER "
149 . " -CAfile $smdir/smroot.pem -out smtst.txt"
150 ],
151
152 [
153"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
154 "-sign -in smcont.txt -outform DER -noattr -nodetach"
155 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
156 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
157 . " -stream -out test.cms",
158 "-verify -in test.cms -inform DER "
159 . " -CAfile $smdir/smroot.pem -out smtst.txt"
160 ],
161
162 [
163 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
164 "-sign -in smcont.txt -nodetach"
165 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
166 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
167 . " -stream -out test.cms",
168 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
169 ],
170
171 [
172"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
173 "-sign -in smcont.txt"
174 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
175 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
176 . " -stream -out test.cms",
177 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
178 ],
179
180 [
181 "enveloped content test streaming S/MIME format, 3 recipients",
182 "-encrypt -in smcont.txt"
183 . " -stream -out test.cms"
184 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
185 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
186 ],
187
188 [
189"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
190 "-encrypt -in smcont.txt"
191 . " -stream -out test.cms"
192 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
193 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
194 ],
195
196 [
197"enveloped content test streaming S/MIME format, 3 recipients, key only used",
198 "-encrypt -in smcont.txt"
199 . " -stream -out test.cms"
200 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
201 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
202 ],
203
204 [
205"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
206 "-encrypt -in smcont.txt"
207 . " -aes256 -stream -out test.cms"
208 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
209 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
210 ],
211
212);
213
214my @smime_cms_tests = (
215
216 [
217 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
218 "-sign -in smcont.txt -outform DER -nodetach -keyid"
219 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
220 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
221 . " -stream -out test.cms",
222 "-verify -in test.cms -inform DER "
223 . " -CAfile $smdir/smroot.pem -out smtst.txt"
224 ],
225
226 [
227 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
228 "-sign -in smcont.txt -outform PEM -nodetach"
229 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
230 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
231 . " -stream -out test.cms",
232 "-verify -in test.cms -inform PEM "
233 . " -CAfile $smdir/smroot.pem -out smtst.txt"
234 ],
235
236 [
237 "signed content MIME format, RSA key, signed receipt request",
238 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
239 . " -receipt_request_to test\@openssl.org -receipt_request_all"
240 . " -out test.cms",
241 "-verify -in test.cms "
242 . " -CAfile $smdir/smroot.pem -out smtst.txt"
243 ],
244
245 [
246 "signed receipt MIME format, RSA key",
247 "-sign_receipt -in test.cms"
248 . " -signer $smdir/smrsa2.pem"
249 . " -out test2.cms",
250 "-verify_receipt test2.cms -in test.cms"
251 . " -CAfile $smdir/smroot.pem"
252 ],
253
254 [
255 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
256 "-encrypt -in smcont.txt"
257 . " -stream -out test.cms -keyid"
258 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
259 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
260 ],
261
262 [
263 "enveloped content test streaming PEM format, KEK",
264 "-encrypt -in smcont.txt -outform PEM -aes128"
265 . " -stream -out test.cms "
266 . " -secretkey 000102030405060708090A0B0C0D0E0F "
267 . " -secretkeyid C0FEE0",
268 "-decrypt -in test.cms -out smtst.txt -inform PEM"
269 . " -secretkey 000102030405060708090A0B0C0D0E0F "
270 . " -secretkeyid C0FEE0"
271 ],
272
273 [
274 "enveloped content test streaming PEM format, KEK, key only",
275 "-encrypt -in smcont.txt -outform PEM -aes128"
276 . " -stream -out test.cms "
277 . " -secretkey 000102030405060708090A0B0C0D0E0F "
278 . " -secretkeyid C0FEE0",
279 "-decrypt -in test.cms -out smtst.txt -inform PEM"
280 . " -secretkey 000102030405060708090A0B0C0D0E0F "
281 ],
282
283 [
284 "data content test streaming PEM format",
285 "-data_create -in smcont.txt -outform PEM -nodetach"
286 . " -stream -out test.cms",
287 "-data_out -in test.cms -inform PEM -out smtst.txt"
288 ],
289
290 [
291 "encrypted content test streaming PEM format, 128 bit RC2 key",
292 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
293 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
294 . " -stream -out test.cms",
295 "-EncryptedData_decrypt -in test.cms -inform PEM "
296 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
297 ],
298
299 [
300 "encrypted content test streaming PEM format, 40 bit RC2 key",
301 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
302 . " -rc2 -secretkey 0001020304"
303 . " -stream -out test.cms",
304 "-EncryptedData_decrypt -in test.cms -inform PEM "
305 . " -secretkey 0001020304 -out smtst.txt"
306 ],
307
308 [
309 "encrypted content test streaming PEM format, triple DES key",
310 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
311 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
312 . " -stream -out test.cms",
313 "-EncryptedData_decrypt -in test.cms -inform PEM "
314 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
315 . " -out smtst.txt"
316 ],
317
318 [
319 "encrypted content test streaming PEM format, 128 bit AES key",
320 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
321 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
322 . " -stream -out test.cms",
323 "-EncryptedData_decrypt -in test.cms -inform PEM "
324 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
325 ],
326
327);
328
329my @smime_cms_comp_tests = (
330
331 [
332 "compressed content test streaming PEM format",
333 "-compress -in smcont.txt -outform PEM -nodetach"
334 . " -stream -out test.cms",
335 "-uncompress -in test.cms -inform PEM -out smtst.txt"
336 ]
337
338);
339
340print "CMS => PKCS#7 compatibility tests\n";
341
342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
343
344print "CMS <= PKCS#7 compatibility tests\n";
345
346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
347
348print "CMS <=> CMS consistency tests\n";
349
350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
351run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
352
353if ( `$ossl_path version -f` =~ /ZLIB/ ) {
354 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
355}
356else {
357 print "Zlib not supported: compression tests skipped\n";
358}
359
360print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
361
362if ($badcmd) {
363 print "$badcmd TESTS FAILED!!\n";
364}
365else {
366 print "ALL TESTS SUCCESSFUL.\n";
367}
368
369unlink "test.cms";
370unlink "test2.cms";
371unlink "smtst.txt";
372unlink "cms.out";
373unlink "cms.err";
374
375sub run_smime_tests {
376 my ( $rv, $aref, $scmd, $vcmd ) = @_;
377
378 foreach $smtst (@$aref) {
379 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
380 if ($ossl8)
381 {
382 # Skip smime resign: 0.9.8 smime doesn't support -resign
383 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
384 # Disable streaming: option not supported in 0.9.8
385 $tnam =~ s/streaming//;
386 $rscmd =~ s/-stream//;
387 $rvcmd =~ s/-stream//;
388 }
389 system("$scmd$rscmd$redir");
390 if ($?) {
391 print "$tnam: generation error\n";
392 $$rv++;
393 exit 1 if $halt_err;
394 next;
395 }
396 system("$vcmd$rvcmd$redir");
397 if ($?) {
398 print "$tnam: verify error\n";
399 $$rv++;
400 exit 1 if $halt_err;
401 next;
402 }
403 if (!cmp_files("smtst.txt", "smcont.txt")) {
404 print "$tnam: content verify error\n";
405 $$rv++;
406 exit 1 if $halt_err;
407 next;
408 }
409 print "$tnam: OK\n";
410 }
411}
412
413sub cmp_files {
414 my ( $f1, $f2 ) = @_;
415 my ( $fp1, $fp2 );
416
417 my ( $rd1, $rd2 );
418
419 if ( !open( $fp1, "<$f1" ) ) {
420 print STDERR "Can't Open file $f1\n";
421 return 0;
422 }
423
424 if ( !open( $fp2, "<$f2" ) ) {
425 print STDERR "Can't Open file $f2\n";
426 return 0;
427 }
428
429 binmode $fp1;
430 binmode $fp2;
431
432 my $ret = 0;
433
434 for ( ; ; ) {
435 $n1 = sysread $fp1, $rd1, 4096;
436 $n2 = sysread $fp2, $rd2, 4096;
437 last if ( $n1 != $n2 );
438 last if ( $rd1 ne $rd2 );
439
440 if ( $n1 == 0 ) {
441 $ret = 1;
442 last;
443 }
444
445 }
446
447 close $fp1;
448 close $fp2;
449
450 return $ret;
451
452}
453
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
deleted file mode 100644
index 005c2f4822..0000000000
--- a/src/lib/libssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
1/* test/methtest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include "meth.h"
64#include <openssl/err.h>
65
66int main(argc,argv)
67int argc;
68char *argv[];
69 {
70 METHOD_CTX *top,*tmp1,*tmp2;
71
72 top=METH_new(x509_lookup()); /* get a top level context */
73 if (top == NULL) goto err;
74
75 tmp1=METH_new(x509_by_file());
76 if (top == NULL) goto err;
77 METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
78 METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
79 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
80
81 tmp2=METH_new(x509_by_dir());
82 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
83 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
84 METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
85 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
86
87/* tmp=METH_new(x509_by_issuer_dir);
88 METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
89 METH_push(top,METH_X509_BY_ISSUER,tmp);
90
91 tmp=METH_new(x509_by_issuer_primary);
92 METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
93 METH_push(top,METH_X509_BY_ISSUER,tmp);
94*/
95
96 METH_init(top);
97 METH_control(tmp1,METH_CONTROL_DUMP,stdout);
98 METH_control(tmp2,METH_CONTROL_DUMP,stdout);
99 EXIT(0);
100err:
101 ERR_load_crypto_strings();
102 ERR_print_errors_fp(stderr);
103 EXIT(1);
104 return(0);
105 }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN PKCS7-----
2MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
3SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
4AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
5eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
6MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
7bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
8ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
9FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
109XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
11BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
12bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
13BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
14j7Kie1x339mxW/w9VZNTUDQQweHh
15-----END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
1 MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
2 AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
3 EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
4 cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
5 ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
6 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
7 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
8 bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
9 CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
10 Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
11 CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
12 ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
13 l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
14 HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
15 Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
16 c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
17 YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
18 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
19 dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
20 LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
21 ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
22 biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
23 IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
24 AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
25 L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
26 HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
27 slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
28 ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
29 /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
30 aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
31 ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
32 OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
33 MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
34 Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
35 qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
36 sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
37 P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
38 A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
39 KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
40 Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
41 Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
42 hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
43 Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
44 dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
45 KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
46 dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
47 I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
48 ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
49 ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
50 ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
51 MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
52 /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
53 DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
54 b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
deleted file mode 100644
index 69dffa16f9..0000000000
--- a/src/lib/libssl/test/pkits-test.pl
+++ /dev/null
@@ -1,940 +0,0 @@
1# test/pkits-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl utility to run PKITS tests for RFC3280 compliance.
54
55my $ossl_path;
56
57if ( -f "../apps/openssl" ) {
58 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
59}
60elsif ( -f "..\\out32dll\\openssl.exe" ) {
61 $ossl_path = "..\\out32dll\\openssl.exe";
62}
63elsif ( -f "..\\out32\\openssl.exe" ) {
64 $ossl_path = "..\\out32\\openssl.exe";
65}
66else {
67 die "Can't find OpenSSL executable";
68}
69
70my $pkitsdir = "pkits/smime";
71my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
72
73die "Can't find PKITS test data" if !-d $pkitsdir;
74
75my $nist1 = "2.16.840.1.101.3.2.1.48.1";
76my $nist2 = "2.16.840.1.101.3.2.1.48.2";
77my $nist3 = "2.16.840.1.101.3.2.1.48.3";
78my $nist4 = "2.16.840.1.101.3.2.1.48.4";
79my $nist5 = "2.16.840.1.101.3.2.1.48.5";
80my $nist6 = "2.16.840.1.101.3.2.1.48.6";
81
82my $apolicy = "X509v3 Any Policy";
83
84# This table contains the chapter headings of the accompanying PKITS
85# document. They provide useful informational output and their names
86# can be converted into the filename to test.
87
88my @testlists = (
89 [ "4.1", "Signature Verification" ],
90 [ "4.1.1", "Valid Signatures Test1", 0 ],
91 [ "4.1.2", "Invalid CA Signature Test2", 7 ],
92 [ "4.1.3", "Invalid EE Signature Test3", 7 ],
93 [ "4.1.4", "Valid DSA Signatures Test4", 0 ],
94 [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ],
95 [ "4.1.6", "Invalid DSA Signature Test6", 7 ],
96 [ "4.2", "Validity Periods" ],
97 [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ],
98 [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ],
99 [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ],
100 [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ],
101 [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ],
102 [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ],
103 [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ],
104 [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ],
105 [ "4.3", "Verifying Name Chaining" ],
106 [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ],
107 [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ],
108 [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ],
109 [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ],
110 [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ],
111 [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ],
112 [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
113 [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ],
114 [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ],
115 [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
116 [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ],
117 [ "4.4", "Basic Certificate Revocation Tests" ],
118 [ "4.4.1", "Missing CRL Test1", 3 ],
119 [ "4.4.2", "Invalid Revoked CA Test2", 23 ],
120 [ "4.4.3", "Invalid Revoked EE Test3", 23 ],
121 [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ],
122 [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
123 [ "4.4.6", "Invalid Wrong CRL Test6", 3 ],
124 [ "4.4.7", "Valid Two CRLs Test7", 0 ],
125
126 # The test document suggests these should return certificate revoked...
127 # Subsquent discussion has concluded they should not due to unhandle
128 # critical CRL extensions.
129 [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
130 [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ],
131
132 [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ],
133 [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ],
134 [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ],
135 [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ],
136 [ "4.4.14", "Valid Negative Serial Number Test14", 0 ],
137 [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ],
138 [ "4.4.16", "Valid Long Serial Number Test16", 0 ],
139 [ "4.4.17", "Valid Long Serial Number Test17", 0 ],
140 [ "4.4.18", "Invalid Long Serial Number Test18", 23 ],
141 [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ],
142 [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
143
144 # CRL path is revoked so get a CRL path validation error
145 [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ],
146 [ "4.5", "Verifying Paths with Self-Issued Certificates" ],
147 [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ],
148 [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ],
149 [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ],
150 [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ],
151 [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ],
152 [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ],
153 [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ],
154 [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ],
155 [ "4.6", "Verifying Basic Constraints" ],
156 [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ],
157 [ "4.6.2", "Invalid cA False Test2", 24 ],
158 [ "4.6.3", "Invalid cA False Test3", 24 ],
159 [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ],
160 [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ],
161 [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ],
162 [ "4.6.7", "Valid pathLenConstraint Test7", 0 ],
163 [ "4.6.8", "Valid pathLenConstraint Test8", 0 ],
164 [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ],
165 [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ],
166 [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ],
167 [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ],
168 [ "4.6.13", "Valid pathLenConstraint Test13", 0 ],
169 [ "4.6.14", "Valid pathLenConstraint Test14", 0 ],
170 [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ],
171 [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ],
172 [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ],
173 [ "4.7", "Key Usage" ],
174 [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ],
175 [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
176 [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ],
177 [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ],
178 [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ],
179
180 # Certificate policy tests need special handling. They can have several
181 # sub tests and we need to check the outputs are correct.
182
183 [ "4.8", "Certificate Policies" ],
184 [
185 "4.8.1.1",
186 "All Certificates Same Policy Test1",
187 "-policy anyPolicy -explicit_policy",
188 "True", $nist1, $nist1, 0
189 ],
190 [
191 "4.8.1.2",
192 "All Certificates Same Policy Test1",
193 "-policy $nist1 -explicit_policy",
194 "True", $nist1, $nist1, 0
195 ],
196 [
197 "4.8.1.3",
198 "All Certificates Same Policy Test1",
199 "-policy $nist2 -explicit_policy",
200 "True", $nist1, "<empty>", 43
201 ],
202 [
203 "4.8.1.4",
204 "All Certificates Same Policy Test1",
205 "-policy $nist1 -policy $nist2 -explicit_policy",
206 "True", $nist1, $nist1, 0
207 ],
208 [
209 "4.8.2.1",
210 "All Certificates No Policies Test2",
211 "-policy anyPolicy",
212 "False", "<empty>", "<empty>", 0
213 ],
214 [
215 "4.8.2.2",
216 "All Certificates No Policies Test2",
217 "-policy anyPolicy -explicit_policy",
218 "True", "<empty>", "<empty>", 43
219 ],
220 [
221 "4.8.3.1",
222 "Different Policies Test3",
223 "-policy anyPolicy",
224 "False", "<empty>", "<empty>", 0
225 ],
226 [
227 "4.8.3.2",
228 "Different Policies Test3",
229 "-policy anyPolicy -explicit_policy",
230 "True", "<empty>", "<empty>", 43
231 ],
232 [
233 "4.8.3.3",
234 "Different Policies Test3",
235 "-policy $nist1 -policy $nist2 -explicit_policy",
236 "True", "<empty>", "<empty>", 43
237 ],
238
239 [
240 "4.8.4",
241 "Different Policies Test4",
242 "-policy anyPolicy",
243 "True", "<empty>", "<empty>", 43
244 ],
245 [
246 "4.8.5",
247 "Different Policies Test5",
248 "-policy anyPolicy",
249 "True", "<empty>", "<empty>", 43
250 ],
251 [
252 "4.8.6.1",
253 "Overlapping Policies Test6",
254 "-policy anyPolicy",
255 "True", $nist1, $nist1, 0
256 ],
257 [
258 "4.8.6.2",
259 "Overlapping Policies Test6",
260 "-policy $nist1",
261 "True", $nist1, $nist1, 0
262 ],
263 [
264 "4.8.6.3",
265 "Overlapping Policies Test6",
266 "-policy $nist2",
267 "True", $nist1, "<empty>", 43
268 ],
269 [
270 "4.8.7",
271 "Different Policies Test7",
272 "-policy anyPolicy",
273 "True", "<empty>", "<empty>", 43
274 ],
275 [
276 "4.8.8",
277 "Different Policies Test8",
278 "-policy anyPolicy",
279 "True", "<empty>", "<empty>", 43
280 ],
281 [
282 "4.8.9",
283 "Different Policies Test9",
284 "-policy anyPolicy",
285 "True", "<empty>", "<empty>", 43
286 ],
287 [
288 "4.8.10.1",
289 "All Certificates Same Policies Test10",
290 "-policy $nist1",
291 "True", "$nist1:$nist2", "$nist1", 0
292 ],
293 [
294 "4.8.10.2",
295 "All Certificates Same Policies Test10",
296 "-policy $nist2",
297 "True", "$nist1:$nist2", "$nist2", 0
298 ],
299 [
300 "4.8.10.3",
301 "All Certificates Same Policies Test10",
302 "-policy anyPolicy",
303 "True", "$nist1:$nist2", "$nist1:$nist2", 0
304 ],
305 [
306 "4.8.11.1",
307 "All Certificates AnyPolicy Test11",
308 "-policy anyPolicy",
309 "True", "$apolicy", "$apolicy", 0
310 ],
311 [
312 "4.8.11.2",
313 "All Certificates AnyPolicy Test11",
314 "-policy $nist1",
315 "True", "$apolicy", "$nist1", 0
316 ],
317 [
318 "4.8.12",
319 "Different Policies Test12",
320 "-policy anyPolicy",
321 "True", "<empty>", "<empty>", 43
322 ],
323 [
324 "4.8.13.1",
325 "All Certificates Same Policies Test13",
326 "-policy $nist1",
327 "True", "$nist1:$nist2:$nist3", "$nist1", 0
328 ],
329 [
330 "4.8.13.2",
331 "All Certificates Same Policies Test13",
332 "-policy $nist2",
333 "True", "$nist1:$nist2:$nist3", "$nist2", 0
334 ],
335 [
336 "4.8.13.3",
337 "All Certificates Same Policies Test13",
338 "-policy $nist3",
339 "True", "$nist1:$nist2:$nist3", "$nist3", 0
340 ],
341 [
342 "4.8.14.1", "AnyPolicy Test14",
343 "-policy $nist1", "True",
344 "$nist1", "$nist1",
345 0
346 ],
347 [
348 "4.8.14.2", "AnyPolicy Test14",
349 "-policy $nist2", "True",
350 "$nist1", "<empty>",
351 43
352 ],
353 [
354 "4.8.15",
355 "User Notice Qualifier Test15",
356 "-policy anyPolicy",
357 "False", "$nist1", "$nist1", 0
358 ],
359 [
360 "4.8.16",
361 "User Notice Qualifier Test16",
362 "-policy anyPolicy",
363 "False", "$nist1", "$nist1", 0
364 ],
365 [
366 "4.8.17",
367 "User Notice Qualifier Test17",
368 "-policy anyPolicy",
369 "False", "$nist1", "$nist1", 0
370 ],
371 [
372 "4.8.18.1",
373 "User Notice Qualifier Test18",
374 "-policy $nist1",
375 "True", "$nist1:$nist2", "$nist1", 0
376 ],
377 [
378 "4.8.18.2",
379 "User Notice Qualifier Test18",
380 "-policy $nist2",
381 "True", "$nist1:$nist2", "$nist2", 0
382 ],
383 [
384 "4.8.19",
385 "User Notice Qualifier Test19",
386 "-policy anyPolicy",
387 "False", "$nist1", "$nist1", 0
388 ],
389 [
390 "4.8.20",
391 "CPS Pointer Qualifier Test20",
392 "-policy anyPolicy -explicit_policy",
393 "True", "$nist1", "$nist1", 0
394 ],
395 [ "4.9", "Require Explicit Policy" ],
396 [
397 "4.9.1",
398 "Valid RequireExplicitPolicy Test1",
399 "-policy anyPolicy",
400 "False", "<empty>", "<empty>", 0
401 ],
402 [
403 "4.9.2",
404 "Valid RequireExplicitPolicy Test2",
405 "-policy anyPolicy",
406 "False", "<empty>", "<empty>", 0
407 ],
408 [
409 "4.9.3",
410 "Invalid RequireExplicitPolicy Test3",
411 "-policy anyPolicy",
412 "True", "<empty>", "<empty>", 43
413 ],
414 [
415 "4.9.4",
416 "Valid RequireExplicitPolicy Test4",
417 "-policy anyPolicy",
418 "True", "$nist1", "$nist1", 0
419 ],
420 [
421 "4.9.5",
422 "Invalid RequireExplicitPolicy Test5",
423 "-policy anyPolicy",
424 "True", "<empty>", "<empty>", 43
425 ],
426 [
427 "4.9.6",
428 "Valid Self-Issued requireExplicitPolicy Test6",
429 "-policy anyPolicy",
430 "False", "<empty>", "<empty>", 0
431 ],
432 [
433 "4.9.7",
434 "Invalid Self-Issued requireExplicitPolicy Test7",
435 "-policy anyPolicy",
436 "True", "<empty>", "<empty>", 43
437 ],
438 [
439 "4.9.8",
440 "Invalid Self-Issued requireExplicitPolicy Test8",
441 "-policy anyPolicy",
442 "True", "<empty>", "<empty>", 43
443 ],
444 [ "4.10", "Policy Mappings" ],
445 [
446 "4.10.1.1",
447 "Valid Policy Mapping Test1",
448 "-policy $nist1",
449 "True", "$nist1", "$nist1", 0
450 ],
451 [
452 "4.10.1.2",
453 "Valid Policy Mapping Test1",
454 "-policy $nist2",
455 "True", "$nist1", "<empty>", 43
456 ],
457 [
458 "4.10.1.3",
459 "Valid Policy Mapping Test1",
460 "-policy anyPolicy -inhibit_map",
461 "True", "<empty>", "<empty>", 43
462 ],
463 [
464 "4.10.2.1",
465 "Invalid Policy Mapping Test2",
466 "-policy anyPolicy",
467 "True", "<empty>", "<empty>", 43
468 ],
469 [
470 "4.10.2.2",
471 "Invalid Policy Mapping Test2",
472 "-policy anyPolicy -inhibit_map",
473 "True", "<empty>", "<empty>", 43
474 ],
475 [
476 "4.10.3.1",
477 "Valid Policy Mapping Test3",
478 "-policy $nist1",
479 "True", "$nist2", "<empty>", 43
480 ],
481 [
482 "4.10.3.2",
483 "Valid Policy Mapping Test3",
484 "-policy $nist2",
485 "True", "$nist2", "$nist2", 0
486 ],
487 [
488 "4.10.4",
489 "Invalid Policy Mapping Test4",
490 "-policy anyPolicy",
491 "True", "<empty>", "<empty>", 43
492 ],
493 [
494 "4.10.5.1",
495 "Valid Policy Mapping Test5",
496 "-policy $nist1",
497 "True", "$nist1", "$nist1", 0
498 ],
499 [
500 "4.10.5.2",
501 "Valid Policy Mapping Test5",
502 "-policy $nist6",
503 "True", "$nist1", "<empty>", 43
504 ],
505 [
506 "4.10.6.1",
507 "Valid Policy Mapping Test6",
508 "-policy $nist1",
509 "True", "$nist1", "$nist1", 0
510 ],
511 [
512 "4.10.6.2",
513 "Valid Policy Mapping Test6",
514 "-policy $nist6",
515 "True", "$nist1", "<empty>", 43
516 ],
517 [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
518 [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ],
519 [
520 "4.10.9",
521 "Valid Policy Mapping Test9",
522 "-policy anyPolicy",
523 "True", "$nist1", "$nist1", 0
524 ],
525 [
526 "4.10.10",
527 "Invalid Policy Mapping Test10",
528 "-policy anyPolicy",
529 "True", "<empty>", "<empty>", 43
530 ],
531 [
532 "4.10.11",
533 "Valid Policy Mapping Test11",
534 "-policy anyPolicy",
535 "True", "$nist1", "$nist1", 0
536 ],
537
538 # TODO: check notice display
539 [
540 "4.10.12.1",
541 "Valid Policy Mapping Test12",
542 "-policy $nist1",
543 "True", "$nist1:$nist2", "$nist1", 0
544 ],
545
546 # TODO: check notice display
547 [
548 "4.10.12.2",
549 "Valid Policy Mapping Test12",
550 "-policy $nist2",
551 "True", "$nist1:$nist2", "$nist2", 0
552 ],
553 [
554 "4.10.13",
555 "Valid Policy Mapping Test13",
556 "-policy anyPolicy",
557 "True", "$nist1", "$nist1", 0
558 ],
559
560 # TODO: check notice display
561 [
562 "4.10.14",
563 "Valid Policy Mapping Test14",
564 "-policy anyPolicy",
565 "True", "$nist1", "$nist1", 0
566 ],
567 [ "4.11", "Inhibit Policy Mapping" ],
568 [
569 "4.11.1",
570 "Invalid inhibitPolicyMapping Test1",
571 "-policy anyPolicy",
572 "True", "<empty>", "<empty>", 43
573 ],
574 [
575 "4.11.2",
576 "Valid inhibitPolicyMapping Test2",
577 "-policy anyPolicy",
578 "True", "$nist1", "$nist1", 0
579 ],
580 [
581 "4.11.3",
582 "Invalid inhibitPolicyMapping Test3",
583 "-policy anyPolicy",
584 "True", "<empty>", "<empty>", 43
585 ],
586 [
587 "4.11.4",
588 "Valid inhibitPolicyMapping Test4",
589 "-policy anyPolicy",
590 "True", "$nist2", "$nist2", 0
591 ],
592 [
593 "4.11.5",
594 "Invalid inhibitPolicyMapping Test5",
595 "-policy anyPolicy",
596 "True", "<empty>", "<empty>", 43
597 ],
598 [
599 "4.11.6",
600 "Invalid inhibitPolicyMapping Test6",
601 "-policy anyPolicy",
602 "True", "<empty>", "<empty>", 43
603 ],
604 [
605 "4.11.7",
606 "Valid Self-Issued inhibitPolicyMapping Test7",
607 "-policy anyPolicy",
608 "True", "$nist1", "$nist1", 0
609 ],
610 [
611 "4.11.8",
612 "Invalid Self-Issued inhibitPolicyMapping Test8",
613 "-policy anyPolicy",
614 "True", "<empty>", "<empty>", 43
615 ],
616 [
617 "4.11.9",
618 "Invalid Self-Issued inhibitPolicyMapping Test9",
619 "-policy anyPolicy",
620 "True", "<empty>", "<empty>", 43
621 ],
622 [
623 "4.11.10",
624 "Invalid Self-Issued inhibitPolicyMapping Test10",
625 "-policy anyPolicy",
626 "True", "<empty>", "<empty>", 43
627 ],
628 [
629 "4.11.11",
630 "Invalid Self-Issued inhibitPolicyMapping Test11",
631 "-policy anyPolicy",
632 "True", "<empty>", "<empty>", 43
633 ],
634 [ "4.12", "Inhibit Any Policy" ],
635 [
636 "4.12.1",
637 "Invalid inhibitAnyPolicy Test1",
638 "-policy anyPolicy",
639 "True", "<empty>", "<empty>", 43
640 ],
641 [
642 "4.12.2",
643 "Valid inhibitAnyPolicy Test2",
644 "-policy anyPolicy",
645 "True", "$nist1", "$nist1", 0
646 ],
647 [
648 "4.12.3.1",
649 "inhibitAnyPolicy Test3",
650 "-policy anyPolicy",
651 "True", "$nist1", "$nist1", 0
652 ],
653 [
654 "4.12.3.2",
655 "inhibitAnyPolicy Test3",
656 "-policy anyPolicy -inhibit_any",
657 "True", "<empty>", "<empty>", 43
658 ],
659 [
660 "4.12.4",
661 "Invalid inhibitAnyPolicy Test4",
662 "-policy anyPolicy",
663 "True", "<empty>", "<empty>", 43
664 ],
665 [
666 "4.12.5",
667 "Invalid inhibitAnyPolicy Test5",
668 "-policy anyPolicy",
669 "True", "<empty>", "<empty>", 43
670 ],
671 [
672 "4.12.6",
673 "Invalid inhibitAnyPolicy Test6",
674 "-policy anyPolicy",
675 "True", "<empty>", "<empty>", 43
676 ],
677 [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ],
678 [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ],
679 [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ],
680 [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ],
681 [ "4.13", "Name Constraints" ],
682 [ "4.13.1", "Valid DN nameConstraints Test1", 0 ],
683 [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ],
684 [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ],
685 [ "4.13.4", "Valid DN nameConstraints Test4", 0 ],
686 [ "4.13.5", "Valid DN nameConstraints Test5", 0 ],
687 [ "4.13.6", "Valid DN nameConstraints Test6", 0 ],
688 [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ],
689 [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ],
690 [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ],
691 [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ],
692 [ "4.13.11", "Valid DN nameConstraints Test11", 0 ],
693 [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ],
694 [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ],
695 [ "4.13.14", "Valid DN nameConstraints Test14", 0 ],
696 [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ],
697 [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ],
698 [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ],
699 [ "4.13.18", "Valid DN nameConstraints Test18", 0 ],
700 [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ],
701 [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
702 [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ],
703 [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ],
704 [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ],
705 [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ],
706 [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ],
707 [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ],
708 [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ],
709 [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ],
710 [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ],
711 [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ],
712 [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ],
713 [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ],
714 [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ],
715 [ "4.13.34", "Valid URI nameConstraints Test34", 0 ],
716 [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ],
717 [ "4.13.36", "Valid URI nameConstraints Test36", 0 ],
718 [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ],
719 [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ],
720 [ "4.14", "Distribution Points" ],
721 [ "4.14.1", "Valid distributionPoint Test1", 0 ],
722 [ "4.14.2", "Invalid distributionPoint Test2", 23 ],
723 [ "4.14.3", "Invalid distributionPoint Test3", 44 ],
724 [ "4.14.4", "Valid distributionPoint Test4", 0 ],
725 [ "4.14.5", "Valid distributionPoint Test5", 0 ],
726 [ "4.14.6", "Invalid distributionPoint Test6", 23 ],
727 [ "4.14.7", "Valid distributionPoint Test7", 0 ],
728 [ "4.14.8", "Invalid distributionPoint Test8", 44 ],
729 [ "4.14.9", "Invalid distributionPoint Test9", 44 ],
730 [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ],
731 [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ],
732 [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ],
733 [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ],
734 [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ],
735 [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ],
736 [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ],
737 [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ],
738 [ "4.14.18", "Valid onlySomeReasons Test18", 0 ],
739 [ "4.14.19", "Valid onlySomeReasons Test19", 0 ],
740 [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ],
741 [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ],
742 [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ],
743 [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ],
744 [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ],
745 [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ],
746 [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ],
747 [ "4.14.27", "Invalid cRLIssuer Test27", 3 ],
748 [ "4.14.28", "Valid cRLIssuer Test28", 0 ],
749 [ "4.14.29", "Valid cRLIssuer Test29", 0 ],
750
751 # Although this test is valid it has a circular dependency. As a result
752 # an attempt is made to reursively checks a CRL path and rejected due to
753 # a CRL path validation error. PKITS notes suggest this test does not
754 # need to be run due to this issue.
755 [ "4.14.30", "Valid cRLIssuer Test30", 54 ],
756 [ "4.14.31", "Invalid cRLIssuer Test31", 23 ],
757 [ "4.14.32", "Invalid cRLIssuer Test32", 23 ],
758 [ "4.14.33", "Valid cRLIssuer Test33", 0 ],
759 [ "4.14.34", "Invalid cRLIssuer Test34", 23 ],
760 [ "4.14.35", "Invalid cRLIssuer Test35", 44 ],
761 [ "4.15", "Delta-CRLs" ],
762 [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ],
763 [ "4.15.2", "Valid delta-CRL Test2", 0 ],
764 [ "4.15.3", "Invalid delta-CRL Test3", 23 ],
765 [ "4.15.4", "Invalid delta-CRL Test4", 23 ],
766 [ "4.15.5", "Valid delta-CRL Test5", 0 ],
767 [ "4.15.6", "Invalid delta-CRL Test6", 23 ],
768 [ "4.15.7", "Valid delta-CRL Test7", 0 ],
769 [ "4.15.8", "Valid delta-CRL Test8", 0 ],
770 [ "4.15.9", "Invalid delta-CRL Test9", 23 ],
771 [ "4.15.10", "Invalid delta-CRL Test10", 12 ],
772 [ "4.16", "Private Certificate Extensions" ],
773 [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
774 [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ],
775);
776
777
778my $verbose = 1;
779
780my $numtest = 0;
781my $numfail = 0;
782
783my $ossl = "ossl/apps/openssl";
784
785my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
786$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
787$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
788
789system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
790
791die "Can't create trust anchor file" if $?;
792
793print "Running PKITS tests:\n" if $verbose;
794
795foreach (@testlists) {
796 my $argnum = @$_;
797 if ( $argnum == 2 ) {
798 my ( $tnum, $title ) = @$_;
799 print "$tnum $title\n" if $verbose;
800 }
801 elsif ( $argnum == 3 ) {
802 my ( $tnum, $title, $exp_ret ) = @$_;
803 my $filename = $title;
804 $exp_ret += 32 if $exp_ret;
805 $filename =~ tr/ -//d;
806 $filename = "Signed${filename}.eml";
807 if ( !-f "$pkitsdir/$filename" ) {
808 print "\"$filename\" not found\n";
809 }
810 else {
811 my $ret;
812 my $test_fail = 0;
813 my $errmsg = "";
814 my $cmd = $ossl_cmd;
815 $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
816 my $cmdout = `$cmd`;
817 $ret = $? >> 8;
818 if ( $? & 0xff ) {
819 $errmsg .= "Abnormal OpenSSL termination\n";
820 $test_fail = 1;
821 }
822 if ( $exp_ret != $ret ) {
823 $errmsg .= "Return code:$ret, ";
824 $errmsg .= "expected $exp_ret\n";
825 $test_fail = 1;
826 }
827 if ($test_fail) {
828 print "$tnum $title : Failed!\n";
829 print "Filename: $pkitsdir/$filename\n";
830 print $errmsg;
831 print "Command output:\n$cmdout\n";
832 $numfail++;
833 }
834 $numtest++;
835 }
836 }
837 elsif ( $argnum == 7 ) {
838 my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
839 = @$_;
840 my $filename = $title;
841 $exp_ret += 32 if $exp_ret;
842 $filename =~ tr/ -//d;
843 $filename = "Signed${filename}.eml";
844 if ( !-f "$pkitsdir/$filename" ) {
845 print "\"$filename\" not found\n";
846 }
847 else {
848 my $ret;
849 my $cmdout = "";
850 my $errmsg = "";
851 my $epol = "";
852 my $aset = "";
853 my $uset = "";
854 my $pol = -1;
855 my $test_fail = 0;
856 my $cmd = $ossl_cmd;
857 $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
858 @oparr = `$cmd`;
859 $ret = $? >> 8;
860
861 if ( $? & 0xff ) {
862 $errmsg .= "Abnormal OpenSSL termination\n";
863 $test_fail = 1;
864 }
865 foreach (@oparr) {
866 my $test_failed = 0;
867 $cmdout .= $_;
868 if (/^Require explicit Policy: (.*)$/) {
869 $epol = $1;
870 }
871 if (/^Authority Policies/) {
872 if (/empty/) {
873 $aset = "<empty>";
874 }
875 else {
876 $pol = 1;
877 }
878 }
879 $test_fail = 1 if (/leak/i);
880 if (/^User Policies/) {
881 if (/empty/) {
882 $uset = "<empty>";
883 }
884 else {
885 $pol = 2;
886 }
887 }
888 if (/\s+Policy: (.*)$/) {
889 if ( $pol == 1 ) {
890 $aset .= ":" if $aset ne "";
891 $aset .= $1;
892 }
893 elsif ( $pol == 2 ) {
894 $uset .= ":" if $uset ne "";
895 $uset .= $1;
896 }
897 }
898 }
899
900 if ( $epol ne $exp_epol ) {
901 $errmsg .= "Explicit policy:$epol, ";
902 $errmsg .= "expected $exp_epol\n";
903 $test_fail = 1;
904 }
905 if ( $aset ne $exp_aset ) {
906 $errmsg .= "Authority policy set :$aset, ";
907 $errmsg .= "expected $exp_aset\n";
908 $test_fail = 1;
909 }
910 if ( $uset ne $exp_uset ) {
911 $errmsg .= "User policy set :$uset, ";
912 $errmsg .= "expected $exp_uset\n";
913 $test_fail = 1;
914 }
915
916 if ( $exp_ret != $ret ) {
917 print "Return code:$ret, expected $exp_ret\n";
918 $test_fail = 1;
919 }
920
921 if ($test_fail) {
922 print "$tnum $title : Failed!\n";
923 print "Filename: $pkitsdir/$filename\n";
924 print "Command output:\n$cmdout\n";
925 $numfail++;
926 }
927 $numtest++;
928 }
929 }
930}
931
932if ($numfail) {
933 print "$numfail tests failed out of $numtest\n";
934}
935else {
936 print "All Tests Successful.\n";
937}
938
939unlink "pkitsta.pem";
940
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
deleted file mode 100644
index a172e393ca..0000000000
--- a/src/lib/libssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* test/r160test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
deleted file mode 100644
index e837c0b75b..0000000000
--- a/src/lib/libssl/test/smcont.txt
+++ /dev/null
@@ -1 +0,0 @@
1Some test content for OpenSSL CMS \ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
deleted file mode 100644
index d5677dbfbe..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa1.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
9YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
10C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
119fMUZq1v0ePD4Wo0Xkxo
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
25CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
267WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
27h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
284Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
31kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
32phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
33hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
deleted file mode 100644
index ef86c115d7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
9It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
10VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
11Nf8SimTZYB0/CKje6M5ufA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
25g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
266WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
27j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
28FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
29rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
30FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
31FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
326Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
33jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
deleted file mode 100644
index eeb848dabc..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
9GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
10TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
11Y+XZd0Sv69CatDIRYWvaIA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
25M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
26aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
27pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
28VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
31k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
32rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
33OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
deleted file mode 100644
index 249706c8c7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsap.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN DSA PARAMETERS-----
2MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
3Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
4gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
5qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
6Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
7GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
8Qw5z
9-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
deleted file mode 100644
index a59eb2684c..0000000000
--- a/src/lib/libssl/test/smime-certs/smroot.pem
+++ /dev/null
@@ -1,30 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
39Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
4speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
5AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
6JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
7xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
8U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
9Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
101tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
113Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
123ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
13U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
140J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
21ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
22wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
239HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
2481XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
25BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
26dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
27SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
28l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
29r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
30-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
deleted file mode 100644
index 2cf3148e33..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa1.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
3ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
4JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
5AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
6KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
7JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
8xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
9KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
10Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
11h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
12oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
13QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
14SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
23ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
24yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
28O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
299cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
30I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
deleted file mode 100644
index d41f69c82f..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa2.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
359i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
4WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
5AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
6+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
7dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
8bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
9QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
10M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
11iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
12A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
13jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
146rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
23eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
2400obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
28rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
29ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
30YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
deleted file mode 100644
index c8cbe55151..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa3.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
3ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
4h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
5AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
6iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
7/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
8ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
9hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
10OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
11RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
129XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
13GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
14VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
23Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
24Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
28tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
29jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
30PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 055269eab8..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl crl'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testcrl.pem
9fi
10
11echo testing crl conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index faad3914a8..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ ca ]
10default_ca = CA_default # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir = ./demoCA # Where everything is kept
16certs = $dir/certs # Where the issued certs are kept
17crl_dir = $dir/crl # Where the issued crl are kept
18database = $dir/index.txt # database index file.
19new_certs_dir = $dir/new_certs # default place for new certs.
20
21certificate = $dir/CAcert.pem # The CA certificate
22serial = $dir/serial # The current serial number
23crl = $dir/crl.pem # The current CRL
24private_key = $dir/private/CAkey.pem# The private key
25RANDFILE = $dir/private/.rand # private random number file
26
27default_days = 365 # how long to certify for
28default_crl_days= 30 # how long before next CRL
29default_md = md5 # which md to use.
30
31# A few difference way of specifying how similar the request should look
32# For type CA, the listed attributes must be the same, and the optional
33# and supplied fields are just that :-)
34policy = policy_match
35
36# For the CA policy
37[ policy_match ]
38countryName = match
39stateOrProvinceName = match
40organizationName = match
41organizationalUnitName = optional
42commonName = supplied
43emailAddress = optional
44
45# For the 'anything' policy
46# At this point in time, you must list all acceptable 'object'
47# types.
48[ policy_anything ]
49countryName = optional
50stateOrProvinceName = optional
51localityName = optional
52organizationName = optional
53organizationalUnitName = optional
54commonName = supplied
55emailAddress = optional
56
57####################################################################
58[ req ]
59default_bits = 512
60default_keyfile = testkey.pem
61distinguished_name = req_distinguished_name
62encrypt_rsa_key = no
63
64[ req_distinguished_name ]
65countryName = Country Name (2 letter code)
66countryName_default = AU
67countryName_value = AU
68
69stateOrProvinceName = State or Province Name (full name)
70stateOrProvinceName_default = Queensland
71stateOrProvinceName_value =
72
73localityName = Locality Name (eg, city)
74localityName_value = Brisbane
75
76organizationName = Organization Name (eg, company)
77organizationName_default =
78organizationName_value = CryptSoft Pty Ltd
79
80organizationalUnitName = Organizational Unit Name (eg, section)
81organizationalUnitName_default =
82organizationalUnitName_value = .
83
84commonName = Common Name (eg, YOUR name)
85commonName_value = Eric Young
86
87emailAddress = Email Address
88emailAddress_value = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni
deleted file mode 100644
index e8fb63ee2b..0000000000
--- a/src/lib/libssl/test/test_aesni
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine aesni | grep -v no-aesni; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25 BUFSIZE="16 32 48 64 80 96 128 144 999"
26
27 nerr=0
28
29 for alg in $AES_ALGS; do
30 echo $alg
31 for bufsize in $BUFSIZE; do
32 TEST=`( cat $PROG | \
33 $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
34 $PROG enc -d -k "$HASH" -$alg | \
35 $PROG dgst -hex ) 2>/dev/null`
36 if [ "$TEST" != "$HASH" ]; then
37 echo "-$alg/$bufsize encrypt test failed"
38 nerr=`expr $nerr + 1`
39 fi
40 done
41 for bufsize in $BUFSIZE; do
42 TEST=`( cat $PROG | \
43 $PROG enc -e -k "$HASH" -$alg | \
44 $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
45 $PROG dgst -hex ) 2>/dev/null`
46 if [ "$TEST" != "$HASH" ]; then
47 echo "-$alg/$bufsize decrypt test failed"
48 nerr=`expr $nerr + 1`
49 fi
50 done
51 TEST=`( cat $PROG | \
52 $PROG enc -e -k "$HASH" -$alg -engine aesni | \
53 $PROG enc -d -k "$HASH" -$alg -engine aesni | \
54 $PROG dgst -hex ) 2>/dev/null`
55 if [ "$TEST" != "$HASH" ]; then
56 echo "-$alg en/decrypt test failed"
57 nerr=`expr $nerr + 1`
58 fi
59 done
60
61 if [ $nerr -gt 0 ]; then
62 echo "AESNI engine test failed."
63 exit 1;
64 fi
65else
66 echo "AESNI engine is not available"
67fi
68
69exit 0
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
deleted file mode 100755
index 5c0f21043c..0000000000
--- a/src/lib/libssl/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine padlock | grep -v no-ACE; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25
26 nerr=0
27
28 for alg in $ACE_ALGS; do
29 echo $alg
30 TEST=`( cat $PROG | \
31 $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
32 $PROG enc -d -k "$HASH" -$alg | \
33 $PROG dgst -hex ) 2>/dev/null`
34 if [ "$TEST" != "$HASH" ]; then
35 echo "-$alg encrypt test failed"
36 nerr=`expr $nerr + 1`
37 fi
38 TEST=`( cat $PROG | \
39 $PROG enc -e -k "$HASH" -$alg | \
40 $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
41 $PROG dgst -hex ) 2>/dev/null`
42 if [ "$TEST" != "$HASH" ]; then
43 echo "-$alg decrypt test failed"
44 nerr=`expr $nerr + 1`
45 fi
46 TEST=`( cat $PROG | \
47 $PROG enc -e -k "$HASH" -$alg -engine padlock | \
48 $PROG enc -d -k "$HASH" -$alg -engine padlock | \
49 $PROG dgst -hex ) 2>/dev/null`
50 if [ "$TEST" != "$HASH" ]; then
51 echo "-$alg en/decrypt test failed"
52 nerr=`expr $nerr + 1`
53 fi
54 done
55
56 if [ $nerr -gt 0 ]; then
57 echo "PadLock ACE test failed."
58 exit 1;
59 fi
60else
61 echo "PadLock ACE is not available"
62fi
63
64exit 0
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index b109cfe271..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
1#!/bin/sh
2
3SH="/bin/sh"
4if test "$OSTYPE" = msdosdjgpp; then
5 PATH="../apps\;$PATH"
6else
7 PATH="../apps:$PATH"
8fi
9export SH PATH
10
11SSLEAY_CONFIG="-config CAss.cnf"
12export SSLEAY_CONFIG
13
14OPENSSL="`pwd`/../util/opensslwrap.sh"
15export OPENSSL
16
17/bin/rm -fr demoCA
18$SH ../apps/CA.sh -newca <<EOF
19EOF
20
21if [ $? != 0 ]; then
22 exit 1;
23fi
24
25SSLEAY_CONFIG="-config Uss.cnf"
26export SSLEAY_CONFIG
27$SH ../apps/CA.sh -newreq
28if [ $? != 0 ]; then
29 exit 1;
30fi
31
32
33SSLEAY_CONFIG="-config ../apps/openssl.cnf"
34export SSLEAY_CONFIG
35$SH ../apps/CA.sh -sign <<EOF
36y
37y
38EOF
39if [ $? != 0 ]; then
40 exit 1;
41fi
42
43
44$SH ../apps/CA.sh -verify newcert.pem
45if [ $? != 0 ]; then
46 exit 1;
47fi
48
49/bin/rm -fr demoCA newcert.pem newreq.pem
50#usage: CA -newcert|-newreq|-newca|-sign|-verify
51
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN X509 CRL-----
2MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
3F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
4IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
5MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
6MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
7MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
8MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
9MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
10MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
11NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
12NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
13AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
14wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
15JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
16-----END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index f5ce7c0c45..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
1#!/bin/sh
2
3testsrc=Makefile
4test=./p
5cmd="../util/shlib_wrap.sh ../apps/openssl"
6
7cat $testsrc >$test;
8
9echo cat
10$cmd enc < $test > $test.cipher
11$cmd enc < $test.cipher >$test.clear
12cmp $test $test.clear
13if [ $? != 0 ]
14then
15 exit 1
16else
17 /bin/rm $test.cipher $test.clear
18fi
19echo base64
20$cmd enc -a -e < $test > $test.cipher
21$cmd enc -a -d < $test.cipher >$test.clear
22cmp $test $test.clear
23if [ $? != 0 ]
24then
25 exit 1
26else
27 /bin/rm $test.cipher $test.clear
28fi
29
30for i in `$cmd list-cipher-commands`
31do
32 echo $i
33 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
34 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
35 cmp $test $test.$i.clear
36 if [ $? != 0 ]
37 then
38 exit 1
39 else
40 /bin/rm $test.$i.cipher $test.$i.clear
41 fi
42
43 echo $i base64
44 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
45 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
46 cmp $test $test.$i.clear
47 if [ $? != 0 ]
48 then
49 exit 1
50 else
51 /bin/rm $test.$i.cipher $test.$i.clear
52 fi
53done
54rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/sh
2
3T=testcert
4KEY=512
5CA=../certs/testca.pem
6
7/bin/rm -f $T.1 $T.2 $T.key
8
9if test "$OSTYPE" = msdosdjgpp; then
10 PATH=../apps\;$PATH;
11else
12 PATH=../apps:$PATH;
13fi
14export PATH
15
16echo "generating certificate request"
17
18echo "string to make the random number generator think it has entropy" >> ./.rnd
19
20if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
21 req_new='-newkey dsa:../apps/dsa512.pem'
22else
23 req_new='-new'
24 echo "There should be a 2 sequences of .'s and some +'s."
25 echo "There should not be more that at most 80 per line"
26fi
27
28echo "This could take some time."
29
30rm -f testkey.pem testreq.pem
31
32../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
33if [ $? != 0 ]; then
34echo problems creating request
35exit 1
36fi
37
38../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
39if [ $? != 0 ]; then
40echo signature on req is wrong
41exit 1
42fi
43
44exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
1-----BEGIN PKCS7-----
2MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
3cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
4DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
5BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
6HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
7ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
8biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
9aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
10aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
11VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
12UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
13AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
14BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
15ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
16IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
17bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
18L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
19OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
20IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
21ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
22cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
23QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
24MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
25AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
26cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
27AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
28MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
29QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
30dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
31Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
32DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
33TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
34AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
352d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
3647ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
37MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
38QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
39AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
40ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
41BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
42ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
43MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
44sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
45XfZsaiiIgotQHjEA
46-----END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
3QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
4DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
5hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
6gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
7-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
3Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
4rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
5oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
6mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
7rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
8mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
1-----BEGIN SSL SESSION PARAMETERS-----
2MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
3bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
4ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
5YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
6A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
7LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
8CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
9TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
10hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
11CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
12-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
1#!/bin/sh
2
3digest='-sha1'
4reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
5x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
6verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
7dummycnf="../apps/openssl.cnf"
8
9CAkey="keyCA.ss"
10CAcert="certCA.ss"
11CAreq="reqCA.ss"
12CAconf="CAss.cnf"
13CAreq2="req2CA.ss" # temp
14
15Uconf="Uss.cnf"
16Ukey="keyU.ss"
17Ureq="reqU.ss"
18Ucert="certU.ss"
19
20P1conf="P1ss.cnf"
21P1key="keyP1.ss"
22P1req="reqP1.ss"
23P1cert="certP1.ss"
24P1intermediate="tmp_intP1.ss"
25
26P2conf="P2ss.cnf"
27P2key="keyP2.ss"
28P2req="reqP2.ss"
29P2cert="certP2.ss"
30P2intermediate="tmp_intP2.ss"
31
32echo
33echo "make a certificate request using 'req'"
34
35echo "string to make the random number generator think it has entropy" >> ./.rnd
36
37if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
38 req_new='-newkey dsa:../apps/dsa512.pem'
39else
40 req_new='-new'
41fi
42
43$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
44if [ $? != 0 ]; then
45 echo "error using 'req' to generate a certificate request"
46 exit 1
47fi
48echo
49echo "convert the certificate request into a self signed certificate using 'x509'"
50$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
51if [ $? != 0 ]; then
52 echo "error using 'x509' to self sign a certificate request"
53 exit 1
54fi
55
56echo
57echo "convert a certificate into a certificate request using 'x509'"
58$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
59if [ $? != 0 ]; then
60 echo "error using 'x509' convert a certificate to a certificate request"
61 exit 1
62fi
63
64$reqcmd -config $dummycnf -verify -in $CAreq -noout
65if [ $? != 0 ]; then
66 echo first generated request is invalid
67 exit 1
68fi
69
70$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
71if [ $? != 0 ]; then
72 echo second generated request is invalid
73 exit 1
74fi
75
76$verifycmd -CAfile $CAcert $CAcert
77if [ $? != 0 ]; then
78 echo first generated cert is invalid
79 exit 1
80fi
81
82echo
83echo "make a user certificate request using 'req'"
84$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
85if [ $? != 0 ]; then
86 echo "error using 'req' to generate a user certificate request"
87 exit 1
88fi
89
90echo
91echo "sign user certificate request with the just created CA via 'x509'"
92$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
93if [ $? != 0 ]; then
94 echo "error using 'x509' to sign a user certificate request"
95 exit 1
96fi
97
98$verifycmd -CAfile $CAcert $Ucert
99echo
100echo "Certificate details"
101$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
102
103echo
104echo "make a proxy certificate request using 'req'"
105$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
106if [ $? != 0 ]; then
107 echo "error using 'req' to generate a proxy certificate request"
108 exit 1
109fi
110
111echo
112echo "sign proxy certificate request with the just created user certificate via 'x509'"
113$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
114if [ $? != 0 ]; then
115 echo "error using 'x509' to sign a proxy certificate request"
116 exit 1
117fi
118
119cat $Ucert > $P1intermediate
120$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
121echo
122echo "Certificate details"
123$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
124
125echo
126echo "make another proxy certificate request using 'req'"
127$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
128if [ $? != 0 ]; then
129 echo "error using 'req' to generate another proxy certificate request"
130 exit 1
131fi
132
133echo
134echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
135$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
136if [ $? != 0 ]; then
137 echo "error using 'x509' to sign a second proxy certificate request"
138 exit 1
139fi
140
141cat $Ucert $P1cert > $P2intermediate
142$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
143echo
144echo "Certificate details"
145$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
146
147echo
148echo The generated CA certificate is $CAcert
149echo The generated CA private key is $CAkey
150
151echo The generated user certificate is $Ucert
152echo The generated user private key is $Ukey
153
154echo The first generated proxy certificate is $P1cert
155echo The first generated proxy private key is $P1key
156
157echo The second generated proxy certificate is $P2cert
158echo The second generated proxy private key is $P2key
159
160/bin/rm err.ss
161#/bin/rm $P1intermediate
162#/bin/rm $P2intermediate
163exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index f9d7c5d65f..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,151 +0,0 @@
1#!/bin/sh
2
3if [ "$1" = "" ]; then
4 key=../apps/server.pem
5else
6 key="$1"
7fi
8if [ "$2" = "" ]; then
9 cert=../apps/server.pem
10else
11 cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16 dsa_cert=YES
17else
18 dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22 CA="-CApath ../certs"
23else
24 CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28 extra=""
29else
30 extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42 echo test sslv2 with client authentication
43 $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45 echo test sslv2 with both client and server authentication
46 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2 via BIO pair
74$ssltest -bio_pair -ssl2 $extra || exit 1
75
76echo test sslv2 with server authentication via BIO pair
77$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78
79if [ $dsa_cert = NO ]; then
80 echo test sslv2 with client authentication via BIO pair
81 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82
83 echo test sslv2 with both client and server authentication via BIO pair
84 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85fi
86
87echo test sslv3 via BIO pair
88$ssltest -bio_pair -ssl3 $extra || exit 1
89
90echo test sslv3 with server authentication via BIO pair
91$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92
93echo test sslv3 with client authentication via BIO pair
94$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95
96echo test sslv3 with both client and server authentication via BIO pair
97$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 via BIO pair
100$ssltest $extra || exit 1
101
102if [ $dsa_cert = NO ]; then
103 echo test sslv2/sslv3 w/o DHE via BIO pair
104 $ssltest -bio_pair -no_dhe $extra || exit 1
105fi
106
107echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109
110echo test sslv2/sslv3 with server authentication
111$ssltest -bio_pair -server_auth $CA $extra || exit 1
112
113echo test sslv2/sslv3 with client authentication via BIO pair
114$ssltest -bio_pair -client_auth $CA $extra || exit 1
115
116echo test sslv2/sslv3 with both client and server authentication via BIO pair
117$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118
119echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121
122#############################################################################
123
124if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
125 echo skipping anonymous DH tests
126else
127 echo test tls1 with 1024bit anonymous DH, multiple handshakes
128 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
129fi
130
131if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
132 echo skipping RSA tests
133else
134 echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
135 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
136
137 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
138 echo skipping RSA+DHE tests
139 else
140 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
141 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
142 fi
143fi
144
145echo test tls1 with PSK
146$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
147
148echo test tls1 with PSK via BIO pair
149$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
150
151exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
1#! /bin/sh
2
3echo 'Testing a lot of proxy conditions.'
4echo 'Some of them may turn out being invalid, which is fine.'
5for auth in A B C BC; do
6 for cond in A B C 'A|B&!C'; do
7 sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
8 if [ $? = 3 ]; then exit 1; fi
9 done
10done
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
deleted file mode 100644
index bb653b5f73..0000000000
--- a/src/lib/libssl/test/testtsa
+++ /dev/null
@@ -1,238 +0,0 @@
1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
17# Because that's what ../apps/CA.sh really looks at
18SSLEAY_CONFIG="-config $OPENSSL_CONF"
19export SSLEAY_CONFIG
20
21OPENSSL="`pwd`/../util/opensslwrap.sh"
22export OPENSSL
23
24error () {
25
26 echo "TSA test failed!" >&2
27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
56 export INDEX
57 EXT=$2
58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
60
61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
69 test $? != 0 && error
70}
71
72print_request () {
73
74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75}
76
77create_time_stamp_request1 () {
78
79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93 test $? != 0 && error
94}
95
96print_response () {
97
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113 test $? != 0 && error
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119 test $? != 0 && error
120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121 test $? != 0 && error
122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140 test $? != 0 && error
141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
143 test $? != 0 && error
144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
154 test $? = 0 && error
155 echo Ok
156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
3BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
4MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
5RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
6AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
7/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
8Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
9zl9HYIMxATFyqSiD9jsx
10-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 6b66eb342e..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
1
2More number for the questions about SSL overheads....
3
4The following numbers were generated on a Pentium pro 200, running Linux.
5They give an indication of the SSL protocol and encryption overheads.
6
7The program that generated them is an unreleased version of ssl/ssltest.c
8which is the SSLeay ssl protocol testing program. It is a single process that
9talks both sides of the SSL protocol via a non-blocking memory buffer
10interface.
11
12How do I read this? The protocol and cipher are reasonable obvious.
13The next number is the number of connections being made. The next is the
14number of bytes exchanged between the client and server side of the protocol.
15This is the number of bytes that the client sends to the server, and then
16the server sends back. Because this is all happening in one process,
17the data is being encrypted, decrypted, encrypted and then decrypted again.
18It is a round trip of that many bytes. Because the one process performs
19both the client and server sides of the protocol and it sends this many bytes
20each direction, multiply this number by 4 to generate the number
21of bytes encrypted/decrypted/MACed. The first time value is how many seconds
22elapsed doing a full SSL handshake, the second is the cost of one
23full handshake and the rest being session-id reuse.
24
25SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
26SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
27SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
28SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
29SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
30SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
31SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
32
33SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
34SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
35SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
36SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
37SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
38SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
39
40SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
41SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
42SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
43SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
44SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
45SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
46SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
47
48SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
49SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
50SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
51SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
52SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
53SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
54SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
55
56What does this all mean? Well for a server, with no session-id reuse, with
57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
58a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
59about 49 connections a second. Reality will be quite different :-).
60
61Remember the first number is 1000 full ssl handshakes, the second is
621 full and 999 with session-id reuse. The RSA overheads for each exchange
63would be one public and one private operation, but the protocol/MAC/cipher
64cost would be quite similar in both the client and server.
65
66eric (adding numbers to speculation)
67
68--- Appendix ---
69- The time measured is user time but these number a very rough.
70- Remember this is the cost of both client and server sides of the protocol.
71- The TCP/kernel overhead of connection establishment is normally the
72 killer in SSL. Often delays in the TCP protocol will make session-id
73 reuse look slower that new sessions, but this would not be the case on
74 a loaded server.
75- The TCP round trip latencies, while slowing individual connections,
76 would have minimal impact on throughput.
77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
78- the required number of bytes are processed.
79- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
80- A 512bit server key was being used except where noted.
81- No server key verification was being performed on the client side of the
82 protocol. This would slow things down very little.
83- The library being used is SSLeay 0.8.x.
84- The normal measuring system was commands of the form
85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
86 This modified version of ssltest should be in the next public release of
87 SSLeay.
88
89The general cipher performance number for this platform are
90
91SSLeay 0.8.2a 04-Sep-1997
92built on Fri Sep 5 17:37:05 EST 1997
93options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
94C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
95The 'numbers' are in 1000s of bytes per second processed.
96type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
97md2 131.02k 368.41k 500.57k 549.21k 566.09k
98mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
99md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
100sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
101sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
102rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
103des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
104des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
105idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
106rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
107blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
108 sign verify
109rsa 512 bits 0.0100s 0.0011s
110rsa 1024 bits 0.0451s 0.0012s
111rsa 2048 bits 0.2605s 0.0086s
112rsa 4096 bits 1.6883s 0.0302s
113
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 3e435ffbf9..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testp7.pem
9fi
10
11echo testing pkcs7 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp fff.p f.p
36if [ $? != 0 ]; then exit 1; fi
37cmp fff.p ff.p1
38if [ $? != 0 ]; then exit 1; fi
39cmp fff.p ff.p3
40if [ $? != 0 ]; then exit 1; fi
41
42cmp f.p ff.p1
43if [ $? != 0 ]; then exit 1; fi
44cmp f.p ff.p3
45if [ $? != 0 ]; then exit 1; fi
46
47/bin/rm -f f.* ff.* fff.*
48exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e88f..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=pkcs7-1.pem
9fi
10
11echo "testing pkcs7 conversions (2)"
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp f.p ff.p1
36if [ $? != 0 ]; then exit 1; fi
37cmp f.p ff.p3
38if [ $? != 0 ]; then exit 1; fi
39
40/bin/rm -f f.* ff.* fff.*
41exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 77f37dcf3a..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testreq.pem
9fi
10
11if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
12 echo "skipping req conversion test for $t"
13 exit 0
14fi
15
16echo testing req conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -verify -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -verify -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 249ac1ddcc..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
4 echo skipping rsa conversion test
5 exit 0
6fi
7
8cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
9
10if [ "$1"x != "x" ]; then
11 t=$1
12else
13 t=testrsa.pem
14fi
15
16echo testing rsa conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index 6adbd531ce..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testsid.pem
9fi
10
11echo testing session-id conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 4a15b98d17..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl x509'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testx509.pem
9fi
10
11echo testing X509 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> n"
18$cmd -in fff.p -inform p -outform n >f.n
19if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27echo "n -> d"
28$cmd -in f.n -inform n -outform d >ff.d2
29if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34echo "d -> n"
35$cmd -in f.d -inform d -outform n >ff.n1
36if [ $? != 0 ]; then exit 1; fi
37echo "n -> n"
38$cmd -in f.n -inform n -outform n >ff.n2
39if [ $? != 0 ]; then exit 1; fi
40echo "p -> n"
41$cmd -in f.p -inform p -outform n >ff.n3
42if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47echo "n -> p"
48$cmd -in f.n -inform n -outform p >ff.p2
49if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58cmp fff.p ff.p2
59if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63cmp f.n ff.n1
64if [ $? != 0 ]; then exit 1; fi
65cmp f.n ff.n2
66if [ $? != 0 ]; then exit 1; fi
67cmp f.n ff.n3
68if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72cmp f.p ff.p2
73if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
3NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
4dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
5ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
6ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
7ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
8miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
9AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
10Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
11DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
12MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
13AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
14X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
15WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
3YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
4ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
5dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
6WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
7BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
8FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
96ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
10G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
11YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
12b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
13F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
14lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
15jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index b3cc8f098b..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,532 +0,0 @@
1/* ssl/tls1.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#ifndef HEADER_TLS1_H
152#define HEADER_TLS1_H
153
154#include <openssl/buffer.h>
155
156#ifdef __cplusplus
157extern "C" {
158#endif
159
160#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
161
162#define TLS1_VERSION 0x0301
163#define TLS1_VERSION_MAJOR 0x03
164#define TLS1_VERSION_MINOR 0x01
165
166#define TLS1_AD_DECRYPTION_FAILED 21
167#define TLS1_AD_RECORD_OVERFLOW 22
168#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
169#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
170#define TLS1_AD_DECODE_ERROR 50 /* fatal */
171#define TLS1_AD_DECRYPT_ERROR 51
172#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
173#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
174#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
175#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
176#define TLS1_AD_USER_CANCELLED 90
177#define TLS1_AD_NO_RENEGOTIATION 100
178/* codes 110-114 are from RFC3546 */
179#define TLS1_AD_UNSUPPORTED_EXTENSION 110
180#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
181#define TLS1_AD_UNRECOGNIZED_NAME 112
182#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
183#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
184#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
185
186/* ExtensionType values from RFC3546 / RFC4366 */
187#define TLSEXT_TYPE_server_name 0
188#define TLSEXT_TYPE_max_fragment_length 1
189#define TLSEXT_TYPE_client_certificate_url 2
190#define TLSEXT_TYPE_trusted_ca_keys 3
191#define TLSEXT_TYPE_truncated_hmac 4
192#define TLSEXT_TYPE_status_request 5
193/* ExtensionType values from RFC4492 */
194#define TLSEXT_TYPE_elliptic_curves 10
195#define TLSEXT_TYPE_ec_point_formats 11
196#define TLSEXT_TYPE_session_ticket 35
197/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
198#if 0 /* will have to be provided externally for now ,
199 * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
200 * using whatever extension number you'd like to try */
201# define TLSEXT_TYPE_opaque_prf_input ?? */
202#endif
203
204/* Temporary extension type */
205#define TLSEXT_TYPE_renegotiate 0xff01
206
207/* NameType value from RFC 3546 */
208#define TLSEXT_NAMETYPE_host_name 0
209/* status request value from RFC 3546 */
210#define TLSEXT_STATUSTYPE_ocsp 1
211
212/* ECPointFormat values from draft-ietf-tls-ecc-12 */
213#define TLSEXT_ECPOINTFORMAT_first 0
214#define TLSEXT_ECPOINTFORMAT_uncompressed 0
215#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
216#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
217#define TLSEXT_ECPOINTFORMAT_last 2
218
219#ifndef OPENSSL_NO_TLSEXT
220
221#define TLSEXT_MAXLEN_host_name 255
222
223const char *SSL_get_servername(const SSL *s, const int type) ;
224int SSL_get_servername_type(const SSL *s) ;
225
226#define SSL_set_tlsext_host_name(s,name) \
227SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
228
229#define SSL_set_tlsext_debug_callback(ssl, cb) \
230SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
231
232#define SSL_set_tlsext_debug_arg(ssl, arg) \
233SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
234
235#define SSL_set_tlsext_status_type(ssl, type) \
236SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
237
238#define SSL_get_tlsext_status_exts(ssl, arg) \
239SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
240
241#define SSL_set_tlsext_status_exts(ssl, arg) \
242SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
243
244#define SSL_get_tlsext_status_ids(ssl, arg) \
245SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
246
247#define SSL_set_tlsext_status_ids(ssl, arg) \
248SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
249
250#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
251SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
252
253#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
254SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
255
256#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
257SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
258
259#define SSL_TLSEXT_ERR_OK 0
260#define SSL_TLSEXT_ERR_ALERT_WARNING 1
261#define SSL_TLSEXT_ERR_ALERT_FATAL 2
262#define SSL_TLSEXT_ERR_NOACK 3
263
264#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
265SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
266
267#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
268 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
269#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
270 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
271
272#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
273SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
274
275#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
276SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
277
278#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
279SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
280#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
281SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
282#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
283SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
284
285#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
286SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
287
288#endif
289
290/* PSK ciphersuites from 4279 */
291#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
292#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
293#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
294#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
295
296/* Additional TLS ciphersuites from expired Internet Draft
297 * draft-ietf-tls-56-bit-ciphersuites-01.txt
298 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
299 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
300 * shouldn't. Note that the first two are actually not in the IDs. */
301#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */
302#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
303#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
304#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
305#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
306#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
307#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
308
309/* AES ciphersuites from RFC3268 */
310
311#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
312#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
313#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
314#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
315#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
316#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
317
318#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
319#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
320#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
321#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
322#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
323#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
324
325/* Camellia ciphersuites from RFC4132 */
326#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
327#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
328#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
329#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
330#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
331#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
332
333#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
334#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
335#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
336#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
337#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
338#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
339
340/* SEED ciphersuites from RFC4162 */
341#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
342#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
343#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
344#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
345#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
346#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
347
348/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
349#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
350#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
351#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
352#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
353#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
354
355#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
356#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
357#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
358#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
359#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
360
361#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
362#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
363#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
364#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
365#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
366
367#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
368#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
369#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
370#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
371#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
372
373#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
374#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
375#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
376#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
377#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
378
379/* XXX
380 * Inconsistency alert:
381 * The OpenSSL names of ciphers with ephemeral DH here include the string
382 * "DHE", while elsewhere it has always been "EDH".
383 * (The alias for the list of all such ciphers also is "EDH".)
384 * The specifications speak of "EDH"; maybe we should allow both forms
385 * for everything. */
386#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
387#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
388#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
389#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
390#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
391#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
392#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
393
394/* AES ciphersuites from RFC3268 */
395#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
396#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
397#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
398#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
399#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
400#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
401
402#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
403#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
404#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
405#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
406#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
407#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
408
409/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
410#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
411#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
412#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
413#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
414#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
415
416#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
417#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
418#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
419#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
420#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
421
422#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
423#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
424#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
425#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
426#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
427
428#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
429#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
430#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
431#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
432#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
433
434#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
435#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
436#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
437#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
438#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
439
440/* PSK ciphersuites from RFC 4279 */
441#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
442#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
443#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
444#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
445
446/* Camellia ciphersuites from RFC4132 */
447#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
448#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
449#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
450#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
451#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
452#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
453
454#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
455#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
456#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
457#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
458#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
459#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
460
461/* SEED ciphersuites from RFC4162 */
462#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
463#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
464#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
465#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
466#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
467#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
468
469
470#define TLS_CT_RSA_SIGN 1
471#define TLS_CT_DSS_SIGN 2
472#define TLS_CT_RSA_FIXED_DH 3
473#define TLS_CT_DSS_FIXED_DH 4
474#define TLS_CT_ECDSA_SIGN 64
475#define TLS_CT_RSA_FIXED_ECDH 65
476#define TLS_CT_ECDSA_FIXED_ECDH 66
477#define TLS_CT_GOST94_SIGN 21
478#define TLS_CT_GOST01_SIGN 22
479/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
480 * comment there) */
481#define TLS_CT_NUMBER 9
482
483#define TLS1_FINISH_MAC_LENGTH 12
484
485#define TLS_MD_MAX_CONST_SIZE 20
486#define TLS_MD_CLIENT_FINISH_CONST "client finished"
487#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
488#define TLS_MD_SERVER_FINISH_CONST "server finished"
489#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
490#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
491#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
492#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
493#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
494#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
495#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
496#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
497#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
498#define TLS_MD_IV_BLOCK_CONST "IV block"
499#define TLS_MD_IV_BLOCK_CONST_SIZE 8
500#define TLS_MD_MASTER_SECRET_CONST "master secret"
501#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
502
503#ifdef CHARSET_EBCDIC
504#undef TLS_MD_CLIENT_FINISH_CONST
505#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/
506#undef TLS_MD_SERVER_FINISH_CONST
507#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/
508#undef TLS_MD_SERVER_WRITE_KEY_CONST
509#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
510#undef TLS_MD_KEY_EXPANSION_CONST
511#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/
512#undef TLS_MD_CLIENT_WRITE_KEY_CONST
513#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/
514#undef TLS_MD_SERVER_WRITE_KEY_CONST
515#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
516#undef TLS_MD_IV_BLOCK_CONST
517#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/
518#undef TLS_MD_MASTER_SECRET_CONST
519#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
520#endif
521
522/* TLS Session Ticket extension struct */
523struct tls_session_ticket_ext_st
524 {
525 unsigned short length;
526 void *data;
527 };
528
529#ifdef __cplusplus
530}
531#endif
532#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-08 16:33:42 +0000