summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2012-07-13 17:49:55 +0000
committercvs2svn <admin@example.com>2012-07-13 17:49:55 +0000
commit6fdb436ab2cd5b35066babb3a03be7ad0daf1ae2 (patch)
treea760cf389e7ea59961bb306a1f50bf5443205176 /src/lib/libssl
parent9204e59073bcf27e1487ec4ac46e981902ddd904 (diff)
downloadopenbsd-OPENBSD_5_2_BASE.tar.gz
openbsd-OPENBSD_5_2_BASE.tar.bz2
openbsd-OPENBSD_5_2_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_5_2_BASE'.OPENBSD_5_2_BASE
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/LICENSE127
-rw-r--r--src/lib/libssl/bio_ssl.c603
-rw-r--r--src/lib/libssl/d1_both.c1419
-rw-r--r--src/lib/libssl/d1_clnt.c1536
-rw-r--r--src/lib/libssl/d1_enc.c289
-rw-r--r--src/lib/libssl/d1_lib.c450
-rw-r--r--src/lib/libssl/d1_meth.c77
-rw-r--r--src/lib/libssl/d1_pkt.c1777
-rw-r--r--src/lib/libssl/d1_srvr.c1563
-rw-r--r--src/lib/libssl/doc/openssl.cnf350
-rw-r--r--src/lib/libssl/doc/openssl.txt1254
-rw-r--r--src/lib/libssl/doc/standards.txt285
-rw-r--r--src/lib/libssl/dtls1.h267
-rw-r--r--src/lib/libssl/s23_clnt.c696
-rw-r--r--src/lib/libssl/s23_lib.c187
-rw-r--r--src/lib/libssl/s23_pkt.c117
-rw-r--r--src/lib/libssl/s23_srvr.c594
-rw-r--r--src/lib/libssl/s3_both.c813
-rw-r--r--src/lib/libssl/s3_clnt.c3050
-rw-r--r--src/lib/libssl/s3_lib.c3338
-rw-r--r--src/lib/libssl/s3_pkt.c1459
-rw-r--r--src/lib/libssl/s3_srvr.c3212
-rw-r--r--src/lib/libssl/shlib_version2
-rw-r--r--src/lib/libssl/ssl.h2304
-rw-r--r--src/lib/libssl/ssl2.h268
-rw-r--r--src/lib/libssl/ssl23.h83
-rw-r--r--src/lib/libssl/ssl3.h648
-rw-r--r--src/lib/libssl/ssl_algs.c140
-rw-r--r--src/lib/libssl/ssl_asn1.c592
-rw-r--r--src/lib/libssl/ssl_cert.c834
-rw-r--r--src/lib/libssl/ssl_ciph.c1747
-rw-r--r--src/lib/libssl/ssl_err.c573
-rw-r--r--src/lib/libssl/ssl_err2.c70
-rw-r--r--src/lib/libssl/ssl_lib.c3045
-rw-r--r--src/lib/libssl/ssl_locl.h1079
-rw-r--r--src/lib/libssl/ssl_rsa.c779
-rw-r--r--src/lib/libssl/ssl_sess.c1095
-rw-r--r--src/lib/libssl/ssl_stat.c567
-rw-r--r--src/lib/libssl/ssl_txt.c240
-rw-r--r--src/lib/libssl/t1_clnt.c79
-rw-r--r--src/lib/libssl/t1_enc.c1045
-rw-r--r--src/lib/libssl/t1_lib.c1753
-rw-r--r--src/lib/libssl/t1_meth.c76
-rw-r--r--src/lib/libssl/t1_reneg.c292
-rw-r--r--src/lib/libssl/t1_srvr.c80
-rw-r--r--src/lib/libssl/test/CAss.cnf76
-rw-r--r--src/lib/libssl/test/CAssdh.cnf24
-rw-r--r--src/lib/libssl/test/CAssdsa.cnf23
-rw-r--r--src/lib/libssl/test/CAssrsa.cnf24
-rw-r--r--src/lib/libssl/test/CAtsa.cnf163
-rw-r--r--src/lib/libssl/test/P1ss.cnf37
-rw-r--r--src/lib/libssl/test/P2ss.cnf45
-rw-r--r--src/lib/libssl/test/Sssdsa.cnf27
-rw-r--r--src/lib/libssl/test/Sssrsa.cnf26
-rw-r--r--src/lib/libssl/test/Uss.cnf36
-rw-r--r--src/lib/libssl/test/VMSca-response.11
-rw-r--r--src/lib/libssl/test/VMSca-response.22
-rwxr-xr-xsrc/lib/libssl/test/asn1test.c22
-rw-r--r--src/lib/libssl/test/bctest111
-rw-r--r--src/lib/libssl/test/cms-examples.pl409
-rw-r--r--src/lib/libssl/test/cms-test.pl457
-rw-r--r--src/lib/libssl/test/methtest.c105
-rw-r--r--src/lib/libssl/test/pkcs7-1.pem15
-rw-r--r--src/lib/libssl/test/pkcs7.pem54
-rw-r--r--src/lib/libssl/test/pkits-test.pl940
-rw-r--r--src/lib/libssl/test/r160test.c57
-rw-r--r--src/lib/libssl/test/smcont.txt1
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa1.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa2.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa3.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsap.pem9
-rw-r--r--src/lib/libssl/test/smime-certs/smroot.pem30
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa1.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa2.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa3.pem31
-rw-r--r--src/lib/libssl/test/tcrl78
-rw-r--r--src/lib/libssl/test/test.cnf88
-rw-r--r--src/lib/libssl/test/test_aesni69
-rwxr-xr-xsrc/lib/libssl/test/test_padlock64
-rw-r--r--src/lib/libssl/test/testca51
-rw-r--r--src/lib/libssl/test/testcrl.pem16
-rw-r--r--src/lib/libssl/test/testenc54
-rw-r--r--src/lib/libssl/test/testgen44
-rw-r--r--src/lib/libssl/test/testp7.pem46
-rw-r--r--src/lib/libssl/test/testreq2.pem7
-rw-r--r--src/lib/libssl/test/testrsa.pem9
-rw-r--r--src/lib/libssl/test/testsid.pem12
-rw-r--r--src/lib/libssl/test/testss163
-rw-r--r--src/lib/libssl/test/testssl151
-rw-r--r--src/lib/libssl/test/testsslproxy10
-rw-r--r--src/lib/libssl/test/testtsa238
-rw-r--r--src/lib/libssl/test/testx509.pem10
-rw-r--r--src/lib/libssl/test/times113
-rw-r--r--src/lib/libssl/test/tpkcs748
-rw-r--r--src/lib/libssl/test/tpkcs7d41
-rw-r--r--src/lib/libssl/test/treq83
-rw-r--r--src/lib/libssl/test/trsa83
-rw-r--r--src/lib/libssl/test/tsid78
-rw-r--r--src/lib/libssl/test/tx50978
-rw-r--r--src/lib/libssl/test/v3-cert1.pem16
-rw-r--r--src/lib/libssl/test/v3-cert2.pem16
-rw-r--r--src/lib/libssl/tls1.h532
102 files changed, 0 insertions, 45941 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index e47d101f10..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,127 +0,0 @@
1
2 LICENSE ISSUES
3 ==============
4
5 The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
6 the OpenSSL License and the original SSLeay license apply to the toolkit.
7 See below for the actual license texts. Actually both licenses are BSD-style
8 Open Source licenses. In case of any license issues related to OpenSSL
9 please contact openssl-core@openssl.org.
10
11 OpenSSL License
12 ---------------
13
14/* ====================================================================
15 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 *
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 *
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in
26 * the documentation and/or other materials provided with the
27 * distribution.
28 *
29 * 3. All advertising materials mentioning features or use of this
30 * software must display the following acknowledgment:
31 * "This product includes software developed by the OpenSSL Project
32 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
33 *
34 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
35 * endorse or promote products derived from this software without
36 * prior written permission. For written permission, please contact
37 * openssl-core@openssl.org.
38 *
39 * 5. Products derived from this software may not be called "OpenSSL"
40 * nor may "OpenSSL" appear in their names without prior written
41 * permission of the OpenSSL Project.
42 *
43 * 6. Redistributions of any form whatsoever must retain the following
44 * acknowledgment:
45 * "This product includes software developed by the OpenSSL Project
46 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
49 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
51 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
52 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
54 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
55 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
57 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
59 * OF THE POSSIBILITY OF SUCH DAMAGE.
60 * ====================================================================
61 *
62 * This product includes cryptographic software written by Eric Young
63 * (eay@cryptsoft.com). This product includes software written by Tim
64 * Hudson (tjh@cryptsoft.com).
65 *
66 */
67
68 Original SSLeay License
69 -----------------------
70
71/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
72 * All rights reserved.
73 *
74 * This package is an SSL implementation written
75 * by Eric Young (eay@cryptsoft.com).
76 * The implementation was written so as to conform with Netscapes SSL.
77 *
78 * This library is free for commercial and non-commercial use as long as
79 * the following conditions are aheared to. The following conditions
80 * apply to all code found in this distribution, be it the RC4, RSA,
81 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
82 * included with this distribution is covered by the same copyright terms
83 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
84 *
85 * Copyright remains Eric Young's, and as such any Copyright notices in
86 * the code are not to be removed.
87 * If this package is used in a product, Eric Young should be given attribution
88 * as the author of the parts of the library used.
89 * This can be in the form of a textual message at program startup or
90 * in documentation (online or textual) provided with the package.
91 *
92 * Redistribution and use in source and binary forms, with or without
93 * modification, are permitted provided that the following conditions
94 * are met:
95 * 1. Redistributions of source code must retain the copyright
96 * notice, this list of conditions and the following disclaimer.
97 * 2. Redistributions in binary form must reproduce the above copyright
98 * notice, this list of conditions and the following disclaimer in the
99 * documentation and/or other materials provided with the distribution.
100 * 3. All advertising materials mentioning features or use of this software
101 * must display the following acknowledgement:
102 * "This product includes cryptographic software written by
103 * Eric Young (eay@cryptsoft.com)"
104 * The word 'cryptographic' can be left out if the rouines from the library
105 * being used are not cryptographic related :-).
106 * 4. If you include any Windows specific code (or a derivative thereof) from
107 * the apps directory (application code) you must include an acknowledgement:
108 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
109 *
110 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
111 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
112 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
113 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
114 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
115 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
116 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
117 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
118 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
119 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
120 * SUCH DAMAGE.
121 *
122 * The licence and distribution terms for any publically available version or
123 * derivative of this code cannot be changed. i.e. this code cannot simply be
124 * copied and put under another distribution licence
125 * [including the GNU Public Licence.]
126 */
127
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index eedac8a3fc..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,603 +0,0 @@
1/* ssl/bio_ssl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <errno.h>
63#include <openssl/crypto.h>
64#include <openssl/bio.h>
65#include <openssl/err.h>
66#include <openssl/ssl.h>
67
68static int ssl_write(BIO *h, const char *buf, int num);
69static int ssl_read(BIO *h, char *buf, int size);
70static int ssl_puts(BIO *h, const char *str);
71static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st
76 {
77 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates;
80 unsigned long renegotiate_count;
81 unsigned long byte_count;
82 unsigned long renegotiate_timeout;
83 unsigned long last_time;
84 } BIO_SSL;
85
86static BIO_METHOD methods_sslp=
87 {
88 BIO_TYPE_SSL,"ssl",
89 ssl_write,
90 ssl_read,
91 ssl_puts,
92 NULL, /* ssl_gets, */
93 ssl_ctrl,
94 ssl_new,
95 ssl_free,
96 ssl_callback_ctrl,
97 };
98
99BIO_METHOD *BIO_f_ssl(void)
100 {
101 return(&methods_sslp);
102 }
103
104static int ssl_new(BIO *bi)
105 {
106 BIO_SSL *bs;
107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL)
110 {
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 }
120
121static int ssl_free(BIO *a)
122 {
123 BIO_SSL *bs;
124
125 if (a == NULL) return(0);
126 bs=(BIO_SSL *)a->ptr;
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
128 if (a->shutdown)
129 {
130 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl);
132 a->init=0;
133 a->flags=0;
134 }
135 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr);
137 return(1);
138 }
139
140static int ssl_read(BIO *b, char *out, int outl)
141 {
142 int ret=1;
143 BIO_SSL *sb;
144 SSL *ssl;
145 int retry_reason=0;
146 int r=0;
147
148 if (out == NULL) return(0);
149 sb=(BIO_SSL *)b->ptr;
150 ssl=sb->ssl;
151
152 BIO_clear_retry_flags(b);
153
154#if 0
155 if (!SSL_is_init_finished(ssl))
156 {
157/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0)
159 {
160
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1;
163 goto end;
164 }
165 }
166#endif
167/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl);
169
170 switch (SSL_get_error(ssl,ret))
171 {
172 case SSL_ERROR_NONE:
173 if (ret <= 0) break;
174 if (sb->renegotiate_count > 0)
175 {
176 sb->byte_count+=ret;
177 if (sb->byte_count > sb->renegotiate_count)
178 {
179 sb->byte_count=0;
180 sb->num_renegotiates++;
181 SSL_renegotiate(ssl);
182 r=1;
183 }
184 }
185 if ((sb->renegotiate_timeout > 0) && (!r))
186 {
187 unsigned long tm;
188
189 tm=(unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout)
191 {
192 sb->last_time=tm;
193 sb->num_renegotiates++;
194 SSL_renegotiate(ssl);
195 }
196 }
197
198 break;
199 case SSL_ERROR_WANT_READ:
200 BIO_set_retry_read(b);
201 break;
202 case SSL_ERROR_WANT_WRITE:
203 BIO_set_retry_write(b);
204 break;
205 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP;
208 break;
209 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT;
212 break;
213 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT;
216 break;
217 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN:
220 default:
221 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 }
227
228static int ssl_write(BIO *b, const char *out, int outl)
229 {
230 int ret,r=0;
231 int retry_reason=0;
232 SSL *ssl;
233 BIO_SSL *bs;
234
235 if (out == NULL) return(0);
236 bs=(BIO_SSL *)b->ptr;
237 ssl=bs->ssl;
238
239 BIO_clear_retry_flags(b);
240
241/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl);
244
245 switch (SSL_get_error(ssl,ret))
246 {
247 case SSL_ERROR_NONE:
248 if (ret <= 0) break;
249 if (bs->renegotiate_count > 0)
250 {
251 bs->byte_count+=ret;
252 if (bs->byte_count > bs->renegotiate_count)
253 {
254 bs->byte_count=0;
255 bs->num_renegotiates++;
256 SSL_renegotiate(ssl);
257 r=1;
258 }
259 }
260 if ((bs->renegotiate_timeout > 0) && (!r))
261 {
262 unsigned long tm;
263
264 tm=(unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout)
266 {
267 bs->last_time=tm;
268 bs->num_renegotiates++;
269 SSL_renegotiate(ssl);
270 }
271 }
272 break;
273 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b);
275 break;
276 case SSL_ERROR_WANT_READ:
277 BIO_set_retry_read(b);
278 break;
279 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP;
282 break;
283 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL:
288 default:
289 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 }
295
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
297 {
298 SSL **sslp,*ssl;
299 BIO_SSL *bs;
300 BIO *dbio,*bio;
301 long ret=1;
302
303 bs=(BIO_SSL *)b->ptr;
304 ssl=bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0);
307 switch (cmd)
308 {
309 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl);
311
312 if (ssl->handshake_func == ssl->method->ssl_connect)
313 SSL_set_connect_state(ssl);
314 else if (ssl->handshake_func == ssl->method->ssl_accept)
315 SSL_set_accept_state(ssl);
316
317 SSL_clear(ssl);
318
319 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
321 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
323 else
324 ret=1;
325 break;
326 case BIO_CTRL_INFO:
327 ret=0;
328 break;
329 case BIO_C_SSL_MODE:
330 if (num) /* client mode */
331 SSL_set_connect_state(ssl);
332 else
333 SSL_set_accept_state(ssl);
334 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout;
337 if (num < 60) num=5;
338 bs->renegotiate_timeout=(unsigned long)num;
339 bs->last_time=(unsigned long)time(NULL);
340 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count;
343 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num;
345 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates;
348 break;
349 case BIO_C_SET_SSL:
350 if (ssl != NULL)
351 {
352 ssl_free(b);
353 if (!ssl_new(b))
354 return 0;
355 }
356 b->shutdown=(int)num;
357 ssl=(SSL *)ptr;
358 ((BIO_SSL *)b->ptr)->ssl=ssl;
359 bio=SSL_get_rbio(ssl);
360 if (bio != NULL)
361 {
362 if (b->next_bio != NULL)
363 BIO_push(bio,b->next_bio);
364 b->next_bio=bio;
365 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
366 }
367 b->init=1;
368 break;
369 case BIO_C_GET_SSL:
370 if (ptr != NULL)
371 {
372 sslp=(SSL **)ptr;
373 *sslp=ssl;
374 }
375 else
376 ret=0;
377 break;
378 case BIO_CTRL_GET_CLOSE:
379 ret=b->shutdown;
380 break;
381 case BIO_CTRL_SET_CLOSE:
382 b->shutdown=(int)num;
383 break;
384 case BIO_CTRL_WPENDING:
385 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
386 break;
387 case BIO_CTRL_PENDING:
388 ret=SSL_pending(ssl);
389 if (ret == 0)
390 ret=BIO_pending(ssl->rbio);
391 break;
392 case BIO_CTRL_FLUSH:
393 BIO_clear_retry_flags(b);
394 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
395 BIO_copy_next_retry(b);
396 break;
397 case BIO_CTRL_PUSH:
398 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
399 {
400 SSL_set_bio(ssl,b->next_bio,b->next_bio);
401 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
402 }
403 break;
404 case BIO_CTRL_POP:
405 /* Only detach if we are the BIO explicitly being popped */
406 if (b == ptr)
407 {
408 /* Shouldn't happen in practice because the
409 * rbio and wbio are the same when pushed.
410 */
411 if (ssl->rbio != ssl->wbio)
412 BIO_free_all(ssl->wbio);
413 if (b->next_bio != NULL)
414 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
415 ssl->wbio=NULL;
416 ssl->rbio=NULL;
417 }
418 break;
419 case BIO_C_DO_STATE_MACHINE:
420 BIO_clear_retry_flags(b);
421
422 b->retry_reason=0;
423 ret=(int)SSL_do_handshake(ssl);
424
425 switch (SSL_get_error(ssl,(int)ret))
426 {
427 case SSL_ERROR_WANT_READ:
428 BIO_set_flags(b,
429 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
430 break;
431 case SSL_ERROR_WANT_WRITE:
432 BIO_set_flags(b,
433 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
434 break;
435 case SSL_ERROR_WANT_CONNECT:
436 BIO_set_flags(b,
437 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
438 b->retry_reason=b->next_bio->retry_reason;
439 break;
440 default:
441 break;
442 }
443 break;
444 case BIO_CTRL_DUP:
445 dbio=(BIO *)ptr;
446 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
447 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
448 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
449 ((BIO_SSL *)dbio->ptr)->renegotiate_count=
450 ((BIO_SSL *)b->ptr)->renegotiate_count;
451 ((BIO_SSL *)dbio->ptr)->byte_count=
452 ((BIO_SSL *)b->ptr)->byte_count;
453 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
454 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
455 ((BIO_SSL *)dbio->ptr)->last_time=
456 ((BIO_SSL *)b->ptr)->last_time;
457 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
458 break;
459 case BIO_C_GET_FD:
460 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
461 break;
462 case BIO_CTRL_SET_CALLBACK:
463 {
464#if 0 /* FIXME: Should this be used? -- Richard Levitte */
465 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
466 ret = -1;
467#else
468 ret=0;
469#endif
470 }
471 break;
472 case BIO_CTRL_GET_CALLBACK:
473 {
474 void (**fptr)(const SSL *xssl,int type,int val);
475
476 fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
477 *fptr=SSL_get_info_callback(ssl);
478 }
479 break;
480 default:
481 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
482 break;
483 }
484 return(ret);
485 }
486
487static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
488 {
489 SSL *ssl;
490 BIO_SSL *bs;
491 long ret=1;
492
493 bs=(BIO_SSL *)b->ptr;
494 ssl=bs->ssl;
495 switch (cmd)
496 {
497 case BIO_CTRL_SET_CALLBACK:
498 {
499 /* FIXME: setting this via a completely different prototype
500 seems like a crap idea */
501 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
502 }
503 break;
504 default:
505 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
506 break;
507 }
508 return(ret);
509 }
510
511static int ssl_puts(BIO *bp, const char *str)
512 {
513 int n,ret;
514
515 n=strlen(str);
516 ret=BIO_write(bp,str,n);
517 return(ret);
518 }
519
520BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
521 {
522#ifndef OPENSSL_NO_SOCK
523 BIO *ret=NULL,*buf=NULL,*ssl=NULL;
524
525 if ((buf=BIO_new(BIO_f_buffer())) == NULL)
526 return(NULL);
527 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
528 goto err;
529 if ((ret=BIO_push(buf,ssl)) == NULL)
530 goto err;
531 return(ret);
532err:
533 if (buf != NULL) BIO_free(buf);
534 if (ssl != NULL) BIO_free(ssl);
535#endif
536 return(NULL);
537 }
538
539BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
540 {
541 BIO *ret=NULL,*con=NULL,*ssl=NULL;
542
543 if ((con=BIO_new(BIO_s_connect())) == NULL)
544 return(NULL);
545 if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
546 goto err;
547 if ((ret=BIO_push(ssl,con)) == NULL)
548 goto err;
549 return(ret);
550err:
551 if (con != NULL) BIO_free(con);
552 return(NULL);
553 }
554
555BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
556 {
557 BIO *ret;
558 SSL *ssl;
559
560 if ((ret=BIO_new(BIO_f_ssl())) == NULL)
561 return(NULL);
562 if ((ssl=SSL_new(ctx)) == NULL)
563 {
564 BIO_free(ret);
565 return(NULL);
566 }
567 if (client)
568 SSL_set_connect_state(ssl);
569 else
570 SSL_set_accept_state(ssl);
571
572 BIO_set_ssl(ret,ssl,BIO_CLOSE);
573 return(ret);
574 }
575
576int BIO_ssl_copy_session_id(BIO *t, BIO *f)
577 {
578 t=BIO_find_type(t,BIO_TYPE_SSL);
579 f=BIO_find_type(f,BIO_TYPE_SSL);
580 if ((t == NULL) || (f == NULL))
581 return(0);
582 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
583 (((BIO_SSL *)f->ptr)->ssl == NULL))
584 return(0);
585 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
586 return(1);
587 }
588
589void BIO_ssl_shutdown(BIO *b)
590 {
591 SSL *s;
592
593 while (b != NULL)
594 {
595 if (b->method->type == BIO_TYPE_SSL)
596 {
597 s=((BIO_SSL *)b->ptr)->ssl;
598 SSL_shutdown(s);
599 break;
600 }
601 b=b->next_bio;
602 }
603 }
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
deleted file mode 100644
index 9f898d6997..0000000000
--- a/src/lib/libssl/d1_both.c
+++ /dev/null
@@ -1,1419 +0,0 @@
1/* ssl/d1_both.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <string.h>
118#include <stdio.h>
119#include "ssl_locl.h"
120#include <openssl/buffer.h>
121#include <openssl/rand.h>
122#include <openssl/objects.h>
123#include <openssl/evp.h>
124#include <openssl/x509.h>
125
126#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
127
128#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
129 if ((end) - (start) <= 8) { \
130 long ii; \
131 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
132 } else { \
133 long ii; \
134 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
135 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
136 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
137 } }
138
139#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
140 long ii; \
141 OPENSSL_assert((msg_len) > 0); \
142 is_complete = 1; \
143 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
144 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
145 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
146
147#if 0
148#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
149 long ii; \
150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
152 printf("\n"); }
153#endif
154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
156static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
157
158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160
161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163 unsigned long frag_len);
164static unsigned char *dtls1_write_message_header(SSL *s,
165 unsigned char *p);
166static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
167 unsigned long len, unsigned short seq_num, unsigned long frag_off,
168 unsigned long frag_len);
169static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
170 long max, int *ok);
171
172static hm_fragment *
173dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
174 {
175 hm_fragment *frag = NULL;
176 unsigned char *buf = NULL;
177 unsigned char *bitmask = NULL;
178
179 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
180 if ( frag == NULL)
181 return NULL;
182
183 if (frag_len)
184 {
185 buf = (unsigned char *)OPENSSL_malloc(frag_len);
186 if ( buf == NULL)
187 {
188 OPENSSL_free(frag);
189 return NULL;
190 }
191 }
192
193 /* zero length fragment gets zero frag->fragment */
194 frag->fragment = buf;
195
196 /* Initialize reassembly bitmask if necessary */
197 if (reassembly)
198 {
199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
200 if (bitmask == NULL)
201 {
202 if (buf != NULL) OPENSSL_free(buf);
203 OPENSSL_free(frag);
204 return NULL;
205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 }
208
209 frag->reassembly = bitmask;
210
211 return frag;
212 }
213
214static void
215dtls1_hm_fragment_free(hm_fragment *frag)
216 {
217 if (frag->fragment) OPENSSL_free(frag->fragment);
218 if (frag->reassembly) OPENSSL_free(frag->reassembly);
219 OPENSSL_free(frag);
220 }
221
222/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
223int dtls1_do_write(SSL *s, int type)
224 {
225 int ret;
226 int curr_mtu;
227 unsigned int len, frag_off, mac_size, blocksize;
228
229 /* AHA! Figure out the MTU, and stick to the right size */
230 if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
231 {
232 s->d1->mtu =
233 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
234
235 /* I've seen the kernel return bogus numbers when it doesn't know
236 * (initial write), so just make sure we have a reasonable number */
237 if ( s->d1->mtu < dtls1_min_mtu())
238 {
239 s->d1->mtu = 0;
240 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
241 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
242 s->d1->mtu, NULL);
243 }
244 }
245#if 0
246 mtu = s->d1->mtu;
247
248 fprintf(stderr, "using MTU = %d\n", mtu);
249
250 mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
251
252 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
253
254 if ( curr_mtu > 0)
255 mtu = curr_mtu;
256 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
257 return ret;
258
259 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
260 {
261 ret = BIO_flush(SSL_get_wbio(s));
262 if ( ret <= 0)
263 return ret;
264 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
265 }
266#endif
267
268 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */
269
270 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
271 OPENSSL_assert(s->init_num ==
272 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
273
274 if (s->write_hash)
275 mac_size = EVP_MD_CTX_size(s->write_hash);
276 else
277 mac_size = 0;
278
279 if (s->enc_write_ctx &&
280 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
281 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
282 else
283 blocksize = 0;
284
285 frag_off = 0;
286 while( s->init_num)
287 {
288 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
289 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
290
291 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
292 {
293 /* grr.. we could get an error if MTU picked was wrong */
294 ret = BIO_flush(SSL_get_wbio(s));
295 if ( ret <= 0)
296 return ret;
297 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
298 mac_size - blocksize;
299 }
300
301 if ( s->init_num > curr_mtu)
302 len = curr_mtu;
303 else
304 len = s->init_num;
305
306
307 /* XDTLS: this function is too long. split out the CCS part */
308 if ( type == SSL3_RT_HANDSHAKE)
309 {
310 if ( s->init_off != 0)
311 {
312 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
313 s->init_off -= DTLS1_HM_HEADER_LENGTH;
314 s->init_num += DTLS1_HM_HEADER_LENGTH;
315
316 /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
317 if ( len <= DTLS1_HM_HEADER_LENGTH)
318 len += DTLS1_HM_HEADER_LENGTH;
319 }
320
321 dtls1_fix_message_header(s, frag_off,
322 len - DTLS1_HM_HEADER_LENGTH);
323
324 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
325
326 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
327 }
328
329 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
330 len);
331 if (ret < 0)
332 {
333 /* might need to update MTU here, but we don't know
334 * which previous packet caused the failure -- so can't
335 * really retransmit anything. continue as if everything
336 * is fine and wait for an alert to handle the
337 * retransmit
338 */
339 if ( BIO_ctrl(SSL_get_wbio(s),
340 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
341 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
342 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
343 else
344 return(-1);
345 }
346 else
347 {
348
349 /* bad if this assert fails, only part of the handshake
350 * message got sent. but why would this happen? */
351 OPENSSL_assert(len == (unsigned int)ret);
352
353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
354 {
355 /* should not be done for 'Hello Request's, but in that case
356 * we'll ignore the result anyway */
357 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
358 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
359 int xlen;
360
361 if (frag_off == 0 && s->version != DTLS1_BAD_VER)
362 {
363 /* reconstruct message header is if it
364 * is being sent in single fragment */
365 *p++ = msg_hdr->type;
366 l2n3(msg_hdr->msg_len,p);
367 s2n (msg_hdr->seq,p);
368 l2n3(0,p);
369 l2n3(msg_hdr->msg_len,p);
370 p -= DTLS1_HM_HEADER_LENGTH;
371 xlen = ret;
372 }
373 else
374 {
375 p += DTLS1_HM_HEADER_LENGTH;
376 xlen = ret - DTLS1_HM_HEADER_LENGTH;
377 }
378
379 ssl3_finish_mac(s, p, xlen);
380 }
381
382 if (ret == s->init_num)
383 {
384 if (s->msg_callback)
385 s->msg_callback(1, s->version, type, s->init_buf->data,
386 (size_t)(s->init_off + s->init_num), s,
387 s->msg_callback_arg);
388
389 s->init_off = 0; /* done writing this message */
390 s->init_num = 0;
391
392 return(1);
393 }
394 s->init_off+=ret;
395 s->init_num-=ret;
396 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
397 }
398 }
399 return(0);
400 }
401
402
403/* Obtain handshake message of message type 'mt' (any if mt == -1),
404 * maximum acceptable body length 'max'.
405 * Read an entire handshake message. Handshake messages arrive in
406 * fragments.
407 */
408long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
409 {
410 int i, al;
411 struct hm_header_st *msg_hdr;
412 unsigned char *p;
413 unsigned long msg_len;
414
415 /* s3->tmp is used to store messages that are unexpected, caused
416 * by the absence of an optional handshake message */
417 if (s->s3->tmp.reuse_message)
418 {
419 s->s3->tmp.reuse_message=0;
420 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
421 {
422 al=SSL_AD_UNEXPECTED_MESSAGE;
423 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
424 goto f_err;
425 }
426 *ok=1;
427 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
428 s->init_num = (int)s->s3->tmp.message_size;
429 return s->init_num;
430 }
431
432 msg_hdr = &s->d1->r_msg_hdr;
433 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
434
435again:
436 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
437 if ( i == DTLS1_HM_BAD_FRAGMENT ||
438 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
439 goto again;
440 else if ( i <= 0 && !*ok)
441 return i;
442
443 p = (unsigned char *)s->init_buf->data;
444 msg_len = msg_hdr->msg_len;
445
446 /* reconstruct message header */
447 *(p++) = msg_hdr->type;
448 l2n3(msg_len,p);
449 s2n (msg_hdr->seq,p);
450 l2n3(0,p);
451 l2n3(msg_len,p);
452 if (s->version != DTLS1_BAD_VER) {
453 p -= DTLS1_HM_HEADER_LENGTH;
454 msg_len += DTLS1_HM_HEADER_LENGTH;
455 }
456
457 ssl3_finish_mac(s, p, msg_len);
458 if (s->msg_callback)
459 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
460 p, msg_len,
461 s, s->msg_callback_arg);
462
463 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
464
465 /* Don't change sequence numbers while listening */
466 if (!s->d1->listen)
467 s->d1->handshake_read_seq++;
468
469 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
470 return s->init_num;
471
472f_err:
473 ssl3_send_alert(s,SSL3_AL_FATAL,al);
474 *ok = 0;
475 return -1;
476 }
477
478
479static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
480 {
481 size_t frag_off,frag_len,msg_len;
482
483 msg_len = msg_hdr->msg_len;
484 frag_off = msg_hdr->frag_off;
485 frag_len = msg_hdr->frag_len;
486
487 /* sanity checking */
488 if ( (frag_off+frag_len) > msg_len)
489 {
490 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
491 return SSL_AD_ILLEGAL_PARAMETER;
492 }
493
494 if ( (frag_off+frag_len) > (unsigned long)max)
495 {
496 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
497 return SSL_AD_ILLEGAL_PARAMETER;
498 }
499
500 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
501 {
502 /* msg_len is limited to 2^24, but is effectively checked
503 * against max above */
504 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH))
505 {
506 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
507 return SSL_AD_INTERNAL_ERROR;
508 }
509
510 s->s3->tmp.message_size = msg_len;
511 s->d1->r_msg_hdr.msg_len = msg_len;
512 s->s3->tmp.message_type = msg_hdr->type;
513 s->d1->r_msg_hdr.type = msg_hdr->type;
514 s->d1->r_msg_hdr.seq = msg_hdr->seq;
515 }
516 else if (msg_len != s->d1->r_msg_hdr.msg_len)
517 {
518 /* They must be playing with us! BTW, failure to enforce
519 * upper limit would open possibility for buffer overrun. */
520 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
521 return SSL_AD_ILLEGAL_PARAMETER;
522 }
523
524 return 0; /* no error */
525 }
526
527
528static int
529dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
530 {
531 /* (0) check whether the desired fragment is available
532 * if so:
533 * (1) copy over the fragment to s->init_buf->data[]
534 * (2) update s->init_num
535 */
536 pitem *item;
537 hm_fragment *frag;
538 int al;
539
540 *ok = 0;
541 item = pqueue_peek(s->d1->buffered_messages);
542 if ( item == NULL)
543 return 0;
544
545 frag = (hm_fragment *)item->data;
546
547 /* Don't return if reassembly still in progress */
548 if (frag->reassembly != NULL)
549 return 0;
550
551 if ( s->d1->handshake_read_seq == frag->msg_header.seq)
552 {
553 unsigned long frag_len = frag->msg_header.frag_len;
554 pqueue_pop(s->d1->buffered_messages);
555
556 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
557
558 if (al==0) /* no alert */
559 {
560 unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
561 memcpy(&p[frag->msg_header.frag_off],
562 frag->fragment,frag->msg_header.frag_len);
563 }
564
565 dtls1_hm_fragment_free(frag);
566 pitem_free(item);
567
568 if (al==0)
569 {
570 *ok = 1;
571 return frag_len;
572 }
573
574 ssl3_send_alert(s,SSL3_AL_FATAL,al);
575 s->init_num = 0;
576 *ok = 0;
577 return -1;
578 }
579 else
580 return 0;
581 }
582
583
584static int
585dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
586 {
587 hm_fragment *frag = NULL;
588 pitem *item = NULL;
589 int i = -1, is_complete;
590 unsigned char seq64be[8];
591 unsigned long frag_len = msg_hdr->frag_len, max_len;
592
593 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
594 goto err;
595
596 /* Determine maximum allowed message size. Depends on (user set)
597 * maximum certificate length, but 16k is minimum.
598 */
599 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
600 max_len = s->max_cert_list;
601 else
602 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
603
604 if ((msg_hdr->frag_off+frag_len) > max_len)
605 goto err;
606
607 /* Try to find item in queue */
608 memset(seq64be,0,sizeof(seq64be));
609 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
610 seq64be[7] = (unsigned char) msg_hdr->seq;
611 item = pqueue_find(s->d1->buffered_messages, seq64be);
612
613 if (item == NULL)
614 {
615 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
616 if ( frag == NULL)
617 goto err;
618 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
619 frag->msg_header.frag_len = frag->msg_header.msg_len;
620 frag->msg_header.frag_off = 0;
621 }
622 else
623 frag = (hm_fragment*) item->data;
624
625 /* If message is already reassembled, this must be a
626 * retransmit and can be dropped.
627 */
628 if (frag->reassembly == NULL)
629 {
630 unsigned char devnull [256];
631
632 while (frag_len)
633 {
634 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
635 devnull,
636 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
637 if (i<=0) goto err;
638 frag_len -= i;
639 }
640 return DTLS1_HM_FRAGMENT_RETRY;
641 }
642
643 /* read the body of the fragment (header has already been read */
644 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
645 frag->fragment + msg_hdr->frag_off,frag_len,0);
646 if (i<=0 || (unsigned long)i!=frag_len)
647 goto err;
648
649 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
650 (long)(msg_hdr->frag_off + frag_len));
651
652 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
653 is_complete);
654
655 if (is_complete)
656 {
657 OPENSSL_free(frag->reassembly);
658 frag->reassembly = NULL;
659 }
660
661 if (item == NULL)
662 {
663 memset(seq64be,0,sizeof(seq64be));
664 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
665 seq64be[7] = (unsigned char)(msg_hdr->seq);
666
667 item = pitem_new(seq64be, frag);
668 if (item == NULL)
669 {
670 goto err;
671 i = -1;
672 }
673
674 pqueue_insert(s->d1->buffered_messages, item);
675 }
676
677 return DTLS1_HM_FRAGMENT_RETRY;
678
679err:
680 if (frag != NULL) dtls1_hm_fragment_free(frag);
681 if (item != NULL) OPENSSL_free(item);
682 *ok = 0;
683 return i;
684 }
685
686
687static int
688dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
689{
690 int i=-1;
691 hm_fragment *frag = NULL;
692 pitem *item = NULL;
693 unsigned char seq64be[8];
694 unsigned long frag_len = msg_hdr->frag_len;
695
696 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
697 goto err;
698
699 /* Try to find item in queue, to prevent duplicate entries */
700 memset(seq64be,0,sizeof(seq64be));
701 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
702 seq64be[7] = (unsigned char) msg_hdr->seq;
703 item = pqueue_find(s->d1->buffered_messages, seq64be);
704
705 /* If we already have an entry and this one is a fragment,
706 * don't discard it and rather try to reassemble it.
707 */
708 if (item != NULL && frag_len < msg_hdr->msg_len)
709 item = NULL;
710
711 /* Discard the message if sequence number was already there, is
712 * too far in the future, already in the queue or if we received
713 * a FINISHED before the SERVER_HELLO, which then must be a stale
714 * retransmit.
715 */
716 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
717 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
718 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
719 {
720 unsigned char devnull [256];
721
722 while (frag_len)
723 {
724 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
725 devnull,
726 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
727 if (i<=0) goto err;
728 frag_len -= i;
729 }
730 }
731 else
732 {
733 if (frag_len && frag_len < msg_hdr->msg_len)
734 return dtls1_reassemble_fragment(s, msg_hdr, ok);
735
736 frag = dtls1_hm_fragment_new(frag_len, 0);
737 if ( frag == NULL)
738 goto err;
739
740 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
741
742 if (frag_len)
743 {
744 /* read the body of the fragment (header has already been read */
745 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
746 frag->fragment,frag_len,0);
747 if (i<=0 || (unsigned long)i!=frag_len)
748 goto err;
749 }
750
751 memset(seq64be,0,sizeof(seq64be));
752 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
753 seq64be[7] = (unsigned char)(msg_hdr->seq);
754
755 item = pitem_new(seq64be, frag);
756 if ( item == NULL)
757 goto err;
758
759 pqueue_insert(s->d1->buffered_messages, item);
760 }
761
762 return DTLS1_HM_FRAGMENT_RETRY;
763
764err:
765 if ( frag != NULL) dtls1_hm_fragment_free(frag);
766 if ( item != NULL) OPENSSL_free(item);
767 *ok = 0;
768 return i;
769 }
770
771
772static long
773dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
774 {
775 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
776 unsigned long len, frag_off, frag_len;
777 int i,al;
778 struct hm_header_st msg_hdr;
779
780 /* see if we have the required fragment already */
781 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
782 {
783 if (*ok) s->init_num = frag_len;
784 return frag_len;
785 }
786
787 /* read handshake message header */
788 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
789 DTLS1_HM_HEADER_LENGTH, 0);
790 if (i <= 0) /* nbio, or an error */
791 {
792 s->rwstate=SSL_READING;
793 *ok = 0;
794 return i;
795 }
796 /* Handshake fails if message header is incomplete */
797 if (i != DTLS1_HM_HEADER_LENGTH)
798 {
799 al=SSL_AD_UNEXPECTED_MESSAGE;
800 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
801 goto f_err;
802 }
803
804 /* parse the message fragment header */
805 dtls1_get_message_header(wire, &msg_hdr);
806
807 /*
808 * if this is a future (or stale) message it gets buffered
809 * (or dropped)--no further processing at this time
810 * While listening, we accept seq 1 (ClientHello with cookie)
811 * although we're still expecting seq 0 (ClientHello)
812 */
813 if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
814 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
815
816 len = msg_hdr.msg_len;
817 frag_off = msg_hdr.frag_off;
818 frag_len = msg_hdr.frag_len;
819
820 if (frag_len && frag_len < len)
821 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
822
823 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
824 wire[0] == SSL3_MT_HELLO_REQUEST)
825 {
826 /* The server may always send 'Hello Request' messages --
827 * we are doing a handshake anyway now, so ignore them
828 * if their format is correct. Does not count for
829 * 'Finished' MAC. */
830 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
831 {
832 if (s->msg_callback)
833 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
834 wire, DTLS1_HM_HEADER_LENGTH, s,
835 s->msg_callback_arg);
836
837 s->init_num = 0;
838 return dtls1_get_message_fragment(s, st1, stn,
839 max, ok);
840 }
841 else /* Incorrectly formated Hello request */
842 {
843 al=SSL_AD_UNEXPECTED_MESSAGE;
844 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
845 goto f_err;
846 }
847 }
848
849 if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
850 goto f_err;
851
852 /* XDTLS: ressurect this when restart is in place */
853 s->state=stn;
854
855 if ( frag_len > 0)
856 {
857 unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
858
859 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
860 &p[frag_off],frag_len,0);
861 /* XDTLS: fix this--message fragments cannot span multiple packets */
862 if (i <= 0)
863 {
864 s->rwstate=SSL_READING;
865 *ok = 0;
866 return i;
867 }
868 }
869 else
870 i = 0;
871
872 /* XDTLS: an incorrectly formatted fragment should cause the
873 * handshake to fail */
874 if (i != (int)frag_len)
875 {
876 al=SSL3_AD_ILLEGAL_PARAMETER;
877 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
878 goto f_err;
879 }
880
881 *ok = 1;
882
883 /* Note that s->init_num is *not* used as current offset in
884 * s->init_buf->data, but as a counter summing up fragments'
885 * lengths: as soon as they sum up to handshake packet
886 * length, we assume we have got all the fragments. */
887 s->init_num = frag_len;
888 return frag_len;
889
890f_err:
891 ssl3_send_alert(s,SSL3_AL_FATAL,al);
892 s->init_num = 0;
893
894 *ok=0;
895 return(-1);
896 }
897
898int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
899 {
900 unsigned char *p,*d;
901 int i;
902 unsigned long l;
903
904 if (s->state == a)
905 {
906 d=(unsigned char *)s->init_buf->data;
907 p= &(d[DTLS1_HM_HEADER_LENGTH]);
908
909 i=s->method->ssl3_enc->final_finish_mac(s,
910 sender,slen,s->s3->tmp.finish_md);
911 s->s3->tmp.finish_md_len = i;
912 memcpy(p, s->s3->tmp.finish_md, i);
913 p+=i;
914 l=i;
915
916 /* Copy the finished so we can use it for
917 * renegotiation checks
918 */
919 if(s->type == SSL_ST_CONNECT)
920 {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_client_finished,
923 s->s3->tmp.finish_md, i);
924 s->s3->previous_client_finished_len=i;
925 }
926 else
927 {
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
929 memcpy(s->s3->previous_server_finished,
930 s->s3->tmp.finish_md, i);
931 s->s3->previous_server_finished_len=i;
932 }
933
934#ifdef OPENSSL_SYS_WIN16
935 /* MSVC 1.5 does not clear the top bytes of the word unless
936 * I do this.
937 */
938 l&=0xffff;
939#endif
940
941 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
942 s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
943 s->init_off=0;
944
945 /* buffer the message to handle re-xmits */
946 dtls1_buffer_message(s, 0);
947
948 s->state=b;
949 }
950
951 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
952 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
953 }
954
955/* for these 2 messages, we need to
956 * ssl->enc_read_ctx re-init
957 * ssl->s3->read_sequence zero
958 * ssl->s3->read_mac_secret re-init
959 * ssl->session->read_sym_enc assign
960 * ssl->session->read_compression assign
961 * ssl->session->read_hash assign
962 */
963int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
964 {
965 unsigned char *p;
966
967 if (s->state == a)
968 {
969 p=(unsigned char *)s->init_buf->data;
970 *p++=SSL3_MT_CCS;
971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
972 s->init_num=DTLS1_CCS_HEADER_LENGTH;
973
974 if (s->version == DTLS1_BAD_VER) {
975 s->d1->next_handshake_write_seq++;
976 s2n(s->d1->handshake_write_seq,p);
977 s->init_num+=2;
978 }
979
980 s->init_off=0;
981
982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
983 s->d1->handshake_write_seq, 0, 0);
984
985 /* buffer the message to handle re-xmits */
986 dtls1_buffer_message(s, 1);
987
988 s->state=b;
989 }
990
991 /* SSL3_ST_CW_CHANGE_B */
992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
993 }
994
995static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
996 {
997 int n;
998 unsigned char *p;
999
1000 n=i2d_X509(x,NULL);
1001 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
1002 {
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1004 return 0;
1005 }
1006 p=(unsigned char *)&(buf->data[*l]);
1007 l2n3(n,p);
1008 i2d_X509(x,&p);
1009 *l+=n+3;
1010
1011 return 1;
1012 }
1013unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
1014 {
1015 unsigned char *p;
1016 int i;
1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
1018 BUF_MEM *buf;
1019
1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */
1021 buf=s->init_buf;
1022 if (!BUF_MEM_grow_clean(buf,10))
1023 {
1024 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
1025 return(0);
1026 }
1027 if (x != NULL)
1028 {
1029 X509_STORE_CTX xs_ctx;
1030
1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
1032 {
1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
1034 return(0);
1035 }
1036
1037 X509_verify_cert(&xs_ctx);
1038 /* Don't leave errors in the queue */
1039 ERR_clear_error();
1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
1041 {
1042 x = sk_X509_value(xs_ctx.chain, i);
1043
1044 if (!dtls1_add_cert_to_buf(buf, &l, x))
1045 {
1046 X509_STORE_CTX_cleanup(&xs_ctx);
1047 return 0;
1048 }
1049 }
1050 X509_STORE_CTX_cleanup(&xs_ctx);
1051 }
1052 /* Thawte special :-) */
1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
1054 {
1055 x=sk_X509_value(s->ctx->extra_certs,i);
1056 if (!dtls1_add_cert_to_buf(buf, &l, x))
1057 return 0;
1058 }
1059
1060 l-= (3 + DTLS1_HM_HEADER_LENGTH);
1061
1062 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1063 l2n3(l,p);
1064 l+=3;
1065 p=(unsigned char *)&(buf->data[0]);
1066 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1067
1068 l+=DTLS1_HM_HEADER_LENGTH;
1069 return(l);
1070 }
1071
1072int dtls1_read_failed(SSL *s, int code)
1073 {
1074 if ( code > 0)
1075 {
1076 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1077 return 1;
1078 }
1079
1080 if (!dtls1_is_timer_expired(s))
1081 {
1082 /* not a timeout, none of our business,
1083 let higher layers handle this. in fact it's probably an error */
1084 return code;
1085 }
1086
1087 if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */
1088 {
1089 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1090 return code;
1091 }
1092
1093#if 0 /* for now, each alert contains only one record number */
1094 item = pqueue_peek(state->rcvd_records);
1095 if ( item )
1096 {
1097 /* send an alert immediately for all the missing records */
1098 }
1099 else
1100#endif
1101
1102#if 0 /* no more alert sending, just retransmit the last set of messages */
1103 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1104 ssl3_send_alert(s,SSL3_AL_WARNING,
1105 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1106#endif
1107
1108 return dtls1_handle_timeout(s);
1109 }
1110
1111int
1112dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1113 {
1114 /* The index of the retransmission queue actually is the message sequence number,
1115 * since the queue only contains messages of a single handshake. However, the
1116 * ChangeCipherSpec has no message sequence number and so using only the sequence
1117 * will result in the CCS and Finished having the same index. To prevent this,
1118 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
1119 * This does not only differ CSS and Finished, it also maintains the order of the
1120 * index (important for priority queues) and fits in the unsigned short variable.
1121 */
1122 return seq * 2 - is_ccs;
1123 }
1124
1125int
1126dtls1_retransmit_buffered_messages(SSL *s)
1127 {
1128 pqueue sent = s->d1->sent_messages;
1129 piterator iter;
1130 pitem *item;
1131 hm_fragment *frag;
1132 int found = 0;
1133
1134 iter = pqueue_iterator(sent);
1135
1136 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
1137 {
1138 frag = (hm_fragment *)item->data;
1139 if ( dtls1_retransmit_message(s,
1140 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
1141 0, &found) <= 0 && found)
1142 {
1143 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1144 return -1;
1145 }
1146 }
1147
1148 return 1;
1149 }
1150
1151int
1152dtls1_buffer_message(SSL *s, int is_ccs)
1153 {
1154 pitem *item;
1155 hm_fragment *frag;
1156 unsigned char seq64be[8];
1157
1158 /* this function is called immediately after a message has
1159 * been serialized */
1160 OPENSSL_assert(s->init_off == 0);
1161
1162 frag = dtls1_hm_fragment_new(s->init_num, 0);
1163
1164 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1165
1166 if ( is_ccs)
1167 {
1168 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1169 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
1170 }
1171 else
1172 {
1173 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1174 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1175 }
1176
1177 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1178 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
1179 frag->msg_header.type = s->d1->w_msg_hdr.type;
1180 frag->msg_header.frag_off = 0;
1181 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1182 frag->msg_header.is_ccs = is_ccs;
1183
1184 /* save current state*/
1185 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1186 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1187 frag->msg_header.saved_retransmit_state.compress = s->compress;
1188 frag->msg_header.saved_retransmit_state.session = s->session;
1189 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1190
1191 memset(seq64be,0,sizeof(seq64be));
1192 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1193 frag->msg_header.is_ccs)>>8);
1194 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1195 frag->msg_header.is_ccs));
1196
1197 item = pitem_new(seq64be, frag);
1198 if ( item == NULL)
1199 {
1200 dtls1_hm_fragment_free(frag);
1201 return 0;
1202 }
1203
1204#if 0
1205 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
1206 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
1207 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
1208#endif
1209
1210 pqueue_insert(s->d1->sent_messages, item);
1211 return 1;
1212 }
1213
1214int
1215dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1216 int *found)
1217 {
1218 int ret;
1219 /* XDTLS: for now assuming that read/writes are blocking */
1220 pitem *item;
1221 hm_fragment *frag ;
1222 unsigned long header_length;
1223 unsigned char seq64be[8];
1224 struct dtls1_retransmit_state saved_state;
1225 unsigned char save_write_sequence[8];
1226
1227 /*
1228 OPENSSL_assert(s->init_num == 0);
1229 OPENSSL_assert(s->init_off == 0);
1230 */
1231
1232 /* XDTLS: the requested message ought to be found, otherwise error */
1233 memset(seq64be,0,sizeof(seq64be));
1234 seq64be[6] = (unsigned char)(seq>>8);
1235 seq64be[7] = (unsigned char)seq;
1236
1237 item = pqueue_find(s->d1->sent_messages, seq64be);
1238 if ( item == NULL)
1239 {
1240 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1241 *found = 0;
1242 return 0;
1243 }
1244
1245 *found = 1;
1246 frag = (hm_fragment *)item->data;
1247
1248 if ( frag->msg_header.is_ccs)
1249 header_length = DTLS1_CCS_HEADER_LENGTH;
1250 else
1251 header_length = DTLS1_HM_HEADER_LENGTH;
1252
1253 memcpy(s->init_buf->data, frag->fragment,
1254 frag->msg_header.msg_len + header_length);
1255 s->init_num = frag->msg_header.msg_len + header_length;
1256
1257 dtls1_set_message_header_int(s, frag->msg_header.type,
1258 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1259 frag->msg_header.frag_len);
1260
1261 /* save current state */
1262 saved_state.enc_write_ctx = s->enc_write_ctx;
1263 saved_state.write_hash = s->write_hash;
1264 saved_state.compress = s->compress;
1265 saved_state.session = s->session;
1266 saved_state.epoch = s->d1->w_epoch;
1267 saved_state.epoch = s->d1->w_epoch;
1268
1269 s->d1->retransmitting = 1;
1270
1271 /* restore state in which the message was originally sent */
1272 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1273 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1274 s->compress = frag->msg_header.saved_retransmit_state.compress;
1275 s->session = frag->msg_header.saved_retransmit_state.session;
1276 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1277
1278 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1279 {
1280 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1281 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1282 }
1283
1284 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1285 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1286
1287 /* restore current state */
1288 s->enc_write_ctx = saved_state.enc_write_ctx;
1289 s->write_hash = saved_state.write_hash;
1290 s->compress = saved_state.compress;
1291 s->session = saved_state.session;
1292 s->d1->w_epoch = saved_state.epoch;
1293
1294 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1295 {
1296 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1297 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1298 }
1299
1300 s->d1->retransmitting = 0;
1301
1302 (void)BIO_flush(SSL_get_wbio(s));
1303 return ret;
1304 }
1305
1306/* call this function when the buffered messages are no longer needed */
1307void
1308dtls1_clear_record_buffer(SSL *s)
1309 {
1310 pitem *item;
1311
1312 for(item = pqueue_pop(s->d1->sent_messages);
1313 item != NULL; item = pqueue_pop(s->d1->sent_messages))
1314 {
1315 dtls1_hm_fragment_free((hm_fragment *)item->data);
1316 pitem_free(item);
1317 }
1318 }
1319
1320
1321unsigned char *
1322dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1323 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1324 {
1325 /* Don't change sequence numbers while listening */
1326 if (frag_off == 0 && !s->d1->listen)
1327 {
1328 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1329 s->d1->next_handshake_write_seq++;
1330 }
1331
1332 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1333 frag_off, frag_len);
1334
1335 return p += DTLS1_HM_HEADER_LENGTH;
1336 }
1337
1338
1339/* don't actually do the writing, wait till the MTU has been retrieved */
1340static void
1341dtls1_set_message_header_int(SSL *s, unsigned char mt,
1342 unsigned long len, unsigned short seq_num, unsigned long frag_off,
1343 unsigned long frag_len)
1344 {
1345 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1346
1347 msg_hdr->type = mt;
1348 msg_hdr->msg_len = len;
1349 msg_hdr->seq = seq_num;
1350 msg_hdr->frag_off = frag_off;
1351 msg_hdr->frag_len = frag_len;
1352 }
1353
1354static void
1355dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1356 unsigned long frag_len)
1357 {
1358 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1359
1360 msg_hdr->frag_off = frag_off;
1361 msg_hdr->frag_len = frag_len;
1362 }
1363
1364static unsigned char *
1365dtls1_write_message_header(SSL *s, unsigned char *p)
1366 {
1367 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1368
1369 *p++ = msg_hdr->type;
1370 l2n3(msg_hdr->msg_len, p);
1371
1372 s2n(msg_hdr->seq, p);
1373 l2n3(msg_hdr->frag_off, p);
1374 l2n3(msg_hdr->frag_len, p);
1375
1376 return p;
1377 }
1378
1379unsigned int
1380dtls1_min_mtu(void)
1381 {
1382 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1383 sizeof(g_probable_mtu[0])) - 1]);
1384 }
1385
1386static unsigned int
1387dtls1_guess_mtu(unsigned int curr_mtu)
1388 {
1389 unsigned int i;
1390
1391 if ( curr_mtu == 0 )
1392 return g_probable_mtu[0] ;
1393
1394 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
1395 if ( curr_mtu > g_probable_mtu[i])
1396 return g_probable_mtu[i];
1397
1398 return curr_mtu;
1399 }
1400
1401void
1402dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1403 {
1404 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1405 msg_hdr->type = *(data++);
1406 n2l3(data, msg_hdr->msg_len);
1407
1408 n2s(data, msg_hdr->seq);
1409 n2l3(data, msg_hdr->frag_off);
1410 n2l3(data, msg_hdr->frag_len);
1411 }
1412
1413void
1414dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1415 {
1416 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1417
1418 ccs_hdr->type = *(data++);
1419 }
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
deleted file mode 100644
index 089fa4c7f8..0000000000
--- a/src/lib/libssl/d1_clnt.c
+++ /dev/null
@@ -1,1536 +0,0 @@
1/* ssl/d1_clnt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_KRB5
119#include "kssl_lcl.h"
120#endif
121#include <openssl/buffer.h>
122#include <openssl/rand.h>
123#include <openssl/objects.h>
124#include <openssl/evp.h>
125#include <openssl/md5.h>
126#include <openssl/bn.h>
127#ifndef OPENSSL_NO_DH
128#include <openssl/dh.h>
129#endif
130
131static const SSL_METHOD *dtls1_get_client_method(int ver);
132static int dtls1_get_hello_verify(SSL *s);
133
134static const SSL_METHOD *dtls1_get_client_method(int ver)
135 {
136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
137 return(DTLSv1_client_method());
138 else
139 return(NULL);
140 }
141
142IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
143 ssl_undefined_function,
144 dtls1_connect,
145 dtls1_get_client_method)
146
147int dtls1_connect(SSL *s)
148 {
149 BUF_MEM *buf=NULL;
150 unsigned long Time=(unsigned long)time(NULL);
151 void (*cb)(const SSL *ssl,int type,int val)=NULL;
152 int ret= -1;
153 int new_state,state,skip=0;;
154
155 RAND_add(&Time,sizeof(Time),0);
156 ERR_clear_error();
157 clear_sys_error();
158
159 if (s->info_callback != NULL)
160 cb=s->info_callback;
161 else if (s->ctx->info_callback != NULL)
162 cb=s->ctx->info_callback;
163
164 s->in_handshake++;
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
166
167 for (;;)
168 {
169 state=s->state;
170
171 switch(s->state)
172 {
173 case SSL_ST_RENEGOTIATE:
174 s->new_session=1;
175 s->state=SSL_ST_CONNECT;
176 s->ctx->stats.sess_connect_renegotiate++;
177 /* break */
178 case SSL_ST_BEFORE:
179 case SSL_ST_CONNECT:
180 case SSL_ST_BEFORE|SSL_ST_CONNECT:
181 case SSL_ST_OK|SSL_ST_CONNECT:
182
183 s->server=0;
184 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
185
186 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
187 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
188 {
189 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
190 ret = -1;
191 goto end;
192 }
193
194 /* s->version=SSL3_VERSION; */
195 s->type=SSL_ST_CONNECT;
196
197 if (s->init_buf == NULL)
198 {
199 if ((buf=BUF_MEM_new()) == NULL)
200 {
201 ret= -1;
202 goto end;
203 }
204 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
205 {
206 ret= -1;
207 goto end;
208 }
209 s->init_buf=buf;
210 buf=NULL;
211 }
212
213 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
214
215 /* setup buffing BIO */
216 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
217
218 /* don't push the buffering BIO quite yet */
219
220 s->state=SSL3_ST_CW_CLNT_HELLO_A;
221 s->ctx->stats.sess_connect++;
222 s->init_num=0;
223 /* mark client_random uninitialized */
224 memset(s->s3->client_random,0,sizeof(s->s3->client_random));
225 s->d1->send_cookie = 0;
226 s->hit = 0;
227 break;
228
229 case SSL3_ST_CW_CLNT_HELLO_A:
230 case SSL3_ST_CW_CLNT_HELLO_B:
231
232 s->shutdown=0;
233
234 /* every DTLS ClientHello resets Finished MAC */
235 ssl3_init_finished_mac(s);
236
237 dtls1_start_timer(s);
238 ret=dtls1_client_hello(s);
239 if (ret <= 0) goto end;
240
241 if ( s->d1->send_cookie)
242 {
243 s->state=SSL3_ST_CW_FLUSH;
244 s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
245 }
246 else
247 s->state=SSL3_ST_CR_SRVR_HELLO_A;
248
249 s->init_num=0;
250
251 /* turn on buffering for the next lot of output */
252 if (s->bbio != s->wbio)
253 s->wbio=BIO_push(s->bbio,s->wbio);
254
255 break;
256
257 case SSL3_ST_CR_SRVR_HELLO_A:
258 case SSL3_ST_CR_SRVR_HELLO_B:
259 ret=ssl3_get_server_hello(s);
260 if (ret <= 0) goto end;
261 else
262 {
263 dtls1_stop_timer(s);
264 if (s->hit)
265 s->state=SSL3_ST_CR_FINISHED_A;
266 else
267 s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
268 }
269 s->init_num=0;
270 break;
271
272 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
273 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
274
275 ret = dtls1_get_hello_verify(s);
276 if ( ret <= 0)
277 goto end;
278 dtls1_stop_timer(s);
279 if ( s->d1->send_cookie) /* start again, with a cookie */
280 s->state=SSL3_ST_CW_CLNT_HELLO_A;
281 else
282 s->state = SSL3_ST_CR_CERT_A;
283 s->init_num = 0;
284 break;
285
286 case SSL3_ST_CR_CERT_A:
287 case SSL3_ST_CR_CERT_B:
288#ifndef OPENSSL_NO_TLSEXT
289 ret=ssl3_check_finished(s);
290 if (ret <= 0) goto end;
291 if (ret == 2)
292 {
293 s->hit = 1;
294 if (s->tlsext_ticket_expected)
295 s->state=SSL3_ST_CR_SESSION_TICKET_A;
296 else
297 s->state=SSL3_ST_CR_FINISHED_A;
298 s->init_num=0;
299 break;
300 }
301#endif
302 /* Check if it is anon DH or PSK */
303 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
304 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
305 {
306 ret=ssl3_get_server_certificate(s);
307 if (ret <= 0) goto end;
308#ifndef OPENSSL_NO_TLSEXT
309 if (s->tlsext_status_expected)
310 s->state=SSL3_ST_CR_CERT_STATUS_A;
311 else
312 s->state=SSL3_ST_CR_KEY_EXCH_A;
313 }
314 else
315 {
316 skip = 1;
317 s->state=SSL3_ST_CR_KEY_EXCH_A;
318 }
319#else
320 }
321 else
322 skip=1;
323
324 s->state=SSL3_ST_CR_KEY_EXCH_A;
325#endif
326 s->init_num=0;
327 break;
328
329 case SSL3_ST_CR_KEY_EXCH_A:
330 case SSL3_ST_CR_KEY_EXCH_B:
331 ret=ssl3_get_key_exchange(s);
332 if (ret <= 0) goto end;
333 s->state=SSL3_ST_CR_CERT_REQ_A;
334 s->init_num=0;
335
336 /* at this point we check that we have the
337 * required stuff from the server */
338 if (!ssl3_check_cert_and_algorithm(s))
339 {
340 ret= -1;
341 goto end;
342 }
343 break;
344
345 case SSL3_ST_CR_CERT_REQ_A:
346 case SSL3_ST_CR_CERT_REQ_B:
347 ret=ssl3_get_certificate_request(s);
348 if (ret <= 0) goto end;
349 s->state=SSL3_ST_CR_SRVR_DONE_A;
350 s->init_num=0;
351 break;
352
353 case SSL3_ST_CR_SRVR_DONE_A:
354 case SSL3_ST_CR_SRVR_DONE_B:
355 ret=ssl3_get_server_done(s);
356 if (ret <= 0) goto end;
357 if (s->s3->tmp.cert_req)
358 s->state=SSL3_ST_CW_CERT_A;
359 else
360 s->state=SSL3_ST_CW_KEY_EXCH_A;
361 s->init_num=0;
362
363 break;
364
365 case SSL3_ST_CW_CERT_A:
366 case SSL3_ST_CW_CERT_B:
367 case SSL3_ST_CW_CERT_C:
368 case SSL3_ST_CW_CERT_D:
369 dtls1_start_timer(s);
370 ret=dtls1_send_client_certificate(s);
371 if (ret <= 0) goto end;
372 s->state=SSL3_ST_CW_KEY_EXCH_A;
373 s->init_num=0;
374 break;
375
376 case SSL3_ST_CW_KEY_EXCH_A:
377 case SSL3_ST_CW_KEY_EXCH_B:
378 dtls1_start_timer(s);
379 ret=dtls1_send_client_key_exchange(s);
380 if (ret <= 0) goto end;
381 /* EAY EAY EAY need to check for DH fix cert
382 * sent back */
383 /* For TLS, cert_req is set to 2, so a cert chain
384 * of nothing is sent, but no verify packet is sent */
385 if (s->s3->tmp.cert_req == 1)
386 {
387 s->state=SSL3_ST_CW_CERT_VRFY_A;
388 }
389 else
390 {
391 s->state=SSL3_ST_CW_CHANGE_A;
392 s->s3->change_cipher_spec=0;
393 }
394
395 s->init_num=0;
396 break;
397
398 case SSL3_ST_CW_CERT_VRFY_A:
399 case SSL3_ST_CW_CERT_VRFY_B:
400 dtls1_start_timer(s);
401 ret=dtls1_send_client_verify(s);
402 if (ret <= 0) goto end;
403 s->state=SSL3_ST_CW_CHANGE_A;
404 s->init_num=0;
405 s->s3->change_cipher_spec=0;
406 break;
407
408 case SSL3_ST_CW_CHANGE_A:
409 case SSL3_ST_CW_CHANGE_B:
410 if (!s->hit)
411 dtls1_start_timer(s);
412 ret=dtls1_send_change_cipher_spec(s,
413 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
414 if (ret <= 0) goto end;
415 s->state=SSL3_ST_CW_FINISHED_A;
416 s->init_num=0;
417
418 s->session->cipher=s->s3->tmp.new_cipher;
419#ifdef OPENSSL_NO_COMP
420 s->session->compress_meth=0;
421#else
422 if (s->s3->tmp.new_compression == NULL)
423 s->session->compress_meth=0;
424 else
425 s->session->compress_meth=
426 s->s3->tmp.new_compression->id;
427#endif
428 if (!s->method->ssl3_enc->setup_key_block(s))
429 {
430 ret= -1;
431 goto end;
432 }
433
434 if (!s->method->ssl3_enc->change_cipher_state(s,
435 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
436 {
437 ret= -1;
438 goto end;
439 }
440
441 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
442 break;
443
444 case SSL3_ST_CW_FINISHED_A:
445 case SSL3_ST_CW_FINISHED_B:
446 if (!s->hit)
447 dtls1_start_timer(s);
448 ret=dtls1_send_finished(s,
449 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
450 s->method->ssl3_enc->client_finished_label,
451 s->method->ssl3_enc->client_finished_label_len);
452 if (ret <= 0) goto end;
453 s->state=SSL3_ST_CW_FLUSH;
454
455 /* clear flags */
456 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
457 if (s->hit)
458 {
459 s->s3->tmp.next_state=SSL_ST_OK;
460 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
461 {
462 s->state=SSL_ST_OK;
463 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
464 s->s3->delay_buf_pop_ret=0;
465 }
466 }
467 else
468 {
469#ifndef OPENSSL_NO_TLSEXT
470 /* Allow NewSessionTicket if ticket expected */
471 if (s->tlsext_ticket_expected)
472 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
473 else
474#endif
475
476 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
477 }
478 s->init_num=0;
479 break;
480
481#ifndef OPENSSL_NO_TLSEXT
482 case SSL3_ST_CR_SESSION_TICKET_A:
483 case SSL3_ST_CR_SESSION_TICKET_B:
484 ret=ssl3_get_new_session_ticket(s);
485 if (ret <= 0) goto end;
486 s->state=SSL3_ST_CR_FINISHED_A;
487 s->init_num=0;
488 break;
489
490 case SSL3_ST_CR_CERT_STATUS_A:
491 case SSL3_ST_CR_CERT_STATUS_B:
492 ret=ssl3_get_cert_status(s);
493 if (ret <= 0) goto end;
494 s->state=SSL3_ST_CR_KEY_EXCH_A;
495 s->init_num=0;
496 break;
497#endif
498
499 case SSL3_ST_CR_FINISHED_A:
500 case SSL3_ST_CR_FINISHED_B:
501 s->d1->change_cipher_spec_ok = 1;
502 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
503 SSL3_ST_CR_FINISHED_B);
504 if (ret <= 0) goto end;
505 dtls1_stop_timer(s);
506
507 if (s->hit)
508 s->state=SSL3_ST_CW_CHANGE_A;
509 else
510 s->state=SSL_ST_OK;
511 s->init_num=0;
512 break;
513
514 case SSL3_ST_CW_FLUSH:
515 s->rwstate=SSL_WRITING;
516 if (BIO_flush(s->wbio) <= 0)
517 {
518 ret= -1;
519 goto end;
520 }
521 s->rwstate=SSL_NOTHING;
522 s->state=s->s3->tmp.next_state;
523 break;
524
525 case SSL_ST_OK:
526 /* clean a few things up */
527 ssl3_cleanup_key_block(s);
528
529#if 0
530 if (s->init_buf != NULL)
531 {
532 BUF_MEM_free(s->init_buf);
533 s->init_buf=NULL;
534 }
535#endif
536
537 /* If we are not 'joining' the last two packets,
538 * remove the buffering now */
539 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
540 ssl_free_wbio_buffer(s);
541 /* else do it later in ssl3_write */
542
543 s->init_num=0;
544 s->new_session=0;
545
546 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
547 if (s->hit) s->ctx->stats.sess_hit++;
548
549 ret=1;
550 /* s->server=0; */
551 s->handshake_func=dtls1_connect;
552 s->ctx->stats.sess_connect_good++;
553
554 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
555
556 /* done with handshaking */
557 s->d1->handshake_read_seq = 0;
558 s->d1->next_handshake_write_seq = 0;
559 goto end;
560 /* break; */
561
562 default:
563 SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
564 ret= -1;
565 goto end;
566 /* break; */
567 }
568
569 /* did we do anything */
570 if (!s->s3->tmp.reuse_message && !skip)
571 {
572 if (s->debug)
573 {
574 if ((ret=BIO_flush(s->wbio)) <= 0)
575 goto end;
576 }
577
578 if ((cb != NULL) && (s->state != state))
579 {
580 new_state=s->state;
581 s->state=state;
582 cb(s,SSL_CB_CONNECT_LOOP,1);
583 s->state=new_state;
584 }
585 }
586 skip=0;
587 }
588end:
589 s->in_handshake--;
590 if (buf != NULL)
591 BUF_MEM_free(buf);
592 if (cb != NULL)
593 cb(s,SSL_CB_CONNECT_EXIT,ret);
594 return(ret);
595 }
596
597int dtls1_client_hello(SSL *s)
598 {
599 unsigned char *buf;
600 unsigned char *p,*d;
601 unsigned int i,j;
602 unsigned long Time,l;
603 SSL_COMP *comp;
604
605 buf=(unsigned char *)s->init_buf->data;
606 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
607 {
608 SSL_SESSION *sess = s->session;
609 if ((s->session == NULL) ||
610 (s->session->ssl_version != s->version) ||
611#ifdef OPENSSL_NO_TLSEXT
612 !sess->session_id_length ||
613#else
614 (!sess->session_id_length && !sess->tlsext_tick) ||
615#endif
616 (s->session->not_resumable))
617 {
618 if (!ssl_get_new_session(s,0))
619 goto err;
620 }
621 /* else use the pre-loaded session */
622
623 p=s->s3->client_random;
624
625 /* if client_random is initialized, reuse it, we are
626 * required to use same upon reply to HelloVerify */
627 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
628 if (i==sizeof(s->s3->client_random))
629 {
630 Time=(unsigned long)time(NULL); /* Time */
631 l2n(Time,p);
632 RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
633 }
634
635 /* Do the message type and length last */
636 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
637
638 *(p++)=s->version>>8;
639 *(p++)=s->version&0xff;
640 s->client_version=s->version;
641
642 /* Random stuff */
643 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
644 p+=SSL3_RANDOM_SIZE;
645
646 /* Session ID */
647 if (s->new_session)
648 i=0;
649 else
650 i=s->session->session_id_length;
651 *(p++)=i;
652 if (i != 0)
653 {
654 if (i > sizeof s->session->session_id)
655 {
656 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
657 goto err;
658 }
659 memcpy(p,s->session->session_id,i);
660 p+=i;
661 }
662
663 /* cookie stuff */
664 if ( s->d1->cookie_len > sizeof(s->d1->cookie))
665 {
666 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
667 goto err;
668 }
669 *(p++) = s->d1->cookie_len;
670 memcpy(p, s->d1->cookie, s->d1->cookie_len);
671 p += s->d1->cookie_len;
672
673 /* Ciphers supported */
674 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
675 if (i == 0)
676 {
677 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
678 goto err;
679 }
680 s2n(i,p);
681 p+=i;
682
683 /* COMPRESSION */
684 if (s->ctx->comp_methods == NULL)
685 j=0;
686 else
687 j=sk_SSL_COMP_num(s->ctx->comp_methods);
688 *(p++)=1+j;
689 for (i=0; i<j; i++)
690 {
691 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
692 *(p++)=comp->id;
693 }
694 *(p++)=0; /* Add the NULL method */
695
696#ifndef OPENSSL_NO_TLSEXT
697 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
698 {
699 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
700 goto err;
701 }
702#endif
703
704 l=(p-d);
705 d=buf;
706
707 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
708
709 s->state=SSL3_ST_CW_CLNT_HELLO_B;
710 /* number of bytes to write */
711 s->init_num=p-buf;
712 s->init_off=0;
713
714 /* buffer the message to handle re-xmits */
715 dtls1_buffer_message(s, 0);
716 }
717
718 /* SSL3_ST_CW_CLNT_HELLO_B */
719 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
720err:
721 return(-1);
722 }
723
724static int dtls1_get_hello_verify(SSL *s)
725 {
726 int n, al, ok = 0;
727 unsigned char *data;
728 unsigned int cookie_len;
729
730 n=s->method->ssl_get_message(s,
731 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
732 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
733 -1,
734 s->max_cert_list,
735 &ok);
736
737 if (!ok) return((int)n);
738
739 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
740 {
741 s->d1->send_cookie = 0;
742 s->s3->tmp.reuse_message=1;
743 return(1);
744 }
745
746 data = (unsigned char *)s->init_msg;
747
748 if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
749 {
750 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
751 s->version=(s->version&0xff00)|data[1];
752 al = SSL_AD_PROTOCOL_VERSION;
753 goto f_err;
754 }
755 data+=2;
756
757 cookie_len = *(data++);
758 if ( cookie_len > sizeof(s->d1->cookie))
759 {
760 al=SSL_AD_ILLEGAL_PARAMETER;
761 goto f_err;
762 }
763
764 memcpy(s->d1->cookie, data, cookie_len);
765 s->d1->cookie_len = cookie_len;
766
767 s->d1->send_cookie = 1;
768 return 1;
769
770f_err:
771 ssl3_send_alert(s, SSL3_AL_FATAL, al);
772 return -1;
773 }
774
775int dtls1_send_client_key_exchange(SSL *s)
776 {
777 unsigned char *p,*d;
778 int n;
779 unsigned long alg_k;
780#ifndef OPENSSL_NO_RSA
781 unsigned char *q;
782 EVP_PKEY *pkey=NULL;
783#endif
784#ifndef OPENSSL_NO_KRB5
785 KSSL_ERR kssl_err;
786#endif /* OPENSSL_NO_KRB5 */
787#ifndef OPENSSL_NO_ECDH
788 EC_KEY *clnt_ecdh = NULL;
789 const EC_POINT *srvr_ecpoint = NULL;
790 EVP_PKEY *srvr_pub_pkey = NULL;
791 unsigned char *encodedPoint = NULL;
792 int encoded_pt_len = 0;
793 BN_CTX * bn_ctx = NULL;
794#endif
795
796 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
797 {
798 d=(unsigned char *)s->init_buf->data;
799 p= &(d[DTLS1_HM_HEADER_LENGTH]);
800
801 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
802
803 /* Fool emacs indentation */
804 if (0) {}
805#ifndef OPENSSL_NO_RSA
806 else if (alg_k & SSL_kRSA)
807 {
808 RSA *rsa;
809 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
810
811 if (s->session->sess_cert->peer_rsa_tmp != NULL)
812 rsa=s->session->sess_cert->peer_rsa_tmp;
813 else
814 {
815 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
816 if ((pkey == NULL) ||
817 (pkey->type != EVP_PKEY_RSA) ||
818 (pkey->pkey.rsa == NULL))
819 {
820 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
821 goto err;
822 }
823 rsa=pkey->pkey.rsa;
824 EVP_PKEY_free(pkey);
825 }
826
827 tmp_buf[0]=s->client_version>>8;
828 tmp_buf[1]=s->client_version&0xff;
829 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
830 goto err;
831
832 s->session->master_key_length=sizeof tmp_buf;
833
834 q=p;
835 /* Fix buf for TLS and [incidentally] DTLS */
836 if (s->version > SSL3_VERSION)
837 p+=2;
838 n=RSA_public_encrypt(sizeof tmp_buf,
839 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
840#ifdef PKCS1_CHECK
841 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
842 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
843#endif
844 if (n <= 0)
845 {
846 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
847 goto err;
848 }
849
850 /* Fix buf for TLS and [incidentally] DTLS */
851 if (s->version > SSL3_VERSION)
852 {
853 s2n(n,q);
854 n+=2;
855 }
856
857 s->session->master_key_length=
858 s->method->ssl3_enc->generate_master_secret(s,
859 s->session->master_key,
860 tmp_buf,sizeof tmp_buf);
861 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
862 }
863#endif
864#ifndef OPENSSL_NO_KRB5
865 else if (alg_k & SSL_kKRB5)
866 {
867 krb5_error_code krb5rc;
868 KSSL_CTX *kssl_ctx = s->kssl_ctx;
869 /* krb5_data krb5_ap_req; */
870 krb5_data *enc_ticket;
871 krb5_data authenticator, *authp = NULL;
872 EVP_CIPHER_CTX ciph_ctx;
873 const EVP_CIPHER *enc = NULL;
874 unsigned char iv[EVP_MAX_IV_LENGTH];
875 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
876 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
877 + EVP_MAX_IV_LENGTH];
878 int padl, outl = sizeof(epms);
879
880 EVP_CIPHER_CTX_init(&ciph_ctx);
881
882#ifdef KSSL_DEBUG
883 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
884 alg_k, SSL_kKRB5);
885#endif /* KSSL_DEBUG */
886
887 authp = NULL;
888#ifdef KRB5SENDAUTH
889 if (KRB5SENDAUTH) authp = &authenticator;
890#endif /* KRB5SENDAUTH */
891
892 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
893 &kssl_err);
894 enc = kssl_map_enc(kssl_ctx->enctype);
895 if (enc == NULL)
896 goto err;
897#ifdef KSSL_DEBUG
898 {
899 printf("kssl_cget_tkt rtn %d\n", krb5rc);
900 if (krb5rc && kssl_err.text)
901 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
902 }
903#endif /* KSSL_DEBUG */
904
905 if (krb5rc)
906 {
907 ssl3_send_alert(s,SSL3_AL_FATAL,
908 SSL_AD_HANDSHAKE_FAILURE);
909 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
910 kssl_err.reason);
911 goto err;
912 }
913
914 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
915 ** in place of RFC 2712 KerberosWrapper, as in:
916 **
917 ** Send ticket (copy to *p, set n = length)
918 ** n = krb5_ap_req.length;
919 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
920 ** if (krb5_ap_req.data)
921 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
922 **
923 ** Now using real RFC 2712 KerberosWrapper
924 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
925 ** Note: 2712 "opaque" types are here replaced
926 ** with a 2-byte length followed by the value.
927 ** Example:
928 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
929 ** Where "xx xx" = length bytes. Shown here with
930 ** optional authenticator omitted.
931 */
932
933 /* KerberosWrapper.Ticket */
934 s2n(enc_ticket->length,p);
935 memcpy(p, enc_ticket->data, enc_ticket->length);
936 p+= enc_ticket->length;
937 n = enc_ticket->length + 2;
938
939 /* KerberosWrapper.Authenticator */
940 if (authp && authp->length)
941 {
942 s2n(authp->length,p);
943 memcpy(p, authp->data, authp->length);
944 p+= authp->length;
945 n+= authp->length + 2;
946
947 free(authp->data);
948 authp->data = NULL;
949 authp->length = 0;
950 }
951 else
952 {
953 s2n(0,p);/* null authenticator length */
954 n+=2;
955 }
956
957 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
958 goto err;
959
960 /* 20010420 VRS. Tried it this way; failed.
961 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
962 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
963 ** kssl_ctx->length);
964 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
965 */
966
967 memset(iv, 0, sizeof iv); /* per RFC 1510 */
968 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
969 kssl_ctx->key,iv);
970 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
971 sizeof tmp_buf);
972 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
973 outl += padl;
974 if (outl > (int)sizeof epms)
975 {
976 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
977 goto err;
978 }
979 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
980
981 /* KerberosWrapper.EncryptedPreMasterSecret */
982 s2n(outl,p);
983 memcpy(p, epms, outl);
984 p+=outl;
985 n+=outl + 2;
986
987 s->session->master_key_length=
988 s->method->ssl3_enc->generate_master_secret(s,
989 s->session->master_key,
990 tmp_buf, sizeof tmp_buf);
991
992 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
993 OPENSSL_cleanse(epms, outl);
994 }
995#endif
996#ifndef OPENSSL_NO_DH
997 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
998 {
999 DH *dh_srvr,*dh_clnt;
1000
1001 if (s->session->sess_cert->peer_dh_tmp != NULL)
1002 dh_srvr=s->session->sess_cert->peer_dh_tmp;
1003 else
1004 {
1005 /* we get them from the cert */
1006 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1007 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1008 goto err;
1009 }
1010
1011 /* generate a new random key */
1012 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
1013 {
1014 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1015 goto err;
1016 }
1017 if (!DH_generate_key(dh_clnt))
1018 {
1019 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1020 goto err;
1021 }
1022
1023 /* use the 'p' output buffer for the DH key, but
1024 * make sure to clear it out afterwards */
1025
1026 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
1027
1028 if (n <= 0)
1029 {
1030 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1031 goto err;
1032 }
1033
1034 /* generate master key from the result */
1035 s->session->master_key_length=
1036 s->method->ssl3_enc->generate_master_secret(s,
1037 s->session->master_key,p,n);
1038 /* clean up */
1039 memset(p,0,n);
1040
1041 /* send off the data */
1042 n=BN_num_bytes(dh_clnt->pub_key);
1043 s2n(n,p);
1044 BN_bn2bin(dh_clnt->pub_key,p);
1045 n+=2;
1046
1047 DH_free(dh_clnt);
1048
1049 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1050 }
1051#endif
1052#ifndef OPENSSL_NO_ECDH
1053 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
1054 {
1055 const EC_GROUP *srvr_group = NULL;
1056 EC_KEY *tkey;
1057 int ecdh_clnt_cert = 0;
1058 int field_size = 0;
1059
1060 /* Did we send out the client's
1061 * ECDH share for use in premaster
1062 * computation as part of client certificate?
1063 * If so, set ecdh_clnt_cert to 1.
1064 */
1065 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
1066 {
1067 /* XXX: For now, we do not support client
1068 * authentication using ECDH certificates.
1069 * To add such support, one needs to add
1070 * code that checks for appropriate
1071 * conditions and sets ecdh_clnt_cert to 1.
1072 * For example, the cert have an ECC
1073 * key on the same curve as the server's
1074 * and the key should be authorized for
1075 * key agreement.
1076 *
1077 * One also needs to add code in ssl3_connect
1078 * to skip sending the certificate verify
1079 * message.
1080 *
1081 * if ((s->cert->key->privatekey != NULL) &&
1082 * (s->cert->key->privatekey->type ==
1083 * EVP_PKEY_EC) && ...)
1084 * ecdh_clnt_cert = 1;
1085 */
1086 }
1087
1088 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
1089 {
1090 tkey = s->session->sess_cert->peer_ecdh_tmp;
1091 }
1092 else
1093 {
1094 /* Get the Server Public Key from Cert */
1095 srvr_pub_pkey = X509_get_pubkey(s->session-> \
1096 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1097 if ((srvr_pub_pkey == NULL) ||
1098 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1099 (srvr_pub_pkey->pkey.ec == NULL))
1100 {
1101 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1102 ERR_R_INTERNAL_ERROR);
1103 goto err;
1104 }
1105
1106 tkey = srvr_pub_pkey->pkey.ec;
1107 }
1108
1109 srvr_group = EC_KEY_get0_group(tkey);
1110 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
1111
1112 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
1113 {
1114 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1115 ERR_R_INTERNAL_ERROR);
1116 goto err;
1117 }
1118
1119 if ((clnt_ecdh=EC_KEY_new()) == NULL)
1120 {
1121 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1122 goto err;
1123 }
1124
1125 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
1126 {
1127 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1128 goto err;
1129 }
1130 if (ecdh_clnt_cert)
1131 {
1132 /* Reuse key info from our certificate
1133 * We only need our private key to perform
1134 * the ECDH computation.
1135 */
1136 const BIGNUM *priv_key;
1137 tkey = s->cert->key->privatekey->pkey.ec;
1138 priv_key = EC_KEY_get0_private_key(tkey);
1139 if (priv_key == NULL)
1140 {
1141 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1142 goto err;
1143 }
1144 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
1145 {
1146 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1147 goto err;
1148 }
1149 }
1150 else
1151 {
1152 /* Generate a new ECDH key pair */
1153 if (!(EC_KEY_generate_key(clnt_ecdh)))
1154 {
1155 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1156 goto err;
1157 }
1158 }
1159
1160 /* use the 'p' output buffer for the ECDH key, but
1161 * make sure to clear it out afterwards
1162 */
1163
1164 field_size = EC_GROUP_get_degree(srvr_group);
1165 if (field_size <= 0)
1166 {
1167 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1168 ERR_R_ECDH_LIB);
1169 goto err;
1170 }
1171 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1172 if (n <= 0)
1173 {
1174 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1175 ERR_R_ECDH_LIB);
1176 goto err;
1177 }
1178
1179 /* generate master key from the result */
1180 s->session->master_key_length = s->method->ssl3_enc \
1181 -> generate_master_secret(s,
1182 s->session->master_key,
1183 p, n);
1184
1185 memset(p, 0, n); /* clean up */
1186
1187 if (ecdh_clnt_cert)
1188 {
1189 /* Send empty client key exch message */
1190 n = 0;
1191 }
1192 else
1193 {
1194 /* First check the size of encoding and
1195 * allocate memory accordingly.
1196 */
1197 encoded_pt_len =
1198 EC_POINT_point2oct(srvr_group,
1199 EC_KEY_get0_public_key(clnt_ecdh),
1200 POINT_CONVERSION_UNCOMPRESSED,
1201 NULL, 0, NULL);
1202
1203 encodedPoint = (unsigned char *)
1204 OPENSSL_malloc(encoded_pt_len *
1205 sizeof(unsigned char));
1206 bn_ctx = BN_CTX_new();
1207 if ((encodedPoint == NULL) ||
1208 (bn_ctx == NULL))
1209 {
1210 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1211 goto err;
1212 }
1213
1214 /* Encode the public key */
1215 n = EC_POINT_point2oct(srvr_group,
1216 EC_KEY_get0_public_key(clnt_ecdh),
1217 POINT_CONVERSION_UNCOMPRESSED,
1218 encodedPoint, encoded_pt_len, bn_ctx);
1219
1220 *p = n; /* length of encoded point */
1221 /* Encoded point will be copied here */
1222 p += 1;
1223 /* copy the point */
1224 memcpy((unsigned char *)p, encodedPoint, n);
1225 /* increment n to account for length field */
1226 n += 1;
1227 }
1228
1229 /* Free allocated memory */
1230 BN_CTX_free(bn_ctx);
1231 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1232 if (clnt_ecdh != NULL)
1233 EC_KEY_free(clnt_ecdh);
1234 EVP_PKEY_free(srvr_pub_pkey);
1235 }
1236#endif /* !OPENSSL_NO_ECDH */
1237
1238#ifndef OPENSSL_NO_PSK
1239 else if (alg_k & SSL_kPSK)
1240 {
1241 char identity[PSK_MAX_IDENTITY_LEN];
1242 unsigned char *t = NULL;
1243 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
1244 unsigned int pre_ms_len = 0, psk_len = 0;
1245 int psk_err = 1;
1246
1247 n = 0;
1248 if (s->psk_client_callback == NULL)
1249 {
1250 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1251 SSL_R_PSK_NO_CLIENT_CB);
1252 goto err;
1253 }
1254
1255 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
1256 identity, PSK_MAX_IDENTITY_LEN,
1257 psk_or_pre_ms, sizeof(psk_or_pre_ms));
1258 if (psk_len > PSK_MAX_PSK_LEN)
1259 {
1260 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1261 ERR_R_INTERNAL_ERROR);
1262 goto psk_err;
1263 }
1264 else if (psk_len == 0)
1265 {
1266 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1267 SSL_R_PSK_IDENTITY_NOT_FOUND);
1268 goto psk_err;
1269 }
1270
1271 /* create PSK pre_master_secret */
1272 pre_ms_len = 2+psk_len+2+psk_len;
1273 t = psk_or_pre_ms;
1274 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
1275 s2n(psk_len, t);
1276 memset(t, 0, psk_len);
1277 t+=psk_len;
1278 s2n(psk_len, t);
1279
1280 if (s->session->psk_identity_hint != NULL)
1281 OPENSSL_free(s->session->psk_identity_hint);
1282 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
1283 if (s->ctx->psk_identity_hint != NULL &&
1284 s->session->psk_identity_hint == NULL)
1285 {
1286 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1287 ERR_R_MALLOC_FAILURE);
1288 goto psk_err;
1289 }
1290
1291 if (s->session->psk_identity != NULL)
1292 OPENSSL_free(s->session->psk_identity);
1293 s->session->psk_identity = BUF_strdup(identity);
1294 if (s->session->psk_identity == NULL)
1295 {
1296 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1297 ERR_R_MALLOC_FAILURE);
1298 goto psk_err;
1299 }
1300
1301 s->session->master_key_length =
1302 s->method->ssl3_enc->generate_master_secret(s,
1303 s->session->master_key,
1304 psk_or_pre_ms, pre_ms_len);
1305 n = strlen(identity);
1306 s2n(n, p);
1307 memcpy(p, identity, n);
1308 n+=2;
1309 psk_err = 0;
1310 psk_err:
1311 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1312 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1313 if (psk_err != 0)
1314 {
1315 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1316 goto err;
1317 }
1318 }
1319#endif
1320 else
1321 {
1322 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1323 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1324 goto err;
1325 }
1326
1327 d = dtls1_set_message_header(s, d,
1328 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1329 /*
1330 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1331 l2n3(n,d);
1332 l2n(s->d1->handshake_write_seq,d);
1333 s->d1->handshake_write_seq++;
1334 */
1335
1336 s->state=SSL3_ST_CW_KEY_EXCH_B;
1337 /* number of bytes to write */
1338 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1339 s->init_off=0;
1340
1341 /* buffer the message to handle re-xmits */
1342 dtls1_buffer_message(s, 0);
1343 }
1344
1345 /* SSL3_ST_CW_KEY_EXCH_B */
1346 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1347err:
1348#ifndef OPENSSL_NO_ECDH
1349 BN_CTX_free(bn_ctx);
1350 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1351 if (clnt_ecdh != NULL)
1352 EC_KEY_free(clnt_ecdh);
1353 EVP_PKEY_free(srvr_pub_pkey);
1354#endif
1355 return(-1);
1356 }
1357
1358int dtls1_send_client_verify(SSL *s)
1359 {
1360 unsigned char *p,*d;
1361 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1362 EVP_PKEY *pkey;
1363#ifndef OPENSSL_NO_RSA
1364 unsigned u=0;
1365#endif
1366 unsigned long n;
1367#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1368 int j;
1369#endif
1370
1371 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
1372 {
1373 d=(unsigned char *)s->init_buf->data;
1374 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1375 pkey=s->cert->key->privatekey;
1376
1377 s->method->ssl3_enc->cert_verify_mac(s,
1378 NID_sha1,
1379 &(data[MD5_DIGEST_LENGTH]));
1380
1381#ifndef OPENSSL_NO_RSA
1382 if (pkey->type == EVP_PKEY_RSA)
1383 {
1384 s->method->ssl3_enc->cert_verify_mac(s,
1385 NID_md5,
1386 &(data[0]));
1387 if (RSA_sign(NID_md5_sha1, data,
1388 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1389 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
1390 {
1391 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1392 goto err;
1393 }
1394 s2n(u,p);
1395 n=u+2;
1396 }
1397 else
1398#endif
1399#ifndef OPENSSL_NO_DSA
1400 if (pkey->type == EVP_PKEY_DSA)
1401 {
1402 if (!DSA_sign(pkey->save_type,
1403 &(data[MD5_DIGEST_LENGTH]),
1404 SHA_DIGEST_LENGTH,&(p[2]),
1405 (unsigned int *)&j,pkey->pkey.dsa))
1406 {
1407 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1408 goto err;
1409 }
1410 s2n(j,p);
1411 n=j+2;
1412 }
1413 else
1414#endif
1415#ifndef OPENSSL_NO_ECDSA
1416 if (pkey->type == EVP_PKEY_EC)
1417 {
1418 if (!ECDSA_sign(pkey->save_type,
1419 &(data[MD5_DIGEST_LENGTH]),
1420 SHA_DIGEST_LENGTH,&(p[2]),
1421 (unsigned int *)&j,pkey->pkey.ec))
1422 {
1423 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1424 ERR_R_ECDSA_LIB);
1425 goto err;
1426 }
1427 s2n(j,p);
1428 n=j+2;
1429 }
1430 else
1431#endif
1432 {
1433 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
1434 goto err;
1435 }
1436
1437 d = dtls1_set_message_header(s, d,
1438 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
1439
1440 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
1441 s->init_off=0;
1442
1443 /* buffer the message to handle re-xmits */
1444 dtls1_buffer_message(s, 0);
1445
1446 s->state = SSL3_ST_CW_CERT_VRFY_B;
1447 }
1448
1449 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1450 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1451err:
1452 return(-1);
1453 }
1454
1455int dtls1_send_client_certificate(SSL *s)
1456 {
1457 X509 *x509=NULL;
1458 EVP_PKEY *pkey=NULL;
1459 int i;
1460 unsigned long l;
1461
1462 if (s->state == SSL3_ST_CW_CERT_A)
1463 {
1464 if ((s->cert == NULL) ||
1465 (s->cert->key->x509 == NULL) ||
1466 (s->cert->key->privatekey == NULL))
1467 s->state=SSL3_ST_CW_CERT_B;
1468 else
1469 s->state=SSL3_ST_CW_CERT_C;
1470 }
1471
1472 /* We need to get a client cert */
1473 if (s->state == SSL3_ST_CW_CERT_B)
1474 {
1475 /* If we get an error, we need to
1476 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1477 * We then get retied later */
1478 i=0;
1479 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1480 if (i < 0)
1481 {
1482 s->rwstate=SSL_X509_LOOKUP;
1483 return(-1);
1484 }
1485 s->rwstate=SSL_NOTHING;
1486 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
1487 {
1488 s->state=SSL3_ST_CW_CERT_B;
1489 if ( !SSL_use_certificate(s,x509) ||
1490 !SSL_use_PrivateKey(s,pkey))
1491 i=0;
1492 }
1493 else if (i == 1)
1494 {
1495 i=0;
1496 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1497 }
1498
1499 if (x509 != NULL) X509_free(x509);
1500 if (pkey != NULL) EVP_PKEY_free(pkey);
1501 if (i == 0)
1502 {
1503 if (s->version == SSL3_VERSION)
1504 {
1505 s->s3->tmp.cert_req=0;
1506 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
1507 return(1);
1508 }
1509 else
1510 {
1511 s->s3->tmp.cert_req=2;
1512 }
1513 }
1514
1515 /* Ok, we have a cert */
1516 s->state=SSL3_ST_CW_CERT_C;
1517 }
1518
1519 if (s->state == SSL3_ST_CW_CERT_C)
1520 {
1521 s->state=SSL3_ST_CW_CERT_D;
1522 l=dtls1_output_cert_chain(s,
1523 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
1524 s->init_num=(int)l;
1525 s->init_off=0;
1526
1527 /* set header called by dtls1_output_cert_chain() */
1528
1529 /* buffer the message to handle re-xmits */
1530 dtls1_buffer_message(s, 0);
1531 }
1532 /* SSL3_ST_CW_CERT_D */
1533 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1534 }
1535
1536
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index becbab91c2..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,289 +0,0 @@
1/* ssl/d1_enc.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h>
120#endif
121#include <openssl/evp.h>
122#include <openssl/hmac.h>
123#include <openssl/md5.h>
124#include <openssl/rand.h>
125#ifdef KSSL_DEBUG
126#include <openssl/des.h>
127#endif
128
129int dtls1_enc(SSL *s, int send)
130 {
131 SSL3_RECORD *rec;
132 EVP_CIPHER_CTX *ds;
133 unsigned long l;
134 int bs,i,ii,j,k,n=0;
135 const EVP_CIPHER *enc;
136
137 if (send)
138 {
139 if (EVP_MD_CTX_md(s->write_hash))
140 {
141 n=EVP_MD_CTX_size(s->write_hash);
142 if (n < 0)
143 return -1;
144 }
145 ds=s->enc_write_ctx;
146 rec= &(s->s3->wrec);
147 if (s->enc_write_ctx == NULL)
148 enc=NULL;
149 else
150 {
151 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
152 if ( rec->data != rec->input)
153 /* we can't write into the input stream */
154 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
155 __FILE__, __LINE__);
156 else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
157 {
158 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
159 return -1;
160 }
161 }
162 }
163 else
164 {
165 if (EVP_MD_CTX_md(s->read_hash))
166 {
167 n=EVP_MD_CTX_size(s->read_hash);
168 if (n < 0)
169 return -1;
170 }
171 ds=s->enc_read_ctx;
172 rec= &(s->s3->rrec);
173 if (s->enc_read_ctx == NULL)
174 enc=NULL;
175 else
176 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
177 }
178
179#ifdef KSSL_DEBUG
180 printf("dtls1_enc(%d)\n", send);
181#endif /* KSSL_DEBUG */
182
183 if ((s->session == NULL) || (ds == NULL) ||
184 (enc == NULL))
185 {
186 memmove(rec->data,rec->input,rec->length);
187 rec->input=rec->data;
188 }
189 else
190 {
191 l=rec->length;
192 bs=EVP_CIPHER_block_size(ds->cipher);
193
194 if ((bs != 1) && send)
195 {
196 i=bs-((int)l%bs);
197
198 /* Add weird padding of upto 256 bytes */
199
200 /* we need to add 'i' padding bytes of value j */
201 j=i-1;
202 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
203 {
204 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
205 j++;
206 }
207 for (k=(int)l; k<(int)(l+i); k++)
208 rec->input[k]=j;
209 l+=i;
210 rec->length+=i;
211 }
212
213#ifdef KSSL_DEBUG
214 {
215 unsigned long ui;
216 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
217 ds,rec->data,rec->input,l);
218 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
219 ds->buf_len, ds->cipher->key_len,
220 DES_KEY_SZ, DES_SCHEDULE_SZ,
221 ds->cipher->iv_len);
222 printf("\t\tIV: ");
223 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
224 printf("\n");
225 printf("\trec->input=");
226 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
227 printf("\n");
228 }
229#endif /* KSSL_DEBUG */
230
231 if (!send)
232 {
233 if (l == 0 || l%bs != 0)
234 return -1;
235 }
236
237 EVP_Cipher(ds,rec->data,rec->input,l);
238
239#ifdef KSSL_DEBUG
240 {
241 unsigned long i;
242 printf("\trec->data=");
243 for (i=0; i<l; i++)
244 printf(" %02x", rec->data[i]); printf("\n");
245 }
246#endif /* KSSL_DEBUG */
247
248 if ((bs != 1) && !send)
249 {
250 ii=i=rec->data[l-1]; /* padding_length */
251 i++;
252 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
253 {
254 /* First packet is even in size, so check */
255 if ((memcmp(s->s3->read_sequence,
256 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
257 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
258 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
259 i--;
260 }
261 /* TLS 1.0 does not bound the number of padding bytes by the block size.
262 * All of them must have value 'padding_length'. */
263 if (i > (int)rec->length)
264 {
265 /* Incorrect padding. SSLerr() and ssl3_alert are done
266 * by caller: we don't want to reveal whether this is
267 * a decryption error or a MAC verification failure
268 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
269 */
270 return -1;
271 }
272 for (j=(int)(l-i); j<(int)l; j++)
273 {
274 if (rec->data[j] != ii)
275 {
276 /* Incorrect padding */
277 return -1;
278 }
279 }
280 rec->length-=i;
281
282 rec->data += bs; /* skip the implicit IV */
283 rec->input += bs;
284 rec->length -= bs;
285 }
286 }
287 return(1);
288 }
289
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
deleted file mode 100644
index c3b77c889b..0000000000
--- a/src/lib/libssl/d1_lib.c
+++ /dev/null
@@ -1,450 +0,0 @@
1/* ssl/d1_lib.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#define USE_SOCKETS
62#include <openssl/objects.h>
63#include "ssl_locl.h"
64
65#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
66#include <sys/timeb.h>
67#endif
68
69static void get_current_time(struct timeval *t);
70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client);
72
73SSL3_ENC_METHOD DTLSv1_enc_data={
74 dtls1_enc,
75 tls1_mac,
76 tls1_setup_key_block,
77 tls1_generate_master_secret,
78 tls1_change_cipher_state,
79 tls1_final_finish_mac,
80 TLS1_FINISH_MAC_LENGTH,
81 tls1_cert_verify_mac,
82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
84 tls1_alert_code,
85 };
86
87long dtls1_default_timeout(void)
88 {
89 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
90 * is way too long for http, the cache would over fill */
91 return(60*60*2);
92 }
93
94int dtls1_new(SSL *s)
95 {
96 DTLS1_STATE *d1;
97
98 if (!ssl3_new(s)) return(0);
99 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
100 memset(d1,0, sizeof *d1);
101
102 /* d1->handshake_epoch=0; */
103
104 d1->unprocessed_rcds.q=pqueue_new();
105 d1->processed_rcds.q=pqueue_new();
106 d1->buffered_messages = pqueue_new();
107 d1->sent_messages=pqueue_new();
108 d1->buffered_app_data.q=pqueue_new();
109
110 if ( s->server)
111 {
112 d1->cookie_len = sizeof(s->d1->cookie);
113 }
114
115 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
116 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
117 {
118 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
119 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
120 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
121 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
122 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
123 OPENSSL_free(d1);
124 return (0);
125 }
126
127 s->d1=d1;
128 s->method->ssl_clear(s);
129 return(1);
130 }
131
132static void dtls1_clear_queues(SSL *s)
133 {
134 pitem *item = NULL;
135 hm_fragment *frag = NULL;
136 DTLS1_RECORD_DATA *rdata;
137
138 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
139 {
140 rdata = (DTLS1_RECORD_DATA *) item->data;
141 if (rdata->rbuf.buf)
142 {
143 OPENSSL_free(rdata->rbuf.buf);
144 }
145 OPENSSL_free(item->data);
146 pitem_free(item);
147 }
148
149 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
150 {
151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 if (rdata->rbuf.buf)
153 {
154 OPENSSL_free(rdata->rbuf.buf);
155 }
156 OPENSSL_free(item->data);
157 pitem_free(item);
158 }
159
160 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
161 {
162 frag = (hm_fragment *)item->data;
163 OPENSSL_free(frag->fragment);
164 OPENSSL_free(frag);
165 pitem_free(item);
166 }
167
168 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
169 {
170 frag = (hm_fragment *)item->data;
171 OPENSSL_free(frag->fragment);
172 OPENSSL_free(frag);
173 pitem_free(item);
174 }
175
176 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
177 {
178 frag = (hm_fragment *)item->data;
179 OPENSSL_free(frag->fragment);
180 OPENSSL_free(frag);
181 pitem_free(item);
182 }
183 }
184
185void dtls1_free(SSL *s)
186 {
187 ssl3_free(s);
188
189 dtls1_clear_queues(s);
190
191 pqueue_free(s->d1->unprocessed_rcds.q);
192 pqueue_free(s->d1->processed_rcds.q);
193 pqueue_free(s->d1->buffered_messages);
194 pqueue_free(s->d1->sent_messages);
195 pqueue_free(s->d1->buffered_app_data.q);
196
197 OPENSSL_free(s->d1);
198 }
199
200void dtls1_clear(SSL *s)
201 {
202 pqueue unprocessed_rcds;
203 pqueue processed_rcds;
204 pqueue buffered_messages;
205 pqueue sent_messages;
206 pqueue buffered_app_data;
207 unsigned int mtu;
208
209 if (s->d1)
210 {
211 unprocessed_rcds = s->d1->unprocessed_rcds.q;
212 processed_rcds = s->d1->processed_rcds.q;
213 buffered_messages = s->d1->buffered_messages;
214 sent_messages = s->d1->sent_messages;
215 buffered_app_data = s->d1->buffered_app_data.q;
216 mtu = s->d1->mtu;
217
218 dtls1_clear_queues(s);
219
220 memset(s->d1, 0, sizeof(*(s->d1)));
221
222 if (s->server)
223 {
224 s->d1->cookie_len = sizeof(s->d1->cookie);
225 }
226
227 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
228 {
229 s->d1->mtu = mtu;
230 }
231
232 s->d1->unprocessed_rcds.q = unprocessed_rcds;
233 s->d1->processed_rcds.q = processed_rcds;
234 s->d1->buffered_messages = buffered_messages;
235 s->d1->sent_messages = sent_messages;
236 s->d1->buffered_app_data.q = buffered_app_data;
237 }
238
239 ssl3_clear(s);
240 if (s->options & SSL_OP_CISCO_ANYCONNECT)
241 s->version=DTLS1_BAD_VER;
242 else
243 s->version=DTLS1_VERSION;
244 }
245
246long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
247 {
248 int ret=0;
249
250 switch (cmd)
251 {
252 case DTLS_CTRL_GET_TIMEOUT:
253 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
254 {
255 ret = 1;
256 }
257 break;
258 case DTLS_CTRL_HANDLE_TIMEOUT:
259 ret = dtls1_handle_timeout(s);
260 break;
261 case DTLS_CTRL_LISTEN:
262 ret = dtls1_listen(s, parg);
263 break;
264
265 default:
266 ret = ssl3_ctrl(s, cmd, larg, parg);
267 break;
268 }
269 return(ret);
270 }
271
272/*
273 * As it's impossible to use stream ciphers in "datagram" mode, this
274 * simple filter is designed to disengage them in DTLS. Unfortunately
275 * there is no universal way to identify stream SSL_CIPHER, so we have
276 * to explicitly list their SSL_* codes. Currently RC4 is the only one
277 * available, but if new ones emerge, they will have to be added...
278 */
279const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
280 {
281 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
282
283 if (ciph != NULL)
284 {
285 if (ciph->algorithm_enc == SSL_RC4)
286 return NULL;
287 }
288
289 return ciph;
290 }
291
292void dtls1_start_timer(SSL *s)
293 {
294 /* If timer is not set, initialize duration with 1 second */
295 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
296 {
297 s->d1->timeout_duration = 1;
298 }
299
300 /* Set timeout to current time */
301 get_current_time(&(s->d1->next_timeout));
302
303 /* Add duration to current time */
304 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
305 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
306 }
307
308struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
309 {
310 struct timeval timenow;
311
312 /* If no timeout is set, just return NULL */
313 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
314 {
315 return NULL;
316 }
317
318 /* Get current time */
319 get_current_time(&timenow);
320
321 /* If timer already expired, set remaining time to 0 */
322 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
323 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
324 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
325 {
326 memset(timeleft, 0, sizeof(struct timeval));
327 return timeleft;
328 }
329
330 /* Calculate time left until timer expires */
331 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
332 timeleft->tv_sec -= timenow.tv_sec;
333 timeleft->tv_usec -= timenow.tv_usec;
334 if (timeleft->tv_usec < 0)
335 {
336 timeleft->tv_sec--;
337 timeleft->tv_usec += 1000000;
338 }
339
340 /* If remaining time is less than 15 ms, set it to 0
341 * to prevent issues because of small devergences with
342 * socket timeouts.
343 */
344 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
345 {
346 memset(timeleft, 0, sizeof(struct timeval));
347 }
348
349
350 return timeleft;
351 }
352
353int dtls1_is_timer_expired(SSL *s)
354 {
355 struct timeval timeleft;
356
357 /* Get time left until timeout, return false if no timer running */
358 if (dtls1_get_timeout(s, &timeleft) == NULL)
359 {
360 return 0;
361 }
362
363 /* Return false if timer is not expired yet */
364 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
365 {
366 return 0;
367 }
368
369 /* Timer expired, so return true */
370 return 1;
371 }
372
373void dtls1_double_timeout(SSL *s)
374 {
375 s->d1->timeout_duration *= 2;
376 if (s->d1->timeout_duration > 60)
377 s->d1->timeout_duration = 60;
378 dtls1_start_timer(s);
379 }
380
381void dtls1_stop_timer(SSL *s)
382 {
383 /* Reset everything */
384 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
385 s->d1->timeout_duration = 1;
386 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
387 /* Clear retransmission buffer */
388 dtls1_clear_record_buffer(s);
389 }
390
391int dtls1_handle_timeout(SSL *s)
392 {
393 DTLS1_STATE *state;
394
395 /* if no timer is expired, don't do anything */
396 if (!dtls1_is_timer_expired(s))
397 {
398 return 0;
399 }
400
401 dtls1_double_timeout(s);
402 state = s->d1;
403 state->timeout.num_alerts++;
404 if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
405 {
406 /* fail the connection, enough alerts have been sent */
407 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
408 return -1;
409 }
410
411 state->timeout.read_timeouts++;
412 if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
413 {
414 state->timeout.read_timeouts = 1;
415 }
416
417 dtls1_start_timer(s);
418 return dtls1_retransmit_buffered_messages(s);
419 }
420
421static void get_current_time(struct timeval *t)
422{
423#ifdef OPENSSL_SYS_WIN32
424 struct _timeb tb;
425 _ftime(&tb);
426 t->tv_sec = (long)tb.time;
427 t->tv_usec = (long)tb.millitm * 1000;
428#elif defined(OPENSSL_SYS_VMS)
429 struct timeb tb;
430 ftime(&tb);
431 t->tv_sec = (long)tb.time;
432 t->tv_usec = (long)tb.millitm * 1000;
433#else
434 gettimeofday(t, NULL);
435#endif
436}
437
438int dtls1_listen(SSL *s, struct sockaddr *client)
439 {
440 int ret;
441
442 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
443 s->d1->listen = 1;
444
445 ret = SSL_accept(s);
446 if (ret <= 0) return ret;
447
448 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
449 return 1;
450 }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
deleted file mode 100644
index 5c4004bfe3..0000000000
--- a/src/lib/libssl/d1_meth.c
+++ /dev/null
@@ -1,77 +0,0 @@
1/* ssl/d1_meth.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include <openssl/objects.h>
62#include "ssl_locl.h"
63
64static const SSL_METHOD *dtls1_get_method(int ver);
65static const SSL_METHOD *dtls1_get_method(int ver)
66 {
67 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method());
69 else
70 return(NULL);
71 }
72
73IMPLEMENT_dtls1_meth_func(DTLSv1_method,
74 dtls1_accept,
75 dtls1_connect,
76 dtls1_get_method)
77
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
deleted file mode 100644
index e0c0f0cc9a..0000000000
--- a/src/lib/libssl/d1_pkt.c
+++ /dev/null
@@ -1,1777 +0,0 @@
1/* ssl/d1_pkt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include <errno.h>
118#define USE_SOCKETS
119#include "ssl_locl.h"
120#include <openssl/evp.h>
121#include <openssl/buffer.h>
122#include <openssl/pqueue.h>
123#include <openssl/rand.h>
124
125/* mod 128 saturating subtract of two 64-bit values in big-endian order */
126static int satsub64be(const unsigned char *v1,const unsigned char *v2)
127{ int ret,sat,brw,i;
128
129 if (sizeof(long) == 8) do
130 { const union { long one; char little; } is_endian = {1};
131 long l;
132
133 if (is_endian.little) break;
134 /* not reached on little-endians */
135 /* following test is redundant, because input is
136 * always aligned, but I take no chances... */
137 if (((size_t)v1|(size_t)v2)&0x7) break;
138
139 l = *((long *)v1);
140 l -= *((long *)v2);
141 if (l>128) return 128;
142 else if (l<-128) return -128;
143 else return (int)l;
144 } while (0);
145
146 ret = (int)v1[7]-(int)v2[7];
147 sat = 0;
148 brw = ret>>8; /* brw is either 0 or -1 */
149 if (ret & 0x80)
150 { for (i=6;i>=0;i--)
151 { brw += (int)v1[i]-(int)v2[i];
152 sat |= ~brw;
153 brw >>= 8;
154 }
155 }
156 else
157 { for (i=6;i>=0;i--)
158 { brw += (int)v1[i]-(int)v2[i];
159 sat |= brw;
160 brw >>= 8;
161 }
162 }
163 brw <<= 8; /* brw is either 0 or -256 */
164
165 if (sat&0xff) return brw | 0x80;
166 else return brw + (ret&0xFF);
167}
168
169static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
170 int len, int peek);
171static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
172static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
173static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
174 unsigned int *is_next_epoch);
175#if 0
176static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
177 unsigned short *priority, unsigned long *offset);
178#endif
179static int dtls1_buffer_record(SSL *s, record_pqueue *q,
180 unsigned char *priority);
181static int dtls1_process_record(SSL *s);
182static void dtls1_clear_timeouts(SSL *s);
183
184/* copy buffered record into SSL structure */
185static int
186dtls1_copy_record(SSL *s, pitem *item)
187 {
188 DTLS1_RECORD_DATA *rdata;
189
190 rdata = (DTLS1_RECORD_DATA *)item->data;
191
192 if (s->s3->rbuf.buf != NULL)
193 OPENSSL_free(s->s3->rbuf.buf);
194
195 s->packet = rdata->packet;
196 s->packet_length = rdata->packet_length;
197 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
198 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
199
200 /* Set proper sequence number for mac calculation */
201 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
202
203 return(1);
204 }
205
206
207static int
208dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
209 {
210 DTLS1_RECORD_DATA *rdata;
211 pitem *item;
212
213 /* Limit the size of the queue to prevent DOS attacks */
214 if (pqueue_size(queue->q) >= 100)
215 return 0;
216
217 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
218 item = pitem_new(priority, rdata);
219 if (rdata == NULL || item == NULL)
220 {
221 if (rdata != NULL) OPENSSL_free(rdata);
222 if (item != NULL) pitem_free(item);
223
224 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
225 return(0);
226 }
227
228 rdata->packet = s->packet;
229 rdata->packet_length = s->packet_length;
230 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
231 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
232
233 item->data = rdata;
234
235 /* insert should not fail, since duplicates are dropped */
236 if (pqueue_insert(queue->q, item) == NULL)
237 {
238 OPENSSL_free(rdata);
239 pitem_free(item);
240 return(0);
241 }
242
243 s->packet = NULL;
244 s->packet_length = 0;
245 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
246 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
247
248 if (!ssl3_setup_buffers(s))
249 {
250 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
251 OPENSSL_free(rdata);
252 pitem_free(item);
253 return(0);
254 }
255
256 return(1);
257 }
258
259
260static int
261dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
262 {
263 pitem *item;
264
265 item = pqueue_pop(queue->q);
266 if (item)
267 {
268 dtls1_copy_record(s, item);
269
270 OPENSSL_free(item->data);
271 pitem_free(item);
272
273 return(1);
274 }
275
276 return(0);
277 }
278
279
280/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
281 * yet */
282#define dtls1_get_unprocessed_record(s) \
283 dtls1_retrieve_buffered_record((s), \
284 &((s)->d1->unprocessed_rcds))
285
286/* retrieve a buffered record that belongs to the current epoch, ie, processed */
287#define dtls1_get_processed_record(s) \
288 dtls1_retrieve_buffered_record((s), \
289 &((s)->d1->processed_rcds))
290
291static int
292dtls1_process_buffered_records(SSL *s)
293 {
294 pitem *item;
295
296 item = pqueue_peek(s->d1->unprocessed_rcds.q);
297 if (item)
298 {
299 /* Check if epoch is current. */
300 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
301 return(1); /* Nothing to do. */
302
303 /* Process all the records. */
304 while (pqueue_peek(s->d1->unprocessed_rcds.q))
305 {
306 dtls1_get_unprocessed_record(s);
307 if ( ! dtls1_process_record(s))
308 return(0);
309 dtls1_buffer_record(s, &(s->d1->processed_rcds),
310 s->s3->rrec.seq_num);
311 }
312 }
313
314 /* sync epoch numbers once all the unprocessed records
315 * have been processed */
316 s->d1->processed_rcds.epoch = s->d1->r_epoch;
317 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
318
319 return(1);
320 }
321
322
323#if 0
324
325static int
326dtls1_get_buffered_record(SSL *s)
327 {
328 pitem *item;
329 PQ_64BIT priority =
330 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
331 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
332
333 if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
334 nothing buffered */
335 return 0;
336
337
338 item = pqueue_peek(s->d1->rcvd_records);
339 if (item && item->priority == priority)
340 {
341 /* Check if we've received the record of interest. It must be
342 * a handshake record, since data records as passed up without
343 * buffering */
344 DTLS1_RECORD_DATA *rdata;
345 item = pqueue_pop(s->d1->rcvd_records);
346 rdata = (DTLS1_RECORD_DATA *)item->data;
347
348 if (s->s3->rbuf.buf != NULL)
349 OPENSSL_free(s->s3->rbuf.buf);
350
351 s->packet = rdata->packet;
352 s->packet_length = rdata->packet_length;
353 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
354 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
355
356 OPENSSL_free(item->data);
357 pitem_free(item);
358
359 /* s->d1->next_expected_seq_num++; */
360 return(1);
361 }
362
363 return 0;
364 }
365
366#endif
367
368static int
369dtls1_process_record(SSL *s)
370{
371 int i,al;
372 int clear=0;
373 int enc_err;
374 SSL_SESSION *sess;
375 SSL3_RECORD *rr;
376 unsigned int mac_size;
377 unsigned char md[EVP_MAX_MD_SIZE];
378 int decryption_failed_or_bad_record_mac = 0;
379
380
381 rr= &(s->s3->rrec);
382 sess = s->session;
383
384 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
385 * and we have that many bytes in s->packet
386 */
387 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
388
389 /* ok, we can now read from 's->packet' data into 'rr'
390 * rr->input points at rr->length bytes, which
391 * need to be copied into rr->data by either
392 * the decryption or by the decompression
393 * When the data is 'copied' into the rr->data buffer,
394 * rr->input will be pointed at the new buffer */
395
396 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
397 * rr->length bytes of encrypted compressed stuff. */
398
399 /* check is not needed I believe */
400 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
401 {
402 al=SSL_AD_RECORD_OVERFLOW;
403 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
404 goto f_err;
405 }
406
407 /* decrypt in place in 'rr->input' */
408 rr->data=rr->input;
409
410 enc_err = s->method->ssl3_enc->enc(s,0);
411 if (enc_err <= 0)
412 {
413 /* To minimize information leaked via timing, we will always
414 * perform all computations before discarding the message.
415 */
416 decryption_failed_or_bad_record_mac = 1;
417 }
418
419#ifdef TLS_DEBUG
420printf("dec %d\n",rr->length);
421{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
422printf("\n");
423#endif
424
425 /* r->length is now the compressed data plus mac */
426 if ( (sess == NULL) ||
427 (s->enc_read_ctx == NULL) ||
428 (s->read_hash == NULL))
429 clear=1;
430
431 if (!clear)
432 {
433 /* !clear => s->read_hash != NULL => mac_size != -1 */
434 int t;
435 t=EVP_MD_CTX_size(s->read_hash);
436 OPENSSL_assert(t >= 0);
437 mac_size=t;
438
439 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
440 {
441#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
442 al=SSL_AD_RECORD_OVERFLOW;
443 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
444 goto f_err;
445#else
446 decryption_failed_or_bad_record_mac = 1;
447#endif
448 }
449 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
450 if (rr->length < mac_size)
451 {
452#if 0 /* OK only for stream ciphers */
453 al=SSL_AD_DECODE_ERROR;
454 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
455 goto f_err;
456#else
457 decryption_failed_or_bad_record_mac = 1;
458#endif
459 }
460 rr->length-=mac_size;
461 i=s->method->ssl3_enc->mac(s,md,0);
462 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
463 {
464 decryption_failed_or_bad_record_mac = 1;
465 }
466 }
467
468 if (decryption_failed_or_bad_record_mac)
469 {
470 /* decryption failed, silently discard message */
471 rr->length = 0;
472 s->packet_length = 0;
473 goto err;
474 }
475
476 /* r->length is now just compressed */
477 if (s->expand != NULL)
478 {
479 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
480 {
481 al=SSL_AD_RECORD_OVERFLOW;
482 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
483 goto f_err;
484 }
485 if (!ssl3_do_uncompress(s))
486 {
487 al=SSL_AD_DECOMPRESSION_FAILURE;
488 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
489 goto f_err;
490 }
491 }
492
493 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
494 {
495 al=SSL_AD_RECORD_OVERFLOW;
496 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
497 goto f_err;
498 }
499
500 rr->off=0;
501 /* So at this point the following is true
502 * ssl->s3->rrec.type is the type of record
503 * ssl->s3->rrec.length == number of bytes in record
504 * ssl->s3->rrec.off == offset to first valid byte
505 * ssl->s3->rrec.data == where to take bytes from, increment
506 * after use :-).
507 */
508
509 /* we have pulled in a full packet so zero things */
510 s->packet_length=0;
511 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
512 return(1);
513
514f_err:
515 ssl3_send_alert(s,SSL3_AL_FATAL,al);
516err:
517 return(0);
518}
519
520
521/* Call this to get a new input record.
522 * It will return <= 0 if more data is needed, normally due to an error
523 * or non-blocking IO.
524 * When it finishes, one packet has been decoded and can be found in
525 * ssl->s3->rrec.type - is the type of record
526 * ssl->s3->rrec.data, - data
527 * ssl->s3->rrec.length, - number of bytes
528 */
529/* used only by dtls1_read_bytes */
530int dtls1_get_record(SSL *s)
531 {
532 int ssl_major,ssl_minor;
533 int i,n;
534 SSL3_RECORD *rr;
535 unsigned char *p = NULL;
536 unsigned short version;
537 DTLS1_BITMAP *bitmap;
538 unsigned int is_next_epoch;
539
540 rr= &(s->s3->rrec);
541
542 /* The epoch may have changed. If so, process all the
543 * pending records. This is a non-blocking operation. */
544 dtls1_process_buffered_records(s);
545
546 /* if we're renegotiating, then there may be buffered records */
547 if (dtls1_get_processed_record(s))
548 return 1;
549
550 /* get something from the wire */
551again:
552 /* check if we have the header */
553 if ( (s->rstate != SSL_ST_READ_BODY) ||
554 (s->packet_length < DTLS1_RT_HEADER_LENGTH))
555 {
556 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
557 /* read timeout is handled by dtls1_read_bytes */
558 if (n <= 0) return(n); /* error or non-blocking */
559
560 /* this packet contained a partial record, dump it */
561 if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
562 {
563 s->packet_length = 0;
564 goto again;
565 }
566
567 s->rstate=SSL_ST_READ_BODY;
568
569 p=s->packet;
570
571 /* Pull apart the header into the DTLS1_RECORD */
572 rr->type= *(p++);
573 ssl_major= *(p++);
574 ssl_minor= *(p++);
575 version=(ssl_major<<8)|ssl_minor;
576
577 /* sequence number is 64 bits, with top 2 bytes = epoch */
578 n2s(p,rr->epoch);
579
580 memcpy(&(s->s3->read_sequence[2]), p, 6);
581 p+=6;
582
583 n2s(p,rr->length);
584
585 /* Lets check version */
586 if (!s->first_packet)
587 {
588 if (version != s->version)
589 {
590 /* unexpected version, silently discard */
591 rr->length = 0;
592 s->packet_length = 0;
593 goto again;
594 }
595 }
596
597 if ((version & 0xff00) != (s->version & 0xff00))
598 {
599 /* wrong version, silently discard record */
600 rr->length = 0;
601 s->packet_length = 0;
602 goto again;
603 }
604
605 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
606 {
607 /* record too long, silently discard it */
608 rr->length = 0;
609 s->packet_length = 0;
610 goto again;
611 }
612
613 /* now s->rstate == SSL_ST_READ_BODY */
614 }
615
616 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
617
618 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
619 {
620 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
621 i=rr->length;
622 n=ssl3_read_n(s,i,i,1);
623 if (n <= 0) return(n); /* error or non-blocking io */
624
625 /* this packet contained a partial record, dump it */
626 if ( n != i)
627 {
628 rr->length = 0;
629 s->packet_length = 0;
630 goto again;
631 }
632
633 /* now n == rr->length,
634 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
635 }
636 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
637
638 /* match epochs. NULL means the packet is dropped on the floor */
639 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
640 if ( bitmap == NULL)
641 {
642 rr->length = 0;
643 s->packet_length = 0; /* dump this record */
644 goto again; /* get another record */
645 }
646
647 /* Check whether this is a repeat, or aged record.
648 * Don't check if we're listening and this message is
649 * a ClientHello. They can look as if they're replayed,
650 * since they arrive from different connections and
651 * would be dropped unnecessarily.
652 */
653 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
654 *p == SSL3_MT_CLIENT_HELLO) &&
655 !dtls1_record_replay_check(s, bitmap))
656 {
657 rr->length = 0;
658 s->packet_length=0; /* dump this record */
659 goto again; /* get another record */
660 }
661
662 /* just read a 0 length packet */
663 if (rr->length == 0) goto again;
664
665 /* If this record is from the next epoch (either HM or ALERT),
666 * and a handshake is currently in progress, buffer it since it
667 * cannot be processed at this time. However, do not buffer
668 * anything while listening.
669 */
670 if (is_next_epoch)
671 {
672 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
673 {
674 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
675 }
676 rr->length = 0;
677 s->packet_length = 0;
678 goto again;
679 }
680
681 if (!dtls1_process_record(s))
682 {
683 rr->length = 0;
684 s->packet_length = 0; /* dump this record */
685 goto again; /* get another record */
686 }
687
688 dtls1_clear_timeouts(s); /* done waiting */
689 return(1);
690
691 }
692
693/* Return up to 'len' payload bytes received in 'type' records.
694 * 'type' is one of the following:
695 *
696 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
697 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
698 * - 0 (during a shutdown, no data has to be returned)
699 *
700 * If we don't have stored data to work from, read a SSL/TLS record first
701 * (possibly multiple records if we still don't have anything to return).
702 *
703 * This function must handle any surprises the peer may have for us, such as
704 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
705 * a surprise, but handled as if it were), or renegotiation requests.
706 * Also if record payloads contain fragments too small to process, we store
707 * them until there is enough for the respective protocol (the record protocol
708 * may use arbitrary fragmentation and even interleaving):
709 * Change cipher spec protocol
710 * just 1 byte needed, no need for keeping anything stored
711 * Alert protocol
712 * 2 bytes needed (AlertLevel, AlertDescription)
713 * Handshake protocol
714 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
715 * to detect unexpected Client Hello and Hello Request messages
716 * here, anything else is handled by higher layers
717 * Application data protocol
718 * none of our business
719 */
720int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
721 {
722 int al,i,j,ret;
723 unsigned int n;
724 SSL3_RECORD *rr;
725 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
726
727 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
728 if (!ssl3_setup_buffers(s))
729 return(-1);
730
731 /* XXX: check what the second '&& type' is about */
732 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
733 (type != SSL3_RT_HANDSHAKE) && type) ||
734 (peek && (type != SSL3_RT_APPLICATION_DATA)))
735 {
736 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
737 return -1;
738 }
739
740 /* check whether there's a handshake message (client hello?) waiting */
741 if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
742 return ret;
743
744 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
745
746 if (!s->in_handshake && SSL_in_init(s))
747 {
748 /* type == SSL3_RT_APPLICATION_DATA */
749 i=s->handshake_func(s);
750 if (i < 0) return(i);
751 if (i == 0)
752 {
753 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
754 return(-1);
755 }
756 }
757
758start:
759 s->rwstate=SSL_NOTHING;
760
761 /* s->s3->rrec.type - is the type of record
762 * s->s3->rrec.data, - data
763 * s->s3->rrec.off, - offset into 'data' for next read
764 * s->s3->rrec.length, - number of bytes. */
765 rr = &(s->s3->rrec);
766
767 /* We are not handshaking and have no data yet,
768 * so process data buffered during the last handshake
769 * in advance, if any.
770 */
771 if (s->state == SSL_ST_OK && rr->length == 0)
772 {
773 pitem *item;
774 item = pqueue_pop(s->d1->buffered_app_data.q);
775 if (item)
776 {
777 dtls1_copy_record(s, item);
778
779 OPENSSL_free(item->data);
780 pitem_free(item);
781 }
782 }
783
784 /* Check for timeout */
785 if (dtls1_handle_timeout(s) > 0)
786 goto start;
787
788 /* get new packet if necessary */
789 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
790 {
791 ret=dtls1_get_record(s);
792 if (ret <= 0)
793 {
794 ret = dtls1_read_failed(s, ret);
795 /* anything other than a timeout is an error */
796 if (ret <= 0)
797 return(ret);
798 else
799 goto start;
800 }
801 }
802
803 /* we now have a packet which can be read and processed */
804
805 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
806 * reset by ssl3_get_finished */
807 && (rr->type != SSL3_RT_HANDSHAKE))
808 {
809 /* We now have application data between CCS and Finished.
810 * Most likely the packets were reordered on their way, so
811 * buffer the application data for later processing rather
812 * than dropping the connection.
813 */
814 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
815 rr->length = 0;
816 goto start;
817 }
818
819 /* If the other end has shut down, throw anything we read away
820 * (even in 'peek' mode) */
821 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
822 {
823 rr->length=0;
824 s->rwstate=SSL_NOTHING;
825 return(0);
826 }
827
828
829 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
830 {
831 /* make sure that we are not getting application data when we
832 * are doing a handshake for the first time */
833 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
834 (s->enc_read_ctx == NULL))
835 {
836 al=SSL_AD_UNEXPECTED_MESSAGE;
837 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
838 goto f_err;
839 }
840
841 if (len <= 0) return(len);
842
843 if ((unsigned int)len > rr->length)
844 n = rr->length;
845 else
846 n = (unsigned int)len;
847
848 memcpy(buf,&(rr->data[rr->off]),n);
849 if (!peek)
850 {
851 rr->length-=n;
852 rr->off+=n;
853 if (rr->length == 0)
854 {
855 s->rstate=SSL_ST_READ_HEADER;
856 rr->off=0;
857 }
858 }
859 return(n);
860 }
861
862
863 /* If we get here, then type != rr->type; if we have a handshake
864 * message, then it was unexpected (Hello Request or Client Hello). */
865
866 /* In case of record types for which we have 'fragment' storage,
867 * fill that so that we can process the data at a fixed place.
868 */
869 {
870 unsigned int k, dest_maxlen = 0;
871 unsigned char *dest = NULL;
872 unsigned int *dest_len = NULL;
873
874 if (rr->type == SSL3_RT_HANDSHAKE)
875 {
876 dest_maxlen = sizeof s->d1->handshake_fragment;
877 dest = s->d1->handshake_fragment;
878 dest_len = &s->d1->handshake_fragment_len;
879 }
880 else if (rr->type == SSL3_RT_ALERT)
881 {
882 dest_maxlen = sizeof(s->d1->alert_fragment);
883 dest = s->d1->alert_fragment;
884 dest_len = &s->d1->alert_fragment_len;
885 }
886 /* else it's a CCS message, or application data or wrong */
887 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
888 {
889 /* Application data while renegotiating
890 * is allowed. Try again reading.
891 */
892 if (rr->type == SSL3_RT_APPLICATION_DATA)
893 {
894 BIO *bio;
895 s->s3->in_read_app_data=2;
896 bio=SSL_get_rbio(s);
897 s->rwstate=SSL_READING;
898 BIO_clear_retry_flags(bio);
899 BIO_set_retry_read(bio);
900 return(-1);
901 }
902
903 /* Not certain if this is the right error handling */
904 al=SSL_AD_UNEXPECTED_MESSAGE;
905 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
906 goto f_err;
907 }
908
909 if (dest_maxlen > 0)
910 {
911 /* XDTLS: In a pathalogical case, the Client Hello
912 * may be fragmented--don't always expect dest_maxlen bytes */
913 if ( rr->length < dest_maxlen)
914 {
915#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
916 /*
917 * for normal alerts rr->length is 2, while
918 * dest_maxlen is 7 if we were to handle this
919 * non-existing alert...
920 */
921 FIX ME
922#endif
923 s->rstate=SSL_ST_READ_HEADER;
924 rr->length = 0;
925 goto start;
926 }
927
928 /* now move 'n' bytes: */
929 for ( k = 0; k < dest_maxlen; k++)
930 {
931 dest[k] = rr->data[rr->off++];
932 rr->length--;
933 }
934 *dest_len = dest_maxlen;
935 }
936 }
937
938 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
939 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
940 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
941
942 /* If we are a client, check for an incoming 'Hello Request': */
943 if ((!s->server) &&
944 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
945 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
946 (s->session != NULL) && (s->session->cipher != NULL))
947 {
948 s->d1->handshake_fragment_len = 0;
949
950 if ((s->d1->handshake_fragment[1] != 0) ||
951 (s->d1->handshake_fragment[2] != 0) ||
952 (s->d1->handshake_fragment[3] != 0))
953 {
954 al=SSL_AD_DECODE_ERROR;
955 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
956 goto err;
957 }
958
959 /* no need to check sequence number on HELLO REQUEST messages */
960
961 if (s->msg_callback)
962 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
963 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
964
965 if (SSL_is_init_finished(s) &&
966 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
967 !s->s3->renegotiate)
968 {
969 ssl3_renegotiate(s);
970 if (ssl3_renegotiate_check(s))
971 {
972 i=s->handshake_func(s);
973 if (i < 0) return(i);
974 if (i == 0)
975 {
976 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
977 return(-1);
978 }
979
980 if (!(s->mode & SSL_MODE_AUTO_RETRY))
981 {
982 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
983 {
984 BIO *bio;
985 /* In the case where we try to read application data,
986 * but we trigger an SSL handshake, we return -1 with
987 * the retry option set. Otherwise renegotiation may
988 * cause nasty problems in the blocking world */
989 s->rwstate=SSL_READING;
990 bio=SSL_get_rbio(s);
991 BIO_clear_retry_flags(bio);
992 BIO_set_retry_read(bio);
993 return(-1);
994 }
995 }
996 }
997 }
998 /* we either finished a handshake or ignored the request,
999 * now try again to obtain the (application) data we were asked for */
1000 goto start;
1001 }
1002
1003 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
1004 {
1005 int alert_level = s->d1->alert_fragment[0];
1006 int alert_descr = s->d1->alert_fragment[1];
1007
1008 s->d1->alert_fragment_len = 0;
1009
1010 if (s->msg_callback)
1011 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1012 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
1013
1014 if (s->info_callback != NULL)
1015 cb=s->info_callback;
1016 else if (s->ctx->info_callback != NULL)
1017 cb=s->ctx->info_callback;
1018
1019 if (cb != NULL)
1020 {
1021 j = (alert_level << 8) | alert_descr;
1022 cb(s, SSL_CB_READ_ALERT, j);
1023 }
1024
1025 if (alert_level == 1) /* warning */
1026 {
1027 s->s3->warn_alert = alert_descr;
1028 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1029 {
1030 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1031 return(0);
1032 }
1033#if 0
1034 /* XXX: this is a possible improvement in the future */
1035 /* now check if it's a missing record */
1036 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1037 {
1038 unsigned short seq;
1039 unsigned int frag_off;
1040 unsigned char *p = &(s->d1->alert_fragment[2]);
1041
1042 n2s(p, seq);
1043 n2l3(p, frag_off);
1044
1045 dtls1_retransmit_message(s,
1046 dtls1_get_queue_priority(frag->msg_header.seq, 0),
1047 frag_off, &found);
1048 if ( ! found && SSL_in_init(s))
1049 {
1050 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
1051 /* requested a message not yet sent,
1052 send an alert ourselves */
1053 ssl3_send_alert(s,SSL3_AL_WARNING,
1054 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1055 }
1056 }
1057#endif
1058 }
1059 else if (alert_level == 2) /* fatal */
1060 {
1061 char tmp[16];
1062
1063 s->rwstate=SSL_NOTHING;
1064 s->s3->fatal_alert = alert_descr;
1065 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1066 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1067 ERR_add_error_data(2,"SSL alert number ",tmp);
1068 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1069 SSL_CTX_remove_session(s->ctx,s->session);
1070 return(0);
1071 }
1072 else
1073 {
1074 al=SSL_AD_ILLEGAL_PARAMETER;
1075 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1076 goto f_err;
1077 }
1078
1079 goto start;
1080 }
1081
1082 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1083 {
1084 s->rwstate=SSL_NOTHING;
1085 rr->length=0;
1086 return(0);
1087 }
1088
1089 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1090 {
1091 struct ccs_header_st ccs_hdr;
1092 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
1093
1094 dtls1_get_ccs_header(rr->data, &ccs_hdr);
1095
1096 if (s->version == DTLS1_BAD_VER)
1097 ccs_hdr_len = 3;
1098
1099 /* 'Change Cipher Spec' is just a single byte, so we know
1100 * exactly what the record payload has to look like */
1101 /* XDTLS: check that epoch is consistent */
1102 if ( (rr->length != ccs_hdr_len) ||
1103 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
1104 {
1105 i=SSL_AD_ILLEGAL_PARAMETER;
1106 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1107 goto err;
1108 }
1109
1110 rr->length=0;
1111
1112 if (s->msg_callback)
1113 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1114 rr->data, 1, s, s->msg_callback_arg);
1115
1116 /* We can't process a CCS now, because previous handshake
1117 * messages are still missing, so just drop it.
1118 */
1119 if (!s->d1->change_cipher_spec_ok)
1120 {
1121 goto start;
1122 }
1123
1124 s->d1->change_cipher_spec_ok = 0;
1125
1126 s->s3->change_cipher_spec=1;
1127 if (!ssl3_do_change_cipher_spec(s))
1128 goto err;
1129
1130 /* do this whenever CCS is processed */
1131 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1132
1133 if (s->version == DTLS1_BAD_VER)
1134 s->d1->handshake_read_seq++;
1135
1136 goto start;
1137 }
1138
1139 /* Unexpected handshake message (Client Hello, or protocol violation) */
1140 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1141 !s->in_handshake)
1142 {
1143 struct hm_header_st msg_hdr;
1144
1145 /* this may just be a stale retransmit */
1146 dtls1_get_message_header(rr->data, &msg_hdr);
1147 if( rr->epoch != s->d1->r_epoch)
1148 {
1149 rr->length = 0;
1150 goto start;
1151 }
1152
1153 /* If we are server, we may have a repeated FINISHED of the
1154 * client here, then retransmit our CCS and FINISHED.
1155 */
1156 if (msg_hdr.type == SSL3_MT_FINISHED)
1157 {
1158 dtls1_retransmit_buffered_messages(s);
1159 rr->length = 0;
1160 goto start;
1161 }
1162
1163 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1164 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1165 {
1166#if 0 /* worked only because C operator preferences are not as expected (and
1167 * because this is not really needed for clients except for detecting
1168 * protocol violations): */
1169 s->state=SSL_ST_BEFORE|(s->server)
1170 ?SSL_ST_ACCEPT
1171 :SSL_ST_CONNECT;
1172#else
1173 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1174#endif
1175 s->new_session=1;
1176 }
1177 i=s->handshake_func(s);
1178 if (i < 0) return(i);
1179 if (i == 0)
1180 {
1181 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1182 return(-1);
1183 }
1184
1185 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1186 {
1187 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1188 {
1189 BIO *bio;
1190 /* In the case where we try to read application data,
1191 * but we trigger an SSL handshake, we return -1 with
1192 * the retry option set. Otherwise renegotiation may
1193 * cause nasty problems in the blocking world */
1194 s->rwstate=SSL_READING;
1195 bio=SSL_get_rbio(s);
1196 BIO_clear_retry_flags(bio);
1197 BIO_set_retry_read(bio);
1198 return(-1);
1199 }
1200 }
1201 goto start;
1202 }
1203
1204 switch (rr->type)
1205 {
1206 default:
1207#ifndef OPENSSL_NO_TLS
1208 /* TLS just ignores unknown message types */
1209 if (s->version == TLS1_VERSION)
1210 {
1211 rr->length = 0;
1212 goto start;
1213 }
1214#endif
1215 al=SSL_AD_UNEXPECTED_MESSAGE;
1216 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1217 goto f_err;
1218 case SSL3_RT_CHANGE_CIPHER_SPEC:
1219 case SSL3_RT_ALERT:
1220 case SSL3_RT_HANDSHAKE:
1221 /* we already handled all of these, with the possible exception
1222 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1223 * should not happen when type != rr->type */
1224 al=SSL_AD_UNEXPECTED_MESSAGE;
1225 SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
1226 goto f_err;
1227 case SSL3_RT_APPLICATION_DATA:
1228 /* At this point, we were expecting handshake data,
1229 * but have application data. If the library was
1230 * running inside ssl3_read() (i.e. in_read_app_data
1231 * is set) and it makes sense to read application data
1232 * at this point (session renegotiation not yet started),
1233 * we will indulge it.
1234 */
1235 if (s->s3->in_read_app_data &&
1236 (s->s3->total_renegotiations != 0) &&
1237 ((
1238 (s->state & SSL_ST_CONNECT) &&
1239 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1240 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1241 ) || (
1242 (s->state & SSL_ST_ACCEPT) &&
1243 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1244 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1245 )
1246 ))
1247 {
1248 s->s3->in_read_app_data=2;
1249 return(-1);
1250 }
1251 else
1252 {
1253 al=SSL_AD_UNEXPECTED_MESSAGE;
1254 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1255 goto f_err;
1256 }
1257 }
1258 /* not reached */
1259
1260f_err:
1261 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1262err:
1263 return(-1);
1264 }
1265
1266int
1267dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1268 {
1269 int i;
1270
1271 if (SSL_in_init(s) && !s->in_handshake)
1272 {
1273 i=s->handshake_func(s);
1274 if (i < 0) return(i);
1275 if (i == 0)
1276 {
1277 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1278 return -1;
1279 }
1280 }
1281
1282 if (len > SSL3_RT_MAX_PLAIN_LENGTH)
1283 {
1284 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG);
1285 return -1;
1286 }
1287
1288 i = dtls1_write_bytes(s, type, buf_, len);
1289 return i;
1290 }
1291
1292
1293 /* this only happens when a client hello is received and a handshake
1294 * is started. */
1295static int
1296have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1297 int len, int peek)
1298 {
1299
1300 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1301 /* (partially) satisfy request from storage */
1302 {
1303 unsigned char *src = s->d1->handshake_fragment;
1304 unsigned char *dst = buf;
1305 unsigned int k,n;
1306
1307 /* peek == 0 */
1308 n = 0;
1309 while ((len > 0) && (s->d1->handshake_fragment_len > 0))
1310 {
1311 *dst++ = *src++;
1312 len--; s->d1->handshake_fragment_len--;
1313 n++;
1314 }
1315 /* move any remaining fragment bytes: */
1316 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1317 s->d1->handshake_fragment[k] = *src++;
1318 return n;
1319 }
1320
1321 return 0;
1322 }
1323
1324
1325
1326
1327/* Call this to write data in records of type 'type'
1328 * It will return <= 0 if not all data has been sent or non-blocking IO.
1329 */
1330int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1331 {
1332 int i;
1333
1334 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1335 s->rwstate=SSL_NOTHING;
1336 i=do_dtls1_write(s, type, buf, len, 0);
1337 return i;
1338 }
1339
1340int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1341 {
1342 unsigned char *p,*pseq;
1343 int i,mac_size,clear=0;
1344 int prefix_len = 0;
1345 SSL3_RECORD *wr;
1346 SSL3_BUFFER *wb;
1347 SSL_SESSION *sess;
1348 int bs;
1349
1350 /* first check if there is a SSL3_BUFFER still being written
1351 * out. This will happen with non blocking IO */
1352 if (s->s3->wbuf.left != 0)
1353 {
1354 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1355 return(ssl3_write_pending(s,type,buf,len));
1356 }
1357
1358 /* If we have an alert to send, lets send it */
1359 if (s->s3->alert_dispatch)
1360 {
1361 i=s->method->ssl_dispatch_alert(s);
1362 if (i <= 0)
1363 return(i);
1364 /* if it went, fall through and send more stuff */
1365 }
1366
1367 if (len == 0 && !create_empty_fragment)
1368 return 0;
1369
1370 wr= &(s->s3->wrec);
1371 wb= &(s->s3->wbuf);
1372 sess=s->session;
1373
1374 if ( (sess == NULL) ||
1375 (s->enc_write_ctx == NULL) ||
1376 (EVP_MD_CTX_md(s->write_hash) == NULL))
1377 clear=1;
1378
1379 if (clear)
1380 mac_size=0;
1381 else
1382 {
1383 mac_size=EVP_MD_CTX_size(s->write_hash);
1384 if (mac_size < 0)
1385 goto err;
1386 }
1387
1388 /* DTLS implements explicit IV, so no need for empty fragments */
1389#if 0
1390 /* 'create_empty_fragment' is true only when this function calls itself */
1391 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
1392 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
1393 {
1394 /* countermeasure against known-IV weakness in CBC ciphersuites
1395 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1396 */
1397
1398 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
1399 {
1400 /* recursive function call with 'create_empty_fragment' set;
1401 * this prepares and buffers the data for an empty fragment
1402 * (these 'prefix_len' bytes are sent out later
1403 * together with the actual payload) */
1404 prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
1405 if (prefix_len <= 0)
1406 goto err;
1407
1408 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
1409 {
1410 /* insufficient space */
1411 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1412 goto err;
1413 }
1414 }
1415
1416 s->s3->empty_fragment_done = 1;
1417 }
1418#endif
1419 p = wb->buf + prefix_len;
1420
1421 /* write the header */
1422
1423 *(p++)=type&0xff;
1424 wr->type=type;
1425
1426 *(p++)=(s->version>>8);
1427 *(p++)=s->version&0xff;
1428
1429 /* field where we are to write out packet epoch, seq num and len */
1430 pseq=p;
1431 p+=10;
1432
1433 /* lets setup the record stuff. */
1434
1435 /* Make space for the explicit IV in case of CBC.
1436 * (this is a bit of a boundary violation, but what the heck).
1437 */
1438 if ( s->enc_write_ctx &&
1439 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1440 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1441 else
1442 bs = 0;
1443
1444 wr->data=p + bs; /* make room for IV in case of CBC */
1445 wr->length=(int)len;
1446 wr->input=(unsigned char *)buf;
1447
1448 /* we now 'read' from wr->input, wr->length bytes into
1449 * wr->data */
1450
1451 /* first we compress */
1452 if (s->compress != NULL)
1453 {
1454 if (!ssl3_do_compress(s))
1455 {
1456 SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
1457 goto err;
1458 }
1459 }
1460 else
1461 {
1462 memcpy(wr->data,wr->input,wr->length);
1463 wr->input=wr->data;
1464 }
1465
1466 /* we should still have the output to wr->data and the input
1467 * from wr->input. Length should be wr->length.
1468 * wr->data still points in the wb->buf */
1469
1470 if (mac_size != 0)
1471 {
1472 if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1473 goto err;
1474 wr->length+=mac_size;
1475 }
1476
1477 /* this is true regardless of mac size */
1478 wr->input=p;
1479 wr->data=p;
1480
1481
1482 /* ssl3_enc can only have an error on read */
1483 if (bs) /* bs != 0 in case of CBC */
1484 {
1485 RAND_pseudo_bytes(p,bs);
1486 /* master IV and last CBC residue stand for
1487 * the rest of randomness */
1488 wr->length += bs;
1489 }
1490
1491 s->method->ssl3_enc->enc(s,1);
1492
1493 /* record length after mac and block padding */
1494/* if (type == SSL3_RT_APPLICATION_DATA ||
1495 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1496
1497 /* there's only one epoch between handshake and app data */
1498
1499 s2n(s->d1->w_epoch, pseq);
1500
1501 /* XDTLS: ?? */
1502/* else
1503 s2n(s->d1->handshake_epoch, pseq); */
1504
1505 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1506 pseq+=6;
1507 s2n(wr->length,pseq);
1508
1509 /* we should now have
1510 * wr->data pointing to the encrypted data, which is
1511 * wr->length long */
1512 wr->type=type; /* not needed but helps for debugging */
1513 wr->length+=DTLS1_RT_HEADER_LENGTH;
1514
1515#if 0 /* this is now done at the message layer */
1516 /* buffer the record, making it easy to handle retransmits */
1517 if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
1518 dtls1_buffer_record(s, wr->data, wr->length,
1519 *((PQ_64BIT *)&(s->s3->write_sequence[0])));
1520#endif
1521
1522 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1523
1524 if (create_empty_fragment)
1525 {
1526 /* we are in a recursive call;
1527 * just return the length, don't write out anything here
1528 */
1529 return wr->length;
1530 }
1531
1532 /* now let's set up wb */
1533 wb->left = prefix_len + wr->length;
1534 wb->offset = 0;
1535
1536 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1537 s->s3->wpend_tot=len;
1538 s->s3->wpend_buf=buf;
1539 s->s3->wpend_type=type;
1540 s->s3->wpend_ret=len;
1541
1542 /* we now just need to write the buffer */
1543 return ssl3_write_pending(s,type,buf,len);
1544err:
1545 return -1;
1546 }
1547
1548
1549
1550static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1551 {
1552 int cmp;
1553 unsigned int shift;
1554 const unsigned char *seq = s->s3->read_sequence;
1555
1556 cmp = satsub64be(seq,bitmap->max_seq_num);
1557 if (cmp > 0)
1558 {
1559 memcpy (s->s3->rrec.seq_num,seq,8);
1560 return 1; /* this record in new */
1561 }
1562 shift = -cmp;
1563 if (shift >= sizeof(bitmap->map)*8)
1564 return 0; /* stale, outside the window */
1565 else if (bitmap->map & (1UL<<shift))
1566 return 0; /* record previously received */
1567
1568 memcpy (s->s3->rrec.seq_num,seq,8);
1569 return 1;
1570 }
1571
1572
1573static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1574 {
1575 int cmp;
1576 unsigned int shift;
1577 const unsigned char *seq = s->s3->read_sequence;
1578
1579 cmp = satsub64be(seq,bitmap->max_seq_num);
1580 if (cmp > 0)
1581 {
1582 shift = cmp;
1583 if (shift < sizeof(bitmap->map)*8)
1584 bitmap->map <<= shift, bitmap->map |= 1UL;
1585 else
1586 bitmap->map = 1UL;
1587 memcpy(bitmap->max_seq_num,seq,8);
1588 }
1589 else {
1590 shift = -cmp;
1591 if (shift < sizeof(bitmap->map)*8)
1592 bitmap->map |= 1UL<<shift;
1593 }
1594 }
1595
1596
1597int dtls1_dispatch_alert(SSL *s)
1598 {
1599 int i,j;
1600 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1601 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1602 unsigned char *ptr = &buf[0];
1603
1604 s->s3->alert_dispatch=0;
1605
1606 memset(buf, 0x00, sizeof(buf));
1607 *ptr++ = s->s3->send_alert[0];
1608 *ptr++ = s->s3->send_alert[1];
1609
1610#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1611 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1612 {
1613 s2n(s->d1->handshake_read_seq, ptr);
1614#if 0
1615 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
1616
1617 else
1618 s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
1619#endif
1620
1621#if 0
1622 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
1623#endif
1624 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1625 }
1626#endif
1627
1628 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1629 if (i <= 0)
1630 {
1631 s->s3->alert_dispatch=1;
1632 /* fprintf( stderr, "not done with alert\n" ); */
1633 }
1634 else
1635 {
1636 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1637#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1638 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1639#endif
1640 )
1641 (void)BIO_flush(s->wbio);
1642
1643 if (s->msg_callback)
1644 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
1645 2, s, s->msg_callback_arg);
1646
1647 if (s->info_callback != NULL)
1648 cb=s->info_callback;
1649 else if (s->ctx->info_callback != NULL)
1650 cb=s->ctx->info_callback;
1651
1652 if (cb != NULL)
1653 {
1654 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1655 cb(s,SSL_CB_WRITE_ALERT,j);
1656 }
1657 }
1658 return(i);
1659 }
1660
1661
1662static DTLS1_BITMAP *
1663dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1664 {
1665
1666 *is_next_epoch = 0;
1667
1668 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1669 if (rr->epoch == s->d1->r_epoch)
1670 return &s->d1->bitmap;
1671
1672 /* Only HM and ALERT messages can be from the next epoch */
1673 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1674 (rr->type == SSL3_RT_HANDSHAKE ||
1675 rr->type == SSL3_RT_ALERT))
1676 {
1677 *is_next_epoch = 1;
1678 return &s->d1->next_bitmap;
1679 }
1680
1681 return NULL;
1682 }
1683
1684#if 0
1685static int
1686dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
1687 unsigned long *offset)
1688 {
1689
1690 /* alerts are passed up immediately */
1691 if ( rr->type == SSL3_RT_APPLICATION_DATA ||
1692 rr->type == SSL3_RT_ALERT)
1693 return 0;
1694
1695 /* Only need to buffer if a handshake is underway.
1696 * (this implies that Hello Request and Client Hello are passed up
1697 * immediately) */
1698 if ( SSL_in_init(s))
1699 {
1700 unsigned char *data = rr->data;
1701 /* need to extract the HM/CCS sequence number here */
1702 if ( rr->type == SSL3_RT_HANDSHAKE ||
1703 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1704 {
1705 unsigned short seq_num;
1706 struct hm_header_st msg_hdr;
1707 struct ccs_header_st ccs_hdr;
1708
1709 if ( rr->type == SSL3_RT_HANDSHAKE)
1710 {
1711 dtls1_get_message_header(data, &msg_hdr);
1712 seq_num = msg_hdr.seq;
1713 *offset = msg_hdr.frag_off;
1714 }
1715 else
1716 {
1717 dtls1_get_ccs_header(data, &ccs_hdr);
1718 seq_num = ccs_hdr.seq;
1719 *offset = 0;
1720 }
1721
1722 /* this is either a record we're waiting for, or a
1723 * retransmit of something we happened to previously
1724 * receive (higher layers will drop the repeat silently */
1725 if ( seq_num < s->d1->handshake_read_seq)
1726 return 0;
1727 if (rr->type == SSL3_RT_HANDSHAKE &&
1728 seq_num == s->d1->handshake_read_seq &&
1729 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
1730 return 0;
1731 else if ( seq_num == s->d1->handshake_read_seq &&
1732 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
1733 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
1734 return 0;
1735 else
1736 {
1737 *priority = seq_num;
1738 return 1;
1739 }
1740 }
1741 else /* unknown record type */
1742 return 0;
1743 }
1744
1745 return 0;
1746 }
1747#endif
1748
1749void
1750dtls1_reset_seq_numbers(SSL *s, int rw)
1751 {
1752 unsigned char *seq;
1753 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1754
1755 if ( rw & SSL3_CC_READ)
1756 {
1757 seq = s->s3->read_sequence;
1758 s->d1->r_epoch++;
1759 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1760 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1761 }
1762 else
1763 {
1764 seq = s->s3->write_sequence;
1765 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1766 s->d1->w_epoch++;
1767 }
1768
1769 memset(seq, 0x00, seq_bytes);
1770 }
1771
1772
1773static void
1774dtls1_clear_timeouts(SSL *s)
1775 {
1776 memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
1777 }
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
deleted file mode 100644
index 149983be30..0000000000
--- a/src/lib/libssl/d1_srvr.c
+++ /dev/null
@@ -1,1563 +0,0 @@
1/* ssl/d1_srvr.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#include <openssl/buffer.h>
119#include <openssl/rand.h>
120#include <openssl/objects.h>
121#include <openssl/evp.h>
122#include <openssl/x509.h>
123#include <openssl/md5.h>
124#include <openssl/bn.h>
125#ifndef OPENSSL_NO_DH
126#include <openssl/dh.h>
127#endif
128
129static const SSL_METHOD *dtls1_get_server_method(int ver);
130static int dtls1_send_hello_verify_request(SSL *s);
131
132static const SSL_METHOD *dtls1_get_server_method(int ver)
133 {
134 if (ver == DTLS1_VERSION)
135 return(DTLSv1_server_method());
136 else
137 return(NULL);
138 }
139
140IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
141 dtls1_accept,
142 ssl_undefined_function,
143 dtls1_get_server_method)
144
145int dtls1_accept(SSL *s)
146 {
147 BUF_MEM *buf;
148 unsigned long Time=(unsigned long)time(NULL);
149 void (*cb)(const SSL *ssl,int type,int val)=NULL;
150 unsigned long alg_k;
151 int ret= -1;
152 int new_state,state,skip=0;
153 int listen;
154
155 RAND_add(&Time,sizeof(Time),0);
156 ERR_clear_error();
157 clear_sys_error();
158
159 if (s->info_callback != NULL)
160 cb=s->info_callback;
161 else if (s->ctx->info_callback != NULL)
162 cb=s->ctx->info_callback;
163
164 listen = s->d1->listen;
165
166 /* init things to blank */
167 s->in_handshake++;
168 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
169
170 s->d1->listen = listen;
171
172 if (s->cert == NULL)
173 {
174 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
175 return(-1);
176 }
177
178 for (;;)
179 {
180 state=s->state;
181
182 switch (s->state)
183 {
184 case SSL_ST_RENEGOTIATE:
185 s->new_session=1;
186 /* s->state=SSL_ST_ACCEPT; */
187
188 case SSL_ST_BEFORE:
189 case SSL_ST_ACCEPT:
190 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
191 case SSL_ST_OK|SSL_ST_ACCEPT:
192
193 s->server=1;
194 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
195
196 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
197 {
198 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
199 return -1;
200 }
201 s->type=SSL_ST_ACCEPT;
202
203 if (s->init_buf == NULL)
204 {
205 if ((buf=BUF_MEM_new()) == NULL)
206 {
207 ret= -1;
208 goto end;
209 }
210 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
211 {
212 ret= -1;
213 goto end;
214 }
215 s->init_buf=buf;
216 }
217
218 if (!ssl3_setup_buffers(s))
219 {
220 ret= -1;
221 goto end;
222 }
223
224 s->init_num=0;
225
226 if (s->state != SSL_ST_RENEGOTIATE)
227 {
228 /* Ok, we now need to push on a buffering BIO so that
229 * the output is sent in a way that TCP likes :-)
230 */
231 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
232
233 ssl3_init_finished_mac(s);
234 s->state=SSL3_ST_SR_CLNT_HELLO_A;
235 s->ctx->stats.sess_accept++;
236 }
237 else
238 {
239 /* s->state == SSL_ST_RENEGOTIATE,
240 * we will just send a HelloRequest */
241 s->ctx->stats.sess_accept_renegotiate++;
242 s->state=SSL3_ST_SW_HELLO_REQ_A;
243 }
244
245 break;
246
247 case SSL3_ST_SW_HELLO_REQ_A:
248 case SSL3_ST_SW_HELLO_REQ_B:
249
250 s->shutdown=0;
251 dtls1_start_timer(s);
252 ret=dtls1_send_hello_request(s);
253 if (ret <= 0) goto end;
254 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
255 s->state=SSL3_ST_SW_FLUSH;
256 s->init_num=0;
257
258 ssl3_init_finished_mac(s);
259 break;
260
261 case SSL3_ST_SW_HELLO_REQ_C:
262 s->state=SSL_ST_OK;
263 break;
264
265 case SSL3_ST_SR_CLNT_HELLO_A:
266 case SSL3_ST_SR_CLNT_HELLO_B:
267 case SSL3_ST_SR_CLNT_HELLO_C:
268
269 s->shutdown=0;
270 ret=ssl3_get_client_hello(s);
271 if (ret <= 0) goto end;
272 dtls1_stop_timer(s);
273
274 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
275 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
276 else
277 s->state = SSL3_ST_SW_SRVR_HELLO_A;
278
279 s->init_num=0;
280
281 /* Reflect ClientHello sequence to remain stateless while listening */
282 if (listen)
283 {
284 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
285 }
286
287 /* If we're just listening, stop here */
288 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
289 {
290 ret = 2;
291 s->d1->listen = 0;
292 /* Set expected sequence numbers
293 * to continue the handshake.
294 */
295 s->d1->handshake_read_seq = 2;
296 s->d1->handshake_write_seq = 1;
297 s->d1->next_handshake_write_seq = 1;
298 goto end;
299 }
300
301 break;
302
303 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
304 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
305
306 ret = dtls1_send_hello_verify_request(s);
307 if ( ret <= 0) goto end;
308 s->state=SSL3_ST_SW_FLUSH;
309 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
310
311 /* HelloVerifyRequest resets Finished MAC */
312 if (s->version != DTLS1_BAD_VER)
313 ssl3_init_finished_mac(s);
314 break;
315
316 case SSL3_ST_SW_SRVR_HELLO_A:
317 case SSL3_ST_SW_SRVR_HELLO_B:
318 s->new_session = 2;
319 dtls1_start_timer(s);
320 ret=dtls1_send_server_hello(s);
321 if (ret <= 0) goto end;
322
323#ifndef OPENSSL_NO_TLSEXT
324 if (s->hit)
325 {
326 if (s->tlsext_ticket_expected)
327 s->state=SSL3_ST_SW_SESSION_TICKET_A;
328 else
329 s->state=SSL3_ST_SW_CHANGE_A;
330 }
331#else
332 if (s->hit)
333 s->state=SSL3_ST_SW_CHANGE_A;
334#endif
335 else
336 s->state=SSL3_ST_SW_CERT_A;
337 s->init_num=0;
338 break;
339
340 case SSL3_ST_SW_CERT_A:
341 case SSL3_ST_SW_CERT_B:
342 /* Check if it is anon DH or normal PSK */
343 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
344 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
345 {
346 dtls1_start_timer(s);
347 ret=dtls1_send_server_certificate(s);
348 if (ret <= 0) goto end;
349#ifndef OPENSSL_NO_TLSEXT
350 if (s->tlsext_status_expected)
351 s->state=SSL3_ST_SW_CERT_STATUS_A;
352 else
353 s->state=SSL3_ST_SW_KEY_EXCH_A;
354 }
355 else
356 {
357 skip = 1;
358 s->state=SSL3_ST_SW_KEY_EXCH_A;
359 }
360#else
361 }
362 else
363 skip=1;
364
365 s->state=SSL3_ST_SW_KEY_EXCH_A;
366#endif
367 s->init_num=0;
368 break;
369
370 case SSL3_ST_SW_KEY_EXCH_A:
371 case SSL3_ST_SW_KEY_EXCH_B:
372 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
373
374 /* clear this, it may get reset by
375 * send_server_key_exchange */
376 if ((s->options & SSL_OP_EPHEMERAL_RSA)
377#ifndef OPENSSL_NO_KRB5
378 && !(alg_k & SSL_kKRB5)
379#endif /* OPENSSL_NO_KRB5 */
380 )
381 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
382 * even when forbidden by protocol specs
383 * (handshake may fail as clients are not required to
384 * be able to handle this) */
385 s->s3->tmp.use_rsa_tmp=1;
386 else
387 s->s3->tmp.use_rsa_tmp=0;
388
389 /* only send if a DH key exchange or
390 * RSA but we have a sign only certificate */
391 if (s->s3->tmp.use_rsa_tmp
392 /* PSK: send ServerKeyExchange if PSK identity
393 * hint if provided */
394#ifndef OPENSSL_NO_PSK
395 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
396#endif
397 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
398 || (alg_k & SSL_kEECDH)
399 || ((alg_k & SSL_kRSA)
400 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
401 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
402 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
403 )
404 )
405 )
406 )
407 {
408 dtls1_start_timer(s);
409 ret=dtls1_send_server_key_exchange(s);
410 if (ret <= 0) goto end;
411 }
412 else
413 skip=1;
414
415 s->state=SSL3_ST_SW_CERT_REQ_A;
416 s->init_num=0;
417 break;
418
419 case SSL3_ST_SW_CERT_REQ_A:
420 case SSL3_ST_SW_CERT_REQ_B:
421 if (/* don't request cert unless asked for it: */
422 !(s->verify_mode & SSL_VERIFY_PEER) ||
423 /* if SSL_VERIFY_CLIENT_ONCE is set,
424 * don't request cert during re-negotiation: */
425 ((s->session->peer != NULL) &&
426 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
427 /* never request cert in anonymous ciphersuites
428 * (see section "Certificate request" in SSL 3 drafts
429 * and in RFC 2246): */
430 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
431 /* ... except when the application insists on verification
432 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
433 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
434 /* never request cert in Kerberos ciphersuites */
435 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
436 /* With normal PSK Certificates and
437 * Certificate Requests are omitted */
438 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
439 {
440 /* no cert request */
441 skip=1;
442 s->s3->tmp.cert_request=0;
443 s->state=SSL3_ST_SW_SRVR_DONE_A;
444 }
445 else
446 {
447 s->s3->tmp.cert_request=1;
448 dtls1_start_timer(s);
449 ret=dtls1_send_certificate_request(s);
450 if (ret <= 0) goto end;
451#ifndef NETSCAPE_HANG_BUG
452 s->state=SSL3_ST_SW_SRVR_DONE_A;
453#else
454 s->state=SSL3_ST_SW_FLUSH;
455 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
456#endif
457 s->init_num=0;
458 }
459 break;
460
461 case SSL3_ST_SW_SRVR_DONE_A:
462 case SSL3_ST_SW_SRVR_DONE_B:
463 dtls1_start_timer(s);
464 ret=dtls1_send_server_done(s);
465 if (ret <= 0) goto end;
466 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
467 s->state=SSL3_ST_SW_FLUSH;
468 s->init_num=0;
469 break;
470
471 case SSL3_ST_SW_FLUSH:
472 s->rwstate=SSL_WRITING;
473 if (BIO_flush(s->wbio) <= 0)
474 {
475 ret= -1;
476 goto end;
477 }
478 s->rwstate=SSL_NOTHING;
479 s->state=s->s3->tmp.next_state;
480 break;
481
482 case SSL3_ST_SR_CERT_A:
483 case SSL3_ST_SR_CERT_B:
484 /* Check for second client hello (MS SGC) */
485 ret = ssl3_check_client_hello(s);
486 if (ret <= 0)
487 goto end;
488 dtls1_stop_timer(s);
489 if (ret == 2)
490 s->state = SSL3_ST_SR_CLNT_HELLO_C;
491 else {
492 /* could be sent for a DH cert, even if we
493 * have not asked for it :-) */
494 ret=ssl3_get_client_certificate(s);
495 if (ret <= 0) goto end;
496 dtls1_stop_timer(s);
497 s->init_num=0;
498 s->state=SSL3_ST_SR_KEY_EXCH_A;
499 }
500 break;
501
502 case SSL3_ST_SR_KEY_EXCH_A:
503 case SSL3_ST_SR_KEY_EXCH_B:
504 ret=ssl3_get_client_key_exchange(s);
505 if (ret <= 0) goto end;
506 dtls1_stop_timer(s);
507 s->state=SSL3_ST_SR_CERT_VRFY_A;
508 s->init_num=0;
509
510 if (ret == 2)
511 {
512 /* For the ECDH ciphersuites when
513 * the client sends its ECDH pub key in
514 * a certificate, the CertificateVerify
515 * message is not sent.
516 */
517 s->state=SSL3_ST_SR_FINISHED_A;
518 s->init_num = 0;
519 }
520 else
521 {
522 s->state=SSL3_ST_SR_CERT_VRFY_A;
523 s->init_num=0;
524
525 /* We need to get hashes here so if there is
526 * a client cert, it can be verified */
527 s->method->ssl3_enc->cert_verify_mac(s,
528 NID_md5,
529 &(s->s3->tmp.cert_verify_md[0]));
530 s->method->ssl3_enc->cert_verify_mac(s,
531 NID_sha1,
532 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
533 }
534 break;
535
536 case SSL3_ST_SR_CERT_VRFY_A:
537 case SSL3_ST_SR_CERT_VRFY_B:
538
539 s->d1->change_cipher_spec_ok = 1;
540 /* we should decide if we expected this one */
541 ret=ssl3_get_cert_verify(s);
542 if (ret <= 0) goto end;
543 dtls1_stop_timer(s);
544
545 s->state=SSL3_ST_SR_FINISHED_A;
546 s->init_num=0;
547 break;
548
549 case SSL3_ST_SR_FINISHED_A:
550 case SSL3_ST_SR_FINISHED_B:
551 s->d1->change_cipher_spec_ok = 1;
552 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
553 SSL3_ST_SR_FINISHED_B);
554 if (ret <= 0) goto end;
555 dtls1_stop_timer(s);
556 if (s->hit)
557 s->state=SSL_ST_OK;
558#ifndef OPENSSL_NO_TLSEXT
559 else if (s->tlsext_ticket_expected)
560 s->state=SSL3_ST_SW_SESSION_TICKET_A;
561#endif
562 else
563 s->state=SSL3_ST_SW_CHANGE_A;
564 s->init_num=0;
565 break;
566
567#ifndef OPENSSL_NO_TLSEXT
568 case SSL3_ST_SW_SESSION_TICKET_A:
569 case SSL3_ST_SW_SESSION_TICKET_B:
570 ret=dtls1_send_newsession_ticket(s);
571 if (ret <= 0) goto end;
572 s->state=SSL3_ST_SW_CHANGE_A;
573 s->init_num=0;
574 break;
575
576 case SSL3_ST_SW_CERT_STATUS_A:
577 case SSL3_ST_SW_CERT_STATUS_B:
578 ret=ssl3_send_cert_status(s);
579 if (ret <= 0) goto end;
580 s->state=SSL3_ST_SW_KEY_EXCH_A;
581 s->init_num=0;
582 break;
583
584#endif
585
586 case SSL3_ST_SW_CHANGE_A:
587 case SSL3_ST_SW_CHANGE_B:
588
589 s->session->cipher=s->s3->tmp.new_cipher;
590 if (!s->method->ssl3_enc->setup_key_block(s))
591 { ret= -1; goto end; }
592
593 ret=dtls1_send_change_cipher_spec(s,
594 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
595
596 if (ret <= 0) goto end;
597 s->state=SSL3_ST_SW_FINISHED_A;
598 s->init_num=0;
599
600 if (!s->method->ssl3_enc->change_cipher_state(s,
601 SSL3_CHANGE_CIPHER_SERVER_WRITE))
602 {
603 ret= -1;
604 goto end;
605 }
606
607 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
608 break;
609
610 case SSL3_ST_SW_FINISHED_A:
611 case SSL3_ST_SW_FINISHED_B:
612 ret=dtls1_send_finished(s,
613 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
614 s->method->ssl3_enc->server_finished_label,
615 s->method->ssl3_enc->server_finished_label_len);
616 if (ret <= 0) goto end;
617 s->state=SSL3_ST_SW_FLUSH;
618 if (s->hit)
619 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
620 else
621 s->s3->tmp.next_state=SSL_ST_OK;
622 s->init_num=0;
623 break;
624
625 case SSL_ST_OK:
626 /* clean a few things up */
627 ssl3_cleanup_key_block(s);
628
629#if 0
630 BUF_MEM_free(s->init_buf);
631 s->init_buf=NULL;
632#endif
633
634 /* remove buffering on output */
635 ssl_free_wbio_buffer(s);
636
637 s->init_num=0;
638
639 if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
640 {
641 /* actually not necessarily a 'new' session unless
642 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
643
644 s->new_session=0;
645
646 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
647
648 s->ctx->stats.sess_accept_good++;
649 /* s->server=1; */
650 s->handshake_func=dtls1_accept;
651
652 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
653 }
654
655 ret = 1;
656
657 /* done handshaking, next message is client hello */
658 s->d1->handshake_read_seq = 0;
659 /* next message is server hello */
660 s->d1->handshake_write_seq = 0;
661 s->d1->next_handshake_write_seq = 0;
662 goto end;
663 /* break; */
664
665 default:
666 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
667 ret= -1;
668 goto end;
669 /* break; */
670 }
671
672 if (!s->s3->tmp.reuse_message && !skip)
673 {
674 if (s->debug)
675 {
676 if ((ret=BIO_flush(s->wbio)) <= 0)
677 goto end;
678 }
679
680
681 if ((cb != NULL) && (s->state != state))
682 {
683 new_state=s->state;
684 s->state=state;
685 cb(s,SSL_CB_ACCEPT_LOOP,1);
686 s->state=new_state;
687 }
688 }
689 skip=0;
690 }
691end:
692 /* BIO_flush(s->wbio); */
693
694 s->in_handshake--;
695 if (cb != NULL)
696 cb(s,SSL_CB_ACCEPT_EXIT,ret);
697 return(ret);
698 }
699
700int dtls1_send_hello_request(SSL *s)
701 {
702 unsigned char *p;
703
704 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
705 {
706 p=(unsigned char *)s->init_buf->data;
707 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
708
709 s->state=SSL3_ST_SW_HELLO_REQ_B;
710 /* number of bytes to write */
711 s->init_num=DTLS1_HM_HEADER_LENGTH;
712 s->init_off=0;
713
714 /* no need to buffer this message, since there are no retransmit
715 * requests for it */
716 }
717
718 /* SSL3_ST_SW_HELLO_REQ_B */
719 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
720 }
721
722int dtls1_send_hello_verify_request(SSL *s)
723 {
724 unsigned int msg_len;
725 unsigned char *msg, *buf, *p;
726
727 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
728 {
729 buf = (unsigned char *)s->init_buf->data;
730
731 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
732 *(p++) = s->version >> 8;
733 *(p++) = s->version & 0xFF;
734
735 if (s->ctx->app_gen_cookie_cb == NULL ||
736 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
737 &(s->d1->cookie_len)) == 0)
738 {
739 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
740 return 0;
741 }
742
743 *(p++) = (unsigned char) s->d1->cookie_len;
744 memcpy(p, s->d1->cookie, s->d1->cookie_len);
745 p += s->d1->cookie_len;
746 msg_len = p - msg;
747
748 dtls1_set_message_header(s, buf,
749 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
750
751 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
752 /* number of bytes to write */
753 s->init_num=p-buf;
754 s->init_off=0;
755 }
756
757 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
758 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
759 }
760
761int dtls1_send_server_hello(SSL *s)
762 {
763 unsigned char *buf;
764 unsigned char *p,*d;
765 int i;
766 unsigned int sl;
767 unsigned long l,Time;
768
769 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
770 {
771 buf=(unsigned char *)s->init_buf->data;
772 p=s->s3->server_random;
773 Time=(unsigned long)time(NULL); /* Time */
774 l2n(Time,p);
775 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
776 /* Do the message type and length last */
777 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
778
779 *(p++)=s->version>>8;
780 *(p++)=s->version&0xff;
781
782 /* Random stuff */
783 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
784 p+=SSL3_RANDOM_SIZE;
785
786 /* now in theory we have 3 options to sending back the
787 * session id. If it is a re-use, we send back the
788 * old session-id, if it is a new session, we send
789 * back the new session-id or we send back a 0 length
790 * session-id if we want it to be single use.
791 * Currently I will not implement the '0' length session-id
792 * 12-Jan-98 - I'll now support the '0' length stuff.
793 */
794 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
795 s->session->session_id_length=0;
796
797 sl=s->session->session_id_length;
798 if (sl > sizeof s->session->session_id)
799 {
800 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
801 return -1;
802 }
803 *(p++)=sl;
804 memcpy(p,s->session->session_id,sl);
805 p+=sl;
806
807 /* put the cipher */
808 if (s->s3->tmp.new_cipher == NULL)
809 return -1;
810 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
811 p+=i;
812
813 /* put the compression method */
814#ifdef OPENSSL_NO_COMP
815 *(p++)=0;
816#else
817 if (s->s3->tmp.new_compression == NULL)
818 *(p++)=0;
819 else
820 *(p++)=s->s3->tmp.new_compression->id;
821#endif
822
823#ifndef OPENSSL_NO_TLSEXT
824 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
825 {
826 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
827 return -1;
828 }
829#endif
830
831 /* do the header */
832 l=(p-d);
833 d=buf;
834
835 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
836
837 s->state=SSL3_ST_SW_SRVR_HELLO_B;
838 /* number of bytes to write */
839 s->init_num=p-buf;
840 s->init_off=0;
841
842 /* buffer the message to handle re-xmits */
843 dtls1_buffer_message(s, 0);
844 }
845
846 /* SSL3_ST_SW_SRVR_HELLO_B */
847 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
848 }
849
850int dtls1_send_server_done(SSL *s)
851 {
852 unsigned char *p;
853
854 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
855 {
856 p=(unsigned char *)s->init_buf->data;
857
858 /* do the header */
859 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
860
861 s->state=SSL3_ST_SW_SRVR_DONE_B;
862 /* number of bytes to write */
863 s->init_num=DTLS1_HM_HEADER_LENGTH;
864 s->init_off=0;
865
866 /* buffer the message to handle re-xmits */
867 dtls1_buffer_message(s, 0);
868 }
869
870 /* SSL3_ST_SW_SRVR_DONE_B */
871 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
872 }
873
874int dtls1_send_server_key_exchange(SSL *s)
875 {
876#ifndef OPENSSL_NO_RSA
877 unsigned char *q;
878 int j,num;
879 RSA *rsa;
880 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
881 unsigned int u;
882#endif
883#ifndef OPENSSL_NO_DH
884 DH *dh=NULL,*dhp;
885#endif
886#ifndef OPENSSL_NO_ECDH
887 EC_KEY *ecdh=NULL, *ecdhp;
888 unsigned char *encodedPoint = NULL;
889 int encodedlen = 0;
890 int curve_id = 0;
891 BN_CTX *bn_ctx = NULL;
892#endif
893 EVP_PKEY *pkey;
894 unsigned char *p,*d;
895 int al,i;
896 unsigned long type;
897 int n;
898 CERT *cert;
899 BIGNUM *r[4];
900 int nr[4],kn;
901 BUF_MEM *buf;
902 EVP_MD_CTX md_ctx;
903
904 EVP_MD_CTX_init(&md_ctx);
905 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
906 {
907 type=s->s3->tmp.new_cipher->algorithm_mkey;
908 cert=s->cert;
909
910 buf=s->init_buf;
911
912 r[0]=r[1]=r[2]=r[3]=NULL;
913 n=0;
914#ifndef OPENSSL_NO_RSA
915 if (type & SSL_kRSA)
916 {
917 rsa=cert->rsa_tmp;
918 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
919 {
920 rsa=s->cert->rsa_tmp_cb(s,
921 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
922 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
923 if(rsa == NULL)
924 {
925 al=SSL_AD_HANDSHAKE_FAILURE;
926 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
927 goto f_err;
928 }
929 RSA_up_ref(rsa);
930 cert->rsa_tmp=rsa;
931 }
932 if (rsa == NULL)
933 {
934 al=SSL_AD_HANDSHAKE_FAILURE;
935 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
936 goto f_err;
937 }
938 r[0]=rsa->n;
939 r[1]=rsa->e;
940 s->s3->tmp.use_rsa_tmp=1;
941 }
942 else
943#endif
944#ifndef OPENSSL_NO_DH
945 if (type & SSL_kEDH)
946 {
947 dhp=cert->dh_tmp;
948 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
949 dhp=s->cert->dh_tmp_cb(s,
950 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
951 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
952 if (dhp == NULL)
953 {
954 al=SSL_AD_HANDSHAKE_FAILURE;
955 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
956 goto f_err;
957 }
958
959 if (s->s3->tmp.dh != NULL)
960 {
961 DH_free(dh);
962 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
963 goto err;
964 }
965
966 if ((dh=DHparams_dup(dhp)) == NULL)
967 {
968 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
969 goto err;
970 }
971
972 s->s3->tmp.dh=dh;
973 if ((dhp->pub_key == NULL ||
974 dhp->priv_key == NULL ||
975 (s->options & SSL_OP_SINGLE_DH_USE)))
976 {
977 if(!DH_generate_key(dh))
978 {
979 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
980 ERR_R_DH_LIB);
981 goto err;
982 }
983 }
984 else
985 {
986 dh->pub_key=BN_dup(dhp->pub_key);
987 dh->priv_key=BN_dup(dhp->priv_key);
988 if ((dh->pub_key == NULL) ||
989 (dh->priv_key == NULL))
990 {
991 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
992 goto err;
993 }
994 }
995 r[0]=dh->p;
996 r[1]=dh->g;
997 r[2]=dh->pub_key;
998 }
999 else
1000#endif
1001#ifndef OPENSSL_NO_ECDH
1002 if (type & SSL_kEECDH)
1003 {
1004 const EC_GROUP *group;
1005
1006 ecdhp=cert->ecdh_tmp;
1007 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
1008 {
1009 ecdhp=s->cert->ecdh_tmp_cb(s,
1010 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1011 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1012 }
1013 if (ecdhp == NULL)
1014 {
1015 al=SSL_AD_HANDSHAKE_FAILURE;
1016 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1017 goto f_err;
1018 }
1019
1020 if (s->s3->tmp.ecdh != NULL)
1021 {
1022 EC_KEY_free(s->s3->tmp.ecdh);
1023 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1024 goto err;
1025 }
1026
1027 /* Duplicate the ECDH structure. */
1028 if (ecdhp == NULL)
1029 {
1030 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1031 goto err;
1032 }
1033 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1034 {
1035 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1036 goto err;
1037 }
1038
1039 s->s3->tmp.ecdh=ecdh;
1040 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1041 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1042 (s->options & SSL_OP_SINGLE_ECDH_USE))
1043 {
1044 if(!EC_KEY_generate_key(ecdh))
1045 {
1046 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1047 goto err;
1048 }
1049 }
1050
1051 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1052 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1053 (EC_KEY_get0_private_key(ecdh) == NULL))
1054 {
1055 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1056 goto err;
1057 }
1058
1059 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1060 (EC_GROUP_get_degree(group) > 163))
1061 {
1062 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1063 goto err;
1064 }
1065
1066 /* XXX: For now, we only support ephemeral ECDH
1067 * keys over named (not generic) curves. For
1068 * supported named curves, curve_id is non-zero.
1069 */
1070 if ((curve_id =
1071 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1072 == 0)
1073 {
1074 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1075 goto err;
1076 }
1077
1078 /* Encode the public key.
1079 * First check the size of encoding and
1080 * allocate memory accordingly.
1081 */
1082 encodedlen = EC_POINT_point2oct(group,
1083 EC_KEY_get0_public_key(ecdh),
1084 POINT_CONVERSION_UNCOMPRESSED,
1085 NULL, 0, NULL);
1086
1087 encodedPoint = (unsigned char *)
1088 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1089 bn_ctx = BN_CTX_new();
1090 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1091 {
1092 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1093 goto err;
1094 }
1095
1096
1097 encodedlen = EC_POINT_point2oct(group,
1098 EC_KEY_get0_public_key(ecdh),
1099 POINT_CONVERSION_UNCOMPRESSED,
1100 encodedPoint, encodedlen, bn_ctx);
1101
1102 if (encodedlen == 0)
1103 {
1104 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1105 goto err;
1106 }
1107
1108 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1109
1110 /* XXX: For now, we only support named (not
1111 * generic) curves in ECDH ephemeral key exchanges.
1112 * In this situation, we need four additional bytes
1113 * to encode the entire ServerECDHParams
1114 * structure.
1115 */
1116 n = 4 + encodedlen;
1117
1118 /* We'll generate the serverKeyExchange message
1119 * explicitly so we can set these to NULLs
1120 */
1121 r[0]=NULL;
1122 r[1]=NULL;
1123 r[2]=NULL;
1124 r[3]=NULL;
1125 }
1126 else
1127#endif /* !OPENSSL_NO_ECDH */
1128#ifndef OPENSSL_NO_PSK
1129 if (type & SSL_kPSK)
1130 {
1131 /* reserve size for record length and PSK identity hint*/
1132 n+=2+strlen(s->ctx->psk_identity_hint);
1133 }
1134 else
1135#endif /* !OPENSSL_NO_PSK */
1136 {
1137 al=SSL_AD_HANDSHAKE_FAILURE;
1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1139 goto f_err;
1140 }
1141 for (i=0; r[i] != NULL; i++)
1142 {
1143 nr[i]=BN_num_bytes(r[i]);
1144 n+=2+nr[i];
1145 }
1146
1147 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1148 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1149 {
1150 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
1151 == NULL)
1152 {
1153 al=SSL_AD_DECODE_ERROR;
1154 goto f_err;
1155 }
1156 kn=EVP_PKEY_size(pkey);
1157 }
1158 else
1159 {
1160 pkey=NULL;
1161 kn=0;
1162 }
1163
1164 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
1165 {
1166 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1167 goto err;
1168 }
1169 d=(unsigned char *)s->init_buf->data;
1170 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1171
1172 for (i=0; r[i] != NULL; i++)
1173 {
1174 s2n(nr[i],p);
1175 BN_bn2bin(r[i],p);
1176 p+=nr[i];
1177 }
1178
1179#ifndef OPENSSL_NO_ECDH
1180 if (type & SSL_kEECDH)
1181 {
1182 /* XXX: For now, we only support named (not generic) curves.
1183 * In this situation, the serverKeyExchange message has:
1184 * [1 byte CurveType], [2 byte CurveName]
1185 * [1 byte length of encoded point], followed by
1186 * the actual encoded point itself
1187 */
1188 *p = NAMED_CURVE_TYPE;
1189 p += 1;
1190 *p = 0;
1191 p += 1;
1192 *p = curve_id;
1193 p += 1;
1194 *p = encodedlen;
1195 p += 1;
1196 memcpy((unsigned char*)p,
1197 (unsigned char *)encodedPoint,
1198 encodedlen);
1199 OPENSSL_free(encodedPoint);
1200 p += encodedlen;
1201 }
1202#endif
1203
1204#ifndef OPENSSL_NO_PSK
1205 if (type & SSL_kPSK)
1206 {
1207 /* copy PSK identity hint */
1208 s2n(strlen(s->ctx->psk_identity_hint), p);
1209 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1210 p+=strlen(s->ctx->psk_identity_hint);
1211 }
1212#endif
1213
1214 /* not anonymous */
1215 if (pkey != NULL)
1216 {
1217 /* n is the length of the params, they start at
1218 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
1219 * at the end. */
1220#ifndef OPENSSL_NO_RSA
1221 if (pkey->type == EVP_PKEY_RSA)
1222 {
1223 q=md_buf;
1224 j=0;
1225 for (num=2; num > 0; num--)
1226 {
1227 EVP_DigestInit_ex(&md_ctx,(num == 2)
1228 ?s->ctx->md5:s->ctx->sha1, NULL);
1229 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1230 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1231 EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1232 EVP_DigestFinal_ex(&md_ctx,q,
1233 (unsigned int *)&i);
1234 q+=i;
1235 j+=i;
1236 }
1237 if (RSA_sign(NID_md5_sha1, md_buf, j,
1238 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1239 {
1240 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1241 goto err;
1242 }
1243 s2n(u,p);
1244 n+=u+2;
1245 }
1246 else
1247#endif
1248#if !defined(OPENSSL_NO_DSA)
1249 if (pkey->type == EVP_PKEY_DSA)
1250 {
1251 /* lets do DSS */
1252 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
1253 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1254 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1255 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1256 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1257 (unsigned int *)&i,pkey))
1258 {
1259 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1260 goto err;
1261 }
1262 s2n(i,p);
1263 n+=i+2;
1264 }
1265 else
1266#endif
1267#if !defined(OPENSSL_NO_ECDSA)
1268 if (pkey->type == EVP_PKEY_EC)
1269 {
1270 /* let's do ECDSA */
1271 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1272 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1273 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1274 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1275 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1276 (unsigned int *)&i,pkey))
1277 {
1278 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1279 goto err;
1280 }
1281 s2n(i,p);
1282 n+=i+2;
1283 }
1284 else
1285#endif
1286 {
1287 /* Is this error check actually needed? */
1288 al=SSL_AD_HANDSHAKE_FAILURE;
1289 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1290 goto f_err;
1291 }
1292 }
1293
1294 d = dtls1_set_message_header(s, d,
1295 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
1296
1297 /* we should now have things packed up, so lets send
1298 * it off */
1299 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1300 s->init_off=0;
1301
1302 /* buffer the message to handle re-xmits */
1303 dtls1_buffer_message(s, 0);
1304 }
1305
1306 s->state = SSL3_ST_SW_KEY_EXCH_B;
1307 EVP_MD_CTX_cleanup(&md_ctx);
1308 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1309f_err:
1310 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1311err:
1312#ifndef OPENSSL_NO_ECDH
1313 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1314 BN_CTX_free(bn_ctx);
1315#endif
1316 EVP_MD_CTX_cleanup(&md_ctx);
1317 return(-1);
1318 }
1319
1320int dtls1_send_certificate_request(SSL *s)
1321 {
1322 unsigned char *p,*d;
1323 int i,j,nl,off,n;
1324 STACK_OF(X509_NAME) *sk=NULL;
1325 X509_NAME *name;
1326 BUF_MEM *buf;
1327 unsigned int msg_len;
1328
1329 if (s->state == SSL3_ST_SW_CERT_REQ_A)
1330 {
1331 buf=s->init_buf;
1332
1333 d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1334
1335 /* get the list of acceptable cert types */
1336 p++;
1337 n=ssl3_get_req_cert_type(s,p);
1338 d[0]=n;
1339 p+=n;
1340 n++;
1341
1342 off=n;
1343 p+=2;
1344 n+=2;
1345
1346 sk=SSL_get_client_CA_list(s);
1347 nl=0;
1348 if (sk != NULL)
1349 {
1350 for (i=0; i<sk_X509_NAME_num(sk); i++)
1351 {
1352 name=sk_X509_NAME_value(sk,i);
1353 j=i2d_X509_NAME(name,NULL);
1354 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
1355 {
1356 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1357 goto err;
1358 }
1359 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
1360 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1361 {
1362 s2n(j,p);
1363 i2d_X509_NAME(name,&p);
1364 n+=2+j;
1365 nl+=2+j;
1366 }
1367 else
1368 {
1369 d=p;
1370 i2d_X509_NAME(name,&p);
1371 j-=2; s2n(j,d); j+=2;
1372 n+=j;
1373 nl+=j;
1374 }
1375 }
1376 }
1377 /* else no CA names */
1378 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
1379 s2n(nl,p);
1380
1381 d=(unsigned char *)buf->data;
1382 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
1383 l2n3(n,d);
1384 s2n(s->d1->handshake_write_seq,d);
1385 s->d1->handshake_write_seq++;
1386
1387 /* we should now have things packed up, so lets send
1388 * it off */
1389
1390 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1391 s->init_off=0;
1392#ifdef NETSCAPE_HANG_BUG
1393/* XXX: what to do about this? */
1394 p=(unsigned char *)s->init_buf->data + s->init_num;
1395
1396 /* do the header */
1397 *(p++)=SSL3_MT_SERVER_DONE;
1398 *(p++)=0;
1399 *(p++)=0;
1400 *(p++)=0;
1401 s->init_num += 4;
1402#endif
1403
1404 /* XDTLS: set message header ? */
1405 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1406 dtls1_set_message_header(s, (void *)s->init_buf->data,
1407 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1408
1409 /* buffer the message to handle re-xmits */
1410 dtls1_buffer_message(s, 0);
1411
1412 s->state = SSL3_ST_SW_CERT_REQ_B;
1413 }
1414
1415 /* SSL3_ST_SW_CERT_REQ_B */
1416 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1417err:
1418 return(-1);
1419 }
1420
1421int dtls1_send_server_certificate(SSL *s)
1422 {
1423 unsigned long l;
1424 X509 *x;
1425
1426 if (s->state == SSL3_ST_SW_CERT_A)
1427 {
1428 x=ssl_get_server_send_cert(s);
1429 if (x == NULL)
1430 {
1431 /* VRS: allow null cert if auth == KRB5 */
1432 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
1433 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
1434 {
1435 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
1436 return(0);
1437 }
1438 }
1439
1440 l=dtls1_output_cert_chain(s,x);
1441 s->state=SSL3_ST_SW_CERT_B;
1442 s->init_num=(int)l;
1443 s->init_off=0;
1444
1445 /* buffer the message to handle re-xmits */
1446 dtls1_buffer_message(s, 0);
1447 }
1448
1449 /* SSL3_ST_SW_CERT_B */
1450 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1451 }
1452
1453#ifndef OPENSSL_NO_TLSEXT
1454int dtls1_send_newsession_ticket(SSL *s)
1455 {
1456 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
1457 {
1458 unsigned char *p, *senc, *macstart;
1459 int len, slen;
1460 unsigned int hlen, msg_len;
1461 EVP_CIPHER_CTX ctx;
1462 HMAC_CTX hctx;
1463 SSL_CTX *tctx = s->initial_ctx;
1464 unsigned char iv[EVP_MAX_IV_LENGTH];
1465 unsigned char key_name[16];
1466
1467 /* get session encoding length */
1468 slen = i2d_SSL_SESSION(s->session, NULL);
1469 /* Some length values are 16 bits, so forget it if session is
1470 * too long
1471 */
1472 if (slen > 0xFF00)
1473 return -1;
1474 /* Grow buffer if need be: the length calculation is as
1475 * follows 12 (DTLS handshake message header) +
1476 * 4 (ticket lifetime hint) + 2 (ticket length) +
1477 * 16 (key name) + max_iv_len (iv length) +
1478 * session_length + max_enc_block_size (max encrypted session
1479 * length) + max_md_size (HMAC).
1480 */
1481 if (!BUF_MEM_grow(s->init_buf,
1482 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1483 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1484 return -1;
1485 senc = OPENSSL_malloc(slen);
1486 if (!senc)
1487 return -1;
1488 p = senc;
1489 i2d_SSL_SESSION(s->session, &p);
1490
1491 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1492 EVP_CIPHER_CTX_init(&ctx);
1493 HMAC_CTX_init(&hctx);
1494 /* Initialize HMAC and cipher contexts. If callback present
1495 * it does all the work otherwise use generated values
1496 * from parent ctx.
1497 */
1498 if (tctx->tlsext_ticket_key_cb)
1499 {
1500 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1501 &hctx, 1) < 0)
1502 {
1503 OPENSSL_free(senc);
1504 return -1;
1505 }
1506 }
1507 else
1508 {
1509 RAND_pseudo_bytes(iv, 16);
1510 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1511 tctx->tlsext_tick_aes_key, iv);
1512 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1513 tlsext_tick_md(), NULL);
1514 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1515 }
1516 l2n(s->session->tlsext_tick_lifetime_hint, p);
1517 /* Skip ticket length for now */
1518 p += 2;
1519 /* Output key name */
1520 macstart = p;
1521 memcpy(p, key_name, 16);
1522 p += 16;
1523 /* output IV */
1524 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
1525 p += EVP_CIPHER_CTX_iv_length(&ctx);
1526 /* Encrypt session data */
1527 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
1528 p += len;
1529 EVP_EncryptFinal(&ctx, p, &len);
1530 p += len;
1531 EVP_CIPHER_CTX_cleanup(&ctx);
1532
1533 HMAC_Update(&hctx, macstart, p - macstart);
1534 HMAC_Final(&hctx, p, &hlen);
1535 HMAC_CTX_cleanup(&hctx);
1536
1537 p += hlen;
1538 /* Now write out lengths: p points to end of data written */
1539 /* Total length */
1540 len = p - (unsigned char *)(s->init_buf->data);
1541 /* Ticket length */
1542 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1543 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1544
1545 /* number of bytes to write */
1546 s->init_num= len;
1547 s->state=SSL3_ST_SW_SESSION_TICKET_B;
1548 s->init_off=0;
1549 OPENSSL_free(senc);
1550
1551 /* XDTLS: set message header ? */
1552 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1553 dtls1_set_message_header(s, (void *)s->init_buf->data,
1554 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1555
1556 /* buffer the message to handle re-xmits */
1557 dtls1_buffer_message(s, 0);
1558 }
1559
1560 /* SSL3_ST_SW_SESSION_TICKET_B */
1561 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1562 }
1563#endif
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index 18760c6e67..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,350 +0,0 @@
1#
2# OpenSSL example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6# This definition stops the following lines choking if HOME isn't
7# defined.
8HOME = .
9RANDFILE = $ENV::HOME/.rnd
10
11# Extra OBJECT IDENTIFIER info:
12#oid_file = $ENV::HOME/.oid
13oid_section = new_oids
14
15# To use this configuration file with the "-extfile" option of the
16# "openssl x509" utility, name here the section containing the
17# X.509v3 extensions to use:
18# extensions =
19# (Alternatively, use a configuration file that has only
20# X.509v3 extensions in its main [= default] section.)
21
22[ new_oids ]
23
24# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
25# Add a simple OID like this:
26# testoid1=1.2.3.4
27# Or use config file substitution like this:
28# testoid2=${testoid1}.5.6
29
30# Policies used by the TSA examples.
31tsa_policy1 = 1.2.3.4.1
32tsa_policy2 = 1.2.3.4.5.6
33tsa_policy3 = 1.2.3.4.5.7
34
35####################################################################
36[ ca ]
37default_ca = CA_default # The default ca section
38
39####################################################################
40[ CA_default ]
41
42dir = ./demoCA # Where everything is kept
43certs = $dir/certs # Where the issued certs are kept
44crl_dir = $dir/crl # Where the issued crl are kept
45database = $dir/index.txt # database index file.
46#unique_subject = no # Set to 'no' to allow creation of
47 # several ctificates with same subject.
48new_certs_dir = $dir/newcerts # default place for new certs.
49
50certificate = $dir/cacert.pem # The CA certificate
51serial = $dir/serial # The current serial number
52crlnumber = $dir/crlnumber # the current crl number
53 # must be commented out to leave a V1 CRL
54crl = $dir/crl.pem # The current CRL
55private_key = $dir/private/cakey.pem# The private key
56RANDFILE = $dir/private/.rand # private random number file
57
58x509_extensions = usr_cert # The extentions to add to the cert
59
60# Comment out the following two lines for the "traditional"
61# (and highly broken) format.
62name_opt = ca_default # Subject Name options
63cert_opt = ca_default # Certificate field options
64
65# Extension copying option: use with caution.
66# copy_extensions = copy
67
68# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
69# so this is commented out by default to leave a V1 CRL.
70# crlnumber must also be commented out to leave a V1 CRL.
71# crl_extensions = crl_ext
72
73default_days = 365 # how long to certify for
74default_crl_days= 30 # how long before next CRL
75default_md = default # use public key default MD
76preserve = no # keep passed DN ordering
77
78# A few difference way of specifying how similar the request should look
79# For type CA, the listed attributes must be the same, and the optional
80# and supplied fields are just that :-)
81policy = policy_match
82
83# For the CA policy
84[ policy_match ]
85countryName = match
86stateOrProvinceName = match
87organizationName = match
88organizationalUnitName = optional
89commonName = supplied
90emailAddress = optional
91
92# For the 'anything' policy
93# At this point in time, you must list all acceptable 'object'
94# types.
95[ policy_anything ]
96countryName = optional
97stateOrProvinceName = optional
98localityName = optional
99organizationName = optional
100organizationalUnitName = optional
101commonName = supplied
102emailAddress = optional
103
104####################################################################
105[ req ]
106default_bits = 1024
107default_keyfile = privkey.pem
108distinguished_name = req_distinguished_name
109attributes = req_attributes
110x509_extensions = v3_ca # The extentions to add to the self signed cert
111
112# Passwords for private keys if not present they will be prompted for
113# input_password = secret
114# output_password = secret
115
116# This sets a mask for permitted string types. There are several options.
117# default: PrintableString, T61String, BMPString.
118# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
119# utf8only: only UTF8Strings (PKIX recommendation after 2004).
120# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
121# MASK:XXXX a literal mask value.
122# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
123string_mask = utf8only
124
125# req_extensions = v3_req # The extensions to add to a certificate request
126
127[ req_distinguished_name ]
128countryName = Country Name (2 letter code)
129countryName_default = AU
130countryName_min = 2
131countryName_max = 2
132
133stateOrProvinceName = State or Province Name (full name)
134stateOrProvinceName_default = Some-State
135
136localityName = Locality Name (eg, city)
137
1380.organizationName = Organization Name (eg, company)
1390.organizationName_default = Internet Widgits Pty Ltd
140
141# we can do this but it is not needed normally :-)
142#1.organizationName = Second Organization Name (eg, company)
143#1.organizationName_default = World Wide Web Pty Ltd
144
145organizationalUnitName = Organizational Unit Name (eg, section)
146#organizationalUnitName_default =
147
148commonName = Common Name (e.g. server FQDN or YOUR name)
149commonName_max = 64
150
151emailAddress = Email Address
152emailAddress_max = 64
153
154# SET-ex3 = SET extension number 3
155
156[ req_attributes ]
157challengePassword = A challenge password
158challengePassword_min = 4
159challengePassword_max = 20
160
161unstructuredName = An optional company name
162
163[ usr_cert ]
164
165# These extensions are added when 'ca' signs a request.
166
167# This goes against PKIX guidelines but some CAs do it and some software
168# requires this to avoid interpreting an end user certificate as a CA.
169
170basicConstraints=CA:FALSE
171
172# Here are some examples of the usage of nsCertType. If it is omitted
173# the certificate can be used for anything *except* object signing.
174
175# This is OK for an SSL server.
176# nsCertType = server
177
178# For an object signing certificate this would be used.
179# nsCertType = objsign
180
181# For normal client use this is typical
182# nsCertType = client, email
183
184# and for everything including object signing:
185# nsCertType = client, email, objsign
186
187# This is typical in keyUsage for a client certificate.
188# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
189
190# This will be displayed in Netscape's comment listbox.
191nsComment = "OpenSSL Generated Certificate"
192
193# PKIX recommendations harmless if included in all certificates.
194subjectKeyIdentifier=hash
195authorityKeyIdentifier=keyid,issuer
196
197# This stuff is for subjectAltName and issuerAltname.
198# Import the email address.
199# subjectAltName=email:copy
200# An alternative to produce certificates that aren't
201# deprecated according to PKIX.
202# subjectAltName=email:move
203
204# Copy subject details
205# issuerAltName=issuer:copy
206
207#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
208#nsBaseUrl
209#nsRevocationUrl
210#nsRenewalUrl
211#nsCaPolicyUrl
212#nsSslServerName
213
214# This is required for TSA certificates.
215# extendedKeyUsage = critical,timeStamping
216
217[ v3_req ]
218
219# Extensions to add to a certificate request
220
221basicConstraints = CA:FALSE
222keyUsage = nonRepudiation, digitalSignature, keyEncipherment
223
224[ v3_ca ]
225
226
227# Extensions for a typical CA
228
229
230# PKIX recommendation.
231
232subjectKeyIdentifier=hash
233
234authorityKeyIdentifier=keyid:always,issuer
235
236# This is what PKIX recommends but some broken software chokes on critical
237# extensions.
238#basicConstraints = critical,CA:true
239# So we do this instead.
240basicConstraints = CA:true
241
242# Key usage: this is typical for a CA certificate. However since it will
243# prevent it being used as an test self-signed certificate it is best
244# left out by default.
245# keyUsage = cRLSign, keyCertSign
246
247# Some might want this also
248# nsCertType = sslCA, emailCA
249
250# Include email address in subject alt name: another PKIX recommendation
251# subjectAltName=email:copy
252# Copy issuer details
253# issuerAltName=issuer:copy
254
255# DER hex encoding of an extension: beware experts only!
256# obj=DER:02:03
257# Where 'obj' is a standard or added object
258# You can even override a supported extension:
259# basicConstraints= critical, DER:30:03:01:01:FF
260
261[ crl_ext ]
262
263# CRL extensions.
264# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
265
266# issuerAltName=issuer:copy
267authorityKeyIdentifier=keyid:always
268
269[ proxy_cert_ext ]
270# These extensions should be added when creating a proxy certificate
271
272# This goes against PKIX guidelines but some CAs do it and some software
273# requires this to avoid interpreting an end user certificate as a CA.
274
275basicConstraints=CA:FALSE
276
277# Here are some examples of the usage of nsCertType. If it is omitted
278# the certificate can be used for anything *except* object signing.
279
280# This is OK for an SSL server.
281# nsCertType = server
282
283# For an object signing certificate this would be used.
284# nsCertType = objsign
285
286# For normal client use this is typical
287# nsCertType = client, email
288
289# and for everything including object signing:
290# nsCertType = client, email, objsign
291
292# This is typical in keyUsage for a client certificate.
293# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
294
295# This will be displayed in Netscape's comment listbox.
296nsComment = "OpenSSL Generated Certificate"
297
298# PKIX recommendations harmless if included in all certificates.
299subjectKeyIdentifier=hash
300authorityKeyIdentifier=keyid,issuer
301
302# This stuff is for subjectAltName and issuerAltname.
303# Import the email address.
304# subjectAltName=email:copy
305# An alternative to produce certificates that aren't
306# deprecated according to PKIX.
307# subjectAltName=email:move
308
309# Copy subject details
310# issuerAltName=issuer:copy
311
312#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
313#nsBaseUrl
314#nsRevocationUrl
315#nsRenewalUrl
316#nsCaPolicyUrl
317#nsSslServerName
318
319# This really needs to be in place for it to be a proxy certificate.
320proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
321
322####################################################################
323[ tsa ]
324
325default_tsa = tsa_config1 # the default TSA section
326
327[ tsa_config1 ]
328
329# These are used by the TSA reply generation only.
330dir = ./demoCA # TSA root directory
331serial = $dir/tsaserial # The current serial number (mandatory)
332crypto_device = builtin # OpenSSL engine to use for signing
333signer_cert = $dir/tsacert.pem # The TSA signing certificate
334 # (optional)
335certs = $dir/cacert.pem # Certificate chain to include in reply
336 # (optional)
337signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
338
339default_policy = tsa_policy1 # Policy if request did not specify it
340 # (optional)
341other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
342digests = md5, sha1 # Acceptable message digests (mandatory)
343accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
344clock_precision_digits = 0 # number of digits after dot. (optional)
345ordering = yes # Is ordering defined for timestamps?
346 # (optional, default: no)
347tsa_name = yes # Must the TSA name be included in the reply?
348 # (optional, default: no)
349ess_cert_id_chain = no # Must the ESS cert id chain be included?
350 # (optional, default: no)
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index f8817b0a71..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
1
2This is some preliminary documentation for OpenSSL.
3
4Contents:
5
6 OpenSSL X509V3 extension configuration
7 X509V3 Extension code: programmers guide
8 PKCS#12 Library
9
10
11==============================================================================
12 OpenSSL X509V3 extension configuration
13==============================================================================
14
15OpenSSL X509V3 extension configuration: preliminary documentation.
16
17INTRODUCTION.
18
19For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
20possible to add and print out common X509 V3 certificate and CRL extensions.
21
22BEGINNERS NOTE
23
24For most simple applications you don't need to know too much about extensions:
25the default openssl.cnf values will usually do sensible things.
26
27If you want to know more you can initially quickly look through the sections
28describing how the standard OpenSSL utilities display and add extensions and
29then the list of supported extensions.
30
31For more technical information about the meaning of extensions see:
32
33http://www.imc.org/ietf-pkix/
34http://home.netscape.com/eng/security/certs.html
35
36PRINTING EXTENSIONS.
37
38Extension values are automatically printed out for supported extensions.
39
40openssl x509 -in cert.pem -text
41openssl crl -in crl.pem -text
42
43will give information in the extension printout, for example:
44
45 X509v3 extensions:
46 X509v3 Basic Constraints:
47 CA:TRUE
48 X509v3 Subject Key Identifier:
49 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
50 X509v3 Authority Key Identifier:
51 keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
52 X509v3 Key Usage:
53 Certificate Sign, CRL Sign
54 X509v3 Subject Alternative Name:
55 email:email@1.address, email:email@2.address
56
57CONFIGURATION FILES.
58
59The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
60which certificate extensions to include. In each case a line:
61
62x509_extensions = extension_section
63
64indicates which section contains the extensions. In the case of 'req' the
65extension section is used when the -x509 option is present to create a
66self signed root certificate.
67
68The 'x509' utility also supports extensions when it signs a certificate.
69The -extfile option is used to set the configuration file containing the
70extensions. In this case a line with:
71
72extensions = extension_section
73
74in the nameless (default) section is used. If no such line is included then
75it uses the default section.
76
77You can also add extensions to CRLs: a line
78
79crl_extensions = crl_extension_section
80
81will include extensions when the -gencrl option is used with the 'ca' utility.
82You can add any extension to a CRL but of the supported extensions only
83issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
84CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
85CRL entry extensions can be displayed.
86
87NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
88you should not include a crl_extensions line in the configuration file.
89
90As with all configuration files you can use the inbuilt environment expansion
91to allow the values to be passed in the environment. Therefore if you have
92several extension sections used for different purposes you can have a line:
93
94x509_extensions = $ENV::ENV_EXT
95
96and set the ENV_EXT environment variable before calling the relevant utility.
97
98EXTENSION SYNTAX.
99
100Extensions have the basic form:
101
102extension_name=[critical,] extension_options
103
104the use of the critical option makes the extension critical. Extreme caution
105should be made when using the critical flag. If an extension is marked
106as critical then any client that does not understand the extension should
107reject it as invalid. Some broken software will reject certificates which
108have *any* critical extensions (these violates PKIX but we have to live
109with it).
110
111There are three main types of extension: string extensions, multi-valued
112extensions, and raw extensions.
113
114String extensions simply have a string which contains either the value itself
115or how it is obtained.
116
117For example:
118
119nsComment="This is a Comment"
120
121Multi-valued extensions have a short form and a long form. The short form
122is a list of names and values:
123
124basicConstraints=critical,CA:true,pathlen:1
125
126The long form allows the values to be placed in a separate section:
127
128basicConstraints=critical,@bs_section
129
130[bs_section]
131
132CA=true
133pathlen=1
134
135Both forms are equivalent. However it should be noted that in some cases the
136same name can appear multiple times, for example,
137
138subjectAltName=email:steve@here,email:steve@there
139
140in this case an equivalent long form is:
141
142subjectAltName=@alt_section
143
144[alt_section]
145
146email.1=steve@here
147email.2=steve@there
148
149This is because the configuration file code cannot handle the same name
150occurring twice in the same section.
151
152The syntax of raw extensions is governed by the extension code: it can
153for example contain data in multiple sections. The correct syntax to
154use is defined by the extension code itself: check out the certificate
155policies extension for an example.
156
157There are two ways to encode arbitrary extensions.
158
159The first way is to use the word ASN1 followed by the extension content
160using the same syntax as ASN1_generate_nconf(). For example:
161
1621.2.3.4=critical,ASN1:UTF8String:Some random data
163
1641.2.3.4=ASN1:SEQUENCE:seq_sect
165
166[seq_sect]
167
168field1 = UTF8:field1
169field2 = UTF8:field2
170
171It is also possible to use the word DER to include arbitrary data in any
172extension.
173
1741.2.3.4=critical,DER:01:02:03:04
1751.2.3.4=DER:01020304
176
177The value following DER is a hex dump of the DER encoding of the extension
178Any extension can be placed in this form to override the default behaviour.
179For example:
180
181basicConstraints=critical,DER:00:01:02:03
182
183WARNING: DER should be used with caution. It is possible to create totally
184invalid extensions unless care is taken.
185
186CURRENTLY SUPPORTED EXTENSIONS.
187
188If you aren't sure about extensions then they can be largely ignored: its only
189when you want to do things like restrict certificate usage when you need to
190worry about them.
191
192The only extension that a beginner might want to look at is Basic Constraints.
193If in addition you want to try Netscape object signing the you should also
194look at Netscape Certificate Type.
195
196Literal String extensions.
197
198In each case the 'value' of the extension is placed directly in the
199extension. Currently supported extensions in this category are: nsBaseUrl,
200nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
201nsSslServerName and nsComment.
202
203For example:
204
205nsComment="This is a test comment"
206
207Bit Strings.
208
209Bit string extensions just consist of a list of supported bits, currently
210two extensions are in this category: PKIX keyUsage and the Netscape specific
211nsCertType.
212
213nsCertType (netscape certificate type) takes the flags: client, server, email,
214objsign, reserved, sslCA, emailCA, objCA.
215
216keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
217keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
218encipherOnly, decipherOnly.
219
220For example:
221
222nsCertType=server
223
224keyUsage=digitalSignature, nonRepudiation
225
226Hints on Netscape Certificate Type.
227
228Other than Basic Constraints this is the only extension a beginner might
229want to use, if you want to try Netscape object signing, otherwise it can
230be ignored.
231
232If you want a certificate that can be used just for object signing then:
233
234nsCertType=objsign
235
236will do the job. If you want to use it as a normal end user and server
237certificate as well then
238
239nsCertType=objsign,email,server
240
241is more appropriate. You cannot use a self signed certificate for object
242signing (well Netscape signtool can but it cheats!) so you need to create
243a CA certificate and sign an end user certificate with it.
244
245Side note: If you want to conform to the Netscape specifications then you
246should really also set:
247
248nsCertType=objCA
249
250in the *CA* certificate for just an object signing CA and
251
252nsCertType=objCA,emailCA,sslCA
253
254for everything. Current Netscape software doesn't enforce this so it can
255be omitted.
256
257Basic Constraints.
258
259This is generally the only extension you need to worry about for simple
260applications. If you want your certificate to be usable as a CA certificate
261(in addition to an end user certificate) then you set this to:
262
263basicConstraints=CA:TRUE
264
265if you want to be certain the certificate cannot be used as a CA then do:
266
267basicConstraints=CA:FALSE
268
269The rest of this section describes more advanced usage.
270
271Basic constraints is a multi-valued extension that supports a CA and an
272optional pathlen option. The CA option takes the values true and false and
273pathlen takes an integer. Note if the CA option is false the pathlen option
274should be omitted.
275
276The pathlen parameter indicates the maximum number of CAs that can appear
277below this one in a chain. So if you have a CA with a pathlen of zero it can
278only be used to sign end user certificates and not further CAs. This all
279assumes that the software correctly interprets this extension of course.
280
281Examples:
282
283basicConstraints=CA:TRUE
284basicConstraints=critical,CA:TRUE, pathlen:0
285
286NOTE: for a CA to be considered valid it must have the CA option set to
287TRUE. An end user certificate MUST NOT have the CA value set to true.
288According to PKIX recommendations it should exclude the extension entirely,
289however some software may require CA set to FALSE for end entity certificates.
290
291Extended Key Usage.
292
293This extensions consists of a list of usages.
294
295These can either be object short names of the dotted numerical form of OIDs.
296While any OID can be used only certain values make sense. In particular the
297following PKIX, NS and MS values are meaningful:
298
299Value Meaning
300----- -------
301serverAuth SSL/TLS Web Server Authentication.
302clientAuth SSL/TLS Web Client Authentication.
303codeSigning Code signing.
304emailProtection E-mail Protection (S/MIME).
305timeStamping Trusted Timestamping
306msCodeInd Microsoft Individual Code Signing (authenticode)
307msCodeCom Microsoft Commercial Code Signing (authenticode)
308msCTLSign Microsoft Trust List Signing
309msSGC Microsoft Server Gated Crypto
310msEFS Microsoft Encrypted File System
311nsSGC Netscape Server Gated Crypto
312
313For example, under IE5 a CA can be used for any purpose: by including a list
314of the above usages the CA can be restricted to only authorised uses.
315
316Note: software packages may place additional interpretations on certificate
317use, in particular some usages may only work for selected CAs. Don't for example
318expect just including msSGC or nsSGC will automatically mean that a certificate
319can be used for SGC ("step up" encryption) otherwise anyone could use it.
320
321Examples:
322
323extendedKeyUsage=critical,codeSigning,1.2.3.4
324extendedKeyUsage=nsSGC,msSGC
325
326Subject Key Identifier.
327
328This is really a string extension and can take two possible values. Either
329a hex string giving details of the extension value to include or the word
330'hash' which then automatically follow PKIX guidelines in selecting and
331appropriate key identifier. The use of the hex string is strongly discouraged.
332
333Example: subjectKeyIdentifier=hash
334
335Authority Key Identifier.
336
337The authority key identifier extension permits two options. keyid and issuer:
338both can take the optional value "always".
339
340If the keyid option is present an attempt is made to copy the subject key
341identifier from the parent certificate. If the value "always" is present
342then an error is returned if the option fails.
343
344The issuer option copies the issuer and serial number from the issuer
345certificate. Normally this will only be done if the keyid option fails or
346is not included: the "always" flag will always include the value.
347
348Subject Alternative Name.
349
350The subject alternative name extension allows various literal values to be
351included in the configuration file. These include "email" (an email address)
352"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
353registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
354
355Also the email option include a special 'copy' value. This will automatically
356include and email addresses contained in the certificate subject name in
357the extension.
358
359otherName can include arbitrary data associated with an OID: the value
360should be the OID followed by a semicolon and the content in standard
361ASN1_generate_nconf() format.
362
363Examples:
364
365subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
366subjectAltName=email:my@other.address,RID:1.2.3.4
367subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
368
369Issuer Alternative Name.
370
371The issuer alternative name option supports all the literal options of
372subject alternative name. It does *not* support the email:copy option because
373that would not make sense. It does support an additional issuer:copy option
374that will copy all the subject alternative name values from the issuer
375certificate (if possible).
376
377Example:
378
379issuserAltName = issuer:copy
380
381Authority Info Access.
382
383The authority information access extension gives details about how to access
384certain information relating to the CA. Its syntax is accessOID;location
385where 'location' has the same syntax as subject alternative name (except
386that email:copy is not supported). accessOID can be any valid OID but only
387certain values are meaningful for example OCSP and caIssuers. OCSP gives the
388location of an OCSP responder: this is used by Netscape PSM and other software.
389
390Example:
391
392authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
393authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
394
395CRL distribution points.
396
397This is a multi-valued extension that supports all the literal options of
398subject alternative name. Of the few software packages that currently interpret
399this extension most only interpret the URI option.
400
401Currently each option will set a new DistributionPoint with the fullName
402field set to the given value.
403
404Other fields like cRLissuer and reasons cannot currently be set or displayed:
405at this time no examples were available that used these fields.
406
407If you see this extension with <UNSUPPORTED> when you attempt to print it out
408or it doesn't appear to display correctly then let me know, including the
409certificate (mail me at steve@openssl.org) .
410
411Examples:
412
413crlDistributionPoints=URI:http://www.myhost.com/myca.crl
414crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
415
416Certificate Policies.
417
418This is a RAW extension. It attempts to display the contents of this extension:
419unfortunately this extension is often improperly encoded.
420
421The certificate policies extension will rarely be used in practice: few
422software packages interpret it correctly or at all. IE5 does partially
423support this extension: but it needs the 'ia5org' option because it will
424only correctly support a broken encoding. Of the options below only the
425policy OID, explicitText and CPS options are displayed with IE5.
426
427All the fields of this extension can be set by using the appropriate syntax.
428
429If you follow the PKIX recommendations of not including any qualifiers and just
430using only one OID then you just include the value of that OID. Multiple OIDs
431can be set separated by commas, for example:
432
433certificatePolicies= 1.2.4.5, 1.1.3.4
434
435If you wish to include qualifiers then the policy OID and qualifiers need to
436be specified in a separate section: this is done by using the @section syntax
437instead of a literal OID value.
438
439The section referred to must include the policy OID using the name
440policyIdentifier, cPSuri qualifiers can be included using the syntax:
441
442CPS.nnn=value
443
444userNotice qualifiers can be set using the syntax:
445
446userNotice.nnn=@notice
447
448The value of the userNotice qualifier is specified in the relevant section.
449This section can include explicitText, organization and noticeNumbers
450options. explicitText and organization are text strings, noticeNumbers is a
451comma separated list of numbers. The organization and noticeNumbers options
452(if included) must BOTH be present. If you use the userNotice option with IE5
453then you need the 'ia5org' option at the top level to modify the encoding:
454otherwise it will not be interpreted properly.
455
456Example:
457
458certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
459
460[polsect]
461
462policyIdentifier = 1.3.5.8
463CPS.1="http://my.host.name/"
464CPS.2="http://my.your.name/"
465userNotice.1=@notice
466
467[notice]
468
469explicitText="Explicit Text Here"
470organization="Organisation Name"
471noticeNumbers=1,2,3,4
472
473TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
474according to PKIX it should be of type DisplayText but Verisign uses an
475IA5STRING and IE5 needs this too.
476
477Display only extensions.
478
479Some extensions are only partially supported and currently are only displayed
480but cannot be set. These include private key usage period, CRL number, and
481CRL reason.
482
483==============================================================================
484 X509V3 Extension code: programmers guide
485==============================================================================
486
487The purpose of the extension code is twofold. It allows an extension to be
488created from a string or structure describing its contents and it prints out an
489extension in a human or machine readable form.
490
4911. Initialisation and cleanup.
492
493No special initialisation is needed before calling the extension functions.
494You used to have to call X509V3_add_standard_extensions(); but this is no longer
495required and this function no longer does anything.
496
497void X509V3_EXT_cleanup(void);
498
499This function should be called to cleanup the extension code if any custom
500extensions have been added. If no custom extensions have been added then this
501call does nothing. After this call all custom extension code is freed up but
502you can still use the standard extensions.
503
5042. Printing and parsing extensions.
505
506The simplest way to print out extensions is via the standard X509 printing
507routines: if you use the standard X509_print() function, the supported
508extensions will be printed out automatically.
509
510The following functions allow finer control over extension display:
511
512int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
513int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
514
515These two functions print out an individual extension to a BIO or FILE pointer.
516Currently the flag argument is unused and should be set to 0. The 'indent'
517argument is the number of spaces to indent each line.
518
519void *X509V3_EXT_d2i(X509_EXTENSION *ext);
520
521This function parses an extension and returns its internal structure. The
522precise structure you get back depends on the extension being parsed. If the
523extension if basicConstraints you will get back a pointer to a
524BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
525details about the structures returned. The returned structure should be freed
526after use using the relevant free function, BASIC_CONSTRAINTS_free() for
527example.
528
529void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
530void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
531void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
532void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
533
534These functions combine the operations of searching for extensions and
535parsing them. They search a certificate, a CRL a CRL entry or a stack
536of extensions respectively for extension whose NID is 'nid' and return
537the parsed result of NULL if an error occurred. For example:
538
539BASIC_CONSTRAINTS *bs;
540bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
541
542This will search for the basicConstraints extension and either return
543it value or NULL. NULL can mean either the extension was not found, it
544occurred more than once or it could not be parsed.
545
546If 'idx' is NULL then an extension is only parsed if it occurs precisely
547once. This is standard behaviour because extensions normally cannot occur
548more than once. If however more than one extension of the same type can
549occur it can be used to parse successive extensions for example:
550
551int i;
552void *ext;
553
554i = -1;
555for(;;) {
556 ext = X509_get_ext_d2i(x, nid, crit, &idx);
557 if(ext == NULL) break;
558 /* Do something with ext */
559}
560
561If 'crit' is not NULL and the extension was found then the int it points to
562is set to 1 for critical extensions and 0 for non critical. Therefore if the
563function returns NULL but 'crit' is set to 0 or 1 then the extension was
564found but it could not be parsed.
565
566The int pointed to by crit will be set to -1 if the extension was not found
567and -2 if the extension occurred more than once (this will only happen if
568idx is NULL). In both cases the function will return NULL.
569
5703. Generating extensions.
571
572An extension will typically be generated from a configuration file, or some
573other kind of configuration database.
574
575int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
576 X509 *cert);
577int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
578 X509_CRL *crl);
579
580These functions add all the extensions in the given section to the given
581certificate or CRL. They will normally be called just before the certificate
582or CRL is due to be signed. Both return 0 on error on non zero for success.
583
584In each case 'conf' is the LHASH pointer of the configuration file to use
585and 'section' is the section containing the extension details.
586
587See the 'context functions' section for a description of the ctx parameter.
588
589
590X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
591 char *value);
592
593This function returns an extension based on a name and value pair, if the
594pair will not need to access other sections in a config file (or there is no
595config file) then the 'conf' parameter can be set to NULL.
596
597X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
598 char *value);
599
600This function creates an extension in the same way as X509V3_EXT_conf() but
601takes the NID of the extension rather than its name.
602
603For example to produce basicConstraints with the CA flag and a path length of
60410:
605
606x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
607
608
609X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
610
611This function sets up an extension from its internal structure. The ext_nid
612parameter is the NID of the extension and 'crit' is the critical flag.
613
6144. Context functions.
615
616The following functions set and manipulate an extension context structure.
617The purpose of the extension context is to allow the extension code to
618access various structures relating to the "environment" of the certificate:
619for example the issuers certificate or the certificate request.
620
621void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
622 X509_REQ *req, X509_CRL *crl, int flags);
623
624This function sets up an X509V3_CTX structure with details of the certificate
625environment: specifically the issuers certificate, the subject certificate,
626the certificate request and the CRL: if these are not relevant or not
627available then they can be set to NULL. The 'flags' parameter should be set
628to zero.
629
630X509V3_set_ctx_test(ctx)
631
632This macro is used to set the 'ctx' structure to a 'test' value: this is to
633allow the syntax of an extension (or configuration file) to be tested.
634
635X509V3_set_ctx_nodb(ctx)
636
637This macro is used when no configuration database is present.
638
639void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
640
641This function is used to set the configuration database when it is an LHASH
642structure: typically a configuration file.
643
644The following functions are used to access a configuration database: they
645should only be used in RAW extensions.
646
647char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
648
649This function returns the value of the parameter "name" in "section", or NULL
650if there has been an error.
651
652void X509V3_string_free(X509V3_CTX *ctx, char *str);
653
654This function frees up the string returned by the above function.
655
656STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
657
658This function returns a whole section as a STACK_OF(CONF_VALUE) .
659
660void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
661
662This function frees up the STACK returned by the above function.
663
664Note: it is possible to use the extension code with a custom configuration
665database. To do this the "db_meth" element of the X509V3_CTX structure should
666be set to an X509V3_CTX_METHOD structure. This structure contains the following
667function pointers:
668
669char * (*get_string)(void *db, char *section, char *value);
670STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
671void (*free_string)(void *db, char * string);
672void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
673
674these will be called and passed the 'db' element in the X509V3_CTX structure
675to access the database. If a given function is not implemented or not required
676it can be set to NULL.
677
6785. String helper functions.
679
680There are several "i2s" and "s2i" functions that convert structures to and
681from ASCII strings. In all the "i2s" cases the returned string should be
682freed using Free() after use. Since some of these are part of other extension
683code they may take a 'method' parameter. Unless otherwise stated it can be
684safely set to NULL.
685
686char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
687
688This returns a hex string from an ASN1_OCTET_STRING.
689
690char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
691char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
692
693These return a string decimal representations of an ASN1_INTEGER and an
694ASN1_ENUMERATED type, respectively.
695
696ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
697 X509V3_CTX *ctx, char *str);
698
699This converts an ASCII hex string to an ASN1_OCTET_STRING.
700
701ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
702
703This converts a decimal ASCII string into an ASN1_INTEGER.
704
7056. Multi valued extension helper functions.
706
707The following functions can be used to manipulate STACKs of CONF_VALUE
708structures, as used by multi valued extensions.
709
710int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
711
712This function expects a boolean value in 'value' and sets 'asn1_bool' to
713it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
714strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
715"false", "N", "n", "NO" or "no".
716
717int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
718
719This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
720
721int X509V3_add_value(const char *name, const char *value,
722 STACK_OF(CONF_VALUE) **extlist);
723
724This simply adds a string name and value pair.
725
726int X509V3_add_value_uchar(const char *name, const unsigned char *value,
727 STACK_OF(CONF_VALUE) **extlist);
728
729The same as above but for an unsigned character value.
730
731int X509V3_add_value_bool(const char *name, int asn1_bool,
732 STACK_OF(CONF_VALUE) **extlist);
733
734This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
735
736int X509V3_add_value_bool_nf(char *name, int asn1_bool,
737 STACK_OF(CONF_VALUE) **extlist);
738
739This is the same as above except it adds nothing if asn1_bool is FALSE.
740
741int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
742 STACK_OF(CONF_VALUE) **extlist);
743
744This function adds the value of the ASN1_INTEGER in decimal form.
745
7467. Other helper functions.
747
748<to be added>
749
750ADDING CUSTOM EXTENSIONS.
751
752Currently there are three types of supported extensions.
753
754String extensions are simple strings where the value is placed directly in the
755extensions, and the string returned is printed out.
756
757Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
758or return a STACK_OF(CONF_VALUE).
759
760Raw extensions are just passed a BIO or a value and it is the extensions
761responsibility to handle all the necessary printing.
762
763There are two ways to add an extension. One is simply as an alias to an already
764existing extension. An alias is an extension that is identical in ASN1 structure
765to an existing extension but has a different OBJECT IDENTIFIER. This can be
766done by calling:
767
768int X509V3_EXT_add_alias(int nid_to, int nid_from);
769
770'nid_to' is the new extension NID and 'nid_from' is the already existing
771extension NID.
772
773Alternatively an extension can be written from scratch. This involves writing
774the ASN1 code to encode and decode the extension and functions to print out and
775generate the extension from strings. The relevant functions are then placed in
776a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
777called.
778
779The X509V3_EXT_METHOD structure is described below.
780
781struct {
782int ext_nid;
783int ext_flags;
784X509V3_EXT_NEW ext_new;
785X509V3_EXT_FREE ext_free;
786X509V3_EXT_D2I d2i;
787X509V3_EXT_I2D i2d;
788X509V3_EXT_I2S i2s;
789X509V3_EXT_S2I s2i;
790X509V3_EXT_I2V i2v;
791X509V3_EXT_V2I v2i;
792X509V3_EXT_R2I r2i;
793X509V3_EXT_I2R i2r;
794
795void *usr_data;
796};
797
798The elements have the following meanings.
799
800ext_nid is the NID of the object identifier of the extension.
801
802ext_flags is set of flags. Currently the only external flag is
803 X509V3_EXT_MULTILINE which means a multi valued extensions
804 should be printed on separate lines.
805
806usr_data is an extension specific pointer to any relevant data. This
807 allows extensions to share identical code but have different
808 uses. An example of this is the bit string extension which uses
809 usr_data to contain a list of the bit names.
810
811All the remaining elements are function pointers.
812
813ext_new is a pointer to a function that allocates memory for the
814 extension ASN1 structure: for example ASN1_OBJECT_new().
815
816ext_free is a pointer to a function that free up memory of the extension
817 ASN1 structure: for example ASN1_OBJECT_free().
818
819d2i is the standard ASN1 function that converts a DER buffer into
820 the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
821
822i2d is the standard ASN1 function that converts the internal
823 structure into the DER representation: for example
824 i2d_ASN1_IA5STRING().
825
826The remaining functions are depend on the type of extension. One i2X and
827one X2i should be set and the rest set to NULL. The types set do not need
828to match up, for example the extension could be set using the multi valued
829v2i function and printed out using the raw i2r.
830
831All functions have the X509V3_EXT_METHOD passed to them in the 'method'
832parameter and an X509V3_CTX structure. Extension code can then access the
833parent structure via the 'method' parameter to for example make use of the value
834of usr_data. If the code needs to use detail relating to the request it can
835use the 'ctx' parameter.
836
837A note should be given here about the 'flags' member of the 'ctx' parameter.
838If it has the value CTX_TEST then the configuration syntax is being checked
839and no actual certificate or CRL exists. Therefore any attempt in the config
840file to access such information should silently succeed. If the syntax is OK
841then it should simply return a (possibly bogus) extension, otherwise it
842should return NULL.
843
844char *i2s(struct v3_ext_method *method, void *ext);
845
846This function takes the internal structure in the ext parameter and returns
847a Malloc'ed string representing its value.
848
849void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
850
851This function takes the string representation in the ext parameter and returns
852an allocated internal structure: ext_free() will be used on this internal
853structure after use.
854
855i2v and v2i handle a STACK_OF(CONF_VALUE):
856
857typedef struct
858{
859 char *section;
860 char *name;
861 char *value;
862} CONF_VALUE;
863
864Only the name and value members are currently used.
865
866STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
867
868This function is passed the internal structure in the ext parameter and
869returns a STACK of CONF_VALUE structures. The values of name, value,
870section and the structure itself will be freed up with Free after use.
871Several helper functions are available to add values to this STACK.
872
873void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
874 STACK_OF(CONF_VALUE) *values);
875
876This function takes a STACK_OF(CONF_VALUE) structures and should set the
877values of the external structure. This typically uses the name element to
878determine which structure element to set and the value element to determine
879what to set it to. Several helper functions are available for this
880purpose (see above).
881
882int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
883
884This function is passed the internal extension structure in the ext parameter
885and sends out a human readable version of the extension to out. The 'indent'
886parameter should be noted to determine the necessary amount of indentation
887needed on the output.
888
889void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
890
891This is just passed the string representation of the extension. It is intended
892to be used for more elaborate extensions where the standard single and multi
893valued options are insufficient. They can use the 'ctx' parameter to parse the
894configuration database themselves. See the context functions section for details
895of how to do this.
896
897Note: although this type takes the same parameters as the "r2s" function there
898is a subtle difference. Whereas an "r2i" function can access a configuration
899database an "s2i" function MUST NOT. This is so the internal code can safely
900assume that an "s2i" function will work without a configuration database.
901
902==============================================================================
903 PKCS#12 Library
904==============================================================================
905
906This section describes the internal PKCS#12 support. There are very few
907differences between the old external library and the new internal code at
908present. This may well change because the external library will not be updated
909much in future.
910
911This version now includes a couple of high level PKCS#12 functions which
912generally "do the right thing" and should make it much easier to handle PKCS#12
913structures.
914
915HIGH LEVEL FUNCTIONS.
916
917For most applications you only need concern yourself with the high level
918functions. They can parse and generate simple PKCS#12 files as produced by
919Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
920private key and certificate pair.
921
9221. Initialisation and cleanup.
923
924No special initialisation is needed for the internal PKCS#12 library: the
925standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
926add all algorithms (you should at least add SHA1 though) then you can manually
927initialise the PKCS#12 library with:
928
929PKCS12_PBE_add();
930
931The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
932called or it can be directly freed with:
933
934EVP_PBE_cleanup();
935
936after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
937be called.
938
9392. I/O functions.
940
941i2d_PKCS12_bio(bp, p12)
942
943This writes out a PKCS12 structure to a BIO.
944
945i2d_PKCS12_fp(fp, p12)
946
947This is the same but for a FILE pointer.
948
949d2i_PKCS12_bio(bp, p12)
950
951This reads in a PKCS12 structure from a BIO.
952
953d2i_PKCS12_fp(fp, p12)
954
955This is the same but for a FILE pointer.
956
9573. High level functions.
958
9593.1 Parsing with PKCS12_parse().
960
961int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
962 STACK **ca);
963
964This function takes a PKCS12 structure and a password (ASCII, null terminated)
965and returns the private key, the corresponding certificate and any CA
966certificates. If any of these is not required it can be passed as a NULL.
967The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
968structure. Typically to read in a PKCS#12 file you might do:
969
970p12 = d2i_PKCS12_fp(fp, NULL);
971PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
972PKCS12_free(p12);
973
9743.2 PKCS#12 creation with PKCS12_create().
975
976PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
977 STACK *ca, int nid_key, int nid_cert, int iter,
978 int mac_iter, int keytype);
979
980This function will create a PKCS12 structure from a given password, name,
981private key, certificate and optional STACK of CA certificates. The remaining
9825 parameters can be set to 0 and sensible defaults will be used.
983
984The parameters nid_key and nid_cert are the key and certificate encryption
985algorithms, iter is the encryption iteration count, mac_iter is the MAC
986iteration count and keytype is the type of private key. If you really want
987to know what these last 5 parameters do then read the low level section.
988
989Typically to create a PKCS#12 file the following could be used:
990
991p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
992i2d_PKCS12_fp(fp, p12);
993PKCS12_free(p12);
994
9953.3 Changing a PKCS#12 structure password.
996
997int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
998
999This changes the password of an already existing PKCS#12 structure. oldpass
1000is the old password and newpass is the new one. An error occurs if the old
1001password is incorrect.
1002
1003LOW LEVEL FUNCTIONS.
1004
1005In some cases the high level functions do not provide the necessary
1006functionality. For example if you want to generate or parse more complex
1007PKCS#12 files. The sample pkcs12 application uses the low level functions
1008to display details about the internal structure of a PKCS#12 file.
1009
1010Introduction.
1011
1012This is a brief description of how a PKCS#12 file is represented internally:
1013some knowledge of PKCS#12 is assumed.
1014
1015A PKCS#12 object contains several levels.
1016
1017At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
1018CRL, a private key, encrypted or unencrypted, a set of safebags (so the
1019structure can be nested) or other secrets (not documented at present).
1020A safebag can optionally have attributes, currently these are: a unicode
1021friendlyName (a Unicode string) or a localKeyID (a string of bytes).
1022
1023At the next level is an authSafe which is a set of safebags collected into
1024a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
1025
1026At the top level is the PKCS12 structure itself which contains a set of
1027authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
1028contains a MAC which is a kind of password protected digest to preserve
1029integrity (so any unencrypted stuff below can't be tampered with).
1030
1031The reason for these levels is so various objects can be encrypted in various
1032ways. For example you might want to encrypt a set of private keys with
1033triple-DES and then include the related certificates either unencrypted or
1034with lower encryption. Yes it's the dreaded crypto laws at work again which
1035allow strong encryption on private keys and only weak encryption on other
1036stuff.
1037
1038To build one of these things you turn all certificates and keys into safebags
1039(with optional attributes). You collect the safebags into (one or more) STACKS
1040and convert these into authsafes (encrypted or unencrypted). The authsafes
1041are collected into a STACK and added to a PKCS12 structure. Finally a MAC
1042inserted.
1043
1044Pulling one apart is basically the reverse process. The MAC is verified against
1045the given password. The authsafes are extracted and each authsafe split into
1046a set of safebags (possibly involving decryption). Finally the safebags are
1047decomposed into the original keys and certificates and the attributes used to
1048match up private key and certificate pairs.
1049
1050Anyway here are the functions that do the dirty work.
1051
10521. Construction functions.
1053
10541.1 Safebag functions.
1055
1056M_PKCS12_x5092certbag(x509)
1057
1058This macro takes an X509 structure and returns a certificate bag. The
1059X509 structure can be freed up after calling this function.
1060
1061M_PKCS12_x509crl2certbag(crl)
1062
1063As above but for a CRL.
1064
1065PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
1066
1067Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
1068Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
1069structure contains a private key data in plain text form it should be free'd
1070up as soon as it has been encrypted for security reasons (freeing up the
1071structure zeros out the sensitive data). This can be done with
1072PKCS8_PRIV_KEY_INFO_free().
1073
1074PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
1075
1076This sets the key type when a key is imported into MSIE or Outlook 98. Two
1077values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
1078key that can also be used for signing but its size is limited in the export
1079versions of MS software to 512 bits, it is also the default. KEY_SIG is a
1080signing only key but the keysize is unlimited (well 16K is supposed to work).
1081If you are using the domestic version of MSIE then you can ignore this because
1082KEY_EX is not limited and can be used for both.
1083
1084PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
1085
1086Convert a PKCS8 private key structure into a keybag. This routine embeds the
1087p8 structure in the keybag so p8 should not be freed up or used after it is
1088called. The p8 structure will be freed up when the safebag is freed.
1089
1090PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
1091
1092Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
1093embedded and can be freed up after use.
1094
1095int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1096int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1097
1098Add a local key id or a friendlyname to a safebag.
1099
11001.2 Authsafe functions.
1101
1102PKCS7 *PKCS12_pack_p7data(STACK *sk)
1103Take a stack of safebags and convert them into an unencrypted authsafe. The
1104stack of safebags can be freed up after calling this function.
1105
1106PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
1107
1108As above but encrypted.
1109
11101.3 PKCS12 functions.
1111
1112PKCS12 *PKCS12_init(int mode)
1113
1114Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
1115
1116M_PKCS12_pack_authsafes(p12, safes)
1117
1118This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
1119
1120int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
1121
1122Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
1123that SHA-1 should be used.
1124
11252. Extraction Functions.
1126
11272.1 Safebags.
1128
1129M_PKCS12_bag_type(bag)
1130
1131Return the type of "bag". Returns one of the following
1132
1133NID_keyBag
1134NID_pkcs8ShroudedKeyBag 7
1135NID_certBag 8
1136NID_crlBag 9
1137NID_secretBag 10
1138NID_safeContentsBag 11
1139
1140M_PKCS12_cert_bag_type(bag)
1141
1142Returns type of certificate bag, following are understood.
1143
1144NID_x509Certificate 14
1145NID_sdsiCertificate 15
1146
1147M_PKCS12_crl_bag_type(bag)
1148
1149Returns crl bag type, currently only NID_crlBag is recognised.
1150
1151M_PKCS12_certbag2x509(bag)
1152
1153This macro extracts an X509 certificate from a certificate bag.
1154
1155M_PKCS12_certbag2x509crl(bag)
1156
1157As above but for a CRL.
1158
1159EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
1160
1161Extract a private key from a PKCS8 private key info structure.
1162
1163M_PKCS12_decrypt_skey(bag, pass, passlen)
1164
1165Decrypt a shrouded key bag and return a PKCS8 private key info structure.
1166Works with both RSA and DSA keys
1167
1168char *PKCS12_get_friendlyname(bag)
1169
1170Returns the friendlyName of a bag if present or NULL if none. The returned
1171string is a null terminated ASCII string allocated with Malloc(). It should
1172thus be freed up with Free() after use.
1173
11742.2 AuthSafe functions.
1175
1176M_PKCS12_unpack_p7data(p7)
1177
1178Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
1179
1180#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
1181
1182As above but for an encrypted content info.
1183
11842.3 PKCS12 functions.
1185
1186M_PKCS12_unpack_authsafes(p12)
1187
1188Extract a STACK of authsafes from a PKCS12 structure.
1189
1190M_PKCS12_mac_present(p12)
1191
1192Check to see if a MAC is present.
1193
1194int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
1195
1196Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
1197
1198
1199Notes.
1200
12011. All the function return 0 or NULL on error.
12022. Encryption based functions take a common set of parameters. These are
1203described below.
1204
1205pass, passlen
1206ASCII password and length. The password on the MAC is called the "integrity
1207password" the encryption password is called the "privacy password" in the
1208PKCS#12 documentation. The passwords do not have to be the same. If -1 is
1209passed for the length it is worked out by the function itself (currently
1210this is sometimes done whatever is passed as the length but that may change).
1211
1212salt, saltlen
1213A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
1214default length is used.
1215
1216iter
1217Iteration count. This is a measure of how many times an internal function is
1218called to encrypt the data. The larger this value is the longer it takes, it
1219makes dictionary attacks on passwords harder. NOTE: Some implementations do
1220not support an iteration count on the MAC. If the password for the MAC and
1221encryption is the same then there is no point in having a high iteration
1222count for encryption if the MAC has no count. The MAC could be attacked
1223and the password used for the main decryption.
1224
1225pbe_nid
1226This is the NID of the password based encryption method used. The following are
1227supported.
1228NID_pbe_WithSHA1And128BitRC4
1229NID_pbe_WithSHA1And40BitRC4
1230NID_pbe_WithSHA1And3_Key_TripleDES_CBC
1231NID_pbe_WithSHA1And2_Key_TripleDES_CBC
1232NID_pbe_WithSHA1And128BitRC2_CBC
1233NID_pbe_WithSHA1And40BitRC2_CBC
1234
1235Which you use depends on the implementation you are exporting to. "Export
1236grade" (i.e. cryptographically challenged) products cannot support all
1237algorithms. Typically you may be able to use any encryption on shrouded key
1238bags but they must then be placed in an unencrypted authsafe. Other authsafes
1239may only support 40bit encryption. Of course if you are using SSLeay
1240throughout you can strongly encrypt everything and have high iteration counts
1241on everything.
1242
12433. For decryption routines only the password and length are needed.
1244
12454. Unlike the external version the nid's of objects are the values of the
1246constants: that is NID_certBag is the real nid, therefore there is no
1247PKCS12_obj_offset() function. Note the object constants are not the same as
1248those of the external version. If you use these constants then you will need
1249to recompile your code.
1250
12515. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or
1252macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
1253reused or freed up safely.
1254
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index 7bada8d35f..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,285 +0,0 @@
1Standards related to OpenSSL
2============================
3
4[Please, this is currently a draft. I made a first try at finding
5 documents that describe parts of what OpenSSL implements. There are
6 big gaps, and I've most certainly done something wrong. Please
7 correct whatever is... Also, this note should be removed when this
8 file is reaching a somewhat correct state. -- Richard Levitte]
9
10
11All pointers in here will be either URL's or blobs of text borrowed
12from miscellaneous indexes, like rfc-index.txt (index of RFCs),
131id-index.txt (index of Internet drafts) and the like.
14
15To find the latest possible RFCs, it's recommended to either browse
16ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
17use the search mechanism found there.
18To find the latest possible Internet drafts, it's recommended to
19browse ftp://ftp.isi.edu/internet-drafts/.
20To find the latest possible PKCS, it's recommended to browse
21http://www.rsasecurity.com/rsalabs/pkcs/.
22
23
24Implemented:
25------------
26
27These are documents that describe things that are implemented (in
28whole or at least great parts) in OpenSSL.
29
301319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
31 (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
32
331320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
34 TXT=32407 bytes) (Status: INFORMATIONAL)
35
361321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
37 TXT=35222 bytes) (Status: INFORMATIONAL)
38
392246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
40 (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
41
422268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
43 January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
44
452315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
46 March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
47
48PKCS#8: Private-Key Information Syntax Standard
49
50PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
51
522560 X.509 Internet Public Key Infrastructure Online Certificate
53 Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
54 C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
55 STANDARD)
56
572712 Addition of Kerberos Cipher Suites to Transport Layer Security
58 (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
59 (Status: PROPOSED STANDARD)
60
612898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
62 B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
63 INFORMATIONAL)
64
652986 PKCS #10: Certification Request Syntax Specification Version 1.7.
66 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
67 (Obsoletes RFC2314) (Status: INFORMATIONAL)
68
693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
71
723161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
73 C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
74 (Status: PROPOSED STANDARD)
75
763268 Advanced Encryption Standard (AES) Ciphersuites for Transport
77 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
78 (Status: PROPOSED STANDARD)
79
803279 Algorithms and Identifiers for the Internet X.509 Public Key
81 Infrastructure Certificate and Certificate Revocation List (CRL)
82 Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
83 TXT=53833 bytes) (Status: PROPOSED STANDARD)
84
853280 Internet X.509 Public Key Infrastructure Certificate and
86 Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
87 Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
88 RFC2459) (Status: PROPOSED STANDARD)
89
903447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
91 Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
92 (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
93 INFORMATIONAL)
94
953713 A Description of the Camellia Encryption Algorithm. M. Matsui,
96 J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
97 (Status: INFORMATIONAL)
98
993820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
100 Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
101 June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
102
1034132 Addition of Camellia Cipher Suites to Transport Layer Security
104 (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
105 bytes) (Status: PROPOSED STANDARD)
106
1074162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
108 H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
109 (Status: PROPOSED STANDARD)
110
1114269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
112 D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
113 (Obsoletes RFC4009) (Status: INFORMATIONAL)
114
115
116Related:
117--------
118
119These are documents that are close to OpenSSL, for example the
120STARTTLS documents.
121
1221421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
123 Encryption and Authentication Procedures. J. Linn. February 1993.
124 (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
125 STANDARD)
126
1271422 Privacy Enhancement for Internet Electronic Mail: Part II:
128 Certificate-Based Key Management. S. Kent. February 1993. (Format:
129 TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
130
1311423 Privacy Enhancement for Internet Electronic Mail: Part III:
132 Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
133 (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
134 STANDARD)
135
1361424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
137 Certification and Related Services. B. Kaliski. February 1993.
138 (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
139
1402025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
141 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
142
1432510 Internet X.509 Public Key Infrastructure Certificate Management
144 Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
145 bytes) (Status: PROPOSED STANDARD)
146
1472511 Internet X.509 Certificate Request Message Format. M. Myers, C.
148 Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
149 (Status: PROPOSED STANDARD)
150
1512527 Internet X.509 Public Key Infrastructure Certificate Policy and
152 Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
153 (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
154
1552538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
156 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
157 PROPOSED STANDARD)
158
1592539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
160 D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
161 PROPOSED STANDARD)
162
1632559 Internet X.509 Public Key Infrastructure Operational Protocols -
164 LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
165 TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
166
1672585 Internet X.509 Public Key Infrastructure Operational Protocols:
168 FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
169 bytes) (Status: PROPOSED STANDARD)
170
1712587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
172 Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
173 (Status: PROPOSED STANDARD)
174
1752595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
176 (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
177
1782631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
179 (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
180
1812632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
182 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
183
1842716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
185 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
186
1872773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
188 February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
189 EXPERIMENTAL)
190
1912797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
192 Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
193 PROPOSED STANDARD)
194
1952817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
196 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
197 STANDARD)
198
1992818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
200 (Status: INFORMATIONAL)
201
2022876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
203 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
204
2052984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
206 October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
207
2082985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
209 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
210 (Status: INFORMATIONAL)
211
2123029 Internet X.509 Public Key Infrastructure Data Validation and
213 Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
214 R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
215 EXPERIMENTAL)
216
2173039 Internet X.509 Public Key Infrastructure Qualified Certificates
218 Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
219 (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
220
2213058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
222 Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
223 (Status: INFORMATIONAL)
224
2253161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
226 (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
227 (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
228
2293185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
230 October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
231
2323207 SMTP Service Extension for Secure SMTP over Transport Layer
233 Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
234 (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
235
2363217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
237 (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
238
2393274 Compressed Data Content Type for Cryptographic Message Syntax
240 (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
241 PROPOSED STANDARD)
242
2433278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
244 Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
245 Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
246 INFORMATIONAL)
247
2483281 An Internet Attribute Certificate Profile for Authorization. S.
249 Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
250 PROPOSED STANDARD)
251
2523369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
253 (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
254 PROPOSED STANDARD)
255
2563370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
257 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
258 PROPOSED STANDARD)
259
2603377 Lightweight Directory Access Protocol (v3): Technical
261 Specification. J. Hodges, R. Morgan. September 2002. (Format:
262 TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
263 RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
264
2653394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
266 R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
267 INFORMATIONAL)
268
2693436 Transport Layer Security over Stream Control Transmission
270 Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
271 (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
272
2733657 Use of the Camellia Encryption Algorithm in Cryptographic
274 Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
275 (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
276
277"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
278
279
280To be implemented:
281------------------
282
283These are documents that describe things that are planed to be
284implemented in the hopefully short future.
285
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
deleted file mode 100644
index 2900d1d8ae..0000000000
--- a/src/lib/libssl/dtls1.h
+++ /dev/null
@@ -1,267 +0,0 @@
1/* ssl/dtls1.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifndef HEADER_DTLS1_H
61#define HEADER_DTLS1_H
62
63#include <openssl/buffer.h>
64#include <openssl/pqueue.h>
65#ifdef OPENSSL_SYS_VMS
66#include <resource.h>
67#include <sys/timeb.h>
68#endif
69#ifdef OPENSSL_SYS_WIN32
70/* Needed for struct timeval */
71#include <winsock.h>
72#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
73#include <sys/timeval.h>
74#else
75#include <sys/time.h>
76#endif
77
78#ifdef __cplusplus
79extern "C" {
80#endif
81
82#define DTLS1_VERSION 0xFEFF
83#define DTLS1_BAD_VER 0x0100
84
85#if 0
86/* this alert description is not specified anywhere... */
87#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
88#endif
89
90/* lengths of messages */
91#define DTLS1_COOKIE_LENGTH 256
92
93#define DTLS1_RT_HEADER_LENGTH 13
94
95#define DTLS1_HM_HEADER_LENGTH 12
96
97#define DTLS1_HM_BAD_FRAGMENT -2
98#define DTLS1_HM_FRAGMENT_RETRY -3
99
100#define DTLS1_CCS_HEADER_LENGTH 1
101
102#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
103#define DTLS1_AL_HEADER_LENGTH 7
104#else
105#define DTLS1_AL_HEADER_LENGTH 2
106#endif
107
108
109typedef struct dtls1_bitmap_st
110 {
111 unsigned long map; /* track 32 packets on 32-bit systems
112 and 64 - on 64-bit systems */
113 unsigned char max_seq_num[8]; /* max record number seen so far,
114 64-bit value in big-endian
115 encoding */
116 } DTLS1_BITMAP;
117
118struct dtls1_retransmit_state
119 {
120 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
121 EVP_MD_CTX *write_hash; /* used for mac generation */
122#ifndef OPENSSL_NO_COMP
123 COMP_CTX *compress; /* compression */
124#else
125 char *compress;
126#endif
127 SSL_SESSION *session;
128 unsigned short epoch;
129 };
130
131struct hm_header_st
132 {
133 unsigned char type;
134 unsigned long msg_len;
135 unsigned short seq;
136 unsigned long frag_off;
137 unsigned long frag_len;
138 unsigned int is_ccs;
139 struct dtls1_retransmit_state saved_retransmit_state;
140 };
141
142struct ccs_header_st
143 {
144 unsigned char type;
145 unsigned short seq;
146 };
147
148struct dtls1_timeout_st
149 {
150 /* Number of read timeouts so far */
151 unsigned int read_timeouts;
152
153 /* Number of write timeouts so far */
154 unsigned int write_timeouts;
155
156 /* Number of alerts received so far */
157 unsigned int num_alerts;
158 };
159
160typedef struct record_pqueue_st
161 {
162 unsigned short epoch;
163 pqueue q;
164 } record_pqueue;
165
166typedef struct hm_fragment_st
167 {
168 struct hm_header_st msg_header;
169 unsigned char *fragment;
170 unsigned char *reassembly;
171 } hm_fragment;
172
173typedef struct dtls1_state_st
174 {
175 unsigned int send_cookie;
176 unsigned char cookie[DTLS1_COOKIE_LENGTH];
177 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
178 unsigned int cookie_len;
179
180 /*
181 * The current data and handshake epoch. This is initially
182 * undefined, and starts at zero once the initial handshake is
183 * completed
184 */
185 unsigned short r_epoch;
186 unsigned short w_epoch;
187
188 /* records being received in the current epoch */
189 DTLS1_BITMAP bitmap;
190
191 /* renegotiation starts a new set of sequence numbers */
192 DTLS1_BITMAP next_bitmap;
193
194 /* handshake message numbers */
195 unsigned short handshake_write_seq;
196 unsigned short next_handshake_write_seq;
197
198 unsigned short handshake_read_seq;
199
200 /* save last sequence number for retransmissions */
201 unsigned char last_write_sequence[8];
202
203 /* Received handshake records (processed and unprocessed) */
204 record_pqueue unprocessed_rcds;
205 record_pqueue processed_rcds;
206
207 /* Buffered handshake messages */
208 pqueue buffered_messages;
209
210 /* Buffered (sent) handshake records */
211 pqueue sent_messages;
212
213 /* Buffered application records.
214 * Only for records between CCS and Finished
215 * to prevent either protocol violation or
216 * unnecessary message loss.
217 */
218 record_pqueue buffered_app_data;
219
220 /* Is set when listening for new connections with dtls1_listen() */
221 unsigned int listen;
222
223 unsigned int mtu; /* max DTLS packet size */
224
225 struct hm_header_st w_msg_hdr;
226 struct hm_header_st r_msg_hdr;
227
228 struct dtls1_timeout_st timeout;
229
230 /* Indicates when the last handshake msg sent will timeout */
231 struct timeval next_timeout;
232
233 /* Timeout duration */
234 unsigned short timeout_duration;
235
236 /* storage for Alert/Handshake protocol data received but not
237 * yet processed by ssl3_read_bytes: */
238 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
239 unsigned int alert_fragment_len;
240 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
241 unsigned int handshake_fragment_len;
242
243 unsigned int retransmitting;
244 unsigned int change_cipher_spec_ok;
245
246 } DTLS1_STATE;
247
248typedef struct dtls1_record_data_st
249 {
250 unsigned char *packet;
251 unsigned int packet_length;
252 SSL3_BUFFER rbuf;
253 SSL3_RECORD rrec;
254 } DTLS1_RECORD_DATA;
255
256
257/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
258#define DTLS1_TMO_READ_COUNT 2
259#define DTLS1_TMO_WRITE_COUNT 2
260
261#define DTLS1_TMO_ALERT_COUNT 12
262
263#ifdef __cplusplus
264}
265#endif
266#endif
267
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
deleted file mode 100644
index c4d8bf2eb3..0000000000
--- a/src/lib/libssl/s23_clnt.c
+++ /dev/null
@@ -1,696 +0,0 @@
1/* ssl/s23_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#include <openssl/buffer.h>
115#include <openssl/rand.h>
116#include <openssl/objects.h>
117#include <openssl/evp.h>
118
119static const SSL_METHOD *ssl23_get_client_method(int ver);
120static int ssl23_client_hello(SSL *s);
121static int ssl23_get_server_hello(SSL *s);
122static const SSL_METHOD *ssl23_get_client_method(int ver)
123 {
124#ifndef OPENSSL_NO_SSL2
125 if (ver == SSL2_VERSION)
126 return(SSLv2_client_method());
127#endif
128 if (ver == SSL3_VERSION)
129 return(SSLv3_client_method());
130 else if (ver == TLS1_VERSION)
131 return(TLSv1_client_method());
132 else
133 return(NULL);
134 }
135
136IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
137 ssl_undefined_function,
138 ssl23_connect,
139 ssl23_get_client_method)
140
141int ssl23_connect(SSL *s)
142 {
143 BUF_MEM *buf=NULL;
144 unsigned long Time=(unsigned long)time(NULL);
145 void (*cb)(const SSL *ssl,int type,int val)=NULL;
146 int ret= -1;
147 int new_state,state;
148
149 RAND_add(&Time,sizeof(Time),0);
150 ERR_clear_error();
151 clear_sys_error();
152
153 if (s->info_callback != NULL)
154 cb=s->info_callback;
155 else if (s->ctx->info_callback != NULL)
156 cb=s->ctx->info_callback;
157
158 s->in_handshake++;
159 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
160
161 for (;;)
162 {
163 state=s->state;
164
165 switch(s->state)
166 {
167 case SSL_ST_BEFORE:
168 case SSL_ST_CONNECT:
169 case SSL_ST_BEFORE|SSL_ST_CONNECT:
170 case SSL_ST_OK|SSL_ST_CONNECT:
171
172 if (s->session != NULL)
173 {
174 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
175 ret= -1;
176 goto end;
177 }
178 s->server=0;
179 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
180
181 /* s->version=TLS1_VERSION; */
182 s->type=SSL_ST_CONNECT;
183
184 if (s->init_buf == NULL)
185 {
186 if ((buf=BUF_MEM_new()) == NULL)
187 {
188 ret= -1;
189 goto end;
190 }
191 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
192 {
193 ret= -1;
194 goto end;
195 }
196 s->init_buf=buf;
197 buf=NULL;
198 }
199
200 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
201
202 ssl3_init_finished_mac(s);
203
204 s->state=SSL23_ST_CW_CLNT_HELLO_A;
205 s->ctx->stats.sess_connect++;
206 s->init_num=0;
207 break;
208
209 case SSL23_ST_CW_CLNT_HELLO_A:
210 case SSL23_ST_CW_CLNT_HELLO_B:
211
212 s->shutdown=0;
213 ret=ssl23_client_hello(s);
214 if (ret <= 0) goto end;
215 s->state=SSL23_ST_CR_SRVR_HELLO_A;
216 s->init_num=0;
217
218 break;
219
220 case SSL23_ST_CR_SRVR_HELLO_A:
221 case SSL23_ST_CR_SRVR_HELLO_B:
222 ret=ssl23_get_server_hello(s);
223 if (ret >= 0) cb=NULL;
224 goto end;
225 /* break; */
226
227 default:
228 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
229 ret= -1;
230 goto end;
231 /* break; */
232 }
233
234 if (s->debug) { (void)BIO_flush(s->wbio); }
235
236 if ((cb != NULL) && (s->state != state))
237 {
238 new_state=s->state;
239 s->state=state;
240 cb(s,SSL_CB_CONNECT_LOOP,1);
241 s->state=new_state;
242 }
243 }
244end:
245 s->in_handshake--;
246 if (buf != NULL)
247 BUF_MEM_free(buf);
248 if (cb != NULL)
249 cb(s,SSL_CB_CONNECT_EXIT,ret);
250 return(ret);
251 }
252
253static int ssl23_no_ssl2_ciphers(SSL *s)
254 {
255 SSL_CIPHER *cipher;
256 STACK_OF(SSL_CIPHER) *ciphers;
257 int i;
258 ciphers = SSL_get_ciphers(s);
259 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
260 {
261 cipher = sk_SSL_CIPHER_value(ciphers, i);
262 if (cipher->algorithm_ssl == SSL_SSLV2)
263 return 0;
264 }
265 return 1;
266 }
267
268static int ssl23_client_hello(SSL *s)
269 {
270 unsigned char *buf;
271 unsigned char *p,*d;
272 int i,ch_len;
273 unsigned long Time,l;
274 int ssl2_compat;
275 int version = 0, version_major, version_minor;
276#ifndef OPENSSL_NO_COMP
277 int j;
278 SSL_COMP *comp;
279#endif
280 int ret;
281
282 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
283
284 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
285 ssl2_compat = 0;
286
287 if (!(s->options & SSL_OP_NO_TLSv1))
288 {
289 version = TLS1_VERSION;
290 }
291 else if (!(s->options & SSL_OP_NO_SSLv3))
292 {
293 version = SSL3_VERSION;
294 }
295 else if (!(s->options & SSL_OP_NO_SSLv2))
296 {
297 version = SSL2_VERSION;
298 }
299#ifndef OPENSSL_NO_TLSEXT
300 if (version != SSL2_VERSION)
301 {
302 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
303
304 if (s->tlsext_hostname != NULL)
305 ssl2_compat = 0;
306 if (s->tlsext_status_type != -1)
307 ssl2_compat = 0;
308#ifdef TLSEXT_TYPE_opaque_prf_input
309 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
310 ssl2_compat = 0;
311#endif
312 }
313#endif
314
315 buf=(unsigned char *)s->init_buf->data;
316 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
317 {
318#if 0
319 /* don't reuse session-id's */
320 if (!ssl_get_new_session(s,0))
321 {
322 return(-1);
323 }
324#endif
325
326 p=s->s3->client_random;
327 Time=(unsigned long)time(NULL); /* Time */
328 l2n(Time,p);
329 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
330 return -1;
331
332 if (version == TLS1_VERSION)
333 {
334 version_major = TLS1_VERSION_MAJOR;
335 version_minor = TLS1_VERSION_MINOR;
336 }
337 else if (version == SSL3_VERSION)
338 {
339 version_major = SSL3_VERSION_MAJOR;
340 version_minor = SSL3_VERSION_MINOR;
341 }
342 else if (version == SSL2_VERSION)
343 {
344 version_major = SSL2_VERSION_MAJOR;
345 version_minor = SSL2_VERSION_MINOR;
346 }
347 else
348 {
349 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
350 return(-1);
351 }
352
353 s->client_version = version;
354
355 if (ssl2_compat)
356 {
357 /* create SSL 2.0 compatible Client Hello */
358
359 /* two byte record header will be written last */
360 d = &(buf[2]);
361 p = d + 9; /* leave space for message type, version, individual length fields */
362
363 *(d++) = SSL2_MT_CLIENT_HELLO;
364 *(d++) = version_major;
365 *(d++) = version_minor;
366
367 /* Ciphers supported */
368 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
369 if (i == 0)
370 {
371 /* no ciphers */
372 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
373 return -1;
374 }
375 s2n(i,d);
376 p+=i;
377
378 /* put in the session-id length (zero since there is no reuse) */
379#if 0
380 s->session->session_id_length=0;
381#endif
382 s2n(0,d);
383
384 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
385 ch_len=SSL2_CHALLENGE_LENGTH;
386 else
387 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
388
389 /* write out sslv2 challenge */
390 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
391 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
392 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
393 check in for futurproofing */
394 if (SSL3_RANDOM_SIZE < ch_len)
395 i=SSL3_RANDOM_SIZE;
396 else
397 i=ch_len;
398 s2n(i,d);
399 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
400 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
401 return -1;
402
403 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
404 p+=i;
405
406 i= p- &(buf[2]);
407 buf[0]=((i>>8)&0xff)|0x80;
408 buf[1]=(i&0xff);
409
410 /* number of bytes to write */
411 s->init_num=i+2;
412 s->init_off=0;
413
414 ssl3_finish_mac(s,&(buf[2]),i);
415 }
416 else
417 {
418 /* create Client Hello in SSL 3.0/TLS 1.0 format */
419
420 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
421 d = p = &(buf[9]);
422
423 *(p++) = version_major;
424 *(p++) = version_minor;
425
426 /* Random stuff */
427 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
428 p += SSL3_RANDOM_SIZE;
429
430 /* Session ID (zero since there is no reuse) */
431 *(p++) = 0;
432
433 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
434 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
435 if (i == 0)
436 {
437 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
438 return -1;
439 }
440 s2n(i,p);
441 p+=i;
442
443 /* COMPRESSION */
444#ifdef OPENSSL_NO_COMP
445 *(p++)=1;
446#else
447 if ((s->options & SSL_OP_NO_COMPRESSION)
448 || !s->ctx->comp_methods)
449 j=0;
450 else
451 j=sk_SSL_COMP_num(s->ctx->comp_methods);
452 *(p++)=1+j;
453 for (i=0; i<j; i++)
454 {
455 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
456 *(p++)=comp->id;
457 }
458#endif
459 *(p++)=0; /* Add the NULL method */
460
461#ifndef OPENSSL_NO_TLSEXT
462 /* TLS extensions*/
463 if (ssl_prepare_clienthello_tlsext(s) <= 0)
464 {
465 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
466 return -1;
467 }
468 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
469 {
470 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
471 return -1;
472 }
473#endif
474
475 l = p-d;
476
477 /* fill in 4-byte handshake header */
478 d=&(buf[5]);
479 *(d++)=SSL3_MT_CLIENT_HELLO;
480 l2n3(l,d);
481
482 l += 4;
483
484 if (l > SSL3_RT_MAX_PLAIN_LENGTH)
485 {
486 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
487 return -1;
488 }
489
490 /* fill in 5-byte record header */
491 d=buf;
492 *(d++) = SSL3_RT_HANDSHAKE;
493 *(d++) = version_major;
494 *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
495 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
496 s2n((int)l,d);
497
498 /* number of bytes to write */
499 s->init_num=p-buf;
500 s->init_off=0;
501
502 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
503 }
504
505 s->state=SSL23_ST_CW_CLNT_HELLO_B;
506 s->init_off=0;
507 }
508
509 /* SSL3_ST_CW_CLNT_HELLO_B */
510 ret = ssl23_write_bytes(s);
511
512 if ((ret >= 2) && s->msg_callback)
513 {
514 /* Client Hello has been sent; tell msg_callback */
515
516 if (ssl2_compat)
517 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
518 else
519 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
520 }
521
522 return ret;
523 }
524
525static int ssl23_get_server_hello(SSL *s)
526 {
527 char buf[8];
528 unsigned char *p;
529 int i;
530 int n;
531
532 n=ssl23_read_bytes(s,7);
533
534 if (n != 7) return(n);
535 p=s->packet;
536
537 memcpy(buf,p,n);
538
539 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
540 (p[5] == 0x00) && (p[6] == 0x02))
541 {
542#ifdef OPENSSL_NO_SSL2
543 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
544 goto err;
545#else
546 /* we are talking sslv2 */
547 /* we need to clean up the SSLv3 setup and put in the
548 * sslv2 stuff. */
549 int ch_len;
550
551 if (s->options & SSL_OP_NO_SSLv2)
552 {
553 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
554 goto err;
555 }
556 if (s->s2 == NULL)
557 {
558 if (!ssl2_new(s))
559 goto err;
560 }
561 else
562 ssl2_clear(s);
563
564 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
565 ch_len=SSL2_CHALLENGE_LENGTH;
566 else
567 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
568
569 /* write out sslv2 challenge */
570 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
571 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
572 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
573 futurproofing */
574 i=(SSL3_RANDOM_SIZE < ch_len)
575 ?SSL3_RANDOM_SIZE:ch_len;
576 s->s2->challenge_length=i;
577 memcpy(s->s2->challenge,
578 &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
579
580 if (s->s3 != NULL) ssl3_free(s);
581
582 if (!BUF_MEM_grow_clean(s->init_buf,
583 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
584 {
585 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
586 goto err;
587 }
588
589 s->state=SSL2_ST_GET_SERVER_HELLO_A;
590 if (!(s->client_version == SSL2_VERSION))
591 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
592 s->s2->ssl2_rollback=1;
593
594 /* setup the 7 bytes we have read so we get them from
595 * the sslv2 buffer */
596 s->rstate=SSL_ST_READ_HEADER;
597 s->packet_length=n;
598 s->packet= &(s->s2->rbuf[0]);
599 memcpy(s->packet,buf,n);
600 s->s2->rbuf_left=n;
601 s->s2->rbuf_offs=0;
602
603 /* we have already written one */
604 s->s2->write_sequence=1;
605
606 s->method=SSLv2_client_method();
607 s->handshake_func=s->method->ssl_connect;
608#endif
609 }
610 else if (p[1] == SSL3_VERSION_MAJOR &&
611 (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&
612 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
613 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
614 {
615 /* we have sslv3 or tls1 (server hello or alert) */
616
617 if ((p[2] == SSL3_VERSION_MINOR) &&
618 !(s->options & SSL_OP_NO_SSLv3))
619 {
620 s->version=SSL3_VERSION;
621 s->method=SSLv3_client_method();
622 }
623 else if ((p[2] == TLS1_VERSION_MINOR) &&
624 !(s->options & SSL_OP_NO_TLSv1))
625 {
626 s->version=TLS1_VERSION;
627 s->method=TLSv1_client_method();
628 }
629 else
630 {
631 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
632 goto err;
633 }
634
635 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
636 {
637 /* fatal alert */
638
639 void (*cb)(const SSL *ssl,int type,int val)=NULL;
640 int j;
641
642 if (s->info_callback != NULL)
643 cb=s->info_callback;
644 else if (s->ctx->info_callback != NULL)
645 cb=s->ctx->info_callback;
646
647 i=p[5];
648 if (cb != NULL)
649 {
650 j=(i<<8)|p[6];
651 cb(s,SSL_CB_READ_ALERT,j);
652 }
653
654 if (s->msg_callback)
655 s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
656
657 s->rwstate=SSL_NOTHING;
658 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
659 goto err;
660 }
661
662 if (!ssl_init_wbio_buffer(s,1)) goto err;
663
664 /* we are in this state */
665 s->state=SSL3_ST_CR_SRVR_HELLO_A;
666
667 /* put the 7 bytes we have read into the input buffer
668 * for SSLv3 */
669 s->rstate=SSL_ST_READ_HEADER;
670 s->packet_length=n;
671 if (s->s3->rbuf.buf == NULL)
672 if (!ssl3_setup_read_buffer(s))
673 goto err;
674 s->packet= &(s->s3->rbuf.buf[0]);
675 memcpy(s->packet,buf,n);
676 s->s3->rbuf.left=n;
677 s->s3->rbuf.offset=0;
678
679 s->handshake_func=s->method->ssl_connect;
680 }
681 else
682 {
683 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
684 goto err;
685 }
686 s->init_num=0;
687
688 /* Since, if we are sending a ssl23 client hello, we are not
689 * reusing a session-id */
690 if (!ssl_get_new_session(s,0))
691 goto err;
692
693 return(SSL_connect(s));
694err:
695 return(-1);
696 }
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
deleted file mode 100644
index 3bf728318a..0000000000
--- a/src/lib/libssl/s23_lib.c
+++ /dev/null
@@ -1,187 +0,0 @@
1/* ssl/s23_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63long ssl23_default_timeout(void)
64 {
65 return(300);
66 }
67
68int ssl23_num_ciphers(void)
69 {
70 return(ssl3_num_ciphers()
71#ifndef OPENSSL_NO_SSL2
72 + ssl2_num_ciphers()
73#endif
74 );
75 }
76
77const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
78 {
79 unsigned int uu=ssl3_num_ciphers();
80
81 if (u < uu)
82 return(ssl3_get_cipher(u));
83 else
84#ifndef OPENSSL_NO_SSL2
85 return(ssl2_get_cipher(u-uu));
86#else
87 return(NULL);
88#endif
89 }
90
91/* This function needs to check if the ciphers required are actually
92 * available */
93const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
94 {
95 const SSL_CIPHER *cp;
96
97 cp=ssl3_get_cipher_by_char(p);
98#ifndef OPENSSL_NO_SSL2
99 if (cp == NULL)
100 cp=ssl2_get_cipher_by_char(p);
101#endif
102 return(cp);
103 }
104
105int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
106 {
107 long l;
108
109 /* We can write SSLv2 and SSLv3 ciphers */
110 if (p != NULL)
111 {
112 l=c->id;
113 p[0]=((unsigned char)(l>>16L))&0xFF;
114 p[1]=((unsigned char)(l>> 8L))&0xFF;
115 p[2]=((unsigned char)(l ))&0xFF;
116 }
117 return(3);
118 }
119
120int ssl23_read(SSL *s, void *buf, int len)
121 {
122 int n;
123
124 clear_sys_error();
125 if (SSL_in_init(s) && (!s->in_handshake))
126 {
127 n=s->handshake_func(s);
128 if (n < 0) return(n);
129 if (n == 0)
130 {
131 SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
132 return(-1);
133 }
134 return(SSL_read(s,buf,len));
135 }
136 else
137 {
138 ssl_undefined_function(s);
139 return(-1);
140 }
141 }
142
143int ssl23_peek(SSL *s, void *buf, int len)
144 {
145 int n;
146
147 clear_sys_error();
148 if (SSL_in_init(s) && (!s->in_handshake))
149 {
150 n=s->handshake_func(s);
151 if (n < 0) return(n);
152 if (n == 0)
153 {
154 SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
155 return(-1);
156 }
157 return(SSL_peek(s,buf,len));
158 }
159 else
160 {
161 ssl_undefined_function(s);
162 return(-1);
163 }
164 }
165
166int ssl23_write(SSL *s, const void *buf, int len)
167 {
168 int n;
169
170 clear_sys_error();
171 if (SSL_in_init(s) && (!s->in_handshake))
172 {
173 n=s->handshake_func(s);
174 if (n < 0) return(n);
175 if (n == 0)
176 {
177 SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
178 return(-1);
179 }
180 return(SSL_write(s,buf,len));
181 }
182 else
183 {
184 ssl_undefined_function(s);
185 return(-1);
186 }
187 }
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
deleted file mode 100644
index 4ca6a1b258..0000000000
--- a/src/lib/libssl/s23_pkt.c
+++ /dev/null
@@ -1,117 +0,0 @@
1/* ssl/s23_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <errno.h>
61#define USE_SOCKETS
62#include "ssl_locl.h"
63#include <openssl/evp.h>
64#include <openssl/buffer.h>
65
66int ssl23_write_bytes(SSL *s)
67 {
68 int i,num,tot;
69 char *buf;
70
71 buf=s->init_buf->data;
72 tot=s->init_off;
73 num=s->init_num;
74 for (;;)
75 {
76 s->rwstate=SSL_WRITING;
77 i=BIO_write(s->wbio,&(buf[tot]),num);
78 if (i <= 0)
79 {
80 s->init_off=tot;
81 s->init_num=num;
82 return(i);
83 }
84 s->rwstate=SSL_NOTHING;
85 if (i == num) return(tot+i);
86
87 num-=i;
88 tot+=i;
89 }
90 }
91
92/* return regularly only when we have read (at least) 'n' bytes */
93int ssl23_read_bytes(SSL *s, int n)
94 {
95 unsigned char *p;
96 int j;
97
98 if (s->packet_length < (unsigned int)n)
99 {
100 p=s->packet;
101
102 for (;;)
103 {
104 s->rwstate=SSL_READING;
105 j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
106 n-s->packet_length);
107 if (j <= 0)
108 return(j);
109 s->rwstate=SSL_NOTHING;
110 s->packet_length+=j;
111 if (s->packet_length >= (unsigned int)n)
112 return(s->packet_length);
113 }
114 }
115 return(n);
116 }
117
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
deleted file mode 100644
index 836dd1f1cf..0000000000
--- a/src/lib/libssl/s23_srvr.c
+++ /dev/null
@@ -1,594 +0,0 @@
1/* ssl/s23_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#include <openssl/buffer.h>
115#include <openssl/rand.h>
116#include <openssl/objects.h>
117#include <openssl/evp.h>
118
119static const SSL_METHOD *ssl23_get_server_method(int ver);
120int ssl23_get_client_hello(SSL *s);
121static const SSL_METHOD *ssl23_get_server_method(int ver)
122 {
123#ifndef OPENSSL_NO_SSL2
124 if (ver == SSL2_VERSION)
125 return(SSLv2_server_method());
126#endif
127 if (ver == SSL3_VERSION)
128 return(SSLv3_server_method());
129 else if (ver == TLS1_VERSION)
130 return(TLSv1_server_method());
131 else
132 return(NULL);
133 }
134
135IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
136 ssl23_accept,
137 ssl_undefined_function,
138 ssl23_get_server_method)
139
140int ssl23_accept(SSL *s)
141 {
142 BUF_MEM *buf;
143 unsigned long Time=(unsigned long)time(NULL);
144 void (*cb)(const SSL *ssl,int type,int val)=NULL;
145 int ret= -1;
146 int new_state,state;
147
148 RAND_add(&Time,sizeof(Time),0);
149 ERR_clear_error();
150 clear_sys_error();
151
152 if (s->info_callback != NULL)
153 cb=s->info_callback;
154 else if (s->ctx->info_callback != NULL)
155 cb=s->ctx->info_callback;
156
157 s->in_handshake++;
158 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
159
160 for (;;)
161 {
162 state=s->state;
163
164 switch(s->state)
165 {
166 case SSL_ST_BEFORE:
167 case SSL_ST_ACCEPT:
168 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
169 case SSL_ST_OK|SSL_ST_ACCEPT:
170
171 s->server=1;
172 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
173
174 /* s->version=SSL3_VERSION; */
175 s->type=SSL_ST_ACCEPT;
176
177 if (s->init_buf == NULL)
178 {
179 if ((buf=BUF_MEM_new()) == NULL)
180 {
181 ret= -1;
182 goto end;
183 }
184 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
185 {
186 ret= -1;
187 goto end;
188 }
189 s->init_buf=buf;
190 }
191
192 ssl3_init_finished_mac(s);
193
194 s->state=SSL23_ST_SR_CLNT_HELLO_A;
195 s->ctx->stats.sess_accept++;
196 s->init_num=0;
197 break;
198
199 case SSL23_ST_SR_CLNT_HELLO_A:
200 case SSL23_ST_SR_CLNT_HELLO_B:
201
202 s->shutdown=0;
203 ret=ssl23_get_client_hello(s);
204 if (ret >= 0) cb=NULL;
205 goto end;
206 /* break; */
207
208 default:
209 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
210 ret= -1;
211 goto end;
212 /* break; */
213 }
214
215 if ((cb != NULL) && (s->state != state))
216 {
217 new_state=s->state;
218 s->state=state;
219 cb(s,SSL_CB_ACCEPT_LOOP,1);
220 s->state=new_state;
221 }
222 }
223end:
224 s->in_handshake--;
225 if (cb != NULL)
226 cb(s,SSL_CB_ACCEPT_EXIT,ret);
227 return(ret);
228 }
229
230
231int ssl23_get_client_hello(SSL *s)
232 {
233 char buf_space[11]; /* Request this many bytes in initial read.
234 * We can detect SSL 3.0/TLS 1.0 Client Hellos
235 * ('type == 3') correctly only when the following
236 * is in a single record, which is not guaranteed by
237 * the protocol specification:
238 * Byte Content
239 * 0 type \
240 * 1/2 version > record header
241 * 3/4 length /
242 * 5 msg_type \
243 * 6-8 length > Client Hello message
244 * 9/10 client_version /
245 */
246 char *buf= &(buf_space[0]);
247 unsigned char *p,*d,*d_len,*dd;
248 unsigned int i;
249 unsigned int csl,sil,cl;
250 int n=0,j;
251 int type=0;
252 int v[2];
253
254 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
255 {
256 /* read the initial header */
257 v[0]=v[1]=0;
258
259 if (!ssl3_setup_buffers(s)) goto err;
260
261 n=ssl23_read_bytes(s, sizeof buf_space);
262 if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
263
264 p=s->packet;
265
266 memcpy(buf,p,n);
267
268 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
269 {
270 /*
271 * SSLv2 header
272 */
273 if ((p[3] == 0x00) && (p[4] == 0x02))
274 {
275 v[0]=p[3]; v[1]=p[4];
276 /* SSLv2 */
277 if (!(s->options & SSL_OP_NO_SSLv2))
278 type=1;
279 }
280 else if (p[3] == SSL3_VERSION_MAJOR)
281 {
282 v[0]=p[3]; v[1]=p[4];
283 /* SSLv3/TLSv1 */
284 if (p[4] >= TLS1_VERSION_MINOR)
285 {
286 if (!(s->options & SSL_OP_NO_TLSv1))
287 {
288 s->version=TLS1_VERSION;
289 /* type=2; */ /* done later to survive restarts */
290 s->state=SSL23_ST_SR_CLNT_HELLO_B;
291 }
292 else if (!(s->options & SSL_OP_NO_SSLv3))
293 {
294 s->version=SSL3_VERSION;
295 /* type=2; */
296 s->state=SSL23_ST_SR_CLNT_HELLO_B;
297 }
298 else if (!(s->options & SSL_OP_NO_SSLv2))
299 {
300 type=1;
301 }
302 }
303 else if (!(s->options & SSL_OP_NO_SSLv3))
304 {
305 s->version=SSL3_VERSION;
306 /* type=2; */
307 s->state=SSL23_ST_SR_CLNT_HELLO_B;
308 }
309 else if (!(s->options & SSL_OP_NO_SSLv2))
310 type=1;
311
312 }
313 }
314 else if ((p[0] == SSL3_RT_HANDSHAKE) &&
315 (p[1] == SSL3_VERSION_MAJOR) &&
316 (p[5] == SSL3_MT_CLIENT_HELLO) &&
317 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
318 || (p[9] >= p[1])))
319 {
320 /*
321 * SSLv3 or tls1 header
322 */
323
324 v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
325 /* We must look at client_version inside the Client Hello message
326 * to get the correct minor version.
327 * However if we have only a pathologically small fragment of the
328 * Client Hello message, this would be difficult, and we'd have
329 * to read more records to find out.
330 * No known SSL 3.0 client fragments ClientHello like this,
331 * so we simply assume TLS 1.0 to avoid protocol version downgrade
332 * attacks. */
333 if (p[3] == 0 && p[4] < 6)
334 {
335#if 0
336 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
337 goto err;
338#else
339 v[1] = TLS1_VERSION_MINOR;
340#endif
341 }
342 /* if major version number > 3 set minor to a value
343 * which will use the highest version 3 we support.
344 * If TLS 2.0 ever appears we will need to revise
345 * this....
346 */
347 else if (p[9] > SSL3_VERSION_MAJOR)
348 v[1]=0xff;
349 else
350 v[1]=p[10]; /* minor version according to client_version */
351 if (v[1] >= TLS1_VERSION_MINOR)
352 {
353 if (!(s->options & SSL_OP_NO_TLSv1))
354 {
355 s->version=TLS1_VERSION;
356 type=3;
357 }
358 else if (!(s->options & SSL_OP_NO_SSLv3))
359 {
360 s->version=SSL3_VERSION;
361 type=3;
362 }
363 }
364 else
365 {
366 /* client requests SSL 3.0 */
367 if (!(s->options & SSL_OP_NO_SSLv3))
368 {
369 s->version=SSL3_VERSION;
370 type=3;
371 }
372 else if (!(s->options & SSL_OP_NO_TLSv1))
373 {
374 /* we won't be able to use TLS of course,
375 * but this will send an appropriate alert */
376 s->version=TLS1_VERSION;
377 type=3;
378 }
379 }
380 }
381 else if ((strncmp("GET ", (char *)p,4) == 0) ||
382 (strncmp("POST ",(char *)p,5) == 0) ||
383 (strncmp("HEAD ",(char *)p,5) == 0) ||
384 (strncmp("PUT ", (char *)p,4) == 0))
385 {
386 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
387 goto err;
388 }
389 else if (strncmp("CONNECT",(char *)p,7) == 0)
390 {
391 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
392 goto err;
393 }
394 }
395
396 if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
397 {
398 /* we have SSLv3/TLSv1 in an SSLv2 header
399 * (other cases skip this state) */
400
401 type=2;
402 p=s->packet;
403 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
404 v[1] = p[4];
405
406 n=((p[0]&0x7f)<<8)|p[1];
407 if (n > (1024*4))
408 {
409 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
410 goto err;
411 }
412
413 j=ssl23_read_bytes(s,n+2);
414 if (j <= 0) return(j);
415
416 ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
417 if (s->msg_callback)
418 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
419
420 p=s->packet;
421 p+=5;
422 n2s(p,csl);
423 n2s(p,sil);
424 n2s(p,cl);
425 d=(unsigned char *)s->init_buf->data;
426 if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
427 * Client Hello, can we? Error condition should be
428 * '>' otherweise */
429 {
430 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
431 goto err;
432 }
433
434 /* record header: msg_type ... */
435 *(d++) = SSL3_MT_CLIENT_HELLO;
436 /* ... and length (actual value will be written later) */
437 d_len = d;
438 d += 3;
439
440 /* client_version */
441 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
442 *(d++) = v[1];
443
444 /* lets populate the random area */
445 /* get the challenge_length */
446 i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
447 memset(d,0,SSL3_RANDOM_SIZE);
448 memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
449 d+=SSL3_RANDOM_SIZE;
450
451 /* no session-id reuse */
452 *(d++)=0;
453
454 /* ciphers */
455 j=0;
456 dd=d;
457 d+=2;
458 for (i=0; i<csl; i+=3)
459 {
460 if (p[i] != 0) continue;
461 *(d++)=p[i+1];
462 *(d++)=p[i+2];
463 j+=2;
464 }
465 s2n(j,dd);
466
467 /* COMPRESSION */
468 *(d++)=1;
469 *(d++)=0;
470
471#if 0
472 /* copy any remaining data with may be extensions */
473 p = p+csl+sil+cl;
474 while (p < s->packet+s->packet_length)
475 {
476 *(d++)=*(p++);
477 }
478#endif
479
480 i = (d-(unsigned char *)s->init_buf->data) - 4;
481 l2n3((long)i, d_len);
482
483 /* get the data reused from the init_buf */
484 s->s3->tmp.reuse_message=1;
485 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
486 s->s3->tmp.message_size=i;
487 }
488
489 /* imaginary new state (for program structure): */
490 /* s->state = SSL23_SR_CLNT_HELLO_C */
491
492 if (type == 1)
493 {
494#ifdef OPENSSL_NO_SSL2
495 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
496 goto err;
497#else
498 /* we are talking sslv2 */
499 /* we need to clean up the SSLv3/TLSv1 setup and put in the
500 * sslv2 stuff. */
501
502 if (s->s2 == NULL)
503 {
504 if (!ssl2_new(s))
505 goto err;
506 }
507 else
508 ssl2_clear(s);
509
510 if (s->s3 != NULL) ssl3_free(s);
511
512 if (!BUF_MEM_grow_clean(s->init_buf,
513 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
514 {
515 goto err;
516 }
517
518 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
519 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
520 s->s2->ssl2_rollback=0;
521 else
522 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
523 * (SSL 3.0 draft/RFC 2246, App. E.2) */
524 s->s2->ssl2_rollback=1;
525
526 /* setup the n bytes we have read so we get them from
527 * the sslv2 buffer */
528 s->rstate=SSL_ST_READ_HEADER;
529 s->packet_length=n;
530 s->packet= &(s->s2->rbuf[0]);
531 memcpy(s->packet,buf,n);
532 s->s2->rbuf_left=n;
533 s->s2->rbuf_offs=0;
534
535 s->method=SSLv2_server_method();
536 s->handshake_func=s->method->ssl_accept;
537#endif
538 }
539
540 if ((type == 2) || (type == 3))
541 {
542 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
543
544 if (!ssl_init_wbio_buffer(s,1)) goto err;
545
546 /* we are in this state */
547 s->state=SSL3_ST_SR_CLNT_HELLO_A;
548
549 if (type == 3)
550 {
551 /* put the 'n' bytes we have read into the input buffer
552 * for SSLv3 */
553 s->rstate=SSL_ST_READ_HEADER;
554 s->packet_length=n;
555 if (s->s3->rbuf.buf == NULL)
556 if (!ssl3_setup_read_buffer(s))
557 goto err;
558
559 s->packet= &(s->s3->rbuf.buf[0]);
560 memcpy(s->packet,buf,n);
561 s->s3->rbuf.left=n;
562 s->s3->rbuf.offset=0;
563 }
564 else
565 {
566 s->packet_length=0;
567 s->s3->rbuf.left=0;
568 s->s3->rbuf.offset=0;
569 }
570
571 if (s->version == TLS1_VERSION)
572 s->method = TLSv1_server_method();
573 else
574 s->method = SSLv3_server_method();
575#if 0 /* ssl3_get_client_hello does this */
576 s->client_version=(v[0]<<8)|v[1];
577#endif
578 s->handshake_func=s->method->ssl_accept;
579 }
580
581 if ((type < 1) || (type > 3))
582 {
583 /* bad, very bad */
584 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
585 goto err;
586 }
587 s->init_num=0;
588
589 if (buf != buf_space) OPENSSL_free(buf);
590 return(SSL_accept(s));
591err:
592 if (buf != buf_space) OPENSSL_free(buf);
593 return(-1);
594 }
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
deleted file mode 100644
index a6d869df59..0000000000
--- a/src/lib/libssl/s3_both.c
+++ /dev/null
@@ -1,813 +0,0 @@
1/* ssl/s3_both.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <limits.h>
118#include <string.h>
119#include <stdio.h>
120#include "ssl_locl.h"
121#include <openssl/buffer.h>
122#include <openssl/rand.h>
123#include <openssl/objects.h>
124#include <openssl/evp.h>
125#include <openssl/x509.h>
126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type)
129 {
130 int ret;
131
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
133 s->init_num);
134 if (ret < 0) return(-1);
135 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
139
140 if (ret == s->init_num)
141 {
142 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 }
150
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
152 {
153 unsigned char *p,*d;
154 int i;
155 unsigned long l;
156
157 if (s->state == a)
158 {
159 d=(unsigned char *)s->init_buf->data;
160 p= &(d[4]);
161
162 i=s->method->ssl3_enc->final_finish_mac(s,
163 sender,slen,s->s3->tmp.finish_md);
164 s->s3->tmp.finish_md_len = i;
165 memcpy(p, s->s3->tmp.finish_md, i);
166 p+=i;
167 l=i;
168
169 /* Copy the finished so we can use it for
170 renegotiation checks */
171 if(s->type == SSL_ST_CONNECT)
172 {
173 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
174 memcpy(s->s3->previous_client_finished,
175 s->s3->tmp.finish_md, i);
176 s->s3->previous_client_finished_len=i;
177 }
178 else
179 {
180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181 memcpy(s->s3->previous_server_finished,
182 s->s3->tmp.finish_md, i);
183 s->s3->previous_server_finished_len=i;
184 }
185
186#ifdef OPENSSL_SYS_WIN16
187 /* MSVC 1.5 does not clear the top bytes of the word unless
188 * I do this.
189 */
190 l&=0xffff;
191#endif
192
193 *(d++)=SSL3_MT_FINISHED;
194 l2n3(l,d);
195 s->init_num=(int)l+4;
196 s->init_off=0;
197
198 s->state=b;
199 }
200
201 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
202 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
203 }
204
205int ssl3_get_finished(SSL *s, int a, int b)
206 {
207 int al,i,ok;
208 long n;
209 unsigned char *p;
210
211 /* the mac has already been generated when we received the
212 * change cipher spec message and is in s->s3->tmp.peer_finish_md
213 */
214
215 n=s->method->ssl_get_message(s,
216 a,
217 b,
218 SSL3_MT_FINISHED,
219 64, /* should actually be 36+4 :-) */
220 &ok);
221
222 if (!ok) return((int)n);
223
224 /* If this occurs, we have missed a message */
225 if (!s->s3->change_cipher_spec)
226 {
227 al=SSL_AD_UNEXPECTED_MESSAGE;
228 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
229 goto f_err;
230 }
231 s->s3->change_cipher_spec=0;
232
233 p = (unsigned char *)s->init_msg;
234 i = s->s3->tmp.peer_finish_md_len;
235
236 if (i != n)
237 {
238 al=SSL_AD_DECODE_ERROR;
239 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
240 goto f_err;
241 }
242
243 if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
244 {
245 al=SSL_AD_DECRYPT_ERROR;
246 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
247 goto f_err;
248 }
249
250 /* Copy the finished so we can use it for
251 renegotiation checks */
252 if(s->type == SSL_ST_ACCEPT)
253 {
254 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
255 memcpy(s->s3->previous_client_finished,
256 s->s3->tmp.peer_finish_md, i);
257 s->s3->previous_client_finished_len=i;
258 }
259 else
260 {
261 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
262 memcpy(s->s3->previous_server_finished,
263 s->s3->tmp.peer_finish_md, i);
264 s->s3->previous_server_finished_len=i;
265 }
266
267 return(1);
268f_err:
269 ssl3_send_alert(s,SSL3_AL_FATAL,al);
270 return(0);
271 }
272
273/* for these 2 messages, we need to
274 * ssl->enc_read_ctx re-init
275 * ssl->s3->read_sequence zero
276 * ssl->s3->read_mac_secret re-init
277 * ssl->session->read_sym_enc assign
278 * ssl->session->read_compression assign
279 * ssl->session->read_hash assign
280 */
281int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
282 {
283 unsigned char *p;
284
285 if (s->state == a)
286 {
287 p=(unsigned char *)s->init_buf->data;
288 *p=SSL3_MT_CCS;
289 s->init_num=1;
290 s->init_off=0;
291
292 s->state=b;
293 }
294
295 /* SSL3_ST_CW_CHANGE_B */
296 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
297 }
298
299static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
300 {
301 int n;
302 unsigned char *p;
303
304 n=i2d_X509(x,NULL);
305 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
306 {
307 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
308 return(-1);
309 }
310 p=(unsigned char *)&(buf->data[*l]);
311 l2n3(n,p);
312 i2d_X509(x,&p);
313 *l+=n+3;
314
315 return(0);
316 }
317
318unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
319 {
320 unsigned char *p;
321 int i;
322 unsigned long l=7;
323 BUF_MEM *buf;
324 int no_chain;
325
326 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
327 no_chain = 1;
328 else
329 no_chain = 0;
330
331 /* TLSv1 sends a chain with nothing in it, instead of an alert */
332 buf=s->init_buf;
333 if (!BUF_MEM_grow_clean(buf,10))
334 {
335 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
336 return(0);
337 }
338 if (x != NULL)
339 {
340 if (no_chain)
341 {
342 if (ssl3_add_cert_to_buf(buf, &l, x))
343 return(0);
344 }
345 else
346 {
347 X509_STORE_CTX xs_ctx;
348
349 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
350 {
351 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
352 return(0);
353 }
354 X509_verify_cert(&xs_ctx);
355 /* Don't leave errors in the queue */
356 ERR_clear_error();
357 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
358 {
359 x = sk_X509_value(xs_ctx.chain, i);
360
361 if (ssl3_add_cert_to_buf(buf, &l, x))
362 {
363 X509_STORE_CTX_cleanup(&xs_ctx);
364 return 0;
365 }
366 }
367 X509_STORE_CTX_cleanup(&xs_ctx);
368 }
369 }
370 /* Thawte special :-) */
371 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
372 {
373 x=sk_X509_value(s->ctx->extra_certs,i);
374 if (ssl3_add_cert_to_buf(buf, &l, x))
375 return(0);
376 }
377
378 l-=7;
379 p=(unsigned char *)&(buf->data[4]);
380 l2n3(l,p);
381 l+=3;
382 p=(unsigned char *)&(buf->data[0]);
383 *(p++)=SSL3_MT_CERTIFICATE;
384 l2n3(l,p);
385 l+=4;
386 return(l);
387 }
388
389/* Obtain handshake message of message type 'mt' (any if mt == -1),
390 * maximum acceptable body length 'max'.
391 * The first four bytes (msg_type and length) are read in state 'st1',
392 * the body is read in state 'stn'.
393 */
394long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
395 {
396 unsigned char *p;
397 unsigned long l;
398 long n;
399 int i,al;
400
401 if (s->s3->tmp.reuse_message)
402 {
403 s->s3->tmp.reuse_message=0;
404 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
405 {
406 al=SSL_AD_UNEXPECTED_MESSAGE;
407 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
408 goto f_err;
409 }
410 *ok=1;
411 s->init_msg = s->init_buf->data + 4;
412 s->init_num = (int)s->s3->tmp.message_size;
413 return s->init_num;
414 }
415
416 p=(unsigned char *)s->init_buf->data;
417
418 if (s->state == st1) /* s->init_num < 4 */
419 {
420 int skip_message;
421
422 do
423 {
424 while (s->init_num < 4)
425 {
426 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
427 &p[s->init_num],4 - s->init_num, 0);
428 if (i <= 0)
429 {
430 s->rwstate=SSL_READING;
431 *ok = 0;
432 return i;
433 }
434 s->init_num+=i;
435 }
436
437 skip_message = 0;
438 if (!s->server)
439 if (p[0] == SSL3_MT_HELLO_REQUEST)
440 /* The server may always send 'Hello Request' messages --
441 * we are doing a handshake anyway now, so ignore them
442 * if their format is correct. Does not count for
443 * 'Finished' MAC. */
444 if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
445 {
446 s->init_num = 0;
447 skip_message = 1;
448
449 if (s->msg_callback)
450 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
451 }
452 }
453 while (skip_message);
454
455 /* s->init_num == 4 */
456
457 if ((mt >= 0) && (*p != mt))
458 {
459 al=SSL_AD_UNEXPECTED_MESSAGE;
460 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
461 goto f_err;
462 }
463 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
464 (st1 == SSL3_ST_SR_CERT_A) &&
465 (stn == SSL3_ST_SR_CERT_B))
466 {
467 /* At this point we have got an MS SGC second client
468 * hello (maybe we should always allow the client to
469 * start a new handshake?). We need to restart the mac.
470 * Don't increment {num,total}_renegotiations because
471 * we have not completed the handshake. */
472 ssl3_init_finished_mac(s);
473 }
474
475 s->s3->tmp.message_type= *(p++);
476
477 n2l3(p,l);
478 if (l > (unsigned long)max)
479 {
480 al=SSL_AD_ILLEGAL_PARAMETER;
481 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
482 goto f_err;
483 }
484 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
485 {
486 al=SSL_AD_ILLEGAL_PARAMETER;
487 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
488 goto f_err;
489 }
490 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
491 {
492 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
493 goto err;
494 }
495 s->s3->tmp.message_size=l;
496 s->state=stn;
497
498 s->init_msg = s->init_buf->data + 4;
499 s->init_num = 0;
500 }
501
502 /* next state (stn) */
503 p = s->init_msg;
504 n = s->s3->tmp.message_size - s->init_num;
505 while (n > 0)
506 {
507 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
508 if (i <= 0)
509 {
510 s->rwstate=SSL_READING;
511 *ok = 0;
512 return i;
513 }
514 s->init_num += i;
515 n -= i;
516 }
517 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
518 if (s->msg_callback)
519 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
520 *ok=1;
521 return s->init_num;
522f_err:
523 ssl3_send_alert(s,SSL3_AL_FATAL,al);
524err:
525 *ok=0;
526 return(-1);
527 }
528
529int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
530 {
531 EVP_PKEY *pk;
532 int ret= -1,i;
533
534 if (pkey == NULL)
535 pk=X509_get_pubkey(x);
536 else
537 pk=pkey;
538 if (pk == NULL) goto err;
539
540 i=pk->type;
541 if (i == EVP_PKEY_RSA)
542 {
543 ret=SSL_PKEY_RSA_ENC;
544 }
545 else if (i == EVP_PKEY_DSA)
546 {
547 ret=SSL_PKEY_DSA_SIGN;
548 }
549#ifndef OPENSSL_NO_EC
550 else if (i == EVP_PKEY_EC)
551 {
552 ret = SSL_PKEY_ECC;
553 }
554#endif
555 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc)
556 {
557 ret = SSL_PKEY_GOST94;
558 }
559 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
560 {
561 ret = SSL_PKEY_GOST01;
562 }
563err:
564 if(!pkey) EVP_PKEY_free(pk);
565 return(ret);
566 }
567
568int ssl_verify_alarm_type(long type)
569 {
570 int al;
571
572 switch(type)
573 {
574 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
575 case X509_V_ERR_UNABLE_TO_GET_CRL:
576 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
577 al=SSL_AD_UNKNOWN_CA;
578 break;
579 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
580 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
581 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
582 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
583 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
584 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
585 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
586 case X509_V_ERR_CERT_NOT_YET_VALID:
587 case X509_V_ERR_CRL_NOT_YET_VALID:
588 case X509_V_ERR_CERT_UNTRUSTED:
589 case X509_V_ERR_CERT_REJECTED:
590 al=SSL_AD_BAD_CERTIFICATE;
591 break;
592 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
593 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
594 al=SSL_AD_DECRYPT_ERROR;
595 break;
596 case X509_V_ERR_CERT_HAS_EXPIRED:
597 case X509_V_ERR_CRL_HAS_EXPIRED:
598 al=SSL_AD_CERTIFICATE_EXPIRED;
599 break;
600 case X509_V_ERR_CERT_REVOKED:
601 al=SSL_AD_CERTIFICATE_REVOKED;
602 break;
603 case X509_V_ERR_OUT_OF_MEM:
604 al=SSL_AD_INTERNAL_ERROR;
605 break;
606 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
607 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
608 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
609 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
610 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
611 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
612 case X509_V_ERR_INVALID_CA:
613 al=SSL_AD_UNKNOWN_CA;
614 break;
615 case X509_V_ERR_APPLICATION_VERIFICATION:
616 al=SSL_AD_HANDSHAKE_FAILURE;
617 break;
618 case X509_V_ERR_INVALID_PURPOSE:
619 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
620 break;
621 default:
622 al=SSL_AD_CERTIFICATE_UNKNOWN;
623 break;
624 }
625 return(al);
626 }
627
628#ifndef OPENSSL_NO_BUF_FREELISTS
629/* On some platforms, malloc() performance is bad enough that you can't just
630 * free() and malloc() buffers all the time, so we need to use freelists from
631 * unused buffers. Currently, each freelist holds memory chunks of only a
632 * given size (list->chunklen); other sized chunks are freed and malloced.
633 * This doesn't help much if you're using many different SSL option settings
634 * with a given context. (The options affecting buffer size are
635 * max_send_fragment, read buffer vs write buffer,
636 * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
637 * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
638 * possible size is not an option, since max_send_fragment can take on many
639 * different values.
640 *
641 * If you are on a platform with a slow malloc(), and you're using SSL
642 * connections with many different settings for these options, and you need to
643 * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
644 * - Link against a faster malloc implementation.
645 * - Use a separate SSL_CTX for each option set.
646 * - Improve this code.
647 */
648static void *
649freelist_extract(SSL_CTX *ctx, int for_read, int sz)
650 {
651 SSL3_BUF_FREELIST *list;
652 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
653 void *result = NULL;
654
655 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
656 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
657 if (list != NULL && sz == (int)list->chunklen)
658 ent = list->head;
659 if (ent != NULL)
660 {
661 list->head = ent->next;
662 result = ent;
663 if (--list->len == 0)
664 list->chunklen = 0;
665 }
666 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
667 if (!result)
668 result = OPENSSL_malloc(sz);
669 return result;
670}
671
672static void
673freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
674 {
675 SSL3_BUF_FREELIST *list;
676 SSL3_BUF_FREELIST_ENTRY *ent;
677
678 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
679 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
680 if (list != NULL &&
681 (sz == list->chunklen || list->chunklen == 0) &&
682 list->len < ctx->freelist_max_len &&
683 sz >= sizeof(*ent))
684 {
685 list->chunklen = sz;
686 ent = mem;
687 ent->next = list->head;
688 list->head = ent;
689 ++list->len;
690 mem = NULL;
691 }
692
693 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
694 if (mem)
695 OPENSSL_free(mem);
696 }
697#else
698#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
699#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
700#endif
701
702int ssl3_setup_read_buffer(SSL *s)
703 {
704 unsigned char *p;
705 size_t len,align=0,headerlen;
706
707 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
708 headerlen = DTLS1_RT_HEADER_LENGTH;
709 else
710 headerlen = SSL3_RT_HEADER_LENGTH;
711
712#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
713 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
714#endif
715
716 if (s->s3->rbuf.buf == NULL)
717 {
718 len = SSL3_RT_MAX_PLAIN_LENGTH
719 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
720 + headerlen + align;
721 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
722 {
723 s->s3->init_extra = 1;
724 len += SSL3_RT_MAX_EXTRA;
725 }
726#ifndef OPENSSL_NO_COMP
727 if (!(s->options & SSL_OP_NO_COMPRESSION))
728 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
729#endif
730 if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
731 goto err;
732 s->s3->rbuf.buf = p;
733 s->s3->rbuf.len = len;
734 }
735
736 s->packet= &(s->s3->rbuf.buf[0]);
737 return 1;
738
739err:
740 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
741 return 0;
742 }
743
744int ssl3_setup_write_buffer(SSL *s)
745 {
746 unsigned char *p;
747 size_t len,align=0,headerlen;
748
749 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
750 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
751 else
752 headerlen = SSL3_RT_HEADER_LENGTH;
753
754#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
755 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
756#endif
757
758 if (s->s3->wbuf.buf == NULL)
759 {
760 len = s->max_send_fragment
761 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
762 + headerlen + align;
763#ifndef OPENSSL_NO_COMP
764 if (!(s->options & SSL_OP_NO_COMPRESSION))
765 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
766#endif
767 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
768 len += headerlen + align
769 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
770
771 if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
772 goto err;
773 s->s3->wbuf.buf = p;
774 s->s3->wbuf.len = len;
775 }
776
777 return 1;
778
779err:
780 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
781 return 0;
782 }
783
784
785int ssl3_setup_buffers(SSL *s)
786 {
787 if (!ssl3_setup_read_buffer(s))
788 return 0;
789 if (!ssl3_setup_write_buffer(s))
790 return 0;
791 return 1;
792 }
793
794int ssl3_release_write_buffer(SSL *s)
795 {
796 if (s->s3->wbuf.buf != NULL)
797 {
798 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
799 s->s3->wbuf.buf = NULL;
800 }
801 return 1;
802 }
803
804int ssl3_release_read_buffer(SSL *s)
805 {
806 if (s->s3->rbuf.buf != NULL)
807 {
808 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
809 s->s3->rbuf.buf = NULL;
810 }
811 return 1;
812 }
813
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
deleted file mode 100644
index 53223bd38d..0000000000
--- a/src/lib/libssl/s3_clnt.c
+++ /dev/null
@@ -1,3050 +0,0 @@
1/* ssl/s3_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152#include "ssl_locl.h"
153#include "kssl_lcl.h"
154#include <openssl/buffer.h>
155#include <openssl/rand.h>
156#include <openssl/objects.h>
157#include <openssl/evp.h>
158#include <openssl/md5.h>
159#ifndef OPENSSL_NO_DH
160#include <openssl/dh.h>
161#endif
162#include <openssl/bn.h>
163#ifndef OPENSSL_NO_ENGINE
164#include <openssl/engine.h>
165#endif
166
167static const SSL_METHOD *ssl3_get_client_method(int ver);
168static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
169
170static const SSL_METHOD *ssl3_get_client_method(int ver)
171 {
172 if (ver == SSL3_VERSION)
173 return(SSLv3_client_method());
174 else
175 return(NULL);
176 }
177
178IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
179 ssl_undefined_function,
180 ssl3_connect,
181 ssl3_get_client_method)
182
183int ssl3_connect(SSL *s)
184 {
185 BUF_MEM *buf=NULL;
186 unsigned long Time=(unsigned long)time(NULL);
187 void (*cb)(const SSL *ssl,int type,int val)=NULL;
188 int ret= -1;
189 int new_state,state,skip=0;
190
191 RAND_add(&Time,sizeof(Time),0);
192 ERR_clear_error();
193 clear_sys_error();
194
195 if (s->info_callback != NULL)
196 cb=s->info_callback;
197 else if (s->ctx->info_callback != NULL)
198 cb=s->ctx->info_callback;
199
200 s->in_handshake++;
201 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
202
203 for (;;)
204 {
205 state=s->state;
206
207 switch(s->state)
208 {
209 case SSL_ST_RENEGOTIATE:
210 s->new_session=1;
211 s->state=SSL_ST_CONNECT;
212 s->ctx->stats.sess_connect_renegotiate++;
213 /* break */
214 case SSL_ST_BEFORE:
215 case SSL_ST_CONNECT:
216 case SSL_ST_BEFORE|SSL_ST_CONNECT:
217 case SSL_ST_OK|SSL_ST_CONNECT:
218
219 s->server=0;
220 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
221
222 if ((s->version & 0xff00 ) != 0x0300)
223 {
224 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
225 ret = -1;
226 goto end;
227 }
228
229 /* s->version=SSL3_VERSION; */
230 s->type=SSL_ST_CONNECT;
231
232 if (s->init_buf == NULL)
233 {
234 if ((buf=BUF_MEM_new()) == NULL)
235 {
236 ret= -1;
237 goto end;
238 }
239 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
240 {
241 ret= -1;
242 goto end;
243 }
244 s->init_buf=buf;
245 buf=NULL;
246 }
247
248 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
249
250 /* setup buffing BIO */
251 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
252
253 /* don't push the buffering BIO quite yet */
254
255 ssl3_init_finished_mac(s);
256
257 s->state=SSL3_ST_CW_CLNT_HELLO_A;
258 s->ctx->stats.sess_connect++;
259 s->init_num=0;
260 break;
261
262 case SSL3_ST_CW_CLNT_HELLO_A:
263 case SSL3_ST_CW_CLNT_HELLO_B:
264
265 s->shutdown=0;
266 ret=ssl3_client_hello(s);
267 if (ret <= 0) goto end;
268 s->state=SSL3_ST_CR_SRVR_HELLO_A;
269 s->init_num=0;
270
271 /* turn on buffering for the next lot of output */
272 if (s->bbio != s->wbio)
273 s->wbio=BIO_push(s->bbio,s->wbio);
274
275 break;
276
277 case SSL3_ST_CR_SRVR_HELLO_A:
278 case SSL3_ST_CR_SRVR_HELLO_B:
279 ret=ssl3_get_server_hello(s);
280 if (ret <= 0) goto end;
281
282 if (s->hit)
283 s->state=SSL3_ST_CR_FINISHED_A;
284 else
285 s->state=SSL3_ST_CR_CERT_A;
286 s->init_num=0;
287 break;
288
289 case SSL3_ST_CR_CERT_A:
290 case SSL3_ST_CR_CERT_B:
291#ifndef OPENSSL_NO_TLSEXT
292 ret=ssl3_check_finished(s);
293 if (ret <= 0) goto end;
294 if (ret == 2)
295 {
296 s->hit = 1;
297 if (s->tlsext_ticket_expected)
298 s->state=SSL3_ST_CR_SESSION_TICKET_A;
299 else
300 s->state=SSL3_ST_CR_FINISHED_A;
301 s->init_num=0;
302 break;
303 }
304#endif
305 /* Check if it is anon DH/ECDH */
306 /* or PSK */
307 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
308 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
309 {
310 ret=ssl3_get_server_certificate(s);
311 if (ret <= 0) goto end;
312#ifndef OPENSSL_NO_TLSEXT
313 if (s->tlsext_status_expected)
314 s->state=SSL3_ST_CR_CERT_STATUS_A;
315 else
316 s->state=SSL3_ST_CR_KEY_EXCH_A;
317 }
318 else
319 {
320 skip = 1;
321 s->state=SSL3_ST_CR_KEY_EXCH_A;
322 }
323#else
324 }
325 else
326 skip=1;
327
328 s->state=SSL3_ST_CR_KEY_EXCH_A;
329#endif
330 s->init_num=0;
331 break;
332
333 case SSL3_ST_CR_KEY_EXCH_A:
334 case SSL3_ST_CR_KEY_EXCH_B:
335 ret=ssl3_get_key_exchange(s);
336 if (ret <= 0) goto end;
337 s->state=SSL3_ST_CR_CERT_REQ_A;
338 s->init_num=0;
339
340 /* at this point we check that we have the
341 * required stuff from the server */
342 if (!ssl3_check_cert_and_algorithm(s))
343 {
344 ret= -1;
345 goto end;
346 }
347 break;
348
349 case SSL3_ST_CR_CERT_REQ_A:
350 case SSL3_ST_CR_CERT_REQ_B:
351 ret=ssl3_get_certificate_request(s);
352 if (ret <= 0) goto end;
353 s->state=SSL3_ST_CR_SRVR_DONE_A;
354 s->init_num=0;
355 break;
356
357 case SSL3_ST_CR_SRVR_DONE_A:
358 case SSL3_ST_CR_SRVR_DONE_B:
359 ret=ssl3_get_server_done(s);
360 if (ret <= 0) goto end;
361 if (s->s3->tmp.cert_req)
362 s->state=SSL3_ST_CW_CERT_A;
363 else
364 s->state=SSL3_ST_CW_KEY_EXCH_A;
365 s->init_num=0;
366
367 break;
368
369 case SSL3_ST_CW_CERT_A:
370 case SSL3_ST_CW_CERT_B:
371 case SSL3_ST_CW_CERT_C:
372 case SSL3_ST_CW_CERT_D:
373 ret=ssl3_send_client_certificate(s);
374 if (ret <= 0) goto end;
375 s->state=SSL3_ST_CW_KEY_EXCH_A;
376 s->init_num=0;
377 break;
378
379 case SSL3_ST_CW_KEY_EXCH_A:
380 case SSL3_ST_CW_KEY_EXCH_B:
381 ret=ssl3_send_client_key_exchange(s);
382 if (ret <= 0) goto end;
383 /* EAY EAY EAY need to check for DH fix cert
384 * sent back */
385 /* For TLS, cert_req is set to 2, so a cert chain
386 * of nothing is sent, but no verify packet is sent */
387 /* XXX: For now, we do not support client
388 * authentication in ECDH cipher suites with
389 * ECDH (rather than ECDSA) certificates.
390 * We need to skip the certificate verify
391 * message when client's ECDH public key is sent
392 * inside the client certificate.
393 */
394 if (s->s3->tmp.cert_req == 1)
395 {
396 s->state=SSL3_ST_CW_CERT_VRFY_A;
397 }
398 else
399 {
400 s->state=SSL3_ST_CW_CHANGE_A;
401 s->s3->change_cipher_spec=0;
402 }
403 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
404 {
405 s->state=SSL3_ST_CW_CHANGE_A;
406 s->s3->change_cipher_spec=0;
407 }
408
409 s->init_num=0;
410 break;
411
412 case SSL3_ST_CW_CERT_VRFY_A:
413 case SSL3_ST_CW_CERT_VRFY_B:
414 ret=ssl3_send_client_verify(s);
415 if (ret <= 0) goto end;
416 s->state=SSL3_ST_CW_CHANGE_A;
417 s->init_num=0;
418 s->s3->change_cipher_spec=0;
419 break;
420
421 case SSL3_ST_CW_CHANGE_A:
422 case SSL3_ST_CW_CHANGE_B:
423 ret=ssl3_send_change_cipher_spec(s,
424 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
425 if (ret <= 0) goto end;
426 s->state=SSL3_ST_CW_FINISHED_A;
427 s->init_num=0;
428
429 s->session->cipher=s->s3->tmp.new_cipher;
430#ifdef OPENSSL_NO_COMP
431 s->session->compress_meth=0;
432#else
433 if (s->s3->tmp.new_compression == NULL)
434 s->session->compress_meth=0;
435 else
436 s->session->compress_meth=
437 s->s3->tmp.new_compression->id;
438#endif
439 if (!s->method->ssl3_enc->setup_key_block(s))
440 {
441 ret= -1;
442 goto end;
443 }
444
445 if (!s->method->ssl3_enc->change_cipher_state(s,
446 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
447 {
448 ret= -1;
449 goto end;
450 }
451
452 break;
453
454 case SSL3_ST_CW_FINISHED_A:
455 case SSL3_ST_CW_FINISHED_B:
456 ret=ssl3_send_finished(s,
457 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
458 s->method->ssl3_enc->client_finished_label,
459 s->method->ssl3_enc->client_finished_label_len);
460 if (ret <= 0) goto end;
461 s->state=SSL3_ST_CW_FLUSH;
462
463 /* clear flags */
464 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
465 if (s->hit)
466 {
467 s->s3->tmp.next_state=SSL_ST_OK;
468 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
469 {
470 s->state=SSL_ST_OK;
471 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
472 s->s3->delay_buf_pop_ret=0;
473 }
474 }
475 else
476 {
477#ifndef OPENSSL_NO_TLSEXT
478 /* Allow NewSessionTicket if ticket expected */
479 if (s->tlsext_ticket_expected)
480 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
481 else
482#endif
483
484 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
485 }
486 s->init_num=0;
487 break;
488
489#ifndef OPENSSL_NO_TLSEXT
490 case SSL3_ST_CR_SESSION_TICKET_A:
491 case SSL3_ST_CR_SESSION_TICKET_B:
492 ret=ssl3_get_new_session_ticket(s);
493 if (ret <= 0) goto end;
494 s->state=SSL3_ST_CR_FINISHED_A;
495 s->init_num=0;
496 break;
497
498 case SSL3_ST_CR_CERT_STATUS_A:
499 case SSL3_ST_CR_CERT_STATUS_B:
500 ret=ssl3_get_cert_status(s);
501 if (ret <= 0) goto end;
502 s->state=SSL3_ST_CR_KEY_EXCH_A;
503 s->init_num=0;
504 break;
505#endif
506
507 case SSL3_ST_CR_FINISHED_A:
508 case SSL3_ST_CR_FINISHED_B:
509
510 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
511 SSL3_ST_CR_FINISHED_B);
512 if (ret <= 0) goto end;
513
514 if (s->hit)
515 s->state=SSL3_ST_CW_CHANGE_A;
516 else
517 s->state=SSL_ST_OK;
518 s->init_num=0;
519 break;
520
521 case SSL3_ST_CW_FLUSH:
522 s->rwstate=SSL_WRITING;
523 if (BIO_flush(s->wbio) <= 0)
524 {
525 ret= -1;
526 goto end;
527 }
528 s->rwstate=SSL_NOTHING;
529 s->state=s->s3->tmp.next_state;
530 break;
531
532 case SSL_ST_OK:
533 /* clean a few things up */
534 ssl3_cleanup_key_block(s);
535
536 if (s->init_buf != NULL)
537 {
538 BUF_MEM_free(s->init_buf);
539 s->init_buf=NULL;
540 }
541
542 /* If we are not 'joining' the last two packets,
543 * remove the buffering now */
544 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
545 ssl_free_wbio_buffer(s);
546 /* else do it later in ssl3_write */
547
548 s->init_num=0;
549 s->new_session=0;
550
551 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
552 if (s->hit) s->ctx->stats.sess_hit++;
553
554 ret=1;
555 /* s->server=0; */
556 s->handshake_func=ssl3_connect;
557 s->ctx->stats.sess_connect_good++;
558
559 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
560
561 goto end;
562 /* break; */
563
564 default:
565 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
566 ret= -1;
567 goto end;
568 /* break; */
569 }
570
571 /* did we do anything */
572 if (!s->s3->tmp.reuse_message && !skip)
573 {
574 if (s->debug)
575 {
576 if ((ret=BIO_flush(s->wbio)) <= 0)
577 goto end;
578 }
579
580 if ((cb != NULL) && (s->state != state))
581 {
582 new_state=s->state;
583 s->state=state;
584 cb(s,SSL_CB_CONNECT_LOOP,1);
585 s->state=new_state;
586 }
587 }
588 skip=0;
589 }
590end:
591 s->in_handshake--;
592 if (buf != NULL)
593 BUF_MEM_free(buf);
594 if (cb != NULL)
595 cb(s,SSL_CB_CONNECT_EXIT,ret);
596 return(ret);
597 }
598
599
600int ssl3_client_hello(SSL *s)
601 {
602 unsigned char *buf;
603 unsigned char *p,*d;
604 int i;
605 unsigned long Time,l;
606#ifndef OPENSSL_NO_COMP
607 int j;
608 SSL_COMP *comp;
609#endif
610
611 buf=(unsigned char *)s->init_buf->data;
612 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
613 {
614 SSL_SESSION *sess = s->session;
615 if ((sess == NULL) ||
616 (sess->ssl_version != s->version) ||
617#ifdef OPENSSL_NO_TLSEXT
618 !sess->session_id_length ||
619#else
620 (!sess->session_id_length && !sess->tlsext_tick) ||
621#endif
622 (sess->not_resumable))
623 {
624 if (!ssl_get_new_session(s,0))
625 goto err;
626 }
627 /* else use the pre-loaded session */
628
629 p=s->s3->client_random;
630 Time=(unsigned long)time(NULL); /* Time */
631 l2n(Time,p);
632 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
633 goto err;
634
635 /* Do the message type and length last */
636 d=p= &(buf[4]);
637
638 *(p++)=s->version>>8;
639 *(p++)=s->version&0xff;
640 s->client_version=s->version;
641
642 /* Random stuff */
643 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
644 p+=SSL3_RANDOM_SIZE;
645
646 /* Session ID */
647 if (s->new_session)
648 i=0;
649 else
650 i=s->session->session_id_length;
651 *(p++)=i;
652 if (i != 0)
653 {
654 if (i > (int)sizeof(s->session->session_id))
655 {
656 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
657 goto err;
658 }
659 memcpy(p,s->session->session_id,i);
660 p+=i;
661 }
662
663 /* Ciphers supported */
664 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
665 if (i == 0)
666 {
667 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
668 goto err;
669 }
670 s2n(i,p);
671 p+=i;
672
673 /* COMPRESSION */
674#ifdef OPENSSL_NO_COMP
675 *(p++)=1;
676#else
677
678 if ((s->options & SSL_OP_NO_COMPRESSION)
679 || !s->ctx->comp_methods)
680 j=0;
681 else
682 j=sk_SSL_COMP_num(s->ctx->comp_methods);
683 *(p++)=1+j;
684 for (i=0; i<j; i++)
685 {
686 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
687 *(p++)=comp->id;
688 }
689#endif
690 *(p++)=0; /* Add the NULL method */
691
692#ifndef OPENSSL_NO_TLSEXT
693 /* TLS extensions*/
694 if (ssl_prepare_clienthello_tlsext(s) <= 0)
695 {
696 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
697 goto err;
698 }
699 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
700 {
701 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
702 goto err;
703 }
704#endif
705
706 l=(p-d);
707 d=buf;
708 *(d++)=SSL3_MT_CLIENT_HELLO;
709 l2n3(l,d);
710
711 s->state=SSL3_ST_CW_CLNT_HELLO_B;
712 /* number of bytes to write */
713 s->init_num=p-buf;
714 s->init_off=0;
715 }
716
717 /* SSL3_ST_CW_CLNT_HELLO_B */
718 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
719err:
720 return(-1);
721 }
722
723int ssl3_get_server_hello(SSL *s)
724 {
725 STACK_OF(SSL_CIPHER) *sk;
726 const SSL_CIPHER *c;
727 unsigned char *p,*d;
728 int i,al,ok;
729 unsigned int j;
730 long n;
731#ifndef OPENSSL_NO_COMP
732 SSL_COMP *comp;
733#endif
734
735 n=s->method->ssl_get_message(s,
736 SSL3_ST_CR_SRVR_HELLO_A,
737 SSL3_ST_CR_SRVR_HELLO_B,
738 -1,
739 20000, /* ?? */
740 &ok);
741
742 if (!ok) return((int)n);
743
744 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
745 {
746 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
747 {
748 if ( s->d1->send_cookie == 0)
749 {
750 s->s3->tmp.reuse_message = 1;
751 return 1;
752 }
753 else /* already sent a cookie */
754 {
755 al=SSL_AD_UNEXPECTED_MESSAGE;
756 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
757 goto f_err;
758 }
759 }
760 }
761
762 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
763 {
764 al=SSL_AD_UNEXPECTED_MESSAGE;
765 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
766 goto f_err;
767 }
768
769 d=p=(unsigned char *)s->init_msg;
770
771 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
772 {
773 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
774 s->version=(s->version&0xff00)|p[1];
775 al=SSL_AD_PROTOCOL_VERSION;
776 goto f_err;
777 }
778 p+=2;
779
780 /* load the server hello data */
781 /* load the server random */
782 memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
783 p+=SSL3_RANDOM_SIZE;
784
785 /* get the session-id */
786 j= *(p++);
787
788 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
789 {
790 al=SSL_AD_ILLEGAL_PARAMETER;
791 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
792 goto f_err;
793 }
794
795#ifndef OPENSSL_NO_TLSEXT
796 /* check if we want to resume the session based on external pre-shared secret */
797 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
798 {
799 SSL_CIPHER *pref_cipher=NULL;
800 s->session->master_key_length=sizeof(s->session->master_key);
801 if (s->tls_session_secret_cb(s, s->session->master_key,
802 &s->session->master_key_length,
803 NULL, &pref_cipher,
804 s->tls_session_secret_cb_arg))
805 {
806 s->session->cipher = pref_cipher ?
807 pref_cipher : ssl_get_cipher_by_char(s, p+j);
808 }
809 }
810#endif /* OPENSSL_NO_TLSEXT */
811
812 if (j != 0 && j == s->session->session_id_length
813 && memcmp(p,s->session->session_id,j) == 0)
814 {
815 if(s->sid_ctx_length != s->session->sid_ctx_length
816 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
817 {
818 /* actually a client application bug */
819 al=SSL_AD_ILLEGAL_PARAMETER;
820 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
821 goto f_err;
822 }
823 s->hit=1;
824 }
825 else /* a miss or crap from the other end */
826 {
827 /* If we were trying for session-id reuse, make a new
828 * SSL_SESSION so we don't stuff up other people */
829 s->hit=0;
830 if (s->session->session_id_length > 0)
831 {
832 if (!ssl_get_new_session(s,0))
833 {
834 al=SSL_AD_INTERNAL_ERROR;
835 goto f_err;
836 }
837 }
838 s->session->session_id_length=j;
839 memcpy(s->session->session_id,p,j); /* j could be 0 */
840 }
841 p+=j;
842 c=ssl_get_cipher_by_char(s,p);
843 if (c == NULL)
844 {
845 /* unknown cipher */
846 al=SSL_AD_ILLEGAL_PARAMETER;
847 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
848 goto f_err;
849 }
850 p+=ssl_put_cipher_by_char(s,NULL,NULL);
851
852 sk=ssl_get_ciphers_by_id(s);
853 i=sk_SSL_CIPHER_find(sk,c);
854 if (i < 0)
855 {
856 /* we did not say we would use this cipher */
857 al=SSL_AD_ILLEGAL_PARAMETER;
858 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
859 goto f_err;
860 }
861
862 /* Depending on the session caching (internal/external), the cipher
863 and/or cipher_id values may not be set. Make sure that
864 cipher_id is set and use it for comparison. */
865 if (s->session->cipher)
866 s->session->cipher_id = s->session->cipher->id;
867 if (s->hit && (s->session->cipher_id != c->id))
868 {
869/* Workaround is now obsolete */
870#if 0
871 if (!(s->options &
872 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
873#endif
874 {
875 al=SSL_AD_ILLEGAL_PARAMETER;
876 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
877 goto f_err;
878 }
879 }
880 s->s3->tmp.new_cipher=c;
881 if (!ssl3_digest_cached_records(s))
882 goto f_err;
883
884 /* lets get the compression algorithm */
885 /* COMPRESSION */
886#ifdef OPENSSL_NO_COMP
887 if (*(p++) != 0)
888 {
889 al=SSL_AD_ILLEGAL_PARAMETER;
890 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
891 goto f_err;
892 }
893 /* If compression is disabled we'd better not try to resume a session
894 * using compression.
895 */
896 if (s->session->compress_meth != 0)
897 {
898 al=SSL_AD_INTERNAL_ERROR;
899 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
900 goto f_err;
901 }
902#else
903 j= *(p++);
904 if (s->hit && j != s->session->compress_meth)
905 {
906 al=SSL_AD_ILLEGAL_PARAMETER;
907 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
908 goto f_err;
909 }
910 if (j == 0)
911 comp=NULL;
912 else if (s->options & SSL_OP_NO_COMPRESSION)
913 {
914 al=SSL_AD_ILLEGAL_PARAMETER;
915 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
916 goto f_err;
917 }
918 else
919 comp=ssl3_comp_find(s->ctx->comp_methods,j);
920
921 if ((j != 0) && (comp == NULL))
922 {
923 al=SSL_AD_ILLEGAL_PARAMETER;
924 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
925 goto f_err;
926 }
927 else
928 {
929 s->s3->tmp.new_compression=comp;
930 }
931#endif
932
933#ifndef OPENSSL_NO_TLSEXT
934 /* TLS extensions*/
935 if (s->version >= SSL3_VERSION)
936 {
937 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
938 {
939 /* 'al' set by ssl_parse_serverhello_tlsext */
940 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
941 goto f_err;
942 }
943 if (ssl_check_serverhello_tlsext(s) <= 0)
944 {
945 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
946 goto err;
947 }
948 }
949#endif
950
951 if (p != (d+n))
952 {
953 /* wrong packet length */
954 al=SSL_AD_DECODE_ERROR;
955 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
956 goto f_err;
957 }
958
959 return(1);
960f_err:
961 ssl3_send_alert(s,SSL3_AL_FATAL,al);
962err:
963 return(-1);
964 }
965
966int ssl3_get_server_certificate(SSL *s)
967 {
968 int al,i,ok,ret= -1;
969 unsigned long n,nc,llen,l;
970 X509 *x=NULL;
971 const unsigned char *q,*p;
972 unsigned char *d;
973 STACK_OF(X509) *sk=NULL;
974 SESS_CERT *sc;
975 EVP_PKEY *pkey=NULL;
976 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
977
978 n=s->method->ssl_get_message(s,
979 SSL3_ST_CR_CERT_A,
980 SSL3_ST_CR_CERT_B,
981 -1,
982 s->max_cert_list,
983 &ok);
984
985 if (!ok) return((int)n);
986
987 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
988 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
989 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
990 {
991 s->s3->tmp.reuse_message=1;
992 return(1);
993 }
994
995 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
996 {
997 al=SSL_AD_UNEXPECTED_MESSAGE;
998 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
999 goto f_err;
1000 }
1001 p=d=(unsigned char *)s->init_msg;
1002
1003 if ((sk=sk_X509_new_null()) == NULL)
1004 {
1005 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1006 goto err;
1007 }
1008
1009 n2l3(p,llen);
1010 if (llen+3 != n)
1011 {
1012 al=SSL_AD_DECODE_ERROR;
1013 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
1014 goto f_err;
1015 }
1016 for (nc=0; nc<llen; )
1017 {
1018 n2l3(p,l);
1019 if ((l+nc+3) > llen)
1020 {
1021 al=SSL_AD_DECODE_ERROR;
1022 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1023 goto f_err;
1024 }
1025
1026 q=p;
1027 x=d2i_X509(NULL,&q,l);
1028 if (x == NULL)
1029 {
1030 al=SSL_AD_BAD_CERTIFICATE;
1031 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
1032 goto f_err;
1033 }
1034 if (q != (p+l))
1035 {
1036 al=SSL_AD_DECODE_ERROR;
1037 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1038 goto f_err;
1039 }
1040 if (!sk_X509_push(sk,x))
1041 {
1042 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1043 goto err;
1044 }
1045 x=NULL;
1046 nc+=l+3;
1047 p=q;
1048 }
1049
1050 i=ssl_verify_cert_chain(s,sk);
1051 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
1052#ifndef OPENSSL_NO_KRB5
1053 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1054 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1055#endif /* OPENSSL_NO_KRB5 */
1056 )
1057 {
1058 al=ssl_verify_alarm_type(s->verify_result);
1059 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
1060 goto f_err;
1061 }
1062 ERR_clear_error(); /* but we keep s->verify_result */
1063
1064 sc=ssl_sess_cert_new();
1065 if (sc == NULL) goto err;
1066
1067 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
1068 s->session->sess_cert=sc;
1069
1070 sc->cert_chain=sk;
1071 /* Inconsistency alert: cert_chain does include the peer's
1072 * certificate, which we don't include in s3_srvr.c */
1073 x=sk_X509_value(sk,0);
1074 sk=NULL;
1075 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1076
1077 pkey=X509_get_pubkey(x);
1078
1079 /* VRS: allow null cert if auth == KRB5 */
1080 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1081 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1082 ? 0 : 1;
1083
1084#ifdef KSSL_DEBUG
1085 printf("pkey,x = %p, %p\n", pkey,x);
1086 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1087 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1088 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1089#endif /* KSSL_DEBUG */
1090
1091 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
1092 {
1093 x=NULL;
1094 al=SSL3_AL_FATAL;
1095 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1096 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1097 goto f_err;
1098 }
1099
1100 i=ssl_cert_type(x,pkey);
1101 if (need_cert && i < 0)
1102 {
1103 x=NULL;
1104 al=SSL3_AL_FATAL;
1105 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1106 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1107 goto f_err;
1108 }
1109
1110 if (need_cert)
1111 {
1112 sc->peer_cert_type=i;
1113 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1114 /* Why would the following ever happen?
1115 * We just created sc a couple of lines ago. */
1116 if (sc->peer_pkeys[i].x509 != NULL)
1117 X509_free(sc->peer_pkeys[i].x509);
1118 sc->peer_pkeys[i].x509=x;
1119 sc->peer_key= &(sc->peer_pkeys[i]);
1120
1121 if (s->session->peer != NULL)
1122 X509_free(s->session->peer);
1123 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1124 s->session->peer=x;
1125 }
1126 else
1127 {
1128 sc->peer_cert_type=i;
1129 sc->peer_key= NULL;
1130
1131 if (s->session->peer != NULL)
1132 X509_free(s->session->peer);
1133 s->session->peer=NULL;
1134 }
1135 s->session->verify_result = s->verify_result;
1136
1137 x=NULL;
1138 ret=1;
1139
1140 if (0)
1141 {
1142f_err:
1143 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1144 }
1145err:
1146 EVP_PKEY_free(pkey);
1147 X509_free(x);
1148 sk_X509_pop_free(sk,X509_free);
1149 return(ret);
1150 }
1151
1152int ssl3_get_key_exchange(SSL *s)
1153 {
1154#ifndef OPENSSL_NO_RSA
1155 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
1156#endif
1157 EVP_MD_CTX md_ctx;
1158 unsigned char *param,*p;
1159 int al,i,j,param_len,ok;
1160 long n,alg_k,alg_a;
1161 EVP_PKEY *pkey=NULL;
1162#ifndef OPENSSL_NO_RSA
1163 RSA *rsa=NULL;
1164#endif
1165#ifndef OPENSSL_NO_DH
1166 DH *dh=NULL;
1167#endif
1168#ifndef OPENSSL_NO_ECDH
1169 EC_KEY *ecdh = NULL;
1170 BN_CTX *bn_ctx = NULL;
1171 EC_POINT *srvr_ecpoint = NULL;
1172 int curve_nid = 0;
1173 int encoded_pt_len = 0;
1174#endif
1175
1176 /* use same message size as in ssl3_get_certificate_request()
1177 * as ServerKeyExchange message may be skipped */
1178 n=s->method->ssl_get_message(s,
1179 SSL3_ST_CR_KEY_EXCH_A,
1180 SSL3_ST_CR_KEY_EXCH_B,
1181 -1,
1182 s->max_cert_list,
1183 &ok);
1184 if (!ok) return((int)n);
1185
1186 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1187 {
1188#ifndef OPENSSL_NO_PSK
1189 /* In plain PSK ciphersuite, ServerKeyExchange can be
1190 omitted if no identity hint is sent. Set
1191 session->sess_cert anyway to avoid problems
1192 later.*/
1193 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
1194 {
1195 s->session->sess_cert=ssl_sess_cert_new();
1196 if (s->ctx->psk_identity_hint)
1197 OPENSSL_free(s->ctx->psk_identity_hint);
1198 s->ctx->psk_identity_hint = NULL;
1199 }
1200#endif
1201 s->s3->tmp.reuse_message=1;
1202 return(1);
1203 }
1204
1205 param=p=(unsigned char *)s->init_msg;
1206 if (s->session->sess_cert != NULL)
1207 {
1208#ifndef OPENSSL_NO_RSA
1209 if (s->session->sess_cert->peer_rsa_tmp != NULL)
1210 {
1211 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1212 s->session->sess_cert->peer_rsa_tmp=NULL;
1213 }
1214#endif
1215#ifndef OPENSSL_NO_DH
1216 if (s->session->sess_cert->peer_dh_tmp)
1217 {
1218 DH_free(s->session->sess_cert->peer_dh_tmp);
1219 s->session->sess_cert->peer_dh_tmp=NULL;
1220 }
1221#endif
1222#ifndef OPENSSL_NO_ECDH
1223 if (s->session->sess_cert->peer_ecdh_tmp)
1224 {
1225 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1226 s->session->sess_cert->peer_ecdh_tmp=NULL;
1227 }
1228#endif
1229 }
1230 else
1231 {
1232 s->session->sess_cert=ssl_sess_cert_new();
1233 }
1234
1235 param_len=0;
1236 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1237 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
1238 EVP_MD_CTX_init(&md_ctx);
1239
1240#ifndef OPENSSL_NO_PSK
1241 if (alg_k & SSL_kPSK)
1242 {
1243 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1244
1245 al=SSL_AD_HANDSHAKE_FAILURE;
1246 n2s(p,i);
1247 param_len=i+2;
1248 /* Store PSK identity hint for later use, hint is used
1249 * in ssl3_send_client_key_exchange. Assume that the
1250 * maximum length of a PSK identity hint can be as
1251 * long as the maximum length of a PSK identity. */
1252 if (i > PSK_MAX_IDENTITY_LEN)
1253 {
1254 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1255 SSL_R_DATA_LENGTH_TOO_LONG);
1256 goto f_err;
1257 }
1258 if (param_len > n)
1259 {
1260 al=SSL_AD_DECODE_ERROR;
1261 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1262 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1263 goto f_err;
1264 }
1265 /* If received PSK identity hint contains NULL
1266 * characters, the hint is truncated from the first
1267 * NULL. p may not be ending with NULL, so create a
1268 * NULL-terminated string. */
1269 memcpy(tmp_id_hint, p, i);
1270 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
1271 if (s->ctx->psk_identity_hint != NULL)
1272 OPENSSL_free(s->ctx->psk_identity_hint);
1273 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1274 if (s->ctx->psk_identity_hint == NULL)
1275 {
1276 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1277 goto f_err;
1278 }
1279
1280 p+=i;
1281 n-=param_len;
1282 }
1283 else
1284#endif /* !OPENSSL_NO_PSK */
1285#ifndef OPENSSL_NO_RSA
1286 if (alg_k & SSL_kRSA)
1287 {
1288 if ((rsa=RSA_new()) == NULL)
1289 {
1290 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1291 goto err;
1292 }
1293 n2s(p,i);
1294 param_len=i+2;
1295 if (param_len > n)
1296 {
1297 al=SSL_AD_DECODE_ERROR;
1298 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
1299 goto f_err;
1300 }
1301 if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
1302 {
1303 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1304 goto err;
1305 }
1306 p+=i;
1307
1308 n2s(p,i);
1309 param_len+=i+2;
1310 if (param_len > n)
1311 {
1312 al=SSL_AD_DECODE_ERROR;
1313 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
1314 goto f_err;
1315 }
1316 if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
1317 {
1318 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1319 goto err;
1320 }
1321 p+=i;
1322 n-=param_len;
1323
1324 /* this should be because we are using an export cipher */
1325 if (alg_a & SSL_aRSA)
1326 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1327 else
1328 {
1329 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1330 goto err;
1331 }
1332 s->session->sess_cert->peer_rsa_tmp=rsa;
1333 rsa=NULL;
1334 }
1335#else /* OPENSSL_NO_RSA */
1336 if (0)
1337 ;
1338#endif
1339#ifndef OPENSSL_NO_DH
1340 else if (alg_k & SSL_kEDH)
1341 {
1342 if ((dh=DH_new()) == NULL)
1343 {
1344 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
1345 goto err;
1346 }
1347 n2s(p,i);
1348 param_len=i+2;
1349 if (param_len > n)
1350 {
1351 al=SSL_AD_DECODE_ERROR;
1352 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
1353 goto f_err;
1354 }
1355 if (!(dh->p=BN_bin2bn(p,i,NULL)))
1356 {
1357 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1358 goto err;
1359 }
1360 p+=i;
1361
1362 n2s(p,i);
1363 param_len+=i+2;
1364 if (param_len > n)
1365 {
1366 al=SSL_AD_DECODE_ERROR;
1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
1368 goto f_err;
1369 }
1370 if (!(dh->g=BN_bin2bn(p,i,NULL)))
1371 {
1372 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1373 goto err;
1374 }
1375 p+=i;
1376
1377 n2s(p,i);
1378 param_len+=i+2;
1379 if (param_len > n)
1380 {
1381 al=SSL_AD_DECODE_ERROR;
1382 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
1383 goto f_err;
1384 }
1385 if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
1386 {
1387 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1388 goto err;
1389 }
1390 p+=i;
1391 n-=param_len;
1392
1393#ifndef OPENSSL_NO_RSA
1394 if (alg_a & SSL_aRSA)
1395 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1396#else
1397 if (0)
1398 ;
1399#endif
1400#ifndef OPENSSL_NO_DSA
1401 else if (alg_a & SSL_aDSS)
1402 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1403#endif
1404 /* else anonymous DH, so no certificate or pkey. */
1405
1406 s->session->sess_cert->peer_dh_tmp=dh;
1407 dh=NULL;
1408 }
1409 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
1410 {
1411 al=SSL_AD_ILLEGAL_PARAMETER;
1412 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1413 goto f_err;
1414 }
1415#endif /* !OPENSSL_NO_DH */
1416
1417#ifndef OPENSSL_NO_ECDH
1418 else if (alg_k & SSL_kEECDH)
1419 {
1420 EC_GROUP *ngroup;
1421 const EC_GROUP *group;
1422
1423 if ((ecdh=EC_KEY_new()) == NULL)
1424 {
1425 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1426 goto err;
1427 }
1428
1429 /* Extract elliptic curve parameters and the
1430 * server's ephemeral ECDH public key.
1431 * Keep accumulating lengths of various components in
1432 * param_len and make sure it never exceeds n.
1433 */
1434
1435 /* XXX: For now we only support named (not generic) curves
1436 * and the ECParameters in this case is just three bytes.
1437 */
1438 param_len=3;
1439 if ((param_len > n) ||
1440 (*p != NAMED_CURVE_TYPE) ||
1441 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
1442 {
1443 al=SSL_AD_INTERNAL_ERROR;
1444 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1445 goto f_err;
1446 }
1447
1448 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1449 if (ngroup == NULL)
1450 {
1451 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1452 goto err;
1453 }
1454 if (EC_KEY_set_group(ecdh, ngroup) == 0)
1455 {
1456 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1457 goto err;
1458 }
1459 EC_GROUP_free(ngroup);
1460
1461 group = EC_KEY_get0_group(ecdh);
1462
1463 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1464 (EC_GROUP_get_degree(group) > 163))
1465 {
1466 al=SSL_AD_EXPORT_RESTRICTION;
1467 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1468 goto f_err;
1469 }
1470
1471 p+=3;
1472
1473 /* Next, get the encoded ECPoint */
1474 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1475 ((bn_ctx = BN_CTX_new()) == NULL))
1476 {
1477 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1478 goto err;
1479 }
1480
1481 encoded_pt_len = *p; /* length of encoded point */
1482 p+=1;
1483 param_len += (1 + encoded_pt_len);
1484 if ((param_len > n) ||
1485 (EC_POINT_oct2point(group, srvr_ecpoint,
1486 p, encoded_pt_len, bn_ctx) == 0))
1487 {
1488 al=SSL_AD_DECODE_ERROR;
1489 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1490 goto f_err;
1491 }
1492
1493 n-=param_len;
1494 p+=encoded_pt_len;
1495
1496 /* The ECC/TLS specification does not mention
1497 * the use of DSA to sign ECParameters in the server
1498 * key exchange message. We do support RSA and ECDSA.
1499 */
1500 if (0) ;
1501#ifndef OPENSSL_NO_RSA
1502 else if (alg_a & SSL_aRSA)
1503 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1504#endif
1505#ifndef OPENSSL_NO_ECDSA
1506 else if (alg_a & SSL_aECDSA)
1507 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1508#endif
1509 /* else anonymous ECDH, so no certificate or pkey. */
1510 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1511 s->session->sess_cert->peer_ecdh_tmp=ecdh;
1512 ecdh=NULL;
1513 BN_CTX_free(bn_ctx);
1514 bn_ctx = NULL;
1515 EC_POINT_free(srvr_ecpoint);
1516 srvr_ecpoint = NULL;
1517 }
1518 else if (alg_k)
1519 {
1520 al=SSL_AD_UNEXPECTED_MESSAGE;
1521 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1522 goto f_err;
1523 }
1524#endif /* !OPENSSL_NO_ECDH */
1525
1526
1527 /* p points to the next byte, there are 'n' bytes left */
1528
1529 /* if it was signed, check the signature */
1530 if (pkey != NULL)
1531 {
1532 n2s(p,i);
1533 n-=2;
1534 j=EVP_PKEY_size(pkey);
1535
1536 if ((i != n) || (n > j) || (n <= 0))
1537 {
1538 /* wrong packet length */
1539 al=SSL_AD_DECODE_ERROR;
1540 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
1541 goto f_err;
1542 }
1543
1544#ifndef OPENSSL_NO_RSA
1545 if (pkey->type == EVP_PKEY_RSA)
1546 {
1547 int num;
1548
1549 j=0;
1550 q=md_buf;
1551 for (num=2; num > 0; num--)
1552 {
1553 EVP_DigestInit_ex(&md_ctx,(num == 2)
1554 ?s->ctx->md5:s->ctx->sha1, NULL);
1555 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1556 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1557 EVP_DigestUpdate(&md_ctx,param,param_len);
1558 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
1559 q+=i;
1560 j+=i;
1561 }
1562 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
1563 pkey->pkey.rsa);
1564 if (i < 0)
1565 {
1566 al=SSL_AD_DECRYPT_ERROR;
1567 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1568 goto f_err;
1569 }
1570 if (i == 0)
1571 {
1572 /* bad signature */
1573 al=SSL_AD_DECRYPT_ERROR;
1574 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1575 goto f_err;
1576 }
1577 }
1578 else
1579#endif
1580#ifndef OPENSSL_NO_DSA
1581 if (pkey->type == EVP_PKEY_DSA)
1582 {
1583 /* lets do DSS */
1584 EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
1585 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1586 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1587 EVP_VerifyUpdate(&md_ctx,param,param_len);
1588 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1589 {
1590 /* bad signature */
1591 al=SSL_AD_DECRYPT_ERROR;
1592 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1593 goto f_err;
1594 }
1595 }
1596 else
1597#endif
1598#ifndef OPENSSL_NO_ECDSA
1599 if (pkey->type == EVP_PKEY_EC)
1600 {
1601 /* let's do ECDSA */
1602 EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1603 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1604 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1605 EVP_VerifyUpdate(&md_ctx,param,param_len);
1606 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1607 {
1608 /* bad signature */
1609 al=SSL_AD_DECRYPT_ERROR;
1610 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1611 goto f_err;
1612 }
1613 }
1614 else
1615#endif
1616 {
1617 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1618 goto err;
1619 }
1620 }
1621 else
1622 {
1623 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
1624 /* aNULL or kPSK do not need public keys */
1625 {
1626 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1627 goto err;
1628 }
1629 /* still data left over */
1630 if (n != 0)
1631 {
1632 al=SSL_AD_DECODE_ERROR;
1633 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
1634 goto f_err;
1635 }
1636 }
1637 EVP_PKEY_free(pkey);
1638 EVP_MD_CTX_cleanup(&md_ctx);
1639 return(1);
1640f_err:
1641 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1642err:
1643 EVP_PKEY_free(pkey);
1644#ifndef OPENSSL_NO_RSA
1645 if (rsa != NULL)
1646 RSA_free(rsa);
1647#endif
1648#ifndef OPENSSL_NO_DH
1649 if (dh != NULL)
1650 DH_free(dh);
1651#endif
1652#ifndef OPENSSL_NO_ECDH
1653 BN_CTX_free(bn_ctx);
1654 EC_POINT_free(srvr_ecpoint);
1655 if (ecdh != NULL)
1656 EC_KEY_free(ecdh);
1657#endif
1658 EVP_MD_CTX_cleanup(&md_ctx);
1659 return(-1);
1660 }
1661
1662int ssl3_get_certificate_request(SSL *s)
1663 {
1664 int ok,ret=0;
1665 unsigned long n,nc,l;
1666 unsigned int llen,ctype_num,i;
1667 X509_NAME *xn=NULL;
1668 const unsigned char *p,*q;
1669 unsigned char *d;
1670 STACK_OF(X509_NAME) *ca_sk=NULL;
1671
1672 n=s->method->ssl_get_message(s,
1673 SSL3_ST_CR_CERT_REQ_A,
1674 SSL3_ST_CR_CERT_REQ_B,
1675 -1,
1676 s->max_cert_list,
1677 &ok);
1678
1679 if (!ok) return((int)n);
1680
1681 s->s3->tmp.cert_req=0;
1682
1683 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
1684 {
1685 s->s3->tmp.reuse_message=1;
1686 return(1);
1687 }
1688
1689 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
1690 {
1691 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1692 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
1693 goto err;
1694 }
1695
1696 /* TLS does not like anon-DH with client cert */
1697 if (s->version > SSL3_VERSION)
1698 {
1699 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1700 {
1701 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1702 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1703 goto err;
1704 }
1705 }
1706
1707 p=d=(unsigned char *)s->init_msg;
1708
1709 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
1710 {
1711 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1712 goto err;
1713 }
1714
1715 /* get the certificate types */
1716 ctype_num= *(p++);
1717 if (ctype_num > SSL3_CT_NUMBER)
1718 ctype_num=SSL3_CT_NUMBER;
1719 for (i=0; i<ctype_num; i++)
1720 s->s3->tmp.ctype[i]= p[i];
1721 p+=ctype_num;
1722
1723 /* get the CA RDNs */
1724 n2s(p,llen);
1725#if 0
1726{
1727FILE *out;
1728out=fopen("/tmp/vsign.der","w");
1729fwrite(p,1,llen,out);
1730fclose(out);
1731}
1732#endif
1733
1734 if ((llen+ctype_num+2+1) != n)
1735 {
1736 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1737 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
1738 goto err;
1739 }
1740
1741 for (nc=0; nc<llen; )
1742 {
1743 n2s(p,l);
1744 if ((l+nc+2) > llen)
1745 {
1746 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1747 goto cont; /* netscape bugs */
1748 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1749 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
1750 goto err;
1751 }
1752
1753 q=p;
1754
1755 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
1756 {
1757 /* If netscape tolerance is on, ignore errors */
1758 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1759 goto cont;
1760 else
1761 {
1762 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1763 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
1764 goto err;
1765 }
1766 }
1767
1768 if (q != (p+l))
1769 {
1770 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1771 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
1772 goto err;
1773 }
1774 if (!sk_X509_NAME_push(ca_sk,xn))
1775 {
1776 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1777 goto err;
1778 }
1779
1780 p+=l;
1781 nc+=l+2;
1782 }
1783
1784 if (0)
1785 {
1786cont:
1787 ERR_clear_error();
1788 }
1789
1790 /* we should setup a certificate to return.... */
1791 s->s3->tmp.cert_req=1;
1792 s->s3->tmp.ctype_num=ctype_num;
1793 if (s->s3->tmp.ca_names != NULL)
1794 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1795 s->s3->tmp.ca_names=ca_sk;
1796 ca_sk=NULL;
1797
1798 ret=1;
1799err:
1800 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
1801 return(ret);
1802 }
1803
1804static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1805 {
1806 return(X509_NAME_cmp(*a,*b));
1807 }
1808#ifndef OPENSSL_NO_TLSEXT
1809int ssl3_get_new_session_ticket(SSL *s)
1810 {
1811 int ok,al,ret=0, ticklen;
1812 long n;
1813 const unsigned char *p;
1814 unsigned char *d;
1815
1816 n=s->method->ssl_get_message(s,
1817 SSL3_ST_CR_SESSION_TICKET_A,
1818 SSL3_ST_CR_SESSION_TICKET_B,
1819 -1,
1820 16384,
1821 &ok);
1822
1823 if (!ok)
1824 return((int)n);
1825
1826 if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
1827 {
1828 s->s3->tmp.reuse_message=1;
1829 return(1);
1830 }
1831 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
1832 {
1833 al=SSL_AD_UNEXPECTED_MESSAGE;
1834 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
1835 goto f_err;
1836 }
1837 if (n < 6)
1838 {
1839 /* need at least ticket_lifetime_hint + ticket length */
1840 al = SSL_AD_DECODE_ERROR;
1841 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1842 goto f_err;
1843 }
1844
1845 p=d=(unsigned char *)s->init_msg;
1846 n2l(p, s->session->tlsext_tick_lifetime_hint);
1847 n2s(p, ticklen);
1848 /* ticket_lifetime_hint + ticket_length + ticket */
1849 if (ticklen + 6 != n)
1850 {
1851 al = SSL_AD_DECODE_ERROR;
1852 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1853 goto f_err;
1854 }
1855 if (s->session->tlsext_tick)
1856 {
1857 OPENSSL_free(s->session->tlsext_tick);
1858 s->session->tlsext_ticklen = 0;
1859 }
1860 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
1861 if (!s->session->tlsext_tick)
1862 {
1863 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
1864 goto err;
1865 }
1866 memcpy(s->session->tlsext_tick, p, ticklen);
1867 s->session->tlsext_ticklen = ticklen;
1868 /* There are two ways to detect a resumed ticket sesion.
1869 * One is to set an appropriate session ID and then the server
1870 * must return a match in ServerHello. This allows the normal
1871 * client session ID matching to work and we know much
1872 * earlier that the ticket has been accepted.
1873 *
1874 * The other way is to set zero length session ID when the
1875 * ticket is presented and rely on the handshake to determine
1876 * session resumption.
1877 *
1878 * We choose the former approach because this fits in with
1879 * assumptions elsewhere in OpenSSL. The session ID is set
1880 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1881 * ticket.
1882 */
1883 EVP_Digest(p, ticklen,
1884 s->session->session_id, &s->session->session_id_length,
1885#ifndef OPENSSL_NO_SHA256
1886 EVP_sha256(), NULL);
1887#else
1888 EVP_sha1(), NULL);
1889#endif
1890 ret=1;
1891 return(ret);
1892f_err:
1893 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1894err:
1895 return(-1);
1896 }
1897
1898int ssl3_get_cert_status(SSL *s)
1899 {
1900 int ok, al;
1901 unsigned long resplen,n;
1902 const unsigned char *p;
1903
1904 n=s->method->ssl_get_message(s,
1905 SSL3_ST_CR_CERT_STATUS_A,
1906 SSL3_ST_CR_CERT_STATUS_B,
1907 SSL3_MT_CERTIFICATE_STATUS,
1908 16384,
1909 &ok);
1910
1911 if (!ok) return((int)n);
1912 if (n < 4)
1913 {
1914 /* need at least status type + length */
1915 al = SSL_AD_DECODE_ERROR;
1916 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1917 goto f_err;
1918 }
1919 p = (unsigned char *)s->init_msg;
1920 if (*p++ != TLSEXT_STATUSTYPE_ocsp)
1921 {
1922 al = SSL_AD_DECODE_ERROR;
1923 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
1924 goto f_err;
1925 }
1926 n2l3(p, resplen);
1927 if (resplen + 4 != n)
1928 {
1929 al = SSL_AD_DECODE_ERROR;
1930 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1931 goto f_err;
1932 }
1933 if (s->tlsext_ocsp_resp)
1934 OPENSSL_free(s->tlsext_ocsp_resp);
1935 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
1936 if (!s->tlsext_ocsp_resp)
1937 {
1938 al = SSL_AD_INTERNAL_ERROR;
1939 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1940 goto f_err;
1941 }
1942 s->tlsext_ocsp_resplen = resplen;
1943 if (s->ctx->tlsext_status_cb)
1944 {
1945 int ret;
1946 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1947 if (ret == 0)
1948 {
1949 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1950 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
1951 goto f_err;
1952 }
1953 if (ret < 0)
1954 {
1955 al = SSL_AD_INTERNAL_ERROR;
1956 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1957 goto f_err;
1958 }
1959 }
1960 return 1;
1961f_err:
1962 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1963 return(-1);
1964 }
1965#endif
1966
1967int ssl3_get_server_done(SSL *s)
1968 {
1969 int ok,ret=0;
1970 long n;
1971
1972 n=s->method->ssl_get_message(s,
1973 SSL3_ST_CR_SRVR_DONE_A,
1974 SSL3_ST_CR_SRVR_DONE_B,
1975 SSL3_MT_SERVER_DONE,
1976 30, /* should be very small, like 0 :-) */
1977 &ok);
1978
1979 if (!ok) return((int)n);
1980 if (n > 0)
1981 {
1982 /* should contain no data */
1983 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1984 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
1985 return -1;
1986 }
1987 ret=1;
1988 return(ret);
1989 }
1990
1991
1992int ssl3_send_client_key_exchange(SSL *s)
1993 {
1994 unsigned char *p,*d;
1995 int n;
1996 unsigned long alg_k;
1997#ifndef OPENSSL_NO_RSA
1998 unsigned char *q;
1999 EVP_PKEY *pkey=NULL;
2000#endif
2001#ifndef OPENSSL_NO_KRB5
2002 KSSL_ERR kssl_err;
2003#endif /* OPENSSL_NO_KRB5 */
2004#ifndef OPENSSL_NO_ECDH
2005 EC_KEY *clnt_ecdh = NULL;
2006 const EC_POINT *srvr_ecpoint = NULL;
2007 EVP_PKEY *srvr_pub_pkey = NULL;
2008 unsigned char *encodedPoint = NULL;
2009 int encoded_pt_len = 0;
2010 BN_CTX * bn_ctx = NULL;
2011#endif
2012
2013 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
2014 {
2015 d=(unsigned char *)s->init_buf->data;
2016 p= &(d[4]);
2017
2018 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2019
2020 /* Fool emacs indentation */
2021 if (0) {}
2022#ifndef OPENSSL_NO_RSA
2023 else if (alg_k & SSL_kRSA)
2024 {
2025 RSA *rsa;
2026 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2027
2028 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2029 rsa=s->session->sess_cert->peer_rsa_tmp;
2030 else
2031 {
2032 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
2033 if ((pkey == NULL) ||
2034 (pkey->type != EVP_PKEY_RSA) ||
2035 (pkey->pkey.rsa == NULL))
2036 {
2037 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2038 goto err;
2039 }
2040 rsa=pkey->pkey.rsa;
2041 EVP_PKEY_free(pkey);
2042 }
2043
2044 tmp_buf[0]=s->client_version>>8;
2045 tmp_buf[1]=s->client_version&0xff;
2046 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2047 goto err;
2048
2049 s->session->master_key_length=sizeof tmp_buf;
2050
2051 q=p;
2052 /* Fix buf for TLS and beyond */
2053 if (s->version > SSL3_VERSION)
2054 p+=2;
2055 n=RSA_public_encrypt(sizeof tmp_buf,
2056 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
2057#ifdef PKCS1_CHECK
2058 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
2059 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
2060#endif
2061 if (n <= 0)
2062 {
2063 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
2064 goto err;
2065 }
2066
2067 /* Fix buf for TLS and beyond */
2068 if (s->version > SSL3_VERSION)
2069 {
2070 s2n(n,q);
2071 n+=2;
2072 }
2073
2074 s->session->master_key_length=
2075 s->method->ssl3_enc->generate_master_secret(s,
2076 s->session->master_key,
2077 tmp_buf,sizeof tmp_buf);
2078 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
2079 }
2080#endif
2081#ifndef OPENSSL_NO_KRB5
2082 else if (alg_k & SSL_kKRB5)
2083 {
2084 krb5_error_code krb5rc;
2085 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2086 /* krb5_data krb5_ap_req; */
2087 krb5_data *enc_ticket;
2088 krb5_data authenticator, *authp = NULL;
2089 EVP_CIPHER_CTX ciph_ctx;
2090 const EVP_CIPHER *enc = NULL;
2091 unsigned char iv[EVP_MAX_IV_LENGTH];
2092 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2093 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
2094 + EVP_MAX_IV_LENGTH];
2095 int padl, outl = sizeof(epms);
2096
2097 EVP_CIPHER_CTX_init(&ciph_ctx);
2098
2099#ifdef KSSL_DEBUG
2100 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2101 alg_k, SSL_kKRB5);
2102#endif /* KSSL_DEBUG */
2103
2104 authp = NULL;
2105#ifdef KRB5SENDAUTH
2106 if (KRB5SENDAUTH) authp = &authenticator;
2107#endif /* KRB5SENDAUTH */
2108
2109 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
2110 &kssl_err);
2111 enc = kssl_map_enc(kssl_ctx->enctype);
2112 if (enc == NULL)
2113 goto err;
2114#ifdef KSSL_DEBUG
2115 {
2116 printf("kssl_cget_tkt rtn %d\n", krb5rc);
2117 if (krb5rc && kssl_err.text)
2118 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
2119 }
2120#endif /* KSSL_DEBUG */
2121
2122 if (krb5rc)
2123 {
2124 ssl3_send_alert(s,SSL3_AL_FATAL,
2125 SSL_AD_HANDSHAKE_FAILURE);
2126 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2127 kssl_err.reason);
2128 goto err;
2129 }
2130
2131 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
2132 ** in place of RFC 2712 KerberosWrapper, as in:
2133 **
2134 ** Send ticket (copy to *p, set n = length)
2135 ** n = krb5_ap_req.length;
2136 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
2137 ** if (krb5_ap_req.data)
2138 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
2139 **
2140 ** Now using real RFC 2712 KerberosWrapper
2141 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
2142 ** Note: 2712 "opaque" types are here replaced
2143 ** with a 2-byte length followed by the value.
2144 ** Example:
2145 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
2146 ** Where "xx xx" = length bytes. Shown here with
2147 ** optional authenticator omitted.
2148 */
2149
2150 /* KerberosWrapper.Ticket */
2151 s2n(enc_ticket->length,p);
2152 memcpy(p, enc_ticket->data, enc_ticket->length);
2153 p+= enc_ticket->length;
2154 n = enc_ticket->length + 2;
2155
2156 /* KerberosWrapper.Authenticator */
2157 if (authp && authp->length)
2158 {
2159 s2n(authp->length,p);
2160 memcpy(p, authp->data, authp->length);
2161 p+= authp->length;
2162 n+= authp->length + 2;
2163
2164 free(authp->data);
2165 authp->data = NULL;
2166 authp->length = 0;
2167 }
2168 else
2169 {
2170 s2n(0,p);/* null authenticator length */
2171 n+=2;
2172 }
2173
2174 tmp_buf[0]=s->client_version>>8;
2175 tmp_buf[1]=s->client_version&0xff;
2176 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2177 goto err;
2178
2179 /* 20010420 VRS. Tried it this way; failed.
2180 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
2181 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
2182 ** kssl_ctx->length);
2183 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2184 */
2185
2186 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2187 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
2188 kssl_ctx->key,iv);
2189 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
2190 sizeof tmp_buf);
2191 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
2192 outl += padl;
2193 if (outl > (int)sizeof epms)
2194 {
2195 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2196 goto err;
2197 }
2198 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2199
2200 /* KerberosWrapper.EncryptedPreMasterSecret */
2201 s2n(outl,p);
2202 memcpy(p, epms, outl);
2203 p+=outl;
2204 n+=outl + 2;
2205
2206 s->session->master_key_length=
2207 s->method->ssl3_enc->generate_master_secret(s,
2208 s->session->master_key,
2209 tmp_buf, sizeof tmp_buf);
2210
2211 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2212 OPENSSL_cleanse(epms, outl);
2213 }
2214#endif
2215#ifndef OPENSSL_NO_DH
2216 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2217 {
2218 DH *dh_srvr,*dh_clnt;
2219
2220 if (s->session->sess_cert == NULL)
2221 {
2222 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2223 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2224 goto err;
2225 }
2226
2227 if (s->session->sess_cert->peer_dh_tmp != NULL)
2228 dh_srvr=s->session->sess_cert->peer_dh_tmp;
2229 else
2230 {
2231 /* we get them from the cert */
2232 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2233 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2234 goto err;
2235 }
2236
2237 /* generate a new random key */
2238 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
2239 {
2240 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2241 goto err;
2242 }
2243 if (!DH_generate_key(dh_clnt))
2244 {
2245 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2246 DH_free(dh_clnt);
2247 goto err;
2248 }
2249
2250 /* use the 'p' output buffer for the DH key, but
2251 * make sure to clear it out afterwards */
2252
2253 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
2254
2255 if (n <= 0)
2256 {
2257 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2258 DH_free(dh_clnt);
2259 goto err;
2260 }
2261
2262 /* generate master key from the result */
2263 s->session->master_key_length=
2264 s->method->ssl3_enc->generate_master_secret(s,
2265 s->session->master_key,p,n);
2266 /* clean up */
2267 memset(p,0,n);
2268
2269 /* send off the data */
2270 n=BN_num_bytes(dh_clnt->pub_key);
2271 s2n(n,p);
2272 BN_bn2bin(dh_clnt->pub_key,p);
2273 n+=2;
2274
2275 DH_free(dh_clnt);
2276
2277 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2278 }
2279#endif
2280
2281#ifndef OPENSSL_NO_ECDH
2282 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2283 {
2284 const EC_GROUP *srvr_group = NULL;
2285 EC_KEY *tkey;
2286 int ecdh_clnt_cert = 0;
2287 int field_size = 0;
2288
2289 /* Did we send out the client's
2290 * ECDH share for use in premaster
2291 * computation as part of client certificate?
2292 * If so, set ecdh_clnt_cert to 1.
2293 */
2294 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
2295 {
2296 /* XXX: For now, we do not support client
2297 * authentication using ECDH certificates.
2298 * To add such support, one needs to add
2299 * code that checks for appropriate
2300 * conditions and sets ecdh_clnt_cert to 1.
2301 * For example, the cert have an ECC
2302 * key on the same curve as the server's
2303 * and the key should be authorized for
2304 * key agreement.
2305 *
2306 * One also needs to add code in ssl3_connect
2307 * to skip sending the certificate verify
2308 * message.
2309 *
2310 * if ((s->cert->key->privatekey != NULL) &&
2311 * (s->cert->key->privatekey->type ==
2312 * EVP_PKEY_EC) && ...)
2313 * ecdh_clnt_cert = 1;
2314 */
2315 }
2316
2317 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
2318 {
2319 tkey = s->session->sess_cert->peer_ecdh_tmp;
2320 }
2321 else
2322 {
2323 /* Get the Server Public Key from Cert */
2324 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2325 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2326 if ((srvr_pub_pkey == NULL) ||
2327 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2328 (srvr_pub_pkey->pkey.ec == NULL))
2329 {
2330 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2331 ERR_R_INTERNAL_ERROR);
2332 goto err;
2333 }
2334
2335 tkey = srvr_pub_pkey->pkey.ec;
2336 }
2337
2338 srvr_group = EC_KEY_get0_group(tkey);
2339 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2340
2341 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
2342 {
2343 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2344 ERR_R_INTERNAL_ERROR);
2345 goto err;
2346 }
2347
2348 if ((clnt_ecdh=EC_KEY_new()) == NULL)
2349 {
2350 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2351 goto err;
2352 }
2353
2354 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
2355 {
2356 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2357 goto err;
2358 }
2359 if (ecdh_clnt_cert)
2360 {
2361 /* Reuse key info from our certificate
2362 * We only need our private key to perform
2363 * the ECDH computation.
2364 */
2365 const BIGNUM *priv_key;
2366 tkey = s->cert->key->privatekey->pkey.ec;
2367 priv_key = EC_KEY_get0_private_key(tkey);
2368 if (priv_key == NULL)
2369 {
2370 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2371 goto err;
2372 }
2373 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
2374 {
2375 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2376 goto err;
2377 }
2378 }
2379 else
2380 {
2381 /* Generate a new ECDH key pair */
2382 if (!(EC_KEY_generate_key(clnt_ecdh)))
2383 {
2384 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2385 goto err;
2386 }
2387 }
2388
2389 /* use the 'p' output buffer for the ECDH key, but
2390 * make sure to clear it out afterwards
2391 */
2392
2393 field_size = EC_GROUP_get_degree(srvr_group);
2394 if (field_size <= 0)
2395 {
2396 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2397 ERR_R_ECDH_LIB);
2398 goto err;
2399 }
2400 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2401 if (n <= 0)
2402 {
2403 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2404 ERR_R_ECDH_LIB);
2405 goto err;
2406 }
2407
2408 /* generate master key from the result */
2409 s->session->master_key_length = s->method->ssl3_enc \
2410 -> generate_master_secret(s,
2411 s->session->master_key,
2412 p, n);
2413
2414 memset(p, 0, n); /* clean up */
2415
2416 if (ecdh_clnt_cert)
2417 {
2418 /* Send empty client key exch message */
2419 n = 0;
2420 }
2421 else
2422 {
2423 /* First check the size of encoding and
2424 * allocate memory accordingly.
2425 */
2426 encoded_pt_len =
2427 EC_POINT_point2oct(srvr_group,
2428 EC_KEY_get0_public_key(clnt_ecdh),
2429 POINT_CONVERSION_UNCOMPRESSED,
2430 NULL, 0, NULL);
2431
2432 encodedPoint = (unsigned char *)
2433 OPENSSL_malloc(encoded_pt_len *
2434 sizeof(unsigned char));
2435 bn_ctx = BN_CTX_new();
2436 if ((encodedPoint == NULL) ||
2437 (bn_ctx == NULL))
2438 {
2439 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2440 goto err;
2441 }
2442
2443 /* Encode the public key */
2444 n = EC_POINT_point2oct(srvr_group,
2445 EC_KEY_get0_public_key(clnt_ecdh),
2446 POINT_CONVERSION_UNCOMPRESSED,
2447 encodedPoint, encoded_pt_len, bn_ctx);
2448
2449 *p = n; /* length of encoded point */
2450 /* Encoded point will be copied here */
2451 p += 1;
2452 /* copy the point */
2453 memcpy((unsigned char *)p, encodedPoint, n);
2454 /* increment n to account for length field */
2455 n += 1;
2456 }
2457
2458 /* Free allocated memory */
2459 BN_CTX_free(bn_ctx);
2460 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2461 if (clnt_ecdh != NULL)
2462 EC_KEY_free(clnt_ecdh);
2463 EVP_PKEY_free(srvr_pub_pkey);
2464 }
2465#endif /* !OPENSSL_NO_ECDH */
2466 else if (alg_k & SSL_kGOST)
2467 {
2468 /* GOST key exchange message creation */
2469 EVP_PKEY_CTX *pkey_ctx;
2470 X509 *peer_cert;
2471 size_t msglen;
2472 unsigned int md_len;
2473 int keytype;
2474 unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
2475 EVP_MD_CTX *ukm_hash;
2476 EVP_PKEY *pub_key;
2477
2478 /* Get server sertificate PKEY and create ctx from it */
2479 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
2480 if (!peer_cert)
2481 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
2482 if (!peer_cert) {
2483 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2484 goto err;
2485 }
2486
2487 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
2488 /* If we have send a certificate, and certificate key
2489
2490 * parameters match those of server certificate, use
2491 * certificate key for key exchange
2492 */
2493
2494 /* Otherwise, generate ephemeral key pair */
2495
2496 EVP_PKEY_encrypt_init(pkey_ctx);
2497 /* Generate session key */
2498 RAND_bytes(premaster_secret,32);
2499 /* If we have client certificate, use its secret as peer key */
2500 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2501 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
2502 /* If there was an error - just ignore it. Ephemeral key
2503 * would be used
2504 */
2505 ERR_clear_error();
2506 }
2507 }
2508 /* Compute shared IV and store it in algorithm-specific
2509 * context data */
2510 ukm_hash = EVP_MD_CTX_create();
2511 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
2512 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
2513 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
2514 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2515 EVP_MD_CTX_destroy(ukm_hash);
2516 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
2517 8,shared_ukm)<0) {
2518 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2519 SSL_R_LIBRARY_BUG);
2520 goto err;
2521 }
2522 /* Make GOST keytransport blob message */
2523 /*Encapsulate it into sequence */
2524 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2525 msglen=255;
2526 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
2527 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2528 SSL_R_LIBRARY_BUG);
2529 goto err;
2530 }
2531 if (msglen >= 0x80)
2532 {
2533 *(p++)=0x81;
2534 *(p++)= msglen & 0xff;
2535 n=msglen+3;
2536 }
2537 else
2538 {
2539 *(p++)= msglen & 0xff;
2540 n=msglen+2;
2541 }
2542 memcpy(p, tmp, msglen);
2543 /* Check if pubkey from client certificate was used */
2544 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2545 {
2546 /* Set flag "skip certificate verify" */
2547 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2548 }
2549 EVP_PKEY_CTX_free(pkey_ctx);
2550 s->session->master_key_length=
2551 s->method->ssl3_enc->generate_master_secret(s,
2552 s->session->master_key,premaster_secret,32);
2553 EVP_PKEY_free(pub_key);
2554
2555 }
2556#ifndef OPENSSL_NO_PSK
2557 else if (alg_k & SSL_kPSK)
2558 {
2559 char identity[PSK_MAX_IDENTITY_LEN];
2560 unsigned char *t = NULL;
2561 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2562 unsigned int pre_ms_len = 0, psk_len = 0;
2563 int psk_err = 1;
2564
2565 n = 0;
2566 if (s->psk_client_callback == NULL)
2567 {
2568 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2569 SSL_R_PSK_NO_CLIENT_CB);
2570 goto err;
2571 }
2572
2573 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2574 identity, PSK_MAX_IDENTITY_LEN,
2575 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2576 if (psk_len > PSK_MAX_PSK_LEN)
2577 {
2578 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2579 ERR_R_INTERNAL_ERROR);
2580 goto psk_err;
2581 }
2582 else if (psk_len == 0)
2583 {
2584 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2585 SSL_R_PSK_IDENTITY_NOT_FOUND);
2586 goto psk_err;
2587 }
2588
2589 /* create PSK pre_master_secret */
2590 pre_ms_len = 2+psk_len+2+psk_len;
2591 t = psk_or_pre_ms;
2592 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2593 s2n(psk_len, t);
2594 memset(t, 0, psk_len);
2595 t+=psk_len;
2596 s2n(psk_len, t);
2597
2598 if (s->session->psk_identity_hint != NULL)
2599 OPENSSL_free(s->session->psk_identity_hint);
2600 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2601 if (s->ctx->psk_identity_hint != NULL &&
2602 s->session->psk_identity_hint == NULL)
2603 {
2604 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2605 ERR_R_MALLOC_FAILURE);
2606 goto psk_err;
2607 }
2608
2609 if (s->session->psk_identity != NULL)
2610 OPENSSL_free(s->session->psk_identity);
2611 s->session->psk_identity = BUF_strdup(identity);
2612 if (s->session->psk_identity == NULL)
2613 {
2614 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2615 ERR_R_MALLOC_FAILURE);
2616 goto psk_err;
2617 }
2618
2619 s->session->master_key_length =
2620 s->method->ssl3_enc->generate_master_secret(s,
2621 s->session->master_key,
2622 psk_or_pre_ms, pre_ms_len);
2623 n = strlen(identity);
2624 s2n(n, p);
2625 memcpy(p, identity, n);
2626 n+=2;
2627 psk_err = 0;
2628 psk_err:
2629 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2630 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2631 if (psk_err != 0)
2632 {
2633 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2634 goto err;
2635 }
2636 }
2637#endif
2638 else
2639 {
2640 ssl3_send_alert(s, SSL3_AL_FATAL,
2641 SSL_AD_HANDSHAKE_FAILURE);
2642 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2643 ERR_R_INTERNAL_ERROR);
2644 goto err;
2645 }
2646
2647 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
2648 l2n3(n,d);
2649
2650 s->state=SSL3_ST_CW_KEY_EXCH_B;
2651 /* number of bytes to write */
2652 s->init_num=n+4;
2653 s->init_off=0;
2654 }
2655
2656 /* SSL3_ST_CW_KEY_EXCH_B */
2657 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2658err:
2659#ifndef OPENSSL_NO_ECDH
2660 BN_CTX_free(bn_ctx);
2661 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2662 if (clnt_ecdh != NULL)
2663 EC_KEY_free(clnt_ecdh);
2664 EVP_PKEY_free(srvr_pub_pkey);
2665#endif
2666 return(-1);
2667 }
2668
2669int ssl3_send_client_verify(SSL *s)
2670 {
2671 unsigned char *p,*d;
2672 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
2673 EVP_PKEY *pkey;
2674 EVP_PKEY_CTX *pctx=NULL;
2675#ifndef OPENSSL_NO_RSA
2676 unsigned u=0;
2677#endif
2678 unsigned long n;
2679 int j;
2680
2681 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
2682 {
2683 d=(unsigned char *)s->init_buf->data;
2684 p= &(d[4]);
2685 pkey=s->cert->key->privatekey;
2686/* Create context from key and test if sha1 is allowed as digest */
2687 pctx = EVP_PKEY_CTX_new(pkey,NULL);
2688 EVP_PKEY_sign_init(pctx);
2689 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
2690 {
2691 s->method->ssl3_enc->cert_verify_mac(s,
2692 NID_sha1,
2693 &(data[MD5_DIGEST_LENGTH]));
2694 }
2695 else
2696 {
2697 ERR_clear_error();
2698 }
2699#ifndef OPENSSL_NO_RSA
2700 if (pkey->type == EVP_PKEY_RSA)
2701 {
2702 s->method->ssl3_enc->cert_verify_mac(s,
2703 NID_md5,
2704 &(data[0]));
2705 if (RSA_sign(NID_md5_sha1, data,
2706 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2707 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
2708 {
2709 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
2710 goto err;
2711 }
2712 s2n(u,p);
2713 n=u+2;
2714 }
2715 else
2716#endif
2717#ifndef OPENSSL_NO_DSA
2718 if (pkey->type == EVP_PKEY_DSA)
2719 {
2720 if (!DSA_sign(pkey->save_type,
2721 &(data[MD5_DIGEST_LENGTH]),
2722 SHA_DIGEST_LENGTH,&(p[2]),
2723 (unsigned int *)&j,pkey->pkey.dsa))
2724 {
2725 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
2726 goto err;
2727 }
2728 s2n(j,p);
2729 n=j+2;
2730 }
2731 else
2732#endif
2733#ifndef OPENSSL_NO_ECDSA
2734 if (pkey->type == EVP_PKEY_EC)
2735 {
2736 if (!ECDSA_sign(pkey->save_type,
2737 &(data[MD5_DIGEST_LENGTH]),
2738 SHA_DIGEST_LENGTH,&(p[2]),
2739 (unsigned int *)&j,pkey->pkey.ec))
2740 {
2741 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2742 ERR_R_ECDSA_LIB);
2743 goto err;
2744 }
2745 s2n(j,p);
2746 n=j+2;
2747 }
2748 else
2749#endif
2750 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
2751 {
2752 unsigned char signbuf[64];
2753 int i;
2754 size_t sigsize=64;
2755 s->method->ssl3_enc->cert_verify_mac(s,
2756 NID_id_GostR3411_94,
2757 data);
2758 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
2759 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2760 ERR_R_INTERNAL_ERROR);
2761 goto err;
2762 }
2763 for (i=63,j=0; i>=0; j++, i--) {
2764 p[2+j]=signbuf[i];
2765 }
2766 s2n(j,p);
2767 n=j+2;
2768 }
2769 else
2770 {
2771 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
2772 goto err;
2773 }
2774 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
2775 l2n3(n,d);
2776
2777 s->state=SSL3_ST_CW_CERT_VRFY_B;
2778 s->init_num=(int)n+4;
2779 s->init_off=0;
2780 }
2781 EVP_PKEY_CTX_free(pctx);
2782 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2783err:
2784 EVP_PKEY_CTX_free(pctx);
2785 return(-1);
2786 }
2787
2788int ssl3_send_client_certificate(SSL *s)
2789 {
2790 X509 *x509=NULL;
2791 EVP_PKEY *pkey=NULL;
2792 int i;
2793 unsigned long l;
2794
2795 if (s->state == SSL3_ST_CW_CERT_A)
2796 {
2797 if ((s->cert == NULL) ||
2798 (s->cert->key->x509 == NULL) ||
2799 (s->cert->key->privatekey == NULL))
2800 s->state=SSL3_ST_CW_CERT_B;
2801 else
2802 s->state=SSL3_ST_CW_CERT_C;
2803 }
2804
2805 /* We need to get a client cert */
2806 if (s->state == SSL3_ST_CW_CERT_B)
2807 {
2808 /* If we get an error, we need to
2809 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2810 * We then get retied later */
2811 i=0;
2812 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2813 if (i < 0)
2814 {
2815 s->rwstate=SSL_X509_LOOKUP;
2816 return(-1);
2817 }
2818 s->rwstate=SSL_NOTHING;
2819 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
2820 {
2821 s->state=SSL3_ST_CW_CERT_B;
2822 if ( !SSL_use_certificate(s,x509) ||
2823 !SSL_use_PrivateKey(s,pkey))
2824 i=0;
2825 }
2826 else if (i == 1)
2827 {
2828 i=0;
2829 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2830 }
2831
2832 if (x509 != NULL) X509_free(x509);
2833 if (pkey != NULL) EVP_PKEY_free(pkey);
2834 if (i == 0)
2835 {
2836 if (s->version == SSL3_VERSION)
2837 {
2838 s->s3->tmp.cert_req=0;
2839 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
2840 return(1);
2841 }
2842 else
2843 {
2844 s->s3->tmp.cert_req=2;
2845 }
2846 }
2847
2848 /* Ok, we have a cert */
2849 s->state=SSL3_ST_CW_CERT_C;
2850 }
2851
2852 if (s->state == SSL3_ST_CW_CERT_C)
2853 {
2854 s->state=SSL3_ST_CW_CERT_D;
2855 l=ssl3_output_cert_chain(s,
2856 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
2857 s->init_num=(int)l;
2858 s->init_off=0;
2859 }
2860 /* SSL3_ST_CW_CERT_D */
2861 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2862 }
2863
2864#define has_bits(i,m) (((i)&(m)) == (m))
2865
2866int ssl3_check_cert_and_algorithm(SSL *s)
2867 {
2868 int i,idx;
2869 long alg_k,alg_a;
2870 EVP_PKEY *pkey=NULL;
2871 SESS_CERT *sc;
2872#ifndef OPENSSL_NO_RSA
2873 RSA *rsa;
2874#endif
2875#ifndef OPENSSL_NO_DH
2876 DH *dh;
2877#endif
2878
2879 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2880 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
2881
2882 /* we don't have a certificate */
2883 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
2884 return(1);
2885
2886 sc=s->session->sess_cert;
2887 if (sc == NULL)
2888 {
2889 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
2890 goto err;
2891 }
2892
2893#ifndef OPENSSL_NO_RSA
2894 rsa=s->session->sess_cert->peer_rsa_tmp;
2895#endif
2896#ifndef OPENSSL_NO_DH
2897 dh=s->session->sess_cert->peer_dh_tmp;
2898#endif
2899
2900 /* This is the passed certificate */
2901
2902 idx=sc->peer_cert_type;
2903#ifndef OPENSSL_NO_ECDH
2904 if (idx == SSL_PKEY_ECC)
2905 {
2906 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2907 s->s3->tmp.new_cipher) == 0)
2908 { /* check failed */
2909 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2910 goto f_err;
2911 }
2912 else
2913 {
2914 return 1;
2915 }
2916 }
2917#endif
2918 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
2919 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
2920 EVP_PKEY_free(pkey);
2921
2922
2923 /* Check that we have a certificate if we require one */
2924 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
2925 {
2926 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
2927 goto f_err;
2928 }
2929#ifndef OPENSSL_NO_DSA
2930 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
2931 {
2932 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
2933 goto f_err;
2934 }
2935#endif
2936#ifndef OPENSSL_NO_RSA
2937 if ((alg_k & SSL_kRSA) &&
2938 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
2939 {
2940 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2941 goto f_err;
2942 }
2943#endif
2944#ifndef OPENSSL_NO_DH
2945 if ((alg_k & SSL_kEDH) &&
2946 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
2947 {
2948 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
2949 goto f_err;
2950 }
2951 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
2952 {
2953 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
2954 goto f_err;
2955 }
2956#ifndef OPENSSL_NO_DSA
2957 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
2958 {
2959 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
2960 goto f_err;
2961 }
2962#endif
2963#endif
2964
2965 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
2966 {
2967#ifndef OPENSSL_NO_RSA
2968 if (alg_k & SSL_kRSA)
2969 {
2970 if (rsa == NULL
2971 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
2972 {
2973 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
2974 goto f_err;
2975 }
2976 }
2977 else
2978#endif
2979#ifndef OPENSSL_NO_DH
2980 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2981 {
2982 if (dh == NULL
2983 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
2984 {
2985 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
2986 goto f_err;
2987 }
2988 }
2989 else
2990#endif
2991 {
2992 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2993 goto f_err;
2994 }
2995 }
2996 return(1);
2997f_err:
2998 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2999err:
3000 return(0);
3001 }
3002
3003/* Check to see if handshake is full or resumed. Usually this is just a
3004 * case of checking to see if a cache hit has occurred. In the case of
3005 * session tickets we have to check the next message to be sure.
3006 */
3007
3008#ifndef OPENSSL_NO_TLSEXT
3009int ssl3_check_finished(SSL *s)
3010 {
3011 int ok;
3012 long n;
3013 /* If we have no ticket it cannot be a resumed session. */
3014 if (!s->session->tlsext_tick)
3015 return 1;
3016 /* this function is called when we really expect a Certificate
3017 * message, so permit appropriate message length */
3018 n=s->method->ssl_get_message(s,
3019 SSL3_ST_CR_CERT_A,
3020 SSL3_ST_CR_CERT_B,
3021 -1,
3022 s->max_cert_list,
3023 &ok);
3024 if (!ok) return((int)n);
3025 s->s3->tmp.reuse_message = 1;
3026 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
3027 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
3028 return 2;
3029
3030 return 1;
3031 }
3032#endif
3033
3034int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
3035 {
3036 int i = 0;
3037#ifndef OPENSSL_NO_ENGINE
3038 if (s->ctx->client_cert_engine)
3039 {
3040 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
3041 SSL_get_client_CA_list(s),
3042 px509, ppkey, NULL, NULL, NULL);
3043 if (i != 0)
3044 return i;
3045 }
3046#endif
3047 if (s->ctx->client_cert_cb)
3048 i = s->ctx->client_cert_cb(s,px509,ppkey);
3049 return i;
3050 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index 1130244aeb..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,3338 +0,0 @@
1/* ssl/s3_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152#include <openssl/objects.h>
153#include "ssl_locl.h"
154#include "kssl_lcl.h"
155#ifndef OPENSSL_NO_TLSEXT
156#ifndef OPENSSL_NO_EC
157#include "../crypto/ec/ec_lcl.h"
158#endif /* OPENSSL_NO_EC */
159#endif /* OPENSSL_NO_TLSEXT */
160#include <openssl/md5.h>
161#ifndef OPENSSL_NO_DH
162#include <openssl/dh.h>
163#endif
164
165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169/* list of available SSLv3 ciphers (sorted by id) */
170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172/* The RSA ciphers */
173/* Cipher 01 */
174 {
175 1,
176 SSL3_TXT_RSA_NULL_MD5,
177 SSL3_CK_RSA_NULL_MD5,
178 SSL_kRSA,
179 SSL_aRSA,
180 SSL_eNULL,
181 SSL_MD5,
182 SSL_SSLV3,
183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 0,
186 0,
187 },
188
189/* Cipher 02 */
190 {
191 1,
192 SSL3_TXT_RSA_NULL_SHA,
193 SSL3_CK_RSA_NULL_SHA,
194 SSL_kRSA,
195 SSL_aRSA,
196 SSL_eNULL,
197 SSL_SHA1,
198 SSL_SSLV3,
199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 0,
202 0,
203 },
204
205/* Cipher 03 */
206 {
207 1,
208 SSL3_TXT_RSA_RC4_40_MD5,
209 SSL3_CK_RSA_RC4_40_MD5,
210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_RC4,
213 SSL_MD5,
214 SSL_SSLV3,
215 SSL_EXPORT|SSL_EXP40,
216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 40,
218 128,
219 },
220
221/* Cipher 04 */
222 {
223 1,
224 SSL3_TXT_RSA_RC4_128_MD5,
225 SSL3_CK_RSA_RC4_128_MD5,
226 SSL_kRSA,
227 SSL_aRSA,
228 SSL_RC4,
229 SSL_MD5,
230 SSL_SSLV3,
231 SSL_NOT_EXP|SSL_MEDIUM,
232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 128,
234 128,
235 },
236
237/* Cipher 05 */
238 {
239 1,
240 SSL3_TXT_RSA_RC4_128_SHA,
241 SSL3_CK_RSA_RC4_128_SHA,
242 SSL_kRSA,
243 SSL_aRSA,
244 SSL_RC4,
245 SSL_SHA1,
246 SSL_SSLV3,
247 SSL_NOT_EXP|SSL_MEDIUM,
248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 128,
250 128,
251 },
252
253/* Cipher 06 */
254 {
255 1,
256 SSL3_TXT_RSA_RC2_40_MD5,
257 SSL3_CK_RSA_RC2_40_MD5,
258 SSL_kRSA,
259 SSL_aRSA,
260 SSL_RC2,
261 SSL_MD5,
262 SSL_SSLV3,
263 SSL_EXPORT|SSL_EXP40,
264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 40,
266 128,
267 },
268
269/* Cipher 07 */
270#ifndef OPENSSL_NO_IDEA
271 {
272 1,
273 SSL3_TXT_RSA_IDEA_128_SHA,
274 SSL3_CK_RSA_IDEA_128_SHA,
275 SSL_kRSA,
276 SSL_aRSA,
277 SSL_IDEA,
278 SSL_SHA1,
279 SSL_SSLV3,
280 SSL_NOT_EXP|SSL_MEDIUM,
281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 128,
283 128,
284 },
285#endif
286
287/* Cipher 08 */
288 {
289 1,
290 SSL3_TXT_RSA_DES_40_CBC_SHA,
291 SSL3_CK_RSA_DES_40_CBC_SHA,
292 SSL_kRSA,
293 SSL_aRSA,
294 SSL_DES,
295 SSL_SHA1,
296 SSL_SSLV3,
297 SSL_EXPORT|SSL_EXP40,
298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 40,
300 56,
301 },
302
303/* Cipher 09 */
304 {
305 1,
306 SSL3_TXT_RSA_DES_64_CBC_SHA,
307 SSL3_CK_RSA_DES_64_CBC_SHA,
308 SSL_kRSA,
309 SSL_aRSA,
310 SSL_DES,
311 SSL_SHA1,
312 SSL_SSLV3,
313 SSL_NOT_EXP|SSL_LOW,
314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 56,
316 56,
317 },
318
319/* Cipher 0A */
320 {
321 1,
322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 SSL3_CK_RSA_DES_192_CBC3_SHA,
324 SSL_kRSA,
325 SSL_aRSA,
326 SSL_3DES,
327 SSL_SHA1,
328 SSL_SSLV3,
329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 168,
332 168,
333 },
334
335/* The DH ciphers */
336/* Cipher 0B */
337 {
338 0,
339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 SSL_kDHd,
342 SSL_aDH,
343 SSL_DES,
344 SSL_SHA1,
345 SSL_SSLV3,
346 SSL_EXPORT|SSL_EXP40,
347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 40,
349 56,
350 },
351
352/* Cipher 0C */
353 {
354 0, /* not implemented (non-ephemeral DH) */
355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 SSL_kDHd,
358 SSL_aDH,
359 SSL_DES,
360 SSL_SHA1,
361 SSL_SSLV3,
362 SSL_NOT_EXP|SSL_LOW,
363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 56,
365 56,
366 },
367
368/* Cipher 0D */
369 {
370 0, /* not implemented (non-ephemeral DH) */
371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 SSL_kDHd,
374 SSL_aDH,
375 SSL_3DES,
376 SSL_SHA1,
377 SSL_SSLV3,
378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 168,
381 168,
382 },
383
384/* Cipher 0E */
385 {
386 0, /* not implemented (non-ephemeral DH) */
387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 SSL_kDHr,
390 SSL_aDH,
391 SSL_DES,
392 SSL_SHA1,
393 SSL_SSLV3,
394 SSL_EXPORT|SSL_EXP40,
395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 40,
397 56,
398 },
399
400/* Cipher 0F */
401 {
402 0, /* not implemented (non-ephemeral DH) */
403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 SSL_kDHr,
406 SSL_aDH,
407 SSL_DES,
408 SSL_SHA1,
409 SSL_SSLV3,
410 SSL_NOT_EXP|SSL_LOW,
411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 56,
413 56,
414 },
415
416/* Cipher 10 */
417 {
418 0, /* not implemented (non-ephemeral DH) */
419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 SSL_kDHr,
422 SSL_aDH,
423 SSL_3DES,
424 SSL_SHA1,
425 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168,
429 168,
430 },
431
432/* The Ephemeral DH ciphers */
433/* Cipher 11 */
434 {
435 1,
436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 SSL_kEDH,
439 SSL_aDSS,
440 SSL_DES,
441 SSL_SHA1,
442 SSL_SSLV3,
443 SSL_EXPORT|SSL_EXP40,
444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 40,
446 56,
447 },
448
449/* Cipher 12 */
450 {
451 1,
452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 SSL_kEDH,
455 SSL_aDSS,
456 SSL_DES,
457 SSL_SHA1,
458 SSL_SSLV3,
459 SSL_NOT_EXP|SSL_LOW,
460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 56,
462 56,
463 },
464
465/* Cipher 13 */
466 {
467 1,
468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 SSL_kEDH,
471 SSL_aDSS,
472 SSL_3DES,
473 SSL_SHA1,
474 SSL_SSLV3,
475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 168,
478 168,
479 },
480
481/* Cipher 14 */
482 {
483 1,
484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 SSL_kEDH,
487 SSL_aRSA,
488 SSL_DES,
489 SSL_SHA1,
490 SSL_SSLV3,
491 SSL_EXPORT|SSL_EXP40,
492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 40,
494 56,
495 },
496
497/* Cipher 15 */
498 {
499 1,
500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 SSL_kEDH,
503 SSL_aRSA,
504 SSL_DES,
505 SSL_SHA1,
506 SSL_SSLV3,
507 SSL_NOT_EXP|SSL_LOW,
508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 56,
510 56,
511 },
512
513/* Cipher 16 */
514 {
515 1,
516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 SSL_kEDH,
519 SSL_aRSA,
520 SSL_3DES,
521 SSL_SHA1,
522 SSL_SSLV3,
523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 168,
526 168,
527 },
528
529/* Cipher 17 */
530 {
531 1,
532 SSL3_TXT_ADH_RC4_40_MD5,
533 SSL3_CK_ADH_RC4_40_MD5,
534 SSL_kEDH,
535 SSL_aNULL,
536 SSL_RC4,
537 SSL_MD5,
538 SSL_SSLV3,
539 SSL_EXPORT|SSL_EXP40,
540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 40,
542 128,
543 },
544
545/* Cipher 18 */
546 {
547 1,
548 SSL3_TXT_ADH_RC4_128_MD5,
549 SSL3_CK_ADH_RC4_128_MD5,
550 SSL_kEDH,
551 SSL_aNULL,
552 SSL_RC4,
553 SSL_MD5,
554 SSL_SSLV3,
555 SSL_NOT_EXP|SSL_MEDIUM,
556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 128,
558 128,
559 },
560
561/* Cipher 19 */
562 {
563 1,
564 SSL3_TXT_ADH_DES_40_CBC_SHA,
565 SSL3_CK_ADH_DES_40_CBC_SHA,
566 SSL_kEDH,
567 SSL_aNULL,
568 SSL_DES,
569 SSL_SHA1,
570 SSL_SSLV3,
571 SSL_EXPORT|SSL_EXP40,
572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 40,
574 128,
575 },
576
577/* Cipher 1A */
578 {
579 1,
580 SSL3_TXT_ADH_DES_64_CBC_SHA,
581 SSL3_CK_ADH_DES_64_CBC_SHA,
582 SSL_kEDH,
583 SSL_aNULL,
584 SSL_DES,
585 SSL_SHA1,
586 SSL_SSLV3,
587 SSL_NOT_EXP|SSL_LOW,
588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 56,
590 56,
591 },
592
593/* Cipher 1B */
594 {
595 1,
596 SSL3_TXT_ADH_DES_192_CBC_SHA,
597 SSL3_CK_ADH_DES_192_CBC_SHA,
598 SSL_kEDH,
599 SSL_aNULL,
600 SSL_3DES,
601 SSL_SHA1,
602 SSL_SSLV3,
603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 168,
606 168,
607 },
608
609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0
611/* Cipher 1C */
612 {
613 0,
614 SSL3_TXT_FZA_DMS_NULL_SHA,
615 SSL3_CK_FZA_DMS_NULL_SHA,
616 SSL_kFZA,
617 SSL_aFZA,
618 SSL_eNULL,
619 SSL_SHA1,
620 SSL_SSLV3,
621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 0,
624 0,
625 },
626
627/* Cipher 1D */
628 {
629 0,
630 SSL3_TXT_FZA_DMS_FZA_SHA,
631 SSL3_CK_FZA_DMS_FZA_SHA,
632 SSL_kFZA,
633 SSL_aFZA,
634 SSL_eFZA,
635 SSL_SHA1,
636 SSL_SSLV3,
637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 0,
640 0,
641 },
642
643/* Cipher 1E */
644 {
645 0,
646 SSL3_TXT_FZA_DMS_RC4_SHA,
647 SSL3_CK_FZA_DMS_RC4_SHA,
648 SSL_kFZA,
649 SSL_aFZA,
650 SSL_RC4,
651 SSL_SHA1,
652 SSL_SSLV3,
653 SSL_NOT_EXP|SSL_MEDIUM,
654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 128,
656 128,
657 },
658#endif
659
660#ifndef OPENSSL_NO_KRB5
661/* The Kerberos ciphers*/
662/* Cipher 1E */
663 {
664 1,
665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 SSL3_CK_KRB5_DES_64_CBC_SHA,
667 SSL_kKRB5,
668 SSL_aKRB5,
669 SSL_DES,
670 SSL_SHA1,
671 SSL_SSLV3,
672 SSL_NOT_EXP|SSL_LOW,
673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 56,
675 56,
676 },
677
678/* Cipher 1F */
679 {
680 1,
681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 SSL_kKRB5,
684 SSL_aKRB5,
685 SSL_3DES,
686 SSL_SHA1,
687 SSL_SSLV3,
688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 168,
691 168,
692 },
693
694/* Cipher 20 */
695 {
696 1,
697 SSL3_TXT_KRB5_RC4_128_SHA,
698 SSL3_CK_KRB5_RC4_128_SHA,
699 SSL_kKRB5,
700 SSL_aKRB5,
701 SSL_RC4,
702 SSL_SHA1,
703 SSL_SSLV3,
704 SSL_NOT_EXP|SSL_MEDIUM,
705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 128,
707 128,
708 },
709
710/* Cipher 21 */
711 {
712 1,
713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 SSL_kKRB5,
716 SSL_aKRB5,
717 SSL_IDEA,
718 SSL_SHA1,
719 SSL_SSLV3,
720 SSL_NOT_EXP|SSL_MEDIUM,
721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 128,
723 128,
724 },
725
726/* Cipher 22 */
727 {
728 1,
729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 SSL3_CK_KRB5_DES_64_CBC_MD5,
731 SSL_kKRB5,
732 SSL_aKRB5,
733 SSL_DES,
734 SSL_MD5,
735 SSL_SSLV3,
736 SSL_NOT_EXP|SSL_LOW,
737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 56,
739 56,
740 },
741
742/* Cipher 23 */
743 {
744 1,
745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 SSL_kKRB5,
748 SSL_aKRB5,
749 SSL_3DES,
750 SSL_MD5,
751 SSL_SSLV3,
752 SSL_NOT_EXP|SSL_HIGH,
753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 168,
755 168,
756 },
757
758/* Cipher 24 */
759 {
760 1,
761 SSL3_TXT_KRB5_RC4_128_MD5,
762 SSL3_CK_KRB5_RC4_128_MD5,
763 SSL_kKRB5,
764 SSL_aKRB5,
765 SSL_RC4,
766 SSL_MD5,
767 SSL_SSLV3,
768 SSL_NOT_EXP|SSL_MEDIUM,
769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 128,
771 128,
772 },
773
774/* Cipher 25 */
775 {
776 1,
777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 SSL_kKRB5,
780 SSL_aKRB5,
781 SSL_IDEA,
782 SSL_MD5,
783 SSL_SSLV3,
784 SSL_NOT_EXP|SSL_MEDIUM,
785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 128,
787 128,
788 },
789
790/* Cipher 26 */
791 {
792 1,
793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 SSL3_CK_KRB5_DES_40_CBC_SHA,
795 SSL_kKRB5,
796 SSL_aKRB5,
797 SSL_DES,
798 SSL_SHA1,
799 SSL_SSLV3,
800 SSL_EXPORT|SSL_EXP40,
801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 40,
803 56,
804 },
805
806/* Cipher 27 */
807 {
808 1,
809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 SSL_kKRB5,
812 SSL_aKRB5,
813 SSL_RC2,
814 SSL_SHA1,
815 SSL_SSLV3,
816 SSL_EXPORT|SSL_EXP40,
817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 40,
819 128,
820 },
821
822/* Cipher 28 */
823 {
824 1,
825 SSL3_TXT_KRB5_RC4_40_SHA,
826 SSL3_CK_KRB5_RC4_40_SHA,
827 SSL_kKRB5,
828 SSL_aKRB5,
829 SSL_RC4,
830 SSL_SHA1,
831 SSL_SSLV3,
832 SSL_EXPORT|SSL_EXP40,
833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 40,
835 128,
836 },
837
838/* Cipher 29 */
839 {
840 1,
841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 SSL3_CK_KRB5_DES_40_CBC_MD5,
843 SSL_kKRB5,
844 SSL_aKRB5,
845 SSL_DES,
846 SSL_MD5,
847 SSL_SSLV3,
848 SSL_EXPORT|SSL_EXP40,
849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 40,
851 56,
852 },
853
854/* Cipher 2A */
855 {
856 1,
857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 SSL_kKRB5,
860 SSL_aKRB5,
861 SSL_RC2,
862 SSL_MD5,
863 SSL_SSLV3,
864 SSL_EXPORT|SSL_EXP40,
865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 40,
867 128,
868 },
869
870/* Cipher 2B */
871 {
872 1,
873 SSL3_TXT_KRB5_RC4_40_MD5,
874 SSL3_CK_KRB5_RC4_40_MD5,
875 SSL_kKRB5,
876 SSL_aKRB5,
877 SSL_RC4,
878 SSL_MD5,
879 SSL_SSLV3,
880 SSL_EXPORT|SSL_EXP40,
881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 40,
883 128,
884 },
885#endif /* OPENSSL_NO_KRB5 */
886
887/* New AES ciphersuites */
888/* Cipher 2F */
889 {
890 1,
891 TLS1_TXT_RSA_WITH_AES_128_SHA,
892 TLS1_CK_RSA_WITH_AES_128_SHA,
893 SSL_kRSA,
894 SSL_aRSA,
895 SSL_AES128,
896 SSL_SHA1,
897 SSL_TLSV1,
898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 128,
901 128,
902 },
903/* Cipher 30 */
904 {
905 0,
906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 SSL_kDHd,
909 SSL_aDH,
910 SSL_AES128,
911 SSL_SHA1,
912 SSL_TLSV1,
913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 128,
916 128,
917 },
918/* Cipher 31 */
919 {
920 0,
921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 SSL_kDHr,
924 SSL_aDH,
925 SSL_AES128,
926 SSL_SHA1,
927 SSL_TLSV1,
928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 128,
931 128,
932 },
933/* Cipher 32 */
934 {
935 1,
936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 SSL_kEDH,
939 SSL_aDSS,
940 SSL_AES128,
941 SSL_SHA1,
942 SSL_TLSV1,
943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 128,
946 128,
947 },
948/* Cipher 33 */
949 {
950 1,
951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 SSL_kEDH,
954 SSL_aRSA,
955 SSL_AES128,
956 SSL_SHA1,
957 SSL_TLSV1,
958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 128,
961 128,
962 },
963/* Cipher 34 */
964 {
965 1,
966 TLS1_TXT_ADH_WITH_AES_128_SHA,
967 TLS1_CK_ADH_WITH_AES_128_SHA,
968 SSL_kEDH,
969 SSL_aNULL,
970 SSL_AES128,
971 SSL_SHA1,
972 SSL_TLSV1,
973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 128,
976 128,
977 },
978
979/* Cipher 35 */
980 {
981 1,
982 TLS1_TXT_RSA_WITH_AES_256_SHA,
983 TLS1_CK_RSA_WITH_AES_256_SHA,
984 SSL_kRSA,
985 SSL_aRSA,
986 SSL_AES256,
987 SSL_SHA1,
988 SSL_TLSV1,
989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 256,
992 256,
993 },
994/* Cipher 36 */
995 {
996 0,
997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 SSL_kDHd,
1000 SSL_aDH,
1001 SSL_AES256,
1002 SSL_SHA1,
1003 SSL_TLSV1,
1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 256,
1007 256,
1008 },
1009
1010/* Cipher 37 */
1011 {
1012 0, /* not implemented (non-ephemeral DH) */
1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 SSL_kDHr,
1016 SSL_aDH,
1017 SSL_AES256,
1018 SSL_SHA1,
1019 SSL_TLSV1,
1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 256,
1023 256,
1024 },
1025
1026/* Cipher 38 */
1027 {
1028 1,
1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 SSL_kEDH,
1032 SSL_aDSS,
1033 SSL_AES256,
1034 SSL_SHA1,
1035 SSL_TLSV1,
1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 256,
1039 256,
1040 },
1041
1042/* Cipher 39 */
1043 {
1044 1,
1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 SSL_kEDH,
1048 SSL_aRSA,
1049 SSL_AES256,
1050 SSL_SHA1,
1051 SSL_TLSV1,
1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 256,
1055 256,
1056 },
1057
1058 /* Cipher 3A */
1059 {
1060 1,
1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 TLS1_CK_ADH_WITH_AES_256_SHA,
1063 SSL_kEDH,
1064 SSL_aNULL,
1065 SSL_AES256,
1066 SSL_SHA1,
1067 SSL_TLSV1,
1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 256,
1071 256,
1072 },
1073
1074#ifndef OPENSSL_NO_CAMELLIA
1075 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076
1077 /* Cipher 41 */
1078 {
1079 1,
1080 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082 SSL_kRSA,
1083 SSL_aRSA,
1084 SSL_CAMELLIA128,
1085 SSL_SHA1,
1086 SSL_TLSV1,
1087 SSL_NOT_EXP|SSL_HIGH,
1088 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089 128,
1090 128,
1091 },
1092
1093 /* Cipher 42 */
1094 {
1095 0, /* not implemented (non-ephemeral DH) */
1096 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098 SSL_kDHd,
1099 SSL_aDH,
1100 SSL_CAMELLIA128,
1101 SSL_SHA1,
1102 SSL_TLSV1,
1103 SSL_NOT_EXP|SSL_HIGH,
1104 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105 128,
1106 128,
1107 },
1108
1109 /* Cipher 43 */
1110 {
1111 0, /* not implemented (non-ephemeral DH) */
1112 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114 SSL_kDHr,
1115 SSL_aDH,
1116 SSL_CAMELLIA128,
1117 SSL_SHA1,
1118 SSL_TLSV1,
1119 SSL_NOT_EXP|SSL_HIGH,
1120 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121 128,
1122 128,
1123 },
1124
1125 /* Cipher 44 */
1126 {
1127 1,
1128 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130 SSL_kEDH,
1131 SSL_aDSS,
1132 SSL_CAMELLIA128,
1133 SSL_SHA1,
1134 SSL_TLSV1,
1135 SSL_NOT_EXP|SSL_HIGH,
1136 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137 128,
1138 128,
1139 },
1140
1141 /* Cipher 45 */
1142 {
1143 1,
1144 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146 SSL_kEDH,
1147 SSL_aRSA,
1148 SSL_CAMELLIA128,
1149 SSL_SHA1,
1150 SSL_TLSV1,
1151 SSL_NOT_EXP|SSL_HIGH,
1152 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153 128,
1154 128,
1155 },
1156
1157 /* Cipher 46 */
1158 {
1159 1,
1160 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162 SSL_kEDH,
1163 SSL_aNULL,
1164 SSL_CAMELLIA128,
1165 SSL_SHA1,
1166 SSL_TLSV1,
1167 SSL_NOT_EXP|SSL_HIGH,
1168 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169 128,
1170 128,
1171 },
1172#endif /* OPENSSL_NO_CAMELLIA */
1173
1174#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175 /* New TLS Export CipherSuites from expired ID */
1176#if 0
1177 /* Cipher 60 */
1178 {
1179 1,
1180 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182 SSL_kRSA,
1183 SSL_aRSA,
1184 SSL_RC4,
1185 SSL_MD5,
1186 SSL_TLSV1,
1187 SSL_EXPORT|SSL_EXP56,
1188 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189 56,
1190 128,
1191 },
1192
1193 /* Cipher 61 */
1194 {
1195 1,
1196 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198 SSL_kRSA,
1199 SSL_aRSA,
1200 SSL_RC2,
1201 SSL_MD5,
1202 SSL_TLSV1,
1203 SSL_EXPORT|SSL_EXP56,
1204 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205 56,
1206 128,
1207 },
1208#endif
1209
1210 /* Cipher 62 */
1211 {
1212 1,
1213 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215 SSL_kRSA,
1216 SSL_aRSA,
1217 SSL_DES,
1218 SSL_SHA1,
1219 SSL_TLSV1,
1220 SSL_EXPORT|SSL_EXP56,
1221 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222 56,
1223 56,
1224 },
1225
1226 /* Cipher 63 */
1227 {
1228 1,
1229 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231 SSL_kEDH,
1232 SSL_aDSS,
1233 SSL_DES,
1234 SSL_SHA1,
1235 SSL_TLSV1,
1236 SSL_EXPORT|SSL_EXP56,
1237 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238 56,
1239 56,
1240 },
1241
1242 /* Cipher 64 */
1243 {
1244 1,
1245 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247 SSL_kRSA,
1248 SSL_aRSA,
1249 SSL_RC4,
1250 SSL_SHA1,
1251 SSL_TLSV1,
1252 SSL_EXPORT|SSL_EXP56,
1253 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254 56,
1255 128,
1256 },
1257
1258 /* Cipher 65 */
1259 {
1260 1,
1261 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263 SSL_kEDH,
1264 SSL_aDSS,
1265 SSL_RC4,
1266 SSL_SHA1,
1267 SSL_TLSV1,
1268 SSL_EXPORT|SSL_EXP56,
1269 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270 56,
1271 128,
1272 },
1273
1274 /* Cipher 66 */
1275 {
1276 1,
1277 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279 SSL_kEDH,
1280 SSL_aDSS,
1281 SSL_RC4,
1282 SSL_SHA1,
1283 SSL_TLSV1,
1284 SSL_NOT_EXP|SSL_MEDIUM,
1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 128,
1287 128,
1288 },
1289#endif
1290 {
1291 1,
1292 "GOST94-GOST89-GOST89",
1293 0x3000080,
1294 SSL_kGOST,
1295 SSL_aGOST94,
1296 SSL_eGOST2814789CNT,
1297 SSL_GOST89MAC,
1298 SSL_TLSV1,
1299 SSL_NOT_EXP|SSL_HIGH,
1300 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301 256,
1302 256
1303 },
1304 {
1305 1,
1306 "GOST2001-GOST89-GOST89",
1307 0x3000081,
1308 SSL_kGOST,
1309 SSL_aGOST01,
1310 SSL_eGOST2814789CNT,
1311 SSL_GOST89MAC,
1312 SSL_TLSV1,
1313 SSL_NOT_EXP|SSL_HIGH,
1314 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315 256,
1316 256
1317 },
1318 {
1319 1,
1320 "GOST94-NULL-GOST94",
1321 0x3000082,
1322 SSL_kGOST,
1323 SSL_aGOST94,
1324 SSL_eNULL,
1325 SSL_GOST94,
1326 SSL_TLSV1,
1327 SSL_NOT_EXP|SSL_STRONG_NONE,
1328 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329 0,
1330 0
1331 },
1332 {
1333 1,
1334 "GOST2001-NULL-GOST94",
1335 0x3000083,
1336 SSL_kGOST,
1337 SSL_aGOST01,
1338 SSL_eNULL,
1339 SSL_GOST94,
1340 SSL_TLSV1,
1341 SSL_NOT_EXP|SSL_STRONG_NONE,
1342 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343 0,
1344 0
1345 },
1346
1347#ifndef OPENSSL_NO_CAMELLIA
1348 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349
1350 /* Cipher 84 */
1351 {
1352 1,
1353 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355 SSL_kRSA,
1356 SSL_aRSA,
1357 SSL_CAMELLIA256,
1358 SSL_SHA1,
1359 SSL_TLSV1,
1360 SSL_NOT_EXP|SSL_HIGH,
1361 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362 256,
1363 256,
1364 },
1365 /* Cipher 85 */
1366 {
1367 0, /* not implemented (non-ephemeral DH) */
1368 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370 SSL_kDHd,
1371 SSL_aDH,
1372 SSL_CAMELLIA256,
1373 SSL_SHA1,
1374 SSL_TLSV1,
1375 SSL_NOT_EXP|SSL_HIGH,
1376 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377 256,
1378 256,
1379 },
1380
1381 /* Cipher 86 */
1382 {
1383 0, /* not implemented (non-ephemeral DH) */
1384 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386 SSL_kDHr,
1387 SSL_aDH,
1388 SSL_CAMELLIA256,
1389 SSL_SHA1,
1390 SSL_TLSV1,
1391 SSL_NOT_EXP|SSL_HIGH,
1392 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393 256,
1394 256,
1395 },
1396
1397 /* Cipher 87 */
1398 {
1399 1,
1400 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402 SSL_kEDH,
1403 SSL_aDSS,
1404 SSL_CAMELLIA256,
1405 SSL_SHA1,
1406 SSL_TLSV1,
1407 SSL_NOT_EXP|SSL_HIGH,
1408 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409 256,
1410 256,
1411 },
1412
1413 /* Cipher 88 */
1414 {
1415 1,
1416 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418 SSL_kEDH,
1419 SSL_aRSA,
1420 SSL_CAMELLIA256,
1421 SSL_SHA1,
1422 SSL_TLSV1,
1423 SSL_NOT_EXP|SSL_HIGH,
1424 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425 256,
1426 256,
1427 },
1428
1429 /* Cipher 89 */
1430 {
1431 1,
1432 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434 SSL_kEDH,
1435 SSL_aNULL,
1436 SSL_CAMELLIA256,
1437 SSL_SHA1,
1438 SSL_TLSV1,
1439 SSL_NOT_EXP|SSL_HIGH,
1440 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441 256,
1442 256,
1443 },
1444#endif /* OPENSSL_NO_CAMELLIA */
1445
1446#ifndef OPENSSL_NO_PSK
1447 /* Cipher 8A */
1448 {
1449 1,
1450 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451 TLS1_CK_PSK_WITH_RC4_128_SHA,
1452 SSL_kPSK,
1453 SSL_aPSK,
1454 SSL_RC4,
1455 SSL_SHA1,
1456 SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_MEDIUM,
1458 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459 128,
1460 128,
1461 },
1462
1463 /* Cipher 8B */
1464 {
1465 1,
1466 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468 SSL_kPSK,
1469 SSL_aPSK,
1470 SSL_3DES,
1471 SSL_SHA1,
1472 SSL_TLSV1,
1473 SSL_NOT_EXP|SSL_HIGH,
1474 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475 168,
1476 168,
1477 },
1478
1479 /* Cipher 8C */
1480 {
1481 1,
1482 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484 SSL_kPSK,
1485 SSL_aPSK,
1486 SSL_AES128,
1487 SSL_SHA1,
1488 SSL_TLSV1,
1489 SSL_NOT_EXP|SSL_HIGH,
1490 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 128,
1492 128,
1493 },
1494
1495 /* Cipher 8D */
1496 {
1497 1,
1498 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500 SSL_kPSK,
1501 SSL_aPSK,
1502 SSL_AES256,
1503 SSL_SHA1,
1504 SSL_TLSV1,
1505 SSL_NOT_EXP|SSL_HIGH,
1506 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507 256,
1508 256,
1509 },
1510#endif /* OPENSSL_NO_PSK */
1511
1512#ifndef OPENSSL_NO_SEED
1513 /* SEED ciphersuites from RFC4162 */
1514
1515 /* Cipher 96 */
1516 {
1517 1,
1518 TLS1_TXT_RSA_WITH_SEED_SHA,
1519 TLS1_CK_RSA_WITH_SEED_SHA,
1520 SSL_kRSA,
1521 SSL_aRSA,
1522 SSL_SEED,
1523 SSL_SHA1,
1524 SSL_TLSV1,
1525 SSL_NOT_EXP|SSL_MEDIUM,
1526 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527 128,
1528 128,
1529 },
1530
1531 /* Cipher 97 */
1532 {
1533 0, /* not implemented (non-ephemeral DH) */
1534 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536 SSL_kDHd,
1537 SSL_aDH,
1538 SSL_SEED,
1539 SSL_SHA1,
1540 SSL_TLSV1,
1541 SSL_NOT_EXP|SSL_MEDIUM,
1542 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543 128,
1544 128,
1545 },
1546
1547 /* Cipher 98 */
1548 {
1549 0, /* not implemented (non-ephemeral DH) */
1550 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552 SSL_kDHr,
1553 SSL_aDH,
1554 SSL_SEED,
1555 SSL_SHA1,
1556 SSL_TLSV1,
1557 SSL_NOT_EXP|SSL_MEDIUM,
1558 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559 128,
1560 128,
1561 },
1562
1563 /* Cipher 99 */
1564 {
1565 1,
1566 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568 SSL_kEDH,
1569 SSL_aDSS,
1570 SSL_SEED,
1571 SSL_SHA1,
1572 SSL_TLSV1,
1573 SSL_NOT_EXP|SSL_MEDIUM,
1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 128,
1576 128,
1577 },
1578
1579 /* Cipher 9A */
1580 {
1581 1,
1582 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584 SSL_kEDH,
1585 SSL_aRSA,
1586 SSL_SEED,
1587 SSL_SHA1,
1588 SSL_TLSV1,
1589 SSL_NOT_EXP|SSL_MEDIUM,
1590 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591 128,
1592 128,
1593 },
1594
1595 /* Cipher 9B */
1596 {
1597 1,
1598 TLS1_TXT_ADH_WITH_SEED_SHA,
1599 TLS1_CK_ADH_WITH_SEED_SHA,
1600 SSL_kEDH,
1601 SSL_aNULL,
1602 SSL_SEED,
1603 SSL_SHA1,
1604 SSL_TLSV1,
1605 SSL_NOT_EXP|SSL_MEDIUM,
1606 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607 128,
1608 128,
1609 },
1610
1611#endif /* OPENSSL_NO_SEED */
1612
1613#ifndef OPENSSL_NO_ECDH
1614 /* Cipher C001 */
1615 {
1616 1,
1617 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619 SSL_kECDHe,
1620 SSL_aECDH,
1621 SSL_eNULL,
1622 SSL_SHA1,
1623 SSL_TLSV1,
1624 SSL_NOT_EXP|SSL_STRONG_NONE,
1625 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626 0,
1627 0,
1628 },
1629
1630 /* Cipher C002 */
1631 {
1632 1,
1633 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635 SSL_kECDHe,
1636 SSL_aECDH,
1637 SSL_RC4,
1638 SSL_SHA1,
1639 SSL_TLSV1,
1640 SSL_NOT_EXP|SSL_MEDIUM,
1641 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642 128,
1643 128,
1644 },
1645
1646 /* Cipher C003 */
1647 {
1648 1,
1649 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651 SSL_kECDHe,
1652 SSL_aECDH,
1653 SSL_3DES,
1654 SSL_SHA1,
1655 SSL_TLSV1,
1656 SSL_NOT_EXP|SSL_HIGH,
1657 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658 168,
1659 168,
1660 },
1661
1662 /* Cipher C004 */
1663 {
1664 1,
1665 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667 SSL_kECDHe,
1668 SSL_aECDH,
1669 SSL_AES128,
1670 SSL_SHA1,
1671 SSL_TLSV1,
1672 SSL_NOT_EXP|SSL_HIGH,
1673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674 128,
1675 128,
1676 },
1677
1678 /* Cipher C005 */
1679 {
1680 1,
1681 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683 SSL_kECDHe,
1684 SSL_aECDH,
1685 SSL_AES256,
1686 SSL_SHA1,
1687 SSL_TLSV1,
1688 SSL_NOT_EXP|SSL_HIGH,
1689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690 256,
1691 256,
1692 },
1693
1694 /* Cipher C006 */
1695 {
1696 1,
1697 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699 SSL_kEECDH,
1700 SSL_aECDSA,
1701 SSL_eNULL,
1702 SSL_SHA1,
1703 SSL_TLSV1,
1704 SSL_NOT_EXP|SSL_STRONG_NONE,
1705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706 0,
1707 0,
1708 },
1709
1710 /* Cipher C007 */
1711 {
1712 1,
1713 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715 SSL_kEECDH,
1716 SSL_aECDSA,
1717 SSL_RC4,
1718 SSL_SHA1,
1719 SSL_TLSV1,
1720 SSL_NOT_EXP|SSL_MEDIUM,
1721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722 128,
1723 128,
1724 },
1725
1726 /* Cipher C008 */
1727 {
1728 1,
1729 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731 SSL_kEECDH,
1732 SSL_aECDSA,
1733 SSL_3DES,
1734 SSL_SHA1,
1735 SSL_TLSV1,
1736 SSL_NOT_EXP|SSL_HIGH,
1737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738 168,
1739 168,
1740 },
1741
1742 /* Cipher C009 */
1743 {
1744 1,
1745 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747 SSL_kEECDH,
1748 SSL_aECDSA,
1749 SSL_AES128,
1750 SSL_SHA1,
1751 SSL_TLSV1,
1752 SSL_NOT_EXP|SSL_HIGH,
1753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754 128,
1755 128,
1756 },
1757
1758 /* Cipher C00A */
1759 {
1760 1,
1761 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763 SSL_kEECDH,
1764 SSL_aECDSA,
1765 SSL_AES256,
1766 SSL_SHA1,
1767 SSL_TLSV1,
1768 SSL_NOT_EXP|SSL_HIGH,
1769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770 256,
1771 256,
1772 },
1773
1774 /* Cipher C00B */
1775 {
1776 1,
1777 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779 SSL_kECDHr,
1780 SSL_aECDH,
1781 SSL_eNULL,
1782 SSL_SHA1,
1783 SSL_TLSV1,
1784 SSL_NOT_EXP|SSL_STRONG_NONE,
1785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786 0,
1787 0,
1788 },
1789
1790 /* Cipher C00C */
1791 {
1792 1,
1793 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795 SSL_kECDHr,
1796 SSL_aECDH,
1797 SSL_RC4,
1798 SSL_SHA1,
1799 SSL_TLSV1,
1800 SSL_NOT_EXP|SSL_MEDIUM,
1801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802 128,
1803 128,
1804 },
1805
1806 /* Cipher C00D */
1807 {
1808 1,
1809 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811 SSL_kECDHr,
1812 SSL_aECDH,
1813 SSL_3DES,
1814 SSL_SHA1,
1815 SSL_TLSV1,
1816 SSL_NOT_EXP|SSL_HIGH,
1817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818 168,
1819 168,
1820 },
1821
1822 /* Cipher C00E */
1823 {
1824 1,
1825 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827 SSL_kECDHr,
1828 SSL_aECDH,
1829 SSL_AES128,
1830 SSL_SHA1,
1831 SSL_TLSV1,
1832 SSL_NOT_EXP|SSL_HIGH,
1833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834 128,
1835 128,
1836 },
1837
1838 /* Cipher C00F */
1839 {
1840 1,
1841 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843 SSL_kECDHr,
1844 SSL_aECDH,
1845 SSL_AES256,
1846 SSL_SHA1,
1847 SSL_TLSV1,
1848 SSL_NOT_EXP|SSL_HIGH,
1849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850 256,
1851 256,
1852 },
1853
1854 /* Cipher C010 */
1855 {
1856 1,
1857 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859 SSL_kEECDH,
1860 SSL_aRSA,
1861 SSL_eNULL,
1862 SSL_SHA1,
1863 SSL_TLSV1,
1864 SSL_NOT_EXP|SSL_STRONG_NONE,
1865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866 0,
1867 0,
1868 },
1869
1870 /* Cipher C011 */
1871 {
1872 1,
1873 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875 SSL_kEECDH,
1876 SSL_aRSA,
1877 SSL_RC4,
1878 SSL_SHA1,
1879 SSL_TLSV1,
1880 SSL_NOT_EXP|SSL_MEDIUM,
1881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882 128,
1883 128,
1884 },
1885
1886 /* Cipher C012 */
1887 {
1888 1,
1889 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891 SSL_kEECDH,
1892 SSL_aRSA,
1893 SSL_3DES,
1894 SSL_SHA1,
1895 SSL_TLSV1,
1896 SSL_NOT_EXP|SSL_HIGH,
1897 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898 168,
1899 168,
1900 },
1901
1902 /* Cipher C013 */
1903 {
1904 1,
1905 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907 SSL_kEECDH,
1908 SSL_aRSA,
1909 SSL_AES128,
1910 SSL_SHA1,
1911 SSL_TLSV1,
1912 SSL_NOT_EXP|SSL_HIGH,
1913 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914 128,
1915 128,
1916 },
1917
1918 /* Cipher C014 */
1919 {
1920 1,
1921 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923 SSL_kEECDH,
1924 SSL_aRSA,
1925 SSL_AES256,
1926 SSL_SHA1,
1927 SSL_TLSV1,
1928 SSL_NOT_EXP|SSL_HIGH,
1929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930 256,
1931 256,
1932 },
1933
1934 /* Cipher C015 */
1935 {
1936 1,
1937 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939 SSL_kEECDH,
1940 SSL_aNULL,
1941 SSL_eNULL,
1942 SSL_SHA1,
1943 SSL_TLSV1,
1944 SSL_NOT_EXP|SSL_STRONG_NONE,
1945 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946 0,
1947 0,
1948 },
1949
1950 /* Cipher C016 */
1951 {
1952 1,
1953 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955 SSL_kEECDH,
1956 SSL_aNULL,
1957 SSL_RC4,
1958 SSL_SHA1,
1959 SSL_TLSV1,
1960 SSL_NOT_EXP|SSL_MEDIUM,
1961 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962 128,
1963 128,
1964 },
1965
1966 /* Cipher C017 */
1967 {
1968 1,
1969 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971 SSL_kEECDH,
1972 SSL_aNULL,
1973 SSL_3DES,
1974 SSL_SHA1,
1975 SSL_TLSV1,
1976 SSL_NOT_EXP|SSL_HIGH,
1977 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978 168,
1979 168,
1980 },
1981
1982 /* Cipher C018 */
1983 {
1984 1,
1985 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987 SSL_kEECDH,
1988 SSL_aNULL,
1989 SSL_AES128,
1990 SSL_SHA1,
1991 SSL_TLSV1,
1992 SSL_NOT_EXP|SSL_HIGH,
1993 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994 128,
1995 128,
1996 },
1997
1998 /* Cipher C019 */
1999 {
2000 1,
2001 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003 SSL_kEECDH,
2004 SSL_aNULL,
2005 SSL_AES256,
2006 SSL_SHA1,
2007 SSL_TLSV1,
2008 SSL_NOT_EXP|SSL_HIGH,
2009 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010 256,
2011 256,
2012 },
2013#endif /* OPENSSL_NO_ECDH */
2014
2015#ifdef TEMP_GOST_TLS
2016/* Cipher FF00 */
2017 {
2018 1,
2019 "GOST-MD5",
2020 0x0300ff00,
2021 SSL_kRSA,
2022 SSL_aRSA,
2023 SSL_eGOST2814789CNT,
2024 SSL_MD5,
2025 SSL_TLSV1,
2026 SSL_NOT_EXP|SSL_HIGH,
2027 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028 256,
2029 256,
2030 },
2031 {
2032 1,
2033 "GOST-GOST94",
2034 0x0300ff01,
2035 SSL_kRSA,
2036 SSL_aRSA,
2037 SSL_eGOST2814789CNT,
2038 SSL_GOST94,
2039 SSL_TLSV1,
2040 SSL_NOT_EXP|SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042 256,
2043 256
2044 },
2045 {
2046 1,
2047 "GOST-GOST89MAC",
2048 0x0300ff02,
2049 SSL_kRSA,
2050 SSL_aRSA,
2051 SSL_eGOST2814789CNT,
2052 SSL_GOST89MAC,
2053 SSL_TLSV1,
2054 SSL_NOT_EXP|SSL_HIGH,
2055 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056 256,
2057 256
2058 },
2059 {
2060 1,
2061 "GOST-GOST89STREAM",
2062 0x0300ff03,
2063 SSL_kRSA,
2064 SSL_aRSA,
2065 SSL_eGOST2814789CNT,
2066 SSL_GOST89MAC,
2067 SSL_TLSV1,
2068 SSL_NOT_EXP|SSL_HIGH,
2069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070 256,
2071 256
2072 },
2073#endif
2074
2075/* end of list */
2076 };
2077
2078SSL3_ENC_METHOD SSLv3_enc_data={
2079 ssl3_enc,
2080 n_ssl3_mac,
2081 ssl3_setup_key_block,
2082 ssl3_generate_master_secret,
2083 ssl3_change_cipher_state,
2084 ssl3_final_finish_mac,
2085 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2086 ssl3_cert_verify_mac,
2087 SSL3_MD_CLIENT_FINISHED_CONST,4,
2088 SSL3_MD_SERVER_FINISHED_CONST,4,
2089 ssl3_alert_code,
2090 };
2091
2092long ssl3_default_timeout(void)
2093 {
2094 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2095 * is way too long for http, the cache would over fill */
2096 return(60*60*2);
2097 }
2098
2099int ssl3_num_ciphers(void)
2100 {
2101 return(SSL3_NUM_CIPHERS);
2102 }
2103
2104const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2105 {
2106 if (u < SSL3_NUM_CIPHERS)
2107 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2108 else
2109 return(NULL);
2110 }
2111
2112int ssl3_pending(const SSL *s)
2113 {
2114 if (s->rstate == SSL_ST_READ_BODY)
2115 return 0;
2116
2117 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2118 }
2119
2120int ssl3_new(SSL *s)
2121 {
2122 SSL3_STATE *s3;
2123
2124 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2125 memset(s3,0,sizeof *s3);
2126 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2127 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2128
2129 s->s3=s3;
2130
2131 s->method->ssl_clear(s);
2132 return(1);
2133err:
2134 return(0);
2135 }
2136
2137void ssl3_free(SSL *s)
2138 {
2139 if(s == NULL)
2140 return;
2141
2142#ifdef TLSEXT_TYPE_opaque_prf_input
2143 if (s->s3->client_opaque_prf_input != NULL)
2144 OPENSSL_free(s->s3->client_opaque_prf_input);
2145 if (s->s3->server_opaque_prf_input != NULL)
2146 OPENSSL_free(s->s3->server_opaque_prf_input);
2147#endif
2148
2149 ssl3_cleanup_key_block(s);
2150 if (s->s3->rbuf.buf != NULL)
2151 ssl3_release_read_buffer(s);
2152 if (s->s3->wbuf.buf != NULL)
2153 ssl3_release_write_buffer(s);
2154 if (s->s3->rrec.comp != NULL)
2155 OPENSSL_free(s->s3->rrec.comp);
2156#ifndef OPENSSL_NO_DH
2157 if (s->s3->tmp.dh != NULL)
2158 DH_free(s->s3->tmp.dh);
2159#endif
2160#ifndef OPENSSL_NO_ECDH
2161 if (s->s3->tmp.ecdh != NULL)
2162 EC_KEY_free(s->s3->tmp.ecdh);
2163#endif
2164
2165 if (s->s3->tmp.ca_names != NULL)
2166 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2167 if (s->s3->handshake_buffer) {
2168 BIO_free(s->s3->handshake_buffer);
2169 }
2170 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2171 OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172 OPENSSL_free(s->s3);
2173 s->s3=NULL;
2174 }
2175
2176void ssl3_clear(SSL *s)
2177 {
2178 unsigned char *rp,*wp;
2179 size_t rlen, wlen;
2180 int init_extra;
2181
2182#ifdef TLSEXT_TYPE_opaque_prf_input
2183 if (s->s3->client_opaque_prf_input != NULL)
2184 OPENSSL_free(s->s3->client_opaque_prf_input);
2185 s->s3->client_opaque_prf_input = NULL;
2186 if (s->s3->server_opaque_prf_input != NULL)
2187 OPENSSL_free(s->s3->server_opaque_prf_input);
2188 s->s3->server_opaque_prf_input = NULL;
2189#endif
2190
2191 ssl3_cleanup_key_block(s);
2192 if (s->s3->tmp.ca_names != NULL)
2193 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2194
2195 if (s->s3->rrec.comp != NULL)
2196 {
2197 OPENSSL_free(s->s3->rrec.comp);
2198 s->s3->rrec.comp=NULL;
2199 }
2200#ifndef OPENSSL_NO_DH
2201 if (s->s3->tmp.dh != NULL)
2202 {
2203 DH_free(s->s3->tmp.dh);
2204 s->s3->tmp.dh = NULL;
2205 }
2206#endif
2207#ifndef OPENSSL_NO_ECDH
2208 if (s->s3->tmp.ecdh != NULL)
2209 {
2210 EC_KEY_free(s->s3->tmp.ecdh);
2211 s->s3->tmp.ecdh = NULL;
2212 }
2213#endif
2214
2215 rp = s->s3->rbuf.buf;
2216 wp = s->s3->wbuf.buf;
2217 rlen = s->s3->rbuf.len;
2218 wlen = s->s3->wbuf.len;
2219 init_extra = s->s3->init_extra;
2220 if (s->s3->handshake_buffer) {
2221 BIO_free(s->s3->handshake_buffer);
2222 s->s3->handshake_buffer = NULL;
2223 }
2224 if (s->s3->handshake_dgst) {
2225 ssl3_free_digest_list(s);
2226 }
2227 memset(s->s3,0,sizeof *s->s3);
2228 s->s3->rbuf.buf = rp;
2229 s->s3->wbuf.buf = wp;
2230 s->s3->rbuf.len = rlen;
2231 s->s3->wbuf.len = wlen;
2232 s->s3->init_extra = init_extra;
2233
2234 ssl_free_wbio_buffer(s);
2235
2236 s->packet_length=0;
2237 s->s3->renegotiate=0;
2238 s->s3->total_renegotiations=0;
2239 s->s3->num_renegotiations=0;
2240 s->s3->in_read_app_data=0;
2241 s->version=SSL3_VERSION;
2242 }
2243
2244long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2245 {
2246 int ret=0;
2247
2248#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2249 if (
2250#ifndef OPENSSL_NO_RSA
2251 cmd == SSL_CTRL_SET_TMP_RSA ||
2252 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2253#endif
2254#ifndef OPENSSL_NO_DSA
2255 cmd == SSL_CTRL_SET_TMP_DH ||
2256 cmd == SSL_CTRL_SET_TMP_DH_CB ||
2257#endif
2258 0)
2259 {
2260 if (!ssl_cert_inst(&s->cert))
2261 {
2262 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2263 return(0);
2264 }
2265 }
2266#endif
2267
2268 switch (cmd)
2269 {
2270 case SSL_CTRL_GET_SESSION_REUSED:
2271 ret=s->hit;
2272 break;
2273 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2274 break;
2275 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2276 ret=s->s3->num_renegotiations;
2277 break;
2278 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2279 ret=s->s3->num_renegotiations;
2280 s->s3->num_renegotiations=0;
2281 break;
2282 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2283 ret=s->s3->total_renegotiations;
2284 break;
2285 case SSL_CTRL_GET_FLAGS:
2286 ret=(int)(s->s3->flags);
2287 break;
2288#ifndef OPENSSL_NO_RSA
2289 case SSL_CTRL_NEED_TMP_RSA:
2290 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2291 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2292 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2293 ret = 1;
2294 break;
2295 case SSL_CTRL_SET_TMP_RSA:
2296 {
2297 RSA *rsa = (RSA *)parg;
2298 if (rsa == NULL)
2299 {
2300 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2301 return(ret);
2302 }
2303 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2304 {
2305 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2306 return(ret);
2307 }
2308 if (s->cert->rsa_tmp != NULL)
2309 RSA_free(s->cert->rsa_tmp);
2310 s->cert->rsa_tmp = rsa;
2311 ret = 1;
2312 }
2313 break;
2314 case SSL_CTRL_SET_TMP_RSA_CB:
2315 {
2316 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2317 return(ret);
2318 }
2319 break;
2320#endif
2321#ifndef OPENSSL_NO_DH
2322 case SSL_CTRL_SET_TMP_DH:
2323 {
2324 DH *dh = (DH *)parg;
2325 if (dh == NULL)
2326 {
2327 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2328 return(ret);
2329 }
2330 if ((dh = DHparams_dup(dh)) == NULL)
2331 {
2332 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2333 return(ret);
2334 }
2335 if (!(s->options & SSL_OP_SINGLE_DH_USE))
2336 {
2337 if (!DH_generate_key(dh))
2338 {
2339 DH_free(dh);
2340 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2341 return(ret);
2342 }
2343 }
2344 if (s->cert->dh_tmp != NULL)
2345 DH_free(s->cert->dh_tmp);
2346 s->cert->dh_tmp = dh;
2347 ret = 1;
2348 }
2349 break;
2350 case SSL_CTRL_SET_TMP_DH_CB:
2351 {
2352 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2353 return(ret);
2354 }
2355 break;
2356#endif
2357#ifndef OPENSSL_NO_ECDH
2358 case SSL_CTRL_SET_TMP_ECDH:
2359 {
2360 EC_KEY *ecdh = NULL;
2361
2362 if (parg == NULL)
2363 {
2364 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2365 return(ret);
2366 }
2367 if (!EC_KEY_up_ref((EC_KEY *)parg))
2368 {
2369 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2370 return(ret);
2371 }
2372 ecdh = (EC_KEY *)parg;
2373 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2374 {
2375 if (!EC_KEY_generate_key(ecdh))
2376 {
2377 EC_KEY_free(ecdh);
2378 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2379 return(ret);
2380 }
2381 }
2382 if (s->cert->ecdh_tmp != NULL)
2383 EC_KEY_free(s->cert->ecdh_tmp);
2384 s->cert->ecdh_tmp = ecdh;
2385 ret = 1;
2386 }
2387 break;
2388 case SSL_CTRL_SET_TMP_ECDH_CB:
2389 {
2390 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2391 return(ret);
2392 }
2393 break;
2394#endif /* !OPENSSL_NO_ECDH */
2395#ifndef OPENSSL_NO_TLSEXT
2396 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2397 if (larg == TLSEXT_NAMETYPE_host_name)
2398 {
2399 if (s->tlsext_hostname != NULL)
2400 OPENSSL_free(s->tlsext_hostname);
2401 s->tlsext_hostname = NULL;
2402
2403 ret = 1;
2404 if (parg == NULL)
2405 break;
2406 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2407 {
2408 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2409 return 0;
2410 }
2411 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2412 {
2413 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2414 return 0;
2415 }
2416 }
2417 else
2418 {
2419 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2420 return 0;
2421 }
2422 break;
2423 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2424 s->tlsext_debug_arg=parg;
2425 ret = 1;
2426 break;
2427
2428#ifdef TLSEXT_TYPE_opaque_prf_input
2429 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2430 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2431 * (including the cert chain and everything) */
2432 {
2433 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2434 break;
2435 }
2436 if (s->tlsext_opaque_prf_input != NULL)
2437 OPENSSL_free(s->tlsext_opaque_prf_input);
2438 if ((size_t)larg == 0)
2439 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2440 else
2441 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2442 if (s->tlsext_opaque_prf_input != NULL)
2443 {
2444 s->tlsext_opaque_prf_input_len = (size_t)larg;
2445 ret = 1;
2446 }
2447 else
2448 s->tlsext_opaque_prf_input_len = 0;
2449 break;
2450#endif
2451
2452 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2453 s->tlsext_status_type=larg;
2454 ret = 1;
2455 break;
2456
2457 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2458 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2459 ret = 1;
2460 break;
2461
2462 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2463 s->tlsext_ocsp_exts = parg;
2464 ret = 1;
2465 break;
2466
2467 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2468 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2469 ret = 1;
2470 break;
2471
2472 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2473 s->tlsext_ocsp_ids = parg;
2474 ret = 1;
2475 break;
2476
2477 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2478 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2479 return s->tlsext_ocsp_resplen;
2480
2481 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2482 if (s->tlsext_ocsp_resp)
2483 OPENSSL_free(s->tlsext_ocsp_resp);
2484 s->tlsext_ocsp_resp = parg;
2485 s->tlsext_ocsp_resplen = larg;
2486 ret = 1;
2487 break;
2488
2489#endif /* !OPENSSL_NO_TLSEXT */
2490 default:
2491 break;
2492 }
2493 return(ret);
2494 }
2495
2496long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2497 {
2498 int ret=0;
2499
2500#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2501 if (
2502#ifndef OPENSSL_NO_RSA
2503 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2504#endif
2505#ifndef OPENSSL_NO_DSA
2506 cmd == SSL_CTRL_SET_TMP_DH_CB ||
2507#endif
2508 0)
2509 {
2510 if (!ssl_cert_inst(&s->cert))
2511 {
2512 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2513 return(0);
2514 }
2515 }
2516#endif
2517
2518 switch (cmd)
2519 {
2520#ifndef OPENSSL_NO_RSA
2521 case SSL_CTRL_SET_TMP_RSA_CB:
2522 {
2523 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2524 }
2525 break;
2526#endif
2527#ifndef OPENSSL_NO_DH
2528 case SSL_CTRL_SET_TMP_DH_CB:
2529 {
2530 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2531 }
2532 break;
2533#endif
2534#ifndef OPENSSL_NO_ECDH
2535 case SSL_CTRL_SET_TMP_ECDH_CB:
2536 {
2537 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2538 }
2539 break;
2540#endif
2541#ifndef OPENSSL_NO_TLSEXT
2542 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2543 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2544 unsigned char *, int, void *))fp;
2545 break;
2546#endif
2547 default:
2548 break;
2549 }
2550 return(ret);
2551 }
2552
2553long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2554 {
2555 CERT *cert;
2556
2557 cert=ctx->cert;
2558
2559 switch (cmd)
2560 {
2561#ifndef OPENSSL_NO_RSA
2562 case SSL_CTRL_NEED_TMP_RSA:
2563 if ( (cert->rsa_tmp == NULL) &&
2564 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2565 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2566 )
2567 return(1);
2568 else
2569 return(0);
2570 /* break; */
2571 case SSL_CTRL_SET_TMP_RSA:
2572 {
2573 RSA *rsa;
2574 int i;
2575
2576 rsa=(RSA *)parg;
2577 i=1;
2578 if (rsa == NULL)
2579 i=0;
2580 else
2581 {
2582 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2583 i=0;
2584 }
2585 if (!i)
2586 {
2587 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2588 return(0);
2589 }
2590 else
2591 {
2592 if (cert->rsa_tmp != NULL)
2593 RSA_free(cert->rsa_tmp);
2594 cert->rsa_tmp=rsa;
2595 return(1);
2596 }
2597 }
2598 /* break; */
2599 case SSL_CTRL_SET_TMP_RSA_CB:
2600 {
2601 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2602 return(0);
2603 }
2604 break;
2605#endif
2606#ifndef OPENSSL_NO_DH
2607 case SSL_CTRL_SET_TMP_DH:
2608 {
2609 DH *new=NULL,*dh;
2610
2611 dh=(DH *)parg;
2612 if ((new=DHparams_dup(dh)) == NULL)
2613 {
2614 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2615 return 0;
2616 }
2617 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2618 {
2619 if (!DH_generate_key(new))
2620 {
2621 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2622 DH_free(new);
2623 return 0;
2624 }
2625 }
2626 if (cert->dh_tmp != NULL)
2627 DH_free(cert->dh_tmp);
2628 cert->dh_tmp=new;
2629 return 1;
2630 }
2631 /*break; */
2632 case SSL_CTRL_SET_TMP_DH_CB:
2633 {
2634 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2635 return(0);
2636 }
2637 break;
2638#endif
2639#ifndef OPENSSL_NO_ECDH
2640 case SSL_CTRL_SET_TMP_ECDH:
2641 {
2642 EC_KEY *ecdh = NULL;
2643
2644 if (parg == NULL)
2645 {
2646 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2647 return 0;
2648 }
2649 ecdh = EC_KEY_dup((EC_KEY *)parg);
2650 if (ecdh == NULL)
2651 {
2652 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2653 return 0;
2654 }
2655 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2656 {
2657 if (!EC_KEY_generate_key(ecdh))
2658 {
2659 EC_KEY_free(ecdh);
2660 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2661 return 0;
2662 }
2663 }
2664
2665 if (cert->ecdh_tmp != NULL)
2666 {
2667 EC_KEY_free(cert->ecdh_tmp);
2668 }
2669 cert->ecdh_tmp = ecdh;
2670 return 1;
2671 }
2672 /* break; */
2673 case SSL_CTRL_SET_TMP_ECDH_CB:
2674 {
2675 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2676 return(0);
2677 }
2678 break;
2679#endif /* !OPENSSL_NO_ECDH */
2680#ifndef OPENSSL_NO_TLSEXT
2681 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2682 ctx->tlsext_servername_arg=parg;
2683 break;
2684 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2685 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2686 {
2687 unsigned char *keys = parg;
2688 if (!keys)
2689 return 48;
2690 if (larg != 48)
2691 {
2692 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2693 return 0;
2694 }
2695 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2696 {
2697 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2698 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2699 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2700 }
2701 else
2702 {
2703 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2704 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2705 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2706 }
2707 return 1;
2708 }
2709
2710#ifdef TLSEXT_TYPE_opaque_prf_input
2711 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2712 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2713 return 1;
2714#endif
2715
2716 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2717 ctx->tlsext_status_arg=parg;
2718 return 1;
2719 break;
2720
2721#endif /* !OPENSSL_NO_TLSEXT */
2722
2723 /* A Thawte special :-) */
2724 case SSL_CTRL_EXTRA_CHAIN_CERT:
2725 if (ctx->extra_certs == NULL)
2726 {
2727 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2728 return(0);
2729 }
2730 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2731 break;
2732
2733 default:
2734 return(0);
2735 }
2736 return(1);
2737 }
2738
2739long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2740 {
2741 CERT *cert;
2742
2743 cert=ctx->cert;
2744
2745 switch (cmd)
2746 {
2747#ifndef OPENSSL_NO_RSA
2748 case SSL_CTRL_SET_TMP_RSA_CB:
2749 {
2750 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2751 }
2752 break;
2753#endif
2754#ifndef OPENSSL_NO_DH
2755 case SSL_CTRL_SET_TMP_DH_CB:
2756 {
2757 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2758 }
2759 break;
2760#endif
2761#ifndef OPENSSL_NO_ECDH
2762 case SSL_CTRL_SET_TMP_ECDH_CB:
2763 {
2764 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2765 }
2766 break;
2767#endif
2768#ifndef OPENSSL_NO_TLSEXT
2769 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2770 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2771 break;
2772
2773#ifdef TLSEXT_TYPE_opaque_prf_input
2774 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2775 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2776 break;
2777#endif
2778
2779 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2780 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2781 break;
2782
2783 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2784 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
2785 unsigned char *,
2786 EVP_CIPHER_CTX *,
2787 HMAC_CTX *, int))fp;
2788 break;
2789
2790#endif
2791 default:
2792 return(0);
2793 }
2794 return(1);
2795 }
2796
2797/* This function needs to check if the ciphers required are actually
2798 * available */
2799const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2800 {
2801 SSL_CIPHER c;
2802 const SSL_CIPHER *cp;
2803 unsigned long id;
2804
2805 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2806 c.id=id;
2807 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2808 if (cp == NULL || cp->valid == 0)
2809 return NULL;
2810 else
2811 return cp;
2812 }
2813
2814int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2815 {
2816 long l;
2817
2818 if (p != NULL)
2819 {
2820 l=c->id;
2821 if ((l & 0xff000000) != 0x03000000) return(0);
2822 p[0]=((unsigned char)(l>> 8L))&0xFF;
2823 p[1]=((unsigned char)(l ))&0xFF;
2824 }
2825 return(2);
2826 }
2827
2828SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2829 STACK_OF(SSL_CIPHER) *srvr)
2830 {
2831 SSL_CIPHER *c,*ret=NULL;
2832 STACK_OF(SSL_CIPHER) *prio, *allow;
2833 int i,ii,ok;
2834#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2835 unsigned int j;
2836 int ec_ok, ec_nid;
2837 unsigned char ec_search1 = 0, ec_search2 = 0;
2838#endif
2839 CERT *cert;
2840 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2841
2842 /* Let's see which ciphers we can support */
2843 cert=s->cert;
2844
2845#if 0
2846 /* Do not set the compare functions, because this may lead to a
2847 * reordering by "id". We want to keep the original ordering.
2848 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2849 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2850 */
2851 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2852 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2853#endif
2854
2855#ifdef CIPHER_DEBUG
2856 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2857 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2858 {
2859 c=sk_SSL_CIPHER_value(srvr,i);
2860 printf("%p:%s\n",(void *)c,c->name);
2861 }
2862 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2863 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2864 {
2865 c=sk_SSL_CIPHER_value(clnt,i);
2866 printf("%p:%s\n",(void *)c,c->name);
2867 }
2868#endif
2869
2870 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2871 {
2872 prio = srvr;
2873 allow = clnt;
2874 }
2875 else
2876 {
2877 prio = clnt;
2878 allow = srvr;
2879 }
2880
2881 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2882 {
2883 c=sk_SSL_CIPHER_value(prio,i);
2884
2885 ssl_set_cert_masks(cert,c);
2886 mask_k = cert->mask_k;
2887 mask_a = cert->mask_a;
2888 emask_k = cert->export_mask_k;
2889 emask_a = cert->export_mask_a;
2890
2891#ifdef KSSL_DEBUG
2892/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2893#endif /* KSSL_DEBUG */
2894
2895 alg_k=c->algorithm_mkey;
2896 alg_a=c->algorithm_auth;
2897
2898#ifndef OPENSSL_NO_KRB5
2899 if (alg_k & SSL_kKRB5)
2900 {
2901 if ( !kssl_keytab_is_available(s->kssl_ctx) )
2902 continue;
2903 }
2904#endif /* OPENSSL_NO_KRB5 */
2905#ifndef OPENSSL_NO_PSK
2906 /* with PSK there must be server callback set */
2907 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2908 continue;
2909#endif /* OPENSSL_NO_PSK */
2910
2911 if (SSL_C_IS_EXPORT(c))
2912 {
2913 ok = (alg_k & emask_k) && (alg_a & emask_a);
2914#ifdef CIPHER_DEBUG
2915 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2916 (void *)c,c->name);
2917#endif
2918 }
2919 else
2920 {
2921 ok = (alg_k & mask_k) && (alg_a & mask_a);
2922#ifdef CIPHER_DEBUG
2923 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2924 c->name);
2925#endif
2926 }
2927
2928#ifndef OPENSSL_NO_TLSEXT
2929#ifndef OPENSSL_NO_EC
2930 if (
2931 /* if we are considering an ECC cipher suite that uses our certificate */
2932 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2933 /* and we have an ECC certificate */
2934 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2935 /* and the client specified a Supported Point Formats extension */
2936 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2937 /* and our certificate's point is compressed */
2938 && (
2939 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2940 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2941 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2942 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2943 && (
2944 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2945 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2946 )
2947 )
2948 )
2949 {
2950 ec_ok = 0;
2951 /* if our certificate's curve is over a field type that the client does not support
2952 * then do not allow this cipher suite to be negotiated */
2953 if (
2954 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2955 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2956 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2957 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2958 )
2959 {
2960 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2961 {
2962 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2963 {
2964 ec_ok = 1;
2965 break;
2966 }
2967 }
2968 }
2969 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2970 {
2971 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2972 {
2973 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2974 {
2975 ec_ok = 1;
2976 break;
2977 }
2978 }
2979 }
2980 ok = ok && ec_ok;
2981 }
2982 if (
2983 /* if we are considering an ECC cipher suite that uses our certificate */
2984 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2985 /* and we have an ECC certificate */
2986 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2987 /* and the client specified an EllipticCurves extension */
2988 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2989 )
2990 {
2991 ec_ok = 0;
2992 if (
2993 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2994 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2995 )
2996 {
2997 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2998 if ((ec_nid == 0)
2999 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3000 )
3001 {
3002 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3003 {
3004 ec_search1 = 0xFF;
3005 ec_search2 = 0x01;
3006 }
3007 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3008 {
3009 ec_search1 = 0xFF;
3010 ec_search2 = 0x02;
3011 }
3012 }
3013 else
3014 {
3015 ec_search1 = 0x00;
3016 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3017 }
3018 if ((ec_search1 != 0) || (ec_search2 != 0))
3019 {
3020 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3021 {
3022 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3023 {
3024 ec_ok = 1;
3025 break;
3026 }
3027 }
3028 }
3029 }
3030 ok = ok && ec_ok;
3031 }
3032 if (
3033 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3034 (alg_k & SSL_kEECDH)
3035 /* and we have an ephemeral EC key */
3036 && (s->cert->ecdh_tmp != NULL)
3037 /* and the client specified an EllipticCurves extension */
3038 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3039 )
3040 {
3041 ec_ok = 0;
3042 if (s->cert->ecdh_tmp->group != NULL)
3043 {
3044 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3045 if ((ec_nid == 0)
3046 && (s->cert->ecdh_tmp->group->meth != NULL)
3047 )
3048 {
3049 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3050 {
3051 ec_search1 = 0xFF;
3052 ec_search2 = 0x01;
3053 }
3054 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3055 {
3056 ec_search1 = 0xFF;
3057 ec_search2 = 0x02;
3058 }
3059 }
3060 else
3061 {
3062 ec_search1 = 0x00;
3063 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3064 }
3065 if ((ec_search1 != 0) || (ec_search2 != 0))
3066 {
3067 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3068 {
3069 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3070 {
3071 ec_ok = 1;
3072 break;
3073 }
3074 }
3075 }
3076 }
3077 ok = ok && ec_ok;
3078 }
3079#endif /* OPENSSL_NO_EC */
3080#endif /* OPENSSL_NO_TLSEXT */
3081
3082 if (!ok) continue;
3083 ii=sk_SSL_CIPHER_find(allow,c);
3084 if (ii >= 0)
3085 {
3086 ret=sk_SSL_CIPHER_value(allow,ii);
3087 break;
3088 }
3089 }
3090 return(ret);
3091 }
3092
3093int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3094 {
3095 int ret=0;
3096 unsigned long alg_k;
3097
3098 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3099
3100#ifndef OPENSSL_NO_GOST
3101 if (s->version >= TLS1_VERSION)
3102 {
3103 if (alg_k & SSL_kGOST)
3104 {
3105 p[ret++]=TLS_CT_GOST94_SIGN;
3106 p[ret++]=TLS_CT_GOST01_SIGN;
3107 return(ret);
3108 }
3109 }
3110#endif
3111
3112#ifndef OPENSSL_NO_DH
3113 if (alg_k & (SSL_kDHr|SSL_kEDH))
3114 {
3115# ifndef OPENSSL_NO_RSA
3116 p[ret++]=SSL3_CT_RSA_FIXED_DH;
3117# endif
3118# ifndef OPENSSL_NO_DSA
3119 p[ret++]=SSL3_CT_DSS_FIXED_DH;
3120# endif
3121 }
3122 if ((s->version == SSL3_VERSION) &&
3123 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3124 {
3125# ifndef OPENSSL_NO_RSA
3126 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3127# endif
3128# ifndef OPENSSL_NO_DSA
3129 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3130# endif
3131 }
3132#endif /* !OPENSSL_NO_DH */
3133#ifndef OPENSSL_NO_RSA
3134 p[ret++]=SSL3_CT_RSA_SIGN;
3135#endif
3136#ifndef OPENSSL_NO_DSA
3137 p[ret++]=SSL3_CT_DSS_SIGN;
3138#endif
3139#ifndef OPENSSL_NO_ECDH
3140 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3141 {
3142 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3143 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3144 }
3145#endif
3146
3147#ifndef OPENSSL_NO_ECDSA
3148 /* ECDSA certs can be used with RSA cipher suites as well
3149 * so we don't need to check for SSL_kECDH or SSL_kEECDH
3150 */
3151 if (s->version >= TLS1_VERSION)
3152 {
3153 p[ret++]=TLS_CT_ECDSA_SIGN;
3154 }
3155#endif
3156 return(ret);
3157 }
3158
3159int ssl3_shutdown(SSL *s)
3160 {
3161 int ret;
3162
3163 /* Don't do anything much if we have not done the handshake or
3164 * we don't want to send messages :-) */
3165 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3166 {
3167 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3168 return(1);
3169 }
3170
3171 if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3172 {
3173 s->shutdown|=SSL_SENT_SHUTDOWN;
3174#if 1
3175 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3176#endif
3177 /* our shutdown alert has been sent now, and if it still needs
3178 * to be written, s->s3->alert_dispatch will be true */
3179 if (s->s3->alert_dispatch)
3180 return(-1); /* return WANT_WRITE */
3181 }
3182 else if (s->s3->alert_dispatch)
3183 {
3184 /* resend it if not sent */
3185#if 1
3186 ret=s->method->ssl_dispatch_alert(s);
3187 if(ret == -1)
3188 {
3189 /* we only get to return -1 here the 2nd/Nth
3190 * invocation, we must have already signalled
3191 * return 0 upon a previous invoation,
3192 * return WANT_WRITE */
3193 return(ret);
3194 }
3195#endif
3196 }
3197 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3198 {
3199 /* If we are waiting for a close from our peer, we are closed */
3200 s->method->ssl_read_bytes(s,0,NULL,0,0);
3201 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3202 {
3203 return(-1); /* return WANT_READ */
3204 }
3205 }
3206
3207 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3208 !s->s3->alert_dispatch)
3209 return(1);
3210 else
3211 return(0);
3212 }
3213
3214int ssl3_write(SSL *s, const void *buf, int len)
3215 {
3216 int ret,n;
3217
3218#if 0
3219 if (s->shutdown & SSL_SEND_SHUTDOWN)
3220 {
3221 s->rwstate=SSL_NOTHING;
3222 return(0);
3223 }
3224#endif
3225 clear_sys_error();
3226 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3227
3228 /* This is an experimental flag that sends the
3229 * last handshake message in the same packet as the first
3230 * use data - used to see if it helps the TCP protocol during
3231 * session-id reuse */
3232 /* The second test is because the buffer may have been removed */
3233 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3234 {
3235 /* First time through, we write into the buffer */
3236 if (s->s3->delay_buf_pop_ret == 0)
3237 {
3238 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3239 buf,len);
3240 if (ret <= 0) return(ret);
3241
3242 s->s3->delay_buf_pop_ret=ret;
3243 }
3244
3245 s->rwstate=SSL_WRITING;
3246 n=BIO_flush(s->wbio);
3247 if (n <= 0) return(n);
3248 s->rwstate=SSL_NOTHING;
3249
3250 /* We have flushed the buffer, so remove it */
3251 ssl_free_wbio_buffer(s);
3252 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3253
3254 ret=s->s3->delay_buf_pop_ret;
3255 s->s3->delay_buf_pop_ret=0;
3256 }
3257 else
3258 {
3259 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3260 buf,len);
3261 if (ret <= 0) return(ret);
3262 }
3263
3264 return(ret);
3265 }
3266
3267static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3268 {
3269 int ret;
3270
3271 clear_sys_error();
3272 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3273 s->s3->in_read_app_data=1;
3274 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3275 if ((ret == -1) && (s->s3->in_read_app_data == 2))
3276 {
3277 /* ssl3_read_bytes decided to call s->handshake_func, which
3278 * called ssl3_read_bytes to read handshake data.
3279 * However, ssl3_read_bytes actually found application data
3280 * and thinks that application data makes sense here; so disable
3281 * handshake processing and try to read application data again. */
3282 s->in_handshake++;
3283 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3284 s->in_handshake--;
3285 }
3286 else
3287 s->s3->in_read_app_data=0;
3288
3289 return(ret);
3290 }
3291
3292int ssl3_read(SSL *s, void *buf, int len)
3293 {
3294 return ssl3_read_internal(s, buf, len, 0);
3295 }
3296
3297int ssl3_peek(SSL *s, void *buf, int len)
3298 {
3299 return ssl3_read_internal(s, buf, len, 1);
3300 }
3301
3302int ssl3_renegotiate(SSL *s)
3303 {
3304 if (s->handshake_func == NULL)
3305 return(1);
3306
3307 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3308 return(0);
3309
3310 s->s3->renegotiate=1;
3311 return(1);
3312 }
3313
3314int ssl3_renegotiate_check(SSL *s)
3315 {
3316 int ret=0;
3317
3318 if (s->s3->renegotiate)
3319 {
3320 if ( (s->s3->rbuf.left == 0) &&
3321 (s->s3->wbuf.left == 0) &&
3322 !SSL_in_init(s))
3323 {
3324/*
3325if we are the server, and we have sent a 'RENEGOTIATE' message, we
3326need to go to SSL_ST_ACCEPT.
3327*/
3328 /* SSL_ST_ACCEPT */
3329 s->state=SSL_ST_RENEGOTIATE;
3330 s->s3->renegotiate=0;
3331 s->s3->num_renegotiations++;
3332 s->s3->total_renegotiations++;
3333 ret=1;
3334 }
3335 }
3336 return(ret);
3337 }
3338
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
deleted file mode 100644
index f9b3629cf7..0000000000
--- a/src/lib/libssl/s3_pkt.c
+++ /dev/null
@@ -1,1459 +0,0 @@
1/* ssl/s3_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <errno.h>
114#define USE_SOCKETS
115#include "ssl_locl.h"
116#include <openssl/evp.h>
117#include <openssl/buffer.h>
118
119static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
120 unsigned int len, int create_empty_fragment);
121static int ssl3_get_record(SSL *s);
122
123int ssl3_read_n(SSL *s, int n, int max, int extend)
124 {
125 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
126 * packet by another n bytes.
127 * The packet will be in the sub-array of s->s3->rbuf.buf specified
128 * by s->packet and s->packet_length.
129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
130 * [plus s->packet_length bytes if extend == 1].)
131 */
132 int i,len,left;
133 long align=0;
134 unsigned char *pkt;
135 SSL3_BUFFER *rb;
136
137 if (n <= 0) return n;
138
139 rb = &(s->s3->rbuf);
140 if (rb->buf == NULL)
141 if (!ssl3_setup_read_buffer(s))
142 return -1;
143
144 left = rb->left;
145#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
146 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
147 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
148#endif
149
150 if (!extend)
151 {
152 /* start with empty packet ... */
153 if (left == 0)
154 rb->offset = align;
155 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
156 {
157 /* check if next packet length is large
158 * enough to justify payload alignment... */
159 pkt = rb->buf + rb->offset;
160 if (pkt[0] == SSL3_RT_APPLICATION_DATA
161 && (pkt[3]<<8|pkt[4]) >= 128)
162 {
163 /* Note that even if packet is corrupted
164 * and its length field is insane, we can
165 * only be led to wrong decision about
166 * whether memmove will occur or not.
167 * Header values has no effect on memmove
168 * arguments and therefore no buffer
169 * overrun can be triggered. */
170 memmove (rb->buf+align,pkt,left);
171 rb->offset = align;
172 }
173 }
174 s->packet = rb->buf + rb->offset;
175 s->packet_length = 0;
176 /* ... now we can act as if 'extend' was set */
177 }
178
179 /* For DTLS/UDP reads should not span multiple packets
180 * because the read operation returns the whole packet
181 * at once (as long as it fits into the buffer). */
182 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
183 {
184 if (left > 0 && n > left)
185 n = left;
186 }
187
188 /* if there is enough in the buffer from a previous read, take some */
189 if (left >= n)
190 {
191 s->packet_length+=n;
192 rb->left=left-n;
193 rb->offset+=n;
194 return(n);
195 }
196
197 /* else we need to read more data */
198
199 len = s->packet_length;
200 pkt = rb->buf+align;
201 /* Move any available bytes to front of buffer:
202 * 'len' bytes already pointed to by 'packet',
203 * 'left' extra ones at the end */
204 if (s->packet != pkt) /* len > 0 */
205 {
206 memmove(pkt, s->packet, len+left);
207 s->packet = pkt;
208 rb->offset = len + align;
209 }
210
211 if (n > (int)(rb->len - rb->offset)) /* does not happen */
212 {
213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
214 return -1;
215 }
216
217 if (!s->read_ahead)
218 /* ignore max parameter */
219 max = n;
220 else
221 {
222 if (max < n)
223 max = n;
224 if (max > (int)(rb->len - rb->offset))
225 max = rb->len - rb->offset;
226 }
227
228 while (left < n)
229 {
230 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
231 * and need to read in more until we have len+n (up to
232 * len+max if possible) */
233
234 clear_sys_error();
235 if (s->rbio != NULL)
236 {
237 s->rwstate=SSL_READING;
238 i=BIO_read(s->rbio,pkt+len+left, max-left);
239 }
240 else
241 {
242 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
243 i = -1;
244 }
245
246 if (i <= 0)
247 {
248 rb->left = left;
249 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
250 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
251 if (len+left == 0)
252 ssl3_release_read_buffer(s);
253 return(i);
254 }
255 left+=i;
256 /* reads should *never* span multiple packets for DTLS because
257 * the underlying transport protocol is message oriented as opposed
258 * to byte oriented as in the TLS case. */
259 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
260 {
261 if (n > left)
262 n = left; /* makes the while condition false */
263 }
264 }
265
266 /* done reading, now the book-keeping */
267 rb->offset += n;
268 rb->left = left - n;
269 s->packet_length += n;
270 s->rwstate=SSL_NOTHING;
271 return(n);
272 }
273
274/* Call this to get a new input record.
275 * It will return <= 0 if more data is needed, normally due to an error
276 * or non-blocking IO.
277 * When it finishes, one packet has been decoded and can be found in
278 * ssl->s3->rrec.type - is the type of record
279 * ssl->s3->rrec.data, - data
280 * ssl->s3->rrec.length, - number of bytes
281 */
282/* used only by ssl3_read_bytes */
283static int ssl3_get_record(SSL *s)
284 {
285 int ssl_major,ssl_minor,al;
286 int enc_err,n,i,ret= -1;
287 SSL3_RECORD *rr;
288 SSL_SESSION *sess;
289 unsigned char *p;
290 unsigned char md[EVP_MAX_MD_SIZE];
291 short version;
292 int mac_size;
293 int clear=0;
294 size_t extra;
295 int decryption_failed_or_bad_record_mac = 0;
296 unsigned char *mac = NULL;
297
298 rr= &(s->s3->rrec);
299 sess=s->session;
300
301 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
302 extra=SSL3_RT_MAX_EXTRA;
303 else
304 extra=0;
305 if (extra && !s->s3->init_extra)
306 {
307 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
308 * set after ssl3_setup_buffers() was done */
309 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
310 return -1;
311 }
312
313again:
314 /* check if we have the header */
315 if ( (s->rstate != SSL_ST_READ_BODY) ||
316 (s->packet_length < SSL3_RT_HEADER_LENGTH))
317 {
318 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
319 if (n <= 0) return(n); /* error or non-blocking */
320 s->rstate=SSL_ST_READ_BODY;
321
322 p=s->packet;
323
324 /* Pull apart the header into the SSL3_RECORD */
325 rr->type= *(p++);
326 ssl_major= *(p++);
327 ssl_minor= *(p++);
328 version=(ssl_major<<8)|ssl_minor;
329 n2s(p,rr->length);
330#if 0
331fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
332#endif
333
334 /* Lets check version */
335 if (!s->first_packet)
336 {
337 if (version != s->version)
338 {
339 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
340 if ((s->version & 0xFF00) == (version & 0xFF00))
341 /* Send back error using their minor version number :-) */
342 s->version = (unsigned short)version;
343 al=SSL_AD_PROTOCOL_VERSION;
344 goto f_err;
345 }
346 }
347
348 if ((version>>8) != SSL3_VERSION_MAJOR)
349 {
350 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
351 goto err;
352 }
353
354 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
355 {
356 al=SSL_AD_RECORD_OVERFLOW;
357 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
358 goto f_err;
359 }
360
361 /* now s->rstate == SSL_ST_READ_BODY */
362 }
363
364 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
365
366 if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
367 {
368 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
369 i=rr->length;
370 n=ssl3_read_n(s,i,i,1);
371 if (n <= 0) return(n); /* error or non-blocking io */
372 /* now n == rr->length,
373 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
374 }
375
376 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
377
378 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
379 * and we have that many bytes in s->packet
380 */
381 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
382
383 /* ok, we can now read from 's->packet' data into 'rr'
384 * rr->input points at rr->length bytes, which
385 * need to be copied into rr->data by either
386 * the decryption or by the decompression
387 * When the data is 'copied' into the rr->data buffer,
388 * rr->input will be pointed at the new buffer */
389
390 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
391 * rr->length bytes of encrypted compressed stuff. */
392
393 /* check is not needed I believe */
394 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
395 {
396 al=SSL_AD_RECORD_OVERFLOW;
397 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
398 goto f_err;
399 }
400
401 /* decrypt in place in 'rr->input' */
402 rr->data=rr->input;
403
404 enc_err = s->method->ssl3_enc->enc(s,0);
405 if (enc_err <= 0)
406 {
407 if (enc_err == 0)
408 /* SSLerr() and ssl3_send_alert() have been called */
409 goto err;
410
411 /* Otherwise enc_err == -1, which indicates bad padding
412 * (rec->length has not been changed in this case).
413 * To minimize information leaked via timing, we will perform
414 * the MAC computation anyway. */
415 decryption_failed_or_bad_record_mac = 1;
416 }
417
418#ifdef TLS_DEBUG
419printf("dec %d\n",rr->length);
420{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
421printf("\n");
422#endif
423
424 /* r->length is now the compressed data plus mac */
425 if ( (sess == NULL) ||
426 (s->enc_read_ctx == NULL) ||
427 (EVP_MD_CTX_md(s->read_hash) == NULL))
428 clear=1;
429
430 if (!clear)
431 {
432 /* !clear => s->read_hash != NULL => mac_size != -1 */
433 mac_size=EVP_MD_CTX_size(s->read_hash);
434 OPENSSL_assert(mac_size >= 0);
435
436 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
437 {
438#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
439 al=SSL_AD_RECORD_OVERFLOW;
440 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
441 goto f_err;
442#else
443 decryption_failed_or_bad_record_mac = 1;
444#endif
445 }
446 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
447 if (rr->length >= (unsigned int)mac_size)
448 {
449 rr->length -= mac_size;
450 mac = &rr->data[rr->length];
451 }
452 else
453 {
454 /* record (minus padding) is too short to contain a MAC */
455#if 0 /* OK only for stream ciphers */
456 al=SSL_AD_DECODE_ERROR;
457 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
458 goto f_err;
459#else
460 decryption_failed_or_bad_record_mac = 1;
461 rr->length = 0;
462#endif
463 }
464 i=s->method->ssl3_enc->mac(s,md,0);
465 if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0)
466 {
467 decryption_failed_or_bad_record_mac = 1;
468 }
469 }
470
471 if (decryption_failed_or_bad_record_mac)
472 {
473 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
474 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
475 * failure is directly visible from the ciphertext anyway,
476 * we should not reveal which kind of error occured -- this
477 * might become visible to an attacker (e.g. via a logfile) */
478 al=SSL_AD_BAD_RECORD_MAC;
479 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
480 goto f_err;
481 }
482
483 /* r->length is now just compressed */
484 if (s->expand != NULL)
485 {
486 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
487 {
488 al=SSL_AD_RECORD_OVERFLOW;
489 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
490 goto f_err;
491 }
492 if (!ssl3_do_uncompress(s))
493 {
494 al=SSL_AD_DECOMPRESSION_FAILURE;
495 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
496 goto f_err;
497 }
498 }
499
500 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
501 {
502 al=SSL_AD_RECORD_OVERFLOW;
503 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
504 goto f_err;
505 }
506
507 rr->off=0;
508 /* So at this point the following is true
509 * ssl->s3->rrec.type is the type of record
510 * ssl->s3->rrec.length == number of bytes in record
511 * ssl->s3->rrec.off == offset to first valid byte
512 * ssl->s3->rrec.data == where to take bytes from, increment
513 * after use :-).
514 */
515
516 /* we have pulled in a full packet so zero things */
517 s->packet_length=0;
518
519 /* just read a 0 length packet */
520 if (rr->length == 0) goto again;
521
522#if 0
523fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
524#endif
525
526 return(1);
527
528f_err:
529 ssl3_send_alert(s,SSL3_AL_FATAL,al);
530err:
531 return(ret);
532 }
533
534int ssl3_do_uncompress(SSL *ssl)
535 {
536#ifndef OPENSSL_NO_COMP
537 int i;
538 SSL3_RECORD *rr;
539
540 rr= &(ssl->s3->rrec);
541 i=COMP_expand_block(ssl->expand,rr->comp,
542 SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
543 if (i < 0)
544 return(0);
545 else
546 rr->length=i;
547 rr->data=rr->comp;
548#endif
549 return(1);
550 }
551
552int ssl3_do_compress(SSL *ssl)
553 {
554#ifndef OPENSSL_NO_COMP
555 int i;
556 SSL3_RECORD *wr;
557
558 wr= &(ssl->s3->wrec);
559 i=COMP_compress_block(ssl->compress,wr->data,
560 SSL3_RT_MAX_COMPRESSED_LENGTH,
561 wr->input,(int)wr->length);
562 if (i < 0)
563 return(0);
564 else
565 wr->length=i;
566
567 wr->input=wr->data;
568#endif
569 return(1);
570 }
571
572/* Call this to write data in records of type 'type'
573 * It will return <= 0 if not all data has been sent or non-blocking IO.
574 */
575int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
576 {
577 const unsigned char *buf=buf_;
578 unsigned int tot,n,nw;
579 int i;
580
581 s->rwstate=SSL_NOTHING;
582 tot=s->s3->wnum;
583 s->s3->wnum=0;
584
585 if (SSL_in_init(s) && !s->in_handshake)
586 {
587 i=s->handshake_func(s);
588 if (i < 0) return(i);
589 if (i == 0)
590 {
591 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
592 return -1;
593 }
594 }
595
596 n=(len-tot);
597 for (;;)
598 {
599 if (n > s->max_send_fragment)
600 nw=s->max_send_fragment;
601 else
602 nw=n;
603
604 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
605 if (i <= 0)
606 {
607 s->s3->wnum=tot;
608 return i;
609 }
610
611 if ((i == (int)n) ||
612 (type == SSL3_RT_APPLICATION_DATA &&
613 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
614 {
615 /* next chunk of data should get another prepended empty fragment
616 * in ciphersuites with known-IV weakness: */
617 s->s3->empty_fragment_done = 0;
618
619 return tot+i;
620 }
621
622 n-=i;
623 tot+=i;
624 }
625 }
626
627static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
628 unsigned int len, int create_empty_fragment)
629 {
630 unsigned char *p,*plen;
631 int i,mac_size,clear=0;
632 int prefix_len=0;
633 long align=0;
634 SSL3_RECORD *wr;
635 SSL3_BUFFER *wb=&(s->s3->wbuf);
636 SSL_SESSION *sess;
637
638 if (wb->buf == NULL)
639 if (!ssl3_setup_write_buffer(s))
640 return -1;
641
642 /* first check if there is a SSL3_BUFFER still being written
643 * out. This will happen with non blocking IO */
644 if (wb->left != 0)
645 return(ssl3_write_pending(s,type,buf,len));
646
647 /* If we have an alert to send, lets send it */
648 if (s->s3->alert_dispatch)
649 {
650 i=s->method->ssl_dispatch_alert(s);
651 if (i <= 0)
652 return(i);
653 /* if it went, fall through and send more stuff */
654 }
655
656 if (len == 0 && !create_empty_fragment)
657 return 0;
658
659 wr= &(s->s3->wrec);
660 sess=s->session;
661
662 if ( (sess == NULL) ||
663 (s->enc_write_ctx == NULL) ||
664 (EVP_MD_CTX_md(s->write_hash) == NULL))
665 clear=1;
666
667 if (clear)
668 mac_size=0;
669 else
670 {
671 mac_size=EVP_MD_CTX_size(s->write_hash);
672 if (mac_size < 0)
673 goto err;
674 }
675
676 /* 'create_empty_fragment' is true only when this function calls itself */
677 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
678 {
679 /* countermeasure against known-IV weakness in CBC ciphersuites
680 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
681
682 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
683 {
684 /* recursive function call with 'create_empty_fragment' set;
685 * this prepares and buffers the data for an empty fragment
686 * (these 'prefix_len' bytes are sent out later
687 * together with the actual payload) */
688 prefix_len = do_ssl3_write(s, type, buf, 0, 1);
689 if (prefix_len <= 0)
690 goto err;
691
692 if (prefix_len >
693 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
694 {
695 /* insufficient space */
696 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
697 goto err;
698 }
699 }
700
701 s->s3->empty_fragment_done = 1;
702 }
703
704 if (create_empty_fragment)
705 {
706#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
707 /* extra fragment would be couple of cipher blocks,
708 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
709 * if we want to align the real payload, then we can
710 * just pretent we simply have two headers. */
711 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
712 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
713#endif
714 p = wb->buf + align;
715 wb->offset = align;
716 }
717 else if (prefix_len)
718 {
719 p = wb->buf + wb->offset + prefix_len;
720 }
721 else
722 {
723#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
724 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
725 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
726#endif
727 p = wb->buf + align;
728 wb->offset = align;
729 }
730
731 /* write the header */
732
733 *(p++)=type&0xff;
734 wr->type=type;
735
736 *(p++)=(s->version>>8);
737 *(p++)=s->version&0xff;
738
739 /* field where we are to write out packet length */
740 plen=p;
741 p+=2;
742
743 /* lets setup the record stuff. */
744 wr->data=p;
745 wr->length=(int)len;
746 wr->input=(unsigned char *)buf;
747
748 /* we now 'read' from wr->input, wr->length bytes into
749 * wr->data */
750
751 /* first we compress */
752 if (s->compress != NULL)
753 {
754 if (!ssl3_do_compress(s))
755 {
756 SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
757 goto err;
758 }
759 }
760 else
761 {
762 memcpy(wr->data,wr->input,wr->length);
763 wr->input=wr->data;
764 }
765
766 /* we should still have the output to wr->data and the input
767 * from wr->input. Length should be wr->length.
768 * wr->data still points in the wb->buf */
769
770 if (mac_size != 0)
771 {
772 if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
773 goto err;
774 wr->length+=mac_size;
775 wr->input=p;
776 wr->data=p;
777 }
778
779 /* ssl3_enc can only have an error on read */
780 s->method->ssl3_enc->enc(s,1);
781
782 /* record length after mac and block padding */
783 s2n(wr->length,plen);
784
785 /* we should now have
786 * wr->data pointing to the encrypted data, which is
787 * wr->length long */
788 wr->type=type; /* not needed but helps for debugging */
789 wr->length+=SSL3_RT_HEADER_LENGTH;
790
791 if (create_empty_fragment)
792 {
793 /* we are in a recursive call;
794 * just return the length, don't write out anything here
795 */
796 return wr->length;
797 }
798
799 /* now let's set up wb */
800 wb->left = prefix_len + wr->length;
801
802 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
803 s->s3->wpend_tot=len;
804 s->s3->wpend_buf=buf;
805 s->s3->wpend_type=type;
806 s->s3->wpend_ret=len;
807
808 /* we now just need to write the buffer */
809 return ssl3_write_pending(s,type,buf,len);
810err:
811 return -1;
812 }
813
814/* if s->s3->wbuf.left != 0, we need to call this */
815int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
816 unsigned int len)
817 {
818 int i;
819 SSL3_BUFFER *wb=&(s->s3->wbuf);
820
821/* XXXX */
822 if ((s->s3->wpend_tot > (int)len)
823 || ((s->s3->wpend_buf != buf) &&
824 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
825 || (s->s3->wpend_type != type))
826 {
827 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
828 return(-1);
829 }
830
831 for (;;)
832 {
833 clear_sys_error();
834 if (s->wbio != NULL)
835 {
836 s->rwstate=SSL_WRITING;
837 i=BIO_write(s->wbio,
838 (char *)&(wb->buf[wb->offset]),
839 (unsigned int)wb->left);
840 }
841 else
842 {
843 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
844 i= -1;
845 }
846 if (i == wb->left)
847 {
848 wb->left=0;
849 wb->offset+=i;
850 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
851 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
852 ssl3_release_write_buffer(s);
853 s->rwstate=SSL_NOTHING;
854 return(s->s3->wpend_ret);
855 }
856 else if (i <= 0) {
857 if (s->version == DTLS1_VERSION ||
858 s->version == DTLS1_BAD_VER) {
859 /* For DTLS, just drop it. That's kind of the whole
860 point in using a datagram service */
861 wb->left = 0;
862 }
863 return(i);
864 }
865 wb->offset+=i;
866 wb->left-=i;
867 }
868 }
869
870/* Return up to 'len' payload bytes received in 'type' records.
871 * 'type' is one of the following:
872 *
873 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
874 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
875 * - 0 (during a shutdown, no data has to be returned)
876 *
877 * If we don't have stored data to work from, read a SSL/TLS record first
878 * (possibly multiple records if we still don't have anything to return).
879 *
880 * This function must handle any surprises the peer may have for us, such as
881 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
882 * a surprise, but handled as if it were), or renegotiation requests.
883 * Also if record payloads contain fragments too small to process, we store
884 * them until there is enough for the respective protocol (the record protocol
885 * may use arbitrary fragmentation and even interleaving):
886 * Change cipher spec protocol
887 * just 1 byte needed, no need for keeping anything stored
888 * Alert protocol
889 * 2 bytes needed (AlertLevel, AlertDescription)
890 * Handshake protocol
891 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
892 * to detect unexpected Client Hello and Hello Request messages
893 * here, anything else is handled by higher layers
894 * Application data protocol
895 * none of our business
896 */
897int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
898 {
899 int al,i,j,ret;
900 unsigned int n;
901 SSL3_RECORD *rr;
902 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
903
904 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
905 if (!ssl3_setup_read_buffer(s))
906 return(-1);
907
908 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
909 (peek && (type != SSL3_RT_APPLICATION_DATA)))
910 {
911 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
912 return -1;
913 }
914
915 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
916 /* (partially) satisfy request from storage */
917 {
918 unsigned char *src = s->s3->handshake_fragment;
919 unsigned char *dst = buf;
920 unsigned int k;
921
922 /* peek == 0 */
923 n = 0;
924 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
925 {
926 *dst++ = *src++;
927 len--; s->s3->handshake_fragment_len--;
928 n++;
929 }
930 /* move any remaining fragment bytes: */
931 for (k = 0; k < s->s3->handshake_fragment_len; k++)
932 s->s3->handshake_fragment[k] = *src++;
933 return n;
934 }
935
936 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
937
938 if (!s->in_handshake && SSL_in_init(s))
939 {
940 /* type == SSL3_RT_APPLICATION_DATA */
941 i=s->handshake_func(s);
942 if (i < 0) return(i);
943 if (i == 0)
944 {
945 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
946 return(-1);
947 }
948 }
949start:
950 s->rwstate=SSL_NOTHING;
951
952 /* s->s3->rrec.type - is the type of record
953 * s->s3->rrec.data, - data
954 * s->s3->rrec.off, - offset into 'data' for next read
955 * s->s3->rrec.length, - number of bytes. */
956 rr = &(s->s3->rrec);
957
958 /* get new packet if necessary */
959 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
960 {
961 ret=ssl3_get_record(s);
962 if (ret <= 0) return(ret);
963 }
964
965 /* we now have a packet which can be read and processed */
966
967 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
968 * reset by ssl3_get_finished */
969 && (rr->type != SSL3_RT_HANDSHAKE))
970 {
971 al=SSL_AD_UNEXPECTED_MESSAGE;
972 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
973 goto f_err;
974 }
975
976 /* If the other end has shut down, throw anything we read away
977 * (even in 'peek' mode) */
978 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
979 {
980 rr->length=0;
981 s->rwstate=SSL_NOTHING;
982 return(0);
983 }
984
985
986 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
987 {
988 /* make sure that we are not getting application data when we
989 * are doing a handshake for the first time */
990 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
991 (s->enc_read_ctx == NULL))
992 {
993 al=SSL_AD_UNEXPECTED_MESSAGE;
994 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
995 goto f_err;
996 }
997
998 if (len <= 0) return(len);
999
1000 if ((unsigned int)len > rr->length)
1001 n = rr->length;
1002 else
1003 n = (unsigned int)len;
1004
1005 memcpy(buf,&(rr->data[rr->off]),n);
1006 if (!peek)
1007 {
1008 rr->length-=n;
1009 rr->off+=n;
1010 if (rr->length == 0)
1011 {
1012 s->rstate=SSL_ST_READ_HEADER;
1013 rr->off=0;
1014 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1015 ssl3_release_read_buffer(s);
1016 }
1017 }
1018 return(n);
1019 }
1020
1021
1022 /* If we get here, then type != rr->type; if we have a handshake
1023 * message, then it was unexpected (Hello Request or Client Hello). */
1024
1025 /* In case of record types for which we have 'fragment' storage,
1026 * fill that so that we can process the data at a fixed place.
1027 */
1028 {
1029 unsigned int dest_maxlen = 0;
1030 unsigned char *dest = NULL;
1031 unsigned int *dest_len = NULL;
1032
1033 if (rr->type == SSL3_RT_HANDSHAKE)
1034 {
1035 dest_maxlen = sizeof s->s3->handshake_fragment;
1036 dest = s->s3->handshake_fragment;
1037 dest_len = &s->s3->handshake_fragment_len;
1038 }
1039 else if (rr->type == SSL3_RT_ALERT)
1040 {
1041 dest_maxlen = sizeof s->s3->alert_fragment;
1042 dest = s->s3->alert_fragment;
1043 dest_len = &s->s3->alert_fragment_len;
1044 }
1045
1046 if (dest_maxlen > 0)
1047 {
1048 n = dest_maxlen - *dest_len; /* available space in 'dest' */
1049 if (rr->length < n)
1050 n = rr->length; /* available bytes */
1051
1052 /* now move 'n' bytes: */
1053 while (n-- > 0)
1054 {
1055 dest[(*dest_len)++] = rr->data[rr->off++];
1056 rr->length--;
1057 }
1058
1059 if (*dest_len < dest_maxlen)
1060 goto start; /* fragment was too small */
1061 }
1062 }
1063
1064 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1065 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1066 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1067
1068 /* If we are a client, check for an incoming 'Hello Request': */
1069 if ((!s->server) &&
1070 (s->s3->handshake_fragment_len >= 4) &&
1071 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1072 (s->session != NULL) && (s->session->cipher != NULL))
1073 {
1074 s->s3->handshake_fragment_len = 0;
1075
1076 if ((s->s3->handshake_fragment[1] != 0) ||
1077 (s->s3->handshake_fragment[2] != 0) ||
1078 (s->s3->handshake_fragment[3] != 0))
1079 {
1080 al=SSL_AD_DECODE_ERROR;
1081 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1082 goto f_err;
1083 }
1084
1085 if (s->msg_callback)
1086 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
1087
1088 if (SSL_is_init_finished(s) &&
1089 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1090 !s->s3->renegotiate)
1091 {
1092 ssl3_renegotiate(s);
1093 if (ssl3_renegotiate_check(s))
1094 {
1095 i=s->handshake_func(s);
1096 if (i < 0) return(i);
1097 if (i == 0)
1098 {
1099 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1100 return(-1);
1101 }
1102
1103 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1104 {
1105 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1106 {
1107 BIO *bio;
1108 /* In the case where we try to read application data,
1109 * but we trigger an SSL handshake, we return -1 with
1110 * the retry option set. Otherwise renegotiation may
1111 * cause nasty problems in the blocking world */
1112 s->rwstate=SSL_READING;
1113 bio=SSL_get_rbio(s);
1114 BIO_clear_retry_flags(bio);
1115 BIO_set_retry_read(bio);
1116 return(-1);
1117 }
1118 }
1119 }
1120 }
1121 /* we either finished a handshake or ignored the request,
1122 * now try again to obtain the (application) data we were asked for */
1123 goto start;
1124 }
1125 /* If we are a server and get a client hello when renegotiation isn't
1126 * allowed send back a no renegotiation alert and carry on.
1127 * WARNING: experimental code, needs reviewing (steve)
1128 */
1129 if (s->server &&
1130 SSL_is_init_finished(s) &&
1131 !s->s3->send_connection_binding &&
1132 (s->version > SSL3_VERSION) &&
1133 (s->s3->handshake_fragment_len >= 4) &&
1134 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1135 (s->session != NULL) && (s->session->cipher != NULL) &&
1136 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1137
1138 {
1139 /*s->s3->handshake_fragment_len = 0;*/
1140 rr->length = 0;
1141 ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1142 goto start;
1143 }
1144 if (s->s3->alert_fragment_len >= 2)
1145 {
1146 int alert_level = s->s3->alert_fragment[0];
1147 int alert_descr = s->s3->alert_fragment[1];
1148
1149 s->s3->alert_fragment_len = 0;
1150
1151 if (s->msg_callback)
1152 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1153
1154 if (s->info_callback != NULL)
1155 cb=s->info_callback;
1156 else if (s->ctx->info_callback != NULL)
1157 cb=s->ctx->info_callback;
1158
1159 if (cb != NULL)
1160 {
1161 j = (alert_level << 8) | alert_descr;
1162 cb(s, SSL_CB_READ_ALERT, j);
1163 }
1164
1165 if (alert_level == 1) /* warning */
1166 {
1167 s->s3->warn_alert = alert_descr;
1168 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1169 {
1170 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1171 return(0);
1172 }
1173 /* This is a warning but we receive it if we requested
1174 * renegotiation and the peer denied it. Terminate with
1175 * a fatal alert because if application tried to
1176 * renegotiatie it presumably had a good reason and
1177 * expects it to succeed.
1178 *
1179 * In future we might have a renegotiation where we
1180 * don't care if the peer refused it where we carry on.
1181 */
1182 else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
1183 {
1184 al = SSL_AD_HANDSHAKE_FAILURE;
1185 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1186 goto f_err;
1187 }
1188 }
1189 else if (alert_level == 2) /* fatal */
1190 {
1191 char tmp[16];
1192
1193 s->rwstate=SSL_NOTHING;
1194 s->s3->fatal_alert = alert_descr;
1195 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1196 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1197 ERR_add_error_data(2,"SSL alert number ",tmp);
1198 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1199 SSL_CTX_remove_session(s->ctx,s->session);
1200 return(0);
1201 }
1202 else
1203 {
1204 al=SSL_AD_ILLEGAL_PARAMETER;
1205 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1206 goto f_err;
1207 }
1208
1209 goto start;
1210 }
1211
1212 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1213 {
1214 s->rwstate=SSL_NOTHING;
1215 rr->length=0;
1216 return(0);
1217 }
1218
1219 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1220 {
1221 /* 'Change Cipher Spec' is just a single byte, so we know
1222 * exactly what the record payload has to look like */
1223 if ( (rr->length != 1) || (rr->off != 0) ||
1224 (rr->data[0] != SSL3_MT_CCS))
1225 {
1226 al=SSL_AD_ILLEGAL_PARAMETER;
1227 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1228 goto f_err;
1229 }
1230
1231 /* Check we have a cipher to change to */
1232 if (s->s3->tmp.new_cipher == NULL)
1233 {
1234 al=SSL_AD_UNEXPECTED_MESSAGE;
1235 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
1236 goto f_err;
1237 }
1238
1239 rr->length=0;
1240
1241 if (s->msg_callback)
1242 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1243
1244 s->s3->change_cipher_spec=1;
1245 if (!ssl3_do_change_cipher_spec(s))
1246 goto err;
1247 else
1248 goto start;
1249 }
1250
1251 /* Unexpected handshake message (Client Hello, or protocol violation) */
1252 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1253 {
1254 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1255 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1256 {
1257#if 0 /* worked only because C operator preferences are not as expected (and
1258 * because this is not really needed for clients except for detecting
1259 * protocol violations): */
1260 s->state=SSL_ST_BEFORE|(s->server)
1261 ?SSL_ST_ACCEPT
1262 :SSL_ST_CONNECT;
1263#else
1264 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1265#endif
1266 s->new_session=1;
1267 }
1268 i=s->handshake_func(s);
1269 if (i < 0) return(i);
1270 if (i == 0)
1271 {
1272 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1273 return(-1);
1274 }
1275
1276 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1277 {
1278 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1279 {
1280 BIO *bio;
1281 /* In the case where we try to read application data,
1282 * but we trigger an SSL handshake, we return -1 with
1283 * the retry option set. Otherwise renegotiation may
1284 * cause nasty problems in the blocking world */
1285 s->rwstate=SSL_READING;
1286 bio=SSL_get_rbio(s);
1287 BIO_clear_retry_flags(bio);
1288 BIO_set_retry_read(bio);
1289 return(-1);
1290 }
1291 }
1292 goto start;
1293 }
1294
1295 switch (rr->type)
1296 {
1297 default:
1298#ifndef OPENSSL_NO_TLS
1299 /* TLS just ignores unknown message types */
1300 if (s->version == TLS1_VERSION)
1301 {
1302 rr->length = 0;
1303 goto start;
1304 }
1305#endif
1306 al=SSL_AD_UNEXPECTED_MESSAGE;
1307 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1308 goto f_err;
1309 case SSL3_RT_CHANGE_CIPHER_SPEC:
1310 case SSL3_RT_ALERT:
1311 case SSL3_RT_HANDSHAKE:
1312 /* we already handled all of these, with the possible exception
1313 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1314 * should not happen when type != rr->type */
1315 al=SSL_AD_UNEXPECTED_MESSAGE;
1316 SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
1317 goto f_err;
1318 case SSL3_RT_APPLICATION_DATA:
1319 /* At this point, we were expecting handshake data,
1320 * but have application data. If the library was
1321 * running inside ssl3_read() (i.e. in_read_app_data
1322 * is set) and it makes sense to read application data
1323 * at this point (session renegotiation not yet started),
1324 * we will indulge it.
1325 */
1326 if (s->s3->in_read_app_data &&
1327 (s->s3->total_renegotiations != 0) &&
1328 ((
1329 (s->state & SSL_ST_CONNECT) &&
1330 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1331 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1332 ) || (
1333 (s->state & SSL_ST_ACCEPT) &&
1334 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1335 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1336 )
1337 ))
1338 {
1339 s->s3->in_read_app_data=2;
1340 return(-1);
1341 }
1342 else
1343 {
1344 al=SSL_AD_UNEXPECTED_MESSAGE;
1345 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1346 goto f_err;
1347 }
1348 }
1349 /* not reached */
1350
1351f_err:
1352 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1353err:
1354 return(-1);
1355 }
1356
1357int ssl3_do_change_cipher_spec(SSL *s)
1358 {
1359 int i;
1360 const char *sender;
1361 int slen;
1362
1363 if (s->state & SSL_ST_ACCEPT)
1364 i=SSL3_CHANGE_CIPHER_SERVER_READ;
1365 else
1366 i=SSL3_CHANGE_CIPHER_CLIENT_READ;
1367
1368 if (s->s3->tmp.key_block == NULL)
1369 {
1370 if (s->session == NULL)
1371 {
1372 /* might happen if dtls1_read_bytes() calls this */
1373 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
1374 return (0);
1375 }
1376
1377 s->session->cipher=s->s3->tmp.new_cipher;
1378 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1379 }
1380
1381 if (!s->method->ssl3_enc->change_cipher_state(s,i))
1382 return(0);
1383
1384 /* we have to record the message digest at
1385 * this point so we can get it before we read
1386 * the finished message */
1387 if (s->state & SSL_ST_CONNECT)
1388 {
1389 sender=s->method->ssl3_enc->server_finished_label;
1390 slen=s->method->ssl3_enc->server_finished_label_len;
1391 }
1392 else
1393 {
1394 sender=s->method->ssl3_enc->client_finished_label;
1395 slen=s->method->ssl3_enc->client_finished_label_len;
1396 }
1397
1398 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
1399 sender,slen,s->s3->tmp.peer_finish_md);
1400
1401 return(1);
1402 }
1403
1404int ssl3_send_alert(SSL *s, int level, int desc)
1405 {
1406 /* Map tls/ssl alert value to correct one */
1407 desc=s->method->ssl3_enc->alert_value(desc);
1408 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1409 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1410 if (desc < 0) return -1;
1411 /* If a fatal one, remove from cache */
1412 if ((level == 2) && (s->session != NULL))
1413 SSL_CTX_remove_session(s->ctx,s->session);
1414
1415 s->s3->alert_dispatch=1;
1416 s->s3->send_alert[0]=level;
1417 s->s3->send_alert[1]=desc;
1418 if (s->s3->wbuf.left == 0) /* data still being written out? */
1419 return s->method->ssl_dispatch_alert(s);
1420 /* else data is still being written out, we will get written
1421 * some time in the future */
1422 return -1;
1423 }
1424
1425int ssl3_dispatch_alert(SSL *s)
1426 {
1427 int i,j;
1428 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1429
1430 s->s3->alert_dispatch=0;
1431 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1432 if (i <= 0)
1433 {
1434 s->s3->alert_dispatch=1;
1435 }
1436 else
1437 {
1438 /* Alert sent to BIO. If it is important, flush it now.
1439 * If the message does not get sent due to non-blocking IO,
1440 * we will not worry too much. */
1441 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1442 (void)BIO_flush(s->wbio);
1443
1444 if (s->msg_callback)
1445 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
1446
1447 if (s->info_callback != NULL)
1448 cb=s->info_callback;
1449 else if (s->ctx->info_callback != NULL)
1450 cb=s->ctx->info_callback;
1451
1452 if (cb != NULL)
1453 {
1454 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1455 cb(s,SSL_CB_WRITE_ALERT,j);
1456 }
1457 }
1458 return(i);
1459 }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
deleted file mode 100644
index d734c359fb..0000000000
--- a/src/lib/libssl/s3_srvr.c
+++ /dev/null
@@ -1,3212 +0,0 @@
1/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#define REUSE_CIPHER_BUG
152#define NETSCAPE_HANG_BUG
153
154#include <stdio.h>
155#include "ssl_locl.h"
156#include "kssl_lcl.h"
157#include <openssl/buffer.h>
158#include <openssl/rand.h>
159#include <openssl/objects.h>
160#include <openssl/evp.h>
161#include <openssl/hmac.h>
162#include <openssl/x509.h>
163#ifndef OPENSSL_NO_DH
164#include <openssl/dh.h>
165#endif
166#include <openssl/bn.h>
167#ifndef OPENSSL_NO_KRB5
168#include <openssl/krb5_asn.h>
169#endif
170#include <openssl/md5.h>
171
172static const SSL_METHOD *ssl3_get_server_method(int ver);
173
174static const SSL_METHOD *ssl3_get_server_method(int ver)
175 {
176 if (ver == SSL3_VERSION)
177 return(SSLv3_server_method());
178 else
179 return(NULL);
180 }
181
182IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
183 ssl3_accept,
184 ssl_undefined_function,
185 ssl3_get_server_method)
186
187int ssl3_accept(SSL *s)
188 {
189 BUF_MEM *buf;
190 unsigned long alg_k,Time=(unsigned long)time(NULL);
191 void (*cb)(const SSL *ssl,int type,int val)=NULL;
192 int ret= -1;
193 int new_state,state,skip=0;
194
195 RAND_add(&Time,sizeof(Time),0);
196 ERR_clear_error();
197 clear_sys_error();
198
199 if (s->info_callback != NULL)
200 cb=s->info_callback;
201 else if (s->ctx->info_callback != NULL)
202 cb=s->ctx->info_callback;
203
204 /* init things to blank */
205 s->in_handshake++;
206 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
207
208 if (s->cert == NULL)
209 {
210 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
211 return(-1);
212 }
213
214 for (;;)
215 {
216 state=s->state;
217
218 switch (s->state)
219 {
220 case SSL_ST_RENEGOTIATE:
221 s->new_session=1;
222 /* s->state=SSL_ST_ACCEPT; */
223
224 case SSL_ST_BEFORE:
225 case SSL_ST_ACCEPT:
226 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
227 case SSL_ST_OK|SSL_ST_ACCEPT:
228
229 s->server=1;
230 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
231
232 if ((s->version>>8) != 3)
233 {
234 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
235 return -1;
236 }
237 s->type=SSL_ST_ACCEPT;
238
239 if (s->init_buf == NULL)
240 {
241 if ((buf=BUF_MEM_new()) == NULL)
242 {
243 ret= -1;
244 goto end;
245 }
246 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
247 {
248 ret= -1;
249 goto end;
250 }
251 s->init_buf=buf;
252 }
253
254 if (!ssl3_setup_buffers(s))
255 {
256 ret= -1;
257 goto end;
258 }
259
260 s->init_num=0;
261 s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
262
263 if (s->state != SSL_ST_RENEGOTIATE)
264 {
265 /* Ok, we now need to push on a buffering BIO so that
266 * the output is sent in a way that TCP likes :-)
267 */
268 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
269
270 ssl3_init_finished_mac(s);
271 s->state=SSL3_ST_SR_CLNT_HELLO_A;
272 s->ctx->stats.sess_accept++;
273 }
274 else if (!s->s3->send_connection_binding &&
275 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
276 {
277 /* Server attempting to renegotiate with
278 * client that doesn't support secure
279 * renegotiation.
280 */
281 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
282 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
283 ret = -1;
284 goto end;
285 }
286 else
287 {
288 /* s->state == SSL_ST_RENEGOTIATE,
289 * we will just send a HelloRequest */
290 s->ctx->stats.sess_accept_renegotiate++;
291 s->state=SSL3_ST_SW_HELLO_REQ_A;
292 }
293 break;
294
295 case SSL3_ST_SW_HELLO_REQ_A:
296 case SSL3_ST_SW_HELLO_REQ_B:
297
298 s->shutdown=0;
299 ret=ssl3_send_hello_request(s);
300 if (ret <= 0) goto end;
301 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
302 s->state=SSL3_ST_SW_FLUSH;
303 s->init_num=0;
304
305 ssl3_init_finished_mac(s);
306 break;
307
308 case SSL3_ST_SW_HELLO_REQ_C:
309 s->state=SSL_ST_OK;
310 break;
311
312 case SSL3_ST_SR_CLNT_HELLO_A:
313 case SSL3_ST_SR_CLNT_HELLO_B:
314 case SSL3_ST_SR_CLNT_HELLO_C:
315
316 s->shutdown=0;
317 ret=ssl3_get_client_hello(s);
318 if (ret <= 0) goto end;
319
320 s->new_session = 2;
321 s->state=SSL3_ST_SW_SRVR_HELLO_A;
322 s->init_num=0;
323 break;
324
325 case SSL3_ST_SW_SRVR_HELLO_A:
326 case SSL3_ST_SW_SRVR_HELLO_B:
327 ret=ssl3_send_server_hello(s);
328 if (ret <= 0) goto end;
329#ifndef OPENSSL_NO_TLSEXT
330 if (s->hit)
331 {
332 if (s->tlsext_ticket_expected)
333 s->state=SSL3_ST_SW_SESSION_TICKET_A;
334 else
335 s->state=SSL3_ST_SW_CHANGE_A;
336 }
337#else
338 if (s->hit)
339 s->state=SSL3_ST_SW_CHANGE_A;
340#endif
341 else
342 s->state=SSL3_ST_SW_CERT_A;
343 s->init_num=0;
344 break;
345
346 case SSL3_ST_SW_CERT_A:
347 case SSL3_ST_SW_CERT_B:
348 /* Check if it is anon DH or anon ECDH, */
349 /* normal PSK or KRB5 */
350 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
351 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
352 && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
353 {
354 ret=ssl3_send_server_certificate(s);
355 if (ret <= 0) goto end;
356#ifndef OPENSSL_NO_TLSEXT
357 if (s->tlsext_status_expected)
358 s->state=SSL3_ST_SW_CERT_STATUS_A;
359 else
360 s->state=SSL3_ST_SW_KEY_EXCH_A;
361 }
362 else
363 {
364 skip = 1;
365 s->state=SSL3_ST_SW_KEY_EXCH_A;
366 }
367#else
368 }
369 else
370 skip=1;
371
372 s->state=SSL3_ST_SW_KEY_EXCH_A;
373#endif
374 s->init_num=0;
375 break;
376
377 case SSL3_ST_SW_KEY_EXCH_A:
378 case SSL3_ST_SW_KEY_EXCH_B:
379 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
380
381 /* clear this, it may get reset by
382 * send_server_key_exchange */
383 if ((s->options & SSL_OP_EPHEMERAL_RSA)
384#ifndef OPENSSL_NO_KRB5
385 && !(alg_k & SSL_kKRB5)
386#endif /* OPENSSL_NO_KRB5 */
387 )
388 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
389 * even when forbidden by protocol specs
390 * (handshake may fail as clients are not required to
391 * be able to handle this) */
392 s->s3->tmp.use_rsa_tmp=1;
393 else
394 s->s3->tmp.use_rsa_tmp=0;
395
396
397 /* only send if a DH key exchange, fortezza or
398 * RSA but we have a sign only certificate
399 *
400 * PSK: may send PSK identity hints
401 *
402 * For ECC ciphersuites, we send a serverKeyExchange
403 * message only if the cipher suite is either
404 * ECDH-anon or ECDHE. In other cases, the
405 * server certificate contains the server's
406 * public key for key exchange.
407 */
408 if (s->s3->tmp.use_rsa_tmp
409 /* PSK: send ServerKeyExchange if PSK identity
410 * hint if provided */
411#ifndef OPENSSL_NO_PSK
412 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
413#endif
414 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
415 || (alg_k & SSL_kEECDH)
416 || ((alg_k & SSL_kRSA)
417 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
418 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
419 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
420 )
421 )
422 )
423 )
424 {
425 ret=ssl3_send_server_key_exchange(s);
426 if (ret <= 0) goto end;
427 }
428 else
429 skip=1;
430
431 s->state=SSL3_ST_SW_CERT_REQ_A;
432 s->init_num=0;
433 break;
434
435 case SSL3_ST_SW_CERT_REQ_A:
436 case SSL3_ST_SW_CERT_REQ_B:
437 if (/* don't request cert unless asked for it: */
438 !(s->verify_mode & SSL_VERIFY_PEER) ||
439 /* if SSL_VERIFY_CLIENT_ONCE is set,
440 * don't request cert during re-negotiation: */
441 ((s->session->peer != NULL) &&
442 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
443 /* never request cert in anonymous ciphersuites
444 * (see section "Certificate request" in SSL 3 drafts
445 * and in RFC 2246): */
446 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
447 /* ... except when the application insists on verification
448 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
449 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
450 /* never request cert in Kerberos ciphersuites */
451 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
452 /* With normal PSK Certificates and
453 * Certificate Requests are omitted */
454 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
455 {
456 /* no cert request */
457 skip=1;
458 s->s3->tmp.cert_request=0;
459 s->state=SSL3_ST_SW_SRVR_DONE_A;
460 }
461 else
462 {
463 s->s3->tmp.cert_request=1;
464 ret=ssl3_send_certificate_request(s);
465 if (ret <= 0) goto end;
466#ifndef NETSCAPE_HANG_BUG
467 s->state=SSL3_ST_SW_SRVR_DONE_A;
468#else
469 s->state=SSL3_ST_SW_FLUSH;
470 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
471#endif
472 s->init_num=0;
473 }
474 break;
475
476 case SSL3_ST_SW_SRVR_DONE_A:
477 case SSL3_ST_SW_SRVR_DONE_B:
478 ret=ssl3_send_server_done(s);
479 if (ret <= 0) goto end;
480 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
481 s->state=SSL3_ST_SW_FLUSH;
482 s->init_num=0;
483 break;
484
485 case SSL3_ST_SW_FLUSH:
486
487 /* This code originally checked to see if
488 * any data was pending using BIO_CTRL_INFO
489 * and then flushed. This caused problems
490 * as documented in PR#1939. The proposed
491 * fix doesn't completely resolve this issue
492 * as buggy implementations of BIO_CTRL_PENDING
493 * still exist. So instead we just flush
494 * unconditionally.
495 */
496
497 s->rwstate=SSL_WRITING;
498 if (BIO_flush(s->wbio) <= 0)
499 {
500 ret= -1;
501 goto end;
502 }
503 s->rwstate=SSL_NOTHING;
504
505 s->state=s->s3->tmp.next_state;
506 break;
507
508 case SSL3_ST_SR_CERT_A:
509 case SSL3_ST_SR_CERT_B:
510 /* Check for second client hello (MS SGC) */
511 ret = ssl3_check_client_hello(s);
512 if (ret <= 0)
513 goto end;
514 if (ret == 2)
515 s->state = SSL3_ST_SR_CLNT_HELLO_C;
516 else {
517 if (s->s3->tmp.cert_request)
518 {
519 ret=ssl3_get_client_certificate(s);
520 if (ret <= 0) goto end;
521 }
522 s->init_num=0;
523 s->state=SSL3_ST_SR_KEY_EXCH_A;
524 }
525 break;
526
527 case SSL3_ST_SR_KEY_EXCH_A:
528 case SSL3_ST_SR_KEY_EXCH_B:
529 ret=ssl3_get_client_key_exchange(s);
530 if (ret <= 0)
531 goto end;
532 if (ret == 2)
533 {
534 /* For the ECDH ciphersuites when
535 * the client sends its ECDH pub key in
536 * a certificate, the CertificateVerify
537 * message is not sent.
538 * Also for GOST ciphersuites when
539 * the client uses its key from the certificate
540 * for key exchange.
541 */
542 s->state=SSL3_ST_SR_FINISHED_A;
543 s->init_num = 0;
544 }
545 else
546 {
547 int offset=0;
548 int dgst_num;
549
550 s->state=SSL3_ST_SR_CERT_VRFY_A;
551 s->init_num=0;
552
553 /* We need to get hashes here so if there is
554 * a client cert, it can be verified
555 * FIXME - digest processing for CertificateVerify
556 * should be generalized. But it is next step
557 */
558 if (s->s3->handshake_buffer)
559 if (!ssl3_digest_cached_records(s))
560 return -1;
561 for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
562 if (s->s3->handshake_dgst[dgst_num])
563 {
564 int dgst_size;
565
566 s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
567 dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
568 if (dgst_size < 0)
569 {
570 ret = -1;
571 goto end;
572 }
573 offset+=dgst_size;
574 }
575 }
576 break;
577
578 case SSL3_ST_SR_CERT_VRFY_A:
579 case SSL3_ST_SR_CERT_VRFY_B:
580
581 /* we should decide if we expected this one */
582 ret=ssl3_get_cert_verify(s);
583 if (ret <= 0) goto end;
584
585 s->state=SSL3_ST_SR_FINISHED_A;
586 s->init_num=0;
587 break;
588
589 case SSL3_ST_SR_FINISHED_A:
590 case SSL3_ST_SR_FINISHED_B:
591 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
592 SSL3_ST_SR_FINISHED_B);
593 if (ret <= 0) goto end;
594#ifndef OPENSSL_NO_TLSEXT
595 if (s->tlsext_ticket_expected)
596 s->state=SSL3_ST_SW_SESSION_TICKET_A;
597 else if (s->hit)
598 s->state=SSL_ST_OK;
599#else
600 if (s->hit)
601 s->state=SSL_ST_OK;
602#endif
603 else
604 s->state=SSL3_ST_SW_CHANGE_A;
605 s->init_num=0;
606 break;
607
608#ifndef OPENSSL_NO_TLSEXT
609 case SSL3_ST_SW_SESSION_TICKET_A:
610 case SSL3_ST_SW_SESSION_TICKET_B:
611 ret=ssl3_send_newsession_ticket(s);
612 if (ret <= 0) goto end;
613 s->state=SSL3_ST_SW_CHANGE_A;
614 s->init_num=0;
615 break;
616
617 case SSL3_ST_SW_CERT_STATUS_A:
618 case SSL3_ST_SW_CERT_STATUS_B:
619 ret=ssl3_send_cert_status(s);
620 if (ret <= 0) goto end;
621 s->state=SSL3_ST_SW_KEY_EXCH_A;
622 s->init_num=0;
623 break;
624
625#endif
626
627 case SSL3_ST_SW_CHANGE_A:
628 case SSL3_ST_SW_CHANGE_B:
629
630 s->session->cipher=s->s3->tmp.new_cipher;
631 if (!s->method->ssl3_enc->setup_key_block(s))
632 { ret= -1; goto end; }
633
634 ret=ssl3_send_change_cipher_spec(s,
635 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
636
637 if (ret <= 0) goto end;
638 s->state=SSL3_ST_SW_FINISHED_A;
639 s->init_num=0;
640
641 if (!s->method->ssl3_enc->change_cipher_state(s,
642 SSL3_CHANGE_CIPHER_SERVER_WRITE))
643 {
644 ret= -1;
645 goto end;
646 }
647
648 break;
649
650 case SSL3_ST_SW_FINISHED_A:
651 case SSL3_ST_SW_FINISHED_B:
652 ret=ssl3_send_finished(s,
653 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
654 s->method->ssl3_enc->server_finished_label,
655 s->method->ssl3_enc->server_finished_label_len);
656 if (ret <= 0) goto end;
657 s->state=SSL3_ST_SW_FLUSH;
658 if (s->hit)
659 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
660 else
661 s->s3->tmp.next_state=SSL_ST_OK;
662 s->init_num=0;
663 break;
664
665 case SSL_ST_OK:
666 /* clean a few things up */
667 ssl3_cleanup_key_block(s);
668
669 BUF_MEM_free(s->init_buf);
670 s->init_buf=NULL;
671
672 /* remove buffering on output */
673 ssl_free_wbio_buffer(s);
674
675 s->init_num=0;
676
677 if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
678 {
679 /* actually not necessarily a 'new' session unless
680 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
681
682 s->new_session=0;
683
684 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
685
686 s->ctx->stats.sess_accept_good++;
687 /* s->server=1; */
688 s->handshake_func=ssl3_accept;
689
690 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
691 }
692
693 ret = 1;
694 goto end;
695 /* break; */
696
697 default:
698 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
699 ret= -1;
700 goto end;
701 /* break; */
702 }
703
704 if (!s->s3->tmp.reuse_message && !skip)
705 {
706 if (s->debug)
707 {
708 if ((ret=BIO_flush(s->wbio)) <= 0)
709 goto end;
710 }
711
712
713 if ((cb != NULL) && (s->state != state))
714 {
715 new_state=s->state;
716 s->state=state;
717 cb(s,SSL_CB_ACCEPT_LOOP,1);
718 s->state=new_state;
719 }
720 }
721 skip=0;
722 }
723end:
724 /* BIO_flush(s->wbio); */
725
726 s->in_handshake--;
727 if (cb != NULL)
728 cb(s,SSL_CB_ACCEPT_EXIT,ret);
729 return(ret);
730 }
731
732int ssl3_send_hello_request(SSL *s)
733 {
734 unsigned char *p;
735
736 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
737 {
738 p=(unsigned char *)s->init_buf->data;
739 *(p++)=SSL3_MT_HELLO_REQUEST;
740 *(p++)=0;
741 *(p++)=0;
742 *(p++)=0;
743
744 s->state=SSL3_ST_SW_HELLO_REQ_B;
745 /* number of bytes to write */
746 s->init_num=4;
747 s->init_off=0;
748 }
749
750 /* SSL3_ST_SW_HELLO_REQ_B */
751 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
752 }
753
754int ssl3_check_client_hello(SSL *s)
755 {
756 int ok;
757 long n;
758
759 /* We only allow the client to restart the handshake once per
760 * negotiation. */
761 if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
762 {
763 SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
764 return -1;
765 }
766
767 /* this function is called when we really expect a Certificate message,
768 * so permit appropriate message length */
769 n=s->method->ssl_get_message(s,
770 SSL3_ST_SR_CERT_A,
771 SSL3_ST_SR_CERT_B,
772 -1,
773 s->max_cert_list,
774 &ok);
775 if (!ok) return((int)n);
776 s->s3->tmp.reuse_message = 1;
777 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
778 {
779 /* Throw away what we have done so far in the current handshake,
780 * which will now be aborted. (A full SSL_clear would be too much.) */
781#ifndef OPENSSL_NO_DH
782 if (s->s3->tmp.dh != NULL)
783 {
784 DH_free(s->s3->tmp.dh);
785 s->s3->tmp.dh = NULL;
786 }
787#endif
788#ifndef OPENSSL_NO_ECDH
789 if (s->s3->tmp.ecdh != NULL)
790 {
791 EC_KEY_free(s->s3->tmp.ecdh);
792 s->s3->tmp.ecdh = NULL;
793 }
794#endif
795 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
796 return 2;
797 }
798 return 1;
799}
800
801int ssl3_get_client_hello(SSL *s)
802 {
803 int i,j,ok,al,ret= -1;
804 unsigned int cookie_len;
805 long n;
806 unsigned long id;
807 unsigned char *p,*d,*q;
808 SSL_CIPHER *c;
809#ifndef OPENSSL_NO_COMP
810 SSL_COMP *comp=NULL;
811#endif
812 STACK_OF(SSL_CIPHER) *ciphers=NULL;
813
814 /* We do this so that we will respond with our native type.
815 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
816 * This down switching should be handled by a different method.
817 * If we are SSLv3, we will respond with SSLv3, even if prompted with
818 * TLSv1.
819 */
820 if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
821 {
822 s->state=SSL3_ST_SR_CLNT_HELLO_B;
823 }
824 s->first_packet=1;
825 n=s->method->ssl_get_message(s,
826 SSL3_ST_SR_CLNT_HELLO_B,
827 SSL3_ST_SR_CLNT_HELLO_C,
828 SSL3_MT_CLIENT_HELLO,
829 SSL3_RT_MAX_PLAIN_LENGTH,
830 &ok);
831
832 if (!ok) return((int)n);
833 s->first_packet=0;
834 d=p=(unsigned char *)s->init_msg;
835
836 /* use version from inside client hello, not from record header
837 * (may differ: see RFC 2246, Appendix E, second paragraph) */
838 s->client_version=(((int)p[0])<<8)|(int)p[1];
839 p+=2;
840
841 if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
842 (s->version != DTLS1_VERSION && s->client_version < s->version))
843 {
844 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
845 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
846 {
847 /* similar to ssl3_get_record, send alert using remote version number */
848 s->version = s->client_version;
849 }
850 al = SSL_AD_PROTOCOL_VERSION;
851 goto f_err;
852 }
853
854 /* If we require cookies and this ClientHello doesn't
855 * contain one, just return since we do not want to
856 * allocate any memory yet. So check cookie length...
857 */
858 if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
859 {
860 unsigned int session_length, cookie_length;
861
862 session_length = *(p + SSL3_RANDOM_SIZE);
863 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
864
865 if (cookie_length == 0)
866 return 1;
867 }
868
869 /* load the client random */
870 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
871 p+=SSL3_RANDOM_SIZE;
872
873 /* get the session-id */
874 j= *(p++);
875
876 s->hit=0;
877 /* Versions before 0.9.7 always allow session reuse during renegotiation
878 * (i.e. when s->new_session is true), option
879 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
880 * Maybe this optional behaviour should always have been the default,
881 * but we cannot safely change the default behaviour (or new applications
882 * might be written that become totally unsecure when compiled with
883 * an earlier library version)
884 */
885 if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
886 {
887 if (!ssl_get_new_session(s,1))
888 goto err;
889 }
890 else
891 {
892 i=ssl_get_prev_session(s, p, j, d + n);
893 if (i == 1)
894 { /* previous session */
895 s->hit=1;
896 }
897 else if (i == -1)
898 goto err;
899 else /* i == 0 */
900 {
901 if (!ssl_get_new_session(s,1))
902 goto err;
903 }
904 }
905
906 p+=j;
907
908 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
909 {
910 /* cookie stuff */
911 cookie_len = *(p++);
912
913 /*
914 * The ClientHello may contain a cookie even if the
915 * HelloVerify message has not been sent--make sure that it
916 * does not cause an overflow.
917 */
918 if ( cookie_len > sizeof(s->d1->rcvd_cookie))
919 {
920 /* too much data */
921 al = SSL_AD_DECODE_ERROR;
922 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
923 goto f_err;
924 }
925
926 /* verify the cookie if appropriate option is set. */
927 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
928 cookie_len > 0)
929 {
930 memcpy(s->d1->rcvd_cookie, p, cookie_len);
931
932 if ( s->ctx->app_verify_cookie_cb != NULL)
933 {
934 if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
935 cookie_len) == 0)
936 {
937 al=SSL_AD_HANDSHAKE_FAILURE;
938 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
939 SSL_R_COOKIE_MISMATCH);
940 goto f_err;
941 }
942 /* else cookie verification succeeded */
943 }
944 else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
945 s->d1->cookie_len) != 0) /* default verification */
946 {
947 al=SSL_AD_HANDSHAKE_FAILURE;
948 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
949 SSL_R_COOKIE_MISMATCH);
950 goto f_err;
951 }
952
953 ret = 2;
954 }
955
956 p += cookie_len;
957 }
958
959 n2s(p,i);
960 if ((i == 0) && (j != 0))
961 {
962 /* we need a cipher if we are not resuming a session */
963 al=SSL_AD_ILLEGAL_PARAMETER;
964 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
965 goto f_err;
966 }
967 if ((p+i) >= (d+n))
968 {
969 /* not enough data */
970 al=SSL_AD_DECODE_ERROR;
971 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
972 goto f_err;
973 }
974 if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
975 == NULL))
976 {
977 goto err;
978 }
979 p+=i;
980
981 /* If it is a hit, check that the cipher is in the list */
982 if ((s->hit) && (i > 0))
983 {
984 j=0;
985 id=s->session->cipher->id;
986
987#ifdef CIPHER_DEBUG
988 printf("client sent %d ciphers\n",sk_num(ciphers));
989#endif
990 for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
991 {
992 c=sk_SSL_CIPHER_value(ciphers,i);
993#ifdef CIPHER_DEBUG
994 printf("client [%2d of %2d]:%s\n",
995 i,sk_num(ciphers),SSL_CIPHER_get_name(c));
996#endif
997 if (c->id == id)
998 {
999 j=1;
1000 break;
1001 }
1002 }
1003/* Disabled because it can be used in a ciphersuite downgrade
1004 * attack: CVE-2010-4180.
1005 */
1006#if 0
1007 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
1008 {
1009 /* Special case as client bug workaround: the previously used cipher may
1010 * not be in the current list, the client instead might be trying to
1011 * continue using a cipher that before wasn't chosen due to server
1012 * preferences. We'll have to reject the connection if the cipher is not
1013 * enabled, though. */
1014 c = sk_SSL_CIPHER_value(ciphers, 0);
1015 if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
1016 {
1017 s->session->cipher = c;
1018 j = 1;
1019 }
1020 }
1021#endif
1022 if (j == 0)
1023 {
1024 /* we need to have the cipher in the cipher
1025 * list if we are asked to reuse it */
1026 al=SSL_AD_ILLEGAL_PARAMETER;
1027 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
1028 goto f_err;
1029 }
1030 }
1031
1032 /* compression */
1033 i= *(p++);
1034 if ((p+i) > (d+n))
1035 {
1036 /* not enough data */
1037 al=SSL_AD_DECODE_ERROR;
1038 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1039 goto f_err;
1040 }
1041 q=p;
1042 for (j=0; j<i; j++)
1043 {
1044 if (p[j] == 0) break;
1045 }
1046
1047 p+=i;
1048 if (j >= i)
1049 {
1050 /* no compress */
1051 al=SSL_AD_DECODE_ERROR;
1052 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
1053 goto f_err;
1054 }
1055
1056#ifndef OPENSSL_NO_TLSEXT
1057 /* TLS extensions*/
1058 if (s->version >= SSL3_VERSION)
1059 {
1060 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
1061 {
1062 /* 'al' set by ssl_parse_clienthello_tlsext */
1063 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
1064 goto f_err;
1065 }
1066 }
1067 if (ssl_check_clienthello_tlsext(s) <= 0) {
1068 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
1069 goto err;
1070 }
1071
1072 /* Check if we want to use external pre-shared secret for this
1073 * handshake for not reused session only. We need to generate
1074 * server_random before calling tls_session_secret_cb in order to allow
1075 * SessionTicket processing to use it in key derivation. */
1076 {
1077 unsigned long Time;
1078 unsigned char *pos;
1079 Time=(unsigned long)time(NULL); /* Time */
1080 pos=s->s3->server_random;
1081 l2n(Time,pos);
1082 if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
1083 {
1084 al=SSL_AD_INTERNAL_ERROR;
1085 goto f_err;
1086 }
1087 }
1088
1089 if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
1090 {
1091 SSL_CIPHER *pref_cipher=NULL;
1092
1093 s->session->master_key_length=sizeof(s->session->master_key);
1094 if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
1095 ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
1096 {
1097 s->hit=1;
1098 s->session->ciphers=ciphers;
1099 s->session->verify_result=X509_V_OK;
1100
1101 ciphers=NULL;
1102
1103 /* check if some cipher was preferred by call back */
1104 pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
1105 if (pref_cipher == NULL)
1106 {
1107 al=SSL_AD_HANDSHAKE_FAILURE;
1108 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1109 goto f_err;
1110 }
1111
1112 s->session->cipher=pref_cipher;
1113
1114 if (s->cipher_list)
1115 sk_SSL_CIPHER_free(s->cipher_list);
1116
1117 if (s->cipher_list_by_id)
1118 sk_SSL_CIPHER_free(s->cipher_list_by_id);
1119
1120 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1121 s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1122 }
1123 }
1124#endif
1125
1126 /* Worst case, we will use the NULL compression, but if we have other
1127 * options, we will now look for them. We have i-1 compression
1128 * algorithms from the client, starting at q. */
1129 s->s3->tmp.new_compression=NULL;
1130#ifndef OPENSSL_NO_COMP
1131 /* This only happens if we have a cache hit */
1132 if (s->session->compress_meth != 0)
1133 {
1134 int m, comp_id = s->session->compress_meth;
1135 /* Perform sanity checks on resumed compression algorithm */
1136 /* Can't disable compression */
1137 if (s->options & SSL_OP_NO_COMPRESSION)
1138 {
1139 al=SSL_AD_INTERNAL_ERROR;
1140 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1141 goto f_err;
1142 }
1143 /* Look for resumed compression method */
1144 for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
1145 {
1146 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1147 if (comp_id == comp->id)
1148 {
1149 s->s3->tmp.new_compression=comp;
1150 break;
1151 }
1152 }
1153 if (s->s3->tmp.new_compression == NULL)
1154 {
1155 al=SSL_AD_INTERNAL_ERROR;
1156 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
1157 goto f_err;
1158 }
1159 /* Look for resumed method in compression list */
1160 for (m = 0; m < i; m++)
1161 {
1162 if (q[m] == comp_id)
1163 break;
1164 }
1165 if (m >= i)
1166 {
1167 al=SSL_AD_ILLEGAL_PARAMETER;
1168 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1169 goto f_err;
1170 }
1171 }
1172 else if (s->hit)
1173 comp = NULL;
1174 else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
1175 { /* See if we have a match */
1176 int m,nn,o,v,done=0;
1177
1178 nn=sk_SSL_COMP_num(s->ctx->comp_methods);
1179 for (m=0; m<nn; m++)
1180 {
1181 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1182 v=comp->id;
1183 for (o=0; o<i; o++)
1184 {
1185 if (v == q[o])
1186 {
1187 done=1;
1188 break;
1189 }
1190 }
1191 if (done) break;
1192 }
1193 if (done)
1194 s->s3->tmp.new_compression=comp;
1195 else
1196 comp=NULL;
1197 }
1198#else
1199 /* If compression is disabled we'd better not try to resume a session
1200 * using compression.
1201 */
1202 if (s->session->compress_meth != 0)
1203 {
1204 al=SSL_AD_INTERNAL_ERROR;
1205 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1206 goto f_err;
1207 }
1208#endif
1209
1210 /* Given s->session->ciphers and SSL_get_ciphers, we must
1211 * pick a cipher */
1212
1213 if (!s->hit)
1214 {
1215#ifdef OPENSSL_NO_COMP
1216 s->session->compress_meth=0;
1217#else
1218 s->session->compress_meth=(comp == NULL)?0:comp->id;
1219#endif
1220 if (s->session->ciphers != NULL)
1221 sk_SSL_CIPHER_free(s->session->ciphers);
1222 s->session->ciphers=ciphers;
1223 if (ciphers == NULL)
1224 {
1225 al=SSL_AD_ILLEGAL_PARAMETER;
1226 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
1227 goto f_err;
1228 }
1229 ciphers=NULL;
1230 c=ssl3_choose_cipher(s,s->session->ciphers,
1231 SSL_get_ciphers(s));
1232
1233 if (c == NULL)
1234 {
1235 al=SSL_AD_HANDSHAKE_FAILURE;
1236 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1237 goto f_err;
1238 }
1239 s->s3->tmp.new_cipher=c;
1240 }
1241 else
1242 {
1243 /* Session-id reuse */
1244#ifdef REUSE_CIPHER_BUG
1245 STACK_OF(SSL_CIPHER) *sk;
1246 SSL_CIPHER *nc=NULL;
1247 SSL_CIPHER *ec=NULL;
1248
1249 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
1250 {
1251 sk=s->session->ciphers;
1252 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1253 {
1254 c=sk_SSL_CIPHER_value(sk,i);
1255 if (c->algorithm_enc & SSL_eNULL)
1256 nc=c;
1257 if (SSL_C_IS_EXPORT(c))
1258 ec=c;
1259 }
1260 if (nc != NULL)
1261 s->s3->tmp.new_cipher=nc;
1262 else if (ec != NULL)
1263 s->s3->tmp.new_cipher=ec;
1264 else
1265 s->s3->tmp.new_cipher=s->session->cipher;
1266 }
1267 else
1268#endif
1269 s->s3->tmp.new_cipher=s->session->cipher;
1270 }
1271
1272 if (!ssl3_digest_cached_records(s))
1273 goto f_err;
1274
1275 /* we now have the following setup.
1276 * client_random
1277 * cipher_list - our prefered list of ciphers
1278 * ciphers - the clients prefered list of ciphers
1279 * compression - basically ignored right now
1280 * ssl version is set - sslv3
1281 * s->session - The ssl session has been setup.
1282 * s->hit - session reuse flag
1283 * s->tmp.new_cipher - the new cipher to use.
1284 */
1285
1286 if (ret < 0) ret=1;
1287 if (0)
1288 {
1289f_err:
1290 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1291 }
1292err:
1293 if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
1294 return(ret);
1295 }
1296
1297int ssl3_send_server_hello(SSL *s)
1298 {
1299 unsigned char *buf;
1300 unsigned char *p,*d;
1301 int i,sl;
1302 unsigned long l;
1303#ifdef OPENSSL_NO_TLSEXT
1304 unsigned long Time;
1305#endif
1306
1307 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
1308 {
1309 buf=(unsigned char *)s->init_buf->data;
1310#ifdef OPENSSL_NO_TLSEXT
1311 p=s->s3->server_random;
1312 /* Generate server_random if it was not needed previously */
1313 Time=(unsigned long)time(NULL); /* Time */
1314 l2n(Time,p);
1315 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
1316 return -1;
1317#endif
1318 /* Do the message type and length last */
1319 d=p= &(buf[4]);
1320
1321 *(p++)=s->version>>8;
1322 *(p++)=s->version&0xff;
1323
1324 /* Random stuff */
1325 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
1326 p+=SSL3_RANDOM_SIZE;
1327
1328 /* now in theory we have 3 options to sending back the
1329 * session id. If it is a re-use, we send back the
1330 * old session-id, if it is a new session, we send
1331 * back the new session-id or we send back a 0 length
1332 * session-id if we want it to be single use.
1333 * Currently I will not implement the '0' length session-id
1334 * 12-Jan-98 - I'll now support the '0' length stuff.
1335 *
1336 * We also have an additional case where stateless session
1337 * resumption is successful: we always send back the old
1338 * session id. In this case s->hit is non zero: this can
1339 * only happen if stateless session resumption is succesful
1340 * if session caching is disabled so existing functionality
1341 * is unaffected.
1342 */
1343 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1344 && !s->hit)
1345 s->session->session_id_length=0;
1346
1347 sl=s->session->session_id_length;
1348 if (sl > (int)sizeof(s->session->session_id))
1349 {
1350 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
1351 return -1;
1352 }
1353 *(p++)=sl;
1354 memcpy(p,s->session->session_id,sl);
1355 p+=sl;
1356
1357 /* put the cipher */
1358 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
1359 p+=i;
1360
1361 /* put the compression method */
1362#ifdef OPENSSL_NO_COMP
1363 *(p++)=0;
1364#else
1365 if (s->s3->tmp.new_compression == NULL)
1366 *(p++)=0;
1367 else
1368 *(p++)=s->s3->tmp.new_compression->id;
1369#endif
1370#ifndef OPENSSL_NO_TLSEXT
1371 if (ssl_prepare_serverhello_tlsext(s) <= 0)
1372 {
1373 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1374 return -1;
1375 }
1376 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
1377 {
1378 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
1379 return -1;
1380 }
1381#endif
1382 /* do the header */
1383 l=(p-d);
1384 d=buf;
1385 *(d++)=SSL3_MT_SERVER_HELLO;
1386 l2n3(l,d);
1387
1388 s->state=SSL3_ST_SW_SRVR_HELLO_B;
1389 /* number of bytes to write */
1390 s->init_num=p-buf;
1391 s->init_off=0;
1392 }
1393
1394 /* SSL3_ST_SW_SRVR_HELLO_B */
1395 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1396 }
1397
1398int ssl3_send_server_done(SSL *s)
1399 {
1400 unsigned char *p;
1401
1402 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
1403 {
1404 p=(unsigned char *)s->init_buf->data;
1405
1406 /* do the header */
1407 *(p++)=SSL3_MT_SERVER_DONE;
1408 *(p++)=0;
1409 *(p++)=0;
1410 *(p++)=0;
1411
1412 s->state=SSL3_ST_SW_SRVR_DONE_B;
1413 /* number of bytes to write */
1414 s->init_num=4;
1415 s->init_off=0;
1416 }
1417
1418 /* SSL3_ST_SW_SRVR_DONE_B */
1419 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1420 }
1421
1422int ssl3_send_server_key_exchange(SSL *s)
1423 {
1424#ifndef OPENSSL_NO_RSA
1425 unsigned char *q;
1426 int j,num;
1427 RSA *rsa;
1428 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1429 unsigned int u;
1430#endif
1431#ifndef OPENSSL_NO_DH
1432 DH *dh=NULL,*dhp;
1433#endif
1434#ifndef OPENSSL_NO_ECDH
1435 EC_KEY *ecdh=NULL, *ecdhp;
1436 unsigned char *encodedPoint = NULL;
1437 int encodedlen = 0;
1438 int curve_id = 0;
1439 BN_CTX *bn_ctx = NULL;
1440#endif
1441 EVP_PKEY *pkey;
1442 unsigned char *p,*d;
1443 int al,i;
1444 unsigned long type;
1445 int n;
1446 CERT *cert;
1447 BIGNUM *r[4];
1448 int nr[4],kn;
1449 BUF_MEM *buf;
1450 EVP_MD_CTX md_ctx;
1451
1452 EVP_MD_CTX_init(&md_ctx);
1453 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
1454 {
1455 type=s->s3->tmp.new_cipher->algorithm_mkey;
1456 cert=s->cert;
1457
1458 buf=s->init_buf;
1459
1460 r[0]=r[1]=r[2]=r[3]=NULL;
1461 n=0;
1462#ifndef OPENSSL_NO_RSA
1463 if (type & SSL_kRSA)
1464 {
1465 rsa=cert->rsa_tmp;
1466 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
1467 {
1468 rsa=s->cert->rsa_tmp_cb(s,
1469 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1470 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1471 if(rsa == NULL)
1472 {
1473 al=SSL_AD_HANDSHAKE_FAILURE;
1474 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1475 goto f_err;
1476 }
1477 RSA_up_ref(rsa);
1478 cert->rsa_tmp=rsa;
1479 }
1480 if (rsa == NULL)
1481 {
1482 al=SSL_AD_HANDSHAKE_FAILURE;
1483 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1484 goto f_err;
1485 }
1486 r[0]=rsa->n;
1487 r[1]=rsa->e;
1488 s->s3->tmp.use_rsa_tmp=1;
1489 }
1490 else
1491#endif
1492#ifndef OPENSSL_NO_DH
1493 if (type & SSL_kEDH)
1494 {
1495 dhp=cert->dh_tmp;
1496 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1497 dhp=s->cert->dh_tmp_cb(s,
1498 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1499 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1500 if (dhp == NULL)
1501 {
1502 al=SSL_AD_HANDSHAKE_FAILURE;
1503 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1504 goto f_err;
1505 }
1506
1507 if (s->s3->tmp.dh != NULL)
1508 {
1509 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1510 goto err;
1511 }
1512
1513 if ((dh=DHparams_dup(dhp)) == NULL)
1514 {
1515 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1516 goto err;
1517 }
1518
1519 s->s3->tmp.dh=dh;
1520 if ((dhp->pub_key == NULL ||
1521 dhp->priv_key == NULL ||
1522 (s->options & SSL_OP_SINGLE_DH_USE)))
1523 {
1524 if(!DH_generate_key(dh))
1525 {
1526 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1527 ERR_R_DH_LIB);
1528 goto err;
1529 }
1530 }
1531 else
1532 {
1533 dh->pub_key=BN_dup(dhp->pub_key);
1534 dh->priv_key=BN_dup(dhp->priv_key);
1535 if ((dh->pub_key == NULL) ||
1536 (dh->priv_key == NULL))
1537 {
1538 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1539 goto err;
1540 }
1541 }
1542 r[0]=dh->p;
1543 r[1]=dh->g;
1544 r[2]=dh->pub_key;
1545 }
1546 else
1547#endif
1548#ifndef OPENSSL_NO_ECDH
1549 if (type & SSL_kEECDH)
1550 {
1551 const EC_GROUP *group;
1552
1553 ecdhp=cert->ecdh_tmp;
1554 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
1555 {
1556 ecdhp=s->cert->ecdh_tmp_cb(s,
1557 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1558 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1559 }
1560 if (ecdhp == NULL)
1561 {
1562 al=SSL_AD_HANDSHAKE_FAILURE;
1563 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1564 goto f_err;
1565 }
1566
1567 if (s->s3->tmp.ecdh != NULL)
1568 {
1569 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1570 goto err;
1571 }
1572
1573 /* Duplicate the ECDH structure. */
1574 if (ecdhp == NULL)
1575 {
1576 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1577 goto err;
1578 }
1579 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1580 {
1581 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1582 goto err;
1583 }
1584
1585 s->s3->tmp.ecdh=ecdh;
1586 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1587 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1588 (s->options & SSL_OP_SINGLE_ECDH_USE))
1589 {
1590 if(!EC_KEY_generate_key(ecdh))
1591 {
1592 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1593 goto err;
1594 }
1595 }
1596
1597 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1598 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1599 (EC_KEY_get0_private_key(ecdh) == NULL))
1600 {
1601 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1602 goto err;
1603 }
1604
1605 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1606 (EC_GROUP_get_degree(group) > 163))
1607 {
1608 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1609 goto err;
1610 }
1611
1612 /* XXX: For now, we only support ephemeral ECDH
1613 * keys over named (not generic) curves. For
1614 * supported named curves, curve_id is non-zero.
1615 */
1616 if ((curve_id =
1617 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1618 == 0)
1619 {
1620 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1621 goto err;
1622 }
1623
1624 /* Encode the public key.
1625 * First check the size of encoding and
1626 * allocate memory accordingly.
1627 */
1628 encodedlen = EC_POINT_point2oct(group,
1629 EC_KEY_get0_public_key(ecdh),
1630 POINT_CONVERSION_UNCOMPRESSED,
1631 NULL, 0, NULL);
1632
1633 encodedPoint = (unsigned char *)
1634 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1635 bn_ctx = BN_CTX_new();
1636 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1637 {
1638 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1639 goto err;
1640 }
1641
1642
1643 encodedlen = EC_POINT_point2oct(group,
1644 EC_KEY_get0_public_key(ecdh),
1645 POINT_CONVERSION_UNCOMPRESSED,
1646 encodedPoint, encodedlen, bn_ctx);
1647
1648 if (encodedlen == 0)
1649 {
1650 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1651 goto err;
1652 }
1653
1654 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1655
1656 /* XXX: For now, we only support named (not
1657 * generic) curves in ECDH ephemeral key exchanges.
1658 * In this situation, we need four additional bytes
1659 * to encode the entire ServerECDHParams
1660 * structure.
1661 */
1662 n = 4 + encodedlen;
1663
1664 /* We'll generate the serverKeyExchange message
1665 * explicitly so we can set these to NULLs
1666 */
1667 r[0]=NULL;
1668 r[1]=NULL;
1669 r[2]=NULL;
1670 r[3]=NULL;
1671 }
1672 else
1673#endif /* !OPENSSL_NO_ECDH */
1674#ifndef OPENSSL_NO_PSK
1675 if (type & SSL_kPSK)
1676 {
1677 /* reserve size for record length and PSK identity hint*/
1678 n+=2+strlen(s->ctx->psk_identity_hint);
1679 }
1680 else
1681#endif /* !OPENSSL_NO_PSK */
1682 {
1683 al=SSL_AD_HANDSHAKE_FAILURE;
1684 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1685 goto f_err;
1686 }
1687 for (i=0; r[i] != NULL; i++)
1688 {
1689 nr[i]=BN_num_bytes(r[i]);
1690 n+=2+nr[i];
1691 }
1692
1693 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1694 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1695 {
1696 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
1697 == NULL)
1698 {
1699 al=SSL_AD_DECODE_ERROR;
1700 goto f_err;
1701 }
1702 kn=EVP_PKEY_size(pkey);
1703 }
1704 else
1705 {
1706 pkey=NULL;
1707 kn=0;
1708 }
1709
1710 if (!BUF_MEM_grow_clean(buf,n+4+kn))
1711 {
1712 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1713 goto err;
1714 }
1715 d=(unsigned char *)s->init_buf->data;
1716 p= &(d[4]);
1717
1718 for (i=0; r[i] != NULL; i++)
1719 {
1720 s2n(nr[i],p);
1721 BN_bn2bin(r[i],p);
1722 p+=nr[i];
1723 }
1724
1725#ifndef OPENSSL_NO_ECDH
1726 if (type & SSL_kEECDH)
1727 {
1728 /* XXX: For now, we only support named (not generic) curves.
1729 * In this situation, the serverKeyExchange message has:
1730 * [1 byte CurveType], [2 byte CurveName]
1731 * [1 byte length of encoded point], followed by
1732 * the actual encoded point itself
1733 */
1734 *p = NAMED_CURVE_TYPE;
1735 p += 1;
1736 *p = 0;
1737 p += 1;
1738 *p = curve_id;
1739 p += 1;
1740 *p = encodedlen;
1741 p += 1;
1742 memcpy((unsigned char*)p,
1743 (unsigned char *)encodedPoint,
1744 encodedlen);
1745 OPENSSL_free(encodedPoint);
1746 encodedPoint = NULL;
1747 p += encodedlen;
1748 }
1749#endif
1750
1751#ifndef OPENSSL_NO_PSK
1752 if (type & SSL_kPSK)
1753 {
1754 /* copy PSK identity hint */
1755 s2n(strlen(s->ctx->psk_identity_hint), p);
1756 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1757 p+=strlen(s->ctx->psk_identity_hint);
1758 }
1759#endif
1760
1761 /* not anonymous */
1762 if (pkey != NULL)
1763 {
1764 /* n is the length of the params, they start at &(d[4])
1765 * and p points to the space at the end. */
1766#ifndef OPENSSL_NO_RSA
1767 if (pkey->type == EVP_PKEY_RSA)
1768 {
1769 q=md_buf;
1770 j=0;
1771 for (num=2; num > 0; num--)
1772 {
1773 EVP_DigestInit_ex(&md_ctx,(num == 2)
1774 ?s->ctx->md5:s->ctx->sha1, NULL);
1775 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1776 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1777 EVP_DigestUpdate(&md_ctx,&(d[4]),n);
1778 EVP_DigestFinal_ex(&md_ctx,q,
1779 (unsigned int *)&i);
1780 q+=i;
1781 j+=i;
1782 }
1783 if (RSA_sign(NID_md5_sha1, md_buf, j,
1784 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1785 {
1786 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1787 goto err;
1788 }
1789 s2n(u,p);
1790 n+=u+2;
1791 }
1792 else
1793#endif
1794#if !defined(OPENSSL_NO_DSA)
1795 if (pkey->type == EVP_PKEY_DSA)
1796 {
1797 /* lets do DSS */
1798 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
1799 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1800 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1801 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1802 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1803 (unsigned int *)&i,pkey))
1804 {
1805 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1806 goto err;
1807 }
1808 s2n(i,p);
1809 n+=i+2;
1810 }
1811 else
1812#endif
1813#if !defined(OPENSSL_NO_ECDSA)
1814 if (pkey->type == EVP_PKEY_EC)
1815 {
1816 /* let's do ECDSA */
1817 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1818 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1819 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1820 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1821 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1822 (unsigned int *)&i,pkey))
1823 {
1824 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1825 goto err;
1826 }
1827 s2n(i,p);
1828 n+=i+2;
1829 }
1830 else
1831#endif
1832 {
1833 /* Is this error check actually needed? */
1834 al=SSL_AD_HANDSHAKE_FAILURE;
1835 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1836 goto f_err;
1837 }
1838 }
1839
1840 *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
1841 l2n3(n,d);
1842
1843 /* we should now have things packed up, so lets send
1844 * it off */
1845 s->init_num=n+4;
1846 s->init_off=0;
1847 }
1848
1849 s->state = SSL3_ST_SW_KEY_EXCH_B;
1850 EVP_MD_CTX_cleanup(&md_ctx);
1851 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1852f_err:
1853 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1854err:
1855#ifndef OPENSSL_NO_ECDH
1856 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1857 BN_CTX_free(bn_ctx);
1858#endif
1859 EVP_MD_CTX_cleanup(&md_ctx);
1860 return(-1);
1861 }
1862
1863int ssl3_send_certificate_request(SSL *s)
1864 {
1865 unsigned char *p,*d;
1866 int i,j,nl,off,n;
1867 STACK_OF(X509_NAME) *sk=NULL;
1868 X509_NAME *name;
1869 BUF_MEM *buf;
1870
1871 if (s->state == SSL3_ST_SW_CERT_REQ_A)
1872 {
1873 buf=s->init_buf;
1874
1875 d=p=(unsigned char *)&(buf->data[4]);
1876
1877 /* get the list of acceptable cert types */
1878 p++;
1879 n=ssl3_get_req_cert_type(s,p);
1880 d[0]=n;
1881 p+=n;
1882 n++;
1883
1884 off=n;
1885 p+=2;
1886 n+=2;
1887
1888 sk=SSL_get_client_CA_list(s);
1889 nl=0;
1890 if (sk != NULL)
1891 {
1892 for (i=0; i<sk_X509_NAME_num(sk); i++)
1893 {
1894 name=sk_X509_NAME_value(sk,i);
1895 j=i2d_X509_NAME(name,NULL);
1896 if (!BUF_MEM_grow_clean(buf,4+n+j+2))
1897 {
1898 SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1899 goto err;
1900 }
1901 p=(unsigned char *)&(buf->data[4+n]);
1902 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1903 {
1904 s2n(j,p);
1905 i2d_X509_NAME(name,&p);
1906 n+=2+j;
1907 nl+=2+j;
1908 }
1909 else
1910 {
1911 d=p;
1912 i2d_X509_NAME(name,&p);
1913 j-=2; s2n(j,d); j+=2;
1914 n+=j;
1915 nl+=j;
1916 }
1917 }
1918 }
1919 /* else no CA names */
1920 p=(unsigned char *)&(buf->data[4+off]);
1921 s2n(nl,p);
1922
1923 d=(unsigned char *)buf->data;
1924 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
1925 l2n3(n,d);
1926
1927 /* we should now have things packed up, so lets send
1928 * it off */
1929
1930 s->init_num=n+4;
1931 s->init_off=0;
1932#ifdef NETSCAPE_HANG_BUG
1933 p=(unsigned char *)s->init_buf->data + s->init_num;
1934
1935 /* do the header */
1936 *(p++)=SSL3_MT_SERVER_DONE;
1937 *(p++)=0;
1938 *(p++)=0;
1939 *(p++)=0;
1940 s->init_num += 4;
1941#endif
1942
1943 s->state = SSL3_ST_SW_CERT_REQ_B;
1944 }
1945
1946 /* SSL3_ST_SW_CERT_REQ_B */
1947 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1948err:
1949 return(-1);
1950 }
1951
1952int ssl3_get_client_key_exchange(SSL *s)
1953 {
1954 int i,al,ok;
1955 long n;
1956 unsigned long alg_k;
1957 unsigned char *p;
1958#ifndef OPENSSL_NO_RSA
1959 RSA *rsa=NULL;
1960 EVP_PKEY *pkey=NULL;
1961#endif
1962#ifndef OPENSSL_NO_DH
1963 BIGNUM *pub=NULL;
1964 DH *dh_srvr;
1965#endif
1966#ifndef OPENSSL_NO_KRB5
1967 KSSL_ERR kssl_err;
1968#endif /* OPENSSL_NO_KRB5 */
1969
1970#ifndef OPENSSL_NO_ECDH
1971 EC_KEY *srvr_ecdh = NULL;
1972 EVP_PKEY *clnt_pub_pkey = NULL;
1973 EC_POINT *clnt_ecpoint = NULL;
1974 BN_CTX *bn_ctx = NULL;
1975#endif
1976
1977 n=s->method->ssl_get_message(s,
1978 SSL3_ST_SR_KEY_EXCH_A,
1979 SSL3_ST_SR_KEY_EXCH_B,
1980 SSL3_MT_CLIENT_KEY_EXCHANGE,
1981 2048, /* ??? */
1982 &ok);
1983
1984 if (!ok) return((int)n);
1985 p=(unsigned char *)s->init_msg;
1986
1987 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1988
1989#ifndef OPENSSL_NO_RSA
1990 if (alg_k & SSL_kRSA)
1991 {
1992 /* FIX THIS UP EAY EAY EAY EAY */
1993 if (s->s3->tmp.use_rsa_tmp)
1994 {
1995 if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
1996 rsa=s->cert->rsa_tmp;
1997 /* Don't do a callback because rsa_tmp should
1998 * be sent already */
1999 if (rsa == NULL)
2000 {
2001 al=SSL_AD_HANDSHAKE_FAILURE;
2002 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
2003 goto f_err;
2004
2005 }
2006 }
2007 else
2008 {
2009 pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
2010 if ( (pkey == NULL) ||
2011 (pkey->type != EVP_PKEY_RSA) ||
2012 (pkey->pkey.rsa == NULL))
2013 {
2014 al=SSL_AD_HANDSHAKE_FAILURE;
2015 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
2016 goto f_err;
2017 }
2018 rsa=pkey->pkey.rsa;
2019 }
2020
2021 /* TLS and [incidentally] DTLS{0xFEFF} */
2022 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
2023 {
2024 n2s(p,i);
2025 if (n != i+2)
2026 {
2027 if (!(s->options & SSL_OP_TLS_D5_BUG))
2028 {
2029 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
2030 goto err;
2031 }
2032 else
2033 p-=2;
2034 }
2035 else
2036 n=i;
2037 }
2038
2039 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
2040
2041 al = -1;
2042
2043 if (i != SSL_MAX_MASTER_KEY_LENGTH)
2044 {
2045 al=SSL_AD_DECODE_ERROR;
2046 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
2047 }
2048
2049 if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
2050 {
2051 /* The premaster secret must contain the same version number as the
2052 * ClientHello to detect version rollback attacks (strangely, the
2053 * protocol does not offer such protection for DH ciphersuites).
2054 * However, buggy clients exist that send the negotiated protocol
2055 * version instead if the server does not support the requested
2056 * protocol version.
2057 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
2058 if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
2059 (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
2060 {
2061 al=SSL_AD_DECODE_ERROR;
2062 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
2063
2064 /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
2065 * (http://eprint.iacr.org/2003/052/) exploits the version
2066 * number check as a "bad version oracle" -- an alert would
2067 * reveal that the plaintext corresponding to some ciphertext
2068 * made up by the adversary is properly formatted except
2069 * that the version number is wrong. To avoid such attacks,
2070 * we should treat this just like any other decryption error. */
2071 }
2072 }
2073
2074 if (al != -1)
2075 {
2076 /* Some decryption failure -- use random value instead as countermeasure
2077 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
2078 * (see RFC 2246, section 7.4.7.1). */
2079 ERR_clear_error();
2080 i = SSL_MAX_MASTER_KEY_LENGTH;
2081 p[0] = s->client_version >> 8;
2082 p[1] = s->client_version & 0xff;
2083 if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
2084 goto err;
2085 }
2086
2087 s->session->master_key_length=
2088 s->method->ssl3_enc->generate_master_secret(s,
2089 s->session->master_key,
2090 p,i);
2091 OPENSSL_cleanse(p,i);
2092 }
2093 else
2094#endif
2095#ifndef OPENSSL_NO_DH
2096 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2097 {
2098 n2s(p,i);
2099 if (n != i+2)
2100 {
2101 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
2102 {
2103 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
2104 goto err;
2105 }
2106 else
2107 {
2108 p-=2;
2109 i=(int)n;
2110 }
2111 }
2112
2113 if (n == 0L) /* the parameters are in the cert */
2114 {
2115 al=SSL_AD_HANDSHAKE_FAILURE;
2116 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
2117 goto f_err;
2118 }
2119 else
2120 {
2121 if (s->s3->tmp.dh == NULL)
2122 {
2123 al=SSL_AD_HANDSHAKE_FAILURE;
2124 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
2125 goto f_err;
2126 }
2127 else
2128 dh_srvr=s->s3->tmp.dh;
2129 }
2130
2131 pub=BN_bin2bn(p,i,NULL);
2132 if (pub == NULL)
2133 {
2134 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
2135 goto err;
2136 }
2137
2138 i=DH_compute_key(p,pub,dh_srvr);
2139
2140 if (i <= 0)
2141 {
2142 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2143 BN_clear_free(pub);
2144 goto err;
2145 }
2146
2147 DH_free(s->s3->tmp.dh);
2148 s->s3->tmp.dh=NULL;
2149
2150 BN_clear_free(pub);
2151 pub=NULL;
2152 s->session->master_key_length=
2153 s->method->ssl3_enc->generate_master_secret(s,
2154 s->session->master_key,p,i);
2155 OPENSSL_cleanse(p,i);
2156 }
2157 else
2158#endif
2159#ifndef OPENSSL_NO_KRB5
2160 if (alg_k & SSL_kKRB5)
2161 {
2162 krb5_error_code krb5rc;
2163 krb5_data enc_ticket;
2164 krb5_data authenticator;
2165 krb5_data enc_pms;
2166 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2167 EVP_CIPHER_CTX ciph_ctx;
2168 const EVP_CIPHER *enc = NULL;
2169 unsigned char iv[EVP_MAX_IV_LENGTH];
2170 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
2171 + EVP_MAX_BLOCK_LENGTH];
2172 int padl, outl;
2173 krb5_timestamp authtime = 0;
2174 krb5_ticket_times ttimes;
2175
2176 EVP_CIPHER_CTX_init(&ciph_ctx);
2177
2178 if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
2179
2180 n2s(p,i);
2181 enc_ticket.length = i;
2182
2183 if (n < (long)(enc_ticket.length + 6))
2184 {
2185 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2186 SSL_R_DATA_LENGTH_TOO_LONG);
2187 goto err;
2188 }
2189
2190 enc_ticket.data = (char *)p;
2191 p+=enc_ticket.length;
2192
2193 n2s(p,i);
2194 authenticator.length = i;
2195
2196 if (n < (long)(enc_ticket.length + authenticator.length + 6))
2197 {
2198 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2199 SSL_R_DATA_LENGTH_TOO_LONG);
2200 goto err;
2201 }
2202
2203 authenticator.data = (char *)p;
2204 p+=authenticator.length;
2205
2206 n2s(p,i);
2207 enc_pms.length = i;
2208 enc_pms.data = (char *)p;
2209 p+=enc_pms.length;
2210
2211 /* Note that the length is checked again below,
2212 ** after decryption
2213 */
2214 if(enc_pms.length > sizeof pms)
2215 {
2216 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2217 SSL_R_DATA_LENGTH_TOO_LONG);
2218 goto err;
2219 }
2220
2221 if (n != (long)(enc_ticket.length + authenticator.length +
2222 enc_pms.length + 6))
2223 {
2224 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2225 SSL_R_DATA_LENGTH_TOO_LONG);
2226 goto err;
2227 }
2228
2229 if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2230 &kssl_err)) != 0)
2231 {
2232#ifdef KSSL_DEBUG
2233 printf("kssl_sget_tkt rtn %d [%d]\n",
2234 krb5rc, kssl_err.reason);
2235 if (kssl_err.text)
2236 printf("kssl_err text= %s\n", kssl_err.text);
2237#endif /* KSSL_DEBUG */
2238 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2239 kssl_err.reason);
2240 goto err;
2241 }
2242
2243 /* Note: no authenticator is not considered an error,
2244 ** but will return authtime == 0.
2245 */
2246 if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
2247 &authtime, &kssl_err)) != 0)
2248 {
2249#ifdef KSSL_DEBUG
2250 printf("kssl_check_authent rtn %d [%d]\n",
2251 krb5rc, kssl_err.reason);
2252 if (kssl_err.text)
2253 printf("kssl_err text= %s\n", kssl_err.text);
2254#endif /* KSSL_DEBUG */
2255 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2256 kssl_err.reason);
2257 goto err;
2258 }
2259
2260 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
2261 {
2262 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
2263 goto err;
2264 }
2265
2266#ifdef KSSL_DEBUG
2267 kssl_ctx_show(kssl_ctx);
2268#endif /* KSSL_DEBUG */
2269
2270 enc = kssl_map_enc(kssl_ctx->enctype);
2271 if (enc == NULL)
2272 goto err;
2273
2274 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2275
2276 if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
2277 {
2278 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2279 SSL_R_DECRYPTION_FAILED);
2280 goto err;
2281 }
2282 if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
2283 (unsigned char *)enc_pms.data, enc_pms.length))
2284 {
2285 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2286 SSL_R_DECRYPTION_FAILED);
2287 goto err;
2288 }
2289 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2290 {
2291 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2292 SSL_R_DATA_LENGTH_TOO_LONG);
2293 goto err;
2294 }
2295 if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
2296 {
2297 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2298 SSL_R_DECRYPTION_FAILED);
2299 goto err;
2300 }
2301 outl += padl;
2302 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2303 {
2304 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2305 SSL_R_DATA_LENGTH_TOO_LONG);
2306 goto err;
2307 }
2308 if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
2309 {
2310 /* The premaster secret must contain the same version number as the
2311 * ClientHello to detect version rollback attacks (strangely, the
2312 * protocol does not offer such protection for DH ciphersuites).
2313 * However, buggy clients exist that send random bytes instead of
2314 * the protocol version.
2315 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
2316 * (Perhaps we should have a separate BUG value for the Kerberos cipher)
2317 */
2318 if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
2319 {
2320 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2321 SSL_AD_DECODE_ERROR);
2322 goto err;
2323 }
2324 }
2325
2326 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2327
2328 s->session->master_key_length=
2329 s->method->ssl3_enc->generate_master_secret(s,
2330 s->session->master_key, pms, outl);
2331
2332 if (kssl_ctx->client_princ)
2333 {
2334 size_t len = strlen(kssl_ctx->client_princ);
2335 if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
2336 {
2337 s->session->krb5_client_princ_len = len;
2338 memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
2339 }
2340 }
2341
2342
2343 /* Was doing kssl_ctx_free() here,
2344 ** but it caused problems for apache.
2345 ** kssl_ctx = kssl_ctx_free(kssl_ctx);
2346 ** if (s->kssl_ctx) s->kssl_ctx = NULL;
2347 */
2348 }
2349 else
2350#endif /* OPENSSL_NO_KRB5 */
2351
2352#ifndef OPENSSL_NO_ECDH
2353 if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2354 {
2355 int ret = 1;
2356 int field_size = 0;
2357 const EC_KEY *tkey;
2358 const EC_GROUP *group;
2359 const BIGNUM *priv_key;
2360
2361 /* initialize structures for server's ECDH key pair */
2362 if ((srvr_ecdh = EC_KEY_new()) == NULL)
2363 {
2364 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2365 ERR_R_MALLOC_FAILURE);
2366 goto err;
2367 }
2368
2369 /* Let's get server private key and group information */
2370 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2371 {
2372 /* use the certificate */
2373 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
2374 }
2375 else
2376 {
2377 /* use the ephermeral values we saved when
2378 * generating the ServerKeyExchange msg.
2379 */
2380 tkey = s->s3->tmp.ecdh;
2381 }
2382
2383 group = EC_KEY_get0_group(tkey);
2384 priv_key = EC_KEY_get0_private_key(tkey);
2385
2386 if (!EC_KEY_set_group(srvr_ecdh, group) ||
2387 !EC_KEY_set_private_key(srvr_ecdh, priv_key))
2388 {
2389 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2390 ERR_R_EC_LIB);
2391 goto err;
2392 }
2393
2394 /* Let's get client's public key */
2395 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
2396 {
2397 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2398 ERR_R_MALLOC_FAILURE);
2399 goto err;
2400 }
2401
2402 if (n == 0L)
2403 {
2404 /* Client Publickey was in Client Certificate */
2405
2406 if (alg_k & SSL_kEECDH)
2407 {
2408 al=SSL_AD_HANDSHAKE_FAILURE;
2409 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
2410 goto f_err;
2411 }
2412 if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
2413 == NULL) ||
2414 (clnt_pub_pkey->type != EVP_PKEY_EC))
2415 {
2416 /* XXX: For now, we do not support client
2417 * authentication using ECDH certificates
2418 * so this branch (n == 0L) of the code is
2419 * never executed. When that support is
2420 * added, we ought to ensure the key
2421 * received in the certificate is
2422 * authorized for key agreement.
2423 * ECDH_compute_key implicitly checks that
2424 * the two ECDH shares are for the same
2425 * group.
2426 */
2427 al=SSL_AD_HANDSHAKE_FAILURE;
2428 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2429 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
2430 goto f_err;
2431 }
2432
2433 if (EC_POINT_copy(clnt_ecpoint,
2434 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
2435 {
2436 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2437 ERR_R_EC_LIB);
2438 goto err;
2439 }
2440 ret = 2; /* Skip certificate verify processing */
2441 }
2442 else
2443 {
2444 /* Get client's public key from encoded point
2445 * in the ClientKeyExchange message.
2446 */
2447 if ((bn_ctx = BN_CTX_new()) == NULL)
2448 {
2449 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2450 ERR_R_MALLOC_FAILURE);
2451 goto err;
2452 }
2453
2454 /* Get encoded point length */
2455 i = *p;
2456 p += 1;
2457 if (n != 1 + i)
2458 {
2459 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2460 ERR_R_EC_LIB);
2461 goto err;
2462 }
2463 if (EC_POINT_oct2point(group,
2464 clnt_ecpoint, p, i, bn_ctx) == 0)
2465 {
2466 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2467 ERR_R_EC_LIB);
2468 goto err;
2469 }
2470 /* p is pointing to somewhere in the buffer
2471 * currently, so set it to the start
2472 */
2473 p=(unsigned char *)s->init_buf->data;
2474 }
2475
2476 /* Compute the shared pre-master secret */
2477 field_size = EC_GROUP_get_degree(group);
2478 if (field_size <= 0)
2479 {
2480 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2481 ERR_R_ECDH_LIB);
2482 goto err;
2483 }
2484 i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
2485 if (i <= 0)
2486 {
2487 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2488 ERR_R_ECDH_LIB);
2489 goto err;
2490 }
2491
2492 EVP_PKEY_free(clnt_pub_pkey);
2493 EC_POINT_free(clnt_ecpoint);
2494 EC_KEY_free(srvr_ecdh);
2495 BN_CTX_free(bn_ctx);
2496 EC_KEY_free(s->s3->tmp.ecdh);
2497 s->s3->tmp.ecdh = NULL;
2498
2499 /* Compute the master secret */
2500 s->session->master_key_length = s->method->ssl3_enc-> \
2501 generate_master_secret(s, s->session->master_key, p, i);
2502
2503 OPENSSL_cleanse(p, i);
2504 return (ret);
2505 }
2506 else
2507#endif
2508#ifndef OPENSSL_NO_PSK
2509 if (alg_k & SSL_kPSK)
2510 {
2511 unsigned char *t = NULL;
2512 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2513 unsigned int pre_ms_len = 0, psk_len = 0;
2514 int psk_err = 1;
2515 char tmp_id[PSK_MAX_IDENTITY_LEN+1];
2516
2517 al=SSL_AD_HANDSHAKE_FAILURE;
2518
2519 n2s(p,i);
2520 if (n != i+2)
2521 {
2522 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2523 SSL_R_LENGTH_MISMATCH);
2524 goto psk_err;
2525 }
2526 if (i > PSK_MAX_IDENTITY_LEN)
2527 {
2528 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2529 SSL_R_DATA_LENGTH_TOO_LONG);
2530 goto psk_err;
2531 }
2532 if (s->psk_server_callback == NULL)
2533 {
2534 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2535 SSL_R_PSK_NO_SERVER_CB);
2536 goto psk_err;
2537 }
2538
2539 /* Create guaranteed NULL-terminated identity
2540 * string for the callback */
2541 memcpy(tmp_id, p, i);
2542 memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
2543 psk_len = s->psk_server_callback(s, tmp_id,
2544 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2545 OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
2546
2547 if (psk_len > PSK_MAX_PSK_LEN)
2548 {
2549 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2550 ERR_R_INTERNAL_ERROR);
2551 goto psk_err;
2552 }
2553 else if (psk_len == 0)
2554 {
2555 /* PSK related to the given identity not found */
2556 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2557 SSL_R_PSK_IDENTITY_NOT_FOUND);
2558 al=SSL_AD_UNKNOWN_PSK_IDENTITY;
2559 goto psk_err;
2560 }
2561
2562 /* create PSK pre_master_secret */
2563 pre_ms_len=2+psk_len+2+psk_len;
2564 t = psk_or_pre_ms;
2565 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2566 s2n(psk_len, t);
2567 memset(t, 0, psk_len);
2568 t+=psk_len;
2569 s2n(psk_len, t);
2570
2571 if (s->session->psk_identity != NULL)
2572 OPENSSL_free(s->session->psk_identity);
2573 s->session->psk_identity = BUF_strdup((char *)p);
2574 if (s->session->psk_identity == NULL)
2575 {
2576 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2577 ERR_R_MALLOC_FAILURE);
2578 goto psk_err;
2579 }
2580
2581 if (s->session->psk_identity_hint != NULL)
2582 OPENSSL_free(s->session->psk_identity_hint);
2583 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2584 if (s->ctx->psk_identity_hint != NULL &&
2585 s->session->psk_identity_hint == NULL)
2586 {
2587 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2588 ERR_R_MALLOC_FAILURE);
2589 goto psk_err;
2590 }
2591
2592 s->session->master_key_length=
2593 s->method->ssl3_enc->generate_master_secret(s,
2594 s->session->master_key, psk_or_pre_ms, pre_ms_len);
2595 psk_err = 0;
2596 psk_err:
2597 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2598 if (psk_err != 0)
2599 goto f_err;
2600 }
2601 else
2602#endif
2603 if (alg_k & SSL_kGOST)
2604 {
2605 int ret = 0;
2606 EVP_PKEY_CTX *pkey_ctx;
2607 EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
2608 unsigned char premaster_secret[32], *start;
2609 size_t outlen=32, inlen;
2610 unsigned long alg_a;
2611
2612 /* Get our certificate private key*/
2613 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2614 if (alg_a & SSL_aGOST94)
2615 pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
2616 else if (alg_a & SSL_aGOST01)
2617 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2618
2619 pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
2620 EVP_PKEY_decrypt_init(pkey_ctx);
2621 /* If client certificate is present and is of the same type, maybe
2622 * use it for key exchange. Don't mind errors from
2623 * EVP_PKEY_derive_set_peer, because it is completely valid to use
2624 * a client certificate for authorization only. */
2625 client_pub_pkey = X509_get_pubkey(s->session->peer);
2626 if (client_pub_pkey)
2627 {
2628 if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
2629 ERR_clear_error();
2630 }
2631 /* Decrypt session key */
2632 if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)))
2633 {
2634 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2635 goto gerr;
2636 }
2637 if (p[1] == 0x81)
2638 {
2639 start = p+3;
2640 inlen = p[2];
2641 }
2642 else if (p[1] < 0x80)
2643 {
2644 start = p+2;
2645 inlen = p[1];
2646 }
2647 else
2648 {
2649 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2650 goto gerr;
2651 }
2652 if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0)
2653
2654 {
2655 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2656 goto gerr;
2657 }
2658 /* Generate master secret */
2659 s->session->master_key_length=
2660 s->method->ssl3_enc->generate_master_secret(s,
2661 s->session->master_key,premaster_secret,32);
2662 /* Check if pubkey from client certificate was used */
2663 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2664 ret = 2;
2665 else
2666 ret = 1;
2667 gerr:
2668 EVP_PKEY_free(client_pub_pkey);
2669 EVP_PKEY_CTX_free(pkey_ctx);
2670 if (ret)
2671 return ret;
2672 else
2673 goto err;
2674 }
2675 else
2676 {
2677 al=SSL_AD_HANDSHAKE_FAILURE;
2678 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2679 SSL_R_UNKNOWN_CIPHER_TYPE);
2680 goto f_err;
2681 }
2682
2683 return(1);
2684f_err:
2685 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2686#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
2687err:
2688#endif
2689#ifndef OPENSSL_NO_ECDH
2690 EVP_PKEY_free(clnt_pub_pkey);
2691 EC_POINT_free(clnt_ecpoint);
2692 if (srvr_ecdh != NULL)
2693 EC_KEY_free(srvr_ecdh);
2694 BN_CTX_free(bn_ctx);
2695#endif
2696 return(-1);
2697 }
2698
2699int ssl3_get_cert_verify(SSL *s)
2700 {
2701 EVP_PKEY *pkey=NULL;
2702 unsigned char *p;
2703 int al,ok,ret=0;
2704 long n;
2705 int type=0,i,j;
2706 X509 *peer;
2707
2708 n=s->method->ssl_get_message(s,
2709 SSL3_ST_SR_CERT_VRFY_A,
2710 SSL3_ST_SR_CERT_VRFY_B,
2711 -1,
2712 514, /* 514? */
2713 &ok);
2714
2715 if (!ok) return((int)n);
2716
2717 if (s->session->peer != NULL)
2718 {
2719 peer=s->session->peer;
2720 pkey=X509_get_pubkey(peer);
2721 type=X509_certificate_type(peer,pkey);
2722 }
2723 else
2724 {
2725 peer=NULL;
2726 pkey=NULL;
2727 }
2728
2729 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
2730 {
2731 s->s3->tmp.reuse_message=1;
2732 if ((peer != NULL) && (type | EVP_PKT_SIGN))
2733 {
2734 al=SSL_AD_UNEXPECTED_MESSAGE;
2735 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
2736 goto f_err;
2737 }
2738 ret=1;
2739 goto end;
2740 }
2741
2742 if (peer == NULL)
2743 {
2744 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
2745 al=SSL_AD_UNEXPECTED_MESSAGE;
2746 goto f_err;
2747 }
2748
2749 if (!(type & EVP_PKT_SIGN))
2750 {
2751 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2752 al=SSL_AD_ILLEGAL_PARAMETER;
2753 goto f_err;
2754 }
2755
2756 if (s->s3->change_cipher_spec)
2757 {
2758 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
2759 al=SSL_AD_UNEXPECTED_MESSAGE;
2760 goto f_err;
2761 }
2762
2763 /* we now have a signature that we need to verify */
2764 p=(unsigned char *)s->init_msg;
2765 /* Check for broken implementations of GOST ciphersuites */
2766 /* If key is GOST and n is exactly 64, it is bare
2767 * signature without length field */
2768 if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
2769 pkey->type == NID_id_GostR3410_2001) )
2770 {
2771 i=64;
2772 }
2773 else
2774 {
2775 n2s(p,i);
2776 n-=2;
2777 if (i > n)
2778 {
2779 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
2780 al=SSL_AD_DECODE_ERROR;
2781 goto f_err;
2782 }
2783 }
2784 j=EVP_PKEY_size(pkey);
2785 if ((i > j) || (n > j) || (n <= 0))
2786 {
2787 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
2788 al=SSL_AD_DECODE_ERROR;
2789 goto f_err;
2790 }
2791
2792#ifndef OPENSSL_NO_RSA
2793 if (pkey->type == EVP_PKEY_RSA)
2794 {
2795 i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
2796 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
2797 pkey->pkey.rsa);
2798 if (i < 0)
2799 {
2800 al=SSL_AD_DECRYPT_ERROR;
2801 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
2802 goto f_err;
2803 }
2804 if (i == 0)
2805 {
2806 al=SSL_AD_DECRYPT_ERROR;
2807 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
2808 goto f_err;
2809 }
2810 }
2811 else
2812#endif
2813#ifndef OPENSSL_NO_DSA
2814 if (pkey->type == EVP_PKEY_DSA)
2815 {
2816 j=DSA_verify(pkey->save_type,
2817 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2818 SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
2819 if (j <= 0)
2820 {
2821 /* bad signature */
2822 al=SSL_AD_DECRYPT_ERROR;
2823 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
2824 goto f_err;
2825 }
2826 }
2827 else
2828#endif
2829#ifndef OPENSSL_NO_ECDSA
2830 if (pkey->type == EVP_PKEY_EC)
2831 {
2832 j=ECDSA_verify(pkey->save_type,
2833 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2834 SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
2835 if (j <= 0)
2836 {
2837 /* bad signature */
2838 al=SSL_AD_DECRYPT_ERROR;
2839 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2840 SSL_R_BAD_ECDSA_SIGNATURE);
2841 goto f_err;
2842 }
2843 }
2844 else
2845#endif
2846 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
2847 { unsigned char signature[64];
2848 int idx;
2849 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
2850 EVP_PKEY_verify_init(pctx);
2851 if (i!=64) {
2852 fprintf(stderr,"GOST signature length is %d",i);
2853 }
2854 for (idx=0;idx<64;idx++) {
2855 signature[63-idx]=p[idx];
2856 }
2857 j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
2858 EVP_PKEY_CTX_free(pctx);
2859 if (j<=0)
2860 {
2861 al=SSL_AD_DECRYPT_ERROR;
2862 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2863 SSL_R_BAD_ECDSA_SIGNATURE);
2864 goto f_err;
2865 }
2866 }
2867 else
2868 {
2869 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
2870 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
2871 goto f_err;
2872 }
2873
2874
2875 ret=1;
2876 if (0)
2877 {
2878f_err:
2879 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2880 }
2881end:
2882 EVP_PKEY_free(pkey);
2883 return(ret);
2884 }
2885
2886int ssl3_get_client_certificate(SSL *s)
2887 {
2888 int i,ok,al,ret= -1;
2889 X509 *x=NULL;
2890 unsigned long l,nc,llen,n;
2891 const unsigned char *p,*q;
2892 unsigned char *d;
2893 STACK_OF(X509) *sk=NULL;
2894
2895 n=s->method->ssl_get_message(s,
2896 SSL3_ST_SR_CERT_A,
2897 SSL3_ST_SR_CERT_B,
2898 -1,
2899 s->max_cert_list,
2900 &ok);
2901
2902 if (!ok) return((int)n);
2903
2904 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
2905 {
2906 if ( (s->verify_mode & SSL_VERIFY_PEER) &&
2907 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
2908 {
2909 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2910 al=SSL_AD_HANDSHAKE_FAILURE;
2911 goto f_err;
2912 }
2913 /* If tls asked for a client cert, the client must return a 0 list */
2914 if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
2915 {
2916 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
2917 al=SSL_AD_UNEXPECTED_MESSAGE;
2918 goto f_err;
2919 }
2920 s->s3->tmp.reuse_message=1;
2921 return(1);
2922 }
2923
2924 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
2925 {
2926 al=SSL_AD_UNEXPECTED_MESSAGE;
2927 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
2928 goto f_err;
2929 }
2930 p=d=(unsigned char *)s->init_msg;
2931
2932 if ((sk=sk_X509_new_null()) == NULL)
2933 {
2934 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
2935 goto err;
2936 }
2937
2938 n2l3(p,llen);
2939 if (llen+3 != n)
2940 {
2941 al=SSL_AD_DECODE_ERROR;
2942 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
2943 goto f_err;
2944 }
2945 for (nc=0; nc<llen; )
2946 {
2947 n2l3(p,l);
2948 if ((l+nc+3) > llen)
2949 {
2950 al=SSL_AD_DECODE_ERROR;
2951 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
2952 goto f_err;
2953 }
2954
2955 q=p;
2956 x=d2i_X509(NULL,&p,l);
2957 if (x == NULL)
2958 {
2959 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
2960 goto err;
2961 }
2962 if (p != (q+l))
2963 {
2964 al=SSL_AD_DECODE_ERROR;
2965 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
2966 goto f_err;
2967 }
2968 if (!sk_X509_push(sk,x))
2969 {
2970 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
2971 goto err;
2972 }
2973 x=NULL;
2974 nc+=l+3;
2975 }
2976
2977 if (sk_X509_num(sk) <= 0)
2978 {
2979 /* TLS does not mind 0 certs returned */
2980 if (s->version == SSL3_VERSION)
2981 {
2982 al=SSL_AD_HANDSHAKE_FAILURE;
2983 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
2984 goto f_err;
2985 }
2986 /* Fail for TLS only if we required a certificate */
2987 else if ((s->verify_mode & SSL_VERIFY_PEER) &&
2988 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
2989 {
2990 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2991 al=SSL_AD_HANDSHAKE_FAILURE;
2992 goto f_err;
2993 }
2994 }
2995 else
2996 {
2997 i=ssl_verify_cert_chain(s,sk);
2998 if (i <= 0)
2999 {
3000 al=ssl_verify_alarm_type(s->verify_result);
3001 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
3002 goto f_err;
3003 }
3004 }
3005
3006 if (s->session->peer != NULL) /* This should not be needed */
3007 X509_free(s->session->peer);
3008 s->session->peer=sk_X509_shift(sk);
3009 s->session->verify_result = s->verify_result;
3010
3011 /* With the current implementation, sess_cert will always be NULL
3012 * when we arrive here. */
3013 if (s->session->sess_cert == NULL)
3014 {
3015 s->session->sess_cert = ssl_sess_cert_new();
3016 if (s->session->sess_cert == NULL)
3017 {
3018 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
3019 goto err;
3020 }
3021 }
3022 if (s->session->sess_cert->cert_chain != NULL)
3023 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
3024 s->session->sess_cert->cert_chain=sk;
3025 /* Inconsistency alert: cert_chain does *not* include the
3026 * peer's own certificate, while we do include it in s3_clnt.c */
3027
3028 sk=NULL;
3029
3030 ret=1;
3031 if (0)
3032 {
3033f_err:
3034 ssl3_send_alert(s,SSL3_AL_FATAL,al);
3035 }
3036err:
3037 if (x != NULL) X509_free(x);
3038 if (sk != NULL) sk_X509_pop_free(sk,X509_free);
3039 return(ret);
3040 }
3041
3042int ssl3_send_server_certificate(SSL *s)
3043 {
3044 unsigned long l;
3045 X509 *x;
3046
3047 if (s->state == SSL3_ST_SW_CERT_A)
3048 {
3049 x=ssl_get_server_send_cert(s);
3050 if (x == NULL)
3051 {
3052 /* VRS: allow null cert if auth == KRB5 */
3053 if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
3054 (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
3055 {
3056 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
3057 return(0);
3058 }
3059 }
3060
3061 l=ssl3_output_cert_chain(s,x);
3062 s->state=SSL3_ST_SW_CERT_B;
3063 s->init_num=(int)l;
3064 s->init_off=0;
3065 }
3066
3067 /* SSL3_ST_SW_CERT_B */
3068 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3069 }
3070#ifndef OPENSSL_NO_TLSEXT
3071int ssl3_send_newsession_ticket(SSL *s)
3072 {
3073 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
3074 {
3075 unsigned char *p, *senc, *macstart;
3076 int len, slen;
3077 unsigned int hlen;
3078 EVP_CIPHER_CTX ctx;
3079 HMAC_CTX hctx;
3080 SSL_CTX *tctx = s->initial_ctx;
3081 unsigned char iv[EVP_MAX_IV_LENGTH];
3082 unsigned char key_name[16];
3083
3084 /* get session encoding length */
3085 slen = i2d_SSL_SESSION(s->session, NULL);
3086 /* Some length values are 16 bits, so forget it if session is
3087 * too long
3088 */
3089 if (slen > 0xFF00)
3090 return -1;
3091 /* Grow buffer if need be: the length calculation is as
3092 * follows 1 (size of message name) + 3 (message length
3093 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
3094 * 16 (key name) + max_iv_len (iv length) +
3095 * session_length + max_enc_block_size (max encrypted session
3096 * length) + max_md_size (HMAC).
3097 */
3098 if (!BUF_MEM_grow(s->init_buf,
3099 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
3100 EVP_MAX_MD_SIZE + slen))
3101 return -1;
3102 senc = OPENSSL_malloc(slen);
3103 if (!senc)
3104 return -1;
3105 p = senc;
3106 i2d_SSL_SESSION(s->session, &p);
3107
3108 p=(unsigned char *)s->init_buf->data;
3109 /* do the header */
3110 *(p++)=SSL3_MT_NEWSESSION_TICKET;
3111 /* Skip message length for now */
3112 p += 3;
3113 EVP_CIPHER_CTX_init(&ctx);
3114 HMAC_CTX_init(&hctx);
3115 /* Initialize HMAC and cipher contexts. If callback present
3116 * it does all the work otherwise use generated values
3117 * from parent ctx.
3118 */
3119 if (tctx->tlsext_ticket_key_cb)
3120 {
3121 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
3122 &hctx, 1) < 0)
3123 {
3124 OPENSSL_free(senc);
3125 return -1;
3126 }
3127 }
3128 else
3129 {
3130 RAND_pseudo_bytes(iv, 16);
3131 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
3132 tctx->tlsext_tick_aes_key, iv);
3133 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
3134 tlsext_tick_md(), NULL);
3135 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
3136 }
3137 l2n(s->session->tlsext_tick_lifetime_hint, p);
3138 /* Skip ticket length for now */
3139 p += 2;
3140 /* Output key name */
3141 macstart = p;
3142 memcpy(p, key_name, 16);
3143 p += 16;
3144 /* output IV */
3145 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
3146 p += EVP_CIPHER_CTX_iv_length(&ctx);
3147 /* Encrypt session data */
3148 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
3149 p += len;
3150 EVP_EncryptFinal(&ctx, p, &len);
3151 p += len;
3152 EVP_CIPHER_CTX_cleanup(&ctx);
3153
3154 HMAC_Update(&hctx, macstart, p - macstart);
3155 HMAC_Final(&hctx, p, &hlen);
3156 HMAC_CTX_cleanup(&hctx);
3157
3158 p += hlen;
3159 /* Now write out lengths: p points to end of data written */
3160 /* Total length */
3161 len = p - (unsigned char *)s->init_buf->data;
3162 p=(unsigned char *)s->init_buf->data + 1;
3163 l2n3(len - 4, p); /* Message length */
3164 p += 4;
3165 s2n(len - 10, p); /* Ticket length */
3166
3167 /* number of bytes to write */
3168 s->init_num= len;
3169 s->state=SSL3_ST_SW_SESSION_TICKET_B;
3170 s->init_off=0;
3171 OPENSSL_free(senc);
3172 }
3173
3174 /* SSL3_ST_SW_SESSION_TICKET_B */
3175 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3176 }
3177
3178int ssl3_send_cert_status(SSL *s)
3179 {
3180 if (s->state == SSL3_ST_SW_CERT_STATUS_A)
3181 {
3182 unsigned char *p;
3183 /* Grow buffer if need be: the length calculation is as
3184 * follows 1 (message type) + 3 (message length) +
3185 * 1 (ocsp response type) + 3 (ocsp response length)
3186 * + (ocsp response)
3187 */
3188 if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
3189 return -1;
3190
3191 p=(unsigned char *)s->init_buf->data;
3192
3193 /* do the header */
3194 *(p++)=SSL3_MT_CERTIFICATE_STATUS;
3195 /* message length */
3196 l2n3(s->tlsext_ocsp_resplen + 4, p);
3197 /* status type */
3198 *(p++)= s->tlsext_status_type;
3199 /* length of OCSP response */
3200 l2n3(s->tlsext_ocsp_resplen, p);
3201 /* actual response */
3202 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
3203 /* number of bytes to write */
3204 s->init_num = 8 + s->tlsext_ocsp_resplen;
3205 s->state=SSL3_ST_SW_CERT_STATUS_B;
3206 s->init_off = 0;
3207 }
3208
3209 /* SSL3_ST_SW_CERT_STATUS_B */
3210 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3211 }
3212#endif
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index 94727e17b3..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
1major=18
2minor=0
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index 8f922eea72..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,2304 +0,0 @@
1/* ssl/ssl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_H
144#define HEADER_SSL_H
145
146#include <openssl/e_os2.h>
147
148#ifndef OPENSSL_NO_COMP
149#include <openssl/comp.h>
150#endif
151#ifndef OPENSSL_NO_BIO
152#include <openssl/bio.h>
153#endif
154#ifndef OPENSSL_NO_DEPRECATED
155#ifndef OPENSSL_NO_X509
156#include <openssl/x509.h>
157#endif
158#include <openssl/crypto.h>
159#include <openssl/lhash.h>
160#include <openssl/buffer.h>
161#endif
162#include <openssl/pem.h>
163#include <openssl/hmac.h>
164
165#include <openssl/kssl.h>
166#include <openssl/safestack.h>
167#include <openssl/symhacks.h>
168
169#ifdef __cplusplus
170extern "C" {
171#endif
172
173/* SSLeay version number for ASN.1 encoding of the session information */
174/* Version 0 - initial version
175 * Version 1 - added the optional peer certificate
176 */
177#define SSL_SESSION_ASN1_VERSION 0x0001
178
179/* text strings for the ciphers */
180#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
181#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
182#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
183#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
184#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
185#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
186#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
187#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
188#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
189#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
190
191/* VRS Additional Kerberos5 entries
192 */
193#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
194#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
195#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
196#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
197#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
198#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
199#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
200#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
201
202#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
203#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
204#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
205#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
206#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
207#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
208
209#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
210#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
211#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
212#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
213#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
214#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
215#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
216
217#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
218#define SSL_MAX_SID_CTX_LENGTH 32
219
220#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
221#define SSL_MAX_KEY_ARG_LENGTH 8
222#define SSL_MAX_MASTER_KEY_LENGTH 48
223
224
225/* These are used to specify which ciphers to use and not to use */
226
227#define SSL_TXT_EXP40 "EXPORT40"
228#define SSL_TXT_EXP56 "EXPORT56"
229#define SSL_TXT_LOW "LOW"
230#define SSL_TXT_MEDIUM "MEDIUM"
231#define SSL_TXT_HIGH "HIGH"
232#define SSL_TXT_FIPS "FIPS"
233
234#define SSL_TXT_kFZA "kFZA" /* unused! */
235#define SSL_TXT_aFZA "aFZA" /* unused! */
236#define SSL_TXT_eFZA "eFZA" /* unused! */
237#define SSL_TXT_FZA "FZA" /* unused! */
238
239#define SSL_TXT_aNULL "aNULL"
240#define SSL_TXT_eNULL "eNULL"
241#define SSL_TXT_NULL "NULL"
242
243#define SSL_TXT_kRSA "kRSA"
244#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
245#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
246#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
247#define SSL_TXT_kEDH "kEDH"
248#define SSL_TXT_kKRB5 "kKRB5"
249#define SSL_TXT_kECDHr "kECDHr"
250#define SSL_TXT_kECDHe "kECDHe"
251#define SSL_TXT_kECDH "kECDH"
252#define SSL_TXT_kEECDH "kEECDH"
253#define SSL_TXT_kPSK "kPSK"
254#define SSL_TXT_kGOST "kGOST"
255
256#define SSL_TXT_aRSA "aRSA"
257#define SSL_TXT_aDSS "aDSS"
258#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
259#define SSL_TXT_aECDH "aECDH"
260#define SSL_TXT_aKRB5 "aKRB5"
261#define SSL_TXT_aECDSA "aECDSA"
262#define SSL_TXT_aPSK "aPSK"
263#define SSL_TXT_aGOST94 "aGOST94"
264#define SSL_TXT_aGOST01 "aGOST01"
265#define SSL_TXT_aGOST "aGOST"
266
267#define SSL_TXT_DSS "DSS"
268#define SSL_TXT_DH "DH"
269#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */
270#define SSL_TXT_ADH "ADH"
271#define SSL_TXT_RSA "RSA"
272#define SSL_TXT_ECDH "ECDH"
273#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
274#define SSL_TXT_AECDH "AECDH"
275#define SSL_TXT_ECDSA "ECDSA"
276#define SSL_TXT_KRB5 "KRB5"
277#define SSL_TXT_PSK "PSK"
278
279#define SSL_TXT_DES "DES"
280#define SSL_TXT_3DES "3DES"
281#define SSL_TXT_RC4 "RC4"
282#define SSL_TXT_RC2 "RC2"
283#define SSL_TXT_IDEA "IDEA"
284#define SSL_TXT_SEED "SEED"
285#define SSL_TXT_AES128 "AES128"
286#define SSL_TXT_AES256 "AES256"
287#define SSL_TXT_AES "AES"
288#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
289#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
290#define SSL_TXT_CAMELLIA "CAMELLIA"
291
292#define SSL_TXT_MD5 "MD5"
293#define SSL_TXT_SHA1 "SHA1"
294#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
295#define SSL_TXT_GOST94 "GOST94"
296#define SSL_TXT_GOST89MAC "GOST89MAC"
297
298#define SSL_TXT_SSLV2 "SSLv2"
299#define SSL_TXT_SSLV3 "SSLv3"
300#define SSL_TXT_TLSV1 "TLSv1"
301
302#define SSL_TXT_EXP "EXP"
303#define SSL_TXT_EXPORT "EXPORT"
304
305#define SSL_TXT_ALL "ALL"
306
307/*
308 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
309 * ciphers normally not being used.
310 * Example: "RC4" will activate all ciphers using RC4 including ciphers
311 * without authentication, which would normally disabled by DEFAULT (due
312 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
313 * will make sure that it is also disabled in the specific selection.
314 * COMPLEMENTOF* identifiers are portable between version, as adjustments
315 * to the default cipher setup will also be included here.
316 *
317 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
318 * DEFAULT gets, as only selection is being done and no sorting as needed
319 * for DEFAULT.
320 */
321#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
322#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
323
324/* The following cipher list is used by default.
325 * It also is substituted when an application-defined cipher list string
326 * starts with 'DEFAULT'. */
327#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
328/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
329 * starts with a reasonable order, and all we have to do for DEFAULT is
330 * throwing out anonymous and unencrypted ciphersuites!
331 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
332 * some of them.)
333 */
334
335/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
336#define SSL_SENT_SHUTDOWN 1
337#define SSL_RECEIVED_SHUTDOWN 2
338
339#ifdef __cplusplus
340}
341#endif
342
343#ifdef __cplusplus
344extern "C" {
345#endif
346
347#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
348#define OPENSSL_NO_SSL2
349#endif
350
351#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
352#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
353
354/* This is needed to stop compilers complaining about the
355 * 'struct ssl_st *' function parameters used to prototype callbacks
356 * in SSL_CTX. */
357typedef struct ssl_st *ssl_crock_st;
358typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
359
360/* used to hold info on the particular ciphers used */
361typedef struct ssl_cipher_st
362 {
363 int valid;
364 const char *name; /* text name */
365 unsigned long id; /* id, 4 bytes, first is version */
366
367 /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
368 unsigned long algorithm_mkey; /* key exchange algorithm */
369 unsigned long algorithm_auth; /* server authentication */
370 unsigned long algorithm_enc; /* symmetric encryption */
371 unsigned long algorithm_mac; /* symmetric authentication */
372 unsigned long algorithm_ssl; /* (major) protocol version */
373
374 unsigned long algo_strength; /* strength and export flags */
375 unsigned long algorithm2; /* Extra flags */
376 int strength_bits; /* Number of bits really used */
377 int alg_bits; /* Number of bits for algorithm */
378 } SSL_CIPHER;
379
380DECLARE_STACK_OF(SSL_CIPHER)
381
382typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
383typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
384
385/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
386typedef struct ssl_method_st
387 {
388 int version;
389 int (*ssl_new)(SSL *s);
390 void (*ssl_clear)(SSL *s);
391 void (*ssl_free)(SSL *s);
392 int (*ssl_accept)(SSL *s);
393 int (*ssl_connect)(SSL *s);
394 int (*ssl_read)(SSL *s,void *buf,int len);
395 int (*ssl_peek)(SSL *s,void *buf,int len);
396 int (*ssl_write)(SSL *s,const void *buf,int len);
397 int (*ssl_shutdown)(SSL *s);
398 int (*ssl_renegotiate)(SSL *s);
399 int (*ssl_renegotiate_check)(SSL *s);
400 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
401 max, int *ok);
402 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
403 int peek);
404 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
405 int (*ssl_dispatch_alert)(SSL *s);
406 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
407 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
408 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
409 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
410 int (*ssl_pending)(const SSL *s);
411 int (*num_ciphers)(void);
412 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
413 const struct ssl_method_st *(*get_ssl_method)(int version);
414 long (*get_timeout)(void);
415 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
416 int (*ssl_version)(void);
417 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
418 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
419 } SSL_METHOD;
420
421/* Lets make this into an ASN.1 type structure as follows
422 * SSL_SESSION_ID ::= SEQUENCE {
423 * version INTEGER, -- structure version number
424 * SSLversion INTEGER, -- SSL version number
425 * Cipher OCTET STRING, -- the 3 byte cipher ID
426 * Session_ID OCTET STRING, -- the Session ID
427 * Master_key OCTET STRING, -- the master key
428 * KRB5_principal OCTET STRING -- optional Kerberos principal
429 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
430 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
431 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
432 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
433 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
434 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
435 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
436 * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension
437 * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
438 * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
439 * }
440 * Look in ssl/ssl_asn1.c for more details
441 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
442 */
443typedef struct ssl_session_st
444 {
445 int ssl_version; /* what ssl version session info is
446 * being kept in here? */
447
448 /* only really used in SSLv2 */
449 unsigned int key_arg_length;
450 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
451 int master_key_length;
452 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
453 /* session_id - valid? */
454 unsigned int session_id_length;
455 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
456 /* this is used to determine whether the session is being reused in
457 * the appropriate context. It is up to the application to set this,
458 * via SSL_new */
459 unsigned int sid_ctx_length;
460 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
461
462#ifndef OPENSSL_NO_KRB5
463 unsigned int krb5_client_princ_len;
464 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
465#endif /* OPENSSL_NO_KRB5 */
466#ifndef OPENSSL_NO_PSK
467 char *psk_identity_hint;
468 char *psk_identity;
469#endif
470 int not_resumable;
471
472 /* The cert is the certificate used to establish this connection */
473 struct sess_cert_st /* SESS_CERT */ *sess_cert;
474
475 /* This is the cert for the other end.
476 * On clients, it will be the same as sess_cert->peer_key->x509
477 * (the latter is not enough as sess_cert is not retained
478 * in the external representation of sessions, see ssl_asn1.c). */
479 X509 *peer;
480 /* when app_verify_callback accepts a session where the peer's certificate
481 * is not ok, we must remember the error for session reuse: */
482 long verify_result; /* only for servers */
483
484 int references;
485 long timeout;
486 long time;
487
488 unsigned int compress_meth; /* Need to lookup the method */
489
490 const SSL_CIPHER *cipher;
491 unsigned long cipher_id; /* when ASN.1 loaded, this
492 * needs to be used to load
493 * the 'cipher' structure */
494
495 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
496
497 CRYPTO_EX_DATA ex_data; /* application specific data */
498
499 /* These are used to make removal of session-ids more
500 * efficient and to implement a maximum cache size. */
501 struct ssl_session_st *prev,*next;
502#ifndef OPENSSL_NO_TLSEXT
503 char *tlsext_hostname;
504#ifndef OPENSSL_NO_EC
505 size_t tlsext_ecpointformatlist_length;
506 unsigned char *tlsext_ecpointformatlist; /* peer's list */
507 size_t tlsext_ellipticcurvelist_length;
508 unsigned char *tlsext_ellipticcurvelist; /* peer's list */
509#endif /* OPENSSL_NO_EC */
510 /* RFC4507 info */
511 unsigned char *tlsext_tick; /* Session ticket */
512 size_t tlsext_ticklen; /* Session ticket length */
513 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
514#endif
515 } SSL_SESSION;
516
517
518#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
519#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
520/* Allow initial connection to servers that don't support RI */
521#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
522#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
523#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
524#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
525#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
526#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
527#define SSL_OP_TLS_D5_BUG 0x00000100L
528#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
529
530/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
531 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
532 * the workaround is not needed. Unfortunately some broken SSL/TLS
533 * implementations cannot handle it at all, which is why we include
534 * it in SSL_OP_ALL. */
535#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
536
537/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
538 * This used to be 0x000FFFFFL before 0.9.7. */
539#define SSL_OP_ALL 0x80000FFFL
540
541/* DTLS options */
542#define SSL_OP_NO_QUERY_MTU 0x00001000L
543/* Turn on Cookie Exchange (on relevant for servers) */
544#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
545/* Don't use RFC4507 ticket extension */
546#define SSL_OP_NO_TICKET 0x00004000L
547/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
548#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
549
550/* As server, disallow session resumption on renegotiation */
551#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
552/* Don't use compression even if supported */
553#define SSL_OP_NO_COMPRESSION 0x00020000L
554/* Permit unsafe legacy renegotiation */
555#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
556/* If set, always create a new key when using tmp_ecdh parameters */
557#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
558/* If set, always create a new key when using tmp_dh parameters */
559#define SSL_OP_SINGLE_DH_USE 0x00100000L
560/* Set to always use the tmp_rsa key when doing RSA operations,
561 * even when this violates protocol specs */
562#define SSL_OP_EPHEMERAL_RSA 0x00200000L
563/* Set on servers to choose the cipher according to the server's
564 * preferences */
565#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
566/* If set, a server will allow a client to issue a SSLv3.0 version number
567 * as latest version supported in the premaster secret, even when TLSv1.0
568 * (version 3.1) was announced in the client hello. Normally this is
569 * forbidden to prevent version rollback attacks. */
570#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
571
572#define SSL_OP_NO_SSLv2 0x01000000L
573#define SSL_OP_NO_SSLv3 0x02000000L
574#define SSL_OP_NO_TLSv1 0x04000000L
575
576/* The next flag deliberately changes the ciphertest, this is a check
577 * for the PKCS#1 attack */
578#define SSL_OP_PKCS1_CHECK_1 0x08000000L
579#define SSL_OP_PKCS1_CHECK_2 0x10000000L
580#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
581#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
582/* Make server add server-hello extension from early version of
583 * cryptopro draft, when GOST ciphersuite is negotiated.
584 * Required for interoperability with CryptoPro CSP 3.x
585 */
586#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
587
588/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
589 * when just a single record has been written): */
590#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
591/* Make it possible to retry SSL_write() with changed buffer location
592 * (buffer contents must stay the same!); this is not the default to avoid
593 * the misconception that non-blocking SSL_write() behaves like
594 * non-blocking write(): */
595#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
596/* Never bother the application with retries if the transport
597 * is blocking: */
598#define SSL_MODE_AUTO_RETRY 0x00000004L
599/* Don't attempt to automatically build certificate chain */
600#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
601/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
602 * TLS only.) "Released" buffers are put onto a free-list in the context
603 * or just freed (depending on the context's setting for freelist_max_len). */
604#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
605
606/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
607 * they cannot be used to clear bits. */
608
609#define SSL_CTX_set_options(ctx,op) \
610 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
611#define SSL_CTX_clear_options(ctx,op) \
612 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
613#define SSL_CTX_get_options(ctx) \
614 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
615#define SSL_set_options(ssl,op) \
616 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
617#define SSL_clear_options(ssl,op) \
618 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
619#define SSL_get_options(ssl) \
620 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
621
622#define SSL_CTX_set_mode(ctx,op) \
623 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
624#define SSL_CTX_clear_mode(ctx,op) \
625 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
626#define SSL_CTX_get_mode(ctx) \
627 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
628#define SSL_clear_mode(ssl,op) \
629 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
630#define SSL_set_mode(ssl,op) \
631 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
632#define SSL_get_mode(ssl) \
633 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
634#define SSL_set_mtu(ssl, mtu) \
635 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
636
637#define SSL_get_secure_renegotiation_support(ssl) \
638 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
639
640void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
641void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
642#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
643#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
644
645
646
647#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
648#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
649#else
650#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
651#endif
652
653#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
654
655/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
656 * them. It is used to override the generation of SSL/TLS session IDs in a
657 * server. Return value should be zero on an error, non-zero to proceed. Also,
658 * callbacks should themselves check if the id they generate is unique otherwise
659 * the SSL handshake will fail with an error - callbacks can do this using the
660 * 'ssl' value they're passed by;
661 * SSL_has_matching_session_id(ssl, id, *id_len)
662 * The length value passed in is set at the maximum size the session ID can be.
663 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
664 * can alter this length to be less if desired, but under SSLv2 session IDs are
665 * supposed to be fixed at 16 bytes so the id will be padded after the callback
666 * returns in this case. It is also an error for the callback to set the size to
667 * zero. */
668typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
669 unsigned int *id_len);
670
671typedef struct ssl_comp_st
672 {
673 int id;
674 const char *name;
675#ifndef OPENSSL_NO_COMP
676 COMP_METHOD *method;
677#else
678 char *method;
679#endif
680 } SSL_COMP;
681
682DECLARE_STACK_OF(SSL_COMP)
683DECLARE_LHASH_OF(SSL_SESSION);
684
685struct ssl_ctx_st
686 {
687 const SSL_METHOD *method;
688
689 STACK_OF(SSL_CIPHER) *cipher_list;
690 /* same as above but sorted for lookup */
691 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
692
693 struct x509_store_st /* X509_STORE */ *cert_store;
694 LHASH_OF(SSL_SESSION) *sessions;
695 /* Most session-ids that will be cached, default is
696 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
697 unsigned long session_cache_size;
698 struct ssl_session_st *session_cache_head;
699 struct ssl_session_st *session_cache_tail;
700
701 /* This can have one of 2 values, ored together,
702 * SSL_SESS_CACHE_CLIENT,
703 * SSL_SESS_CACHE_SERVER,
704 * Default is SSL_SESSION_CACHE_SERVER, which means only
705 * SSL_accept which cache SSL_SESSIONS. */
706 int session_cache_mode;
707
708 /* If timeout is not 0, it is the default timeout value set
709 * when SSL_new() is called. This has been put in to make
710 * life easier to set things up */
711 long session_timeout;
712
713 /* If this callback is not null, it will be called each
714 * time a session id is added to the cache. If this function
715 * returns 1, it means that the callback will do a
716 * SSL_SESSION_free() when it has finished using it. Otherwise,
717 * on 0, it means the callback has finished with it.
718 * If remove_session_cb is not null, it will be called when
719 * a session-id is removed from the cache. After the call,
720 * OpenSSL will SSL_SESSION_free() it. */
721 int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
722 void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
723 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
724 unsigned char *data,int len,int *copy);
725
726 struct
727 {
728 int sess_connect; /* SSL new conn - started */
729 int sess_connect_renegotiate;/* SSL reneg - requested */
730 int sess_connect_good; /* SSL new conne/reneg - finished */
731 int sess_accept; /* SSL new accept - started */
732 int sess_accept_renegotiate;/* SSL reneg - requested */
733 int sess_accept_good; /* SSL accept/reneg - finished */
734 int sess_miss; /* session lookup misses */
735 int sess_timeout; /* reuse attempt on timeouted session */
736 int sess_cache_full; /* session removed due to full cache */
737 int sess_hit; /* session reuse actually done */
738 int sess_cb_hit; /* session-id that was not
739 * in the cache was
740 * passed back via the callback. This
741 * indicates that the application is
742 * supplying session-id's from other
743 * processes - spooky :-) */
744 } stats;
745
746 int references;
747
748 /* if defined, these override the X509_verify_cert() calls */
749 int (*app_verify_callback)(X509_STORE_CTX *, void *);
750 void *app_verify_arg;
751 /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
752 * ('app_verify_callback' was called with just one argument) */
753
754 /* Default password callback. */
755 pem_password_cb *default_passwd_callback;
756
757 /* Default password callback user data. */
758 void *default_passwd_callback_userdata;
759
760 /* get client cert callback */
761 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
762
763 /* cookie generate callback */
764 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
765 unsigned int *cookie_len);
766
767 /* verify cookie callback */
768 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
769 unsigned int cookie_len);
770
771 CRYPTO_EX_DATA ex_data;
772
773 const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
774 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
775 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
776
777 STACK_OF(X509) *extra_certs;
778 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
779
780
781 /* Default values used when no per-SSL value is defined follow */
782
783 void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
784
785 /* what we put in client cert requests */
786 STACK_OF(X509_NAME) *client_CA;
787
788
789 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
790
791 unsigned long options;
792 unsigned long mode;
793 long max_cert_list;
794
795 struct cert_st /* CERT */ *cert;
796 int read_ahead;
797
798 /* callback that allows applications to peek at protocol messages */
799 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
800 void *msg_callback_arg;
801
802 int verify_mode;
803 unsigned int sid_ctx_length;
804 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
805 int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
806
807 /* Default generate session ID callback. */
808 GEN_SESSION_CB generate_session_id;
809
810 X509_VERIFY_PARAM *param;
811
812#if 0
813 int purpose; /* Purpose setting */
814 int trust; /* Trust setting */
815#endif
816
817 int quiet_shutdown;
818
819 /* Maximum amount of data to send in one fragment.
820 * actual record size can be more than this due to
821 * padding and MAC overheads.
822 */
823 unsigned int max_send_fragment;
824
825#ifndef OPENSSL_ENGINE
826 /* Engine to pass requests for client certs to
827 */
828 ENGINE *client_cert_engine;
829#endif
830
831#ifndef OPENSSL_NO_TLSEXT
832 /* TLS extensions servername callback */
833 int (*tlsext_servername_callback)(SSL*, int *, void *);
834 void *tlsext_servername_arg;
835 /* RFC 4507 session ticket keys */
836 unsigned char tlsext_tick_key_name[16];
837 unsigned char tlsext_tick_hmac_key[16];
838 unsigned char tlsext_tick_aes_key[16];
839 /* Callback to support customisation of ticket key setting */
840 int (*tlsext_ticket_key_cb)(SSL *ssl,
841 unsigned char *name, unsigned char *iv,
842 EVP_CIPHER_CTX *ectx,
843 HMAC_CTX *hctx, int enc);
844
845 /* certificate status request info */
846 /* Callback for status request */
847 int (*tlsext_status_cb)(SSL *ssl, void *arg);
848 void *tlsext_status_arg;
849
850 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
851 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
852 void *tlsext_opaque_prf_input_callback_arg;
853#endif
854
855#ifndef OPENSSL_NO_PSK
856 char *psk_identity_hint;
857 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
858 unsigned int max_identity_len, unsigned char *psk,
859 unsigned int max_psk_len);
860 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
861 unsigned char *psk, unsigned int max_psk_len);
862#endif
863
864#ifndef OPENSSL_NO_BUF_FREELISTS
865#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
866 unsigned int freelist_max_len;
867 struct ssl3_buf_freelist_st *wbuf_freelist;
868 struct ssl3_buf_freelist_st *rbuf_freelist;
869#endif
870 };
871
872#define SSL_SESS_CACHE_OFF 0x0000
873#define SSL_SESS_CACHE_CLIENT 0x0001
874#define SSL_SESS_CACHE_SERVER 0x0002
875#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
876#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
877/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
878#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
879#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
880#define SSL_SESS_CACHE_NO_INTERNAL \
881 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
882
883LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
884#define SSL_CTX_sess_number(ctx) \
885 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
886#define SSL_CTX_sess_connect(ctx) \
887 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
888#define SSL_CTX_sess_connect_good(ctx) \
889 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
890#define SSL_CTX_sess_connect_renegotiate(ctx) \
891 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
892#define SSL_CTX_sess_accept(ctx) \
893 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
894#define SSL_CTX_sess_accept_renegotiate(ctx) \
895 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
896#define SSL_CTX_sess_accept_good(ctx) \
897 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
898#define SSL_CTX_sess_hits(ctx) \
899 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
900#define SSL_CTX_sess_cb_hits(ctx) \
901 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
902#define SSL_CTX_sess_misses(ctx) \
903 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
904#define SSL_CTX_sess_timeouts(ctx) \
905 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
906#define SSL_CTX_sess_cache_full(ctx) \
907 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
908
909void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
910int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
911void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
912void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
913void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
914SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
915void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
916void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
917void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
918int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
919#ifndef OPENSSL_NO_ENGINE
920int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
921#endif
922void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
923void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
924
925#ifndef OPENSSL_NO_PSK
926/* the maximum length of the buffer given to callbacks containing the
927 * resulting identity/psk */
928#define PSK_MAX_IDENTITY_LEN 128
929#define PSK_MAX_PSK_LEN 256
930void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
931 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
932 char *identity, unsigned int max_identity_len, unsigned char *psk,
933 unsigned int max_psk_len));
934void SSL_set_psk_client_callback(SSL *ssl,
935 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
936 char *identity, unsigned int max_identity_len, unsigned char *psk,
937 unsigned int max_psk_len));
938void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
939 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
940 unsigned char *psk, unsigned int max_psk_len));
941void SSL_set_psk_server_callback(SSL *ssl,
942 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
943 unsigned char *psk, unsigned int max_psk_len));
944int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
945int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
946const char *SSL_get_psk_identity_hint(const SSL *s);
947const char *SSL_get_psk_identity(const SSL *s);
948#endif
949
950#define SSL_NOTHING 1
951#define SSL_WRITING 2
952#define SSL_READING 3
953#define SSL_X509_LOOKUP 4
954
955/* These will only be used when doing non-blocking IO */
956#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
957#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
958#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
959#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
960
961#define SSL_MAC_FLAG_READ_MAC_STREAM 1
962#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
963
964struct ssl_st
965 {
966 /* protocol version
967 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
968 */
969 int version;
970 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
971
972 const SSL_METHOD *method; /* SSLv3 */
973
974 /* There are 2 BIO's even though they are normally both the
975 * same. This is so data can be read and written to different
976 * handlers */
977
978#ifndef OPENSSL_NO_BIO
979 BIO *rbio; /* used by SSL_read */
980 BIO *wbio; /* used by SSL_write */
981 BIO *bbio; /* used during session-id reuse to concatenate
982 * messages */
983#else
984 char *rbio; /* used by SSL_read */
985 char *wbio; /* used by SSL_write */
986 char *bbio;
987#endif
988 /* This holds a variable that indicates what we were doing
989 * when a 0 or -1 is returned. This is needed for
990 * non-blocking IO so we know what request needs re-doing when
991 * in SSL_accept or SSL_connect */
992 int rwstate;
993
994 /* true when we are actually in SSL_accept() or SSL_connect() */
995 int in_handshake;
996 int (*handshake_func)(SSL *);
997
998 /* Imagine that here's a boolean member "init" that is
999 * switched as soon as SSL_set_{accept/connect}_state
1000 * is called for the first time, so that "state" and
1001 * "handshake_func" are properly initialized. But as
1002 * handshake_func is == 0 until then, we use this
1003 * test instead of an "init" member.
1004 */
1005
1006 int server; /* are we the server side? - mostly used by SSL_clear*/
1007
1008 int new_session;/* 1 if we are to use a new session.
1009 * 2 if we are a server and are inside a handshake
1010 * (i.e. not just sending a HelloRequest)
1011 * NB: For servers, the 'new' session may actually be a previously
1012 * cached session or even the previous session unless
1013 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1014 int quiet_shutdown;/* don't send shutdown packets */
1015 int shutdown; /* we have shut things down, 0x01 sent, 0x02
1016 * for received */
1017 int state; /* where we are */
1018 int rstate; /* where we are when reading */
1019
1020 BUF_MEM *init_buf; /* buffer used during init */
1021 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
1022 int init_num; /* amount read/written */
1023 int init_off; /* amount read/written */
1024
1025 /* used internally to point at a raw packet */
1026 unsigned char *packet;
1027 unsigned int packet_length;
1028
1029 struct ssl2_state_st *s2; /* SSLv2 variables */
1030 struct ssl3_state_st *s3; /* SSLv3 variables */
1031 struct dtls1_state_st *d1; /* DTLSv1 variables */
1032
1033 int read_ahead; /* Read as many input bytes as possible
1034 * (for non-blocking reads) */
1035
1036 /* callback that allows applications to peek at protocol messages */
1037 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
1038 void *msg_callback_arg;
1039
1040 int hit; /* reusing a previous session */
1041
1042 X509_VERIFY_PARAM *param;
1043
1044#if 0
1045 int purpose; /* Purpose setting */
1046 int trust; /* Trust setting */
1047#endif
1048
1049 /* crypto */
1050 STACK_OF(SSL_CIPHER) *cipher_list;
1051 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1052
1053 /* These are the ones being used, the ones in SSL_SESSION are
1054 * the ones to be 'copied' into these ones */
1055 int mac_flags;
1056 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1057 EVP_MD_CTX *read_hash; /* used for mac generation */
1058#ifndef OPENSSL_NO_COMP
1059 COMP_CTX *expand; /* uncompress */
1060#else
1061 char *expand;
1062#endif
1063
1064 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1065 EVP_MD_CTX *write_hash; /* used for mac generation */
1066#ifndef OPENSSL_NO_COMP
1067 COMP_CTX *compress; /* compression */
1068#else
1069 char *compress;
1070#endif
1071
1072 /* session info */
1073
1074 /* client cert? */
1075 /* This is used to hold the server certificate used */
1076 struct cert_st /* CERT */ *cert;
1077
1078 /* the session_id_context is used to ensure sessions are only reused
1079 * in the appropriate context */
1080 unsigned int sid_ctx_length;
1081 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1082
1083 /* This can also be in the session once a session is established */
1084 SSL_SESSION *session;
1085
1086 /* Default generate session ID callback. */
1087 GEN_SESSION_CB generate_session_id;
1088
1089 /* Used in SSL2 and SSL3 */
1090 int verify_mode; /* 0 don't care about verify failure.
1091 * 1 fail if verify fails */
1092 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
1093
1094 void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
1095
1096 int error; /* error bytes to be written */
1097 int error_code; /* actual code */
1098
1099#ifndef OPENSSL_NO_KRB5
1100 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
1101#endif /* OPENSSL_NO_KRB5 */
1102
1103#ifndef OPENSSL_NO_PSK
1104 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
1105 unsigned int max_identity_len, unsigned char *psk,
1106 unsigned int max_psk_len);
1107 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1108 unsigned char *psk, unsigned int max_psk_len);
1109#endif
1110
1111 SSL_CTX *ctx;
1112 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
1113 * and SSL_write() calls, good for nbio debuging :-) */
1114 int debug;
1115
1116 /* extra application data */
1117 long verify_result;
1118 CRYPTO_EX_DATA ex_data;
1119
1120 /* for server side, keep the list of CA_dn we can use */
1121 STACK_OF(X509_NAME) *client_CA;
1122
1123 int references;
1124 unsigned long options; /* protocol behaviour */
1125 unsigned long mode; /* API behaviour */
1126 long max_cert_list;
1127 int first_packet;
1128 int client_version; /* what was passed, used for
1129 * SSLv3/TLS rollback check */
1130 unsigned int max_send_fragment;
1131#ifndef OPENSSL_NO_TLSEXT
1132 /* TLS extension debug callback */
1133 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1134 unsigned char *data, int len,
1135 void *arg);
1136 void *tlsext_debug_arg;
1137 char *tlsext_hostname;
1138 int servername_done; /* no further mod of servername
1139 0 : call the servername extension callback.
1140 1 : prepare 2, allow last ack just after in server callback.
1141 2 : don't call servername callback, no ack in server hello
1142 */
1143 /* certificate status request info */
1144 /* Status type or -1 if no status type */
1145 int tlsext_status_type;
1146 /* Expect OCSP CertificateStatus message */
1147 int tlsext_status_expected;
1148 /* OCSP status request only */
1149 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
1150 X509_EXTENSIONS *tlsext_ocsp_exts;
1151 /* OCSP response received or to be sent */
1152 unsigned char *tlsext_ocsp_resp;
1153 int tlsext_ocsp_resplen;
1154
1155 /* RFC4507 session ticket expected to be received or sent */
1156 int tlsext_ticket_expected;
1157#ifndef OPENSSL_NO_EC
1158 size_t tlsext_ecpointformatlist_length;
1159 unsigned char *tlsext_ecpointformatlist; /* our list */
1160 size_t tlsext_ellipticcurvelist_length;
1161 unsigned char *tlsext_ellipticcurvelist; /* our list */
1162#endif /* OPENSSL_NO_EC */
1163
1164 /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
1165 void *tlsext_opaque_prf_input;
1166 size_t tlsext_opaque_prf_input_len;
1167
1168 /* TLS Session Ticket extension override */
1169 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1170
1171 /* TLS Session Ticket extension callback */
1172 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
1173 void *tls_session_ticket_ext_cb_arg;
1174
1175 /* TLS pre-shared secret session resumption */
1176 tls_session_secret_cb_fn tls_session_secret_cb;
1177 void *tls_session_secret_cb_arg;
1178
1179 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1180#define session_ctx initial_ctx
1181#else
1182#define session_ctx ctx
1183#endif /* OPENSSL_NO_TLSEXT */
1184 };
1185
1186#ifdef __cplusplus
1187}
1188#endif
1189
1190#include <openssl/ssl2.h>
1191#include <openssl/ssl3.h>
1192#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1193#include <openssl/dtls1.h> /* Datagram TLS */
1194#include <openssl/ssl23.h>
1195
1196#ifdef __cplusplus
1197extern "C" {
1198#endif
1199
1200/* compatibility */
1201#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
1202#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
1203#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
1204#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
1205#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
1206#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1207
1208/* The following are the possible values for ssl->state are are
1209 * used to indicate where we are up to in the SSL connection establishment.
1210 * The macros that follow are about the only things you should need to use
1211 * and even then, only when using non-blocking IO.
1212 * It can also be useful to work out where you were when the connection
1213 * failed */
1214
1215#define SSL_ST_CONNECT 0x1000
1216#define SSL_ST_ACCEPT 0x2000
1217#define SSL_ST_MASK 0x0FFF
1218#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
1219#define SSL_ST_BEFORE 0x4000
1220#define SSL_ST_OK 0x03
1221#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
1222
1223#define SSL_CB_LOOP 0x01
1224#define SSL_CB_EXIT 0x02
1225#define SSL_CB_READ 0x04
1226#define SSL_CB_WRITE 0x08
1227#define SSL_CB_ALERT 0x4000 /* used in callback */
1228#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
1229#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
1230#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
1231#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
1232#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
1233#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
1234#define SSL_CB_HANDSHAKE_START 0x10
1235#define SSL_CB_HANDSHAKE_DONE 0x20
1236
1237/* Is the SSL_connection established? */
1238#define SSL_get_state(a) SSL_state(a)
1239#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
1240#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
1241#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
1242#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
1243#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
1244
1245/* The following 2 states are kept in ssl->rstate when reads fail,
1246 * you should not need these */
1247#define SSL_ST_READ_HEADER 0xF0
1248#define SSL_ST_READ_BODY 0xF1
1249#define SSL_ST_READ_DONE 0xF2
1250
1251/* Obtain latest Finished message
1252 * -- that we sent (SSL_get_finished)
1253 * -- that we expected from peer (SSL_get_peer_finished).
1254 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
1255size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
1256size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1257
1258/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
1259 * are 'ored' with SSL_VERIFY_PEER if they are desired */
1260#define SSL_VERIFY_NONE 0x00
1261#define SSL_VERIFY_PEER 0x01
1262#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
1263#define SSL_VERIFY_CLIENT_ONCE 0x04
1264
1265#define OpenSSL_add_ssl_algorithms() SSL_library_init()
1266#define SSLeay_add_ssl_algorithms() SSL_library_init()
1267
1268/* this is for backward compatibility */
1269#if 0 /* NEW_SSLEAY */
1270#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
1271#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
1272#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
1273#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
1274#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
1275#endif
1276/* More backward compatibility */
1277#define SSL_get_cipher(s) \
1278 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1279#define SSL_get_cipher_bits(s,np) \
1280 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
1281#define SSL_get_cipher_version(s) \
1282 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
1283#define SSL_get_cipher_name(s) \
1284 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1285#define SSL_get_time(a) SSL_SESSION_get_time(a)
1286#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
1287#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1288#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1289
1290#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1291#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1292
1293DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1294
1295#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
1296
1297/* These alert types are for SSLv3 and TLSv1 */
1298#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1299#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
1300#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
1301#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
1302#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
1303#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
1304#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
1305#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
1306#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
1307#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
1308#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
1309#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
1310#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
1311#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
1312#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
1313#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
1314#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
1315#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
1316#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
1317#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
1318#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
1319#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
1320#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
1321#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
1322#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
1323#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1324#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1325#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1326#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1327#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1328
1329#define SSL_ERROR_NONE 0
1330#define SSL_ERROR_SSL 1
1331#define SSL_ERROR_WANT_READ 2
1332#define SSL_ERROR_WANT_WRITE 3
1333#define SSL_ERROR_WANT_X509_LOOKUP 4
1334#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
1335#define SSL_ERROR_ZERO_RETURN 6
1336#define SSL_ERROR_WANT_CONNECT 7
1337#define SSL_ERROR_WANT_ACCEPT 8
1338
1339#define SSL_CTRL_NEED_TMP_RSA 1
1340#define SSL_CTRL_SET_TMP_RSA 2
1341#define SSL_CTRL_SET_TMP_DH 3
1342#define SSL_CTRL_SET_TMP_ECDH 4
1343#define SSL_CTRL_SET_TMP_RSA_CB 5
1344#define SSL_CTRL_SET_TMP_DH_CB 6
1345#define SSL_CTRL_SET_TMP_ECDH_CB 7
1346
1347#define SSL_CTRL_GET_SESSION_REUSED 8
1348#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
1349#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
1350#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
1351#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
1352#define SSL_CTRL_GET_FLAGS 13
1353#define SSL_CTRL_EXTRA_CHAIN_CERT 14
1354
1355#define SSL_CTRL_SET_MSG_CALLBACK 15
1356#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
1357
1358/* only applies to datagram connections */
1359#define SSL_CTRL_SET_MTU 17
1360/* Stats */
1361#define SSL_CTRL_SESS_NUMBER 20
1362#define SSL_CTRL_SESS_CONNECT 21
1363#define SSL_CTRL_SESS_CONNECT_GOOD 22
1364#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
1365#define SSL_CTRL_SESS_ACCEPT 24
1366#define SSL_CTRL_SESS_ACCEPT_GOOD 25
1367#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
1368#define SSL_CTRL_SESS_HIT 27
1369#define SSL_CTRL_SESS_CB_HIT 28
1370#define SSL_CTRL_SESS_MISSES 29
1371#define SSL_CTRL_SESS_TIMEOUTS 30
1372#define SSL_CTRL_SESS_CACHE_FULL 31
1373#define SSL_CTRL_OPTIONS 32
1374#define SSL_CTRL_MODE 33
1375
1376#define SSL_CTRL_GET_READ_AHEAD 40
1377#define SSL_CTRL_SET_READ_AHEAD 41
1378#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
1379#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
1380#define SSL_CTRL_SET_SESS_CACHE_MODE 44
1381#define SSL_CTRL_GET_SESS_CACHE_MODE 45
1382
1383#define SSL_CTRL_GET_MAX_CERT_LIST 50
1384#define SSL_CTRL_SET_MAX_CERT_LIST 51
1385
1386#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1387
1388/* see tls1.h for macros based on these */
1389#ifndef OPENSSL_NO_TLSEXT
1390#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1391#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1392#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
1393#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
1394#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1395#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1396#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1397#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
1398#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
1399#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1400#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1401#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1402#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
1403#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
1404#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
1405#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
1406#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
1407#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
1408#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
1409
1410#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1411#endif
1412
1413#define DTLS_CTRL_GET_TIMEOUT 73
1414#define DTLS_CTRL_HANDLE_TIMEOUT 74
1415#define DTLS_CTRL_LISTEN 75
1416
1417#define SSL_CTRL_GET_RI_SUPPORT 76
1418#define SSL_CTRL_CLEAR_OPTIONS 77
1419#define SSL_CTRL_CLEAR_MODE 78
1420
1421#define DTLSv1_get_timeout(ssl, arg) \
1422 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1423#define DTLSv1_handle_timeout(ssl) \
1424 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1425#define DTLSv1_listen(ssl, peer) \
1426 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
1427
1428#define SSL_session_reused(ssl) \
1429 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1430#define SSL_num_renegotiations(ssl) \
1431 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
1432#define SSL_clear_num_renegotiations(ssl) \
1433 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
1434#define SSL_total_renegotiations(ssl) \
1435 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1436
1437#define SSL_CTX_need_tmp_RSA(ctx) \
1438 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1439#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
1440 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1441#define SSL_CTX_set_tmp_dh(ctx,dh) \
1442 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1443#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
1444 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1445
1446#define SSL_need_tmp_RSA(ssl) \
1447 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1448#define SSL_set_tmp_rsa(ssl,rsa) \
1449 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1450#define SSL_set_tmp_dh(ssl,dh) \
1451 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1452#define SSL_set_tmp_ecdh(ssl,ecdh) \
1453 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1454
1455#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1456 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1457
1458#ifndef OPENSSL_NO_BIO
1459BIO_METHOD *BIO_f_ssl(void);
1460BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
1461BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
1462BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1463int BIO_ssl_copy_session_id(BIO *to,BIO *from);
1464void BIO_ssl_shutdown(BIO *ssl_bio);
1465
1466#endif
1467
1468int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
1469SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1470void SSL_CTX_free(SSL_CTX *);
1471long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
1472long SSL_CTX_get_timeout(const SSL_CTX *ctx);
1473X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1474void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
1475int SSL_want(const SSL *s);
1476int SSL_clear(SSL *s);
1477
1478void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
1479
1480const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1481int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
1482char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1483const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1484
1485int SSL_get_fd(const SSL *s);
1486int SSL_get_rfd(const SSL *s);
1487int SSL_get_wfd(const SSL *s);
1488const char * SSL_get_cipher_list(const SSL *s,int n);
1489char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
1490int SSL_get_read_ahead(const SSL * s);
1491int SSL_pending(const SSL *s);
1492#ifndef OPENSSL_NO_SOCK
1493int SSL_set_fd(SSL *s, int fd);
1494int SSL_set_rfd(SSL *s, int fd);
1495int SSL_set_wfd(SSL *s, int fd);
1496#endif
1497#ifndef OPENSSL_NO_BIO
1498void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
1499BIO * SSL_get_rbio(const SSL *s);
1500BIO * SSL_get_wbio(const SSL *s);
1501#endif
1502int SSL_set_cipher_list(SSL *s, const char *str);
1503void SSL_set_read_ahead(SSL *s, int yes);
1504int SSL_get_verify_mode(const SSL *s);
1505int SSL_get_verify_depth(const SSL *s);
1506int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
1507void SSL_set_verify(SSL *s, int mode,
1508 int (*callback)(int ok,X509_STORE_CTX *ctx));
1509void SSL_set_verify_depth(SSL *s, int depth);
1510#ifndef OPENSSL_NO_RSA
1511int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1512#endif
1513int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
1514int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1515int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
1516int SSL_use_certificate(SSL *ssl, X509 *x);
1517int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1518
1519#ifndef OPENSSL_NO_STDIO
1520int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
1521int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
1522int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
1523int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1524int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1525int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1526int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
1527STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
1528int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1529 const char *file);
1530#ifndef OPENSSL_SYS_VMS
1531#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
1532int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1533 const char *dir);
1534#endif
1535#endif
1536
1537#endif
1538
1539void SSL_load_error_strings(void );
1540const char *SSL_state_string(const SSL *s);
1541const char *SSL_rstate_string(const SSL *s);
1542const char *SSL_state_string_long(const SSL *s);
1543const char *SSL_rstate_string_long(const SSL *s);
1544long SSL_SESSION_get_time(const SSL_SESSION *s);
1545long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1546long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1547long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1548void SSL_copy_session_id(SSL *to,const SSL *from);
1549
1550SSL_SESSION *SSL_SESSION_new(void);
1551const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1552 unsigned int *len);
1553#ifndef OPENSSL_NO_FP_API
1554int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1555#endif
1556#ifndef OPENSSL_NO_BIO
1557int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
1558#endif
1559void SSL_SESSION_free(SSL_SESSION *ses);
1560int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
1561int SSL_set_session(SSL *to, SSL_SESSION *session);
1562int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1563int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
1564int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
1565int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1566int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1567 unsigned int id_len);
1568SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
1569 long length);
1570
1571#ifdef HEADER_X509_H
1572X509 * SSL_get_peer_certificate(const SSL *s);
1573#endif
1574
1575STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1576
1577int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
1578int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
1579int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
1580void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
1581 int (*callback)(int, X509_STORE_CTX *));
1582void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
1583void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
1584#ifndef OPENSSL_NO_RSA
1585int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1586#endif
1587int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1588int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1589int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
1590 const unsigned char *d, long len);
1591int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1592int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1593
1594void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
1595void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1596
1597int SSL_CTX_check_private_key(const SSL_CTX *ctx);
1598int SSL_check_private_key(const SSL *ctx);
1599
1600int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
1601 unsigned int sid_ctx_len);
1602
1603SSL * SSL_new(SSL_CTX *ctx);
1604int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
1605 unsigned int sid_ctx_len);
1606
1607int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1608int SSL_set_purpose(SSL *s, int purpose);
1609int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1610int SSL_set_trust(SSL *s, int trust);
1611
1612int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1613int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1614
1615void SSL_free(SSL *ssl);
1616int SSL_accept(SSL *ssl);
1617int SSL_connect(SSL *ssl);
1618int SSL_read(SSL *ssl,void *buf,int num);
1619int SSL_peek(SSL *ssl,void *buf,int num);
1620int SSL_write(SSL *ssl,const void *buf,int num);
1621long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
1622long SSL_callback_ctrl(SSL *, int, void (*)(void));
1623long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
1624long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1625
1626int SSL_get_error(const SSL *s,int ret_code);
1627const char *SSL_get_version(const SSL *s);
1628
1629/* This sets the 'default' SSL version that SSL_new() will create */
1630int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1631
1632#ifndef OPENSSL_NO_SSL2
1633const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1634const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1635const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1636#endif
1637
1638const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1639const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1640const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1641
1642const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1643const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1644const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1645
1646const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1647const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1648const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1649
1650const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1651const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1652const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1653
1654STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1655
1656int SSL_do_handshake(SSL *s);
1657int SSL_renegotiate(SSL *s);
1658int SSL_renegotiate_pending(SSL *s);
1659int SSL_shutdown(SSL *s);
1660
1661const SSL_METHOD *SSL_get_ssl_method(SSL *s);
1662int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
1663const char *SSL_alert_type_string_long(int value);
1664const char *SSL_alert_type_string(int value);
1665const char *SSL_alert_desc_string_long(int value);
1666const char *SSL_alert_desc_string(int value);
1667
1668void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1669void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1670STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
1671STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1672int SSL_add_client_CA(SSL *ssl,X509 *x);
1673int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
1674
1675void SSL_set_connect_state(SSL *s);
1676void SSL_set_accept_state(SSL *s);
1677
1678long SSL_get_default_timeout(const SSL *s);
1679
1680int SSL_library_init(void );
1681
1682char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
1683STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1684
1685SSL *SSL_dup(SSL *ssl);
1686
1687X509 *SSL_get_certificate(const SSL *ssl);
1688/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1689
1690void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1691int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1692void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1693int SSL_get_quiet_shutdown(const SSL *ssl);
1694void SSL_set_shutdown(SSL *ssl,int mode);
1695int SSL_get_shutdown(const SSL *ssl);
1696int SSL_version(const SSL *ssl);
1697int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1698int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1699 const char *CApath);
1700#define SSL_get0_session SSL_get_session /* just peek at pointer */
1701SSL_SESSION *SSL_get_session(const SSL *ssl);
1702SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1703SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1704SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
1705void SSL_set_info_callback(SSL *ssl,
1706 void (*cb)(const SSL *ssl,int type,int val));
1707void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
1708int SSL_state(const SSL *ssl);
1709
1710void SSL_set_verify_result(SSL *ssl,long v);
1711long SSL_get_verify_result(const SSL *ssl);
1712
1713int SSL_set_ex_data(SSL *ssl,int idx,void *data);
1714void *SSL_get_ex_data(const SSL *ssl,int idx);
1715int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1716 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1717
1718int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
1719void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
1720int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1721 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1722
1723int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
1724void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
1725int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1726 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1727
1728int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1729
1730#define SSL_CTX_sess_set_cache_size(ctx,t) \
1731 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1732#define SSL_CTX_sess_get_cache_size(ctx) \
1733 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1734#define SSL_CTX_set_session_cache_mode(ctx,m) \
1735 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1736#define SSL_CTX_get_session_cache_mode(ctx) \
1737 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1738
1739#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1740#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1741#define SSL_CTX_get_read_ahead(ctx) \
1742 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1743#define SSL_CTX_set_read_ahead(ctx,m) \
1744 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1745#define SSL_CTX_get_max_cert_list(ctx) \
1746 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1747#define SSL_CTX_set_max_cert_list(ctx,m) \
1748 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1749#define SSL_get_max_cert_list(ssl) \
1750 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1751#define SSL_set_max_cert_list(ssl,m) \
1752 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1753
1754#define SSL_CTX_set_max_send_fragment(ctx,m) \
1755 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1756#define SSL_set_max_send_fragment(ssl,m) \
1757 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1758
1759 /* NB: the keylength is only applicable when is_export is true */
1760#ifndef OPENSSL_NO_RSA
1761void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1762 RSA *(*cb)(SSL *ssl,int is_export,
1763 int keylength));
1764
1765void SSL_set_tmp_rsa_callback(SSL *ssl,
1766 RSA *(*cb)(SSL *ssl,int is_export,
1767 int keylength));
1768#endif
1769#ifndef OPENSSL_NO_DH
1770void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1771 DH *(*dh)(SSL *ssl,int is_export,
1772 int keylength));
1773void SSL_set_tmp_dh_callback(SSL *ssl,
1774 DH *(*dh)(SSL *ssl,int is_export,
1775 int keylength));
1776#endif
1777#ifndef OPENSSL_NO_ECDH
1778void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
1779 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
1780 int keylength));
1781void SSL_set_tmp_ecdh_callback(SSL *ssl,
1782 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
1783 int keylength));
1784#endif
1785
1786#ifndef OPENSSL_NO_COMP
1787const COMP_METHOD *SSL_get_current_compression(SSL *s);
1788const COMP_METHOD *SSL_get_current_expansion(SSL *s);
1789const char *SSL_COMP_get_name(const COMP_METHOD *comp);
1790STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
1791int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
1792#else
1793const void *SSL_get_current_compression(SSL *s);
1794const void *SSL_get_current_expansion(SSL *s);
1795const char *SSL_COMP_get_name(const void *comp);
1796void *SSL_COMP_get_compression_methods(void);
1797int SSL_COMP_add_compression_method(int id,void *cm);
1798#endif
1799
1800/* TLS extensions functions */
1801int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1802
1803int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1804 void *arg);
1805
1806/* Pre-shared secret session resumption functions */
1807int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
1808
1809/* BEGIN ERROR CODES */
1810/* The following lines are auto generated by the script mkerr.pl. Any changes
1811 * made after this point may be overwritten when the script is next run.
1812 */
1813void ERR_load_SSL_strings(void);
1814
1815/* Error codes for the SSL functions. */
1816
1817/* Function codes. */
1818#define SSL_F_CLIENT_CERTIFICATE 100
1819#define SSL_F_CLIENT_FINISHED 167
1820#define SSL_F_CLIENT_HELLO 101
1821#define SSL_F_CLIENT_MASTER_KEY 102
1822#define SSL_F_D2I_SSL_SESSION 103
1823#define SSL_F_DO_DTLS1_WRITE 245
1824#define SSL_F_DO_SSL3_WRITE 104
1825#define SSL_F_DTLS1_ACCEPT 246
1826#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
1827#define SSL_F_DTLS1_BUFFER_RECORD 247
1828#define SSL_F_DTLS1_CLIENT_HELLO 248
1829#define SSL_F_DTLS1_CONNECT 249
1830#define SSL_F_DTLS1_ENC 250
1831#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
1832#define SSL_F_DTLS1_GET_MESSAGE 252
1833#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1834#define SSL_F_DTLS1_GET_RECORD 254
1835#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
1836#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1837#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
1838#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
1839#define SSL_F_DTLS1_PROCESS_RECORD 257
1840#define SSL_F_DTLS1_READ_BYTES 258
1841#define SSL_F_DTLS1_READ_FAILED 259
1842#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
1843#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
1844#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
1845#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
1846#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
1847#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
1848#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
1849#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
1850#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
1851#define SSL_F_GET_CLIENT_FINISHED 105
1852#define SSL_F_GET_CLIENT_HELLO 106
1853#define SSL_F_GET_CLIENT_MASTER_KEY 107
1854#define SSL_F_GET_SERVER_FINISHED 108
1855#define SSL_F_GET_SERVER_HELLO 109
1856#define SSL_F_GET_SERVER_VERIFY 110
1857#define SSL_F_I2D_SSL_SESSION 111
1858#define SSL_F_READ_N 112
1859#define SSL_F_REQUEST_CERTIFICATE 113
1860#define SSL_F_SERVER_FINISH 239
1861#define SSL_F_SERVER_HELLO 114
1862#define SSL_F_SERVER_VERIFY 240
1863#define SSL_F_SSL23_ACCEPT 115
1864#define SSL_F_SSL23_CLIENT_HELLO 116
1865#define SSL_F_SSL23_CONNECT 117
1866#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1867#define SSL_F_SSL23_GET_SERVER_HELLO 119
1868#define SSL_F_SSL23_PEEK 237
1869#define SSL_F_SSL23_READ 120
1870#define SSL_F_SSL23_WRITE 121
1871#define SSL_F_SSL2_ACCEPT 122
1872#define SSL_F_SSL2_CONNECT 123
1873#define SSL_F_SSL2_ENC_INIT 124
1874#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
1875#define SSL_F_SSL2_PEEK 234
1876#define SSL_F_SSL2_READ 125
1877#define SSL_F_SSL2_READ_INTERNAL 236
1878#define SSL_F_SSL2_SET_CERTIFICATE 126
1879#define SSL_F_SSL2_WRITE 127
1880#define SSL_F_SSL3_ACCEPT 128
1881#define SSL_F_SSL3_ADD_CERT_TO_BUF 296
1882#define SSL_F_SSL3_CALLBACK_CTRL 233
1883#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1884#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1885#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
1886#define SSL_F_SSL3_CLIENT_HELLO 131
1887#define SSL_F_SSL3_CONNECT 132
1888#define SSL_F_SSL3_CTRL 213
1889#define SSL_F_SSL3_CTX_CTRL 133
1890#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
1891#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
1892#define SSL_F_SSL3_ENC 134
1893#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1894#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1895#define SSL_F_SSL3_GET_CERT_STATUS 289
1896#define SSL_F_SSL3_GET_CERT_VERIFY 136
1897#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1898#define SSL_F_SSL3_GET_CLIENT_HELLO 138
1899#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
1900#define SSL_F_SSL3_GET_FINISHED 140
1901#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1902#define SSL_F_SSL3_GET_MESSAGE 142
1903#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
1904#define SSL_F_SSL3_GET_RECORD 143
1905#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1906#define SSL_F_SSL3_GET_SERVER_DONE 145
1907#define SSL_F_SSL3_GET_SERVER_HELLO 146
1908#define SSL_F_SSL3_HANDSHAKE_MAC 285
1909#define SSL_F_SSL3_NEW_SESSION_TICKET 287
1910#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1911#define SSL_F_SSL3_PEEK 235
1912#define SSL_F_SSL3_READ_BYTES 148
1913#define SSL_F_SSL3_READ_N 149
1914#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
1915#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
1916#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1917#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1918#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1919#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1920#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1921#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1922#define SSL_F_SSL3_SETUP_READ_BUFFER 156
1923#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
1924#define SSL_F_SSL3_WRITE_BYTES 158
1925#define SSL_F_SSL3_WRITE_PENDING 159
1926#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
1927#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
1928#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1929#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1930#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
1931#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
1932#define SSL_F_SSL_BAD_METHOD 160
1933#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1934#define SSL_F_SSL_CERT_DUP 221
1935#define SSL_F_SSL_CERT_INST 222
1936#define SSL_F_SSL_CERT_INSTANTIATE 214
1937#define SSL_F_SSL_CERT_NEW 162
1938#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1939#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
1940#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
1941#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1942#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1943#define SSL_F_SSL_CLEAR 164
1944#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1945#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1946#define SSL_F_SSL_CTRL 232
1947#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1948#define SSL_F_SSL_CTX_NEW 169
1949#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1950#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
1951#define SSL_F_SSL_CTX_SET_PURPOSE 226
1952#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1953#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
1954#define SSL_F_SSL_CTX_SET_TRUST 229
1955#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
1956#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
1957#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
1958#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
1959#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
1960#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
1961#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
1962#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
1963#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
1964#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
1965#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
1966#define SSL_F_SSL_DO_HANDSHAKE 180
1967#define SSL_F_SSL_GET_NEW_SESSION 181
1968#define SSL_F_SSL_GET_PREV_SESSION 217
1969#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
1970#define SSL_F_SSL_GET_SIGN_PKEY 183
1971#define SSL_F_SSL_INIT_WBIO_BUFFER 184
1972#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
1973#define SSL_F_SSL_NEW 186
1974#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
1975#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
1976#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
1977#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
1978#define SSL_F_SSL_PEEK 270
1979#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
1980#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
1981#define SSL_F_SSL_READ 223
1982#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
1983#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
1984#define SSL_F_SSL_SESSION_NEW 189
1985#define SSL_F_SSL_SESSION_PRINT_FP 190
1986#define SSL_F_SSL_SESS_CERT_NEW 225
1987#define SSL_F_SSL_SET_CERT 191
1988#define SSL_F_SSL_SET_CIPHER_LIST 271
1989#define SSL_F_SSL_SET_FD 192
1990#define SSL_F_SSL_SET_PKEY 193
1991#define SSL_F_SSL_SET_PURPOSE 227
1992#define SSL_F_SSL_SET_RFD 194
1993#define SSL_F_SSL_SET_SESSION 195
1994#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1995#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
1996#define SSL_F_SSL_SET_TRUST 228
1997#define SSL_F_SSL_SET_WFD 196
1998#define SSL_F_SSL_SHUTDOWN 224
1999#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
2000#define SSL_F_SSL_UNDEFINED_FUNCTION 197
2001#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
2002#define SSL_F_SSL_USE_CERTIFICATE 198
2003#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
2004#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
2005#define SSL_F_SSL_USE_PRIVATEKEY 201
2006#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
2007#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
2008#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
2009#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
2010#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
2011#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
2012#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
2013#define SSL_F_SSL_WRITE 208
2014#define SSL_F_TLS1_CERT_VERIFY_MAC 286
2015#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2016#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
2017#define SSL_F_TLS1_ENC 210
2018#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2019#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2020#define SSL_F_TLS1_PRF 284
2021#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
2022#define SSL_F_WRITE_PENDING 212
2023
2024/* Reason codes. */
2025#define SSL_R_APP_DATA_IN_HANDSHAKE 100
2026#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2027#define SSL_R_BAD_ALERT_RECORD 101
2028#define SSL_R_BAD_AUTHENTICATION_TYPE 102
2029#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
2030#define SSL_R_BAD_CHECKSUM 104
2031#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
2032#define SSL_R_BAD_DECOMPRESSION 107
2033#define SSL_R_BAD_DH_G_LENGTH 108
2034#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
2035#define SSL_R_BAD_DH_P_LENGTH 110
2036#define SSL_R_BAD_DIGEST_LENGTH 111
2037#define SSL_R_BAD_DSA_SIGNATURE 112
2038#define SSL_R_BAD_ECC_CERT 304
2039#define SSL_R_BAD_ECDSA_SIGNATURE 305
2040#define SSL_R_BAD_ECPOINT 306
2041#define SSL_R_BAD_HANDSHAKE_LENGTH 332
2042#define SSL_R_BAD_HELLO_REQUEST 105
2043#define SSL_R_BAD_LENGTH 271
2044#define SSL_R_BAD_MAC_DECODE 113
2045#define SSL_R_BAD_MAC_LENGTH 333
2046#define SSL_R_BAD_MESSAGE_TYPE 114
2047#define SSL_R_BAD_PACKET_LENGTH 115
2048#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
2049#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
2050#define SSL_R_BAD_RESPONSE_ARGUMENT 117
2051#define SSL_R_BAD_RSA_DECRYPT 118
2052#define SSL_R_BAD_RSA_ENCRYPT 119
2053#define SSL_R_BAD_RSA_E_LENGTH 120
2054#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
2055#define SSL_R_BAD_RSA_SIGNATURE 122
2056#define SSL_R_BAD_SIGNATURE 123
2057#define SSL_R_BAD_SSL_FILETYPE 124
2058#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
2059#define SSL_R_BAD_STATE 126
2060#define SSL_R_BAD_WRITE_RETRY 127
2061#define SSL_R_BIO_NOT_SET 128
2062#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
2063#define SSL_R_BN_LIB 130
2064#define SSL_R_CA_DN_LENGTH_MISMATCH 131
2065#define SSL_R_CA_DN_TOO_LONG 132
2066#define SSL_R_CCS_RECEIVED_EARLY 133
2067#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
2068#define SSL_R_CERT_LENGTH_MISMATCH 135
2069#define SSL_R_CHALLENGE_IS_DIFFERENT 136
2070#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
2071#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
2072#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
2073#define SSL_R_CLIENTHELLO_TLSEXT 226
2074#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
2075#define SSL_R_COMPRESSION_DISABLED 343
2076#define SSL_R_COMPRESSION_FAILURE 141
2077#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
2078#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
2079#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
2080#define SSL_R_CONNECTION_TYPE_NOT_SET 144
2081#define SSL_R_COOKIE_MISMATCH 308
2082#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
2083#define SSL_R_DATA_LENGTH_TOO_LONG 146
2084#define SSL_R_DECRYPTION_FAILED 147
2085#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
2086#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
2087#define SSL_R_DIGEST_CHECK_FAILED 149
2088#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
2089#define SSL_R_DUPLICATE_COMPRESSION_ID 309
2090#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
2091#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
2092#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2093#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
2094#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
2095#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
2096#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
2097#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
2098#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
2099#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
2100#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
2101#define SSL_R_HTTPS_PROXY_REQUEST 155
2102#define SSL_R_HTTP_REQUEST 156
2103#define SSL_R_ILLEGAL_PADDING 283
2104#define SSL_R_INCONSISTENT_COMPRESSION 340
2105#define SSL_R_INVALID_CHALLENGE_LENGTH 158
2106#define SSL_R_INVALID_COMMAND 280
2107#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
2108#define SSL_R_INVALID_PURPOSE 278
2109#define SSL_R_INVALID_STATUS_RESPONSE 328
2110#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
2111#define SSL_R_INVALID_TRUST 279
2112#define SSL_R_KEY_ARG_TOO_LONG 284
2113#define SSL_R_KRB5 285
2114#define SSL_R_KRB5_C_CC_PRINC 286
2115#define SSL_R_KRB5_C_GET_CRED 287
2116#define SSL_R_KRB5_C_INIT 288
2117#define SSL_R_KRB5_C_MK_REQ 289
2118#define SSL_R_KRB5_S_BAD_TICKET 290
2119#define SSL_R_KRB5_S_INIT 291
2120#define SSL_R_KRB5_S_RD_REQ 292
2121#define SSL_R_KRB5_S_TKT_EXPIRED 293
2122#define SSL_R_KRB5_S_TKT_NYV 294
2123#define SSL_R_KRB5_S_TKT_SKEW 295
2124#define SSL_R_LENGTH_MISMATCH 159
2125#define SSL_R_LENGTH_TOO_SHORT 160
2126#define SSL_R_LIBRARY_BUG 274
2127#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
2128#define SSL_R_MESSAGE_TOO_LONG 296
2129#define SSL_R_MISSING_DH_DSA_CERT 162
2130#define SSL_R_MISSING_DH_KEY 163
2131#define SSL_R_MISSING_DH_RSA_CERT 164
2132#define SSL_R_MISSING_DSA_SIGNING_CERT 165
2133#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
2134#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
2135#define SSL_R_MISSING_RSA_CERTIFICATE 168
2136#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
2137#define SSL_R_MISSING_RSA_SIGNING_CERT 170
2138#define SSL_R_MISSING_TMP_DH_KEY 171
2139#define SSL_R_MISSING_TMP_ECDH_KEY 311
2140#define SSL_R_MISSING_TMP_RSA_KEY 172
2141#define SSL_R_MISSING_TMP_RSA_PKEY 173
2142#define SSL_R_MISSING_VERIFY_MESSAGE 174
2143#define SSL_R_MULTIPLE_SGC_RESTARTS 346
2144#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
2145#define SSL_R_NO_CERTIFICATES_RETURNED 176
2146#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
2147#define SSL_R_NO_CERTIFICATE_RETURNED 178
2148#define SSL_R_NO_CERTIFICATE_SET 179
2149#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
2150#define SSL_R_NO_CIPHERS_AVAILABLE 181
2151#define SSL_R_NO_CIPHERS_PASSED 182
2152#define SSL_R_NO_CIPHERS_SPECIFIED 183
2153#define SSL_R_NO_CIPHER_LIST 184
2154#define SSL_R_NO_CIPHER_MATCH 185
2155#define SSL_R_NO_CLIENT_CERT_METHOD 331
2156#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
2157#define SSL_R_NO_COMPRESSION_SPECIFIED 187
2158#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
2159#define SSL_R_NO_METHOD_SPECIFIED 188
2160#define SSL_R_NO_PRIVATEKEY 189
2161#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
2162#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
2163#define SSL_R_NO_PUBLICKEY 192
2164#define SSL_R_NO_RENEGOTIATION 339
2165#define SSL_R_NO_REQUIRED_DIGEST 324
2166#define SSL_R_NO_SHARED_CIPHER 193
2167#define SSL_R_NO_VERIFY_CALLBACK 194
2168#define SSL_R_NULL_SSL_CTX 195
2169#define SSL_R_NULL_SSL_METHOD_PASSED 196
2170#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2171#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2172#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2173#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
2174#define SSL_R_PACKET_LENGTH_TOO_LONG 198
2175#define SSL_R_PARSE_TLSEXT 227
2176#define SSL_R_PATH_TOO_LONG 270
2177#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
2178#define SSL_R_PEER_ERROR 200
2179#define SSL_R_PEER_ERROR_CERTIFICATE 201
2180#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
2181#define SSL_R_PEER_ERROR_NO_CIPHER 203
2182#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
2183#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
2184#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
2185#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
2186#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
2187#define SSL_R_PSK_NO_CLIENT_CB 224
2188#define SSL_R_PSK_NO_SERVER_CB 225
2189#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
2190#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
2191#define SSL_R_PUBLIC_KEY_NOT_RSA 210
2192#define SSL_R_READ_BIO_NOT_SET 211
2193#define SSL_R_READ_TIMEOUT_EXPIRED 312
2194#define SSL_R_READ_WRONG_PACKET_TYPE 212
2195#define SSL_R_RECORD_LENGTH_MISMATCH 213
2196#define SSL_R_RECORD_TOO_LARGE 214
2197#define SSL_R_RECORD_TOO_SMALL 298
2198#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
2199#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
2200#define SSL_R_RENEGOTIATION_MISMATCH 337
2201#define SSL_R_REQUIRED_CIPHER_MISSING 215
2202#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
2203#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
2204#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
2205#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
2206#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
2207#define SSL_R_SERVERHELLO_TLSEXT 275
2208#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
2209#define SSL_R_SHORT_READ 219
2210#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
2211#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
2212#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
2213#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
2214#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
2215#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
2216#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
2217#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
2218#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
2219#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
2220#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
2221#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
2222#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
2223#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
2224#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
2225#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
2226#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
2227#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
2228#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
2229#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
2230#define SSL_R_SSL_HANDSHAKE_FAILURE 229
2231#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
2232#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
2233#define SSL_R_SSL_SESSION_ID_CONFLICT 302
2234#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
2235#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
2236#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
2237#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
2238#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
2239#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
2240#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
2241#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
2242#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
2243#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
2244#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
2245#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
2246#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2247#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2248#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2249#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
2250#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
2251#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
2252#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2253#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2254#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2255#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2256#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2257#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2258#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
2259#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
2260#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
2261#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
2262#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
2263#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
2264#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
2265#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
2266#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
2267#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
2268#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
2269#define SSL_R_UNEXPECTED_MESSAGE 244
2270#define SSL_R_UNEXPECTED_RECORD 245
2271#define SSL_R_UNINITIALIZED 276
2272#define SSL_R_UNKNOWN_ALERT_TYPE 246
2273#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
2274#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
2275#define SSL_R_UNKNOWN_CIPHER_TYPE 249
2276#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
2277#define SSL_R_UNKNOWN_PKEY_TYPE 251
2278#define SSL_R_UNKNOWN_PROTOCOL 252
2279#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2280#define SSL_R_UNKNOWN_SSL_VERSION 254
2281#define SSL_R_UNKNOWN_STATE 255
2282#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
2283#define SSL_R_UNSUPPORTED_CIPHER 256
2284#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2285#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
2286#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2287#define SSL_R_UNSUPPORTED_PROTOCOL 258
2288#define SSL_R_UNSUPPORTED_SSL_VERSION 259
2289#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
2290#define SSL_R_WRITE_BIO_NOT_SET 260
2291#define SSL_R_WRONG_CIPHER_RETURNED 261
2292#define SSL_R_WRONG_MESSAGE_TYPE 262
2293#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2294#define SSL_R_WRONG_SIGNATURE_LENGTH 264
2295#define SSL_R_WRONG_SIGNATURE_SIZE 265
2296#define SSL_R_WRONG_SSL_VERSION 266
2297#define SSL_R_WRONG_VERSION_NUMBER 267
2298#define SSL_R_X509_LIB 268
2299#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
2300
2301#ifdef __cplusplus
2302}
2303#endif
2304#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index 99a52ea0dd..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,268 +0,0 @@
1/* ssl/ssl2.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#ifdef OPENSSL_SYS_MPE
137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
138#else
139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
140#endif
141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
142
143#define SSL2_CHALLENGE_LENGTH 16
144/*#define SSL2_CHALLENGE_LENGTH 32 */
145#define SSL2_MIN_CHALLENGE_LENGTH 16
146#define SSL2_MAX_CHALLENGE_LENGTH 32
147#define SSL2_CONNECTION_ID_LENGTH 16
148#define SSL2_MAX_CONNECTION_ID_LENGTH 16
149#define SSL2_SSL_SESSION_ID_LENGTH 16
150#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
151#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
152#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
153
154#ifndef HEADER_SSL_LOCL_H
155#define CERT char
156#endif
157
158typedef struct ssl2_state_st
159 {
160 int three_byte_header;
161 int clear_text; /* clear text */
162 int escape; /* not used in SSLv2 */
163 int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
164
165 /* non-blocking io info, used to make sure the same
166 * args were passwd */
167 unsigned int wnum; /* number of bytes sent so far */
168 int wpend_tot;
169 const unsigned char *wpend_buf;
170
171 int wpend_off; /* offset to data to write */
172 int wpend_len; /* number of bytes passwd to write */
173 int wpend_ret; /* number of bytes to return to caller */
174
175 /* buffer raw data */
176 int rbuf_left;
177 int rbuf_offs;
178 unsigned char *rbuf;
179 unsigned char *wbuf;
180
181 unsigned char *write_ptr;/* used to point to the start due to
182 * 2/3 byte header. */
183
184 unsigned int padding;
185 unsigned int rlength; /* passed to ssl2_enc */
186 int ract_data_length; /* Set when things are encrypted. */
187 unsigned int wlength; /* passed to ssl2_enc */
188 int wact_data_length; /* Set when things are decrypted. */
189 unsigned char *ract_data;
190 unsigned char *wact_data;
191 unsigned char *mac_data;
192
193 unsigned char *read_key;
194 unsigned char *write_key;
195
196 /* Stuff specifically to do with this SSL session */
197 unsigned int challenge_length;
198 unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
199 unsigned int conn_id_length;
200 unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
201 unsigned int key_material_length;
202 unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
203
204 unsigned long read_sequence;
205 unsigned long write_sequence;
206
207 struct {
208 unsigned int conn_id_length;
209 unsigned int cert_type;
210 unsigned int cert_length;
211 unsigned int csl;
212 unsigned int clear;
213 unsigned int enc;
214 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
215 unsigned int cipher_spec_length;
216 unsigned int session_id_length;
217 unsigned int clen;
218 unsigned int rlen;
219 } tmp;
220 } SSL2_STATE;
221
222/* SSLv2 */
223/* client */
224#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
225#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
226#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
227#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
228#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
229#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
230#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
231#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
232#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
233#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
234#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
235#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
236#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
237#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
238#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
239#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
240#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
241#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
242/* server */
243#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
244#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
245#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
246#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
247#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
248#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
249#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
250#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
251#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
252#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
253#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
254#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
255#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
256#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
257#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
258#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
259#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
260#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
261#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
262#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
263
264#ifdef __cplusplus
265}
266#endif
267#endif
268
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
1/* ssl/ssl23.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
83
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 9c2c41287a..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,648 +0,0 @@
1/* ssl/ssl3.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H
119
120#ifndef OPENSSL_NO_COMP
121#include <openssl/comp.h>
122#endif
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125#include <openssl/ssl.h>
126
127#ifdef __cplusplus
128extern "C" {
129#endif
130
131/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
132#define SSL3_CK_SCSV 0x030000FF
133
134#define SSL3_CK_RSA_NULL_MD5 0x03000001
135#define SSL3_CK_RSA_NULL_SHA 0x03000002
136#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
137#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
138#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
139#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
140#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
141#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
142#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
143#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
144
145#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
146#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
147#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
148#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
149#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
150#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
151
152#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
153#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
154#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
155#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
156#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
157#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
158
159#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
160#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
161#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
162#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
163#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
164
165#if 0
166 #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
167 #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
168 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
169 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
170 of the ietf-tls list */
171 #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
172 #endif
173#endif
174
175/* VRS Additional Kerberos5 entries
176 */
177#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
178#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
179#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
180#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
181#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
182#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
183#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
184#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
185
186#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
187#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
188#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
189#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
190#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
191#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
192
193#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
194#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
195#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
196#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
197#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
198#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
199#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
200#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
201#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
202#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
203
204#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
205#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
206#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
207#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
208#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
209#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
210
211#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
212#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
213#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
214#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
215#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
216#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
217
218#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
219#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
220#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
221#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
222#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
223
224#if 0
225 #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
226 #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
227 #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
228#endif
229
230#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
231#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
232#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
233#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
234#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
235#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
236#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
237#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
238
239#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
240#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
241#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
242#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
243#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
244#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
245
246#define SSL3_SSL_SESSION_ID_LENGTH 32
247#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
248
249#define SSL3_MASTER_SECRET_SIZE 48
250#define SSL3_RANDOM_SIZE 32
251#define SSL3_SESSION_ID_SIZE 32
252#define SSL3_RT_HEADER_LENGTH 5
253
254#ifndef SSL3_ALIGN_PAYLOAD
255 /* Some will argue that this increases memory footprint, but it's
256 * not actually true. Point is that malloc has to return at least
257 * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
258 * 3 bytes in either case. Suggested pre-gaping simply moves these
259 * wasted bytes from the end of allocated region to its front,
260 * but makes data payload aligned, which improves performance:-) */
261# define SSL3_ALIGN_PAYLOAD 8
262#else
263# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
264# error "insane SSL3_ALIGN_PAYLOAD"
265# undef SSL3_ALIGN_PAYLOAD
266# endif
267#endif
268
269/* This is the maximum MAC (digest) size used by the SSL library.
270 * Currently maximum of 20 is used by SHA1, but we reserve for
271 * future extension for 512-bit hashes.
272 */
273
274#define SSL3_RT_MAX_MD_SIZE 64
275
276/* Maximum block size used in all ciphersuites. Currently 16 for AES.
277 */
278
279#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
280
281#define SSL3_RT_MAX_EXTRA (16384)
282
283/* Maximum plaintext length: defined by SSL/TLS standards */
284#define SSL3_RT_MAX_PLAIN_LENGTH 16384
285/* Maximum compression overhead: defined by SSL/TLS standards */
286#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
287
288/* The standards give a maximum encryption overhead of 1024 bytes.
289 * In practice the value is lower than this. The overhead is the maximum
290 * number of padding bytes (256) plus the mac size.
291 */
292#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
293
294/* OpenSSL currently only uses a padding length of at most one block so
295 * the send overhead is smaller.
296 */
297
298#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
299 (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
300
301/* If compression isn't used don't include the compression overhead */
302
303#ifdef OPENSSL_NO_COMP
304#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
305#else
306#define SSL3_RT_MAX_COMPRESSED_LENGTH \
307 (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
308#endif
309#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
310 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
311#define SSL3_RT_MAX_PACKET_SIZE \
312 (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
313
314#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
315#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
316
317#define SSL3_VERSION 0x0300
318#define SSL3_VERSION_MAJOR 0x03
319#define SSL3_VERSION_MINOR 0x00
320
321#define SSL3_RT_CHANGE_CIPHER_SPEC 20
322#define SSL3_RT_ALERT 21
323#define SSL3_RT_HANDSHAKE 22
324#define SSL3_RT_APPLICATION_DATA 23
325
326#define SSL3_AL_WARNING 1
327#define SSL3_AL_FATAL 2
328
329#define SSL3_AD_CLOSE_NOTIFY 0
330#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
331#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
332#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
333#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
334#define SSL3_AD_NO_CERTIFICATE 41
335#define SSL3_AD_BAD_CERTIFICATE 42
336#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
337#define SSL3_AD_CERTIFICATE_REVOKED 44
338#define SSL3_AD_CERTIFICATE_EXPIRED 45
339#define SSL3_AD_CERTIFICATE_UNKNOWN 46
340#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
341
342typedef struct ssl3_record_st
343 {
344/*r */ int type; /* type of record */
345/*rw*/ unsigned int length; /* How many bytes available */
346/*r */ unsigned int off; /* read/write offset into 'buf' */
347/*rw*/ unsigned char *data; /* pointer to the record data */
348/*rw*/ unsigned char *input; /* where the decode bytes are */
349/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
350/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
351/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
352 } SSL3_RECORD;
353
354typedef struct ssl3_buffer_st
355 {
356 unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
357 * see ssl3_setup_buffers() */
358 size_t len; /* buffer size */
359 int offset; /* where to 'copy from' */
360 int left; /* how many bytes left */
361 } SSL3_BUFFER;
362
363#define SSL3_CT_RSA_SIGN 1
364#define SSL3_CT_DSS_SIGN 2
365#define SSL3_CT_RSA_FIXED_DH 3
366#define SSL3_CT_DSS_FIXED_DH 4
367#define SSL3_CT_RSA_EPHEMERAL_DH 5
368#define SSL3_CT_DSS_EPHEMERAL_DH 6
369#define SSL3_CT_FORTEZZA_DMS 20
370/* SSL3_CT_NUMBER is used to size arrays and it must be large
371 * enough to contain all of the cert types defined either for
372 * SSLv3 and TLSv1.
373 */
374#define SSL3_CT_NUMBER 9
375
376
377#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
378#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
379#define SSL3_FLAGS_POP_BUFFER 0x0004
380#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
381#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
382
383/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
384 * restart a handshake because of MS SGC and so prevents us
385 * from restarting the handshake in a loop. It's reset on a
386 * renegotiation, so effectively limits the client to one restart
387 * per negotiation. This limits the possibility of a DDoS
388 * attack where the client handshakes in a loop using SGC to
389 * restart. Servers which permit renegotiation can still be
390 * effected, but we can't prevent that.
391 */
392#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
393
394typedef struct ssl3_state_st
395 {
396 long flags;
397 int delay_buf_pop_ret;
398
399 unsigned char read_sequence[8];
400 int read_mac_secret_size;
401 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
402 unsigned char write_sequence[8];
403 int write_mac_secret_size;
404 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
405
406 unsigned char server_random[SSL3_RANDOM_SIZE];
407 unsigned char client_random[SSL3_RANDOM_SIZE];
408
409 /* flags for countermeasure against known-IV weakness */
410 int need_empty_fragments;
411 int empty_fragment_done;
412
413 /* The value of 'extra' when the buffers were initialized */
414 int init_extra;
415
416 SSL3_BUFFER rbuf; /* read IO goes into here */
417 SSL3_BUFFER wbuf; /* write IO goes into here */
418
419 SSL3_RECORD rrec; /* each decoded record goes in here */
420 SSL3_RECORD wrec; /* goes out from here */
421
422 /* storage for Alert/Handshake protocol data received but not
423 * yet processed by ssl3_read_bytes: */
424 unsigned char alert_fragment[2];
425 unsigned int alert_fragment_len;
426 unsigned char handshake_fragment[4];
427 unsigned int handshake_fragment_len;
428
429 /* partial write - check the numbers match */
430 unsigned int wnum; /* number of bytes sent so far */
431 int wpend_tot; /* number bytes written */
432 int wpend_type;
433 int wpend_ret; /* number of bytes submitted */
434 const unsigned char *wpend_buf;
435
436 /* used during startup, digest all incoming/outgoing packets */
437 BIO *handshake_buffer;
438 /* When set of handshake digests is determined, buffer is hashed
439 * and freed and MD_CTX-es for all required digests are stored in
440 * this array */
441 EVP_MD_CTX **handshake_dgst;
442 /* this is set whenerver we see a change_cipher_spec message
443 * come in when we are not looking for one */
444 int change_cipher_spec;
445
446 int warn_alert;
447 int fatal_alert;
448 /* we allow one fatal and one warning alert to be outstanding,
449 * send close alert via the warning alert */
450 int alert_dispatch;
451 unsigned char send_alert[2];
452
453 /* This flag is set when we should renegotiate ASAP, basically when
454 * there is no more data in the read or write buffers */
455 int renegotiate;
456 int total_renegotiations;
457 int num_renegotiations;
458
459 int in_read_app_data;
460
461 /* Opaque PRF input as used for the current handshake.
462 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
463 * (otherwise, they are merely present to improve binary compatibility) */
464 void *client_opaque_prf_input;
465 size_t client_opaque_prf_input_len;
466 void *server_opaque_prf_input;
467 size_t server_opaque_prf_input_len;
468
469 struct {
470 /* actually only needs to be 16+20 */
471 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
472
473 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
474 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
475 int finish_md_len;
476 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
477 int peer_finish_md_len;
478
479 unsigned long message_size;
480 int message_type;
481
482 /* used to hold the new cipher we are going to use */
483 const SSL_CIPHER *new_cipher;
484#ifndef OPENSSL_NO_DH
485 DH *dh;
486#endif
487
488#ifndef OPENSSL_NO_ECDH
489 EC_KEY *ecdh; /* holds short lived ECDH key */
490#endif
491
492 /* used when SSL_ST_FLUSH_DATA is entered */
493 int next_state;
494
495 int reuse_message;
496
497 /* used for certificate requests */
498 int cert_req;
499 int ctype_num;
500 char ctype[SSL3_CT_NUMBER];
501 STACK_OF(X509_NAME) *ca_names;
502
503 int use_rsa_tmp;
504
505 int key_block_length;
506 unsigned char *key_block;
507
508 const EVP_CIPHER *new_sym_enc;
509 const EVP_MD *new_hash;
510 int new_mac_pkey_type;
511 int new_mac_secret_size;
512#ifndef OPENSSL_NO_COMP
513 const SSL_COMP *new_compression;
514#else
515 char *new_compression;
516#endif
517 int cert_request;
518 } tmp;
519
520 /* Connection binding to prevent renegotiation attacks */
521 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
522 unsigned char previous_client_finished_len;
523 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
524 unsigned char previous_server_finished_len;
525 int send_connection_binding; /* TODOEKR */
526 } SSL3_STATE;
527
528
529/* SSLv3 */
530/*client */
531/* extra state */
532#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
533/* write to server */
534#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
535#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
536/* read from server */
537#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
538#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
539#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
540#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
541#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
542#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
543#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
544#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
545#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
546#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
547#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
548#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
549/* write to server */
550#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
551#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
552#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
553#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
554#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
555#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
556#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
557#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
558#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
559#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
560#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
561#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
562/* read from server */
563#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
564#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
565#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
566#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
567#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
568#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
569#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
570#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
571
572/* server */
573/* extra state */
574#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
575/* read from client */
576/* Do not change the number values, they do matter */
577#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
578#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
579#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
580/* write to client */
581#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
582#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
583#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
584#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
585#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
586#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
587#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
588#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
589#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
590#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
591#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
592#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
593#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
594#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
595#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
596/* read from client */
597#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
598#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
599#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
600#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
601#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
602#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
603#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
604#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
605#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
606#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
607/* write to client */
608#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
609#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
610#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
611#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
612#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
613#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
614#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
615#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
616
617#define SSL3_MT_HELLO_REQUEST 0
618#define SSL3_MT_CLIENT_HELLO 1
619#define SSL3_MT_SERVER_HELLO 2
620#define SSL3_MT_NEWSESSION_TICKET 4
621#define SSL3_MT_CERTIFICATE 11
622#define SSL3_MT_SERVER_KEY_EXCHANGE 12
623#define SSL3_MT_CERTIFICATE_REQUEST 13
624#define SSL3_MT_SERVER_DONE 14
625#define SSL3_MT_CERTIFICATE_VERIFY 15
626#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
627#define SSL3_MT_FINISHED 20
628#define SSL3_MT_CERTIFICATE_STATUS 22
629#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
630
631
632#define SSL3_MT_CCS 1
633
634/* These are used when changing over to a new cipher */
635#define SSL3_CC_READ 0x01
636#define SSL3_CC_WRITE 0x02
637#define SSL3_CC_CLIENT 0x10
638#define SSL3_CC_SERVER 0x20
639#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
640#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
641#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
642#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
643
644#ifdef __cplusplus
645}
646#endif
647#endif
648
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index 0967b2dfe4..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,140 +0,0 @@
1/* ssl/ssl_algs.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/lhash.h>
62#include "ssl_locl.h"
63
64int SSL_library_init(void)
65 {
66
67#ifndef OPENSSL_NO_DES
68 EVP_add_cipher(EVP_des_cbc());
69 EVP_add_cipher(EVP_des_ede3_cbc());
70#endif
71#ifndef OPENSSL_NO_IDEA
72 EVP_add_cipher(EVP_idea_cbc());
73#endif
74#ifndef OPENSSL_NO_RC4
75 EVP_add_cipher(EVP_rc4());
76#endif
77#ifndef OPENSSL_NO_RC2
78 EVP_add_cipher(EVP_rc2_cbc());
79 /* Not actually used for SSL/TLS but this makes PKCS#12 work
80 * if an application only calls SSL_library_init().
81 */
82 EVP_add_cipher(EVP_rc2_40_cbc());
83#endif
84#ifndef OPENSSL_NO_AES
85 EVP_add_cipher(EVP_aes_128_cbc());
86 EVP_add_cipher(EVP_aes_192_cbc());
87 EVP_add_cipher(EVP_aes_256_cbc());
88#endif
89#ifndef OPENSSL_NO_CAMELLIA
90 EVP_add_cipher(EVP_camellia_128_cbc());
91 EVP_add_cipher(EVP_camellia_256_cbc());
92#endif
93
94#ifndef OPENSSL_NO_SEED
95 EVP_add_cipher(EVP_seed_cbc());
96#endif
97
98#ifndef OPENSSL_NO_MD5
99 EVP_add_digest(EVP_md5());
100 EVP_add_digest_alias(SN_md5,"ssl2-md5");
101 EVP_add_digest_alias(SN_md5,"ssl3-md5");
102#endif
103#ifndef OPENSSL_NO_SHA
104 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
105 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
106 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
107#endif
108#ifndef OPENSSL_NO_SHA256
109 EVP_add_digest(EVP_sha224());
110 EVP_add_digest(EVP_sha256());
111#endif
112#ifndef OPENSSL_NO_SHA512
113 EVP_add_digest(EVP_sha384());
114 EVP_add_digest(EVP_sha512());
115#endif
116#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
117 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
118 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
119 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
120 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
121#endif
122#ifndef OPENSSL_NO_ECDSA
123 EVP_add_digest(EVP_ecdsa());
124#endif
125 /* If you want support for phased out ciphers, add the following */
126#if 0
127 EVP_add_digest(EVP_sha());
128 EVP_add_digest(EVP_dss());
129#endif
130#ifndef OPENSSL_NO_COMP
131 /* This will initialise the built-in compression algorithms.
132 The value returned is a STACK_OF(SSL_COMP), but that can
133 be discarded safely */
134 (void)SSL_COMP_get_compression_methods();
135#endif
136 /* initialize cipher/digest methods table */
137 ssl_load_ciphers();
138 return(1);
139 }
140
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index d7f4c6087e..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,592 +0,0 @@
1/* ssl/ssl_asn1.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include <stdlib.h>
87#include "ssl_locl.h"
88#include <openssl/asn1_mac.h>
89#include <openssl/objects.h>
90#include <openssl/x509.h>
91
92typedef struct ssl_session_asn1_st
93 {
94 ASN1_INTEGER version;
95 ASN1_INTEGER ssl_version;
96 ASN1_OCTET_STRING cipher;
97 ASN1_OCTET_STRING comp_id;
98 ASN1_OCTET_STRING master_key;
99 ASN1_OCTET_STRING session_id;
100 ASN1_OCTET_STRING session_id_context;
101 ASN1_OCTET_STRING key_arg;
102#ifndef OPENSSL_NO_KRB5
103 ASN1_OCTET_STRING krb5_princ;
104#endif /* OPENSSL_NO_KRB5 */
105 ASN1_INTEGER time;
106 ASN1_INTEGER timeout;
107 ASN1_INTEGER verify_result;
108#ifndef OPENSSL_NO_TLSEXT
109 ASN1_OCTET_STRING tlsext_hostname;
110 ASN1_INTEGER tlsext_tick_lifetime;
111 ASN1_OCTET_STRING tlsext_tick;
112#endif /* OPENSSL_NO_TLSEXT */
113#ifndef OPENSSL_NO_PSK
114 ASN1_OCTET_STRING psk_identity_hint;
115 ASN1_OCTET_STRING psk_identity;
116#endif /* OPENSSL_NO_PSK */
117 } SSL_SESSION_ASN1;
118
119int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
120 {
121#define LSIZE2 (sizeof(long)*2)
122 int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
123 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
124 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
125#ifndef OPENSSL_NO_TLSEXT
126 int v6=0,v9=0,v10=0;
127 unsigned char ibuf6[LSIZE2];
128#endif
129#ifndef OPENSSL_NO_COMP
130 unsigned char cbuf;
131 int v11=0;
132#endif
133 long l;
134 SSL_SESSION_ASN1 a;
135 M_ASN1_I2D_vars(in);
136
137 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
138 return(0);
139
140 /* Note that I cheat in the following 2 assignments. I know
141 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
142 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
143 * This is a bit evil but makes things simple, no dynamic allocation
144 * to clean up :-) */
145 a.version.length=LSIZE2;
146 a.version.type=V_ASN1_INTEGER;
147 a.version.data=ibuf1;
148 ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
149
150 a.ssl_version.length=LSIZE2;
151 a.ssl_version.type=V_ASN1_INTEGER;
152 a.ssl_version.data=ibuf2;
153 ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
154
155 a.cipher.type=V_ASN1_OCTET_STRING;
156 a.cipher.data=buf;
157
158 if (in->cipher == NULL)
159 l=in->cipher_id;
160 else
161 l=in->cipher->id;
162 if (in->ssl_version == SSL2_VERSION)
163 {
164 a.cipher.length=3;
165 buf[0]=((unsigned char)(l>>16L))&0xff;
166 buf[1]=((unsigned char)(l>> 8L))&0xff;
167 buf[2]=((unsigned char)(l ))&0xff;
168 }
169 else
170 {
171 a.cipher.length=2;
172 buf[0]=((unsigned char)(l>>8L))&0xff;
173 buf[1]=((unsigned char)(l ))&0xff;
174 }
175
176#ifndef OPENSSL_NO_COMP
177 if (in->compress_meth)
178 {
179 cbuf = (unsigned char)in->compress_meth;
180 a.comp_id.length = 1;
181 a.comp_id.type = V_ASN1_OCTET_STRING;
182 a.comp_id.data = &cbuf;
183 }
184#endif
185
186 a.master_key.length=in->master_key_length;
187 a.master_key.type=V_ASN1_OCTET_STRING;
188 a.master_key.data=in->master_key;
189
190 a.session_id.length=in->session_id_length;
191 a.session_id.type=V_ASN1_OCTET_STRING;
192 a.session_id.data=in->session_id;
193
194 a.session_id_context.length=in->sid_ctx_length;
195 a.session_id_context.type=V_ASN1_OCTET_STRING;
196 a.session_id_context.data=in->sid_ctx;
197
198 a.key_arg.length=in->key_arg_length;
199 a.key_arg.type=V_ASN1_OCTET_STRING;
200 a.key_arg.data=in->key_arg;
201
202#ifndef OPENSSL_NO_KRB5
203 if (in->krb5_client_princ_len)
204 {
205 a.krb5_princ.length=in->krb5_client_princ_len;
206 a.krb5_princ.type=V_ASN1_OCTET_STRING;
207 a.krb5_princ.data=in->krb5_client_princ;
208 }
209#endif /* OPENSSL_NO_KRB5 */
210
211 if (in->time != 0L)
212 {
213 a.time.length=LSIZE2;
214 a.time.type=V_ASN1_INTEGER;
215 a.time.data=ibuf3;
216 ASN1_INTEGER_set(&(a.time),in->time);
217 }
218
219 if (in->timeout != 0L)
220 {
221 a.timeout.length=LSIZE2;
222 a.timeout.type=V_ASN1_INTEGER;
223 a.timeout.data=ibuf4;
224 ASN1_INTEGER_set(&(a.timeout),in->timeout);
225 }
226
227 if (in->verify_result != X509_V_OK)
228 {
229 a.verify_result.length=LSIZE2;
230 a.verify_result.type=V_ASN1_INTEGER;
231 a.verify_result.data=ibuf5;
232 ASN1_INTEGER_set(&a.verify_result,in->verify_result);
233 }
234
235#ifndef OPENSSL_NO_TLSEXT
236 if (in->tlsext_hostname)
237 {
238 a.tlsext_hostname.length=strlen(in->tlsext_hostname);
239 a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
240 a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
241 }
242 if (in->tlsext_tick)
243 {
244 a.tlsext_tick.length= in->tlsext_ticklen;
245 a.tlsext_tick.type=V_ASN1_OCTET_STRING;
246 a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
247 }
248 if (in->tlsext_tick_lifetime_hint > 0)
249 {
250 a.tlsext_tick_lifetime.length=LSIZE2;
251 a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
252 a.tlsext_tick_lifetime.data=ibuf6;
253 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
254 }
255#endif /* OPENSSL_NO_TLSEXT */
256#ifndef OPENSSL_NO_PSK
257 if (in->psk_identity_hint)
258 {
259 a.psk_identity_hint.length=strlen(in->psk_identity_hint);
260 a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
261 a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
262 }
263 if (in->psk_identity)
264 {
265 a.psk_identity.length=strlen(in->psk_identity);
266 a.psk_identity.type=V_ASN1_OCTET_STRING;
267 a.psk_identity.data=(unsigned char *)(in->psk_identity);
268 }
269#endif /* OPENSSL_NO_PSK */
270
271 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
272 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
273 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
274 M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
275 M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
276#ifndef OPENSSL_NO_KRB5
277 if (in->krb5_client_princ_len)
278 M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
279#endif /* OPENSSL_NO_KRB5 */
280 if (in->key_arg_length > 0)
281 M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
282 if (in->time != 0L)
283 M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
284 if (in->timeout != 0L)
285 M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
286 if (in->peer != NULL)
287 M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
288 M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
289 if (in->verify_result != X509_V_OK)
290 M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
291
292#ifndef OPENSSL_NO_TLSEXT
293 if (in->tlsext_tick_lifetime_hint > 0)
294 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
295 if (in->tlsext_tick)
296 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
297 if (in->tlsext_hostname)
298 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
299#ifndef OPENSSL_NO_COMP
300 if (in->compress_meth)
301 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
302#endif
303#endif /* OPENSSL_NO_TLSEXT */
304#ifndef OPENSSL_NO_PSK
305 if (in->psk_identity_hint)
306 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
307 if (in->psk_identity)
308 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
309#endif /* OPENSSL_NO_PSK */
310
311 M_ASN1_I2D_seq_total();
312
313 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
314 M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
315 M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
316 M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
317 M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
318#ifndef OPENSSL_NO_KRB5
319 if (in->krb5_client_princ_len)
320 M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
321#endif /* OPENSSL_NO_KRB5 */
322 if (in->key_arg_length > 0)
323 M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
324 if (in->time != 0L)
325 M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
326 if (in->timeout != 0L)
327 M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
328 if (in->peer != NULL)
329 M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
330 M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
331 v4);
332 if (in->verify_result != X509_V_OK)
333 M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
334#ifndef OPENSSL_NO_TLSEXT
335 if (in->tlsext_hostname)
336 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
337#endif /* OPENSSL_NO_TLSEXT */
338#ifndef OPENSSL_NO_PSK
339 if (in->psk_identity_hint)
340 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
341 if (in->psk_identity)
342 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
343#endif /* OPENSSL_NO_PSK */
344#ifndef OPENSSL_NO_TLSEXT
345 if (in->tlsext_tick_lifetime_hint > 0)
346 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
347 if (in->tlsext_tick)
348 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
349#endif /* OPENSSL_NO_TLSEXT */
350#ifndef OPENSSL_NO_COMP
351 if (in->compress_meth)
352 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
353#endif
354 M_ASN1_I2D_finish();
355 }
356
357SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
358 long length)
359 {
360 int ssl_version=0,i;
361 long id;
362 ASN1_INTEGER ai,*aip;
363 ASN1_OCTET_STRING os,*osp;
364 M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
365
366 aip= &ai;
367 osp= &os;
368
369 M_ASN1_D2I_Init();
370 M_ASN1_D2I_start_sequence();
371
372 ai.data=NULL; ai.length=0;
373 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
374 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
375
376 /* we don't care about the version right now :-) */
377 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
378 ssl_version=(int)ASN1_INTEGER_get(aip);
379 ret->ssl_version=ssl_version;
380 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
381
382 os.data=NULL; os.length=0;
383 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
384 if (ssl_version == SSL2_VERSION)
385 {
386 if (os.length != 3)
387 {
388 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
389 goto err;
390 }
391 id=0x02000000L|
392 ((unsigned long)os.data[0]<<16L)|
393 ((unsigned long)os.data[1]<< 8L)|
394 (unsigned long)os.data[2];
395 }
396 else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
397 {
398 if (os.length != 2)
399 {
400 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
401 goto err;
402 }
403 id=0x03000000L|
404 ((unsigned long)os.data[0]<<8L)|
405 (unsigned long)os.data[1];
406 }
407 else
408 {
409 c.error=SSL_R_UNKNOWN_SSL_VERSION;
410 goto err;
411 }
412
413 ret->cipher=NULL;
414 ret->cipher_id=id;
415
416 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
417 if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
418 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
419 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
420 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
421
422 if (os.length > i)
423 os.length = i;
424 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
425 os.length = sizeof(ret->session_id);
426
427 ret->session_id_length=os.length;
428 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
429 memcpy(ret->session_id,os.data,os.length);
430
431 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
432 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
433 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
434 else
435 ret->master_key_length=os.length;
436 memcpy(ret->master_key,os.data,ret->master_key_length);
437
438 os.length=0;
439
440#ifndef OPENSSL_NO_KRB5
441 os.length=0;
442 M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
443 if (os.data)
444 {
445 if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
446 ret->krb5_client_princ_len=0;
447 else
448 ret->krb5_client_princ_len=os.length;
449 memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
450 OPENSSL_free(os.data);
451 os.data = NULL;
452 os.length = 0;
453 }
454 else
455 ret->krb5_client_princ_len=0;
456#endif /* OPENSSL_NO_KRB5 */
457
458 M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
459 if (os.length > SSL_MAX_KEY_ARG_LENGTH)
460 ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
461 else
462 ret->key_arg_length=os.length;
463 memcpy(ret->key_arg,os.data,ret->key_arg_length);
464 if (os.data != NULL) OPENSSL_free(os.data);
465
466 ai.length=0;
467 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
468 if (ai.data != NULL)
469 {
470 ret->time=ASN1_INTEGER_get(aip);
471 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
472 }
473 else
474 ret->time=(unsigned long)time(NULL);
475
476 ai.length=0;
477 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
478 if (ai.data != NULL)
479 {
480 ret->timeout=ASN1_INTEGER_get(aip);
481 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
482 }
483 else
484 ret->timeout=3;
485
486 if (ret->peer != NULL)
487 {
488 X509_free(ret->peer);
489 ret->peer=NULL;
490 }
491 M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
492
493 os.length=0;
494 os.data=NULL;
495 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
496
497 if(os.data != NULL)
498 {
499 if (os.length > SSL_MAX_SID_CTX_LENGTH)
500 {
501 c.error=SSL_R_BAD_LENGTH;
502 goto err;
503 }
504 else
505 {
506 ret->sid_ctx_length=os.length;
507 memcpy(ret->sid_ctx,os.data,os.length);
508 }
509 OPENSSL_free(os.data); os.data=NULL; os.length=0;
510 }
511 else
512 ret->sid_ctx_length=0;
513
514 ai.length=0;
515 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
516 if (ai.data != NULL)
517 {
518 ret->verify_result=ASN1_INTEGER_get(aip);
519 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
520 }
521 else
522 ret->verify_result=X509_V_OK;
523
524#ifndef OPENSSL_NO_TLSEXT
525 os.length=0;
526 os.data=NULL;
527 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
528 if (os.data)
529 {
530 ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
531 OPENSSL_free(os.data);
532 os.data = NULL;
533 os.length = 0;
534 }
535 else
536 ret->tlsext_hostname=NULL;
537#endif /* OPENSSL_NO_TLSEXT */
538
539#ifndef OPENSSL_NO_PSK
540 os.length=0;
541 os.data=NULL;
542 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
543 if (os.data)
544 {
545 ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
546 OPENSSL_free(os.data);
547 os.data = NULL;
548 os.length = 0;
549 }
550 else
551 ret->psk_identity_hint=NULL;
552#endif /* OPENSSL_NO_PSK */
553
554#ifndef OPENSSL_NO_TLSEXT
555 ai.length=0;
556 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
557 if (ai.data != NULL)
558 {
559 ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
560 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
561 }
562 else if (ret->tlsext_ticklen && ret->session_id_length)
563 ret->tlsext_tick_lifetime_hint = -1;
564 else
565 ret->tlsext_tick_lifetime_hint=0;
566 os.length=0;
567 os.data=NULL;
568 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
569 if (os.data)
570 {
571 ret->tlsext_tick = os.data;
572 ret->tlsext_ticklen = os.length;
573 os.data = NULL;
574 os.length = 0;
575 }
576 else
577 ret->tlsext_tick=NULL;
578#endif /* OPENSSL_NO_TLSEXT */
579#ifndef OPENSSL_NO_COMP
580 os.length=0;
581 os.data=NULL;
582 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
583 if (os.data)
584 {
585 ret->compress_meth = os.data[0];
586 OPENSSL_free(os.data);
587 os.data = NULL;
588 }
589#endif
590
591 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
592 }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index 27256eea81..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,834 +0,0 @@
1/*! \file ssl/ssl_cert.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <stdio.h>
118
119#include "e_os.h"
120#ifndef NO_SYS_TYPES_H
121# include <sys/types.h>
122#endif
123
124#include "o_dir.h"
125#include <openssl/objects.h>
126#include <openssl/bio.h>
127#include <openssl/pem.h>
128#include <openssl/x509v3.h>
129#ifndef OPENSSL_NO_DH
130#include <openssl/dh.h>
131#endif
132#include <openssl/bn.h>
133#include "ssl_locl.h"
134
135int SSL_get_ex_data_X509_STORE_CTX_idx(void)
136 {
137 static volatile int ssl_x509_store_ctx_idx= -1;
138 int got_write_lock = 0;
139
140 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
141
142 if (ssl_x509_store_ctx_idx < 0)
143 {
144 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
145 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
146 got_write_lock = 1;
147
148 if (ssl_x509_store_ctx_idx < 0)
149 {
150 ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
151 0,"SSL for verify callback",NULL,NULL,NULL);
152 }
153 }
154
155 if (got_write_lock)
156 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
157 else
158 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
159
160 return ssl_x509_store_ctx_idx;
161 }
162
163CERT *ssl_cert_new(void)
164 {
165 CERT *ret;
166
167 ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
168 if (ret == NULL)
169 {
170 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
171 return(NULL);
172 }
173 memset(ret,0,sizeof(CERT));
174
175 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
176 ret->references=1;
177
178 return(ret);
179 }
180
181CERT *ssl_cert_dup(CERT *cert)
182 {
183 CERT *ret;
184 int i;
185
186 ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
187 if (ret == NULL)
188 {
189 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
190 return(NULL);
191 }
192
193 memset(ret, 0, sizeof(CERT));
194
195 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
196 /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
197 * if you find that more readable */
198
199 ret->valid = cert->valid;
200 ret->mask_k = cert->mask_k;
201 ret->mask_a = cert->mask_a;
202 ret->export_mask_k = cert->export_mask_k;
203 ret->export_mask_a = cert->export_mask_a;
204
205#ifndef OPENSSL_NO_RSA
206 if (cert->rsa_tmp != NULL)
207 {
208 RSA_up_ref(cert->rsa_tmp);
209 ret->rsa_tmp = cert->rsa_tmp;
210 }
211 ret->rsa_tmp_cb = cert->rsa_tmp_cb;
212#endif
213
214#ifndef OPENSSL_NO_DH
215 if (cert->dh_tmp != NULL)
216 {
217 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
218 if (ret->dh_tmp == NULL)
219 {
220 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
221 goto err;
222 }
223 if (cert->dh_tmp->priv_key)
224 {
225 BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
226 if (!b)
227 {
228 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
229 goto err;
230 }
231 ret->dh_tmp->priv_key = b;
232 }
233 if (cert->dh_tmp->pub_key)
234 {
235 BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
236 if (!b)
237 {
238 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
239 goto err;
240 }
241 ret->dh_tmp->pub_key = b;
242 }
243 }
244 ret->dh_tmp_cb = cert->dh_tmp_cb;
245#endif
246
247#ifndef OPENSSL_NO_ECDH
248 if (cert->ecdh_tmp)
249 {
250 ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
251 if (ret->ecdh_tmp == NULL)
252 {
253 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
254 goto err;
255 }
256 }
257 ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
258#endif
259
260 for (i = 0; i < SSL_PKEY_NUM; i++)
261 {
262 if (cert->pkeys[i].x509 != NULL)
263 {
264 ret->pkeys[i].x509 = cert->pkeys[i].x509;
265 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
266 CRYPTO_LOCK_X509);
267 }
268
269 if (cert->pkeys[i].privatekey != NULL)
270 {
271 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
272 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
273 CRYPTO_LOCK_EVP_PKEY);
274
275 switch(i)
276 {
277 /* If there was anything special to do for
278 * certain types of keys, we'd do it here.
279 * (Nothing at the moment, I think.) */
280
281 case SSL_PKEY_RSA_ENC:
282 case SSL_PKEY_RSA_SIGN:
283 /* We have an RSA key. */
284 break;
285
286 case SSL_PKEY_DSA_SIGN:
287 /* We have a DSA key. */
288 break;
289
290 case SSL_PKEY_DH_RSA:
291 case SSL_PKEY_DH_DSA:
292 /* We have a DH key. */
293 break;
294
295 case SSL_PKEY_ECC:
296 /* We have an ECC key */
297 break;
298
299 default:
300 /* Can't happen. */
301 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
302 }
303 }
304 }
305
306 /* ret->extra_certs *should* exist, but currently the own certificate
307 * chain is held inside SSL_CTX */
308
309 ret->references=1;
310
311 return(ret);
312
313#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
314err:
315#endif
316#ifndef OPENSSL_NO_RSA
317 if (ret->rsa_tmp != NULL)
318 RSA_free(ret->rsa_tmp);
319#endif
320#ifndef OPENSSL_NO_DH
321 if (ret->dh_tmp != NULL)
322 DH_free(ret->dh_tmp);
323#endif
324#ifndef OPENSSL_NO_ECDH
325 if (ret->ecdh_tmp != NULL)
326 EC_KEY_free(ret->ecdh_tmp);
327#endif
328
329 for (i = 0; i < SSL_PKEY_NUM; i++)
330 {
331 if (ret->pkeys[i].x509 != NULL)
332 X509_free(ret->pkeys[i].x509);
333 if (ret->pkeys[i].privatekey != NULL)
334 EVP_PKEY_free(ret->pkeys[i].privatekey);
335 }
336
337 return NULL;
338 }
339
340
341void ssl_cert_free(CERT *c)
342 {
343 int i;
344
345 if(c == NULL)
346 return;
347
348 i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
349#ifdef REF_PRINT
350 REF_PRINT("CERT",c);
351#endif
352 if (i > 0) return;
353#ifdef REF_CHECK
354 if (i < 0)
355 {
356 fprintf(stderr,"ssl_cert_free, bad reference count\n");
357 abort(); /* ok */
358 }
359#endif
360
361#ifndef OPENSSL_NO_RSA
362 if (c->rsa_tmp) RSA_free(c->rsa_tmp);
363#endif
364#ifndef OPENSSL_NO_DH
365 if (c->dh_tmp) DH_free(c->dh_tmp);
366#endif
367#ifndef OPENSSL_NO_ECDH
368 if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
369#endif
370
371 for (i=0; i<SSL_PKEY_NUM; i++)
372 {
373 if (c->pkeys[i].x509 != NULL)
374 X509_free(c->pkeys[i].x509);
375 if (c->pkeys[i].privatekey != NULL)
376 EVP_PKEY_free(c->pkeys[i].privatekey);
377#if 0
378 if (c->pkeys[i].publickey != NULL)
379 EVP_PKEY_free(c->pkeys[i].publickey);
380#endif
381 }
382 OPENSSL_free(c);
383 }
384
385int ssl_cert_inst(CERT **o)
386 {
387 /* Create a CERT if there isn't already one
388 * (which cannot really happen, as it is initially created in
389 * SSL_CTX_new; but the earlier code usually allows for that one
390 * being non-existant, so we follow that behaviour, as it might
391 * turn out that there actually is a reason for it -- but I'm
392 * not sure that *all* of the existing code could cope with
393 * s->cert being NULL, otherwise we could do without the
394 * initialization in SSL_CTX_new).
395 */
396
397 if (o == NULL)
398 {
399 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
400 return(0);
401 }
402 if (*o == NULL)
403 {
404 if ((*o = ssl_cert_new()) == NULL)
405 {
406 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
407 return(0);
408 }
409 }
410 return(1);
411 }
412
413
414SESS_CERT *ssl_sess_cert_new(void)
415 {
416 SESS_CERT *ret;
417
418 ret = OPENSSL_malloc(sizeof *ret);
419 if (ret == NULL)
420 {
421 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
422 return NULL;
423 }
424
425 memset(ret, 0 ,sizeof *ret);
426 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
427 ret->references = 1;
428
429 return ret;
430 }
431
432void ssl_sess_cert_free(SESS_CERT *sc)
433 {
434 int i;
435
436 if (sc == NULL)
437 return;
438
439 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
440#ifdef REF_PRINT
441 REF_PRINT("SESS_CERT", sc);
442#endif
443 if (i > 0)
444 return;
445#ifdef REF_CHECK
446 if (i < 0)
447 {
448 fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
449 abort(); /* ok */
450 }
451#endif
452
453 /* i == 0 */
454 if (sc->cert_chain != NULL)
455 sk_X509_pop_free(sc->cert_chain, X509_free);
456 for (i = 0; i < SSL_PKEY_NUM; i++)
457 {
458 if (sc->peer_pkeys[i].x509 != NULL)
459 X509_free(sc->peer_pkeys[i].x509);
460#if 0 /* We don't have the peer's private key. These lines are just
461 * here as a reminder that we're still using a not-quite-appropriate
462 * data structure. */
463 if (sc->peer_pkeys[i].privatekey != NULL)
464 EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
465#endif
466 }
467
468#ifndef OPENSSL_NO_RSA
469 if (sc->peer_rsa_tmp != NULL)
470 RSA_free(sc->peer_rsa_tmp);
471#endif
472#ifndef OPENSSL_NO_DH
473 if (sc->peer_dh_tmp != NULL)
474 DH_free(sc->peer_dh_tmp);
475#endif
476#ifndef OPENSSL_NO_ECDH
477 if (sc->peer_ecdh_tmp != NULL)
478 EC_KEY_free(sc->peer_ecdh_tmp);
479#endif
480
481 OPENSSL_free(sc);
482 }
483
484int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
485 {
486 sc->peer_cert_type = type;
487 return(1);
488 }
489
490int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
491 {
492 X509 *x;
493 int i;
494 X509_STORE_CTX ctx;
495
496 if ((sk == NULL) || (sk_X509_num(sk) == 0))
497 return(0);
498
499 x=sk_X509_value(sk,0);
500 if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
501 {
502 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
503 return(0);
504 }
505#if 0
506 if (SSL_get_verify_depth(s) >= 0)
507 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
508#endif
509 X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
510
511 /* We need to inherit the verify parameters. These can be determined by
512 * the context: if its a server it will verify SSL client certificates
513 * or vice versa.
514 */
515
516 X509_STORE_CTX_set_default(&ctx,
517 s->server ? "ssl_client" : "ssl_server");
518 /* Anything non-default in "param" should overwrite anything in the
519 * ctx.
520 */
521 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
522
523 if (s->verify_callback)
524 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
525
526 if (s->ctx->app_verify_callback != NULL)
527#if 1 /* new with OpenSSL 0.9.7 */
528 i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
529#else
530 i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
531#endif
532 else
533 {
534#ifndef OPENSSL_NO_X509_VERIFY
535 i=X509_verify_cert(&ctx);
536#else
537 i=0;
538 ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
539 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
540#endif
541 }
542
543 s->verify_result=ctx.error;
544 X509_STORE_CTX_cleanup(&ctx);
545
546 return(i);
547 }
548
549static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
550 {
551 if (*ca_list != NULL)
552 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
553
554 *ca_list=name_list;
555 }
556
557STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
558 {
559 int i;
560 STACK_OF(X509_NAME) *ret;
561 X509_NAME *name;
562
563 ret=sk_X509_NAME_new_null();
564 for (i=0; i<sk_X509_NAME_num(sk); i++)
565 {
566 name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
567 if ((name == NULL) || !sk_X509_NAME_push(ret,name))
568 {
569 sk_X509_NAME_pop_free(ret,X509_NAME_free);
570 return(NULL);
571 }
572 }
573 return(ret);
574 }
575
576void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
577 {
578 set_client_CA_list(&(s->client_CA),name_list);
579 }
580
581void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
582 {
583 set_client_CA_list(&(ctx->client_CA),name_list);
584 }
585
586STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
587 {
588 return(ctx->client_CA);
589 }
590
591STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
592 {
593 if (s->type == SSL_ST_CONNECT)
594 { /* we are in the client */
595 if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
596 (s->s3 != NULL))
597 return(s->s3->tmp.ca_names);
598 else
599 return(NULL);
600 }
601 else
602 {
603 if (s->client_CA != NULL)
604 return(s->client_CA);
605 else
606 return(s->ctx->client_CA);
607 }
608 }
609
610static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
611 {
612 X509_NAME *name;
613
614 if (x == NULL) return(0);
615 if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
616 return(0);
617
618 if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
619 return(0);
620
621 if (!sk_X509_NAME_push(*sk,name))
622 {
623 X509_NAME_free(name);
624 return(0);
625 }
626 return(1);
627 }
628
629int SSL_add_client_CA(SSL *ssl,X509 *x)
630 {
631 return(add_client_CA(&(ssl->client_CA),x));
632 }
633
634int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
635 {
636 return(add_client_CA(&(ctx->client_CA),x));
637 }
638
639static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
640 {
641 return(X509_NAME_cmp(*a,*b));
642 }
643
644#ifndef OPENSSL_NO_STDIO
645/*!
646 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
647 * it doesn't really have anything to do with clients (except that a common use
648 * for a stack of CAs is to send it to the client). Actually, it doesn't have
649 * much to do with CAs, either, since it will load any old cert.
650 * \param file the file containing one or more certs.
651 * \return a ::STACK containing the certs.
652 */
653STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
654 {
655 BIO *in;
656 X509 *x=NULL;
657 X509_NAME *xn=NULL;
658 STACK_OF(X509_NAME) *ret = NULL,*sk;
659
660 sk=sk_X509_NAME_new(xname_cmp);
661
662 in=BIO_new(BIO_s_file_internal());
663
664 if ((sk == NULL) || (in == NULL))
665 {
666 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
667 goto err;
668 }
669
670 if (!BIO_read_filename(in,file))
671 goto err;
672
673 for (;;)
674 {
675 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
676 break;
677 if (ret == NULL)
678 {
679 ret = sk_X509_NAME_new_null();
680 if (ret == NULL)
681 {
682 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
683 goto err;
684 }
685 }
686 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
687 /* check for duplicates */
688 xn=X509_NAME_dup(xn);
689 if (xn == NULL) goto err;
690 if (sk_X509_NAME_find(sk,xn) >= 0)
691 X509_NAME_free(xn);
692 else
693 {
694 sk_X509_NAME_push(sk,xn);
695 sk_X509_NAME_push(ret,xn);
696 }
697 }
698
699 if (0)
700 {
701err:
702 if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
703 ret=NULL;
704 }
705 if (sk != NULL) sk_X509_NAME_free(sk);
706 if (in != NULL) BIO_free(in);
707 if (x != NULL) X509_free(x);
708 if (ret != NULL)
709 ERR_clear_error();
710 return(ret);
711 }
712#endif
713
714/*!
715 * Add a file of certs to a stack.
716 * \param stack the stack to add to.
717 * \param file the file to add from. All certs in this file that are not
718 * already in the stack will be added.
719 * \return 1 for success, 0 for failure. Note that in the case of failure some
720 * certs may have been added to \c stack.
721 */
722
723int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
724 const char *file)
725 {
726 BIO *in;
727 X509 *x=NULL;
728 X509_NAME *xn=NULL;
729 int ret=1;
730 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
731
732 oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
733
734 in=BIO_new(BIO_s_file_internal());
735
736 if (in == NULL)
737 {
738 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
739 goto err;
740 }
741
742 if (!BIO_read_filename(in,file))
743 goto err;
744
745 for (;;)
746 {
747 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
748 break;
749 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
750 xn=X509_NAME_dup(xn);
751 if (xn == NULL) goto err;
752 if (sk_X509_NAME_find(stack,xn) >= 0)
753 X509_NAME_free(xn);
754 else
755 sk_X509_NAME_push(stack,xn);
756 }
757
758 ERR_clear_error();
759
760 if (0)
761 {
762err:
763 ret=0;
764 }
765 if(in != NULL)
766 BIO_free(in);
767 if(x != NULL)
768 X509_free(x);
769
770 (void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
771
772 return ret;
773 }
774
775/*!
776 * Add a directory of certs to a stack.
777 * \param stack the stack to append to.
778 * \param dir the directory to append from. All files in this directory will be
779 * examined as potential certs. Any that are acceptable to
780 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
781 * included.
782 * \return 1 for success, 0 for failure. Note that in the case of failure some
783 * certs may have been added to \c stack.
784 */
785
786int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
787 const char *dir)
788 {
789 OPENSSL_DIR_CTX *d = NULL;
790 const char *filename;
791 int ret = 0;
792
793 CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
794
795 /* Note that a side effect is that the CAs will be sorted by name */
796
797 while((filename = OPENSSL_DIR_read(&d, dir)))
798 {
799 char buf[1024];
800 int r;
801
802 if(strlen(dir)+strlen(filename)+2 > sizeof buf)
803 {
804 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
805 goto err;
806 }
807
808#ifdef OPENSSL_SYS_VMS
809 r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
810#else
811 r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
812#endif
813 if (r <= 0 || r >= (int)sizeof(buf))
814 goto err;
815 if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
816 goto err;
817 }
818
819 if (errno)
820 {
821 SYSerr(SYS_F_OPENDIR, get_last_sys_error());
822 ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
823 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
824 goto err;
825 }
826
827 ret = 1;
828
829err:
830 if (d) OPENSSL_DIR_end(&d);
831 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
832 return ret;
833 }
834
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index 54ba7ef5b4..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1747 +0,0 @@
1/* ssl/ssl_ciph.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144#include <openssl/objects.h>
145#ifndef OPENSSL_NO_COMP
146#include <openssl/comp.h>
147#endif
148#ifndef OPENSSL_NO_ENGINE
149#include <openssl/engine.h>
150#endif
151#include "ssl_locl.h"
152
153#define SSL_ENC_DES_IDX 0
154#define SSL_ENC_3DES_IDX 1
155#define SSL_ENC_RC4_IDX 2
156#define SSL_ENC_RC2_IDX 3
157#define SSL_ENC_IDEA_IDX 4
158#define SSL_ENC_NULL_IDX 5
159#define SSL_ENC_AES128_IDX 6
160#define SSL_ENC_AES256_IDX 7
161#define SSL_ENC_CAMELLIA128_IDX 8
162#define SSL_ENC_CAMELLIA256_IDX 9
163#define SSL_ENC_GOST89_IDX 10
164#define SSL_ENC_SEED_IDX 11
165#define SSL_ENC_NUM_IDX 12
166
167
168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
169 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
170 };
171
172#define SSL_COMP_NULL_IDX 0
173#define SSL_COMP_ZLIB_IDX 1
174#define SSL_COMP_NUM_IDX 2
175
176static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
177
178#define SSL_MD_MD5_IDX 0
179#define SSL_MD_SHA1_IDX 1
180#define SSL_MD_GOST94_IDX 2
181#define SSL_MD_GOST89MAC_IDX 3
182/*Constant SSL_MAX_DIGEST equal to size of digests array should be
183 * defined in the
184 * ssl_locl.h */
185#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
186static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
187 NULL,NULL,NULL,NULL
188 };
189/* PKEY_TYPE for GOST89MAC is known in advance, but, because
190 * implementation is engine-provided, we'll fill it only if
191 * corresponding EVP_PKEY_METHOD is found
192 */
193static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
194 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
195 };
196
197static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
198 0,0,0,0
199 };
200
201static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
202 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
203 SSL_HANDSHAKE_MAC_GOST94,0
204 };
205
206#define CIPHER_ADD 1
207#define CIPHER_KILL 2
208#define CIPHER_DEL 3
209#define CIPHER_ORD 4
210#define CIPHER_SPECIAL 5
211
212typedef struct cipher_order_st
213 {
214 const SSL_CIPHER *cipher;
215 int active;
216 int dead;
217 struct cipher_order_st *next,*prev;
218 } CIPHER_ORDER;
219
220static const SSL_CIPHER cipher_aliases[]={
221 /* "ALL" doesn't include eNULL (must be specifically enabled) */
222 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
223 /* "COMPLEMENTOFALL" */
224 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
225
226 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
227 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
228
229 /* key exchange aliases
230 * (some of those using only a single bit here combine
231 * multiple key exchange algs according to the RFCs,
232 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
233 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
234
235 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
236 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
237 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
238 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
239 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
240
241 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
242
243 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
244 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
245 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
246 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
247 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
248
249 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
250 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
251
252 /* server authentication aliases */
253 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
254 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
255 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
256 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
257 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
258 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
259 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
260 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
261 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
262 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
263 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
264 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
265 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
266
267 /* aliases combining key exchange and server authentication */
268 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
269 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
270 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
271 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
272 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
273 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
274 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
275 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
276
277
278 /* symmetric encryption aliases */
279 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
280 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
281 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
282 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
283 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
284 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
285 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
286 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
287 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
288 {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
289 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
290 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
291 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
292
293 /* MAC aliases */
294 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
295 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
296 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
297 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
298 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
299
300 /* protocol version aliases */
301 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
302 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
303 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
304
305 /* export flag */
306 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
307 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
308
309 /* strength classes */
310 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
311 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
312 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
313 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
314 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
315 /* FIPS 140-2 approved ciphersuite */
316 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
317 };
318/* Search for public key algorithm with given name and
319 * return its pkey_id if it is available. Otherwise return 0
320 */
321#ifdef OPENSSL_NO_ENGINE
322
323static int get_optional_pkey_id(const char *pkey_name)
324 {
325 const EVP_PKEY_ASN1_METHOD *ameth;
326 int pkey_id=0;
327 ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
328 if (ameth)
329 {
330 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
331 }
332 return pkey_id;
333 }
334
335#else
336
337static int get_optional_pkey_id(const char *pkey_name)
338 {
339 const EVP_PKEY_ASN1_METHOD *ameth;
340 ENGINE *tmpeng = NULL;
341 int pkey_id=0;
342 ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
343 if (ameth)
344 {
345 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
346 }
347 if (tmpeng) ENGINE_finish(tmpeng);
348 return pkey_id;
349 }
350
351#endif
352
353void ssl_load_ciphers(void)
354 {
355 ssl_cipher_methods[SSL_ENC_DES_IDX]=
356 EVP_get_cipherbyname(SN_des_cbc);
357 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
358 EVP_get_cipherbyname(SN_des_ede3_cbc);
359 ssl_cipher_methods[SSL_ENC_RC4_IDX]=
360 EVP_get_cipherbyname(SN_rc4);
361 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
362 EVP_get_cipherbyname(SN_rc2_cbc);
363#ifndef OPENSSL_NO_IDEA
364 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
365 EVP_get_cipherbyname(SN_idea_cbc);
366#else
367 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
368#endif
369 ssl_cipher_methods[SSL_ENC_AES128_IDX]=
370 EVP_get_cipherbyname(SN_aes_128_cbc);
371 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
372 EVP_get_cipherbyname(SN_aes_256_cbc);
373 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
374 EVP_get_cipherbyname(SN_camellia_128_cbc);
375 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
376 EVP_get_cipherbyname(SN_camellia_256_cbc);
377 ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
378 EVP_get_cipherbyname(SN_gost89_cnt);
379 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
380 EVP_get_cipherbyname(SN_seed_cbc);
381
382 ssl_digest_methods[SSL_MD_MD5_IDX]=
383 EVP_get_digestbyname(SN_md5);
384 ssl_mac_secret_size[SSL_MD_MD5_IDX]=
385 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
386 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
387 ssl_digest_methods[SSL_MD_SHA1_IDX]=
388 EVP_get_digestbyname(SN_sha1);
389 ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
390 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
391 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
392 ssl_digest_methods[SSL_MD_GOST94_IDX]=
393 EVP_get_digestbyname(SN_id_GostR3411_94);
394 if (ssl_digest_methods[SSL_MD_GOST94_IDX])
395 {
396 ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
397 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
398 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
399 }
400 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
401 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
402 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
403 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
404 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
405 }
406
407 }
408#ifndef OPENSSL_NO_COMP
409
410static int sk_comp_cmp(const SSL_COMP * const *a,
411 const SSL_COMP * const *b)
412 {
413 return((*a)->id-(*b)->id);
414 }
415
416static void load_builtin_compressions(void)
417 {
418 int got_write_lock = 0;
419
420 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
421 if (ssl_comp_methods == NULL)
422 {
423 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
424 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
425 got_write_lock = 1;
426
427 if (ssl_comp_methods == NULL)
428 {
429 SSL_COMP *comp = NULL;
430
431 MemCheck_off();
432 ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
433 if (ssl_comp_methods != NULL)
434 {
435 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
436 if (comp != NULL)
437 {
438 comp->method=COMP_zlib();
439 if (comp->method
440 && comp->method->type == NID_undef)
441 OPENSSL_free(comp);
442 else
443 {
444 comp->id=SSL_COMP_ZLIB_IDX;
445 comp->name=comp->method->name;
446 sk_SSL_COMP_push(ssl_comp_methods,comp);
447 }
448 }
449 sk_SSL_COMP_sort(ssl_comp_methods);
450 }
451 MemCheck_on();
452 }
453 }
454
455 if (got_write_lock)
456 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
457 else
458 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
459 }
460#endif
461
462int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
463 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
464 {
465 int i;
466 const SSL_CIPHER *c;
467
468 c=s->cipher;
469 if (c == NULL) return(0);
470 if (comp != NULL)
471 {
472 SSL_COMP ctmp;
473#ifndef OPENSSL_NO_COMP
474 load_builtin_compressions();
475#endif
476
477 *comp=NULL;
478 ctmp.id=s->compress_meth;
479 if (ssl_comp_methods != NULL)
480 {
481 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
482 if (i >= 0)
483 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
484 else
485 *comp=NULL;
486 }
487 }
488
489 if ((enc == NULL) || (md == NULL)) return(0);
490
491 switch (c->algorithm_enc)
492 {
493 case SSL_DES:
494 i=SSL_ENC_DES_IDX;
495 break;
496 case SSL_3DES:
497 i=SSL_ENC_3DES_IDX;
498 break;
499 case SSL_RC4:
500 i=SSL_ENC_RC4_IDX;
501 break;
502 case SSL_RC2:
503 i=SSL_ENC_RC2_IDX;
504 break;
505 case SSL_IDEA:
506 i=SSL_ENC_IDEA_IDX;
507 break;
508 case SSL_eNULL:
509 i=SSL_ENC_NULL_IDX;
510 break;
511 case SSL_AES128:
512 i=SSL_ENC_AES128_IDX;
513 break;
514 case SSL_AES256:
515 i=SSL_ENC_AES256_IDX;
516 break;
517 case SSL_CAMELLIA128:
518 i=SSL_ENC_CAMELLIA128_IDX;
519 break;
520 case SSL_CAMELLIA256:
521 i=SSL_ENC_CAMELLIA256_IDX;
522 break;
523 case SSL_eGOST2814789CNT:
524 i=SSL_ENC_GOST89_IDX;
525 break;
526 case SSL_SEED:
527 i=SSL_ENC_SEED_IDX;
528 break;
529 default:
530 i= -1;
531 break;
532 }
533
534 if ((i < 0) || (i > SSL_ENC_NUM_IDX))
535 *enc=NULL;
536 else
537 {
538 if (i == SSL_ENC_NULL_IDX)
539 *enc=EVP_enc_null();
540 else
541 *enc=ssl_cipher_methods[i];
542 }
543
544 switch (c->algorithm_mac)
545 {
546 case SSL_MD5:
547 i=SSL_MD_MD5_IDX;
548 break;
549 case SSL_SHA1:
550 i=SSL_MD_SHA1_IDX;
551 break;
552 case SSL_GOST94:
553 i = SSL_MD_GOST94_IDX;
554 break;
555 case SSL_GOST89MAC:
556 i = SSL_MD_GOST89MAC_IDX;
557 break;
558 default:
559 i= -1;
560 break;
561 }
562 if ((i < 0) || (i > SSL_MD_NUM_IDX))
563 {
564 *md=NULL;
565 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
566 if (mac_secret_size!=NULL) *mac_secret_size = 0;
567
568 }
569 else
570 {
571 *md=ssl_digest_methods[i];
572 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
573 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
574 }
575
576 if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
577 return(1);
578 else
579 return(0);
580 }
581
582int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
583{
584 if (idx <0||idx>=SSL_MD_NUM_IDX)
585 {
586 return 0;
587 }
588 if (ssl_handshake_digest_flag[idx]==0) return 0;
589 *mask = ssl_handshake_digest_flag[idx];
590 *md = ssl_digest_methods[idx];
591 return 1;
592}
593
594#define ITEM_SEP(a) \
595 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
596
597static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
598 CIPHER_ORDER **tail)
599 {
600 if (curr == *tail) return;
601 if (curr == *head)
602 *head=curr->next;
603 if (curr->prev != NULL)
604 curr->prev->next=curr->next;
605 if (curr->next != NULL)
606 curr->next->prev=curr->prev;
607 (*tail)->next=curr;
608 curr->prev= *tail;
609 curr->next=NULL;
610 *tail=curr;
611 }
612
613static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
614 CIPHER_ORDER **tail)
615 {
616 if (curr == *head) return;
617 if (curr == *tail)
618 *tail=curr->prev;
619 if (curr->next != NULL)
620 curr->next->prev=curr->prev;
621 if (curr->prev != NULL)
622 curr->prev->next=curr->next;
623 (*head)->prev=curr;
624 curr->next= *head;
625 curr->prev=NULL;
626 *head=curr;
627 }
628
629static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
630 {
631 *mkey = 0;
632 *auth = 0;
633 *enc = 0;
634 *mac = 0;
635 *ssl = 0;
636
637#ifdef OPENSSL_NO_RSA
638 *mkey |= SSL_kRSA;
639 *auth |= SSL_aRSA;
640#endif
641#ifdef OPENSSL_NO_DSA
642 *auth |= SSL_aDSS;
643#endif
644 *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
645 *auth |= SSL_aDH;
646#ifdef OPENSSL_NO_DH
647 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
648 *auth |= SSL_aDH;
649#endif
650#ifdef OPENSSL_NO_KRB5
651 *mkey |= SSL_kKRB5;
652 *auth |= SSL_aKRB5;
653#endif
654#ifdef OPENSSL_NO_ECDSA
655 *auth |= SSL_aECDSA;
656#endif
657#ifdef OPENSSL_NO_ECDH
658 *mkey |= SSL_kECDHe|SSL_kECDHr;
659 *auth |= SSL_aECDH;
660#endif
661#ifdef OPENSSL_NO_PSK
662 *mkey |= SSL_kPSK;
663 *auth |= SSL_aPSK;
664#endif
665 /* Check for presence of GOST 34.10 algorithms, and if they
666 * do not present, disable appropriate auth and key exchange */
667 if (!get_optional_pkey_id("gost94")) {
668 *auth |= SSL_aGOST94;
669 }
670 if (!get_optional_pkey_id("gost2001")) {
671 *auth |= SSL_aGOST01;
672 }
673 /* Disable GOST key exchange if no GOST signature algs are available * */
674 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
675 *mkey |= SSL_kGOST;
676 }
677#ifdef SSL_FORBID_ENULL
678 *enc |= SSL_eNULL;
679#endif
680
681
682
683 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
684 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
685 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
686 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
687 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
688 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
689 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
690 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
691 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
692 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
693 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
694
695 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
696 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
697 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
698 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
699
700 }
701
702static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
703 int num_of_ciphers,
704 unsigned long disabled_mkey, unsigned long disabled_auth,
705 unsigned long disabled_enc, unsigned long disabled_mac,
706 unsigned long disabled_ssl,
707 CIPHER_ORDER *co_list,
708 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
709 {
710 int i, co_list_num;
711 const SSL_CIPHER *c;
712
713 /*
714 * We have num_of_ciphers descriptions compiled in, depending on the
715 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
716 * These will later be sorted in a linked list with at most num
717 * entries.
718 */
719
720 /* Get the initial list of ciphers */
721 co_list_num = 0; /* actual count of ciphers */
722 for (i = 0; i < num_of_ciphers; i++)
723 {
724 c = ssl_method->get_cipher(i);
725 /* drop those that use any of that is not available */
726 if ((c != NULL) && c->valid &&
727 !(c->algorithm_mkey & disabled_mkey) &&
728 !(c->algorithm_auth & disabled_auth) &&
729 !(c->algorithm_enc & disabled_enc) &&
730 !(c->algorithm_mac & disabled_mac) &&
731 !(c->algorithm_ssl & disabled_ssl))
732 {
733 co_list[co_list_num].cipher = c;
734 co_list[co_list_num].next = NULL;
735 co_list[co_list_num].prev = NULL;
736 co_list[co_list_num].active = 0;
737 co_list_num++;
738#ifdef KSSL_DEBUG
739 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
740#endif /* KSSL_DEBUG */
741 /*
742 if (!sk_push(ca_list,(char *)c)) goto err;
743 */
744 }
745 }
746
747 /*
748 * Prepare linked list from list entries
749 */
750 if (co_list_num > 0)
751 {
752 co_list[0].prev = NULL;
753
754 if (co_list_num > 1)
755 {
756 co_list[0].next = &co_list[1];
757
758 for (i = 1; i < co_list_num - 1; i++)
759 {
760 co_list[i].prev = &co_list[i - 1];
761 co_list[i].next = &co_list[i + 1];
762 }
763
764 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
765 }
766
767 co_list[co_list_num - 1].next = NULL;
768
769 *head_p = &co_list[0];
770 *tail_p = &co_list[co_list_num - 1];
771 }
772 }
773
774static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
775 int num_of_group_aliases,
776 unsigned long disabled_mkey, unsigned long disabled_auth,
777 unsigned long disabled_enc, unsigned long disabled_mac,
778 unsigned long disabled_ssl,
779 CIPHER_ORDER *head)
780 {
781 CIPHER_ORDER *ciph_curr;
782 const SSL_CIPHER **ca_curr;
783 int i;
784 unsigned long mask_mkey = ~disabled_mkey;
785 unsigned long mask_auth = ~disabled_auth;
786 unsigned long mask_enc = ~disabled_enc;
787 unsigned long mask_mac = ~disabled_mac;
788 unsigned long mask_ssl = ~disabled_ssl;
789
790 /*
791 * First, add the real ciphers as already collected
792 */
793 ciph_curr = head;
794 ca_curr = ca_list;
795 while (ciph_curr != NULL)
796 {
797 *ca_curr = ciph_curr->cipher;
798 ca_curr++;
799 ciph_curr = ciph_curr->next;
800 }
801
802 /*
803 * Now we add the available ones from the cipher_aliases[] table.
804 * They represent either one or more algorithms, some of which
805 * in any affected category must be supported (set in enabled_mask),
806 * or represent a cipher strength value (will be added in any case because algorithms=0).
807 */
808 for (i = 0; i < num_of_group_aliases; i++)
809 {
810 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
811 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
812 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
813 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
814 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
815
816 if (algorithm_mkey)
817 if ((algorithm_mkey & mask_mkey) == 0)
818 continue;
819
820 if (algorithm_auth)
821 if ((algorithm_auth & mask_auth) == 0)
822 continue;
823
824 if (algorithm_enc)
825 if ((algorithm_enc & mask_enc) == 0)
826 continue;
827
828 if (algorithm_mac)
829 if ((algorithm_mac & mask_mac) == 0)
830 continue;
831
832 if (algorithm_ssl)
833 if ((algorithm_ssl & mask_ssl) == 0)
834 continue;
835
836 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
837 ca_curr++;
838 }
839
840 *ca_curr = NULL; /* end of list */
841 }
842
843static void ssl_cipher_apply_rule(unsigned long cipher_id,
844 unsigned long alg_mkey, unsigned long alg_auth,
845 unsigned long alg_enc, unsigned long alg_mac,
846 unsigned long alg_ssl,
847 unsigned long algo_strength,
848 int rule, int strength_bits,
849 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
850 {
851 CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
852 const SSL_CIPHER *cp;
853 int reverse = 0;
854
855#ifdef CIPHER_DEBUG
856 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
857 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
858#endif
859
860 if (rule == CIPHER_DEL)
861 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
862
863 head = *head_p;
864 tail = *tail_p;
865
866 if (reverse)
867 {
868 curr = tail;
869 last = head;
870 }
871 else
872 {
873 curr = head;
874 last = tail;
875 }
876
877 curr2 = curr;
878 for (;;)
879 {
880 if ((curr == NULL) || (curr == last)) break;
881 curr = curr2;
882 curr2 = reverse ? curr->prev : curr->next;
883
884 cp = curr->cipher;
885
886 /*
887 * Selection criteria is either the value of strength_bits
888 * or the algorithms used.
889 */
890 if (strength_bits >= 0)
891 {
892 if (strength_bits != cp->strength_bits)
893 continue;
894 }
895 else
896 {
897#ifdef CIPHER_DEBUG
898 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
899#endif
900
901 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
902 continue;
903 if (alg_auth && !(alg_auth & cp->algorithm_auth))
904 continue;
905 if (alg_enc && !(alg_enc & cp->algorithm_enc))
906 continue;
907 if (alg_mac && !(alg_mac & cp->algorithm_mac))
908 continue;
909 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
910 continue;
911 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
912 continue;
913 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
914 continue;
915 }
916
917#ifdef CIPHER_DEBUG
918 printf("Action = %d\n", rule);
919#endif
920
921 /* add the cipher if it has not been added yet. */
922 if (rule == CIPHER_ADD)
923 {
924 /* reverse == 0 */
925 if (!curr->active)
926 {
927 ll_append_tail(&head, curr, &tail);
928 curr->active = 1;
929 }
930 }
931 /* Move the added cipher to this location */
932 else if (rule == CIPHER_ORD)
933 {
934 /* reverse == 0 */
935 if (curr->active)
936 {
937 ll_append_tail(&head, curr, &tail);
938 }
939 }
940 else if (rule == CIPHER_DEL)
941 {
942 /* reverse == 1 */
943 if (curr->active)
944 {
945 /* most recently deleted ciphersuites get best positions
946 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
947 * works in reverse to maintain the order) */
948 ll_append_head(&head, curr, &tail);
949 curr->active = 0;
950 }
951 }
952 else if (rule == CIPHER_KILL)
953 {
954 /* reverse == 0 */
955 if (head == curr)
956 head = curr->next;
957 else
958 curr->prev->next = curr->next;
959 if (tail == curr)
960 tail = curr->prev;
961 curr->active = 0;
962 if (curr->next != NULL)
963 curr->next->prev = curr->prev;
964 if (curr->prev != NULL)
965 curr->prev->next = curr->next;
966 curr->next = NULL;
967 curr->prev = NULL;
968 }
969 }
970
971 *head_p = head;
972 *tail_p = tail;
973 }
974
975static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
976 CIPHER_ORDER **tail_p)
977 {
978 int max_strength_bits, i, *number_uses;
979 CIPHER_ORDER *curr;
980
981 /*
982 * This routine sorts the ciphers with descending strength. The sorting
983 * must keep the pre-sorted sequence, so we apply the normal sorting
984 * routine as '+' movement to the end of the list.
985 */
986 max_strength_bits = 0;
987 curr = *head_p;
988 while (curr != NULL)
989 {
990 if (curr->active &&
991 (curr->cipher->strength_bits > max_strength_bits))
992 max_strength_bits = curr->cipher->strength_bits;
993 curr = curr->next;
994 }
995
996 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
997 if (!number_uses)
998 {
999 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
1000 return(0);
1001 }
1002 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
1003
1004 /*
1005 * Now find the strength_bits values actually used
1006 */
1007 curr = *head_p;
1008 while (curr != NULL)
1009 {
1010 if (curr->active)
1011 number_uses[curr->cipher->strength_bits]++;
1012 curr = curr->next;
1013 }
1014 /*
1015 * Go through the list of used strength_bits values in descending
1016 * order.
1017 */
1018 for (i = max_strength_bits; i >= 0; i--)
1019 if (number_uses[i] > 0)
1020 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
1021
1022 OPENSSL_free(number_uses);
1023 return(1);
1024 }
1025
1026static int ssl_cipher_process_rulestr(const char *rule_str,
1027 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
1028 const SSL_CIPHER **ca_list)
1029 {
1030 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
1031 const char *l, *buf;
1032 int j, multi, found, rule, retval, ok, buflen;
1033 unsigned long cipher_id = 0;
1034 char ch;
1035
1036 retval = 1;
1037 l = rule_str;
1038 for (;;)
1039 {
1040 ch = *l;
1041
1042 if (ch == '\0')
1043 break; /* done */
1044 if (ch == '-')
1045 { rule = CIPHER_DEL; l++; }
1046 else if (ch == '+')
1047 { rule = CIPHER_ORD; l++; }
1048 else if (ch == '!')
1049 { rule = CIPHER_KILL; l++; }
1050 else if (ch == '@')
1051 { rule = CIPHER_SPECIAL; l++; }
1052 else
1053 { rule = CIPHER_ADD; }
1054
1055 if (ITEM_SEP(ch))
1056 {
1057 l++;
1058 continue;
1059 }
1060
1061 alg_mkey = 0;
1062 alg_auth = 0;
1063 alg_enc = 0;
1064 alg_mac = 0;
1065 alg_ssl = 0;
1066 algo_strength = 0;
1067
1068 for (;;)
1069 {
1070 ch = *l;
1071 buf = l;
1072 buflen = 0;
1073#ifndef CHARSET_EBCDIC
1074 while ( ((ch >= 'A') && (ch <= 'Z')) ||
1075 ((ch >= '0') && (ch <= '9')) ||
1076 ((ch >= 'a') && (ch <= 'z')) ||
1077 (ch == '-'))
1078#else
1079 while ( isalnum(ch) || (ch == '-'))
1080#endif
1081 {
1082 ch = *(++l);
1083 buflen++;
1084 }
1085
1086 if (buflen == 0)
1087 {
1088 /*
1089 * We hit something we cannot deal with,
1090 * it is no command or separator nor
1091 * alphanumeric, so we call this an error.
1092 */
1093 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1094 SSL_R_INVALID_COMMAND);
1095 retval = found = 0;
1096 l++;
1097 break;
1098 }
1099
1100 if (rule == CIPHER_SPECIAL)
1101 {
1102 found = 0; /* unused -- avoid compiler warning */
1103 break; /* special treatment */
1104 }
1105
1106 /* check for multi-part specification */
1107 if (ch == '+')
1108 {
1109 multi=1;
1110 l++;
1111 }
1112 else
1113 multi=0;
1114
1115 /*
1116 * Now search for the cipher alias in the ca_list. Be careful
1117 * with the strncmp, because the "buflen" limitation
1118 * will make the rule "ADH:SOME" and the cipher
1119 * "ADH-MY-CIPHER" look like a match for buflen=3.
1120 * So additionally check whether the cipher name found
1121 * has the correct length. We can save a strlen() call:
1122 * just checking for the '\0' at the right place is
1123 * sufficient, we have to strncmp() anyway. (We cannot
1124 * use strcmp(), because buf is not '\0' terminated.)
1125 */
1126 j = found = 0;
1127 cipher_id = 0;
1128 while (ca_list[j])
1129 {
1130 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1131 (ca_list[j]->name[buflen] == '\0'))
1132 {
1133 found = 1;
1134 break;
1135 }
1136 else
1137 j++;
1138 }
1139
1140 if (!found)
1141 break; /* ignore this entry */
1142
1143 if (ca_list[j]->algorithm_mkey)
1144 {
1145 if (alg_mkey)
1146 {
1147 alg_mkey &= ca_list[j]->algorithm_mkey;
1148 if (!alg_mkey) { found = 0; break; }
1149 }
1150 else
1151 alg_mkey = ca_list[j]->algorithm_mkey;
1152 }
1153
1154 if (ca_list[j]->algorithm_auth)
1155 {
1156 if (alg_auth)
1157 {
1158 alg_auth &= ca_list[j]->algorithm_auth;
1159 if (!alg_auth) { found = 0; break; }
1160 }
1161 else
1162 alg_auth = ca_list[j]->algorithm_auth;
1163 }
1164
1165 if (ca_list[j]->algorithm_enc)
1166 {
1167 if (alg_enc)
1168 {
1169 alg_enc &= ca_list[j]->algorithm_enc;
1170 if (!alg_enc) { found = 0; break; }
1171 }
1172 else
1173 alg_enc = ca_list[j]->algorithm_enc;
1174 }
1175
1176 if (ca_list[j]->algorithm_mac)
1177 {
1178 if (alg_mac)
1179 {
1180 alg_mac &= ca_list[j]->algorithm_mac;
1181 if (!alg_mac) { found = 0; break; }
1182 }
1183 else
1184 alg_mac = ca_list[j]->algorithm_mac;
1185 }
1186
1187 if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1188 {
1189 if (algo_strength & SSL_EXP_MASK)
1190 {
1191 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1192 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1193 }
1194 else
1195 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1196 }
1197
1198 if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1199 {
1200 if (algo_strength & SSL_STRONG_MASK)
1201 {
1202 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1203 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1204 }
1205 else
1206 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1207 }
1208
1209 if (ca_list[j]->valid)
1210 {
1211 /* explicit ciphersuite found; its protocol version
1212 * does not become part of the search pattern!*/
1213
1214 cipher_id = ca_list[j]->id;
1215 }
1216 else
1217 {
1218 /* not an explicit ciphersuite; only in this case, the
1219 * protocol version is considered part of the search pattern */
1220
1221 if (ca_list[j]->algorithm_ssl)
1222 {
1223 if (alg_ssl)
1224 {
1225 alg_ssl &= ca_list[j]->algorithm_ssl;
1226 if (!alg_ssl) { found = 0; break; }
1227 }
1228 else
1229 alg_ssl = ca_list[j]->algorithm_ssl;
1230 }
1231 }
1232
1233 if (!multi) break;
1234 }
1235
1236 /*
1237 * Ok, we have the rule, now apply it
1238 */
1239 if (rule == CIPHER_SPECIAL)
1240 { /* special command */
1241 ok = 0;
1242 if ((buflen == 8) &&
1243 !strncmp(buf, "STRENGTH", 8))
1244 ok = ssl_cipher_strength_sort(head_p, tail_p);
1245 else
1246 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1247 SSL_R_INVALID_COMMAND);
1248 if (ok == 0)
1249 retval = 0;
1250 /*
1251 * We do not support any "multi" options
1252 * together with "@", so throw away the
1253 * rest of the command, if any left, until
1254 * end or ':' is found.
1255 */
1256 while ((*l != '\0') && !ITEM_SEP(*l))
1257 l++;
1258 }
1259 else if (found)
1260 {
1261 ssl_cipher_apply_rule(cipher_id,
1262 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
1263 rule, -1, head_p, tail_p);
1264 }
1265 else
1266 {
1267 while ((*l != '\0') && !ITEM_SEP(*l))
1268 l++;
1269 }
1270 if (*l == '\0') break; /* done */
1271 }
1272
1273 return(retval);
1274 }
1275
1276STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1277 STACK_OF(SSL_CIPHER) **cipher_list,
1278 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1279 const char *rule_str)
1280 {
1281 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1282 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1283 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1284 const char *rule_p;
1285 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1286 const SSL_CIPHER **ca_list = NULL;
1287
1288 /*
1289 * Return with error if nothing to do.
1290 */
1291 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
1292 return NULL;
1293
1294 /*
1295 * To reduce the work to do we only want to process the compiled
1296 * in algorithms, so we first get the mask of disabled ciphers.
1297 */
1298 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1299
1300 /*
1301 * Now we have to collect the available ciphers from the compiled
1302 * in ciphers. We cannot get more than the number compiled in, so
1303 * it is used for allocation.
1304 */
1305 num_of_ciphers = ssl_method->num_ciphers();
1306#ifdef KSSL_DEBUG
1307 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1308#endif /* KSSL_DEBUG */
1309 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
1310 if (co_list == NULL)
1311 {
1312 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1313 return(NULL); /* Failure */
1314 }
1315
1316 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1317 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1318 co_list, &head, &tail);
1319
1320
1321 /* Now arrange all ciphers by preference: */
1322
1323 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1324 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1325 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1326
1327 /* AES is our preferred symmetric cipher */
1328 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1329
1330 /* Temporarily enable everything else for sorting */
1331 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1332
1333 /* Low priority for MD5 */
1334 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1335
1336 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1337 * (For applications that allow them, they aren't too bad, but we prefer
1338 * authenticated ciphers.) */
1339 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1340
1341 /* Move ciphers without forward secrecy to the end */
1342 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1343 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1344 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1345 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1346 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1347
1348 /* RC4 is sort-of broken -- move the the end */
1349 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1350
1351 /* Now sort by symmetric encryption strength. The above ordering remains
1352 * in force within each class */
1353 if (!ssl_cipher_strength_sort(&head, &tail))
1354 {
1355 OPENSSL_free(co_list);
1356 return NULL;
1357 }
1358
1359 /* Now disable everything (maintaining the ordering!) */
1360 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1361
1362
1363 /*
1364 * We also need cipher aliases for selecting based on the rule_str.
1365 * There might be two types of entries in the rule_str: 1) names
1366 * of ciphers themselves 2) aliases for groups of ciphers.
1367 * For 1) we need the available ciphers and for 2) the cipher
1368 * groups of cipher_aliases added together in one list (otherwise
1369 * we would be happy with just the cipher_aliases table).
1370 */
1371 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1372 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1373 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1374 if (ca_list == NULL)
1375 {
1376 OPENSSL_free(co_list);
1377 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1378 return(NULL); /* Failure */
1379 }
1380 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1381 disabled_mkey, disabled_auth, disabled_enc,
1382 disabled_mac, disabled_ssl, head);
1383
1384 /*
1385 * If the rule_string begins with DEFAULT, apply the default rule
1386 * before using the (possibly available) additional rules.
1387 */
1388 ok = 1;
1389 rule_p = rule_str;
1390 if (strncmp(rule_str,"DEFAULT",7) == 0)
1391 {
1392 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1393 &head, &tail, ca_list);
1394 rule_p += 7;
1395 if (*rule_p == ':')
1396 rule_p++;
1397 }
1398
1399 if (ok && (strlen(rule_p) > 0))
1400 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1401
1402 OPENSSL_free((void *)ca_list); /* Not needed anymore */
1403
1404 if (!ok)
1405 { /* Rule processing failure */
1406 OPENSSL_free(co_list);
1407 return(NULL);
1408 }
1409
1410 /*
1411 * Allocate new "cipherstack" for the result, return with error
1412 * if we cannot get one.
1413 */
1414 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1415 {
1416 OPENSSL_free(co_list);
1417 return(NULL);
1418 }
1419
1420 /*
1421 * The cipher selection for the list is done. The ciphers are added
1422 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1423 */
1424 for (curr = head; curr != NULL; curr = curr->next)
1425 {
1426 if (curr->active)
1427 {
1428 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1429#ifdef CIPHER_DEBUG
1430 printf("<%s>\n",curr->cipher->name);
1431#endif
1432 }
1433 }
1434 OPENSSL_free(co_list); /* Not needed any longer */
1435
1436 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1437 if (tmp_cipher_list == NULL)
1438 {
1439 sk_SSL_CIPHER_free(cipherstack);
1440 return NULL;
1441 }
1442 if (*cipher_list != NULL)
1443 sk_SSL_CIPHER_free(*cipher_list);
1444 *cipher_list = cipherstack;
1445 if (*cipher_list_by_id != NULL)
1446 sk_SSL_CIPHER_free(*cipher_list_by_id);
1447 *cipher_list_by_id = tmp_cipher_list;
1448 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1449
1450 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1451 return(cipherstack);
1452 }
1453
1454char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1455 {
1456 int is_export,pkl,kl;
1457 const char *ver,*exp_str;
1458 const char *kx,*au,*enc,*mac;
1459 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
1460#ifdef KSSL_DEBUG
1461 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1462#else
1463 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1464#endif /* KSSL_DEBUG */
1465
1466 alg_mkey = cipher->algorithm_mkey;
1467 alg_auth = cipher->algorithm_auth;
1468 alg_enc = cipher->algorithm_enc;
1469 alg_mac = cipher->algorithm_mac;
1470 alg_ssl = cipher->algorithm_ssl;
1471
1472 alg2=cipher->algorithm2;
1473
1474 is_export=SSL_C_IS_EXPORT(cipher);
1475 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1476 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1477 exp_str=is_export?" export":"";
1478
1479 if (alg_ssl & SSL_SSLV2)
1480 ver="SSLv2";
1481 else if (alg_ssl & SSL_SSLV3)
1482 ver="SSLv3";
1483 else
1484 ver="unknown";
1485
1486 switch (alg_mkey)
1487 {
1488 case SSL_kRSA:
1489 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1490 break;
1491 case SSL_kDHr:
1492 kx="DH/RSA";
1493 break;
1494 case SSL_kDHd:
1495 kx="DH/DSS";
1496 break;
1497 case SSL_kKRB5:
1498 kx="KRB5";
1499 break;
1500 case SSL_kEDH:
1501 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1502 break;
1503 case SSL_kECDHr:
1504 kx="ECDH/RSA";
1505 break;
1506 case SSL_kECDHe:
1507 kx="ECDH/ECDSA";
1508 break;
1509 case SSL_kEECDH:
1510 kx="ECDH";
1511 break;
1512 case SSL_kPSK:
1513 kx="PSK";
1514 break;
1515 default:
1516 kx="unknown";
1517 }
1518
1519 switch (alg_auth)
1520 {
1521 case SSL_aRSA:
1522 au="RSA";
1523 break;
1524 case SSL_aDSS:
1525 au="DSS";
1526 break;
1527 case SSL_aDH:
1528 au="DH";
1529 break;
1530 case SSL_aKRB5:
1531 au="KRB5";
1532 break;
1533 case SSL_aECDH:
1534 au="ECDH";
1535 break;
1536 case SSL_aNULL:
1537 au="None";
1538 break;
1539 case SSL_aECDSA:
1540 au="ECDSA";
1541 break;
1542 case SSL_aPSK:
1543 au="PSK";
1544 break;
1545 default:
1546 au="unknown";
1547 break;
1548 }
1549
1550 switch (alg_enc)
1551 {
1552 case SSL_DES:
1553 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1554 break;
1555 case SSL_3DES:
1556 enc="3DES(168)";
1557 break;
1558 case SSL_RC4:
1559 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1560 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1561 break;
1562 case SSL_RC2:
1563 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1564 break;
1565 case SSL_IDEA:
1566 enc="IDEA(128)";
1567 break;
1568 case SSL_eNULL:
1569 enc="None";
1570 break;
1571 case SSL_AES128:
1572 enc="AES(128)";
1573 break;
1574 case SSL_AES256:
1575 enc="AES(256)";
1576 break;
1577 case SSL_CAMELLIA128:
1578 enc="Camellia(128)";
1579 break;
1580 case SSL_CAMELLIA256:
1581 enc="Camellia(256)";
1582 break;
1583 case SSL_SEED:
1584 enc="SEED(128)";
1585 break;
1586 default:
1587 enc="unknown";
1588 break;
1589 }
1590
1591 switch (alg_mac)
1592 {
1593 case SSL_MD5:
1594 mac="MD5";
1595 break;
1596 case SSL_SHA1:
1597 mac="SHA1";
1598 break;
1599 default:
1600 mac="unknown";
1601 break;
1602 }
1603
1604 if (buf == NULL)
1605 {
1606 len=128;
1607 buf=OPENSSL_malloc(len);
1608 if (buf == NULL) return("OPENSSL_malloc Error");
1609 }
1610 else if (len < 128)
1611 return("Buffer too small");
1612
1613#ifdef KSSL_DEBUG
1614 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1615#else
1616 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1617#endif /* KSSL_DEBUG */
1618 return(buf);
1619 }
1620
1621char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1622 {
1623 int i;
1624
1625 if (c == NULL) return("(NONE)");
1626 i=(int)(c->id>>24L);
1627 if (i == 3)
1628 return("TLSv1/SSLv3");
1629 else if (i == 2)
1630 return("SSLv2");
1631 else
1632 return("unknown");
1633 }
1634
1635/* return the actual cipher being used */
1636const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1637 {
1638 if (c != NULL)
1639 return(c->name);
1640 return("(NONE)");
1641 }
1642
1643/* number of bits for symmetric cipher */
1644int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1645 {
1646 int ret=0;
1647
1648 if (c != NULL)
1649 {
1650 if (alg_bits != NULL) *alg_bits = c->alg_bits;
1651 ret = c->strength_bits;
1652 }
1653 return(ret);
1654 }
1655
1656SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1657 {
1658 SSL_COMP *ctmp;
1659 int i,nn;
1660
1661 if ((n == 0) || (sk == NULL)) return(NULL);
1662 nn=sk_SSL_COMP_num(sk);
1663 for (i=0; i<nn; i++)
1664 {
1665 ctmp=sk_SSL_COMP_value(sk,i);
1666 if (ctmp->id == n)
1667 return(ctmp);
1668 }
1669 return(NULL);
1670 }
1671
1672#ifdef OPENSSL_NO_COMP
1673void *SSL_COMP_get_compression_methods(void)
1674 {
1675 return NULL;
1676 }
1677int SSL_COMP_add_compression_method(int id, void *cm)
1678 {
1679 return 1;
1680 }
1681
1682const char *SSL_COMP_get_name(const void *comp)
1683 {
1684 return NULL;
1685 }
1686#else
1687STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1688 {
1689 load_builtin_compressions();
1690 return(ssl_comp_methods);
1691 }
1692
1693int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1694 {
1695 SSL_COMP *comp;
1696
1697 if (cm == NULL || cm->type == NID_undef)
1698 return 1;
1699
1700 /* According to draft-ietf-tls-compression-04.txt, the
1701 compression number ranges should be the following:
1702
1703 0 to 63: methods defined by the IETF
1704 64 to 192: external party methods assigned by IANA
1705 193 to 255: reserved for private use */
1706 if (id < 193 || id > 255)
1707 {
1708 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1709 return 0;
1710 }
1711
1712 MemCheck_off();
1713 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1714 comp->id=id;
1715 comp->method=cm;
1716 load_builtin_compressions();
1717 if (ssl_comp_methods
1718 && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
1719 {
1720 OPENSSL_free(comp);
1721 MemCheck_on();
1722 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1723 return(1);
1724 }
1725 else if ((ssl_comp_methods == NULL)
1726 || !sk_SSL_COMP_push(ssl_comp_methods,comp))
1727 {
1728 OPENSSL_free(comp);
1729 MemCheck_on();
1730 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1731 return(1);
1732 }
1733 else
1734 {
1735 MemCheck_on();
1736 return(0);
1737 }
1738 }
1739
1740const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1741 {
1742 if (comp)
1743 return comp->name;
1744 return NULL;
1745 }
1746
1747#endif
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index e9be77109f..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,573 +0,0 @@
1/* ssl/ssl_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/ssl.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
70
71static ERR_STRING_DATA SSL_str_functs[]=
72 {
73{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
74{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
75{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
76{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
77{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
78{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
79{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
80{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
81{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
82{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
83{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
84{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
85{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
86{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
87{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
88{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
89{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
90{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
91{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
92{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
93{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
94{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
95{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
96{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
97{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
98{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
99{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
100{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
101{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
102{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
103{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
104{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
105{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
106{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
107{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
108{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
109{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
110{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
111{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
112{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
113{ERR_FUNC(SSL_F_READ_N), "READ_N"},
114{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
115{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
116{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
117{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
118{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
119{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
120{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
121{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
122{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
123{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
124{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
125{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
126{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
127{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
128{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
129{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
130{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
131{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
132{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
133{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
134{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
135{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
136{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
137{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
138{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
139{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
140{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
141{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
142{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
143{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
144{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
145{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"},
146{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
147{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
148{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
149{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
150{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
151{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
152{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
153{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
154{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
155{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
156{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
157{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
158{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
159{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
160{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
161{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
162{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
163{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
164{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
165{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
166{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
167{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
168{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
169{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
170{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
171{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
172{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
173{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
174{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
175{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
176{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
177{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
178{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
179{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
180{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
181{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
182{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
183{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
184{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
185{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
186{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
187{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
188{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
189{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
190{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
191{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
192{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
193{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
194{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
195{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
196{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
197{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
198{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
199{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
200{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
201{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
202{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
203{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
204{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
205{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
206{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
207{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
208{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
209{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
210{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
211{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
212{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
213{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
214{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
215{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
216{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
217{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
218{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
219{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
220{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
221{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
222{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
223{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
224{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
225{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
226{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
227{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
228{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
229{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
230{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
231{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
232{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
233{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
234{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
235{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
236{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
237{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
238{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
239{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
240{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
241{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
242{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
243{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
244{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
245{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
246{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
247{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
248{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
249{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
250{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
251{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
252{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
253{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
254{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
255{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
256{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
257{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
258{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
259{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
260{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
261{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
262{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
263{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
264{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
265{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
266{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
267{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
268{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
269{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
270{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
271{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"},
272{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
273{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
274{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
275{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
276{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
277{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
278{0,NULL}
279 };
280
281static ERR_STRING_DATA SSL_str_reasons[]=
282 {
283{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
284{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
285{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
286{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
287{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
288{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
289{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
290{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
291{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
292{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
293{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
294{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
295{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
296{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
297{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
298{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
299{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"},
300{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
301{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
302{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
303{ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"},
304{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
305{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
306{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
307{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"},
308{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
309{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
310{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
311{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
312{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
313{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
314{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
315{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
316{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
317{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
318{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
319{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
320{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
321{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
322{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
323{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
324{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
325{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
326{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
327{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
328{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
329{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
330{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
331{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
332{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
333{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"},
334{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
335{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
336{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
337{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
338{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
339{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
340{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
341{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
342{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
343{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
344{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
345{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
346{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"},
347{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
348{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},
349{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
350{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
351{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
352{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
353{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
354{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
355{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
356{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
357{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
358{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
359{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
360{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
361{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
362{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
363{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
364{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
365{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
366{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
367{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
368{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
369{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
370{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
371{ERR_REASON(SSL_R_KRB5) ,"krb5"},
372{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
373{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
374{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
375{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
376{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
377{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
378{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
379{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
380{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
381{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
382{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
383{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
384{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
385{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
386{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
387{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
388{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
389{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
390{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
391{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
392{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
393{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
394{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
395{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
396{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
397{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
398{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
399{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
400{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
401{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
402{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
403{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
404{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
405{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
406{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
407{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
408{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
409{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
410{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
411{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
412{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
413{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
414{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
415{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
416{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
417{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
418{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
419{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
420{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
421{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
422{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"},
423{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"},
424{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
425{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
426{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
427{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
428{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
429{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
430{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
431{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
432{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
433{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"},
434{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
435{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
436{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
437{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
438{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
439{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
440{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
441{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
442{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
443{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
444{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"},
445{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"},
446{ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"},
447{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
448{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
449{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
450{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
451{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"},
452{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
453{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
454{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
455{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
456{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"},
457{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
458{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
459{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
460{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
461{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
462{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
463{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
464{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
465{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
466{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
467{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
468{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
469{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
470{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
471{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"},
472{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
473{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
474{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
475{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
476{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
477{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
478{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
479{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
480{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
481{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
482{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
483{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
484{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
485{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
486{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
487{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
488{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
489{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
490{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
491{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
492{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
493{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
494{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
495{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
496{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
497{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
498{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
499{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
500{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
501{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
502{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
503{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
504{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
505{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
506{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
507{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
508{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
509{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
510{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
511{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
512{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
513{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
514{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
515{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
516{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
517{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
518{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
519{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
520{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
521{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
522{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
523{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
524{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
525{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
526{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
527{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
528{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
529{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
530{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
531{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
532{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
533{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
534{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
535{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
536{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
537{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
538{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
539{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
540{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
541{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
542{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
543{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
544{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
545{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
546{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
547{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
548{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
549{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
550{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
551{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
552{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
553{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
554{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
555{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
556{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
557{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
558{0,NULL}
559 };
560
561#endif
562
563void ERR_load_SSL_strings(void)
564 {
565#ifndef OPENSSL_NO_ERR
566
567 if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
568 {
569 ERR_load_strings(0,SSL_str_functs);
570 ERR_load_strings(0,SSL_str_reasons);
571 }
572#endif
573 }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index ea95a5f983..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ssl/ssl_err2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/ssl.h>
62
63void SSL_load_error_strings(void)
64 {
65#ifndef OPENSSL_NO_ERR
66 ERR_load_crypto_strings();
67 ERR_load_SSL_strings();
68#endif
69 }
70
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 7755476de3..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3045 +0,0 @@
1/*! \file ssl/ssl_lib.c
2 * \brief Version independent SSL functions.
3 */
4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * All rights reserved.
6 *
7 * This package is an SSL implementation written
8 * by Eric Young (eay@cryptsoft.com).
9 * The implementation was written so as to conform with Netscapes SSL.
10 *
11 * This library is free for commercial and non-commercial use as long as
12 * the following conditions are aheared to. The following conditions
13 * apply to all code found in this distribution, be it the RC4, RSA,
14 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15 * included with this distribution is covered by the same copyright terms
16 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17 *
18 * Copyright remains Eric Young's, and as such any Copyright notices in
19 * the code are not to be removed.
20 * If this package is used in a product, Eric Young should be given attribution
21 * as the author of the parts of the library used.
22 * This can be in the form of a textual message at program startup or
23 * in documentation (online or textual) provided with the package.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the copyright
29 * notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in the
32 * documentation and/or other materials provided with the distribution.
33 * 3. All advertising materials mentioning features or use of this software
34 * must display the following acknowledgement:
35 * "This product includes cryptographic software written by
36 * Eric Young (eay@cryptsoft.com)"
37 * The word 'cryptographic' can be left out if the rouines from the library
38 * being used are not cryptographic related :-).
39 * 4. If you include any Windows specific code (or a derivative thereof) from
40 * the apps directory (application code) you must include an acknowledgement:
41 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42 *
43 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * SUCH DAMAGE.
54 *
55 * The licence and distribution terms for any publically available version or
56 * derivative of this code cannot be changed. i.e. this code cannot simply be
57 * copied and put under another distribution licence
58 * [including the GNU Public Licence.]
59 */
60/* ====================================================================
61 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 *
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 *
70 * 2. Redistributions in binary form must reproduce the above copyright
71 * notice, this list of conditions and the following disclaimer in
72 * the documentation and/or other materials provided with the
73 * distribution.
74 *
75 * 3. All advertising materials mentioning features or use of this
76 * software must display the following acknowledgment:
77 * "This product includes software developed by the OpenSSL Project
78 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
79 *
80 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
81 * endorse or promote products derived from this software without
82 * prior written permission. For written permission, please contact
83 * openssl-core@openssl.org.
84 *
85 * 5. Products derived from this software may not be called "OpenSSL"
86 * nor may "OpenSSL" appear in their names without prior written
87 * permission of the OpenSSL Project.
88 *
89 * 6. Redistributions of any form whatsoever must retain the following
90 * acknowledgment:
91 * "This product includes software developed by the OpenSSL Project
92 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
93 *
94 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
95 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
97 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
98 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
99 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
100 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
101 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
102 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
103 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
104 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
105 * OF THE POSSIBILITY OF SUCH DAMAGE.
106 * ====================================================================
107 *
108 * This product includes cryptographic software written by Eric Young
109 * (eay@cryptsoft.com). This product includes software written by Tim
110 * Hudson (tjh@cryptsoft.com).
111 *
112 */
113/* ====================================================================
114 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
115 * ECC cipher suite support in OpenSSL originally developed by
116 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
117 */
118/* ====================================================================
119 * Copyright 2005 Nokia. All rights reserved.
120 *
121 * The portions of the attached software ("Contribution") is developed by
122 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * license.
124 *
125 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
126 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
127 * support (see RFC 4279) to OpenSSL.
128 *
129 * No patent licenses or other rights except those expressly stated in
130 * the OpenSSL open source license shall be deemed granted or received
131 * expressly, by implication, estoppel, or otherwise.
132 *
133 * No assurances are provided by Nokia that the Contribution does not
134 * infringe the patent or other intellectual property rights of any third
135 * party or that the license provides you with all the necessary rights
136 * to make use of the Contribution.
137 *
138 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
139 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
140 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
141 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
142 * OTHERWISE.
143 */
144
145#ifdef REF_CHECK
146# include <assert.h>
147#endif
148#include <stdio.h>
149#include "ssl_locl.h"
150#include "kssl_lcl.h"
151#include <openssl/objects.h>
152#include <openssl/lhash.h>
153#include <openssl/x509v3.h>
154#include <openssl/rand.h>
155#include <openssl/ocsp.h>
156#ifndef OPENSSL_NO_DH
157#include <openssl/dh.h>
158#endif
159#ifndef OPENSSL_NO_ENGINE
160#include <openssl/engine.h>
161#endif
162
163const char *SSL_version_str=OPENSSL_VERSION_TEXT;
164
165SSL3_ENC_METHOD ssl3_undef_enc_method={
166 /* evil casts, but these functions are only called if there's a library bug */
167 (int (*)(SSL *,int))ssl_undefined_function,
168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 ssl_undefined_function,
170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
171 (int (*)(SSL*, int))ssl_undefined_function,
172 (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function,
173 0, /* finish_mac_length */
174 (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
175 NULL, /* client_finished_label */
176 0, /* client_finished_label_len */
177 NULL, /* server_finished_label */
178 0, /* server_finished_label_len */
179 (int (*)(int))ssl_undefined_function
180 };
181
182int SSL_clear(SSL *s)
183 {
184
185 if (s->method == NULL)
186 {
187 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
188 return(0);
189 }
190
191 if (ssl_clear_bad_session(s))
192 {
193 SSL_SESSION_free(s->session);
194 s->session=NULL;
195 }
196
197 s->error=0;
198 s->hit=0;
199 s->shutdown=0;
200
201#if 0 /* Disabled since version 1.10 of this file (early return not
202 * needed because SSL_clear is not called when doing renegotiation) */
203 /* This is set if we are doing dynamic renegotiation so keep
204 * the old cipher. It is sort of a SSL_clear_lite :-) */
205 if (s->new_session) return(1);
206#else
207 if (s->new_session)
208 {
209 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
210 return 0;
211 }
212#endif
213
214 s->type=0;
215
216 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
217
218 s->version=s->method->version;
219 s->client_version=s->version;
220 s->rwstate=SSL_NOTHING;
221 s->rstate=SSL_ST_READ_HEADER;
222#if 0
223 s->read_ahead=s->ctx->read_ahead;
224#endif
225
226 if (s->init_buf != NULL)
227 {
228 BUF_MEM_free(s->init_buf);
229 s->init_buf=NULL;
230 }
231
232 ssl_clear_cipher_ctx(s);
233 ssl_clear_hash_ctx(&s->read_hash);
234 ssl_clear_hash_ctx(&s->write_hash);
235
236 s->first_packet=0;
237
238#if 1
239 /* Check to see if we were changed into a different method, if
240 * so, revert back if we are not doing session-id reuse. */
241 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
242 {
243 s->method->ssl_free(s);
244 s->method=s->ctx->method;
245 if (!s->method->ssl_new(s))
246 return(0);
247 }
248 else
249#endif
250 s->method->ssl_clear(s);
251 return(1);
252 }
253
254/** Used to change an SSL_CTXs default SSL method type */
255int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
256 {
257 STACK_OF(SSL_CIPHER) *sk;
258
259 ctx->method=meth;
260
261 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
262 &(ctx->cipher_list_by_id),
263 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
264 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
265 {
266 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
267 return(0);
268 }
269 return(1);
270 }
271
272SSL *SSL_new(SSL_CTX *ctx)
273 {
274 SSL *s;
275
276 if (ctx == NULL)
277 {
278 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
279 return(NULL);
280 }
281 if (ctx->method == NULL)
282 {
283 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
284 return(NULL);
285 }
286
287 s=(SSL *)OPENSSL_malloc(sizeof(SSL));
288 if (s == NULL) goto err;
289 memset(s,0,sizeof(SSL));
290
291#ifndef OPENSSL_NO_KRB5
292 s->kssl_ctx = kssl_ctx_new();
293#endif /* OPENSSL_NO_KRB5 */
294
295 s->options=ctx->options;
296 s->mode=ctx->mode;
297 s->max_cert_list=ctx->max_cert_list;
298
299 if (ctx->cert != NULL)
300 {
301 /* Earlier library versions used to copy the pointer to
302 * the CERT, not its contents; only when setting new
303 * parameters for the per-SSL copy, ssl_cert_new would be
304 * called (and the direct reference to the per-SSL_CTX
305 * settings would be lost, but those still were indirectly
306 * accessed for various purposes, and for that reason they
307 * used to be known as s->ctx->default_cert).
308 * Now we don't look at the SSL_CTX's CERT after having
309 * duplicated it once. */
310
311 s->cert = ssl_cert_dup(ctx->cert);
312 if (s->cert == NULL)
313 goto err;
314 }
315 else
316 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
317
318 s->read_ahead=ctx->read_ahead;
319 s->msg_callback=ctx->msg_callback;
320 s->msg_callback_arg=ctx->msg_callback_arg;
321 s->verify_mode=ctx->verify_mode;
322#if 0
323 s->verify_depth=ctx->verify_depth;
324#endif
325 s->sid_ctx_length=ctx->sid_ctx_length;
326 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
327 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
328 s->verify_callback=ctx->default_verify_callback;
329 s->generate_session_id=ctx->generate_session_id;
330
331 s->param = X509_VERIFY_PARAM_new();
332 if (!s->param)
333 goto err;
334 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
335#if 0
336 s->purpose = ctx->purpose;
337 s->trust = ctx->trust;
338#endif
339 s->quiet_shutdown=ctx->quiet_shutdown;
340 s->max_send_fragment = ctx->max_send_fragment;
341
342 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
343 s->ctx=ctx;
344#ifndef OPENSSL_NO_TLSEXT
345 s->tlsext_debug_cb = 0;
346 s->tlsext_debug_arg = NULL;
347 s->tlsext_ticket_expected = 0;
348 s->tlsext_status_type = -1;
349 s->tlsext_status_expected = 0;
350 s->tlsext_ocsp_ids = NULL;
351 s->tlsext_ocsp_exts = NULL;
352 s->tlsext_ocsp_resp = NULL;
353 s->tlsext_ocsp_resplen = -1;
354 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
355 s->initial_ctx=ctx;
356#endif
357
358 s->verify_result=X509_V_OK;
359
360 s->method=ctx->method;
361
362 if (!s->method->ssl_new(s))
363 goto err;
364
365 s->references=1;
366 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
367
368 SSL_clear(s);
369
370 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
371
372#ifndef OPENSSL_NO_PSK
373 s->psk_client_callback=ctx->psk_client_callback;
374 s->psk_server_callback=ctx->psk_server_callback;
375#endif
376
377 return(s);
378err:
379 if (s != NULL)
380 {
381 if (s->cert != NULL)
382 ssl_cert_free(s->cert);
383 if (s->ctx != NULL)
384 SSL_CTX_free(s->ctx); /* decrement reference count */
385 OPENSSL_free(s);
386 }
387 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
388 return(NULL);
389 }
390
391int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
392 unsigned int sid_ctx_len)
393 {
394 if(sid_ctx_len > sizeof ctx->sid_ctx)
395 {
396 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
397 return 0;
398 }
399 ctx->sid_ctx_length=sid_ctx_len;
400 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
401
402 return 1;
403 }
404
405int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
406 unsigned int sid_ctx_len)
407 {
408 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
409 {
410 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
411 return 0;
412 }
413 ssl->sid_ctx_length=sid_ctx_len;
414 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
415
416 return 1;
417 }
418
419int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
420 {
421 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
422 ctx->generate_session_id = cb;
423 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
424 return 1;
425 }
426
427int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
428 {
429 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
430 ssl->generate_session_id = cb;
431 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
432 return 1;
433 }
434
435int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
436 unsigned int id_len)
437 {
438 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
439 * we can "construct" a session to give us the desired check - ie. to
440 * find if there's a session in the hash table that would conflict with
441 * any new session built out of this id/id_len and the ssl_version in
442 * use by this SSL. */
443 SSL_SESSION r, *p;
444
445 if(id_len > sizeof r.session_id)
446 return 0;
447
448 r.ssl_version = ssl->version;
449 r.session_id_length = id_len;
450 memcpy(r.session_id, id, id_len);
451 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
452 * callback is calling us to check the uniqueness of a shorter ID, it
453 * must be compared as a padded-out ID because that is what it will be
454 * converted to when the callback has finished choosing it. */
455 if((r.ssl_version == SSL2_VERSION) &&
456 (id_len < SSL2_SSL_SESSION_ID_LENGTH))
457 {
458 memset(r.session_id + id_len, 0,
459 SSL2_SSL_SESSION_ID_LENGTH - id_len);
460 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
461 }
462
463 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
464 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
465 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
466 return (p != NULL);
467 }
468
469int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
470 {
471 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
472 }
473
474int SSL_set_purpose(SSL *s, int purpose)
475 {
476 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
477 }
478
479int SSL_CTX_set_trust(SSL_CTX *s, int trust)
480 {
481 return X509_VERIFY_PARAM_set_trust(s->param, trust);
482 }
483
484int SSL_set_trust(SSL *s, int trust)
485 {
486 return X509_VERIFY_PARAM_set_trust(s->param, trust);
487 }
488
489int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
490 {
491 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
492 }
493
494int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
495 {
496 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
497 }
498
499void SSL_free(SSL *s)
500 {
501 int i;
502
503 if(s == NULL)
504 return;
505
506 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
507#ifdef REF_PRINT
508 REF_PRINT("SSL",s);
509#endif
510 if (i > 0) return;
511#ifdef REF_CHECK
512 if (i < 0)
513 {
514 fprintf(stderr,"SSL_free, bad reference count\n");
515 abort(); /* ok */
516 }
517#endif
518
519 if (s->param)
520 X509_VERIFY_PARAM_free(s->param);
521
522 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
523
524 if (s->bbio != NULL)
525 {
526 /* If the buffering BIO is in place, pop it off */
527 if (s->bbio == s->wbio)
528 {
529 s->wbio=BIO_pop(s->wbio);
530 }
531 BIO_free(s->bbio);
532 s->bbio=NULL;
533 }
534 if (s->rbio != NULL)
535 BIO_free_all(s->rbio);
536 if ((s->wbio != NULL) && (s->wbio != s->rbio))
537 BIO_free_all(s->wbio);
538
539 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
540
541 /* add extra stuff */
542 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
543 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
544
545 /* Make the next call work :-) */
546 if (s->session != NULL)
547 {
548 ssl_clear_bad_session(s);
549 SSL_SESSION_free(s->session);
550 }
551
552 ssl_clear_cipher_ctx(s);
553 ssl_clear_hash_ctx(&s->read_hash);
554 ssl_clear_hash_ctx(&s->write_hash);
555
556 if (s->cert != NULL) ssl_cert_free(s->cert);
557 /* Free up if allocated */
558
559#ifndef OPENSSL_NO_TLSEXT
560 if (s->tlsext_hostname)
561 OPENSSL_free(s->tlsext_hostname);
562 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
563#ifndef OPENSSL_NO_EC
564 if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
565 if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
566#endif /* OPENSSL_NO_EC */
567 if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
568 if (s->tlsext_ocsp_exts)
569 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
570 X509_EXTENSION_free);
571 if (s->tlsext_ocsp_ids)
572 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
573 if (s->tlsext_ocsp_resp)
574 OPENSSL_free(s->tlsext_ocsp_resp);
575#endif
576
577 if (s->client_CA != NULL)
578 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
579
580 if (s->method != NULL) s->method->ssl_free(s);
581
582 if (s->ctx) SSL_CTX_free(s->ctx);
583
584#ifndef OPENSSL_NO_KRB5
585 if (s->kssl_ctx != NULL)
586 kssl_ctx_free(s->kssl_ctx);
587#endif /* OPENSSL_NO_KRB5 */
588
589 OPENSSL_free(s);
590 }
591
592void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
593 {
594 /* If the output buffering BIO is still in place, remove it
595 */
596 if (s->bbio != NULL)
597 {
598 if (s->wbio == s->bbio)
599 {
600 s->wbio=s->wbio->next_bio;
601 s->bbio->next_bio=NULL;
602 }
603 }
604 if ((s->rbio != NULL) && (s->rbio != rbio))
605 BIO_free_all(s->rbio);
606 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
607 BIO_free_all(s->wbio);
608 s->rbio=rbio;
609 s->wbio=wbio;
610 }
611
612BIO *SSL_get_rbio(const SSL *s)
613 { return(s->rbio); }
614
615BIO *SSL_get_wbio(const SSL *s)
616 { return(s->wbio); }
617
618int SSL_get_fd(const SSL *s)
619 {
620 return(SSL_get_rfd(s));
621 }
622
623int SSL_get_rfd(const SSL *s)
624 {
625 int ret= -1;
626 BIO *b,*r;
627
628 b=SSL_get_rbio(s);
629 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
630 if (r != NULL)
631 BIO_get_fd(r,&ret);
632 return(ret);
633 }
634
635int SSL_get_wfd(const SSL *s)
636 {
637 int ret= -1;
638 BIO *b,*r;
639
640 b=SSL_get_wbio(s);
641 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
642 if (r != NULL)
643 BIO_get_fd(r,&ret);
644 return(ret);
645 }
646
647#ifndef OPENSSL_NO_SOCK
648int SSL_set_fd(SSL *s,int fd)
649 {
650 int ret=0;
651 BIO *bio=NULL;
652
653 bio=BIO_new(BIO_s_socket());
654
655 if (bio == NULL)
656 {
657 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
658 goto err;
659 }
660 BIO_set_fd(bio,fd,BIO_NOCLOSE);
661 SSL_set_bio(s,bio,bio);
662 ret=1;
663err:
664 return(ret);
665 }
666
667int SSL_set_wfd(SSL *s,int fd)
668 {
669 int ret=0;
670 BIO *bio=NULL;
671
672 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
673 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
674 {
675 bio=BIO_new(BIO_s_socket());
676
677 if (bio == NULL)
678 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
679 BIO_set_fd(bio,fd,BIO_NOCLOSE);
680 SSL_set_bio(s,SSL_get_rbio(s),bio);
681 }
682 else
683 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
684 ret=1;
685err:
686 return(ret);
687 }
688
689int SSL_set_rfd(SSL *s,int fd)
690 {
691 int ret=0;
692 BIO *bio=NULL;
693
694 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
695 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
696 {
697 bio=BIO_new(BIO_s_socket());
698
699 if (bio == NULL)
700 {
701 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
702 goto err;
703 }
704 BIO_set_fd(bio,fd,BIO_NOCLOSE);
705 SSL_set_bio(s,bio,SSL_get_wbio(s));
706 }
707 else
708 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
709 ret=1;
710err:
711 return(ret);
712 }
713#endif
714
715
716/* return length of latest Finished message we sent, copy to 'buf' */
717size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
718 {
719 size_t ret = 0;
720
721 if (s->s3 != NULL)
722 {
723 ret = s->s3->tmp.finish_md_len;
724 if (count > ret)
725 count = ret;
726 memcpy(buf, s->s3->tmp.finish_md, count);
727 }
728 return ret;
729 }
730
731/* return length of latest Finished message we expected, copy to 'buf' */
732size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
733 {
734 size_t ret = 0;
735
736 if (s->s3 != NULL)
737 {
738 ret = s->s3->tmp.peer_finish_md_len;
739 if (count > ret)
740 count = ret;
741 memcpy(buf, s->s3->tmp.peer_finish_md, count);
742 }
743 return ret;
744 }
745
746
747int SSL_get_verify_mode(const SSL *s)
748 {
749 return(s->verify_mode);
750 }
751
752int SSL_get_verify_depth(const SSL *s)
753 {
754 return X509_VERIFY_PARAM_get_depth(s->param);
755 }
756
757int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
758 {
759 return(s->verify_callback);
760 }
761
762int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
763 {
764 return(ctx->verify_mode);
765 }
766
767int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
768 {
769 return X509_VERIFY_PARAM_get_depth(ctx->param);
770 }
771
772int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
773 {
774 return(ctx->default_verify_callback);
775 }
776
777void SSL_set_verify(SSL *s,int mode,
778 int (*callback)(int ok,X509_STORE_CTX *ctx))
779 {
780 s->verify_mode=mode;
781 if (callback != NULL)
782 s->verify_callback=callback;
783 }
784
785void SSL_set_verify_depth(SSL *s,int depth)
786 {
787 X509_VERIFY_PARAM_set_depth(s->param, depth);
788 }
789
790void SSL_set_read_ahead(SSL *s,int yes)
791 {
792 s->read_ahead=yes;
793 }
794
795int SSL_get_read_ahead(const SSL *s)
796 {
797 return(s->read_ahead);
798 }
799
800int SSL_pending(const SSL *s)
801 {
802 /* SSL_pending cannot work properly if read-ahead is enabled
803 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
804 * and it is impossible to fix since SSL_pending cannot report
805 * errors that may be observed while scanning the new data.
806 * (Note that SSL_pending() is often used as a boolean value,
807 * so we'd better not return -1.)
808 */
809 return(s->method->ssl_pending(s));
810 }
811
812X509 *SSL_get_peer_certificate(const SSL *s)
813 {
814 X509 *r;
815
816 if ((s == NULL) || (s->session == NULL))
817 r=NULL;
818 else
819 r=s->session->peer;
820
821 if (r == NULL) return(r);
822
823 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
824
825 return(r);
826 }
827
828STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
829 {
830 STACK_OF(X509) *r;
831
832 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
833 r=NULL;
834 else
835 r=s->session->sess_cert->cert_chain;
836
837 /* If we are a client, cert_chain includes the peer's own
838 * certificate; if we are a server, it does not. */
839
840 return(r);
841 }
842
843/* Now in theory, since the calling process own 't' it should be safe to
844 * modify. We need to be able to read f without being hassled */
845void SSL_copy_session_id(SSL *t,const SSL *f)
846 {
847 CERT *tmp;
848
849 /* Do we need to to SSL locking? */
850 SSL_set_session(t,SSL_get_session(f));
851
852 /* what if we are setup as SSLv2 but want to talk SSLv3 or
853 * vice-versa */
854 if (t->method != f->method)
855 {
856 t->method->ssl_free(t); /* cleanup current */
857 t->method=f->method; /* change method */
858 t->method->ssl_new(t); /* setup new */
859 }
860
861 tmp=t->cert;
862 if (f->cert != NULL)
863 {
864 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
865 t->cert=f->cert;
866 }
867 else
868 t->cert=NULL;
869 if (tmp != NULL) ssl_cert_free(tmp);
870 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
871 }
872
873/* Fix this so it checks all the valid key/cert options */
874int SSL_CTX_check_private_key(const SSL_CTX *ctx)
875 {
876 if ( (ctx == NULL) ||
877 (ctx->cert == NULL) ||
878 (ctx->cert->key->x509 == NULL))
879 {
880 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
881 return(0);
882 }
883 if (ctx->cert->key->privatekey == NULL)
884 {
885 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
886 return(0);
887 }
888 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
889 }
890
891/* Fix this function so that it takes an optional type parameter */
892int SSL_check_private_key(const SSL *ssl)
893 {
894 if (ssl == NULL)
895 {
896 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
897 return(0);
898 }
899 if (ssl->cert == NULL)
900 {
901 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
902 return 0;
903 }
904 if (ssl->cert->key->x509 == NULL)
905 {
906 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
907 return(0);
908 }
909 if (ssl->cert->key->privatekey == NULL)
910 {
911 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
912 return(0);
913 }
914 return(X509_check_private_key(ssl->cert->key->x509,
915 ssl->cert->key->privatekey));
916 }
917
918int SSL_accept(SSL *s)
919 {
920 if (s->handshake_func == 0)
921 /* Not properly initialized yet */
922 SSL_set_accept_state(s);
923
924 return(s->method->ssl_accept(s));
925 }
926
927int SSL_connect(SSL *s)
928 {
929 if (s->handshake_func == 0)
930 /* Not properly initialized yet */
931 SSL_set_connect_state(s);
932
933 return(s->method->ssl_connect(s));
934 }
935
936long SSL_get_default_timeout(const SSL *s)
937 {
938 return(s->method->get_timeout());
939 }
940
941int SSL_read(SSL *s,void *buf,int num)
942 {
943 if (s->handshake_func == 0)
944 {
945 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
946 return -1;
947 }
948
949 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
950 {
951 s->rwstate=SSL_NOTHING;
952 return(0);
953 }
954 return(s->method->ssl_read(s,buf,num));
955 }
956
957int SSL_peek(SSL *s,void *buf,int num)
958 {
959 if (s->handshake_func == 0)
960 {
961 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
962 return -1;
963 }
964
965 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
966 {
967 return(0);
968 }
969 return(s->method->ssl_peek(s,buf,num));
970 }
971
972int SSL_write(SSL *s,const void *buf,int num)
973 {
974 if (s->handshake_func == 0)
975 {
976 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
977 return -1;
978 }
979
980 if (s->shutdown & SSL_SENT_SHUTDOWN)
981 {
982 s->rwstate=SSL_NOTHING;
983 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
984 return(-1);
985 }
986 return(s->method->ssl_write(s,buf,num));
987 }
988
989int SSL_shutdown(SSL *s)
990 {
991 /* Note that this function behaves differently from what one might
992 * expect. Return values are 0 for no success (yet),
993 * 1 for success; but calling it once is usually not enough,
994 * even if blocking I/O is used (see ssl3_shutdown).
995 */
996
997 if (s->handshake_func == 0)
998 {
999 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
1000 return -1;
1001 }
1002
1003 if ((s != NULL) && !SSL_in_init(s))
1004 return(s->method->ssl_shutdown(s));
1005 else
1006 return(1);
1007 }
1008
1009int SSL_renegotiate(SSL *s)
1010 {
1011 if (s->new_session == 0)
1012 {
1013 s->new_session=1;
1014 }
1015 return(s->method->ssl_renegotiate(s));
1016 }
1017
1018int SSL_renegotiate_pending(SSL *s)
1019 {
1020 /* becomes true when negotiation is requested;
1021 * false again once a handshake has finished */
1022 return (s->new_session != 0);
1023 }
1024
1025long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1026 {
1027 long l;
1028
1029 switch (cmd)
1030 {
1031 case SSL_CTRL_GET_READ_AHEAD:
1032 return(s->read_ahead);
1033 case SSL_CTRL_SET_READ_AHEAD:
1034 l=s->read_ahead;
1035 s->read_ahead=larg;
1036 return(l);
1037
1038 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1039 s->msg_callback_arg = parg;
1040 return 1;
1041
1042 case SSL_CTRL_OPTIONS:
1043 return(s->options|=larg);
1044 case SSL_CTRL_CLEAR_OPTIONS:
1045 return(s->options&=~larg);
1046 case SSL_CTRL_MODE:
1047 return(s->mode|=larg);
1048 case SSL_CTRL_CLEAR_MODE:
1049 return(s->mode &=~larg);
1050 case SSL_CTRL_GET_MAX_CERT_LIST:
1051 return(s->max_cert_list);
1052 case SSL_CTRL_SET_MAX_CERT_LIST:
1053 l=s->max_cert_list;
1054 s->max_cert_list=larg;
1055 return(l);
1056 case SSL_CTRL_SET_MTU:
1057 if (larg < (long)dtls1_min_mtu())
1058 return 0;
1059
1060 if (SSL_version(s) == DTLS1_VERSION ||
1061 SSL_version(s) == DTLS1_BAD_VER)
1062 {
1063 s->d1->mtu = larg;
1064 return larg;
1065 }
1066 return 0;
1067 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1068 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1069 return 0;
1070 s->max_send_fragment = larg;
1071 return 1;
1072 case SSL_CTRL_GET_RI_SUPPORT:
1073 if (s->s3)
1074 return s->s3->send_connection_binding;
1075 else return 0;
1076 default:
1077 return(s->method->ssl_ctrl(s,cmd,larg,parg));
1078 }
1079 }
1080
1081long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1082 {
1083 switch(cmd)
1084 {
1085 case SSL_CTRL_SET_MSG_CALLBACK:
1086 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1087 return 1;
1088
1089 default:
1090 return(s->method->ssl_callback_ctrl(s,cmd,fp));
1091 }
1092 }
1093
1094LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
1095 {
1096 return ctx->sessions;
1097 }
1098
1099long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1100 {
1101 long l;
1102
1103 switch (cmd)
1104 {
1105 case SSL_CTRL_GET_READ_AHEAD:
1106 return(ctx->read_ahead);
1107 case SSL_CTRL_SET_READ_AHEAD:
1108 l=ctx->read_ahead;
1109 ctx->read_ahead=larg;
1110 return(l);
1111
1112 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1113 ctx->msg_callback_arg = parg;
1114 return 1;
1115
1116 case SSL_CTRL_GET_MAX_CERT_LIST:
1117 return(ctx->max_cert_list);
1118 case SSL_CTRL_SET_MAX_CERT_LIST:
1119 l=ctx->max_cert_list;
1120 ctx->max_cert_list=larg;
1121 return(l);
1122
1123 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1124 l=ctx->session_cache_size;
1125 ctx->session_cache_size=larg;
1126 return(l);
1127 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1128 return(ctx->session_cache_size);
1129 case SSL_CTRL_SET_SESS_CACHE_MODE:
1130 l=ctx->session_cache_mode;
1131 ctx->session_cache_mode=larg;
1132 return(l);
1133 case SSL_CTRL_GET_SESS_CACHE_MODE:
1134 return(ctx->session_cache_mode);
1135
1136 case SSL_CTRL_SESS_NUMBER:
1137 return(lh_SSL_SESSION_num_items(ctx->sessions));
1138 case SSL_CTRL_SESS_CONNECT:
1139 return(ctx->stats.sess_connect);
1140 case SSL_CTRL_SESS_CONNECT_GOOD:
1141 return(ctx->stats.sess_connect_good);
1142 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1143 return(ctx->stats.sess_connect_renegotiate);
1144 case SSL_CTRL_SESS_ACCEPT:
1145 return(ctx->stats.sess_accept);
1146 case SSL_CTRL_SESS_ACCEPT_GOOD:
1147 return(ctx->stats.sess_accept_good);
1148 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1149 return(ctx->stats.sess_accept_renegotiate);
1150 case SSL_CTRL_SESS_HIT:
1151 return(ctx->stats.sess_hit);
1152 case SSL_CTRL_SESS_CB_HIT:
1153 return(ctx->stats.sess_cb_hit);
1154 case SSL_CTRL_SESS_MISSES:
1155 return(ctx->stats.sess_miss);
1156 case SSL_CTRL_SESS_TIMEOUTS:
1157 return(ctx->stats.sess_timeout);
1158 case SSL_CTRL_SESS_CACHE_FULL:
1159 return(ctx->stats.sess_cache_full);
1160 case SSL_CTRL_OPTIONS:
1161 return(ctx->options|=larg);
1162 case SSL_CTRL_CLEAR_OPTIONS:
1163 return(ctx->options&=~larg);
1164 case SSL_CTRL_MODE:
1165 return(ctx->mode|=larg);
1166 case SSL_CTRL_CLEAR_MODE:
1167 return(ctx->mode&=~larg);
1168 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1169 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1170 return 0;
1171 ctx->max_send_fragment = larg;
1172 return 1;
1173 default:
1174 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
1175 }
1176 }
1177
1178long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1179 {
1180 switch(cmd)
1181 {
1182 case SSL_CTRL_SET_MSG_CALLBACK:
1183 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1184 return 1;
1185
1186 default:
1187 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
1188 }
1189 }
1190
1191int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1192 {
1193 long l;
1194
1195 l=a->id-b->id;
1196 if (l == 0L)
1197 return(0);
1198 else
1199 return((l > 0)?1:-1);
1200 }
1201
1202int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1203 const SSL_CIPHER * const *bp)
1204 {
1205 long l;
1206
1207 l=(*ap)->id-(*bp)->id;
1208 if (l == 0L)
1209 return(0);
1210 else
1211 return((l > 0)?1:-1);
1212 }
1213
1214/** return a STACK of the ciphers available for the SSL and in order of
1215 * preference */
1216STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
1217 {
1218 if (s != NULL)
1219 {
1220 if (s->cipher_list != NULL)
1221 {
1222 return(s->cipher_list);
1223 }
1224 else if ((s->ctx != NULL) &&
1225 (s->ctx->cipher_list != NULL))
1226 {
1227 return(s->ctx->cipher_list);
1228 }
1229 }
1230 return(NULL);
1231 }
1232
1233/** return a STACK of the ciphers available for the SSL and in order of
1234 * algorithm id */
1235STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
1236 {
1237 if (s != NULL)
1238 {
1239 if (s->cipher_list_by_id != NULL)
1240 {
1241 return(s->cipher_list_by_id);
1242 }
1243 else if ((s->ctx != NULL) &&
1244 (s->ctx->cipher_list_by_id != NULL))
1245 {
1246 return(s->ctx->cipher_list_by_id);
1247 }
1248 }
1249 return(NULL);
1250 }
1251
1252/** The old interface to get the same thing as SSL_get_ciphers() */
1253const char *SSL_get_cipher_list(const SSL *s,int n)
1254 {
1255 SSL_CIPHER *c;
1256 STACK_OF(SSL_CIPHER) *sk;
1257
1258 if (s == NULL) return(NULL);
1259 sk=SSL_get_ciphers(s);
1260 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1261 return(NULL);
1262 c=sk_SSL_CIPHER_value(sk,n);
1263 if (c == NULL) return(NULL);
1264 return(c->name);
1265 }
1266
1267/** specify the ciphers to be used by default by the SSL_CTX */
1268int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1269 {
1270 STACK_OF(SSL_CIPHER) *sk;
1271
1272 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1273 &ctx->cipher_list_by_id,str);
1274 /* ssl_create_cipher_list may return an empty stack if it
1275 * was unable to find a cipher matching the given rule string
1276 * (for example if the rule string specifies a cipher which
1277 * has been disabled). This is not an error as far as
1278 * ssl_create_cipher_list is concerned, and hence
1279 * ctx->cipher_list and ctx->cipher_list_by_id has been
1280 * updated. */
1281 if (sk == NULL)
1282 return 0;
1283 else if (sk_SSL_CIPHER_num(sk) == 0)
1284 {
1285 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1286 return 0;
1287 }
1288 return 1;
1289 }
1290
1291/** specify the ciphers to be used by the SSL */
1292int SSL_set_cipher_list(SSL *s,const char *str)
1293 {
1294 STACK_OF(SSL_CIPHER) *sk;
1295
1296 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1297 &s->cipher_list_by_id,str);
1298 /* see comment in SSL_CTX_set_cipher_list */
1299 if (sk == NULL)
1300 return 0;
1301 else if (sk_SSL_CIPHER_num(sk) == 0)
1302 {
1303 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1304 return 0;
1305 }
1306 return 1;
1307 }
1308
1309/* works well for SSLv2, not so good for SSLv3 */
1310char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1311 {
1312 char *end;
1313 STACK_OF(SSL_CIPHER) *sk;
1314 SSL_CIPHER *c;
1315 size_t curlen = 0;
1316 int i;
1317
1318 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1319 (len < 2))
1320 return(NULL);
1321
1322 sk=s->session->ciphers;
1323 buf[0] = '\0';
1324 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1325 {
1326 c=sk_SSL_CIPHER_value(sk,i);
1327 end = buf + curlen;
1328 if (strlcat(buf, c->name, len) >= len ||
1329 (curlen = strlcat(buf, ":", len)) >= len)
1330 {
1331 /* remove truncated cipher from list */
1332 *end = '\0';
1333 break;
1334 }
1335 }
1336 /* remove trailing colon */
1337 if ((end = strrchr(buf, ':')) != NULL)
1338 *end = '\0';
1339 return(buf);
1340 }
1341
1342int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1343 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1344 {
1345 int i,j=0;
1346 SSL_CIPHER *c;
1347 unsigned char *q;
1348#ifndef OPENSSL_NO_KRB5
1349 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1350#endif /* OPENSSL_NO_KRB5 */
1351
1352 if (sk == NULL) return(0);
1353 q=p;
1354
1355 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1356 {
1357 c=sk_SSL_CIPHER_value(sk,i);
1358#ifndef OPENSSL_NO_KRB5
1359 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
1360 nokrb5)
1361 continue;
1362#endif /* OPENSSL_NO_KRB5 */
1363#ifndef OPENSSL_NO_PSK
1364 /* with PSK there must be client callback set */
1365 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
1366 s->psk_client_callback == NULL)
1367 continue;
1368#endif /* OPENSSL_NO_PSK */
1369 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1370 p+=j;
1371 }
1372 /* If p == q, no ciphers and caller indicates an error. Otherwise
1373 * add SCSV if not renegotiating.
1374 */
1375 if (p != q && !s->new_session)
1376 {
1377 static SSL_CIPHER scsv =
1378 {
1379 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1380 };
1381 j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
1382 p+=j;
1383#ifdef OPENSSL_RI_DEBUG
1384 fprintf(stderr, "SCSV sent by client\n");
1385#endif
1386 }
1387
1388 return(p-q);
1389 }
1390
1391STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1392 STACK_OF(SSL_CIPHER) **skp)
1393 {
1394 const SSL_CIPHER *c;
1395 STACK_OF(SSL_CIPHER) *sk;
1396 int i,n;
1397 if (s->s3)
1398 s->s3->send_connection_binding = 0;
1399
1400 n=ssl_put_cipher_by_char(s,NULL,NULL);
1401 if ((num%n) != 0)
1402 {
1403 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1404 return(NULL);
1405 }
1406 if ((skp == NULL) || (*skp == NULL))
1407 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1408 else
1409 {
1410 sk= *skp;
1411 sk_SSL_CIPHER_zero(sk);
1412 }
1413
1414 for (i=0; i<num; i+=n)
1415 {
1416 /* Check for SCSV */
1417 if (s->s3 && (n != 3 || !p[0]) &&
1418 (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1419 (p[n-1] == (SSL3_CK_SCSV & 0xff)))
1420 {
1421 /* SCSV fatal if renegotiating */
1422 if (s->new_session)
1423 {
1424 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1425 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1426 goto err;
1427 }
1428 s->s3->send_connection_binding = 1;
1429 p += n;
1430#ifdef OPENSSL_RI_DEBUG
1431 fprintf(stderr, "SCSV received by server\n");
1432#endif
1433 continue;
1434 }
1435
1436 c=ssl_get_cipher_by_char(s,p);
1437 p+=n;
1438 if (c != NULL)
1439 {
1440 if (!sk_SSL_CIPHER_push(sk,c))
1441 {
1442 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1443 goto err;
1444 }
1445 }
1446 }
1447
1448 if (skp != NULL)
1449 *skp=sk;
1450 return(sk);
1451err:
1452 if ((skp == NULL) || (*skp == NULL))
1453 sk_SSL_CIPHER_free(sk);
1454 return(NULL);
1455 }
1456
1457
1458#ifndef OPENSSL_NO_TLSEXT
1459/** return a servername extension value if provided in Client Hello, or NULL.
1460 * So far, only host_name types are defined (RFC 3546).
1461 */
1462
1463const char *SSL_get_servername(const SSL *s, const int type)
1464 {
1465 if (type != TLSEXT_NAMETYPE_host_name)
1466 return NULL;
1467
1468 return s->session && !s->tlsext_hostname ?
1469 s->session->tlsext_hostname :
1470 s->tlsext_hostname;
1471 }
1472
1473int SSL_get_servername_type(const SSL *s)
1474 {
1475 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1476 return TLSEXT_NAMETYPE_host_name;
1477 return -1;
1478 }
1479#endif
1480
1481static unsigned long ssl_session_hash(const SSL_SESSION *a)
1482 {
1483 unsigned long l;
1484
1485 l=(unsigned long)
1486 ((unsigned int) a->session_id[0] )|
1487 ((unsigned int) a->session_id[1]<< 8L)|
1488 ((unsigned long)a->session_id[2]<<16L)|
1489 ((unsigned long)a->session_id[3]<<24L);
1490 return(l);
1491 }
1492
1493/* NB: If this function (or indeed the hash function which uses a sort of
1494 * coarser function than this one) is changed, ensure
1495 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1496 * able to construct an SSL_SESSION that will collide with any existing session
1497 * with a matching session ID. */
1498static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
1499 {
1500 if (a->ssl_version != b->ssl_version)
1501 return(1);
1502 if (a->session_id_length != b->session_id_length)
1503 return(1);
1504 return(memcmp(a->session_id,b->session_id,a->session_id_length));
1505 }
1506
1507/* These wrapper functions should remain rather than redeclaring
1508 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1509 * variable. The reason is that the functions aren't static, they're exposed via
1510 * ssl.h. */
1511static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1512static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1513
1514SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1515 {
1516 SSL_CTX *ret=NULL;
1517
1518 if (meth == NULL)
1519 {
1520 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1521 return(NULL);
1522 }
1523
1524 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1525 {
1526 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1527 goto err;
1528 }
1529 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1530 if (ret == NULL)
1531 goto err;
1532
1533 memset(ret,0,sizeof(SSL_CTX));
1534
1535 ret->method=meth;
1536
1537 ret->cert_store=NULL;
1538 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1539 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1540 ret->session_cache_head=NULL;
1541 ret->session_cache_tail=NULL;
1542
1543 /* We take the system default */
1544 ret->session_timeout=meth->get_timeout();
1545
1546 ret->new_session_cb=0;
1547 ret->remove_session_cb=0;
1548 ret->get_session_cb=0;
1549 ret->generate_session_id=0;
1550
1551 memset((char *)&ret->stats,0,sizeof(ret->stats));
1552
1553 ret->references=1;
1554 ret->quiet_shutdown=0;
1555
1556/* ret->cipher=NULL;*/
1557/* ret->s2->challenge=NULL;
1558 ret->master_key=NULL;
1559 ret->key_arg=NULL;
1560 ret->s2->conn_id=NULL; */
1561
1562 ret->info_callback=NULL;
1563
1564 ret->app_verify_callback=0;
1565 ret->app_verify_arg=NULL;
1566
1567 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
1568 ret->read_ahead=0;
1569 ret->msg_callback=0;
1570 ret->msg_callback_arg=NULL;
1571 ret->verify_mode=SSL_VERIFY_NONE;
1572#if 0
1573 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1574#endif
1575 ret->sid_ctx_length=0;
1576 ret->default_verify_callback=NULL;
1577 if ((ret->cert=ssl_cert_new()) == NULL)
1578 goto err;
1579
1580 ret->default_passwd_callback=0;
1581 ret->default_passwd_callback_userdata=NULL;
1582 ret->client_cert_cb=0;
1583 ret->app_gen_cookie_cb=0;
1584 ret->app_verify_cookie_cb=0;
1585
1586 ret->sessions=lh_SSL_SESSION_new();
1587 if (ret->sessions == NULL) goto err;
1588 ret->cert_store=X509_STORE_new();
1589 if (ret->cert_store == NULL) goto err;
1590
1591 ssl_create_cipher_list(ret->method,
1592 &ret->cipher_list,&ret->cipher_list_by_id,
1593 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
1594 if (ret->cipher_list == NULL
1595 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1596 {
1597 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1598 goto err2;
1599 }
1600
1601 ret->param = X509_VERIFY_PARAM_new();
1602 if (!ret->param)
1603 goto err;
1604
1605 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1606 {
1607 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1608 goto err2;
1609 }
1610 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1611 {
1612 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1613 goto err2;
1614 }
1615 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1616 {
1617 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1618 goto err2;
1619 }
1620
1621 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1622 goto err;
1623
1624 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1625
1626 ret->extra_certs=NULL;
1627 ret->comp_methods=SSL_COMP_get_compression_methods();
1628
1629 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1630
1631#ifndef OPENSSL_NO_TLSEXT
1632 ret->tlsext_servername_callback = 0;
1633 ret->tlsext_servername_arg = NULL;
1634 /* Setup RFC4507 ticket keys */
1635 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1636 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1637 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1638 ret->options |= SSL_OP_NO_TICKET;
1639
1640 ret->tlsext_status_cb = 0;
1641 ret->tlsext_status_arg = NULL;
1642
1643#endif
1644#ifndef OPENSSL_NO_PSK
1645 ret->psk_identity_hint=NULL;
1646 ret->psk_client_callback=NULL;
1647 ret->psk_server_callback=NULL;
1648#endif
1649#ifndef OPENSSL_NO_BUF_FREELISTS
1650 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1651 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1652 if (!ret->rbuf_freelist)
1653 goto err;
1654 ret->rbuf_freelist->chunklen = 0;
1655 ret->rbuf_freelist->len = 0;
1656 ret->rbuf_freelist->head = NULL;
1657 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1658 if (!ret->wbuf_freelist)
1659 {
1660 OPENSSL_free(ret->rbuf_freelist);
1661 goto err;
1662 }
1663 ret->wbuf_freelist->chunklen = 0;
1664 ret->wbuf_freelist->len = 0;
1665 ret->wbuf_freelist->head = NULL;
1666#endif
1667#ifndef OPENSSL_NO_ENGINE
1668 ret->client_cert_engine = NULL;
1669#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1670#define eng_strx(x) #x
1671#define eng_str(x) eng_strx(x)
1672 /* Use specific client engine automatically... ignore errors */
1673 {
1674 ENGINE *eng;
1675 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1676 if (!eng)
1677 {
1678 ERR_clear_error();
1679 ENGINE_load_builtin_engines();
1680 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1681 }
1682 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1683 ERR_clear_error();
1684 }
1685#endif
1686#endif
1687 /* Default is to connect to non-RI servers. When RI is more widely
1688 * deployed might change this.
1689 */
1690 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1691
1692 return(ret);
1693err:
1694 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1695err2:
1696 if (ret != NULL) SSL_CTX_free(ret);
1697 return(NULL);
1698 }
1699
1700#if 0
1701static void SSL_COMP_free(SSL_COMP *comp)
1702 { OPENSSL_free(comp); }
1703#endif
1704
1705#ifndef OPENSSL_NO_BUF_FREELISTS
1706static void
1707ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1708 {
1709 SSL3_BUF_FREELIST_ENTRY *ent, *next;
1710 for (ent = list->head; ent; ent = next)
1711 {
1712 next = ent->next;
1713 OPENSSL_free(ent);
1714 }
1715 OPENSSL_free(list);
1716 }
1717#endif
1718
1719void SSL_CTX_free(SSL_CTX *a)
1720 {
1721 int i;
1722
1723 if (a == NULL) return;
1724
1725 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1726#ifdef REF_PRINT
1727 REF_PRINT("SSL_CTX",a);
1728#endif
1729 if (i > 0) return;
1730#ifdef REF_CHECK
1731 if (i < 0)
1732 {
1733 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1734 abort(); /* ok */
1735 }
1736#endif
1737
1738 if (a->param)
1739 X509_VERIFY_PARAM_free(a->param);
1740
1741 /*
1742 * Free internal session cache. However: the remove_cb() may reference
1743 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1744 * after the sessions were flushed.
1745 * As the ex_data handling routines might also touch the session cache,
1746 * the most secure solution seems to be: empty (flush) the cache, then
1747 * free ex_data, then finally free the cache.
1748 * (See ticket [openssl.org #212].)
1749 */
1750 if (a->sessions != NULL)
1751 SSL_CTX_flush_sessions(a,0);
1752
1753 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1754
1755 if (a->sessions != NULL)
1756 lh_SSL_SESSION_free(a->sessions);
1757
1758 if (a->cert_store != NULL)
1759 X509_STORE_free(a->cert_store);
1760 if (a->cipher_list != NULL)
1761 sk_SSL_CIPHER_free(a->cipher_list);
1762 if (a->cipher_list_by_id != NULL)
1763 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1764 if (a->cert != NULL)
1765 ssl_cert_free(a->cert);
1766 if (a->client_CA != NULL)
1767 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1768 if (a->extra_certs != NULL)
1769 sk_X509_pop_free(a->extra_certs,X509_free);
1770#if 0 /* This should never be done, since it removes a global database */
1771 if (a->comp_methods != NULL)
1772 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1773#else
1774 a->comp_methods = NULL;
1775#endif
1776
1777#ifndef OPENSSL_NO_PSK
1778 if (a->psk_identity_hint)
1779 OPENSSL_free(a->psk_identity_hint);
1780#endif
1781#ifndef OPENSSL_NO_ENGINE
1782 if (a->client_cert_engine)
1783 ENGINE_finish(a->client_cert_engine);
1784#endif
1785
1786#ifndef OPENSSL_NO_BUF_FREELISTS
1787 if (a->wbuf_freelist)
1788 ssl_buf_freelist_free(a->wbuf_freelist);
1789 if (a->rbuf_freelist)
1790 ssl_buf_freelist_free(a->rbuf_freelist);
1791#endif
1792
1793 OPENSSL_free(a);
1794 }
1795
1796void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1797 {
1798 ctx->default_passwd_callback=cb;
1799 }
1800
1801void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1802 {
1803 ctx->default_passwd_callback_userdata=u;
1804 }
1805
1806void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
1807 {
1808 ctx->app_verify_callback=cb;
1809 ctx->app_verify_arg=arg;
1810 }
1811
1812void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1813 {
1814 ctx->verify_mode=mode;
1815 ctx->default_verify_callback=cb;
1816 }
1817
1818void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1819 {
1820 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1821 }
1822
1823void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1824 {
1825 CERT_PKEY *cpk;
1826 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1827 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1828 int rsa_tmp_export,dh_tmp_export,kl;
1829 unsigned long mask_k,mask_a,emask_k,emask_a;
1830 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1831#ifndef OPENSSL_NO_ECDH
1832 int have_ecdh_tmp;
1833#endif
1834 X509 *x = NULL;
1835 EVP_PKEY *ecc_pkey = NULL;
1836 int signature_nid = 0, pk_nid = 0, md_nid = 0;
1837
1838 if (c == NULL) return;
1839
1840 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1841
1842#ifndef OPENSSL_NO_RSA
1843 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1844 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1845 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1846#else
1847 rsa_tmp=rsa_tmp_export=0;
1848#endif
1849#ifndef OPENSSL_NO_DH
1850 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1851 dh_tmp_export=(c->dh_tmp_cb != NULL ||
1852 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1853#else
1854 dh_tmp=dh_tmp_export=0;
1855#endif
1856
1857#ifndef OPENSSL_NO_ECDH
1858 have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
1859#endif
1860 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1861 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
1862 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1863 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1864 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1865 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1866 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1867 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1868 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1869 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1870 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1871/* FIX THIS EAY EAY EAY */
1872 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1873 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1874 cpk= &(c->pkeys[SSL_PKEY_ECC]);
1875 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
1876 mask_k=0;
1877 mask_a=0;
1878 emask_k=0;
1879 emask_a=0;
1880
1881
1882
1883#ifdef CIPHER_DEBUG
1884 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1885 rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
1886 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1887#endif
1888
1889 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
1890 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
1891 mask_k |= SSL_kGOST;
1892 mask_a |= SSL_aGOST01;
1893 }
1894 cpk = &(c->pkeys[SSL_PKEY_GOST94]);
1895 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
1896 mask_k |= SSL_kGOST;
1897 mask_a |= SSL_aGOST94;
1898 }
1899
1900 if (rsa_enc || (rsa_tmp && rsa_sign))
1901 mask_k|=SSL_kRSA;
1902 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1903 emask_k|=SSL_kRSA;
1904
1905#if 0
1906 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1907 if ( (dh_tmp || dh_rsa || dh_dsa) &&
1908 (rsa_enc || rsa_sign || dsa_sign))
1909 mask_k|=SSL_kEDH;
1910 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1911 (rsa_enc || rsa_sign || dsa_sign))
1912 emask_k|=SSL_kEDH;
1913#endif
1914
1915 if (dh_tmp_export)
1916 emask_k|=SSL_kEDH;
1917
1918 if (dh_tmp)
1919 mask_k|=SSL_kEDH;
1920
1921 if (dh_rsa) mask_k|=SSL_kDHr;
1922 if (dh_rsa_export) emask_k|=SSL_kDHr;
1923
1924 if (dh_dsa) mask_k|=SSL_kDHd;
1925 if (dh_dsa_export) emask_k|=SSL_kDHd;
1926
1927 if (rsa_enc || rsa_sign)
1928 {
1929 mask_a|=SSL_aRSA;
1930 emask_a|=SSL_aRSA;
1931 }
1932
1933 if (dsa_sign)
1934 {
1935 mask_a|=SSL_aDSS;
1936 emask_a|=SSL_aDSS;
1937 }
1938
1939 mask_a|=SSL_aNULL;
1940 emask_a|=SSL_aNULL;
1941
1942#ifndef OPENSSL_NO_KRB5
1943 mask_k|=SSL_kKRB5;
1944 mask_a|=SSL_aKRB5;
1945 emask_k|=SSL_kKRB5;
1946 emask_a|=SSL_aKRB5;
1947#endif
1948
1949 /* An ECC certificate may be usable for ECDH and/or
1950 * ECDSA cipher suites depending on the key usage extension.
1951 */
1952 if (have_ecc_cert)
1953 {
1954 /* This call populates extension flags (ex_flags) */
1955 x = (c->pkeys[SSL_PKEY_ECC]).x509;
1956 X509_check_purpose(x, -1, 0);
1957 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
1958 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
1959 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
1960 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
1961 ecc_pkey = X509_get_pubkey(x);
1962 ecc_pkey_size = (ecc_pkey != NULL) ?
1963 EVP_PKEY_bits(ecc_pkey) : 0;
1964 EVP_PKEY_free(ecc_pkey);
1965 if ((x->sig_alg) && (x->sig_alg->algorithm))
1966 {
1967 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
1968 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
1969 }
1970#ifndef OPENSSL_NO_ECDH
1971 if (ecdh_ok)
1972 {
1973
1974 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
1975 {
1976 mask_k|=SSL_kECDHr;
1977 mask_a|=SSL_aECDH;
1978 if (ecc_pkey_size <= 163)
1979 {
1980 emask_k|=SSL_kECDHr;
1981 emask_a|=SSL_aECDH;
1982 }
1983 }
1984
1985 if (pk_nid == NID_X9_62_id_ecPublicKey)
1986 {
1987 mask_k|=SSL_kECDHe;
1988 mask_a|=SSL_aECDH;
1989 if (ecc_pkey_size <= 163)
1990 {
1991 emask_k|=SSL_kECDHe;
1992 emask_a|=SSL_aECDH;
1993 }
1994 }
1995 }
1996#endif
1997#ifndef OPENSSL_NO_ECDSA
1998 if (ecdsa_ok)
1999 {
2000 mask_a|=SSL_aECDSA;
2001 emask_a|=SSL_aECDSA;
2002 }
2003#endif
2004 }
2005
2006#ifndef OPENSSL_NO_ECDH
2007 if (have_ecdh_tmp)
2008 {
2009 mask_k|=SSL_kEECDH;
2010 emask_k|=SSL_kEECDH;
2011 }
2012#endif
2013
2014#ifndef OPENSSL_NO_PSK
2015 mask_k |= SSL_kPSK;
2016 mask_a |= SSL_aPSK;
2017 emask_k |= SSL_kPSK;
2018 emask_a |= SSL_aPSK;
2019#endif
2020
2021 c->mask_k=mask_k;
2022 c->mask_a=mask_a;
2023 c->export_mask_k=emask_k;
2024 c->export_mask_a=emask_a;
2025 c->valid=1;
2026 }
2027
2028/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2029#define ku_reject(x, usage) \
2030 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2031
2032#ifndef OPENSSL_NO_EC
2033
2034int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
2035 {
2036 unsigned long alg_k, alg_a;
2037 EVP_PKEY *pkey = NULL;
2038 int keysize = 0;
2039 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2040
2041 alg_k = cs->algorithm_mkey;
2042 alg_a = cs->algorithm_auth;
2043
2044 if (SSL_C_IS_EXPORT(cs))
2045 {
2046 /* ECDH key length in export ciphers must be <= 163 bits */
2047 pkey = X509_get_pubkey(x);
2048 if (pkey == NULL) return 0;
2049 keysize = EVP_PKEY_bits(pkey);
2050 EVP_PKEY_free(pkey);
2051 if (keysize > 163) return 0;
2052 }
2053
2054 /* This call populates the ex_flags field correctly */
2055 X509_check_purpose(x, -1, 0);
2056 if ((x->sig_alg) && (x->sig_alg->algorithm))
2057 {
2058 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2059 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2060 }
2061 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
2062 {
2063 /* key usage, if present, must allow key agreement */
2064 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
2065 {
2066 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2067 return 0;
2068 }
2069 if (alg_k & SSL_kECDHe)
2070 {
2071 /* signature alg must be ECDSA */
2072 if (pk_nid != NID_X9_62_id_ecPublicKey)
2073 {
2074 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2075 return 0;
2076 }
2077 }
2078 if (alg_k & SSL_kECDHr)
2079 {
2080 /* signature alg must be RSA */
2081
2082 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
2083 {
2084 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2085 return 0;
2086 }
2087 }
2088 }
2089 if (alg_a & SSL_aECDSA)
2090 {
2091 /* key usage, if present, must allow signing */
2092 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
2093 {
2094 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2095 return 0;
2096 }
2097 }
2098
2099 return 1; /* all checks are ok */
2100 }
2101
2102#endif
2103
2104/* THIS NEEDS CLEANING UP */
2105X509 *ssl_get_server_send_cert(SSL *s)
2106 {
2107 unsigned long alg_k,alg_a;
2108 CERT *c;
2109 int i;
2110
2111 c=s->cert;
2112 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2113
2114 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2115 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2116
2117 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2118 {
2119 /* we don't need to look at SSL_kEECDH
2120 * since no certificate is needed for
2121 * anon ECDH and for authenticated
2122 * EECDH, the check for the auth
2123 * algorithm will set i correctly
2124 * NOTE: For ECDH-RSA, we need an ECC
2125 * not an RSA cert but for EECDH-RSA
2126 * we need an RSA cert. Placing the
2127 * checks for SSL_kECDH before RSA
2128 * checks ensures the correct cert is chosen.
2129 */
2130 i=SSL_PKEY_ECC;
2131 }
2132 else if (alg_a & SSL_aECDSA)
2133 {
2134 i=SSL_PKEY_ECC;
2135 }
2136 else if (alg_k & SSL_kDHr)
2137 i=SSL_PKEY_DH_RSA;
2138 else if (alg_k & SSL_kDHd)
2139 i=SSL_PKEY_DH_DSA;
2140 else if (alg_a & SSL_aDSS)
2141 i=SSL_PKEY_DSA_SIGN;
2142 else if (alg_a & SSL_aRSA)
2143 {
2144 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2145 i=SSL_PKEY_RSA_SIGN;
2146 else
2147 i=SSL_PKEY_RSA_ENC;
2148 }
2149 else if (alg_a & SSL_aKRB5)
2150 {
2151 /* VRS something else here? */
2152 return(NULL);
2153 }
2154 else if (alg_a & SSL_aGOST94)
2155 i=SSL_PKEY_GOST94;
2156 else if (alg_a & SSL_aGOST01)
2157 i=SSL_PKEY_GOST01;
2158 else /* if (alg_a & SSL_aNULL) */
2159 {
2160 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
2161 return(NULL);
2162 }
2163 if (c->pkeys[i].x509 == NULL) return(NULL);
2164
2165 return(c->pkeys[i].x509);
2166 }
2167
2168EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
2169 {
2170 unsigned long alg_a;
2171 CERT *c;
2172
2173 alg_a = cipher->algorithm_auth;
2174 c=s->cert;
2175
2176 if ((alg_a & SSL_aDSS) &&
2177 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2178 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
2179 else if (alg_a & SSL_aRSA)
2180 {
2181 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2182 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
2183 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2184 return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
2185 else
2186 return(NULL);
2187 }
2188 else if ((alg_a & SSL_aECDSA) &&
2189 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2190 return(c->pkeys[SSL_PKEY_ECC].privatekey);
2191 else /* if (alg_a & SSL_aNULL) */
2192 {
2193 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
2194 return(NULL);
2195 }
2196 }
2197
2198void ssl_update_cache(SSL *s,int mode)
2199 {
2200 int i;
2201
2202 /* If the session_id_length is 0, we are not supposed to cache it,
2203 * and it would be rather hard to do anyway :-) */
2204 if (s->session->session_id_length == 0) return;
2205
2206 i=s->session_ctx->session_cache_mode;
2207 if ((i & mode) && (!s->hit)
2208 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2209 || SSL_CTX_add_session(s->session_ctx,s->session))
2210 && (s->session_ctx->new_session_cb != NULL))
2211 {
2212 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
2213 if (!s->session_ctx->new_session_cb(s,s->session))
2214 SSL_SESSION_free(s->session);
2215 }
2216
2217 /* auto flush every 255 connections */
2218 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2219 ((i & mode) == mode))
2220 {
2221 if ( (((mode & SSL_SESS_CACHE_CLIENT)
2222 ?s->session_ctx->stats.sess_connect_good
2223 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
2224 {
2225 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2226 }
2227 }
2228 }
2229
2230const SSL_METHOD *SSL_get_ssl_method(SSL *s)
2231 {
2232 return(s->method);
2233 }
2234
2235int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2236 {
2237 int conn= -1;
2238 int ret=1;
2239
2240 if (s->method != meth)
2241 {
2242 if (s->handshake_func != NULL)
2243 conn=(s->handshake_func == s->method->ssl_connect);
2244
2245 if (s->method->version == meth->version)
2246 s->method=meth;
2247 else
2248 {
2249 s->method->ssl_free(s);
2250 s->method=meth;
2251 ret=s->method->ssl_new(s);
2252 }
2253
2254 if (conn == 1)
2255 s->handshake_func=meth->ssl_connect;
2256 else if (conn == 0)
2257 s->handshake_func=meth->ssl_accept;
2258 }
2259 return(ret);
2260 }
2261
2262int SSL_get_error(const SSL *s,int i)
2263 {
2264 int reason;
2265 unsigned long l;
2266 BIO *bio;
2267
2268 if (i > 0) return(SSL_ERROR_NONE);
2269
2270 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2271 * etc, where we do encode the error */
2272 if ((l=ERR_peek_error()) != 0)
2273 {
2274 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2275 return(SSL_ERROR_SYSCALL);
2276 else
2277 return(SSL_ERROR_SSL);
2278 }
2279
2280 if ((i < 0) && SSL_want_read(s))
2281 {
2282 bio=SSL_get_rbio(s);
2283 if (BIO_should_read(bio))
2284 return(SSL_ERROR_WANT_READ);
2285 else if (BIO_should_write(bio))
2286 /* This one doesn't make too much sense ... We never try
2287 * to write to the rbio, and an application program where
2288 * rbio and wbio are separate couldn't even know what it
2289 * should wait for.
2290 * However if we ever set s->rwstate incorrectly
2291 * (so that we have SSL_want_read(s) instead of
2292 * SSL_want_write(s)) and rbio and wbio *are* the same,
2293 * this test works around that bug; so it might be safer
2294 * to keep it. */
2295 return(SSL_ERROR_WANT_WRITE);
2296 else if (BIO_should_io_special(bio))
2297 {
2298 reason=BIO_get_retry_reason(bio);
2299 if (reason == BIO_RR_CONNECT)
2300 return(SSL_ERROR_WANT_CONNECT);
2301 else if (reason == BIO_RR_ACCEPT)
2302 return(SSL_ERROR_WANT_ACCEPT);
2303 else
2304 return(SSL_ERROR_SYSCALL); /* unknown */
2305 }
2306 }
2307
2308 if ((i < 0) && SSL_want_write(s))
2309 {
2310 bio=SSL_get_wbio(s);
2311 if (BIO_should_write(bio))
2312 return(SSL_ERROR_WANT_WRITE);
2313 else if (BIO_should_read(bio))
2314 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2315 return(SSL_ERROR_WANT_READ);
2316 else if (BIO_should_io_special(bio))
2317 {
2318 reason=BIO_get_retry_reason(bio);
2319 if (reason == BIO_RR_CONNECT)
2320 return(SSL_ERROR_WANT_CONNECT);
2321 else if (reason == BIO_RR_ACCEPT)
2322 return(SSL_ERROR_WANT_ACCEPT);
2323 else
2324 return(SSL_ERROR_SYSCALL);
2325 }
2326 }
2327 if ((i < 0) && SSL_want_x509_lookup(s))
2328 {
2329 return(SSL_ERROR_WANT_X509_LOOKUP);
2330 }
2331
2332 if (i == 0)
2333 {
2334 if (s->version == SSL2_VERSION)
2335 {
2336 /* assume it is the socket being closed */
2337 return(SSL_ERROR_ZERO_RETURN);
2338 }
2339 else
2340 {
2341 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2342 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2343 return(SSL_ERROR_ZERO_RETURN);
2344 }
2345 }
2346 return(SSL_ERROR_SYSCALL);
2347 }
2348
2349int SSL_do_handshake(SSL *s)
2350 {
2351 int ret=1;
2352
2353 if (s->handshake_func == NULL)
2354 {
2355 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
2356 return(-1);
2357 }
2358
2359 s->method->ssl_renegotiate_check(s);
2360
2361 if (SSL_in_init(s) || SSL_in_before(s))
2362 {
2363 ret=s->handshake_func(s);
2364 }
2365 return(ret);
2366 }
2367
2368/* For the next 2 functions, SSL_clear() sets shutdown and so
2369 * one of these calls will reset it */
2370void SSL_set_accept_state(SSL *s)
2371 {
2372 s->server=1;
2373 s->shutdown=0;
2374 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
2375 s->handshake_func=s->method->ssl_accept;
2376 /* clear the current cipher */
2377 ssl_clear_cipher_ctx(s);
2378 ssl_clear_hash_ctx(&s->read_hash);
2379 ssl_clear_hash_ctx(&s->write_hash);
2380 }
2381
2382void SSL_set_connect_state(SSL *s)
2383 {
2384 s->server=0;
2385 s->shutdown=0;
2386 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
2387 s->handshake_func=s->method->ssl_connect;
2388 /* clear the current cipher */
2389 ssl_clear_cipher_ctx(s);
2390 ssl_clear_hash_ctx(&s->read_hash);
2391 ssl_clear_hash_ctx(&s->write_hash);
2392 }
2393
2394int ssl_undefined_function(SSL *s)
2395 {
2396 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2397 return(0);
2398 }
2399
2400int ssl_undefined_void_function(void)
2401 {
2402 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2403 return(0);
2404 }
2405
2406int ssl_undefined_const_function(const SSL *s)
2407 {
2408 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2409 return(0);
2410 }
2411
2412SSL_METHOD *ssl_bad_method(int ver)
2413 {
2414 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2415 return(NULL);
2416 }
2417
2418const char *SSL_get_version(const SSL *s)
2419 {
2420 if (s->version == TLS1_VERSION)
2421 return("TLSv1");
2422 else if (s->version == SSL3_VERSION)
2423 return("SSLv3");
2424 else if (s->version == SSL2_VERSION)
2425 return("SSLv2");
2426 else
2427 return("unknown");
2428 }
2429
2430SSL *SSL_dup(SSL *s)
2431 {
2432 STACK_OF(X509_NAME) *sk;
2433 X509_NAME *xn;
2434 SSL *ret;
2435 int i;
2436
2437 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2438 return(NULL);
2439
2440 ret->version = s->version;
2441 ret->type = s->type;
2442 ret->method = s->method;
2443
2444 if (s->session != NULL)
2445 {
2446 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2447 SSL_copy_session_id(ret,s);
2448 }
2449 else
2450 {
2451 /* No session has been established yet, so we have to expect
2452 * that s->cert or ret->cert will be changed later --
2453 * they should not both point to the same object,
2454 * and thus we can't use SSL_copy_session_id. */
2455
2456 ret->method->ssl_free(ret);
2457 ret->method = s->method;
2458 ret->method->ssl_new(ret);
2459
2460 if (s->cert != NULL)
2461 {
2462 if (ret->cert != NULL)
2463 {
2464 ssl_cert_free(ret->cert);
2465 }
2466 ret->cert = ssl_cert_dup(s->cert);
2467 if (ret->cert == NULL)
2468 goto err;
2469 }
2470
2471 SSL_set_session_id_context(ret,
2472 s->sid_ctx, s->sid_ctx_length);
2473 }
2474
2475 ret->options=s->options;
2476 ret->mode=s->mode;
2477 SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
2478 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
2479 ret->msg_callback = s->msg_callback;
2480 ret->msg_callback_arg = s->msg_callback_arg;
2481 SSL_set_verify(ret,SSL_get_verify_mode(s),
2482 SSL_get_verify_callback(s));
2483 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
2484 ret->generate_session_id = s->generate_session_id;
2485
2486 SSL_set_info_callback(ret,SSL_get_info_callback(s));
2487
2488 ret->debug=s->debug;
2489
2490 /* copy app data, a little dangerous perhaps */
2491 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
2492 goto err;
2493
2494 /* setup rbio, and wbio */
2495 if (s->rbio != NULL)
2496 {
2497 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2498 goto err;
2499 }
2500 if (s->wbio != NULL)
2501 {
2502 if (s->wbio != s->rbio)
2503 {
2504 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2505 goto err;
2506 }
2507 else
2508 ret->wbio=ret->rbio;
2509 }
2510 ret->rwstate = s->rwstate;
2511 ret->in_handshake = s->in_handshake;
2512 ret->handshake_func = s->handshake_func;
2513 ret->server = s->server;
2514 ret->new_session = s->new_session;
2515 ret->quiet_shutdown = s->quiet_shutdown;
2516 ret->shutdown=s->shutdown;
2517 ret->state=s->state; /* SSL_dup does not really work at any state, though */
2518 ret->rstate=s->rstate;
2519 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
2520 ret->hit=s->hit;
2521
2522 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2523
2524 /* dup the cipher_list and cipher_list_by_id stacks */
2525 if (s->cipher_list != NULL)
2526 {
2527 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2528 goto err;
2529 }
2530 if (s->cipher_list_by_id != NULL)
2531 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
2532 == NULL)
2533 goto err;
2534
2535 /* Dup the client_CA list */
2536 if (s->client_CA != NULL)
2537 {
2538 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2539 ret->client_CA=sk;
2540 for (i=0; i<sk_X509_NAME_num(sk); i++)
2541 {
2542 xn=sk_X509_NAME_value(sk,i);
2543 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
2544 {
2545 X509_NAME_free(xn);
2546 goto err;
2547 }
2548 }
2549 }
2550
2551 if (0)
2552 {
2553err:
2554 if (ret != NULL) SSL_free(ret);
2555 ret=NULL;
2556 }
2557 return(ret);
2558 }
2559
2560void ssl_clear_cipher_ctx(SSL *s)
2561 {
2562 if (s->enc_read_ctx != NULL)
2563 {
2564 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2565 OPENSSL_free(s->enc_read_ctx);
2566 s->enc_read_ctx=NULL;
2567 }
2568 if (s->enc_write_ctx != NULL)
2569 {
2570 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2571 OPENSSL_free(s->enc_write_ctx);
2572 s->enc_write_ctx=NULL;
2573 }
2574#ifndef OPENSSL_NO_COMP
2575 if (s->expand != NULL)
2576 {
2577 COMP_CTX_free(s->expand);
2578 s->expand=NULL;
2579 }
2580 if (s->compress != NULL)
2581 {
2582 COMP_CTX_free(s->compress);
2583 s->compress=NULL;
2584 }
2585#endif
2586 }
2587
2588/* Fix this function so that it takes an optional type parameter */
2589X509 *SSL_get_certificate(const SSL *s)
2590 {
2591 if (s->cert != NULL)
2592 return(s->cert->key->x509);
2593 else
2594 return(NULL);
2595 }
2596
2597/* Fix this function so that it takes an optional type parameter */
2598EVP_PKEY *SSL_get_privatekey(SSL *s)
2599 {
2600 if (s->cert != NULL)
2601 return(s->cert->key->privatekey);
2602 else
2603 return(NULL);
2604 }
2605
2606const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
2607 {
2608 if ((s->session != NULL) && (s->session->cipher != NULL))
2609 return(s->session->cipher);
2610 return(NULL);
2611 }
2612#ifdef OPENSSL_NO_COMP
2613const void *SSL_get_current_compression(SSL *s)
2614 {
2615 return NULL;
2616 }
2617const void *SSL_get_current_expansion(SSL *s)
2618 {
2619 return NULL;
2620 }
2621#else
2622
2623const COMP_METHOD *SSL_get_current_compression(SSL *s)
2624 {
2625 if (s->compress != NULL)
2626 return(s->compress->meth);
2627 return(NULL);
2628 }
2629
2630const COMP_METHOD *SSL_get_current_expansion(SSL *s)
2631 {
2632 if (s->expand != NULL)
2633 return(s->expand->meth);
2634 return(NULL);
2635 }
2636#endif
2637
2638int ssl_init_wbio_buffer(SSL *s,int push)
2639 {
2640 BIO *bbio;
2641
2642 if (s->bbio == NULL)
2643 {
2644 bbio=BIO_new(BIO_f_buffer());
2645 if (bbio == NULL) return(0);
2646 s->bbio=bbio;
2647 }
2648 else
2649 {
2650 bbio=s->bbio;
2651 if (s->bbio == s->wbio)
2652 s->wbio=BIO_pop(s->wbio);
2653 }
2654 (void)BIO_reset(bbio);
2655/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2656 if (!BIO_set_read_buffer_size(bbio,1))
2657 {
2658 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
2659 return(0);
2660 }
2661 if (push)
2662 {
2663 if (s->wbio != bbio)
2664 s->wbio=BIO_push(bbio,s->wbio);
2665 }
2666 else
2667 {
2668 if (s->wbio == bbio)
2669 s->wbio=BIO_pop(bbio);
2670 }
2671 return(1);
2672 }
2673
2674void ssl_free_wbio_buffer(SSL *s)
2675 {
2676 if (s->bbio == NULL) return;
2677
2678 if (s->bbio == s->wbio)
2679 {
2680 /* remove buffering */
2681 s->wbio=BIO_pop(s->wbio);
2682#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2683 assert(s->wbio != NULL);
2684#endif
2685 }
2686 BIO_free(s->bbio);
2687 s->bbio=NULL;
2688 }
2689
2690void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2691 {
2692 ctx->quiet_shutdown=mode;
2693 }
2694
2695int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2696 {
2697 return(ctx->quiet_shutdown);
2698 }
2699
2700void SSL_set_quiet_shutdown(SSL *s,int mode)
2701 {
2702 s->quiet_shutdown=mode;
2703 }
2704
2705int SSL_get_quiet_shutdown(const SSL *s)
2706 {
2707 return(s->quiet_shutdown);
2708 }
2709
2710void SSL_set_shutdown(SSL *s,int mode)
2711 {
2712 s->shutdown=mode;
2713 }
2714
2715int SSL_get_shutdown(const SSL *s)
2716 {
2717 return(s->shutdown);
2718 }
2719
2720int SSL_version(const SSL *s)
2721 {
2722 return(s->version);
2723 }
2724
2725SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
2726 {
2727 return(ssl->ctx);
2728 }
2729
2730SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2731 {
2732 if (ssl->ctx == ctx)
2733 return ssl->ctx;
2734#ifndef OPENSSL_NO_TLSEXT
2735 if (ctx == NULL)
2736 ctx = ssl->initial_ctx;
2737#endif
2738 if (ssl->cert != NULL)
2739 ssl_cert_free(ssl->cert);
2740 ssl->cert = ssl_cert_dup(ctx->cert);
2741 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
2742 if (ssl->ctx != NULL)
2743 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2744 ssl->ctx = ctx;
2745 return(ssl->ctx);
2746 }
2747
2748#ifndef OPENSSL_NO_STDIO
2749int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2750 {
2751 return(X509_STORE_set_default_paths(ctx->cert_store));
2752 }
2753
2754int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2755 const char *CApath)
2756 {
2757 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
2758 }
2759#endif
2760
2761void SSL_set_info_callback(SSL *ssl,
2762 void (*cb)(const SSL *ssl,int type,int val))
2763 {
2764 ssl->info_callback=cb;
2765 }
2766
2767/* One compiler (Diab DCC) doesn't like argument names in returned
2768 function pointer. */
2769void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2770 {
2771 return ssl->info_callback;
2772 }
2773
2774int SSL_state(const SSL *ssl)
2775 {
2776 return(ssl->state);
2777 }
2778
2779void SSL_set_verify_result(SSL *ssl,long arg)
2780 {
2781 ssl->verify_result=arg;
2782 }
2783
2784long SSL_get_verify_result(const SSL *ssl)
2785 {
2786 return(ssl->verify_result);
2787 }
2788
2789int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2790 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2791 {
2792 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2793 new_func, dup_func, free_func);
2794 }
2795
2796int SSL_set_ex_data(SSL *s,int idx,void *arg)
2797 {
2798 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2799 }
2800
2801void *SSL_get_ex_data(const SSL *s,int idx)
2802 {
2803 return(CRYPTO_get_ex_data(&s->ex_data,idx));
2804 }
2805
2806int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2807 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2808 {
2809 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2810 new_func, dup_func, free_func);
2811 }
2812
2813int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
2814 {
2815 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2816 }
2817
2818void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
2819 {
2820 return(CRYPTO_get_ex_data(&s->ex_data,idx));
2821 }
2822
2823int ssl_ok(SSL *s)
2824 {
2825 return(1);
2826 }
2827
2828X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
2829 {
2830 return(ctx->cert_store);
2831 }
2832
2833void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
2834 {
2835 if (ctx->cert_store != NULL)
2836 X509_STORE_free(ctx->cert_store);
2837 ctx->cert_store=store;
2838 }
2839
2840int SSL_want(const SSL *s)
2841 {
2842 return(s->rwstate);
2843 }
2844
2845/*!
2846 * \brief Set the callback for generating temporary RSA keys.
2847 * \param ctx the SSL context.
2848 * \param cb the callback
2849 */
2850
2851#ifndef OPENSSL_NO_RSA
2852void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
2853 int is_export,
2854 int keylength))
2855 {
2856 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2857 }
2858
2859void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
2860 int is_export,
2861 int keylength))
2862 {
2863 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2864 }
2865#endif
2866
2867#ifdef DOXYGEN
2868/*!
2869 * \brief The RSA temporary key callback function.
2870 * \param ssl the SSL session.
2871 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
2872 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
2873 * of the required key in bits.
2874 * \return the temporary RSA key.
2875 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
2876 */
2877
2878RSA *cb(SSL *ssl,int is_export,int keylength)
2879 {}
2880#endif
2881
2882/*!
2883 * \brief Set the callback for generating temporary DH keys.
2884 * \param ctx the SSL context.
2885 * \param dh the callback
2886 */
2887
2888#ifndef OPENSSL_NO_DH
2889void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
2890 int keylength))
2891 {
2892 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2893 }
2894
2895void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2896 int keylength))
2897 {
2898 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2899 }
2900#endif
2901
2902#ifndef OPENSSL_NO_ECDH
2903void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2904 int keylength))
2905 {
2906 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2907 }
2908
2909void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2910 int keylength))
2911 {
2912 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2913 }
2914#endif
2915
2916#ifndef OPENSSL_NO_PSK
2917int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
2918 {
2919 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
2920 {
2921 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
2922 return 0;
2923 }
2924 if (ctx->psk_identity_hint != NULL)
2925 OPENSSL_free(ctx->psk_identity_hint);
2926 if (identity_hint != NULL)
2927 {
2928 ctx->psk_identity_hint = BUF_strdup(identity_hint);
2929 if (ctx->psk_identity_hint == NULL)
2930 return 0;
2931 }
2932 else
2933 ctx->psk_identity_hint = NULL;
2934 return 1;
2935 }
2936
2937int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
2938 {
2939 if (s == NULL)
2940 return 0;
2941
2942 if (s->session == NULL)
2943 return 1; /* session not created yet, ignored */
2944
2945 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
2946 {
2947 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
2948 return 0;
2949 }
2950 if (s->session->psk_identity_hint != NULL)
2951 OPENSSL_free(s->session->psk_identity_hint);
2952 if (identity_hint != NULL)
2953 {
2954 s->session->psk_identity_hint = BUF_strdup(identity_hint);
2955 if (s->session->psk_identity_hint == NULL)
2956 return 0;
2957 }
2958 else
2959 s->session->psk_identity_hint = NULL;
2960 return 1;
2961 }
2962
2963const char *SSL_get_psk_identity_hint(const SSL *s)
2964 {
2965 if (s == NULL || s->session == NULL)
2966 return NULL;
2967 return(s->session->psk_identity_hint);
2968 }
2969
2970const char *SSL_get_psk_identity(const SSL *s)
2971 {
2972 if (s == NULL || s->session == NULL)
2973 return NULL;
2974 return(s->session->psk_identity);
2975 }
2976
2977void SSL_set_psk_client_callback(SSL *s,
2978 unsigned int (*cb)(SSL *ssl, const char *hint,
2979 char *identity, unsigned int max_identity_len, unsigned char *psk,
2980 unsigned int max_psk_len))
2981 {
2982 s->psk_client_callback = cb;
2983 }
2984
2985void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
2986 unsigned int (*cb)(SSL *ssl, const char *hint,
2987 char *identity, unsigned int max_identity_len, unsigned char *psk,
2988 unsigned int max_psk_len))
2989 {
2990 ctx->psk_client_callback = cb;
2991 }
2992
2993void SSL_set_psk_server_callback(SSL *s,
2994 unsigned int (*cb)(SSL *ssl, const char *identity,
2995 unsigned char *psk, unsigned int max_psk_len))
2996 {
2997 s->psk_server_callback = cb;
2998 }
2999
3000void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3001 unsigned int (*cb)(SSL *ssl, const char *identity,
3002 unsigned char *psk, unsigned int max_psk_len))
3003 {
3004 ctx->psk_server_callback = cb;
3005 }
3006#endif
3007
3008void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3009 {
3010 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3011 }
3012void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3013 {
3014 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3015 }
3016
3017/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3018 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
3019 * any. If EVP_MD pointer is passed, initializes ctx with this md
3020 * Returns newly allocated ctx;
3021 */
3022
3023EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
3024{
3025 ssl_clear_hash_ctx(hash);
3026 *hash = EVP_MD_CTX_create();
3027 if (md) EVP_DigestInit_ex(*hash,md,NULL);
3028 return *hash;
3029}
3030void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3031{
3032
3033 if (*hash) EVP_MD_CTX_destroy(*hash);
3034 *hash=NULL;
3035}
3036
3037#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
3038#include "../crypto/bio/bss_file.c"
3039#endif
3040
3041IMPLEMENT_STACK_OF(SSL_CIPHER)
3042IMPLEMENT_STACK_OF(SSL_COMP)
3043IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3044 ssl_cipher_id);
3045
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index cea622a2a6..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,1079 +0,0 @@
1/* ssl/ssl_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_LOCL_H
144#define HEADER_SSL_LOCL_H
145#include <stdlib.h>
146#include <time.h>
147#include <string.h>
148#include <errno.h>
149
150#include "e_os.h"
151
152#include <openssl/buffer.h>
153#ifndef OPENSSL_NO_COMP
154#include <openssl/comp.h>
155#endif
156#include <openssl/bio.h>
157#include <openssl/stack.h>
158#ifndef OPENSSL_NO_RSA
159#include <openssl/rsa.h>
160#endif
161#ifndef OPENSSL_NO_DSA
162#include <openssl/dsa.h>
163#endif
164#include <openssl/err.h>
165#include <openssl/ssl.h>
166#include <openssl/symhacks.h>
167
168#ifdef OPENSSL_BUILD_SHLIBSSL
169# undef OPENSSL_EXTERN
170# define OPENSSL_EXTERN OPENSSL_EXPORT
171#endif
172
173#define PKCS1_CHECK
174
175#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
176 l|=(((unsigned long)(*((c)++)))<< 8), \
177 l|=(((unsigned long)(*((c)++)))<<16), \
178 l|=(((unsigned long)(*((c)++)))<<24))
179
180/* NOTE - c is not incremented as per c2l */
181#define c2ln(c,l1,l2,n) { \
182 c+=n; \
183 l1=l2=0; \
184 switch (n) { \
185 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
186 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
187 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
188 case 5: l2|=((unsigned long)(*(--(c)))); \
189 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
190 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
191 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
192 case 1: l1|=((unsigned long)(*(--(c)))); \
193 } \
194 }
195
196#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
197 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
198 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
199 *((c)++)=(unsigned char)(((l)>>24)&0xff))
200
201#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
202 l|=((unsigned long)(*((c)++)))<<16, \
203 l|=((unsigned long)(*((c)++)))<< 8, \
204 l|=((unsigned long)(*((c)++))))
205
206#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
207 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
208 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
209 *((c)++)=(unsigned char)(((l) )&0xff))
210
211#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
212 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
213 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
214 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
215 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
216 *((c)++)=(unsigned char)(((l) )&0xff))
217
218#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
219 l|=((BN_ULLONG)(*((c)++)))<<32, \
220 l|=((BN_ULLONG)(*((c)++)))<<24, \
221 l|=((BN_ULLONG)(*((c)++)))<<16, \
222 l|=((BN_ULLONG)(*((c)++)))<< 8, \
223 l|=((BN_ULLONG)(*((c)++))))
224
225/* NOTE - c is not incremented as per l2c */
226#define l2cn(l1,l2,c,n) { \
227 c+=n; \
228 switch (n) { \
229 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
230 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
231 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
232 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
233 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
234 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
235 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
236 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
237 } \
238 }
239
240#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
241 (((unsigned int)(c[1])) )),c+=2)
242#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
243 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
244
245#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
246 (((unsigned long)(c[1]))<< 8)| \
247 (((unsigned long)(c[2])) )),c+=3)
248
249#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
250 c[1]=(unsigned char)(((l)>> 8)&0xff), \
251 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
252
253/* LOCAL STUFF */
254
255#define SSL_DECRYPT 0
256#define SSL_ENCRYPT 1
257
258#define TWO_BYTE_BIT 0x80
259#define SEC_ESC_BIT 0x40
260#define TWO_BYTE_MASK 0x7fff
261#define THREE_BYTE_MASK 0x3fff
262
263#define INC32(a) ((a)=((a)+1)&0xffffffffL)
264#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
265#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
266
267/*
268 * Define the Bitmasks for SSL_CIPHER.algorithms.
269 * This bits are used packed as dense as possible. If new methods/ciphers
270 * etc will be added, the bits a likely to change, so this information
271 * is for internal library use only, even though SSL_CIPHER.algorithms
272 * can be publicly accessed.
273 * Use the according functions for cipher management instead.
274 *
275 * The bit mask handling in the selection and sorting scheme in
276 * ssl_create_cipher_list() has only limited capabilities, reflecting
277 * that the different entities within are mutually exclusive:
278 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
279 */
280
281/* Bits for algorithm_mkey (key exchange algorithm) */
282#define SSL_kRSA 0x00000001L /* RSA key exchange */
283#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
284#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
285#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
286#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
287#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
288#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
289#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
290#define SSL_kPSK 0x00000100L /* PSK */
291#define SSL_kGOST 0x00000200L /* GOST key exchange */
292
293/* Bits for algorithm_auth (server authentication) */
294#define SSL_aRSA 0x00000001L /* RSA auth */
295#define SSL_aDSS 0x00000002L /* DSS auth */
296#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
297#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
298#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
299#define SSL_aKRB5 0x00000020L /* KRB5 auth */
300#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
301#define SSL_aPSK 0x00000080L /* PSK auth */
302#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
303#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
304
305
306/* Bits for algorithm_enc (symmetric encryption) */
307#define SSL_DES 0x00000001L
308#define SSL_3DES 0x00000002L
309#define SSL_RC4 0x00000004L
310#define SSL_RC2 0x00000008L
311#define SSL_IDEA 0x00000010L
312#define SSL_eNULL 0x00000020L
313#define SSL_AES128 0x00000040L
314#define SSL_AES256 0x00000080L
315#define SSL_CAMELLIA128 0x00000100L
316#define SSL_CAMELLIA256 0x00000200L
317#define SSL_eGOST2814789CNT 0x00000400L
318#define SSL_SEED 0x00000800L
319
320#define SSL_AES (SSL_AES128|SSL_AES256)
321#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
322
323
324/* Bits for algorithm_mac (symmetric authentication) */
325#define SSL_MD5 0x00000001L
326#define SSL_SHA1 0x00000002L
327#define SSL_GOST94 0x00000004L
328#define SSL_GOST89MAC 0x00000008L
329
330/* Bits for algorithm_ssl (protocol version) */
331#define SSL_SSLV2 0x00000001L
332#define SSL_SSLV3 0x00000002L
333#define SSL_TLSV1 SSL_SSLV3 /* for now */
334
335
336/* Bits for algorithm2 (handshake digests and other extra flags) */
337
338#define SSL_HANDSHAKE_MAC_MD5 0x10
339#define SSL_HANDSHAKE_MAC_SHA 0x20
340#define SSL_HANDSHAKE_MAC_GOST94 0x40
341#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
342
343/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
344 * make sure to update this constant too */
345#define SSL_MAX_DIGEST 4
346
347#define TLS1_PRF_DGST_SHIFT 8
348#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
349#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
350#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
351#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
352
353/* Stream MAC for GOST ciphersuites from cryptopro draft
354 * (currently this also goes into algorithm2) */
355#define TLS1_STREAM_MAC 0x04
356
357
358
359/*
360 * Export and cipher strength information. For each cipher we have to decide
361 * whether it is exportable or not. This information is likely to change
362 * over time, since the export control rules are no static technical issue.
363 *
364 * Independent of the export flag the cipher strength is sorted into classes.
365 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
366 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
367 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
368 * since SSL_EXP64 could be similar to SSL_LOW.
369 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
370 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
371 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
372 * be possible.
373 */
374#define SSL_EXP_MASK 0x00000003L
375#define SSL_STRONG_MASK 0x000001fcL
376
377#define SSL_NOT_EXP 0x00000001L
378#define SSL_EXPORT 0x00000002L
379
380#define SSL_STRONG_NONE 0x00000004L
381#define SSL_EXP40 0x00000008L
382#define SSL_MICRO (SSL_EXP40)
383#define SSL_EXP56 0x00000010L
384#define SSL_MINI (SSL_EXP56)
385#define SSL_LOW 0x00000020L
386#define SSL_MEDIUM 0x00000040L
387#define SSL_HIGH 0x00000080L
388#define SSL_FIPS 0x00000100L
389
390/* we have used 000001ff - 23 bits left to go */
391
392/*
393 * Macros to check the export status and cipher strength for export ciphers.
394 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
395 * their meaning is different:
396 * *_EXPORT macros check the 'exportable' status.
397 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
398 * is given.
399 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
400 * algorithm structure element to be passed (algorithms, algo_strength) and no
401 * typechecking can be done as they are all of type unsigned long, their
402 * direct usage is discouraged.
403 * Use the SSL_C_* macros instead.
404 */
405#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
406#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
407#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
408#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
409#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
410#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
411
412#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
413 (a) == SSL_DES ? 8 : 7)
414#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
415#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
416 (c)->algo_strength)
417#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
418
419
420
421
422/* Mostly for SSLv3 */
423#define SSL_PKEY_RSA_ENC 0
424#define SSL_PKEY_RSA_SIGN 1
425#define SSL_PKEY_DSA_SIGN 2
426#define SSL_PKEY_DH_RSA 3
427#define SSL_PKEY_DH_DSA 4
428#define SSL_PKEY_ECC 5
429#define SSL_PKEY_GOST94 6
430#define SSL_PKEY_GOST01 7
431#define SSL_PKEY_NUM 8
432
433/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
434 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
435 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
436 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
437 * SSL_aRSA <- RSA_ENC | RSA_SIGN
438 * SSL_aDSS <- DSA_SIGN
439 */
440
441/*
442#define CERT_INVALID 0
443#define CERT_PUBLIC_KEY 1
444#define CERT_PRIVATE_KEY 2
445*/
446
447#ifndef OPENSSL_NO_EC
448/* From ECC-TLS draft, used in encoding the curve type in
449 * ECParameters
450 */
451#define EXPLICIT_PRIME_CURVE_TYPE 1
452#define EXPLICIT_CHAR2_CURVE_TYPE 2
453#define NAMED_CURVE_TYPE 3
454#endif /* OPENSSL_NO_EC */
455
456typedef struct cert_pkey_st
457 {
458 X509 *x509;
459 EVP_PKEY *privatekey;
460 } CERT_PKEY;
461
462typedef struct cert_st
463 {
464 /* Current active set */
465 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
466 * Probably it would make more sense to store
467 * an index, not a pointer. */
468
469 /* The following masks are for the key and auth
470 * algorithms that are supported by the certs below */
471 int valid;
472 unsigned long mask_k;
473 unsigned long mask_a;
474 unsigned long export_mask_k;
475 unsigned long export_mask_a;
476#ifndef OPENSSL_NO_RSA
477 RSA *rsa_tmp;
478 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
479#endif
480#ifndef OPENSSL_NO_DH
481 DH *dh_tmp;
482 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
483#endif
484#ifndef OPENSSL_NO_ECDH
485 EC_KEY *ecdh_tmp;
486 /* Callback for generating ephemeral ECDH keys */
487 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
488#endif
489
490 CERT_PKEY pkeys[SSL_PKEY_NUM];
491
492 int references; /* >1 only if SSL_copy_session_id is used */
493 } CERT;
494
495
496typedef struct sess_cert_st
497 {
498 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
499
500 /* The 'peer_...' members are used only by clients. */
501 int peer_cert_type;
502
503 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
504 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
505 /* Obviously we don't have the private keys of these,
506 * so maybe we shouldn't even use the CERT_PKEY type here. */
507
508#ifndef OPENSSL_NO_RSA
509 RSA *peer_rsa_tmp; /* not used for SSL 2 */
510#endif
511#ifndef OPENSSL_NO_DH
512 DH *peer_dh_tmp; /* not used for SSL 2 */
513#endif
514#ifndef OPENSSL_NO_ECDH
515 EC_KEY *peer_ecdh_tmp;
516#endif
517
518 int references; /* actually always 1 at the moment */
519 } SESS_CERT;
520
521
522/*#define MAC_DEBUG */
523
524/*#define ERR_DEBUG */
525/*#define ABORT_DEBUG */
526/*#define PKT_DEBUG 1 */
527/*#define DES_DEBUG */
528/*#define DES_OFB_DEBUG */
529/*#define SSL_DEBUG */
530/*#define RSA_DEBUG */
531/*#define IDEA_DEBUG */
532
533#define FP_ICC (int (*)(const void *,const void *))
534#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
535 ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
536#define ssl_get_cipher_by_char(ssl,ptr) \
537 ((ssl)->method->get_cipher_by_char(ptr))
538
539/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
540 * It is a bit of a mess of functions, but hell, think of it as
541 * an opaque structure :-) */
542typedef struct ssl3_enc_method
543 {
544 int (*enc)(SSL *, int);
545 int (*mac)(SSL *, unsigned char *, int);
546 int (*setup_key_block)(SSL *);
547 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
548 int (*change_cipher_state)(SSL *, int);
549 int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
550 int finish_mac_length;
551 int (*cert_verify_mac)(SSL *, int, unsigned char *);
552 const char *client_finished_label;
553 int client_finished_label_len;
554 const char *server_finished_label;
555 int server_finished_label_len;
556 int (*alert_value)(int);
557 } SSL3_ENC_METHOD;
558
559#ifndef OPENSSL_NO_COMP
560/* Used for holding the relevant compression methods loaded into SSL_CTX */
561typedef struct ssl3_comp_st
562 {
563 int comp_id; /* The identifier byte for this compression type */
564 char *name; /* Text name used for the compression type */
565 COMP_METHOD *method; /* The method :-) */
566 } SSL3_COMP;
567#endif
568
569#ifndef OPENSSL_NO_BUF_FREELISTS
570typedef struct ssl3_buf_freelist_st
571 {
572 size_t chunklen;
573 unsigned int len;
574 struct ssl3_buf_freelist_entry_st *head;
575 } SSL3_BUF_FREELIST;
576
577typedef struct ssl3_buf_freelist_entry_st
578 {
579 struct ssl3_buf_freelist_entry_st *next;
580 } SSL3_BUF_FREELIST_ENTRY;
581#endif
582
583extern SSL3_ENC_METHOD ssl3_undef_enc_method;
584OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
585OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
586
587
588SSL_METHOD *ssl_bad_method(int ver);
589
590extern SSL3_ENC_METHOD TLSv1_enc_data;
591extern SSL3_ENC_METHOD SSLv3_enc_data;
592extern SSL3_ENC_METHOD DTLSv1_enc_data;
593
594#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
595const SSL_METHOD *func_name(void) \
596 { \
597 static const SSL_METHOD func_name##_data= { \
598 TLS1_VERSION, \
599 tls1_new, \
600 tls1_clear, \
601 tls1_free, \
602 s_accept, \
603 s_connect, \
604 ssl3_read, \
605 ssl3_peek, \
606 ssl3_write, \
607 ssl3_shutdown, \
608 ssl3_renegotiate, \
609 ssl3_renegotiate_check, \
610 ssl3_get_message, \
611 ssl3_read_bytes, \
612 ssl3_write_bytes, \
613 ssl3_dispatch_alert, \
614 ssl3_ctrl, \
615 ssl3_ctx_ctrl, \
616 ssl3_get_cipher_by_char, \
617 ssl3_put_cipher_by_char, \
618 ssl3_pending, \
619 ssl3_num_ciphers, \
620 ssl3_get_cipher, \
621 s_get_meth, \
622 tls1_default_timeout, \
623 &TLSv1_enc_data, \
624 ssl_undefined_void_function, \
625 ssl3_callback_ctrl, \
626 ssl3_ctx_callback_ctrl, \
627 }; \
628 return &func_name##_data; \
629 }
630
631#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
632const SSL_METHOD *func_name(void) \
633 { \
634 static const SSL_METHOD func_name##_data= { \
635 SSL3_VERSION, \
636 ssl3_new, \
637 ssl3_clear, \
638 ssl3_free, \
639 s_accept, \
640 s_connect, \
641 ssl3_read, \
642 ssl3_peek, \
643 ssl3_write, \
644 ssl3_shutdown, \
645 ssl3_renegotiate, \
646 ssl3_renegotiate_check, \
647 ssl3_get_message, \
648 ssl3_read_bytes, \
649 ssl3_write_bytes, \
650 ssl3_dispatch_alert, \
651 ssl3_ctrl, \
652 ssl3_ctx_ctrl, \
653 ssl3_get_cipher_by_char, \
654 ssl3_put_cipher_by_char, \
655 ssl3_pending, \
656 ssl3_num_ciphers, \
657 ssl3_get_cipher, \
658 s_get_meth, \
659 ssl3_default_timeout, \
660 &SSLv3_enc_data, \
661 ssl_undefined_void_function, \
662 ssl3_callback_ctrl, \
663 ssl3_ctx_callback_ctrl, \
664 }; \
665 return &func_name##_data; \
666 }
667
668#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
669const SSL_METHOD *func_name(void) \
670 { \
671 static const SSL_METHOD func_name##_data= { \
672 TLS1_VERSION, \
673 tls1_new, \
674 tls1_clear, \
675 tls1_free, \
676 s_accept, \
677 s_connect, \
678 ssl23_read, \
679 ssl23_peek, \
680 ssl23_write, \
681 ssl_undefined_function, \
682 ssl_undefined_function, \
683 ssl_ok, \
684 ssl3_get_message, \
685 ssl3_read_bytes, \
686 ssl3_write_bytes, \
687 ssl3_dispatch_alert, \
688 ssl3_ctrl, \
689 ssl3_ctx_ctrl, \
690 ssl23_get_cipher_by_char, \
691 ssl23_put_cipher_by_char, \
692 ssl_undefined_const_function, \
693 ssl23_num_ciphers, \
694 ssl23_get_cipher, \
695 s_get_meth, \
696 ssl23_default_timeout, \
697 &ssl3_undef_enc_method, \
698 ssl_undefined_void_function, \
699 ssl3_callback_ctrl, \
700 ssl3_ctx_callback_ctrl, \
701 }; \
702 return &func_name##_data; \
703 }
704
705#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
706const SSL_METHOD *func_name(void) \
707 { \
708 static const SSL_METHOD func_name##_data= { \
709 SSL2_VERSION, \
710 ssl2_new, /* local */ \
711 ssl2_clear, /* local */ \
712 ssl2_free, /* local */ \
713 s_accept, \
714 s_connect, \
715 ssl2_read, \
716 ssl2_peek, \
717 ssl2_write, \
718 ssl2_shutdown, \
719 ssl_ok, /* NULL - renegotiate */ \
720 ssl_ok, /* NULL - check renegotiate */ \
721 NULL, /* NULL - ssl_get_message */ \
722 NULL, /* NULL - ssl_get_record */ \
723 NULL, /* NULL - ssl_write_bytes */ \
724 NULL, /* NULL - dispatch_alert */ \
725 ssl2_ctrl, /* local */ \
726 ssl2_ctx_ctrl, /* local */ \
727 ssl2_get_cipher_by_char, \
728 ssl2_put_cipher_by_char, \
729 ssl2_pending, \
730 ssl2_num_ciphers, \
731 ssl2_get_cipher, \
732 s_get_meth, \
733 ssl2_default_timeout, \
734 &ssl3_undef_enc_method, \
735 ssl_undefined_void_function, \
736 ssl2_callback_ctrl, /* local */ \
737 ssl2_ctx_callback_ctrl, /* local */ \
738 }; \
739 return &func_name##_data; \
740 }
741
742#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
743const SSL_METHOD *func_name(void) \
744 { \
745 static const SSL_METHOD func_name##_data= { \
746 DTLS1_VERSION, \
747 dtls1_new, \
748 dtls1_clear, \
749 dtls1_free, \
750 s_accept, \
751 s_connect, \
752 ssl3_read, \
753 ssl3_peek, \
754 ssl3_write, \
755 ssl3_shutdown, \
756 ssl3_renegotiate, \
757 ssl3_renegotiate_check, \
758 dtls1_get_message, \
759 dtls1_read_bytes, \
760 dtls1_write_app_data_bytes, \
761 dtls1_dispatch_alert, \
762 dtls1_ctrl, \
763 ssl3_ctx_ctrl, \
764 ssl3_get_cipher_by_char, \
765 ssl3_put_cipher_by_char, \
766 ssl3_pending, \
767 ssl3_num_ciphers, \
768 dtls1_get_cipher, \
769 s_get_meth, \
770 dtls1_default_timeout, \
771 &DTLSv1_enc_data, \
772 ssl_undefined_void_function, \
773 ssl3_callback_ctrl, \
774 ssl3_ctx_callback_ctrl, \
775 }; \
776 return &func_name##_data; \
777 }
778
779void ssl_clear_cipher_ctx(SSL *s);
780int ssl_clear_bad_session(SSL *s);
781CERT *ssl_cert_new(void);
782CERT *ssl_cert_dup(CERT *cert);
783int ssl_cert_inst(CERT **o);
784void ssl_cert_free(CERT *c);
785SESS_CERT *ssl_sess_cert_new(void);
786void ssl_sess_cert_free(SESS_CERT *sc);
787int ssl_set_peer_cert_type(SESS_CERT *c, int type);
788int ssl_get_new_session(SSL *s, int session);
789int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
790int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
791DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
792 ssl_cipher_id);
793int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
794 const SSL_CIPHER * const *bp);
795STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
796 STACK_OF(SSL_CIPHER) **skp);
797int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
798 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
799STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
800 STACK_OF(SSL_CIPHER) **pref,
801 STACK_OF(SSL_CIPHER) **sorted,
802 const char *rule_str);
803void ssl_update_cache(SSL *s, int mode);
804int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
805 const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
806int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
807int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
808int ssl_undefined_function(SSL *s);
809int ssl_undefined_void_function(void);
810int ssl_undefined_const_function(const SSL *s);
811X509 *ssl_get_server_send_cert(SSL *);
812EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
813int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
814void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
815STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
816int ssl_verify_alarm_type(long type);
817void ssl_load_ciphers(void);
818
819int ssl2_enc_init(SSL *s, int client);
820int ssl2_generate_key_material(SSL *s);
821void ssl2_enc(SSL *s,int send_data);
822void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
823const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
824int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
825int ssl2_part_read(SSL *s, unsigned long f, int i);
826int ssl2_do_write(SSL *s);
827int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
828void ssl2_return_error(SSL *s,int reason);
829void ssl2_write_error(SSL *s);
830int ssl2_num_ciphers(void);
831const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
832int ssl2_new(SSL *s);
833void ssl2_free(SSL *s);
834int ssl2_accept(SSL *s);
835int ssl2_connect(SSL *s);
836int ssl2_read(SSL *s, void *buf, int len);
837int ssl2_peek(SSL *s, void *buf, int len);
838int ssl2_write(SSL *s, const void *buf, int len);
839int ssl2_shutdown(SSL *s);
840void ssl2_clear(SSL *s);
841long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
842long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
843long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
844long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
845int ssl2_pending(const SSL *s);
846long ssl2_default_timeout(void );
847
848const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
849int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
850void ssl3_init_finished_mac(SSL *s);
851int ssl3_send_server_certificate(SSL *s);
852int ssl3_send_newsession_ticket(SSL *s);
853int ssl3_send_cert_status(SSL *s);
854int ssl3_get_finished(SSL *s,int state_a,int state_b);
855int ssl3_setup_key_block(SSL *s);
856int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
857int ssl3_change_cipher_state(SSL *s,int which);
858void ssl3_cleanup_key_block(SSL *s);
859int ssl3_do_write(SSL *s,int type);
860int ssl3_send_alert(SSL *s,int level, int desc);
861int ssl3_generate_master_secret(SSL *s, unsigned char *out,
862 unsigned char *p, int len);
863int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
864long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
865int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
866int ssl3_num_ciphers(void);
867const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
868int ssl3_renegotiate(SSL *ssl);
869int ssl3_renegotiate_check(SSL *ssl);
870int ssl3_dispatch_alert(SSL *s);
871int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
872int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
873int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
874int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
875void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
876int ssl3_enc(SSL *s, int send_data);
877int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
878void ssl3_free_digest_list(SSL *s);
879unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
880SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
881 STACK_OF(SSL_CIPHER) *srvr);
882int ssl3_setup_buffers(SSL *s);
883int ssl3_setup_read_buffer(SSL *s);
884int ssl3_setup_write_buffer(SSL *s);
885int ssl3_release_read_buffer(SSL *s);
886int ssl3_release_write_buffer(SSL *s);
887int ssl3_digest_cached_records(SSL *s);
888int ssl3_new(SSL *s);
889void ssl3_free(SSL *s);
890int ssl3_accept(SSL *s);
891int ssl3_connect(SSL *s);
892int ssl3_read(SSL *s, void *buf, int len);
893int ssl3_peek(SSL *s, void *buf, int len);
894int ssl3_write(SSL *s, const void *buf, int len);
895int ssl3_shutdown(SSL *s);
896void ssl3_clear(SSL *s);
897long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
898long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
899long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
900long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
901int ssl3_pending(const SSL *s);
902
903void ssl3_record_sequence_update(unsigned char *seq);
904int ssl3_do_change_cipher_spec(SSL *ssl);
905long ssl3_default_timeout(void );
906
907int ssl23_num_ciphers(void );
908const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
909int ssl23_read(SSL *s, void *buf, int len);
910int ssl23_peek(SSL *s, void *buf, int len);
911int ssl23_write(SSL *s, const void *buf, int len);
912int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
913const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
914long ssl23_default_timeout(void );
915
916long tls1_default_timeout(void);
917int dtls1_do_write(SSL *s,int type);
918int ssl3_read_n(SSL *s, int n, int max, int extend);
919int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
920int ssl3_do_compress(SSL *ssl);
921int ssl3_do_uncompress(SSL *ssl);
922int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
923 unsigned int len);
924unsigned char *dtls1_set_message_header(SSL *s,
925 unsigned char *p, unsigned char mt, unsigned long len,
926 unsigned long frag_off, unsigned long frag_len);
927
928int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
929int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
930
931int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
932int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
933unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
934int dtls1_read_failed(SSL *s, int code);
935int dtls1_buffer_message(SSL *s, int ccs);
936int dtls1_retransmit_message(SSL *s, unsigned short seq,
937 unsigned long frag_off, int *found);
938int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
939int dtls1_retransmit_buffered_messages(SSL *s);
940void dtls1_clear_record_buffer(SSL *s);
941void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
942void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
943void dtls1_reset_seq_numbers(SSL *s, int rw);
944long dtls1_default_timeout(void);
945struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
946int dtls1_handle_timeout(SSL *s);
947const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
948void dtls1_start_timer(SSL *s);
949void dtls1_stop_timer(SSL *s);
950int dtls1_is_timer_expired(SSL *s);
951void dtls1_double_timeout(SSL *s);
952int dtls1_send_newsession_ticket(SSL *s);
953unsigned int dtls1_min_mtu(void);
954
955/* some client-only functions */
956int ssl3_client_hello(SSL *s);
957int ssl3_get_server_hello(SSL *s);
958int ssl3_get_certificate_request(SSL *s);
959int ssl3_get_new_session_ticket(SSL *s);
960int ssl3_get_cert_status(SSL *s);
961int ssl3_get_server_done(SSL *s);
962int ssl3_send_client_verify(SSL *s);
963int ssl3_send_client_certificate(SSL *s);
964int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
965int ssl3_send_client_key_exchange(SSL *s);
966int ssl3_get_key_exchange(SSL *s);
967int ssl3_get_server_certificate(SSL *s);
968int ssl3_check_cert_and_algorithm(SSL *s);
969#ifndef OPENSSL_NO_TLSEXT
970int ssl3_check_finished(SSL *s);
971#endif
972
973int dtls1_client_hello(SSL *s);
974int dtls1_send_client_certificate(SSL *s);
975int dtls1_send_client_key_exchange(SSL *s);
976int dtls1_send_client_verify(SSL *s);
977
978/* some server-only functions */
979int ssl3_get_client_hello(SSL *s);
980int ssl3_send_server_hello(SSL *s);
981int ssl3_send_hello_request(SSL *s);
982int ssl3_send_server_key_exchange(SSL *s);
983int ssl3_send_certificate_request(SSL *s);
984int ssl3_send_server_done(SSL *s);
985int ssl3_check_client_hello(SSL *s);
986int ssl3_get_client_certificate(SSL *s);
987int ssl3_get_client_key_exchange(SSL *s);
988int ssl3_get_cert_verify(SSL *s);
989
990int dtls1_send_hello_request(SSL *s);
991int dtls1_send_server_hello(SSL *s);
992int dtls1_send_server_certificate(SSL *s);
993int dtls1_send_server_key_exchange(SSL *s);
994int dtls1_send_certificate_request(SSL *s);
995int dtls1_send_server_done(SSL *s);
996
997
998
999int ssl23_accept(SSL *s);
1000int ssl23_connect(SSL *s);
1001int ssl23_read_bytes(SSL *s, int n);
1002int ssl23_write_bytes(SSL *s);
1003
1004int tls1_new(SSL *s);
1005void tls1_free(SSL *s);
1006void tls1_clear(SSL *s);
1007long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1008long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
1009
1010int dtls1_new(SSL *s);
1011int dtls1_accept(SSL *s);
1012int dtls1_connect(SSL *s);
1013void dtls1_free(SSL *s);
1014void dtls1_clear(SSL *s);
1015long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1016
1017long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
1018int dtls1_get_record(SSL *s);
1019int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
1020 unsigned int len, int create_empty_fragement);
1021int dtls1_dispatch_alert(SSL *s);
1022int dtls1_enc(SSL *s, int snd);
1023
1024int ssl_init_wbio_buffer(SSL *s, int push);
1025void ssl_free_wbio_buffer(SSL *s);
1026
1027int tls1_change_cipher_state(SSL *s, int which);
1028int tls1_setup_key_block(SSL *s);
1029int tls1_enc(SSL *s, int snd);
1030int tls1_final_finish_mac(SSL *s,
1031 const char *str, int slen, unsigned char *p);
1032int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
1033int tls1_mac(SSL *ssl, unsigned char *md, int snd);
1034int tls1_generate_master_secret(SSL *s, unsigned char *out,
1035 unsigned char *p, int len);
1036int tls1_alert_code(int code);
1037int ssl3_alert_code(int code);
1038int ssl_ok(SSL *s);
1039
1040#ifndef OPENSSL_NO_ECDH
1041int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
1042#endif
1043
1044SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
1045
1046#ifndef OPENSSL_NO_EC
1047int tls1_ec_curve_id2nid(int curve_id);
1048int tls1_ec_nid2curve_id(int nid);
1049#endif /* OPENSSL_NO_EC */
1050
1051#ifndef OPENSSL_NO_TLSEXT
1052unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1053unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1054int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1055int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1056int ssl_prepare_clienthello_tlsext(SSL *s);
1057int ssl_prepare_serverhello_tlsext(SSL *s);
1058int ssl_check_clienthello_tlsext(SSL *s);
1059int ssl_check_serverhello_tlsext(SSL *s);
1060
1061#ifdef OPENSSL_NO_SHA256
1062#define tlsext_tick_md EVP_sha1
1063#else
1064#define tlsext_tick_md EVP_sha256
1065#endif
1066int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
1067 const unsigned char *limit, SSL_SESSION **ret);
1068#endif
1069EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
1070void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
1071int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1072 int maxlen);
1073int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1074 int *al);
1075int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1076 int maxlen);
1077int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1078 int *al);
1079#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index c0960b5712..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,779 +0,0 @@
1/* ssl/ssl_rsa.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/bio.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66
67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x)
70 {
71 if (x == NULL)
72 {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74 return(0);
75 }
76 if (!ssl_cert_inst(&ssl->cert))
77 {
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 }
83
84#ifndef OPENSSL_NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86 {
87 int j;
88 BIO *in;
89 int ret=0;
90 X509 *x=NULL;
91
92 in=BIO_new(BIO_s_file_internal());
93 if (in == NULL)
94 {
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end;
97 }
98
99 if (BIO_read_filename(in,file) <= 0)
100 {
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end;
103 }
104 if (type == SSL_FILETYPE_ASN1)
105 {
106 j=ERR_R_ASN1_LIB;
107 x=d2i_X509_bio(in,NULL);
108 }
109 else if (type == SSL_FILETYPE_PEM)
110 {
111 j=ERR_R_PEM_LIB;
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end;
118 }
119
120 if (x == NULL)
121 {
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end;
124 }
125
126 ret=SSL_use_certificate(ssl,x);
127end:
128 if (x != NULL) X509_free(x);
129 if (in != NULL) BIO_free(in);
130 return(ret);
131 }
132#endif
133
134int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
135 {
136 X509 *x;
137 int ret;
138
139 x=d2i_X509(NULL,&d,(long)len);
140 if (x == NULL)
141 {
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143 return(0);
144 }
145
146 ret=SSL_use_certificate(ssl,x);
147 X509_free(x);
148 return(ret);
149 }
150
151#ifndef OPENSSL_NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
153 {
154 EVP_PKEY *pkey;
155 int ret;
156
157 if (rsa == NULL)
158 {
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160 return(0);
161 }
162 if (!ssl_cert_inst(&ssl->cert))
163 {
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165 return(0);
166 }
167 if ((pkey=EVP_PKEY_new()) == NULL)
168 {
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172
173 RSA_up_ref(rsa);
174 EVP_PKEY_assign_RSA(pkey,rsa);
175
176 ret=ssl_set_pkey(ssl->cert,pkey);
177 EVP_PKEY_free(pkey);
178 return(ret);
179 }
180#endif
181
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
183 {
184 int i;
185
186 i=ssl_cert_type(NULL,pkey);
187 if (i < 0)
188 {
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190 return(0);
191 }
192
193 if (c->pkeys[i].x509 != NULL)
194 {
195 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey);
198 EVP_PKEY_free(pktmp);
199 ERR_clear_error();
200
201#ifndef OPENSSL_NO_RSA
202 /* Don't check the public/private key, this is mostly
203 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
206 ;
207 else
208#endif
209 if (!X509_check_private_key(c->pkeys[i].x509,pkey))
210 {
211 X509_free(c->pkeys[i].x509);
212 c->pkeys[i].x509 = NULL;
213 return 0;
214 }
215 }
216
217 if (c->pkeys[i].privatekey != NULL)
218 EVP_PKEY_free(c->pkeys[i].privatekey);
219 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
220 c->pkeys[i].privatekey=pkey;
221 c->key= &(c->pkeys[i]);
222
223 c->valid=0;
224 return(1);
225 }
226
227#ifndef OPENSSL_NO_RSA
228#ifndef OPENSSL_NO_STDIO
229int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
230 {
231 int j,ret=0;
232 BIO *in;
233 RSA *rsa=NULL;
234
235 in=BIO_new(BIO_s_file_internal());
236 if (in == NULL)
237 {
238 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
239 goto end;
240 }
241
242 if (BIO_read_filename(in,file) <= 0)
243 {
244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
245 goto end;
246 }
247 if (type == SSL_FILETYPE_ASN1)
248 {
249 j=ERR_R_ASN1_LIB;
250 rsa=d2i_RSAPrivateKey_bio(in,NULL);
251 }
252 else if (type == SSL_FILETYPE_PEM)
253 {
254 j=ERR_R_PEM_LIB;
255 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
256 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
257 }
258 else
259 {
260 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
261 goto end;
262 }
263 if (rsa == NULL)
264 {
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
266 goto end;
267 }
268 ret=SSL_use_RSAPrivateKey(ssl,rsa);
269 RSA_free(rsa);
270end:
271 if (in != NULL) BIO_free(in);
272 return(ret);
273 }
274#endif
275
276int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
277 {
278 int ret;
279 const unsigned char *p;
280 RSA *rsa;
281
282 p=d;
283 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
284 {
285 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
286 return(0);
287 }
288
289 ret=SSL_use_RSAPrivateKey(ssl,rsa);
290 RSA_free(rsa);
291 return(ret);
292 }
293#endif /* !OPENSSL_NO_RSA */
294
295int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
296 {
297 int ret;
298
299 if (pkey == NULL)
300 {
301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
302 return(0);
303 }
304 if (!ssl_cert_inst(&ssl->cert))
305 {
306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
307 return(0);
308 }
309 ret=ssl_set_pkey(ssl->cert,pkey);
310 return(ret);
311 }
312
313#ifndef OPENSSL_NO_STDIO
314int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
315 {
316 int j,ret=0;
317 BIO *in;
318 EVP_PKEY *pkey=NULL;
319
320 in=BIO_new(BIO_s_file_internal());
321 if (in == NULL)
322 {
323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
324 goto end;
325 }
326
327 if (BIO_read_filename(in,file) <= 0)
328 {
329 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
330 goto end;
331 }
332 if (type == SSL_FILETYPE_PEM)
333 {
334 j=ERR_R_PEM_LIB;
335 pkey=PEM_read_bio_PrivateKey(in,NULL,
336 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
337 }
338 else if (type == SSL_FILETYPE_ASN1)
339 {
340 j = ERR_R_ASN1_LIB;
341 pkey = d2i_PrivateKey_bio(in,NULL);
342 }
343 else
344 {
345 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
346 goto end;
347 }
348 if (pkey == NULL)
349 {
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
351 goto end;
352 }
353 ret=SSL_use_PrivateKey(ssl,pkey);
354 EVP_PKEY_free(pkey);
355end:
356 if (in != NULL) BIO_free(in);
357 return(ret);
358 }
359#endif
360
361int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
362 {
363 int ret;
364 const unsigned char *p;
365 EVP_PKEY *pkey;
366
367 p=d;
368 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
369 {
370 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
371 return(0);
372 }
373
374 ret=SSL_use_PrivateKey(ssl,pkey);
375 EVP_PKEY_free(pkey);
376 return(ret);
377 }
378
379int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
380 {
381 if (x == NULL)
382 {
383 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
384 return(0);
385 }
386 if (!ssl_cert_inst(&ctx->cert))
387 {
388 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
389 return(0);
390 }
391 return(ssl_set_cert(ctx->cert, x));
392 }
393
394static int ssl_set_cert(CERT *c, X509 *x)
395 {
396 EVP_PKEY *pkey;
397 int i;
398
399 pkey=X509_get_pubkey(x);
400 if (pkey == NULL)
401 {
402 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
403 return(0);
404 }
405
406 i=ssl_cert_type(x,pkey);
407 if (i < 0)
408 {
409 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
410 EVP_PKEY_free(pkey);
411 return(0);
412 }
413
414 if (c->pkeys[i].privatekey != NULL)
415 {
416 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
417 ERR_clear_error();
418
419#ifndef OPENSSL_NO_RSA
420 /* Don't check the public/private key, this is mostly
421 * for smart cards. */
422 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
423 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
424 RSA_METHOD_FLAG_NO_CHECK))
425 ;
426 else
427#endif /* OPENSSL_NO_RSA */
428 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
429 {
430 /* don't fail for a cert/key mismatch, just free
431 * current private key (when switching to a different
432 * cert & key, first this function should be used,
433 * then ssl_set_pkey */
434 EVP_PKEY_free(c->pkeys[i].privatekey);
435 c->pkeys[i].privatekey=NULL;
436 /* clear error queue */
437 ERR_clear_error();
438 }
439 }
440
441 EVP_PKEY_free(pkey);
442
443 if (c->pkeys[i].x509 != NULL)
444 X509_free(c->pkeys[i].x509);
445 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
446 c->pkeys[i].x509=x;
447 c->key= &(c->pkeys[i]);
448
449 c->valid=0;
450 return(1);
451 }
452
453#ifndef OPENSSL_NO_STDIO
454int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
455 {
456 int j;
457 BIO *in;
458 int ret=0;
459 X509 *x=NULL;
460
461 in=BIO_new(BIO_s_file_internal());
462 if (in == NULL)
463 {
464 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
465 goto end;
466 }
467
468 if (BIO_read_filename(in,file) <= 0)
469 {
470 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
471 goto end;
472 }
473 if (type == SSL_FILETYPE_ASN1)
474 {
475 j=ERR_R_ASN1_LIB;
476 x=d2i_X509_bio(in,NULL);
477 }
478 else if (type == SSL_FILETYPE_PEM)
479 {
480 j=ERR_R_PEM_LIB;
481 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
482 }
483 else
484 {
485 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
486 goto end;
487 }
488
489 if (x == NULL)
490 {
491 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
492 goto end;
493 }
494
495 ret=SSL_CTX_use_certificate(ctx,x);
496end:
497 if (x != NULL) X509_free(x);
498 if (in != NULL) BIO_free(in);
499 return(ret);
500 }
501#endif
502
503int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
504 {
505 X509 *x;
506 int ret;
507
508 x=d2i_X509(NULL,&d,(long)len);
509 if (x == NULL)
510 {
511 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
512 return(0);
513 }
514
515 ret=SSL_CTX_use_certificate(ctx,x);
516 X509_free(x);
517 return(ret);
518 }
519
520#ifndef OPENSSL_NO_RSA
521int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
522 {
523 int ret;
524 EVP_PKEY *pkey;
525
526 if (rsa == NULL)
527 {
528 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
529 return(0);
530 }
531 if (!ssl_cert_inst(&ctx->cert))
532 {
533 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
534 return(0);
535 }
536 if ((pkey=EVP_PKEY_new()) == NULL)
537 {
538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
539 return(0);
540 }
541
542 RSA_up_ref(rsa);
543 EVP_PKEY_assign_RSA(pkey,rsa);
544
545 ret=ssl_set_pkey(ctx->cert, pkey);
546 EVP_PKEY_free(pkey);
547 return(ret);
548 }
549
550#ifndef OPENSSL_NO_STDIO
551int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
552 {
553 int j,ret=0;
554 BIO *in;
555 RSA *rsa=NULL;
556
557 in=BIO_new(BIO_s_file_internal());
558 if (in == NULL)
559 {
560 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
561 goto end;
562 }
563
564 if (BIO_read_filename(in,file) <= 0)
565 {
566 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
567 goto end;
568 }
569 if (type == SSL_FILETYPE_ASN1)
570 {
571 j=ERR_R_ASN1_LIB;
572 rsa=d2i_RSAPrivateKey_bio(in,NULL);
573 }
574 else if (type == SSL_FILETYPE_PEM)
575 {
576 j=ERR_R_PEM_LIB;
577 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
578 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
579 }
580 else
581 {
582 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
583 goto end;
584 }
585 if (rsa == NULL)
586 {
587 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
588 goto end;
589 }
590 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
591 RSA_free(rsa);
592end:
593 if (in != NULL) BIO_free(in);
594 return(ret);
595 }
596#endif
597
598int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
599 {
600 int ret;
601 const unsigned char *p;
602 RSA *rsa;
603
604 p=d;
605 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
606 {
607 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
608 return(0);
609 }
610
611 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
612 RSA_free(rsa);
613 return(ret);
614 }
615#endif /* !OPENSSL_NO_RSA */
616
617int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
618 {
619 if (pkey == NULL)
620 {
621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
622 return(0);
623 }
624 if (!ssl_cert_inst(&ctx->cert))
625 {
626 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
627 return(0);
628 }
629 return(ssl_set_pkey(ctx->cert,pkey));
630 }
631
632#ifndef OPENSSL_NO_STDIO
633int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
634 {
635 int j,ret=0;
636 BIO *in;
637 EVP_PKEY *pkey=NULL;
638
639 in=BIO_new(BIO_s_file_internal());
640 if (in == NULL)
641 {
642 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
643 goto end;
644 }
645
646 if (BIO_read_filename(in,file) <= 0)
647 {
648 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
649 goto end;
650 }
651 if (type == SSL_FILETYPE_PEM)
652 {
653 j=ERR_R_PEM_LIB;
654 pkey=PEM_read_bio_PrivateKey(in,NULL,
655 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
656 }
657 else if (type == SSL_FILETYPE_ASN1)
658 {
659 j = ERR_R_ASN1_LIB;
660 pkey = d2i_PrivateKey_bio(in,NULL);
661 }
662 else
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
665 goto end;
666 }
667 if (pkey == NULL)
668 {
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
670 goto end;
671 }
672 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
673 EVP_PKEY_free(pkey);
674end:
675 if (in != NULL) BIO_free(in);
676 return(ret);
677 }
678#endif
679
680int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
681 long len)
682 {
683 int ret;
684 const unsigned char *p;
685 EVP_PKEY *pkey;
686
687 p=d;
688 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
689 {
690 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
691 return(0);
692 }
693
694 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
695 EVP_PKEY_free(pkey);
696 return(ret);
697 }
698
699
700#ifndef OPENSSL_NO_STDIO
701/* Read a file that contains our certificate in "PEM" format,
702 * possibly followed by a sequence of CA certificates that should be
703 * sent to the peer in the Certificate message.
704 */
705int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
706 {
707 BIO *in;
708 int ret=0;
709 X509 *x=NULL;
710
711 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
712
713 in=BIO_new(BIO_s_file_internal());
714 if (in == NULL)
715 {
716 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
717 goto end;
718 }
719
720 if (BIO_read_filename(in,file) <= 0)
721 {
722 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
723 goto end;
724 }
725
726 x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
727 if (x == NULL)
728 {
729 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
730 goto end;
731 }
732
733 ret=SSL_CTX_use_certificate(ctx,x);
734 if (ERR_peek_error() != 0)
735 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
736 if (ret)
737 {
738 /* If we could set up our certificate, now proceed to
739 * the CA certificates.
740 */
741 X509 *ca;
742 int r;
743 unsigned long err;
744
745 if (ctx->extra_certs != NULL)
746 {
747 sk_X509_pop_free(ctx->extra_certs, X509_free);
748 ctx->extra_certs = NULL;
749 }
750
751 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
752 != NULL)
753 {
754 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
755 if (!r)
756 {
757 X509_free(ca);
758 ret = 0;
759 goto end;
760 }
761 /* Note that we must not free r if it was successfully
762 * added to the chain (while we must free the main
763 * certificate, since its reference count is increased
764 * by SSL_CTX_use_certificate). */
765 }
766 /* When the while loop ends, it's usually just EOF. */
767 err = ERR_peek_last_error();
768 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
769 ERR_clear_error();
770 else
771 ret = 0; /* some real error */
772 }
773
774end:
775 if (x != NULL) X509_free(x);
776 if (in != NULL) BIO_free(in);
777 return(ret);
778 }
779#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index 8e5d8a0972..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,1095 +0,0 @@
1/* ssl/ssl_sess.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139#include <openssl/lhash.h>
140#include <openssl/rand.h>
141#ifndef OPENSSL_NO_ENGINE
142#include <openssl/engine.h>
143#endif
144#include "ssl_locl.h"
145
146static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
147static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
148static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
149
150SSL_SESSION *SSL_get_session(const SSL *ssl)
151/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
152 {
153 return(ssl->session);
154 }
155
156SSL_SESSION *SSL_get1_session(SSL *ssl)
157/* variant of SSL_get_session: caller really gets something */
158 {
159 SSL_SESSION *sess;
160 /* Need to lock this all up rather than just use CRYPTO_add so that
161 * somebody doesn't free ssl->session between when we check it's
162 * non-null and when we up the reference count. */
163 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
164 sess = ssl->session;
165 if(sess)
166 sess->references++;
167 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
168 return(sess);
169 }
170
171int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
172 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
173 {
174 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
175 new_func, dup_func, free_func);
176 }
177
178int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
179 {
180 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
181 }
182
183void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
184 {
185 return(CRYPTO_get_ex_data(&s->ex_data,idx));
186 }
187
188SSL_SESSION *SSL_SESSION_new(void)
189 {
190 SSL_SESSION *ss;
191
192 ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
193 if (ss == NULL)
194 {
195 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
196 return(0);
197 }
198 memset(ss,0,sizeof(SSL_SESSION));
199
200 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
201 ss->references=1;
202 ss->timeout=60*5+4; /* 5 minute timeout by default */
203 ss->time=(unsigned long)time(NULL);
204 ss->prev=NULL;
205 ss->next=NULL;
206 ss->compress_meth=0;
207#ifndef OPENSSL_NO_TLSEXT
208 ss->tlsext_hostname = NULL;
209#ifndef OPENSSL_NO_EC
210 ss->tlsext_ecpointformatlist_length = 0;
211 ss->tlsext_ecpointformatlist = NULL;
212 ss->tlsext_ellipticcurvelist_length = 0;
213 ss->tlsext_ellipticcurvelist = NULL;
214#endif
215#endif
216 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
217#ifndef OPENSSL_NO_PSK
218 ss->psk_identity_hint=NULL;
219 ss->psk_identity=NULL;
220#endif
221 return(ss);
222 }
223
224const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
225 {
226 if(len)
227 *len = s->session_id_length;
228 return s->session_id;
229 }
230
231/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
232 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
233 * until we have no conflict is going to complete in one iteration pretty much
234 * "most" of the time (btw: understatement). So, if it takes us 10 iterations
235 * and we still can't avoid a conflict - well that's a reasonable point to call
236 * it quits. Either the RAND code is broken or someone is trying to open roughly
237 * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
238 * store that many sessions is perhaps a more interesting question ... */
239
240#define MAX_SESS_ID_ATTEMPTS 10
241static int def_generate_session_id(const SSL *ssl, unsigned char *id,
242 unsigned int *id_len)
243{
244 unsigned int retry = 0;
245 do
246 if (RAND_pseudo_bytes(id, *id_len) <= 0)
247 return 0;
248 while(SSL_has_matching_session_id(ssl, id, *id_len) &&
249 (++retry < MAX_SESS_ID_ATTEMPTS));
250 if(retry < MAX_SESS_ID_ATTEMPTS)
251 return 1;
252 /* else - woops a session_id match */
253 /* XXX We should also check the external cache --
254 * but the probability of a collision is negligible, and
255 * we could not prevent the concurrent creation of sessions
256 * with identical IDs since we currently don't have means
257 * to atomically check whether a session ID already exists
258 * and make a reservation for it if it does not
259 * (this problem applies to the internal cache as well).
260 */
261 return 0;
262}
263
264int ssl_get_new_session(SSL *s, int session)
265 {
266 /* This gets used by clients and servers. */
267
268 unsigned int tmp;
269 SSL_SESSION *ss=NULL;
270 GEN_SESSION_CB cb = def_generate_session_id;
271
272 if ((ss=SSL_SESSION_new()) == NULL) return(0);
273
274 /* If the context has a default timeout, use it */
275 if (s->session_ctx->session_timeout == 0)
276 ss->timeout=SSL_get_default_timeout(s);
277 else
278 ss->timeout=s->session_ctx->session_timeout;
279
280 if (s->session != NULL)
281 {
282 SSL_SESSION_free(s->session);
283 s->session=NULL;
284 }
285
286 if (session)
287 {
288 if (s->version == SSL2_VERSION)
289 {
290 ss->ssl_version=SSL2_VERSION;
291 ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
292 }
293 else if (s->version == SSL3_VERSION)
294 {
295 ss->ssl_version=SSL3_VERSION;
296 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
297 }
298 else if (s->version == TLS1_VERSION)
299 {
300 ss->ssl_version=TLS1_VERSION;
301 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
302 }
303 else if (s->version == DTLS1_BAD_VER)
304 {
305 ss->ssl_version=DTLS1_BAD_VER;
306 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
307 }
308 else if (s->version == DTLS1_VERSION)
309 {
310 ss->ssl_version=DTLS1_VERSION;
311 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
312 }
313 else
314 {
315 SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
316 SSL_SESSION_free(ss);
317 return(0);
318 }
319#ifndef OPENSSL_NO_TLSEXT
320 /* If RFC4507 ticket use empty session ID */
321 if (s->tlsext_ticket_expected)
322 {
323 ss->session_id_length = 0;
324 goto sess_id_done;
325 }
326#endif
327 /* Choose which callback will set the session ID */
328 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
329 if(s->generate_session_id)
330 cb = s->generate_session_id;
331 else if(s->session_ctx->generate_session_id)
332 cb = s->session_ctx->generate_session_id;
333 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
334 /* Choose a session ID */
335 tmp = ss->session_id_length;
336 if(!cb(s, ss->session_id, &tmp))
337 {
338 /* The callback failed */
339 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
340 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
341 SSL_SESSION_free(ss);
342 return(0);
343 }
344 /* Don't allow the callback to set the session length to zero.
345 * nor set it higher than it was. */
346 if(!tmp || (tmp > ss->session_id_length))
347 {
348 /* The callback set an illegal length */
349 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
350 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
351 SSL_SESSION_free(ss);
352 return(0);
353 }
354 /* If the session length was shrunk and we're SSLv2, pad it */
355 if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
356 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
357 else
358 ss->session_id_length = tmp;
359 /* Finally, check for a conflict */
360 if(SSL_has_matching_session_id(s, ss->session_id,
361 ss->session_id_length))
362 {
363 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
364 SSL_R_SSL_SESSION_ID_CONFLICT);
365 SSL_SESSION_free(ss);
366 return(0);
367 }
368#ifndef OPENSSL_NO_TLSEXT
369 sess_id_done:
370 if (s->tlsext_hostname) {
371 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
372 if (ss->tlsext_hostname == NULL) {
373 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
374 SSL_SESSION_free(ss);
375 return 0;
376 }
377 }
378#ifndef OPENSSL_NO_EC
379 if (s->tlsext_ecpointformatlist)
380 {
381 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
382 if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
383 {
384 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
385 SSL_SESSION_free(ss);
386 return 0;
387 }
388 ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
389 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
390 }
391 if (s->tlsext_ellipticcurvelist)
392 {
393 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
394 if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
395 {
396 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
397 SSL_SESSION_free(ss);
398 return 0;
399 }
400 ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
401 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
402 }
403#endif
404#endif
405 }
406 else
407 {
408 ss->session_id_length=0;
409 }
410
411 if (s->sid_ctx_length > sizeof ss->sid_ctx)
412 {
413 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
414 SSL_SESSION_free(ss);
415 return 0;
416 }
417 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
418 ss->sid_ctx_length=s->sid_ctx_length;
419 s->session=ss;
420 ss->ssl_version=s->version;
421 ss->verify_result = X509_V_OK;
422
423 return(1);
424 }
425
426int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
427 const unsigned char *limit)
428 {
429 /* This is used only by servers. */
430
431 SSL_SESSION *ret=NULL;
432 int fatal = 0;
433#ifndef OPENSSL_NO_TLSEXT
434 int r;
435#endif
436
437 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
438 goto err;
439#ifndef OPENSSL_NO_TLSEXT
440 r = tls1_process_ticket(s, session_id, len, limit, &ret);
441 if (r == -1)
442 {
443 fatal = 1;
444 goto err;
445 }
446 else if (r == 0 || (!ret && !len))
447 goto err;
448 else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
449#else
450 if (len == 0)
451 goto err;
452 if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
453#endif
454 {
455 SSL_SESSION data;
456 data.ssl_version=s->version;
457 data.session_id_length=len;
458 if (len == 0)
459 return 0;
460 memcpy(data.session_id,session_id,len);
461 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
462 ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data);
463 if (ret != NULL)
464 /* don't allow other threads to steal it: */
465 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
466 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
467 }
468
469 if (ret == NULL)
470 {
471 int copy=1;
472
473 s->session_ctx->stats.sess_miss++;
474 ret=NULL;
475 if (s->session_ctx->get_session_cb != NULL
476 && (ret=s->session_ctx->get_session_cb(s,session_id,len,&copy))
477 != NULL)
478 {
479 s->session_ctx->stats.sess_cb_hit++;
480
481 /* Increment reference count now if the session callback
482 * asks us to do so (note that if the session structures
483 * returned by the callback are shared between threads,
484 * it must handle the reference count itself [i.e. copy == 0],
485 * or things won't be thread-safe). */
486 if (copy)
487 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
488
489 /* Add the externally cached session to the internal
490 * cache as well if and only if we are supposed to. */
491 if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
492 /* The following should not return 1, otherwise,
493 * things are very strange */
494 SSL_CTX_add_session(s->session_ctx,ret);
495 }
496 if (ret == NULL)
497 goto err;
498 }
499
500 /* Now ret is non-NULL, and we own one of its reference counts. */
501
502 if (ret->sid_ctx_length != s->sid_ctx_length
503 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
504 {
505 /* We've found the session named by the client, but we don't
506 * want to use it in this context. */
507
508#if 0 /* The client cannot always know when a session is not appropriate,
509 * so we shouldn't generate an error message. */
510
511 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
512#endif
513 goto err; /* treat like cache miss */
514 }
515
516 if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
517 {
518 /* We can't be sure if this session is being used out of
519 * context, which is especially important for SSL_VERIFY_PEER.
520 * The application should have used SSL[_CTX]_set_session_id_context.
521 *
522 * For this error case, we generate an error instead of treating
523 * the event like a cache miss (otherwise it would be easy for
524 * applications to effectively disable the session cache by
525 * accident without anyone noticing).
526 */
527
528 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
529 fatal = 1;
530 goto err;
531 }
532
533 if (ret->cipher == NULL)
534 {
535 unsigned char buf[5],*p;
536 unsigned long l;
537
538 p=buf;
539 l=ret->cipher_id;
540 l2n(l,p);
541 if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
542 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
543 else
544 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
545 if (ret->cipher == NULL)
546 goto err;
547 }
548
549
550#if 0 /* This is way too late. */
551
552 /* If a thread got the session, then 'swaped', and another got
553 * it and then due to a time-out decided to 'OPENSSL_free' it we could
554 * be in trouble. So I'll increment it now, then double decrement
555 * later - am I speaking rubbish?. */
556 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
557#endif
558
559 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
560 {
561 s->session_ctx->stats.sess_timeout++;
562 /* remove it from the cache */
563 SSL_CTX_remove_session(s->session_ctx,ret);
564 goto err;
565 }
566
567 s->session_ctx->stats.sess_hit++;
568
569 /* ret->time=time(NULL); */ /* rezero timeout? */
570 /* again, just leave the session
571 * if it is the same session, we have just incremented and
572 * then decremented the reference count :-) */
573 if (s->session != NULL)
574 SSL_SESSION_free(s->session);
575 s->session=ret;
576 s->verify_result = s->session->verify_result;
577 return(1);
578
579 err:
580 if (ret != NULL)
581 SSL_SESSION_free(ret);
582 if (fatal)
583 return -1;
584 else
585 return 0;
586 }
587
588int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
589 {
590 int ret=0;
591 SSL_SESSION *s;
592
593 /* add just 1 reference count for the SSL_CTX's session cache
594 * even though it has two ways of access: each session is in a
595 * doubly linked list and an lhash */
596 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
597 /* if session c is in already in cache, we take back the increment later */
598
599 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
600 s=lh_SSL_SESSION_insert(ctx->sessions,c);
601
602 /* s != NULL iff we already had a session with the given PID.
603 * In this case, s == c should hold (then we did not really modify
604 * ctx->sessions), or we're in trouble. */
605 if (s != NULL && s != c)
606 {
607 /* We *are* in trouble ... */
608 SSL_SESSION_list_remove(ctx,s);
609 SSL_SESSION_free(s);
610 /* ... so pretend the other session did not exist in cache
611 * (we cannot handle two SSL_SESSION structures with identical
612 * session ID in the same cache, which could happen e.g. when
613 * two threads concurrently obtain the same session from an external
614 * cache) */
615 s = NULL;
616 }
617
618 /* Put at the head of the queue unless it is already in the cache */
619 if (s == NULL)
620 SSL_SESSION_list_add(ctx,c);
621
622 if (s != NULL)
623 {
624 /* existing cache entry -- decrement previously incremented reference
625 * count because it already takes into account the cache */
626
627 SSL_SESSION_free(s); /* s == c */
628 ret=0;
629 }
630 else
631 {
632 /* new cache entry -- remove old ones if cache has become too large */
633
634 ret=1;
635
636 if (SSL_CTX_sess_get_cache_size(ctx) > 0)
637 {
638 while (SSL_CTX_sess_number(ctx) >
639 SSL_CTX_sess_get_cache_size(ctx))
640 {
641 if (!remove_session_lock(ctx,
642 ctx->session_cache_tail, 0))
643 break;
644 else
645 ctx->stats.sess_cache_full++;
646 }
647 }
648 }
649 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
650 return(ret);
651 }
652
653int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
654{
655 return remove_session_lock(ctx, c, 1);
656}
657
658static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
659 {
660 SSL_SESSION *r;
661 int ret=0;
662
663 if ((c != NULL) && (c->session_id_length != 0))
664 {
665 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
666 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c)
667 {
668 ret=1;
669 r=lh_SSL_SESSION_delete(ctx->sessions,c);
670 SSL_SESSION_list_remove(ctx,c);
671 }
672
673 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
674
675 if (ret)
676 {
677 r->not_resumable=1;
678 if (ctx->remove_session_cb != NULL)
679 ctx->remove_session_cb(ctx,r);
680 SSL_SESSION_free(r);
681 }
682 }
683 else
684 ret=0;
685 return(ret);
686 }
687
688void SSL_SESSION_free(SSL_SESSION *ss)
689 {
690 int i;
691
692 if(ss == NULL)
693 return;
694
695 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
696#ifdef REF_PRINT
697 REF_PRINT("SSL_SESSION",ss);
698#endif
699 if (i > 0) return;
700#ifdef REF_CHECK
701 if (i < 0)
702 {
703 fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
704 abort(); /* ok */
705 }
706#endif
707
708 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
709
710 OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
711 OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
712 OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
713 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
714 if (ss->peer != NULL) X509_free(ss->peer);
715 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
716#ifndef OPENSSL_NO_TLSEXT
717 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
718 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
719#ifndef OPENSSL_NO_EC
720 ss->tlsext_ecpointformatlist_length = 0;
721 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
722 ss->tlsext_ellipticcurvelist_length = 0;
723 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
724#endif /* OPENSSL_NO_EC */
725#endif
726#ifndef OPENSSL_NO_PSK
727 if (ss->psk_identity_hint != NULL)
728 OPENSSL_free(ss->psk_identity_hint);
729 if (ss->psk_identity != NULL)
730 OPENSSL_free(ss->psk_identity);
731#endif
732 OPENSSL_cleanse(ss,sizeof(*ss));
733 OPENSSL_free(ss);
734 }
735
736int SSL_set_session(SSL *s, SSL_SESSION *session)
737 {
738 int ret=0;
739 const SSL_METHOD *meth;
740
741 if (session != NULL)
742 {
743 meth=s->ctx->method->get_ssl_method(session->ssl_version);
744 if (meth == NULL)
745 meth=s->method->get_ssl_method(session->ssl_version);
746 if (meth == NULL)
747 {
748 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
749 return(0);
750 }
751
752 if (meth != s->method)
753 {
754 if (!SSL_set_ssl_method(s,meth))
755 return(0);
756 if (s->ctx->session_timeout == 0)
757 session->timeout=SSL_get_default_timeout(s);
758 else
759 session->timeout=s->ctx->session_timeout;
760 }
761
762#ifndef OPENSSL_NO_KRB5
763 if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
764 session->krb5_client_princ_len > 0)
765 {
766 s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
767 memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
768 session->krb5_client_princ_len);
769 s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
770 }
771#endif /* OPENSSL_NO_KRB5 */
772
773 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
774 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
775 if (s->session != NULL)
776 SSL_SESSION_free(s->session);
777 s->session=session;
778 s->verify_result = s->session->verify_result;
779 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
780 ret=1;
781 }
782 else
783 {
784 if (s->session != NULL)
785 {
786 SSL_SESSION_free(s->session);
787 s->session=NULL;
788 }
789
790 meth=s->ctx->method;
791 if (meth != s->method)
792 {
793 if (!SSL_set_ssl_method(s,meth))
794 return(0);
795 }
796 ret=1;
797 }
798 return(ret);
799 }
800
801long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
802 {
803 if (s == NULL) return(0);
804 s->timeout=t;
805 return(1);
806 }
807
808long SSL_SESSION_get_timeout(const SSL_SESSION *s)
809 {
810 if (s == NULL) return(0);
811 return(s->timeout);
812 }
813
814long SSL_SESSION_get_time(const SSL_SESSION *s)
815 {
816 if (s == NULL) return(0);
817 return(s->time);
818 }
819
820long SSL_SESSION_set_time(SSL_SESSION *s, long t)
821 {
822 if (s == NULL) return(0);
823 s->time=t;
824 return(t);
825 }
826
827long SSL_CTX_set_timeout(SSL_CTX *s, long t)
828 {
829 long l;
830 if (s == NULL) return(0);
831 l=s->session_timeout;
832 s->session_timeout=t;
833 return(l);
834 }
835
836long SSL_CTX_get_timeout(const SSL_CTX *s)
837 {
838 if (s == NULL) return(0);
839 return(s->session_timeout);
840 }
841
842#ifndef OPENSSL_NO_TLSEXT
843int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
844 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
845 {
846 if (s == NULL) return(0);
847 s->tls_session_secret_cb = tls_session_secret_cb;
848 s->tls_session_secret_cb_arg = arg;
849 return(1);
850 }
851
852int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
853 void *arg)
854 {
855 if (s == NULL) return(0);
856 s->tls_session_ticket_ext_cb = cb;
857 s->tls_session_ticket_ext_cb_arg = arg;
858 return(1);
859 }
860
861int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
862 {
863 if (s->version >= TLS1_VERSION)
864 {
865 if (s->tlsext_session_ticket)
866 {
867 OPENSSL_free(s->tlsext_session_ticket);
868 s->tlsext_session_ticket = NULL;
869 }
870
871 s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
872 if (!s->tlsext_session_ticket)
873 {
874 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
875 return 0;
876 }
877
878 if (ext_data)
879 {
880 s->tlsext_session_ticket->length = ext_len;
881 s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
882 memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
883 }
884 else
885 {
886 s->tlsext_session_ticket->length = 0;
887 s->tlsext_session_ticket->data = NULL;
888 }
889
890 return 1;
891 }
892
893 return 0;
894 }
895#endif /* OPENSSL_NO_TLSEXT */
896
897typedef struct timeout_param_st
898 {
899 SSL_CTX *ctx;
900 long time;
901 LHASH_OF(SSL_SESSION) *cache;
902 } TIMEOUT_PARAM;
903
904static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
905 {
906 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
907 {
908 /* The reason we don't call SSL_CTX_remove_session() is to
909 * save on locking overhead */
910 (void)lh_SSL_SESSION_delete(p->cache,s);
911 SSL_SESSION_list_remove(p->ctx,s);
912 s->not_resumable=1;
913 if (p->ctx->remove_session_cb != NULL)
914 p->ctx->remove_session_cb(p->ctx,s);
915 SSL_SESSION_free(s);
916 }
917 }
918
919static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
920
921void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
922 {
923 unsigned long i;
924 TIMEOUT_PARAM tp;
925
926 tp.ctx=s;
927 tp.cache=s->sessions;
928 if (tp.cache == NULL) return;
929 tp.time=t;
930 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
931 i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
932 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
933 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
934 TIMEOUT_PARAM, &tp);
935 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
936 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
937 }
938
939int ssl_clear_bad_session(SSL *s)
940 {
941 if ( (s->session != NULL) &&
942 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
943 !(SSL_in_init(s) || SSL_in_before(s)))
944 {
945 SSL_CTX_remove_session(s->ctx,s->session);
946 return(1);
947 }
948 else
949 return(0);
950 }
951
952/* locked by SSL_CTX in the calling function */
953static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
954 {
955 if ((s->next == NULL) || (s->prev == NULL)) return;
956
957 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
958 { /* last element in list */
959 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
960 { /* only one element in list */
961 ctx->session_cache_head=NULL;
962 ctx->session_cache_tail=NULL;
963 }
964 else
965 {
966 ctx->session_cache_tail=s->prev;
967 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
968 }
969 }
970 else
971 {
972 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
973 { /* first element in list */
974 ctx->session_cache_head=s->next;
975 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
976 }
977 else
978 { /* middle of list */
979 s->next->prev=s->prev;
980 s->prev->next=s->next;
981 }
982 }
983 s->prev=s->next=NULL;
984 }
985
986static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
987 {
988 if ((s->next != NULL) && (s->prev != NULL))
989 SSL_SESSION_list_remove(ctx,s);
990
991 if (ctx->session_cache_head == NULL)
992 {
993 ctx->session_cache_head=s;
994 ctx->session_cache_tail=s;
995 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
996 s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
997 }
998 else
999 {
1000 s->next=ctx->session_cache_head;
1001 s->next->prev=s;
1002 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
1003 ctx->session_cache_head=s;
1004 }
1005 }
1006
1007void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1008 int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
1009 {
1010 ctx->new_session_cb=cb;
1011 }
1012
1013int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
1014 {
1015 return ctx->new_session_cb;
1016 }
1017
1018void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1019 void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
1020 {
1021 ctx->remove_session_cb=cb;
1022 }
1023
1024void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
1025 {
1026 return ctx->remove_session_cb;
1027 }
1028
1029void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1030 SSL_SESSION *(*cb)(struct ssl_st *ssl,
1031 unsigned char *data,int len,int *copy))
1032 {
1033 ctx->get_session_cb=cb;
1034 }
1035
1036SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
1037 unsigned char *data,int len,int *copy)
1038 {
1039 return ctx->get_session_cb;
1040 }
1041
1042void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1043 void (*cb)(const SSL *ssl,int type,int val))
1044 {
1045 ctx->info_callback=cb;
1046 }
1047
1048void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
1049 {
1050 return ctx->info_callback;
1051 }
1052
1053void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1054 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
1055 {
1056 ctx->client_cert_cb=cb;
1057 }
1058
1059int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
1060 {
1061 return ctx->client_cert_cb;
1062 }
1063
1064#ifndef OPENSSL_NO_ENGINE
1065int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1066 {
1067 if (!ENGINE_init(e))
1068 {
1069 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
1070 return 0;
1071 }
1072 if(!ENGINE_get_ssl_client_cert_function(e))
1073 {
1074 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
1075 ENGINE_finish(e);
1076 return 0;
1077 }
1078 ctx->client_cert_engine = e;
1079 return 1;
1080 }
1081#endif
1082
1083void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1084 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
1085 {
1086 ctx->app_gen_cookie_cb=cb;
1087 }
1088
1089void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1090 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
1091 {
1092 ctx->app_verify_cookie_cb=cb;
1093 }
1094
1095IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 144b81e55f..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,567 +0,0 @@
1/* ssl/ssl_stat.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include "ssl_locl.h"
87
88const char *SSL_state_string_long(const SSL *s)
89 {
90 const char *str;
91
92 switch (s->state)
93 {
94case SSL_ST_BEFORE: str="before SSL initialization"; break;
95case SSL_ST_ACCEPT: str="before accept initialization"; break;
96case SSL_ST_CONNECT: str="before connect initialization"; break;
97case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
98case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
99case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
100case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
101case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
102case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
103#ifndef OPENSSL_NO_SSL2
104case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
105case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
106case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
107case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
108case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
109case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
110case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
111case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
112case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
113case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
114case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
115case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
116case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
117case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
118case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
119case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
120case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
121case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
122case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
123case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
124case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
125case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
126case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
127case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
128case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
129case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
130case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
131case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
132case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
133case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
134case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
135case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
136case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
137case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
138case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
139case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
140case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
141case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
142#endif
143
144#ifndef OPENSSL_NO_SSL3
145/* SSLv3 additions */
146case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
147case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
148case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
149case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
150case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
151case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
152case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
153case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
154case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
155case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
156case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
157case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
158case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
159case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
160case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
161case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
162case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
163case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
164case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
165case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
166case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
167case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
168
169case SSL3_ST_CW_CHANGE_A:
170case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
171case SSL3_ST_CW_CHANGE_B:
172case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
173case SSL3_ST_CW_FINISHED_A:
174case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
175case SSL3_ST_CW_FINISHED_B:
176case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
177case SSL3_ST_CR_CHANGE_A:
178case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
179case SSL3_ST_CR_CHANGE_B:
180case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
181case SSL3_ST_CR_FINISHED_A:
182case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
183case SSL3_ST_CR_FINISHED_B:
184case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
185
186case SSL3_ST_CW_FLUSH:
187case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
188
189case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
190case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
191case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
192case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
193case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
194case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
195case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
196case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
197case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
198case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
199case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
200case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
201case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
202case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
203case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
204case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
205case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
206case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
207case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
208case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
209case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
210case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
211case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
212case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
213#endif
214
215#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
216/* SSLv2/v3 compatibility states */
217/* client */
218case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
219case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
220case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
221case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
222/* server */
223case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
224case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
225#endif
226
227/* DTLS */
228case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
229case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
230case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
231case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
232
233default: str="unknown state"; break;
234 }
235 return(str);
236 }
237
238const char *SSL_rstate_string_long(const SSL *s)
239 {
240 const char *str;
241
242 switch (s->rstate)
243 {
244 case SSL_ST_READ_HEADER: str="read header"; break;
245 case SSL_ST_READ_BODY: str="read body"; break;
246 case SSL_ST_READ_DONE: str="read done"; break;
247 default: str="unknown"; break;
248 }
249 return(str);
250 }
251
252const char *SSL_state_string(const SSL *s)
253 {
254 const char *str;
255
256 switch (s->state)
257 {
258case SSL_ST_BEFORE: str="PINIT "; break;
259case SSL_ST_ACCEPT: str="AINIT "; break;
260case SSL_ST_CONNECT: str="CINIT "; break;
261case SSL_ST_OK: str="SSLOK "; break;
262#ifndef OPENSSL_NO_SSL2
263case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
264case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
265case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
266case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
267case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
268case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
269case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
270case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
271case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
272case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
273case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
274case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
275case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
276case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
277case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
278case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
279case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
280case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
281case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
282case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
283case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
284case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
285case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
286case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
287case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
288case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
289case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
290case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
291case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
292case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
293case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
294case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
295case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
296case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
297case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
298case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
299case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
300case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
301#endif
302
303#ifndef OPENSSL_NO_SSL3
304/* SSLv3 additions */
305case SSL3_ST_SW_FLUSH:
306case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
307case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
308case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
309case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
310case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
311case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
312case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
313case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
314case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
315case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
316case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
317case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
318case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
319case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
320case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
321case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
322case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
323case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
324case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
325case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
326case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
327
328case SSL3_ST_SW_CHANGE_A:
329case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
330case SSL3_ST_SW_CHANGE_B:
331case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
332case SSL3_ST_SW_FINISHED_A:
333case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
334case SSL3_ST_SW_FINISHED_B:
335case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
336case SSL3_ST_SR_CHANGE_A:
337case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
338case SSL3_ST_SR_CHANGE_B:
339case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
340case SSL3_ST_SR_FINISHED_A:
341case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
342case SSL3_ST_SR_FINISHED_B:
343case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
344
345case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
346case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
347case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
348case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
349case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
350case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
351case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
352case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
353case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
354case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
355case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
356case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
357case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
358case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
359case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
360case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
361case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
362case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
363case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
364case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
365case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
366case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
367#endif
368
369#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
370/* SSLv2/v3 compatibility states */
371/* client */
372case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
373case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
374case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
375case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
376/* server */
377case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
378case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
379#endif
380/* DTLS */
381case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
382case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
383case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
384case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
385
386default: str="UNKWN "; break;
387 }
388 return(str);
389 }
390
391const char *SSL_alert_type_string_long(int value)
392 {
393 value>>=8;
394 if (value == SSL3_AL_WARNING)
395 return("warning");
396 else if (value == SSL3_AL_FATAL)
397 return("fatal");
398 else
399 return("unknown");
400 }
401
402const char *SSL_alert_type_string(int value)
403 {
404 value>>=8;
405 if (value == SSL3_AL_WARNING)
406 return("W");
407 else if (value == SSL3_AL_FATAL)
408 return("F");
409 else
410 return("U");
411 }
412
413const char *SSL_alert_desc_string(int value)
414 {
415 const char *str;
416
417 switch (value & 0xff)
418 {
419 case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
420 case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
421 case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
422 case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
423 case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
424 case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
425 case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
426 case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
427 case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
428 case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
429 case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
430 case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
431 case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
432 case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
433 case TLS1_AD_UNKNOWN_CA: str="CA"; break;
434 case TLS1_AD_ACCESS_DENIED: str="AD"; break;
435 case TLS1_AD_DECODE_ERROR: str="DE"; break;
436 case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
437 case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
438 case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
439 case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
440 case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
441 case TLS1_AD_USER_CANCELLED: str="US"; break;
442 case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
443 case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break;
444 case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break;
445 case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break;
446 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
447 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
448 case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break;
449 default: str="UK"; break;
450 }
451 return(str);
452 }
453
454const char *SSL_alert_desc_string_long(int value)
455 {
456 const char *str;
457
458 switch (value & 0xff)
459 {
460 case SSL3_AD_CLOSE_NOTIFY:
461 str="close notify";
462 break;
463 case SSL3_AD_UNEXPECTED_MESSAGE:
464 str="unexpected_message";
465 break;
466 case SSL3_AD_BAD_RECORD_MAC:
467 str="bad record mac";
468 break;
469 case SSL3_AD_DECOMPRESSION_FAILURE:
470 str="decompression failure";
471 break;
472 case SSL3_AD_HANDSHAKE_FAILURE:
473 str="handshake failure";
474 break;
475 case SSL3_AD_NO_CERTIFICATE:
476 str="no certificate";
477 break;
478 case SSL3_AD_BAD_CERTIFICATE:
479 str="bad certificate";
480 break;
481 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
482 str="unsupported certificate";
483 break;
484 case SSL3_AD_CERTIFICATE_REVOKED:
485 str="certificate revoked";
486 break;
487 case SSL3_AD_CERTIFICATE_EXPIRED:
488 str="certificate expired";
489 break;
490 case SSL3_AD_CERTIFICATE_UNKNOWN:
491 str="certificate unknown";
492 break;
493 case SSL3_AD_ILLEGAL_PARAMETER:
494 str="illegal parameter";
495 break;
496 case TLS1_AD_DECRYPTION_FAILED:
497 str="decryption failed";
498 break;
499 case TLS1_AD_RECORD_OVERFLOW:
500 str="record overflow";
501 break;
502 case TLS1_AD_UNKNOWN_CA:
503 str="unknown CA";
504 break;
505 case TLS1_AD_ACCESS_DENIED:
506 str="access denied";
507 break;
508 case TLS1_AD_DECODE_ERROR:
509 str="decode error";
510 break;
511 case TLS1_AD_DECRYPT_ERROR:
512 str="decrypt error";
513 break;
514 case TLS1_AD_EXPORT_RESTRICTION:
515 str="export restriction";
516 break;
517 case TLS1_AD_PROTOCOL_VERSION:
518 str="protocol version";
519 break;
520 case TLS1_AD_INSUFFICIENT_SECURITY:
521 str="insufficient security";
522 break;
523 case TLS1_AD_INTERNAL_ERROR:
524 str="internal error";
525 break;
526 case TLS1_AD_USER_CANCELLED:
527 str="user canceled";
528 break;
529 case TLS1_AD_NO_RENEGOTIATION:
530 str="no renegotiation";
531 break;
532 case TLS1_AD_UNSUPPORTED_EXTENSION:
533 str="unsupported extension";
534 break;
535 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
536 str="certificate unobtainable";
537 break;
538 case TLS1_AD_UNRECOGNIZED_NAME:
539 str="unrecognized name";
540 break;
541 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
542 str="bad certificate status response";
543 break;
544 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
545 str="bad certificate hash value";
546 break;
547 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
548 str="unknown PSK identity";
549 break;
550 default: str="unknown"; break;
551 }
552 return(str);
553 }
554
555const char *SSL_rstate_string(const SSL *s)
556 {
557 const char *str;
558
559 switch (s->rstate)
560 {
561 case SSL_ST_READ_HEADER:str="RH"; break;
562 case SSL_ST_READ_BODY: str="RB"; break;
563 case SSL_ST_READ_DONE: str="RD"; break;
564 default: str="unknown"; break;
565 }
566 return(str);
567 }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index 3122440e26..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,240 +0,0 @@
1/* ssl/ssl_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include <openssl/buffer.h>
87#include "ssl_locl.h"
88
89#ifndef OPENSSL_NO_FP_API
90int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
91 {
92 BIO *b;
93 int ret;
94
95 if ((b=BIO_new(BIO_s_file_internal())) == NULL)
96 {
97 SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
98 return(0);
99 }
100 BIO_set_fp(b,fp,BIO_NOCLOSE);
101 ret=SSL_SESSION_print(b,x);
102 BIO_free(b);
103 return(ret);
104 }
105#endif
106
107int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
108 {
109 unsigned int i;
110 const char *s;
111
112 if (x == NULL) goto err;
113 if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
114 if (x->ssl_version == SSL2_VERSION)
115 s="SSLv2";
116 else if (x->ssl_version == SSL3_VERSION)
117 s="SSLv3";
118 else if (x->ssl_version == TLS1_VERSION)
119 s="TLSv1";
120 else if (x->ssl_version == DTLS1_VERSION)
121 s="DTLSv1";
122 else if (x->ssl_version == DTLS1_BAD_VER)
123 s="DTLSv1-bad";
124 else
125 s="unknown";
126 if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
127
128 if (x->cipher == NULL)
129 {
130 if (((x->cipher_id) & 0xff000000) == 0x02000000)
131 {
132 if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
133 goto err;
134 }
135 else
136 {
137 if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
138 goto err;
139 }
140 }
141 else
142 {
143 if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
144 goto err;
145 }
146 if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
147 for (i=0; i<x->session_id_length; i++)
148 {
149 if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
150 }
151 if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
152 for (i=0; i<x->sid_ctx_length; i++)
153 {
154 if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
155 goto err;
156 }
157 if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
158 for (i=0; i<(unsigned int)x->master_key_length; i++)
159 {
160 if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
161 }
162 if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
163 if (x->key_arg_length == 0)
164 {
165 if (BIO_puts(bp,"None") <= 0) goto err;
166 }
167 else
168 for (i=0; i<x->key_arg_length; i++)
169 {
170 if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
171 }
172#ifndef OPENSSL_NO_KRB5
173 if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err;
174 if (x->krb5_client_princ_len == 0)
175 {
176 if (BIO_puts(bp,"None") <= 0) goto err;
177 }
178 else
179 for (i=0; i<x->krb5_client_princ_len; i++)
180 {
181 if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
182 }
183#endif /* OPENSSL_NO_KRB5 */
184#ifndef OPENSSL_NO_PSK
185 if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err;
186 if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
187 if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err;
188 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
189#endif
190#ifndef OPENSSL_NO_TLSEXT
191 if (x->tlsext_tick_lifetime_hint)
192 {
193 if (BIO_printf(bp,
194 "\n TLS session ticket lifetime hint: %ld (seconds)",
195 x->tlsext_tick_lifetime_hint) <=0)
196 goto err;
197 }
198 if (x->tlsext_tick)
199 {
200 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
201 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
202 goto err;
203 }
204#endif
205
206#ifndef OPENSSL_NO_COMP
207 if (x->compress_meth != 0)
208 {
209 SSL_COMP *comp = NULL;
210
211 ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp);
212 if (comp == NULL)
213 {
214 if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
215 }
216 else
217 {
218 if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
219 }
220 }
221#endif
222 if (x->time != 0L)
223 {
224 if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
225 }
226 if (x->timeout != 0L)
227 {
228 if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
229 }
230 if (BIO_puts(bp,"\n") <= 0) goto err;
231
232 if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
233 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
234 X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
235
236 return(1);
237err:
238 return(0);
239 }
240
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
deleted file mode 100644
index c87af17712..0000000000
--- a/src/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,79 +0,0 @@
1/* ssl/t1_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65
66static const SSL_METHOD *tls1_get_client_method(int ver);
67static const SSL_METHOD *tls1_get_client_method(int ver)
68 {
69 if (ver == TLS1_VERSION)
70 return(TLSv1_client_method());
71 else
72 return(NULL);
73 }
74
75IMPLEMENT_tls1_meth_func(TLSv1_client_method,
76 ssl_undefined_function,
77 ssl3_connect,
78 tls1_get_client_method)
79
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 793ea43e90..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,1045 +0,0 @@
1/* ssl/t1_enc.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139#include "ssl_locl.h"
140#ifndef OPENSSL_NO_COMP
141#include <openssl/comp.h>
142#endif
143#include <openssl/evp.h>
144#include <openssl/hmac.h>
145#include <openssl/md5.h>
146#ifdef KSSL_DEBUG
147#include <openssl/des.h>
148#endif
149
150/* seed1 through seed5 are virtually concatenated */
151static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
152 int sec_len,
153 const void *seed1, int seed1_len,
154 const void *seed2, int seed2_len,
155 const void *seed3, int seed3_len,
156 const void *seed4, int seed4_len,
157 const void *seed5, int seed5_len,
158 unsigned char *out, int olen)
159 {
160 int chunk;
161 unsigned int j;
162 HMAC_CTX ctx;
163 HMAC_CTX ctx_tmp;
164 unsigned char A1[EVP_MAX_MD_SIZE];
165 unsigned int A1_len;
166 int ret = 0;
167
168 chunk=EVP_MD_size(md);
169 OPENSSL_assert(chunk >= 0);
170
171 HMAC_CTX_init(&ctx);
172 HMAC_CTX_init(&ctx_tmp);
173 if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
174 goto err;
175 if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
176 goto err;
177 if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
178 goto err;
179 if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
180 goto err;
181 if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
182 goto err;
183 if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
184 goto err;
185 if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
186 goto err;
187 if (!HMAC_Final(&ctx,A1,&A1_len))
188 goto err;
189
190 for (;;)
191 {
192 if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
193 goto err;
194 if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
195 goto err;
196 if (!HMAC_Update(&ctx,A1,A1_len))
197 goto err;
198 if (!HMAC_Update(&ctx_tmp,A1,A1_len))
199 goto err;
200 if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
201 goto err;
202 if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
203 goto err;
204 if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
205 goto err;
206 if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
207 goto err;
208 if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
209 goto err;
210
211 if (olen > chunk)
212 {
213 if (!HMAC_Final(&ctx,out,&j))
214 goto err;
215 out+=j;
216 olen-=j;
217 if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
218 goto err;
219 }
220 else /* last one */
221 {
222 if (!HMAC_Final(&ctx,A1,&A1_len))
223 goto err;
224 memcpy(out,A1,olen);
225 break;
226 }
227 }
228 ret = 1;
229err:
230 HMAC_CTX_cleanup(&ctx);
231 HMAC_CTX_cleanup(&ctx_tmp);
232 OPENSSL_cleanse(A1,sizeof(A1));
233 return ret;
234 }
235
236/* seed1 through seed5 are virtually concatenated */
237static int tls1_PRF(long digest_mask,
238 const void *seed1, int seed1_len,
239 const void *seed2, int seed2_len,
240 const void *seed3, int seed3_len,
241 const void *seed4, int seed4_len,
242 const void *seed5, int seed5_len,
243 const unsigned char *sec, int slen,
244 unsigned char *out1,
245 unsigned char *out2, int olen)
246 {
247 int len,i,idx,count;
248 const unsigned char *S1;
249 long m;
250 const EVP_MD *md;
251 int ret = 0;
252
253 /* Count number of digests and partition sec evenly */
254 count=0;
255 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
256 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
257 }
258 len=slen/count;
259 S1=sec;
260 memset(out1,0,olen);
261 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
262 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
263 if (!md) {
264 SSLerr(SSL_F_TLS1_PRF,
265 SSL_R_UNSUPPORTED_DIGEST_TYPE);
266 goto err;
267 }
268 if (!tls1_P_hash(md ,S1,len+(slen&1),
269 seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
270 out2,olen))
271 goto err;
272 S1+=len;
273 for (i=0; i<olen; i++)
274 {
275 out1[i]^=out2[i];
276 }
277 }
278 }
279 ret = 1;
280err:
281 return ret;
282}
283static int tls1_generate_key_block(SSL *s, unsigned char *km,
284 unsigned char *tmp, int num)
285 {
286 int ret;
287 ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
288 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
289 s->s3->server_random,SSL3_RANDOM_SIZE,
290 s->s3->client_random,SSL3_RANDOM_SIZE,
291 NULL,0,NULL,0,
292 s->session->master_key,s->session->master_key_length,
293 km,tmp,num);
294#ifdef KSSL_DEBUG
295 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
296 s->session->master_key_length);
297 {
298 int i;
299 for (i=0; i < s->session->master_key_length; i++)
300 {
301 printf("%02X", s->session->master_key[i]);
302 }
303 printf("\n"); }
304#endif /* KSSL_DEBUG */
305 return ret;
306 }
307
308int tls1_change_cipher_state(SSL *s, int which)
309 {
310 static const unsigned char empty[]="";
311 unsigned char *p,*mac_secret;
312 unsigned char *exp_label;
313 unsigned char tmp1[EVP_MAX_KEY_LENGTH];
314 unsigned char tmp2[EVP_MAX_KEY_LENGTH];
315 unsigned char iv1[EVP_MAX_IV_LENGTH*2];
316 unsigned char iv2[EVP_MAX_IV_LENGTH*2];
317 unsigned char *ms,*key,*iv;
318 int client_write;
319 EVP_CIPHER_CTX *dd;
320 const EVP_CIPHER *c;
321#ifndef OPENSSL_NO_COMP
322 const SSL_COMP *comp;
323#endif
324 const EVP_MD *m;
325 int mac_type;
326 int *mac_secret_size;
327 EVP_MD_CTX *mac_ctx;
328 EVP_PKEY *mac_key;
329 int is_export,n,i,j,k,exp_label_len,cl;
330 int reuse_dd = 0;
331
332 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
333 c=s->s3->tmp.new_sym_enc;
334 m=s->s3->tmp.new_hash;
335 mac_type = s->s3->tmp.new_mac_pkey_type;
336#ifndef OPENSSL_NO_COMP
337 comp=s->s3->tmp.new_compression;
338#endif
339
340#ifdef KSSL_DEBUG
341 printf("tls1_change_cipher_state(which= %d) w/\n", which);
342 printf("\talg= %ld/%ld, comp= %p\n",
343 s->s3->tmp.new_cipher->algorithm_mkey,
344 s->s3->tmp.new_cipher->algorithm_auth,
345 comp);
346 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
347 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
348 c->nid,c->block_size,c->key_len,c->iv_len);
349 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
350 {
351 int i;
352 for (i=0; i<s->s3->tmp.key_block_length; i++)
353 printf("%02x", key_block[i]); printf("\n");
354 }
355#endif /* KSSL_DEBUG */
356
357 if (which & SSL3_CC_READ)
358 {
359 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
360 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
361 else
362 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
363
364 if (s->enc_read_ctx != NULL)
365 reuse_dd = 1;
366 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
367 goto err;
368 else
369 /* make sure it's intialized in case we exit later with an error */
370 EVP_CIPHER_CTX_init(s->enc_read_ctx);
371 dd= s->enc_read_ctx;
372 mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
373#ifndef OPENSSL_NO_COMP
374 if (s->expand != NULL)
375 {
376 COMP_CTX_free(s->expand);
377 s->expand=NULL;
378 }
379 if (comp != NULL)
380 {
381 s->expand=COMP_CTX_new(comp->method);
382 if (s->expand == NULL)
383 {
384 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
385 goto err2;
386 }
387 if (s->s3->rrec.comp == NULL)
388 s->s3->rrec.comp=(unsigned char *)
389 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
390 if (s->s3->rrec.comp == NULL)
391 goto err;
392 }
393#endif
394 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
395 if (s->version != DTLS1_VERSION)
396 memset(&(s->s3->read_sequence[0]),0,8);
397 mac_secret= &(s->s3->read_mac_secret[0]);
398 mac_secret_size=&(s->s3->read_mac_secret_size);
399 }
400 else
401 {
402 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
403 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
404 else
405 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
406 if (s->enc_write_ctx != NULL)
407 reuse_dd = 1;
408 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
409 goto err;
410 else
411 /* make sure it's intialized in case we exit later with an error */
412 EVP_CIPHER_CTX_init(s->enc_write_ctx);
413 dd= s->enc_write_ctx;
414 mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
415#ifndef OPENSSL_NO_COMP
416 if (s->compress != NULL)
417 {
418 COMP_CTX_free(s->compress);
419 s->compress=NULL;
420 }
421 if (comp != NULL)
422 {
423 s->compress=COMP_CTX_new(comp->method);
424 if (s->compress == NULL)
425 {
426 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
427 goto err2;
428 }
429 }
430#endif
431 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
432 if (s->version != DTLS1_VERSION)
433 memset(&(s->s3->write_sequence[0]),0,8);
434 mac_secret= &(s->s3->write_mac_secret[0]);
435 mac_secret_size = &(s->s3->write_mac_secret_size);
436 }
437
438 if (reuse_dd)
439 EVP_CIPHER_CTX_cleanup(dd);
440
441 p=s->s3->tmp.key_block;
442 i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
443
444 cl=EVP_CIPHER_key_length(c);
445 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
446 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
447 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
448 k=EVP_CIPHER_iv_length(c);
449 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
450 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
451 {
452 ms= &(p[ 0]); n=i+i;
453 key= &(p[ n]); n+=j+j;
454 iv= &(p[ n]); n+=k+k;
455 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
456 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
457 client_write=1;
458 }
459 else
460 {
461 n=i;
462 ms= &(p[ n]); n+=i+j;
463 key= &(p[ n]); n+=j+k;
464 iv= &(p[ n]); n+=k;
465 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
466 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
467 client_write=0;
468 }
469
470 if (n > s->s3->tmp.key_block_length)
471 {
472 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
473 goto err2;
474 }
475
476 memcpy(mac_secret,ms,i);
477 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
478 mac_secret,*mac_secret_size);
479 EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
480 EVP_PKEY_free(mac_key);
481#ifdef TLS_DEBUG
482printf("which = %04X\nmac key=",which);
483{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
484#endif
485 if (is_export)
486 {
487 /* In here I set both the read and write key/iv to the
488 * same value since only the correct one will be used :-).
489 */
490 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
491 exp_label,exp_label_len,
492 s->s3->client_random,SSL3_RANDOM_SIZE,
493 s->s3->server_random,SSL3_RANDOM_SIZE,
494 NULL,0,NULL,0,
495 key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
496 goto err2;
497 key=tmp1;
498
499 if (k > 0)
500 {
501 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
502 TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
503 s->s3->client_random,SSL3_RANDOM_SIZE,
504 s->s3->server_random,SSL3_RANDOM_SIZE,
505 NULL,0,NULL,0,
506 empty,0,iv1,iv2,k*2))
507 goto err2;
508 if (client_write)
509 iv=iv1;
510 else
511 iv= &(iv1[k]);
512 }
513 }
514
515 s->session->key_arg_length=0;
516#ifdef KSSL_DEBUG
517 {
518 int i;
519 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
520 printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
521 printf("\n");
522 printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
523 printf("\n");
524 }
525#endif /* KSSL_DEBUG */
526
527 EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
528#ifdef TLS_DEBUG
529printf("which = %04X\nkey=",which);
530{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
531printf("\niv=");
532{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
533printf("\n");
534#endif
535
536 OPENSSL_cleanse(tmp1,sizeof(tmp1));
537 OPENSSL_cleanse(tmp2,sizeof(tmp1));
538 OPENSSL_cleanse(iv1,sizeof(iv1));
539 OPENSSL_cleanse(iv2,sizeof(iv2));
540 return(1);
541err:
542 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
543err2:
544 return(0);
545 }
546
547int tls1_setup_key_block(SSL *s)
548 {
549 unsigned char *p1,*p2=NULL;
550 const EVP_CIPHER *c;
551 const EVP_MD *hash;
552 int num;
553 SSL_COMP *comp;
554 int mac_type= NID_undef,mac_secret_size=0;
555 int ret=0;
556
557#ifdef KSSL_DEBUG
558 printf ("tls1_setup_key_block()\n");
559#endif /* KSSL_DEBUG */
560
561 if (s->s3->tmp.key_block_length != 0)
562 return(1);
563
564 if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp))
565 {
566 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
567 return(0);
568 }
569
570 s->s3->tmp.new_sym_enc=c;
571 s->s3->tmp.new_hash=hash;
572 s->s3->tmp.new_mac_pkey_type = mac_type;
573 s->s3->tmp.new_mac_secret_size = mac_secret_size;
574 num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
575 num*=2;
576
577 ssl3_cleanup_key_block(s);
578
579 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
580 {
581 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
582 goto err;
583 }
584
585 s->s3->tmp.key_block_length=num;
586 s->s3->tmp.key_block=p1;
587
588 if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
589 {
590 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
591 goto err;
592 }
593
594#ifdef TLS_DEBUG
595printf("client random\n");
596{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
597printf("server random\n");
598{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
599printf("pre-master\n");
600{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
601#endif
602 if (!tls1_generate_key_block(s,p1,p2,num))
603 goto err;
604#ifdef TLS_DEBUG
605printf("\nkey block\n");
606{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
607#endif
608
609 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
610 {
611 /* enable vulnerability countermeasure for CBC ciphers with
612 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
613 */
614 s->s3->need_empty_fragments = 1;
615
616 if (s->session->cipher != NULL)
617 {
618 if (s->session->cipher->algorithm_enc == SSL_eNULL)
619 s->s3->need_empty_fragments = 0;
620
621#ifndef OPENSSL_NO_RC4
622 if (s->session->cipher->algorithm_enc == SSL_RC4)
623 s->s3->need_empty_fragments = 0;
624#endif
625 }
626 }
627
628 ret = 1;
629err:
630 if (p2)
631 {
632 OPENSSL_cleanse(p2,num);
633 OPENSSL_free(p2);
634 }
635 return(ret);
636 }
637
638int tls1_enc(SSL *s, int send)
639 {
640 SSL3_RECORD *rec;
641 EVP_CIPHER_CTX *ds;
642 unsigned long l;
643 int bs,i,ii,j,k,n=0;
644 const EVP_CIPHER *enc;
645
646 if (send)
647 {
648 if (EVP_MD_CTX_md(s->write_hash))
649 {
650 n=EVP_MD_CTX_size(s->write_hash);
651 OPENSSL_assert(n >= 0);
652 }
653 ds=s->enc_write_ctx;
654 rec= &(s->s3->wrec);
655 if (s->enc_write_ctx == NULL)
656 enc=NULL;
657 else
658 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
659 }
660 else
661 {
662 if (EVP_MD_CTX_md(s->read_hash))
663 {
664 n=EVP_MD_CTX_size(s->read_hash);
665 OPENSSL_assert(n >= 0);
666 }
667 ds=s->enc_read_ctx;
668 rec= &(s->s3->rrec);
669 if (s->enc_read_ctx == NULL)
670 enc=NULL;
671 else
672 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
673 }
674
675#ifdef KSSL_DEBUG
676 printf("tls1_enc(%d)\n", send);
677#endif /* KSSL_DEBUG */
678
679 if ((s->session == NULL) || (ds == NULL) ||
680 (enc == NULL))
681 {
682 memmove(rec->data,rec->input,rec->length);
683 rec->input=rec->data;
684 }
685 else
686 {
687 l=rec->length;
688 bs=EVP_CIPHER_block_size(ds->cipher);
689
690 if ((bs != 1) && send)
691 {
692 i=bs-((int)l%bs);
693
694 /* Add weird padding of upto 256 bytes */
695
696 /* we need to add 'i' padding bytes of value j */
697 j=i-1;
698 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
699 {
700 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
701 j++;
702 }
703 for (k=(int)l; k<(int)(l+i); k++)
704 rec->input[k]=j;
705 l+=i;
706 rec->length+=i;
707 }
708
709#ifdef KSSL_DEBUG
710 {
711 unsigned long ui;
712 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
713 ds,rec->data,rec->input,l);
714 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
715 ds->buf_len, ds->cipher->key_len,
716 DES_KEY_SZ, DES_SCHEDULE_SZ,
717 ds->cipher->iv_len);
718 printf("\t\tIV: ");
719 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
720 printf("\n");
721 printf("\trec->input=");
722 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
723 printf("\n");
724 }
725#endif /* KSSL_DEBUG */
726
727 if (!send)
728 {
729 if (l == 0 || l%bs != 0)
730 {
731 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
732 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
733 return 0;
734 }
735 }
736
737 EVP_Cipher(ds,rec->data,rec->input,l);
738
739#ifdef KSSL_DEBUG
740 {
741 unsigned long i;
742 printf("\trec->data=");
743 for (i=0; i<l; i++)
744 printf(" %02x", rec->data[i]); printf("\n");
745 }
746#endif /* KSSL_DEBUG */
747
748 if ((bs != 1) && !send)
749 {
750 ii=i=rec->data[l-1]; /* padding_length */
751 i++;
752 /* NB: if compression is in operation the first packet
753 * may not be of even length so the padding bug check
754 * cannot be performed. This bug workaround has been
755 * around since SSLeay so hopefully it is either fixed
756 * now or no buggy implementation supports compression
757 * [steve]
758 */
759 if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
760 && !s->expand)
761 {
762 /* First packet is even in size, so check */
763 if ((memcmp(s->s3->read_sequence,
764 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
765 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
766 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
767 i--;
768 }
769 /* TLS 1.0 does not bound the number of padding bytes by the block size.
770 * All of them must have value 'padding_length'. */
771 if (i > (int)rec->length)
772 {
773 /* Incorrect padding. SSLerr() and ssl3_alert are done
774 * by caller: we don't want to reveal whether this is
775 * a decryption error or a MAC verification failure
776 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
777 return -1;
778 }
779 for (j=(int)(l-i); j<(int)l; j++)
780 {
781 if (rec->data[j] != ii)
782 {
783 /* Incorrect padding */
784 return -1;
785 }
786 }
787 rec->length-=i;
788 }
789 }
790 return(1);
791 }
792int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
793 {
794 unsigned int ret;
795 EVP_MD_CTX ctx, *d=NULL;
796 int i;
797
798 if (s->s3->handshake_buffer)
799 if (!ssl3_digest_cached_records(s))
800 return 0;
801
802 for (i=0;i<SSL_MAX_DIGEST;i++)
803 {
804 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
805 {
806 d=s->s3->handshake_dgst[i];
807 break;
808 }
809 }
810 if (!d) {
811 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
812 return 0;
813 }
814
815 EVP_MD_CTX_init(&ctx);
816 EVP_MD_CTX_copy_ex(&ctx,d);
817 EVP_DigestFinal_ex(&ctx,out,&ret);
818 EVP_MD_CTX_cleanup(&ctx);
819 return((int)ret);
820 }
821
822int tls1_final_finish_mac(SSL *s,
823 const char *str, int slen, unsigned char *out)
824 {
825 unsigned int i;
826 EVP_MD_CTX ctx;
827 unsigned char buf[2*EVP_MAX_MD_SIZE];
828 unsigned char *q,buf2[12];
829 int idx;
830 long mask;
831 int err=0;
832 const EVP_MD *md;
833
834 q=buf;
835
836 if (s->s3->handshake_buffer)
837 if (!ssl3_digest_cached_records(s))
838 return 0;
839
840 EVP_MD_CTX_init(&ctx);
841
842 for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
843 {
844 if (mask & s->s3->tmp.new_cipher->algorithm2)
845 {
846 int hashsize = EVP_MD_size(md);
847 if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
848 {
849 /* internal error: 'buf' is too small for this cipersuite! */
850 err = 1;
851 }
852 else
853 {
854 EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
855 EVP_DigestFinal_ex(&ctx,q,&i);
856 if (i != (unsigned int)hashsize) /* can't really happen */
857 err = 1;
858 q+=i;
859 }
860 }
861 }
862
863 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
864 str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
865 s->session->master_key,s->session->master_key_length,
866 out,buf2,sizeof buf2))
867 err = 1;
868 EVP_MD_CTX_cleanup(&ctx);
869
870 if (err)
871 return 0;
872 else
873 return sizeof buf2;
874 }
875
876int tls1_mac(SSL *ssl, unsigned char *md, int send)
877 {
878 SSL3_RECORD *rec;
879 unsigned char *seq;
880 EVP_MD_CTX *hash;
881 size_t md_size;
882 int i;
883 EVP_MD_CTX hmac, *mac_ctx;
884 unsigned char buf[5];
885 int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
886 int t;
887
888 if (send)
889 {
890 rec= &(ssl->s3->wrec);
891 seq= &(ssl->s3->write_sequence[0]);
892 hash=ssl->write_hash;
893 }
894 else
895 {
896 rec= &(ssl->s3->rrec);
897 seq= &(ssl->s3->read_sequence[0]);
898 hash=ssl->read_hash;
899 }
900
901 t=EVP_MD_CTX_size(hash);
902 OPENSSL_assert(t >= 0);
903 md_size=t;
904
905 buf[0]=rec->type;
906 buf[1]=(unsigned char)(ssl->version>>8);
907 buf[2]=(unsigned char)(ssl->version);
908 buf[3]=rec->length>>8;
909 buf[4]=rec->length&0xff;
910
911 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
912 if (stream_mac)
913 {
914 mac_ctx = hash;
915 }
916 else
917 {
918 EVP_MD_CTX_copy(&hmac,hash);
919 mac_ctx = &hmac;
920 }
921
922 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
923 {
924 unsigned char dtlsseq[8],*p=dtlsseq;
925
926 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
927 memcpy (p,&seq[2],6);
928
929 EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
930 }
931 else
932 EVP_DigestSignUpdate(mac_ctx,seq,8);
933
934 EVP_DigestSignUpdate(mac_ctx,buf,5);
935 EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
936 t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
937 OPENSSL_assert(t > 0);
938
939 if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
940#ifdef TLS_DEBUG
941printf("sec=");
942{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
943printf("seq=");
944{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
945printf("buf=");
946{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
947printf("rec=");
948{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
949#endif
950
951 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
952 {
953 for (i=7; i>=0; i--)
954 {
955 ++seq[i];
956 if (seq[i] != 0) break;
957 }
958 }
959
960#ifdef TLS_DEBUG
961{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
962#endif
963 return(md_size);
964 }
965
966int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
967 int len)
968 {
969 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
970 const void *co = NULL, *so = NULL;
971 int col = 0, sol = 0;
972
973#ifdef KSSL_DEBUG
974 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
975#endif /* KSSL_DEBUG */
976
977#ifdef TLSEXT_TYPE_opaque_prf_input
978 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
979 s->s3->client_opaque_prf_input_len > 0 &&
980 s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
981 {
982 co = s->s3->client_opaque_prf_input;
983 col = s->s3->server_opaque_prf_input_len;
984 so = s->s3->server_opaque_prf_input;
985 sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
986 }
987#endif
988
989 tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
990 TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
991 s->s3->client_random,SSL3_RANDOM_SIZE,
992 co, col,
993 s->s3->server_random,SSL3_RANDOM_SIZE,
994 so, sol,
995 p,len,
996 s->session->master_key,buff,sizeof buff);
997
998#ifdef KSSL_DEBUG
999 printf ("tls1_generate_master_secret() complete\n");
1000#endif /* KSSL_DEBUG */
1001 return(SSL3_MASTER_SECRET_SIZE);
1002 }
1003
1004int tls1_alert_code(int code)
1005 {
1006 switch (code)
1007 {
1008 case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
1009 case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
1010 case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
1011 case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
1012 case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
1013 case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
1014 case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
1015 case SSL_AD_NO_CERTIFICATE: return(-1);
1016 case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
1017 case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
1018 case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
1019 case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
1020 case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
1021 case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
1022 case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
1023 case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
1024 case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
1025 case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
1026 case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
1027 case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
1028 case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
1029 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
1030 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
1031 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
1032 case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
1033 case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
1034 case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
1035 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
1036 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
1037 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
1038#if 0 /* not appropriate for TLS, not used for DTLS */
1039 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
1040 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1041#endif
1042 default: return(-1);
1043 }
1044 }
1045
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index 26cbae449e..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,1753 +0,0 @@
1/* ssl/t1_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <openssl/objects.h>
114#include <openssl/evp.h>
115#include <openssl/hmac.h>
116#include <openssl/ocsp.h>
117#include "ssl_locl.h"
118
119const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
120
121#ifndef OPENSSL_NO_TLSEXT
122static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
123 const unsigned char *sess_id, int sesslen,
124 SSL_SESSION **psess);
125#endif
126
127SSL3_ENC_METHOD TLSv1_enc_data={
128 tls1_enc,
129 tls1_mac,
130 tls1_setup_key_block,
131 tls1_generate_master_secret,
132 tls1_change_cipher_state,
133 tls1_final_finish_mac,
134 TLS1_FINISH_MAC_LENGTH,
135 tls1_cert_verify_mac,
136 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
137 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
138 tls1_alert_code,
139 };
140
141long tls1_default_timeout(void)
142 {
143 /* 2 hours, the 24 hours mentioned in the TLSv1 spec
144 * is way too long for http, the cache would over fill */
145 return(60*60*2);
146 }
147
148int tls1_new(SSL *s)
149 {
150 if (!ssl3_new(s)) return(0);
151 s->method->ssl_clear(s);
152 return(1);
153 }
154
155void tls1_free(SSL *s)
156 {
157#ifndef OPENSSL_NO_TLSEXT
158 if (s->tlsext_session_ticket)
159 {
160 OPENSSL_free(s->tlsext_session_ticket);
161 }
162#endif /* OPENSSL_NO_TLSEXT */
163 ssl3_free(s);
164 }
165
166void tls1_clear(SSL *s)
167 {
168 ssl3_clear(s);
169 s->version=TLS1_VERSION;
170 }
171
172#ifndef OPENSSL_NO_EC
173static int nid_list[] =
174 {
175 NID_sect163k1, /* sect163k1 (1) */
176 NID_sect163r1, /* sect163r1 (2) */
177 NID_sect163r2, /* sect163r2 (3) */
178 NID_sect193r1, /* sect193r1 (4) */
179 NID_sect193r2, /* sect193r2 (5) */
180 NID_sect233k1, /* sect233k1 (6) */
181 NID_sect233r1, /* sect233r1 (7) */
182 NID_sect239k1, /* sect239k1 (8) */
183 NID_sect283k1, /* sect283k1 (9) */
184 NID_sect283r1, /* sect283r1 (10) */
185 NID_sect409k1, /* sect409k1 (11) */
186 NID_sect409r1, /* sect409r1 (12) */
187 NID_sect571k1, /* sect571k1 (13) */
188 NID_sect571r1, /* sect571r1 (14) */
189 NID_secp160k1, /* secp160k1 (15) */
190 NID_secp160r1, /* secp160r1 (16) */
191 NID_secp160r2, /* secp160r2 (17) */
192 NID_secp192k1, /* secp192k1 (18) */
193 NID_X9_62_prime192v1, /* secp192r1 (19) */
194 NID_secp224k1, /* secp224k1 (20) */
195 NID_secp224r1, /* secp224r1 (21) */
196 NID_secp256k1, /* secp256k1 (22) */
197 NID_X9_62_prime256v1, /* secp256r1 (23) */
198 NID_secp384r1, /* secp384r1 (24) */
199 NID_secp521r1 /* secp521r1 (25) */
200 };
201
202int tls1_ec_curve_id2nid(int curve_id)
203 {
204 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
205 if ((curve_id < 1) || ((unsigned int)curve_id >
206 sizeof(nid_list)/sizeof(nid_list[0])))
207 return 0;
208 return nid_list[curve_id-1];
209 }
210
211int tls1_ec_nid2curve_id(int nid)
212 {
213 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
214 switch (nid)
215 {
216 case NID_sect163k1: /* sect163k1 (1) */
217 return 1;
218 case NID_sect163r1: /* sect163r1 (2) */
219 return 2;
220 case NID_sect163r2: /* sect163r2 (3) */
221 return 3;
222 case NID_sect193r1: /* sect193r1 (4) */
223 return 4;
224 case NID_sect193r2: /* sect193r2 (5) */
225 return 5;
226 case NID_sect233k1: /* sect233k1 (6) */
227 return 6;
228 case NID_sect233r1: /* sect233r1 (7) */
229 return 7;
230 case NID_sect239k1: /* sect239k1 (8) */
231 return 8;
232 case NID_sect283k1: /* sect283k1 (9) */
233 return 9;
234 case NID_sect283r1: /* sect283r1 (10) */
235 return 10;
236 case NID_sect409k1: /* sect409k1 (11) */
237 return 11;
238 case NID_sect409r1: /* sect409r1 (12) */
239 return 12;
240 case NID_sect571k1: /* sect571k1 (13) */
241 return 13;
242 case NID_sect571r1: /* sect571r1 (14) */
243 return 14;
244 case NID_secp160k1: /* secp160k1 (15) */
245 return 15;
246 case NID_secp160r1: /* secp160r1 (16) */
247 return 16;
248 case NID_secp160r2: /* secp160r2 (17) */
249 return 17;
250 case NID_secp192k1: /* secp192k1 (18) */
251 return 18;
252 case NID_X9_62_prime192v1: /* secp192r1 (19) */
253 return 19;
254 case NID_secp224k1: /* secp224k1 (20) */
255 return 20;
256 case NID_secp224r1: /* secp224r1 (21) */
257 return 21;
258 case NID_secp256k1: /* secp256k1 (22) */
259 return 22;
260 case NID_X9_62_prime256v1: /* secp256r1 (23) */
261 return 23;
262 case NID_secp384r1: /* secp384r1 (24) */
263 return 24;
264 case NID_secp521r1: /* secp521r1 (25) */
265 return 25;
266 default:
267 return 0;
268 }
269 }
270#endif /* OPENSSL_NO_EC */
271
272#ifndef OPENSSL_NO_TLSEXT
273unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
274 {
275 int extdatalen=0;
276 unsigned char *ret = p;
277
278 /* don't add extensions for SSLv3 unless doing secure renegotiation */
279 if (s->client_version == SSL3_VERSION
280 && !s->s3->send_connection_binding)
281 return p;
282
283 ret+=2;
284
285 if (ret>=limit) return NULL; /* this really never occurs, but ... */
286
287 if (s->tlsext_hostname != NULL)
288 {
289 /* Add TLS extension servername to the Client Hello message */
290 unsigned long size_str;
291 long lenmax;
292
293 /* check for enough space.
294 4 for the servername type and entension length
295 2 for servernamelist length
296 1 for the hostname type
297 2 for hostname length
298 + hostname length
299 */
300
301 if ((lenmax = limit - ret - 9) < 0
302 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
303 return NULL;
304
305 /* extension type and length */
306 s2n(TLSEXT_TYPE_server_name,ret);
307 s2n(size_str+5,ret);
308
309 /* length of servername list */
310 s2n(size_str+3,ret);
311
312 /* hostname type, length and hostname */
313 *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
314 s2n(size_str,ret);
315 memcpy(ret, s->tlsext_hostname, size_str);
316 ret+=size_str;
317 }
318
319 /* Add RI if renegotiating */
320 if (s->new_session)
321 {
322 int el;
323
324 if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
325 {
326 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
327 return NULL;
328 }
329
330 if((limit - p - 4 - el) < 0) return NULL;
331
332 s2n(TLSEXT_TYPE_renegotiate,ret);
333 s2n(el,ret);
334
335 if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
336 {
337 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
338 return NULL;
339 }
340
341 ret += el;
342 }
343
344#ifndef OPENSSL_NO_EC
345 if (s->tlsext_ecpointformatlist != NULL &&
346 s->version != DTLS1_VERSION)
347 {
348 /* Add TLS extension ECPointFormats to the ClientHello message */
349 long lenmax;
350
351 if ((lenmax = limit - ret - 5) < 0) return NULL;
352 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
353 if (s->tlsext_ecpointformatlist_length > 255)
354 {
355 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
356 return NULL;
357 }
358
359 s2n(TLSEXT_TYPE_ec_point_formats,ret);
360 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
361 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
362 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
363 ret+=s->tlsext_ecpointformatlist_length;
364 }
365 if (s->tlsext_ellipticcurvelist != NULL &&
366 s->version != DTLS1_VERSION)
367 {
368 /* Add TLS extension EllipticCurves to the ClientHello message */
369 long lenmax;
370
371 if ((lenmax = limit - ret - 6) < 0) return NULL;
372 if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
373 if (s->tlsext_ellipticcurvelist_length > 65532)
374 {
375 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
376 return NULL;
377 }
378
379 s2n(TLSEXT_TYPE_elliptic_curves,ret);
380 s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
381
382 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
383 * elliptic_curve_list, but the examples use two bytes.
384 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
385 * resolves this to two bytes.
386 */
387 s2n(s->tlsext_ellipticcurvelist_length, ret);
388 memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
389 ret+=s->tlsext_ellipticcurvelist_length;
390 }
391#endif /* OPENSSL_NO_EC */
392
393 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
394 {
395 int ticklen;
396 if (!s->new_session && s->session && s->session->tlsext_tick)
397 ticklen = s->session->tlsext_ticklen;
398 else if (s->session && s->tlsext_session_ticket &&
399 s->tlsext_session_ticket->data)
400 {
401 ticklen = s->tlsext_session_ticket->length;
402 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
403 if (!s->session->tlsext_tick)
404 return NULL;
405 memcpy(s->session->tlsext_tick,
406 s->tlsext_session_ticket->data,
407 ticklen);
408 s->session->tlsext_ticklen = ticklen;
409 }
410 else
411 ticklen = 0;
412 if (ticklen == 0 && s->tlsext_session_ticket &&
413 s->tlsext_session_ticket->data == NULL)
414 goto skip_ext;
415 /* Check for enough room 2 for extension type, 2 for len
416 * rest for ticket
417 */
418 if ((long)(limit - ret - 4 - ticklen) < 0) return NULL;
419 s2n(TLSEXT_TYPE_session_ticket,ret);
420 s2n(ticklen,ret);
421 if (ticklen)
422 {
423 memcpy(ret, s->session->tlsext_tick, ticklen);
424 ret += ticklen;
425 }
426 }
427 skip_ext:
428
429#ifdef TLSEXT_TYPE_opaque_prf_input
430 if (s->s3->client_opaque_prf_input != NULL &&
431 s->version != DTLS1_VERSION)
432 {
433 size_t col = s->s3->client_opaque_prf_input_len;
434
435 if ((long)(limit - ret - 6 - col < 0))
436 return NULL;
437 if (col > 0xFFFD) /* can't happen */
438 return NULL;
439
440 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
441 s2n(col + 2, ret);
442 s2n(col, ret);
443 memcpy(ret, s->s3->client_opaque_prf_input, col);
444 ret += col;
445 }
446#endif
447
448 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
449 s->version != DTLS1_VERSION)
450 {
451 int i;
452 long extlen, idlen, itmp;
453 OCSP_RESPID *id;
454
455 idlen = 0;
456 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
457 {
458 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
459 itmp = i2d_OCSP_RESPID(id, NULL);
460 if (itmp <= 0)
461 return NULL;
462 idlen += itmp + 2;
463 }
464
465 if (s->tlsext_ocsp_exts)
466 {
467 extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
468 if (extlen < 0)
469 return NULL;
470 }
471 else
472 extlen = 0;
473
474 if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
475 s2n(TLSEXT_TYPE_status_request, ret);
476 if (extlen + idlen > 0xFFF0)
477 return NULL;
478 s2n(extlen + idlen + 5, ret);
479 *(ret++) = TLSEXT_STATUSTYPE_ocsp;
480 s2n(idlen, ret);
481 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
482 {
483 /* save position of id len */
484 unsigned char *q = ret;
485 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
486 /* skip over id len */
487 ret += 2;
488 itmp = i2d_OCSP_RESPID(id, &ret);
489 /* write id len */
490 s2n(itmp, q);
491 }
492 s2n(extlen, ret);
493 if (extlen > 0)
494 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
495 }
496
497 if ((extdatalen = ret-p-2)== 0)
498 return p;
499
500 s2n(extdatalen,p);
501 return ret;
502 }
503
504unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
505 {
506 int extdatalen=0;
507 unsigned char *ret = p;
508
509 /* don't add extensions for SSLv3, unless doing secure renegotiation */
510 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
511 return p;
512
513 ret+=2;
514 if (ret>=limit) return NULL; /* this really never occurs, but ... */
515
516 if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
517 {
518 if ((long)(limit - ret - 4) < 0) return NULL;
519
520 s2n(TLSEXT_TYPE_server_name,ret);
521 s2n(0,ret);
522 }
523
524 if(s->s3->send_connection_binding)
525 {
526 int el;
527
528 if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
529 {
530 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
531 return NULL;
532 }
533
534 if((limit - p - 4 - el) < 0) return NULL;
535
536 s2n(TLSEXT_TYPE_renegotiate,ret);
537 s2n(el,ret);
538
539 if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
540 {
541 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
542 return NULL;
543 }
544
545 ret += el;
546 }
547
548#ifndef OPENSSL_NO_EC
549 if (s->tlsext_ecpointformatlist != NULL &&
550 s->version != DTLS1_VERSION)
551 {
552 /* Add TLS extension ECPointFormats to the ServerHello message */
553 long lenmax;
554
555 if ((lenmax = limit - ret - 5) < 0) return NULL;
556 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
557 if (s->tlsext_ecpointformatlist_length > 255)
558 {
559 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
560 return NULL;
561 }
562
563 s2n(TLSEXT_TYPE_ec_point_formats,ret);
564 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
565 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
566 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
567 ret+=s->tlsext_ecpointformatlist_length;
568
569 }
570 /* Currently the server should not respond with a SupportedCurves extension */
571#endif /* OPENSSL_NO_EC */
572
573 if (s->tlsext_ticket_expected
574 && !(SSL_get_options(s) & SSL_OP_NO_TICKET))
575 {
576 if ((long)(limit - ret - 4) < 0) return NULL;
577 s2n(TLSEXT_TYPE_session_ticket,ret);
578 s2n(0,ret);
579 }
580
581 if (s->tlsext_status_expected)
582 {
583 if ((long)(limit - ret - 4) < 0) return NULL;
584 s2n(TLSEXT_TYPE_status_request,ret);
585 s2n(0,ret);
586 }
587
588#ifdef TLSEXT_TYPE_opaque_prf_input
589 if (s->s3->server_opaque_prf_input != NULL &&
590 s->version != DTLS1_VERSION)
591 {
592 size_t sol = s->s3->server_opaque_prf_input_len;
593
594 if ((long)(limit - ret - 6 - sol) < 0)
595 return NULL;
596 if (sol > 0xFFFD) /* can't happen */
597 return NULL;
598
599 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
600 s2n(sol + 2, ret);
601 s2n(sol, ret);
602 memcpy(ret, s->s3->server_opaque_prf_input, sol);
603 ret += sol;
604 }
605#endif
606 if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
607 && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
608 { const unsigned char cryptopro_ext[36] = {
609 0xfd, 0xe8, /*65000*/
610 0x00, 0x20, /*32 bytes length*/
611 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
612 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
613 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
614 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17};
615 if (limit-ret<36) return NULL;
616 memcpy(ret,cryptopro_ext,36);
617 ret+=36;
618
619 }
620
621 if ((extdatalen = ret-p-2)== 0)
622 return p;
623
624 s2n(extdatalen,p);
625 return ret;
626 }
627
628int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
629 {
630 unsigned short type;
631 unsigned short size;
632 unsigned short len;
633 unsigned char *data = *p;
634 int renegotiate_seen = 0;
635
636 s->servername_done = 0;
637 s->tlsext_status_type = -1;
638
639 if (data >= (d+n-2))
640 goto ri_check;
641 n2s(data,len);
642
643 if (data > (d+n-len))
644 goto ri_check;
645
646 while (data <= (d+n-4))
647 {
648 n2s(data,type);
649 n2s(data,size);
650
651 if (data+size > (d+n))
652 goto ri_check;
653#if 0
654 fprintf(stderr,"Received extension type %d size %d\n",type,size);
655#endif
656 if (s->tlsext_debug_cb)
657 s->tlsext_debug_cb(s, 0, type, data, size,
658 s->tlsext_debug_arg);
659/* The servername extension is treated as follows:
660
661 - Only the hostname type is supported with a maximum length of 255.
662 - The servername is rejected if too long or if it contains zeros,
663 in which case an fatal alert is generated.
664 - The servername field is maintained together with the session cache.
665 - When a session is resumed, the servername call back invoked in order
666 to allow the application to position itself to the right context.
667 - The servername is acknowledged if it is new for a session or when
668 it is identical to a previously used for the same session.
669 Applications can control the behaviour. They can at any time
670 set a 'desirable' servername for a new SSL object. This can be the
671 case for example with HTTPS when a Host: header field is received and
672 a renegotiation is requested. In this case, a possible servername
673 presented in the new client hello is only acknowledged if it matches
674 the value of the Host: field.
675 - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
676 if they provide for changing an explicit servername context for the session,
677 i.e. when the session has been established with a servername extension.
678 - On session reconnect, the servername extension may be absent.
679
680*/
681
682 if (type == TLSEXT_TYPE_server_name)
683 {
684 unsigned char *sdata;
685 int servname_type;
686 int dsize;
687
688 if (size < 2)
689 {
690 *al = SSL_AD_DECODE_ERROR;
691 return 0;
692 }
693 n2s(data,dsize);
694 size -= 2;
695 if (dsize > size )
696 {
697 *al = SSL_AD_DECODE_ERROR;
698 return 0;
699 }
700
701 sdata = data;
702 while (dsize > 3)
703 {
704 servname_type = *(sdata++);
705 n2s(sdata,len);
706 dsize -= 3;
707
708 if (len > dsize)
709 {
710 *al = SSL_AD_DECODE_ERROR;
711 return 0;
712 }
713 if (s->servername_done == 0)
714 switch (servname_type)
715 {
716 case TLSEXT_NAMETYPE_host_name:
717 if (!s->hit)
718 {
719 if(s->session->tlsext_hostname)
720 {
721 *al = SSL_AD_DECODE_ERROR;
722 return 0;
723 }
724 if (len > TLSEXT_MAXLEN_host_name)
725 {
726 *al = TLS1_AD_UNRECOGNIZED_NAME;
727 return 0;
728 }
729 if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
730 {
731 *al = TLS1_AD_INTERNAL_ERROR;
732 return 0;
733 }
734 memcpy(s->session->tlsext_hostname, sdata, len);
735 s->session->tlsext_hostname[len]='\0';
736 if (strlen(s->session->tlsext_hostname) != len) {
737 OPENSSL_free(s->session->tlsext_hostname);
738 s->session->tlsext_hostname = NULL;
739 *al = TLS1_AD_UNRECOGNIZED_NAME;
740 return 0;
741 }
742 s->servername_done = 1;
743
744 }
745 else
746 s->servername_done = s->session->tlsext_hostname
747 && strlen(s->session->tlsext_hostname) == len
748 && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
749
750 break;
751
752 default:
753 break;
754 }
755
756 dsize -= len;
757 }
758 if (dsize != 0)
759 {
760 *al = SSL_AD_DECODE_ERROR;
761 return 0;
762 }
763
764 }
765
766#ifndef OPENSSL_NO_EC
767 else if (type == TLSEXT_TYPE_ec_point_formats &&
768 s->version != DTLS1_VERSION)
769 {
770 unsigned char *sdata = data;
771 int ecpointformatlist_length = *(sdata++);
772
773 if (ecpointformatlist_length != size - 1)
774 {
775 *al = TLS1_AD_DECODE_ERROR;
776 return 0;
777 }
778 if (!s->hit)
779 {
780 if(s->session->tlsext_ecpointformatlist)
781 {
782 OPENSSL_free(s->session->tlsext_ecpointformatlist);
783 s->session->tlsext_ecpointformatlist = NULL;
784 }
785 s->session->tlsext_ecpointformatlist_length = 0;
786 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
787 {
788 *al = TLS1_AD_INTERNAL_ERROR;
789 return 0;
790 }
791 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
792 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
793 }
794#if 0
795 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
796 sdata = s->session->tlsext_ecpointformatlist;
797 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
798 fprintf(stderr,"%i ",*(sdata++));
799 fprintf(stderr,"\n");
800#endif
801 }
802 else if (type == TLSEXT_TYPE_elliptic_curves &&
803 s->version != DTLS1_VERSION)
804 {
805 unsigned char *sdata = data;
806 int ellipticcurvelist_length = (*(sdata++) << 8);
807 ellipticcurvelist_length += (*(sdata++));
808
809 if (ellipticcurvelist_length != size - 2)
810 {
811 *al = TLS1_AD_DECODE_ERROR;
812 return 0;
813 }
814 if (!s->hit)
815 {
816 if(s->session->tlsext_ellipticcurvelist)
817 {
818 *al = TLS1_AD_DECODE_ERROR;
819 return 0;
820 }
821 s->session->tlsext_ellipticcurvelist_length = 0;
822 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
823 {
824 *al = TLS1_AD_INTERNAL_ERROR;
825 return 0;
826 }
827 s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
828 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
829 }
830#if 0
831 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
832 sdata = s->session->tlsext_ellipticcurvelist;
833 for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
834 fprintf(stderr,"%i ",*(sdata++));
835 fprintf(stderr,"\n");
836#endif
837 }
838#endif /* OPENSSL_NO_EC */
839#ifdef TLSEXT_TYPE_opaque_prf_input
840 else if (type == TLSEXT_TYPE_opaque_prf_input &&
841 s->version != DTLS1_VERSION)
842 {
843 unsigned char *sdata = data;
844
845 if (size < 2)
846 {
847 *al = SSL_AD_DECODE_ERROR;
848 return 0;
849 }
850 n2s(sdata, s->s3->client_opaque_prf_input_len);
851 if (s->s3->client_opaque_prf_input_len != size - 2)
852 {
853 *al = SSL_AD_DECODE_ERROR;
854 return 0;
855 }
856
857 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
858 OPENSSL_free(s->s3->client_opaque_prf_input);
859 if (s->s3->client_opaque_prf_input_len == 0)
860 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
861 else
862 s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
863 if (s->s3->client_opaque_prf_input == NULL)
864 {
865 *al = TLS1_AD_INTERNAL_ERROR;
866 return 0;
867 }
868 }
869#endif
870 else if (type == TLSEXT_TYPE_session_ticket)
871 {
872 if (s->tls_session_ticket_ext_cb &&
873 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
874 {
875 *al = TLS1_AD_INTERNAL_ERROR;
876 return 0;
877 }
878 }
879 else if (type == TLSEXT_TYPE_renegotiate)
880 {
881 if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
882 return 0;
883 renegotiate_seen = 1;
884 }
885 else if (type == TLSEXT_TYPE_status_request &&
886 s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
887 {
888
889 if (size < 5)
890 {
891 *al = SSL_AD_DECODE_ERROR;
892 return 0;
893 }
894
895 s->tlsext_status_type = *data++;
896 size--;
897 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
898 {
899 const unsigned char *sdata;
900 int dsize;
901 /* Read in responder_id_list */
902 n2s(data,dsize);
903 size -= 2;
904 if (dsize > size )
905 {
906 *al = SSL_AD_DECODE_ERROR;
907 return 0;
908 }
909 while (dsize > 0)
910 {
911 OCSP_RESPID *id;
912 int idsize;
913 if (dsize < 4)
914 {
915 *al = SSL_AD_DECODE_ERROR;
916 return 0;
917 }
918 n2s(data, idsize);
919 dsize -= 2 + idsize;
920 size -= 2 + idsize;
921 if (dsize < 0)
922 {
923 *al = SSL_AD_DECODE_ERROR;
924 return 0;
925 }
926 sdata = data;
927 data += idsize;
928 id = d2i_OCSP_RESPID(NULL,
929 &sdata, idsize);
930 if (!id)
931 {
932 *al = SSL_AD_DECODE_ERROR;
933 return 0;
934 }
935 if (data != sdata)
936 {
937 OCSP_RESPID_free(id);
938 *al = SSL_AD_DECODE_ERROR;
939 return 0;
940 }
941 if (!s->tlsext_ocsp_ids
942 && !(s->tlsext_ocsp_ids =
943 sk_OCSP_RESPID_new_null()))
944 {
945 OCSP_RESPID_free(id);
946 *al = SSL_AD_INTERNAL_ERROR;
947 return 0;
948 }
949 if (!sk_OCSP_RESPID_push(
950 s->tlsext_ocsp_ids, id))
951 {
952 OCSP_RESPID_free(id);
953 *al = SSL_AD_INTERNAL_ERROR;
954 return 0;
955 }
956 }
957
958 /* Read in request_extensions */
959 if (size < 2)
960 {
961 *al = SSL_AD_DECODE_ERROR;
962 return 0;
963 }
964 n2s(data,dsize);
965 size -= 2;
966 if (dsize != size)
967 {
968 *al = SSL_AD_DECODE_ERROR;
969 return 0;
970 }
971 sdata = data;
972 if (dsize > 0)
973 {
974 if (s->tlsext_ocsp_exts)
975 {
976 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
977 X509_EXTENSION_free);
978 }
979
980 s->tlsext_ocsp_exts =
981 d2i_X509_EXTENSIONS(NULL,
982 &sdata, dsize);
983 if (!s->tlsext_ocsp_exts
984 || (data + dsize != sdata))
985 {
986 *al = SSL_AD_DECODE_ERROR;
987 return 0;
988 }
989 }
990 }
991 /* We don't know what to do with any other type
992 * so ignore it.
993 */
994 else
995 s->tlsext_status_type = -1;
996 }
997
998 /* session ticket processed earlier */
999 data+=size;
1000 }
1001
1002 *p = data;
1003
1004 ri_check:
1005
1006 /* Need RI if renegotiating */
1007
1008 if (!renegotiate_seen && s->new_session &&
1009 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1010 {
1011 *al = SSL_AD_HANDSHAKE_FAILURE;
1012 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
1013 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1014 return 0;
1015 }
1016
1017 return 1;
1018 }
1019
1020int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
1021 {
1022 unsigned short length;
1023 unsigned short type;
1024 unsigned short size;
1025 unsigned char *data = *p;
1026 int tlsext_servername = 0;
1027 int renegotiate_seen = 0;
1028
1029 if (data >= (d+n-2))
1030 goto ri_check;
1031
1032 n2s(data,length);
1033 if (data+length != d+n)
1034 {
1035 *al = SSL_AD_DECODE_ERROR;
1036 return 0;
1037 }
1038
1039 while(data <= (d+n-4))
1040 {
1041 n2s(data,type);
1042 n2s(data,size);
1043
1044 if (data+size > (d+n))
1045 goto ri_check;
1046
1047 if (s->tlsext_debug_cb)
1048 s->tlsext_debug_cb(s, 1, type, data, size,
1049 s->tlsext_debug_arg);
1050
1051 if (type == TLSEXT_TYPE_server_name)
1052 {
1053 if (s->tlsext_hostname == NULL || size > 0)
1054 {
1055 *al = TLS1_AD_UNRECOGNIZED_NAME;
1056 return 0;
1057 }
1058 tlsext_servername = 1;
1059 }
1060
1061#ifndef OPENSSL_NO_EC
1062 else if (type == TLSEXT_TYPE_ec_point_formats &&
1063 s->version != DTLS1_VERSION)
1064 {
1065 unsigned char *sdata = data;
1066 int ecpointformatlist_length = *(sdata++);
1067
1068 if (ecpointformatlist_length != size - 1)
1069 {
1070 *al = TLS1_AD_DECODE_ERROR;
1071 return 0;
1072 }
1073 s->session->tlsext_ecpointformatlist_length = 0;
1074 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
1075 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
1076 {
1077 *al = TLS1_AD_INTERNAL_ERROR;
1078 return 0;
1079 }
1080 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
1081 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
1082#if 0
1083 fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
1084 sdata = s->session->tlsext_ecpointformatlist;
1085 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1086 fprintf(stderr,"%i ",*(sdata++));
1087 fprintf(stderr,"\n");
1088#endif
1089 }
1090#endif /* OPENSSL_NO_EC */
1091
1092 else if (type == TLSEXT_TYPE_session_ticket)
1093 {
1094 if (s->tls_session_ticket_ext_cb &&
1095 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
1096 {
1097 *al = TLS1_AD_INTERNAL_ERROR;
1098 return 0;
1099 }
1100 if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
1101 || (size > 0))
1102 {
1103 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1104 return 0;
1105 }
1106 s->tlsext_ticket_expected = 1;
1107 }
1108#ifdef TLSEXT_TYPE_opaque_prf_input
1109 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1110 s->version != DTLS1_VERSION)
1111 {
1112 unsigned char *sdata = data;
1113
1114 if (size < 2)
1115 {
1116 *al = SSL_AD_DECODE_ERROR;
1117 return 0;
1118 }
1119 n2s(sdata, s->s3->server_opaque_prf_input_len);
1120 if (s->s3->server_opaque_prf_input_len != size - 2)
1121 {
1122 *al = SSL_AD_DECODE_ERROR;
1123 return 0;
1124 }
1125
1126 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1127 OPENSSL_free(s->s3->server_opaque_prf_input);
1128 if (s->s3->server_opaque_prf_input_len == 0)
1129 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1130 else
1131 s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
1132
1133 if (s->s3->server_opaque_prf_input == NULL)
1134 {
1135 *al = TLS1_AD_INTERNAL_ERROR;
1136 return 0;
1137 }
1138 }
1139#endif
1140 else if (type == TLSEXT_TYPE_status_request &&
1141 s->version != DTLS1_VERSION)
1142 {
1143 /* MUST be empty and only sent if we've requested
1144 * a status request message.
1145 */
1146 if ((s->tlsext_status_type == -1) || (size > 0))
1147 {
1148 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1149 return 0;
1150 }
1151 /* Set flag to expect CertificateStatus message */
1152 s->tlsext_status_expected = 1;
1153 }
1154 else if (type == TLSEXT_TYPE_renegotiate)
1155 {
1156 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1157 return 0;
1158 renegotiate_seen = 1;
1159 }
1160 data+=size;
1161 }
1162
1163 if (data != d+n)
1164 {
1165 *al = SSL_AD_DECODE_ERROR;
1166 return 0;
1167 }
1168
1169 if (!s->hit && tlsext_servername == 1)
1170 {
1171 if (s->tlsext_hostname)
1172 {
1173 if (s->session->tlsext_hostname == NULL)
1174 {
1175 s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
1176 if (!s->session->tlsext_hostname)
1177 {
1178 *al = SSL_AD_UNRECOGNIZED_NAME;
1179 return 0;
1180 }
1181 }
1182 else
1183 {
1184 *al = SSL_AD_DECODE_ERROR;
1185 return 0;
1186 }
1187 }
1188 }
1189
1190 *p = data;
1191
1192 ri_check:
1193
1194 /* Determine if we need to see RI. Strictly speaking if we want to
1195 * avoid an attack we should *always* see RI even on initial server
1196 * hello because the client doesn't see any renegotiation during an
1197 * attack. However this would mean we could not connect to any server
1198 * which doesn't support RI so for the immediate future tolerate RI
1199 * absence on initial connect only.
1200 */
1201 if (!renegotiate_seen
1202 && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
1203 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1204 {
1205 *al = SSL_AD_HANDSHAKE_FAILURE;
1206 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
1207 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1208 return 0;
1209 }
1210
1211 return 1;
1212 }
1213
1214
1215int ssl_prepare_clienthello_tlsext(SSL *s)
1216 {
1217#ifndef OPENSSL_NO_EC
1218 /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats
1219 * and elliptic curves we support.
1220 */
1221 int using_ecc = 0;
1222 int i;
1223 unsigned char *j;
1224 unsigned long alg_k, alg_a;
1225 STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
1226
1227 for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
1228 {
1229 SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
1230
1231 alg_k = c->algorithm_mkey;
1232 alg_a = c->algorithm_auth;
1233 if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA)))
1234 {
1235 using_ecc = 1;
1236 break;
1237 }
1238 }
1239 using_ecc = using_ecc && (s->version == TLS1_VERSION);
1240 if (using_ecc)
1241 {
1242 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1243 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1244 {
1245 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1246 return -1;
1247 }
1248 s->tlsext_ecpointformatlist_length = 3;
1249 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1250 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1251 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1252
1253 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1254 if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
1255 s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2;
1256 if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
1257 {
1258 s->tlsext_ellipticcurvelist_length = 0;
1259 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1260 return -1;
1261 }
1262 for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=
1263 sizeof(nid_list)/sizeof(nid_list[0]); i++)
1264 s2n(i,j);
1265 }
1266#endif /* OPENSSL_NO_EC */
1267
1268#ifdef TLSEXT_TYPE_opaque_prf_input
1269 {
1270 int r = 1;
1271
1272 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1273 {
1274 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1275 if (!r)
1276 return -1;
1277 }
1278
1279 if (s->tlsext_opaque_prf_input != NULL)
1280 {
1281 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1282 OPENSSL_free(s->s3->client_opaque_prf_input);
1283
1284 if (s->tlsext_opaque_prf_input_len == 0)
1285 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1286 else
1287 s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1288 if (s->s3->client_opaque_prf_input == NULL)
1289 {
1290 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1291 return -1;
1292 }
1293 s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1294 }
1295
1296 if (r == 2)
1297 /* at callback's request, insist on receiving an appropriate server opaque PRF input */
1298 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1299 }
1300#endif
1301
1302 return 1;
1303 }
1304
1305int ssl_prepare_serverhello_tlsext(SSL *s)
1306 {
1307#ifndef OPENSSL_NO_EC
1308 /* If we are server and using an ECC cipher suite, send the point formats we support
1309 * if the client sent us an ECPointsFormat extension. Note that the server is not
1310 * supposed to send an EllipticCurves extension.
1311 */
1312
1313 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1314 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1315 int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
1316 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1317
1318 if (using_ecc)
1319 {
1320 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1321 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1322 {
1323 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1324 return -1;
1325 }
1326 s->tlsext_ecpointformatlist_length = 3;
1327 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1328 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1329 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1330 }
1331#endif /* OPENSSL_NO_EC */
1332
1333 return 1;
1334 }
1335
1336int ssl_check_clienthello_tlsext(SSL *s)
1337 {
1338 int ret=SSL_TLSEXT_ERR_NOACK;
1339 int al = SSL_AD_UNRECOGNIZED_NAME;
1340
1341#ifndef OPENSSL_NO_EC
1342 /* The handling of the ECPointFormats extension is done elsewhere, namely in
1343 * ssl3_choose_cipher in s3_lib.c.
1344 */
1345 /* The handling of the EllipticCurves extension is done elsewhere, namely in
1346 * ssl3_choose_cipher in s3_lib.c.
1347 */
1348#endif
1349
1350 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1351 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1352 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1353 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1354
1355 /* If status request then ask callback what to do.
1356 * Note: this must be called after servername callbacks in case
1357 * the certificate has changed.
1358 */
1359 if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
1360 {
1361 int r;
1362 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1363 switch (r)
1364 {
1365 /* We don't want to send a status request response */
1366 case SSL_TLSEXT_ERR_NOACK:
1367 s->tlsext_status_expected = 0;
1368 break;
1369 /* status request response should be sent */
1370 case SSL_TLSEXT_ERR_OK:
1371 if (s->tlsext_ocsp_resp)
1372 s->tlsext_status_expected = 1;
1373 else
1374 s->tlsext_status_expected = 0;
1375 break;
1376 /* something bad happened */
1377 case SSL_TLSEXT_ERR_ALERT_FATAL:
1378 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1379 al = SSL_AD_INTERNAL_ERROR;
1380 goto err;
1381 }
1382 }
1383 else
1384 s->tlsext_status_expected = 0;
1385
1386#ifdef TLSEXT_TYPE_opaque_prf_input
1387 {
1388 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
1389 * but we might be sending an alert in response to the client hello,
1390 * so this has to happen here in ssl_check_clienthello_tlsext(). */
1391
1392 int r = 1;
1393
1394 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1395 {
1396 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1397 if (!r)
1398 {
1399 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1400 al = SSL_AD_INTERNAL_ERROR;
1401 goto err;
1402 }
1403 }
1404
1405 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1406 OPENSSL_free(s->s3->server_opaque_prf_input);
1407 s->s3->server_opaque_prf_input = NULL;
1408
1409 if (s->tlsext_opaque_prf_input != NULL)
1410 {
1411 if (s->s3->client_opaque_prf_input != NULL &&
1412 s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len)
1413 {
1414 /* can only use this extension if we have a server opaque PRF input
1415 * of the same length as the client opaque PRF input! */
1416
1417 if (s->tlsext_opaque_prf_input_len == 0)
1418 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1419 else
1420 s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1421 if (s->s3->server_opaque_prf_input == NULL)
1422 {
1423 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1424 al = SSL_AD_INTERNAL_ERROR;
1425 goto err;
1426 }
1427 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1428 }
1429 }
1430
1431 if (r == 2 && s->s3->server_opaque_prf_input == NULL)
1432 {
1433 /* The callback wants to enforce use of the extension,
1434 * but we can't do that with the client opaque PRF input;
1435 * abort the handshake.
1436 */
1437 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1438 al = SSL_AD_HANDSHAKE_FAILURE;
1439 }
1440 }
1441
1442#endif
1443 err:
1444 switch (ret)
1445 {
1446 case SSL_TLSEXT_ERR_ALERT_FATAL:
1447 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1448 return -1;
1449
1450 case SSL_TLSEXT_ERR_ALERT_WARNING:
1451 ssl3_send_alert(s,SSL3_AL_WARNING,al);
1452 return 1;
1453
1454 case SSL_TLSEXT_ERR_NOACK:
1455 s->servername_done=0;
1456 default:
1457 return 1;
1458 }
1459 }
1460
1461int ssl_check_serverhello_tlsext(SSL *s)
1462 {
1463 int ret=SSL_TLSEXT_ERR_NOACK;
1464 int al = SSL_AD_UNRECOGNIZED_NAME;
1465
1466#ifndef OPENSSL_NO_EC
1467 /* If we are client and using an elliptic curve cryptography cipher
1468 * suite, then if server returns an EC point formats lists extension
1469 * it must contain uncompressed.
1470 */
1471 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1472 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1473 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
1474 (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
1475 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
1476 {
1477 /* we are using an ECC cipher */
1478 size_t i;
1479 unsigned char *list;
1480 int found_uncompressed = 0;
1481 list = s->session->tlsext_ecpointformatlist;
1482 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1483 {
1484 if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed)
1485 {
1486 found_uncompressed = 1;
1487 break;
1488 }
1489 }
1490 if (!found_uncompressed)
1491 {
1492 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1493 return -1;
1494 }
1495 }
1496 ret = SSL_TLSEXT_ERR_OK;
1497#endif /* OPENSSL_NO_EC */
1498
1499 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1500 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1501 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1502 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1503
1504#ifdef TLSEXT_TYPE_opaque_prf_input
1505 if (s->s3->server_opaque_prf_input_len > 0)
1506 {
1507 /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
1508 * So first verify that we really have a value from the server too. */
1509
1510 if (s->s3->server_opaque_prf_input == NULL)
1511 {
1512 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1513 al = SSL_AD_HANDSHAKE_FAILURE;
1514 }
1515
1516 /* Anytime the server *has* sent an opaque PRF input, we need to check
1517 * that we have a client opaque PRF input of the same size. */
1518 if (s->s3->client_opaque_prf_input == NULL ||
1519 s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len)
1520 {
1521 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1522 al = SSL_AD_ILLEGAL_PARAMETER;
1523 }
1524 }
1525#endif
1526
1527 /* If we've requested certificate status and we wont get one
1528 * tell the callback
1529 */
1530 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
1531 && s->ctx && s->ctx->tlsext_status_cb)
1532 {
1533 int r;
1534 /* Set resp to NULL, resplen to -1 so callback knows
1535 * there is no response.
1536 */
1537 if (s->tlsext_ocsp_resp)
1538 {
1539 OPENSSL_free(s->tlsext_ocsp_resp);
1540 s->tlsext_ocsp_resp = NULL;
1541 }
1542 s->tlsext_ocsp_resplen = -1;
1543 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1544 if (r == 0)
1545 {
1546 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1547 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1548 }
1549 if (r < 0)
1550 {
1551 al = SSL_AD_INTERNAL_ERROR;
1552 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1553 }
1554 }
1555
1556 switch (ret)
1557 {
1558 case SSL_TLSEXT_ERR_ALERT_FATAL:
1559 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1560 return -1;
1561
1562 case SSL_TLSEXT_ERR_ALERT_WARNING:
1563 ssl3_send_alert(s,SSL3_AL_WARNING,al);
1564 return 1;
1565
1566 case SSL_TLSEXT_ERR_NOACK:
1567 s->servername_done=0;
1568 default:
1569 return 1;
1570 }
1571 }
1572
1573/* Since the server cache lookup is done early on in the processing of client
1574 * hello and other operations depend on the result we need to handle any TLS
1575 * session ticket extension at the same time.
1576 */
1577
1578int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
1579 const unsigned char *limit, SSL_SESSION **ret)
1580 {
1581 /* Point after session ID in client hello */
1582 const unsigned char *p = session_id + len;
1583 unsigned short i;
1584
1585 /* If tickets disabled behave as if no ticket present
1586 * to permit stateful resumption.
1587 */
1588 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
1589 return 1;
1590
1591 if ((s->version <= SSL3_VERSION) || !limit)
1592 return 1;
1593 if (p >= limit)
1594 return -1;
1595 /* Skip past DTLS cookie */
1596 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
1597 {
1598 i = *(p++);
1599 p+= i;
1600 if (p >= limit)
1601 return -1;
1602 }
1603 /* Skip past cipher list */
1604 n2s(p, i);
1605 p+= i;
1606 if (p >= limit)
1607 return -1;
1608 /* Skip past compression algorithm list */
1609 i = *(p++);
1610 p += i;
1611 if (p > limit)
1612 return -1;
1613 /* Now at start of extensions */
1614 if ((p + 2) >= limit)
1615 return 1;
1616 n2s(p, i);
1617 while ((p + 4) <= limit)
1618 {
1619 unsigned short type, size;
1620 n2s(p, type);
1621 n2s(p, size);
1622 if (p + size > limit)
1623 return 1;
1624 if (type == TLSEXT_TYPE_session_ticket)
1625 {
1626 /* If tickets disabled indicate cache miss which will
1627 * trigger a full handshake
1628 */
1629 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
1630 return 1;
1631 /* If zero length note client will accept a ticket
1632 * and indicate cache miss to trigger full handshake
1633 */
1634 if (size == 0)
1635 {
1636 s->tlsext_ticket_expected = 1;
1637 return 0; /* Cache miss */
1638 }
1639 if (s->tls_session_secret_cb)
1640 {
1641 /* Indicate cache miss here and instead of
1642 * generating the session from ticket now,
1643 * trigger abbreviated handshake based on
1644 * external mechanism to calculate the master
1645 * secret later. */
1646 return 0;
1647 }
1648 return tls_decrypt_ticket(s, p, size, session_id, len,
1649 ret);
1650 }
1651 p += size;
1652 }
1653 return 1;
1654 }
1655
1656static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
1657 const unsigned char *sess_id, int sesslen,
1658 SSL_SESSION **psess)
1659 {
1660 SSL_SESSION *sess;
1661 unsigned char *sdec;
1662 const unsigned char *p;
1663 int slen, mlen, renew_ticket = 0;
1664 unsigned char tick_hmac[EVP_MAX_MD_SIZE];
1665 HMAC_CTX hctx;
1666 EVP_CIPHER_CTX ctx;
1667 SSL_CTX *tctx = s->initial_ctx;
1668 /* Need at least keyname + iv + some encrypted data */
1669 if (eticklen < 48)
1670 goto tickerr;
1671 /* Initialize session ticket encryption and HMAC contexts */
1672 HMAC_CTX_init(&hctx);
1673 EVP_CIPHER_CTX_init(&ctx);
1674 if (tctx->tlsext_ticket_key_cb)
1675 {
1676 unsigned char *nctick = (unsigned char *)etick;
1677 int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
1678 &ctx, &hctx, 0);
1679 if (rv < 0)
1680 return -1;
1681 if (rv == 0)
1682 goto tickerr;
1683 if (rv == 2)
1684 renew_ticket = 1;
1685 }
1686 else
1687 {
1688 /* Check key name matches */
1689 if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
1690 goto tickerr;
1691 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1692 tlsext_tick_md(), NULL);
1693 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1694 tctx->tlsext_tick_aes_key, etick + 16);
1695 }
1696 /* Attempt to process session ticket, first conduct sanity and
1697 * integrity checks on ticket.
1698 */
1699 mlen = HMAC_size(&hctx);
1700 if (mlen < 0)
1701 {
1702 EVP_CIPHER_CTX_cleanup(&ctx);
1703 return -1;
1704 }
1705 eticklen -= mlen;
1706 /* Check HMAC of encrypted ticket */
1707 HMAC_Update(&hctx, etick, eticklen);
1708 HMAC_Final(&hctx, tick_hmac, NULL);
1709 HMAC_CTX_cleanup(&hctx);
1710 if (memcmp(tick_hmac, etick + eticklen, mlen))
1711 goto tickerr;
1712 /* Attempt to decrypt session data */
1713 /* Move p after IV to start of encrypted ticket, update length */
1714 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
1715 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
1716 sdec = OPENSSL_malloc(eticklen);
1717 if (!sdec)
1718 {
1719 EVP_CIPHER_CTX_cleanup(&ctx);
1720 return -1;
1721 }
1722 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
1723 if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
1724 goto tickerr;
1725 slen += mlen;
1726 EVP_CIPHER_CTX_cleanup(&ctx);
1727 p = sdec;
1728
1729 sess = d2i_SSL_SESSION(NULL, &p, slen);
1730 OPENSSL_free(sdec);
1731 if (sess)
1732 {
1733 /* The session ID if non-empty is used by some clients to
1734 * detect that the ticket has been accepted. So we copy it to
1735 * the session structure. If it is empty set length to zero
1736 * as required by standard.
1737 */
1738 if (sesslen)
1739 memcpy(sess->session_id, sess_id, sesslen);
1740 sess->session_id_length = sesslen;
1741 *psess = sess;
1742 s->tlsext_ticket_expected = renew_ticket;
1743 return 1;
1744 }
1745 /* If session decrypt failure indicate a cache miss and set state to
1746 * send a new ticket
1747 */
1748 tickerr:
1749 s->tlsext_ticket_expected = 1;
1750 return 0;
1751 }
1752
1753#endif
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
deleted file mode 100644
index 6ce7c0bbf5..0000000000
--- a/src/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,76 +0,0 @@
1/* ssl/t1_meth.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63static const SSL_METHOD *tls1_get_method(int ver);
64static const SSL_METHOD *tls1_get_method(int ver)
65 {
66 if (ver == TLS1_VERSION)
67 return(TLSv1_method());
68 else
69 return(NULL);
70 }
71
72IMPLEMENT_tls1_meth_func(TLSv1_method,
73 ssl3_accept,
74 ssl3_connect,
75 tls1_get_method)
76
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
deleted file mode 100644
index 9c2cc3c712..0000000000
--- a/src/lib/libssl/t1_reneg.c
+++ /dev/null
@@ -1,292 +0,0 @@
1/* ssl/t1_reneg.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111#include <stdio.h>
112#include <openssl/objects.h>
113#include "ssl_locl.h"
114
115/* Add the client's renegotiation binding */
116int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
117 int maxlen)
118 {
119 if(p)
120 {
121 if((s->s3->previous_client_finished_len+1) > maxlen)
122 {
123 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
124 return 0;
125 }
126
127 /* Length byte */
128 *p = s->s3->previous_client_finished_len;
129 p++;
130
131 memcpy(p, s->s3->previous_client_finished,
132 s->s3->previous_client_finished_len);
133#ifdef OPENSSL_RI_DEBUG
134 fprintf(stderr, "%s RI extension sent by client\n",
135 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
136#endif
137 }
138
139 *len=s->s3->previous_client_finished_len + 1;
140
141
142 return 1;
143 }
144
145/* Parse the client's renegotiation binding and abort if it's not
146 right */
147int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
148 int *al)
149 {
150 int ilen;
151
152 /* Parse the length byte */
153 if(len < 1)
154 {
155 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al=SSL_AD_ILLEGAL_PARAMETER;
157 return 0;
158 }
159 ilen = *d;
160 d++;
161
162 /* Consistency check */
163 if((ilen+1) != len)
164 {
165 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al=SSL_AD_ILLEGAL_PARAMETER;
167 return 0;
168 }
169
170 /* Check that the extension matches */
171 if(ilen != s->s3->previous_client_finished_len)
172 {
173 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
174 *al=SSL_AD_HANDSHAKE_FAILURE;
175 return 0;
176 }
177
178 if(memcmp(d, s->s3->previous_client_finished,
179 s->s3->previous_client_finished_len))
180 {
181 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
182 *al=SSL_AD_HANDSHAKE_FAILURE;
183 return 0;
184 }
185#ifdef OPENSSL_RI_DEBUG
186 fprintf(stderr, "%s RI extension received by server\n",
187 ilen ? "Non-empty" : "Empty");
188#endif
189
190 s->s3->send_connection_binding=1;
191
192 return 1;
193 }
194
195/* Add the server's renegotiation binding */
196int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
197 int maxlen)
198 {
199 if(p)
200 {
201 if((s->s3->previous_client_finished_len +
202 s->s3->previous_server_finished_len + 1) > maxlen)
203 {
204 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
205 return 0;
206 }
207
208 /* Length byte */
209 *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
210 p++;
211
212 memcpy(p, s->s3->previous_client_finished,
213 s->s3->previous_client_finished_len);
214 p += s->s3->previous_client_finished_len;
215
216 memcpy(p, s->s3->previous_server_finished,
217 s->s3->previous_server_finished_len);
218#ifdef OPENSSL_RI_DEBUG
219 fprintf(stderr, "%s RI extension sent by server\n",
220 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
221#endif
222 }
223
224 *len=s->s3->previous_client_finished_len
225 + s->s3->previous_server_finished_len + 1;
226
227 return 1;
228 }
229
230/* Parse the server's renegotiation binding and abort if it's not
231 right */
232int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
233 int *al)
234 {
235 int expected_len=s->s3->previous_client_finished_len
236 + s->s3->previous_server_finished_len;
237 int ilen;
238
239 /* Check for logic errors */
240 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
241 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
242
243 /* Parse the length byte */
244 if(len < 1)
245 {
246 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
247 *al=SSL_AD_ILLEGAL_PARAMETER;
248 return 0;
249 }
250 ilen = *d;
251 d++;
252
253 /* Consistency check */
254 if(ilen+1 != len)
255 {
256 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
257 *al=SSL_AD_ILLEGAL_PARAMETER;
258 return 0;
259 }
260
261 /* Check that the extension matches */
262 if(ilen != expected_len)
263 {
264 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
265 *al=SSL_AD_HANDSHAKE_FAILURE;
266 return 0;
267 }
268
269 if(memcmp(d, s->s3->previous_client_finished,
270 s->s3->previous_client_finished_len))
271 {
272 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
273 *al=SSL_AD_HANDSHAKE_FAILURE;
274 return 0;
275 }
276 d += s->s3->previous_client_finished_len;
277
278 if(memcmp(d, s->s3->previous_server_finished,
279 s->s3->previous_server_finished_len))
280 {
281 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
282 *al=SSL_AD_ILLEGAL_PARAMETER;
283 return 0;
284 }
285#ifdef OPENSSL_RI_DEBUG
286 fprintf(stderr, "%s RI extension received by client\n",
287 ilen ? "Non-empty" : "Empty");
288#endif
289 s->s3->send_connection_binding=1;
290
291 return 1;
292 }
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
deleted file mode 100644
index 42525e9e89..0000000000
--- a/src/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,80 +0,0 @@
1/* ssl/t1_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67static const SSL_METHOD *tls1_get_server_method(int ver);
68static const SSL_METHOD *tls1_get_server_method(int ver)
69 {
70 if (ver == TLS1_VERSION)
71 return(TLSv1_server_method());
72 else
73 return(NULL);
74 }
75
76IMPLEMENT_tls1_meth_func(TLSv1_server_method,
77 ssl3_accept,
78 ssl_undefined_function,
79 tls1_get_server_method)
80
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 546e660626..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha1
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
24commonName = Common Name (eg, YOUR name)
25commonName_value = Dodgy CA
26
27####################################################################
28[ ca ]
29default_ca = CA_default # The default ca section
30
31####################################################################
32[ CA_default ]
33
34dir = ./demoCA # Where everything is kept
35certs = $dir/certs # Where the issued certs are kept
36crl_dir = $dir/crl # Where the issued crl are kept
37database = $dir/index.txt # database index file.
38#unique_subject = no # Set to 'no' to allow creation of
39 # several ctificates with same subject.
40new_certs_dir = $dir/newcerts # default place for new certs.
41
42certificate = $dir/cacert.pem # The CA certificate
43serial = $dir/serial # The current serial number
44crl = $dir/crl.pem # The current CRL
45private_key = $dir/private/cakey.pem# The private key
46RANDFILE = $dir/private/.rand # private random number file
47
48x509_extensions = v3_ca # The extentions to add to the cert
49
50name_opt = ca_default # Subject Name options
51cert_opt = ca_default # Certificate field options
52
53default_days = 365 # how long to certify for
54default_crl_days= 30 # how long before next CRL
55default_md = md5 # which md to use.
56preserve = no # keep passed DN ordering
57
58policy = policy_anything
59
60[ policy_anything ]
61countryName = optional
62stateOrProvinceName = optional
63localityName = optional
64organizationName = optional
65organizationalUnitName = optional
66commonName = supplied
67emailAddress = optional
68
69
70
71[ v3_ca ]
72subjectKeyIdentifier=hash
73authorityKeyIdentifier=keyid:always,issuer:always
74basicConstraints = CA:true,pathlen:1
75keyUsage = cRLSign, keyCertSign
76issuerAltName=issuer:copy
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DH certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CU
17countryName_value = CU
18
19organizationName = Organization Name (eg, company)
20organizationName_value = La Junta de la Revolucion
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Junta
24
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
24
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
deleted file mode 100644
index f5a275bfc2..0000000000
--- a/src/lib/libssl/test/CAtsa.cnf
+++ /dev/null
@@ -1,163 +0,0 @@
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha1 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 1024
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extentions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = md5, sha1 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147
148[ tsa_config2 ]
149
150# This configuration uses a certificate which doesn't have timeStamping usage.
151# These are used by the TSA reply generation only.
152dir = . # TSA root directory
153serial = $dir/tsa_serial # The current serial number (mandatory)
154signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
155 # (optional)
156certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
157 # (optional)
158signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
159
160default_policy = tsa_policy1 # Policy if request did not specify it
161 # (optional)
162other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163digests = md5, sha1 # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 876a0d35f8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 512
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
33[ v3_proxy ]
34basicConstraints=CA:FALSE
35subjectKeyIdentifier=hash
36authorityKeyIdentifier=keyid,issuer:always
37proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 373a87e7c2..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 512
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
333.commonName = Common Name (eg, YOUR name)
343.commonName_value = Proxy 2
35
36[ v3_proxy ]
37basicConstraints=CA:FALSE
38subjectKeyIdentifier=hash
39authorityKeyIdentifier=keyid,issuer:always
40proxyCertInfo=critical,@proxy_ext
41
42[ proxy_ext ]
43language=id-ppl-anyLanguage
44pathlen=0
45policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
27
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 98b2e054b7..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
30[ v3_ee ]
31subjectKeyIdentifier=hash
32authorityKeyIdentifier=keyid,issuer:always
33basicConstraints = CA:false
34keyUsage = nonRepudiation, digitalSignature, keyEncipherment
35issuerAltName=issuer:copy
36
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
1
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
1y
2y
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
deleted file mode 100755
index 9f53d80344..0000000000
--- a/src/lib/libssl/test/asn1test.c
+++ /dev/null
@@ -1,22 +0,0 @@
1#include <openssl/x509.h>
2#include <openssl/asn1_mac.h>
3
4typedef struct X
5 {
6 STACK_OF(X509_EXTENSION) *ext;
7 } X;
8
9/* This isn't meant to run particularly, it's just to test type checking */
10int main(int argc, char **argv)
11 {
12 X *x = NULL;
13 unsigned char **pp = NULL;
14
15 M_ASN1_I2D_vars(x);
16 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
17 i2d_X509_EXTENSION);
18 M_ASN1_I2D_seq_total();
19 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
20 i2d_X509_EXTENSION);
21 M_ASN1_I2D_finish();
22 }
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index bdb3218f7a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
deleted file mode 100644
index 2e95b48ba4..0000000000
--- a/src/lib/libssl/test/cms-examples.pl
+++ /dev/null
@@ -1,409 +0,0 @@
1# test/cms-examples.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl script to run tests against S/MIME examples in RFC4134
54# Assumes RFC is in current directory and called "rfc4134.txt"
55
56use MIME::Base64;
57
58my $badttest = 0;
59my $verbose = 1;
60
61my $cmscmd;
62my $exdir = "./";
63my $exfile = "./rfc4134.txt";
64
65if (-f "../apps/openssl")
66 {
67 $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
68 }
69elsif (-f "..\\out32dll\\openssl.exe")
70 {
71 $cmscmd = "..\\out32dll\\openssl.exe cms";
72 }
73elsif (-f "..\\out32\\openssl.exe")
74 {
75 $cmscmd = "..\\out32\\openssl.exe cms";
76 }
77
78my @test_list = (
79 [ "3.1.bin" => "dataout" ],
80 [ "3.2.bin" => "encode, dataout" ],
81 [ "4.1.bin" => "encode, verifyder, cont, dss" ],
82 [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
83 [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
84 [ "4.4.bin" => "encode, verifyder, cont, dss" ],
85 [ "4.5.bin" => "verifyder, cont, rsa" ],
86 [ "4.6.bin" => "encode, verifyder, cont, dss" ],
87 [ "4.7.bin" => "encode, verifyder, cont, dss" ],
88 [ "4.8.eml" => "verifymime, dss" ],
89 [ "4.9.eml" => "verifymime, dss" ],
90 [ "4.10.bin" => "encode, verifyder, cont, dss" ],
91 [ "4.11.bin" => "encode, certsout" ],
92 [ "5.1.bin" => "encode, envelopeder, cont" ],
93 [ "5.2.bin" => "encode, envelopeder, cont" ],
94 [ "5.3.eml" => "envelopemime, cont" ],
95 [ "6.0.bin" => "encode, digest, cont" ],
96 [ "7.1.bin" => "encode, encrypted, cont" ],
97 [ "7.2.bin" => "encode, encrypted, cont" ]
98);
99
100# Extract examples from RFC4134 text.
101# Base64 decode all examples, certificates and
102# private keys are converted to PEM format.
103
104my ( $filename, $data );
105
106my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
107
108$data = "";
109
110open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
111
112while (<IN>) {
113 next unless (/^\|/);
114 s/^\|//;
115 next if (/^\*/);
116 if (/^>(.*)$/) {
117 $filename = $1;
118 next;
119 }
120 if (/^</) {
121 $filename = "$exdir/$filename";
122 if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
123 $data = decode_base64($data);
124 open OUT, ">$filename";
125 binmode OUT;
126 print OUT $data;
127 close OUT;
128 push @cleanup, $filename;
129 }
130 elsif ( $filename =~ /\.cer$/ ) {
131 write_pem( $filename, "CERTIFICATE", $data );
132 }
133 elsif ( $filename =~ /\.pri$/ ) {
134 write_pem( $filename, "PRIVATE KEY", $data );
135 }
136 $data = "";
137 $filename = "";
138 }
139 else {
140 $data .= $_;
141 }
142
143}
144
145my $secretkey =
146 "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
147
148foreach (@test_list) {
149 my ( $file, $tlist ) = @$_;
150 print "Example file $file:\n";
151 if ( $tlist =~ /encode/ ) {
152 run_reencode_test( $exdir, $file );
153 }
154 if ( $tlist =~ /certsout/ ) {
155 run_certsout_test( $exdir, $file );
156 }
157 if ( $tlist =~ /dataout/ ) {
158 run_dataout_test( $exdir, $file );
159 }
160 if ( $tlist =~ /verify/ ) {
161 run_verify_test( $exdir, $tlist, $file );
162 }
163 if ( $tlist =~ /digest/ ) {
164 run_digest_test( $exdir, $tlist, $file );
165 }
166 if ( $tlist =~ /encrypted/ ) {
167 run_encrypted_test( $exdir, $tlist, $file, $secretkey );
168 }
169 if ( $tlist =~ /envelope/ ) {
170 run_envelope_test( $exdir, $tlist, $file );
171 }
172
173}
174
175foreach (@cleanup) {
176 unlink $_;
177}
178
179if ($badtest) {
180 print "\n$badtest TESTS FAILED!!\n";
181}
182else {
183 print "\n***All tests successful***\n";
184}
185
186sub write_pem {
187 my ( $filename, $str, $data ) = @_;
188
189 $filename =~ s/\.[^.]*$/.pem/;
190
191 push @cleanup, $filename;
192
193 open OUT, ">$filename";
194
195 print OUT "-----BEGIN $str-----\n";
196 print OUT $data;
197 print OUT "-----END $str-----\n";
198
199 close OUT;
200}
201
202sub run_reencode_test {
203 my ( $cmsdir, $tfile ) = @_;
204 unlink "tmp.der";
205
206 system( "$cmscmd -cmsout -inform DER -outform DER"
207 . " -in $cmsdir/$tfile -out tmp.der" );
208
209 if ($?) {
210 print "\tReencode command FAILED!!\n";
211 $badtest++;
212 }
213 elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
214 print "\tReencode FAILED!!\n";
215 $badtest++;
216 }
217 else {
218 print "\tReencode passed\n" if $verbose;
219 }
220}
221
222sub run_certsout_test {
223 my ( $cmsdir, $tfile ) = @_;
224 unlink "tmp.der";
225 unlink "tmp.pem";
226
227 system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
228 . " -in $cmsdir/$tfile -out tmp.der" );
229
230 if ($?) {
231 print "\tCertificate output command FAILED!!\n";
232 $badtest++;
233 }
234 else {
235 print "\tCertificate output passed\n" if $verbose;
236 }
237}
238
239sub run_dataout_test {
240 my ( $cmsdir, $tfile ) = @_;
241 unlink "tmp.txt";
242
243 system(
244 "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
245
246 if ($?) {
247 print "\tDataout command FAILED!!\n";
248 $badtest++;
249 }
250 elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
251 print "\tDataout compare FAILED!!\n";
252 $badtest++;
253 }
254 else {
255 print "\tDataout passed\n" if $verbose;
256 }
257}
258
259sub run_verify_test {
260 my ( $cmsdir, $tlist, $tfile ) = @_;
261 unlink "tmp.txt";
262
263 $form = "DER" if $tlist =~ /verifyder/;
264 $form = "SMIME" if $tlist =~ /verifymime/;
265 $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
266 $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
267
268 $cmd =
269 "$cmscmd -verify -inform $form"
270 . " -CAfile $cafile"
271 . " -in $cmsdir/$tfile -out tmp.txt";
272
273 $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
274
275 system("$cmd 2>cms.err 1>cms.out");
276
277 if ($?) {
278 print "\tVerify command FAILED!!\n";
279 $badtest++;
280 }
281 elsif ( $tlist =~ /cont/
282 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
283 {
284 print "\tVerify content compare FAILED!!\n";
285 $badtest++;
286 }
287 else {
288 print "\tVerify passed\n" if $verbose;
289 }
290}
291
292sub run_envelope_test {
293 my ( $cmsdir, $tlist, $tfile ) = @_;
294 unlink "tmp.txt";
295
296 $form = "DER" if $tlist =~ /envelopeder/;
297 $form = "SMIME" if $tlist =~ /envelopemime/;
298
299 $cmd =
300 "$cmscmd -decrypt -inform $form"
301 . " -recip $cmsdir/BobRSASignByCarl.pem"
302 . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
303 . " -in $cmsdir/$tfile -out tmp.txt";
304
305 system("$cmd 2>cms.err 1>cms.out");
306
307 if ($?) {
308 print "\tDecrypt command FAILED!!\n";
309 $badtest++;
310 }
311 elsif ( $tlist =~ /cont/
312 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
313 {
314 print "\tDecrypt content compare FAILED!!\n";
315 $badtest++;
316 }
317 else {
318 print "\tDecrypt passed\n" if $verbose;
319 }
320}
321
322sub run_digest_test {
323 my ( $cmsdir, $tlist, $tfile ) = @_;
324 unlink "tmp.txt";
325
326 my $cmd =
327 "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
328
329 system("$cmd 2>cms.err 1>cms.out");
330
331 if ($?) {
332 print "\tDigest verify command FAILED!!\n";
333 $badtest++;
334 }
335 elsif ( $tlist =~ /cont/
336 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
337 {
338 print "\tDigest verify content compare FAILED!!\n";
339 $badtest++;
340 }
341 else {
342 print "\tDigest verify passed\n" if $verbose;
343 }
344}
345
346sub run_encrypted_test {
347 my ( $cmsdir, $tlist, $tfile, $key ) = @_;
348 unlink "tmp.txt";
349
350 system( "$cmscmd -EncryptedData_decrypt -inform DER"
351 . " -secretkey $key"
352 . " -in $cmsdir/$tfile -out tmp.txt" );
353
354 if ($?) {
355 print "\tEncrypted Data command FAILED!!\n";
356 $badtest++;
357 }
358 elsif ( $tlist =~ /cont/
359 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
360 {
361 print "\tEncrypted Data content compare FAILED!!\n";
362 $badtest++;
363 }
364 else {
365 print "\tEncryptedData verify passed\n" if $verbose;
366 }
367}
368
369sub cmp_files {
370 my ( $f1, $f2 ) = @_;
371 my ( $fp1, $fp2 );
372
373 my ( $rd1, $rd2 );
374
375 if ( !open( $fp1, "<$f1" ) ) {
376 print STDERR "Can't Open file $f1\n";
377 return 0;
378 }
379
380 if ( !open( $fp2, "<$f2" ) ) {
381 print STDERR "Can't Open file $f2\n";
382 return 0;
383 }
384
385 binmode $fp1;
386 binmode $fp2;
387
388 my $ret = 0;
389
390 for ( ; ; ) {
391 $n1 = sysread $fp1, $rd1, 4096;
392 $n2 = sysread $fp2, $rd2, 4096;
393 last if ( $n1 != $n2 );
394 last if ( $rd1 ne $rd2 );
395
396 if ( $n1 == 0 ) {
397 $ret = 1;
398 last;
399 }
400
401 }
402
403 close $fp1;
404 close $fp2;
405
406 return $ret;
407
408}
409
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
deleted file mode 100644
index c938bcf00d..0000000000
--- a/src/lib/libssl/test/cms-test.pl
+++ /dev/null
@@ -1,457 +0,0 @@
1# test/cms-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# CMS, PKCS7 consistency test script. Run extensive tests on
54# OpenSSL PKCS#7 and CMS implementations.
55
56my $ossl_path;
57my $redir = " 2> cms.err > cms.out";
58# Make VMS work
59if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
60 $ossl_path = "pipe mcr OSSLX:openssl";
61}
62# Make MSYS work
63elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
64 $ossl_path = "cmd /c ..\\apps\\openssl";
65}
66elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
67 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
68}
69elsif ( -f "..\\out32dll\\openssl.exe" ) {
70 $ossl_path = "..\\out32dll\\openssl.exe";
71}
72elsif ( -f "..\\out32\\openssl.exe" ) {
73 $ossl_path = "..\\out32\\openssl.exe";
74}
75else {
76 die "Can't find OpenSSL executable";
77}
78
79my $pk7cmd = "$ossl_path smime ";
80my $cmscmd = "$ossl_path cms ";
81my $smdir = "smime-certs";
82my $halt_err = 1;
83
84my $badcmd = 0;
85my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
86
87my @smime_pkcs7_tests = (
88
89 [
90 "signed content DER format, RSA key",
91 "-sign -in smcont.txt -outform \"DER\" -nodetach"
92 . " -certfile $smdir/smroot.pem"
93 . " -signer $smdir/smrsa1.pem -out test.cms",
94 "-verify -in test.cms -inform \"DER\" "
95 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
96 ],
97
98 [
99 "signed detached content DER format, RSA key",
100 "-sign -in smcont.txt -outform \"DER\""
101 . " -signer $smdir/smrsa1.pem -out test.cms",
102 "-verify -in test.cms -inform \"DER\" "
103 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
104 ],
105
106 [
107 "signed content test streaming BER format, RSA",
108 "-sign -in smcont.txt -outform \"DER\" -nodetach"
109 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
110 "-verify -in test.cms -inform \"DER\" "
111 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
112 ],
113
114 [
115 "signed content DER format, DSA key",
116 "-sign -in smcont.txt -outform \"DER\" -nodetach"
117 . " -signer $smdir/smdsa1.pem -out test.cms",
118 "-verify -in test.cms -inform \"DER\" "
119 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
120 ],
121
122 [
123 "signed detached content DER format, DSA key",
124 "-sign -in smcont.txt -outform \"DER\""
125 . " -signer $smdir/smdsa1.pem -out test.cms",
126 "-verify -in test.cms -inform \"DER\" "
127 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
128 ],
129
130 [
131 "signed detached content DER format, add RSA signer",
132 "-resign -inform \"DER\" -in test.cms -outform \"DER\""
133 . " -signer $smdir/smrsa1.pem -out test2.cms",
134 "-verify -in test2.cms -inform \"DER\" "
135 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
136 ],
137
138 [
139 "signed content test streaming BER format, DSA key",
140 "-sign -in smcont.txt -outform \"DER\" -nodetach"
141 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
142 "-verify -in test.cms -inform \"DER\" "
143 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
144 ],
145
146 [
147 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
148 "-sign -in smcont.txt -outform \"DER\" -nodetach"
149 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
150 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
151 . " -stream -out test.cms",
152 "-verify -in test.cms -inform \"DER\" "
153 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
154 ],
155
156 [
157"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
158 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
159 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
160 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
161 . " -stream -out test.cms",
162 "-verify -in test.cms -inform \"DER\" "
163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
164 ],
165
166 [
167 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
168 "-sign -in smcont.txt -nodetach"
169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
171 . " -stream -out test.cms",
172 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
173 ],
174
175 [
176"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
177 "-sign -in smcont.txt"
178 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
179 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
180 . " -stream -out test.cms",
181 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
182 ],
183
184 [
185 "enveloped content test streaming S/MIME format, 3 recipients",
186 "-encrypt -in smcont.txt"
187 . " -stream -out test.cms"
188 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
189 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
190 ],
191
192 [
193"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
194 "-encrypt -in smcont.txt"
195 . " -stream -out test.cms"
196 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
197 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
198 ],
199
200 [
201"enveloped content test streaming S/MIME format, 3 recipients, key only used",
202 "-encrypt -in smcont.txt"
203 . " -stream -out test.cms"
204 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
205 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
206 ],
207
208 [
209"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
210 "-encrypt -in smcont.txt"
211 . " -aes256 -stream -out test.cms"
212 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
213 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
214 ],
215
216);
217
218my @smime_cms_tests = (
219
220 [
221 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
222 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
223 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
224 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
225 . " -stream -out test.cms",
226 "-verify -in test.cms -inform \"DER\" "
227 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
228 ],
229
230 [
231 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
232 "-sign -in smcont.txt -outform PEM -nodetach"
233 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
234 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
235 . " -stream -out test.cms",
236 "-verify -in test.cms -inform PEM "
237 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
238 ],
239
240 [
241 "signed content MIME format, RSA key, signed receipt request",
242 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
243 . " -receipt_request_to test\@openssl.org -receipt_request_all"
244 . " -out test.cms",
245 "-verify -in test.cms "
246 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
247 ],
248
249 [
250 "signed receipt MIME format, RSA key",
251 "-sign_receipt -in test.cms"
252 . " -signer $smdir/smrsa2.pem"
253 . " -out test2.cms",
254 "-verify_receipt test2.cms -in test.cms"
255 . " \"-CAfile\" $smdir/smroot.pem"
256 ],
257
258 [
259 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
260 "-encrypt -in smcont.txt"
261 . " -stream -out test.cms -keyid"
262 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
263 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
264 ],
265
266 [
267 "enveloped content test streaming PEM format, KEK",
268 "-encrypt -in smcont.txt -outform PEM -aes128"
269 . " -stream -out test.cms "
270 . " -secretkey 000102030405060708090A0B0C0D0E0F "
271 . " -secretkeyid C0FEE0",
272 "-decrypt -in test.cms -out smtst.txt -inform PEM"
273 . " -secretkey 000102030405060708090A0B0C0D0E0F "
274 . " -secretkeyid C0FEE0"
275 ],
276
277 [
278 "enveloped content test streaming PEM format, KEK, key only",
279 "-encrypt -in smcont.txt -outform PEM -aes128"
280 . " -stream -out test.cms "
281 . " -secretkey 000102030405060708090A0B0C0D0E0F "
282 . " -secretkeyid C0FEE0",
283 "-decrypt -in test.cms -out smtst.txt -inform PEM"
284 . " -secretkey 000102030405060708090A0B0C0D0E0F "
285 ],
286
287 [
288 "data content test streaming PEM format",
289 "-data_create -in smcont.txt -outform PEM -nodetach"
290 . " -stream -out test.cms",
291 "-data_out -in test.cms -inform PEM -out smtst.txt"
292 ],
293
294 [
295 "encrypted content test streaming PEM format, 128 bit RC2 key",
296 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
297 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
298 . " -stream -out test.cms",
299 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
300 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
301 ],
302
303 [
304 "encrypted content test streaming PEM format, 40 bit RC2 key",
305 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
306 . " -rc2 -secretkey 0001020304"
307 . " -stream -out test.cms",
308 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
309 . " -secretkey 0001020304 -out smtst.txt"
310 ],
311
312 [
313 "encrypted content test streaming PEM format, triple DES key",
314 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
315 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
316 . " -stream -out test.cms",
317 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
318 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
319 . " -out smtst.txt"
320 ],
321
322 [
323 "encrypted content test streaming PEM format, 128 bit AES key",
324 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
325 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
326 . " -stream -out test.cms",
327 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
328 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
329 ],
330
331);
332
333my @smime_cms_comp_tests = (
334
335 [
336 "compressed content test streaming PEM format",
337 "-compress -in smcont.txt -outform PEM -nodetach"
338 . " -stream -out test.cms",
339 "-uncompress -in test.cms -inform PEM -out smtst.txt"
340 ]
341
342);
343
344print "CMS => PKCS#7 compatibility tests\n";
345
346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
347
348print "CMS <= PKCS#7 compatibility tests\n";
349
350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
351
352print "CMS <=> CMS consistency tests\n";
353
354run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
355run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
356
357if ( `$ossl_path version -f` =~ /ZLIB/ ) {
358 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
359}
360else {
361 print "Zlib not supported: compression tests skipped\n";
362}
363
364print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
365
366if ($badcmd) {
367 print "$badcmd TESTS FAILED!!\n";
368}
369else {
370 print "ALL TESTS SUCCESSFUL.\n";
371}
372
373unlink "test.cms";
374unlink "test2.cms";
375unlink "smtst.txt";
376unlink "cms.out";
377unlink "cms.err";
378
379sub run_smime_tests {
380 my ( $rv, $aref, $scmd, $vcmd ) = @_;
381
382 foreach $smtst (@$aref) {
383 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
384 if ($ossl8)
385 {
386 # Skip smime resign: 0.9.8 smime doesn't support -resign
387 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
388 # Disable streaming: option not supported in 0.9.8
389 $tnam =~ s/streaming//;
390 $rscmd =~ s/-stream//;
391 $rvcmd =~ s/-stream//;
392 }
393 system("$scmd$rscmd$redir");
394 if ($?) {
395 print "$tnam: generation error\n";
396 $$rv++;
397 exit 1 if $halt_err;
398 next;
399 }
400 system("$vcmd$rvcmd$redir");
401 if ($?) {
402 print "$tnam: verify error\n";
403 $$rv++;
404 exit 1 if $halt_err;
405 next;
406 }
407 if (!cmp_files("smtst.txt", "smcont.txt")) {
408 print "$tnam: content verify error\n";
409 $$rv++;
410 exit 1 if $halt_err;
411 next;
412 }
413 print "$tnam: OK\n";
414 }
415}
416
417sub cmp_files {
418 my ( $f1, $f2 ) = @_;
419 my ( $fp1, $fp2 );
420
421 my ( $rd1, $rd2 );
422
423 if ( !open( $fp1, "<$f1" ) ) {
424 print STDERR "Can't Open file $f1\n";
425 return 0;
426 }
427
428 if ( !open( $fp2, "<$f2" ) ) {
429 print STDERR "Can't Open file $f2\n";
430 return 0;
431 }
432
433 binmode $fp1;
434 binmode $fp2;
435
436 my $ret = 0;
437
438 for ( ; ; ) {
439 $n1 = sysread $fp1, $rd1, 4096;
440 $n2 = sysread $fp2, $rd2, 4096;
441 last if ( $n1 != $n2 );
442 last if ( $rd1 ne $rd2 );
443
444 if ( $n1 == 0 ) {
445 $ret = 1;
446 last;
447 }
448
449 }
450
451 close $fp1;
452 close $fp2;
453
454 return $ret;
455
456}
457
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
deleted file mode 100644
index 005c2f4822..0000000000
--- a/src/lib/libssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
1/* test/methtest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include "meth.h"
64#include <openssl/err.h>
65
66int main(argc,argv)
67int argc;
68char *argv[];
69 {
70 METHOD_CTX *top,*tmp1,*tmp2;
71
72 top=METH_new(x509_lookup()); /* get a top level context */
73 if (top == NULL) goto err;
74
75 tmp1=METH_new(x509_by_file());
76 if (top == NULL) goto err;
77 METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
78 METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
79 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
80
81 tmp2=METH_new(x509_by_dir());
82 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
83 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
84 METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
85 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
86
87/* tmp=METH_new(x509_by_issuer_dir);
88 METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
89 METH_push(top,METH_X509_BY_ISSUER,tmp);
90
91 tmp=METH_new(x509_by_issuer_primary);
92 METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
93 METH_push(top,METH_X509_BY_ISSUER,tmp);
94*/
95
96 METH_init(top);
97 METH_control(tmp1,METH_CONTROL_DUMP,stdout);
98 METH_control(tmp2,METH_CONTROL_DUMP,stdout);
99 EXIT(0);
100err:
101 ERR_load_crypto_strings();
102 ERR_print_errors_fp(stderr);
103 EXIT(1);
104 return(0);
105 }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN PKCS7-----
2MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
3SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
4AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
5eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
6MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
7bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
8ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
9FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
109XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
11BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
12bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
13BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
14j7Kie1x339mxW/w9VZNTUDQQweHh
15-----END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
1 MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
2 AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
3 EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
4 cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
5 ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
6 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
7 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
8 bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
9 CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
10 Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
11 CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
12 ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
13 l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
14 HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
15 Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
16 c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
17 YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
18 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
19 dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
20 LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
21 ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
22 biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
23 IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
24 AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
25 L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
26 HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
27 slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
28 ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
29 /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
30 aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
31 ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
32 OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
33 MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
34 Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
35 qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
36 sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
37 P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
38 A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
39 KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
40 Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
41 Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
42 hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
43 Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
44 dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
45 KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
46 dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
47 I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
48 ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
49 ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
50 ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
51 MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
52 /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
53 DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
54 b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
deleted file mode 100644
index 69dffa16f9..0000000000
--- a/src/lib/libssl/test/pkits-test.pl
+++ /dev/null
@@ -1,940 +0,0 @@
1# test/pkits-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl utility to run PKITS tests for RFC3280 compliance.
54
55my $ossl_path;
56
57if ( -f "../apps/openssl" ) {
58 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
59}
60elsif ( -f "..\\out32dll\\openssl.exe" ) {
61 $ossl_path = "..\\out32dll\\openssl.exe";
62}
63elsif ( -f "..\\out32\\openssl.exe" ) {
64 $ossl_path = "..\\out32\\openssl.exe";
65}
66else {
67 die "Can't find OpenSSL executable";
68}
69
70my $pkitsdir = "pkits/smime";
71my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
72
73die "Can't find PKITS test data" if !-d $pkitsdir;
74
75my $nist1 = "2.16.840.1.101.3.2.1.48.1";
76my $nist2 = "2.16.840.1.101.3.2.1.48.2";
77my $nist3 = "2.16.840.1.101.3.2.1.48.3";
78my $nist4 = "2.16.840.1.101.3.2.1.48.4";
79my $nist5 = "2.16.840.1.101.3.2.1.48.5";
80my $nist6 = "2.16.840.1.101.3.2.1.48.6";
81
82my $apolicy = "X509v3 Any Policy";
83
84# This table contains the chapter headings of the accompanying PKITS
85# document. They provide useful informational output and their names
86# can be converted into the filename to test.
87
88my @testlists = (
89 [ "4.1", "Signature Verification" ],
90 [ "4.1.1", "Valid Signatures Test1", 0 ],
91 [ "4.1.2", "Invalid CA Signature Test2", 7 ],
92 [ "4.1.3", "Invalid EE Signature Test3", 7 ],
93 [ "4.1.4", "Valid DSA Signatures Test4", 0 ],
94 [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ],
95 [ "4.1.6", "Invalid DSA Signature Test6", 7 ],
96 [ "4.2", "Validity Periods" ],
97 [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ],
98 [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ],
99 [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ],
100 [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ],
101 [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ],
102 [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ],
103 [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ],
104 [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ],
105 [ "4.3", "Verifying Name Chaining" ],
106 [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ],
107 [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ],
108 [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ],
109 [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ],
110 [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ],
111 [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ],
112 [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
113 [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ],
114 [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ],
115 [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
116 [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ],
117 [ "4.4", "Basic Certificate Revocation Tests" ],
118 [ "4.4.1", "Missing CRL Test1", 3 ],
119 [ "4.4.2", "Invalid Revoked CA Test2", 23 ],
120 [ "4.4.3", "Invalid Revoked EE Test3", 23 ],
121 [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ],
122 [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
123 [ "4.4.6", "Invalid Wrong CRL Test6", 3 ],
124 [ "4.4.7", "Valid Two CRLs Test7", 0 ],
125
126 # The test document suggests these should return certificate revoked...
127 # Subsquent discussion has concluded they should not due to unhandle
128 # critical CRL extensions.
129 [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
130 [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ],
131
132 [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ],
133 [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ],
134 [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ],
135 [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ],
136 [ "4.4.14", "Valid Negative Serial Number Test14", 0 ],
137 [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ],
138 [ "4.4.16", "Valid Long Serial Number Test16", 0 ],
139 [ "4.4.17", "Valid Long Serial Number Test17", 0 ],
140 [ "4.4.18", "Invalid Long Serial Number Test18", 23 ],
141 [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ],
142 [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
143
144 # CRL path is revoked so get a CRL path validation error
145 [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ],
146 [ "4.5", "Verifying Paths with Self-Issued Certificates" ],
147 [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ],
148 [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ],
149 [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ],
150 [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ],
151 [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ],
152 [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ],
153 [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ],
154 [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ],
155 [ "4.6", "Verifying Basic Constraints" ],
156 [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ],
157 [ "4.6.2", "Invalid cA False Test2", 24 ],
158 [ "4.6.3", "Invalid cA False Test3", 24 ],
159 [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ],
160 [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ],
161 [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ],
162 [ "4.6.7", "Valid pathLenConstraint Test7", 0 ],
163 [ "4.6.8", "Valid pathLenConstraint Test8", 0 ],
164 [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ],
165 [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ],
166 [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ],
167 [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ],
168 [ "4.6.13", "Valid pathLenConstraint Test13", 0 ],
169 [ "4.6.14", "Valid pathLenConstraint Test14", 0 ],
170 [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ],
171 [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ],
172 [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ],
173 [ "4.7", "Key Usage" ],
174 [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ],
175 [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
176 [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ],
177 [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ],
178 [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ],
179
180 # Certificate policy tests need special handling. They can have several
181 # sub tests and we need to check the outputs are correct.
182
183 [ "4.8", "Certificate Policies" ],
184 [
185 "4.8.1.1",
186 "All Certificates Same Policy Test1",
187 "-policy anyPolicy -explicit_policy",
188 "True", $nist1, $nist1, 0
189 ],
190 [
191 "4.8.1.2",
192 "All Certificates Same Policy Test1",
193 "-policy $nist1 -explicit_policy",
194 "True", $nist1, $nist1, 0
195 ],
196 [
197 "4.8.1.3",
198 "All Certificates Same Policy Test1",
199 "-policy $nist2 -explicit_policy",
200 "True", $nist1, "<empty>", 43
201 ],
202 [
203 "4.8.1.4",
204 "All Certificates Same Policy Test1",
205 "-policy $nist1 -policy $nist2 -explicit_policy",
206 "True", $nist1, $nist1, 0
207 ],
208 [
209 "4.8.2.1",
210 "All Certificates No Policies Test2",
211 "-policy anyPolicy",
212 "False", "<empty>", "<empty>", 0
213 ],
214 [
215 "4.8.2.2",
216 "All Certificates No Policies Test2",
217 "-policy anyPolicy -explicit_policy",
218 "True", "<empty>", "<empty>", 43
219 ],
220 [
221 "4.8.3.1",
222 "Different Policies Test3",
223 "-policy anyPolicy",
224 "False", "<empty>", "<empty>", 0
225 ],
226 [
227 "4.8.3.2",
228 "Different Policies Test3",
229 "-policy anyPolicy -explicit_policy",
230 "True", "<empty>", "<empty>", 43
231 ],
232 [
233 "4.8.3.3",
234 "Different Policies Test3",
235 "-policy $nist1 -policy $nist2 -explicit_policy",
236 "True", "<empty>", "<empty>", 43
237 ],
238
239 [
240 "4.8.4",
241 "Different Policies Test4",
242 "-policy anyPolicy",
243 "True", "<empty>", "<empty>", 43
244 ],
245 [
246 "4.8.5",
247 "Different Policies Test5",
248 "-policy anyPolicy",
249 "True", "<empty>", "<empty>", 43
250 ],
251 [
252 "4.8.6.1",
253 "Overlapping Policies Test6",
254 "-policy anyPolicy",
255 "True", $nist1, $nist1, 0
256 ],
257 [
258 "4.8.6.2",
259 "Overlapping Policies Test6",
260 "-policy $nist1",
261 "True", $nist1, $nist1, 0
262 ],
263 [
264 "4.8.6.3",
265 "Overlapping Policies Test6",
266 "-policy $nist2",
267 "True", $nist1, "<empty>", 43
268 ],
269 [
270 "4.8.7",
271 "Different Policies Test7",
272 "-policy anyPolicy",
273 "True", "<empty>", "<empty>", 43
274 ],
275 [
276 "4.8.8",
277 "Different Policies Test8",
278 "-policy anyPolicy",
279 "True", "<empty>", "<empty>", 43
280 ],
281 [
282 "4.8.9",
283 "Different Policies Test9",
284 "-policy anyPolicy",
285 "True", "<empty>", "<empty>", 43
286 ],
287 [
288 "4.8.10.1",
289 "All Certificates Same Policies Test10",
290 "-policy $nist1",
291 "True", "$nist1:$nist2", "$nist1", 0
292 ],
293 [
294 "4.8.10.2",
295 "All Certificates Same Policies Test10",
296 "-policy $nist2",
297 "True", "$nist1:$nist2", "$nist2", 0
298 ],
299 [
300 "4.8.10.3",
301 "All Certificates Same Policies Test10",
302 "-policy anyPolicy",
303 "True", "$nist1:$nist2", "$nist1:$nist2", 0
304 ],
305 [
306 "4.8.11.1",
307 "All Certificates AnyPolicy Test11",
308 "-policy anyPolicy",
309 "True", "$apolicy", "$apolicy", 0
310 ],
311 [
312 "4.8.11.2",
313 "All Certificates AnyPolicy Test11",
314 "-policy $nist1",
315 "True", "$apolicy", "$nist1", 0
316 ],
317 [
318 "4.8.12",
319 "Different Policies Test12",
320 "-policy anyPolicy",
321 "True", "<empty>", "<empty>", 43
322 ],
323 [
324 "4.8.13.1",
325 "All Certificates Same Policies Test13",
326 "-policy $nist1",
327 "True", "$nist1:$nist2:$nist3", "$nist1", 0
328 ],
329 [
330 "4.8.13.2",
331 "All Certificates Same Policies Test13",
332 "-policy $nist2",
333 "True", "$nist1:$nist2:$nist3", "$nist2", 0
334 ],
335 [
336 "4.8.13.3",
337 "All Certificates Same Policies Test13",
338 "-policy $nist3",
339 "True", "$nist1:$nist2:$nist3", "$nist3", 0
340 ],
341 [
342 "4.8.14.1", "AnyPolicy Test14",
343 "-policy $nist1", "True",
344 "$nist1", "$nist1",
345 0
346 ],
347 [
348 "4.8.14.2", "AnyPolicy Test14",
349 "-policy $nist2", "True",
350 "$nist1", "<empty>",
351 43
352 ],
353 [
354 "4.8.15",
355 "User Notice Qualifier Test15",
356 "-policy anyPolicy",
357 "False", "$nist1", "$nist1", 0
358 ],
359 [
360 "4.8.16",
361 "User Notice Qualifier Test16",
362 "-policy anyPolicy",
363 "False", "$nist1", "$nist1", 0
364 ],
365 [
366 "4.8.17",
367 "User Notice Qualifier Test17",
368 "-policy anyPolicy",
369 "False", "$nist1", "$nist1", 0
370 ],
371 [
372 "4.8.18.1",
373 "User Notice Qualifier Test18",
374 "-policy $nist1",
375 "True", "$nist1:$nist2", "$nist1", 0
376 ],
377 [
378 "4.8.18.2",
379 "User Notice Qualifier Test18",
380 "-policy $nist2",
381 "True", "$nist1:$nist2", "$nist2", 0
382 ],
383 [
384 "4.8.19",
385 "User Notice Qualifier Test19",
386 "-policy anyPolicy",
387 "False", "$nist1", "$nist1", 0
388 ],
389 [
390 "4.8.20",
391 "CPS Pointer Qualifier Test20",
392 "-policy anyPolicy -explicit_policy",
393 "True", "$nist1", "$nist1", 0
394 ],
395 [ "4.9", "Require Explicit Policy" ],
396 [
397 "4.9.1",
398 "Valid RequireExplicitPolicy Test1",
399 "-policy anyPolicy",
400 "False", "<empty>", "<empty>", 0
401 ],
402 [
403 "4.9.2",
404 "Valid RequireExplicitPolicy Test2",
405 "-policy anyPolicy",
406 "False", "<empty>", "<empty>", 0
407 ],
408 [
409 "4.9.3",
410 "Invalid RequireExplicitPolicy Test3",
411 "-policy anyPolicy",
412 "True", "<empty>", "<empty>", 43
413 ],
414 [
415 "4.9.4",
416 "Valid RequireExplicitPolicy Test4",
417 "-policy anyPolicy",
418 "True", "$nist1", "$nist1", 0
419 ],
420 [
421 "4.9.5",
422 "Invalid RequireExplicitPolicy Test5",
423 "-policy anyPolicy",
424 "True", "<empty>", "<empty>", 43
425 ],
426 [
427 "4.9.6",
428 "Valid Self-Issued requireExplicitPolicy Test6",
429 "-policy anyPolicy",
430 "False", "<empty>", "<empty>", 0
431 ],
432 [
433 "4.9.7",
434 "Invalid Self-Issued requireExplicitPolicy Test7",
435 "-policy anyPolicy",
436 "True", "<empty>", "<empty>", 43
437 ],
438 [
439 "4.9.8",
440 "Invalid Self-Issued requireExplicitPolicy Test8",
441 "-policy anyPolicy",
442 "True", "<empty>", "<empty>", 43
443 ],
444 [ "4.10", "Policy Mappings" ],
445 [
446 "4.10.1.1",
447 "Valid Policy Mapping Test1",
448 "-policy $nist1",
449 "True", "$nist1", "$nist1", 0
450 ],
451 [
452 "4.10.1.2",
453 "Valid Policy Mapping Test1",
454 "-policy $nist2",
455 "True", "$nist1", "<empty>", 43
456 ],
457 [
458 "4.10.1.3",
459 "Valid Policy Mapping Test1",
460 "-policy anyPolicy -inhibit_map",
461 "True", "<empty>", "<empty>", 43
462 ],
463 [
464 "4.10.2.1",
465 "Invalid Policy Mapping Test2",
466 "-policy anyPolicy",
467 "True", "<empty>", "<empty>", 43
468 ],
469 [
470 "4.10.2.2",
471 "Invalid Policy Mapping Test2",
472 "-policy anyPolicy -inhibit_map",
473 "True", "<empty>", "<empty>", 43
474 ],
475 [
476 "4.10.3.1",
477 "Valid Policy Mapping Test3",
478 "-policy $nist1",
479 "True", "$nist2", "<empty>", 43
480 ],
481 [
482 "4.10.3.2",
483 "Valid Policy Mapping Test3",
484 "-policy $nist2",
485 "True", "$nist2", "$nist2", 0
486 ],
487 [
488 "4.10.4",
489 "Invalid Policy Mapping Test4",
490 "-policy anyPolicy",
491 "True", "<empty>", "<empty>", 43
492 ],
493 [
494 "4.10.5.1",
495 "Valid Policy Mapping Test5",
496 "-policy $nist1",
497 "True", "$nist1", "$nist1", 0
498 ],
499 [
500 "4.10.5.2",
501 "Valid Policy Mapping Test5",
502 "-policy $nist6",
503 "True", "$nist1", "<empty>", 43
504 ],
505 [
506 "4.10.6.1",
507 "Valid Policy Mapping Test6",
508 "-policy $nist1",
509 "True", "$nist1", "$nist1", 0
510 ],
511 [
512 "4.10.6.2",
513 "Valid Policy Mapping Test6",
514 "-policy $nist6",
515 "True", "$nist1", "<empty>", 43
516 ],
517 [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
518 [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ],
519 [
520 "4.10.9",
521 "Valid Policy Mapping Test9",
522 "-policy anyPolicy",
523 "True", "$nist1", "$nist1", 0
524 ],
525 [
526 "4.10.10",
527 "Invalid Policy Mapping Test10",
528 "-policy anyPolicy",
529 "True", "<empty>", "<empty>", 43
530 ],
531 [
532 "4.10.11",
533 "Valid Policy Mapping Test11",
534 "-policy anyPolicy",
535 "True", "$nist1", "$nist1", 0
536 ],
537
538 # TODO: check notice display
539 [
540 "4.10.12.1",
541 "Valid Policy Mapping Test12",
542 "-policy $nist1",
543 "True", "$nist1:$nist2", "$nist1", 0
544 ],
545
546 # TODO: check notice display
547 [
548 "4.10.12.2",
549 "Valid Policy Mapping Test12",
550 "-policy $nist2",
551 "True", "$nist1:$nist2", "$nist2", 0
552 ],
553 [
554 "4.10.13",
555 "Valid Policy Mapping Test13",
556 "-policy anyPolicy",
557 "True", "$nist1", "$nist1", 0
558 ],
559
560 # TODO: check notice display
561 [
562 "4.10.14",
563 "Valid Policy Mapping Test14",
564 "-policy anyPolicy",
565 "True", "$nist1", "$nist1", 0
566 ],
567 [ "4.11", "Inhibit Policy Mapping" ],
568 [
569 "4.11.1",
570 "Invalid inhibitPolicyMapping Test1",
571 "-policy anyPolicy",
572 "True", "<empty>", "<empty>", 43
573 ],
574 [
575 "4.11.2",
576 "Valid inhibitPolicyMapping Test2",
577 "-policy anyPolicy",
578 "True", "$nist1", "$nist1", 0
579 ],
580 [
581 "4.11.3",
582 "Invalid inhibitPolicyMapping Test3",
583 "-policy anyPolicy",
584 "True", "<empty>", "<empty>", 43
585 ],
586 [
587 "4.11.4",
588 "Valid inhibitPolicyMapping Test4",
589 "-policy anyPolicy",
590 "True", "$nist2", "$nist2", 0
591 ],
592 [
593 "4.11.5",
594 "Invalid inhibitPolicyMapping Test5",
595 "-policy anyPolicy",
596 "True", "<empty>", "<empty>", 43
597 ],
598 [
599 "4.11.6",
600 "Invalid inhibitPolicyMapping Test6",
601 "-policy anyPolicy",
602 "True", "<empty>", "<empty>", 43
603 ],
604 [
605 "4.11.7",
606 "Valid Self-Issued inhibitPolicyMapping Test7",
607 "-policy anyPolicy",
608 "True", "$nist1", "$nist1", 0
609 ],
610 [
611 "4.11.8",
612 "Invalid Self-Issued inhibitPolicyMapping Test8",
613 "-policy anyPolicy",
614 "True", "<empty>", "<empty>", 43
615 ],
616 [
617 "4.11.9",
618 "Invalid Self-Issued inhibitPolicyMapping Test9",
619 "-policy anyPolicy",
620 "True", "<empty>", "<empty>", 43
621 ],
622 [
623 "4.11.10",
624 "Invalid Self-Issued inhibitPolicyMapping Test10",
625 "-policy anyPolicy",
626 "True", "<empty>", "<empty>", 43
627 ],
628 [
629 "4.11.11",
630 "Invalid Self-Issued inhibitPolicyMapping Test11",
631 "-policy anyPolicy",
632 "True", "<empty>", "<empty>", 43
633 ],
634 [ "4.12", "Inhibit Any Policy" ],
635 [
636 "4.12.1",
637 "Invalid inhibitAnyPolicy Test1",
638 "-policy anyPolicy",
639 "True", "<empty>", "<empty>", 43
640 ],
641 [
642 "4.12.2",
643 "Valid inhibitAnyPolicy Test2",
644 "-policy anyPolicy",
645 "True", "$nist1", "$nist1", 0
646 ],
647 [
648 "4.12.3.1",
649 "inhibitAnyPolicy Test3",
650 "-policy anyPolicy",
651 "True", "$nist1", "$nist1", 0
652 ],
653 [
654 "4.12.3.2",
655 "inhibitAnyPolicy Test3",
656 "-policy anyPolicy -inhibit_any",
657 "True", "<empty>", "<empty>", 43
658 ],
659 [
660 "4.12.4",
661 "Invalid inhibitAnyPolicy Test4",
662 "-policy anyPolicy",
663 "True", "<empty>", "<empty>", 43
664 ],
665 [
666 "4.12.5",
667 "Invalid inhibitAnyPolicy Test5",
668 "-policy anyPolicy",
669 "True", "<empty>", "<empty>", 43
670 ],
671 [
672 "4.12.6",
673 "Invalid inhibitAnyPolicy Test6",
674 "-policy anyPolicy",
675 "True", "<empty>", "<empty>", 43
676 ],
677 [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ],
678 [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ],
679 [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ],
680 [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ],
681 [ "4.13", "Name Constraints" ],
682 [ "4.13.1", "Valid DN nameConstraints Test1", 0 ],
683 [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ],
684 [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ],
685 [ "4.13.4", "Valid DN nameConstraints Test4", 0 ],
686 [ "4.13.5", "Valid DN nameConstraints Test5", 0 ],
687 [ "4.13.6", "Valid DN nameConstraints Test6", 0 ],
688 [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ],
689 [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ],
690 [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ],
691 [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ],
692 [ "4.13.11", "Valid DN nameConstraints Test11", 0 ],
693 [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ],
694 [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ],
695 [ "4.13.14", "Valid DN nameConstraints Test14", 0 ],
696 [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ],
697 [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ],
698 [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ],
699 [ "4.13.18", "Valid DN nameConstraints Test18", 0 ],
700 [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ],
701 [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
702 [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ],
703 [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ],
704 [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ],
705 [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ],
706 [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ],
707 [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ],
708 [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ],
709 [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ],
710 [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ],
711 [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ],
712 [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ],
713 [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ],
714 [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ],
715 [ "4.13.34", "Valid URI nameConstraints Test34", 0 ],
716 [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ],
717 [ "4.13.36", "Valid URI nameConstraints Test36", 0 ],
718 [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ],
719 [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ],
720 [ "4.14", "Distribution Points" ],
721 [ "4.14.1", "Valid distributionPoint Test1", 0 ],
722 [ "4.14.2", "Invalid distributionPoint Test2", 23 ],
723 [ "4.14.3", "Invalid distributionPoint Test3", 44 ],
724 [ "4.14.4", "Valid distributionPoint Test4", 0 ],
725 [ "4.14.5", "Valid distributionPoint Test5", 0 ],
726 [ "4.14.6", "Invalid distributionPoint Test6", 23 ],
727 [ "4.14.7", "Valid distributionPoint Test7", 0 ],
728 [ "4.14.8", "Invalid distributionPoint Test8", 44 ],
729 [ "4.14.9", "Invalid distributionPoint Test9", 44 ],
730 [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ],
731 [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ],
732 [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ],
733 [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ],
734 [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ],
735 [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ],
736 [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ],
737 [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ],
738 [ "4.14.18", "Valid onlySomeReasons Test18", 0 ],
739 [ "4.14.19", "Valid onlySomeReasons Test19", 0 ],
740 [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ],
741 [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ],
742 [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ],
743 [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ],
744 [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ],
745 [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ],
746 [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ],
747 [ "4.14.27", "Invalid cRLIssuer Test27", 3 ],
748 [ "4.14.28", "Valid cRLIssuer Test28", 0 ],
749 [ "4.14.29", "Valid cRLIssuer Test29", 0 ],
750
751 # Although this test is valid it has a circular dependency. As a result
752 # an attempt is made to reursively checks a CRL path and rejected due to
753 # a CRL path validation error. PKITS notes suggest this test does not
754 # need to be run due to this issue.
755 [ "4.14.30", "Valid cRLIssuer Test30", 54 ],
756 [ "4.14.31", "Invalid cRLIssuer Test31", 23 ],
757 [ "4.14.32", "Invalid cRLIssuer Test32", 23 ],
758 [ "4.14.33", "Valid cRLIssuer Test33", 0 ],
759 [ "4.14.34", "Invalid cRLIssuer Test34", 23 ],
760 [ "4.14.35", "Invalid cRLIssuer Test35", 44 ],
761 [ "4.15", "Delta-CRLs" ],
762 [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ],
763 [ "4.15.2", "Valid delta-CRL Test2", 0 ],
764 [ "4.15.3", "Invalid delta-CRL Test3", 23 ],
765 [ "4.15.4", "Invalid delta-CRL Test4", 23 ],
766 [ "4.15.5", "Valid delta-CRL Test5", 0 ],
767 [ "4.15.6", "Invalid delta-CRL Test6", 23 ],
768 [ "4.15.7", "Valid delta-CRL Test7", 0 ],
769 [ "4.15.8", "Valid delta-CRL Test8", 0 ],
770 [ "4.15.9", "Invalid delta-CRL Test9", 23 ],
771 [ "4.15.10", "Invalid delta-CRL Test10", 12 ],
772 [ "4.16", "Private Certificate Extensions" ],
773 [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
774 [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ],
775);
776
777
778my $verbose = 1;
779
780my $numtest = 0;
781my $numfail = 0;
782
783my $ossl = "ossl/apps/openssl";
784
785my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
786$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
787$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
788
789system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
790
791die "Can't create trust anchor file" if $?;
792
793print "Running PKITS tests:\n" if $verbose;
794
795foreach (@testlists) {
796 my $argnum = @$_;
797 if ( $argnum == 2 ) {
798 my ( $tnum, $title ) = @$_;
799 print "$tnum $title\n" if $verbose;
800 }
801 elsif ( $argnum == 3 ) {
802 my ( $tnum, $title, $exp_ret ) = @$_;
803 my $filename = $title;
804 $exp_ret += 32 if $exp_ret;
805 $filename =~ tr/ -//d;
806 $filename = "Signed${filename}.eml";
807 if ( !-f "$pkitsdir/$filename" ) {
808 print "\"$filename\" not found\n";
809 }
810 else {
811 my $ret;
812 my $test_fail = 0;
813 my $errmsg = "";
814 my $cmd = $ossl_cmd;
815 $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
816 my $cmdout = `$cmd`;
817 $ret = $? >> 8;
818 if ( $? & 0xff ) {
819 $errmsg .= "Abnormal OpenSSL termination\n";
820 $test_fail = 1;
821 }
822 if ( $exp_ret != $ret ) {
823 $errmsg .= "Return code:$ret, ";
824 $errmsg .= "expected $exp_ret\n";
825 $test_fail = 1;
826 }
827 if ($test_fail) {
828 print "$tnum $title : Failed!\n";
829 print "Filename: $pkitsdir/$filename\n";
830 print $errmsg;
831 print "Command output:\n$cmdout\n";
832 $numfail++;
833 }
834 $numtest++;
835 }
836 }
837 elsif ( $argnum == 7 ) {
838 my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
839 = @$_;
840 my $filename = $title;
841 $exp_ret += 32 if $exp_ret;
842 $filename =~ tr/ -//d;
843 $filename = "Signed${filename}.eml";
844 if ( !-f "$pkitsdir/$filename" ) {
845 print "\"$filename\" not found\n";
846 }
847 else {
848 my $ret;
849 my $cmdout = "";
850 my $errmsg = "";
851 my $epol = "";
852 my $aset = "";
853 my $uset = "";
854 my $pol = -1;
855 my $test_fail = 0;
856 my $cmd = $ossl_cmd;
857 $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
858 @oparr = `$cmd`;
859 $ret = $? >> 8;
860
861 if ( $? & 0xff ) {
862 $errmsg .= "Abnormal OpenSSL termination\n";
863 $test_fail = 1;
864 }
865 foreach (@oparr) {
866 my $test_failed = 0;
867 $cmdout .= $_;
868 if (/^Require explicit Policy: (.*)$/) {
869 $epol = $1;
870 }
871 if (/^Authority Policies/) {
872 if (/empty/) {
873 $aset = "<empty>";
874 }
875 else {
876 $pol = 1;
877 }
878 }
879 $test_fail = 1 if (/leak/i);
880 if (/^User Policies/) {
881 if (/empty/) {
882 $uset = "<empty>";
883 }
884 else {
885 $pol = 2;
886 }
887 }
888 if (/\s+Policy: (.*)$/) {
889 if ( $pol == 1 ) {
890 $aset .= ":" if $aset ne "";
891 $aset .= $1;
892 }
893 elsif ( $pol == 2 ) {
894 $uset .= ":" if $uset ne "";
895 $uset .= $1;
896 }
897 }
898 }
899
900 if ( $epol ne $exp_epol ) {
901 $errmsg .= "Explicit policy:$epol, ";
902 $errmsg .= "expected $exp_epol\n";
903 $test_fail = 1;
904 }
905 if ( $aset ne $exp_aset ) {
906 $errmsg .= "Authority policy set :$aset, ";
907 $errmsg .= "expected $exp_aset\n";
908 $test_fail = 1;
909 }
910 if ( $uset ne $exp_uset ) {
911 $errmsg .= "User policy set :$uset, ";
912 $errmsg .= "expected $exp_uset\n";
913 $test_fail = 1;
914 }
915
916 if ( $exp_ret != $ret ) {
917 print "Return code:$ret, expected $exp_ret\n";
918 $test_fail = 1;
919 }
920
921 if ($test_fail) {
922 print "$tnum $title : Failed!\n";
923 print "Filename: $pkitsdir/$filename\n";
924 print "Command output:\n$cmdout\n";
925 $numfail++;
926 }
927 $numtest++;
928 }
929 }
930}
931
932if ($numfail) {
933 print "$numfail tests failed out of $numtest\n";
934}
935else {
936 print "All Tests Successful.\n";
937}
938
939unlink "pkitsta.pem";
940
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
deleted file mode 100644
index a172e393ca..0000000000
--- a/src/lib/libssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* test/r160test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
deleted file mode 100644
index e837c0b75b..0000000000
--- a/src/lib/libssl/test/smcont.txt
+++ /dev/null
@@ -1 +0,0 @@
1Some test content for OpenSSL CMS \ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
deleted file mode 100644
index d5677dbfbe..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa1.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
9YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
10C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
119fMUZq1v0ePD4Wo0Xkxo
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
25CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
267WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
27h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
284Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
31kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
32phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
33hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
deleted file mode 100644
index ef86c115d7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
9It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
10VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
11Nf8SimTZYB0/CKje6M5ufA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
25g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
266WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
27j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
28FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
29rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
30FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
31FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
326Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
33jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
deleted file mode 100644
index eeb848dabc..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
9GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
10TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
11Y+XZd0Sv69CatDIRYWvaIA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
25M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
26aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
27pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
28VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
31k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
32rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
33OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
deleted file mode 100644
index 249706c8c7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsap.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN DSA PARAMETERS-----
2MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
3Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
4gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
5qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
6Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
7GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
8Qw5z
9-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
deleted file mode 100644
index a59eb2684c..0000000000
--- a/src/lib/libssl/test/smime-certs/smroot.pem
+++ /dev/null
@@ -1,30 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
39Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
4speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
5AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
6JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
7xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
8U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
9Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
101tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
113Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
123ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
13U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
140J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
21ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
22wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
239HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
2481XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
25BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
26dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
27SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
28l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
29r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
30-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
deleted file mode 100644
index 2cf3148e33..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa1.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
3ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
4JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
5AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
6KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
7JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
8xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
9KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
10Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
11h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
12oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
13QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
14SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
23ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
24yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
28O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
299cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
30I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
deleted file mode 100644
index d41f69c82f..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa2.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
359i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
4WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
5AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
6+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
7dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
8bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
9QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
10M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
11iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
12A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
13jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
146rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
23eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
2400obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
28rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
29ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
30YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
deleted file mode 100644
index c8cbe55151..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa3.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
3ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
4h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
5AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
6iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
7/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
8ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
9hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
10OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
11RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
129XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
13GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
14VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
23Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
24Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
28tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
29jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
30PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 055269eab8..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl crl'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testcrl.pem
9fi
10
11echo testing crl conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index faad3914a8..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ ca ]
10default_ca = CA_default # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir = ./demoCA # Where everything is kept
16certs = $dir/certs # Where the issued certs are kept
17crl_dir = $dir/crl # Where the issued crl are kept
18database = $dir/index.txt # database index file.
19new_certs_dir = $dir/new_certs # default place for new certs.
20
21certificate = $dir/CAcert.pem # The CA certificate
22serial = $dir/serial # The current serial number
23crl = $dir/crl.pem # The current CRL
24private_key = $dir/private/CAkey.pem# The private key
25RANDFILE = $dir/private/.rand # private random number file
26
27default_days = 365 # how long to certify for
28default_crl_days= 30 # how long before next CRL
29default_md = md5 # which md to use.
30
31# A few difference way of specifying how similar the request should look
32# For type CA, the listed attributes must be the same, and the optional
33# and supplied fields are just that :-)
34policy = policy_match
35
36# For the CA policy
37[ policy_match ]
38countryName = match
39stateOrProvinceName = match
40organizationName = match
41organizationalUnitName = optional
42commonName = supplied
43emailAddress = optional
44
45# For the 'anything' policy
46# At this point in time, you must list all acceptable 'object'
47# types.
48[ policy_anything ]
49countryName = optional
50stateOrProvinceName = optional
51localityName = optional
52organizationName = optional
53organizationalUnitName = optional
54commonName = supplied
55emailAddress = optional
56
57####################################################################
58[ req ]
59default_bits = 512
60default_keyfile = testkey.pem
61distinguished_name = req_distinguished_name
62encrypt_rsa_key = no
63
64[ req_distinguished_name ]
65countryName = Country Name (2 letter code)
66countryName_default = AU
67countryName_value = AU
68
69stateOrProvinceName = State or Province Name (full name)
70stateOrProvinceName_default = Queensland
71stateOrProvinceName_value =
72
73localityName = Locality Name (eg, city)
74localityName_value = Brisbane
75
76organizationName = Organization Name (eg, company)
77organizationName_default =
78organizationName_value = CryptSoft Pty Ltd
79
80organizationalUnitName = Organizational Unit Name (eg, section)
81organizationalUnitName_default =
82organizationalUnitName_value = .
83
84commonName = Common Name (eg, YOUR name)
85commonName_value = Eric Young
86
87emailAddress = Email Address
88emailAddress_value = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni
deleted file mode 100644
index e8fb63ee2b..0000000000
--- a/src/lib/libssl/test/test_aesni
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine aesni | grep -v no-aesni; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25 BUFSIZE="16 32 48 64 80 96 128 144 999"
26
27 nerr=0
28
29 for alg in $AES_ALGS; do
30 echo $alg
31 for bufsize in $BUFSIZE; do
32 TEST=`( cat $PROG | \
33 $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
34 $PROG enc -d -k "$HASH" -$alg | \
35 $PROG dgst -hex ) 2>/dev/null`
36 if [ "$TEST" != "$HASH" ]; then
37 echo "-$alg/$bufsize encrypt test failed"
38 nerr=`expr $nerr + 1`
39 fi
40 done
41 for bufsize in $BUFSIZE; do
42 TEST=`( cat $PROG | \
43 $PROG enc -e -k "$HASH" -$alg | \
44 $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
45 $PROG dgst -hex ) 2>/dev/null`
46 if [ "$TEST" != "$HASH" ]; then
47 echo "-$alg/$bufsize decrypt test failed"
48 nerr=`expr $nerr + 1`
49 fi
50 done
51 TEST=`( cat $PROG | \
52 $PROG enc -e -k "$HASH" -$alg -engine aesni | \
53 $PROG enc -d -k "$HASH" -$alg -engine aesni | \
54 $PROG dgst -hex ) 2>/dev/null`
55 if [ "$TEST" != "$HASH" ]; then
56 echo "-$alg en/decrypt test failed"
57 nerr=`expr $nerr + 1`
58 fi
59 done
60
61 if [ $nerr -gt 0 ]; then
62 echo "AESNI engine test failed."
63 exit 1;
64 fi
65else
66 echo "AESNI engine is not available"
67fi
68
69exit 0
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
deleted file mode 100755
index 5c0f21043c..0000000000
--- a/src/lib/libssl/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine padlock | grep -v no-ACE; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25
26 nerr=0
27
28 for alg in $ACE_ALGS; do
29 echo $alg
30 TEST=`( cat $PROG | \
31 $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
32 $PROG enc -d -k "$HASH" -$alg | \
33 $PROG dgst -hex ) 2>/dev/null`
34 if [ "$TEST" != "$HASH" ]; then
35 echo "-$alg encrypt test failed"
36 nerr=`expr $nerr + 1`
37 fi
38 TEST=`( cat $PROG | \
39 $PROG enc -e -k "$HASH" -$alg | \
40 $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
41 $PROG dgst -hex ) 2>/dev/null`
42 if [ "$TEST" != "$HASH" ]; then
43 echo "-$alg decrypt test failed"
44 nerr=`expr $nerr + 1`
45 fi
46 TEST=`( cat $PROG | \
47 $PROG enc -e -k "$HASH" -$alg -engine padlock | \
48 $PROG enc -d -k "$HASH" -$alg -engine padlock | \
49 $PROG dgst -hex ) 2>/dev/null`
50 if [ "$TEST" != "$HASH" ]; then
51 echo "-$alg en/decrypt test failed"
52 nerr=`expr $nerr + 1`
53 fi
54 done
55
56 if [ $nerr -gt 0 ]; then
57 echo "PadLock ACE test failed."
58 exit 1;
59 fi
60else
61 echo "PadLock ACE is not available"
62fi
63
64exit 0
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index b109cfe271..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
1#!/bin/sh
2
3SH="/bin/sh"
4if test "$OSTYPE" = msdosdjgpp; then
5 PATH="../apps\;$PATH"
6else
7 PATH="../apps:$PATH"
8fi
9export SH PATH
10
11SSLEAY_CONFIG="-config CAss.cnf"
12export SSLEAY_CONFIG
13
14OPENSSL="`pwd`/../util/opensslwrap.sh"
15export OPENSSL
16
17/bin/rm -fr demoCA
18$SH ../apps/CA.sh -newca <<EOF
19EOF
20
21if [ $? != 0 ]; then
22 exit 1;
23fi
24
25SSLEAY_CONFIG="-config Uss.cnf"
26export SSLEAY_CONFIG
27$SH ../apps/CA.sh -newreq
28if [ $? != 0 ]; then
29 exit 1;
30fi
31
32
33SSLEAY_CONFIG="-config ../apps/openssl.cnf"
34export SSLEAY_CONFIG
35$SH ../apps/CA.sh -sign <<EOF
36y
37y
38EOF
39if [ $? != 0 ]; then
40 exit 1;
41fi
42
43
44$SH ../apps/CA.sh -verify newcert.pem
45if [ $? != 0 ]; then
46 exit 1;
47fi
48
49/bin/rm -fr demoCA newcert.pem newreq.pem
50#usage: CA -newcert|-newreq|-newca|-sign|-verify
51
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN X509 CRL-----
2MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
3F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
4IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
5MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
6MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
7MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
8MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
9MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
10MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
11NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
12NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
13AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
14wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
15JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
16-----END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index f5ce7c0c45..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
1#!/bin/sh
2
3testsrc=Makefile
4test=./p
5cmd="../util/shlib_wrap.sh ../apps/openssl"
6
7cat $testsrc >$test;
8
9echo cat
10$cmd enc < $test > $test.cipher
11$cmd enc < $test.cipher >$test.clear
12cmp $test $test.clear
13if [ $? != 0 ]
14then
15 exit 1
16else
17 /bin/rm $test.cipher $test.clear
18fi
19echo base64
20$cmd enc -a -e < $test > $test.cipher
21$cmd enc -a -d < $test.cipher >$test.clear
22cmp $test $test.clear
23if [ $? != 0 ]
24then
25 exit 1
26else
27 /bin/rm $test.cipher $test.clear
28fi
29
30for i in `$cmd list-cipher-commands`
31do
32 echo $i
33 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
34 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
35 cmp $test $test.$i.clear
36 if [ $? != 0 ]
37 then
38 exit 1
39 else
40 /bin/rm $test.$i.cipher $test.$i.clear
41 fi
42
43 echo $i base64
44 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
45 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
46 cmp $test $test.$i.clear
47 if [ $? != 0 ]
48 then
49 exit 1
50 else
51 /bin/rm $test.$i.cipher $test.$i.clear
52 fi
53done
54rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/sh
2
3T=testcert
4KEY=512
5CA=../certs/testca.pem
6
7/bin/rm -f $T.1 $T.2 $T.key
8
9if test "$OSTYPE" = msdosdjgpp; then
10 PATH=../apps\;$PATH;
11else
12 PATH=../apps:$PATH;
13fi
14export PATH
15
16echo "generating certificate request"
17
18echo "string to make the random number generator think it has entropy" >> ./.rnd
19
20if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
21 req_new='-newkey dsa:../apps/dsa512.pem'
22else
23 req_new='-new'
24 echo "There should be a 2 sequences of .'s and some +'s."
25 echo "There should not be more that at most 80 per line"
26fi
27
28echo "This could take some time."
29
30rm -f testkey.pem testreq.pem
31
32../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
33if [ $? != 0 ]; then
34echo problems creating request
35exit 1
36fi
37
38../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
39if [ $? != 0 ]; then
40echo signature on req is wrong
41exit 1
42fi
43
44exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
1-----BEGIN PKCS7-----
2MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
3cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
4DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
5BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
6HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
7ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
8biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
9aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
10aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
11VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
12UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
13AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
14BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
15ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
16IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
17bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
18L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
19OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
20IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
21ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
22cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
23QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
24MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
25AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
26cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
27AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
28MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
29QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
30dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
31Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
32DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
33TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
34AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
352d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
3647ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
37MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
38QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
39AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
40ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
41BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
42ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
43MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
44sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
45XfZsaiiIgotQHjEA
46-----END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
3QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
4DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
5hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
6gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
7-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
3Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
4rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
5oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
6mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
7rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
8mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
1-----BEGIN SSL SESSION PARAMETERS-----
2MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
3bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
4ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
5YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
6A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
7LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
8CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
9TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
10hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
11CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
12-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
1#!/bin/sh
2
3digest='-sha1'
4reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
5x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
6verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
7dummycnf="../apps/openssl.cnf"
8
9CAkey="keyCA.ss"
10CAcert="certCA.ss"
11CAreq="reqCA.ss"
12CAconf="CAss.cnf"
13CAreq2="req2CA.ss" # temp
14
15Uconf="Uss.cnf"
16Ukey="keyU.ss"
17Ureq="reqU.ss"
18Ucert="certU.ss"
19
20P1conf="P1ss.cnf"
21P1key="keyP1.ss"
22P1req="reqP1.ss"
23P1cert="certP1.ss"
24P1intermediate="tmp_intP1.ss"
25
26P2conf="P2ss.cnf"
27P2key="keyP2.ss"
28P2req="reqP2.ss"
29P2cert="certP2.ss"
30P2intermediate="tmp_intP2.ss"
31
32echo
33echo "make a certificate request using 'req'"
34
35echo "string to make the random number generator think it has entropy" >> ./.rnd
36
37if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
38 req_new='-newkey dsa:../apps/dsa512.pem'
39else
40 req_new='-new'
41fi
42
43$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
44if [ $? != 0 ]; then
45 echo "error using 'req' to generate a certificate request"
46 exit 1
47fi
48echo
49echo "convert the certificate request into a self signed certificate using 'x509'"
50$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
51if [ $? != 0 ]; then
52 echo "error using 'x509' to self sign a certificate request"
53 exit 1
54fi
55
56echo
57echo "convert a certificate into a certificate request using 'x509'"
58$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
59if [ $? != 0 ]; then
60 echo "error using 'x509' convert a certificate to a certificate request"
61 exit 1
62fi
63
64$reqcmd -config $dummycnf -verify -in $CAreq -noout
65if [ $? != 0 ]; then
66 echo first generated request is invalid
67 exit 1
68fi
69
70$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
71if [ $? != 0 ]; then
72 echo second generated request is invalid
73 exit 1
74fi
75
76$verifycmd -CAfile $CAcert $CAcert
77if [ $? != 0 ]; then
78 echo first generated cert is invalid
79 exit 1
80fi
81
82echo
83echo "make a user certificate request using 'req'"
84$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
85if [ $? != 0 ]; then
86 echo "error using 'req' to generate a user certificate request"
87 exit 1
88fi
89
90echo
91echo "sign user certificate request with the just created CA via 'x509'"
92$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
93if [ $? != 0 ]; then
94 echo "error using 'x509' to sign a user certificate request"
95 exit 1
96fi
97
98$verifycmd -CAfile $CAcert $Ucert
99echo
100echo "Certificate details"
101$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
102
103echo
104echo "make a proxy certificate request using 'req'"
105$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
106if [ $? != 0 ]; then
107 echo "error using 'req' to generate a proxy certificate request"
108 exit 1
109fi
110
111echo
112echo "sign proxy certificate request with the just created user certificate via 'x509'"
113$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
114if [ $? != 0 ]; then
115 echo "error using 'x509' to sign a proxy certificate request"
116 exit 1
117fi
118
119cat $Ucert > $P1intermediate
120$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
121echo
122echo "Certificate details"
123$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
124
125echo
126echo "make another proxy certificate request using 'req'"
127$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
128if [ $? != 0 ]; then
129 echo "error using 'req' to generate another proxy certificate request"
130 exit 1
131fi
132
133echo
134echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
135$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
136if [ $? != 0 ]; then
137 echo "error using 'x509' to sign a second proxy certificate request"
138 exit 1
139fi
140
141cat $Ucert $P1cert > $P2intermediate
142$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
143echo
144echo "Certificate details"
145$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
146
147echo
148echo The generated CA certificate is $CAcert
149echo The generated CA private key is $CAkey
150
151echo The generated user certificate is $Ucert
152echo The generated user private key is $Ukey
153
154echo The first generated proxy certificate is $P1cert
155echo The first generated proxy private key is $P1key
156
157echo The second generated proxy certificate is $P2cert
158echo The second generated proxy private key is $P2key
159
160/bin/rm err.ss
161#/bin/rm $P1intermediate
162#/bin/rm $P2intermediate
163exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index b55364ae88..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,151 +0,0 @@
1#!/bin/sh
2
3if [ "$1" = "" ]; then
4 key=../apps/server.pem
5else
6 key="$1"
7fi
8if [ "$2" = "" ]; then
9 cert=../apps/server.pem
10else
11 cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16 dsa_cert=YES
17else
18 dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22 CA="-CApath ../certs"
23else
24 CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28 extra=""
29else
30 extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42 echo test sslv2 with client authentication
43 $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45 echo test sslv2 with both client and server authentication
46 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2 via BIO pair
74$ssltest -bio_pair -ssl2 $extra || exit 1
75
76echo test sslv2 with server authentication via BIO pair
77$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78
79if [ $dsa_cert = NO ]; then
80 echo test sslv2 with client authentication via BIO pair
81 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82
83 echo test sslv2 with both client and server authentication via BIO pair
84 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85fi
86
87echo test sslv3 via BIO pair
88$ssltest -bio_pair -ssl3 $extra || exit 1
89
90echo test sslv3 with server authentication via BIO pair
91$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92
93echo test sslv3 with client authentication via BIO pair
94$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95
96echo test sslv3 with both client and server authentication via BIO pair
97$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 via BIO pair
100$ssltest $extra || exit 1
101
102if [ $dsa_cert = NO ]; then
103 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
104 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
105fi
106
107echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109
110echo test sslv2/sslv3 with server authentication
111$ssltest -bio_pair -server_auth $CA $extra || exit 1
112
113echo test sslv2/sslv3 with client authentication via BIO pair
114$ssltest -bio_pair -client_auth $CA $extra || exit 1
115
116echo test sslv2/sslv3 with both client and server authentication via BIO pair
117$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118
119echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121
122#############################################################################
123
124if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
125 echo skipping anonymous DH tests
126else
127 echo test tls1 with 1024bit anonymous DH, multiple handshakes
128 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
129fi
130
131if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
132 echo skipping RSA tests
133else
134 echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
135 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
136
137 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
138 echo skipping RSA+DHE tests
139 else
140 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
141 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
142 fi
143fi
144
145echo test tls1 with PSK
146$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
147
148echo test tls1 with PSK via BIO pair
149$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
150
151exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
1#! /bin/sh
2
3echo 'Testing a lot of proxy conditions.'
4echo 'Some of them may turn out being invalid, which is fine.'
5for auth in A B C BC; do
6 for cond in A B C 'A|B&!C'; do
7 sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
8 if [ $? = 3 ]; then exit 1; fi
9 done
10done
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
deleted file mode 100644
index bb653b5f73..0000000000
--- a/src/lib/libssl/test/testtsa
+++ /dev/null
@@ -1,238 +0,0 @@
1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
17# Because that's what ../apps/CA.sh really looks at
18SSLEAY_CONFIG="-config $OPENSSL_CONF"
19export SSLEAY_CONFIG
20
21OPENSSL="`pwd`/../util/opensslwrap.sh"
22export OPENSSL
23
24error () {
25
26 echo "TSA test failed!" >&2
27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
56 export INDEX
57 EXT=$2
58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
60
61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
69 test $? != 0 && error
70}
71
72print_request () {
73
74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75}
76
77create_time_stamp_request1 () {
78
79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93 test $? != 0 && error
94}
95
96print_response () {
97
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113 test $? != 0 && error
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119 test $? != 0 && error
120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121 test $? != 0 && error
122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140 test $? != 0 && error
141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
143 test $? != 0 && error
144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
154 test $? = 0 && error
155 echo Ok
156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
3BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
4MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
5RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
6AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
7/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
8Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
9zl9HYIMxATFyqSiD9jsx
10-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 6b66eb342e..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
1
2More number for the questions about SSL overheads....
3
4The following numbers were generated on a Pentium pro 200, running Linux.
5They give an indication of the SSL protocol and encryption overheads.
6
7The program that generated them is an unreleased version of ssl/ssltest.c
8which is the SSLeay ssl protocol testing program. It is a single process that
9talks both sides of the SSL protocol via a non-blocking memory buffer
10interface.
11
12How do I read this? The protocol and cipher are reasonable obvious.
13The next number is the number of connections being made. The next is the
14number of bytes exchanged between the client and server side of the protocol.
15This is the number of bytes that the client sends to the server, and then
16the server sends back. Because this is all happening in one process,
17the data is being encrypted, decrypted, encrypted and then decrypted again.
18It is a round trip of that many bytes. Because the one process performs
19both the client and server sides of the protocol and it sends this many bytes
20each direction, multiply this number by 4 to generate the number
21of bytes encrypted/decrypted/MACed. The first time value is how many seconds
22elapsed doing a full SSL handshake, the second is the cost of one
23full handshake and the rest being session-id reuse.
24
25SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
26SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
27SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
28SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
29SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
30SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
31SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
32
33SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
34SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
35SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
36SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
37SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
38SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
39
40SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
41SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
42SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
43SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
44SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
45SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
46SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
47
48SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
49SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
50SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
51SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
52SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
53SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
54SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
55
56What does this all mean? Well for a server, with no session-id reuse, with
57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
58a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
59about 49 connections a second. Reality will be quite different :-).
60
61Remember the first number is 1000 full ssl handshakes, the second is
621 full and 999 with session-id reuse. The RSA overheads for each exchange
63would be one public and one private operation, but the protocol/MAC/cipher
64cost would be quite similar in both the client and server.
65
66eric (adding numbers to speculation)
67
68--- Appendix ---
69- The time measured is user time but these number a very rough.
70- Remember this is the cost of both client and server sides of the protocol.
71- The TCP/kernel overhead of connection establishment is normally the
72 killer in SSL. Often delays in the TCP protocol will make session-id
73 reuse look slower that new sessions, but this would not be the case on
74 a loaded server.
75- The TCP round trip latencies, while slowing individual connections,
76 would have minimal impact on throughput.
77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
78- the required number of bytes are processed.
79- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
80- A 512bit server key was being used except where noted.
81- No server key verification was being performed on the client side of the
82 protocol. This would slow things down very little.
83- The library being used is SSLeay 0.8.x.
84- The normal measuring system was commands of the form
85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
86 This modified version of ssltest should be in the next public release of
87 SSLeay.
88
89The general cipher performance number for this platform are
90
91SSLeay 0.8.2a 04-Sep-1997
92built on Fri Sep 5 17:37:05 EST 1997
93options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
94C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
95The 'numbers' are in 1000s of bytes per second processed.
96type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
97md2 131.02k 368.41k 500.57k 549.21k 566.09k
98mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
99md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
100sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
101sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
102rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
103des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
104des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
105idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
106rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
107blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
108 sign verify
109rsa 512 bits 0.0100s 0.0011s
110rsa 1024 bits 0.0451s 0.0012s
111rsa 2048 bits 0.2605s 0.0086s
112rsa 4096 bits 1.6883s 0.0302s
113
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 3e435ffbf9..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testp7.pem
9fi
10
11echo testing pkcs7 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp fff.p f.p
36if [ $? != 0 ]; then exit 1; fi
37cmp fff.p ff.p1
38if [ $? != 0 ]; then exit 1; fi
39cmp fff.p ff.p3
40if [ $? != 0 ]; then exit 1; fi
41
42cmp f.p ff.p1
43if [ $? != 0 ]; then exit 1; fi
44cmp f.p ff.p3
45if [ $? != 0 ]; then exit 1; fi
46
47/bin/rm -f f.* ff.* fff.*
48exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e88f..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=pkcs7-1.pem
9fi
10
11echo "testing pkcs7 conversions (2)"
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp f.p ff.p1
36if [ $? != 0 ]; then exit 1; fi
37cmp f.p ff.p3
38if [ $? != 0 ]; then exit 1; fi
39
40/bin/rm -f f.* ff.* fff.*
41exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 77f37dcf3a..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testreq.pem
9fi
10
11if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
12 echo "skipping req conversion test for $t"
13 exit 0
14fi
15
16echo testing req conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -verify -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -verify -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 249ac1ddcc..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
4 echo skipping rsa conversion test
5 exit 0
6fi
7
8cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
9
10if [ "$1"x != "x" ]; then
11 t=$1
12else
13 t=testrsa.pem
14fi
15
16echo testing rsa conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index 6adbd531ce..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testsid.pem
9fi
10
11echo testing session-id conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 4a15b98d17..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl x509'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testx509.pem
9fi
10
11echo testing X509 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> n"
18$cmd -in fff.p -inform p -outform n >f.n
19if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27echo "n -> d"
28$cmd -in f.n -inform n -outform d >ff.d2
29if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34echo "d -> n"
35$cmd -in f.d -inform d -outform n >ff.n1
36if [ $? != 0 ]; then exit 1; fi
37echo "n -> n"
38$cmd -in f.n -inform n -outform n >ff.n2
39if [ $? != 0 ]; then exit 1; fi
40echo "p -> n"
41$cmd -in f.p -inform p -outform n >ff.n3
42if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47echo "n -> p"
48$cmd -in f.n -inform n -outform p >ff.p2
49if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58cmp fff.p ff.p2
59if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63cmp f.n ff.n1
64if [ $? != 0 ]; then exit 1; fi
65cmp f.n ff.n2
66if [ $? != 0 ]; then exit 1; fi
67cmp f.n ff.n3
68if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72cmp f.p ff.p2
73if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
3NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
4dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
5ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
6ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
7ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
8miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
9AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
10Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
11DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
12MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
13AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
14X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
15WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
3YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
4ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
5dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
6WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
7BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
8FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
96ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
10G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
11YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
12b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
13F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
14lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
15jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index b3cc8f098b..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,532 +0,0 @@
1/* ssl/tls1.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#ifndef HEADER_TLS1_H
152#define HEADER_TLS1_H
153
154#include <openssl/buffer.h>
155
156#ifdef __cplusplus
157extern "C" {
158#endif
159
160#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
161
162#define TLS1_VERSION 0x0301
163#define TLS1_VERSION_MAJOR 0x03
164#define TLS1_VERSION_MINOR 0x01
165
166#define TLS1_AD_DECRYPTION_FAILED 21
167#define TLS1_AD_RECORD_OVERFLOW 22
168#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
169#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
170#define TLS1_AD_DECODE_ERROR 50 /* fatal */
171#define TLS1_AD_DECRYPT_ERROR 51
172#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
173#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
174#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
175#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
176#define TLS1_AD_USER_CANCELLED 90
177#define TLS1_AD_NO_RENEGOTIATION 100
178/* codes 110-114 are from RFC3546 */
179#define TLS1_AD_UNSUPPORTED_EXTENSION 110
180#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
181#define TLS1_AD_UNRECOGNIZED_NAME 112
182#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
183#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
184#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
185
186/* ExtensionType values from RFC3546 / RFC4366 */
187#define TLSEXT_TYPE_server_name 0
188#define TLSEXT_TYPE_max_fragment_length 1
189#define TLSEXT_TYPE_client_certificate_url 2
190#define TLSEXT_TYPE_trusted_ca_keys 3
191#define TLSEXT_TYPE_truncated_hmac 4
192#define TLSEXT_TYPE_status_request 5
193/* ExtensionType values from RFC4492 */
194#define TLSEXT_TYPE_elliptic_curves 10
195#define TLSEXT_TYPE_ec_point_formats 11
196#define TLSEXT_TYPE_session_ticket 35
197/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
198#if 0 /* will have to be provided externally for now ,
199 * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
200 * using whatever extension number you'd like to try */
201# define TLSEXT_TYPE_opaque_prf_input ?? */
202#endif
203
204/* Temporary extension type */
205#define TLSEXT_TYPE_renegotiate 0xff01
206
207/* NameType value from RFC 3546 */
208#define TLSEXT_NAMETYPE_host_name 0
209/* status request value from RFC 3546 */
210#define TLSEXT_STATUSTYPE_ocsp 1
211
212/* ECPointFormat values from draft-ietf-tls-ecc-12 */
213#define TLSEXT_ECPOINTFORMAT_first 0
214#define TLSEXT_ECPOINTFORMAT_uncompressed 0
215#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
216#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
217#define TLSEXT_ECPOINTFORMAT_last 2
218
219#ifndef OPENSSL_NO_TLSEXT
220
221#define TLSEXT_MAXLEN_host_name 255
222
223const char *SSL_get_servername(const SSL *s, const int type) ;
224int SSL_get_servername_type(const SSL *s) ;
225
226#define SSL_set_tlsext_host_name(s,name) \
227SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
228
229#define SSL_set_tlsext_debug_callback(ssl, cb) \
230SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
231
232#define SSL_set_tlsext_debug_arg(ssl, arg) \
233SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
234
235#define SSL_set_tlsext_status_type(ssl, type) \
236SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
237
238#define SSL_get_tlsext_status_exts(ssl, arg) \
239SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
240
241#define SSL_set_tlsext_status_exts(ssl, arg) \
242SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
243
244#define SSL_get_tlsext_status_ids(ssl, arg) \
245SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
246
247#define SSL_set_tlsext_status_ids(ssl, arg) \
248SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
249
250#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
251SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
252
253#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
254SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
255
256#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
257SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
258
259#define SSL_TLSEXT_ERR_OK 0
260#define SSL_TLSEXT_ERR_ALERT_WARNING 1
261#define SSL_TLSEXT_ERR_ALERT_FATAL 2
262#define SSL_TLSEXT_ERR_NOACK 3
263
264#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
265SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
266
267#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
268 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
269#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
270 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
271
272#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
273SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
274
275#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
276SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
277
278#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
279SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
280#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
281SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
282#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
283SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
284
285#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
286SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
287
288#endif
289
290/* PSK ciphersuites from 4279 */
291#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
292#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
293#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
294#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
295
296/* Additional TLS ciphersuites from expired Internet Draft
297 * draft-ietf-tls-56-bit-ciphersuites-01.txt
298 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
299 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
300 * shouldn't. Note that the first two are actually not in the IDs. */
301#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */
302#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
303#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
304#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
305#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
306#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
307#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
308
309/* AES ciphersuites from RFC3268 */
310
311#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
312#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
313#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
314#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
315#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
316#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
317
318#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
319#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
320#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
321#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
322#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
323#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
324
325/* Camellia ciphersuites from RFC4132 */
326#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
327#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
328#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
329#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
330#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
331#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
332
333#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
334#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
335#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
336#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
337#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
338#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
339
340/* SEED ciphersuites from RFC4162 */
341#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
342#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
343#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
344#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
345#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
346#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
347
348/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
349#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
350#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
351#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
352#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
353#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
354
355#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
356#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
357#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
358#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
359#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
360
361#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
362#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
363#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
364#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
365#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
366
367#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
368#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
369#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
370#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
371#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
372
373#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
374#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
375#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
376#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
377#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
378
379/* XXX
380 * Inconsistency alert:
381 * The OpenSSL names of ciphers with ephemeral DH here include the string
382 * "DHE", while elsewhere it has always been "EDH".
383 * (The alias for the list of all such ciphers also is "EDH".)
384 * The specifications speak of "EDH"; maybe we should allow both forms
385 * for everything. */
386#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
387#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
388#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
389#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
390#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
391#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
392#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
393
394/* AES ciphersuites from RFC3268 */
395#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
396#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
397#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
398#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
399#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
400#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
401
402#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
403#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
404#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
405#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
406#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
407#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
408
409/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
410#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
411#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
412#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
413#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
414#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
415
416#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
417#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
418#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
419#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
420#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
421
422#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
423#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
424#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
425#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
426#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
427
428#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
429#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
430#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
431#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
432#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
433
434#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
435#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
436#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
437#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
438#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
439
440/* PSK ciphersuites from RFC 4279 */
441#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
442#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
443#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
444#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
445
446/* Camellia ciphersuites from RFC4132 */
447#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
448#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
449#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
450#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
451#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
452#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
453
454#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
455#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
456#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
457#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
458#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
459#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
460
461/* SEED ciphersuites from RFC4162 */
462#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
463#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
464#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
465#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
466#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
467#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
468
469
470#define TLS_CT_RSA_SIGN 1
471#define TLS_CT_DSS_SIGN 2
472#define TLS_CT_RSA_FIXED_DH 3
473#define TLS_CT_DSS_FIXED_DH 4
474#define TLS_CT_ECDSA_SIGN 64
475#define TLS_CT_RSA_FIXED_ECDH 65
476#define TLS_CT_ECDSA_FIXED_ECDH 66
477#define TLS_CT_GOST94_SIGN 21
478#define TLS_CT_GOST01_SIGN 22
479/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
480 * comment there) */
481#define TLS_CT_NUMBER 9
482
483#define TLS1_FINISH_MAC_LENGTH 12
484
485#define TLS_MD_MAX_CONST_SIZE 20
486#define TLS_MD_CLIENT_FINISH_CONST "client finished"
487#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
488#define TLS_MD_SERVER_FINISH_CONST "server finished"
489#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
490#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
491#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
492#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
493#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
494#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
495#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
496#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
497#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
498#define TLS_MD_IV_BLOCK_CONST "IV block"
499#define TLS_MD_IV_BLOCK_CONST_SIZE 8
500#define TLS_MD_MASTER_SECRET_CONST "master secret"
501#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
502
503#ifdef CHARSET_EBCDIC
504#undef TLS_MD_CLIENT_FINISH_CONST
505#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/
506#undef TLS_MD_SERVER_FINISH_CONST
507#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/
508#undef TLS_MD_SERVER_WRITE_KEY_CONST
509#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
510#undef TLS_MD_KEY_EXPANSION_CONST
511#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/
512#undef TLS_MD_CLIENT_WRITE_KEY_CONST
513#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/
514#undef TLS_MD_SERVER_WRITE_KEY_CONST
515#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
516#undef TLS_MD_IV_BLOCK_CONST
517#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/
518#undef TLS_MD_MASTER_SECRET_CONST
519#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
520#endif
521
522/* TLS Session Ticket extension struct */
523struct tls_session_ticket_ext_st
524 {
525 unsigned short length;
526 void *data;
527 };
528
529#ifdef __cplusplus
530}
531#endif
532#endif