diff options
author | cvs2svn <admin@example.com> | 2012-07-13 17:49:55 +0000 |
---|---|---|
committer | cvs2svn <admin@example.com> | 2012-07-13 17:49:55 +0000 |
commit | 6fdb436ab2cd5b35066babb3a03be7ad0daf1ae2 (patch) | |
tree | a760cf389e7ea59961bb306a1f50bf5443205176 /src/lib/libssl | |
parent | 9204e59073bcf27e1487ec4ac46e981902ddd904 (diff) | |
download | openbsd-OPENBSD_5_2_BASE.tar.gz openbsd-OPENBSD_5_2_BASE.tar.bz2 openbsd-OPENBSD_5_2_BASE.zip |
This commit was manufactured by cvs2git to create tag 'OPENBSD_5_2_BASE'.OPENBSD_5_2_BASE
Diffstat (limited to 'src/lib/libssl')
102 files changed, 0 insertions, 45941 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE deleted file mode 100644 index e47d101f10..0000000000 --- a/src/lib/libssl/LICENSE +++ /dev/null | |||
@@ -1,127 +0,0 @@ | |||
1 | |||
2 | LICENSE ISSUES | ||
3 | ============== | ||
4 | |||
5 | The OpenSSL toolkit stays under a dual license, i.e. both the conditions of | ||
6 | the OpenSSL License and the original SSLeay license apply to the toolkit. | ||
7 | See below for the actual license texts. Actually both licenses are BSD-style | ||
8 | Open Source licenses. In case of any license issues related to OpenSSL | ||
9 | please contact openssl-core@openssl.org. | ||
10 | |||
11 | OpenSSL License | ||
12 | --------------- | ||
13 | |||
14 | /* ==================================================================== | ||
15 | * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. | ||
16 | * | ||
17 | * Redistribution and use in source and binary forms, with or without | ||
18 | * modification, are permitted provided that the following conditions | ||
19 | * are met: | ||
20 | * | ||
21 | * 1. Redistributions of source code must retain the above copyright | ||
22 | * notice, this list of conditions and the following disclaimer. | ||
23 | * | ||
24 | * 2. Redistributions in binary form must reproduce the above copyright | ||
25 | * notice, this list of conditions and the following disclaimer in | ||
26 | * the documentation and/or other materials provided with the | ||
27 | * distribution. | ||
28 | * | ||
29 | * 3. All advertising materials mentioning features or use of this | ||
30 | * software must display the following acknowledgment: | ||
31 | * "This product includes software developed by the OpenSSL Project | ||
32 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
33 | * | ||
34 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
35 | * endorse or promote products derived from this software without | ||
36 | * prior written permission. For written permission, please contact | ||
37 | * openssl-core@openssl.org. | ||
38 | * | ||
39 | * 5. Products derived from this software may not be called "OpenSSL" | ||
40 | * nor may "OpenSSL" appear in their names without prior written | ||
41 | * permission of the OpenSSL Project. | ||
42 | * | ||
43 | * 6. Redistributions of any form whatsoever must retain the following | ||
44 | * acknowledgment: | ||
45 | * "This product includes software developed by the OpenSSL Project | ||
46 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
47 | * | ||
48 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
49 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
50 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
51 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
52 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
53 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
54 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
55 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
57 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
58 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
59 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
60 | * ==================================================================== | ||
61 | * | ||
62 | * This product includes cryptographic software written by Eric Young | ||
63 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
64 | * Hudson (tjh@cryptsoft.com). | ||
65 | * | ||
66 | */ | ||
67 | |||
68 | Original SSLeay License | ||
69 | ----------------------- | ||
70 | |||
71 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
72 | * All rights reserved. | ||
73 | * | ||
74 | * This package is an SSL implementation written | ||
75 | * by Eric Young (eay@cryptsoft.com). | ||
76 | * The implementation was written so as to conform with Netscapes SSL. | ||
77 | * | ||
78 | * This library is free for commercial and non-commercial use as long as | ||
79 | * the following conditions are aheared to. The following conditions | ||
80 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
81 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
82 | * included with this distribution is covered by the same copyright terms | ||
83 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
84 | * | ||
85 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
86 | * the code are not to be removed. | ||
87 | * If this package is used in a product, Eric Young should be given attribution | ||
88 | * as the author of the parts of the library used. | ||
89 | * This can be in the form of a textual message at program startup or | ||
90 | * in documentation (online or textual) provided with the package. | ||
91 | * | ||
92 | * Redistribution and use in source and binary forms, with or without | ||
93 | * modification, are permitted provided that the following conditions | ||
94 | * are met: | ||
95 | * 1. Redistributions of source code must retain the copyright | ||
96 | * notice, this list of conditions and the following disclaimer. | ||
97 | * 2. Redistributions in binary form must reproduce the above copyright | ||
98 | * notice, this list of conditions and the following disclaimer in the | ||
99 | * documentation and/or other materials provided with the distribution. | ||
100 | * 3. All advertising materials mentioning features or use of this software | ||
101 | * must display the following acknowledgement: | ||
102 | * "This product includes cryptographic software written by | ||
103 | * Eric Young (eay@cryptsoft.com)" | ||
104 | * The word 'cryptographic' can be left out if the rouines from the library | ||
105 | * being used are not cryptographic related :-). | ||
106 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
107 | * the apps directory (application code) you must include an acknowledgement: | ||
108 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
109 | * | ||
110 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
111 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
112 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
113 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
114 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
115 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
116 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
117 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
118 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
119 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
120 | * SUCH DAMAGE. | ||
121 | * | ||
122 | * The licence and distribution terms for any publically available version or | ||
123 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
124 | * copied and put under another distribution licence | ||
125 | * [including the GNU Public Licence.] | ||
126 | */ | ||
127 | |||
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c deleted file mode 100644 index eedac8a3fc..0000000000 --- a/src/lib/libssl/bio_ssl.c +++ /dev/null | |||
@@ -1,603 +0,0 @@ | |||
1 | /* ssl/bio_ssl.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <stdlib.h> | ||
61 | #include <string.h> | ||
62 | #include <errno.h> | ||
63 | #include <openssl/crypto.h> | ||
64 | #include <openssl/bio.h> | ||
65 | #include <openssl/err.h> | ||
66 | #include <openssl/ssl.h> | ||
67 | |||
68 | static int ssl_write(BIO *h, const char *buf, int num); | ||
69 | static int ssl_read(BIO *h, char *buf, int size); | ||
70 | static int ssl_puts(BIO *h, const char *str); | ||
71 | static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); | ||
72 | static int ssl_new(BIO *h); | ||
73 | static int ssl_free(BIO *data); | ||
74 | static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); | ||
75 | typedef struct bio_ssl_st | ||
76 | { | ||
77 | SSL *ssl; /* The ssl handle :-) */ | ||
78 | /* re-negotiate every time the total number of bytes is this size */ | ||
79 | int num_renegotiates; | ||
80 | unsigned long renegotiate_count; | ||
81 | unsigned long byte_count; | ||
82 | unsigned long renegotiate_timeout; | ||
83 | unsigned long last_time; | ||
84 | } BIO_SSL; | ||
85 | |||
86 | static BIO_METHOD methods_sslp= | ||
87 | { | ||
88 | BIO_TYPE_SSL,"ssl", | ||
89 | ssl_write, | ||
90 | ssl_read, | ||
91 | ssl_puts, | ||
92 | NULL, /* ssl_gets, */ | ||
93 | ssl_ctrl, | ||
94 | ssl_new, | ||
95 | ssl_free, | ||
96 | ssl_callback_ctrl, | ||
97 | }; | ||
98 | |||
99 | BIO_METHOD *BIO_f_ssl(void) | ||
100 | { | ||
101 | return(&methods_sslp); | ||
102 | } | ||
103 | |||
104 | static int ssl_new(BIO *bi) | ||
105 | { | ||
106 | BIO_SSL *bs; | ||
107 | |||
108 | bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); | ||
109 | if (bs == NULL) | ||
110 | { | ||
111 | BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | ||
112 | return(0); | ||
113 | } | ||
114 | memset(bs,0,sizeof(BIO_SSL)); | ||
115 | bi->init=0; | ||
116 | bi->ptr=(char *)bs; | ||
117 | bi->flags=0; | ||
118 | return(1); | ||
119 | } | ||
120 | |||
121 | static int ssl_free(BIO *a) | ||
122 | { | ||
123 | BIO_SSL *bs; | ||
124 | |||
125 | if (a == NULL) return(0); | ||
126 | bs=(BIO_SSL *)a->ptr; | ||
127 | if (bs->ssl != NULL) SSL_shutdown(bs->ssl); | ||
128 | if (a->shutdown) | ||
129 | { | ||
130 | if (a->init && (bs->ssl != NULL)) | ||
131 | SSL_free(bs->ssl); | ||
132 | a->init=0; | ||
133 | a->flags=0; | ||
134 | } | ||
135 | if (a->ptr != NULL) | ||
136 | OPENSSL_free(a->ptr); | ||
137 | return(1); | ||
138 | } | ||
139 | |||
140 | static int ssl_read(BIO *b, char *out, int outl) | ||
141 | { | ||
142 | int ret=1; | ||
143 | BIO_SSL *sb; | ||
144 | SSL *ssl; | ||
145 | int retry_reason=0; | ||
146 | int r=0; | ||
147 | |||
148 | if (out == NULL) return(0); | ||
149 | sb=(BIO_SSL *)b->ptr; | ||
150 | ssl=sb->ssl; | ||
151 | |||
152 | BIO_clear_retry_flags(b); | ||
153 | |||
154 | #if 0 | ||
155 | if (!SSL_is_init_finished(ssl)) | ||
156 | { | ||
157 | /* ret=SSL_do_handshake(ssl); */ | ||
158 | if (ret > 0) | ||
159 | { | ||
160 | |||
161 | outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); | ||
162 | ret= -1; | ||
163 | goto end; | ||
164 | } | ||
165 | } | ||
166 | #endif | ||
167 | /* if (ret > 0) */ | ||
168 | ret=SSL_read(ssl,out,outl); | ||
169 | |||
170 | switch (SSL_get_error(ssl,ret)) | ||
171 | { | ||
172 | case SSL_ERROR_NONE: | ||
173 | if (ret <= 0) break; | ||
174 | if (sb->renegotiate_count > 0) | ||
175 | { | ||
176 | sb->byte_count+=ret; | ||
177 | if (sb->byte_count > sb->renegotiate_count) | ||
178 | { | ||
179 | sb->byte_count=0; | ||
180 | sb->num_renegotiates++; | ||
181 | SSL_renegotiate(ssl); | ||
182 | r=1; | ||
183 | } | ||
184 | } | ||
185 | if ((sb->renegotiate_timeout > 0) && (!r)) | ||
186 | { | ||
187 | unsigned long tm; | ||
188 | |||
189 | tm=(unsigned long)time(NULL); | ||
190 | if (tm > sb->last_time+sb->renegotiate_timeout) | ||
191 | { | ||
192 | sb->last_time=tm; | ||
193 | sb->num_renegotiates++; | ||
194 | SSL_renegotiate(ssl); | ||
195 | } | ||
196 | } | ||
197 | |||
198 | break; | ||
199 | case SSL_ERROR_WANT_READ: | ||
200 | BIO_set_retry_read(b); | ||
201 | break; | ||
202 | case SSL_ERROR_WANT_WRITE: | ||
203 | BIO_set_retry_write(b); | ||
204 | break; | ||
205 | case SSL_ERROR_WANT_X509_LOOKUP: | ||
206 | BIO_set_retry_special(b); | ||
207 | retry_reason=BIO_RR_SSL_X509_LOOKUP; | ||
208 | break; | ||
209 | case SSL_ERROR_WANT_ACCEPT: | ||
210 | BIO_set_retry_special(b); | ||
211 | retry_reason=BIO_RR_ACCEPT; | ||
212 | break; | ||
213 | case SSL_ERROR_WANT_CONNECT: | ||
214 | BIO_set_retry_special(b); | ||
215 | retry_reason=BIO_RR_CONNECT; | ||
216 | break; | ||
217 | case SSL_ERROR_SYSCALL: | ||
218 | case SSL_ERROR_SSL: | ||
219 | case SSL_ERROR_ZERO_RETURN: | ||
220 | default: | ||
221 | break; | ||
222 | } | ||
223 | |||
224 | b->retry_reason=retry_reason; | ||
225 | return(ret); | ||
226 | } | ||
227 | |||
228 | static int ssl_write(BIO *b, const char *out, int outl) | ||
229 | { | ||
230 | int ret,r=0; | ||
231 | int retry_reason=0; | ||
232 | SSL *ssl; | ||
233 | BIO_SSL *bs; | ||
234 | |||
235 | if (out == NULL) return(0); | ||
236 | bs=(BIO_SSL *)b->ptr; | ||
237 | ssl=bs->ssl; | ||
238 | |||
239 | BIO_clear_retry_flags(b); | ||
240 | |||
241 | /* ret=SSL_do_handshake(ssl); | ||
242 | if (ret > 0) */ | ||
243 | ret=SSL_write(ssl,out,outl); | ||
244 | |||
245 | switch (SSL_get_error(ssl,ret)) | ||
246 | { | ||
247 | case SSL_ERROR_NONE: | ||
248 | if (ret <= 0) break; | ||
249 | if (bs->renegotiate_count > 0) | ||
250 | { | ||
251 | bs->byte_count+=ret; | ||
252 | if (bs->byte_count > bs->renegotiate_count) | ||
253 | { | ||
254 | bs->byte_count=0; | ||
255 | bs->num_renegotiates++; | ||
256 | SSL_renegotiate(ssl); | ||
257 | r=1; | ||
258 | } | ||
259 | } | ||
260 | if ((bs->renegotiate_timeout > 0) && (!r)) | ||
261 | { | ||
262 | unsigned long tm; | ||
263 | |||
264 | tm=(unsigned long)time(NULL); | ||
265 | if (tm > bs->last_time+bs->renegotiate_timeout) | ||
266 | { | ||
267 | bs->last_time=tm; | ||
268 | bs->num_renegotiates++; | ||
269 | SSL_renegotiate(ssl); | ||
270 | } | ||
271 | } | ||
272 | break; | ||
273 | case SSL_ERROR_WANT_WRITE: | ||
274 | BIO_set_retry_write(b); | ||
275 | break; | ||
276 | case SSL_ERROR_WANT_READ: | ||
277 | BIO_set_retry_read(b); | ||
278 | break; | ||
279 | case SSL_ERROR_WANT_X509_LOOKUP: | ||
280 | BIO_set_retry_special(b); | ||
281 | retry_reason=BIO_RR_SSL_X509_LOOKUP; | ||
282 | break; | ||
283 | case SSL_ERROR_WANT_CONNECT: | ||
284 | BIO_set_retry_special(b); | ||
285 | retry_reason=BIO_RR_CONNECT; | ||
286 | case SSL_ERROR_SYSCALL: | ||
287 | case SSL_ERROR_SSL: | ||
288 | default: | ||
289 | break; | ||
290 | } | ||
291 | |||
292 | b->retry_reason=retry_reason; | ||
293 | return(ret); | ||
294 | } | ||
295 | |||
296 | static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) | ||
297 | { | ||
298 | SSL **sslp,*ssl; | ||
299 | BIO_SSL *bs; | ||
300 | BIO *dbio,*bio; | ||
301 | long ret=1; | ||
302 | |||
303 | bs=(BIO_SSL *)b->ptr; | ||
304 | ssl=bs->ssl; | ||
305 | if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) | ||
306 | return(0); | ||
307 | switch (cmd) | ||
308 | { | ||
309 | case BIO_CTRL_RESET: | ||
310 | SSL_shutdown(ssl); | ||
311 | |||
312 | if (ssl->handshake_func == ssl->method->ssl_connect) | ||
313 | SSL_set_connect_state(ssl); | ||
314 | else if (ssl->handshake_func == ssl->method->ssl_accept) | ||
315 | SSL_set_accept_state(ssl); | ||
316 | |||
317 | SSL_clear(ssl); | ||
318 | |||
319 | if (b->next_bio != NULL) | ||
320 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | ||
321 | else if (ssl->rbio != NULL) | ||
322 | ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); | ||
323 | else | ||
324 | ret=1; | ||
325 | break; | ||
326 | case BIO_CTRL_INFO: | ||
327 | ret=0; | ||
328 | break; | ||
329 | case BIO_C_SSL_MODE: | ||
330 | if (num) /* client mode */ | ||
331 | SSL_set_connect_state(ssl); | ||
332 | else | ||
333 | SSL_set_accept_state(ssl); | ||
334 | break; | ||
335 | case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: | ||
336 | ret=bs->renegotiate_timeout; | ||
337 | if (num < 60) num=5; | ||
338 | bs->renegotiate_timeout=(unsigned long)num; | ||
339 | bs->last_time=(unsigned long)time(NULL); | ||
340 | break; | ||
341 | case BIO_C_SET_SSL_RENEGOTIATE_BYTES: | ||
342 | ret=bs->renegotiate_count; | ||
343 | if ((long)num >=512) | ||
344 | bs->renegotiate_count=(unsigned long)num; | ||
345 | break; | ||
346 | case BIO_C_GET_SSL_NUM_RENEGOTIATES: | ||
347 | ret=bs->num_renegotiates; | ||
348 | break; | ||
349 | case BIO_C_SET_SSL: | ||
350 | if (ssl != NULL) | ||
351 | { | ||
352 | ssl_free(b); | ||
353 | if (!ssl_new(b)) | ||
354 | return 0; | ||
355 | } | ||
356 | b->shutdown=(int)num; | ||
357 | ssl=(SSL *)ptr; | ||
358 | ((BIO_SSL *)b->ptr)->ssl=ssl; | ||
359 | bio=SSL_get_rbio(ssl); | ||
360 | if (bio != NULL) | ||
361 | { | ||
362 | if (b->next_bio != NULL) | ||
363 | BIO_push(bio,b->next_bio); | ||
364 | b->next_bio=bio; | ||
365 | CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); | ||
366 | } | ||
367 | b->init=1; | ||
368 | break; | ||
369 | case BIO_C_GET_SSL: | ||
370 | if (ptr != NULL) | ||
371 | { | ||
372 | sslp=(SSL **)ptr; | ||
373 | *sslp=ssl; | ||
374 | } | ||
375 | else | ||
376 | ret=0; | ||
377 | break; | ||
378 | case BIO_CTRL_GET_CLOSE: | ||
379 | ret=b->shutdown; | ||
380 | break; | ||
381 | case BIO_CTRL_SET_CLOSE: | ||
382 | b->shutdown=(int)num; | ||
383 | break; | ||
384 | case BIO_CTRL_WPENDING: | ||
385 | ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); | ||
386 | break; | ||
387 | case BIO_CTRL_PENDING: | ||
388 | ret=SSL_pending(ssl); | ||
389 | if (ret == 0) | ||
390 | ret=BIO_pending(ssl->rbio); | ||
391 | break; | ||
392 | case BIO_CTRL_FLUSH: | ||
393 | BIO_clear_retry_flags(b); | ||
394 | ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); | ||
395 | BIO_copy_next_retry(b); | ||
396 | break; | ||
397 | case BIO_CTRL_PUSH: | ||
398 | if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) | ||
399 | { | ||
400 | SSL_set_bio(ssl,b->next_bio,b->next_bio); | ||
401 | CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); | ||
402 | } | ||
403 | break; | ||
404 | case BIO_CTRL_POP: | ||
405 | /* Only detach if we are the BIO explicitly being popped */ | ||
406 | if (b == ptr) | ||
407 | { | ||
408 | /* Shouldn't happen in practice because the | ||
409 | * rbio and wbio are the same when pushed. | ||
410 | */ | ||
411 | if (ssl->rbio != ssl->wbio) | ||
412 | BIO_free_all(ssl->wbio); | ||
413 | if (b->next_bio != NULL) | ||
414 | CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO); | ||
415 | ssl->wbio=NULL; | ||
416 | ssl->rbio=NULL; | ||
417 | } | ||
418 | break; | ||
419 | case BIO_C_DO_STATE_MACHINE: | ||
420 | BIO_clear_retry_flags(b); | ||
421 | |||
422 | b->retry_reason=0; | ||
423 | ret=(int)SSL_do_handshake(ssl); | ||
424 | |||
425 | switch (SSL_get_error(ssl,(int)ret)) | ||
426 | { | ||
427 | case SSL_ERROR_WANT_READ: | ||
428 | BIO_set_flags(b, | ||
429 | BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); | ||
430 | break; | ||
431 | case SSL_ERROR_WANT_WRITE: | ||
432 | BIO_set_flags(b, | ||
433 | BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); | ||
434 | break; | ||
435 | case SSL_ERROR_WANT_CONNECT: | ||
436 | BIO_set_flags(b, | ||
437 | BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); | ||
438 | b->retry_reason=b->next_bio->retry_reason; | ||
439 | break; | ||
440 | default: | ||
441 | break; | ||
442 | } | ||
443 | break; | ||
444 | case BIO_CTRL_DUP: | ||
445 | dbio=(BIO *)ptr; | ||
446 | if (((BIO_SSL *)dbio->ptr)->ssl != NULL) | ||
447 | SSL_free(((BIO_SSL *)dbio->ptr)->ssl); | ||
448 | ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); | ||
449 | ((BIO_SSL *)dbio->ptr)->renegotiate_count= | ||
450 | ((BIO_SSL *)b->ptr)->renegotiate_count; | ||
451 | ((BIO_SSL *)dbio->ptr)->byte_count= | ||
452 | ((BIO_SSL *)b->ptr)->byte_count; | ||
453 | ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= | ||
454 | ((BIO_SSL *)b->ptr)->renegotiate_timeout; | ||
455 | ((BIO_SSL *)dbio->ptr)->last_time= | ||
456 | ((BIO_SSL *)b->ptr)->last_time; | ||
457 | ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); | ||
458 | break; | ||
459 | case BIO_C_GET_FD: | ||
460 | ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); | ||
461 | break; | ||
462 | case BIO_CTRL_SET_CALLBACK: | ||
463 | { | ||
464 | #if 0 /* FIXME: Should this be used? -- Richard Levitte */ | ||
465 | SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
466 | ret = -1; | ||
467 | #else | ||
468 | ret=0; | ||
469 | #endif | ||
470 | } | ||
471 | break; | ||
472 | case BIO_CTRL_GET_CALLBACK: | ||
473 | { | ||
474 | void (**fptr)(const SSL *xssl,int type,int val); | ||
475 | |||
476 | fptr=(void (**)(const SSL *xssl,int type,int val))ptr; | ||
477 | *fptr=SSL_get_info_callback(ssl); | ||
478 | } | ||
479 | break; | ||
480 | default: | ||
481 | ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); | ||
482 | break; | ||
483 | } | ||
484 | return(ret); | ||
485 | } | ||
486 | |||
487 | static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) | ||
488 | { | ||
489 | SSL *ssl; | ||
490 | BIO_SSL *bs; | ||
491 | long ret=1; | ||
492 | |||
493 | bs=(BIO_SSL *)b->ptr; | ||
494 | ssl=bs->ssl; | ||
495 | switch (cmd) | ||
496 | { | ||
497 | case BIO_CTRL_SET_CALLBACK: | ||
498 | { | ||
499 | /* FIXME: setting this via a completely different prototype | ||
500 | seems like a crap idea */ | ||
501 | SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); | ||
502 | } | ||
503 | break; | ||
504 | default: | ||
505 | ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); | ||
506 | break; | ||
507 | } | ||
508 | return(ret); | ||
509 | } | ||
510 | |||
511 | static int ssl_puts(BIO *bp, const char *str) | ||
512 | { | ||
513 | int n,ret; | ||
514 | |||
515 | n=strlen(str); | ||
516 | ret=BIO_write(bp,str,n); | ||
517 | return(ret); | ||
518 | } | ||
519 | |||
520 | BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) | ||
521 | { | ||
522 | #ifndef OPENSSL_NO_SOCK | ||
523 | BIO *ret=NULL,*buf=NULL,*ssl=NULL; | ||
524 | |||
525 | if ((buf=BIO_new(BIO_f_buffer())) == NULL) | ||
526 | return(NULL); | ||
527 | if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) | ||
528 | goto err; | ||
529 | if ((ret=BIO_push(buf,ssl)) == NULL) | ||
530 | goto err; | ||
531 | return(ret); | ||
532 | err: | ||
533 | if (buf != NULL) BIO_free(buf); | ||
534 | if (ssl != NULL) BIO_free(ssl); | ||
535 | #endif | ||
536 | return(NULL); | ||
537 | } | ||
538 | |||
539 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx) | ||
540 | { | ||
541 | BIO *ret=NULL,*con=NULL,*ssl=NULL; | ||
542 | |||
543 | if ((con=BIO_new(BIO_s_connect())) == NULL) | ||
544 | return(NULL); | ||
545 | if ((ssl=BIO_new_ssl(ctx,1)) == NULL) | ||
546 | goto err; | ||
547 | if ((ret=BIO_push(ssl,con)) == NULL) | ||
548 | goto err; | ||
549 | return(ret); | ||
550 | err: | ||
551 | if (con != NULL) BIO_free(con); | ||
552 | return(NULL); | ||
553 | } | ||
554 | |||
555 | BIO *BIO_new_ssl(SSL_CTX *ctx, int client) | ||
556 | { | ||
557 | BIO *ret; | ||
558 | SSL *ssl; | ||
559 | |||
560 | if ((ret=BIO_new(BIO_f_ssl())) == NULL) | ||
561 | return(NULL); | ||
562 | if ((ssl=SSL_new(ctx)) == NULL) | ||
563 | { | ||
564 | BIO_free(ret); | ||
565 | return(NULL); | ||
566 | } | ||
567 | if (client) | ||
568 | SSL_set_connect_state(ssl); | ||
569 | else | ||
570 | SSL_set_accept_state(ssl); | ||
571 | |||
572 | BIO_set_ssl(ret,ssl,BIO_CLOSE); | ||
573 | return(ret); | ||
574 | } | ||
575 | |||
576 | int BIO_ssl_copy_session_id(BIO *t, BIO *f) | ||
577 | { | ||
578 | t=BIO_find_type(t,BIO_TYPE_SSL); | ||
579 | f=BIO_find_type(f,BIO_TYPE_SSL); | ||
580 | if ((t == NULL) || (f == NULL)) | ||
581 | return(0); | ||
582 | if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || | ||
583 | (((BIO_SSL *)f->ptr)->ssl == NULL)) | ||
584 | return(0); | ||
585 | SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); | ||
586 | return(1); | ||
587 | } | ||
588 | |||
589 | void BIO_ssl_shutdown(BIO *b) | ||
590 | { | ||
591 | SSL *s; | ||
592 | |||
593 | while (b != NULL) | ||
594 | { | ||
595 | if (b->method->type == BIO_TYPE_SSL) | ||
596 | { | ||
597 | s=((BIO_SSL *)b->ptr)->ssl; | ||
598 | SSL_shutdown(s); | ||
599 | break; | ||
600 | } | ||
601 | b=b->next_bio; | ||
602 | } | ||
603 | } | ||
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c deleted file mode 100644 index 9f898d6997..0000000000 --- a/src/lib/libssl/d1_both.c +++ /dev/null | |||
@@ -1,1419 +0,0 @@ | |||
1 | /* ssl/d1_both.c */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@openssl.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
60 | * All rights reserved. | ||
61 | * | ||
62 | * This package is an SSL implementation written | ||
63 | * by Eric Young (eay@cryptsoft.com). | ||
64 | * The implementation was written so as to conform with Netscapes SSL. | ||
65 | * | ||
66 | * This library is free for commercial and non-commercial use as long as | ||
67 | * the following conditions are aheared to. The following conditions | ||
68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
70 | * included with this distribution is covered by the same copyright terms | ||
71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
72 | * | ||
73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
74 | * the code are not to be removed. | ||
75 | * If this package is used in a product, Eric Young should be given attribution | ||
76 | * as the author of the parts of the library used. | ||
77 | * This can be in the form of a textual message at program startup or | ||
78 | * in documentation (online or textual) provided with the package. | ||
79 | * | ||
80 | * Redistribution and use in source and binary forms, with or without | ||
81 | * modification, are permitted provided that the following conditions | ||
82 | * are met: | ||
83 | * 1. Redistributions of source code must retain the copyright | ||
84 | * notice, this list of conditions and the following disclaimer. | ||
85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
86 | * notice, this list of conditions and the following disclaimer in the | ||
87 | * documentation and/or other materials provided with the distribution. | ||
88 | * 3. All advertising materials mentioning features or use of this software | ||
89 | * must display the following acknowledgement: | ||
90 | * "This product includes cryptographic software written by | ||
91 | * Eric Young (eay@cryptsoft.com)" | ||
92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
93 | * being used are not cryptographic related :-). | ||
94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
95 | * the apps directory (application code) you must include an acknowledgement: | ||
96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
97 | * | ||
98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
108 | * SUCH DAMAGE. | ||
109 | * | ||
110 | * The licence and distribution terms for any publically available version or | ||
111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
112 | * copied and put under another distribution licence | ||
113 | * [including the GNU Public Licence.] | ||
114 | */ | ||
115 | |||
116 | #include <limits.h> | ||
117 | #include <string.h> | ||
118 | #include <stdio.h> | ||
119 | #include "ssl_locl.h" | ||
120 | #include <openssl/buffer.h> | ||
121 | #include <openssl/rand.h> | ||
122 | #include <openssl/objects.h> | ||
123 | #include <openssl/evp.h> | ||
124 | #include <openssl/x509.h> | ||
125 | |||
126 | #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) | ||
127 | |||
128 | #define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ | ||
129 | if ((end) - (start) <= 8) { \ | ||
130 | long ii; \ | ||
131 | for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ | ||
132 | } else { \ | ||
133 | long ii; \ | ||
134 | bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ | ||
135 | for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ | ||
136 | bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ | ||
137 | } } | ||
138 | |||
139 | #define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ | ||
140 | long ii; \ | ||
141 | OPENSSL_assert((msg_len) > 0); \ | ||
142 | is_complete = 1; \ | ||
143 | if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ | ||
144 | if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ | ||
145 | if (bitmask[ii] != 0xff) { is_complete = 0; break; } } | ||
146 | |||
147 | #if 0 | ||
148 | #define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ | ||
149 | long ii; \ | ||
150 | printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ | ||
151 | printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ | ||
152 | printf("\n"); } | ||
153 | #endif | ||
154 | |||
155 | static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; | ||
156 | static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; | ||
157 | |||
158 | /* XDTLS: figure out the right values */ | ||
159 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; | ||
160 | |||
161 | static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); | ||
162 | static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, | ||
163 | unsigned long frag_len); | ||
164 | static unsigned char *dtls1_write_message_header(SSL *s, | ||
165 | unsigned char *p); | ||
166 | static void dtls1_set_message_header_int(SSL *s, unsigned char mt, | ||
167 | unsigned long len, unsigned short seq_num, unsigned long frag_off, | ||
168 | unsigned long frag_len); | ||
169 | static long dtls1_get_message_fragment(SSL *s, int st1, int stn, | ||
170 | long max, int *ok); | ||
171 | |||
172 | static hm_fragment * | ||
173 | dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) | ||
174 | { | ||
175 | hm_fragment *frag = NULL; | ||
176 | unsigned char *buf = NULL; | ||
177 | unsigned char *bitmask = NULL; | ||
178 | |||
179 | frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); | ||
180 | if ( frag == NULL) | ||
181 | return NULL; | ||
182 | |||
183 | if (frag_len) | ||
184 | { | ||
185 | buf = (unsigned char *)OPENSSL_malloc(frag_len); | ||
186 | if ( buf == NULL) | ||
187 | { | ||
188 | OPENSSL_free(frag); | ||
189 | return NULL; | ||
190 | } | ||
191 | } | ||
192 | |||
193 | /* zero length fragment gets zero frag->fragment */ | ||
194 | frag->fragment = buf; | ||
195 | |||
196 | /* Initialize reassembly bitmask if necessary */ | ||
197 | if (reassembly) | ||
198 | { | ||
199 | bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); | ||
200 | if (bitmask == NULL) | ||
201 | { | ||
202 | if (buf != NULL) OPENSSL_free(buf); | ||
203 | OPENSSL_free(frag); | ||
204 | return NULL; | ||
205 | } | ||
206 | memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); | ||
207 | } | ||
208 | |||
209 | frag->reassembly = bitmask; | ||
210 | |||
211 | return frag; | ||
212 | } | ||
213 | |||
214 | static void | ||
215 | dtls1_hm_fragment_free(hm_fragment *frag) | ||
216 | { | ||
217 | if (frag->fragment) OPENSSL_free(frag->fragment); | ||
218 | if (frag->reassembly) OPENSSL_free(frag->reassembly); | ||
219 | OPENSSL_free(frag); | ||
220 | } | ||
221 | |||
222 | /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ | ||
223 | int dtls1_do_write(SSL *s, int type) | ||
224 | { | ||
225 | int ret; | ||
226 | int curr_mtu; | ||
227 | unsigned int len, frag_off, mac_size, blocksize; | ||
228 | |||
229 | /* AHA! Figure out the MTU, and stick to the right size */ | ||
230 | if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) | ||
231 | { | ||
232 | s->d1->mtu = | ||
233 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); | ||
234 | |||
235 | /* I've seen the kernel return bogus numbers when it doesn't know | ||
236 | * (initial write), so just make sure we have a reasonable number */ | ||
237 | if ( s->d1->mtu < dtls1_min_mtu()) | ||
238 | { | ||
239 | s->d1->mtu = 0; | ||
240 | s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); | ||
241 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, | ||
242 | s->d1->mtu, NULL); | ||
243 | } | ||
244 | } | ||
245 | #if 0 | ||
246 | mtu = s->d1->mtu; | ||
247 | |||
248 | fprintf(stderr, "using MTU = %d\n", mtu); | ||
249 | |||
250 | mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); | ||
251 | |||
252 | curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s)); | ||
253 | |||
254 | if ( curr_mtu > 0) | ||
255 | mtu = curr_mtu; | ||
256 | else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) | ||
257 | return ret; | ||
258 | |||
259 | if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) | ||
260 | { | ||
261 | ret = BIO_flush(SSL_get_wbio(s)); | ||
262 | if ( ret <= 0) | ||
263 | return ret; | ||
264 | mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); | ||
265 | } | ||
266 | #endif | ||
267 | |||
268 | OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ | ||
269 | |||
270 | if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) | ||
271 | OPENSSL_assert(s->init_num == | ||
272 | (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); | ||
273 | |||
274 | if (s->write_hash) | ||
275 | mac_size = EVP_MD_CTX_size(s->write_hash); | ||
276 | else | ||
277 | mac_size = 0; | ||
278 | |||
279 | if (s->enc_write_ctx && | ||
280 | (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) | ||
281 | blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); | ||
282 | else | ||
283 | blocksize = 0; | ||
284 | |||
285 | frag_off = 0; | ||
286 | while( s->init_num) | ||
287 | { | ||
288 | curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - | ||
289 | DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; | ||
290 | |||
291 | if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) | ||
292 | { | ||
293 | /* grr.. we could get an error if MTU picked was wrong */ | ||
294 | ret = BIO_flush(SSL_get_wbio(s)); | ||
295 | if ( ret <= 0) | ||
296 | return ret; | ||
297 | curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - | ||
298 | mac_size - blocksize; | ||
299 | } | ||
300 | |||
301 | if ( s->init_num > curr_mtu) | ||
302 | len = curr_mtu; | ||
303 | else | ||
304 | len = s->init_num; | ||
305 | |||
306 | |||
307 | /* XDTLS: this function is too long. split out the CCS part */ | ||
308 | if ( type == SSL3_RT_HANDSHAKE) | ||
309 | { | ||
310 | if ( s->init_off != 0) | ||
311 | { | ||
312 | OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); | ||
313 | s->init_off -= DTLS1_HM_HEADER_LENGTH; | ||
314 | s->init_num += DTLS1_HM_HEADER_LENGTH; | ||
315 | |||
316 | /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ | ||
317 | if ( len <= DTLS1_HM_HEADER_LENGTH) | ||
318 | len += DTLS1_HM_HEADER_LENGTH; | ||
319 | } | ||
320 | |||
321 | dtls1_fix_message_header(s, frag_off, | ||
322 | len - DTLS1_HM_HEADER_LENGTH); | ||
323 | |||
324 | dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); | ||
325 | |||
326 | OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); | ||
327 | } | ||
328 | |||
329 | ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off], | ||
330 | len); | ||
331 | if (ret < 0) | ||
332 | { | ||
333 | /* might need to update MTU here, but we don't know | ||
334 | * which previous packet caused the failure -- so can't | ||
335 | * really retransmit anything. continue as if everything | ||
336 | * is fine and wait for an alert to handle the | ||
337 | * retransmit | ||
338 | */ | ||
339 | if ( BIO_ctrl(SSL_get_wbio(s), | ||
340 | BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) | ||
341 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), | ||
342 | BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); | ||
343 | else | ||
344 | return(-1); | ||
345 | } | ||
346 | else | ||
347 | { | ||
348 | |||
349 | /* bad if this assert fails, only part of the handshake | ||
350 | * message got sent. but why would this happen? */ | ||
351 | OPENSSL_assert(len == (unsigned int)ret); | ||
352 | |||
353 | if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) | ||
354 | { | ||
355 | /* should not be done for 'Hello Request's, but in that case | ||
356 | * we'll ignore the result anyway */ | ||
357 | unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; | ||
358 | const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
359 | int xlen; | ||
360 | |||
361 | if (frag_off == 0 && s->version != DTLS1_BAD_VER) | ||
362 | { | ||
363 | /* reconstruct message header is if it | ||
364 | * is being sent in single fragment */ | ||
365 | *p++ = msg_hdr->type; | ||
366 | l2n3(msg_hdr->msg_len,p); | ||
367 | s2n (msg_hdr->seq,p); | ||
368 | l2n3(0,p); | ||
369 | l2n3(msg_hdr->msg_len,p); | ||
370 | p -= DTLS1_HM_HEADER_LENGTH; | ||
371 | xlen = ret; | ||
372 | } | ||
373 | else | ||
374 | { | ||
375 | p += DTLS1_HM_HEADER_LENGTH; | ||
376 | xlen = ret - DTLS1_HM_HEADER_LENGTH; | ||
377 | } | ||
378 | |||
379 | ssl3_finish_mac(s, p, xlen); | ||
380 | } | ||
381 | |||
382 | if (ret == s->init_num) | ||
383 | { | ||
384 | if (s->msg_callback) | ||
385 | s->msg_callback(1, s->version, type, s->init_buf->data, | ||
386 | (size_t)(s->init_off + s->init_num), s, | ||
387 | s->msg_callback_arg); | ||
388 | |||
389 | s->init_off = 0; /* done writing this message */ | ||
390 | s->init_num = 0; | ||
391 | |||
392 | return(1); | ||
393 | } | ||
394 | s->init_off+=ret; | ||
395 | s->init_num-=ret; | ||
396 | frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); | ||
397 | } | ||
398 | } | ||
399 | return(0); | ||
400 | } | ||
401 | |||
402 | |||
403 | /* Obtain handshake message of message type 'mt' (any if mt == -1), | ||
404 | * maximum acceptable body length 'max'. | ||
405 | * Read an entire handshake message. Handshake messages arrive in | ||
406 | * fragments. | ||
407 | */ | ||
408 | long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | ||
409 | { | ||
410 | int i, al; | ||
411 | struct hm_header_st *msg_hdr; | ||
412 | unsigned char *p; | ||
413 | unsigned long msg_len; | ||
414 | |||
415 | /* s3->tmp is used to store messages that are unexpected, caused | ||
416 | * by the absence of an optional handshake message */ | ||
417 | if (s->s3->tmp.reuse_message) | ||
418 | { | ||
419 | s->s3->tmp.reuse_message=0; | ||
420 | if ((mt >= 0) && (s->s3->tmp.message_type != mt)) | ||
421 | { | ||
422 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
423 | SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); | ||
424 | goto f_err; | ||
425 | } | ||
426 | *ok=1; | ||
427 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | ||
428 | s->init_num = (int)s->s3->tmp.message_size; | ||
429 | return s->init_num; | ||
430 | } | ||
431 | |||
432 | msg_hdr = &s->d1->r_msg_hdr; | ||
433 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | ||
434 | |||
435 | again: | ||
436 | i = dtls1_get_message_fragment(s, st1, stn, max, ok); | ||
437 | if ( i == DTLS1_HM_BAD_FRAGMENT || | ||
438 | i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ | ||
439 | goto again; | ||
440 | else if ( i <= 0 && !*ok) | ||
441 | return i; | ||
442 | |||
443 | p = (unsigned char *)s->init_buf->data; | ||
444 | msg_len = msg_hdr->msg_len; | ||
445 | |||
446 | /* reconstruct message header */ | ||
447 | *(p++) = msg_hdr->type; | ||
448 | l2n3(msg_len,p); | ||
449 | s2n (msg_hdr->seq,p); | ||
450 | l2n3(0,p); | ||
451 | l2n3(msg_len,p); | ||
452 | if (s->version != DTLS1_BAD_VER) { | ||
453 | p -= DTLS1_HM_HEADER_LENGTH; | ||
454 | msg_len += DTLS1_HM_HEADER_LENGTH; | ||
455 | } | ||
456 | |||
457 | ssl3_finish_mac(s, p, msg_len); | ||
458 | if (s->msg_callback) | ||
459 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | ||
460 | p, msg_len, | ||
461 | s, s->msg_callback_arg); | ||
462 | |||
463 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | ||
464 | |||
465 | /* Don't change sequence numbers while listening */ | ||
466 | if (!s->d1->listen) | ||
467 | s->d1->handshake_read_seq++; | ||
468 | |||
469 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | ||
470 | return s->init_num; | ||
471 | |||
472 | f_err: | ||
473 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
474 | *ok = 0; | ||
475 | return -1; | ||
476 | } | ||
477 | |||
478 | |||
479 | static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) | ||
480 | { | ||
481 | size_t frag_off,frag_len,msg_len; | ||
482 | |||
483 | msg_len = msg_hdr->msg_len; | ||
484 | frag_off = msg_hdr->frag_off; | ||
485 | frag_len = msg_hdr->frag_len; | ||
486 | |||
487 | /* sanity checking */ | ||
488 | if ( (frag_off+frag_len) > msg_len) | ||
489 | { | ||
490 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
491 | return SSL_AD_ILLEGAL_PARAMETER; | ||
492 | } | ||
493 | |||
494 | if ( (frag_off+frag_len) > (unsigned long)max) | ||
495 | { | ||
496 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
497 | return SSL_AD_ILLEGAL_PARAMETER; | ||
498 | } | ||
499 | |||
500 | if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ | ||
501 | { | ||
502 | /* msg_len is limited to 2^24, but is effectively checked | ||
503 | * against max above */ | ||
504 | if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) | ||
505 | { | ||
506 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); | ||
507 | return SSL_AD_INTERNAL_ERROR; | ||
508 | } | ||
509 | |||
510 | s->s3->tmp.message_size = msg_len; | ||
511 | s->d1->r_msg_hdr.msg_len = msg_len; | ||
512 | s->s3->tmp.message_type = msg_hdr->type; | ||
513 | s->d1->r_msg_hdr.type = msg_hdr->type; | ||
514 | s->d1->r_msg_hdr.seq = msg_hdr->seq; | ||
515 | } | ||
516 | else if (msg_len != s->d1->r_msg_hdr.msg_len) | ||
517 | { | ||
518 | /* They must be playing with us! BTW, failure to enforce | ||
519 | * upper limit would open possibility for buffer overrun. */ | ||
520 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
521 | return SSL_AD_ILLEGAL_PARAMETER; | ||
522 | } | ||
523 | |||
524 | return 0; /* no error */ | ||
525 | } | ||
526 | |||
527 | |||
528 | static int | ||
529 | dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) | ||
530 | { | ||
531 | /* (0) check whether the desired fragment is available | ||
532 | * if so: | ||
533 | * (1) copy over the fragment to s->init_buf->data[] | ||
534 | * (2) update s->init_num | ||
535 | */ | ||
536 | pitem *item; | ||
537 | hm_fragment *frag; | ||
538 | int al; | ||
539 | |||
540 | *ok = 0; | ||
541 | item = pqueue_peek(s->d1->buffered_messages); | ||
542 | if ( item == NULL) | ||
543 | return 0; | ||
544 | |||
545 | frag = (hm_fragment *)item->data; | ||
546 | |||
547 | /* Don't return if reassembly still in progress */ | ||
548 | if (frag->reassembly != NULL) | ||
549 | return 0; | ||
550 | |||
551 | if ( s->d1->handshake_read_seq == frag->msg_header.seq) | ||
552 | { | ||
553 | unsigned long frag_len = frag->msg_header.frag_len; | ||
554 | pqueue_pop(s->d1->buffered_messages); | ||
555 | |||
556 | al=dtls1_preprocess_fragment(s,&frag->msg_header,max); | ||
557 | |||
558 | if (al==0) /* no alert */ | ||
559 | { | ||
560 | unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; | ||
561 | memcpy(&p[frag->msg_header.frag_off], | ||
562 | frag->fragment,frag->msg_header.frag_len); | ||
563 | } | ||
564 | |||
565 | dtls1_hm_fragment_free(frag); | ||
566 | pitem_free(item); | ||
567 | |||
568 | if (al==0) | ||
569 | { | ||
570 | *ok = 1; | ||
571 | return frag_len; | ||
572 | } | ||
573 | |||
574 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
575 | s->init_num = 0; | ||
576 | *ok = 0; | ||
577 | return -1; | ||
578 | } | ||
579 | else | ||
580 | return 0; | ||
581 | } | ||
582 | |||
583 | |||
584 | static int | ||
585 | dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) | ||
586 | { | ||
587 | hm_fragment *frag = NULL; | ||
588 | pitem *item = NULL; | ||
589 | int i = -1, is_complete; | ||
590 | unsigned char seq64be[8]; | ||
591 | unsigned long frag_len = msg_hdr->frag_len, max_len; | ||
592 | |||
593 | if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) | ||
594 | goto err; | ||
595 | |||
596 | /* Determine maximum allowed message size. Depends on (user set) | ||
597 | * maximum certificate length, but 16k is minimum. | ||
598 | */ | ||
599 | if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) | ||
600 | max_len = s->max_cert_list; | ||
601 | else | ||
602 | max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; | ||
603 | |||
604 | if ((msg_hdr->frag_off+frag_len) > max_len) | ||
605 | goto err; | ||
606 | |||
607 | /* Try to find item in queue */ | ||
608 | memset(seq64be,0,sizeof(seq64be)); | ||
609 | seq64be[6] = (unsigned char) (msg_hdr->seq>>8); | ||
610 | seq64be[7] = (unsigned char) msg_hdr->seq; | ||
611 | item = pqueue_find(s->d1->buffered_messages, seq64be); | ||
612 | |||
613 | if (item == NULL) | ||
614 | { | ||
615 | frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); | ||
616 | if ( frag == NULL) | ||
617 | goto err; | ||
618 | memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); | ||
619 | frag->msg_header.frag_len = frag->msg_header.msg_len; | ||
620 | frag->msg_header.frag_off = 0; | ||
621 | } | ||
622 | else | ||
623 | frag = (hm_fragment*) item->data; | ||
624 | |||
625 | /* If message is already reassembled, this must be a | ||
626 | * retransmit and can be dropped. | ||
627 | */ | ||
628 | if (frag->reassembly == NULL) | ||
629 | { | ||
630 | unsigned char devnull [256]; | ||
631 | |||
632 | while (frag_len) | ||
633 | { | ||
634 | i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, | ||
635 | devnull, | ||
636 | frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); | ||
637 | if (i<=0) goto err; | ||
638 | frag_len -= i; | ||
639 | } | ||
640 | return DTLS1_HM_FRAGMENT_RETRY; | ||
641 | } | ||
642 | |||
643 | /* read the body of the fragment (header has already been read */ | ||
644 | i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, | ||
645 | frag->fragment + msg_hdr->frag_off,frag_len,0); | ||
646 | if (i<=0 || (unsigned long)i!=frag_len) | ||
647 | goto err; | ||
648 | |||
649 | RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, | ||
650 | (long)(msg_hdr->frag_off + frag_len)); | ||
651 | |||
652 | RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, | ||
653 | is_complete); | ||
654 | |||
655 | if (is_complete) | ||
656 | { | ||
657 | OPENSSL_free(frag->reassembly); | ||
658 | frag->reassembly = NULL; | ||
659 | } | ||
660 | |||
661 | if (item == NULL) | ||
662 | { | ||
663 | memset(seq64be,0,sizeof(seq64be)); | ||
664 | seq64be[6] = (unsigned char)(msg_hdr->seq>>8); | ||
665 | seq64be[7] = (unsigned char)(msg_hdr->seq); | ||
666 | |||
667 | item = pitem_new(seq64be, frag); | ||
668 | if (item == NULL) | ||
669 | { | ||
670 | goto err; | ||
671 | i = -1; | ||
672 | } | ||
673 | |||
674 | pqueue_insert(s->d1->buffered_messages, item); | ||
675 | } | ||
676 | |||
677 | return DTLS1_HM_FRAGMENT_RETRY; | ||
678 | |||
679 | err: | ||
680 | if (frag != NULL) dtls1_hm_fragment_free(frag); | ||
681 | if (item != NULL) OPENSSL_free(item); | ||
682 | *ok = 0; | ||
683 | return i; | ||
684 | } | ||
685 | |||
686 | |||
687 | static int | ||
688 | dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) | ||
689 | { | ||
690 | int i=-1; | ||
691 | hm_fragment *frag = NULL; | ||
692 | pitem *item = NULL; | ||
693 | unsigned char seq64be[8]; | ||
694 | unsigned long frag_len = msg_hdr->frag_len; | ||
695 | |||
696 | if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) | ||
697 | goto err; | ||
698 | |||
699 | /* Try to find item in queue, to prevent duplicate entries */ | ||
700 | memset(seq64be,0,sizeof(seq64be)); | ||
701 | seq64be[6] = (unsigned char) (msg_hdr->seq>>8); | ||
702 | seq64be[7] = (unsigned char) msg_hdr->seq; | ||
703 | item = pqueue_find(s->d1->buffered_messages, seq64be); | ||
704 | |||
705 | /* If we already have an entry and this one is a fragment, | ||
706 | * don't discard it and rather try to reassemble it. | ||
707 | */ | ||
708 | if (item != NULL && frag_len < msg_hdr->msg_len) | ||
709 | item = NULL; | ||
710 | |||
711 | /* Discard the message if sequence number was already there, is | ||
712 | * too far in the future, already in the queue or if we received | ||
713 | * a FINISHED before the SERVER_HELLO, which then must be a stale | ||
714 | * retransmit. | ||
715 | */ | ||
716 | if (msg_hdr->seq <= s->d1->handshake_read_seq || | ||
717 | msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || | ||
718 | (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) | ||
719 | { | ||
720 | unsigned char devnull [256]; | ||
721 | |||
722 | while (frag_len) | ||
723 | { | ||
724 | i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, | ||
725 | devnull, | ||
726 | frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); | ||
727 | if (i<=0) goto err; | ||
728 | frag_len -= i; | ||
729 | } | ||
730 | } | ||
731 | else | ||
732 | { | ||
733 | if (frag_len && frag_len < msg_hdr->msg_len) | ||
734 | return dtls1_reassemble_fragment(s, msg_hdr, ok); | ||
735 | |||
736 | frag = dtls1_hm_fragment_new(frag_len, 0); | ||
737 | if ( frag == NULL) | ||
738 | goto err; | ||
739 | |||
740 | memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); | ||
741 | |||
742 | if (frag_len) | ||
743 | { | ||
744 | /* read the body of the fragment (header has already been read */ | ||
745 | i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, | ||
746 | frag->fragment,frag_len,0); | ||
747 | if (i<=0 || (unsigned long)i!=frag_len) | ||
748 | goto err; | ||
749 | } | ||
750 | |||
751 | memset(seq64be,0,sizeof(seq64be)); | ||
752 | seq64be[6] = (unsigned char)(msg_hdr->seq>>8); | ||
753 | seq64be[7] = (unsigned char)(msg_hdr->seq); | ||
754 | |||
755 | item = pitem_new(seq64be, frag); | ||
756 | if ( item == NULL) | ||
757 | goto err; | ||
758 | |||
759 | pqueue_insert(s->d1->buffered_messages, item); | ||
760 | } | ||
761 | |||
762 | return DTLS1_HM_FRAGMENT_RETRY; | ||
763 | |||
764 | err: | ||
765 | if ( frag != NULL) dtls1_hm_fragment_free(frag); | ||
766 | if ( item != NULL) OPENSSL_free(item); | ||
767 | *ok = 0; | ||
768 | return i; | ||
769 | } | ||
770 | |||
771 | |||
772 | static long | ||
773 | dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | ||
774 | { | ||
775 | unsigned char wire[DTLS1_HM_HEADER_LENGTH]; | ||
776 | unsigned long len, frag_off, frag_len; | ||
777 | int i,al; | ||
778 | struct hm_header_st msg_hdr; | ||
779 | |||
780 | /* see if we have the required fragment already */ | ||
781 | if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) | ||
782 | { | ||
783 | if (*ok) s->init_num = frag_len; | ||
784 | return frag_len; | ||
785 | } | ||
786 | |||
787 | /* read handshake message header */ | ||
788 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, | ||
789 | DTLS1_HM_HEADER_LENGTH, 0); | ||
790 | if (i <= 0) /* nbio, or an error */ | ||
791 | { | ||
792 | s->rwstate=SSL_READING; | ||
793 | *ok = 0; | ||
794 | return i; | ||
795 | } | ||
796 | /* Handshake fails if message header is incomplete */ | ||
797 | if (i != DTLS1_HM_HEADER_LENGTH) | ||
798 | { | ||
799 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
800 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); | ||
801 | goto f_err; | ||
802 | } | ||
803 | |||
804 | /* parse the message fragment header */ | ||
805 | dtls1_get_message_header(wire, &msg_hdr); | ||
806 | |||
807 | /* | ||
808 | * if this is a future (or stale) message it gets buffered | ||
809 | * (or dropped)--no further processing at this time | ||
810 | * While listening, we accept seq 1 (ClientHello with cookie) | ||
811 | * although we're still expecting seq 0 (ClientHello) | ||
812 | */ | ||
813 | if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1)) | ||
814 | return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); | ||
815 | |||
816 | len = msg_hdr.msg_len; | ||
817 | frag_off = msg_hdr.frag_off; | ||
818 | frag_len = msg_hdr.frag_len; | ||
819 | |||
820 | if (frag_len && frag_len < len) | ||
821 | return dtls1_reassemble_fragment(s, &msg_hdr, ok); | ||
822 | |||
823 | if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && | ||
824 | wire[0] == SSL3_MT_HELLO_REQUEST) | ||
825 | { | ||
826 | /* The server may always send 'Hello Request' messages -- | ||
827 | * we are doing a handshake anyway now, so ignore them | ||
828 | * if their format is correct. Does not count for | ||
829 | * 'Finished' MAC. */ | ||
830 | if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) | ||
831 | { | ||
832 | if (s->msg_callback) | ||
833 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | ||
834 | wire, DTLS1_HM_HEADER_LENGTH, s, | ||
835 | s->msg_callback_arg); | ||
836 | |||
837 | s->init_num = 0; | ||
838 | return dtls1_get_message_fragment(s, st1, stn, | ||
839 | max, ok); | ||
840 | } | ||
841 | else /* Incorrectly formated Hello request */ | ||
842 | { | ||
843 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
844 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); | ||
845 | goto f_err; | ||
846 | } | ||
847 | } | ||
848 | |||
849 | if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max))) | ||
850 | goto f_err; | ||
851 | |||
852 | /* XDTLS: ressurect this when restart is in place */ | ||
853 | s->state=stn; | ||
854 | |||
855 | if ( frag_len > 0) | ||
856 | { | ||
857 | unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; | ||
858 | |||
859 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, | ||
860 | &p[frag_off],frag_len,0); | ||
861 | /* XDTLS: fix this--message fragments cannot span multiple packets */ | ||
862 | if (i <= 0) | ||
863 | { | ||
864 | s->rwstate=SSL_READING; | ||
865 | *ok = 0; | ||
866 | return i; | ||
867 | } | ||
868 | } | ||
869 | else | ||
870 | i = 0; | ||
871 | |||
872 | /* XDTLS: an incorrectly formatted fragment should cause the | ||
873 | * handshake to fail */ | ||
874 | if (i != (int)frag_len) | ||
875 | { | ||
876 | al=SSL3_AD_ILLEGAL_PARAMETER; | ||
877 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER); | ||
878 | goto f_err; | ||
879 | } | ||
880 | |||
881 | *ok = 1; | ||
882 | |||
883 | /* Note that s->init_num is *not* used as current offset in | ||
884 | * s->init_buf->data, but as a counter summing up fragments' | ||
885 | * lengths: as soon as they sum up to handshake packet | ||
886 | * length, we assume we have got all the fragments. */ | ||
887 | s->init_num = frag_len; | ||
888 | return frag_len; | ||
889 | |||
890 | f_err: | ||
891 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
892 | s->init_num = 0; | ||
893 | |||
894 | *ok=0; | ||
895 | return(-1); | ||
896 | } | ||
897 | |||
898 | int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) | ||
899 | { | ||
900 | unsigned char *p,*d; | ||
901 | int i; | ||
902 | unsigned long l; | ||
903 | |||
904 | if (s->state == a) | ||
905 | { | ||
906 | d=(unsigned char *)s->init_buf->data; | ||
907 | p= &(d[DTLS1_HM_HEADER_LENGTH]); | ||
908 | |||
909 | i=s->method->ssl3_enc->final_finish_mac(s, | ||
910 | sender,slen,s->s3->tmp.finish_md); | ||
911 | s->s3->tmp.finish_md_len = i; | ||
912 | memcpy(p, s->s3->tmp.finish_md, i); | ||
913 | p+=i; | ||
914 | l=i; | ||
915 | |||
916 | /* Copy the finished so we can use it for | ||
917 | * renegotiation checks | ||
918 | */ | ||
919 | if(s->type == SSL_ST_CONNECT) | ||
920 | { | ||
921 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
922 | memcpy(s->s3->previous_client_finished, | ||
923 | s->s3->tmp.finish_md, i); | ||
924 | s->s3->previous_client_finished_len=i; | ||
925 | } | ||
926 | else | ||
927 | { | ||
928 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
929 | memcpy(s->s3->previous_server_finished, | ||
930 | s->s3->tmp.finish_md, i); | ||
931 | s->s3->previous_server_finished_len=i; | ||
932 | } | ||
933 | |||
934 | #ifdef OPENSSL_SYS_WIN16 | ||
935 | /* MSVC 1.5 does not clear the top bytes of the word unless | ||
936 | * I do this. | ||
937 | */ | ||
938 | l&=0xffff; | ||
939 | #endif | ||
940 | |||
941 | d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l); | ||
942 | s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH; | ||
943 | s->init_off=0; | ||
944 | |||
945 | /* buffer the message to handle re-xmits */ | ||
946 | dtls1_buffer_message(s, 0); | ||
947 | |||
948 | s->state=b; | ||
949 | } | ||
950 | |||
951 | /* SSL3_ST_SEND_xxxxxx_HELLO_B */ | ||
952 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
953 | } | ||
954 | |||
955 | /* for these 2 messages, we need to | ||
956 | * ssl->enc_read_ctx re-init | ||
957 | * ssl->s3->read_sequence zero | ||
958 | * ssl->s3->read_mac_secret re-init | ||
959 | * ssl->session->read_sym_enc assign | ||
960 | * ssl->session->read_compression assign | ||
961 | * ssl->session->read_hash assign | ||
962 | */ | ||
963 | int dtls1_send_change_cipher_spec(SSL *s, int a, int b) | ||
964 | { | ||
965 | unsigned char *p; | ||
966 | |||
967 | if (s->state == a) | ||
968 | { | ||
969 | p=(unsigned char *)s->init_buf->data; | ||
970 | *p++=SSL3_MT_CCS; | ||
971 | s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; | ||
972 | s->init_num=DTLS1_CCS_HEADER_LENGTH; | ||
973 | |||
974 | if (s->version == DTLS1_BAD_VER) { | ||
975 | s->d1->next_handshake_write_seq++; | ||
976 | s2n(s->d1->handshake_write_seq,p); | ||
977 | s->init_num+=2; | ||
978 | } | ||
979 | |||
980 | s->init_off=0; | ||
981 | |||
982 | dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, | ||
983 | s->d1->handshake_write_seq, 0, 0); | ||
984 | |||
985 | /* buffer the message to handle re-xmits */ | ||
986 | dtls1_buffer_message(s, 1); | ||
987 | |||
988 | s->state=b; | ||
989 | } | ||
990 | |||
991 | /* SSL3_ST_CW_CHANGE_B */ | ||
992 | return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); | ||
993 | } | ||
994 | |||
995 | static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | ||
996 | { | ||
997 | int n; | ||
998 | unsigned char *p; | ||
999 | |||
1000 | n=i2d_X509(x,NULL); | ||
1001 | if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) | ||
1002 | { | ||
1003 | SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); | ||
1004 | return 0; | ||
1005 | } | ||
1006 | p=(unsigned char *)&(buf->data[*l]); | ||
1007 | l2n3(n,p); | ||
1008 | i2d_X509(x,&p); | ||
1009 | *l+=n+3; | ||
1010 | |||
1011 | return 1; | ||
1012 | } | ||
1013 | unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) | ||
1014 | { | ||
1015 | unsigned char *p; | ||
1016 | int i; | ||
1017 | unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; | ||
1018 | BUF_MEM *buf; | ||
1019 | |||
1020 | /* TLSv1 sends a chain with nothing in it, instead of an alert */ | ||
1021 | buf=s->init_buf; | ||
1022 | if (!BUF_MEM_grow_clean(buf,10)) | ||
1023 | { | ||
1024 | SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); | ||
1025 | return(0); | ||
1026 | } | ||
1027 | if (x != NULL) | ||
1028 | { | ||
1029 | X509_STORE_CTX xs_ctx; | ||
1030 | |||
1031 | if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) | ||
1032 | { | ||
1033 | SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); | ||
1034 | return(0); | ||
1035 | } | ||
1036 | |||
1037 | X509_verify_cert(&xs_ctx); | ||
1038 | /* Don't leave errors in the queue */ | ||
1039 | ERR_clear_error(); | ||
1040 | for (i=0; i < sk_X509_num(xs_ctx.chain); i++) | ||
1041 | { | ||
1042 | x = sk_X509_value(xs_ctx.chain, i); | ||
1043 | |||
1044 | if (!dtls1_add_cert_to_buf(buf, &l, x)) | ||
1045 | { | ||
1046 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
1047 | return 0; | ||
1048 | } | ||
1049 | } | ||
1050 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
1051 | } | ||
1052 | /* Thawte special :-) */ | ||
1053 | for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) | ||
1054 | { | ||
1055 | x=sk_X509_value(s->ctx->extra_certs,i); | ||
1056 | if (!dtls1_add_cert_to_buf(buf, &l, x)) | ||
1057 | return 0; | ||
1058 | } | ||
1059 | |||
1060 | l-= (3 + DTLS1_HM_HEADER_LENGTH); | ||
1061 | |||
1062 | p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); | ||
1063 | l2n3(l,p); | ||
1064 | l+=3; | ||
1065 | p=(unsigned char *)&(buf->data[0]); | ||
1066 | p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l); | ||
1067 | |||
1068 | l+=DTLS1_HM_HEADER_LENGTH; | ||
1069 | return(l); | ||
1070 | } | ||
1071 | |||
1072 | int dtls1_read_failed(SSL *s, int code) | ||
1073 | { | ||
1074 | if ( code > 0) | ||
1075 | { | ||
1076 | fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); | ||
1077 | return 1; | ||
1078 | } | ||
1079 | |||
1080 | if (!dtls1_is_timer_expired(s)) | ||
1081 | { | ||
1082 | /* not a timeout, none of our business, | ||
1083 | let higher layers handle this. in fact it's probably an error */ | ||
1084 | return code; | ||
1085 | } | ||
1086 | |||
1087 | if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */ | ||
1088 | { | ||
1089 | BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); | ||
1090 | return code; | ||
1091 | } | ||
1092 | |||
1093 | #if 0 /* for now, each alert contains only one record number */ | ||
1094 | item = pqueue_peek(state->rcvd_records); | ||
1095 | if ( item ) | ||
1096 | { | ||
1097 | /* send an alert immediately for all the missing records */ | ||
1098 | } | ||
1099 | else | ||
1100 | #endif | ||
1101 | |||
1102 | #if 0 /* no more alert sending, just retransmit the last set of messages */ | ||
1103 | if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) | ||
1104 | ssl3_send_alert(s,SSL3_AL_WARNING, | ||
1105 | DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | ||
1106 | #endif | ||
1107 | |||
1108 | return dtls1_handle_timeout(s); | ||
1109 | } | ||
1110 | |||
1111 | int | ||
1112 | dtls1_get_queue_priority(unsigned short seq, int is_ccs) | ||
1113 | { | ||
1114 | /* The index of the retransmission queue actually is the message sequence number, | ||
1115 | * since the queue only contains messages of a single handshake. However, the | ||
1116 | * ChangeCipherSpec has no message sequence number and so using only the sequence | ||
1117 | * will result in the CCS and Finished having the same index. To prevent this, | ||
1118 | * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted. | ||
1119 | * This does not only differ CSS and Finished, it also maintains the order of the | ||
1120 | * index (important for priority queues) and fits in the unsigned short variable. | ||
1121 | */ | ||
1122 | return seq * 2 - is_ccs; | ||
1123 | } | ||
1124 | |||
1125 | int | ||
1126 | dtls1_retransmit_buffered_messages(SSL *s) | ||
1127 | { | ||
1128 | pqueue sent = s->d1->sent_messages; | ||
1129 | piterator iter; | ||
1130 | pitem *item; | ||
1131 | hm_fragment *frag; | ||
1132 | int found = 0; | ||
1133 | |||
1134 | iter = pqueue_iterator(sent); | ||
1135 | |||
1136 | for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) | ||
1137 | { | ||
1138 | frag = (hm_fragment *)item->data; | ||
1139 | if ( dtls1_retransmit_message(s, | ||
1140 | (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), | ||
1141 | 0, &found) <= 0 && found) | ||
1142 | { | ||
1143 | fprintf(stderr, "dtls1_retransmit_message() failed\n"); | ||
1144 | return -1; | ||
1145 | } | ||
1146 | } | ||
1147 | |||
1148 | return 1; | ||
1149 | } | ||
1150 | |||
1151 | int | ||
1152 | dtls1_buffer_message(SSL *s, int is_ccs) | ||
1153 | { | ||
1154 | pitem *item; | ||
1155 | hm_fragment *frag; | ||
1156 | unsigned char seq64be[8]; | ||
1157 | |||
1158 | /* this function is called immediately after a message has | ||
1159 | * been serialized */ | ||
1160 | OPENSSL_assert(s->init_off == 0); | ||
1161 | |||
1162 | frag = dtls1_hm_fragment_new(s->init_num, 0); | ||
1163 | |||
1164 | memcpy(frag->fragment, s->init_buf->data, s->init_num); | ||
1165 | |||
1166 | if ( is_ccs) | ||
1167 | { | ||
1168 | OPENSSL_assert(s->d1->w_msg_hdr.msg_len + | ||
1169 | ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num); | ||
1170 | } | ||
1171 | else | ||
1172 | { | ||
1173 | OPENSSL_assert(s->d1->w_msg_hdr.msg_len + | ||
1174 | DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); | ||
1175 | } | ||
1176 | |||
1177 | frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; | ||
1178 | frag->msg_header.seq = s->d1->w_msg_hdr.seq; | ||
1179 | frag->msg_header.type = s->d1->w_msg_hdr.type; | ||
1180 | frag->msg_header.frag_off = 0; | ||
1181 | frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; | ||
1182 | frag->msg_header.is_ccs = is_ccs; | ||
1183 | |||
1184 | /* save current state*/ | ||
1185 | frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; | ||
1186 | frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; | ||
1187 | frag->msg_header.saved_retransmit_state.compress = s->compress; | ||
1188 | frag->msg_header.saved_retransmit_state.session = s->session; | ||
1189 | frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; | ||
1190 | |||
1191 | memset(seq64be,0,sizeof(seq64be)); | ||
1192 | seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, | ||
1193 | frag->msg_header.is_ccs)>>8); | ||
1194 | seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, | ||
1195 | frag->msg_header.is_ccs)); | ||
1196 | |||
1197 | item = pitem_new(seq64be, frag); | ||
1198 | if ( item == NULL) | ||
1199 | { | ||
1200 | dtls1_hm_fragment_free(frag); | ||
1201 | return 0; | ||
1202 | } | ||
1203 | |||
1204 | #if 0 | ||
1205 | fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); | ||
1206 | fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); | ||
1207 | fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); | ||
1208 | #endif | ||
1209 | |||
1210 | pqueue_insert(s->d1->sent_messages, item); | ||
1211 | return 1; | ||
1212 | } | ||
1213 | |||
1214 | int | ||
1215 | dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | ||
1216 | int *found) | ||
1217 | { | ||
1218 | int ret; | ||
1219 | /* XDTLS: for now assuming that read/writes are blocking */ | ||
1220 | pitem *item; | ||
1221 | hm_fragment *frag ; | ||
1222 | unsigned long header_length; | ||
1223 | unsigned char seq64be[8]; | ||
1224 | struct dtls1_retransmit_state saved_state; | ||
1225 | unsigned char save_write_sequence[8]; | ||
1226 | |||
1227 | /* | ||
1228 | OPENSSL_assert(s->init_num == 0); | ||
1229 | OPENSSL_assert(s->init_off == 0); | ||
1230 | */ | ||
1231 | |||
1232 | /* XDTLS: the requested message ought to be found, otherwise error */ | ||
1233 | memset(seq64be,0,sizeof(seq64be)); | ||
1234 | seq64be[6] = (unsigned char)(seq>>8); | ||
1235 | seq64be[7] = (unsigned char)seq; | ||
1236 | |||
1237 | item = pqueue_find(s->d1->sent_messages, seq64be); | ||
1238 | if ( item == NULL) | ||
1239 | { | ||
1240 | fprintf(stderr, "retransmit: message %d non-existant\n", seq); | ||
1241 | *found = 0; | ||
1242 | return 0; | ||
1243 | } | ||
1244 | |||
1245 | *found = 1; | ||
1246 | frag = (hm_fragment *)item->data; | ||
1247 | |||
1248 | if ( frag->msg_header.is_ccs) | ||
1249 | header_length = DTLS1_CCS_HEADER_LENGTH; | ||
1250 | else | ||
1251 | header_length = DTLS1_HM_HEADER_LENGTH; | ||
1252 | |||
1253 | memcpy(s->init_buf->data, frag->fragment, | ||
1254 | frag->msg_header.msg_len + header_length); | ||
1255 | s->init_num = frag->msg_header.msg_len + header_length; | ||
1256 | |||
1257 | dtls1_set_message_header_int(s, frag->msg_header.type, | ||
1258 | frag->msg_header.msg_len, frag->msg_header.seq, 0, | ||
1259 | frag->msg_header.frag_len); | ||
1260 | |||
1261 | /* save current state */ | ||
1262 | saved_state.enc_write_ctx = s->enc_write_ctx; | ||
1263 | saved_state.write_hash = s->write_hash; | ||
1264 | saved_state.compress = s->compress; | ||
1265 | saved_state.session = s->session; | ||
1266 | saved_state.epoch = s->d1->w_epoch; | ||
1267 | saved_state.epoch = s->d1->w_epoch; | ||
1268 | |||
1269 | s->d1->retransmitting = 1; | ||
1270 | |||
1271 | /* restore state in which the message was originally sent */ | ||
1272 | s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; | ||
1273 | s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; | ||
1274 | s->compress = frag->msg_header.saved_retransmit_state.compress; | ||
1275 | s->session = frag->msg_header.saved_retransmit_state.session; | ||
1276 | s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; | ||
1277 | |||
1278 | if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) | ||
1279 | { | ||
1280 | memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); | ||
1281 | memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); | ||
1282 | } | ||
1283 | |||
1284 | ret = dtls1_do_write(s, frag->msg_header.is_ccs ? | ||
1285 | SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); | ||
1286 | |||
1287 | /* restore current state */ | ||
1288 | s->enc_write_ctx = saved_state.enc_write_ctx; | ||
1289 | s->write_hash = saved_state.write_hash; | ||
1290 | s->compress = saved_state.compress; | ||
1291 | s->session = saved_state.session; | ||
1292 | s->d1->w_epoch = saved_state.epoch; | ||
1293 | |||
1294 | if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) | ||
1295 | { | ||
1296 | memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); | ||
1297 | memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); | ||
1298 | } | ||
1299 | |||
1300 | s->d1->retransmitting = 0; | ||
1301 | |||
1302 | (void)BIO_flush(SSL_get_wbio(s)); | ||
1303 | return ret; | ||
1304 | } | ||
1305 | |||
1306 | /* call this function when the buffered messages are no longer needed */ | ||
1307 | void | ||
1308 | dtls1_clear_record_buffer(SSL *s) | ||
1309 | { | ||
1310 | pitem *item; | ||
1311 | |||
1312 | for(item = pqueue_pop(s->d1->sent_messages); | ||
1313 | item != NULL; item = pqueue_pop(s->d1->sent_messages)) | ||
1314 | { | ||
1315 | dtls1_hm_fragment_free((hm_fragment *)item->data); | ||
1316 | pitem_free(item); | ||
1317 | } | ||
1318 | } | ||
1319 | |||
1320 | |||
1321 | unsigned char * | ||
1322 | dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, | ||
1323 | unsigned long len, unsigned long frag_off, unsigned long frag_len) | ||
1324 | { | ||
1325 | /* Don't change sequence numbers while listening */ | ||
1326 | if (frag_off == 0 && !s->d1->listen) | ||
1327 | { | ||
1328 | s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; | ||
1329 | s->d1->next_handshake_write_seq++; | ||
1330 | } | ||
1331 | |||
1332 | dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, | ||
1333 | frag_off, frag_len); | ||
1334 | |||
1335 | return p += DTLS1_HM_HEADER_LENGTH; | ||
1336 | } | ||
1337 | |||
1338 | |||
1339 | /* don't actually do the writing, wait till the MTU has been retrieved */ | ||
1340 | static void | ||
1341 | dtls1_set_message_header_int(SSL *s, unsigned char mt, | ||
1342 | unsigned long len, unsigned short seq_num, unsigned long frag_off, | ||
1343 | unsigned long frag_len) | ||
1344 | { | ||
1345 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
1346 | |||
1347 | msg_hdr->type = mt; | ||
1348 | msg_hdr->msg_len = len; | ||
1349 | msg_hdr->seq = seq_num; | ||
1350 | msg_hdr->frag_off = frag_off; | ||
1351 | msg_hdr->frag_len = frag_len; | ||
1352 | } | ||
1353 | |||
1354 | static void | ||
1355 | dtls1_fix_message_header(SSL *s, unsigned long frag_off, | ||
1356 | unsigned long frag_len) | ||
1357 | { | ||
1358 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
1359 | |||
1360 | msg_hdr->frag_off = frag_off; | ||
1361 | msg_hdr->frag_len = frag_len; | ||
1362 | } | ||
1363 | |||
1364 | static unsigned char * | ||
1365 | dtls1_write_message_header(SSL *s, unsigned char *p) | ||
1366 | { | ||
1367 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
1368 | |||
1369 | *p++ = msg_hdr->type; | ||
1370 | l2n3(msg_hdr->msg_len, p); | ||
1371 | |||
1372 | s2n(msg_hdr->seq, p); | ||
1373 | l2n3(msg_hdr->frag_off, p); | ||
1374 | l2n3(msg_hdr->frag_len, p); | ||
1375 | |||
1376 | return p; | ||
1377 | } | ||
1378 | |||
1379 | unsigned int | ||
1380 | dtls1_min_mtu(void) | ||
1381 | { | ||
1382 | return (g_probable_mtu[(sizeof(g_probable_mtu) / | ||
1383 | sizeof(g_probable_mtu[0])) - 1]); | ||
1384 | } | ||
1385 | |||
1386 | static unsigned int | ||
1387 | dtls1_guess_mtu(unsigned int curr_mtu) | ||
1388 | { | ||
1389 | unsigned int i; | ||
1390 | |||
1391 | if ( curr_mtu == 0 ) | ||
1392 | return g_probable_mtu[0] ; | ||
1393 | |||
1394 | for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) | ||
1395 | if ( curr_mtu > g_probable_mtu[i]) | ||
1396 | return g_probable_mtu[i]; | ||
1397 | |||
1398 | return curr_mtu; | ||
1399 | } | ||
1400 | |||
1401 | void | ||
1402 | dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) | ||
1403 | { | ||
1404 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | ||
1405 | msg_hdr->type = *(data++); | ||
1406 | n2l3(data, msg_hdr->msg_len); | ||
1407 | |||
1408 | n2s(data, msg_hdr->seq); | ||
1409 | n2l3(data, msg_hdr->frag_off); | ||
1410 | n2l3(data, msg_hdr->frag_len); | ||
1411 | } | ||
1412 | |||
1413 | void | ||
1414 | dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) | ||
1415 | { | ||
1416 | memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); | ||
1417 | |||
1418 | ccs_hdr->type = *(data++); | ||
1419 | } | ||
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c deleted file mode 100644 index 089fa4c7f8..0000000000 --- a/src/lib/libssl/d1_clnt.c +++ /dev/null | |||
@@ -1,1536 +0,0 @@ | |||
1 | /* ssl/d1_clnt.c */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
60 | * All rights reserved. | ||
61 | * | ||
62 | * This package is an SSL implementation written | ||
63 | * by Eric Young (eay@cryptsoft.com). | ||
64 | * The implementation was written so as to conform with Netscapes SSL. | ||
65 | * | ||
66 | * This library is free for commercial and non-commercial use as long as | ||
67 | * the following conditions are aheared to. The following conditions | ||
68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
70 | * included with this distribution is covered by the same copyright terms | ||
71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
72 | * | ||
73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
74 | * the code are not to be removed. | ||
75 | * If this package is used in a product, Eric Young should be given attribution | ||
76 | * as the author of the parts of the library used. | ||
77 | * This can be in the form of a textual message at program startup or | ||
78 | * in documentation (online or textual) provided with the package. | ||
79 | * | ||
80 | * Redistribution and use in source and binary forms, with or without | ||
81 | * modification, are permitted provided that the following conditions | ||
82 | * are met: | ||
83 | * 1. Redistributions of source code must retain the copyright | ||
84 | * notice, this list of conditions and the following disclaimer. | ||
85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
86 | * notice, this list of conditions and the following disclaimer in the | ||
87 | * documentation and/or other materials provided with the distribution. | ||
88 | * 3. All advertising materials mentioning features or use of this software | ||
89 | * must display the following acknowledgement: | ||
90 | * "This product includes cryptographic software written by | ||
91 | * Eric Young (eay@cryptsoft.com)" | ||
92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
93 | * being used are not cryptographic related :-). | ||
94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
95 | * the apps directory (application code) you must include an acknowledgement: | ||
96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
97 | * | ||
98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
108 | * SUCH DAMAGE. | ||
109 | * | ||
110 | * The licence and distribution terms for any publically available version or | ||
111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
112 | * copied and put under another distribution licence | ||
113 | * [including the GNU Public Licence.] | ||
114 | */ | ||
115 | |||
116 | #include <stdio.h> | ||
117 | #include "ssl_locl.h" | ||
118 | #ifndef OPENSSL_NO_KRB5 | ||
119 | #include "kssl_lcl.h" | ||
120 | #endif | ||
121 | #include <openssl/buffer.h> | ||
122 | #include <openssl/rand.h> | ||
123 | #include <openssl/objects.h> | ||
124 | #include <openssl/evp.h> | ||
125 | #include <openssl/md5.h> | ||
126 | #include <openssl/bn.h> | ||
127 | #ifndef OPENSSL_NO_DH | ||
128 | #include <openssl/dh.h> | ||
129 | #endif | ||
130 | |||
131 | static const SSL_METHOD *dtls1_get_client_method(int ver); | ||
132 | static int dtls1_get_hello_verify(SSL *s); | ||
133 | |||
134 | static const SSL_METHOD *dtls1_get_client_method(int ver) | ||
135 | { | ||
136 | if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) | ||
137 | return(DTLSv1_client_method()); | ||
138 | else | ||
139 | return(NULL); | ||
140 | } | ||
141 | |||
142 | IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, | ||
143 | ssl_undefined_function, | ||
144 | dtls1_connect, | ||
145 | dtls1_get_client_method) | ||
146 | |||
147 | int dtls1_connect(SSL *s) | ||
148 | { | ||
149 | BUF_MEM *buf=NULL; | ||
150 | unsigned long Time=(unsigned long)time(NULL); | ||
151 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
152 | int ret= -1; | ||
153 | int new_state,state,skip=0;; | ||
154 | |||
155 | RAND_add(&Time,sizeof(Time),0); | ||
156 | ERR_clear_error(); | ||
157 | clear_sys_error(); | ||
158 | |||
159 | if (s->info_callback != NULL) | ||
160 | cb=s->info_callback; | ||
161 | else if (s->ctx->info_callback != NULL) | ||
162 | cb=s->ctx->info_callback; | ||
163 | |||
164 | s->in_handshake++; | ||
165 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
166 | |||
167 | for (;;) | ||
168 | { | ||
169 | state=s->state; | ||
170 | |||
171 | switch(s->state) | ||
172 | { | ||
173 | case SSL_ST_RENEGOTIATE: | ||
174 | s->new_session=1; | ||
175 | s->state=SSL_ST_CONNECT; | ||
176 | s->ctx->stats.sess_connect_renegotiate++; | ||
177 | /* break */ | ||
178 | case SSL_ST_BEFORE: | ||
179 | case SSL_ST_CONNECT: | ||
180 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
181 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
182 | |||
183 | s->server=0; | ||
184 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | ||
185 | |||
186 | if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && | ||
187 | (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) | ||
188 | { | ||
189 | SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); | ||
190 | ret = -1; | ||
191 | goto end; | ||
192 | } | ||
193 | |||
194 | /* s->version=SSL3_VERSION; */ | ||
195 | s->type=SSL_ST_CONNECT; | ||
196 | |||
197 | if (s->init_buf == NULL) | ||
198 | { | ||
199 | if ((buf=BUF_MEM_new()) == NULL) | ||
200 | { | ||
201 | ret= -1; | ||
202 | goto end; | ||
203 | } | ||
204 | if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) | ||
205 | { | ||
206 | ret= -1; | ||
207 | goto end; | ||
208 | } | ||
209 | s->init_buf=buf; | ||
210 | buf=NULL; | ||
211 | } | ||
212 | |||
213 | if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } | ||
214 | |||
215 | /* setup buffing BIO */ | ||
216 | if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } | ||
217 | |||
218 | /* don't push the buffering BIO quite yet */ | ||
219 | |||
220 | s->state=SSL3_ST_CW_CLNT_HELLO_A; | ||
221 | s->ctx->stats.sess_connect++; | ||
222 | s->init_num=0; | ||
223 | /* mark client_random uninitialized */ | ||
224 | memset(s->s3->client_random,0,sizeof(s->s3->client_random)); | ||
225 | s->d1->send_cookie = 0; | ||
226 | s->hit = 0; | ||
227 | break; | ||
228 | |||
229 | case SSL3_ST_CW_CLNT_HELLO_A: | ||
230 | case SSL3_ST_CW_CLNT_HELLO_B: | ||
231 | |||
232 | s->shutdown=0; | ||
233 | |||
234 | /* every DTLS ClientHello resets Finished MAC */ | ||
235 | ssl3_init_finished_mac(s); | ||
236 | |||
237 | dtls1_start_timer(s); | ||
238 | ret=dtls1_client_hello(s); | ||
239 | if (ret <= 0) goto end; | ||
240 | |||
241 | if ( s->d1->send_cookie) | ||
242 | { | ||
243 | s->state=SSL3_ST_CW_FLUSH; | ||
244 | s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A; | ||
245 | } | ||
246 | else | ||
247 | s->state=SSL3_ST_CR_SRVR_HELLO_A; | ||
248 | |||
249 | s->init_num=0; | ||
250 | |||
251 | /* turn on buffering for the next lot of output */ | ||
252 | if (s->bbio != s->wbio) | ||
253 | s->wbio=BIO_push(s->bbio,s->wbio); | ||
254 | |||
255 | break; | ||
256 | |||
257 | case SSL3_ST_CR_SRVR_HELLO_A: | ||
258 | case SSL3_ST_CR_SRVR_HELLO_B: | ||
259 | ret=ssl3_get_server_hello(s); | ||
260 | if (ret <= 0) goto end; | ||
261 | else | ||
262 | { | ||
263 | dtls1_stop_timer(s); | ||
264 | if (s->hit) | ||
265 | s->state=SSL3_ST_CR_FINISHED_A; | ||
266 | else | ||
267 | s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; | ||
268 | } | ||
269 | s->init_num=0; | ||
270 | break; | ||
271 | |||
272 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: | ||
273 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: | ||
274 | |||
275 | ret = dtls1_get_hello_verify(s); | ||
276 | if ( ret <= 0) | ||
277 | goto end; | ||
278 | dtls1_stop_timer(s); | ||
279 | if ( s->d1->send_cookie) /* start again, with a cookie */ | ||
280 | s->state=SSL3_ST_CW_CLNT_HELLO_A; | ||
281 | else | ||
282 | s->state = SSL3_ST_CR_CERT_A; | ||
283 | s->init_num = 0; | ||
284 | break; | ||
285 | |||
286 | case SSL3_ST_CR_CERT_A: | ||
287 | case SSL3_ST_CR_CERT_B: | ||
288 | #ifndef OPENSSL_NO_TLSEXT | ||
289 | ret=ssl3_check_finished(s); | ||
290 | if (ret <= 0) goto end; | ||
291 | if (ret == 2) | ||
292 | { | ||
293 | s->hit = 1; | ||
294 | if (s->tlsext_ticket_expected) | ||
295 | s->state=SSL3_ST_CR_SESSION_TICKET_A; | ||
296 | else | ||
297 | s->state=SSL3_ST_CR_FINISHED_A; | ||
298 | s->init_num=0; | ||
299 | break; | ||
300 | } | ||
301 | #endif | ||
302 | /* Check if it is anon DH or PSK */ | ||
303 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && | ||
304 | !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | ||
305 | { | ||
306 | ret=ssl3_get_server_certificate(s); | ||
307 | if (ret <= 0) goto end; | ||
308 | #ifndef OPENSSL_NO_TLSEXT | ||
309 | if (s->tlsext_status_expected) | ||
310 | s->state=SSL3_ST_CR_CERT_STATUS_A; | ||
311 | else | ||
312 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
313 | } | ||
314 | else | ||
315 | { | ||
316 | skip = 1; | ||
317 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
318 | } | ||
319 | #else | ||
320 | } | ||
321 | else | ||
322 | skip=1; | ||
323 | |||
324 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
325 | #endif | ||
326 | s->init_num=0; | ||
327 | break; | ||
328 | |||
329 | case SSL3_ST_CR_KEY_EXCH_A: | ||
330 | case SSL3_ST_CR_KEY_EXCH_B: | ||
331 | ret=ssl3_get_key_exchange(s); | ||
332 | if (ret <= 0) goto end; | ||
333 | s->state=SSL3_ST_CR_CERT_REQ_A; | ||
334 | s->init_num=0; | ||
335 | |||
336 | /* at this point we check that we have the | ||
337 | * required stuff from the server */ | ||
338 | if (!ssl3_check_cert_and_algorithm(s)) | ||
339 | { | ||
340 | ret= -1; | ||
341 | goto end; | ||
342 | } | ||
343 | break; | ||
344 | |||
345 | case SSL3_ST_CR_CERT_REQ_A: | ||
346 | case SSL3_ST_CR_CERT_REQ_B: | ||
347 | ret=ssl3_get_certificate_request(s); | ||
348 | if (ret <= 0) goto end; | ||
349 | s->state=SSL3_ST_CR_SRVR_DONE_A; | ||
350 | s->init_num=0; | ||
351 | break; | ||
352 | |||
353 | case SSL3_ST_CR_SRVR_DONE_A: | ||
354 | case SSL3_ST_CR_SRVR_DONE_B: | ||
355 | ret=ssl3_get_server_done(s); | ||
356 | if (ret <= 0) goto end; | ||
357 | if (s->s3->tmp.cert_req) | ||
358 | s->state=SSL3_ST_CW_CERT_A; | ||
359 | else | ||
360 | s->state=SSL3_ST_CW_KEY_EXCH_A; | ||
361 | s->init_num=0; | ||
362 | |||
363 | break; | ||
364 | |||
365 | case SSL3_ST_CW_CERT_A: | ||
366 | case SSL3_ST_CW_CERT_B: | ||
367 | case SSL3_ST_CW_CERT_C: | ||
368 | case SSL3_ST_CW_CERT_D: | ||
369 | dtls1_start_timer(s); | ||
370 | ret=dtls1_send_client_certificate(s); | ||
371 | if (ret <= 0) goto end; | ||
372 | s->state=SSL3_ST_CW_KEY_EXCH_A; | ||
373 | s->init_num=0; | ||
374 | break; | ||
375 | |||
376 | case SSL3_ST_CW_KEY_EXCH_A: | ||
377 | case SSL3_ST_CW_KEY_EXCH_B: | ||
378 | dtls1_start_timer(s); | ||
379 | ret=dtls1_send_client_key_exchange(s); | ||
380 | if (ret <= 0) goto end; | ||
381 | /* EAY EAY EAY need to check for DH fix cert | ||
382 | * sent back */ | ||
383 | /* For TLS, cert_req is set to 2, so a cert chain | ||
384 | * of nothing is sent, but no verify packet is sent */ | ||
385 | if (s->s3->tmp.cert_req == 1) | ||
386 | { | ||
387 | s->state=SSL3_ST_CW_CERT_VRFY_A; | ||
388 | } | ||
389 | else | ||
390 | { | ||
391 | s->state=SSL3_ST_CW_CHANGE_A; | ||
392 | s->s3->change_cipher_spec=0; | ||
393 | } | ||
394 | |||
395 | s->init_num=0; | ||
396 | break; | ||
397 | |||
398 | case SSL3_ST_CW_CERT_VRFY_A: | ||
399 | case SSL3_ST_CW_CERT_VRFY_B: | ||
400 | dtls1_start_timer(s); | ||
401 | ret=dtls1_send_client_verify(s); | ||
402 | if (ret <= 0) goto end; | ||
403 | s->state=SSL3_ST_CW_CHANGE_A; | ||
404 | s->init_num=0; | ||
405 | s->s3->change_cipher_spec=0; | ||
406 | break; | ||
407 | |||
408 | case SSL3_ST_CW_CHANGE_A: | ||
409 | case SSL3_ST_CW_CHANGE_B: | ||
410 | if (!s->hit) | ||
411 | dtls1_start_timer(s); | ||
412 | ret=dtls1_send_change_cipher_spec(s, | ||
413 | SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | ||
414 | if (ret <= 0) goto end; | ||
415 | s->state=SSL3_ST_CW_FINISHED_A; | ||
416 | s->init_num=0; | ||
417 | |||
418 | s->session->cipher=s->s3->tmp.new_cipher; | ||
419 | #ifdef OPENSSL_NO_COMP | ||
420 | s->session->compress_meth=0; | ||
421 | #else | ||
422 | if (s->s3->tmp.new_compression == NULL) | ||
423 | s->session->compress_meth=0; | ||
424 | else | ||
425 | s->session->compress_meth= | ||
426 | s->s3->tmp.new_compression->id; | ||
427 | #endif | ||
428 | if (!s->method->ssl3_enc->setup_key_block(s)) | ||
429 | { | ||
430 | ret= -1; | ||
431 | goto end; | ||
432 | } | ||
433 | |||
434 | if (!s->method->ssl3_enc->change_cipher_state(s, | ||
435 | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) | ||
436 | { | ||
437 | ret= -1; | ||
438 | goto end; | ||
439 | } | ||
440 | |||
441 | dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); | ||
442 | break; | ||
443 | |||
444 | case SSL3_ST_CW_FINISHED_A: | ||
445 | case SSL3_ST_CW_FINISHED_B: | ||
446 | if (!s->hit) | ||
447 | dtls1_start_timer(s); | ||
448 | ret=dtls1_send_finished(s, | ||
449 | SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, | ||
450 | s->method->ssl3_enc->client_finished_label, | ||
451 | s->method->ssl3_enc->client_finished_label_len); | ||
452 | if (ret <= 0) goto end; | ||
453 | s->state=SSL3_ST_CW_FLUSH; | ||
454 | |||
455 | /* clear flags */ | ||
456 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | ||
457 | if (s->hit) | ||
458 | { | ||
459 | s->s3->tmp.next_state=SSL_ST_OK; | ||
460 | if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) | ||
461 | { | ||
462 | s->state=SSL_ST_OK; | ||
463 | s->s3->flags|=SSL3_FLAGS_POP_BUFFER; | ||
464 | s->s3->delay_buf_pop_ret=0; | ||
465 | } | ||
466 | } | ||
467 | else | ||
468 | { | ||
469 | #ifndef OPENSSL_NO_TLSEXT | ||
470 | /* Allow NewSessionTicket if ticket expected */ | ||
471 | if (s->tlsext_ticket_expected) | ||
472 | s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; | ||
473 | else | ||
474 | #endif | ||
475 | |||
476 | s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; | ||
477 | } | ||
478 | s->init_num=0; | ||
479 | break; | ||
480 | |||
481 | #ifndef OPENSSL_NO_TLSEXT | ||
482 | case SSL3_ST_CR_SESSION_TICKET_A: | ||
483 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
484 | ret=ssl3_get_new_session_ticket(s); | ||
485 | if (ret <= 0) goto end; | ||
486 | s->state=SSL3_ST_CR_FINISHED_A; | ||
487 | s->init_num=0; | ||
488 | break; | ||
489 | |||
490 | case SSL3_ST_CR_CERT_STATUS_A: | ||
491 | case SSL3_ST_CR_CERT_STATUS_B: | ||
492 | ret=ssl3_get_cert_status(s); | ||
493 | if (ret <= 0) goto end; | ||
494 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
495 | s->init_num=0; | ||
496 | break; | ||
497 | #endif | ||
498 | |||
499 | case SSL3_ST_CR_FINISHED_A: | ||
500 | case SSL3_ST_CR_FINISHED_B: | ||
501 | s->d1->change_cipher_spec_ok = 1; | ||
502 | ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, | ||
503 | SSL3_ST_CR_FINISHED_B); | ||
504 | if (ret <= 0) goto end; | ||
505 | dtls1_stop_timer(s); | ||
506 | |||
507 | if (s->hit) | ||
508 | s->state=SSL3_ST_CW_CHANGE_A; | ||
509 | else | ||
510 | s->state=SSL_ST_OK; | ||
511 | s->init_num=0; | ||
512 | break; | ||
513 | |||
514 | case SSL3_ST_CW_FLUSH: | ||
515 | s->rwstate=SSL_WRITING; | ||
516 | if (BIO_flush(s->wbio) <= 0) | ||
517 | { | ||
518 | ret= -1; | ||
519 | goto end; | ||
520 | } | ||
521 | s->rwstate=SSL_NOTHING; | ||
522 | s->state=s->s3->tmp.next_state; | ||
523 | break; | ||
524 | |||
525 | case SSL_ST_OK: | ||
526 | /* clean a few things up */ | ||
527 | ssl3_cleanup_key_block(s); | ||
528 | |||
529 | #if 0 | ||
530 | if (s->init_buf != NULL) | ||
531 | { | ||
532 | BUF_MEM_free(s->init_buf); | ||
533 | s->init_buf=NULL; | ||
534 | } | ||
535 | #endif | ||
536 | |||
537 | /* If we are not 'joining' the last two packets, | ||
538 | * remove the buffering now */ | ||
539 | if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) | ||
540 | ssl_free_wbio_buffer(s); | ||
541 | /* else do it later in ssl3_write */ | ||
542 | |||
543 | s->init_num=0; | ||
544 | s->new_session=0; | ||
545 | |||
546 | ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); | ||
547 | if (s->hit) s->ctx->stats.sess_hit++; | ||
548 | |||
549 | ret=1; | ||
550 | /* s->server=0; */ | ||
551 | s->handshake_func=dtls1_connect; | ||
552 | s->ctx->stats.sess_connect_good++; | ||
553 | |||
554 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | ||
555 | |||
556 | /* done with handshaking */ | ||
557 | s->d1->handshake_read_seq = 0; | ||
558 | s->d1->next_handshake_write_seq = 0; | ||
559 | goto end; | ||
560 | /* break; */ | ||
561 | |||
562 | default: | ||
563 | SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE); | ||
564 | ret= -1; | ||
565 | goto end; | ||
566 | /* break; */ | ||
567 | } | ||
568 | |||
569 | /* did we do anything */ | ||
570 | if (!s->s3->tmp.reuse_message && !skip) | ||
571 | { | ||
572 | if (s->debug) | ||
573 | { | ||
574 | if ((ret=BIO_flush(s->wbio)) <= 0) | ||
575 | goto end; | ||
576 | } | ||
577 | |||
578 | if ((cb != NULL) && (s->state != state)) | ||
579 | { | ||
580 | new_state=s->state; | ||
581 | s->state=state; | ||
582 | cb(s,SSL_CB_CONNECT_LOOP,1); | ||
583 | s->state=new_state; | ||
584 | } | ||
585 | } | ||
586 | skip=0; | ||
587 | } | ||
588 | end: | ||
589 | s->in_handshake--; | ||
590 | if (buf != NULL) | ||
591 | BUF_MEM_free(buf); | ||
592 | if (cb != NULL) | ||
593 | cb(s,SSL_CB_CONNECT_EXIT,ret); | ||
594 | return(ret); | ||
595 | } | ||
596 | |||
597 | int dtls1_client_hello(SSL *s) | ||
598 | { | ||
599 | unsigned char *buf; | ||
600 | unsigned char *p,*d; | ||
601 | unsigned int i,j; | ||
602 | unsigned long Time,l; | ||
603 | SSL_COMP *comp; | ||
604 | |||
605 | buf=(unsigned char *)s->init_buf->data; | ||
606 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) | ||
607 | { | ||
608 | SSL_SESSION *sess = s->session; | ||
609 | if ((s->session == NULL) || | ||
610 | (s->session->ssl_version != s->version) || | ||
611 | #ifdef OPENSSL_NO_TLSEXT | ||
612 | !sess->session_id_length || | ||
613 | #else | ||
614 | (!sess->session_id_length && !sess->tlsext_tick) || | ||
615 | #endif | ||
616 | (s->session->not_resumable)) | ||
617 | { | ||
618 | if (!ssl_get_new_session(s,0)) | ||
619 | goto err; | ||
620 | } | ||
621 | /* else use the pre-loaded session */ | ||
622 | |||
623 | p=s->s3->client_random; | ||
624 | |||
625 | /* if client_random is initialized, reuse it, we are | ||
626 | * required to use same upon reply to HelloVerify */ | ||
627 | for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ; | ||
628 | if (i==sizeof(s->s3->client_random)) | ||
629 | { | ||
630 | Time=(unsigned long)time(NULL); /* Time */ | ||
631 | l2n(Time,p); | ||
632 | RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4); | ||
633 | } | ||
634 | |||
635 | /* Do the message type and length last */ | ||
636 | d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); | ||
637 | |||
638 | *(p++)=s->version>>8; | ||
639 | *(p++)=s->version&0xff; | ||
640 | s->client_version=s->version; | ||
641 | |||
642 | /* Random stuff */ | ||
643 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | ||
644 | p+=SSL3_RANDOM_SIZE; | ||
645 | |||
646 | /* Session ID */ | ||
647 | if (s->new_session) | ||
648 | i=0; | ||
649 | else | ||
650 | i=s->session->session_id_length; | ||
651 | *(p++)=i; | ||
652 | if (i != 0) | ||
653 | { | ||
654 | if (i > sizeof s->session->session_id) | ||
655 | { | ||
656 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
657 | goto err; | ||
658 | } | ||
659 | memcpy(p,s->session->session_id,i); | ||
660 | p+=i; | ||
661 | } | ||
662 | |||
663 | /* cookie stuff */ | ||
664 | if ( s->d1->cookie_len > sizeof(s->d1->cookie)) | ||
665 | { | ||
666 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
667 | goto err; | ||
668 | } | ||
669 | *(p++) = s->d1->cookie_len; | ||
670 | memcpy(p, s->d1->cookie, s->d1->cookie_len); | ||
671 | p += s->d1->cookie_len; | ||
672 | |||
673 | /* Ciphers supported */ | ||
674 | i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); | ||
675 | if (i == 0) | ||
676 | { | ||
677 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); | ||
678 | goto err; | ||
679 | } | ||
680 | s2n(i,p); | ||
681 | p+=i; | ||
682 | |||
683 | /* COMPRESSION */ | ||
684 | if (s->ctx->comp_methods == NULL) | ||
685 | j=0; | ||
686 | else | ||
687 | j=sk_SSL_COMP_num(s->ctx->comp_methods); | ||
688 | *(p++)=1+j; | ||
689 | for (i=0; i<j; i++) | ||
690 | { | ||
691 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | ||
692 | *(p++)=comp->id; | ||
693 | } | ||
694 | *(p++)=0; /* Add the NULL method */ | ||
695 | |||
696 | #ifndef OPENSSL_NO_TLSEXT | ||
697 | if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
698 | { | ||
699 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
700 | goto err; | ||
701 | } | ||
702 | #endif | ||
703 | |||
704 | l=(p-d); | ||
705 | d=buf; | ||
706 | |||
707 | d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); | ||
708 | |||
709 | s->state=SSL3_ST_CW_CLNT_HELLO_B; | ||
710 | /* number of bytes to write */ | ||
711 | s->init_num=p-buf; | ||
712 | s->init_off=0; | ||
713 | |||
714 | /* buffer the message to handle re-xmits */ | ||
715 | dtls1_buffer_message(s, 0); | ||
716 | } | ||
717 | |||
718 | /* SSL3_ST_CW_CLNT_HELLO_B */ | ||
719 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
720 | err: | ||
721 | return(-1); | ||
722 | } | ||
723 | |||
724 | static int dtls1_get_hello_verify(SSL *s) | ||
725 | { | ||
726 | int n, al, ok = 0; | ||
727 | unsigned char *data; | ||
728 | unsigned int cookie_len; | ||
729 | |||
730 | n=s->method->ssl_get_message(s, | ||
731 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | ||
732 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, | ||
733 | -1, | ||
734 | s->max_cert_list, | ||
735 | &ok); | ||
736 | |||
737 | if (!ok) return((int)n); | ||
738 | |||
739 | if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) | ||
740 | { | ||
741 | s->d1->send_cookie = 0; | ||
742 | s->s3->tmp.reuse_message=1; | ||
743 | return(1); | ||
744 | } | ||
745 | |||
746 | data = (unsigned char *)s->init_msg; | ||
747 | |||
748 | if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff))) | ||
749 | { | ||
750 | SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION); | ||
751 | s->version=(s->version&0xff00)|data[1]; | ||
752 | al = SSL_AD_PROTOCOL_VERSION; | ||
753 | goto f_err; | ||
754 | } | ||
755 | data+=2; | ||
756 | |||
757 | cookie_len = *(data++); | ||
758 | if ( cookie_len > sizeof(s->d1->cookie)) | ||
759 | { | ||
760 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
761 | goto f_err; | ||
762 | } | ||
763 | |||
764 | memcpy(s->d1->cookie, data, cookie_len); | ||
765 | s->d1->cookie_len = cookie_len; | ||
766 | |||
767 | s->d1->send_cookie = 1; | ||
768 | return 1; | ||
769 | |||
770 | f_err: | ||
771 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
772 | return -1; | ||
773 | } | ||
774 | |||
775 | int dtls1_send_client_key_exchange(SSL *s) | ||
776 | { | ||
777 | unsigned char *p,*d; | ||
778 | int n; | ||
779 | unsigned long alg_k; | ||
780 | #ifndef OPENSSL_NO_RSA | ||
781 | unsigned char *q; | ||
782 | EVP_PKEY *pkey=NULL; | ||
783 | #endif | ||
784 | #ifndef OPENSSL_NO_KRB5 | ||
785 | KSSL_ERR kssl_err; | ||
786 | #endif /* OPENSSL_NO_KRB5 */ | ||
787 | #ifndef OPENSSL_NO_ECDH | ||
788 | EC_KEY *clnt_ecdh = NULL; | ||
789 | const EC_POINT *srvr_ecpoint = NULL; | ||
790 | EVP_PKEY *srvr_pub_pkey = NULL; | ||
791 | unsigned char *encodedPoint = NULL; | ||
792 | int encoded_pt_len = 0; | ||
793 | BN_CTX * bn_ctx = NULL; | ||
794 | #endif | ||
795 | |||
796 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) | ||
797 | { | ||
798 | d=(unsigned char *)s->init_buf->data; | ||
799 | p= &(d[DTLS1_HM_HEADER_LENGTH]); | ||
800 | |||
801 | alg_k=s->s3->tmp.new_cipher->algorithm_mkey; | ||
802 | |||
803 | /* Fool emacs indentation */ | ||
804 | if (0) {} | ||
805 | #ifndef OPENSSL_NO_RSA | ||
806 | else if (alg_k & SSL_kRSA) | ||
807 | { | ||
808 | RSA *rsa; | ||
809 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | ||
810 | |||
811 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | ||
812 | rsa=s->session->sess_cert->peer_rsa_tmp; | ||
813 | else | ||
814 | { | ||
815 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
816 | if ((pkey == NULL) || | ||
817 | (pkey->type != EVP_PKEY_RSA) || | ||
818 | (pkey->pkey.rsa == NULL)) | ||
819 | { | ||
820 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | ||
821 | goto err; | ||
822 | } | ||
823 | rsa=pkey->pkey.rsa; | ||
824 | EVP_PKEY_free(pkey); | ||
825 | } | ||
826 | |||
827 | tmp_buf[0]=s->client_version>>8; | ||
828 | tmp_buf[1]=s->client_version&0xff; | ||
829 | if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) | ||
830 | goto err; | ||
831 | |||
832 | s->session->master_key_length=sizeof tmp_buf; | ||
833 | |||
834 | q=p; | ||
835 | /* Fix buf for TLS and [incidentally] DTLS */ | ||
836 | if (s->version > SSL3_VERSION) | ||
837 | p+=2; | ||
838 | n=RSA_public_encrypt(sizeof tmp_buf, | ||
839 | tmp_buf,p,rsa,RSA_PKCS1_PADDING); | ||
840 | #ifdef PKCS1_CHECK | ||
841 | if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; | ||
842 | if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; | ||
843 | #endif | ||
844 | if (n <= 0) | ||
845 | { | ||
846 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); | ||
847 | goto err; | ||
848 | } | ||
849 | |||
850 | /* Fix buf for TLS and [incidentally] DTLS */ | ||
851 | if (s->version > SSL3_VERSION) | ||
852 | { | ||
853 | s2n(n,q); | ||
854 | n+=2; | ||
855 | } | ||
856 | |||
857 | s->session->master_key_length= | ||
858 | s->method->ssl3_enc->generate_master_secret(s, | ||
859 | s->session->master_key, | ||
860 | tmp_buf,sizeof tmp_buf); | ||
861 | OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); | ||
862 | } | ||
863 | #endif | ||
864 | #ifndef OPENSSL_NO_KRB5 | ||
865 | else if (alg_k & SSL_kKRB5) | ||
866 | { | ||
867 | krb5_error_code krb5rc; | ||
868 | KSSL_CTX *kssl_ctx = s->kssl_ctx; | ||
869 | /* krb5_data krb5_ap_req; */ | ||
870 | krb5_data *enc_ticket; | ||
871 | krb5_data authenticator, *authp = NULL; | ||
872 | EVP_CIPHER_CTX ciph_ctx; | ||
873 | const EVP_CIPHER *enc = NULL; | ||
874 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
875 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | ||
876 | unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH | ||
877 | + EVP_MAX_IV_LENGTH]; | ||
878 | int padl, outl = sizeof(epms); | ||
879 | |||
880 | EVP_CIPHER_CTX_init(&ciph_ctx); | ||
881 | |||
882 | #ifdef KSSL_DEBUG | ||
883 | printf("ssl3_send_client_key_exchange(%lx & %lx)\n", | ||
884 | alg_k, SSL_kKRB5); | ||
885 | #endif /* KSSL_DEBUG */ | ||
886 | |||
887 | authp = NULL; | ||
888 | #ifdef KRB5SENDAUTH | ||
889 | if (KRB5SENDAUTH) authp = &authenticator; | ||
890 | #endif /* KRB5SENDAUTH */ | ||
891 | |||
892 | krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, | ||
893 | &kssl_err); | ||
894 | enc = kssl_map_enc(kssl_ctx->enctype); | ||
895 | if (enc == NULL) | ||
896 | goto err; | ||
897 | #ifdef KSSL_DEBUG | ||
898 | { | ||
899 | printf("kssl_cget_tkt rtn %d\n", krb5rc); | ||
900 | if (krb5rc && kssl_err.text) | ||
901 | printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); | ||
902 | } | ||
903 | #endif /* KSSL_DEBUG */ | ||
904 | |||
905 | if (krb5rc) | ||
906 | { | ||
907 | ssl3_send_alert(s,SSL3_AL_FATAL, | ||
908 | SSL_AD_HANDSHAKE_FAILURE); | ||
909 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
910 | kssl_err.reason); | ||
911 | goto err; | ||
912 | } | ||
913 | |||
914 | /* 20010406 VRS - Earlier versions used KRB5 AP_REQ | ||
915 | ** in place of RFC 2712 KerberosWrapper, as in: | ||
916 | ** | ||
917 | ** Send ticket (copy to *p, set n = length) | ||
918 | ** n = krb5_ap_req.length; | ||
919 | ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); | ||
920 | ** if (krb5_ap_req.data) | ||
921 | ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); | ||
922 | ** | ||
923 | ** Now using real RFC 2712 KerberosWrapper | ||
924 | ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) | ||
925 | ** Note: 2712 "opaque" types are here replaced | ||
926 | ** with a 2-byte length followed by the value. | ||
927 | ** Example: | ||
928 | ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms | ||
929 | ** Where "xx xx" = length bytes. Shown here with | ||
930 | ** optional authenticator omitted. | ||
931 | */ | ||
932 | |||
933 | /* KerberosWrapper.Ticket */ | ||
934 | s2n(enc_ticket->length,p); | ||
935 | memcpy(p, enc_ticket->data, enc_ticket->length); | ||
936 | p+= enc_ticket->length; | ||
937 | n = enc_ticket->length + 2; | ||
938 | |||
939 | /* KerberosWrapper.Authenticator */ | ||
940 | if (authp && authp->length) | ||
941 | { | ||
942 | s2n(authp->length,p); | ||
943 | memcpy(p, authp->data, authp->length); | ||
944 | p+= authp->length; | ||
945 | n+= authp->length + 2; | ||
946 | |||
947 | free(authp->data); | ||
948 | authp->data = NULL; | ||
949 | authp->length = 0; | ||
950 | } | ||
951 | else | ||
952 | { | ||
953 | s2n(0,p);/* null authenticator length */ | ||
954 | n+=2; | ||
955 | } | ||
956 | |||
957 | if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) | ||
958 | goto err; | ||
959 | |||
960 | /* 20010420 VRS. Tried it this way; failed. | ||
961 | ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); | ||
962 | ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, | ||
963 | ** kssl_ctx->length); | ||
964 | ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); | ||
965 | */ | ||
966 | |||
967 | memset(iv, 0, sizeof iv); /* per RFC 1510 */ | ||
968 | EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, | ||
969 | kssl_ctx->key,iv); | ||
970 | EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, | ||
971 | sizeof tmp_buf); | ||
972 | EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | ||
973 | outl += padl; | ||
974 | if (outl > (int)sizeof epms) | ||
975 | { | ||
976 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
977 | goto err; | ||
978 | } | ||
979 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | ||
980 | |||
981 | /* KerberosWrapper.EncryptedPreMasterSecret */ | ||
982 | s2n(outl,p); | ||
983 | memcpy(p, epms, outl); | ||
984 | p+=outl; | ||
985 | n+=outl + 2; | ||
986 | |||
987 | s->session->master_key_length= | ||
988 | s->method->ssl3_enc->generate_master_secret(s, | ||
989 | s->session->master_key, | ||
990 | tmp_buf, sizeof tmp_buf); | ||
991 | |||
992 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | ||
993 | OPENSSL_cleanse(epms, outl); | ||
994 | } | ||
995 | #endif | ||
996 | #ifndef OPENSSL_NO_DH | ||
997 | else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | ||
998 | { | ||
999 | DH *dh_srvr,*dh_clnt; | ||
1000 | |||
1001 | if (s->session->sess_cert->peer_dh_tmp != NULL) | ||
1002 | dh_srvr=s->session->sess_cert->peer_dh_tmp; | ||
1003 | else | ||
1004 | { | ||
1005 | /* we get them from the cert */ | ||
1006 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | ||
1007 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | ||
1008 | goto err; | ||
1009 | } | ||
1010 | |||
1011 | /* generate a new random key */ | ||
1012 | if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) | ||
1013 | { | ||
1014 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
1015 | goto err; | ||
1016 | } | ||
1017 | if (!DH_generate_key(dh_clnt)) | ||
1018 | { | ||
1019 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
1020 | goto err; | ||
1021 | } | ||
1022 | |||
1023 | /* use the 'p' output buffer for the DH key, but | ||
1024 | * make sure to clear it out afterwards */ | ||
1025 | |||
1026 | n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); | ||
1027 | |||
1028 | if (n <= 0) | ||
1029 | { | ||
1030 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
1031 | goto err; | ||
1032 | } | ||
1033 | |||
1034 | /* generate master key from the result */ | ||
1035 | s->session->master_key_length= | ||
1036 | s->method->ssl3_enc->generate_master_secret(s, | ||
1037 | s->session->master_key,p,n); | ||
1038 | /* clean up */ | ||
1039 | memset(p,0,n); | ||
1040 | |||
1041 | /* send off the data */ | ||
1042 | n=BN_num_bytes(dh_clnt->pub_key); | ||
1043 | s2n(n,p); | ||
1044 | BN_bn2bin(dh_clnt->pub_key,p); | ||
1045 | n+=2; | ||
1046 | |||
1047 | DH_free(dh_clnt); | ||
1048 | |||
1049 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | ||
1050 | } | ||
1051 | #endif | ||
1052 | #ifndef OPENSSL_NO_ECDH | ||
1053 | else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) | ||
1054 | { | ||
1055 | const EC_GROUP *srvr_group = NULL; | ||
1056 | EC_KEY *tkey; | ||
1057 | int ecdh_clnt_cert = 0; | ||
1058 | int field_size = 0; | ||
1059 | |||
1060 | /* Did we send out the client's | ||
1061 | * ECDH share for use in premaster | ||
1062 | * computation as part of client certificate? | ||
1063 | * If so, set ecdh_clnt_cert to 1. | ||
1064 | */ | ||
1065 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) | ||
1066 | { | ||
1067 | /* XXX: For now, we do not support client | ||
1068 | * authentication using ECDH certificates. | ||
1069 | * To add such support, one needs to add | ||
1070 | * code that checks for appropriate | ||
1071 | * conditions and sets ecdh_clnt_cert to 1. | ||
1072 | * For example, the cert have an ECC | ||
1073 | * key on the same curve as the server's | ||
1074 | * and the key should be authorized for | ||
1075 | * key agreement. | ||
1076 | * | ||
1077 | * One also needs to add code in ssl3_connect | ||
1078 | * to skip sending the certificate verify | ||
1079 | * message. | ||
1080 | * | ||
1081 | * if ((s->cert->key->privatekey != NULL) && | ||
1082 | * (s->cert->key->privatekey->type == | ||
1083 | * EVP_PKEY_EC) && ...) | ||
1084 | * ecdh_clnt_cert = 1; | ||
1085 | */ | ||
1086 | } | ||
1087 | |||
1088 | if (s->session->sess_cert->peer_ecdh_tmp != NULL) | ||
1089 | { | ||
1090 | tkey = s->session->sess_cert->peer_ecdh_tmp; | ||
1091 | } | ||
1092 | else | ||
1093 | { | ||
1094 | /* Get the Server Public Key from Cert */ | ||
1095 | srvr_pub_pkey = X509_get_pubkey(s->session-> \ | ||
1096 | sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
1097 | if ((srvr_pub_pkey == NULL) || | ||
1098 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | ||
1099 | (srvr_pub_pkey->pkey.ec == NULL)) | ||
1100 | { | ||
1101 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1102 | ERR_R_INTERNAL_ERROR); | ||
1103 | goto err; | ||
1104 | } | ||
1105 | |||
1106 | tkey = srvr_pub_pkey->pkey.ec; | ||
1107 | } | ||
1108 | |||
1109 | srvr_group = EC_KEY_get0_group(tkey); | ||
1110 | srvr_ecpoint = EC_KEY_get0_public_key(tkey); | ||
1111 | |||
1112 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) | ||
1113 | { | ||
1114 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1115 | ERR_R_INTERNAL_ERROR); | ||
1116 | goto err; | ||
1117 | } | ||
1118 | |||
1119 | if ((clnt_ecdh=EC_KEY_new()) == NULL) | ||
1120 | { | ||
1121 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1122 | goto err; | ||
1123 | } | ||
1124 | |||
1125 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) | ||
1126 | { | ||
1127 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
1128 | goto err; | ||
1129 | } | ||
1130 | if (ecdh_clnt_cert) | ||
1131 | { | ||
1132 | /* Reuse key info from our certificate | ||
1133 | * We only need our private key to perform | ||
1134 | * the ECDH computation. | ||
1135 | */ | ||
1136 | const BIGNUM *priv_key; | ||
1137 | tkey = s->cert->key->privatekey->pkey.ec; | ||
1138 | priv_key = EC_KEY_get0_private_key(tkey); | ||
1139 | if (priv_key == NULL) | ||
1140 | { | ||
1141 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1142 | goto err; | ||
1143 | } | ||
1144 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) | ||
1145 | { | ||
1146 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
1147 | goto err; | ||
1148 | } | ||
1149 | } | ||
1150 | else | ||
1151 | { | ||
1152 | /* Generate a new ECDH key pair */ | ||
1153 | if (!(EC_KEY_generate_key(clnt_ecdh))) | ||
1154 | { | ||
1155 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
1156 | goto err; | ||
1157 | } | ||
1158 | } | ||
1159 | |||
1160 | /* use the 'p' output buffer for the ECDH key, but | ||
1161 | * make sure to clear it out afterwards | ||
1162 | */ | ||
1163 | |||
1164 | field_size = EC_GROUP_get_degree(srvr_group); | ||
1165 | if (field_size <= 0) | ||
1166 | { | ||
1167 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1168 | ERR_R_ECDH_LIB); | ||
1169 | goto err; | ||
1170 | } | ||
1171 | n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); | ||
1172 | if (n <= 0) | ||
1173 | { | ||
1174 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1175 | ERR_R_ECDH_LIB); | ||
1176 | goto err; | ||
1177 | } | ||
1178 | |||
1179 | /* generate master key from the result */ | ||
1180 | s->session->master_key_length = s->method->ssl3_enc \ | ||
1181 | -> generate_master_secret(s, | ||
1182 | s->session->master_key, | ||
1183 | p, n); | ||
1184 | |||
1185 | memset(p, 0, n); /* clean up */ | ||
1186 | |||
1187 | if (ecdh_clnt_cert) | ||
1188 | { | ||
1189 | /* Send empty client key exch message */ | ||
1190 | n = 0; | ||
1191 | } | ||
1192 | else | ||
1193 | { | ||
1194 | /* First check the size of encoding and | ||
1195 | * allocate memory accordingly. | ||
1196 | */ | ||
1197 | encoded_pt_len = | ||
1198 | EC_POINT_point2oct(srvr_group, | ||
1199 | EC_KEY_get0_public_key(clnt_ecdh), | ||
1200 | POINT_CONVERSION_UNCOMPRESSED, | ||
1201 | NULL, 0, NULL); | ||
1202 | |||
1203 | encodedPoint = (unsigned char *) | ||
1204 | OPENSSL_malloc(encoded_pt_len * | ||
1205 | sizeof(unsigned char)); | ||
1206 | bn_ctx = BN_CTX_new(); | ||
1207 | if ((encodedPoint == NULL) || | ||
1208 | (bn_ctx == NULL)) | ||
1209 | { | ||
1210 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1211 | goto err; | ||
1212 | } | ||
1213 | |||
1214 | /* Encode the public key */ | ||
1215 | n = EC_POINT_point2oct(srvr_group, | ||
1216 | EC_KEY_get0_public_key(clnt_ecdh), | ||
1217 | POINT_CONVERSION_UNCOMPRESSED, | ||
1218 | encodedPoint, encoded_pt_len, bn_ctx); | ||
1219 | |||
1220 | *p = n; /* length of encoded point */ | ||
1221 | /* Encoded point will be copied here */ | ||
1222 | p += 1; | ||
1223 | /* copy the point */ | ||
1224 | memcpy((unsigned char *)p, encodedPoint, n); | ||
1225 | /* increment n to account for length field */ | ||
1226 | n += 1; | ||
1227 | } | ||
1228 | |||
1229 | /* Free allocated memory */ | ||
1230 | BN_CTX_free(bn_ctx); | ||
1231 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
1232 | if (clnt_ecdh != NULL) | ||
1233 | EC_KEY_free(clnt_ecdh); | ||
1234 | EVP_PKEY_free(srvr_pub_pkey); | ||
1235 | } | ||
1236 | #endif /* !OPENSSL_NO_ECDH */ | ||
1237 | |||
1238 | #ifndef OPENSSL_NO_PSK | ||
1239 | else if (alg_k & SSL_kPSK) | ||
1240 | { | ||
1241 | char identity[PSK_MAX_IDENTITY_LEN]; | ||
1242 | unsigned char *t = NULL; | ||
1243 | unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; | ||
1244 | unsigned int pre_ms_len = 0, psk_len = 0; | ||
1245 | int psk_err = 1; | ||
1246 | |||
1247 | n = 0; | ||
1248 | if (s->psk_client_callback == NULL) | ||
1249 | { | ||
1250 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1251 | SSL_R_PSK_NO_CLIENT_CB); | ||
1252 | goto err; | ||
1253 | } | ||
1254 | |||
1255 | psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, | ||
1256 | identity, PSK_MAX_IDENTITY_LEN, | ||
1257 | psk_or_pre_ms, sizeof(psk_or_pre_ms)); | ||
1258 | if (psk_len > PSK_MAX_PSK_LEN) | ||
1259 | { | ||
1260 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1261 | ERR_R_INTERNAL_ERROR); | ||
1262 | goto psk_err; | ||
1263 | } | ||
1264 | else if (psk_len == 0) | ||
1265 | { | ||
1266 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1267 | SSL_R_PSK_IDENTITY_NOT_FOUND); | ||
1268 | goto psk_err; | ||
1269 | } | ||
1270 | |||
1271 | /* create PSK pre_master_secret */ | ||
1272 | pre_ms_len = 2+psk_len+2+psk_len; | ||
1273 | t = psk_or_pre_ms; | ||
1274 | memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); | ||
1275 | s2n(psk_len, t); | ||
1276 | memset(t, 0, psk_len); | ||
1277 | t+=psk_len; | ||
1278 | s2n(psk_len, t); | ||
1279 | |||
1280 | if (s->session->psk_identity_hint != NULL) | ||
1281 | OPENSSL_free(s->session->psk_identity_hint); | ||
1282 | s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); | ||
1283 | if (s->ctx->psk_identity_hint != NULL && | ||
1284 | s->session->psk_identity_hint == NULL) | ||
1285 | { | ||
1286 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1287 | ERR_R_MALLOC_FAILURE); | ||
1288 | goto psk_err; | ||
1289 | } | ||
1290 | |||
1291 | if (s->session->psk_identity != NULL) | ||
1292 | OPENSSL_free(s->session->psk_identity); | ||
1293 | s->session->psk_identity = BUF_strdup(identity); | ||
1294 | if (s->session->psk_identity == NULL) | ||
1295 | { | ||
1296 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
1297 | ERR_R_MALLOC_FAILURE); | ||
1298 | goto psk_err; | ||
1299 | } | ||
1300 | |||
1301 | s->session->master_key_length = | ||
1302 | s->method->ssl3_enc->generate_master_secret(s, | ||
1303 | s->session->master_key, | ||
1304 | psk_or_pre_ms, pre_ms_len); | ||
1305 | n = strlen(identity); | ||
1306 | s2n(n, p); | ||
1307 | memcpy(p, identity, n); | ||
1308 | n+=2; | ||
1309 | psk_err = 0; | ||
1310 | psk_err: | ||
1311 | OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); | ||
1312 | OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); | ||
1313 | if (psk_err != 0) | ||
1314 | { | ||
1315 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | ||
1316 | goto err; | ||
1317 | } | ||
1318 | } | ||
1319 | #endif | ||
1320 | else | ||
1321 | { | ||
1322 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | ||
1323 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | ||
1324 | goto err; | ||
1325 | } | ||
1326 | |||
1327 | d = dtls1_set_message_header(s, d, | ||
1328 | SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); | ||
1329 | /* | ||
1330 | *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; | ||
1331 | l2n3(n,d); | ||
1332 | l2n(s->d1->handshake_write_seq,d); | ||
1333 | s->d1->handshake_write_seq++; | ||
1334 | */ | ||
1335 | |||
1336 | s->state=SSL3_ST_CW_KEY_EXCH_B; | ||
1337 | /* number of bytes to write */ | ||
1338 | s->init_num=n+DTLS1_HM_HEADER_LENGTH; | ||
1339 | s->init_off=0; | ||
1340 | |||
1341 | /* buffer the message to handle re-xmits */ | ||
1342 | dtls1_buffer_message(s, 0); | ||
1343 | } | ||
1344 | |||
1345 | /* SSL3_ST_CW_KEY_EXCH_B */ | ||
1346 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1347 | err: | ||
1348 | #ifndef OPENSSL_NO_ECDH | ||
1349 | BN_CTX_free(bn_ctx); | ||
1350 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
1351 | if (clnt_ecdh != NULL) | ||
1352 | EC_KEY_free(clnt_ecdh); | ||
1353 | EVP_PKEY_free(srvr_pub_pkey); | ||
1354 | #endif | ||
1355 | return(-1); | ||
1356 | } | ||
1357 | |||
1358 | int dtls1_send_client_verify(SSL *s) | ||
1359 | { | ||
1360 | unsigned char *p,*d; | ||
1361 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | ||
1362 | EVP_PKEY *pkey; | ||
1363 | #ifndef OPENSSL_NO_RSA | ||
1364 | unsigned u=0; | ||
1365 | #endif | ||
1366 | unsigned long n; | ||
1367 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) | ||
1368 | int j; | ||
1369 | #endif | ||
1370 | |||
1371 | if (s->state == SSL3_ST_CW_CERT_VRFY_A) | ||
1372 | { | ||
1373 | d=(unsigned char *)s->init_buf->data; | ||
1374 | p= &(d[DTLS1_HM_HEADER_LENGTH]); | ||
1375 | pkey=s->cert->key->privatekey; | ||
1376 | |||
1377 | s->method->ssl3_enc->cert_verify_mac(s, | ||
1378 | NID_sha1, | ||
1379 | &(data[MD5_DIGEST_LENGTH])); | ||
1380 | |||
1381 | #ifndef OPENSSL_NO_RSA | ||
1382 | if (pkey->type == EVP_PKEY_RSA) | ||
1383 | { | ||
1384 | s->method->ssl3_enc->cert_verify_mac(s, | ||
1385 | NID_md5, | ||
1386 | &(data[0])); | ||
1387 | if (RSA_sign(NID_md5_sha1, data, | ||
1388 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | ||
1389 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) | ||
1390 | { | ||
1391 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); | ||
1392 | goto err; | ||
1393 | } | ||
1394 | s2n(u,p); | ||
1395 | n=u+2; | ||
1396 | } | ||
1397 | else | ||
1398 | #endif | ||
1399 | #ifndef OPENSSL_NO_DSA | ||
1400 | if (pkey->type == EVP_PKEY_DSA) | ||
1401 | { | ||
1402 | if (!DSA_sign(pkey->save_type, | ||
1403 | &(data[MD5_DIGEST_LENGTH]), | ||
1404 | SHA_DIGEST_LENGTH,&(p[2]), | ||
1405 | (unsigned int *)&j,pkey->pkey.dsa)) | ||
1406 | { | ||
1407 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); | ||
1408 | goto err; | ||
1409 | } | ||
1410 | s2n(j,p); | ||
1411 | n=j+2; | ||
1412 | } | ||
1413 | else | ||
1414 | #endif | ||
1415 | #ifndef OPENSSL_NO_ECDSA | ||
1416 | if (pkey->type == EVP_PKEY_EC) | ||
1417 | { | ||
1418 | if (!ECDSA_sign(pkey->save_type, | ||
1419 | &(data[MD5_DIGEST_LENGTH]), | ||
1420 | SHA_DIGEST_LENGTH,&(p[2]), | ||
1421 | (unsigned int *)&j,pkey->pkey.ec)) | ||
1422 | { | ||
1423 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | ||
1424 | ERR_R_ECDSA_LIB); | ||
1425 | goto err; | ||
1426 | } | ||
1427 | s2n(j,p); | ||
1428 | n=j+2; | ||
1429 | } | ||
1430 | else | ||
1431 | #endif | ||
1432 | { | ||
1433 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); | ||
1434 | goto err; | ||
1435 | } | ||
1436 | |||
1437 | d = dtls1_set_message_header(s, d, | ||
1438 | SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ; | ||
1439 | |||
1440 | s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH; | ||
1441 | s->init_off=0; | ||
1442 | |||
1443 | /* buffer the message to handle re-xmits */ | ||
1444 | dtls1_buffer_message(s, 0); | ||
1445 | |||
1446 | s->state = SSL3_ST_CW_CERT_VRFY_B; | ||
1447 | } | ||
1448 | |||
1449 | /* s->state = SSL3_ST_CW_CERT_VRFY_B */ | ||
1450 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1451 | err: | ||
1452 | return(-1); | ||
1453 | } | ||
1454 | |||
1455 | int dtls1_send_client_certificate(SSL *s) | ||
1456 | { | ||
1457 | X509 *x509=NULL; | ||
1458 | EVP_PKEY *pkey=NULL; | ||
1459 | int i; | ||
1460 | unsigned long l; | ||
1461 | |||
1462 | if (s->state == SSL3_ST_CW_CERT_A) | ||
1463 | { | ||
1464 | if ((s->cert == NULL) || | ||
1465 | (s->cert->key->x509 == NULL) || | ||
1466 | (s->cert->key->privatekey == NULL)) | ||
1467 | s->state=SSL3_ST_CW_CERT_B; | ||
1468 | else | ||
1469 | s->state=SSL3_ST_CW_CERT_C; | ||
1470 | } | ||
1471 | |||
1472 | /* We need to get a client cert */ | ||
1473 | if (s->state == SSL3_ST_CW_CERT_B) | ||
1474 | { | ||
1475 | /* If we get an error, we need to | ||
1476 | * ssl->rwstate=SSL_X509_LOOKUP; return(-1); | ||
1477 | * We then get retied later */ | ||
1478 | i=0; | ||
1479 | i = ssl_do_client_cert_cb(s, &x509, &pkey); | ||
1480 | if (i < 0) | ||
1481 | { | ||
1482 | s->rwstate=SSL_X509_LOOKUP; | ||
1483 | return(-1); | ||
1484 | } | ||
1485 | s->rwstate=SSL_NOTHING; | ||
1486 | if ((i == 1) && (pkey != NULL) && (x509 != NULL)) | ||
1487 | { | ||
1488 | s->state=SSL3_ST_CW_CERT_B; | ||
1489 | if ( !SSL_use_certificate(s,x509) || | ||
1490 | !SSL_use_PrivateKey(s,pkey)) | ||
1491 | i=0; | ||
1492 | } | ||
1493 | else if (i == 1) | ||
1494 | { | ||
1495 | i=0; | ||
1496 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | ||
1497 | } | ||
1498 | |||
1499 | if (x509 != NULL) X509_free(x509); | ||
1500 | if (pkey != NULL) EVP_PKEY_free(pkey); | ||
1501 | if (i == 0) | ||
1502 | { | ||
1503 | if (s->version == SSL3_VERSION) | ||
1504 | { | ||
1505 | s->s3->tmp.cert_req=0; | ||
1506 | ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); | ||
1507 | return(1); | ||
1508 | } | ||
1509 | else | ||
1510 | { | ||
1511 | s->s3->tmp.cert_req=2; | ||
1512 | } | ||
1513 | } | ||
1514 | |||
1515 | /* Ok, we have a cert */ | ||
1516 | s->state=SSL3_ST_CW_CERT_C; | ||
1517 | } | ||
1518 | |||
1519 | if (s->state == SSL3_ST_CW_CERT_C) | ||
1520 | { | ||
1521 | s->state=SSL3_ST_CW_CERT_D; | ||
1522 | l=dtls1_output_cert_chain(s, | ||
1523 | (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); | ||
1524 | s->init_num=(int)l; | ||
1525 | s->init_off=0; | ||
1526 | |||
1527 | /* set header called by dtls1_output_cert_chain() */ | ||
1528 | |||
1529 | /* buffer the message to handle re-xmits */ | ||
1530 | dtls1_buffer_message(s, 0); | ||
1531 | } | ||
1532 | /* SSL3_ST_CW_CERT_D */ | ||
1533 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1534 | } | ||
1535 | |||
1536 | |||
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c deleted file mode 100644 index becbab91c2..0000000000 --- a/src/lib/libssl/d1_enc.c +++ /dev/null | |||
@@ -1,289 +0,0 @@ | |||
1 | /* ssl/d1_enc.c */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@openssl.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
60 | * All rights reserved. | ||
61 | * | ||
62 | * This package is an SSL implementation written | ||
63 | * by Eric Young (eay@cryptsoft.com). | ||
64 | * The implementation was written so as to conform with Netscapes SSL. | ||
65 | * | ||
66 | * This library is free for commercial and non-commercial use as long as | ||
67 | * the following conditions are aheared to. The following conditions | ||
68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
70 | * included with this distribution is covered by the same copyright terms | ||
71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
72 | * | ||
73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
74 | * the code are not to be removed. | ||
75 | * If this package is used in a product, Eric Young should be given attribution | ||
76 | * as the author of the parts of the library used. | ||
77 | * This can be in the form of a textual message at program startup or | ||
78 | * in documentation (online or textual) provided with the package. | ||
79 | * | ||
80 | * Redistribution and use in source and binary forms, with or without | ||
81 | * modification, are permitted provided that the following conditions | ||
82 | * are met: | ||
83 | * 1. Redistributions of source code must retain the copyright | ||
84 | * notice, this list of conditions and the following disclaimer. | ||
85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
86 | * notice, this list of conditions and the following disclaimer in the | ||
87 | * documentation and/or other materials provided with the distribution. | ||
88 | * 3. All advertising materials mentioning features or use of this software | ||
89 | * must display the following acknowledgement: | ||
90 | * "This product includes cryptographic software written by | ||
91 | * Eric Young (eay@cryptsoft.com)" | ||
92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
93 | * being used are not cryptographic related :-). | ||
94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
95 | * the apps directory (application code) you must include an acknowledgement: | ||
96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
97 | * | ||
98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
108 | * SUCH DAMAGE. | ||
109 | * | ||
110 | * The licence and distribution terms for any publically available version or | ||
111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
112 | * copied and put under another distribution licence | ||
113 | * [including the GNU Public Licence.] | ||
114 | */ | ||
115 | |||
116 | #include <stdio.h> | ||
117 | #include "ssl_locl.h" | ||
118 | #ifndef OPENSSL_NO_COMP | ||
119 | #include <openssl/comp.h> | ||
120 | #endif | ||
121 | #include <openssl/evp.h> | ||
122 | #include <openssl/hmac.h> | ||
123 | #include <openssl/md5.h> | ||
124 | #include <openssl/rand.h> | ||
125 | #ifdef KSSL_DEBUG | ||
126 | #include <openssl/des.h> | ||
127 | #endif | ||
128 | |||
129 | int dtls1_enc(SSL *s, int send) | ||
130 | { | ||
131 | SSL3_RECORD *rec; | ||
132 | EVP_CIPHER_CTX *ds; | ||
133 | unsigned long l; | ||
134 | int bs,i,ii,j,k,n=0; | ||
135 | const EVP_CIPHER *enc; | ||
136 | |||
137 | if (send) | ||
138 | { | ||
139 | if (EVP_MD_CTX_md(s->write_hash)) | ||
140 | { | ||
141 | n=EVP_MD_CTX_size(s->write_hash); | ||
142 | if (n < 0) | ||
143 | return -1; | ||
144 | } | ||
145 | ds=s->enc_write_ctx; | ||
146 | rec= &(s->s3->wrec); | ||
147 | if (s->enc_write_ctx == NULL) | ||
148 | enc=NULL; | ||
149 | else | ||
150 | { | ||
151 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | ||
152 | if ( rec->data != rec->input) | ||
153 | /* we can't write into the input stream */ | ||
154 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", | ||
155 | __FILE__, __LINE__); | ||
156 | else if ( EVP_CIPHER_block_size(ds->cipher) > 1) | ||
157 | { | ||
158 | if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) | ||
159 | return -1; | ||
160 | } | ||
161 | } | ||
162 | } | ||
163 | else | ||
164 | { | ||
165 | if (EVP_MD_CTX_md(s->read_hash)) | ||
166 | { | ||
167 | n=EVP_MD_CTX_size(s->read_hash); | ||
168 | if (n < 0) | ||
169 | return -1; | ||
170 | } | ||
171 | ds=s->enc_read_ctx; | ||
172 | rec= &(s->s3->rrec); | ||
173 | if (s->enc_read_ctx == NULL) | ||
174 | enc=NULL; | ||
175 | else | ||
176 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | ||
177 | } | ||
178 | |||
179 | #ifdef KSSL_DEBUG | ||
180 | printf("dtls1_enc(%d)\n", send); | ||
181 | #endif /* KSSL_DEBUG */ | ||
182 | |||
183 | if ((s->session == NULL) || (ds == NULL) || | ||
184 | (enc == NULL)) | ||
185 | { | ||
186 | memmove(rec->data,rec->input,rec->length); | ||
187 | rec->input=rec->data; | ||
188 | } | ||
189 | else | ||
190 | { | ||
191 | l=rec->length; | ||
192 | bs=EVP_CIPHER_block_size(ds->cipher); | ||
193 | |||
194 | if ((bs != 1) && send) | ||
195 | { | ||
196 | i=bs-((int)l%bs); | ||
197 | |||
198 | /* Add weird padding of upto 256 bytes */ | ||
199 | |||
200 | /* we need to add 'i' padding bytes of value j */ | ||
201 | j=i-1; | ||
202 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
203 | { | ||
204 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
205 | j++; | ||
206 | } | ||
207 | for (k=(int)l; k<(int)(l+i); k++) | ||
208 | rec->input[k]=j; | ||
209 | l+=i; | ||
210 | rec->length+=i; | ||
211 | } | ||
212 | |||
213 | #ifdef KSSL_DEBUG | ||
214 | { | ||
215 | unsigned long ui; | ||
216 | printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", | ||
217 | ds,rec->data,rec->input,l); | ||
218 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | ||
219 | ds->buf_len, ds->cipher->key_len, | ||
220 | DES_KEY_SZ, DES_SCHEDULE_SZ, | ||
221 | ds->cipher->iv_len); | ||
222 | printf("\t\tIV: "); | ||
223 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | ||
224 | printf("\n"); | ||
225 | printf("\trec->input="); | ||
226 | for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | ||
227 | printf("\n"); | ||
228 | } | ||
229 | #endif /* KSSL_DEBUG */ | ||
230 | |||
231 | if (!send) | ||
232 | { | ||
233 | if (l == 0 || l%bs != 0) | ||
234 | return -1; | ||
235 | } | ||
236 | |||
237 | EVP_Cipher(ds,rec->data,rec->input,l); | ||
238 | |||
239 | #ifdef KSSL_DEBUG | ||
240 | { | ||
241 | unsigned long i; | ||
242 | printf("\trec->data="); | ||
243 | for (i=0; i<l; i++) | ||
244 | printf(" %02x", rec->data[i]); printf("\n"); | ||
245 | } | ||
246 | #endif /* KSSL_DEBUG */ | ||
247 | |||
248 | if ((bs != 1) && !send) | ||
249 | { | ||
250 | ii=i=rec->data[l-1]; /* padding_length */ | ||
251 | i++; | ||
252 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
253 | { | ||
254 | /* First packet is even in size, so check */ | ||
255 | if ((memcmp(s->s3->read_sequence, | ||
256 | "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) | ||
257 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | ||
258 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
259 | i--; | ||
260 | } | ||
261 | /* TLS 1.0 does not bound the number of padding bytes by the block size. | ||
262 | * All of them must have value 'padding_length'. */ | ||
263 | if (i > (int)rec->length) | ||
264 | { | ||
265 | /* Incorrect padding. SSLerr() and ssl3_alert are done | ||
266 | * by caller: we don't want to reveal whether this is | ||
267 | * a decryption error or a MAC verification failure | ||
268 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | ||
269 | */ | ||
270 | return -1; | ||
271 | } | ||
272 | for (j=(int)(l-i); j<(int)l; j++) | ||
273 | { | ||
274 | if (rec->data[j] != ii) | ||
275 | { | ||
276 | /* Incorrect padding */ | ||
277 | return -1; | ||
278 | } | ||
279 | } | ||
280 | rec->length-=i; | ||
281 | |||
282 | rec->data += bs; /* skip the implicit IV */ | ||
283 | rec->input += bs; | ||
284 | rec->length -= bs; | ||
285 | } | ||
286 | } | ||
287 | return(1); | ||
288 | } | ||
289 | |||
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c deleted file mode 100644 index c3b77c889b..0000000000 --- a/src/lib/libssl/d1_lib.c +++ /dev/null | |||
@@ -1,450 +0,0 @@ | |||
1 | /* ssl/d1_lib.c */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | |||
60 | #include <stdio.h> | ||
61 | #define USE_SOCKETS | ||
62 | #include <openssl/objects.h> | ||
63 | #include "ssl_locl.h" | ||
64 | |||
65 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) | ||
66 | #include <sys/timeb.h> | ||
67 | #endif | ||
68 | |||
69 | static void get_current_time(struct timeval *t); | ||
70 | const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; | ||
71 | int dtls1_listen(SSL *s, struct sockaddr *client); | ||
72 | |||
73 | SSL3_ENC_METHOD DTLSv1_enc_data={ | ||
74 | dtls1_enc, | ||
75 | tls1_mac, | ||
76 | tls1_setup_key_block, | ||
77 | tls1_generate_master_secret, | ||
78 | tls1_change_cipher_state, | ||
79 | tls1_final_finish_mac, | ||
80 | TLS1_FINISH_MAC_LENGTH, | ||
81 | tls1_cert_verify_mac, | ||
82 | TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
83 | TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
84 | tls1_alert_code, | ||
85 | }; | ||
86 | |||
87 | long dtls1_default_timeout(void) | ||
88 | { | ||
89 | /* 2 hours, the 24 hours mentioned in the DTLSv1 spec | ||
90 | * is way too long for http, the cache would over fill */ | ||
91 | return(60*60*2); | ||
92 | } | ||
93 | |||
94 | int dtls1_new(SSL *s) | ||
95 | { | ||
96 | DTLS1_STATE *d1; | ||
97 | |||
98 | if (!ssl3_new(s)) return(0); | ||
99 | if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); | ||
100 | memset(d1,0, sizeof *d1); | ||
101 | |||
102 | /* d1->handshake_epoch=0; */ | ||
103 | |||
104 | d1->unprocessed_rcds.q=pqueue_new(); | ||
105 | d1->processed_rcds.q=pqueue_new(); | ||
106 | d1->buffered_messages = pqueue_new(); | ||
107 | d1->sent_messages=pqueue_new(); | ||
108 | d1->buffered_app_data.q=pqueue_new(); | ||
109 | |||
110 | if ( s->server) | ||
111 | { | ||
112 | d1->cookie_len = sizeof(s->d1->cookie); | ||
113 | } | ||
114 | |||
115 | if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q | ||
116 | || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) | ||
117 | { | ||
118 | if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); | ||
119 | if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); | ||
120 | if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); | ||
121 | if ( d1->sent_messages) pqueue_free(d1->sent_messages); | ||
122 | if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); | ||
123 | OPENSSL_free(d1); | ||
124 | return (0); | ||
125 | } | ||
126 | |||
127 | s->d1=d1; | ||
128 | s->method->ssl_clear(s); | ||
129 | return(1); | ||
130 | } | ||
131 | |||
132 | static void dtls1_clear_queues(SSL *s) | ||
133 | { | ||
134 | pitem *item = NULL; | ||
135 | hm_fragment *frag = NULL; | ||
136 | DTLS1_RECORD_DATA *rdata; | ||
137 | |||
138 | while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) | ||
139 | { | ||
140 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
141 | if (rdata->rbuf.buf) | ||
142 | { | ||
143 | OPENSSL_free(rdata->rbuf.buf); | ||
144 | } | ||
145 | OPENSSL_free(item->data); | ||
146 | pitem_free(item); | ||
147 | } | ||
148 | |||
149 | while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) | ||
150 | { | ||
151 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
152 | if (rdata->rbuf.buf) | ||
153 | { | ||
154 | OPENSSL_free(rdata->rbuf.buf); | ||
155 | } | ||
156 | OPENSSL_free(item->data); | ||
157 | pitem_free(item); | ||
158 | } | ||
159 | |||
160 | while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) | ||
161 | { | ||
162 | frag = (hm_fragment *)item->data; | ||
163 | OPENSSL_free(frag->fragment); | ||
164 | OPENSSL_free(frag); | ||
165 | pitem_free(item); | ||
166 | } | ||
167 | |||
168 | while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) | ||
169 | { | ||
170 | frag = (hm_fragment *)item->data; | ||
171 | OPENSSL_free(frag->fragment); | ||
172 | OPENSSL_free(frag); | ||
173 | pitem_free(item); | ||
174 | } | ||
175 | |||
176 | while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) | ||
177 | { | ||
178 | frag = (hm_fragment *)item->data; | ||
179 | OPENSSL_free(frag->fragment); | ||
180 | OPENSSL_free(frag); | ||
181 | pitem_free(item); | ||
182 | } | ||
183 | } | ||
184 | |||
185 | void dtls1_free(SSL *s) | ||
186 | { | ||
187 | ssl3_free(s); | ||
188 | |||
189 | dtls1_clear_queues(s); | ||
190 | |||
191 | pqueue_free(s->d1->unprocessed_rcds.q); | ||
192 | pqueue_free(s->d1->processed_rcds.q); | ||
193 | pqueue_free(s->d1->buffered_messages); | ||
194 | pqueue_free(s->d1->sent_messages); | ||
195 | pqueue_free(s->d1->buffered_app_data.q); | ||
196 | |||
197 | OPENSSL_free(s->d1); | ||
198 | } | ||
199 | |||
200 | void dtls1_clear(SSL *s) | ||
201 | { | ||
202 | pqueue unprocessed_rcds; | ||
203 | pqueue processed_rcds; | ||
204 | pqueue buffered_messages; | ||
205 | pqueue sent_messages; | ||
206 | pqueue buffered_app_data; | ||
207 | unsigned int mtu; | ||
208 | |||
209 | if (s->d1) | ||
210 | { | ||
211 | unprocessed_rcds = s->d1->unprocessed_rcds.q; | ||
212 | processed_rcds = s->d1->processed_rcds.q; | ||
213 | buffered_messages = s->d1->buffered_messages; | ||
214 | sent_messages = s->d1->sent_messages; | ||
215 | buffered_app_data = s->d1->buffered_app_data.q; | ||
216 | mtu = s->d1->mtu; | ||
217 | |||
218 | dtls1_clear_queues(s); | ||
219 | |||
220 | memset(s->d1, 0, sizeof(*(s->d1))); | ||
221 | |||
222 | if (s->server) | ||
223 | { | ||
224 | s->d1->cookie_len = sizeof(s->d1->cookie); | ||
225 | } | ||
226 | |||
227 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) | ||
228 | { | ||
229 | s->d1->mtu = mtu; | ||
230 | } | ||
231 | |||
232 | s->d1->unprocessed_rcds.q = unprocessed_rcds; | ||
233 | s->d1->processed_rcds.q = processed_rcds; | ||
234 | s->d1->buffered_messages = buffered_messages; | ||
235 | s->d1->sent_messages = sent_messages; | ||
236 | s->d1->buffered_app_data.q = buffered_app_data; | ||
237 | } | ||
238 | |||
239 | ssl3_clear(s); | ||
240 | if (s->options & SSL_OP_CISCO_ANYCONNECT) | ||
241 | s->version=DTLS1_BAD_VER; | ||
242 | else | ||
243 | s->version=DTLS1_VERSION; | ||
244 | } | ||
245 | |||
246 | long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | ||
247 | { | ||
248 | int ret=0; | ||
249 | |||
250 | switch (cmd) | ||
251 | { | ||
252 | case DTLS_CTRL_GET_TIMEOUT: | ||
253 | if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) | ||
254 | { | ||
255 | ret = 1; | ||
256 | } | ||
257 | break; | ||
258 | case DTLS_CTRL_HANDLE_TIMEOUT: | ||
259 | ret = dtls1_handle_timeout(s); | ||
260 | break; | ||
261 | case DTLS_CTRL_LISTEN: | ||
262 | ret = dtls1_listen(s, parg); | ||
263 | break; | ||
264 | |||
265 | default: | ||
266 | ret = ssl3_ctrl(s, cmd, larg, parg); | ||
267 | break; | ||
268 | } | ||
269 | return(ret); | ||
270 | } | ||
271 | |||
272 | /* | ||
273 | * As it's impossible to use stream ciphers in "datagram" mode, this | ||
274 | * simple filter is designed to disengage them in DTLS. Unfortunately | ||
275 | * there is no universal way to identify stream SSL_CIPHER, so we have | ||
276 | * to explicitly list their SSL_* codes. Currently RC4 is the only one | ||
277 | * available, but if new ones emerge, they will have to be added... | ||
278 | */ | ||
279 | const SSL_CIPHER *dtls1_get_cipher(unsigned int u) | ||
280 | { | ||
281 | const SSL_CIPHER *ciph = ssl3_get_cipher(u); | ||
282 | |||
283 | if (ciph != NULL) | ||
284 | { | ||
285 | if (ciph->algorithm_enc == SSL_RC4) | ||
286 | return NULL; | ||
287 | } | ||
288 | |||
289 | return ciph; | ||
290 | } | ||
291 | |||
292 | void dtls1_start_timer(SSL *s) | ||
293 | { | ||
294 | /* If timer is not set, initialize duration with 1 second */ | ||
295 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | ||
296 | { | ||
297 | s->d1->timeout_duration = 1; | ||
298 | } | ||
299 | |||
300 | /* Set timeout to current time */ | ||
301 | get_current_time(&(s->d1->next_timeout)); | ||
302 | |||
303 | /* Add duration to current time */ | ||
304 | s->d1->next_timeout.tv_sec += s->d1->timeout_duration; | ||
305 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | ||
306 | } | ||
307 | |||
308 | struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) | ||
309 | { | ||
310 | struct timeval timenow; | ||
311 | |||
312 | /* If no timeout is set, just return NULL */ | ||
313 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | ||
314 | { | ||
315 | return NULL; | ||
316 | } | ||
317 | |||
318 | /* Get current time */ | ||
319 | get_current_time(&timenow); | ||
320 | |||
321 | /* If timer already expired, set remaining time to 0 */ | ||
322 | if (s->d1->next_timeout.tv_sec < timenow.tv_sec || | ||
323 | (s->d1->next_timeout.tv_sec == timenow.tv_sec && | ||
324 | s->d1->next_timeout.tv_usec <= timenow.tv_usec)) | ||
325 | { | ||
326 | memset(timeleft, 0, sizeof(struct timeval)); | ||
327 | return timeleft; | ||
328 | } | ||
329 | |||
330 | /* Calculate time left until timer expires */ | ||
331 | memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); | ||
332 | timeleft->tv_sec -= timenow.tv_sec; | ||
333 | timeleft->tv_usec -= timenow.tv_usec; | ||
334 | if (timeleft->tv_usec < 0) | ||
335 | { | ||
336 | timeleft->tv_sec--; | ||
337 | timeleft->tv_usec += 1000000; | ||
338 | } | ||
339 | |||
340 | /* If remaining time is less than 15 ms, set it to 0 | ||
341 | * to prevent issues because of small devergences with | ||
342 | * socket timeouts. | ||
343 | */ | ||
344 | if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) | ||
345 | { | ||
346 | memset(timeleft, 0, sizeof(struct timeval)); | ||
347 | } | ||
348 | |||
349 | |||
350 | return timeleft; | ||
351 | } | ||
352 | |||
353 | int dtls1_is_timer_expired(SSL *s) | ||
354 | { | ||
355 | struct timeval timeleft; | ||
356 | |||
357 | /* Get time left until timeout, return false if no timer running */ | ||
358 | if (dtls1_get_timeout(s, &timeleft) == NULL) | ||
359 | { | ||
360 | return 0; | ||
361 | } | ||
362 | |||
363 | /* Return false if timer is not expired yet */ | ||
364 | if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) | ||
365 | { | ||
366 | return 0; | ||
367 | } | ||
368 | |||
369 | /* Timer expired, so return true */ | ||
370 | return 1; | ||
371 | } | ||
372 | |||
373 | void dtls1_double_timeout(SSL *s) | ||
374 | { | ||
375 | s->d1->timeout_duration *= 2; | ||
376 | if (s->d1->timeout_duration > 60) | ||
377 | s->d1->timeout_duration = 60; | ||
378 | dtls1_start_timer(s); | ||
379 | } | ||
380 | |||
381 | void dtls1_stop_timer(SSL *s) | ||
382 | { | ||
383 | /* Reset everything */ | ||
384 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | ||
385 | s->d1->timeout_duration = 1; | ||
386 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | ||
387 | /* Clear retransmission buffer */ | ||
388 | dtls1_clear_record_buffer(s); | ||
389 | } | ||
390 | |||
391 | int dtls1_handle_timeout(SSL *s) | ||
392 | { | ||
393 | DTLS1_STATE *state; | ||
394 | |||
395 | /* if no timer is expired, don't do anything */ | ||
396 | if (!dtls1_is_timer_expired(s)) | ||
397 | { | ||
398 | return 0; | ||
399 | } | ||
400 | |||
401 | dtls1_double_timeout(s); | ||
402 | state = s->d1; | ||
403 | state->timeout.num_alerts++; | ||
404 | if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) | ||
405 | { | ||
406 | /* fail the connection, enough alerts have been sent */ | ||
407 | SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED); | ||
408 | return -1; | ||
409 | } | ||
410 | |||
411 | state->timeout.read_timeouts++; | ||
412 | if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) | ||
413 | { | ||
414 | state->timeout.read_timeouts = 1; | ||
415 | } | ||
416 | |||
417 | dtls1_start_timer(s); | ||
418 | return dtls1_retransmit_buffered_messages(s); | ||
419 | } | ||
420 | |||
421 | static void get_current_time(struct timeval *t) | ||
422 | { | ||
423 | #ifdef OPENSSL_SYS_WIN32 | ||
424 | struct _timeb tb; | ||
425 | _ftime(&tb); | ||
426 | t->tv_sec = (long)tb.time; | ||
427 | t->tv_usec = (long)tb.millitm * 1000; | ||
428 | #elif defined(OPENSSL_SYS_VMS) | ||
429 | struct timeb tb; | ||
430 | ftime(&tb); | ||
431 | t->tv_sec = (long)tb.time; | ||
432 | t->tv_usec = (long)tb.millitm * 1000; | ||
433 | #else | ||
434 | gettimeofday(t, NULL); | ||
435 | #endif | ||
436 | } | ||
437 | |||
438 | int dtls1_listen(SSL *s, struct sockaddr *client) | ||
439 | { | ||
440 | int ret; | ||
441 | |||
442 | SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); | ||
443 | s->d1->listen = 1; | ||
444 | |||
445 | ret = SSL_accept(s); | ||
446 | if (ret <= 0) return ret; | ||
447 | |||
448 | (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); | ||
449 | return 1; | ||
450 | } | ||
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c deleted file mode 100644 index 5c4004bfe3..0000000000 --- a/src/lib/libssl/d1_meth.c +++ /dev/null | |||
@@ -1,77 +0,0 @@ | |||
1 | /* ssl/d1_meth.h */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | |||
60 | #include <stdio.h> | ||
61 | #include <openssl/objects.h> | ||
62 | #include "ssl_locl.h" | ||
63 | |||
64 | static const SSL_METHOD *dtls1_get_method(int ver); | ||
65 | static const SSL_METHOD *dtls1_get_method(int ver) | ||
66 | { | ||
67 | if (ver == DTLS1_VERSION) | ||
68 | return(DTLSv1_method()); | ||
69 | else | ||
70 | return(NULL); | ||
71 | } | ||
72 | |||
73 | IMPLEMENT_dtls1_meth_func(DTLSv1_method, | ||
74 | dtls1_accept, | ||
75 | dtls1_connect, | ||
76 | dtls1_get_method) | ||
77 | |||
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c deleted file mode 100644 index e0c0f0cc9a..0000000000 --- a/src/lib/libssl/d1_pkt.c +++ /dev/null | |||
@@ -1,1777 +0,0 @@ | |||
1 | /* ssl/d1_pkt.c */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@openssl.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
60 | * All rights reserved. | ||
61 | * | ||
62 | * This package is an SSL implementation written | ||
63 | * by Eric Young (eay@cryptsoft.com). | ||
64 | * The implementation was written so as to conform with Netscapes SSL. | ||
65 | * | ||
66 | * This library is free for commercial and non-commercial use as long as | ||
67 | * the following conditions are aheared to. The following conditions | ||
68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
70 | * included with this distribution is covered by the same copyright terms | ||
71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
72 | * | ||
73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
74 | * the code are not to be removed. | ||
75 | * If this package is used in a product, Eric Young should be given attribution | ||
76 | * as the author of the parts of the library used. | ||
77 | * This can be in the form of a textual message at program startup or | ||
78 | * in documentation (online or textual) provided with the package. | ||
79 | * | ||
80 | * Redistribution and use in source and binary forms, with or without | ||
81 | * modification, are permitted provided that the following conditions | ||
82 | * are met: | ||
83 | * 1. Redistributions of source code must retain the copyright | ||
84 | * notice, this list of conditions and the following disclaimer. | ||
85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
86 | * notice, this list of conditions and the following disclaimer in the | ||
87 | * documentation and/or other materials provided with the distribution. | ||
88 | * 3. All advertising materials mentioning features or use of this software | ||
89 | * must display the following acknowledgement: | ||
90 | * "This product includes cryptographic software written by | ||
91 | * Eric Young (eay@cryptsoft.com)" | ||
92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
93 | * being used are not cryptographic related :-). | ||
94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
95 | * the apps directory (application code) you must include an acknowledgement: | ||
96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
97 | * | ||
98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
108 | * SUCH DAMAGE. | ||
109 | * | ||
110 | * The licence and distribution terms for any publically available version or | ||
111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
112 | * copied and put under another distribution licence | ||
113 | * [including the GNU Public Licence.] | ||
114 | */ | ||
115 | |||
116 | #include <stdio.h> | ||
117 | #include <errno.h> | ||
118 | #define USE_SOCKETS | ||
119 | #include "ssl_locl.h" | ||
120 | #include <openssl/evp.h> | ||
121 | #include <openssl/buffer.h> | ||
122 | #include <openssl/pqueue.h> | ||
123 | #include <openssl/rand.h> | ||
124 | |||
125 | /* mod 128 saturating subtract of two 64-bit values in big-endian order */ | ||
126 | static int satsub64be(const unsigned char *v1,const unsigned char *v2) | ||
127 | { int ret,sat,brw,i; | ||
128 | |||
129 | if (sizeof(long) == 8) do | ||
130 | { const union { long one; char little; } is_endian = {1}; | ||
131 | long l; | ||
132 | |||
133 | if (is_endian.little) break; | ||
134 | /* not reached on little-endians */ | ||
135 | /* following test is redundant, because input is | ||
136 | * always aligned, but I take no chances... */ | ||
137 | if (((size_t)v1|(size_t)v2)&0x7) break; | ||
138 | |||
139 | l = *((long *)v1); | ||
140 | l -= *((long *)v2); | ||
141 | if (l>128) return 128; | ||
142 | else if (l<-128) return -128; | ||
143 | else return (int)l; | ||
144 | } while (0); | ||
145 | |||
146 | ret = (int)v1[7]-(int)v2[7]; | ||
147 | sat = 0; | ||
148 | brw = ret>>8; /* brw is either 0 or -1 */ | ||
149 | if (ret & 0x80) | ||
150 | { for (i=6;i>=0;i--) | ||
151 | { brw += (int)v1[i]-(int)v2[i]; | ||
152 | sat |= ~brw; | ||
153 | brw >>= 8; | ||
154 | } | ||
155 | } | ||
156 | else | ||
157 | { for (i=6;i>=0;i--) | ||
158 | { brw += (int)v1[i]-(int)v2[i]; | ||
159 | sat |= brw; | ||
160 | brw >>= 8; | ||
161 | } | ||
162 | } | ||
163 | brw <<= 8; /* brw is either 0 or -256 */ | ||
164 | |||
165 | if (sat&0xff) return brw | 0x80; | ||
166 | else return brw + (ret&0xFF); | ||
167 | } | ||
168 | |||
169 | static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, | ||
170 | int len, int peek); | ||
171 | static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); | ||
172 | static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); | ||
173 | static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, | ||
174 | unsigned int *is_next_epoch); | ||
175 | #if 0 | ||
176 | static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, | ||
177 | unsigned short *priority, unsigned long *offset); | ||
178 | #endif | ||
179 | static int dtls1_buffer_record(SSL *s, record_pqueue *q, | ||
180 | unsigned char *priority); | ||
181 | static int dtls1_process_record(SSL *s); | ||
182 | static void dtls1_clear_timeouts(SSL *s); | ||
183 | |||
184 | /* copy buffered record into SSL structure */ | ||
185 | static int | ||
186 | dtls1_copy_record(SSL *s, pitem *item) | ||
187 | { | ||
188 | DTLS1_RECORD_DATA *rdata; | ||
189 | |||
190 | rdata = (DTLS1_RECORD_DATA *)item->data; | ||
191 | |||
192 | if (s->s3->rbuf.buf != NULL) | ||
193 | OPENSSL_free(s->s3->rbuf.buf); | ||
194 | |||
195 | s->packet = rdata->packet; | ||
196 | s->packet_length = rdata->packet_length; | ||
197 | memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); | ||
198 | memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); | ||
199 | |||
200 | /* Set proper sequence number for mac calculation */ | ||
201 | memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); | ||
202 | |||
203 | return(1); | ||
204 | } | ||
205 | |||
206 | |||
207 | static int | ||
208 | dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) | ||
209 | { | ||
210 | DTLS1_RECORD_DATA *rdata; | ||
211 | pitem *item; | ||
212 | |||
213 | /* Limit the size of the queue to prevent DOS attacks */ | ||
214 | if (pqueue_size(queue->q) >= 100) | ||
215 | return 0; | ||
216 | |||
217 | rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); | ||
218 | item = pitem_new(priority, rdata); | ||
219 | if (rdata == NULL || item == NULL) | ||
220 | { | ||
221 | if (rdata != NULL) OPENSSL_free(rdata); | ||
222 | if (item != NULL) pitem_free(item); | ||
223 | |||
224 | SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); | ||
225 | return(0); | ||
226 | } | ||
227 | |||
228 | rdata->packet = s->packet; | ||
229 | rdata->packet_length = s->packet_length; | ||
230 | memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); | ||
231 | memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); | ||
232 | |||
233 | item->data = rdata; | ||
234 | |||
235 | /* insert should not fail, since duplicates are dropped */ | ||
236 | if (pqueue_insert(queue->q, item) == NULL) | ||
237 | { | ||
238 | OPENSSL_free(rdata); | ||
239 | pitem_free(item); | ||
240 | return(0); | ||
241 | } | ||
242 | |||
243 | s->packet = NULL; | ||
244 | s->packet_length = 0; | ||
245 | memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); | ||
246 | memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); | ||
247 | |||
248 | if (!ssl3_setup_buffers(s)) | ||
249 | { | ||
250 | SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); | ||
251 | OPENSSL_free(rdata); | ||
252 | pitem_free(item); | ||
253 | return(0); | ||
254 | } | ||
255 | |||
256 | return(1); | ||
257 | } | ||
258 | |||
259 | |||
260 | static int | ||
261 | dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) | ||
262 | { | ||
263 | pitem *item; | ||
264 | |||
265 | item = pqueue_pop(queue->q); | ||
266 | if (item) | ||
267 | { | ||
268 | dtls1_copy_record(s, item); | ||
269 | |||
270 | OPENSSL_free(item->data); | ||
271 | pitem_free(item); | ||
272 | |||
273 | return(1); | ||
274 | } | ||
275 | |||
276 | return(0); | ||
277 | } | ||
278 | |||
279 | |||
280 | /* retrieve a buffered record that belongs to the new epoch, i.e., not processed | ||
281 | * yet */ | ||
282 | #define dtls1_get_unprocessed_record(s) \ | ||
283 | dtls1_retrieve_buffered_record((s), \ | ||
284 | &((s)->d1->unprocessed_rcds)) | ||
285 | |||
286 | /* retrieve a buffered record that belongs to the current epoch, ie, processed */ | ||
287 | #define dtls1_get_processed_record(s) \ | ||
288 | dtls1_retrieve_buffered_record((s), \ | ||
289 | &((s)->d1->processed_rcds)) | ||
290 | |||
291 | static int | ||
292 | dtls1_process_buffered_records(SSL *s) | ||
293 | { | ||
294 | pitem *item; | ||
295 | |||
296 | item = pqueue_peek(s->d1->unprocessed_rcds.q); | ||
297 | if (item) | ||
298 | { | ||
299 | /* Check if epoch is current. */ | ||
300 | if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) | ||
301 | return(1); /* Nothing to do. */ | ||
302 | |||
303 | /* Process all the records. */ | ||
304 | while (pqueue_peek(s->d1->unprocessed_rcds.q)) | ||
305 | { | ||
306 | dtls1_get_unprocessed_record(s); | ||
307 | if ( ! dtls1_process_record(s)) | ||
308 | return(0); | ||
309 | dtls1_buffer_record(s, &(s->d1->processed_rcds), | ||
310 | s->s3->rrec.seq_num); | ||
311 | } | ||
312 | } | ||
313 | |||
314 | /* sync epoch numbers once all the unprocessed records | ||
315 | * have been processed */ | ||
316 | s->d1->processed_rcds.epoch = s->d1->r_epoch; | ||
317 | s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; | ||
318 | |||
319 | return(1); | ||
320 | } | ||
321 | |||
322 | |||
323 | #if 0 | ||
324 | |||
325 | static int | ||
326 | dtls1_get_buffered_record(SSL *s) | ||
327 | { | ||
328 | pitem *item; | ||
329 | PQ_64BIT priority = | ||
330 | (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | | ||
331 | ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); | ||
332 | |||
333 | if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, | ||
334 | nothing buffered */ | ||
335 | return 0; | ||
336 | |||
337 | |||
338 | item = pqueue_peek(s->d1->rcvd_records); | ||
339 | if (item && item->priority == priority) | ||
340 | { | ||
341 | /* Check if we've received the record of interest. It must be | ||
342 | * a handshake record, since data records as passed up without | ||
343 | * buffering */ | ||
344 | DTLS1_RECORD_DATA *rdata; | ||
345 | item = pqueue_pop(s->d1->rcvd_records); | ||
346 | rdata = (DTLS1_RECORD_DATA *)item->data; | ||
347 | |||
348 | if (s->s3->rbuf.buf != NULL) | ||
349 | OPENSSL_free(s->s3->rbuf.buf); | ||
350 | |||
351 | s->packet = rdata->packet; | ||
352 | s->packet_length = rdata->packet_length; | ||
353 | memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); | ||
354 | memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); | ||
355 | |||
356 | OPENSSL_free(item->data); | ||
357 | pitem_free(item); | ||
358 | |||
359 | /* s->d1->next_expected_seq_num++; */ | ||
360 | return(1); | ||
361 | } | ||
362 | |||
363 | return 0; | ||
364 | } | ||
365 | |||
366 | #endif | ||
367 | |||
368 | static int | ||
369 | dtls1_process_record(SSL *s) | ||
370 | { | ||
371 | int i,al; | ||
372 | int clear=0; | ||
373 | int enc_err; | ||
374 | SSL_SESSION *sess; | ||
375 | SSL3_RECORD *rr; | ||
376 | unsigned int mac_size; | ||
377 | unsigned char md[EVP_MAX_MD_SIZE]; | ||
378 | int decryption_failed_or_bad_record_mac = 0; | ||
379 | |||
380 | |||
381 | rr= &(s->s3->rrec); | ||
382 | sess = s->session; | ||
383 | |||
384 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | ||
385 | * and we have that many bytes in s->packet | ||
386 | */ | ||
387 | rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); | ||
388 | |||
389 | /* ok, we can now read from 's->packet' data into 'rr' | ||
390 | * rr->input points at rr->length bytes, which | ||
391 | * need to be copied into rr->data by either | ||
392 | * the decryption or by the decompression | ||
393 | * When the data is 'copied' into the rr->data buffer, | ||
394 | * rr->input will be pointed at the new buffer */ | ||
395 | |||
396 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | ||
397 | * rr->length bytes of encrypted compressed stuff. */ | ||
398 | |||
399 | /* check is not needed I believe */ | ||
400 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) | ||
401 | { | ||
402 | al=SSL_AD_RECORD_OVERFLOW; | ||
403 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | ||
404 | goto f_err; | ||
405 | } | ||
406 | |||
407 | /* decrypt in place in 'rr->input' */ | ||
408 | rr->data=rr->input; | ||
409 | |||
410 | enc_err = s->method->ssl3_enc->enc(s,0); | ||
411 | if (enc_err <= 0) | ||
412 | { | ||
413 | /* To minimize information leaked via timing, we will always | ||
414 | * perform all computations before discarding the message. | ||
415 | */ | ||
416 | decryption_failed_or_bad_record_mac = 1; | ||
417 | } | ||
418 | |||
419 | #ifdef TLS_DEBUG | ||
420 | printf("dec %d\n",rr->length); | ||
421 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | ||
422 | printf("\n"); | ||
423 | #endif | ||
424 | |||
425 | /* r->length is now the compressed data plus mac */ | ||
426 | if ( (sess == NULL) || | ||
427 | (s->enc_read_ctx == NULL) || | ||
428 | (s->read_hash == NULL)) | ||
429 | clear=1; | ||
430 | |||
431 | if (!clear) | ||
432 | { | ||
433 | /* !clear => s->read_hash != NULL => mac_size != -1 */ | ||
434 | int t; | ||
435 | t=EVP_MD_CTX_size(s->read_hash); | ||
436 | OPENSSL_assert(t >= 0); | ||
437 | mac_size=t; | ||
438 | |||
439 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) | ||
440 | { | ||
441 | #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ | ||
442 | al=SSL_AD_RECORD_OVERFLOW; | ||
443 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | ||
444 | goto f_err; | ||
445 | #else | ||
446 | decryption_failed_or_bad_record_mac = 1; | ||
447 | #endif | ||
448 | } | ||
449 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ | ||
450 | if (rr->length < mac_size) | ||
451 | { | ||
452 | #if 0 /* OK only for stream ciphers */ | ||
453 | al=SSL_AD_DECODE_ERROR; | ||
454 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); | ||
455 | goto f_err; | ||
456 | #else | ||
457 | decryption_failed_or_bad_record_mac = 1; | ||
458 | #endif | ||
459 | } | ||
460 | rr->length-=mac_size; | ||
461 | i=s->method->ssl3_enc->mac(s,md,0); | ||
462 | if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) | ||
463 | { | ||
464 | decryption_failed_or_bad_record_mac = 1; | ||
465 | } | ||
466 | } | ||
467 | |||
468 | if (decryption_failed_or_bad_record_mac) | ||
469 | { | ||
470 | /* decryption failed, silently discard message */ | ||
471 | rr->length = 0; | ||
472 | s->packet_length = 0; | ||
473 | goto err; | ||
474 | } | ||
475 | |||
476 | /* r->length is now just compressed */ | ||
477 | if (s->expand != NULL) | ||
478 | { | ||
479 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) | ||
480 | { | ||
481 | al=SSL_AD_RECORD_OVERFLOW; | ||
482 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); | ||
483 | goto f_err; | ||
484 | } | ||
485 | if (!ssl3_do_uncompress(s)) | ||
486 | { | ||
487 | al=SSL_AD_DECOMPRESSION_FAILURE; | ||
488 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION); | ||
489 | goto f_err; | ||
490 | } | ||
491 | } | ||
492 | |||
493 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) | ||
494 | { | ||
495 | al=SSL_AD_RECORD_OVERFLOW; | ||
496 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); | ||
497 | goto f_err; | ||
498 | } | ||
499 | |||
500 | rr->off=0; | ||
501 | /* So at this point the following is true | ||
502 | * ssl->s3->rrec.type is the type of record | ||
503 | * ssl->s3->rrec.length == number of bytes in record | ||
504 | * ssl->s3->rrec.off == offset to first valid byte | ||
505 | * ssl->s3->rrec.data == where to take bytes from, increment | ||
506 | * after use :-). | ||
507 | */ | ||
508 | |||
509 | /* we have pulled in a full packet so zero things */ | ||
510 | s->packet_length=0; | ||
511 | dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ | ||
512 | return(1); | ||
513 | |||
514 | f_err: | ||
515 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
516 | err: | ||
517 | return(0); | ||
518 | } | ||
519 | |||
520 | |||
521 | /* Call this to get a new input record. | ||
522 | * It will return <= 0 if more data is needed, normally due to an error | ||
523 | * or non-blocking IO. | ||
524 | * When it finishes, one packet has been decoded and can be found in | ||
525 | * ssl->s3->rrec.type - is the type of record | ||
526 | * ssl->s3->rrec.data, - data | ||
527 | * ssl->s3->rrec.length, - number of bytes | ||
528 | */ | ||
529 | /* used only by dtls1_read_bytes */ | ||
530 | int dtls1_get_record(SSL *s) | ||
531 | { | ||
532 | int ssl_major,ssl_minor; | ||
533 | int i,n; | ||
534 | SSL3_RECORD *rr; | ||
535 | unsigned char *p = NULL; | ||
536 | unsigned short version; | ||
537 | DTLS1_BITMAP *bitmap; | ||
538 | unsigned int is_next_epoch; | ||
539 | |||
540 | rr= &(s->s3->rrec); | ||
541 | |||
542 | /* The epoch may have changed. If so, process all the | ||
543 | * pending records. This is a non-blocking operation. */ | ||
544 | dtls1_process_buffered_records(s); | ||
545 | |||
546 | /* if we're renegotiating, then there may be buffered records */ | ||
547 | if (dtls1_get_processed_record(s)) | ||
548 | return 1; | ||
549 | |||
550 | /* get something from the wire */ | ||
551 | again: | ||
552 | /* check if we have the header */ | ||
553 | if ( (s->rstate != SSL_ST_READ_BODY) || | ||
554 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) | ||
555 | { | ||
556 | n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); | ||
557 | /* read timeout is handled by dtls1_read_bytes */ | ||
558 | if (n <= 0) return(n); /* error or non-blocking */ | ||
559 | |||
560 | /* this packet contained a partial record, dump it */ | ||
561 | if (s->packet_length != DTLS1_RT_HEADER_LENGTH) | ||
562 | { | ||
563 | s->packet_length = 0; | ||
564 | goto again; | ||
565 | } | ||
566 | |||
567 | s->rstate=SSL_ST_READ_BODY; | ||
568 | |||
569 | p=s->packet; | ||
570 | |||
571 | /* Pull apart the header into the DTLS1_RECORD */ | ||
572 | rr->type= *(p++); | ||
573 | ssl_major= *(p++); | ||
574 | ssl_minor= *(p++); | ||
575 | version=(ssl_major<<8)|ssl_minor; | ||
576 | |||
577 | /* sequence number is 64 bits, with top 2 bytes = epoch */ | ||
578 | n2s(p,rr->epoch); | ||
579 | |||
580 | memcpy(&(s->s3->read_sequence[2]), p, 6); | ||
581 | p+=6; | ||
582 | |||
583 | n2s(p,rr->length); | ||
584 | |||
585 | /* Lets check version */ | ||
586 | if (!s->first_packet) | ||
587 | { | ||
588 | if (version != s->version) | ||
589 | { | ||
590 | /* unexpected version, silently discard */ | ||
591 | rr->length = 0; | ||
592 | s->packet_length = 0; | ||
593 | goto again; | ||
594 | } | ||
595 | } | ||
596 | |||
597 | if ((version & 0xff00) != (s->version & 0xff00)) | ||
598 | { | ||
599 | /* wrong version, silently discard record */ | ||
600 | rr->length = 0; | ||
601 | s->packet_length = 0; | ||
602 | goto again; | ||
603 | } | ||
604 | |||
605 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) | ||
606 | { | ||
607 | /* record too long, silently discard it */ | ||
608 | rr->length = 0; | ||
609 | s->packet_length = 0; | ||
610 | goto again; | ||
611 | } | ||
612 | |||
613 | /* now s->rstate == SSL_ST_READ_BODY */ | ||
614 | } | ||
615 | |||
616 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | ||
617 | |||
618 | if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) | ||
619 | { | ||
620 | /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ | ||
621 | i=rr->length; | ||
622 | n=ssl3_read_n(s,i,i,1); | ||
623 | if (n <= 0) return(n); /* error or non-blocking io */ | ||
624 | |||
625 | /* this packet contained a partial record, dump it */ | ||
626 | if ( n != i) | ||
627 | { | ||
628 | rr->length = 0; | ||
629 | s->packet_length = 0; | ||
630 | goto again; | ||
631 | } | ||
632 | |||
633 | /* now n == rr->length, | ||
634 | * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ | ||
635 | } | ||
636 | s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ | ||
637 | |||
638 | /* match epochs. NULL means the packet is dropped on the floor */ | ||
639 | bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); | ||
640 | if ( bitmap == NULL) | ||
641 | { | ||
642 | rr->length = 0; | ||
643 | s->packet_length = 0; /* dump this record */ | ||
644 | goto again; /* get another record */ | ||
645 | } | ||
646 | |||
647 | /* Check whether this is a repeat, or aged record. | ||
648 | * Don't check if we're listening and this message is | ||
649 | * a ClientHello. They can look as if they're replayed, | ||
650 | * since they arrive from different connections and | ||
651 | * would be dropped unnecessarily. | ||
652 | */ | ||
653 | if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && | ||
654 | *p == SSL3_MT_CLIENT_HELLO) && | ||
655 | !dtls1_record_replay_check(s, bitmap)) | ||
656 | { | ||
657 | rr->length = 0; | ||
658 | s->packet_length=0; /* dump this record */ | ||
659 | goto again; /* get another record */ | ||
660 | } | ||
661 | |||
662 | /* just read a 0 length packet */ | ||
663 | if (rr->length == 0) goto again; | ||
664 | |||
665 | /* If this record is from the next epoch (either HM or ALERT), | ||
666 | * and a handshake is currently in progress, buffer it since it | ||
667 | * cannot be processed at this time. However, do not buffer | ||
668 | * anything while listening. | ||
669 | */ | ||
670 | if (is_next_epoch) | ||
671 | { | ||
672 | if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) | ||
673 | { | ||
674 | dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); | ||
675 | } | ||
676 | rr->length = 0; | ||
677 | s->packet_length = 0; | ||
678 | goto again; | ||
679 | } | ||
680 | |||
681 | if (!dtls1_process_record(s)) | ||
682 | { | ||
683 | rr->length = 0; | ||
684 | s->packet_length = 0; /* dump this record */ | ||
685 | goto again; /* get another record */ | ||
686 | } | ||
687 | |||
688 | dtls1_clear_timeouts(s); /* done waiting */ | ||
689 | return(1); | ||
690 | |||
691 | } | ||
692 | |||
693 | /* Return up to 'len' payload bytes received in 'type' records. | ||
694 | * 'type' is one of the following: | ||
695 | * | ||
696 | * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | ||
697 | * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) | ||
698 | * - 0 (during a shutdown, no data has to be returned) | ||
699 | * | ||
700 | * If we don't have stored data to work from, read a SSL/TLS record first | ||
701 | * (possibly multiple records if we still don't have anything to return). | ||
702 | * | ||
703 | * This function must handle any surprises the peer may have for us, such as | ||
704 | * Alert records (e.g. close_notify), ChangeCipherSpec records (not really | ||
705 | * a surprise, but handled as if it were), or renegotiation requests. | ||
706 | * Also if record payloads contain fragments too small to process, we store | ||
707 | * them until there is enough for the respective protocol (the record protocol | ||
708 | * may use arbitrary fragmentation and even interleaving): | ||
709 | * Change cipher spec protocol | ||
710 | * just 1 byte needed, no need for keeping anything stored | ||
711 | * Alert protocol | ||
712 | * 2 bytes needed (AlertLevel, AlertDescription) | ||
713 | * Handshake protocol | ||
714 | * 4 bytes needed (HandshakeType, uint24 length) -- we just have | ||
715 | * to detect unexpected Client Hello and Hello Request messages | ||
716 | * here, anything else is handled by higher layers | ||
717 | * Application data protocol | ||
718 | * none of our business | ||
719 | */ | ||
720 | int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | ||
721 | { | ||
722 | int al,i,j,ret; | ||
723 | unsigned int n; | ||
724 | SSL3_RECORD *rr; | ||
725 | void (*cb)(const SSL *ssl,int type2,int val)=NULL; | ||
726 | |||
727 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | ||
728 | if (!ssl3_setup_buffers(s)) | ||
729 | return(-1); | ||
730 | |||
731 | /* XXX: check what the second '&& type' is about */ | ||
732 | if ((type && (type != SSL3_RT_APPLICATION_DATA) && | ||
733 | (type != SSL3_RT_HANDSHAKE) && type) || | ||
734 | (peek && (type != SSL3_RT_APPLICATION_DATA))) | ||
735 | { | ||
736 | SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
737 | return -1; | ||
738 | } | ||
739 | |||
740 | /* check whether there's a handshake message (client hello?) waiting */ | ||
741 | if ( (ret = have_handshake_fragment(s, type, buf, len, peek))) | ||
742 | return ret; | ||
743 | |||
744 | /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ | ||
745 | |||
746 | if (!s->in_handshake && SSL_in_init(s)) | ||
747 | { | ||
748 | /* type == SSL3_RT_APPLICATION_DATA */ | ||
749 | i=s->handshake_func(s); | ||
750 | if (i < 0) return(i); | ||
751 | if (i == 0) | ||
752 | { | ||
753 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
754 | return(-1); | ||
755 | } | ||
756 | } | ||
757 | |||
758 | start: | ||
759 | s->rwstate=SSL_NOTHING; | ||
760 | |||
761 | /* s->s3->rrec.type - is the type of record | ||
762 | * s->s3->rrec.data, - data | ||
763 | * s->s3->rrec.off, - offset into 'data' for next read | ||
764 | * s->s3->rrec.length, - number of bytes. */ | ||
765 | rr = &(s->s3->rrec); | ||
766 | |||
767 | /* We are not handshaking and have no data yet, | ||
768 | * so process data buffered during the last handshake | ||
769 | * in advance, if any. | ||
770 | */ | ||
771 | if (s->state == SSL_ST_OK && rr->length == 0) | ||
772 | { | ||
773 | pitem *item; | ||
774 | item = pqueue_pop(s->d1->buffered_app_data.q); | ||
775 | if (item) | ||
776 | { | ||
777 | dtls1_copy_record(s, item); | ||
778 | |||
779 | OPENSSL_free(item->data); | ||
780 | pitem_free(item); | ||
781 | } | ||
782 | } | ||
783 | |||
784 | /* Check for timeout */ | ||
785 | if (dtls1_handle_timeout(s) > 0) | ||
786 | goto start; | ||
787 | |||
788 | /* get new packet if necessary */ | ||
789 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) | ||
790 | { | ||
791 | ret=dtls1_get_record(s); | ||
792 | if (ret <= 0) | ||
793 | { | ||
794 | ret = dtls1_read_failed(s, ret); | ||
795 | /* anything other than a timeout is an error */ | ||
796 | if (ret <= 0) | ||
797 | return(ret); | ||
798 | else | ||
799 | goto start; | ||
800 | } | ||
801 | } | ||
802 | |||
803 | /* we now have a packet which can be read and processed */ | ||
804 | |||
805 | if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, | ||
806 | * reset by ssl3_get_finished */ | ||
807 | && (rr->type != SSL3_RT_HANDSHAKE)) | ||
808 | { | ||
809 | /* We now have application data between CCS and Finished. | ||
810 | * Most likely the packets were reordered on their way, so | ||
811 | * buffer the application data for later processing rather | ||
812 | * than dropping the connection. | ||
813 | */ | ||
814 | dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); | ||
815 | rr->length = 0; | ||
816 | goto start; | ||
817 | } | ||
818 | |||
819 | /* If the other end has shut down, throw anything we read away | ||
820 | * (even in 'peek' mode) */ | ||
821 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | ||
822 | { | ||
823 | rr->length=0; | ||
824 | s->rwstate=SSL_NOTHING; | ||
825 | return(0); | ||
826 | } | ||
827 | |||
828 | |||
829 | if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ | ||
830 | { | ||
831 | /* make sure that we are not getting application data when we | ||
832 | * are doing a handshake for the first time */ | ||
833 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | ||
834 | (s->enc_read_ctx == NULL)) | ||
835 | { | ||
836 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
837 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); | ||
838 | goto f_err; | ||
839 | } | ||
840 | |||
841 | if (len <= 0) return(len); | ||
842 | |||
843 | if ((unsigned int)len > rr->length) | ||
844 | n = rr->length; | ||
845 | else | ||
846 | n = (unsigned int)len; | ||
847 | |||
848 | memcpy(buf,&(rr->data[rr->off]),n); | ||
849 | if (!peek) | ||
850 | { | ||
851 | rr->length-=n; | ||
852 | rr->off+=n; | ||
853 | if (rr->length == 0) | ||
854 | { | ||
855 | s->rstate=SSL_ST_READ_HEADER; | ||
856 | rr->off=0; | ||
857 | } | ||
858 | } | ||
859 | return(n); | ||
860 | } | ||
861 | |||
862 | |||
863 | /* If we get here, then type != rr->type; if we have a handshake | ||
864 | * message, then it was unexpected (Hello Request or Client Hello). */ | ||
865 | |||
866 | /* In case of record types for which we have 'fragment' storage, | ||
867 | * fill that so that we can process the data at a fixed place. | ||
868 | */ | ||
869 | { | ||
870 | unsigned int k, dest_maxlen = 0; | ||
871 | unsigned char *dest = NULL; | ||
872 | unsigned int *dest_len = NULL; | ||
873 | |||
874 | if (rr->type == SSL3_RT_HANDSHAKE) | ||
875 | { | ||
876 | dest_maxlen = sizeof s->d1->handshake_fragment; | ||
877 | dest = s->d1->handshake_fragment; | ||
878 | dest_len = &s->d1->handshake_fragment_len; | ||
879 | } | ||
880 | else if (rr->type == SSL3_RT_ALERT) | ||
881 | { | ||
882 | dest_maxlen = sizeof(s->d1->alert_fragment); | ||
883 | dest = s->d1->alert_fragment; | ||
884 | dest_len = &s->d1->alert_fragment_len; | ||
885 | } | ||
886 | /* else it's a CCS message, or application data or wrong */ | ||
887 | else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) | ||
888 | { | ||
889 | /* Application data while renegotiating | ||
890 | * is allowed. Try again reading. | ||
891 | */ | ||
892 | if (rr->type == SSL3_RT_APPLICATION_DATA) | ||
893 | { | ||
894 | BIO *bio; | ||
895 | s->s3->in_read_app_data=2; | ||
896 | bio=SSL_get_rbio(s); | ||
897 | s->rwstate=SSL_READING; | ||
898 | BIO_clear_retry_flags(bio); | ||
899 | BIO_set_retry_read(bio); | ||
900 | return(-1); | ||
901 | } | ||
902 | |||
903 | /* Not certain if this is the right error handling */ | ||
904 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
905 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
906 | goto f_err; | ||
907 | } | ||
908 | |||
909 | if (dest_maxlen > 0) | ||
910 | { | ||
911 | /* XDTLS: In a pathalogical case, the Client Hello | ||
912 | * may be fragmented--don't always expect dest_maxlen bytes */ | ||
913 | if ( rr->length < dest_maxlen) | ||
914 | { | ||
915 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
916 | /* | ||
917 | * for normal alerts rr->length is 2, while | ||
918 | * dest_maxlen is 7 if we were to handle this | ||
919 | * non-existing alert... | ||
920 | */ | ||
921 | FIX ME | ||
922 | #endif | ||
923 | s->rstate=SSL_ST_READ_HEADER; | ||
924 | rr->length = 0; | ||
925 | goto start; | ||
926 | } | ||
927 | |||
928 | /* now move 'n' bytes: */ | ||
929 | for ( k = 0; k < dest_maxlen; k++) | ||
930 | { | ||
931 | dest[k] = rr->data[rr->off++]; | ||
932 | rr->length--; | ||
933 | } | ||
934 | *dest_len = dest_maxlen; | ||
935 | } | ||
936 | } | ||
937 | |||
938 | /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; | ||
939 | * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. | ||
940 | * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ | ||
941 | |||
942 | /* If we are a client, check for an incoming 'Hello Request': */ | ||
943 | if ((!s->server) && | ||
944 | (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && | ||
945 | (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && | ||
946 | (s->session != NULL) && (s->session->cipher != NULL)) | ||
947 | { | ||
948 | s->d1->handshake_fragment_len = 0; | ||
949 | |||
950 | if ((s->d1->handshake_fragment[1] != 0) || | ||
951 | (s->d1->handshake_fragment[2] != 0) || | ||
952 | (s->d1->handshake_fragment[3] != 0)) | ||
953 | { | ||
954 | al=SSL_AD_DECODE_ERROR; | ||
955 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); | ||
956 | goto err; | ||
957 | } | ||
958 | |||
959 | /* no need to check sequence number on HELLO REQUEST messages */ | ||
960 | |||
961 | if (s->msg_callback) | ||
962 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | ||
963 | s->d1->handshake_fragment, 4, s, s->msg_callback_arg); | ||
964 | |||
965 | if (SSL_is_init_finished(s) && | ||
966 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | ||
967 | !s->s3->renegotiate) | ||
968 | { | ||
969 | ssl3_renegotiate(s); | ||
970 | if (ssl3_renegotiate_check(s)) | ||
971 | { | ||
972 | i=s->handshake_func(s); | ||
973 | if (i < 0) return(i); | ||
974 | if (i == 0) | ||
975 | { | ||
976 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
977 | return(-1); | ||
978 | } | ||
979 | |||
980 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) | ||
981 | { | ||
982 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ | ||
983 | { | ||
984 | BIO *bio; | ||
985 | /* In the case where we try to read application data, | ||
986 | * but we trigger an SSL handshake, we return -1 with | ||
987 | * the retry option set. Otherwise renegotiation may | ||
988 | * cause nasty problems in the blocking world */ | ||
989 | s->rwstate=SSL_READING; | ||
990 | bio=SSL_get_rbio(s); | ||
991 | BIO_clear_retry_flags(bio); | ||
992 | BIO_set_retry_read(bio); | ||
993 | return(-1); | ||
994 | } | ||
995 | } | ||
996 | } | ||
997 | } | ||
998 | /* we either finished a handshake or ignored the request, | ||
999 | * now try again to obtain the (application) data we were asked for */ | ||
1000 | goto start; | ||
1001 | } | ||
1002 | |||
1003 | if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) | ||
1004 | { | ||
1005 | int alert_level = s->d1->alert_fragment[0]; | ||
1006 | int alert_descr = s->d1->alert_fragment[1]; | ||
1007 | |||
1008 | s->d1->alert_fragment_len = 0; | ||
1009 | |||
1010 | if (s->msg_callback) | ||
1011 | s->msg_callback(0, s->version, SSL3_RT_ALERT, | ||
1012 | s->d1->alert_fragment, 2, s, s->msg_callback_arg); | ||
1013 | |||
1014 | if (s->info_callback != NULL) | ||
1015 | cb=s->info_callback; | ||
1016 | else if (s->ctx->info_callback != NULL) | ||
1017 | cb=s->ctx->info_callback; | ||
1018 | |||
1019 | if (cb != NULL) | ||
1020 | { | ||
1021 | j = (alert_level << 8) | alert_descr; | ||
1022 | cb(s, SSL_CB_READ_ALERT, j); | ||
1023 | } | ||
1024 | |||
1025 | if (alert_level == 1) /* warning */ | ||
1026 | { | ||
1027 | s->s3->warn_alert = alert_descr; | ||
1028 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) | ||
1029 | { | ||
1030 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | ||
1031 | return(0); | ||
1032 | } | ||
1033 | #if 0 | ||
1034 | /* XXX: this is a possible improvement in the future */ | ||
1035 | /* now check if it's a missing record */ | ||
1036 | if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) | ||
1037 | { | ||
1038 | unsigned short seq; | ||
1039 | unsigned int frag_off; | ||
1040 | unsigned char *p = &(s->d1->alert_fragment[2]); | ||
1041 | |||
1042 | n2s(p, seq); | ||
1043 | n2l3(p, frag_off); | ||
1044 | |||
1045 | dtls1_retransmit_message(s, | ||
1046 | dtls1_get_queue_priority(frag->msg_header.seq, 0), | ||
1047 | frag_off, &found); | ||
1048 | if ( ! found && SSL_in_init(s)) | ||
1049 | { | ||
1050 | /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ | ||
1051 | /* requested a message not yet sent, | ||
1052 | send an alert ourselves */ | ||
1053 | ssl3_send_alert(s,SSL3_AL_WARNING, | ||
1054 | DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | ||
1055 | } | ||
1056 | } | ||
1057 | #endif | ||
1058 | } | ||
1059 | else if (alert_level == 2) /* fatal */ | ||
1060 | { | ||
1061 | char tmp[16]; | ||
1062 | |||
1063 | s->rwstate=SSL_NOTHING; | ||
1064 | s->s3->fatal_alert = alert_descr; | ||
1065 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | ||
1066 | BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); | ||
1067 | ERR_add_error_data(2,"SSL alert number ",tmp); | ||
1068 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | ||
1069 | SSL_CTX_remove_session(s->ctx,s->session); | ||
1070 | return(0); | ||
1071 | } | ||
1072 | else | ||
1073 | { | ||
1074 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
1075 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); | ||
1076 | goto f_err; | ||
1077 | } | ||
1078 | |||
1079 | goto start; | ||
1080 | } | ||
1081 | |||
1082 | if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ | ||
1083 | { | ||
1084 | s->rwstate=SSL_NOTHING; | ||
1085 | rr->length=0; | ||
1086 | return(0); | ||
1087 | } | ||
1088 | |||
1089 | if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) | ||
1090 | { | ||
1091 | struct ccs_header_st ccs_hdr; | ||
1092 | unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; | ||
1093 | |||
1094 | dtls1_get_ccs_header(rr->data, &ccs_hdr); | ||
1095 | |||
1096 | if (s->version == DTLS1_BAD_VER) | ||
1097 | ccs_hdr_len = 3; | ||
1098 | |||
1099 | /* 'Change Cipher Spec' is just a single byte, so we know | ||
1100 | * exactly what the record payload has to look like */ | ||
1101 | /* XDTLS: check that epoch is consistent */ | ||
1102 | if ( (rr->length != ccs_hdr_len) || | ||
1103 | (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) | ||
1104 | { | ||
1105 | i=SSL_AD_ILLEGAL_PARAMETER; | ||
1106 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); | ||
1107 | goto err; | ||
1108 | } | ||
1109 | |||
1110 | rr->length=0; | ||
1111 | |||
1112 | if (s->msg_callback) | ||
1113 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, | ||
1114 | rr->data, 1, s, s->msg_callback_arg); | ||
1115 | |||
1116 | /* We can't process a CCS now, because previous handshake | ||
1117 | * messages are still missing, so just drop it. | ||
1118 | */ | ||
1119 | if (!s->d1->change_cipher_spec_ok) | ||
1120 | { | ||
1121 | goto start; | ||
1122 | } | ||
1123 | |||
1124 | s->d1->change_cipher_spec_ok = 0; | ||
1125 | |||
1126 | s->s3->change_cipher_spec=1; | ||
1127 | if (!ssl3_do_change_cipher_spec(s)) | ||
1128 | goto err; | ||
1129 | |||
1130 | /* do this whenever CCS is processed */ | ||
1131 | dtls1_reset_seq_numbers(s, SSL3_CC_READ); | ||
1132 | |||
1133 | if (s->version == DTLS1_BAD_VER) | ||
1134 | s->d1->handshake_read_seq++; | ||
1135 | |||
1136 | goto start; | ||
1137 | } | ||
1138 | |||
1139 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | ||
1140 | if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && | ||
1141 | !s->in_handshake) | ||
1142 | { | ||
1143 | struct hm_header_st msg_hdr; | ||
1144 | |||
1145 | /* this may just be a stale retransmit */ | ||
1146 | dtls1_get_message_header(rr->data, &msg_hdr); | ||
1147 | if( rr->epoch != s->d1->r_epoch) | ||
1148 | { | ||
1149 | rr->length = 0; | ||
1150 | goto start; | ||
1151 | } | ||
1152 | |||
1153 | /* If we are server, we may have a repeated FINISHED of the | ||
1154 | * client here, then retransmit our CCS and FINISHED. | ||
1155 | */ | ||
1156 | if (msg_hdr.type == SSL3_MT_FINISHED) | ||
1157 | { | ||
1158 | dtls1_retransmit_buffered_messages(s); | ||
1159 | rr->length = 0; | ||
1160 | goto start; | ||
1161 | } | ||
1162 | |||
1163 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | ||
1164 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | ||
1165 | { | ||
1166 | #if 0 /* worked only because C operator preferences are not as expected (and | ||
1167 | * because this is not really needed for clients except for detecting | ||
1168 | * protocol violations): */ | ||
1169 | s->state=SSL_ST_BEFORE|(s->server) | ||
1170 | ?SSL_ST_ACCEPT | ||
1171 | :SSL_ST_CONNECT; | ||
1172 | #else | ||
1173 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | ||
1174 | #endif | ||
1175 | s->new_session=1; | ||
1176 | } | ||
1177 | i=s->handshake_func(s); | ||
1178 | if (i < 0) return(i); | ||
1179 | if (i == 0) | ||
1180 | { | ||
1181 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
1182 | return(-1); | ||
1183 | } | ||
1184 | |||
1185 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) | ||
1186 | { | ||
1187 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ | ||
1188 | { | ||
1189 | BIO *bio; | ||
1190 | /* In the case where we try to read application data, | ||
1191 | * but we trigger an SSL handshake, we return -1 with | ||
1192 | * the retry option set. Otherwise renegotiation may | ||
1193 | * cause nasty problems in the blocking world */ | ||
1194 | s->rwstate=SSL_READING; | ||
1195 | bio=SSL_get_rbio(s); | ||
1196 | BIO_clear_retry_flags(bio); | ||
1197 | BIO_set_retry_read(bio); | ||
1198 | return(-1); | ||
1199 | } | ||
1200 | } | ||
1201 | goto start; | ||
1202 | } | ||
1203 | |||
1204 | switch (rr->type) | ||
1205 | { | ||
1206 | default: | ||
1207 | #ifndef OPENSSL_NO_TLS | ||
1208 | /* TLS just ignores unknown message types */ | ||
1209 | if (s->version == TLS1_VERSION) | ||
1210 | { | ||
1211 | rr->length = 0; | ||
1212 | goto start; | ||
1213 | } | ||
1214 | #endif | ||
1215 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1216 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
1217 | goto f_err; | ||
1218 | case SSL3_RT_CHANGE_CIPHER_SPEC: | ||
1219 | case SSL3_RT_ALERT: | ||
1220 | case SSL3_RT_HANDSHAKE: | ||
1221 | /* we already handled all of these, with the possible exception | ||
1222 | * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that | ||
1223 | * should not happen when type != rr->type */ | ||
1224 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1225 | SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR); | ||
1226 | goto f_err; | ||
1227 | case SSL3_RT_APPLICATION_DATA: | ||
1228 | /* At this point, we were expecting handshake data, | ||
1229 | * but have application data. If the library was | ||
1230 | * running inside ssl3_read() (i.e. in_read_app_data | ||
1231 | * is set) and it makes sense to read application data | ||
1232 | * at this point (session renegotiation not yet started), | ||
1233 | * we will indulge it. | ||
1234 | */ | ||
1235 | if (s->s3->in_read_app_data && | ||
1236 | (s->s3->total_renegotiations != 0) && | ||
1237 | (( | ||
1238 | (s->state & SSL_ST_CONNECT) && | ||
1239 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | ||
1240 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A) | ||
1241 | ) || ( | ||
1242 | (s->state & SSL_ST_ACCEPT) && | ||
1243 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | ||
1244 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A) | ||
1245 | ) | ||
1246 | )) | ||
1247 | { | ||
1248 | s->s3->in_read_app_data=2; | ||
1249 | return(-1); | ||
1250 | } | ||
1251 | else | ||
1252 | { | ||
1253 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1254 | SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
1255 | goto f_err; | ||
1256 | } | ||
1257 | } | ||
1258 | /* not reached */ | ||
1259 | |||
1260 | f_err: | ||
1261 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1262 | err: | ||
1263 | return(-1); | ||
1264 | } | ||
1265 | |||
1266 | int | ||
1267 | dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) | ||
1268 | { | ||
1269 | int i; | ||
1270 | |||
1271 | if (SSL_in_init(s) && !s->in_handshake) | ||
1272 | { | ||
1273 | i=s->handshake_func(s); | ||
1274 | if (i < 0) return(i); | ||
1275 | if (i == 0) | ||
1276 | { | ||
1277 | SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
1278 | return -1; | ||
1279 | } | ||
1280 | } | ||
1281 | |||
1282 | if (len > SSL3_RT_MAX_PLAIN_LENGTH) | ||
1283 | { | ||
1284 | SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG); | ||
1285 | return -1; | ||
1286 | } | ||
1287 | |||
1288 | i = dtls1_write_bytes(s, type, buf_, len); | ||
1289 | return i; | ||
1290 | } | ||
1291 | |||
1292 | |||
1293 | /* this only happens when a client hello is received and a handshake | ||
1294 | * is started. */ | ||
1295 | static int | ||
1296 | have_handshake_fragment(SSL *s, int type, unsigned char *buf, | ||
1297 | int len, int peek) | ||
1298 | { | ||
1299 | |||
1300 | if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) | ||
1301 | /* (partially) satisfy request from storage */ | ||
1302 | { | ||
1303 | unsigned char *src = s->d1->handshake_fragment; | ||
1304 | unsigned char *dst = buf; | ||
1305 | unsigned int k,n; | ||
1306 | |||
1307 | /* peek == 0 */ | ||
1308 | n = 0; | ||
1309 | while ((len > 0) && (s->d1->handshake_fragment_len > 0)) | ||
1310 | { | ||
1311 | *dst++ = *src++; | ||
1312 | len--; s->d1->handshake_fragment_len--; | ||
1313 | n++; | ||
1314 | } | ||
1315 | /* move any remaining fragment bytes: */ | ||
1316 | for (k = 0; k < s->d1->handshake_fragment_len; k++) | ||
1317 | s->d1->handshake_fragment[k] = *src++; | ||
1318 | return n; | ||
1319 | } | ||
1320 | |||
1321 | return 0; | ||
1322 | } | ||
1323 | |||
1324 | |||
1325 | |||
1326 | |||
1327 | /* Call this to write data in records of type 'type' | ||
1328 | * It will return <= 0 if not all data has been sent or non-blocking IO. | ||
1329 | */ | ||
1330 | int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) | ||
1331 | { | ||
1332 | int i; | ||
1333 | |||
1334 | OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); | ||
1335 | s->rwstate=SSL_NOTHING; | ||
1336 | i=do_dtls1_write(s, type, buf, len, 0); | ||
1337 | return i; | ||
1338 | } | ||
1339 | |||
1340 | int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) | ||
1341 | { | ||
1342 | unsigned char *p,*pseq; | ||
1343 | int i,mac_size,clear=0; | ||
1344 | int prefix_len = 0; | ||
1345 | SSL3_RECORD *wr; | ||
1346 | SSL3_BUFFER *wb; | ||
1347 | SSL_SESSION *sess; | ||
1348 | int bs; | ||
1349 | |||
1350 | /* first check if there is a SSL3_BUFFER still being written | ||
1351 | * out. This will happen with non blocking IO */ | ||
1352 | if (s->s3->wbuf.left != 0) | ||
1353 | { | ||
1354 | OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ | ||
1355 | return(ssl3_write_pending(s,type,buf,len)); | ||
1356 | } | ||
1357 | |||
1358 | /* If we have an alert to send, lets send it */ | ||
1359 | if (s->s3->alert_dispatch) | ||
1360 | { | ||
1361 | i=s->method->ssl_dispatch_alert(s); | ||
1362 | if (i <= 0) | ||
1363 | return(i); | ||
1364 | /* if it went, fall through and send more stuff */ | ||
1365 | } | ||
1366 | |||
1367 | if (len == 0 && !create_empty_fragment) | ||
1368 | return 0; | ||
1369 | |||
1370 | wr= &(s->s3->wrec); | ||
1371 | wb= &(s->s3->wbuf); | ||
1372 | sess=s->session; | ||
1373 | |||
1374 | if ( (sess == NULL) || | ||
1375 | (s->enc_write_ctx == NULL) || | ||
1376 | (EVP_MD_CTX_md(s->write_hash) == NULL)) | ||
1377 | clear=1; | ||
1378 | |||
1379 | if (clear) | ||
1380 | mac_size=0; | ||
1381 | else | ||
1382 | { | ||
1383 | mac_size=EVP_MD_CTX_size(s->write_hash); | ||
1384 | if (mac_size < 0) | ||
1385 | goto err; | ||
1386 | } | ||
1387 | |||
1388 | /* DTLS implements explicit IV, so no need for empty fragments */ | ||
1389 | #if 0 | ||
1390 | /* 'create_empty_fragment' is true only when this function calls itself */ | ||
1391 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done | ||
1392 | && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) | ||
1393 | { | ||
1394 | /* countermeasure against known-IV weakness in CBC ciphersuites | ||
1395 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | ||
1396 | */ | ||
1397 | |||
1398 | if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) | ||
1399 | { | ||
1400 | /* recursive function call with 'create_empty_fragment' set; | ||
1401 | * this prepares and buffers the data for an empty fragment | ||
1402 | * (these 'prefix_len' bytes are sent out later | ||
1403 | * together with the actual payload) */ | ||
1404 | prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1); | ||
1405 | if (prefix_len <= 0) | ||
1406 | goto err; | ||
1407 | |||
1408 | if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) | ||
1409 | { | ||
1410 | /* insufficient space */ | ||
1411 | SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR); | ||
1412 | goto err; | ||
1413 | } | ||
1414 | } | ||
1415 | |||
1416 | s->s3->empty_fragment_done = 1; | ||
1417 | } | ||
1418 | #endif | ||
1419 | p = wb->buf + prefix_len; | ||
1420 | |||
1421 | /* write the header */ | ||
1422 | |||
1423 | *(p++)=type&0xff; | ||
1424 | wr->type=type; | ||
1425 | |||
1426 | *(p++)=(s->version>>8); | ||
1427 | *(p++)=s->version&0xff; | ||
1428 | |||
1429 | /* field where we are to write out packet epoch, seq num and len */ | ||
1430 | pseq=p; | ||
1431 | p+=10; | ||
1432 | |||
1433 | /* lets setup the record stuff. */ | ||
1434 | |||
1435 | /* Make space for the explicit IV in case of CBC. | ||
1436 | * (this is a bit of a boundary violation, but what the heck). | ||
1437 | */ | ||
1438 | if ( s->enc_write_ctx && | ||
1439 | (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) | ||
1440 | bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); | ||
1441 | else | ||
1442 | bs = 0; | ||
1443 | |||
1444 | wr->data=p + bs; /* make room for IV in case of CBC */ | ||
1445 | wr->length=(int)len; | ||
1446 | wr->input=(unsigned char *)buf; | ||
1447 | |||
1448 | /* we now 'read' from wr->input, wr->length bytes into | ||
1449 | * wr->data */ | ||
1450 | |||
1451 | /* first we compress */ | ||
1452 | if (s->compress != NULL) | ||
1453 | { | ||
1454 | if (!ssl3_do_compress(s)) | ||
1455 | { | ||
1456 | SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE); | ||
1457 | goto err; | ||
1458 | } | ||
1459 | } | ||
1460 | else | ||
1461 | { | ||
1462 | memcpy(wr->data,wr->input,wr->length); | ||
1463 | wr->input=wr->data; | ||
1464 | } | ||
1465 | |||
1466 | /* we should still have the output to wr->data and the input | ||
1467 | * from wr->input. Length should be wr->length. | ||
1468 | * wr->data still points in the wb->buf */ | ||
1469 | |||
1470 | if (mac_size != 0) | ||
1471 | { | ||
1472 | if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0) | ||
1473 | goto err; | ||
1474 | wr->length+=mac_size; | ||
1475 | } | ||
1476 | |||
1477 | /* this is true regardless of mac size */ | ||
1478 | wr->input=p; | ||
1479 | wr->data=p; | ||
1480 | |||
1481 | |||
1482 | /* ssl3_enc can only have an error on read */ | ||
1483 | if (bs) /* bs != 0 in case of CBC */ | ||
1484 | { | ||
1485 | RAND_pseudo_bytes(p,bs); | ||
1486 | /* master IV and last CBC residue stand for | ||
1487 | * the rest of randomness */ | ||
1488 | wr->length += bs; | ||
1489 | } | ||
1490 | |||
1491 | s->method->ssl3_enc->enc(s,1); | ||
1492 | |||
1493 | /* record length after mac and block padding */ | ||
1494 | /* if (type == SSL3_RT_APPLICATION_DATA || | ||
1495 | (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */ | ||
1496 | |||
1497 | /* there's only one epoch between handshake and app data */ | ||
1498 | |||
1499 | s2n(s->d1->w_epoch, pseq); | ||
1500 | |||
1501 | /* XDTLS: ?? */ | ||
1502 | /* else | ||
1503 | s2n(s->d1->handshake_epoch, pseq); */ | ||
1504 | |||
1505 | memcpy(pseq, &(s->s3->write_sequence[2]), 6); | ||
1506 | pseq+=6; | ||
1507 | s2n(wr->length,pseq); | ||
1508 | |||
1509 | /* we should now have | ||
1510 | * wr->data pointing to the encrypted data, which is | ||
1511 | * wr->length long */ | ||
1512 | wr->type=type; /* not needed but helps for debugging */ | ||
1513 | wr->length+=DTLS1_RT_HEADER_LENGTH; | ||
1514 | |||
1515 | #if 0 /* this is now done at the message layer */ | ||
1516 | /* buffer the record, making it easy to handle retransmits */ | ||
1517 | if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) | ||
1518 | dtls1_buffer_record(s, wr->data, wr->length, | ||
1519 | *((PQ_64BIT *)&(s->s3->write_sequence[0]))); | ||
1520 | #endif | ||
1521 | |||
1522 | ssl3_record_sequence_update(&(s->s3->write_sequence[0])); | ||
1523 | |||
1524 | if (create_empty_fragment) | ||
1525 | { | ||
1526 | /* we are in a recursive call; | ||
1527 | * just return the length, don't write out anything here | ||
1528 | */ | ||
1529 | return wr->length; | ||
1530 | } | ||
1531 | |||
1532 | /* now let's set up wb */ | ||
1533 | wb->left = prefix_len + wr->length; | ||
1534 | wb->offset = 0; | ||
1535 | |||
1536 | /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ | ||
1537 | s->s3->wpend_tot=len; | ||
1538 | s->s3->wpend_buf=buf; | ||
1539 | s->s3->wpend_type=type; | ||
1540 | s->s3->wpend_ret=len; | ||
1541 | |||
1542 | /* we now just need to write the buffer */ | ||
1543 | return ssl3_write_pending(s,type,buf,len); | ||
1544 | err: | ||
1545 | return -1; | ||
1546 | } | ||
1547 | |||
1548 | |||
1549 | |||
1550 | static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) | ||
1551 | { | ||
1552 | int cmp; | ||
1553 | unsigned int shift; | ||
1554 | const unsigned char *seq = s->s3->read_sequence; | ||
1555 | |||
1556 | cmp = satsub64be(seq,bitmap->max_seq_num); | ||
1557 | if (cmp > 0) | ||
1558 | { | ||
1559 | memcpy (s->s3->rrec.seq_num,seq,8); | ||
1560 | return 1; /* this record in new */ | ||
1561 | } | ||
1562 | shift = -cmp; | ||
1563 | if (shift >= sizeof(bitmap->map)*8) | ||
1564 | return 0; /* stale, outside the window */ | ||
1565 | else if (bitmap->map & (1UL<<shift)) | ||
1566 | return 0; /* record previously received */ | ||
1567 | |||
1568 | memcpy (s->s3->rrec.seq_num,seq,8); | ||
1569 | return 1; | ||
1570 | } | ||
1571 | |||
1572 | |||
1573 | static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) | ||
1574 | { | ||
1575 | int cmp; | ||
1576 | unsigned int shift; | ||
1577 | const unsigned char *seq = s->s3->read_sequence; | ||
1578 | |||
1579 | cmp = satsub64be(seq,bitmap->max_seq_num); | ||
1580 | if (cmp > 0) | ||
1581 | { | ||
1582 | shift = cmp; | ||
1583 | if (shift < sizeof(bitmap->map)*8) | ||
1584 | bitmap->map <<= shift, bitmap->map |= 1UL; | ||
1585 | else | ||
1586 | bitmap->map = 1UL; | ||
1587 | memcpy(bitmap->max_seq_num,seq,8); | ||
1588 | } | ||
1589 | else { | ||
1590 | shift = -cmp; | ||
1591 | if (shift < sizeof(bitmap->map)*8) | ||
1592 | bitmap->map |= 1UL<<shift; | ||
1593 | } | ||
1594 | } | ||
1595 | |||
1596 | |||
1597 | int dtls1_dispatch_alert(SSL *s) | ||
1598 | { | ||
1599 | int i,j; | ||
1600 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
1601 | unsigned char buf[DTLS1_AL_HEADER_LENGTH]; | ||
1602 | unsigned char *ptr = &buf[0]; | ||
1603 | |||
1604 | s->s3->alert_dispatch=0; | ||
1605 | |||
1606 | memset(buf, 0x00, sizeof(buf)); | ||
1607 | *ptr++ = s->s3->send_alert[0]; | ||
1608 | *ptr++ = s->s3->send_alert[1]; | ||
1609 | |||
1610 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
1611 | if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) | ||
1612 | { | ||
1613 | s2n(s->d1->handshake_read_seq, ptr); | ||
1614 | #if 0 | ||
1615 | if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ | ||
1616 | |||
1617 | else | ||
1618 | s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */ | ||
1619 | #endif | ||
1620 | |||
1621 | #if 0 | ||
1622 | fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq); | ||
1623 | #endif | ||
1624 | l2n3(s->d1->r_msg_hdr.frag_off, ptr); | ||
1625 | } | ||
1626 | #endif | ||
1627 | |||
1628 | i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); | ||
1629 | if (i <= 0) | ||
1630 | { | ||
1631 | s->s3->alert_dispatch=1; | ||
1632 | /* fprintf( stderr, "not done with alert\n" ); */ | ||
1633 | } | ||
1634 | else | ||
1635 | { | ||
1636 | if (s->s3->send_alert[0] == SSL3_AL_FATAL | ||
1637 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
1638 | || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
1639 | #endif | ||
1640 | ) | ||
1641 | (void)BIO_flush(s->wbio); | ||
1642 | |||
1643 | if (s->msg_callback) | ||
1644 | s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, | ||
1645 | 2, s, s->msg_callback_arg); | ||
1646 | |||
1647 | if (s->info_callback != NULL) | ||
1648 | cb=s->info_callback; | ||
1649 | else if (s->ctx->info_callback != NULL) | ||
1650 | cb=s->ctx->info_callback; | ||
1651 | |||
1652 | if (cb != NULL) | ||
1653 | { | ||
1654 | j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; | ||
1655 | cb(s,SSL_CB_WRITE_ALERT,j); | ||
1656 | } | ||
1657 | } | ||
1658 | return(i); | ||
1659 | } | ||
1660 | |||
1661 | |||
1662 | static DTLS1_BITMAP * | ||
1663 | dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) | ||
1664 | { | ||
1665 | |||
1666 | *is_next_epoch = 0; | ||
1667 | |||
1668 | /* In current epoch, accept HM, CCS, DATA, & ALERT */ | ||
1669 | if (rr->epoch == s->d1->r_epoch) | ||
1670 | return &s->d1->bitmap; | ||
1671 | |||
1672 | /* Only HM and ALERT messages can be from the next epoch */ | ||
1673 | else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && | ||
1674 | (rr->type == SSL3_RT_HANDSHAKE || | ||
1675 | rr->type == SSL3_RT_ALERT)) | ||
1676 | { | ||
1677 | *is_next_epoch = 1; | ||
1678 | return &s->d1->next_bitmap; | ||
1679 | } | ||
1680 | |||
1681 | return NULL; | ||
1682 | } | ||
1683 | |||
1684 | #if 0 | ||
1685 | static int | ||
1686 | dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, | ||
1687 | unsigned long *offset) | ||
1688 | { | ||
1689 | |||
1690 | /* alerts are passed up immediately */ | ||
1691 | if ( rr->type == SSL3_RT_APPLICATION_DATA || | ||
1692 | rr->type == SSL3_RT_ALERT) | ||
1693 | return 0; | ||
1694 | |||
1695 | /* Only need to buffer if a handshake is underway. | ||
1696 | * (this implies that Hello Request and Client Hello are passed up | ||
1697 | * immediately) */ | ||
1698 | if ( SSL_in_init(s)) | ||
1699 | { | ||
1700 | unsigned char *data = rr->data; | ||
1701 | /* need to extract the HM/CCS sequence number here */ | ||
1702 | if ( rr->type == SSL3_RT_HANDSHAKE || | ||
1703 | rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) | ||
1704 | { | ||
1705 | unsigned short seq_num; | ||
1706 | struct hm_header_st msg_hdr; | ||
1707 | struct ccs_header_st ccs_hdr; | ||
1708 | |||
1709 | if ( rr->type == SSL3_RT_HANDSHAKE) | ||
1710 | { | ||
1711 | dtls1_get_message_header(data, &msg_hdr); | ||
1712 | seq_num = msg_hdr.seq; | ||
1713 | *offset = msg_hdr.frag_off; | ||
1714 | } | ||
1715 | else | ||
1716 | { | ||
1717 | dtls1_get_ccs_header(data, &ccs_hdr); | ||
1718 | seq_num = ccs_hdr.seq; | ||
1719 | *offset = 0; | ||
1720 | } | ||
1721 | |||
1722 | /* this is either a record we're waiting for, or a | ||
1723 | * retransmit of something we happened to previously | ||
1724 | * receive (higher layers will drop the repeat silently */ | ||
1725 | if ( seq_num < s->d1->handshake_read_seq) | ||
1726 | return 0; | ||
1727 | if (rr->type == SSL3_RT_HANDSHAKE && | ||
1728 | seq_num == s->d1->handshake_read_seq && | ||
1729 | msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off) | ||
1730 | return 0; | ||
1731 | else if ( seq_num == s->d1->handshake_read_seq && | ||
1732 | (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC || | ||
1733 | msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off)) | ||
1734 | return 0; | ||
1735 | else | ||
1736 | { | ||
1737 | *priority = seq_num; | ||
1738 | return 1; | ||
1739 | } | ||
1740 | } | ||
1741 | else /* unknown record type */ | ||
1742 | return 0; | ||
1743 | } | ||
1744 | |||
1745 | return 0; | ||
1746 | } | ||
1747 | #endif | ||
1748 | |||
1749 | void | ||
1750 | dtls1_reset_seq_numbers(SSL *s, int rw) | ||
1751 | { | ||
1752 | unsigned char *seq; | ||
1753 | unsigned int seq_bytes = sizeof(s->s3->read_sequence); | ||
1754 | |||
1755 | if ( rw & SSL3_CC_READ) | ||
1756 | { | ||
1757 | seq = s->s3->read_sequence; | ||
1758 | s->d1->r_epoch++; | ||
1759 | memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); | ||
1760 | memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); | ||
1761 | } | ||
1762 | else | ||
1763 | { | ||
1764 | seq = s->s3->write_sequence; | ||
1765 | memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); | ||
1766 | s->d1->w_epoch++; | ||
1767 | } | ||
1768 | |||
1769 | memset(seq, 0x00, seq_bytes); | ||
1770 | } | ||
1771 | |||
1772 | |||
1773 | static void | ||
1774 | dtls1_clear_timeouts(SSL *s) | ||
1775 | { | ||
1776 | memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st)); | ||
1777 | } | ||
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c deleted file mode 100644 index 149983be30..0000000000 --- a/src/lib/libssl/d1_srvr.c +++ /dev/null | |||
@@ -1,1563 +0,0 @@ | |||
1 | /* ssl/d1_srvr.c */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
60 | * All rights reserved. | ||
61 | * | ||
62 | * This package is an SSL implementation written | ||
63 | * by Eric Young (eay@cryptsoft.com). | ||
64 | * The implementation was written so as to conform with Netscapes SSL. | ||
65 | * | ||
66 | * This library is free for commercial and non-commercial use as long as | ||
67 | * the following conditions are aheared to. The following conditions | ||
68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
70 | * included with this distribution is covered by the same copyright terms | ||
71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
72 | * | ||
73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
74 | * the code are not to be removed. | ||
75 | * If this package is used in a product, Eric Young should be given attribution | ||
76 | * as the author of the parts of the library used. | ||
77 | * This can be in the form of a textual message at program startup or | ||
78 | * in documentation (online or textual) provided with the package. | ||
79 | * | ||
80 | * Redistribution and use in source and binary forms, with or without | ||
81 | * modification, are permitted provided that the following conditions | ||
82 | * are met: | ||
83 | * 1. Redistributions of source code must retain the copyright | ||
84 | * notice, this list of conditions and the following disclaimer. | ||
85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
86 | * notice, this list of conditions and the following disclaimer in the | ||
87 | * documentation and/or other materials provided with the distribution. | ||
88 | * 3. All advertising materials mentioning features or use of this software | ||
89 | * must display the following acknowledgement: | ||
90 | * "This product includes cryptographic software written by | ||
91 | * Eric Young (eay@cryptsoft.com)" | ||
92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
93 | * being used are not cryptographic related :-). | ||
94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
95 | * the apps directory (application code) you must include an acknowledgement: | ||
96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
97 | * | ||
98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
108 | * SUCH DAMAGE. | ||
109 | * | ||
110 | * The licence and distribution terms for any publically available version or | ||
111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
112 | * copied and put under another distribution licence | ||
113 | * [including the GNU Public Licence.] | ||
114 | */ | ||
115 | |||
116 | #include <stdio.h> | ||
117 | #include "ssl_locl.h" | ||
118 | #include <openssl/buffer.h> | ||
119 | #include <openssl/rand.h> | ||
120 | #include <openssl/objects.h> | ||
121 | #include <openssl/evp.h> | ||
122 | #include <openssl/x509.h> | ||
123 | #include <openssl/md5.h> | ||
124 | #include <openssl/bn.h> | ||
125 | #ifndef OPENSSL_NO_DH | ||
126 | #include <openssl/dh.h> | ||
127 | #endif | ||
128 | |||
129 | static const SSL_METHOD *dtls1_get_server_method(int ver); | ||
130 | static int dtls1_send_hello_verify_request(SSL *s); | ||
131 | |||
132 | static const SSL_METHOD *dtls1_get_server_method(int ver) | ||
133 | { | ||
134 | if (ver == DTLS1_VERSION) | ||
135 | return(DTLSv1_server_method()); | ||
136 | else | ||
137 | return(NULL); | ||
138 | } | ||
139 | |||
140 | IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, | ||
141 | dtls1_accept, | ||
142 | ssl_undefined_function, | ||
143 | dtls1_get_server_method) | ||
144 | |||
145 | int dtls1_accept(SSL *s) | ||
146 | { | ||
147 | BUF_MEM *buf; | ||
148 | unsigned long Time=(unsigned long)time(NULL); | ||
149 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
150 | unsigned long alg_k; | ||
151 | int ret= -1; | ||
152 | int new_state,state,skip=0; | ||
153 | int listen; | ||
154 | |||
155 | RAND_add(&Time,sizeof(Time),0); | ||
156 | ERR_clear_error(); | ||
157 | clear_sys_error(); | ||
158 | |||
159 | if (s->info_callback != NULL) | ||
160 | cb=s->info_callback; | ||
161 | else if (s->ctx->info_callback != NULL) | ||
162 | cb=s->ctx->info_callback; | ||
163 | |||
164 | listen = s->d1->listen; | ||
165 | |||
166 | /* init things to blank */ | ||
167 | s->in_handshake++; | ||
168 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
169 | |||
170 | s->d1->listen = listen; | ||
171 | |||
172 | if (s->cert == NULL) | ||
173 | { | ||
174 | SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); | ||
175 | return(-1); | ||
176 | } | ||
177 | |||
178 | for (;;) | ||
179 | { | ||
180 | state=s->state; | ||
181 | |||
182 | switch (s->state) | ||
183 | { | ||
184 | case SSL_ST_RENEGOTIATE: | ||
185 | s->new_session=1; | ||
186 | /* s->state=SSL_ST_ACCEPT; */ | ||
187 | |||
188 | case SSL_ST_BEFORE: | ||
189 | case SSL_ST_ACCEPT: | ||
190 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
191 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
192 | |||
193 | s->server=1; | ||
194 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | ||
195 | |||
196 | if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) | ||
197 | { | ||
198 | SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); | ||
199 | return -1; | ||
200 | } | ||
201 | s->type=SSL_ST_ACCEPT; | ||
202 | |||
203 | if (s->init_buf == NULL) | ||
204 | { | ||
205 | if ((buf=BUF_MEM_new()) == NULL) | ||
206 | { | ||
207 | ret= -1; | ||
208 | goto end; | ||
209 | } | ||
210 | if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) | ||
211 | { | ||
212 | ret= -1; | ||
213 | goto end; | ||
214 | } | ||
215 | s->init_buf=buf; | ||
216 | } | ||
217 | |||
218 | if (!ssl3_setup_buffers(s)) | ||
219 | { | ||
220 | ret= -1; | ||
221 | goto end; | ||
222 | } | ||
223 | |||
224 | s->init_num=0; | ||
225 | |||
226 | if (s->state != SSL_ST_RENEGOTIATE) | ||
227 | { | ||
228 | /* Ok, we now need to push on a buffering BIO so that | ||
229 | * the output is sent in a way that TCP likes :-) | ||
230 | */ | ||
231 | if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } | ||
232 | |||
233 | ssl3_init_finished_mac(s); | ||
234 | s->state=SSL3_ST_SR_CLNT_HELLO_A; | ||
235 | s->ctx->stats.sess_accept++; | ||
236 | } | ||
237 | else | ||
238 | { | ||
239 | /* s->state == SSL_ST_RENEGOTIATE, | ||
240 | * we will just send a HelloRequest */ | ||
241 | s->ctx->stats.sess_accept_renegotiate++; | ||
242 | s->state=SSL3_ST_SW_HELLO_REQ_A; | ||
243 | } | ||
244 | |||
245 | break; | ||
246 | |||
247 | case SSL3_ST_SW_HELLO_REQ_A: | ||
248 | case SSL3_ST_SW_HELLO_REQ_B: | ||
249 | |||
250 | s->shutdown=0; | ||
251 | dtls1_start_timer(s); | ||
252 | ret=dtls1_send_hello_request(s); | ||
253 | if (ret <= 0) goto end; | ||
254 | s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; | ||
255 | s->state=SSL3_ST_SW_FLUSH; | ||
256 | s->init_num=0; | ||
257 | |||
258 | ssl3_init_finished_mac(s); | ||
259 | break; | ||
260 | |||
261 | case SSL3_ST_SW_HELLO_REQ_C: | ||
262 | s->state=SSL_ST_OK; | ||
263 | break; | ||
264 | |||
265 | case SSL3_ST_SR_CLNT_HELLO_A: | ||
266 | case SSL3_ST_SR_CLNT_HELLO_B: | ||
267 | case SSL3_ST_SR_CLNT_HELLO_C: | ||
268 | |||
269 | s->shutdown=0; | ||
270 | ret=ssl3_get_client_hello(s); | ||
271 | if (ret <= 0) goto end; | ||
272 | dtls1_stop_timer(s); | ||
273 | |||
274 | if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) | ||
275 | s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; | ||
276 | else | ||
277 | s->state = SSL3_ST_SW_SRVR_HELLO_A; | ||
278 | |||
279 | s->init_num=0; | ||
280 | |||
281 | /* Reflect ClientHello sequence to remain stateless while listening */ | ||
282 | if (listen) | ||
283 | { | ||
284 | memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); | ||
285 | } | ||
286 | |||
287 | /* If we're just listening, stop here */ | ||
288 | if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) | ||
289 | { | ||
290 | ret = 2; | ||
291 | s->d1->listen = 0; | ||
292 | /* Set expected sequence numbers | ||
293 | * to continue the handshake. | ||
294 | */ | ||
295 | s->d1->handshake_read_seq = 2; | ||
296 | s->d1->handshake_write_seq = 1; | ||
297 | s->d1->next_handshake_write_seq = 1; | ||
298 | goto end; | ||
299 | } | ||
300 | |||
301 | break; | ||
302 | |||
303 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
304 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
305 | |||
306 | ret = dtls1_send_hello_verify_request(s); | ||
307 | if ( ret <= 0) goto end; | ||
308 | s->state=SSL3_ST_SW_FLUSH; | ||
309 | s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; | ||
310 | |||
311 | /* HelloVerifyRequest resets Finished MAC */ | ||
312 | if (s->version != DTLS1_BAD_VER) | ||
313 | ssl3_init_finished_mac(s); | ||
314 | break; | ||
315 | |||
316 | case SSL3_ST_SW_SRVR_HELLO_A: | ||
317 | case SSL3_ST_SW_SRVR_HELLO_B: | ||
318 | s->new_session = 2; | ||
319 | dtls1_start_timer(s); | ||
320 | ret=dtls1_send_server_hello(s); | ||
321 | if (ret <= 0) goto end; | ||
322 | |||
323 | #ifndef OPENSSL_NO_TLSEXT | ||
324 | if (s->hit) | ||
325 | { | ||
326 | if (s->tlsext_ticket_expected) | ||
327 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
328 | else | ||
329 | s->state=SSL3_ST_SW_CHANGE_A; | ||
330 | } | ||
331 | #else | ||
332 | if (s->hit) | ||
333 | s->state=SSL3_ST_SW_CHANGE_A; | ||
334 | #endif | ||
335 | else | ||
336 | s->state=SSL3_ST_SW_CERT_A; | ||
337 | s->init_num=0; | ||
338 | break; | ||
339 | |||
340 | case SSL3_ST_SW_CERT_A: | ||
341 | case SSL3_ST_SW_CERT_B: | ||
342 | /* Check if it is anon DH or normal PSK */ | ||
343 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) | ||
344 | && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | ||
345 | { | ||
346 | dtls1_start_timer(s); | ||
347 | ret=dtls1_send_server_certificate(s); | ||
348 | if (ret <= 0) goto end; | ||
349 | #ifndef OPENSSL_NO_TLSEXT | ||
350 | if (s->tlsext_status_expected) | ||
351 | s->state=SSL3_ST_SW_CERT_STATUS_A; | ||
352 | else | ||
353 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
354 | } | ||
355 | else | ||
356 | { | ||
357 | skip = 1; | ||
358 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
359 | } | ||
360 | #else | ||
361 | } | ||
362 | else | ||
363 | skip=1; | ||
364 | |||
365 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
366 | #endif | ||
367 | s->init_num=0; | ||
368 | break; | ||
369 | |||
370 | case SSL3_ST_SW_KEY_EXCH_A: | ||
371 | case SSL3_ST_SW_KEY_EXCH_B: | ||
372 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
373 | |||
374 | /* clear this, it may get reset by | ||
375 | * send_server_key_exchange */ | ||
376 | if ((s->options & SSL_OP_EPHEMERAL_RSA) | ||
377 | #ifndef OPENSSL_NO_KRB5 | ||
378 | && !(alg_k & SSL_kKRB5) | ||
379 | #endif /* OPENSSL_NO_KRB5 */ | ||
380 | ) | ||
381 | /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key | ||
382 | * even when forbidden by protocol specs | ||
383 | * (handshake may fail as clients are not required to | ||
384 | * be able to handle this) */ | ||
385 | s->s3->tmp.use_rsa_tmp=1; | ||
386 | else | ||
387 | s->s3->tmp.use_rsa_tmp=0; | ||
388 | |||
389 | /* only send if a DH key exchange or | ||
390 | * RSA but we have a sign only certificate */ | ||
391 | if (s->s3->tmp.use_rsa_tmp | ||
392 | /* PSK: send ServerKeyExchange if PSK identity | ||
393 | * hint if provided */ | ||
394 | #ifndef OPENSSL_NO_PSK | ||
395 | || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) | ||
396 | #endif | ||
397 | || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | ||
398 | || (alg_k & SSL_kEECDH) | ||
399 | || ((alg_k & SSL_kRSA) | ||
400 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL | ||
401 | || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) | ||
402 | && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) | ||
403 | ) | ||
404 | ) | ||
405 | ) | ||
406 | ) | ||
407 | { | ||
408 | dtls1_start_timer(s); | ||
409 | ret=dtls1_send_server_key_exchange(s); | ||
410 | if (ret <= 0) goto end; | ||
411 | } | ||
412 | else | ||
413 | skip=1; | ||
414 | |||
415 | s->state=SSL3_ST_SW_CERT_REQ_A; | ||
416 | s->init_num=0; | ||
417 | break; | ||
418 | |||
419 | case SSL3_ST_SW_CERT_REQ_A: | ||
420 | case SSL3_ST_SW_CERT_REQ_B: | ||
421 | if (/* don't request cert unless asked for it: */ | ||
422 | !(s->verify_mode & SSL_VERIFY_PEER) || | ||
423 | /* if SSL_VERIFY_CLIENT_ONCE is set, | ||
424 | * don't request cert during re-negotiation: */ | ||
425 | ((s->session->peer != NULL) && | ||
426 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | ||
427 | /* never request cert in anonymous ciphersuites | ||
428 | * (see section "Certificate request" in SSL 3 drafts | ||
429 | * and in RFC 2246): */ | ||
430 | ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && | ||
431 | /* ... except when the application insists on verification | ||
432 | * (against the specs, but s3_clnt.c accepts this for SSL 3) */ | ||
433 | !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || | ||
434 | /* never request cert in Kerberos ciphersuites */ | ||
435 | (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) | ||
436 | /* With normal PSK Certificates and | ||
437 | * Certificate Requests are omitted */ | ||
438 | || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | ||
439 | { | ||
440 | /* no cert request */ | ||
441 | skip=1; | ||
442 | s->s3->tmp.cert_request=0; | ||
443 | s->state=SSL3_ST_SW_SRVR_DONE_A; | ||
444 | } | ||
445 | else | ||
446 | { | ||
447 | s->s3->tmp.cert_request=1; | ||
448 | dtls1_start_timer(s); | ||
449 | ret=dtls1_send_certificate_request(s); | ||
450 | if (ret <= 0) goto end; | ||
451 | #ifndef NETSCAPE_HANG_BUG | ||
452 | s->state=SSL3_ST_SW_SRVR_DONE_A; | ||
453 | #else | ||
454 | s->state=SSL3_ST_SW_FLUSH; | ||
455 | s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; | ||
456 | #endif | ||
457 | s->init_num=0; | ||
458 | } | ||
459 | break; | ||
460 | |||
461 | case SSL3_ST_SW_SRVR_DONE_A: | ||
462 | case SSL3_ST_SW_SRVR_DONE_B: | ||
463 | dtls1_start_timer(s); | ||
464 | ret=dtls1_send_server_done(s); | ||
465 | if (ret <= 0) goto end; | ||
466 | s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; | ||
467 | s->state=SSL3_ST_SW_FLUSH; | ||
468 | s->init_num=0; | ||
469 | break; | ||
470 | |||
471 | case SSL3_ST_SW_FLUSH: | ||
472 | s->rwstate=SSL_WRITING; | ||
473 | if (BIO_flush(s->wbio) <= 0) | ||
474 | { | ||
475 | ret= -1; | ||
476 | goto end; | ||
477 | } | ||
478 | s->rwstate=SSL_NOTHING; | ||
479 | s->state=s->s3->tmp.next_state; | ||
480 | break; | ||
481 | |||
482 | case SSL3_ST_SR_CERT_A: | ||
483 | case SSL3_ST_SR_CERT_B: | ||
484 | /* Check for second client hello (MS SGC) */ | ||
485 | ret = ssl3_check_client_hello(s); | ||
486 | if (ret <= 0) | ||
487 | goto end; | ||
488 | dtls1_stop_timer(s); | ||
489 | if (ret == 2) | ||
490 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | ||
491 | else { | ||
492 | /* could be sent for a DH cert, even if we | ||
493 | * have not asked for it :-) */ | ||
494 | ret=ssl3_get_client_certificate(s); | ||
495 | if (ret <= 0) goto end; | ||
496 | dtls1_stop_timer(s); | ||
497 | s->init_num=0; | ||
498 | s->state=SSL3_ST_SR_KEY_EXCH_A; | ||
499 | } | ||
500 | break; | ||
501 | |||
502 | case SSL3_ST_SR_KEY_EXCH_A: | ||
503 | case SSL3_ST_SR_KEY_EXCH_B: | ||
504 | ret=ssl3_get_client_key_exchange(s); | ||
505 | if (ret <= 0) goto end; | ||
506 | dtls1_stop_timer(s); | ||
507 | s->state=SSL3_ST_SR_CERT_VRFY_A; | ||
508 | s->init_num=0; | ||
509 | |||
510 | if (ret == 2) | ||
511 | { | ||
512 | /* For the ECDH ciphersuites when | ||
513 | * the client sends its ECDH pub key in | ||
514 | * a certificate, the CertificateVerify | ||
515 | * message is not sent. | ||
516 | */ | ||
517 | s->state=SSL3_ST_SR_FINISHED_A; | ||
518 | s->init_num = 0; | ||
519 | } | ||
520 | else | ||
521 | { | ||
522 | s->state=SSL3_ST_SR_CERT_VRFY_A; | ||
523 | s->init_num=0; | ||
524 | |||
525 | /* We need to get hashes here so if there is | ||
526 | * a client cert, it can be verified */ | ||
527 | s->method->ssl3_enc->cert_verify_mac(s, | ||
528 | NID_md5, | ||
529 | &(s->s3->tmp.cert_verify_md[0])); | ||
530 | s->method->ssl3_enc->cert_verify_mac(s, | ||
531 | NID_sha1, | ||
532 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | ||
533 | } | ||
534 | break; | ||
535 | |||
536 | case SSL3_ST_SR_CERT_VRFY_A: | ||
537 | case SSL3_ST_SR_CERT_VRFY_B: | ||
538 | |||
539 | s->d1->change_cipher_spec_ok = 1; | ||
540 | /* we should decide if we expected this one */ | ||
541 | ret=ssl3_get_cert_verify(s); | ||
542 | if (ret <= 0) goto end; | ||
543 | dtls1_stop_timer(s); | ||
544 | |||
545 | s->state=SSL3_ST_SR_FINISHED_A; | ||
546 | s->init_num=0; | ||
547 | break; | ||
548 | |||
549 | case SSL3_ST_SR_FINISHED_A: | ||
550 | case SSL3_ST_SR_FINISHED_B: | ||
551 | s->d1->change_cipher_spec_ok = 1; | ||
552 | ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, | ||
553 | SSL3_ST_SR_FINISHED_B); | ||
554 | if (ret <= 0) goto end; | ||
555 | dtls1_stop_timer(s); | ||
556 | if (s->hit) | ||
557 | s->state=SSL_ST_OK; | ||
558 | #ifndef OPENSSL_NO_TLSEXT | ||
559 | else if (s->tlsext_ticket_expected) | ||
560 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
561 | #endif | ||
562 | else | ||
563 | s->state=SSL3_ST_SW_CHANGE_A; | ||
564 | s->init_num=0; | ||
565 | break; | ||
566 | |||
567 | #ifndef OPENSSL_NO_TLSEXT | ||
568 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
569 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
570 | ret=dtls1_send_newsession_ticket(s); | ||
571 | if (ret <= 0) goto end; | ||
572 | s->state=SSL3_ST_SW_CHANGE_A; | ||
573 | s->init_num=0; | ||
574 | break; | ||
575 | |||
576 | case SSL3_ST_SW_CERT_STATUS_A: | ||
577 | case SSL3_ST_SW_CERT_STATUS_B: | ||
578 | ret=ssl3_send_cert_status(s); | ||
579 | if (ret <= 0) goto end; | ||
580 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
581 | s->init_num=0; | ||
582 | break; | ||
583 | |||
584 | #endif | ||
585 | |||
586 | case SSL3_ST_SW_CHANGE_A: | ||
587 | case SSL3_ST_SW_CHANGE_B: | ||
588 | |||
589 | s->session->cipher=s->s3->tmp.new_cipher; | ||
590 | if (!s->method->ssl3_enc->setup_key_block(s)) | ||
591 | { ret= -1; goto end; } | ||
592 | |||
593 | ret=dtls1_send_change_cipher_spec(s, | ||
594 | SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); | ||
595 | |||
596 | if (ret <= 0) goto end; | ||
597 | s->state=SSL3_ST_SW_FINISHED_A; | ||
598 | s->init_num=0; | ||
599 | |||
600 | if (!s->method->ssl3_enc->change_cipher_state(s, | ||
601 | SSL3_CHANGE_CIPHER_SERVER_WRITE)) | ||
602 | { | ||
603 | ret= -1; | ||
604 | goto end; | ||
605 | } | ||
606 | |||
607 | dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); | ||
608 | break; | ||
609 | |||
610 | case SSL3_ST_SW_FINISHED_A: | ||
611 | case SSL3_ST_SW_FINISHED_B: | ||
612 | ret=dtls1_send_finished(s, | ||
613 | SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, | ||
614 | s->method->ssl3_enc->server_finished_label, | ||
615 | s->method->ssl3_enc->server_finished_label_len); | ||
616 | if (ret <= 0) goto end; | ||
617 | s->state=SSL3_ST_SW_FLUSH; | ||
618 | if (s->hit) | ||
619 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
620 | else | ||
621 | s->s3->tmp.next_state=SSL_ST_OK; | ||
622 | s->init_num=0; | ||
623 | break; | ||
624 | |||
625 | case SSL_ST_OK: | ||
626 | /* clean a few things up */ | ||
627 | ssl3_cleanup_key_block(s); | ||
628 | |||
629 | #if 0 | ||
630 | BUF_MEM_free(s->init_buf); | ||
631 | s->init_buf=NULL; | ||
632 | #endif | ||
633 | |||
634 | /* remove buffering on output */ | ||
635 | ssl_free_wbio_buffer(s); | ||
636 | |||
637 | s->init_num=0; | ||
638 | |||
639 | if (s->new_session == 2) /* skipped if we just sent a HelloRequest */ | ||
640 | { | ||
641 | /* actually not necessarily a 'new' session unless | ||
642 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | ||
643 | |||
644 | s->new_session=0; | ||
645 | |||
646 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); | ||
647 | |||
648 | s->ctx->stats.sess_accept_good++; | ||
649 | /* s->server=1; */ | ||
650 | s->handshake_func=dtls1_accept; | ||
651 | |||
652 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | ||
653 | } | ||
654 | |||
655 | ret = 1; | ||
656 | |||
657 | /* done handshaking, next message is client hello */ | ||
658 | s->d1->handshake_read_seq = 0; | ||
659 | /* next message is server hello */ | ||
660 | s->d1->handshake_write_seq = 0; | ||
661 | s->d1->next_handshake_write_seq = 0; | ||
662 | goto end; | ||
663 | /* break; */ | ||
664 | |||
665 | default: | ||
666 | SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE); | ||
667 | ret= -1; | ||
668 | goto end; | ||
669 | /* break; */ | ||
670 | } | ||
671 | |||
672 | if (!s->s3->tmp.reuse_message && !skip) | ||
673 | { | ||
674 | if (s->debug) | ||
675 | { | ||
676 | if ((ret=BIO_flush(s->wbio)) <= 0) | ||
677 | goto end; | ||
678 | } | ||
679 | |||
680 | |||
681 | if ((cb != NULL) && (s->state != state)) | ||
682 | { | ||
683 | new_state=s->state; | ||
684 | s->state=state; | ||
685 | cb(s,SSL_CB_ACCEPT_LOOP,1); | ||
686 | s->state=new_state; | ||
687 | } | ||
688 | } | ||
689 | skip=0; | ||
690 | } | ||
691 | end: | ||
692 | /* BIO_flush(s->wbio); */ | ||
693 | |||
694 | s->in_handshake--; | ||
695 | if (cb != NULL) | ||
696 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | ||
697 | return(ret); | ||
698 | } | ||
699 | |||
700 | int dtls1_send_hello_request(SSL *s) | ||
701 | { | ||
702 | unsigned char *p; | ||
703 | |||
704 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) | ||
705 | { | ||
706 | p=(unsigned char *)s->init_buf->data; | ||
707 | p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); | ||
708 | |||
709 | s->state=SSL3_ST_SW_HELLO_REQ_B; | ||
710 | /* number of bytes to write */ | ||
711 | s->init_num=DTLS1_HM_HEADER_LENGTH; | ||
712 | s->init_off=0; | ||
713 | |||
714 | /* no need to buffer this message, since there are no retransmit | ||
715 | * requests for it */ | ||
716 | } | ||
717 | |||
718 | /* SSL3_ST_SW_HELLO_REQ_B */ | ||
719 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
720 | } | ||
721 | |||
722 | int dtls1_send_hello_verify_request(SSL *s) | ||
723 | { | ||
724 | unsigned int msg_len; | ||
725 | unsigned char *msg, *buf, *p; | ||
726 | |||
727 | if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) | ||
728 | { | ||
729 | buf = (unsigned char *)s->init_buf->data; | ||
730 | |||
731 | msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); | ||
732 | *(p++) = s->version >> 8; | ||
733 | *(p++) = s->version & 0xFF; | ||
734 | |||
735 | if (s->ctx->app_gen_cookie_cb == NULL || | ||
736 | s->ctx->app_gen_cookie_cb(s, s->d1->cookie, | ||
737 | &(s->d1->cookie_len)) == 0) | ||
738 | { | ||
739 | SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); | ||
740 | return 0; | ||
741 | } | ||
742 | |||
743 | *(p++) = (unsigned char) s->d1->cookie_len; | ||
744 | memcpy(p, s->d1->cookie, s->d1->cookie_len); | ||
745 | p += s->d1->cookie_len; | ||
746 | msg_len = p - msg; | ||
747 | |||
748 | dtls1_set_message_header(s, buf, | ||
749 | DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); | ||
750 | |||
751 | s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; | ||
752 | /* number of bytes to write */ | ||
753 | s->init_num=p-buf; | ||
754 | s->init_off=0; | ||
755 | } | ||
756 | |||
757 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ | ||
758 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
759 | } | ||
760 | |||
761 | int dtls1_send_server_hello(SSL *s) | ||
762 | { | ||
763 | unsigned char *buf; | ||
764 | unsigned char *p,*d; | ||
765 | int i; | ||
766 | unsigned int sl; | ||
767 | unsigned long l,Time; | ||
768 | |||
769 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) | ||
770 | { | ||
771 | buf=(unsigned char *)s->init_buf->data; | ||
772 | p=s->s3->server_random; | ||
773 | Time=(unsigned long)time(NULL); /* Time */ | ||
774 | l2n(Time,p); | ||
775 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); | ||
776 | /* Do the message type and length last */ | ||
777 | d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); | ||
778 | |||
779 | *(p++)=s->version>>8; | ||
780 | *(p++)=s->version&0xff; | ||
781 | |||
782 | /* Random stuff */ | ||
783 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | ||
784 | p+=SSL3_RANDOM_SIZE; | ||
785 | |||
786 | /* now in theory we have 3 options to sending back the | ||
787 | * session id. If it is a re-use, we send back the | ||
788 | * old session-id, if it is a new session, we send | ||
789 | * back the new session-id or we send back a 0 length | ||
790 | * session-id if we want it to be single use. | ||
791 | * Currently I will not implement the '0' length session-id | ||
792 | * 12-Jan-98 - I'll now support the '0' length stuff. | ||
793 | */ | ||
794 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) | ||
795 | s->session->session_id_length=0; | ||
796 | |||
797 | sl=s->session->session_id_length; | ||
798 | if (sl > sizeof s->session->session_id) | ||
799 | { | ||
800 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | ||
801 | return -1; | ||
802 | } | ||
803 | *(p++)=sl; | ||
804 | memcpy(p,s->session->session_id,sl); | ||
805 | p+=sl; | ||
806 | |||
807 | /* put the cipher */ | ||
808 | if (s->s3->tmp.new_cipher == NULL) | ||
809 | return -1; | ||
810 | i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); | ||
811 | p+=i; | ||
812 | |||
813 | /* put the compression method */ | ||
814 | #ifdef OPENSSL_NO_COMP | ||
815 | *(p++)=0; | ||
816 | #else | ||
817 | if (s->s3->tmp.new_compression == NULL) | ||
818 | *(p++)=0; | ||
819 | else | ||
820 | *(p++)=s->s3->tmp.new_compression->id; | ||
821 | #endif | ||
822 | |||
823 | #ifndef OPENSSL_NO_TLSEXT | ||
824 | if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
825 | { | ||
826 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); | ||
827 | return -1; | ||
828 | } | ||
829 | #endif | ||
830 | |||
831 | /* do the header */ | ||
832 | l=(p-d); | ||
833 | d=buf; | ||
834 | |||
835 | d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); | ||
836 | |||
837 | s->state=SSL3_ST_SW_SRVR_HELLO_B; | ||
838 | /* number of bytes to write */ | ||
839 | s->init_num=p-buf; | ||
840 | s->init_off=0; | ||
841 | |||
842 | /* buffer the message to handle re-xmits */ | ||
843 | dtls1_buffer_message(s, 0); | ||
844 | } | ||
845 | |||
846 | /* SSL3_ST_SW_SRVR_HELLO_B */ | ||
847 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
848 | } | ||
849 | |||
850 | int dtls1_send_server_done(SSL *s) | ||
851 | { | ||
852 | unsigned char *p; | ||
853 | |||
854 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) | ||
855 | { | ||
856 | p=(unsigned char *)s->init_buf->data; | ||
857 | |||
858 | /* do the header */ | ||
859 | p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); | ||
860 | |||
861 | s->state=SSL3_ST_SW_SRVR_DONE_B; | ||
862 | /* number of bytes to write */ | ||
863 | s->init_num=DTLS1_HM_HEADER_LENGTH; | ||
864 | s->init_off=0; | ||
865 | |||
866 | /* buffer the message to handle re-xmits */ | ||
867 | dtls1_buffer_message(s, 0); | ||
868 | } | ||
869 | |||
870 | /* SSL3_ST_SW_SRVR_DONE_B */ | ||
871 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
872 | } | ||
873 | |||
874 | int dtls1_send_server_key_exchange(SSL *s) | ||
875 | { | ||
876 | #ifndef OPENSSL_NO_RSA | ||
877 | unsigned char *q; | ||
878 | int j,num; | ||
879 | RSA *rsa; | ||
880 | unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | ||
881 | unsigned int u; | ||
882 | #endif | ||
883 | #ifndef OPENSSL_NO_DH | ||
884 | DH *dh=NULL,*dhp; | ||
885 | #endif | ||
886 | #ifndef OPENSSL_NO_ECDH | ||
887 | EC_KEY *ecdh=NULL, *ecdhp; | ||
888 | unsigned char *encodedPoint = NULL; | ||
889 | int encodedlen = 0; | ||
890 | int curve_id = 0; | ||
891 | BN_CTX *bn_ctx = NULL; | ||
892 | #endif | ||
893 | EVP_PKEY *pkey; | ||
894 | unsigned char *p,*d; | ||
895 | int al,i; | ||
896 | unsigned long type; | ||
897 | int n; | ||
898 | CERT *cert; | ||
899 | BIGNUM *r[4]; | ||
900 | int nr[4],kn; | ||
901 | BUF_MEM *buf; | ||
902 | EVP_MD_CTX md_ctx; | ||
903 | |||
904 | EVP_MD_CTX_init(&md_ctx); | ||
905 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) | ||
906 | { | ||
907 | type=s->s3->tmp.new_cipher->algorithm_mkey; | ||
908 | cert=s->cert; | ||
909 | |||
910 | buf=s->init_buf; | ||
911 | |||
912 | r[0]=r[1]=r[2]=r[3]=NULL; | ||
913 | n=0; | ||
914 | #ifndef OPENSSL_NO_RSA | ||
915 | if (type & SSL_kRSA) | ||
916 | { | ||
917 | rsa=cert->rsa_tmp; | ||
918 | if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) | ||
919 | { | ||
920 | rsa=s->cert->rsa_tmp_cb(s, | ||
921 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
922 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
923 | if(rsa == NULL) | ||
924 | { | ||
925 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
926 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); | ||
927 | goto f_err; | ||
928 | } | ||
929 | RSA_up_ref(rsa); | ||
930 | cert->rsa_tmp=rsa; | ||
931 | } | ||
932 | if (rsa == NULL) | ||
933 | { | ||
934 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
935 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY); | ||
936 | goto f_err; | ||
937 | } | ||
938 | r[0]=rsa->n; | ||
939 | r[1]=rsa->e; | ||
940 | s->s3->tmp.use_rsa_tmp=1; | ||
941 | } | ||
942 | else | ||
943 | #endif | ||
944 | #ifndef OPENSSL_NO_DH | ||
945 | if (type & SSL_kEDH) | ||
946 | { | ||
947 | dhp=cert->dh_tmp; | ||
948 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | ||
949 | dhp=s->cert->dh_tmp_cb(s, | ||
950 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
951 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
952 | if (dhp == NULL) | ||
953 | { | ||
954 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
955 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); | ||
956 | goto f_err; | ||
957 | } | ||
958 | |||
959 | if (s->s3->tmp.dh != NULL) | ||
960 | { | ||
961 | DH_free(dh); | ||
962 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
963 | goto err; | ||
964 | } | ||
965 | |||
966 | if ((dh=DHparams_dup(dhp)) == NULL) | ||
967 | { | ||
968 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
969 | goto err; | ||
970 | } | ||
971 | |||
972 | s->s3->tmp.dh=dh; | ||
973 | if ((dhp->pub_key == NULL || | ||
974 | dhp->priv_key == NULL || | ||
975 | (s->options & SSL_OP_SINGLE_DH_USE))) | ||
976 | { | ||
977 | if(!DH_generate_key(dh)) | ||
978 | { | ||
979 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, | ||
980 | ERR_R_DH_LIB); | ||
981 | goto err; | ||
982 | } | ||
983 | } | ||
984 | else | ||
985 | { | ||
986 | dh->pub_key=BN_dup(dhp->pub_key); | ||
987 | dh->priv_key=BN_dup(dhp->priv_key); | ||
988 | if ((dh->pub_key == NULL) || | ||
989 | (dh->priv_key == NULL)) | ||
990 | { | ||
991 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
992 | goto err; | ||
993 | } | ||
994 | } | ||
995 | r[0]=dh->p; | ||
996 | r[1]=dh->g; | ||
997 | r[2]=dh->pub_key; | ||
998 | } | ||
999 | else | ||
1000 | #endif | ||
1001 | #ifndef OPENSSL_NO_ECDH | ||
1002 | if (type & SSL_kEECDH) | ||
1003 | { | ||
1004 | const EC_GROUP *group; | ||
1005 | |||
1006 | ecdhp=cert->ecdh_tmp; | ||
1007 | if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) | ||
1008 | { | ||
1009 | ecdhp=s->cert->ecdh_tmp_cb(s, | ||
1010 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
1011 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
1012 | } | ||
1013 | if (ecdhp == NULL) | ||
1014 | { | ||
1015 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1016 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); | ||
1017 | goto f_err; | ||
1018 | } | ||
1019 | |||
1020 | if (s->s3->tmp.ecdh != NULL) | ||
1021 | { | ||
1022 | EC_KEY_free(s->s3->tmp.ecdh); | ||
1023 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
1024 | goto err; | ||
1025 | } | ||
1026 | |||
1027 | /* Duplicate the ECDH structure. */ | ||
1028 | if (ecdhp == NULL) | ||
1029 | { | ||
1030 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1031 | goto err; | ||
1032 | } | ||
1033 | if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) | ||
1034 | { | ||
1035 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1036 | goto err; | ||
1037 | } | ||
1038 | |||
1039 | s->s3->tmp.ecdh=ecdh; | ||
1040 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | ||
1041 | (EC_KEY_get0_private_key(ecdh) == NULL) || | ||
1042 | (s->options & SSL_OP_SINGLE_ECDH_USE)) | ||
1043 | { | ||
1044 | if(!EC_KEY_generate_key(ecdh)) | ||
1045 | { | ||
1046 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1047 | goto err; | ||
1048 | } | ||
1049 | } | ||
1050 | |||
1051 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || | ||
1052 | (EC_KEY_get0_public_key(ecdh) == NULL) || | ||
1053 | (EC_KEY_get0_private_key(ecdh) == NULL)) | ||
1054 | { | ||
1055 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1056 | goto err; | ||
1057 | } | ||
1058 | |||
1059 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && | ||
1060 | (EC_GROUP_get_degree(group) > 163)) | ||
1061 | { | ||
1062 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); | ||
1063 | goto err; | ||
1064 | } | ||
1065 | |||
1066 | /* XXX: For now, we only support ephemeral ECDH | ||
1067 | * keys over named (not generic) curves. For | ||
1068 | * supported named curves, curve_id is non-zero. | ||
1069 | */ | ||
1070 | if ((curve_id = | ||
1071 | tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))) | ||
1072 | == 0) | ||
1073 | { | ||
1074 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
1075 | goto err; | ||
1076 | } | ||
1077 | |||
1078 | /* Encode the public key. | ||
1079 | * First check the size of encoding and | ||
1080 | * allocate memory accordingly. | ||
1081 | */ | ||
1082 | encodedlen = EC_POINT_point2oct(group, | ||
1083 | EC_KEY_get0_public_key(ecdh), | ||
1084 | POINT_CONVERSION_UNCOMPRESSED, | ||
1085 | NULL, 0, NULL); | ||
1086 | |||
1087 | encodedPoint = (unsigned char *) | ||
1088 | OPENSSL_malloc(encodedlen*sizeof(unsigned char)); | ||
1089 | bn_ctx = BN_CTX_new(); | ||
1090 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) | ||
1091 | { | ||
1092 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1093 | goto err; | ||
1094 | } | ||
1095 | |||
1096 | |||
1097 | encodedlen = EC_POINT_point2oct(group, | ||
1098 | EC_KEY_get0_public_key(ecdh), | ||
1099 | POINT_CONVERSION_UNCOMPRESSED, | ||
1100 | encodedPoint, encodedlen, bn_ctx); | ||
1101 | |||
1102 | if (encodedlen == 0) | ||
1103 | { | ||
1104 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1105 | goto err; | ||
1106 | } | ||
1107 | |||
1108 | BN_CTX_free(bn_ctx); bn_ctx=NULL; | ||
1109 | |||
1110 | /* XXX: For now, we only support named (not | ||
1111 | * generic) curves in ECDH ephemeral key exchanges. | ||
1112 | * In this situation, we need four additional bytes | ||
1113 | * to encode the entire ServerECDHParams | ||
1114 | * structure. | ||
1115 | */ | ||
1116 | n = 4 + encodedlen; | ||
1117 | |||
1118 | /* We'll generate the serverKeyExchange message | ||
1119 | * explicitly so we can set these to NULLs | ||
1120 | */ | ||
1121 | r[0]=NULL; | ||
1122 | r[1]=NULL; | ||
1123 | r[2]=NULL; | ||
1124 | r[3]=NULL; | ||
1125 | } | ||
1126 | else | ||
1127 | #endif /* !OPENSSL_NO_ECDH */ | ||
1128 | #ifndef OPENSSL_NO_PSK | ||
1129 | if (type & SSL_kPSK) | ||
1130 | { | ||
1131 | /* reserve size for record length and PSK identity hint*/ | ||
1132 | n+=2+strlen(s->ctx->psk_identity_hint); | ||
1133 | } | ||
1134 | else | ||
1135 | #endif /* !OPENSSL_NO_PSK */ | ||
1136 | { | ||
1137 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1138 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | ||
1139 | goto f_err; | ||
1140 | } | ||
1141 | for (i=0; r[i] != NULL; i++) | ||
1142 | { | ||
1143 | nr[i]=BN_num_bytes(r[i]); | ||
1144 | n+=2+nr[i]; | ||
1145 | } | ||
1146 | |||
1147 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) | ||
1148 | && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | ||
1149 | { | ||
1150 | if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) | ||
1151 | == NULL) | ||
1152 | { | ||
1153 | al=SSL_AD_DECODE_ERROR; | ||
1154 | goto f_err; | ||
1155 | } | ||
1156 | kn=EVP_PKEY_size(pkey); | ||
1157 | } | ||
1158 | else | ||
1159 | { | ||
1160 | pkey=NULL; | ||
1161 | kn=0; | ||
1162 | } | ||
1163 | |||
1164 | if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn)) | ||
1165 | { | ||
1166 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); | ||
1167 | goto err; | ||
1168 | } | ||
1169 | d=(unsigned char *)s->init_buf->data; | ||
1170 | p= &(d[DTLS1_HM_HEADER_LENGTH]); | ||
1171 | |||
1172 | for (i=0; r[i] != NULL; i++) | ||
1173 | { | ||
1174 | s2n(nr[i],p); | ||
1175 | BN_bn2bin(r[i],p); | ||
1176 | p+=nr[i]; | ||
1177 | } | ||
1178 | |||
1179 | #ifndef OPENSSL_NO_ECDH | ||
1180 | if (type & SSL_kEECDH) | ||
1181 | { | ||
1182 | /* XXX: For now, we only support named (not generic) curves. | ||
1183 | * In this situation, the serverKeyExchange message has: | ||
1184 | * [1 byte CurveType], [2 byte CurveName] | ||
1185 | * [1 byte length of encoded point], followed by | ||
1186 | * the actual encoded point itself | ||
1187 | */ | ||
1188 | *p = NAMED_CURVE_TYPE; | ||
1189 | p += 1; | ||
1190 | *p = 0; | ||
1191 | p += 1; | ||
1192 | *p = curve_id; | ||
1193 | p += 1; | ||
1194 | *p = encodedlen; | ||
1195 | p += 1; | ||
1196 | memcpy((unsigned char*)p, | ||
1197 | (unsigned char *)encodedPoint, | ||
1198 | encodedlen); | ||
1199 | OPENSSL_free(encodedPoint); | ||
1200 | p += encodedlen; | ||
1201 | } | ||
1202 | #endif | ||
1203 | |||
1204 | #ifndef OPENSSL_NO_PSK | ||
1205 | if (type & SSL_kPSK) | ||
1206 | { | ||
1207 | /* copy PSK identity hint */ | ||
1208 | s2n(strlen(s->ctx->psk_identity_hint), p); | ||
1209 | strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); | ||
1210 | p+=strlen(s->ctx->psk_identity_hint); | ||
1211 | } | ||
1212 | #endif | ||
1213 | |||
1214 | /* not anonymous */ | ||
1215 | if (pkey != NULL) | ||
1216 | { | ||
1217 | /* n is the length of the params, they start at | ||
1218 | * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space | ||
1219 | * at the end. */ | ||
1220 | #ifndef OPENSSL_NO_RSA | ||
1221 | if (pkey->type == EVP_PKEY_RSA) | ||
1222 | { | ||
1223 | q=md_buf; | ||
1224 | j=0; | ||
1225 | for (num=2; num > 0; num--) | ||
1226 | { | ||
1227 | EVP_DigestInit_ex(&md_ctx,(num == 2) | ||
1228 | ?s->ctx->md5:s->ctx->sha1, NULL); | ||
1229 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1230 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1231 | EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); | ||
1232 | EVP_DigestFinal_ex(&md_ctx,q, | ||
1233 | (unsigned int *)&i); | ||
1234 | q+=i; | ||
1235 | j+=i; | ||
1236 | } | ||
1237 | if (RSA_sign(NID_md5_sha1, md_buf, j, | ||
1238 | &(p[2]), &u, pkey->pkey.rsa) <= 0) | ||
1239 | { | ||
1240 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); | ||
1241 | goto err; | ||
1242 | } | ||
1243 | s2n(u,p); | ||
1244 | n+=u+2; | ||
1245 | } | ||
1246 | else | ||
1247 | #endif | ||
1248 | #if !defined(OPENSSL_NO_DSA) | ||
1249 | if (pkey->type == EVP_PKEY_DSA) | ||
1250 | { | ||
1251 | /* lets do DSS */ | ||
1252 | EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); | ||
1253 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1254 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1255 | EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); | ||
1256 | if (!EVP_SignFinal(&md_ctx,&(p[2]), | ||
1257 | (unsigned int *)&i,pkey)) | ||
1258 | { | ||
1259 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA); | ||
1260 | goto err; | ||
1261 | } | ||
1262 | s2n(i,p); | ||
1263 | n+=i+2; | ||
1264 | } | ||
1265 | else | ||
1266 | #endif | ||
1267 | #if !defined(OPENSSL_NO_ECDSA) | ||
1268 | if (pkey->type == EVP_PKEY_EC) | ||
1269 | { | ||
1270 | /* let's do ECDSA */ | ||
1271 | EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); | ||
1272 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1273 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1274 | EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); | ||
1275 | if (!EVP_SignFinal(&md_ctx,&(p[2]), | ||
1276 | (unsigned int *)&i,pkey)) | ||
1277 | { | ||
1278 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA); | ||
1279 | goto err; | ||
1280 | } | ||
1281 | s2n(i,p); | ||
1282 | n+=i+2; | ||
1283 | } | ||
1284 | else | ||
1285 | #endif | ||
1286 | { | ||
1287 | /* Is this error check actually needed? */ | ||
1288 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1289 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); | ||
1290 | goto f_err; | ||
1291 | } | ||
1292 | } | ||
1293 | |||
1294 | d = dtls1_set_message_header(s, d, | ||
1295 | SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); | ||
1296 | |||
1297 | /* we should now have things packed up, so lets send | ||
1298 | * it off */ | ||
1299 | s->init_num=n+DTLS1_HM_HEADER_LENGTH; | ||
1300 | s->init_off=0; | ||
1301 | |||
1302 | /* buffer the message to handle re-xmits */ | ||
1303 | dtls1_buffer_message(s, 0); | ||
1304 | } | ||
1305 | |||
1306 | s->state = SSL3_ST_SW_KEY_EXCH_B; | ||
1307 | EVP_MD_CTX_cleanup(&md_ctx); | ||
1308 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1309 | f_err: | ||
1310 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1311 | err: | ||
1312 | #ifndef OPENSSL_NO_ECDH | ||
1313 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
1314 | BN_CTX_free(bn_ctx); | ||
1315 | #endif | ||
1316 | EVP_MD_CTX_cleanup(&md_ctx); | ||
1317 | return(-1); | ||
1318 | } | ||
1319 | |||
1320 | int dtls1_send_certificate_request(SSL *s) | ||
1321 | { | ||
1322 | unsigned char *p,*d; | ||
1323 | int i,j,nl,off,n; | ||
1324 | STACK_OF(X509_NAME) *sk=NULL; | ||
1325 | X509_NAME *name; | ||
1326 | BUF_MEM *buf; | ||
1327 | unsigned int msg_len; | ||
1328 | |||
1329 | if (s->state == SSL3_ST_SW_CERT_REQ_A) | ||
1330 | { | ||
1331 | buf=s->init_buf; | ||
1332 | |||
1333 | d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); | ||
1334 | |||
1335 | /* get the list of acceptable cert types */ | ||
1336 | p++; | ||
1337 | n=ssl3_get_req_cert_type(s,p); | ||
1338 | d[0]=n; | ||
1339 | p+=n; | ||
1340 | n++; | ||
1341 | |||
1342 | off=n; | ||
1343 | p+=2; | ||
1344 | n+=2; | ||
1345 | |||
1346 | sk=SSL_get_client_CA_list(s); | ||
1347 | nl=0; | ||
1348 | if (sk != NULL) | ||
1349 | { | ||
1350 | for (i=0; i<sk_X509_NAME_num(sk); i++) | ||
1351 | { | ||
1352 | name=sk_X509_NAME_value(sk,i); | ||
1353 | j=i2d_X509_NAME(name,NULL); | ||
1354 | if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2)) | ||
1355 | { | ||
1356 | SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); | ||
1357 | goto err; | ||
1358 | } | ||
1359 | p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]); | ||
1360 | if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) | ||
1361 | { | ||
1362 | s2n(j,p); | ||
1363 | i2d_X509_NAME(name,&p); | ||
1364 | n+=2+j; | ||
1365 | nl+=2+j; | ||
1366 | } | ||
1367 | else | ||
1368 | { | ||
1369 | d=p; | ||
1370 | i2d_X509_NAME(name,&p); | ||
1371 | j-=2; s2n(j,d); j+=2; | ||
1372 | n+=j; | ||
1373 | nl+=j; | ||
1374 | } | ||
1375 | } | ||
1376 | } | ||
1377 | /* else no CA names */ | ||
1378 | p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]); | ||
1379 | s2n(nl,p); | ||
1380 | |||
1381 | d=(unsigned char *)buf->data; | ||
1382 | *(d++)=SSL3_MT_CERTIFICATE_REQUEST; | ||
1383 | l2n3(n,d); | ||
1384 | s2n(s->d1->handshake_write_seq,d); | ||
1385 | s->d1->handshake_write_seq++; | ||
1386 | |||
1387 | /* we should now have things packed up, so lets send | ||
1388 | * it off */ | ||
1389 | |||
1390 | s->init_num=n+DTLS1_HM_HEADER_LENGTH; | ||
1391 | s->init_off=0; | ||
1392 | #ifdef NETSCAPE_HANG_BUG | ||
1393 | /* XXX: what to do about this? */ | ||
1394 | p=(unsigned char *)s->init_buf->data + s->init_num; | ||
1395 | |||
1396 | /* do the header */ | ||
1397 | *(p++)=SSL3_MT_SERVER_DONE; | ||
1398 | *(p++)=0; | ||
1399 | *(p++)=0; | ||
1400 | *(p++)=0; | ||
1401 | s->init_num += 4; | ||
1402 | #endif | ||
1403 | |||
1404 | /* XDTLS: set message header ? */ | ||
1405 | msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; | ||
1406 | dtls1_set_message_header(s, (void *)s->init_buf->data, | ||
1407 | SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); | ||
1408 | |||
1409 | /* buffer the message to handle re-xmits */ | ||
1410 | dtls1_buffer_message(s, 0); | ||
1411 | |||
1412 | s->state = SSL3_ST_SW_CERT_REQ_B; | ||
1413 | } | ||
1414 | |||
1415 | /* SSL3_ST_SW_CERT_REQ_B */ | ||
1416 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1417 | err: | ||
1418 | return(-1); | ||
1419 | } | ||
1420 | |||
1421 | int dtls1_send_server_certificate(SSL *s) | ||
1422 | { | ||
1423 | unsigned long l; | ||
1424 | X509 *x; | ||
1425 | |||
1426 | if (s->state == SSL3_ST_SW_CERT_A) | ||
1427 | { | ||
1428 | x=ssl_get_server_send_cert(s); | ||
1429 | if (x == NULL) | ||
1430 | { | ||
1431 | /* VRS: allow null cert if auth == KRB5 */ | ||
1432 | if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) || | ||
1433 | (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) | ||
1434 | { | ||
1435 | SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); | ||
1436 | return(0); | ||
1437 | } | ||
1438 | } | ||
1439 | |||
1440 | l=dtls1_output_cert_chain(s,x); | ||
1441 | s->state=SSL3_ST_SW_CERT_B; | ||
1442 | s->init_num=(int)l; | ||
1443 | s->init_off=0; | ||
1444 | |||
1445 | /* buffer the message to handle re-xmits */ | ||
1446 | dtls1_buffer_message(s, 0); | ||
1447 | } | ||
1448 | |||
1449 | /* SSL3_ST_SW_CERT_B */ | ||
1450 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1451 | } | ||
1452 | |||
1453 | #ifndef OPENSSL_NO_TLSEXT | ||
1454 | int dtls1_send_newsession_ticket(SSL *s) | ||
1455 | { | ||
1456 | if (s->state == SSL3_ST_SW_SESSION_TICKET_A) | ||
1457 | { | ||
1458 | unsigned char *p, *senc, *macstart; | ||
1459 | int len, slen; | ||
1460 | unsigned int hlen, msg_len; | ||
1461 | EVP_CIPHER_CTX ctx; | ||
1462 | HMAC_CTX hctx; | ||
1463 | SSL_CTX *tctx = s->initial_ctx; | ||
1464 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
1465 | unsigned char key_name[16]; | ||
1466 | |||
1467 | /* get session encoding length */ | ||
1468 | slen = i2d_SSL_SESSION(s->session, NULL); | ||
1469 | /* Some length values are 16 bits, so forget it if session is | ||
1470 | * too long | ||
1471 | */ | ||
1472 | if (slen > 0xFF00) | ||
1473 | return -1; | ||
1474 | /* Grow buffer if need be: the length calculation is as | ||
1475 | * follows 12 (DTLS handshake message header) + | ||
1476 | * 4 (ticket lifetime hint) + 2 (ticket length) + | ||
1477 | * 16 (key name) + max_iv_len (iv length) + | ||
1478 | * session_length + max_enc_block_size (max encrypted session | ||
1479 | * length) + max_md_size (HMAC). | ||
1480 | */ | ||
1481 | if (!BUF_MEM_grow(s->init_buf, | ||
1482 | DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + | ||
1483 | EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) | ||
1484 | return -1; | ||
1485 | senc = OPENSSL_malloc(slen); | ||
1486 | if (!senc) | ||
1487 | return -1; | ||
1488 | p = senc; | ||
1489 | i2d_SSL_SESSION(s->session, &p); | ||
1490 | |||
1491 | p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); | ||
1492 | EVP_CIPHER_CTX_init(&ctx); | ||
1493 | HMAC_CTX_init(&hctx); | ||
1494 | /* Initialize HMAC and cipher contexts. If callback present | ||
1495 | * it does all the work otherwise use generated values | ||
1496 | * from parent ctx. | ||
1497 | */ | ||
1498 | if (tctx->tlsext_ticket_key_cb) | ||
1499 | { | ||
1500 | if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, | ||
1501 | &hctx, 1) < 0) | ||
1502 | { | ||
1503 | OPENSSL_free(senc); | ||
1504 | return -1; | ||
1505 | } | ||
1506 | } | ||
1507 | else | ||
1508 | { | ||
1509 | RAND_pseudo_bytes(iv, 16); | ||
1510 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
1511 | tctx->tlsext_tick_aes_key, iv); | ||
1512 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | ||
1513 | tlsext_tick_md(), NULL); | ||
1514 | memcpy(key_name, tctx->tlsext_tick_key_name, 16); | ||
1515 | } | ||
1516 | l2n(s->session->tlsext_tick_lifetime_hint, p); | ||
1517 | /* Skip ticket length for now */ | ||
1518 | p += 2; | ||
1519 | /* Output key name */ | ||
1520 | macstart = p; | ||
1521 | memcpy(p, key_name, 16); | ||
1522 | p += 16; | ||
1523 | /* output IV */ | ||
1524 | memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); | ||
1525 | p += EVP_CIPHER_CTX_iv_length(&ctx); | ||
1526 | /* Encrypt session data */ | ||
1527 | EVP_EncryptUpdate(&ctx, p, &len, senc, slen); | ||
1528 | p += len; | ||
1529 | EVP_EncryptFinal(&ctx, p, &len); | ||
1530 | p += len; | ||
1531 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
1532 | |||
1533 | HMAC_Update(&hctx, macstart, p - macstart); | ||
1534 | HMAC_Final(&hctx, p, &hlen); | ||
1535 | HMAC_CTX_cleanup(&hctx); | ||
1536 | |||
1537 | p += hlen; | ||
1538 | /* Now write out lengths: p points to end of data written */ | ||
1539 | /* Total length */ | ||
1540 | len = p - (unsigned char *)(s->init_buf->data); | ||
1541 | /* Ticket length */ | ||
1542 | p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; | ||
1543 | s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p); | ||
1544 | |||
1545 | /* number of bytes to write */ | ||
1546 | s->init_num= len; | ||
1547 | s->state=SSL3_ST_SW_SESSION_TICKET_B; | ||
1548 | s->init_off=0; | ||
1549 | OPENSSL_free(senc); | ||
1550 | |||
1551 | /* XDTLS: set message header ? */ | ||
1552 | msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; | ||
1553 | dtls1_set_message_header(s, (void *)s->init_buf->data, | ||
1554 | SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); | ||
1555 | |||
1556 | /* buffer the message to handle re-xmits */ | ||
1557 | dtls1_buffer_message(s, 0); | ||
1558 | } | ||
1559 | |||
1560 | /* SSL3_ST_SW_SESSION_TICKET_B */ | ||
1561 | return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1562 | } | ||
1563 | #endif | ||
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf deleted file mode 100644 index 18760c6e67..0000000000 --- a/src/lib/libssl/doc/openssl.cnf +++ /dev/null | |||
@@ -1,350 +0,0 @@ | |||
1 | # | ||
2 | # OpenSSL example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | |||
6 | # This definition stops the following lines choking if HOME isn't | ||
7 | # defined. | ||
8 | HOME = . | ||
9 | RANDFILE = $ENV::HOME/.rnd | ||
10 | |||
11 | # Extra OBJECT IDENTIFIER info: | ||
12 | #oid_file = $ENV::HOME/.oid | ||
13 | oid_section = new_oids | ||
14 | |||
15 | # To use this configuration file with the "-extfile" option of the | ||
16 | # "openssl x509" utility, name here the section containing the | ||
17 | # X.509v3 extensions to use: | ||
18 | # extensions = | ||
19 | # (Alternatively, use a configuration file that has only | ||
20 | # X.509v3 extensions in its main [= default] section.) | ||
21 | |||
22 | [ new_oids ] | ||
23 | |||
24 | # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. | ||
25 | # Add a simple OID like this: | ||
26 | # testoid1=1.2.3.4 | ||
27 | # Or use config file substitution like this: | ||
28 | # testoid2=${testoid1}.5.6 | ||
29 | |||
30 | # Policies used by the TSA examples. | ||
31 | tsa_policy1 = 1.2.3.4.1 | ||
32 | tsa_policy2 = 1.2.3.4.5.6 | ||
33 | tsa_policy3 = 1.2.3.4.5.7 | ||
34 | |||
35 | #################################################################### | ||
36 | [ ca ] | ||
37 | default_ca = CA_default # The default ca section | ||
38 | |||
39 | #################################################################### | ||
40 | [ CA_default ] | ||
41 | |||
42 | dir = ./demoCA # Where everything is kept | ||
43 | certs = $dir/certs # Where the issued certs are kept | ||
44 | crl_dir = $dir/crl # Where the issued crl are kept | ||
45 | database = $dir/index.txt # database index file. | ||
46 | #unique_subject = no # Set to 'no' to allow creation of | ||
47 | # several ctificates with same subject. | ||
48 | new_certs_dir = $dir/newcerts # default place for new certs. | ||
49 | |||
50 | certificate = $dir/cacert.pem # The CA certificate | ||
51 | serial = $dir/serial # The current serial number | ||
52 | crlnumber = $dir/crlnumber # the current crl number | ||
53 | # must be commented out to leave a V1 CRL | ||
54 | crl = $dir/crl.pem # The current CRL | ||
55 | private_key = $dir/private/cakey.pem# The private key | ||
56 | RANDFILE = $dir/private/.rand # private random number file | ||
57 | |||
58 | x509_extensions = usr_cert # The extentions to add to the cert | ||
59 | |||
60 | # Comment out the following two lines for the "traditional" | ||
61 | # (and highly broken) format. | ||
62 | name_opt = ca_default # Subject Name options | ||
63 | cert_opt = ca_default # Certificate field options | ||
64 | |||
65 | # Extension copying option: use with caution. | ||
66 | # copy_extensions = copy | ||
67 | |||
68 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs | ||
69 | # so this is commented out by default to leave a V1 CRL. | ||
70 | # crlnumber must also be commented out to leave a V1 CRL. | ||
71 | # crl_extensions = crl_ext | ||
72 | |||
73 | default_days = 365 # how long to certify for | ||
74 | default_crl_days= 30 # how long before next CRL | ||
75 | default_md = default # use public key default MD | ||
76 | preserve = no # keep passed DN ordering | ||
77 | |||
78 | # A few difference way of specifying how similar the request should look | ||
79 | # For type CA, the listed attributes must be the same, and the optional | ||
80 | # and supplied fields are just that :-) | ||
81 | policy = policy_match | ||
82 | |||
83 | # For the CA policy | ||
84 | [ policy_match ] | ||
85 | countryName = match | ||
86 | stateOrProvinceName = match | ||
87 | organizationName = match | ||
88 | organizationalUnitName = optional | ||
89 | commonName = supplied | ||
90 | emailAddress = optional | ||
91 | |||
92 | # For the 'anything' policy | ||
93 | # At this point in time, you must list all acceptable 'object' | ||
94 | # types. | ||
95 | [ policy_anything ] | ||
96 | countryName = optional | ||
97 | stateOrProvinceName = optional | ||
98 | localityName = optional | ||
99 | organizationName = optional | ||
100 | organizationalUnitName = optional | ||
101 | commonName = supplied | ||
102 | emailAddress = optional | ||
103 | |||
104 | #################################################################### | ||
105 | [ req ] | ||
106 | default_bits = 1024 | ||
107 | default_keyfile = privkey.pem | ||
108 | distinguished_name = req_distinguished_name | ||
109 | attributes = req_attributes | ||
110 | x509_extensions = v3_ca # The extentions to add to the self signed cert | ||
111 | |||
112 | # Passwords for private keys if not present they will be prompted for | ||
113 | # input_password = secret | ||
114 | # output_password = secret | ||
115 | |||
116 | # This sets a mask for permitted string types. There are several options. | ||
117 | # default: PrintableString, T61String, BMPString. | ||
118 | # pkix : PrintableString, BMPString (PKIX recommendation before 2004) | ||
119 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). | ||
120 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). | ||
121 | # MASK:XXXX a literal mask value. | ||
122 | # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. | ||
123 | string_mask = utf8only | ||
124 | |||
125 | # req_extensions = v3_req # The extensions to add to a certificate request | ||
126 | |||
127 | [ req_distinguished_name ] | ||
128 | countryName = Country Name (2 letter code) | ||
129 | countryName_default = AU | ||
130 | countryName_min = 2 | ||
131 | countryName_max = 2 | ||
132 | |||
133 | stateOrProvinceName = State or Province Name (full name) | ||
134 | stateOrProvinceName_default = Some-State | ||
135 | |||
136 | localityName = Locality Name (eg, city) | ||
137 | |||
138 | 0.organizationName = Organization Name (eg, company) | ||
139 | 0.organizationName_default = Internet Widgits Pty Ltd | ||
140 | |||
141 | # we can do this but it is not needed normally :-) | ||
142 | #1.organizationName = Second Organization Name (eg, company) | ||
143 | #1.organizationName_default = World Wide Web Pty Ltd | ||
144 | |||
145 | organizationalUnitName = Organizational Unit Name (eg, section) | ||
146 | #organizationalUnitName_default = | ||
147 | |||
148 | commonName = Common Name (e.g. server FQDN or YOUR name) | ||
149 | commonName_max = 64 | ||
150 | |||
151 | emailAddress = Email Address | ||
152 | emailAddress_max = 64 | ||
153 | |||
154 | # SET-ex3 = SET extension number 3 | ||
155 | |||
156 | [ req_attributes ] | ||
157 | challengePassword = A challenge password | ||
158 | challengePassword_min = 4 | ||
159 | challengePassword_max = 20 | ||
160 | |||
161 | unstructuredName = An optional company name | ||
162 | |||
163 | [ usr_cert ] | ||
164 | |||
165 | # These extensions are added when 'ca' signs a request. | ||
166 | |||
167 | # This goes against PKIX guidelines but some CAs do it and some software | ||
168 | # requires this to avoid interpreting an end user certificate as a CA. | ||
169 | |||
170 | basicConstraints=CA:FALSE | ||
171 | |||
172 | # Here are some examples of the usage of nsCertType. If it is omitted | ||
173 | # the certificate can be used for anything *except* object signing. | ||
174 | |||
175 | # This is OK for an SSL server. | ||
176 | # nsCertType = server | ||
177 | |||
178 | # For an object signing certificate this would be used. | ||
179 | # nsCertType = objsign | ||
180 | |||
181 | # For normal client use this is typical | ||
182 | # nsCertType = client, email | ||
183 | |||
184 | # and for everything including object signing: | ||
185 | # nsCertType = client, email, objsign | ||
186 | |||
187 | # This is typical in keyUsage for a client certificate. | ||
188 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
189 | |||
190 | # This will be displayed in Netscape's comment listbox. | ||
191 | nsComment = "OpenSSL Generated Certificate" | ||
192 | |||
193 | # PKIX recommendations harmless if included in all certificates. | ||
194 | subjectKeyIdentifier=hash | ||
195 | authorityKeyIdentifier=keyid,issuer | ||
196 | |||
197 | # This stuff is for subjectAltName and issuerAltname. | ||
198 | # Import the email address. | ||
199 | # subjectAltName=email:copy | ||
200 | # An alternative to produce certificates that aren't | ||
201 | # deprecated according to PKIX. | ||
202 | # subjectAltName=email:move | ||
203 | |||
204 | # Copy subject details | ||
205 | # issuerAltName=issuer:copy | ||
206 | |||
207 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem | ||
208 | #nsBaseUrl | ||
209 | #nsRevocationUrl | ||
210 | #nsRenewalUrl | ||
211 | #nsCaPolicyUrl | ||
212 | #nsSslServerName | ||
213 | |||
214 | # This is required for TSA certificates. | ||
215 | # extendedKeyUsage = critical,timeStamping | ||
216 | |||
217 | [ v3_req ] | ||
218 | |||
219 | # Extensions to add to a certificate request | ||
220 | |||
221 | basicConstraints = CA:FALSE | ||
222 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
223 | |||
224 | [ v3_ca ] | ||
225 | |||
226 | |||
227 | # Extensions for a typical CA | ||
228 | |||
229 | |||
230 | # PKIX recommendation. | ||
231 | |||
232 | subjectKeyIdentifier=hash | ||
233 | |||
234 | authorityKeyIdentifier=keyid:always,issuer | ||
235 | |||
236 | # This is what PKIX recommends but some broken software chokes on critical | ||
237 | # extensions. | ||
238 | #basicConstraints = critical,CA:true | ||
239 | # So we do this instead. | ||
240 | basicConstraints = CA:true | ||
241 | |||
242 | # Key usage: this is typical for a CA certificate. However since it will | ||
243 | # prevent it being used as an test self-signed certificate it is best | ||
244 | # left out by default. | ||
245 | # keyUsage = cRLSign, keyCertSign | ||
246 | |||
247 | # Some might want this also | ||
248 | # nsCertType = sslCA, emailCA | ||
249 | |||
250 | # Include email address in subject alt name: another PKIX recommendation | ||
251 | # subjectAltName=email:copy | ||
252 | # Copy issuer details | ||
253 | # issuerAltName=issuer:copy | ||
254 | |||
255 | # DER hex encoding of an extension: beware experts only! | ||
256 | # obj=DER:02:03 | ||
257 | # Where 'obj' is a standard or added object | ||
258 | # You can even override a supported extension: | ||
259 | # basicConstraints= critical, DER:30:03:01:01:FF | ||
260 | |||
261 | [ crl_ext ] | ||
262 | |||
263 | # CRL extensions. | ||
264 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. | ||
265 | |||
266 | # issuerAltName=issuer:copy | ||
267 | authorityKeyIdentifier=keyid:always | ||
268 | |||
269 | [ proxy_cert_ext ] | ||
270 | # These extensions should be added when creating a proxy certificate | ||
271 | |||
272 | # This goes against PKIX guidelines but some CAs do it and some software | ||
273 | # requires this to avoid interpreting an end user certificate as a CA. | ||
274 | |||
275 | basicConstraints=CA:FALSE | ||
276 | |||
277 | # Here are some examples of the usage of nsCertType. If it is omitted | ||
278 | # the certificate can be used for anything *except* object signing. | ||
279 | |||
280 | # This is OK for an SSL server. | ||
281 | # nsCertType = server | ||
282 | |||
283 | # For an object signing certificate this would be used. | ||
284 | # nsCertType = objsign | ||
285 | |||
286 | # For normal client use this is typical | ||
287 | # nsCertType = client, email | ||
288 | |||
289 | # and for everything including object signing: | ||
290 | # nsCertType = client, email, objsign | ||
291 | |||
292 | # This is typical in keyUsage for a client certificate. | ||
293 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
294 | |||
295 | # This will be displayed in Netscape's comment listbox. | ||
296 | nsComment = "OpenSSL Generated Certificate" | ||
297 | |||
298 | # PKIX recommendations harmless if included in all certificates. | ||
299 | subjectKeyIdentifier=hash | ||
300 | authorityKeyIdentifier=keyid,issuer | ||
301 | |||
302 | # This stuff is for subjectAltName and issuerAltname. | ||
303 | # Import the email address. | ||
304 | # subjectAltName=email:copy | ||
305 | # An alternative to produce certificates that aren't | ||
306 | # deprecated according to PKIX. | ||
307 | # subjectAltName=email:move | ||
308 | |||
309 | # Copy subject details | ||
310 | # issuerAltName=issuer:copy | ||
311 | |||
312 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem | ||
313 | #nsBaseUrl | ||
314 | #nsRevocationUrl | ||
315 | #nsRenewalUrl | ||
316 | #nsCaPolicyUrl | ||
317 | #nsSslServerName | ||
318 | |||
319 | # This really needs to be in place for it to be a proxy certificate. | ||
320 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo | ||
321 | |||
322 | #################################################################### | ||
323 | [ tsa ] | ||
324 | |||
325 | default_tsa = tsa_config1 # the default TSA section | ||
326 | |||
327 | [ tsa_config1 ] | ||
328 | |||
329 | # These are used by the TSA reply generation only. | ||
330 | dir = ./demoCA # TSA root directory | ||
331 | serial = $dir/tsaserial # The current serial number (mandatory) | ||
332 | crypto_device = builtin # OpenSSL engine to use for signing | ||
333 | signer_cert = $dir/tsacert.pem # The TSA signing certificate | ||
334 | # (optional) | ||
335 | certs = $dir/cacert.pem # Certificate chain to include in reply | ||
336 | # (optional) | ||
337 | signer_key = $dir/private/tsakey.pem # The TSA private key (optional) | ||
338 | |||
339 | default_policy = tsa_policy1 # Policy if request did not specify it | ||
340 | # (optional) | ||
341 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) | ||
342 | digests = md5, sha1 # Acceptable message digests (mandatory) | ||
343 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional) | ||
344 | clock_precision_digits = 0 # number of digits after dot. (optional) | ||
345 | ordering = yes # Is ordering defined for timestamps? | ||
346 | # (optional, default: no) | ||
347 | tsa_name = yes # Must the TSA name be included in the reply? | ||
348 | # (optional, default: no) | ||
349 | ess_cert_id_chain = no # Must the ESS cert id chain be included? | ||
350 | # (optional, default: no) | ||
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt deleted file mode 100644 index f8817b0a71..0000000000 --- a/src/lib/libssl/doc/openssl.txt +++ /dev/null | |||
@@ -1,1254 +0,0 @@ | |||
1 | |||
2 | This is some preliminary documentation for OpenSSL. | ||
3 | |||
4 | Contents: | ||
5 | |||
6 | OpenSSL X509V3 extension configuration | ||
7 | X509V3 Extension code: programmers guide | ||
8 | PKCS#12 Library | ||
9 | |||
10 | |||
11 | ============================================================================== | ||
12 | OpenSSL X509V3 extension configuration | ||
13 | ============================================================================== | ||
14 | |||
15 | OpenSSL X509V3 extension configuration: preliminary documentation. | ||
16 | |||
17 | INTRODUCTION. | ||
18 | |||
19 | For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now | ||
20 | possible to add and print out common X509 V3 certificate and CRL extensions. | ||
21 | |||
22 | BEGINNERS NOTE | ||
23 | |||
24 | For most simple applications you don't need to know too much about extensions: | ||
25 | the default openssl.cnf values will usually do sensible things. | ||
26 | |||
27 | If you want to know more you can initially quickly look through the sections | ||
28 | describing how the standard OpenSSL utilities display and add extensions and | ||
29 | then the list of supported extensions. | ||
30 | |||
31 | For more technical information about the meaning of extensions see: | ||
32 | |||
33 | http://www.imc.org/ietf-pkix/ | ||
34 | http://home.netscape.com/eng/security/certs.html | ||
35 | |||
36 | PRINTING EXTENSIONS. | ||
37 | |||
38 | Extension values are automatically printed out for supported extensions. | ||
39 | |||
40 | openssl x509 -in cert.pem -text | ||
41 | openssl crl -in crl.pem -text | ||
42 | |||
43 | will give information in the extension printout, for example: | ||
44 | |||
45 | X509v3 extensions: | ||
46 | X509v3 Basic Constraints: | ||
47 | CA:TRUE | ||
48 | X509v3 Subject Key Identifier: | ||
49 | 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15 | ||
50 | X509v3 Authority Key Identifier: | ||
51 | keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00 | ||
52 | X509v3 Key Usage: | ||
53 | Certificate Sign, CRL Sign | ||
54 | X509v3 Subject Alternative Name: | ||
55 | email:email@1.address, email:email@2.address | ||
56 | |||
57 | CONFIGURATION FILES. | ||
58 | |||
59 | The OpenSSL utilities 'ca' and 'req' can now have extension sections listing | ||
60 | which certificate extensions to include. In each case a line: | ||
61 | |||
62 | x509_extensions = extension_section | ||
63 | |||
64 | indicates which section contains the extensions. In the case of 'req' the | ||
65 | extension section is used when the -x509 option is present to create a | ||
66 | self signed root certificate. | ||
67 | |||
68 | The 'x509' utility also supports extensions when it signs a certificate. | ||
69 | The -extfile option is used to set the configuration file containing the | ||
70 | extensions. In this case a line with: | ||
71 | |||
72 | extensions = extension_section | ||
73 | |||
74 | in the nameless (default) section is used. If no such line is included then | ||
75 | it uses the default section. | ||
76 | |||
77 | You can also add extensions to CRLs: a line | ||
78 | |||
79 | crl_extensions = crl_extension_section | ||
80 | |||
81 | will include extensions when the -gencrl option is used with the 'ca' utility. | ||
82 | You can add any extension to a CRL but of the supported extensions only | ||
83 | issuerAltName and authorityKeyIdentifier make any real sense. Note: these are | ||
84 | CRL extensions NOT CRL *entry* extensions which cannot currently be generated. | ||
85 | CRL entry extensions can be displayed. | ||
86 | |||
87 | NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL | ||
88 | you should not include a crl_extensions line in the configuration file. | ||
89 | |||
90 | As with all configuration files you can use the inbuilt environment expansion | ||
91 | to allow the values to be passed in the environment. Therefore if you have | ||
92 | several extension sections used for different purposes you can have a line: | ||
93 | |||
94 | x509_extensions = $ENV::ENV_EXT | ||
95 | |||
96 | and set the ENV_EXT environment variable before calling the relevant utility. | ||
97 | |||
98 | EXTENSION SYNTAX. | ||
99 | |||
100 | Extensions have the basic form: | ||
101 | |||
102 | extension_name=[critical,] extension_options | ||
103 | |||
104 | the use of the critical option makes the extension critical. Extreme caution | ||
105 | should be made when using the critical flag. If an extension is marked | ||
106 | as critical then any client that does not understand the extension should | ||
107 | reject it as invalid. Some broken software will reject certificates which | ||
108 | have *any* critical extensions (these violates PKIX but we have to live | ||
109 | with it). | ||
110 | |||
111 | There are three main types of extension: string extensions, multi-valued | ||
112 | extensions, and raw extensions. | ||
113 | |||
114 | String extensions simply have a string which contains either the value itself | ||
115 | or how it is obtained. | ||
116 | |||
117 | For example: | ||
118 | |||
119 | nsComment="This is a Comment" | ||
120 | |||
121 | Multi-valued extensions have a short form and a long form. The short form | ||
122 | is a list of names and values: | ||
123 | |||
124 | basicConstraints=critical,CA:true,pathlen:1 | ||
125 | |||
126 | The long form allows the values to be placed in a separate section: | ||
127 | |||
128 | basicConstraints=critical,@bs_section | ||
129 | |||
130 | [bs_section] | ||
131 | |||
132 | CA=true | ||
133 | pathlen=1 | ||
134 | |||
135 | Both forms are equivalent. However it should be noted that in some cases the | ||
136 | same name can appear multiple times, for example, | ||
137 | |||
138 | subjectAltName=email:steve@here,email:steve@there | ||
139 | |||
140 | in this case an equivalent long form is: | ||
141 | |||
142 | subjectAltName=@alt_section | ||
143 | |||
144 | [alt_section] | ||
145 | |||
146 | email.1=steve@here | ||
147 | email.2=steve@there | ||
148 | |||
149 | This is because the configuration file code cannot handle the same name | ||
150 | occurring twice in the same section. | ||
151 | |||
152 | The syntax of raw extensions is governed by the extension code: it can | ||
153 | for example contain data in multiple sections. The correct syntax to | ||
154 | use is defined by the extension code itself: check out the certificate | ||
155 | policies extension for an example. | ||
156 | |||
157 | There are two ways to encode arbitrary extensions. | ||
158 | |||
159 | The first way is to use the word ASN1 followed by the extension content | ||
160 | using the same syntax as ASN1_generate_nconf(). For example: | ||
161 | |||
162 | 1.2.3.4=critical,ASN1:UTF8String:Some random data | ||
163 | |||
164 | 1.2.3.4=ASN1:SEQUENCE:seq_sect | ||
165 | |||
166 | [seq_sect] | ||
167 | |||
168 | field1 = UTF8:field1 | ||
169 | field2 = UTF8:field2 | ||
170 | |||
171 | It is also possible to use the word DER to include arbitrary data in any | ||
172 | extension. | ||
173 | |||
174 | 1.2.3.4=critical,DER:01:02:03:04 | ||
175 | 1.2.3.4=DER:01020304 | ||
176 | |||
177 | The value following DER is a hex dump of the DER encoding of the extension | ||
178 | Any extension can be placed in this form to override the default behaviour. | ||
179 | For example: | ||
180 | |||
181 | basicConstraints=critical,DER:00:01:02:03 | ||
182 | |||
183 | WARNING: DER should be used with caution. It is possible to create totally | ||
184 | invalid extensions unless care is taken. | ||
185 | |||
186 | CURRENTLY SUPPORTED EXTENSIONS. | ||
187 | |||
188 | If you aren't sure about extensions then they can be largely ignored: its only | ||
189 | when you want to do things like restrict certificate usage when you need to | ||
190 | worry about them. | ||
191 | |||
192 | The only extension that a beginner might want to look at is Basic Constraints. | ||
193 | If in addition you want to try Netscape object signing the you should also | ||
194 | look at Netscape Certificate Type. | ||
195 | |||
196 | Literal String extensions. | ||
197 | |||
198 | In each case the 'value' of the extension is placed directly in the | ||
199 | extension. Currently supported extensions in this category are: nsBaseUrl, | ||
200 | nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl, | ||
201 | nsSslServerName and nsComment. | ||
202 | |||
203 | For example: | ||
204 | |||
205 | nsComment="This is a test comment" | ||
206 | |||
207 | Bit Strings. | ||
208 | |||
209 | Bit string extensions just consist of a list of supported bits, currently | ||
210 | two extensions are in this category: PKIX keyUsage and the Netscape specific | ||
211 | nsCertType. | ||
212 | |||
213 | nsCertType (netscape certificate type) takes the flags: client, server, email, | ||
214 | objsign, reserved, sslCA, emailCA, objCA. | ||
215 | |||
216 | keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation, | ||
217 | keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, | ||
218 | encipherOnly, decipherOnly. | ||
219 | |||
220 | For example: | ||
221 | |||
222 | nsCertType=server | ||
223 | |||
224 | keyUsage=digitalSignature, nonRepudiation | ||
225 | |||
226 | Hints on Netscape Certificate Type. | ||
227 | |||
228 | Other than Basic Constraints this is the only extension a beginner might | ||
229 | want to use, if you want to try Netscape object signing, otherwise it can | ||
230 | be ignored. | ||
231 | |||
232 | If you want a certificate that can be used just for object signing then: | ||
233 | |||
234 | nsCertType=objsign | ||
235 | |||
236 | will do the job. If you want to use it as a normal end user and server | ||
237 | certificate as well then | ||
238 | |||
239 | nsCertType=objsign,email,server | ||
240 | |||
241 | is more appropriate. You cannot use a self signed certificate for object | ||
242 | signing (well Netscape signtool can but it cheats!) so you need to create | ||
243 | a CA certificate and sign an end user certificate with it. | ||
244 | |||
245 | Side note: If you want to conform to the Netscape specifications then you | ||
246 | should really also set: | ||
247 | |||
248 | nsCertType=objCA | ||
249 | |||
250 | in the *CA* certificate for just an object signing CA and | ||
251 | |||
252 | nsCertType=objCA,emailCA,sslCA | ||
253 | |||
254 | for everything. Current Netscape software doesn't enforce this so it can | ||
255 | be omitted. | ||
256 | |||
257 | Basic Constraints. | ||
258 | |||
259 | This is generally the only extension you need to worry about for simple | ||
260 | applications. If you want your certificate to be usable as a CA certificate | ||
261 | (in addition to an end user certificate) then you set this to: | ||
262 | |||
263 | basicConstraints=CA:TRUE | ||
264 | |||
265 | if you want to be certain the certificate cannot be used as a CA then do: | ||
266 | |||
267 | basicConstraints=CA:FALSE | ||
268 | |||
269 | The rest of this section describes more advanced usage. | ||
270 | |||
271 | Basic constraints is a multi-valued extension that supports a CA and an | ||
272 | optional pathlen option. The CA option takes the values true and false and | ||
273 | pathlen takes an integer. Note if the CA option is false the pathlen option | ||
274 | should be omitted. | ||
275 | |||
276 | The pathlen parameter indicates the maximum number of CAs that can appear | ||
277 | below this one in a chain. So if you have a CA with a pathlen of zero it can | ||
278 | only be used to sign end user certificates and not further CAs. This all | ||
279 | assumes that the software correctly interprets this extension of course. | ||
280 | |||
281 | Examples: | ||
282 | |||
283 | basicConstraints=CA:TRUE | ||
284 | basicConstraints=critical,CA:TRUE, pathlen:0 | ||
285 | |||
286 | NOTE: for a CA to be considered valid it must have the CA option set to | ||
287 | TRUE. An end user certificate MUST NOT have the CA value set to true. | ||
288 | According to PKIX recommendations it should exclude the extension entirely, | ||
289 | however some software may require CA set to FALSE for end entity certificates. | ||
290 | |||
291 | Extended Key Usage. | ||
292 | |||
293 | This extensions consists of a list of usages. | ||
294 | |||
295 | These can either be object short names of the dotted numerical form of OIDs. | ||
296 | While any OID can be used only certain values make sense. In particular the | ||
297 | following PKIX, NS and MS values are meaningful: | ||
298 | |||
299 | Value Meaning | ||
300 | ----- ------- | ||
301 | serverAuth SSL/TLS Web Server Authentication. | ||
302 | clientAuth SSL/TLS Web Client Authentication. | ||
303 | codeSigning Code signing. | ||
304 | emailProtection E-mail Protection (S/MIME). | ||
305 | timeStamping Trusted Timestamping | ||
306 | msCodeInd Microsoft Individual Code Signing (authenticode) | ||
307 | msCodeCom Microsoft Commercial Code Signing (authenticode) | ||
308 | msCTLSign Microsoft Trust List Signing | ||
309 | msSGC Microsoft Server Gated Crypto | ||
310 | msEFS Microsoft Encrypted File System | ||
311 | nsSGC Netscape Server Gated Crypto | ||
312 | |||
313 | For example, under IE5 a CA can be used for any purpose: by including a list | ||
314 | of the above usages the CA can be restricted to only authorised uses. | ||
315 | |||
316 | Note: software packages may place additional interpretations on certificate | ||
317 | use, in particular some usages may only work for selected CAs. Don't for example | ||
318 | expect just including msSGC or nsSGC will automatically mean that a certificate | ||
319 | can be used for SGC ("step up" encryption) otherwise anyone could use it. | ||
320 | |||
321 | Examples: | ||
322 | |||
323 | extendedKeyUsage=critical,codeSigning,1.2.3.4 | ||
324 | extendedKeyUsage=nsSGC,msSGC | ||
325 | |||
326 | Subject Key Identifier. | ||
327 | |||
328 | This is really a string extension and can take two possible values. Either | ||
329 | a hex string giving details of the extension value to include or the word | ||
330 | 'hash' which then automatically follow PKIX guidelines in selecting and | ||
331 | appropriate key identifier. The use of the hex string is strongly discouraged. | ||
332 | |||
333 | Example: subjectKeyIdentifier=hash | ||
334 | |||
335 | Authority Key Identifier. | ||
336 | |||
337 | The authority key identifier extension permits two options. keyid and issuer: | ||
338 | both can take the optional value "always". | ||
339 | |||
340 | If the keyid option is present an attempt is made to copy the subject key | ||
341 | identifier from the parent certificate. If the value "always" is present | ||
342 | then an error is returned if the option fails. | ||
343 | |||
344 | The issuer option copies the issuer and serial number from the issuer | ||
345 | certificate. Normally this will only be done if the keyid option fails or | ||
346 | is not included: the "always" flag will always include the value. | ||
347 | |||
348 | Subject Alternative Name. | ||
349 | |||
350 | The subject alternative name extension allows various literal values to be | ||
351 | included in the configuration file. These include "email" (an email address) | ||
352 | "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a | ||
353 | registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. | ||
354 | |||
355 | Also the email option include a special 'copy' value. This will automatically | ||
356 | include and email addresses contained in the certificate subject name in | ||
357 | the extension. | ||
358 | |||
359 | otherName can include arbitrary data associated with an OID: the value | ||
360 | should be the OID followed by a semicolon and the content in standard | ||
361 | ASN1_generate_nconf() format. | ||
362 | |||
363 | Examples: | ||
364 | |||
365 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ | ||
366 | subjectAltName=email:my@other.address,RID:1.2.3.4 | ||
367 | subjectAltName=otherName:1.2.3.4;UTF8:some other identifier | ||
368 | |||
369 | Issuer Alternative Name. | ||
370 | |||
371 | The issuer alternative name option supports all the literal options of | ||
372 | subject alternative name. It does *not* support the email:copy option because | ||
373 | that would not make sense. It does support an additional issuer:copy option | ||
374 | that will copy all the subject alternative name values from the issuer | ||
375 | certificate (if possible). | ||
376 | |||
377 | Example: | ||
378 | |||
379 | issuserAltName = issuer:copy | ||
380 | |||
381 | Authority Info Access. | ||
382 | |||
383 | The authority information access extension gives details about how to access | ||
384 | certain information relating to the CA. Its syntax is accessOID;location | ||
385 | where 'location' has the same syntax as subject alternative name (except | ||
386 | that email:copy is not supported). accessOID can be any valid OID but only | ||
387 | certain values are meaningful for example OCSP and caIssuers. OCSP gives the | ||
388 | location of an OCSP responder: this is used by Netscape PSM and other software. | ||
389 | |||
390 | Example: | ||
391 | |||
392 | authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ | ||
393 | authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html | ||
394 | |||
395 | CRL distribution points. | ||
396 | |||
397 | This is a multi-valued extension that supports all the literal options of | ||
398 | subject alternative name. Of the few software packages that currently interpret | ||
399 | this extension most only interpret the URI option. | ||
400 | |||
401 | Currently each option will set a new DistributionPoint with the fullName | ||
402 | field set to the given value. | ||
403 | |||
404 | Other fields like cRLissuer and reasons cannot currently be set or displayed: | ||
405 | at this time no examples were available that used these fields. | ||
406 | |||
407 | If you see this extension with <UNSUPPORTED> when you attempt to print it out | ||
408 | or it doesn't appear to display correctly then let me know, including the | ||
409 | certificate (mail me at steve@openssl.org) . | ||
410 | |||
411 | Examples: | ||
412 | |||
413 | crlDistributionPoints=URI:http://www.myhost.com/myca.crl | ||
414 | crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl | ||
415 | |||
416 | Certificate Policies. | ||
417 | |||
418 | This is a RAW extension. It attempts to display the contents of this extension: | ||
419 | unfortunately this extension is often improperly encoded. | ||
420 | |||
421 | The certificate policies extension will rarely be used in practice: few | ||
422 | software packages interpret it correctly or at all. IE5 does partially | ||
423 | support this extension: but it needs the 'ia5org' option because it will | ||
424 | only correctly support a broken encoding. Of the options below only the | ||
425 | policy OID, explicitText and CPS options are displayed with IE5. | ||
426 | |||
427 | All the fields of this extension can be set by using the appropriate syntax. | ||
428 | |||
429 | If you follow the PKIX recommendations of not including any qualifiers and just | ||
430 | using only one OID then you just include the value of that OID. Multiple OIDs | ||
431 | can be set separated by commas, for example: | ||
432 | |||
433 | certificatePolicies= 1.2.4.5, 1.1.3.4 | ||
434 | |||
435 | If you wish to include qualifiers then the policy OID and qualifiers need to | ||
436 | be specified in a separate section: this is done by using the @section syntax | ||
437 | instead of a literal OID value. | ||
438 | |||
439 | The section referred to must include the policy OID using the name | ||
440 | policyIdentifier, cPSuri qualifiers can be included using the syntax: | ||
441 | |||
442 | CPS.nnn=value | ||
443 | |||
444 | userNotice qualifiers can be set using the syntax: | ||
445 | |||
446 | userNotice.nnn=@notice | ||
447 | |||
448 | The value of the userNotice qualifier is specified in the relevant section. | ||
449 | This section can include explicitText, organization and noticeNumbers | ||
450 | options. explicitText and organization are text strings, noticeNumbers is a | ||
451 | comma separated list of numbers. The organization and noticeNumbers options | ||
452 | (if included) must BOTH be present. If you use the userNotice option with IE5 | ||
453 | then you need the 'ia5org' option at the top level to modify the encoding: | ||
454 | otherwise it will not be interpreted properly. | ||
455 | |||
456 | Example: | ||
457 | |||
458 | certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect | ||
459 | |||
460 | [polsect] | ||
461 | |||
462 | policyIdentifier = 1.3.5.8 | ||
463 | CPS.1="http://my.host.name/" | ||
464 | CPS.2="http://my.your.name/" | ||
465 | userNotice.1=@notice | ||
466 | |||
467 | [notice] | ||
468 | |||
469 | explicitText="Explicit Text Here" | ||
470 | organization="Organisation Name" | ||
471 | noticeNumbers=1,2,3,4 | ||
472 | |||
473 | TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field, | ||
474 | according to PKIX it should be of type DisplayText but Verisign uses an | ||
475 | IA5STRING and IE5 needs this too. | ||
476 | |||
477 | Display only extensions. | ||
478 | |||
479 | Some extensions are only partially supported and currently are only displayed | ||
480 | but cannot be set. These include private key usage period, CRL number, and | ||
481 | CRL reason. | ||
482 | |||
483 | ============================================================================== | ||
484 | X509V3 Extension code: programmers guide | ||
485 | ============================================================================== | ||
486 | |||
487 | The purpose of the extension code is twofold. It allows an extension to be | ||
488 | created from a string or structure describing its contents and it prints out an | ||
489 | extension in a human or machine readable form. | ||
490 | |||
491 | 1. Initialisation and cleanup. | ||
492 | |||
493 | No special initialisation is needed before calling the extension functions. | ||
494 | You used to have to call X509V3_add_standard_extensions(); but this is no longer | ||
495 | required and this function no longer does anything. | ||
496 | |||
497 | void X509V3_EXT_cleanup(void); | ||
498 | |||
499 | This function should be called to cleanup the extension code if any custom | ||
500 | extensions have been added. If no custom extensions have been added then this | ||
501 | call does nothing. After this call all custom extension code is freed up but | ||
502 | you can still use the standard extensions. | ||
503 | |||
504 | 2. Printing and parsing extensions. | ||
505 | |||
506 | The simplest way to print out extensions is via the standard X509 printing | ||
507 | routines: if you use the standard X509_print() function, the supported | ||
508 | extensions will be printed out automatically. | ||
509 | |||
510 | The following functions allow finer control over extension display: | ||
511 | |||
512 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); | ||
513 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | ||
514 | |||
515 | These two functions print out an individual extension to a BIO or FILE pointer. | ||
516 | Currently the flag argument is unused and should be set to 0. The 'indent' | ||
517 | argument is the number of spaces to indent each line. | ||
518 | |||
519 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); | ||
520 | |||
521 | This function parses an extension and returns its internal structure. The | ||
522 | precise structure you get back depends on the extension being parsed. If the | ||
523 | extension if basicConstraints you will get back a pointer to a | ||
524 | BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more | ||
525 | details about the structures returned. The returned structure should be freed | ||
526 | after use using the relevant free function, BASIC_CONSTRAINTS_free() for | ||
527 | example. | ||
528 | |||
529 | void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); | ||
530 | void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); | ||
531 | void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); | ||
532 | void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); | ||
533 | |||
534 | These functions combine the operations of searching for extensions and | ||
535 | parsing them. They search a certificate, a CRL a CRL entry or a stack | ||
536 | of extensions respectively for extension whose NID is 'nid' and return | ||
537 | the parsed result of NULL if an error occurred. For example: | ||
538 | |||
539 | BASIC_CONSTRAINTS *bs; | ||
540 | bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); | ||
541 | |||
542 | This will search for the basicConstraints extension and either return | ||
543 | it value or NULL. NULL can mean either the extension was not found, it | ||
544 | occurred more than once or it could not be parsed. | ||
545 | |||
546 | If 'idx' is NULL then an extension is only parsed if it occurs precisely | ||
547 | once. This is standard behaviour because extensions normally cannot occur | ||
548 | more than once. If however more than one extension of the same type can | ||
549 | occur it can be used to parse successive extensions for example: | ||
550 | |||
551 | int i; | ||
552 | void *ext; | ||
553 | |||
554 | i = -1; | ||
555 | for(;;) { | ||
556 | ext = X509_get_ext_d2i(x, nid, crit, &idx); | ||
557 | if(ext == NULL) break; | ||
558 | /* Do something with ext */ | ||
559 | } | ||
560 | |||
561 | If 'crit' is not NULL and the extension was found then the int it points to | ||
562 | is set to 1 for critical extensions and 0 for non critical. Therefore if the | ||
563 | function returns NULL but 'crit' is set to 0 or 1 then the extension was | ||
564 | found but it could not be parsed. | ||
565 | |||
566 | The int pointed to by crit will be set to -1 if the extension was not found | ||
567 | and -2 if the extension occurred more than once (this will only happen if | ||
568 | idx is NULL). In both cases the function will return NULL. | ||
569 | |||
570 | 3. Generating extensions. | ||
571 | |||
572 | An extension will typically be generated from a configuration file, or some | ||
573 | other kind of configuration database. | ||
574 | |||
575 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
576 | X509 *cert); | ||
577 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
578 | X509_CRL *crl); | ||
579 | |||
580 | These functions add all the extensions in the given section to the given | ||
581 | certificate or CRL. They will normally be called just before the certificate | ||
582 | or CRL is due to be signed. Both return 0 on error on non zero for success. | ||
583 | |||
584 | In each case 'conf' is the LHASH pointer of the configuration file to use | ||
585 | and 'section' is the section containing the extension details. | ||
586 | |||
587 | See the 'context functions' section for a description of the ctx parameter. | ||
588 | |||
589 | |||
590 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, | ||
591 | char *value); | ||
592 | |||
593 | This function returns an extension based on a name and value pair, if the | ||
594 | pair will not need to access other sections in a config file (or there is no | ||
595 | config file) then the 'conf' parameter can be set to NULL. | ||
596 | |||
597 | X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid, | ||
598 | char *value); | ||
599 | |||
600 | This function creates an extension in the same way as X509V3_EXT_conf() but | ||
601 | takes the NID of the extension rather than its name. | ||
602 | |||
603 | For example to produce basicConstraints with the CA flag and a path length of | ||
604 | 10: | ||
605 | |||
606 | x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10"); | ||
607 | |||
608 | |||
609 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | ||
610 | |||
611 | This function sets up an extension from its internal structure. The ext_nid | ||
612 | parameter is the NID of the extension and 'crit' is the critical flag. | ||
613 | |||
614 | 4. Context functions. | ||
615 | |||
616 | The following functions set and manipulate an extension context structure. | ||
617 | The purpose of the extension context is to allow the extension code to | ||
618 | access various structures relating to the "environment" of the certificate: | ||
619 | for example the issuers certificate or the certificate request. | ||
620 | |||
621 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, | ||
622 | X509_REQ *req, X509_CRL *crl, int flags); | ||
623 | |||
624 | This function sets up an X509V3_CTX structure with details of the certificate | ||
625 | environment: specifically the issuers certificate, the subject certificate, | ||
626 | the certificate request and the CRL: if these are not relevant or not | ||
627 | available then they can be set to NULL. The 'flags' parameter should be set | ||
628 | to zero. | ||
629 | |||
630 | X509V3_set_ctx_test(ctx) | ||
631 | |||
632 | This macro is used to set the 'ctx' structure to a 'test' value: this is to | ||
633 | allow the syntax of an extension (or configuration file) to be tested. | ||
634 | |||
635 | X509V3_set_ctx_nodb(ctx) | ||
636 | |||
637 | This macro is used when no configuration database is present. | ||
638 | |||
639 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); | ||
640 | |||
641 | This function is used to set the configuration database when it is an LHASH | ||
642 | structure: typically a configuration file. | ||
643 | |||
644 | The following functions are used to access a configuration database: they | ||
645 | should only be used in RAW extensions. | ||
646 | |||
647 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); | ||
648 | |||
649 | This function returns the value of the parameter "name" in "section", or NULL | ||
650 | if there has been an error. | ||
651 | |||
652 | void X509V3_string_free(X509V3_CTX *ctx, char *str); | ||
653 | |||
654 | This function frees up the string returned by the above function. | ||
655 | |||
656 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); | ||
657 | |||
658 | This function returns a whole section as a STACK_OF(CONF_VALUE) . | ||
659 | |||
660 | void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); | ||
661 | |||
662 | This function frees up the STACK returned by the above function. | ||
663 | |||
664 | Note: it is possible to use the extension code with a custom configuration | ||
665 | database. To do this the "db_meth" element of the X509V3_CTX structure should | ||
666 | be set to an X509V3_CTX_METHOD structure. This structure contains the following | ||
667 | function pointers: | ||
668 | |||
669 | char * (*get_string)(void *db, char *section, char *value); | ||
670 | STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); | ||
671 | void (*free_string)(void *db, char * string); | ||
672 | void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); | ||
673 | |||
674 | these will be called and passed the 'db' element in the X509V3_CTX structure | ||
675 | to access the database. If a given function is not implemented or not required | ||
676 | it can be set to NULL. | ||
677 | |||
678 | 5. String helper functions. | ||
679 | |||
680 | There are several "i2s" and "s2i" functions that convert structures to and | ||
681 | from ASCII strings. In all the "i2s" cases the returned string should be | ||
682 | freed using Free() after use. Since some of these are part of other extension | ||
683 | code they may take a 'method' parameter. Unless otherwise stated it can be | ||
684 | safely set to NULL. | ||
685 | |||
686 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct); | ||
687 | |||
688 | This returns a hex string from an ASN1_OCTET_STRING. | ||
689 | |||
690 | char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); | ||
691 | char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); | ||
692 | |||
693 | These return a string decimal representations of an ASN1_INTEGER and an | ||
694 | ASN1_ENUMERATED type, respectively. | ||
695 | |||
696 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | ||
697 | X509V3_CTX *ctx, char *str); | ||
698 | |||
699 | This converts an ASCII hex string to an ASN1_OCTET_STRING. | ||
700 | |||
701 | ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); | ||
702 | |||
703 | This converts a decimal ASCII string into an ASN1_INTEGER. | ||
704 | |||
705 | 6. Multi valued extension helper functions. | ||
706 | |||
707 | The following functions can be used to manipulate STACKs of CONF_VALUE | ||
708 | structures, as used by multi valued extensions. | ||
709 | |||
710 | int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); | ||
711 | |||
712 | This function expects a boolean value in 'value' and sets 'asn1_bool' to | ||
713 | it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following | ||
714 | strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE" | ||
715 | "false", "N", "n", "NO" or "no". | ||
716 | |||
717 | int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); | ||
718 | |||
719 | This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER. | ||
720 | |||
721 | int X509V3_add_value(const char *name, const char *value, | ||
722 | STACK_OF(CONF_VALUE) **extlist); | ||
723 | |||
724 | This simply adds a string name and value pair. | ||
725 | |||
726 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, | ||
727 | STACK_OF(CONF_VALUE) **extlist); | ||
728 | |||
729 | The same as above but for an unsigned character value. | ||
730 | |||
731 | int X509V3_add_value_bool(const char *name, int asn1_bool, | ||
732 | STACK_OF(CONF_VALUE) **extlist); | ||
733 | |||
734 | This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool' | ||
735 | |||
736 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, | ||
737 | STACK_OF(CONF_VALUE) **extlist); | ||
738 | |||
739 | This is the same as above except it adds nothing if asn1_bool is FALSE. | ||
740 | |||
741 | int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, | ||
742 | STACK_OF(CONF_VALUE) **extlist); | ||
743 | |||
744 | This function adds the value of the ASN1_INTEGER in decimal form. | ||
745 | |||
746 | 7. Other helper functions. | ||
747 | |||
748 | <to be added> | ||
749 | |||
750 | ADDING CUSTOM EXTENSIONS. | ||
751 | |||
752 | Currently there are three types of supported extensions. | ||
753 | |||
754 | String extensions are simple strings where the value is placed directly in the | ||
755 | extensions, and the string returned is printed out. | ||
756 | |||
757 | Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs | ||
758 | or return a STACK_OF(CONF_VALUE). | ||
759 | |||
760 | Raw extensions are just passed a BIO or a value and it is the extensions | ||
761 | responsibility to handle all the necessary printing. | ||
762 | |||
763 | There are two ways to add an extension. One is simply as an alias to an already | ||
764 | existing extension. An alias is an extension that is identical in ASN1 structure | ||
765 | to an existing extension but has a different OBJECT IDENTIFIER. This can be | ||
766 | done by calling: | ||
767 | |||
768 | int X509V3_EXT_add_alias(int nid_to, int nid_from); | ||
769 | |||
770 | 'nid_to' is the new extension NID and 'nid_from' is the already existing | ||
771 | extension NID. | ||
772 | |||
773 | Alternatively an extension can be written from scratch. This involves writing | ||
774 | the ASN1 code to encode and decode the extension and functions to print out and | ||
775 | generate the extension from strings. The relevant functions are then placed in | ||
776 | a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext); | ||
777 | called. | ||
778 | |||
779 | The X509V3_EXT_METHOD structure is described below. | ||
780 | |||
781 | struct { | ||
782 | int ext_nid; | ||
783 | int ext_flags; | ||
784 | X509V3_EXT_NEW ext_new; | ||
785 | X509V3_EXT_FREE ext_free; | ||
786 | X509V3_EXT_D2I d2i; | ||
787 | X509V3_EXT_I2D i2d; | ||
788 | X509V3_EXT_I2S i2s; | ||
789 | X509V3_EXT_S2I s2i; | ||
790 | X509V3_EXT_I2V i2v; | ||
791 | X509V3_EXT_V2I v2i; | ||
792 | X509V3_EXT_R2I r2i; | ||
793 | X509V3_EXT_I2R i2r; | ||
794 | |||
795 | void *usr_data; | ||
796 | }; | ||
797 | |||
798 | The elements have the following meanings. | ||
799 | |||
800 | ext_nid is the NID of the object identifier of the extension. | ||
801 | |||
802 | ext_flags is set of flags. Currently the only external flag is | ||
803 | X509V3_EXT_MULTILINE which means a multi valued extensions | ||
804 | should be printed on separate lines. | ||
805 | |||
806 | usr_data is an extension specific pointer to any relevant data. This | ||
807 | allows extensions to share identical code but have different | ||
808 | uses. An example of this is the bit string extension which uses | ||
809 | usr_data to contain a list of the bit names. | ||
810 | |||
811 | All the remaining elements are function pointers. | ||
812 | |||
813 | ext_new is a pointer to a function that allocates memory for the | ||
814 | extension ASN1 structure: for example ASN1_OBJECT_new(). | ||
815 | |||
816 | ext_free is a pointer to a function that free up memory of the extension | ||
817 | ASN1 structure: for example ASN1_OBJECT_free(). | ||
818 | |||
819 | d2i is the standard ASN1 function that converts a DER buffer into | ||
820 | the internal ASN1 structure: for example d2i_ASN1_IA5STRING(). | ||
821 | |||
822 | i2d is the standard ASN1 function that converts the internal | ||
823 | structure into the DER representation: for example | ||
824 | i2d_ASN1_IA5STRING(). | ||
825 | |||
826 | The remaining functions are depend on the type of extension. One i2X and | ||
827 | one X2i should be set and the rest set to NULL. The types set do not need | ||
828 | to match up, for example the extension could be set using the multi valued | ||
829 | v2i function and printed out using the raw i2r. | ||
830 | |||
831 | All functions have the X509V3_EXT_METHOD passed to them in the 'method' | ||
832 | parameter and an X509V3_CTX structure. Extension code can then access the | ||
833 | parent structure via the 'method' parameter to for example make use of the value | ||
834 | of usr_data. If the code needs to use detail relating to the request it can | ||
835 | use the 'ctx' parameter. | ||
836 | |||
837 | A note should be given here about the 'flags' member of the 'ctx' parameter. | ||
838 | If it has the value CTX_TEST then the configuration syntax is being checked | ||
839 | and no actual certificate or CRL exists. Therefore any attempt in the config | ||
840 | file to access such information should silently succeed. If the syntax is OK | ||
841 | then it should simply return a (possibly bogus) extension, otherwise it | ||
842 | should return NULL. | ||
843 | |||
844 | char *i2s(struct v3_ext_method *method, void *ext); | ||
845 | |||
846 | This function takes the internal structure in the ext parameter and returns | ||
847 | a Malloc'ed string representing its value. | ||
848 | |||
849 | void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | ||
850 | |||
851 | This function takes the string representation in the ext parameter and returns | ||
852 | an allocated internal structure: ext_free() will be used on this internal | ||
853 | structure after use. | ||
854 | |||
855 | i2v and v2i handle a STACK_OF(CONF_VALUE): | ||
856 | |||
857 | typedef struct | ||
858 | { | ||
859 | char *section; | ||
860 | char *name; | ||
861 | char *value; | ||
862 | } CONF_VALUE; | ||
863 | |||
864 | Only the name and value members are currently used. | ||
865 | |||
866 | STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext); | ||
867 | |||
868 | This function is passed the internal structure in the ext parameter and | ||
869 | returns a STACK of CONF_VALUE structures. The values of name, value, | ||
870 | section and the structure itself will be freed up with Free after use. | ||
871 | Several helper functions are available to add values to this STACK. | ||
872 | |||
873 | void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, | ||
874 | STACK_OF(CONF_VALUE) *values); | ||
875 | |||
876 | This function takes a STACK_OF(CONF_VALUE) structures and should set the | ||
877 | values of the external structure. This typically uses the name element to | ||
878 | determine which structure element to set and the value element to determine | ||
879 | what to set it to. Several helper functions are available for this | ||
880 | purpose (see above). | ||
881 | |||
882 | int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent); | ||
883 | |||
884 | This function is passed the internal extension structure in the ext parameter | ||
885 | and sends out a human readable version of the extension to out. The 'indent' | ||
886 | parameter should be noted to determine the necessary amount of indentation | ||
887 | needed on the output. | ||
888 | |||
889 | void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | ||
890 | |||
891 | This is just passed the string representation of the extension. It is intended | ||
892 | to be used for more elaborate extensions where the standard single and multi | ||
893 | valued options are insufficient. They can use the 'ctx' parameter to parse the | ||
894 | configuration database themselves. See the context functions section for details | ||
895 | of how to do this. | ||
896 | |||
897 | Note: although this type takes the same parameters as the "r2s" function there | ||
898 | is a subtle difference. Whereas an "r2i" function can access a configuration | ||
899 | database an "s2i" function MUST NOT. This is so the internal code can safely | ||
900 | assume that an "s2i" function will work without a configuration database. | ||
901 | |||
902 | ============================================================================== | ||
903 | PKCS#12 Library | ||
904 | ============================================================================== | ||
905 | |||
906 | This section describes the internal PKCS#12 support. There are very few | ||
907 | differences between the old external library and the new internal code at | ||
908 | present. This may well change because the external library will not be updated | ||
909 | much in future. | ||
910 | |||
911 | This version now includes a couple of high level PKCS#12 functions which | ||
912 | generally "do the right thing" and should make it much easier to handle PKCS#12 | ||
913 | structures. | ||
914 | |||
915 | HIGH LEVEL FUNCTIONS. | ||
916 | |||
917 | For most applications you only need concern yourself with the high level | ||
918 | functions. They can parse and generate simple PKCS#12 files as produced by | ||
919 | Netscape and MSIE or indeed any compliant PKCS#12 file containing a single | ||
920 | private key and certificate pair. | ||
921 | |||
922 | 1. Initialisation and cleanup. | ||
923 | |||
924 | No special initialisation is needed for the internal PKCS#12 library: the | ||
925 | standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to | ||
926 | add all algorithms (you should at least add SHA1 though) then you can manually | ||
927 | initialise the PKCS#12 library with: | ||
928 | |||
929 | PKCS12_PBE_add(); | ||
930 | |||
931 | The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is | ||
932 | called or it can be directly freed with: | ||
933 | |||
934 | EVP_PBE_cleanup(); | ||
935 | |||
936 | after this call (or EVP_cleanup() ) no more PKCS#12 library functions should | ||
937 | be called. | ||
938 | |||
939 | 2. I/O functions. | ||
940 | |||
941 | i2d_PKCS12_bio(bp, p12) | ||
942 | |||
943 | This writes out a PKCS12 structure to a BIO. | ||
944 | |||
945 | i2d_PKCS12_fp(fp, p12) | ||
946 | |||
947 | This is the same but for a FILE pointer. | ||
948 | |||
949 | d2i_PKCS12_bio(bp, p12) | ||
950 | |||
951 | This reads in a PKCS12 structure from a BIO. | ||
952 | |||
953 | d2i_PKCS12_fp(fp, p12) | ||
954 | |||
955 | This is the same but for a FILE pointer. | ||
956 | |||
957 | 3. High level functions. | ||
958 | |||
959 | 3.1 Parsing with PKCS12_parse(). | ||
960 | |||
961 | int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, | ||
962 | STACK **ca); | ||
963 | |||
964 | This function takes a PKCS12 structure and a password (ASCII, null terminated) | ||
965 | and returns the private key, the corresponding certificate and any CA | ||
966 | certificates. If any of these is not required it can be passed as a NULL. | ||
967 | The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK | ||
968 | structure. Typically to read in a PKCS#12 file you might do: | ||
969 | |||
970 | p12 = d2i_PKCS12_fp(fp, NULL); | ||
971 | PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */ | ||
972 | PKCS12_free(p12); | ||
973 | |||
974 | 3.2 PKCS#12 creation with PKCS12_create(). | ||
975 | |||
976 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | ||
977 | STACK *ca, int nid_key, int nid_cert, int iter, | ||
978 | int mac_iter, int keytype); | ||
979 | |||
980 | This function will create a PKCS12 structure from a given password, name, | ||
981 | private key, certificate and optional STACK of CA certificates. The remaining | ||
982 | 5 parameters can be set to 0 and sensible defaults will be used. | ||
983 | |||
984 | The parameters nid_key and nid_cert are the key and certificate encryption | ||
985 | algorithms, iter is the encryption iteration count, mac_iter is the MAC | ||
986 | iteration count and keytype is the type of private key. If you really want | ||
987 | to know what these last 5 parameters do then read the low level section. | ||
988 | |||
989 | Typically to create a PKCS#12 file the following could be used: | ||
990 | |||
991 | p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0); | ||
992 | i2d_PKCS12_fp(fp, p12); | ||
993 | PKCS12_free(p12); | ||
994 | |||
995 | 3.3 Changing a PKCS#12 structure password. | ||
996 | |||
997 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); | ||
998 | |||
999 | This changes the password of an already existing PKCS#12 structure. oldpass | ||
1000 | is the old password and newpass is the new one. An error occurs if the old | ||
1001 | password is incorrect. | ||
1002 | |||
1003 | LOW LEVEL FUNCTIONS. | ||
1004 | |||
1005 | In some cases the high level functions do not provide the necessary | ||
1006 | functionality. For example if you want to generate or parse more complex | ||
1007 | PKCS#12 files. The sample pkcs12 application uses the low level functions | ||
1008 | to display details about the internal structure of a PKCS#12 file. | ||
1009 | |||
1010 | Introduction. | ||
1011 | |||
1012 | This is a brief description of how a PKCS#12 file is represented internally: | ||
1013 | some knowledge of PKCS#12 is assumed. | ||
1014 | |||
1015 | A PKCS#12 object contains several levels. | ||
1016 | |||
1017 | At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a | ||
1018 | CRL, a private key, encrypted or unencrypted, a set of safebags (so the | ||
1019 | structure can be nested) or other secrets (not documented at present). | ||
1020 | A safebag can optionally have attributes, currently these are: a unicode | ||
1021 | friendlyName (a Unicode string) or a localKeyID (a string of bytes). | ||
1022 | |||
1023 | At the next level is an authSafe which is a set of safebags collected into | ||
1024 | a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself. | ||
1025 | |||
1026 | At the top level is the PKCS12 structure itself which contains a set of | ||
1027 | authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it | ||
1028 | contains a MAC which is a kind of password protected digest to preserve | ||
1029 | integrity (so any unencrypted stuff below can't be tampered with). | ||
1030 | |||
1031 | The reason for these levels is so various objects can be encrypted in various | ||
1032 | ways. For example you might want to encrypt a set of private keys with | ||
1033 | triple-DES and then include the related certificates either unencrypted or | ||
1034 | with lower encryption. Yes it's the dreaded crypto laws at work again which | ||
1035 | allow strong encryption on private keys and only weak encryption on other | ||
1036 | stuff. | ||
1037 | |||
1038 | To build one of these things you turn all certificates and keys into safebags | ||
1039 | (with optional attributes). You collect the safebags into (one or more) STACKS | ||
1040 | and convert these into authsafes (encrypted or unencrypted). The authsafes | ||
1041 | are collected into a STACK and added to a PKCS12 structure. Finally a MAC | ||
1042 | inserted. | ||
1043 | |||
1044 | Pulling one apart is basically the reverse process. The MAC is verified against | ||
1045 | the given password. The authsafes are extracted and each authsafe split into | ||
1046 | a set of safebags (possibly involving decryption). Finally the safebags are | ||
1047 | decomposed into the original keys and certificates and the attributes used to | ||
1048 | match up private key and certificate pairs. | ||
1049 | |||
1050 | Anyway here are the functions that do the dirty work. | ||
1051 | |||
1052 | 1. Construction functions. | ||
1053 | |||
1054 | 1.1 Safebag functions. | ||
1055 | |||
1056 | M_PKCS12_x5092certbag(x509) | ||
1057 | |||
1058 | This macro takes an X509 structure and returns a certificate bag. The | ||
1059 | X509 structure can be freed up after calling this function. | ||
1060 | |||
1061 | M_PKCS12_x509crl2certbag(crl) | ||
1062 | |||
1063 | As above but for a CRL. | ||
1064 | |||
1065 | PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey) | ||
1066 | |||
1067 | Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure. | ||
1068 | Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo | ||
1069 | structure contains a private key data in plain text form it should be free'd | ||
1070 | up as soon as it has been encrypted for security reasons (freeing up the | ||
1071 | structure zeros out the sensitive data). This can be done with | ||
1072 | PKCS8_PRIV_KEY_INFO_free(). | ||
1073 | |||
1074 | PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) | ||
1075 | |||
1076 | This sets the key type when a key is imported into MSIE or Outlook 98. Two | ||
1077 | values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type | ||
1078 | key that can also be used for signing but its size is limited in the export | ||
1079 | versions of MS software to 512 bits, it is also the default. KEY_SIG is a | ||
1080 | signing only key but the keysize is unlimited (well 16K is supposed to work). | ||
1081 | If you are using the domestic version of MSIE then you can ignore this because | ||
1082 | KEY_EX is not limited and can be used for both. | ||
1083 | |||
1084 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) | ||
1085 | |||
1086 | Convert a PKCS8 private key structure into a keybag. This routine embeds the | ||
1087 | p8 structure in the keybag so p8 should not be freed up or used after it is | ||
1088 | called. The p8 structure will be freed up when the safebag is freed. | ||
1089 | |||
1090 | PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) | ||
1091 | |||
1092 | Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not | ||
1093 | embedded and can be freed up after use. | ||
1094 | |||
1095 | int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) | ||
1096 | int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) | ||
1097 | |||
1098 | Add a local key id or a friendlyname to a safebag. | ||
1099 | |||
1100 | 1.2 Authsafe functions. | ||
1101 | |||
1102 | PKCS7 *PKCS12_pack_p7data(STACK *sk) | ||
1103 | Take a stack of safebags and convert them into an unencrypted authsafe. The | ||
1104 | stack of safebags can be freed up after calling this function. | ||
1105 | |||
1106 | PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags); | ||
1107 | |||
1108 | As above but encrypted. | ||
1109 | |||
1110 | 1.3 PKCS12 functions. | ||
1111 | |||
1112 | PKCS12 *PKCS12_init(int mode) | ||
1113 | |||
1114 | Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data). | ||
1115 | |||
1116 | M_PKCS12_pack_authsafes(p12, safes) | ||
1117 | |||
1118 | This macro takes a STACK of authsafes and adds them to a PKCS#12 structure. | ||
1119 | |||
1120 | int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type); | ||
1121 | |||
1122 | Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests | ||
1123 | that SHA-1 should be used. | ||
1124 | |||
1125 | 2. Extraction Functions. | ||
1126 | |||
1127 | 2.1 Safebags. | ||
1128 | |||
1129 | M_PKCS12_bag_type(bag) | ||
1130 | |||
1131 | Return the type of "bag". Returns one of the following | ||
1132 | |||
1133 | NID_keyBag | ||
1134 | NID_pkcs8ShroudedKeyBag 7 | ||
1135 | NID_certBag 8 | ||
1136 | NID_crlBag 9 | ||
1137 | NID_secretBag 10 | ||
1138 | NID_safeContentsBag 11 | ||
1139 | |||
1140 | M_PKCS12_cert_bag_type(bag) | ||
1141 | |||
1142 | Returns type of certificate bag, following are understood. | ||
1143 | |||
1144 | NID_x509Certificate 14 | ||
1145 | NID_sdsiCertificate 15 | ||
1146 | |||
1147 | M_PKCS12_crl_bag_type(bag) | ||
1148 | |||
1149 | Returns crl bag type, currently only NID_crlBag is recognised. | ||
1150 | |||
1151 | M_PKCS12_certbag2x509(bag) | ||
1152 | |||
1153 | This macro extracts an X509 certificate from a certificate bag. | ||
1154 | |||
1155 | M_PKCS12_certbag2x509crl(bag) | ||
1156 | |||
1157 | As above but for a CRL. | ||
1158 | |||
1159 | EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) | ||
1160 | |||
1161 | Extract a private key from a PKCS8 private key info structure. | ||
1162 | |||
1163 | M_PKCS12_decrypt_skey(bag, pass, passlen) | ||
1164 | |||
1165 | Decrypt a shrouded key bag and return a PKCS8 private key info structure. | ||
1166 | Works with both RSA and DSA keys | ||
1167 | |||
1168 | char *PKCS12_get_friendlyname(bag) | ||
1169 | |||
1170 | Returns the friendlyName of a bag if present or NULL if none. The returned | ||
1171 | string is a null terminated ASCII string allocated with Malloc(). It should | ||
1172 | thus be freed up with Free() after use. | ||
1173 | |||
1174 | 2.2 AuthSafe functions. | ||
1175 | |||
1176 | M_PKCS12_unpack_p7data(p7) | ||
1177 | |||
1178 | Extract a STACK of safe bags from a PKCS#7 data ContentInfo. | ||
1179 | |||
1180 | #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) | ||
1181 | |||
1182 | As above but for an encrypted content info. | ||
1183 | |||
1184 | 2.3 PKCS12 functions. | ||
1185 | |||
1186 | M_PKCS12_unpack_authsafes(p12) | ||
1187 | |||
1188 | Extract a STACK of authsafes from a PKCS12 structure. | ||
1189 | |||
1190 | M_PKCS12_mac_present(p12) | ||
1191 | |||
1192 | Check to see if a MAC is present. | ||
1193 | |||
1194 | int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen) | ||
1195 | |||
1196 | Verify a MAC on a PKCS12 structure. Returns an error if MAC not present. | ||
1197 | |||
1198 | |||
1199 | Notes. | ||
1200 | |||
1201 | 1. All the function return 0 or NULL on error. | ||
1202 | 2. Encryption based functions take a common set of parameters. These are | ||
1203 | described below. | ||
1204 | |||
1205 | pass, passlen | ||
1206 | ASCII password and length. The password on the MAC is called the "integrity | ||
1207 | password" the encryption password is called the "privacy password" in the | ||
1208 | PKCS#12 documentation. The passwords do not have to be the same. If -1 is | ||
1209 | passed for the length it is worked out by the function itself (currently | ||
1210 | this is sometimes done whatever is passed as the length but that may change). | ||
1211 | |||
1212 | salt, saltlen | ||
1213 | A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a | ||
1214 | default length is used. | ||
1215 | |||
1216 | iter | ||
1217 | Iteration count. This is a measure of how many times an internal function is | ||
1218 | called to encrypt the data. The larger this value is the longer it takes, it | ||
1219 | makes dictionary attacks on passwords harder. NOTE: Some implementations do | ||
1220 | not support an iteration count on the MAC. If the password for the MAC and | ||
1221 | encryption is the same then there is no point in having a high iteration | ||
1222 | count for encryption if the MAC has no count. The MAC could be attacked | ||
1223 | and the password used for the main decryption. | ||
1224 | |||
1225 | pbe_nid | ||
1226 | This is the NID of the password based encryption method used. The following are | ||
1227 | supported. | ||
1228 | NID_pbe_WithSHA1And128BitRC4 | ||
1229 | NID_pbe_WithSHA1And40BitRC4 | ||
1230 | NID_pbe_WithSHA1And3_Key_TripleDES_CBC | ||
1231 | NID_pbe_WithSHA1And2_Key_TripleDES_CBC | ||
1232 | NID_pbe_WithSHA1And128BitRC2_CBC | ||
1233 | NID_pbe_WithSHA1And40BitRC2_CBC | ||
1234 | |||
1235 | Which you use depends on the implementation you are exporting to. "Export | ||
1236 | grade" (i.e. cryptographically challenged) products cannot support all | ||
1237 | algorithms. Typically you may be able to use any encryption on shrouded key | ||
1238 | bags but they must then be placed in an unencrypted authsafe. Other authsafes | ||
1239 | may only support 40bit encryption. Of course if you are using SSLeay | ||
1240 | throughout you can strongly encrypt everything and have high iteration counts | ||
1241 | on everything. | ||
1242 | |||
1243 | 3. For decryption routines only the password and length are needed. | ||
1244 | |||
1245 | 4. Unlike the external version the nid's of objects are the values of the | ||
1246 | constants: that is NID_certBag is the real nid, therefore there is no | ||
1247 | PKCS12_obj_offset() function. Note the object constants are not the same as | ||
1248 | those of the external version. If you use these constants then you will need | ||
1249 | to recompile your code. | ||
1250 | |||
1251 | 5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or | ||
1252 | macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be | ||
1253 | reused or freed up safely. | ||
1254 | |||
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt deleted file mode 100644 index 7bada8d35f..0000000000 --- a/src/lib/libssl/doc/standards.txt +++ /dev/null | |||
@@ -1,285 +0,0 @@ | |||
1 | Standards related to OpenSSL | ||
2 | ============================ | ||
3 | |||
4 | [Please, this is currently a draft. I made a first try at finding | ||
5 | documents that describe parts of what OpenSSL implements. There are | ||
6 | big gaps, and I've most certainly done something wrong. Please | ||
7 | correct whatever is... Also, this note should be removed when this | ||
8 | file is reaching a somewhat correct state. -- Richard Levitte] | ||
9 | |||
10 | |||
11 | All pointers in here will be either URL's or blobs of text borrowed | ||
12 | from miscellaneous indexes, like rfc-index.txt (index of RFCs), | ||
13 | 1id-index.txt (index of Internet drafts) and the like. | ||
14 | |||
15 | To find the latest possible RFCs, it's recommended to either browse | ||
16 | ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and | ||
17 | use the search mechanism found there. | ||
18 | To find the latest possible Internet drafts, it's recommended to | ||
19 | browse ftp://ftp.isi.edu/internet-drafts/. | ||
20 | To find the latest possible PKCS, it's recommended to browse | ||
21 | http://www.rsasecurity.com/rsalabs/pkcs/. | ||
22 | |||
23 | |||
24 | Implemented: | ||
25 | ------------ | ||
26 | |||
27 | These are documents that describe things that are implemented (in | ||
28 | whole or at least great parts) in OpenSSL. | ||
29 | |||
30 | 1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. | ||
31 | (Format: TXT=25661 bytes) (Status: INFORMATIONAL) | ||
32 | |||
33 | 1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format: | ||
34 | TXT=32407 bytes) (Status: INFORMATIONAL) | ||
35 | |||
36 | 1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format: | ||
37 | TXT=35222 bytes) (Status: INFORMATIONAL) | ||
38 | |||
39 | 2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999. | ||
40 | (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD) | ||
41 | |||
42 | 2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest. | ||
43 | January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL) | ||
44 | |||
45 | 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. | ||
46 | March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) | ||
47 | |||
48 | PKCS#8: Private-Key Information Syntax Standard | ||
49 | |||
50 | PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. | ||
51 | |||
52 | 2560 X.509 Internet Public Key Infrastructure Online Certificate | ||
53 | Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, | ||
54 | C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED | ||
55 | STANDARD) | ||
56 | |||
57 | 2712 Addition of Kerberos Cipher Suites to Transport Layer Security | ||
58 | (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) | ||
59 | (Status: PROPOSED STANDARD) | ||
60 | |||
61 | 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0. | ||
62 | B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status: | ||
63 | INFORMATIONAL) | ||
64 | |||
65 | 2986 PKCS #10: Certification Request Syntax Specification Version 1.7. | ||
66 | M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes) | ||
67 | (Obsoletes RFC2314) (Status: INFORMATIONAL) | ||
68 | |||
69 | 3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. | ||
70 | September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) | ||
71 | |||
72 | 3161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP) | ||
73 | C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001 | ||
74 | (Status: PROPOSED STANDARD) | ||
75 | |||
76 | 3268 Advanced Encryption Standard (AES) Ciphersuites for Transport | ||
77 | Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) | ||
78 | (Status: PROPOSED STANDARD) | ||
79 | |||
80 | 3279 Algorithms and Identifiers for the Internet X.509 Public Key | ||
81 | Infrastructure Certificate and Certificate Revocation List (CRL) | ||
82 | Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format: | ||
83 | TXT=53833 bytes) (Status: PROPOSED STANDARD) | ||
84 | |||
85 | 3280 Internet X.509 Public Key Infrastructure Certificate and | ||
86 | Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. | ||
87 | Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes | ||
88 | RFC2459) (Status: PROPOSED STANDARD) | ||
89 | |||
90 | 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography | ||
91 | Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. | ||
92 | (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: | ||
93 | INFORMATIONAL) | ||
94 | |||
95 | 3713 A Description of the Camellia Encryption Algorithm. M. Matsui, | ||
96 | J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) | ||
97 | (Status: INFORMATIONAL) | ||
98 | |||
99 | 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate | ||
100 | Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. | ||
101 | June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) | ||
102 | |||
103 | 4132 Addition of Camellia Cipher Suites to Transport Layer Security | ||
104 | (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 | ||
105 | bytes) (Status: PROPOSED STANDARD) | ||
106 | |||
107 | 4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). | ||
108 | H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) | ||
109 | (Status: PROPOSED STANDARD) | ||
110 | |||
111 | 4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, | ||
112 | D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) | ||
113 | (Obsoletes RFC4009) (Status: INFORMATIONAL) | ||
114 | |||
115 | |||
116 | Related: | ||
117 | -------- | ||
118 | |||
119 | These are documents that are close to OpenSSL, for example the | ||
120 | STARTTLS documents. | ||
121 | |||
122 | 1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message | ||
123 | Encryption and Authentication Procedures. J. Linn. February 1993. | ||
124 | (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED | ||
125 | STANDARD) | ||
126 | |||
127 | 1422 Privacy Enhancement for Internet Electronic Mail: Part II: | ||
128 | Certificate-Based Key Management. S. Kent. February 1993. (Format: | ||
129 | TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD) | ||
130 | |||
131 | 1423 Privacy Enhancement for Internet Electronic Mail: Part III: | ||
132 | Algorithms, Modes, and Identifiers. D. Balenson. February 1993. | ||
133 | (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED | ||
134 | STANDARD) | ||
135 | |||
136 | 1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key | ||
137 | Certification and Related Services. B. Kaliski. February 1993. | ||
138 | (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) | ||
139 | |||
140 | 2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October | ||
141 | 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD) | ||
142 | |||
143 | 2510 Internet X.509 Public Key Infrastructure Certificate Management | ||
144 | Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178 | ||
145 | bytes) (Status: PROPOSED STANDARD) | ||
146 | |||
147 | 2511 Internet X.509 Certificate Request Message Format. M. Myers, C. | ||
148 | Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes) | ||
149 | (Status: PROPOSED STANDARD) | ||
150 | |||
151 | 2527 Internet X.509 Public Key Infrastructure Certificate Policy and | ||
152 | Certification Practices Framework. S. Chokhani, W. Ford. March 1999. | ||
153 | (Format: TXT=91860 bytes) (Status: INFORMATIONAL) | ||
154 | |||
155 | 2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake | ||
156 | 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status: | ||
157 | PROPOSED STANDARD) | ||
158 | |||
159 | 2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS). | ||
160 | D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status: | ||
161 | PROPOSED STANDARD) | ||
162 | |||
163 | 2559 Internet X.509 Public Key Infrastructure Operational Protocols - | ||
164 | LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format: | ||
165 | TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD) | ||
166 | |||
167 | 2585 Internet X.509 Public Key Infrastructure Operational Protocols: | ||
168 | FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813 | ||
169 | bytes) (Status: PROPOSED STANDARD) | ||
170 | |||
171 | 2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S. | ||
172 | Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes) | ||
173 | (Status: PROPOSED STANDARD) | ||
174 | |||
175 | 2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. | ||
176 | (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD) | ||
177 | |||
178 | 2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. | ||
179 | (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD) | ||
180 | |||
181 | 2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June | ||
182 | 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD) | ||
183 | |||
184 | 2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October | ||
185 | 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL) | ||
186 | |||
187 | 2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace. | ||
188 | February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status: | ||
189 | EXPERIMENTAL) | ||
190 | |||
191 | 2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J. | ||
192 | Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status: | ||
193 | PROPOSED STANDARD) | ||
194 | |||
195 | 2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May | ||
196 | 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED | ||
197 | STANDARD) | ||
198 | |||
199 | 2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes) | ||
200 | (Status: INFORMATIONAL) | ||
201 | |||
202 | 2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July | ||
203 | 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL) | ||
204 | |||
205 | 2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. | ||
206 | October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD) | ||
207 | |||
208 | 2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0. | ||
209 | M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes) | ||
210 | (Status: INFORMATIONAL) | ||
211 | |||
212 | 3029 Internet X.509 Public Key Infrastructure Data Validation and | ||
213 | Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev, | ||
214 | R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status: | ||
215 | EXPERIMENTAL) | ||
216 | |||
217 | 3039 Internet X.509 Public Key Infrastructure Qualified Certificates | ||
218 | Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001. | ||
219 | (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD) | ||
220 | |||
221 | 3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P. | ||
222 | Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes) | ||
223 | (Status: INFORMATIONAL) | ||
224 | |||
225 | 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol | ||
226 | (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001. | ||
227 | (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD) | ||
228 | |||
229 | 3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner. | ||
230 | October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD) | ||
231 | |||
232 | 3207 SMTP Service Extension for Secure SMTP over Transport Layer | ||
233 | Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes) | ||
234 | (Obsoletes RFC2487) (Status: PROPOSED STANDARD) | ||
235 | |||
236 | 3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001. | ||
237 | (Format: TXT=19855 bytes) (Status: INFORMATIONAL) | ||
238 | |||
239 | 3274 Compressed Data Content Type for Cryptographic Message Syntax | ||
240 | (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status: | ||
241 | PROPOSED STANDARD) | ||
242 | |||
243 | 3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in | ||
244 | Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P. | ||
245 | Lambert. April 2002. (Format: TXT=33779 bytes) (Status: | ||
246 | INFORMATIONAL) | ||
247 | |||
248 | 3281 An Internet Attribute Certificate Profile for Authorization. S. | ||
249 | Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status: | ||
250 | PROPOSED STANDARD) | ||
251 | |||
252 | 3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002. | ||
253 | (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status: | ||
254 | PROPOSED STANDARD) | ||
255 | |||
256 | 3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August | ||
257 | 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status: | ||
258 | PROPOSED STANDARD) | ||
259 | |||
260 | 3377 Lightweight Directory Access Protocol (v3): Technical | ||
261 | Specification. J. Hodges, R. Morgan. September 2002. (Format: | ||
262 | TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255, | ||
263 | RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD) | ||
264 | |||
265 | 3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad, | ||
266 | R. Housley. September 2002. (Format: TXT=73072 bytes) (Status: | ||
267 | INFORMATIONAL) | ||
268 | |||
269 | 3436 Transport Layer Security over Stream Control Transmission | ||
270 | Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. | ||
271 | (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) | ||
272 | |||
273 | 3657 Use of the Camellia Encryption Algorithm in Cryptographic | ||
274 | Message Syntax (CMS). S. Moriai, A. Kato. January 2004. | ||
275 | (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) | ||
276 | |||
277 | "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt> | ||
278 | |||
279 | |||
280 | To be implemented: | ||
281 | ------------------ | ||
282 | |||
283 | These are documents that describe things that are planed to be | ||
284 | implemented in the hopefully short future. | ||
285 | |||
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h deleted file mode 100644 index 2900d1d8ae..0000000000 --- a/src/lib/libssl/dtls1.h +++ /dev/null | |||
@@ -1,267 +0,0 @@ | |||
1 | /* ssl/dtls1.h */ | ||
2 | /* | ||
3 | * DTLS implementation written by Nagendra Modadugu | ||
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * openssl-core@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | |||
60 | #ifndef HEADER_DTLS1_H | ||
61 | #define HEADER_DTLS1_H | ||
62 | |||
63 | #include <openssl/buffer.h> | ||
64 | #include <openssl/pqueue.h> | ||
65 | #ifdef OPENSSL_SYS_VMS | ||
66 | #include <resource.h> | ||
67 | #include <sys/timeb.h> | ||
68 | #endif | ||
69 | #ifdef OPENSSL_SYS_WIN32 | ||
70 | /* Needed for struct timeval */ | ||
71 | #include <winsock.h> | ||
72 | #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) | ||
73 | #include <sys/timeval.h> | ||
74 | #else | ||
75 | #include <sys/time.h> | ||
76 | #endif | ||
77 | |||
78 | #ifdef __cplusplus | ||
79 | extern "C" { | ||
80 | #endif | ||
81 | |||
82 | #define DTLS1_VERSION 0xFEFF | ||
83 | #define DTLS1_BAD_VER 0x0100 | ||
84 | |||
85 | #if 0 | ||
86 | /* this alert description is not specified anywhere... */ | ||
87 | #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 | ||
88 | #endif | ||
89 | |||
90 | /* lengths of messages */ | ||
91 | #define DTLS1_COOKIE_LENGTH 256 | ||
92 | |||
93 | #define DTLS1_RT_HEADER_LENGTH 13 | ||
94 | |||
95 | #define DTLS1_HM_HEADER_LENGTH 12 | ||
96 | |||
97 | #define DTLS1_HM_BAD_FRAGMENT -2 | ||
98 | #define DTLS1_HM_FRAGMENT_RETRY -3 | ||
99 | |||
100 | #define DTLS1_CCS_HEADER_LENGTH 1 | ||
101 | |||
102 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
103 | #define DTLS1_AL_HEADER_LENGTH 7 | ||
104 | #else | ||
105 | #define DTLS1_AL_HEADER_LENGTH 2 | ||
106 | #endif | ||
107 | |||
108 | |||
109 | typedef struct dtls1_bitmap_st | ||
110 | { | ||
111 | unsigned long map; /* track 32 packets on 32-bit systems | ||
112 | and 64 - on 64-bit systems */ | ||
113 | unsigned char max_seq_num[8]; /* max record number seen so far, | ||
114 | 64-bit value in big-endian | ||
115 | encoding */ | ||
116 | } DTLS1_BITMAP; | ||
117 | |||
118 | struct dtls1_retransmit_state | ||
119 | { | ||
120 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | ||
121 | EVP_MD_CTX *write_hash; /* used for mac generation */ | ||
122 | #ifndef OPENSSL_NO_COMP | ||
123 | COMP_CTX *compress; /* compression */ | ||
124 | #else | ||
125 | char *compress; | ||
126 | #endif | ||
127 | SSL_SESSION *session; | ||
128 | unsigned short epoch; | ||
129 | }; | ||
130 | |||
131 | struct hm_header_st | ||
132 | { | ||
133 | unsigned char type; | ||
134 | unsigned long msg_len; | ||
135 | unsigned short seq; | ||
136 | unsigned long frag_off; | ||
137 | unsigned long frag_len; | ||
138 | unsigned int is_ccs; | ||
139 | struct dtls1_retransmit_state saved_retransmit_state; | ||
140 | }; | ||
141 | |||
142 | struct ccs_header_st | ||
143 | { | ||
144 | unsigned char type; | ||
145 | unsigned short seq; | ||
146 | }; | ||
147 | |||
148 | struct dtls1_timeout_st | ||
149 | { | ||
150 | /* Number of read timeouts so far */ | ||
151 | unsigned int read_timeouts; | ||
152 | |||
153 | /* Number of write timeouts so far */ | ||
154 | unsigned int write_timeouts; | ||
155 | |||
156 | /* Number of alerts received so far */ | ||
157 | unsigned int num_alerts; | ||
158 | }; | ||
159 | |||
160 | typedef struct record_pqueue_st | ||
161 | { | ||
162 | unsigned short epoch; | ||
163 | pqueue q; | ||
164 | } record_pqueue; | ||
165 | |||
166 | typedef struct hm_fragment_st | ||
167 | { | ||
168 | struct hm_header_st msg_header; | ||
169 | unsigned char *fragment; | ||
170 | unsigned char *reassembly; | ||
171 | } hm_fragment; | ||
172 | |||
173 | typedef struct dtls1_state_st | ||
174 | { | ||
175 | unsigned int send_cookie; | ||
176 | unsigned char cookie[DTLS1_COOKIE_LENGTH]; | ||
177 | unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; | ||
178 | unsigned int cookie_len; | ||
179 | |||
180 | /* | ||
181 | * The current data and handshake epoch. This is initially | ||
182 | * undefined, and starts at zero once the initial handshake is | ||
183 | * completed | ||
184 | */ | ||
185 | unsigned short r_epoch; | ||
186 | unsigned short w_epoch; | ||
187 | |||
188 | /* records being received in the current epoch */ | ||
189 | DTLS1_BITMAP bitmap; | ||
190 | |||
191 | /* renegotiation starts a new set of sequence numbers */ | ||
192 | DTLS1_BITMAP next_bitmap; | ||
193 | |||
194 | /* handshake message numbers */ | ||
195 | unsigned short handshake_write_seq; | ||
196 | unsigned short next_handshake_write_seq; | ||
197 | |||
198 | unsigned short handshake_read_seq; | ||
199 | |||
200 | /* save last sequence number for retransmissions */ | ||
201 | unsigned char last_write_sequence[8]; | ||
202 | |||
203 | /* Received handshake records (processed and unprocessed) */ | ||
204 | record_pqueue unprocessed_rcds; | ||
205 | record_pqueue processed_rcds; | ||
206 | |||
207 | /* Buffered handshake messages */ | ||
208 | pqueue buffered_messages; | ||
209 | |||
210 | /* Buffered (sent) handshake records */ | ||
211 | pqueue sent_messages; | ||
212 | |||
213 | /* Buffered application records. | ||
214 | * Only for records between CCS and Finished | ||
215 | * to prevent either protocol violation or | ||
216 | * unnecessary message loss. | ||
217 | */ | ||
218 | record_pqueue buffered_app_data; | ||
219 | |||
220 | /* Is set when listening for new connections with dtls1_listen() */ | ||
221 | unsigned int listen; | ||
222 | |||
223 | unsigned int mtu; /* max DTLS packet size */ | ||
224 | |||
225 | struct hm_header_st w_msg_hdr; | ||
226 | struct hm_header_st r_msg_hdr; | ||
227 | |||
228 | struct dtls1_timeout_st timeout; | ||
229 | |||
230 | /* Indicates when the last handshake msg sent will timeout */ | ||
231 | struct timeval next_timeout; | ||
232 | |||
233 | /* Timeout duration */ | ||
234 | unsigned short timeout_duration; | ||
235 | |||
236 | /* storage for Alert/Handshake protocol data received but not | ||
237 | * yet processed by ssl3_read_bytes: */ | ||
238 | unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; | ||
239 | unsigned int alert_fragment_len; | ||
240 | unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; | ||
241 | unsigned int handshake_fragment_len; | ||
242 | |||
243 | unsigned int retransmitting; | ||
244 | unsigned int change_cipher_spec_ok; | ||
245 | |||
246 | } DTLS1_STATE; | ||
247 | |||
248 | typedef struct dtls1_record_data_st | ||
249 | { | ||
250 | unsigned char *packet; | ||
251 | unsigned int packet_length; | ||
252 | SSL3_BUFFER rbuf; | ||
253 | SSL3_RECORD rrec; | ||
254 | } DTLS1_RECORD_DATA; | ||
255 | |||
256 | |||
257 | /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ | ||
258 | #define DTLS1_TMO_READ_COUNT 2 | ||
259 | #define DTLS1_TMO_WRITE_COUNT 2 | ||
260 | |||
261 | #define DTLS1_TMO_ALERT_COUNT 12 | ||
262 | |||
263 | #ifdef __cplusplus | ||
264 | } | ||
265 | #endif | ||
266 | #endif | ||
267 | |||
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c deleted file mode 100644 index c4d8bf2eb3..0000000000 --- a/src/lib/libssl/s23_clnt.c +++ /dev/null | |||
@@ -1,696 +0,0 @@ | |||
1 | /* ssl/s23_clnt.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | |||
112 | #include <stdio.h> | ||
113 | #include "ssl_locl.h" | ||
114 | #include <openssl/buffer.h> | ||
115 | #include <openssl/rand.h> | ||
116 | #include <openssl/objects.h> | ||
117 | #include <openssl/evp.h> | ||
118 | |||
119 | static const SSL_METHOD *ssl23_get_client_method(int ver); | ||
120 | static int ssl23_client_hello(SSL *s); | ||
121 | static int ssl23_get_server_hello(SSL *s); | ||
122 | static const SSL_METHOD *ssl23_get_client_method(int ver) | ||
123 | { | ||
124 | #ifndef OPENSSL_NO_SSL2 | ||
125 | if (ver == SSL2_VERSION) | ||
126 | return(SSLv2_client_method()); | ||
127 | #endif | ||
128 | if (ver == SSL3_VERSION) | ||
129 | return(SSLv3_client_method()); | ||
130 | else if (ver == TLS1_VERSION) | ||
131 | return(TLSv1_client_method()); | ||
132 | else | ||
133 | return(NULL); | ||
134 | } | ||
135 | |||
136 | IMPLEMENT_ssl23_meth_func(SSLv23_client_method, | ||
137 | ssl_undefined_function, | ||
138 | ssl23_connect, | ||
139 | ssl23_get_client_method) | ||
140 | |||
141 | int ssl23_connect(SSL *s) | ||
142 | { | ||
143 | BUF_MEM *buf=NULL; | ||
144 | unsigned long Time=(unsigned long)time(NULL); | ||
145 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
146 | int ret= -1; | ||
147 | int new_state,state; | ||
148 | |||
149 | RAND_add(&Time,sizeof(Time),0); | ||
150 | ERR_clear_error(); | ||
151 | clear_sys_error(); | ||
152 | |||
153 | if (s->info_callback != NULL) | ||
154 | cb=s->info_callback; | ||
155 | else if (s->ctx->info_callback != NULL) | ||
156 | cb=s->ctx->info_callback; | ||
157 | |||
158 | s->in_handshake++; | ||
159 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
160 | |||
161 | for (;;) | ||
162 | { | ||
163 | state=s->state; | ||
164 | |||
165 | switch(s->state) | ||
166 | { | ||
167 | case SSL_ST_BEFORE: | ||
168 | case SSL_ST_CONNECT: | ||
169 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
170 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
171 | |||
172 | if (s->session != NULL) | ||
173 | { | ||
174 | SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); | ||
175 | ret= -1; | ||
176 | goto end; | ||
177 | } | ||
178 | s->server=0; | ||
179 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | ||
180 | |||
181 | /* s->version=TLS1_VERSION; */ | ||
182 | s->type=SSL_ST_CONNECT; | ||
183 | |||
184 | if (s->init_buf == NULL) | ||
185 | { | ||
186 | if ((buf=BUF_MEM_new()) == NULL) | ||
187 | { | ||
188 | ret= -1; | ||
189 | goto end; | ||
190 | } | ||
191 | if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) | ||
192 | { | ||
193 | ret= -1; | ||
194 | goto end; | ||
195 | } | ||
196 | s->init_buf=buf; | ||
197 | buf=NULL; | ||
198 | } | ||
199 | |||
200 | if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } | ||
201 | |||
202 | ssl3_init_finished_mac(s); | ||
203 | |||
204 | s->state=SSL23_ST_CW_CLNT_HELLO_A; | ||
205 | s->ctx->stats.sess_connect++; | ||
206 | s->init_num=0; | ||
207 | break; | ||
208 | |||
209 | case SSL23_ST_CW_CLNT_HELLO_A: | ||
210 | case SSL23_ST_CW_CLNT_HELLO_B: | ||
211 | |||
212 | s->shutdown=0; | ||
213 | ret=ssl23_client_hello(s); | ||
214 | if (ret <= 0) goto end; | ||
215 | s->state=SSL23_ST_CR_SRVR_HELLO_A; | ||
216 | s->init_num=0; | ||
217 | |||
218 | break; | ||
219 | |||
220 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
221 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
222 | ret=ssl23_get_server_hello(s); | ||
223 | if (ret >= 0) cb=NULL; | ||
224 | goto end; | ||
225 | /* break; */ | ||
226 | |||
227 | default: | ||
228 | SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); | ||
229 | ret= -1; | ||
230 | goto end; | ||
231 | /* break; */ | ||
232 | } | ||
233 | |||
234 | if (s->debug) { (void)BIO_flush(s->wbio); } | ||
235 | |||
236 | if ((cb != NULL) && (s->state != state)) | ||
237 | { | ||
238 | new_state=s->state; | ||
239 | s->state=state; | ||
240 | cb(s,SSL_CB_CONNECT_LOOP,1); | ||
241 | s->state=new_state; | ||
242 | } | ||
243 | } | ||
244 | end: | ||
245 | s->in_handshake--; | ||
246 | if (buf != NULL) | ||
247 | BUF_MEM_free(buf); | ||
248 | if (cb != NULL) | ||
249 | cb(s,SSL_CB_CONNECT_EXIT,ret); | ||
250 | return(ret); | ||
251 | } | ||
252 | |||
253 | static int ssl23_no_ssl2_ciphers(SSL *s) | ||
254 | { | ||
255 | SSL_CIPHER *cipher; | ||
256 | STACK_OF(SSL_CIPHER) *ciphers; | ||
257 | int i; | ||
258 | ciphers = SSL_get_ciphers(s); | ||
259 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) | ||
260 | { | ||
261 | cipher = sk_SSL_CIPHER_value(ciphers, i); | ||
262 | if (cipher->algorithm_ssl == SSL_SSLV2) | ||
263 | return 0; | ||
264 | } | ||
265 | return 1; | ||
266 | } | ||
267 | |||
268 | static int ssl23_client_hello(SSL *s) | ||
269 | { | ||
270 | unsigned char *buf; | ||
271 | unsigned char *p,*d; | ||
272 | int i,ch_len; | ||
273 | unsigned long Time,l; | ||
274 | int ssl2_compat; | ||
275 | int version = 0, version_major, version_minor; | ||
276 | #ifndef OPENSSL_NO_COMP | ||
277 | int j; | ||
278 | SSL_COMP *comp; | ||
279 | #endif | ||
280 | int ret; | ||
281 | |||
282 | ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; | ||
283 | |||
284 | if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) | ||
285 | ssl2_compat = 0; | ||
286 | |||
287 | if (!(s->options & SSL_OP_NO_TLSv1)) | ||
288 | { | ||
289 | version = TLS1_VERSION; | ||
290 | } | ||
291 | else if (!(s->options & SSL_OP_NO_SSLv3)) | ||
292 | { | ||
293 | version = SSL3_VERSION; | ||
294 | } | ||
295 | else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
296 | { | ||
297 | version = SSL2_VERSION; | ||
298 | } | ||
299 | #ifndef OPENSSL_NO_TLSEXT | ||
300 | if (version != SSL2_VERSION) | ||
301 | { | ||
302 | /* have to disable SSL 2.0 compatibility if we need TLS extensions */ | ||
303 | |||
304 | if (s->tlsext_hostname != NULL) | ||
305 | ssl2_compat = 0; | ||
306 | if (s->tlsext_status_type != -1) | ||
307 | ssl2_compat = 0; | ||
308 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
309 | if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) | ||
310 | ssl2_compat = 0; | ||
311 | #endif | ||
312 | } | ||
313 | #endif | ||
314 | |||
315 | buf=(unsigned char *)s->init_buf->data; | ||
316 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | ||
317 | { | ||
318 | #if 0 | ||
319 | /* don't reuse session-id's */ | ||
320 | if (!ssl_get_new_session(s,0)) | ||
321 | { | ||
322 | return(-1); | ||
323 | } | ||
324 | #endif | ||
325 | |||
326 | p=s->s3->client_random; | ||
327 | Time=(unsigned long)time(NULL); /* Time */ | ||
328 | l2n(Time,p); | ||
329 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | ||
330 | return -1; | ||
331 | |||
332 | if (version == TLS1_VERSION) | ||
333 | { | ||
334 | version_major = TLS1_VERSION_MAJOR; | ||
335 | version_minor = TLS1_VERSION_MINOR; | ||
336 | } | ||
337 | else if (version == SSL3_VERSION) | ||
338 | { | ||
339 | version_major = SSL3_VERSION_MAJOR; | ||
340 | version_minor = SSL3_VERSION_MINOR; | ||
341 | } | ||
342 | else if (version == SSL2_VERSION) | ||
343 | { | ||
344 | version_major = SSL2_VERSION_MAJOR; | ||
345 | version_minor = SSL2_VERSION_MINOR; | ||
346 | } | ||
347 | else | ||
348 | { | ||
349 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); | ||
350 | return(-1); | ||
351 | } | ||
352 | |||
353 | s->client_version = version; | ||
354 | |||
355 | if (ssl2_compat) | ||
356 | { | ||
357 | /* create SSL 2.0 compatible Client Hello */ | ||
358 | |||
359 | /* two byte record header will be written last */ | ||
360 | d = &(buf[2]); | ||
361 | p = d + 9; /* leave space for message type, version, individual length fields */ | ||
362 | |||
363 | *(d++) = SSL2_MT_CLIENT_HELLO; | ||
364 | *(d++) = version_major; | ||
365 | *(d++) = version_minor; | ||
366 | |||
367 | /* Ciphers supported */ | ||
368 | i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); | ||
369 | if (i == 0) | ||
370 | { | ||
371 | /* no ciphers */ | ||
372 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); | ||
373 | return -1; | ||
374 | } | ||
375 | s2n(i,d); | ||
376 | p+=i; | ||
377 | |||
378 | /* put in the session-id length (zero since there is no reuse) */ | ||
379 | #if 0 | ||
380 | s->session->session_id_length=0; | ||
381 | #endif | ||
382 | s2n(0,d); | ||
383 | |||
384 | if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) | ||
385 | ch_len=SSL2_CHALLENGE_LENGTH; | ||
386 | else | ||
387 | ch_len=SSL2_MAX_CHALLENGE_LENGTH; | ||
388 | |||
389 | /* write out sslv2 challenge */ | ||
390 | /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), | ||
391 | because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) | ||
392 | or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the | ||
393 | check in for futurproofing */ | ||
394 | if (SSL3_RANDOM_SIZE < ch_len) | ||
395 | i=SSL3_RANDOM_SIZE; | ||
396 | else | ||
397 | i=ch_len; | ||
398 | s2n(i,d); | ||
399 | memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); | ||
400 | if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) | ||
401 | return -1; | ||
402 | |||
403 | memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | ||
404 | p+=i; | ||
405 | |||
406 | i= p- &(buf[2]); | ||
407 | buf[0]=((i>>8)&0xff)|0x80; | ||
408 | buf[1]=(i&0xff); | ||
409 | |||
410 | /* number of bytes to write */ | ||
411 | s->init_num=i+2; | ||
412 | s->init_off=0; | ||
413 | |||
414 | ssl3_finish_mac(s,&(buf[2]),i); | ||
415 | } | ||
416 | else | ||
417 | { | ||
418 | /* create Client Hello in SSL 3.0/TLS 1.0 format */ | ||
419 | |||
420 | /* do the record header (5 bytes) and handshake message header (4 bytes) last */ | ||
421 | d = p = &(buf[9]); | ||
422 | |||
423 | *(p++) = version_major; | ||
424 | *(p++) = version_minor; | ||
425 | |||
426 | /* Random stuff */ | ||
427 | memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); | ||
428 | p += SSL3_RANDOM_SIZE; | ||
429 | |||
430 | /* Session ID (zero since there is no reuse) */ | ||
431 | *(p++) = 0; | ||
432 | |||
433 | /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ | ||
434 | i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); | ||
435 | if (i == 0) | ||
436 | { | ||
437 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); | ||
438 | return -1; | ||
439 | } | ||
440 | s2n(i,p); | ||
441 | p+=i; | ||
442 | |||
443 | /* COMPRESSION */ | ||
444 | #ifdef OPENSSL_NO_COMP | ||
445 | *(p++)=1; | ||
446 | #else | ||
447 | if ((s->options & SSL_OP_NO_COMPRESSION) | ||
448 | || !s->ctx->comp_methods) | ||
449 | j=0; | ||
450 | else | ||
451 | j=sk_SSL_COMP_num(s->ctx->comp_methods); | ||
452 | *(p++)=1+j; | ||
453 | for (i=0; i<j; i++) | ||
454 | { | ||
455 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | ||
456 | *(p++)=comp->id; | ||
457 | } | ||
458 | #endif | ||
459 | *(p++)=0; /* Add the NULL method */ | ||
460 | |||
461 | #ifndef OPENSSL_NO_TLSEXT | ||
462 | /* TLS extensions*/ | ||
463 | if (ssl_prepare_clienthello_tlsext(s) <= 0) | ||
464 | { | ||
465 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); | ||
466 | return -1; | ||
467 | } | ||
468 | if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
469 | { | ||
470 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
471 | return -1; | ||
472 | } | ||
473 | #endif | ||
474 | |||
475 | l = p-d; | ||
476 | |||
477 | /* fill in 4-byte handshake header */ | ||
478 | d=&(buf[5]); | ||
479 | *(d++)=SSL3_MT_CLIENT_HELLO; | ||
480 | l2n3(l,d); | ||
481 | |||
482 | l += 4; | ||
483 | |||
484 | if (l > SSL3_RT_MAX_PLAIN_LENGTH) | ||
485 | { | ||
486 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
487 | return -1; | ||
488 | } | ||
489 | |||
490 | /* fill in 5-byte record header */ | ||
491 | d=buf; | ||
492 | *(d++) = SSL3_RT_HANDSHAKE; | ||
493 | *(d++) = version_major; | ||
494 | *(d++) = version_minor; /* arguably we should send the *lowest* suported version here | ||
495 | * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ | ||
496 | s2n((int)l,d); | ||
497 | |||
498 | /* number of bytes to write */ | ||
499 | s->init_num=p-buf; | ||
500 | s->init_off=0; | ||
501 | |||
502 | ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); | ||
503 | } | ||
504 | |||
505 | s->state=SSL23_ST_CW_CLNT_HELLO_B; | ||
506 | s->init_off=0; | ||
507 | } | ||
508 | |||
509 | /* SSL3_ST_CW_CLNT_HELLO_B */ | ||
510 | ret = ssl23_write_bytes(s); | ||
511 | |||
512 | if ((ret >= 2) && s->msg_callback) | ||
513 | { | ||
514 | /* Client Hello has been sent; tell msg_callback */ | ||
515 | |||
516 | if (ssl2_compat) | ||
517 | s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); | ||
518 | else | ||
519 | s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); | ||
520 | } | ||
521 | |||
522 | return ret; | ||
523 | } | ||
524 | |||
525 | static int ssl23_get_server_hello(SSL *s) | ||
526 | { | ||
527 | char buf[8]; | ||
528 | unsigned char *p; | ||
529 | int i; | ||
530 | int n; | ||
531 | |||
532 | n=ssl23_read_bytes(s,7); | ||
533 | |||
534 | if (n != 7) return(n); | ||
535 | p=s->packet; | ||
536 | |||
537 | memcpy(buf,p,n); | ||
538 | |||
539 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && | ||
540 | (p[5] == 0x00) && (p[6] == 0x02)) | ||
541 | { | ||
542 | #ifdef OPENSSL_NO_SSL2 | ||
543 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
544 | goto err; | ||
545 | #else | ||
546 | /* we are talking sslv2 */ | ||
547 | /* we need to clean up the SSLv3 setup and put in the | ||
548 | * sslv2 stuff. */ | ||
549 | int ch_len; | ||
550 | |||
551 | if (s->options & SSL_OP_NO_SSLv2) | ||
552 | { | ||
553 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
554 | goto err; | ||
555 | } | ||
556 | if (s->s2 == NULL) | ||
557 | { | ||
558 | if (!ssl2_new(s)) | ||
559 | goto err; | ||
560 | } | ||
561 | else | ||
562 | ssl2_clear(s); | ||
563 | |||
564 | if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) | ||
565 | ch_len=SSL2_CHALLENGE_LENGTH; | ||
566 | else | ||
567 | ch_len=SSL2_MAX_CHALLENGE_LENGTH; | ||
568 | |||
569 | /* write out sslv2 challenge */ | ||
570 | /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because | ||
571 | it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or | ||
572 | SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for | ||
573 | futurproofing */ | ||
574 | i=(SSL3_RANDOM_SIZE < ch_len) | ||
575 | ?SSL3_RANDOM_SIZE:ch_len; | ||
576 | s->s2->challenge_length=i; | ||
577 | memcpy(s->s2->challenge, | ||
578 | &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | ||
579 | |||
580 | if (s->s3 != NULL) ssl3_free(s); | ||
581 | |||
582 | if (!BUF_MEM_grow_clean(s->init_buf, | ||
583 | SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) | ||
584 | { | ||
585 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); | ||
586 | goto err; | ||
587 | } | ||
588 | |||
589 | s->state=SSL2_ST_GET_SERVER_HELLO_A; | ||
590 | if (!(s->client_version == SSL2_VERSION)) | ||
591 | /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ | ||
592 | s->s2->ssl2_rollback=1; | ||
593 | |||
594 | /* setup the 7 bytes we have read so we get them from | ||
595 | * the sslv2 buffer */ | ||
596 | s->rstate=SSL_ST_READ_HEADER; | ||
597 | s->packet_length=n; | ||
598 | s->packet= &(s->s2->rbuf[0]); | ||
599 | memcpy(s->packet,buf,n); | ||
600 | s->s2->rbuf_left=n; | ||
601 | s->s2->rbuf_offs=0; | ||
602 | |||
603 | /* we have already written one */ | ||
604 | s->s2->write_sequence=1; | ||
605 | |||
606 | s->method=SSLv2_client_method(); | ||
607 | s->handshake_func=s->method->ssl_connect; | ||
608 | #endif | ||
609 | } | ||
610 | else if (p[1] == SSL3_VERSION_MAJOR && | ||
611 | (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) && | ||
612 | ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || | ||
613 | (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) | ||
614 | { | ||
615 | /* we have sslv3 or tls1 (server hello or alert) */ | ||
616 | |||
617 | if ((p[2] == SSL3_VERSION_MINOR) && | ||
618 | !(s->options & SSL_OP_NO_SSLv3)) | ||
619 | { | ||
620 | s->version=SSL3_VERSION; | ||
621 | s->method=SSLv3_client_method(); | ||
622 | } | ||
623 | else if ((p[2] == TLS1_VERSION_MINOR) && | ||
624 | !(s->options & SSL_OP_NO_TLSv1)) | ||
625 | { | ||
626 | s->version=TLS1_VERSION; | ||
627 | s->method=TLSv1_client_method(); | ||
628 | } | ||
629 | else | ||
630 | { | ||
631 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
632 | goto err; | ||
633 | } | ||
634 | |||
635 | if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) | ||
636 | { | ||
637 | /* fatal alert */ | ||
638 | |||
639 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
640 | int j; | ||
641 | |||
642 | if (s->info_callback != NULL) | ||
643 | cb=s->info_callback; | ||
644 | else if (s->ctx->info_callback != NULL) | ||
645 | cb=s->ctx->info_callback; | ||
646 | |||
647 | i=p[5]; | ||
648 | if (cb != NULL) | ||
649 | { | ||
650 | j=(i<<8)|p[6]; | ||
651 | cb(s,SSL_CB_READ_ALERT,j); | ||
652 | } | ||
653 | |||
654 | if (s->msg_callback) | ||
655 | s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); | ||
656 | |||
657 | s->rwstate=SSL_NOTHING; | ||
658 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); | ||
659 | goto err; | ||
660 | } | ||
661 | |||
662 | if (!ssl_init_wbio_buffer(s,1)) goto err; | ||
663 | |||
664 | /* we are in this state */ | ||
665 | s->state=SSL3_ST_CR_SRVR_HELLO_A; | ||
666 | |||
667 | /* put the 7 bytes we have read into the input buffer | ||
668 | * for SSLv3 */ | ||
669 | s->rstate=SSL_ST_READ_HEADER; | ||
670 | s->packet_length=n; | ||
671 | if (s->s3->rbuf.buf == NULL) | ||
672 | if (!ssl3_setup_read_buffer(s)) | ||
673 | goto err; | ||
674 | s->packet= &(s->s3->rbuf.buf[0]); | ||
675 | memcpy(s->packet,buf,n); | ||
676 | s->s3->rbuf.left=n; | ||
677 | s->s3->rbuf.offset=0; | ||
678 | |||
679 | s->handshake_func=s->method->ssl_connect; | ||
680 | } | ||
681 | else | ||
682 | { | ||
683 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); | ||
684 | goto err; | ||
685 | } | ||
686 | s->init_num=0; | ||
687 | |||
688 | /* Since, if we are sending a ssl23 client hello, we are not | ||
689 | * reusing a session-id */ | ||
690 | if (!ssl_get_new_session(s,0)) | ||
691 | goto err; | ||
692 | |||
693 | return(SSL_connect(s)); | ||
694 | err: | ||
695 | return(-1); | ||
696 | } | ||
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c deleted file mode 100644 index 3bf728318a..0000000000 --- a/src/lib/libssl/s23_lib.c +++ /dev/null | |||
@@ -1,187 +0,0 @@ | |||
1 | /* ssl/s23_lib.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <openssl/objects.h> | ||
61 | #include "ssl_locl.h" | ||
62 | |||
63 | long ssl23_default_timeout(void) | ||
64 | { | ||
65 | return(300); | ||
66 | } | ||
67 | |||
68 | int ssl23_num_ciphers(void) | ||
69 | { | ||
70 | return(ssl3_num_ciphers() | ||
71 | #ifndef OPENSSL_NO_SSL2 | ||
72 | + ssl2_num_ciphers() | ||
73 | #endif | ||
74 | ); | ||
75 | } | ||
76 | |||
77 | const SSL_CIPHER *ssl23_get_cipher(unsigned int u) | ||
78 | { | ||
79 | unsigned int uu=ssl3_num_ciphers(); | ||
80 | |||
81 | if (u < uu) | ||
82 | return(ssl3_get_cipher(u)); | ||
83 | else | ||
84 | #ifndef OPENSSL_NO_SSL2 | ||
85 | return(ssl2_get_cipher(u-uu)); | ||
86 | #else | ||
87 | return(NULL); | ||
88 | #endif | ||
89 | } | ||
90 | |||
91 | /* This function needs to check if the ciphers required are actually | ||
92 | * available */ | ||
93 | const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) | ||
94 | { | ||
95 | const SSL_CIPHER *cp; | ||
96 | |||
97 | cp=ssl3_get_cipher_by_char(p); | ||
98 | #ifndef OPENSSL_NO_SSL2 | ||
99 | if (cp == NULL) | ||
100 | cp=ssl2_get_cipher_by_char(p); | ||
101 | #endif | ||
102 | return(cp); | ||
103 | } | ||
104 | |||
105 | int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | ||
106 | { | ||
107 | long l; | ||
108 | |||
109 | /* We can write SSLv2 and SSLv3 ciphers */ | ||
110 | if (p != NULL) | ||
111 | { | ||
112 | l=c->id; | ||
113 | p[0]=((unsigned char)(l>>16L))&0xFF; | ||
114 | p[1]=((unsigned char)(l>> 8L))&0xFF; | ||
115 | p[2]=((unsigned char)(l ))&0xFF; | ||
116 | } | ||
117 | return(3); | ||
118 | } | ||
119 | |||
120 | int ssl23_read(SSL *s, void *buf, int len) | ||
121 | { | ||
122 | int n; | ||
123 | |||
124 | clear_sys_error(); | ||
125 | if (SSL_in_init(s) && (!s->in_handshake)) | ||
126 | { | ||
127 | n=s->handshake_func(s); | ||
128 | if (n < 0) return(n); | ||
129 | if (n == 0) | ||
130 | { | ||
131 | SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
132 | return(-1); | ||
133 | } | ||
134 | return(SSL_read(s,buf,len)); | ||
135 | } | ||
136 | else | ||
137 | { | ||
138 | ssl_undefined_function(s); | ||
139 | return(-1); | ||
140 | } | ||
141 | } | ||
142 | |||
143 | int ssl23_peek(SSL *s, void *buf, int len) | ||
144 | { | ||
145 | int n; | ||
146 | |||
147 | clear_sys_error(); | ||
148 | if (SSL_in_init(s) && (!s->in_handshake)) | ||
149 | { | ||
150 | n=s->handshake_func(s); | ||
151 | if (n < 0) return(n); | ||
152 | if (n == 0) | ||
153 | { | ||
154 | SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
155 | return(-1); | ||
156 | } | ||
157 | return(SSL_peek(s,buf,len)); | ||
158 | } | ||
159 | else | ||
160 | { | ||
161 | ssl_undefined_function(s); | ||
162 | return(-1); | ||
163 | } | ||
164 | } | ||
165 | |||
166 | int ssl23_write(SSL *s, const void *buf, int len) | ||
167 | { | ||
168 | int n; | ||
169 | |||
170 | clear_sys_error(); | ||
171 | if (SSL_in_init(s) && (!s->in_handshake)) | ||
172 | { | ||
173 | n=s->handshake_func(s); | ||
174 | if (n < 0) return(n); | ||
175 | if (n == 0) | ||
176 | { | ||
177 | SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
178 | return(-1); | ||
179 | } | ||
180 | return(SSL_write(s,buf,len)); | ||
181 | } | ||
182 | else | ||
183 | { | ||
184 | ssl_undefined_function(s); | ||
185 | return(-1); | ||
186 | } | ||
187 | } | ||
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c deleted file mode 100644 index 4ca6a1b258..0000000000 --- a/src/lib/libssl/s23_pkt.c +++ /dev/null | |||
@@ -1,117 +0,0 @@ | |||
1 | /* ssl/s23_pkt.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <errno.h> | ||
61 | #define USE_SOCKETS | ||
62 | #include "ssl_locl.h" | ||
63 | #include <openssl/evp.h> | ||
64 | #include <openssl/buffer.h> | ||
65 | |||
66 | int ssl23_write_bytes(SSL *s) | ||
67 | { | ||
68 | int i,num,tot; | ||
69 | char *buf; | ||
70 | |||
71 | buf=s->init_buf->data; | ||
72 | tot=s->init_off; | ||
73 | num=s->init_num; | ||
74 | for (;;) | ||
75 | { | ||
76 | s->rwstate=SSL_WRITING; | ||
77 | i=BIO_write(s->wbio,&(buf[tot]),num); | ||
78 | if (i <= 0) | ||
79 | { | ||
80 | s->init_off=tot; | ||
81 | s->init_num=num; | ||
82 | return(i); | ||
83 | } | ||
84 | s->rwstate=SSL_NOTHING; | ||
85 | if (i == num) return(tot+i); | ||
86 | |||
87 | num-=i; | ||
88 | tot+=i; | ||
89 | } | ||
90 | } | ||
91 | |||
92 | /* return regularly only when we have read (at least) 'n' bytes */ | ||
93 | int ssl23_read_bytes(SSL *s, int n) | ||
94 | { | ||
95 | unsigned char *p; | ||
96 | int j; | ||
97 | |||
98 | if (s->packet_length < (unsigned int)n) | ||
99 | { | ||
100 | p=s->packet; | ||
101 | |||
102 | for (;;) | ||
103 | { | ||
104 | s->rwstate=SSL_READING; | ||
105 | j=BIO_read(s->rbio,(char *)&(p[s->packet_length]), | ||
106 | n-s->packet_length); | ||
107 | if (j <= 0) | ||
108 | return(j); | ||
109 | s->rwstate=SSL_NOTHING; | ||
110 | s->packet_length+=j; | ||
111 | if (s->packet_length >= (unsigned int)n) | ||
112 | return(s->packet_length); | ||
113 | } | ||
114 | } | ||
115 | return(n); | ||
116 | } | ||
117 | |||
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c deleted file mode 100644 index 836dd1f1cf..0000000000 --- a/src/lib/libssl/s23_srvr.c +++ /dev/null | |||
@@ -1,594 +0,0 @@ | |||
1 | /* ssl/s23_srvr.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | |||
112 | #include <stdio.h> | ||
113 | #include "ssl_locl.h" | ||
114 | #include <openssl/buffer.h> | ||
115 | #include <openssl/rand.h> | ||
116 | #include <openssl/objects.h> | ||
117 | #include <openssl/evp.h> | ||
118 | |||
119 | static const SSL_METHOD *ssl23_get_server_method(int ver); | ||
120 | int ssl23_get_client_hello(SSL *s); | ||
121 | static const SSL_METHOD *ssl23_get_server_method(int ver) | ||
122 | { | ||
123 | #ifndef OPENSSL_NO_SSL2 | ||
124 | if (ver == SSL2_VERSION) | ||
125 | return(SSLv2_server_method()); | ||
126 | #endif | ||
127 | if (ver == SSL3_VERSION) | ||
128 | return(SSLv3_server_method()); | ||
129 | else if (ver == TLS1_VERSION) | ||
130 | return(TLSv1_server_method()); | ||
131 | else | ||
132 | return(NULL); | ||
133 | } | ||
134 | |||
135 | IMPLEMENT_ssl23_meth_func(SSLv23_server_method, | ||
136 | ssl23_accept, | ||
137 | ssl_undefined_function, | ||
138 | ssl23_get_server_method) | ||
139 | |||
140 | int ssl23_accept(SSL *s) | ||
141 | { | ||
142 | BUF_MEM *buf; | ||
143 | unsigned long Time=(unsigned long)time(NULL); | ||
144 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
145 | int ret= -1; | ||
146 | int new_state,state; | ||
147 | |||
148 | RAND_add(&Time,sizeof(Time),0); | ||
149 | ERR_clear_error(); | ||
150 | clear_sys_error(); | ||
151 | |||
152 | if (s->info_callback != NULL) | ||
153 | cb=s->info_callback; | ||
154 | else if (s->ctx->info_callback != NULL) | ||
155 | cb=s->ctx->info_callback; | ||
156 | |||
157 | s->in_handshake++; | ||
158 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
159 | |||
160 | for (;;) | ||
161 | { | ||
162 | state=s->state; | ||
163 | |||
164 | switch(s->state) | ||
165 | { | ||
166 | case SSL_ST_BEFORE: | ||
167 | case SSL_ST_ACCEPT: | ||
168 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
169 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
170 | |||
171 | s->server=1; | ||
172 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | ||
173 | |||
174 | /* s->version=SSL3_VERSION; */ | ||
175 | s->type=SSL_ST_ACCEPT; | ||
176 | |||
177 | if (s->init_buf == NULL) | ||
178 | { | ||
179 | if ((buf=BUF_MEM_new()) == NULL) | ||
180 | { | ||
181 | ret= -1; | ||
182 | goto end; | ||
183 | } | ||
184 | if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) | ||
185 | { | ||
186 | ret= -1; | ||
187 | goto end; | ||
188 | } | ||
189 | s->init_buf=buf; | ||
190 | } | ||
191 | |||
192 | ssl3_init_finished_mac(s); | ||
193 | |||
194 | s->state=SSL23_ST_SR_CLNT_HELLO_A; | ||
195 | s->ctx->stats.sess_accept++; | ||
196 | s->init_num=0; | ||
197 | break; | ||
198 | |||
199 | case SSL23_ST_SR_CLNT_HELLO_A: | ||
200 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
201 | |||
202 | s->shutdown=0; | ||
203 | ret=ssl23_get_client_hello(s); | ||
204 | if (ret >= 0) cb=NULL; | ||
205 | goto end; | ||
206 | /* break; */ | ||
207 | |||
208 | default: | ||
209 | SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); | ||
210 | ret= -1; | ||
211 | goto end; | ||
212 | /* break; */ | ||
213 | } | ||
214 | |||
215 | if ((cb != NULL) && (s->state != state)) | ||
216 | { | ||
217 | new_state=s->state; | ||
218 | s->state=state; | ||
219 | cb(s,SSL_CB_ACCEPT_LOOP,1); | ||
220 | s->state=new_state; | ||
221 | } | ||
222 | } | ||
223 | end: | ||
224 | s->in_handshake--; | ||
225 | if (cb != NULL) | ||
226 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | ||
227 | return(ret); | ||
228 | } | ||
229 | |||
230 | |||
231 | int ssl23_get_client_hello(SSL *s) | ||
232 | { | ||
233 | char buf_space[11]; /* Request this many bytes in initial read. | ||
234 | * We can detect SSL 3.0/TLS 1.0 Client Hellos | ||
235 | * ('type == 3') correctly only when the following | ||
236 | * is in a single record, which is not guaranteed by | ||
237 | * the protocol specification: | ||
238 | * Byte Content | ||
239 | * 0 type \ | ||
240 | * 1/2 version > record header | ||
241 | * 3/4 length / | ||
242 | * 5 msg_type \ | ||
243 | * 6-8 length > Client Hello message | ||
244 | * 9/10 client_version / | ||
245 | */ | ||
246 | char *buf= &(buf_space[0]); | ||
247 | unsigned char *p,*d,*d_len,*dd; | ||
248 | unsigned int i; | ||
249 | unsigned int csl,sil,cl; | ||
250 | int n=0,j; | ||
251 | int type=0; | ||
252 | int v[2]; | ||
253 | |||
254 | if (s->state == SSL23_ST_SR_CLNT_HELLO_A) | ||
255 | { | ||
256 | /* read the initial header */ | ||
257 | v[0]=v[1]=0; | ||
258 | |||
259 | if (!ssl3_setup_buffers(s)) goto err; | ||
260 | |||
261 | n=ssl23_read_bytes(s, sizeof buf_space); | ||
262 | if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ | ||
263 | |||
264 | p=s->packet; | ||
265 | |||
266 | memcpy(buf,p,n); | ||
267 | |||
268 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) | ||
269 | { | ||
270 | /* | ||
271 | * SSLv2 header | ||
272 | */ | ||
273 | if ((p[3] == 0x00) && (p[4] == 0x02)) | ||
274 | { | ||
275 | v[0]=p[3]; v[1]=p[4]; | ||
276 | /* SSLv2 */ | ||
277 | if (!(s->options & SSL_OP_NO_SSLv2)) | ||
278 | type=1; | ||
279 | } | ||
280 | else if (p[3] == SSL3_VERSION_MAJOR) | ||
281 | { | ||
282 | v[0]=p[3]; v[1]=p[4]; | ||
283 | /* SSLv3/TLSv1 */ | ||
284 | if (p[4] >= TLS1_VERSION_MINOR) | ||
285 | { | ||
286 | if (!(s->options & SSL_OP_NO_TLSv1)) | ||
287 | { | ||
288 | s->version=TLS1_VERSION; | ||
289 | /* type=2; */ /* done later to survive restarts */ | ||
290 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | ||
291 | } | ||
292 | else if (!(s->options & SSL_OP_NO_SSLv3)) | ||
293 | { | ||
294 | s->version=SSL3_VERSION; | ||
295 | /* type=2; */ | ||
296 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | ||
297 | } | ||
298 | else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
299 | { | ||
300 | type=1; | ||
301 | } | ||
302 | } | ||
303 | else if (!(s->options & SSL_OP_NO_SSLv3)) | ||
304 | { | ||
305 | s->version=SSL3_VERSION; | ||
306 | /* type=2; */ | ||
307 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | ||
308 | } | ||
309 | else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
310 | type=1; | ||
311 | |||
312 | } | ||
313 | } | ||
314 | else if ((p[0] == SSL3_RT_HANDSHAKE) && | ||
315 | (p[1] == SSL3_VERSION_MAJOR) && | ||
316 | (p[5] == SSL3_MT_CLIENT_HELLO) && | ||
317 | ((p[3] == 0 && p[4] < 5 /* silly record length? */) | ||
318 | || (p[9] >= p[1]))) | ||
319 | { | ||
320 | /* | ||
321 | * SSLv3 or tls1 header | ||
322 | */ | ||
323 | |||
324 | v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ | ||
325 | /* We must look at client_version inside the Client Hello message | ||
326 | * to get the correct minor version. | ||
327 | * However if we have only a pathologically small fragment of the | ||
328 | * Client Hello message, this would be difficult, and we'd have | ||
329 | * to read more records to find out. | ||
330 | * No known SSL 3.0 client fragments ClientHello like this, | ||
331 | * so we simply assume TLS 1.0 to avoid protocol version downgrade | ||
332 | * attacks. */ | ||
333 | if (p[3] == 0 && p[4] < 6) | ||
334 | { | ||
335 | #if 0 | ||
336 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); | ||
337 | goto err; | ||
338 | #else | ||
339 | v[1] = TLS1_VERSION_MINOR; | ||
340 | #endif | ||
341 | } | ||
342 | /* if major version number > 3 set minor to a value | ||
343 | * which will use the highest version 3 we support. | ||
344 | * If TLS 2.0 ever appears we will need to revise | ||
345 | * this.... | ||
346 | */ | ||
347 | else if (p[9] > SSL3_VERSION_MAJOR) | ||
348 | v[1]=0xff; | ||
349 | else | ||
350 | v[1]=p[10]; /* minor version according to client_version */ | ||
351 | if (v[1] >= TLS1_VERSION_MINOR) | ||
352 | { | ||
353 | if (!(s->options & SSL_OP_NO_TLSv1)) | ||
354 | { | ||
355 | s->version=TLS1_VERSION; | ||
356 | type=3; | ||
357 | } | ||
358 | else if (!(s->options & SSL_OP_NO_SSLv3)) | ||
359 | { | ||
360 | s->version=SSL3_VERSION; | ||
361 | type=3; | ||
362 | } | ||
363 | } | ||
364 | else | ||
365 | { | ||
366 | /* client requests SSL 3.0 */ | ||
367 | if (!(s->options & SSL_OP_NO_SSLv3)) | ||
368 | { | ||
369 | s->version=SSL3_VERSION; | ||
370 | type=3; | ||
371 | } | ||
372 | else if (!(s->options & SSL_OP_NO_TLSv1)) | ||
373 | { | ||
374 | /* we won't be able to use TLS of course, | ||
375 | * but this will send an appropriate alert */ | ||
376 | s->version=TLS1_VERSION; | ||
377 | type=3; | ||
378 | } | ||
379 | } | ||
380 | } | ||
381 | else if ((strncmp("GET ", (char *)p,4) == 0) || | ||
382 | (strncmp("POST ",(char *)p,5) == 0) || | ||
383 | (strncmp("HEAD ",(char *)p,5) == 0) || | ||
384 | (strncmp("PUT ", (char *)p,4) == 0)) | ||
385 | { | ||
386 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); | ||
387 | goto err; | ||
388 | } | ||
389 | else if (strncmp("CONNECT",(char *)p,7) == 0) | ||
390 | { | ||
391 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); | ||
392 | goto err; | ||
393 | } | ||
394 | } | ||
395 | |||
396 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | ||
397 | { | ||
398 | /* we have SSLv3/TLSv1 in an SSLv2 header | ||
399 | * (other cases skip this state) */ | ||
400 | |||
401 | type=2; | ||
402 | p=s->packet; | ||
403 | v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ | ||
404 | v[1] = p[4]; | ||
405 | |||
406 | n=((p[0]&0x7f)<<8)|p[1]; | ||
407 | if (n > (1024*4)) | ||
408 | { | ||
409 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); | ||
410 | goto err; | ||
411 | } | ||
412 | |||
413 | j=ssl23_read_bytes(s,n+2); | ||
414 | if (j <= 0) return(j); | ||
415 | |||
416 | ssl3_finish_mac(s, s->packet+2, s->packet_length-2); | ||
417 | if (s->msg_callback) | ||
418 | s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | ||
419 | |||
420 | p=s->packet; | ||
421 | p+=5; | ||
422 | n2s(p,csl); | ||
423 | n2s(p,sil); | ||
424 | n2s(p,cl); | ||
425 | d=(unsigned char *)s->init_buf->data; | ||
426 | if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format | ||
427 | * Client Hello, can we? Error condition should be | ||
428 | * '>' otherweise */ | ||
429 | { | ||
430 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); | ||
431 | goto err; | ||
432 | } | ||
433 | |||
434 | /* record header: msg_type ... */ | ||
435 | *(d++) = SSL3_MT_CLIENT_HELLO; | ||
436 | /* ... and length (actual value will be written later) */ | ||
437 | d_len = d; | ||
438 | d += 3; | ||
439 | |||
440 | /* client_version */ | ||
441 | *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ | ||
442 | *(d++) = v[1]; | ||
443 | |||
444 | /* lets populate the random area */ | ||
445 | /* get the challenge_length */ | ||
446 | i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; | ||
447 | memset(d,0,SSL3_RANDOM_SIZE); | ||
448 | memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); | ||
449 | d+=SSL3_RANDOM_SIZE; | ||
450 | |||
451 | /* no session-id reuse */ | ||
452 | *(d++)=0; | ||
453 | |||
454 | /* ciphers */ | ||
455 | j=0; | ||
456 | dd=d; | ||
457 | d+=2; | ||
458 | for (i=0; i<csl; i+=3) | ||
459 | { | ||
460 | if (p[i] != 0) continue; | ||
461 | *(d++)=p[i+1]; | ||
462 | *(d++)=p[i+2]; | ||
463 | j+=2; | ||
464 | } | ||
465 | s2n(j,dd); | ||
466 | |||
467 | /* COMPRESSION */ | ||
468 | *(d++)=1; | ||
469 | *(d++)=0; | ||
470 | |||
471 | #if 0 | ||
472 | /* copy any remaining data with may be extensions */ | ||
473 | p = p+csl+sil+cl; | ||
474 | while (p < s->packet+s->packet_length) | ||
475 | { | ||
476 | *(d++)=*(p++); | ||
477 | } | ||
478 | #endif | ||
479 | |||
480 | i = (d-(unsigned char *)s->init_buf->data) - 4; | ||
481 | l2n3((long)i, d_len); | ||
482 | |||
483 | /* get the data reused from the init_buf */ | ||
484 | s->s3->tmp.reuse_message=1; | ||
485 | s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; | ||
486 | s->s3->tmp.message_size=i; | ||
487 | } | ||
488 | |||
489 | /* imaginary new state (for program structure): */ | ||
490 | /* s->state = SSL23_SR_CLNT_HELLO_C */ | ||
491 | |||
492 | if (type == 1) | ||
493 | { | ||
494 | #ifdef OPENSSL_NO_SSL2 | ||
495 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
496 | goto err; | ||
497 | #else | ||
498 | /* we are talking sslv2 */ | ||
499 | /* we need to clean up the SSLv3/TLSv1 setup and put in the | ||
500 | * sslv2 stuff. */ | ||
501 | |||
502 | if (s->s2 == NULL) | ||
503 | { | ||
504 | if (!ssl2_new(s)) | ||
505 | goto err; | ||
506 | } | ||
507 | else | ||
508 | ssl2_clear(s); | ||
509 | |||
510 | if (s->s3 != NULL) ssl3_free(s); | ||
511 | |||
512 | if (!BUF_MEM_grow_clean(s->init_buf, | ||
513 | SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) | ||
514 | { | ||
515 | goto err; | ||
516 | } | ||
517 | |||
518 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | ||
519 | if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) | ||
520 | s->s2->ssl2_rollback=0; | ||
521 | else | ||
522 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | ||
523 | * (SSL 3.0 draft/RFC 2246, App. E.2) */ | ||
524 | s->s2->ssl2_rollback=1; | ||
525 | |||
526 | /* setup the n bytes we have read so we get them from | ||
527 | * the sslv2 buffer */ | ||
528 | s->rstate=SSL_ST_READ_HEADER; | ||
529 | s->packet_length=n; | ||
530 | s->packet= &(s->s2->rbuf[0]); | ||
531 | memcpy(s->packet,buf,n); | ||
532 | s->s2->rbuf_left=n; | ||
533 | s->s2->rbuf_offs=0; | ||
534 | |||
535 | s->method=SSLv2_server_method(); | ||
536 | s->handshake_func=s->method->ssl_accept; | ||
537 | #endif | ||
538 | } | ||
539 | |||
540 | if ((type == 2) || (type == 3)) | ||
541 | { | ||
542 | /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ | ||
543 | |||
544 | if (!ssl_init_wbio_buffer(s,1)) goto err; | ||
545 | |||
546 | /* we are in this state */ | ||
547 | s->state=SSL3_ST_SR_CLNT_HELLO_A; | ||
548 | |||
549 | if (type == 3) | ||
550 | { | ||
551 | /* put the 'n' bytes we have read into the input buffer | ||
552 | * for SSLv3 */ | ||
553 | s->rstate=SSL_ST_READ_HEADER; | ||
554 | s->packet_length=n; | ||
555 | if (s->s3->rbuf.buf == NULL) | ||
556 | if (!ssl3_setup_read_buffer(s)) | ||
557 | goto err; | ||
558 | |||
559 | s->packet= &(s->s3->rbuf.buf[0]); | ||
560 | memcpy(s->packet,buf,n); | ||
561 | s->s3->rbuf.left=n; | ||
562 | s->s3->rbuf.offset=0; | ||
563 | } | ||
564 | else | ||
565 | { | ||
566 | s->packet_length=0; | ||
567 | s->s3->rbuf.left=0; | ||
568 | s->s3->rbuf.offset=0; | ||
569 | } | ||
570 | |||
571 | if (s->version == TLS1_VERSION) | ||
572 | s->method = TLSv1_server_method(); | ||
573 | else | ||
574 | s->method = SSLv3_server_method(); | ||
575 | #if 0 /* ssl3_get_client_hello does this */ | ||
576 | s->client_version=(v[0]<<8)|v[1]; | ||
577 | #endif | ||
578 | s->handshake_func=s->method->ssl_accept; | ||
579 | } | ||
580 | |||
581 | if ((type < 1) || (type > 3)) | ||
582 | { | ||
583 | /* bad, very bad */ | ||
584 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); | ||
585 | goto err; | ||
586 | } | ||
587 | s->init_num=0; | ||
588 | |||
589 | if (buf != buf_space) OPENSSL_free(buf); | ||
590 | return(SSL_accept(s)); | ||
591 | err: | ||
592 | if (buf != buf_space) OPENSSL_free(buf); | ||
593 | return(-1); | ||
594 | } | ||
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c deleted file mode 100644 index a6d869df59..0000000000 --- a/src/lib/libssl/s3_both.c +++ /dev/null | |||
@@ -1,813 +0,0 @@ | |||
1 | /* ssl/s3_both.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * ECC cipher suite support in OpenSSL originally developed by | ||
114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
115 | */ | ||
116 | |||
117 | #include <limits.h> | ||
118 | #include <string.h> | ||
119 | #include <stdio.h> | ||
120 | #include "ssl_locl.h" | ||
121 | #include <openssl/buffer.h> | ||
122 | #include <openssl/rand.h> | ||
123 | #include <openssl/objects.h> | ||
124 | #include <openssl/evp.h> | ||
125 | #include <openssl/x509.h> | ||
126 | |||
127 | /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ | ||
128 | int ssl3_do_write(SSL *s, int type) | ||
129 | { | ||
130 | int ret; | ||
131 | |||
132 | ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], | ||
133 | s->init_num); | ||
134 | if (ret < 0) return(-1); | ||
135 | if (type == SSL3_RT_HANDSHAKE) | ||
136 | /* should not be done for 'Hello Request's, but in that case | ||
137 | * we'll ignore the result anyway */ | ||
138 | ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); | ||
139 | |||
140 | if (ret == s->init_num) | ||
141 | { | ||
142 | if (s->msg_callback) | ||
143 | s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); | ||
144 | return(1); | ||
145 | } | ||
146 | s->init_off+=ret; | ||
147 | s->init_num-=ret; | ||
148 | return(0); | ||
149 | } | ||
150 | |||
151 | int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | ||
152 | { | ||
153 | unsigned char *p,*d; | ||
154 | int i; | ||
155 | unsigned long l; | ||
156 | |||
157 | if (s->state == a) | ||
158 | { | ||
159 | d=(unsigned char *)s->init_buf->data; | ||
160 | p= &(d[4]); | ||
161 | |||
162 | i=s->method->ssl3_enc->final_finish_mac(s, | ||
163 | sender,slen,s->s3->tmp.finish_md); | ||
164 | s->s3->tmp.finish_md_len = i; | ||
165 | memcpy(p, s->s3->tmp.finish_md, i); | ||
166 | p+=i; | ||
167 | l=i; | ||
168 | |||
169 | /* Copy the finished so we can use it for | ||
170 | renegotiation checks */ | ||
171 | if(s->type == SSL_ST_CONNECT) | ||
172 | { | ||
173 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
174 | memcpy(s->s3->previous_client_finished, | ||
175 | s->s3->tmp.finish_md, i); | ||
176 | s->s3->previous_client_finished_len=i; | ||
177 | } | ||
178 | else | ||
179 | { | ||
180 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
181 | memcpy(s->s3->previous_server_finished, | ||
182 | s->s3->tmp.finish_md, i); | ||
183 | s->s3->previous_server_finished_len=i; | ||
184 | } | ||
185 | |||
186 | #ifdef OPENSSL_SYS_WIN16 | ||
187 | /* MSVC 1.5 does not clear the top bytes of the word unless | ||
188 | * I do this. | ||
189 | */ | ||
190 | l&=0xffff; | ||
191 | #endif | ||
192 | |||
193 | *(d++)=SSL3_MT_FINISHED; | ||
194 | l2n3(l,d); | ||
195 | s->init_num=(int)l+4; | ||
196 | s->init_off=0; | ||
197 | |||
198 | s->state=b; | ||
199 | } | ||
200 | |||
201 | /* SSL3_ST_SEND_xxxxxx_HELLO_B */ | ||
202 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
203 | } | ||
204 | |||
205 | int ssl3_get_finished(SSL *s, int a, int b) | ||
206 | { | ||
207 | int al,i,ok; | ||
208 | long n; | ||
209 | unsigned char *p; | ||
210 | |||
211 | /* the mac has already been generated when we received the | ||
212 | * change cipher spec message and is in s->s3->tmp.peer_finish_md | ||
213 | */ | ||
214 | |||
215 | n=s->method->ssl_get_message(s, | ||
216 | a, | ||
217 | b, | ||
218 | SSL3_MT_FINISHED, | ||
219 | 64, /* should actually be 36+4 :-) */ | ||
220 | &ok); | ||
221 | |||
222 | if (!ok) return((int)n); | ||
223 | |||
224 | /* If this occurs, we have missed a message */ | ||
225 | if (!s->s3->change_cipher_spec) | ||
226 | { | ||
227 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
228 | SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS); | ||
229 | goto f_err; | ||
230 | } | ||
231 | s->s3->change_cipher_spec=0; | ||
232 | |||
233 | p = (unsigned char *)s->init_msg; | ||
234 | i = s->s3->tmp.peer_finish_md_len; | ||
235 | |||
236 | if (i != n) | ||
237 | { | ||
238 | al=SSL_AD_DECODE_ERROR; | ||
239 | SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); | ||
240 | goto f_err; | ||
241 | } | ||
242 | |||
243 | if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) | ||
244 | { | ||
245 | al=SSL_AD_DECRYPT_ERROR; | ||
246 | SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); | ||
247 | goto f_err; | ||
248 | } | ||
249 | |||
250 | /* Copy the finished so we can use it for | ||
251 | renegotiation checks */ | ||
252 | if(s->type == SSL_ST_ACCEPT) | ||
253 | { | ||
254 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
255 | memcpy(s->s3->previous_client_finished, | ||
256 | s->s3->tmp.peer_finish_md, i); | ||
257 | s->s3->previous_client_finished_len=i; | ||
258 | } | ||
259 | else | ||
260 | { | ||
261 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
262 | memcpy(s->s3->previous_server_finished, | ||
263 | s->s3->tmp.peer_finish_md, i); | ||
264 | s->s3->previous_server_finished_len=i; | ||
265 | } | ||
266 | |||
267 | return(1); | ||
268 | f_err: | ||
269 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
270 | return(0); | ||
271 | } | ||
272 | |||
273 | /* for these 2 messages, we need to | ||
274 | * ssl->enc_read_ctx re-init | ||
275 | * ssl->s3->read_sequence zero | ||
276 | * ssl->s3->read_mac_secret re-init | ||
277 | * ssl->session->read_sym_enc assign | ||
278 | * ssl->session->read_compression assign | ||
279 | * ssl->session->read_hash assign | ||
280 | */ | ||
281 | int ssl3_send_change_cipher_spec(SSL *s, int a, int b) | ||
282 | { | ||
283 | unsigned char *p; | ||
284 | |||
285 | if (s->state == a) | ||
286 | { | ||
287 | p=(unsigned char *)s->init_buf->data; | ||
288 | *p=SSL3_MT_CCS; | ||
289 | s->init_num=1; | ||
290 | s->init_off=0; | ||
291 | |||
292 | s->state=b; | ||
293 | } | ||
294 | |||
295 | /* SSL3_ST_CW_CHANGE_B */ | ||
296 | return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); | ||
297 | } | ||
298 | |||
299 | static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | ||
300 | { | ||
301 | int n; | ||
302 | unsigned char *p; | ||
303 | |||
304 | n=i2d_X509(x,NULL); | ||
305 | if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) | ||
306 | { | ||
307 | SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); | ||
308 | return(-1); | ||
309 | } | ||
310 | p=(unsigned char *)&(buf->data[*l]); | ||
311 | l2n3(n,p); | ||
312 | i2d_X509(x,&p); | ||
313 | *l+=n+3; | ||
314 | |||
315 | return(0); | ||
316 | } | ||
317 | |||
318 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) | ||
319 | { | ||
320 | unsigned char *p; | ||
321 | int i; | ||
322 | unsigned long l=7; | ||
323 | BUF_MEM *buf; | ||
324 | int no_chain; | ||
325 | |||
326 | if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) | ||
327 | no_chain = 1; | ||
328 | else | ||
329 | no_chain = 0; | ||
330 | |||
331 | /* TLSv1 sends a chain with nothing in it, instead of an alert */ | ||
332 | buf=s->init_buf; | ||
333 | if (!BUF_MEM_grow_clean(buf,10)) | ||
334 | { | ||
335 | SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); | ||
336 | return(0); | ||
337 | } | ||
338 | if (x != NULL) | ||
339 | { | ||
340 | if (no_chain) | ||
341 | { | ||
342 | if (ssl3_add_cert_to_buf(buf, &l, x)) | ||
343 | return(0); | ||
344 | } | ||
345 | else | ||
346 | { | ||
347 | X509_STORE_CTX xs_ctx; | ||
348 | |||
349 | if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) | ||
350 | { | ||
351 | SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); | ||
352 | return(0); | ||
353 | } | ||
354 | X509_verify_cert(&xs_ctx); | ||
355 | /* Don't leave errors in the queue */ | ||
356 | ERR_clear_error(); | ||
357 | for (i=0; i < sk_X509_num(xs_ctx.chain); i++) | ||
358 | { | ||
359 | x = sk_X509_value(xs_ctx.chain, i); | ||
360 | |||
361 | if (ssl3_add_cert_to_buf(buf, &l, x)) | ||
362 | { | ||
363 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
364 | return 0; | ||
365 | } | ||
366 | } | ||
367 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
368 | } | ||
369 | } | ||
370 | /* Thawte special :-) */ | ||
371 | for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) | ||
372 | { | ||
373 | x=sk_X509_value(s->ctx->extra_certs,i); | ||
374 | if (ssl3_add_cert_to_buf(buf, &l, x)) | ||
375 | return(0); | ||
376 | } | ||
377 | |||
378 | l-=7; | ||
379 | p=(unsigned char *)&(buf->data[4]); | ||
380 | l2n3(l,p); | ||
381 | l+=3; | ||
382 | p=(unsigned char *)&(buf->data[0]); | ||
383 | *(p++)=SSL3_MT_CERTIFICATE; | ||
384 | l2n3(l,p); | ||
385 | l+=4; | ||
386 | return(l); | ||
387 | } | ||
388 | |||
389 | /* Obtain handshake message of message type 'mt' (any if mt == -1), | ||
390 | * maximum acceptable body length 'max'. | ||
391 | * The first four bytes (msg_type and length) are read in state 'st1', | ||
392 | * the body is read in state 'stn'. | ||
393 | */ | ||
394 | long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | ||
395 | { | ||
396 | unsigned char *p; | ||
397 | unsigned long l; | ||
398 | long n; | ||
399 | int i,al; | ||
400 | |||
401 | if (s->s3->tmp.reuse_message) | ||
402 | { | ||
403 | s->s3->tmp.reuse_message=0; | ||
404 | if ((mt >= 0) && (s->s3->tmp.message_type != mt)) | ||
405 | { | ||
406 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
407 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); | ||
408 | goto f_err; | ||
409 | } | ||
410 | *ok=1; | ||
411 | s->init_msg = s->init_buf->data + 4; | ||
412 | s->init_num = (int)s->s3->tmp.message_size; | ||
413 | return s->init_num; | ||
414 | } | ||
415 | |||
416 | p=(unsigned char *)s->init_buf->data; | ||
417 | |||
418 | if (s->state == st1) /* s->init_num < 4 */ | ||
419 | { | ||
420 | int skip_message; | ||
421 | |||
422 | do | ||
423 | { | ||
424 | while (s->init_num < 4) | ||
425 | { | ||
426 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, | ||
427 | &p[s->init_num],4 - s->init_num, 0); | ||
428 | if (i <= 0) | ||
429 | { | ||
430 | s->rwstate=SSL_READING; | ||
431 | *ok = 0; | ||
432 | return i; | ||
433 | } | ||
434 | s->init_num+=i; | ||
435 | } | ||
436 | |||
437 | skip_message = 0; | ||
438 | if (!s->server) | ||
439 | if (p[0] == SSL3_MT_HELLO_REQUEST) | ||
440 | /* The server may always send 'Hello Request' messages -- | ||
441 | * we are doing a handshake anyway now, so ignore them | ||
442 | * if their format is correct. Does not count for | ||
443 | * 'Finished' MAC. */ | ||
444 | if (p[1] == 0 && p[2] == 0 &&p[3] == 0) | ||
445 | { | ||
446 | s->init_num = 0; | ||
447 | skip_message = 1; | ||
448 | |||
449 | if (s->msg_callback) | ||
450 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); | ||
451 | } | ||
452 | } | ||
453 | while (skip_message); | ||
454 | |||
455 | /* s->init_num == 4 */ | ||
456 | |||
457 | if ((mt >= 0) && (*p != mt)) | ||
458 | { | ||
459 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
460 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); | ||
461 | goto f_err; | ||
462 | } | ||
463 | if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && | ||
464 | (st1 == SSL3_ST_SR_CERT_A) && | ||
465 | (stn == SSL3_ST_SR_CERT_B)) | ||
466 | { | ||
467 | /* At this point we have got an MS SGC second client | ||
468 | * hello (maybe we should always allow the client to | ||
469 | * start a new handshake?). We need to restart the mac. | ||
470 | * Don't increment {num,total}_renegotiations because | ||
471 | * we have not completed the handshake. */ | ||
472 | ssl3_init_finished_mac(s); | ||
473 | } | ||
474 | |||
475 | s->s3->tmp.message_type= *(p++); | ||
476 | |||
477 | n2l3(p,l); | ||
478 | if (l > (unsigned long)max) | ||
479 | { | ||
480 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
481 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
482 | goto f_err; | ||
483 | } | ||
484 | if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ | ||
485 | { | ||
486 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
487 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
488 | goto f_err; | ||
489 | } | ||
490 | if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) | ||
491 | { | ||
492 | SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); | ||
493 | goto err; | ||
494 | } | ||
495 | s->s3->tmp.message_size=l; | ||
496 | s->state=stn; | ||
497 | |||
498 | s->init_msg = s->init_buf->data + 4; | ||
499 | s->init_num = 0; | ||
500 | } | ||
501 | |||
502 | /* next state (stn) */ | ||
503 | p = s->init_msg; | ||
504 | n = s->s3->tmp.message_size - s->init_num; | ||
505 | while (n > 0) | ||
506 | { | ||
507 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); | ||
508 | if (i <= 0) | ||
509 | { | ||
510 | s->rwstate=SSL_READING; | ||
511 | *ok = 0; | ||
512 | return i; | ||
513 | } | ||
514 | s->init_num += i; | ||
515 | n -= i; | ||
516 | } | ||
517 | ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | ||
518 | if (s->msg_callback) | ||
519 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); | ||
520 | *ok=1; | ||
521 | return s->init_num; | ||
522 | f_err: | ||
523 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
524 | err: | ||
525 | *ok=0; | ||
526 | return(-1); | ||
527 | } | ||
528 | |||
529 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey) | ||
530 | { | ||
531 | EVP_PKEY *pk; | ||
532 | int ret= -1,i; | ||
533 | |||
534 | if (pkey == NULL) | ||
535 | pk=X509_get_pubkey(x); | ||
536 | else | ||
537 | pk=pkey; | ||
538 | if (pk == NULL) goto err; | ||
539 | |||
540 | i=pk->type; | ||
541 | if (i == EVP_PKEY_RSA) | ||
542 | { | ||
543 | ret=SSL_PKEY_RSA_ENC; | ||
544 | } | ||
545 | else if (i == EVP_PKEY_DSA) | ||
546 | { | ||
547 | ret=SSL_PKEY_DSA_SIGN; | ||
548 | } | ||
549 | #ifndef OPENSSL_NO_EC | ||
550 | else if (i == EVP_PKEY_EC) | ||
551 | { | ||
552 | ret = SSL_PKEY_ECC; | ||
553 | } | ||
554 | #endif | ||
555 | else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) | ||
556 | { | ||
557 | ret = SSL_PKEY_GOST94; | ||
558 | } | ||
559 | else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) | ||
560 | { | ||
561 | ret = SSL_PKEY_GOST01; | ||
562 | } | ||
563 | err: | ||
564 | if(!pkey) EVP_PKEY_free(pk); | ||
565 | return(ret); | ||
566 | } | ||
567 | |||
568 | int ssl_verify_alarm_type(long type) | ||
569 | { | ||
570 | int al; | ||
571 | |||
572 | switch(type) | ||
573 | { | ||
574 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | ||
575 | case X509_V_ERR_UNABLE_TO_GET_CRL: | ||
576 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | ||
577 | al=SSL_AD_UNKNOWN_CA; | ||
578 | break; | ||
579 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: | ||
580 | case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: | ||
581 | case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: | ||
582 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | ||
583 | case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | ||
584 | case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: | ||
585 | case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: | ||
586 | case X509_V_ERR_CERT_NOT_YET_VALID: | ||
587 | case X509_V_ERR_CRL_NOT_YET_VALID: | ||
588 | case X509_V_ERR_CERT_UNTRUSTED: | ||
589 | case X509_V_ERR_CERT_REJECTED: | ||
590 | al=SSL_AD_BAD_CERTIFICATE; | ||
591 | break; | ||
592 | case X509_V_ERR_CERT_SIGNATURE_FAILURE: | ||
593 | case X509_V_ERR_CRL_SIGNATURE_FAILURE: | ||
594 | al=SSL_AD_DECRYPT_ERROR; | ||
595 | break; | ||
596 | case X509_V_ERR_CERT_HAS_EXPIRED: | ||
597 | case X509_V_ERR_CRL_HAS_EXPIRED: | ||
598 | al=SSL_AD_CERTIFICATE_EXPIRED; | ||
599 | break; | ||
600 | case X509_V_ERR_CERT_REVOKED: | ||
601 | al=SSL_AD_CERTIFICATE_REVOKED; | ||
602 | break; | ||
603 | case X509_V_ERR_OUT_OF_MEM: | ||
604 | al=SSL_AD_INTERNAL_ERROR; | ||
605 | break; | ||
606 | case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: | ||
607 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: | ||
608 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: | ||
609 | case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: | ||
610 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: | ||
611 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | ||
612 | case X509_V_ERR_INVALID_CA: | ||
613 | al=SSL_AD_UNKNOWN_CA; | ||
614 | break; | ||
615 | case X509_V_ERR_APPLICATION_VERIFICATION: | ||
616 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
617 | break; | ||
618 | case X509_V_ERR_INVALID_PURPOSE: | ||
619 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; | ||
620 | break; | ||
621 | default: | ||
622 | al=SSL_AD_CERTIFICATE_UNKNOWN; | ||
623 | break; | ||
624 | } | ||
625 | return(al); | ||
626 | } | ||
627 | |||
628 | #ifndef OPENSSL_NO_BUF_FREELISTS | ||
629 | /* On some platforms, malloc() performance is bad enough that you can't just | ||
630 | * free() and malloc() buffers all the time, so we need to use freelists from | ||
631 | * unused buffers. Currently, each freelist holds memory chunks of only a | ||
632 | * given size (list->chunklen); other sized chunks are freed and malloced. | ||
633 | * This doesn't help much if you're using many different SSL option settings | ||
634 | * with a given context. (The options affecting buffer size are | ||
635 | * max_send_fragment, read buffer vs write buffer, | ||
636 | * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and | ||
637 | * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every | ||
638 | * possible size is not an option, since max_send_fragment can take on many | ||
639 | * different values. | ||
640 | * | ||
641 | * If you are on a platform with a slow malloc(), and you're using SSL | ||
642 | * connections with many different settings for these options, and you need to | ||
643 | * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: | ||
644 | * - Link against a faster malloc implementation. | ||
645 | * - Use a separate SSL_CTX for each option set. | ||
646 | * - Improve this code. | ||
647 | */ | ||
648 | static void * | ||
649 | freelist_extract(SSL_CTX *ctx, int for_read, int sz) | ||
650 | { | ||
651 | SSL3_BUF_FREELIST *list; | ||
652 | SSL3_BUF_FREELIST_ENTRY *ent = NULL; | ||
653 | void *result = NULL; | ||
654 | |||
655 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
656 | list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; | ||
657 | if (list != NULL && sz == (int)list->chunklen) | ||
658 | ent = list->head; | ||
659 | if (ent != NULL) | ||
660 | { | ||
661 | list->head = ent->next; | ||
662 | result = ent; | ||
663 | if (--list->len == 0) | ||
664 | list->chunklen = 0; | ||
665 | } | ||
666 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
667 | if (!result) | ||
668 | result = OPENSSL_malloc(sz); | ||
669 | return result; | ||
670 | } | ||
671 | |||
672 | static void | ||
673 | freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) | ||
674 | { | ||
675 | SSL3_BUF_FREELIST *list; | ||
676 | SSL3_BUF_FREELIST_ENTRY *ent; | ||
677 | |||
678 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
679 | list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; | ||
680 | if (list != NULL && | ||
681 | (sz == list->chunklen || list->chunklen == 0) && | ||
682 | list->len < ctx->freelist_max_len && | ||
683 | sz >= sizeof(*ent)) | ||
684 | { | ||
685 | list->chunklen = sz; | ||
686 | ent = mem; | ||
687 | ent->next = list->head; | ||
688 | list->head = ent; | ||
689 | ++list->len; | ||
690 | mem = NULL; | ||
691 | } | ||
692 | |||
693 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
694 | if (mem) | ||
695 | OPENSSL_free(mem); | ||
696 | } | ||
697 | #else | ||
698 | #define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) | ||
699 | #define freelist_insert(c,fr,sz,m) OPENSSL_free(m) | ||
700 | #endif | ||
701 | |||
702 | int ssl3_setup_read_buffer(SSL *s) | ||
703 | { | ||
704 | unsigned char *p; | ||
705 | size_t len,align=0,headerlen; | ||
706 | |||
707 | if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | ||
708 | headerlen = DTLS1_RT_HEADER_LENGTH; | ||
709 | else | ||
710 | headerlen = SSL3_RT_HEADER_LENGTH; | ||
711 | |||
712 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | ||
713 | align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); | ||
714 | #endif | ||
715 | |||
716 | if (s->s3->rbuf.buf == NULL) | ||
717 | { | ||
718 | len = SSL3_RT_MAX_PLAIN_LENGTH | ||
719 | + SSL3_RT_MAX_ENCRYPTED_OVERHEAD | ||
720 | + headerlen + align; | ||
721 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | ||
722 | { | ||
723 | s->s3->init_extra = 1; | ||
724 | len += SSL3_RT_MAX_EXTRA; | ||
725 | } | ||
726 | #ifndef OPENSSL_NO_COMP | ||
727 | if (!(s->options & SSL_OP_NO_COMPRESSION)) | ||
728 | len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; | ||
729 | #endif | ||
730 | if ((p=freelist_extract(s->ctx, 1, len)) == NULL) | ||
731 | goto err; | ||
732 | s->s3->rbuf.buf = p; | ||
733 | s->s3->rbuf.len = len; | ||
734 | } | ||
735 | |||
736 | s->packet= &(s->s3->rbuf.buf[0]); | ||
737 | return 1; | ||
738 | |||
739 | err: | ||
740 | SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); | ||
741 | return 0; | ||
742 | } | ||
743 | |||
744 | int ssl3_setup_write_buffer(SSL *s) | ||
745 | { | ||
746 | unsigned char *p; | ||
747 | size_t len,align=0,headerlen; | ||
748 | |||
749 | if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | ||
750 | headerlen = DTLS1_RT_HEADER_LENGTH + 1; | ||
751 | else | ||
752 | headerlen = SSL3_RT_HEADER_LENGTH; | ||
753 | |||
754 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | ||
755 | align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); | ||
756 | #endif | ||
757 | |||
758 | if (s->s3->wbuf.buf == NULL) | ||
759 | { | ||
760 | len = s->max_send_fragment | ||
761 | + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD | ||
762 | + headerlen + align; | ||
763 | #ifndef OPENSSL_NO_COMP | ||
764 | if (!(s->options & SSL_OP_NO_COMPRESSION)) | ||
765 | len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; | ||
766 | #endif | ||
767 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) | ||
768 | len += headerlen + align | ||
769 | + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; | ||
770 | |||
771 | if ((p=freelist_extract(s->ctx, 0, len)) == NULL) | ||
772 | goto err; | ||
773 | s->s3->wbuf.buf = p; | ||
774 | s->s3->wbuf.len = len; | ||
775 | } | ||
776 | |||
777 | return 1; | ||
778 | |||
779 | err: | ||
780 | SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); | ||
781 | return 0; | ||
782 | } | ||
783 | |||
784 | |||
785 | int ssl3_setup_buffers(SSL *s) | ||
786 | { | ||
787 | if (!ssl3_setup_read_buffer(s)) | ||
788 | return 0; | ||
789 | if (!ssl3_setup_write_buffer(s)) | ||
790 | return 0; | ||
791 | return 1; | ||
792 | } | ||
793 | |||
794 | int ssl3_release_write_buffer(SSL *s) | ||
795 | { | ||
796 | if (s->s3->wbuf.buf != NULL) | ||
797 | { | ||
798 | freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); | ||
799 | s->s3->wbuf.buf = NULL; | ||
800 | } | ||
801 | return 1; | ||
802 | } | ||
803 | |||
804 | int ssl3_release_read_buffer(SSL *s) | ||
805 | { | ||
806 | if (s->s3->rbuf.buf != NULL) | ||
807 | { | ||
808 | freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); | ||
809 | s->s3->rbuf.buf = NULL; | ||
810 | } | ||
811 | return 1; | ||
812 | } | ||
813 | |||
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c deleted file mode 100644 index 53223bd38d..0000000000 --- a/src/lib/libssl/s3_clnt.c +++ /dev/null | |||
@@ -1,3050 +0,0 @@ | |||
1 | /* ssl/s3_clnt.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * | ||
114 | * Portions of the attached software ("Contribution") are developed by | ||
115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
116 | * | ||
117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
118 | * license provided above. | ||
119 | * | ||
120 | * ECC cipher suite support in OpenSSL originally written by | ||
121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
122 | * | ||
123 | */ | ||
124 | /* ==================================================================== | ||
125 | * Copyright 2005 Nokia. All rights reserved. | ||
126 | * | ||
127 | * The portions of the attached software ("Contribution") is developed by | ||
128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
129 | * license. | ||
130 | * | ||
131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
133 | * support (see RFC 4279) to OpenSSL. | ||
134 | * | ||
135 | * No patent licenses or other rights except those expressly stated in | ||
136 | * the OpenSSL open source license shall be deemed granted or received | ||
137 | * expressly, by implication, estoppel, or otherwise. | ||
138 | * | ||
139 | * No assurances are provided by Nokia that the Contribution does not | ||
140 | * infringe the patent or other intellectual property rights of any third | ||
141 | * party or that the license provides you with all the necessary rights | ||
142 | * to make use of the Contribution. | ||
143 | * | ||
144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
148 | * OTHERWISE. | ||
149 | */ | ||
150 | |||
151 | #include <stdio.h> | ||
152 | #include "ssl_locl.h" | ||
153 | #include "kssl_lcl.h" | ||
154 | #include <openssl/buffer.h> | ||
155 | #include <openssl/rand.h> | ||
156 | #include <openssl/objects.h> | ||
157 | #include <openssl/evp.h> | ||
158 | #include <openssl/md5.h> | ||
159 | #ifndef OPENSSL_NO_DH | ||
160 | #include <openssl/dh.h> | ||
161 | #endif | ||
162 | #include <openssl/bn.h> | ||
163 | #ifndef OPENSSL_NO_ENGINE | ||
164 | #include <openssl/engine.h> | ||
165 | #endif | ||
166 | |||
167 | static const SSL_METHOD *ssl3_get_client_method(int ver); | ||
168 | static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); | ||
169 | |||
170 | static const SSL_METHOD *ssl3_get_client_method(int ver) | ||
171 | { | ||
172 | if (ver == SSL3_VERSION) | ||
173 | return(SSLv3_client_method()); | ||
174 | else | ||
175 | return(NULL); | ||
176 | } | ||
177 | |||
178 | IMPLEMENT_ssl3_meth_func(SSLv3_client_method, | ||
179 | ssl_undefined_function, | ||
180 | ssl3_connect, | ||
181 | ssl3_get_client_method) | ||
182 | |||
183 | int ssl3_connect(SSL *s) | ||
184 | { | ||
185 | BUF_MEM *buf=NULL; | ||
186 | unsigned long Time=(unsigned long)time(NULL); | ||
187 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
188 | int ret= -1; | ||
189 | int new_state,state,skip=0; | ||
190 | |||
191 | RAND_add(&Time,sizeof(Time),0); | ||
192 | ERR_clear_error(); | ||
193 | clear_sys_error(); | ||
194 | |||
195 | if (s->info_callback != NULL) | ||
196 | cb=s->info_callback; | ||
197 | else if (s->ctx->info_callback != NULL) | ||
198 | cb=s->ctx->info_callback; | ||
199 | |||
200 | s->in_handshake++; | ||
201 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
202 | |||
203 | for (;;) | ||
204 | { | ||
205 | state=s->state; | ||
206 | |||
207 | switch(s->state) | ||
208 | { | ||
209 | case SSL_ST_RENEGOTIATE: | ||
210 | s->new_session=1; | ||
211 | s->state=SSL_ST_CONNECT; | ||
212 | s->ctx->stats.sess_connect_renegotiate++; | ||
213 | /* break */ | ||
214 | case SSL_ST_BEFORE: | ||
215 | case SSL_ST_CONNECT: | ||
216 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
217 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
218 | |||
219 | s->server=0; | ||
220 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | ||
221 | |||
222 | if ((s->version & 0xff00 ) != 0x0300) | ||
223 | { | ||
224 | SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); | ||
225 | ret = -1; | ||
226 | goto end; | ||
227 | } | ||
228 | |||
229 | /* s->version=SSL3_VERSION; */ | ||
230 | s->type=SSL_ST_CONNECT; | ||
231 | |||
232 | if (s->init_buf == NULL) | ||
233 | { | ||
234 | if ((buf=BUF_MEM_new()) == NULL) | ||
235 | { | ||
236 | ret= -1; | ||
237 | goto end; | ||
238 | } | ||
239 | if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) | ||
240 | { | ||
241 | ret= -1; | ||
242 | goto end; | ||
243 | } | ||
244 | s->init_buf=buf; | ||
245 | buf=NULL; | ||
246 | } | ||
247 | |||
248 | if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } | ||
249 | |||
250 | /* setup buffing BIO */ | ||
251 | if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } | ||
252 | |||
253 | /* don't push the buffering BIO quite yet */ | ||
254 | |||
255 | ssl3_init_finished_mac(s); | ||
256 | |||
257 | s->state=SSL3_ST_CW_CLNT_HELLO_A; | ||
258 | s->ctx->stats.sess_connect++; | ||
259 | s->init_num=0; | ||
260 | break; | ||
261 | |||
262 | case SSL3_ST_CW_CLNT_HELLO_A: | ||
263 | case SSL3_ST_CW_CLNT_HELLO_B: | ||
264 | |||
265 | s->shutdown=0; | ||
266 | ret=ssl3_client_hello(s); | ||
267 | if (ret <= 0) goto end; | ||
268 | s->state=SSL3_ST_CR_SRVR_HELLO_A; | ||
269 | s->init_num=0; | ||
270 | |||
271 | /* turn on buffering for the next lot of output */ | ||
272 | if (s->bbio != s->wbio) | ||
273 | s->wbio=BIO_push(s->bbio,s->wbio); | ||
274 | |||
275 | break; | ||
276 | |||
277 | case SSL3_ST_CR_SRVR_HELLO_A: | ||
278 | case SSL3_ST_CR_SRVR_HELLO_B: | ||
279 | ret=ssl3_get_server_hello(s); | ||
280 | if (ret <= 0) goto end; | ||
281 | |||
282 | if (s->hit) | ||
283 | s->state=SSL3_ST_CR_FINISHED_A; | ||
284 | else | ||
285 | s->state=SSL3_ST_CR_CERT_A; | ||
286 | s->init_num=0; | ||
287 | break; | ||
288 | |||
289 | case SSL3_ST_CR_CERT_A: | ||
290 | case SSL3_ST_CR_CERT_B: | ||
291 | #ifndef OPENSSL_NO_TLSEXT | ||
292 | ret=ssl3_check_finished(s); | ||
293 | if (ret <= 0) goto end; | ||
294 | if (ret == 2) | ||
295 | { | ||
296 | s->hit = 1; | ||
297 | if (s->tlsext_ticket_expected) | ||
298 | s->state=SSL3_ST_CR_SESSION_TICKET_A; | ||
299 | else | ||
300 | s->state=SSL3_ST_CR_FINISHED_A; | ||
301 | s->init_num=0; | ||
302 | break; | ||
303 | } | ||
304 | #endif | ||
305 | /* Check if it is anon DH/ECDH */ | ||
306 | /* or PSK */ | ||
307 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && | ||
308 | !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | ||
309 | { | ||
310 | ret=ssl3_get_server_certificate(s); | ||
311 | if (ret <= 0) goto end; | ||
312 | #ifndef OPENSSL_NO_TLSEXT | ||
313 | if (s->tlsext_status_expected) | ||
314 | s->state=SSL3_ST_CR_CERT_STATUS_A; | ||
315 | else | ||
316 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
317 | } | ||
318 | else | ||
319 | { | ||
320 | skip = 1; | ||
321 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
322 | } | ||
323 | #else | ||
324 | } | ||
325 | else | ||
326 | skip=1; | ||
327 | |||
328 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
329 | #endif | ||
330 | s->init_num=0; | ||
331 | break; | ||
332 | |||
333 | case SSL3_ST_CR_KEY_EXCH_A: | ||
334 | case SSL3_ST_CR_KEY_EXCH_B: | ||
335 | ret=ssl3_get_key_exchange(s); | ||
336 | if (ret <= 0) goto end; | ||
337 | s->state=SSL3_ST_CR_CERT_REQ_A; | ||
338 | s->init_num=0; | ||
339 | |||
340 | /* at this point we check that we have the | ||
341 | * required stuff from the server */ | ||
342 | if (!ssl3_check_cert_and_algorithm(s)) | ||
343 | { | ||
344 | ret= -1; | ||
345 | goto end; | ||
346 | } | ||
347 | break; | ||
348 | |||
349 | case SSL3_ST_CR_CERT_REQ_A: | ||
350 | case SSL3_ST_CR_CERT_REQ_B: | ||
351 | ret=ssl3_get_certificate_request(s); | ||
352 | if (ret <= 0) goto end; | ||
353 | s->state=SSL3_ST_CR_SRVR_DONE_A; | ||
354 | s->init_num=0; | ||
355 | break; | ||
356 | |||
357 | case SSL3_ST_CR_SRVR_DONE_A: | ||
358 | case SSL3_ST_CR_SRVR_DONE_B: | ||
359 | ret=ssl3_get_server_done(s); | ||
360 | if (ret <= 0) goto end; | ||
361 | if (s->s3->tmp.cert_req) | ||
362 | s->state=SSL3_ST_CW_CERT_A; | ||
363 | else | ||
364 | s->state=SSL3_ST_CW_KEY_EXCH_A; | ||
365 | s->init_num=0; | ||
366 | |||
367 | break; | ||
368 | |||
369 | case SSL3_ST_CW_CERT_A: | ||
370 | case SSL3_ST_CW_CERT_B: | ||
371 | case SSL3_ST_CW_CERT_C: | ||
372 | case SSL3_ST_CW_CERT_D: | ||
373 | ret=ssl3_send_client_certificate(s); | ||
374 | if (ret <= 0) goto end; | ||
375 | s->state=SSL3_ST_CW_KEY_EXCH_A; | ||
376 | s->init_num=0; | ||
377 | break; | ||
378 | |||
379 | case SSL3_ST_CW_KEY_EXCH_A: | ||
380 | case SSL3_ST_CW_KEY_EXCH_B: | ||
381 | ret=ssl3_send_client_key_exchange(s); | ||
382 | if (ret <= 0) goto end; | ||
383 | /* EAY EAY EAY need to check for DH fix cert | ||
384 | * sent back */ | ||
385 | /* For TLS, cert_req is set to 2, so a cert chain | ||
386 | * of nothing is sent, but no verify packet is sent */ | ||
387 | /* XXX: For now, we do not support client | ||
388 | * authentication in ECDH cipher suites with | ||
389 | * ECDH (rather than ECDSA) certificates. | ||
390 | * We need to skip the certificate verify | ||
391 | * message when client's ECDH public key is sent | ||
392 | * inside the client certificate. | ||
393 | */ | ||
394 | if (s->s3->tmp.cert_req == 1) | ||
395 | { | ||
396 | s->state=SSL3_ST_CW_CERT_VRFY_A; | ||
397 | } | ||
398 | else | ||
399 | { | ||
400 | s->state=SSL3_ST_CW_CHANGE_A; | ||
401 | s->s3->change_cipher_spec=0; | ||
402 | } | ||
403 | if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) | ||
404 | { | ||
405 | s->state=SSL3_ST_CW_CHANGE_A; | ||
406 | s->s3->change_cipher_spec=0; | ||
407 | } | ||
408 | |||
409 | s->init_num=0; | ||
410 | break; | ||
411 | |||
412 | case SSL3_ST_CW_CERT_VRFY_A: | ||
413 | case SSL3_ST_CW_CERT_VRFY_B: | ||
414 | ret=ssl3_send_client_verify(s); | ||
415 | if (ret <= 0) goto end; | ||
416 | s->state=SSL3_ST_CW_CHANGE_A; | ||
417 | s->init_num=0; | ||
418 | s->s3->change_cipher_spec=0; | ||
419 | break; | ||
420 | |||
421 | case SSL3_ST_CW_CHANGE_A: | ||
422 | case SSL3_ST_CW_CHANGE_B: | ||
423 | ret=ssl3_send_change_cipher_spec(s, | ||
424 | SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | ||
425 | if (ret <= 0) goto end; | ||
426 | s->state=SSL3_ST_CW_FINISHED_A; | ||
427 | s->init_num=0; | ||
428 | |||
429 | s->session->cipher=s->s3->tmp.new_cipher; | ||
430 | #ifdef OPENSSL_NO_COMP | ||
431 | s->session->compress_meth=0; | ||
432 | #else | ||
433 | if (s->s3->tmp.new_compression == NULL) | ||
434 | s->session->compress_meth=0; | ||
435 | else | ||
436 | s->session->compress_meth= | ||
437 | s->s3->tmp.new_compression->id; | ||
438 | #endif | ||
439 | if (!s->method->ssl3_enc->setup_key_block(s)) | ||
440 | { | ||
441 | ret= -1; | ||
442 | goto end; | ||
443 | } | ||
444 | |||
445 | if (!s->method->ssl3_enc->change_cipher_state(s, | ||
446 | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) | ||
447 | { | ||
448 | ret= -1; | ||
449 | goto end; | ||
450 | } | ||
451 | |||
452 | break; | ||
453 | |||
454 | case SSL3_ST_CW_FINISHED_A: | ||
455 | case SSL3_ST_CW_FINISHED_B: | ||
456 | ret=ssl3_send_finished(s, | ||
457 | SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, | ||
458 | s->method->ssl3_enc->client_finished_label, | ||
459 | s->method->ssl3_enc->client_finished_label_len); | ||
460 | if (ret <= 0) goto end; | ||
461 | s->state=SSL3_ST_CW_FLUSH; | ||
462 | |||
463 | /* clear flags */ | ||
464 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | ||
465 | if (s->hit) | ||
466 | { | ||
467 | s->s3->tmp.next_state=SSL_ST_OK; | ||
468 | if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) | ||
469 | { | ||
470 | s->state=SSL_ST_OK; | ||
471 | s->s3->flags|=SSL3_FLAGS_POP_BUFFER; | ||
472 | s->s3->delay_buf_pop_ret=0; | ||
473 | } | ||
474 | } | ||
475 | else | ||
476 | { | ||
477 | #ifndef OPENSSL_NO_TLSEXT | ||
478 | /* Allow NewSessionTicket if ticket expected */ | ||
479 | if (s->tlsext_ticket_expected) | ||
480 | s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; | ||
481 | else | ||
482 | #endif | ||
483 | |||
484 | s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; | ||
485 | } | ||
486 | s->init_num=0; | ||
487 | break; | ||
488 | |||
489 | #ifndef OPENSSL_NO_TLSEXT | ||
490 | case SSL3_ST_CR_SESSION_TICKET_A: | ||
491 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
492 | ret=ssl3_get_new_session_ticket(s); | ||
493 | if (ret <= 0) goto end; | ||
494 | s->state=SSL3_ST_CR_FINISHED_A; | ||
495 | s->init_num=0; | ||
496 | break; | ||
497 | |||
498 | case SSL3_ST_CR_CERT_STATUS_A: | ||
499 | case SSL3_ST_CR_CERT_STATUS_B: | ||
500 | ret=ssl3_get_cert_status(s); | ||
501 | if (ret <= 0) goto end; | ||
502 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
503 | s->init_num=0; | ||
504 | break; | ||
505 | #endif | ||
506 | |||
507 | case SSL3_ST_CR_FINISHED_A: | ||
508 | case SSL3_ST_CR_FINISHED_B: | ||
509 | |||
510 | ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, | ||
511 | SSL3_ST_CR_FINISHED_B); | ||
512 | if (ret <= 0) goto end; | ||
513 | |||
514 | if (s->hit) | ||
515 | s->state=SSL3_ST_CW_CHANGE_A; | ||
516 | else | ||
517 | s->state=SSL_ST_OK; | ||
518 | s->init_num=0; | ||
519 | break; | ||
520 | |||
521 | case SSL3_ST_CW_FLUSH: | ||
522 | s->rwstate=SSL_WRITING; | ||
523 | if (BIO_flush(s->wbio) <= 0) | ||
524 | { | ||
525 | ret= -1; | ||
526 | goto end; | ||
527 | } | ||
528 | s->rwstate=SSL_NOTHING; | ||
529 | s->state=s->s3->tmp.next_state; | ||
530 | break; | ||
531 | |||
532 | case SSL_ST_OK: | ||
533 | /* clean a few things up */ | ||
534 | ssl3_cleanup_key_block(s); | ||
535 | |||
536 | if (s->init_buf != NULL) | ||
537 | { | ||
538 | BUF_MEM_free(s->init_buf); | ||
539 | s->init_buf=NULL; | ||
540 | } | ||
541 | |||
542 | /* If we are not 'joining' the last two packets, | ||
543 | * remove the buffering now */ | ||
544 | if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) | ||
545 | ssl_free_wbio_buffer(s); | ||
546 | /* else do it later in ssl3_write */ | ||
547 | |||
548 | s->init_num=0; | ||
549 | s->new_session=0; | ||
550 | |||
551 | ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); | ||
552 | if (s->hit) s->ctx->stats.sess_hit++; | ||
553 | |||
554 | ret=1; | ||
555 | /* s->server=0; */ | ||
556 | s->handshake_func=ssl3_connect; | ||
557 | s->ctx->stats.sess_connect_good++; | ||
558 | |||
559 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | ||
560 | |||
561 | goto end; | ||
562 | /* break; */ | ||
563 | |||
564 | default: | ||
565 | SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); | ||
566 | ret= -1; | ||
567 | goto end; | ||
568 | /* break; */ | ||
569 | } | ||
570 | |||
571 | /* did we do anything */ | ||
572 | if (!s->s3->tmp.reuse_message && !skip) | ||
573 | { | ||
574 | if (s->debug) | ||
575 | { | ||
576 | if ((ret=BIO_flush(s->wbio)) <= 0) | ||
577 | goto end; | ||
578 | } | ||
579 | |||
580 | if ((cb != NULL) && (s->state != state)) | ||
581 | { | ||
582 | new_state=s->state; | ||
583 | s->state=state; | ||
584 | cb(s,SSL_CB_CONNECT_LOOP,1); | ||
585 | s->state=new_state; | ||
586 | } | ||
587 | } | ||
588 | skip=0; | ||
589 | } | ||
590 | end: | ||
591 | s->in_handshake--; | ||
592 | if (buf != NULL) | ||
593 | BUF_MEM_free(buf); | ||
594 | if (cb != NULL) | ||
595 | cb(s,SSL_CB_CONNECT_EXIT,ret); | ||
596 | return(ret); | ||
597 | } | ||
598 | |||
599 | |||
600 | int ssl3_client_hello(SSL *s) | ||
601 | { | ||
602 | unsigned char *buf; | ||
603 | unsigned char *p,*d; | ||
604 | int i; | ||
605 | unsigned long Time,l; | ||
606 | #ifndef OPENSSL_NO_COMP | ||
607 | int j; | ||
608 | SSL_COMP *comp; | ||
609 | #endif | ||
610 | |||
611 | buf=(unsigned char *)s->init_buf->data; | ||
612 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) | ||
613 | { | ||
614 | SSL_SESSION *sess = s->session; | ||
615 | if ((sess == NULL) || | ||
616 | (sess->ssl_version != s->version) || | ||
617 | #ifdef OPENSSL_NO_TLSEXT | ||
618 | !sess->session_id_length || | ||
619 | #else | ||
620 | (!sess->session_id_length && !sess->tlsext_tick) || | ||
621 | #endif | ||
622 | (sess->not_resumable)) | ||
623 | { | ||
624 | if (!ssl_get_new_session(s,0)) | ||
625 | goto err; | ||
626 | } | ||
627 | /* else use the pre-loaded session */ | ||
628 | |||
629 | p=s->s3->client_random; | ||
630 | Time=(unsigned long)time(NULL); /* Time */ | ||
631 | l2n(Time,p); | ||
632 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | ||
633 | goto err; | ||
634 | |||
635 | /* Do the message type and length last */ | ||
636 | d=p= &(buf[4]); | ||
637 | |||
638 | *(p++)=s->version>>8; | ||
639 | *(p++)=s->version&0xff; | ||
640 | s->client_version=s->version; | ||
641 | |||
642 | /* Random stuff */ | ||
643 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | ||
644 | p+=SSL3_RANDOM_SIZE; | ||
645 | |||
646 | /* Session ID */ | ||
647 | if (s->new_session) | ||
648 | i=0; | ||
649 | else | ||
650 | i=s->session->session_id_length; | ||
651 | *(p++)=i; | ||
652 | if (i != 0) | ||
653 | { | ||
654 | if (i > (int)sizeof(s->session->session_id)) | ||
655 | { | ||
656 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
657 | goto err; | ||
658 | } | ||
659 | memcpy(p,s->session->session_id,i); | ||
660 | p+=i; | ||
661 | } | ||
662 | |||
663 | /* Ciphers supported */ | ||
664 | i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); | ||
665 | if (i == 0) | ||
666 | { | ||
667 | SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); | ||
668 | goto err; | ||
669 | } | ||
670 | s2n(i,p); | ||
671 | p+=i; | ||
672 | |||
673 | /* COMPRESSION */ | ||
674 | #ifdef OPENSSL_NO_COMP | ||
675 | *(p++)=1; | ||
676 | #else | ||
677 | |||
678 | if ((s->options & SSL_OP_NO_COMPRESSION) | ||
679 | || !s->ctx->comp_methods) | ||
680 | j=0; | ||
681 | else | ||
682 | j=sk_SSL_COMP_num(s->ctx->comp_methods); | ||
683 | *(p++)=1+j; | ||
684 | for (i=0; i<j; i++) | ||
685 | { | ||
686 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | ||
687 | *(p++)=comp->id; | ||
688 | } | ||
689 | #endif | ||
690 | *(p++)=0; /* Add the NULL method */ | ||
691 | |||
692 | #ifndef OPENSSL_NO_TLSEXT | ||
693 | /* TLS extensions*/ | ||
694 | if (ssl_prepare_clienthello_tlsext(s) <= 0) | ||
695 | { | ||
696 | SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); | ||
697 | goto err; | ||
698 | } | ||
699 | if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
700 | { | ||
701 | SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
702 | goto err; | ||
703 | } | ||
704 | #endif | ||
705 | |||
706 | l=(p-d); | ||
707 | d=buf; | ||
708 | *(d++)=SSL3_MT_CLIENT_HELLO; | ||
709 | l2n3(l,d); | ||
710 | |||
711 | s->state=SSL3_ST_CW_CLNT_HELLO_B; | ||
712 | /* number of bytes to write */ | ||
713 | s->init_num=p-buf; | ||
714 | s->init_off=0; | ||
715 | } | ||
716 | |||
717 | /* SSL3_ST_CW_CLNT_HELLO_B */ | ||
718 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
719 | err: | ||
720 | return(-1); | ||
721 | } | ||
722 | |||
723 | int ssl3_get_server_hello(SSL *s) | ||
724 | { | ||
725 | STACK_OF(SSL_CIPHER) *sk; | ||
726 | const SSL_CIPHER *c; | ||
727 | unsigned char *p,*d; | ||
728 | int i,al,ok; | ||
729 | unsigned int j; | ||
730 | long n; | ||
731 | #ifndef OPENSSL_NO_COMP | ||
732 | SSL_COMP *comp; | ||
733 | #endif | ||
734 | |||
735 | n=s->method->ssl_get_message(s, | ||
736 | SSL3_ST_CR_SRVR_HELLO_A, | ||
737 | SSL3_ST_CR_SRVR_HELLO_B, | ||
738 | -1, | ||
739 | 20000, /* ?? */ | ||
740 | &ok); | ||
741 | |||
742 | if (!ok) return((int)n); | ||
743 | |||
744 | if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | ||
745 | { | ||
746 | if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) | ||
747 | { | ||
748 | if ( s->d1->send_cookie == 0) | ||
749 | { | ||
750 | s->s3->tmp.reuse_message = 1; | ||
751 | return 1; | ||
752 | } | ||
753 | else /* already sent a cookie */ | ||
754 | { | ||
755 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
756 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); | ||
757 | goto f_err; | ||
758 | } | ||
759 | } | ||
760 | } | ||
761 | |||
762 | if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) | ||
763 | { | ||
764 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
765 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); | ||
766 | goto f_err; | ||
767 | } | ||
768 | |||
769 | d=p=(unsigned char *)s->init_msg; | ||
770 | |||
771 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) | ||
772 | { | ||
773 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); | ||
774 | s->version=(s->version&0xff00)|p[1]; | ||
775 | al=SSL_AD_PROTOCOL_VERSION; | ||
776 | goto f_err; | ||
777 | } | ||
778 | p+=2; | ||
779 | |||
780 | /* load the server hello data */ | ||
781 | /* load the server random */ | ||
782 | memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); | ||
783 | p+=SSL3_RANDOM_SIZE; | ||
784 | |||
785 | /* get the session-id */ | ||
786 | j= *(p++); | ||
787 | |||
788 | if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) | ||
789 | { | ||
790 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
791 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); | ||
792 | goto f_err; | ||
793 | } | ||
794 | |||
795 | #ifndef OPENSSL_NO_TLSEXT | ||
796 | /* check if we want to resume the session based on external pre-shared secret */ | ||
797 | if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) | ||
798 | { | ||
799 | SSL_CIPHER *pref_cipher=NULL; | ||
800 | s->session->master_key_length=sizeof(s->session->master_key); | ||
801 | if (s->tls_session_secret_cb(s, s->session->master_key, | ||
802 | &s->session->master_key_length, | ||
803 | NULL, &pref_cipher, | ||
804 | s->tls_session_secret_cb_arg)) | ||
805 | { | ||
806 | s->session->cipher = pref_cipher ? | ||
807 | pref_cipher : ssl_get_cipher_by_char(s, p+j); | ||
808 | } | ||
809 | } | ||
810 | #endif /* OPENSSL_NO_TLSEXT */ | ||
811 | |||
812 | if (j != 0 && j == s->session->session_id_length | ||
813 | && memcmp(p,s->session->session_id,j) == 0) | ||
814 | { | ||
815 | if(s->sid_ctx_length != s->session->sid_ctx_length | ||
816 | || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) | ||
817 | { | ||
818 | /* actually a client application bug */ | ||
819 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
820 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
821 | goto f_err; | ||
822 | } | ||
823 | s->hit=1; | ||
824 | } | ||
825 | else /* a miss or crap from the other end */ | ||
826 | { | ||
827 | /* If we were trying for session-id reuse, make a new | ||
828 | * SSL_SESSION so we don't stuff up other people */ | ||
829 | s->hit=0; | ||
830 | if (s->session->session_id_length > 0) | ||
831 | { | ||
832 | if (!ssl_get_new_session(s,0)) | ||
833 | { | ||
834 | al=SSL_AD_INTERNAL_ERROR; | ||
835 | goto f_err; | ||
836 | } | ||
837 | } | ||
838 | s->session->session_id_length=j; | ||
839 | memcpy(s->session->session_id,p,j); /* j could be 0 */ | ||
840 | } | ||
841 | p+=j; | ||
842 | c=ssl_get_cipher_by_char(s,p); | ||
843 | if (c == NULL) | ||
844 | { | ||
845 | /* unknown cipher */ | ||
846 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
847 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); | ||
848 | goto f_err; | ||
849 | } | ||
850 | p+=ssl_put_cipher_by_char(s,NULL,NULL); | ||
851 | |||
852 | sk=ssl_get_ciphers_by_id(s); | ||
853 | i=sk_SSL_CIPHER_find(sk,c); | ||
854 | if (i < 0) | ||
855 | { | ||
856 | /* we did not say we would use this cipher */ | ||
857 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
858 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); | ||
859 | goto f_err; | ||
860 | } | ||
861 | |||
862 | /* Depending on the session caching (internal/external), the cipher | ||
863 | and/or cipher_id values may not be set. Make sure that | ||
864 | cipher_id is set and use it for comparison. */ | ||
865 | if (s->session->cipher) | ||
866 | s->session->cipher_id = s->session->cipher->id; | ||
867 | if (s->hit && (s->session->cipher_id != c->id)) | ||
868 | { | ||
869 | /* Workaround is now obsolete */ | ||
870 | #if 0 | ||
871 | if (!(s->options & | ||
872 | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) | ||
873 | #endif | ||
874 | { | ||
875 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
876 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); | ||
877 | goto f_err; | ||
878 | } | ||
879 | } | ||
880 | s->s3->tmp.new_cipher=c; | ||
881 | if (!ssl3_digest_cached_records(s)) | ||
882 | goto f_err; | ||
883 | |||
884 | /* lets get the compression algorithm */ | ||
885 | /* COMPRESSION */ | ||
886 | #ifdef OPENSSL_NO_COMP | ||
887 | if (*(p++) != 0) | ||
888 | { | ||
889 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
890 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | ||
891 | goto f_err; | ||
892 | } | ||
893 | /* If compression is disabled we'd better not try to resume a session | ||
894 | * using compression. | ||
895 | */ | ||
896 | if (s->session->compress_meth != 0) | ||
897 | { | ||
898 | al=SSL_AD_INTERNAL_ERROR; | ||
899 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION); | ||
900 | goto f_err; | ||
901 | } | ||
902 | #else | ||
903 | j= *(p++); | ||
904 | if (s->hit && j != s->session->compress_meth) | ||
905 | { | ||
906 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
907 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); | ||
908 | goto f_err; | ||
909 | } | ||
910 | if (j == 0) | ||
911 | comp=NULL; | ||
912 | else if (s->options & SSL_OP_NO_COMPRESSION) | ||
913 | { | ||
914 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
915 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED); | ||
916 | goto f_err; | ||
917 | } | ||
918 | else | ||
919 | comp=ssl3_comp_find(s->ctx->comp_methods,j); | ||
920 | |||
921 | if ((j != 0) && (comp == NULL)) | ||
922 | { | ||
923 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
924 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | ||
925 | goto f_err; | ||
926 | } | ||
927 | else | ||
928 | { | ||
929 | s->s3->tmp.new_compression=comp; | ||
930 | } | ||
931 | #endif | ||
932 | |||
933 | #ifndef OPENSSL_NO_TLSEXT | ||
934 | /* TLS extensions*/ | ||
935 | if (s->version >= SSL3_VERSION) | ||
936 | { | ||
937 | if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) | ||
938 | { | ||
939 | /* 'al' set by ssl_parse_serverhello_tlsext */ | ||
940 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); | ||
941 | goto f_err; | ||
942 | } | ||
943 | if (ssl_check_serverhello_tlsext(s) <= 0) | ||
944 | { | ||
945 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); | ||
946 | goto err; | ||
947 | } | ||
948 | } | ||
949 | #endif | ||
950 | |||
951 | if (p != (d+n)) | ||
952 | { | ||
953 | /* wrong packet length */ | ||
954 | al=SSL_AD_DECODE_ERROR; | ||
955 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); | ||
956 | goto f_err; | ||
957 | } | ||
958 | |||
959 | return(1); | ||
960 | f_err: | ||
961 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
962 | err: | ||
963 | return(-1); | ||
964 | } | ||
965 | |||
966 | int ssl3_get_server_certificate(SSL *s) | ||
967 | { | ||
968 | int al,i,ok,ret= -1; | ||
969 | unsigned long n,nc,llen,l; | ||
970 | X509 *x=NULL; | ||
971 | const unsigned char *q,*p; | ||
972 | unsigned char *d; | ||
973 | STACK_OF(X509) *sk=NULL; | ||
974 | SESS_CERT *sc; | ||
975 | EVP_PKEY *pkey=NULL; | ||
976 | int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ | ||
977 | |||
978 | n=s->method->ssl_get_message(s, | ||
979 | SSL3_ST_CR_CERT_A, | ||
980 | SSL3_ST_CR_CERT_B, | ||
981 | -1, | ||
982 | s->max_cert_list, | ||
983 | &ok); | ||
984 | |||
985 | if (!ok) return((int)n); | ||
986 | |||
987 | if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || | ||
988 | ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && | ||
989 | (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) | ||
990 | { | ||
991 | s->s3->tmp.reuse_message=1; | ||
992 | return(1); | ||
993 | } | ||
994 | |||
995 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) | ||
996 | { | ||
997 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
998 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); | ||
999 | goto f_err; | ||
1000 | } | ||
1001 | p=d=(unsigned char *)s->init_msg; | ||
1002 | |||
1003 | if ((sk=sk_X509_new_null()) == NULL) | ||
1004 | { | ||
1005 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
1006 | goto err; | ||
1007 | } | ||
1008 | |||
1009 | n2l3(p,llen); | ||
1010 | if (llen+3 != n) | ||
1011 | { | ||
1012 | al=SSL_AD_DECODE_ERROR; | ||
1013 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); | ||
1014 | goto f_err; | ||
1015 | } | ||
1016 | for (nc=0; nc<llen; ) | ||
1017 | { | ||
1018 | n2l3(p,l); | ||
1019 | if ((l+nc+3) > llen) | ||
1020 | { | ||
1021 | al=SSL_AD_DECODE_ERROR; | ||
1022 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); | ||
1023 | goto f_err; | ||
1024 | } | ||
1025 | |||
1026 | q=p; | ||
1027 | x=d2i_X509(NULL,&q,l); | ||
1028 | if (x == NULL) | ||
1029 | { | ||
1030 | al=SSL_AD_BAD_CERTIFICATE; | ||
1031 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); | ||
1032 | goto f_err; | ||
1033 | } | ||
1034 | if (q != (p+l)) | ||
1035 | { | ||
1036 | al=SSL_AD_DECODE_ERROR; | ||
1037 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); | ||
1038 | goto f_err; | ||
1039 | } | ||
1040 | if (!sk_X509_push(sk,x)) | ||
1041 | { | ||
1042 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
1043 | goto err; | ||
1044 | } | ||
1045 | x=NULL; | ||
1046 | nc+=l+3; | ||
1047 | p=q; | ||
1048 | } | ||
1049 | |||
1050 | i=ssl_verify_cert_chain(s,sk); | ||
1051 | if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) | ||
1052 | #ifndef OPENSSL_NO_KRB5 | ||
1053 | && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && | ||
1054 | (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) | ||
1055 | #endif /* OPENSSL_NO_KRB5 */ | ||
1056 | ) | ||
1057 | { | ||
1058 | al=ssl_verify_alarm_type(s->verify_result); | ||
1059 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); | ||
1060 | goto f_err; | ||
1061 | } | ||
1062 | ERR_clear_error(); /* but we keep s->verify_result */ | ||
1063 | |||
1064 | sc=ssl_sess_cert_new(); | ||
1065 | if (sc == NULL) goto err; | ||
1066 | |||
1067 | if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); | ||
1068 | s->session->sess_cert=sc; | ||
1069 | |||
1070 | sc->cert_chain=sk; | ||
1071 | /* Inconsistency alert: cert_chain does include the peer's | ||
1072 | * certificate, which we don't include in s3_srvr.c */ | ||
1073 | x=sk_X509_value(sk,0); | ||
1074 | sk=NULL; | ||
1075 | /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ | ||
1076 | |||
1077 | pkey=X509_get_pubkey(x); | ||
1078 | |||
1079 | /* VRS: allow null cert if auth == KRB5 */ | ||
1080 | need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && | ||
1081 | (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) | ||
1082 | ? 0 : 1; | ||
1083 | |||
1084 | #ifdef KSSL_DEBUG | ||
1085 | printf("pkey,x = %p, %p\n", pkey,x); | ||
1086 | printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); | ||
1087 | printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, | ||
1088 | s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); | ||
1089 | #endif /* KSSL_DEBUG */ | ||
1090 | |||
1091 | if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) | ||
1092 | { | ||
1093 | x=NULL; | ||
1094 | al=SSL3_AL_FATAL; | ||
1095 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
1096 | SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); | ||
1097 | goto f_err; | ||
1098 | } | ||
1099 | |||
1100 | i=ssl_cert_type(x,pkey); | ||
1101 | if (need_cert && i < 0) | ||
1102 | { | ||
1103 | x=NULL; | ||
1104 | al=SSL3_AL_FATAL; | ||
1105 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
1106 | SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
1107 | goto f_err; | ||
1108 | } | ||
1109 | |||
1110 | if (need_cert) | ||
1111 | { | ||
1112 | sc->peer_cert_type=i; | ||
1113 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | ||
1114 | /* Why would the following ever happen? | ||
1115 | * We just created sc a couple of lines ago. */ | ||
1116 | if (sc->peer_pkeys[i].x509 != NULL) | ||
1117 | X509_free(sc->peer_pkeys[i].x509); | ||
1118 | sc->peer_pkeys[i].x509=x; | ||
1119 | sc->peer_key= &(sc->peer_pkeys[i]); | ||
1120 | |||
1121 | if (s->session->peer != NULL) | ||
1122 | X509_free(s->session->peer); | ||
1123 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | ||
1124 | s->session->peer=x; | ||
1125 | } | ||
1126 | else | ||
1127 | { | ||
1128 | sc->peer_cert_type=i; | ||
1129 | sc->peer_key= NULL; | ||
1130 | |||
1131 | if (s->session->peer != NULL) | ||
1132 | X509_free(s->session->peer); | ||
1133 | s->session->peer=NULL; | ||
1134 | } | ||
1135 | s->session->verify_result = s->verify_result; | ||
1136 | |||
1137 | x=NULL; | ||
1138 | ret=1; | ||
1139 | |||
1140 | if (0) | ||
1141 | { | ||
1142 | f_err: | ||
1143 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1144 | } | ||
1145 | err: | ||
1146 | EVP_PKEY_free(pkey); | ||
1147 | X509_free(x); | ||
1148 | sk_X509_pop_free(sk,X509_free); | ||
1149 | return(ret); | ||
1150 | } | ||
1151 | |||
1152 | int ssl3_get_key_exchange(SSL *s) | ||
1153 | { | ||
1154 | #ifndef OPENSSL_NO_RSA | ||
1155 | unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; | ||
1156 | #endif | ||
1157 | EVP_MD_CTX md_ctx; | ||
1158 | unsigned char *param,*p; | ||
1159 | int al,i,j,param_len,ok; | ||
1160 | long n,alg_k,alg_a; | ||
1161 | EVP_PKEY *pkey=NULL; | ||
1162 | #ifndef OPENSSL_NO_RSA | ||
1163 | RSA *rsa=NULL; | ||
1164 | #endif | ||
1165 | #ifndef OPENSSL_NO_DH | ||
1166 | DH *dh=NULL; | ||
1167 | #endif | ||
1168 | #ifndef OPENSSL_NO_ECDH | ||
1169 | EC_KEY *ecdh = NULL; | ||
1170 | BN_CTX *bn_ctx = NULL; | ||
1171 | EC_POINT *srvr_ecpoint = NULL; | ||
1172 | int curve_nid = 0; | ||
1173 | int encoded_pt_len = 0; | ||
1174 | #endif | ||
1175 | |||
1176 | /* use same message size as in ssl3_get_certificate_request() | ||
1177 | * as ServerKeyExchange message may be skipped */ | ||
1178 | n=s->method->ssl_get_message(s, | ||
1179 | SSL3_ST_CR_KEY_EXCH_A, | ||
1180 | SSL3_ST_CR_KEY_EXCH_B, | ||
1181 | -1, | ||
1182 | s->max_cert_list, | ||
1183 | &ok); | ||
1184 | if (!ok) return((int)n); | ||
1185 | |||
1186 | if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) | ||
1187 | { | ||
1188 | #ifndef OPENSSL_NO_PSK | ||
1189 | /* In plain PSK ciphersuite, ServerKeyExchange can be | ||
1190 | omitted if no identity hint is sent. Set | ||
1191 | session->sess_cert anyway to avoid problems | ||
1192 | later.*/ | ||
1193 | if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) | ||
1194 | { | ||
1195 | s->session->sess_cert=ssl_sess_cert_new(); | ||
1196 | if (s->ctx->psk_identity_hint) | ||
1197 | OPENSSL_free(s->ctx->psk_identity_hint); | ||
1198 | s->ctx->psk_identity_hint = NULL; | ||
1199 | } | ||
1200 | #endif | ||
1201 | s->s3->tmp.reuse_message=1; | ||
1202 | return(1); | ||
1203 | } | ||
1204 | |||
1205 | param=p=(unsigned char *)s->init_msg; | ||
1206 | if (s->session->sess_cert != NULL) | ||
1207 | { | ||
1208 | #ifndef OPENSSL_NO_RSA | ||
1209 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | ||
1210 | { | ||
1211 | RSA_free(s->session->sess_cert->peer_rsa_tmp); | ||
1212 | s->session->sess_cert->peer_rsa_tmp=NULL; | ||
1213 | } | ||
1214 | #endif | ||
1215 | #ifndef OPENSSL_NO_DH | ||
1216 | if (s->session->sess_cert->peer_dh_tmp) | ||
1217 | { | ||
1218 | DH_free(s->session->sess_cert->peer_dh_tmp); | ||
1219 | s->session->sess_cert->peer_dh_tmp=NULL; | ||
1220 | } | ||
1221 | #endif | ||
1222 | #ifndef OPENSSL_NO_ECDH | ||
1223 | if (s->session->sess_cert->peer_ecdh_tmp) | ||
1224 | { | ||
1225 | EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); | ||
1226 | s->session->sess_cert->peer_ecdh_tmp=NULL; | ||
1227 | } | ||
1228 | #endif | ||
1229 | } | ||
1230 | else | ||
1231 | { | ||
1232 | s->session->sess_cert=ssl_sess_cert_new(); | ||
1233 | } | ||
1234 | |||
1235 | param_len=0; | ||
1236 | alg_k=s->s3->tmp.new_cipher->algorithm_mkey; | ||
1237 | alg_a=s->s3->tmp.new_cipher->algorithm_auth; | ||
1238 | EVP_MD_CTX_init(&md_ctx); | ||
1239 | |||
1240 | #ifndef OPENSSL_NO_PSK | ||
1241 | if (alg_k & SSL_kPSK) | ||
1242 | { | ||
1243 | char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; | ||
1244 | |||
1245 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1246 | n2s(p,i); | ||
1247 | param_len=i+2; | ||
1248 | /* Store PSK identity hint for later use, hint is used | ||
1249 | * in ssl3_send_client_key_exchange. Assume that the | ||
1250 | * maximum length of a PSK identity hint can be as | ||
1251 | * long as the maximum length of a PSK identity. */ | ||
1252 | if (i > PSK_MAX_IDENTITY_LEN) | ||
1253 | { | ||
1254 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
1255 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
1256 | goto f_err; | ||
1257 | } | ||
1258 | if (param_len > n) | ||
1259 | { | ||
1260 | al=SSL_AD_DECODE_ERROR; | ||
1261 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
1262 | SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); | ||
1263 | goto f_err; | ||
1264 | } | ||
1265 | /* If received PSK identity hint contains NULL | ||
1266 | * characters, the hint is truncated from the first | ||
1267 | * NULL. p may not be ending with NULL, so create a | ||
1268 | * NULL-terminated string. */ | ||
1269 | memcpy(tmp_id_hint, p, i); | ||
1270 | memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); | ||
1271 | if (s->ctx->psk_identity_hint != NULL) | ||
1272 | OPENSSL_free(s->ctx->psk_identity_hint); | ||
1273 | s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); | ||
1274 | if (s->ctx->psk_identity_hint == NULL) | ||
1275 | { | ||
1276 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | ||
1277 | goto f_err; | ||
1278 | } | ||
1279 | |||
1280 | p+=i; | ||
1281 | n-=param_len; | ||
1282 | } | ||
1283 | else | ||
1284 | #endif /* !OPENSSL_NO_PSK */ | ||
1285 | #ifndef OPENSSL_NO_RSA | ||
1286 | if (alg_k & SSL_kRSA) | ||
1287 | { | ||
1288 | if ((rsa=RSA_new()) == NULL) | ||
1289 | { | ||
1290 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1291 | goto err; | ||
1292 | } | ||
1293 | n2s(p,i); | ||
1294 | param_len=i+2; | ||
1295 | if (param_len > n) | ||
1296 | { | ||
1297 | al=SSL_AD_DECODE_ERROR; | ||
1298 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); | ||
1299 | goto f_err; | ||
1300 | } | ||
1301 | if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) | ||
1302 | { | ||
1303 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); | ||
1304 | goto err; | ||
1305 | } | ||
1306 | p+=i; | ||
1307 | |||
1308 | n2s(p,i); | ||
1309 | param_len+=i+2; | ||
1310 | if (param_len > n) | ||
1311 | { | ||
1312 | al=SSL_AD_DECODE_ERROR; | ||
1313 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); | ||
1314 | goto f_err; | ||
1315 | } | ||
1316 | if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) | ||
1317 | { | ||
1318 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); | ||
1319 | goto err; | ||
1320 | } | ||
1321 | p+=i; | ||
1322 | n-=param_len; | ||
1323 | |||
1324 | /* this should be because we are using an export cipher */ | ||
1325 | if (alg_a & SSL_aRSA) | ||
1326 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
1327 | else | ||
1328 | { | ||
1329 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | ||
1330 | goto err; | ||
1331 | } | ||
1332 | s->session->sess_cert->peer_rsa_tmp=rsa; | ||
1333 | rsa=NULL; | ||
1334 | } | ||
1335 | #else /* OPENSSL_NO_RSA */ | ||
1336 | if (0) | ||
1337 | ; | ||
1338 | #endif | ||
1339 | #ifndef OPENSSL_NO_DH | ||
1340 | else if (alg_k & SSL_kEDH) | ||
1341 | { | ||
1342 | if ((dh=DH_new()) == NULL) | ||
1343 | { | ||
1344 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
1345 | goto err; | ||
1346 | } | ||
1347 | n2s(p,i); | ||
1348 | param_len=i+2; | ||
1349 | if (param_len > n) | ||
1350 | { | ||
1351 | al=SSL_AD_DECODE_ERROR; | ||
1352 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); | ||
1353 | goto f_err; | ||
1354 | } | ||
1355 | if (!(dh->p=BN_bin2bn(p,i,NULL))) | ||
1356 | { | ||
1357 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); | ||
1358 | goto err; | ||
1359 | } | ||
1360 | p+=i; | ||
1361 | |||
1362 | n2s(p,i); | ||
1363 | param_len+=i+2; | ||
1364 | if (param_len > n) | ||
1365 | { | ||
1366 | al=SSL_AD_DECODE_ERROR; | ||
1367 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); | ||
1368 | goto f_err; | ||
1369 | } | ||
1370 | if (!(dh->g=BN_bin2bn(p,i,NULL))) | ||
1371 | { | ||
1372 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); | ||
1373 | goto err; | ||
1374 | } | ||
1375 | p+=i; | ||
1376 | |||
1377 | n2s(p,i); | ||
1378 | param_len+=i+2; | ||
1379 | if (param_len > n) | ||
1380 | { | ||
1381 | al=SSL_AD_DECODE_ERROR; | ||
1382 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); | ||
1383 | goto f_err; | ||
1384 | } | ||
1385 | if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) | ||
1386 | { | ||
1387 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); | ||
1388 | goto err; | ||
1389 | } | ||
1390 | p+=i; | ||
1391 | n-=param_len; | ||
1392 | |||
1393 | #ifndef OPENSSL_NO_RSA | ||
1394 | if (alg_a & SSL_aRSA) | ||
1395 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
1396 | #else | ||
1397 | if (0) | ||
1398 | ; | ||
1399 | #endif | ||
1400 | #ifndef OPENSSL_NO_DSA | ||
1401 | else if (alg_a & SSL_aDSS) | ||
1402 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); | ||
1403 | #endif | ||
1404 | /* else anonymous DH, so no certificate or pkey. */ | ||
1405 | |||
1406 | s->session->sess_cert->peer_dh_tmp=dh; | ||
1407 | dh=NULL; | ||
1408 | } | ||
1409 | else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) | ||
1410 | { | ||
1411 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
1412 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); | ||
1413 | goto f_err; | ||
1414 | } | ||
1415 | #endif /* !OPENSSL_NO_DH */ | ||
1416 | |||
1417 | #ifndef OPENSSL_NO_ECDH | ||
1418 | else if (alg_k & SSL_kEECDH) | ||
1419 | { | ||
1420 | EC_GROUP *ngroup; | ||
1421 | const EC_GROUP *group; | ||
1422 | |||
1423 | if ((ecdh=EC_KEY_new()) == NULL) | ||
1424 | { | ||
1425 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1426 | goto err; | ||
1427 | } | ||
1428 | |||
1429 | /* Extract elliptic curve parameters and the | ||
1430 | * server's ephemeral ECDH public key. | ||
1431 | * Keep accumulating lengths of various components in | ||
1432 | * param_len and make sure it never exceeds n. | ||
1433 | */ | ||
1434 | |||
1435 | /* XXX: For now we only support named (not generic) curves | ||
1436 | * and the ECParameters in this case is just three bytes. | ||
1437 | */ | ||
1438 | param_len=3; | ||
1439 | if ((param_len > n) || | ||
1440 | (*p != NAMED_CURVE_TYPE) || | ||
1441 | ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) | ||
1442 | { | ||
1443 | al=SSL_AD_INTERNAL_ERROR; | ||
1444 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); | ||
1445 | goto f_err; | ||
1446 | } | ||
1447 | |||
1448 | ngroup = EC_GROUP_new_by_curve_name(curve_nid); | ||
1449 | if (ngroup == NULL) | ||
1450 | { | ||
1451 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
1452 | goto err; | ||
1453 | } | ||
1454 | if (EC_KEY_set_group(ecdh, ngroup) == 0) | ||
1455 | { | ||
1456 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
1457 | goto err; | ||
1458 | } | ||
1459 | EC_GROUP_free(ngroup); | ||
1460 | |||
1461 | group = EC_KEY_get0_group(ecdh); | ||
1462 | |||
1463 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && | ||
1464 | (EC_GROUP_get_degree(group) > 163)) | ||
1465 | { | ||
1466 | al=SSL_AD_EXPORT_RESTRICTION; | ||
1467 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); | ||
1468 | goto f_err; | ||
1469 | } | ||
1470 | |||
1471 | p+=3; | ||
1472 | |||
1473 | /* Next, get the encoded ECPoint */ | ||
1474 | if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || | ||
1475 | ((bn_ctx = BN_CTX_new()) == NULL)) | ||
1476 | { | ||
1477 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1478 | goto err; | ||
1479 | } | ||
1480 | |||
1481 | encoded_pt_len = *p; /* length of encoded point */ | ||
1482 | p+=1; | ||
1483 | param_len += (1 + encoded_pt_len); | ||
1484 | if ((param_len > n) || | ||
1485 | (EC_POINT_oct2point(group, srvr_ecpoint, | ||
1486 | p, encoded_pt_len, bn_ctx) == 0)) | ||
1487 | { | ||
1488 | al=SSL_AD_DECODE_ERROR; | ||
1489 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); | ||
1490 | goto f_err; | ||
1491 | } | ||
1492 | |||
1493 | n-=param_len; | ||
1494 | p+=encoded_pt_len; | ||
1495 | |||
1496 | /* The ECC/TLS specification does not mention | ||
1497 | * the use of DSA to sign ECParameters in the server | ||
1498 | * key exchange message. We do support RSA and ECDSA. | ||
1499 | */ | ||
1500 | if (0) ; | ||
1501 | #ifndef OPENSSL_NO_RSA | ||
1502 | else if (alg_a & SSL_aRSA) | ||
1503 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
1504 | #endif | ||
1505 | #ifndef OPENSSL_NO_ECDSA | ||
1506 | else if (alg_a & SSL_aECDSA) | ||
1507 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
1508 | #endif | ||
1509 | /* else anonymous ECDH, so no certificate or pkey. */ | ||
1510 | EC_KEY_set_public_key(ecdh, srvr_ecpoint); | ||
1511 | s->session->sess_cert->peer_ecdh_tmp=ecdh; | ||
1512 | ecdh=NULL; | ||
1513 | BN_CTX_free(bn_ctx); | ||
1514 | bn_ctx = NULL; | ||
1515 | EC_POINT_free(srvr_ecpoint); | ||
1516 | srvr_ecpoint = NULL; | ||
1517 | } | ||
1518 | else if (alg_k) | ||
1519 | { | ||
1520 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1521 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | ||
1522 | goto f_err; | ||
1523 | } | ||
1524 | #endif /* !OPENSSL_NO_ECDH */ | ||
1525 | |||
1526 | |||
1527 | /* p points to the next byte, there are 'n' bytes left */ | ||
1528 | |||
1529 | /* if it was signed, check the signature */ | ||
1530 | if (pkey != NULL) | ||
1531 | { | ||
1532 | n2s(p,i); | ||
1533 | n-=2; | ||
1534 | j=EVP_PKEY_size(pkey); | ||
1535 | |||
1536 | if ((i != n) || (n > j) || (n <= 0)) | ||
1537 | { | ||
1538 | /* wrong packet length */ | ||
1539 | al=SSL_AD_DECODE_ERROR; | ||
1540 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); | ||
1541 | goto f_err; | ||
1542 | } | ||
1543 | |||
1544 | #ifndef OPENSSL_NO_RSA | ||
1545 | if (pkey->type == EVP_PKEY_RSA) | ||
1546 | { | ||
1547 | int num; | ||
1548 | |||
1549 | j=0; | ||
1550 | q=md_buf; | ||
1551 | for (num=2; num > 0; num--) | ||
1552 | { | ||
1553 | EVP_DigestInit_ex(&md_ctx,(num == 2) | ||
1554 | ?s->ctx->md5:s->ctx->sha1, NULL); | ||
1555 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1556 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1557 | EVP_DigestUpdate(&md_ctx,param,param_len); | ||
1558 | EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); | ||
1559 | q+=i; | ||
1560 | j+=i; | ||
1561 | } | ||
1562 | i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, | ||
1563 | pkey->pkey.rsa); | ||
1564 | if (i < 0) | ||
1565 | { | ||
1566 | al=SSL_AD_DECRYPT_ERROR; | ||
1567 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); | ||
1568 | goto f_err; | ||
1569 | } | ||
1570 | if (i == 0) | ||
1571 | { | ||
1572 | /* bad signature */ | ||
1573 | al=SSL_AD_DECRYPT_ERROR; | ||
1574 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); | ||
1575 | goto f_err; | ||
1576 | } | ||
1577 | } | ||
1578 | else | ||
1579 | #endif | ||
1580 | #ifndef OPENSSL_NO_DSA | ||
1581 | if (pkey->type == EVP_PKEY_DSA) | ||
1582 | { | ||
1583 | /* lets do DSS */ | ||
1584 | EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL); | ||
1585 | EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1586 | EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1587 | EVP_VerifyUpdate(&md_ctx,param,param_len); | ||
1588 | if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) | ||
1589 | { | ||
1590 | /* bad signature */ | ||
1591 | al=SSL_AD_DECRYPT_ERROR; | ||
1592 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); | ||
1593 | goto f_err; | ||
1594 | } | ||
1595 | } | ||
1596 | else | ||
1597 | #endif | ||
1598 | #ifndef OPENSSL_NO_ECDSA | ||
1599 | if (pkey->type == EVP_PKEY_EC) | ||
1600 | { | ||
1601 | /* let's do ECDSA */ | ||
1602 | EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL); | ||
1603 | EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1604 | EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1605 | EVP_VerifyUpdate(&md_ctx,param,param_len); | ||
1606 | if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) | ||
1607 | { | ||
1608 | /* bad signature */ | ||
1609 | al=SSL_AD_DECRYPT_ERROR; | ||
1610 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); | ||
1611 | goto f_err; | ||
1612 | } | ||
1613 | } | ||
1614 | else | ||
1615 | #endif | ||
1616 | { | ||
1617 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | ||
1618 | goto err; | ||
1619 | } | ||
1620 | } | ||
1621 | else | ||
1622 | { | ||
1623 | if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) | ||
1624 | /* aNULL or kPSK do not need public keys */ | ||
1625 | { | ||
1626 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | ||
1627 | goto err; | ||
1628 | } | ||
1629 | /* still data left over */ | ||
1630 | if (n != 0) | ||
1631 | { | ||
1632 | al=SSL_AD_DECODE_ERROR; | ||
1633 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); | ||
1634 | goto f_err; | ||
1635 | } | ||
1636 | } | ||
1637 | EVP_PKEY_free(pkey); | ||
1638 | EVP_MD_CTX_cleanup(&md_ctx); | ||
1639 | return(1); | ||
1640 | f_err: | ||
1641 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1642 | err: | ||
1643 | EVP_PKEY_free(pkey); | ||
1644 | #ifndef OPENSSL_NO_RSA | ||
1645 | if (rsa != NULL) | ||
1646 | RSA_free(rsa); | ||
1647 | #endif | ||
1648 | #ifndef OPENSSL_NO_DH | ||
1649 | if (dh != NULL) | ||
1650 | DH_free(dh); | ||
1651 | #endif | ||
1652 | #ifndef OPENSSL_NO_ECDH | ||
1653 | BN_CTX_free(bn_ctx); | ||
1654 | EC_POINT_free(srvr_ecpoint); | ||
1655 | if (ecdh != NULL) | ||
1656 | EC_KEY_free(ecdh); | ||
1657 | #endif | ||
1658 | EVP_MD_CTX_cleanup(&md_ctx); | ||
1659 | return(-1); | ||
1660 | } | ||
1661 | |||
1662 | int ssl3_get_certificate_request(SSL *s) | ||
1663 | { | ||
1664 | int ok,ret=0; | ||
1665 | unsigned long n,nc,l; | ||
1666 | unsigned int llen,ctype_num,i; | ||
1667 | X509_NAME *xn=NULL; | ||
1668 | const unsigned char *p,*q; | ||
1669 | unsigned char *d; | ||
1670 | STACK_OF(X509_NAME) *ca_sk=NULL; | ||
1671 | |||
1672 | n=s->method->ssl_get_message(s, | ||
1673 | SSL3_ST_CR_CERT_REQ_A, | ||
1674 | SSL3_ST_CR_CERT_REQ_B, | ||
1675 | -1, | ||
1676 | s->max_cert_list, | ||
1677 | &ok); | ||
1678 | |||
1679 | if (!ok) return((int)n); | ||
1680 | |||
1681 | s->s3->tmp.cert_req=0; | ||
1682 | |||
1683 | if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) | ||
1684 | { | ||
1685 | s->s3->tmp.reuse_message=1; | ||
1686 | return(1); | ||
1687 | } | ||
1688 | |||
1689 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) | ||
1690 | { | ||
1691 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); | ||
1692 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); | ||
1693 | goto err; | ||
1694 | } | ||
1695 | |||
1696 | /* TLS does not like anon-DH with client cert */ | ||
1697 | if (s->version > SSL3_VERSION) | ||
1698 | { | ||
1699 | if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) | ||
1700 | { | ||
1701 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); | ||
1702 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); | ||
1703 | goto err; | ||
1704 | } | ||
1705 | } | ||
1706 | |||
1707 | p=d=(unsigned char *)s->init_msg; | ||
1708 | |||
1709 | if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) | ||
1710 | { | ||
1711 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); | ||
1712 | goto err; | ||
1713 | } | ||
1714 | |||
1715 | /* get the certificate types */ | ||
1716 | ctype_num= *(p++); | ||
1717 | if (ctype_num > SSL3_CT_NUMBER) | ||
1718 | ctype_num=SSL3_CT_NUMBER; | ||
1719 | for (i=0; i<ctype_num; i++) | ||
1720 | s->s3->tmp.ctype[i]= p[i]; | ||
1721 | p+=ctype_num; | ||
1722 | |||
1723 | /* get the CA RDNs */ | ||
1724 | n2s(p,llen); | ||
1725 | #if 0 | ||
1726 | { | ||
1727 | FILE *out; | ||
1728 | out=fopen("/tmp/vsign.der","w"); | ||
1729 | fwrite(p,1,llen,out); | ||
1730 | fclose(out); | ||
1731 | } | ||
1732 | #endif | ||
1733 | |||
1734 | if ((llen+ctype_num+2+1) != n) | ||
1735 | { | ||
1736 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); | ||
1737 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); | ||
1738 | goto err; | ||
1739 | } | ||
1740 | |||
1741 | for (nc=0; nc<llen; ) | ||
1742 | { | ||
1743 | n2s(p,l); | ||
1744 | if ((l+nc+2) > llen) | ||
1745 | { | ||
1746 | if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) | ||
1747 | goto cont; /* netscape bugs */ | ||
1748 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); | ||
1749 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); | ||
1750 | goto err; | ||
1751 | } | ||
1752 | |||
1753 | q=p; | ||
1754 | |||
1755 | if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) | ||
1756 | { | ||
1757 | /* If netscape tolerance is on, ignore errors */ | ||
1758 | if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) | ||
1759 | goto cont; | ||
1760 | else | ||
1761 | { | ||
1762 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); | ||
1763 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); | ||
1764 | goto err; | ||
1765 | } | ||
1766 | } | ||
1767 | |||
1768 | if (q != (p+l)) | ||
1769 | { | ||
1770 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); | ||
1771 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); | ||
1772 | goto err; | ||
1773 | } | ||
1774 | if (!sk_X509_NAME_push(ca_sk,xn)) | ||
1775 | { | ||
1776 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); | ||
1777 | goto err; | ||
1778 | } | ||
1779 | |||
1780 | p+=l; | ||
1781 | nc+=l+2; | ||
1782 | } | ||
1783 | |||
1784 | if (0) | ||
1785 | { | ||
1786 | cont: | ||
1787 | ERR_clear_error(); | ||
1788 | } | ||
1789 | |||
1790 | /* we should setup a certificate to return.... */ | ||
1791 | s->s3->tmp.cert_req=1; | ||
1792 | s->s3->tmp.ctype_num=ctype_num; | ||
1793 | if (s->s3->tmp.ca_names != NULL) | ||
1794 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | ||
1795 | s->s3->tmp.ca_names=ca_sk; | ||
1796 | ca_sk=NULL; | ||
1797 | |||
1798 | ret=1; | ||
1799 | err: | ||
1800 | if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); | ||
1801 | return(ret); | ||
1802 | } | ||
1803 | |||
1804 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
1805 | { | ||
1806 | return(X509_NAME_cmp(*a,*b)); | ||
1807 | } | ||
1808 | #ifndef OPENSSL_NO_TLSEXT | ||
1809 | int ssl3_get_new_session_ticket(SSL *s) | ||
1810 | { | ||
1811 | int ok,al,ret=0, ticklen; | ||
1812 | long n; | ||
1813 | const unsigned char *p; | ||
1814 | unsigned char *d; | ||
1815 | |||
1816 | n=s->method->ssl_get_message(s, | ||
1817 | SSL3_ST_CR_SESSION_TICKET_A, | ||
1818 | SSL3_ST_CR_SESSION_TICKET_B, | ||
1819 | -1, | ||
1820 | 16384, | ||
1821 | &ok); | ||
1822 | |||
1823 | if (!ok) | ||
1824 | return((int)n); | ||
1825 | |||
1826 | if (s->s3->tmp.message_type == SSL3_MT_FINISHED) | ||
1827 | { | ||
1828 | s->s3->tmp.reuse_message=1; | ||
1829 | return(1); | ||
1830 | } | ||
1831 | if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) | ||
1832 | { | ||
1833 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1834 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE); | ||
1835 | goto f_err; | ||
1836 | } | ||
1837 | if (n < 6) | ||
1838 | { | ||
1839 | /* need at least ticket_lifetime_hint + ticket length */ | ||
1840 | al = SSL_AD_DECODE_ERROR; | ||
1841 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | ||
1842 | goto f_err; | ||
1843 | } | ||
1844 | |||
1845 | p=d=(unsigned char *)s->init_msg; | ||
1846 | n2l(p, s->session->tlsext_tick_lifetime_hint); | ||
1847 | n2s(p, ticklen); | ||
1848 | /* ticket_lifetime_hint + ticket_length + ticket */ | ||
1849 | if (ticklen + 6 != n) | ||
1850 | { | ||
1851 | al = SSL_AD_DECODE_ERROR; | ||
1852 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | ||
1853 | goto f_err; | ||
1854 | } | ||
1855 | if (s->session->tlsext_tick) | ||
1856 | { | ||
1857 | OPENSSL_free(s->session->tlsext_tick); | ||
1858 | s->session->tlsext_ticklen = 0; | ||
1859 | } | ||
1860 | s->session->tlsext_tick = OPENSSL_malloc(ticklen); | ||
1861 | if (!s->session->tlsext_tick) | ||
1862 | { | ||
1863 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); | ||
1864 | goto err; | ||
1865 | } | ||
1866 | memcpy(s->session->tlsext_tick, p, ticklen); | ||
1867 | s->session->tlsext_ticklen = ticklen; | ||
1868 | /* There are two ways to detect a resumed ticket sesion. | ||
1869 | * One is to set an appropriate session ID and then the server | ||
1870 | * must return a match in ServerHello. This allows the normal | ||
1871 | * client session ID matching to work and we know much | ||
1872 | * earlier that the ticket has been accepted. | ||
1873 | * | ||
1874 | * The other way is to set zero length session ID when the | ||
1875 | * ticket is presented and rely on the handshake to determine | ||
1876 | * session resumption. | ||
1877 | * | ||
1878 | * We choose the former approach because this fits in with | ||
1879 | * assumptions elsewhere in OpenSSL. The session ID is set | ||
1880 | * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the | ||
1881 | * ticket. | ||
1882 | */ | ||
1883 | EVP_Digest(p, ticklen, | ||
1884 | s->session->session_id, &s->session->session_id_length, | ||
1885 | #ifndef OPENSSL_NO_SHA256 | ||
1886 | EVP_sha256(), NULL); | ||
1887 | #else | ||
1888 | EVP_sha1(), NULL); | ||
1889 | #endif | ||
1890 | ret=1; | ||
1891 | return(ret); | ||
1892 | f_err: | ||
1893 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1894 | err: | ||
1895 | return(-1); | ||
1896 | } | ||
1897 | |||
1898 | int ssl3_get_cert_status(SSL *s) | ||
1899 | { | ||
1900 | int ok, al; | ||
1901 | unsigned long resplen,n; | ||
1902 | const unsigned char *p; | ||
1903 | |||
1904 | n=s->method->ssl_get_message(s, | ||
1905 | SSL3_ST_CR_CERT_STATUS_A, | ||
1906 | SSL3_ST_CR_CERT_STATUS_B, | ||
1907 | SSL3_MT_CERTIFICATE_STATUS, | ||
1908 | 16384, | ||
1909 | &ok); | ||
1910 | |||
1911 | if (!ok) return((int)n); | ||
1912 | if (n < 4) | ||
1913 | { | ||
1914 | /* need at least status type + length */ | ||
1915 | al = SSL_AD_DECODE_ERROR; | ||
1916 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | ||
1917 | goto f_err; | ||
1918 | } | ||
1919 | p = (unsigned char *)s->init_msg; | ||
1920 | if (*p++ != TLSEXT_STATUSTYPE_ocsp) | ||
1921 | { | ||
1922 | al = SSL_AD_DECODE_ERROR; | ||
1923 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); | ||
1924 | goto f_err; | ||
1925 | } | ||
1926 | n2l3(p, resplen); | ||
1927 | if (resplen + 4 != n) | ||
1928 | { | ||
1929 | al = SSL_AD_DECODE_ERROR; | ||
1930 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | ||
1931 | goto f_err; | ||
1932 | } | ||
1933 | if (s->tlsext_ocsp_resp) | ||
1934 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
1935 | s->tlsext_ocsp_resp = BUF_memdup(p, resplen); | ||
1936 | if (!s->tlsext_ocsp_resp) | ||
1937 | { | ||
1938 | al = SSL_AD_INTERNAL_ERROR; | ||
1939 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); | ||
1940 | goto f_err; | ||
1941 | } | ||
1942 | s->tlsext_ocsp_resplen = resplen; | ||
1943 | if (s->ctx->tlsext_status_cb) | ||
1944 | { | ||
1945 | int ret; | ||
1946 | ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
1947 | if (ret == 0) | ||
1948 | { | ||
1949 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
1950 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); | ||
1951 | goto f_err; | ||
1952 | } | ||
1953 | if (ret < 0) | ||
1954 | { | ||
1955 | al = SSL_AD_INTERNAL_ERROR; | ||
1956 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); | ||
1957 | goto f_err; | ||
1958 | } | ||
1959 | } | ||
1960 | return 1; | ||
1961 | f_err: | ||
1962 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1963 | return(-1); | ||
1964 | } | ||
1965 | #endif | ||
1966 | |||
1967 | int ssl3_get_server_done(SSL *s) | ||
1968 | { | ||
1969 | int ok,ret=0; | ||
1970 | long n; | ||
1971 | |||
1972 | n=s->method->ssl_get_message(s, | ||
1973 | SSL3_ST_CR_SRVR_DONE_A, | ||
1974 | SSL3_ST_CR_SRVR_DONE_B, | ||
1975 | SSL3_MT_SERVER_DONE, | ||
1976 | 30, /* should be very small, like 0 :-) */ | ||
1977 | &ok); | ||
1978 | |||
1979 | if (!ok) return((int)n); | ||
1980 | if (n > 0) | ||
1981 | { | ||
1982 | /* should contain no data */ | ||
1983 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); | ||
1984 | SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); | ||
1985 | return -1; | ||
1986 | } | ||
1987 | ret=1; | ||
1988 | return(ret); | ||
1989 | } | ||
1990 | |||
1991 | |||
1992 | int ssl3_send_client_key_exchange(SSL *s) | ||
1993 | { | ||
1994 | unsigned char *p,*d; | ||
1995 | int n; | ||
1996 | unsigned long alg_k; | ||
1997 | #ifndef OPENSSL_NO_RSA | ||
1998 | unsigned char *q; | ||
1999 | EVP_PKEY *pkey=NULL; | ||
2000 | #endif | ||
2001 | #ifndef OPENSSL_NO_KRB5 | ||
2002 | KSSL_ERR kssl_err; | ||
2003 | #endif /* OPENSSL_NO_KRB5 */ | ||
2004 | #ifndef OPENSSL_NO_ECDH | ||
2005 | EC_KEY *clnt_ecdh = NULL; | ||
2006 | const EC_POINT *srvr_ecpoint = NULL; | ||
2007 | EVP_PKEY *srvr_pub_pkey = NULL; | ||
2008 | unsigned char *encodedPoint = NULL; | ||
2009 | int encoded_pt_len = 0; | ||
2010 | BN_CTX * bn_ctx = NULL; | ||
2011 | #endif | ||
2012 | |||
2013 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) | ||
2014 | { | ||
2015 | d=(unsigned char *)s->init_buf->data; | ||
2016 | p= &(d[4]); | ||
2017 | |||
2018 | alg_k=s->s3->tmp.new_cipher->algorithm_mkey; | ||
2019 | |||
2020 | /* Fool emacs indentation */ | ||
2021 | if (0) {} | ||
2022 | #ifndef OPENSSL_NO_RSA | ||
2023 | else if (alg_k & SSL_kRSA) | ||
2024 | { | ||
2025 | RSA *rsa; | ||
2026 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | ||
2027 | |||
2028 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | ||
2029 | rsa=s->session->sess_cert->peer_rsa_tmp; | ||
2030 | else | ||
2031 | { | ||
2032 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
2033 | if ((pkey == NULL) || | ||
2034 | (pkey->type != EVP_PKEY_RSA) || | ||
2035 | (pkey->pkey.rsa == NULL)) | ||
2036 | { | ||
2037 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | ||
2038 | goto err; | ||
2039 | } | ||
2040 | rsa=pkey->pkey.rsa; | ||
2041 | EVP_PKEY_free(pkey); | ||
2042 | } | ||
2043 | |||
2044 | tmp_buf[0]=s->client_version>>8; | ||
2045 | tmp_buf[1]=s->client_version&0xff; | ||
2046 | if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) | ||
2047 | goto err; | ||
2048 | |||
2049 | s->session->master_key_length=sizeof tmp_buf; | ||
2050 | |||
2051 | q=p; | ||
2052 | /* Fix buf for TLS and beyond */ | ||
2053 | if (s->version > SSL3_VERSION) | ||
2054 | p+=2; | ||
2055 | n=RSA_public_encrypt(sizeof tmp_buf, | ||
2056 | tmp_buf,p,rsa,RSA_PKCS1_PADDING); | ||
2057 | #ifdef PKCS1_CHECK | ||
2058 | if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; | ||
2059 | if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; | ||
2060 | #endif | ||
2061 | if (n <= 0) | ||
2062 | { | ||
2063 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); | ||
2064 | goto err; | ||
2065 | } | ||
2066 | |||
2067 | /* Fix buf for TLS and beyond */ | ||
2068 | if (s->version > SSL3_VERSION) | ||
2069 | { | ||
2070 | s2n(n,q); | ||
2071 | n+=2; | ||
2072 | } | ||
2073 | |||
2074 | s->session->master_key_length= | ||
2075 | s->method->ssl3_enc->generate_master_secret(s, | ||
2076 | s->session->master_key, | ||
2077 | tmp_buf,sizeof tmp_buf); | ||
2078 | OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); | ||
2079 | } | ||
2080 | #endif | ||
2081 | #ifndef OPENSSL_NO_KRB5 | ||
2082 | else if (alg_k & SSL_kKRB5) | ||
2083 | { | ||
2084 | krb5_error_code krb5rc; | ||
2085 | KSSL_CTX *kssl_ctx = s->kssl_ctx; | ||
2086 | /* krb5_data krb5_ap_req; */ | ||
2087 | krb5_data *enc_ticket; | ||
2088 | krb5_data authenticator, *authp = NULL; | ||
2089 | EVP_CIPHER_CTX ciph_ctx; | ||
2090 | const EVP_CIPHER *enc = NULL; | ||
2091 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
2092 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | ||
2093 | unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH | ||
2094 | + EVP_MAX_IV_LENGTH]; | ||
2095 | int padl, outl = sizeof(epms); | ||
2096 | |||
2097 | EVP_CIPHER_CTX_init(&ciph_ctx); | ||
2098 | |||
2099 | #ifdef KSSL_DEBUG | ||
2100 | printf("ssl3_send_client_key_exchange(%lx & %lx)\n", | ||
2101 | alg_k, SSL_kKRB5); | ||
2102 | #endif /* KSSL_DEBUG */ | ||
2103 | |||
2104 | authp = NULL; | ||
2105 | #ifdef KRB5SENDAUTH | ||
2106 | if (KRB5SENDAUTH) authp = &authenticator; | ||
2107 | #endif /* KRB5SENDAUTH */ | ||
2108 | |||
2109 | krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, | ||
2110 | &kssl_err); | ||
2111 | enc = kssl_map_enc(kssl_ctx->enctype); | ||
2112 | if (enc == NULL) | ||
2113 | goto err; | ||
2114 | #ifdef KSSL_DEBUG | ||
2115 | { | ||
2116 | printf("kssl_cget_tkt rtn %d\n", krb5rc); | ||
2117 | if (krb5rc && kssl_err.text) | ||
2118 | printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); | ||
2119 | } | ||
2120 | #endif /* KSSL_DEBUG */ | ||
2121 | |||
2122 | if (krb5rc) | ||
2123 | { | ||
2124 | ssl3_send_alert(s,SSL3_AL_FATAL, | ||
2125 | SSL_AD_HANDSHAKE_FAILURE); | ||
2126 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2127 | kssl_err.reason); | ||
2128 | goto err; | ||
2129 | } | ||
2130 | |||
2131 | /* 20010406 VRS - Earlier versions used KRB5 AP_REQ | ||
2132 | ** in place of RFC 2712 KerberosWrapper, as in: | ||
2133 | ** | ||
2134 | ** Send ticket (copy to *p, set n = length) | ||
2135 | ** n = krb5_ap_req.length; | ||
2136 | ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); | ||
2137 | ** if (krb5_ap_req.data) | ||
2138 | ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); | ||
2139 | ** | ||
2140 | ** Now using real RFC 2712 KerberosWrapper | ||
2141 | ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) | ||
2142 | ** Note: 2712 "opaque" types are here replaced | ||
2143 | ** with a 2-byte length followed by the value. | ||
2144 | ** Example: | ||
2145 | ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms | ||
2146 | ** Where "xx xx" = length bytes. Shown here with | ||
2147 | ** optional authenticator omitted. | ||
2148 | */ | ||
2149 | |||
2150 | /* KerberosWrapper.Ticket */ | ||
2151 | s2n(enc_ticket->length,p); | ||
2152 | memcpy(p, enc_ticket->data, enc_ticket->length); | ||
2153 | p+= enc_ticket->length; | ||
2154 | n = enc_ticket->length + 2; | ||
2155 | |||
2156 | /* KerberosWrapper.Authenticator */ | ||
2157 | if (authp && authp->length) | ||
2158 | { | ||
2159 | s2n(authp->length,p); | ||
2160 | memcpy(p, authp->data, authp->length); | ||
2161 | p+= authp->length; | ||
2162 | n+= authp->length + 2; | ||
2163 | |||
2164 | free(authp->data); | ||
2165 | authp->data = NULL; | ||
2166 | authp->length = 0; | ||
2167 | } | ||
2168 | else | ||
2169 | { | ||
2170 | s2n(0,p);/* null authenticator length */ | ||
2171 | n+=2; | ||
2172 | } | ||
2173 | |||
2174 | tmp_buf[0]=s->client_version>>8; | ||
2175 | tmp_buf[1]=s->client_version&0xff; | ||
2176 | if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) | ||
2177 | goto err; | ||
2178 | |||
2179 | /* 20010420 VRS. Tried it this way; failed. | ||
2180 | ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); | ||
2181 | ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, | ||
2182 | ** kssl_ctx->length); | ||
2183 | ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); | ||
2184 | */ | ||
2185 | |||
2186 | memset(iv, 0, sizeof iv); /* per RFC 1510 */ | ||
2187 | EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, | ||
2188 | kssl_ctx->key,iv); | ||
2189 | EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, | ||
2190 | sizeof tmp_buf); | ||
2191 | EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | ||
2192 | outl += padl; | ||
2193 | if (outl > (int)sizeof epms) | ||
2194 | { | ||
2195 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
2196 | goto err; | ||
2197 | } | ||
2198 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | ||
2199 | |||
2200 | /* KerberosWrapper.EncryptedPreMasterSecret */ | ||
2201 | s2n(outl,p); | ||
2202 | memcpy(p, epms, outl); | ||
2203 | p+=outl; | ||
2204 | n+=outl + 2; | ||
2205 | |||
2206 | s->session->master_key_length= | ||
2207 | s->method->ssl3_enc->generate_master_secret(s, | ||
2208 | s->session->master_key, | ||
2209 | tmp_buf, sizeof tmp_buf); | ||
2210 | |||
2211 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | ||
2212 | OPENSSL_cleanse(epms, outl); | ||
2213 | } | ||
2214 | #endif | ||
2215 | #ifndef OPENSSL_NO_DH | ||
2216 | else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | ||
2217 | { | ||
2218 | DH *dh_srvr,*dh_clnt; | ||
2219 | |||
2220 | if (s->session->sess_cert == NULL) | ||
2221 | { | ||
2222 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); | ||
2223 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | ||
2224 | goto err; | ||
2225 | } | ||
2226 | |||
2227 | if (s->session->sess_cert->peer_dh_tmp != NULL) | ||
2228 | dh_srvr=s->session->sess_cert->peer_dh_tmp; | ||
2229 | else | ||
2230 | { | ||
2231 | /* we get them from the cert */ | ||
2232 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | ||
2233 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | ||
2234 | goto err; | ||
2235 | } | ||
2236 | |||
2237 | /* generate a new random key */ | ||
2238 | if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) | ||
2239 | { | ||
2240 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
2241 | goto err; | ||
2242 | } | ||
2243 | if (!DH_generate_key(dh_clnt)) | ||
2244 | { | ||
2245 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
2246 | DH_free(dh_clnt); | ||
2247 | goto err; | ||
2248 | } | ||
2249 | |||
2250 | /* use the 'p' output buffer for the DH key, but | ||
2251 | * make sure to clear it out afterwards */ | ||
2252 | |||
2253 | n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); | ||
2254 | |||
2255 | if (n <= 0) | ||
2256 | { | ||
2257 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
2258 | DH_free(dh_clnt); | ||
2259 | goto err; | ||
2260 | } | ||
2261 | |||
2262 | /* generate master key from the result */ | ||
2263 | s->session->master_key_length= | ||
2264 | s->method->ssl3_enc->generate_master_secret(s, | ||
2265 | s->session->master_key,p,n); | ||
2266 | /* clean up */ | ||
2267 | memset(p,0,n); | ||
2268 | |||
2269 | /* send off the data */ | ||
2270 | n=BN_num_bytes(dh_clnt->pub_key); | ||
2271 | s2n(n,p); | ||
2272 | BN_bn2bin(dh_clnt->pub_key,p); | ||
2273 | n+=2; | ||
2274 | |||
2275 | DH_free(dh_clnt); | ||
2276 | |||
2277 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | ||
2278 | } | ||
2279 | #endif | ||
2280 | |||
2281 | #ifndef OPENSSL_NO_ECDH | ||
2282 | else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) | ||
2283 | { | ||
2284 | const EC_GROUP *srvr_group = NULL; | ||
2285 | EC_KEY *tkey; | ||
2286 | int ecdh_clnt_cert = 0; | ||
2287 | int field_size = 0; | ||
2288 | |||
2289 | /* Did we send out the client's | ||
2290 | * ECDH share for use in premaster | ||
2291 | * computation as part of client certificate? | ||
2292 | * If so, set ecdh_clnt_cert to 1. | ||
2293 | */ | ||
2294 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) | ||
2295 | { | ||
2296 | /* XXX: For now, we do not support client | ||
2297 | * authentication using ECDH certificates. | ||
2298 | * To add such support, one needs to add | ||
2299 | * code that checks for appropriate | ||
2300 | * conditions and sets ecdh_clnt_cert to 1. | ||
2301 | * For example, the cert have an ECC | ||
2302 | * key on the same curve as the server's | ||
2303 | * and the key should be authorized for | ||
2304 | * key agreement. | ||
2305 | * | ||
2306 | * One also needs to add code in ssl3_connect | ||
2307 | * to skip sending the certificate verify | ||
2308 | * message. | ||
2309 | * | ||
2310 | * if ((s->cert->key->privatekey != NULL) && | ||
2311 | * (s->cert->key->privatekey->type == | ||
2312 | * EVP_PKEY_EC) && ...) | ||
2313 | * ecdh_clnt_cert = 1; | ||
2314 | */ | ||
2315 | } | ||
2316 | |||
2317 | if (s->session->sess_cert->peer_ecdh_tmp != NULL) | ||
2318 | { | ||
2319 | tkey = s->session->sess_cert->peer_ecdh_tmp; | ||
2320 | } | ||
2321 | else | ||
2322 | { | ||
2323 | /* Get the Server Public Key from Cert */ | ||
2324 | srvr_pub_pkey = X509_get_pubkey(s->session-> \ | ||
2325 | sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
2326 | if ((srvr_pub_pkey == NULL) || | ||
2327 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | ||
2328 | (srvr_pub_pkey->pkey.ec == NULL)) | ||
2329 | { | ||
2330 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2331 | ERR_R_INTERNAL_ERROR); | ||
2332 | goto err; | ||
2333 | } | ||
2334 | |||
2335 | tkey = srvr_pub_pkey->pkey.ec; | ||
2336 | } | ||
2337 | |||
2338 | srvr_group = EC_KEY_get0_group(tkey); | ||
2339 | srvr_ecpoint = EC_KEY_get0_public_key(tkey); | ||
2340 | |||
2341 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) | ||
2342 | { | ||
2343 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2344 | ERR_R_INTERNAL_ERROR); | ||
2345 | goto err; | ||
2346 | } | ||
2347 | |||
2348 | if ((clnt_ecdh=EC_KEY_new()) == NULL) | ||
2349 | { | ||
2350 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
2351 | goto err; | ||
2352 | } | ||
2353 | |||
2354 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) | ||
2355 | { | ||
2356 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
2357 | goto err; | ||
2358 | } | ||
2359 | if (ecdh_clnt_cert) | ||
2360 | { | ||
2361 | /* Reuse key info from our certificate | ||
2362 | * We only need our private key to perform | ||
2363 | * the ECDH computation. | ||
2364 | */ | ||
2365 | const BIGNUM *priv_key; | ||
2366 | tkey = s->cert->key->privatekey->pkey.ec; | ||
2367 | priv_key = EC_KEY_get0_private_key(tkey); | ||
2368 | if (priv_key == NULL) | ||
2369 | { | ||
2370 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
2371 | goto err; | ||
2372 | } | ||
2373 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) | ||
2374 | { | ||
2375 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
2376 | goto err; | ||
2377 | } | ||
2378 | } | ||
2379 | else | ||
2380 | { | ||
2381 | /* Generate a new ECDH key pair */ | ||
2382 | if (!(EC_KEY_generate_key(clnt_ecdh))) | ||
2383 | { | ||
2384 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
2385 | goto err; | ||
2386 | } | ||
2387 | } | ||
2388 | |||
2389 | /* use the 'p' output buffer for the ECDH key, but | ||
2390 | * make sure to clear it out afterwards | ||
2391 | */ | ||
2392 | |||
2393 | field_size = EC_GROUP_get_degree(srvr_group); | ||
2394 | if (field_size <= 0) | ||
2395 | { | ||
2396 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2397 | ERR_R_ECDH_LIB); | ||
2398 | goto err; | ||
2399 | } | ||
2400 | n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); | ||
2401 | if (n <= 0) | ||
2402 | { | ||
2403 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2404 | ERR_R_ECDH_LIB); | ||
2405 | goto err; | ||
2406 | } | ||
2407 | |||
2408 | /* generate master key from the result */ | ||
2409 | s->session->master_key_length = s->method->ssl3_enc \ | ||
2410 | -> generate_master_secret(s, | ||
2411 | s->session->master_key, | ||
2412 | p, n); | ||
2413 | |||
2414 | memset(p, 0, n); /* clean up */ | ||
2415 | |||
2416 | if (ecdh_clnt_cert) | ||
2417 | { | ||
2418 | /* Send empty client key exch message */ | ||
2419 | n = 0; | ||
2420 | } | ||
2421 | else | ||
2422 | { | ||
2423 | /* First check the size of encoding and | ||
2424 | * allocate memory accordingly. | ||
2425 | */ | ||
2426 | encoded_pt_len = | ||
2427 | EC_POINT_point2oct(srvr_group, | ||
2428 | EC_KEY_get0_public_key(clnt_ecdh), | ||
2429 | POINT_CONVERSION_UNCOMPRESSED, | ||
2430 | NULL, 0, NULL); | ||
2431 | |||
2432 | encodedPoint = (unsigned char *) | ||
2433 | OPENSSL_malloc(encoded_pt_len * | ||
2434 | sizeof(unsigned char)); | ||
2435 | bn_ctx = BN_CTX_new(); | ||
2436 | if ((encodedPoint == NULL) || | ||
2437 | (bn_ctx == NULL)) | ||
2438 | { | ||
2439 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
2440 | goto err; | ||
2441 | } | ||
2442 | |||
2443 | /* Encode the public key */ | ||
2444 | n = EC_POINT_point2oct(srvr_group, | ||
2445 | EC_KEY_get0_public_key(clnt_ecdh), | ||
2446 | POINT_CONVERSION_UNCOMPRESSED, | ||
2447 | encodedPoint, encoded_pt_len, bn_ctx); | ||
2448 | |||
2449 | *p = n; /* length of encoded point */ | ||
2450 | /* Encoded point will be copied here */ | ||
2451 | p += 1; | ||
2452 | /* copy the point */ | ||
2453 | memcpy((unsigned char *)p, encodedPoint, n); | ||
2454 | /* increment n to account for length field */ | ||
2455 | n += 1; | ||
2456 | } | ||
2457 | |||
2458 | /* Free allocated memory */ | ||
2459 | BN_CTX_free(bn_ctx); | ||
2460 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
2461 | if (clnt_ecdh != NULL) | ||
2462 | EC_KEY_free(clnt_ecdh); | ||
2463 | EVP_PKEY_free(srvr_pub_pkey); | ||
2464 | } | ||
2465 | #endif /* !OPENSSL_NO_ECDH */ | ||
2466 | else if (alg_k & SSL_kGOST) | ||
2467 | { | ||
2468 | /* GOST key exchange message creation */ | ||
2469 | EVP_PKEY_CTX *pkey_ctx; | ||
2470 | X509 *peer_cert; | ||
2471 | size_t msglen; | ||
2472 | unsigned int md_len; | ||
2473 | int keytype; | ||
2474 | unsigned char premaster_secret[32],shared_ukm[32], tmp[256]; | ||
2475 | EVP_MD_CTX *ukm_hash; | ||
2476 | EVP_PKEY *pub_key; | ||
2477 | |||
2478 | /* Get server sertificate PKEY and create ctx from it */ | ||
2479 | peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509; | ||
2480 | if (!peer_cert) | ||
2481 | peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509; | ||
2482 | if (!peer_cert) { | ||
2483 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); | ||
2484 | goto err; | ||
2485 | } | ||
2486 | |||
2487 | pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL); | ||
2488 | /* If we have send a certificate, and certificate key | ||
2489 | |||
2490 | * parameters match those of server certificate, use | ||
2491 | * certificate key for key exchange | ||
2492 | */ | ||
2493 | |||
2494 | /* Otherwise, generate ephemeral key pair */ | ||
2495 | |||
2496 | EVP_PKEY_encrypt_init(pkey_ctx); | ||
2497 | /* Generate session key */ | ||
2498 | RAND_bytes(premaster_secret,32); | ||
2499 | /* If we have client certificate, use its secret as peer key */ | ||
2500 | if (s->s3->tmp.cert_req && s->cert->key->privatekey) { | ||
2501 | if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) { | ||
2502 | /* If there was an error - just ignore it. Ephemeral key | ||
2503 | * would be used | ||
2504 | */ | ||
2505 | ERR_clear_error(); | ||
2506 | } | ||
2507 | } | ||
2508 | /* Compute shared IV and store it in algorithm-specific | ||
2509 | * context data */ | ||
2510 | ukm_hash = EVP_MD_CTX_create(); | ||
2511 | EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94)); | ||
2512 | EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE); | ||
2513 | EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE); | ||
2514 | EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); | ||
2515 | EVP_MD_CTX_destroy(ukm_hash); | ||
2516 | if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV, | ||
2517 | 8,shared_ukm)<0) { | ||
2518 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2519 | SSL_R_LIBRARY_BUG); | ||
2520 | goto err; | ||
2521 | } | ||
2522 | /* Make GOST keytransport blob message */ | ||
2523 | /*Encapsulate it into sequence */ | ||
2524 | *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; | ||
2525 | msglen=255; | ||
2526 | if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) { | ||
2527 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2528 | SSL_R_LIBRARY_BUG); | ||
2529 | goto err; | ||
2530 | } | ||
2531 | if (msglen >= 0x80) | ||
2532 | { | ||
2533 | *(p++)=0x81; | ||
2534 | *(p++)= msglen & 0xff; | ||
2535 | n=msglen+3; | ||
2536 | } | ||
2537 | else | ||
2538 | { | ||
2539 | *(p++)= msglen & 0xff; | ||
2540 | n=msglen+2; | ||
2541 | } | ||
2542 | memcpy(p, tmp, msglen); | ||
2543 | /* Check if pubkey from client certificate was used */ | ||
2544 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) | ||
2545 | { | ||
2546 | /* Set flag "skip certificate verify" */ | ||
2547 | s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; | ||
2548 | } | ||
2549 | EVP_PKEY_CTX_free(pkey_ctx); | ||
2550 | s->session->master_key_length= | ||
2551 | s->method->ssl3_enc->generate_master_secret(s, | ||
2552 | s->session->master_key,premaster_secret,32); | ||
2553 | EVP_PKEY_free(pub_key); | ||
2554 | |||
2555 | } | ||
2556 | #ifndef OPENSSL_NO_PSK | ||
2557 | else if (alg_k & SSL_kPSK) | ||
2558 | { | ||
2559 | char identity[PSK_MAX_IDENTITY_LEN]; | ||
2560 | unsigned char *t = NULL; | ||
2561 | unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; | ||
2562 | unsigned int pre_ms_len = 0, psk_len = 0; | ||
2563 | int psk_err = 1; | ||
2564 | |||
2565 | n = 0; | ||
2566 | if (s->psk_client_callback == NULL) | ||
2567 | { | ||
2568 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2569 | SSL_R_PSK_NO_CLIENT_CB); | ||
2570 | goto err; | ||
2571 | } | ||
2572 | |||
2573 | psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, | ||
2574 | identity, PSK_MAX_IDENTITY_LEN, | ||
2575 | psk_or_pre_ms, sizeof(psk_or_pre_ms)); | ||
2576 | if (psk_len > PSK_MAX_PSK_LEN) | ||
2577 | { | ||
2578 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2579 | ERR_R_INTERNAL_ERROR); | ||
2580 | goto psk_err; | ||
2581 | } | ||
2582 | else if (psk_len == 0) | ||
2583 | { | ||
2584 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2585 | SSL_R_PSK_IDENTITY_NOT_FOUND); | ||
2586 | goto psk_err; | ||
2587 | } | ||
2588 | |||
2589 | /* create PSK pre_master_secret */ | ||
2590 | pre_ms_len = 2+psk_len+2+psk_len; | ||
2591 | t = psk_or_pre_ms; | ||
2592 | memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); | ||
2593 | s2n(psk_len, t); | ||
2594 | memset(t, 0, psk_len); | ||
2595 | t+=psk_len; | ||
2596 | s2n(psk_len, t); | ||
2597 | |||
2598 | if (s->session->psk_identity_hint != NULL) | ||
2599 | OPENSSL_free(s->session->psk_identity_hint); | ||
2600 | s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); | ||
2601 | if (s->ctx->psk_identity_hint != NULL && | ||
2602 | s->session->psk_identity_hint == NULL) | ||
2603 | { | ||
2604 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2605 | ERR_R_MALLOC_FAILURE); | ||
2606 | goto psk_err; | ||
2607 | } | ||
2608 | |||
2609 | if (s->session->psk_identity != NULL) | ||
2610 | OPENSSL_free(s->session->psk_identity); | ||
2611 | s->session->psk_identity = BUF_strdup(identity); | ||
2612 | if (s->session->psk_identity == NULL) | ||
2613 | { | ||
2614 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2615 | ERR_R_MALLOC_FAILURE); | ||
2616 | goto psk_err; | ||
2617 | } | ||
2618 | |||
2619 | s->session->master_key_length = | ||
2620 | s->method->ssl3_enc->generate_master_secret(s, | ||
2621 | s->session->master_key, | ||
2622 | psk_or_pre_ms, pre_ms_len); | ||
2623 | n = strlen(identity); | ||
2624 | s2n(n, p); | ||
2625 | memcpy(p, identity, n); | ||
2626 | n+=2; | ||
2627 | psk_err = 0; | ||
2628 | psk_err: | ||
2629 | OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); | ||
2630 | OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); | ||
2631 | if (psk_err != 0) | ||
2632 | { | ||
2633 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | ||
2634 | goto err; | ||
2635 | } | ||
2636 | } | ||
2637 | #endif | ||
2638 | else | ||
2639 | { | ||
2640 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
2641 | SSL_AD_HANDSHAKE_FAILURE); | ||
2642 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2643 | ERR_R_INTERNAL_ERROR); | ||
2644 | goto err; | ||
2645 | } | ||
2646 | |||
2647 | *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; | ||
2648 | l2n3(n,d); | ||
2649 | |||
2650 | s->state=SSL3_ST_CW_KEY_EXCH_B; | ||
2651 | /* number of bytes to write */ | ||
2652 | s->init_num=n+4; | ||
2653 | s->init_off=0; | ||
2654 | } | ||
2655 | |||
2656 | /* SSL3_ST_CW_KEY_EXCH_B */ | ||
2657 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
2658 | err: | ||
2659 | #ifndef OPENSSL_NO_ECDH | ||
2660 | BN_CTX_free(bn_ctx); | ||
2661 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
2662 | if (clnt_ecdh != NULL) | ||
2663 | EC_KEY_free(clnt_ecdh); | ||
2664 | EVP_PKEY_free(srvr_pub_pkey); | ||
2665 | #endif | ||
2666 | return(-1); | ||
2667 | } | ||
2668 | |||
2669 | int ssl3_send_client_verify(SSL *s) | ||
2670 | { | ||
2671 | unsigned char *p,*d; | ||
2672 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | ||
2673 | EVP_PKEY *pkey; | ||
2674 | EVP_PKEY_CTX *pctx=NULL; | ||
2675 | #ifndef OPENSSL_NO_RSA | ||
2676 | unsigned u=0; | ||
2677 | #endif | ||
2678 | unsigned long n; | ||
2679 | int j; | ||
2680 | |||
2681 | if (s->state == SSL3_ST_CW_CERT_VRFY_A) | ||
2682 | { | ||
2683 | d=(unsigned char *)s->init_buf->data; | ||
2684 | p= &(d[4]); | ||
2685 | pkey=s->cert->key->privatekey; | ||
2686 | /* Create context from key and test if sha1 is allowed as digest */ | ||
2687 | pctx = EVP_PKEY_CTX_new(pkey,NULL); | ||
2688 | EVP_PKEY_sign_init(pctx); | ||
2689 | if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) | ||
2690 | { | ||
2691 | s->method->ssl3_enc->cert_verify_mac(s, | ||
2692 | NID_sha1, | ||
2693 | &(data[MD5_DIGEST_LENGTH])); | ||
2694 | } | ||
2695 | else | ||
2696 | { | ||
2697 | ERR_clear_error(); | ||
2698 | } | ||
2699 | #ifndef OPENSSL_NO_RSA | ||
2700 | if (pkey->type == EVP_PKEY_RSA) | ||
2701 | { | ||
2702 | s->method->ssl3_enc->cert_verify_mac(s, | ||
2703 | NID_md5, | ||
2704 | &(data[0])); | ||
2705 | if (RSA_sign(NID_md5_sha1, data, | ||
2706 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | ||
2707 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) | ||
2708 | { | ||
2709 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); | ||
2710 | goto err; | ||
2711 | } | ||
2712 | s2n(u,p); | ||
2713 | n=u+2; | ||
2714 | } | ||
2715 | else | ||
2716 | #endif | ||
2717 | #ifndef OPENSSL_NO_DSA | ||
2718 | if (pkey->type == EVP_PKEY_DSA) | ||
2719 | { | ||
2720 | if (!DSA_sign(pkey->save_type, | ||
2721 | &(data[MD5_DIGEST_LENGTH]), | ||
2722 | SHA_DIGEST_LENGTH,&(p[2]), | ||
2723 | (unsigned int *)&j,pkey->pkey.dsa)) | ||
2724 | { | ||
2725 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); | ||
2726 | goto err; | ||
2727 | } | ||
2728 | s2n(j,p); | ||
2729 | n=j+2; | ||
2730 | } | ||
2731 | else | ||
2732 | #endif | ||
2733 | #ifndef OPENSSL_NO_ECDSA | ||
2734 | if (pkey->type == EVP_PKEY_EC) | ||
2735 | { | ||
2736 | if (!ECDSA_sign(pkey->save_type, | ||
2737 | &(data[MD5_DIGEST_LENGTH]), | ||
2738 | SHA_DIGEST_LENGTH,&(p[2]), | ||
2739 | (unsigned int *)&j,pkey->pkey.ec)) | ||
2740 | { | ||
2741 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
2742 | ERR_R_ECDSA_LIB); | ||
2743 | goto err; | ||
2744 | } | ||
2745 | s2n(j,p); | ||
2746 | n=j+2; | ||
2747 | } | ||
2748 | else | ||
2749 | #endif | ||
2750 | if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) | ||
2751 | { | ||
2752 | unsigned char signbuf[64]; | ||
2753 | int i; | ||
2754 | size_t sigsize=64; | ||
2755 | s->method->ssl3_enc->cert_verify_mac(s, | ||
2756 | NID_id_GostR3411_94, | ||
2757 | data); | ||
2758 | if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { | ||
2759 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
2760 | ERR_R_INTERNAL_ERROR); | ||
2761 | goto err; | ||
2762 | } | ||
2763 | for (i=63,j=0; i>=0; j++, i--) { | ||
2764 | p[2+j]=signbuf[i]; | ||
2765 | } | ||
2766 | s2n(j,p); | ||
2767 | n=j+2; | ||
2768 | } | ||
2769 | else | ||
2770 | { | ||
2771 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); | ||
2772 | goto err; | ||
2773 | } | ||
2774 | *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | ||
2775 | l2n3(n,d); | ||
2776 | |||
2777 | s->state=SSL3_ST_CW_CERT_VRFY_B; | ||
2778 | s->init_num=(int)n+4; | ||
2779 | s->init_off=0; | ||
2780 | } | ||
2781 | EVP_PKEY_CTX_free(pctx); | ||
2782 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
2783 | err: | ||
2784 | EVP_PKEY_CTX_free(pctx); | ||
2785 | return(-1); | ||
2786 | } | ||
2787 | |||
2788 | int ssl3_send_client_certificate(SSL *s) | ||
2789 | { | ||
2790 | X509 *x509=NULL; | ||
2791 | EVP_PKEY *pkey=NULL; | ||
2792 | int i; | ||
2793 | unsigned long l; | ||
2794 | |||
2795 | if (s->state == SSL3_ST_CW_CERT_A) | ||
2796 | { | ||
2797 | if ((s->cert == NULL) || | ||
2798 | (s->cert->key->x509 == NULL) || | ||
2799 | (s->cert->key->privatekey == NULL)) | ||
2800 | s->state=SSL3_ST_CW_CERT_B; | ||
2801 | else | ||
2802 | s->state=SSL3_ST_CW_CERT_C; | ||
2803 | } | ||
2804 | |||
2805 | /* We need to get a client cert */ | ||
2806 | if (s->state == SSL3_ST_CW_CERT_B) | ||
2807 | { | ||
2808 | /* If we get an error, we need to | ||
2809 | * ssl->rwstate=SSL_X509_LOOKUP; return(-1); | ||
2810 | * We then get retied later */ | ||
2811 | i=0; | ||
2812 | i = ssl_do_client_cert_cb(s, &x509, &pkey); | ||
2813 | if (i < 0) | ||
2814 | { | ||
2815 | s->rwstate=SSL_X509_LOOKUP; | ||
2816 | return(-1); | ||
2817 | } | ||
2818 | s->rwstate=SSL_NOTHING; | ||
2819 | if ((i == 1) && (pkey != NULL) && (x509 != NULL)) | ||
2820 | { | ||
2821 | s->state=SSL3_ST_CW_CERT_B; | ||
2822 | if ( !SSL_use_certificate(s,x509) || | ||
2823 | !SSL_use_PrivateKey(s,pkey)) | ||
2824 | i=0; | ||
2825 | } | ||
2826 | else if (i == 1) | ||
2827 | { | ||
2828 | i=0; | ||
2829 | SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | ||
2830 | } | ||
2831 | |||
2832 | if (x509 != NULL) X509_free(x509); | ||
2833 | if (pkey != NULL) EVP_PKEY_free(pkey); | ||
2834 | if (i == 0) | ||
2835 | { | ||
2836 | if (s->version == SSL3_VERSION) | ||
2837 | { | ||
2838 | s->s3->tmp.cert_req=0; | ||
2839 | ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); | ||
2840 | return(1); | ||
2841 | } | ||
2842 | else | ||
2843 | { | ||
2844 | s->s3->tmp.cert_req=2; | ||
2845 | } | ||
2846 | } | ||
2847 | |||
2848 | /* Ok, we have a cert */ | ||
2849 | s->state=SSL3_ST_CW_CERT_C; | ||
2850 | } | ||
2851 | |||
2852 | if (s->state == SSL3_ST_CW_CERT_C) | ||
2853 | { | ||
2854 | s->state=SSL3_ST_CW_CERT_D; | ||
2855 | l=ssl3_output_cert_chain(s, | ||
2856 | (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); | ||
2857 | s->init_num=(int)l; | ||
2858 | s->init_off=0; | ||
2859 | } | ||
2860 | /* SSL3_ST_CW_CERT_D */ | ||
2861 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
2862 | } | ||
2863 | |||
2864 | #define has_bits(i,m) (((i)&(m)) == (m)) | ||
2865 | |||
2866 | int ssl3_check_cert_and_algorithm(SSL *s) | ||
2867 | { | ||
2868 | int i,idx; | ||
2869 | long alg_k,alg_a; | ||
2870 | EVP_PKEY *pkey=NULL; | ||
2871 | SESS_CERT *sc; | ||
2872 | #ifndef OPENSSL_NO_RSA | ||
2873 | RSA *rsa; | ||
2874 | #endif | ||
2875 | #ifndef OPENSSL_NO_DH | ||
2876 | DH *dh; | ||
2877 | #endif | ||
2878 | |||
2879 | alg_k=s->s3->tmp.new_cipher->algorithm_mkey; | ||
2880 | alg_a=s->s3->tmp.new_cipher->algorithm_auth; | ||
2881 | |||
2882 | /* we don't have a certificate */ | ||
2883 | if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) | ||
2884 | return(1); | ||
2885 | |||
2886 | sc=s->session->sess_cert; | ||
2887 | if (sc == NULL) | ||
2888 | { | ||
2889 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); | ||
2890 | goto err; | ||
2891 | } | ||
2892 | |||
2893 | #ifndef OPENSSL_NO_RSA | ||
2894 | rsa=s->session->sess_cert->peer_rsa_tmp; | ||
2895 | #endif | ||
2896 | #ifndef OPENSSL_NO_DH | ||
2897 | dh=s->session->sess_cert->peer_dh_tmp; | ||
2898 | #endif | ||
2899 | |||
2900 | /* This is the passed certificate */ | ||
2901 | |||
2902 | idx=sc->peer_cert_type; | ||
2903 | #ifndef OPENSSL_NO_ECDH | ||
2904 | if (idx == SSL_PKEY_ECC) | ||
2905 | { | ||
2906 | if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, | ||
2907 | s->s3->tmp.new_cipher) == 0) | ||
2908 | { /* check failed */ | ||
2909 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); | ||
2910 | goto f_err; | ||
2911 | } | ||
2912 | else | ||
2913 | { | ||
2914 | return 1; | ||
2915 | } | ||
2916 | } | ||
2917 | #endif | ||
2918 | pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); | ||
2919 | i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); | ||
2920 | EVP_PKEY_free(pkey); | ||
2921 | |||
2922 | |||
2923 | /* Check that we have a certificate if we require one */ | ||
2924 | if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) | ||
2925 | { | ||
2926 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); | ||
2927 | goto f_err; | ||
2928 | } | ||
2929 | #ifndef OPENSSL_NO_DSA | ||
2930 | else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) | ||
2931 | { | ||
2932 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); | ||
2933 | goto f_err; | ||
2934 | } | ||
2935 | #endif | ||
2936 | #ifndef OPENSSL_NO_RSA | ||
2937 | if ((alg_k & SSL_kRSA) && | ||
2938 | !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) | ||
2939 | { | ||
2940 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); | ||
2941 | goto f_err; | ||
2942 | } | ||
2943 | #endif | ||
2944 | #ifndef OPENSSL_NO_DH | ||
2945 | if ((alg_k & SSL_kEDH) && | ||
2946 | !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) | ||
2947 | { | ||
2948 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); | ||
2949 | goto f_err; | ||
2950 | } | ||
2951 | else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) | ||
2952 | { | ||
2953 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); | ||
2954 | goto f_err; | ||
2955 | } | ||
2956 | #ifndef OPENSSL_NO_DSA | ||
2957 | else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) | ||
2958 | { | ||
2959 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); | ||
2960 | goto f_err; | ||
2961 | } | ||
2962 | #endif | ||
2963 | #endif | ||
2964 | |||
2965 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) | ||
2966 | { | ||
2967 | #ifndef OPENSSL_NO_RSA | ||
2968 | if (alg_k & SSL_kRSA) | ||
2969 | { | ||
2970 | if (rsa == NULL | ||
2971 | || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) | ||
2972 | { | ||
2973 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); | ||
2974 | goto f_err; | ||
2975 | } | ||
2976 | } | ||
2977 | else | ||
2978 | #endif | ||
2979 | #ifndef OPENSSL_NO_DH | ||
2980 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | ||
2981 | { | ||
2982 | if (dh == NULL | ||
2983 | || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) | ||
2984 | { | ||
2985 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); | ||
2986 | goto f_err; | ||
2987 | } | ||
2988 | } | ||
2989 | else | ||
2990 | #endif | ||
2991 | { | ||
2992 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | ||
2993 | goto f_err; | ||
2994 | } | ||
2995 | } | ||
2996 | return(1); | ||
2997 | f_err: | ||
2998 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | ||
2999 | err: | ||
3000 | return(0); | ||
3001 | } | ||
3002 | |||
3003 | /* Check to see if handshake is full or resumed. Usually this is just a | ||
3004 | * case of checking to see if a cache hit has occurred. In the case of | ||
3005 | * session tickets we have to check the next message to be sure. | ||
3006 | */ | ||
3007 | |||
3008 | #ifndef OPENSSL_NO_TLSEXT | ||
3009 | int ssl3_check_finished(SSL *s) | ||
3010 | { | ||
3011 | int ok; | ||
3012 | long n; | ||
3013 | /* If we have no ticket it cannot be a resumed session. */ | ||
3014 | if (!s->session->tlsext_tick) | ||
3015 | return 1; | ||
3016 | /* this function is called when we really expect a Certificate | ||
3017 | * message, so permit appropriate message length */ | ||
3018 | n=s->method->ssl_get_message(s, | ||
3019 | SSL3_ST_CR_CERT_A, | ||
3020 | SSL3_ST_CR_CERT_B, | ||
3021 | -1, | ||
3022 | s->max_cert_list, | ||
3023 | &ok); | ||
3024 | if (!ok) return((int)n); | ||
3025 | s->s3->tmp.reuse_message = 1; | ||
3026 | if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) | ||
3027 | || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) | ||
3028 | return 2; | ||
3029 | |||
3030 | return 1; | ||
3031 | } | ||
3032 | #endif | ||
3033 | |||
3034 | int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) | ||
3035 | { | ||
3036 | int i = 0; | ||
3037 | #ifndef OPENSSL_NO_ENGINE | ||
3038 | if (s->ctx->client_cert_engine) | ||
3039 | { | ||
3040 | i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, | ||
3041 | SSL_get_client_CA_list(s), | ||
3042 | px509, ppkey, NULL, NULL, NULL); | ||
3043 | if (i != 0) | ||
3044 | return i; | ||
3045 | } | ||
3046 | #endif | ||
3047 | if (s->ctx->client_cert_cb) | ||
3048 | i = s->ctx->client_cert_cb(s,px509,ppkey); | ||
3049 | return i; | ||
3050 | } | ||
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c deleted file mode 100644 index 1130244aeb..0000000000 --- a/src/lib/libssl/s3_lib.c +++ /dev/null | |||
@@ -1,3338 +0,0 @@ | |||
1 | /* ssl/s3_lib.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * | ||
114 | * Portions of the attached software ("Contribution") are developed by | ||
115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
116 | * | ||
117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
118 | * license provided above. | ||
119 | * | ||
120 | * ECC cipher suite support in OpenSSL originally written by | ||
121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
122 | * | ||
123 | */ | ||
124 | /* ==================================================================== | ||
125 | * Copyright 2005 Nokia. All rights reserved. | ||
126 | * | ||
127 | * The portions of the attached software ("Contribution") is developed by | ||
128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
129 | * license. | ||
130 | * | ||
131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
133 | * support (see RFC 4279) to OpenSSL. | ||
134 | * | ||
135 | * No patent licenses or other rights except those expressly stated in | ||
136 | * the OpenSSL open source license shall be deemed granted or received | ||
137 | * expressly, by implication, estoppel, or otherwise. | ||
138 | * | ||
139 | * No assurances are provided by Nokia that the Contribution does not | ||
140 | * infringe the patent or other intellectual property rights of any third | ||
141 | * party or that the license provides you with all the necessary rights | ||
142 | * to make use of the Contribution. | ||
143 | * | ||
144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
148 | * OTHERWISE. | ||
149 | */ | ||
150 | |||
151 | #include <stdio.h> | ||
152 | #include <openssl/objects.h> | ||
153 | #include "ssl_locl.h" | ||
154 | #include "kssl_lcl.h" | ||
155 | #ifndef OPENSSL_NO_TLSEXT | ||
156 | #ifndef OPENSSL_NO_EC | ||
157 | #include "../crypto/ec/ec_lcl.h" | ||
158 | #endif /* OPENSSL_NO_EC */ | ||
159 | #endif /* OPENSSL_NO_TLSEXT */ | ||
160 | #include <openssl/md5.h> | ||
161 | #ifndef OPENSSL_NO_DH | ||
162 | #include <openssl/dh.h> | ||
163 | #endif | ||
164 | |||
165 | const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; | ||
166 | |||
167 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) | ||
168 | |||
169 | /* list of available SSLv3 ciphers (sorted by id) */ | ||
170 | OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | ||
171 | |||
172 | /* The RSA ciphers */ | ||
173 | /* Cipher 01 */ | ||
174 | { | ||
175 | 1, | ||
176 | SSL3_TXT_RSA_NULL_MD5, | ||
177 | SSL3_CK_RSA_NULL_MD5, | ||
178 | SSL_kRSA, | ||
179 | SSL_aRSA, | ||
180 | SSL_eNULL, | ||
181 | SSL_MD5, | ||
182 | SSL_SSLV3, | ||
183 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
184 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
185 | 0, | ||
186 | 0, | ||
187 | }, | ||
188 | |||
189 | /* Cipher 02 */ | ||
190 | { | ||
191 | 1, | ||
192 | SSL3_TXT_RSA_NULL_SHA, | ||
193 | SSL3_CK_RSA_NULL_SHA, | ||
194 | SSL_kRSA, | ||
195 | SSL_aRSA, | ||
196 | SSL_eNULL, | ||
197 | SSL_SHA1, | ||
198 | SSL_SSLV3, | ||
199 | SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, | ||
200 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
201 | 0, | ||
202 | 0, | ||
203 | }, | ||
204 | |||
205 | /* Cipher 03 */ | ||
206 | { | ||
207 | 1, | ||
208 | SSL3_TXT_RSA_RC4_40_MD5, | ||
209 | SSL3_CK_RSA_RC4_40_MD5, | ||
210 | SSL_kRSA, | ||
211 | SSL_aRSA, | ||
212 | SSL_RC4, | ||
213 | SSL_MD5, | ||
214 | SSL_SSLV3, | ||
215 | SSL_EXPORT|SSL_EXP40, | ||
216 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
217 | 40, | ||
218 | 128, | ||
219 | }, | ||
220 | |||
221 | /* Cipher 04 */ | ||
222 | { | ||
223 | 1, | ||
224 | SSL3_TXT_RSA_RC4_128_MD5, | ||
225 | SSL3_CK_RSA_RC4_128_MD5, | ||
226 | SSL_kRSA, | ||
227 | SSL_aRSA, | ||
228 | SSL_RC4, | ||
229 | SSL_MD5, | ||
230 | SSL_SSLV3, | ||
231 | SSL_NOT_EXP|SSL_MEDIUM, | ||
232 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
233 | 128, | ||
234 | 128, | ||
235 | }, | ||
236 | |||
237 | /* Cipher 05 */ | ||
238 | { | ||
239 | 1, | ||
240 | SSL3_TXT_RSA_RC4_128_SHA, | ||
241 | SSL3_CK_RSA_RC4_128_SHA, | ||
242 | SSL_kRSA, | ||
243 | SSL_aRSA, | ||
244 | SSL_RC4, | ||
245 | SSL_SHA1, | ||
246 | SSL_SSLV3, | ||
247 | SSL_NOT_EXP|SSL_MEDIUM, | ||
248 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
249 | 128, | ||
250 | 128, | ||
251 | }, | ||
252 | |||
253 | /* Cipher 06 */ | ||
254 | { | ||
255 | 1, | ||
256 | SSL3_TXT_RSA_RC2_40_MD5, | ||
257 | SSL3_CK_RSA_RC2_40_MD5, | ||
258 | SSL_kRSA, | ||
259 | SSL_aRSA, | ||
260 | SSL_RC2, | ||
261 | SSL_MD5, | ||
262 | SSL_SSLV3, | ||
263 | SSL_EXPORT|SSL_EXP40, | ||
264 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
265 | 40, | ||
266 | 128, | ||
267 | }, | ||
268 | |||
269 | /* Cipher 07 */ | ||
270 | #ifndef OPENSSL_NO_IDEA | ||
271 | { | ||
272 | 1, | ||
273 | SSL3_TXT_RSA_IDEA_128_SHA, | ||
274 | SSL3_CK_RSA_IDEA_128_SHA, | ||
275 | SSL_kRSA, | ||
276 | SSL_aRSA, | ||
277 | SSL_IDEA, | ||
278 | SSL_SHA1, | ||
279 | SSL_SSLV3, | ||
280 | SSL_NOT_EXP|SSL_MEDIUM, | ||
281 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
282 | 128, | ||
283 | 128, | ||
284 | }, | ||
285 | #endif | ||
286 | |||
287 | /* Cipher 08 */ | ||
288 | { | ||
289 | 1, | ||
290 | SSL3_TXT_RSA_DES_40_CBC_SHA, | ||
291 | SSL3_CK_RSA_DES_40_CBC_SHA, | ||
292 | SSL_kRSA, | ||
293 | SSL_aRSA, | ||
294 | SSL_DES, | ||
295 | SSL_SHA1, | ||
296 | SSL_SSLV3, | ||
297 | SSL_EXPORT|SSL_EXP40, | ||
298 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
299 | 40, | ||
300 | 56, | ||
301 | }, | ||
302 | |||
303 | /* Cipher 09 */ | ||
304 | { | ||
305 | 1, | ||
306 | SSL3_TXT_RSA_DES_64_CBC_SHA, | ||
307 | SSL3_CK_RSA_DES_64_CBC_SHA, | ||
308 | SSL_kRSA, | ||
309 | SSL_aRSA, | ||
310 | SSL_DES, | ||
311 | SSL_SHA1, | ||
312 | SSL_SSLV3, | ||
313 | SSL_NOT_EXP|SSL_LOW, | ||
314 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
315 | 56, | ||
316 | 56, | ||
317 | }, | ||
318 | |||
319 | /* Cipher 0A */ | ||
320 | { | ||
321 | 1, | ||
322 | SSL3_TXT_RSA_DES_192_CBC3_SHA, | ||
323 | SSL3_CK_RSA_DES_192_CBC3_SHA, | ||
324 | SSL_kRSA, | ||
325 | SSL_aRSA, | ||
326 | SSL_3DES, | ||
327 | SSL_SHA1, | ||
328 | SSL_SSLV3, | ||
329 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
330 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
331 | 168, | ||
332 | 168, | ||
333 | }, | ||
334 | |||
335 | /* The DH ciphers */ | ||
336 | /* Cipher 0B */ | ||
337 | { | ||
338 | 0, | ||
339 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | ||
340 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, | ||
341 | SSL_kDHd, | ||
342 | SSL_aDH, | ||
343 | SSL_DES, | ||
344 | SSL_SHA1, | ||
345 | SSL_SSLV3, | ||
346 | SSL_EXPORT|SSL_EXP40, | ||
347 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
348 | 40, | ||
349 | 56, | ||
350 | }, | ||
351 | |||
352 | /* Cipher 0C */ | ||
353 | { | ||
354 | 0, /* not implemented (non-ephemeral DH) */ | ||
355 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | ||
356 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, | ||
357 | SSL_kDHd, | ||
358 | SSL_aDH, | ||
359 | SSL_DES, | ||
360 | SSL_SHA1, | ||
361 | SSL_SSLV3, | ||
362 | SSL_NOT_EXP|SSL_LOW, | ||
363 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
364 | 56, | ||
365 | 56, | ||
366 | }, | ||
367 | |||
368 | /* Cipher 0D */ | ||
369 | { | ||
370 | 0, /* not implemented (non-ephemeral DH) */ | ||
371 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, | ||
372 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, | ||
373 | SSL_kDHd, | ||
374 | SSL_aDH, | ||
375 | SSL_3DES, | ||
376 | SSL_SHA1, | ||
377 | SSL_SSLV3, | ||
378 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
379 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
380 | 168, | ||
381 | 168, | ||
382 | }, | ||
383 | |||
384 | /* Cipher 0E */ | ||
385 | { | ||
386 | 0, /* not implemented (non-ephemeral DH) */ | ||
387 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | ||
388 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, | ||
389 | SSL_kDHr, | ||
390 | SSL_aDH, | ||
391 | SSL_DES, | ||
392 | SSL_SHA1, | ||
393 | SSL_SSLV3, | ||
394 | SSL_EXPORT|SSL_EXP40, | ||
395 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
396 | 40, | ||
397 | 56, | ||
398 | }, | ||
399 | |||
400 | /* Cipher 0F */ | ||
401 | { | ||
402 | 0, /* not implemented (non-ephemeral DH) */ | ||
403 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | ||
404 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, | ||
405 | SSL_kDHr, | ||
406 | SSL_aDH, | ||
407 | SSL_DES, | ||
408 | SSL_SHA1, | ||
409 | SSL_SSLV3, | ||
410 | SSL_NOT_EXP|SSL_LOW, | ||
411 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
412 | 56, | ||
413 | 56, | ||
414 | }, | ||
415 | |||
416 | /* Cipher 10 */ | ||
417 | { | ||
418 | 0, /* not implemented (non-ephemeral DH) */ | ||
419 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, | ||
420 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, | ||
421 | SSL_kDHr, | ||
422 | SSL_aDH, | ||
423 | SSL_3DES, | ||
424 | SSL_SHA1, | ||
425 | SSL_SSLV3, | ||
426 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
427 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
428 | 168, | ||
429 | 168, | ||
430 | }, | ||
431 | |||
432 | /* The Ephemeral DH ciphers */ | ||
433 | /* Cipher 11 */ | ||
434 | { | ||
435 | 1, | ||
436 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | ||
437 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | ||
438 | SSL_kEDH, | ||
439 | SSL_aDSS, | ||
440 | SSL_DES, | ||
441 | SSL_SHA1, | ||
442 | SSL_SSLV3, | ||
443 | SSL_EXPORT|SSL_EXP40, | ||
444 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
445 | 40, | ||
446 | 56, | ||
447 | }, | ||
448 | |||
449 | /* Cipher 12 */ | ||
450 | { | ||
451 | 1, | ||
452 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | ||
453 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | ||
454 | SSL_kEDH, | ||
455 | SSL_aDSS, | ||
456 | SSL_DES, | ||
457 | SSL_SHA1, | ||
458 | SSL_SSLV3, | ||
459 | SSL_NOT_EXP|SSL_LOW, | ||
460 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
461 | 56, | ||
462 | 56, | ||
463 | }, | ||
464 | |||
465 | /* Cipher 13 */ | ||
466 | { | ||
467 | 1, | ||
468 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | ||
469 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | ||
470 | SSL_kEDH, | ||
471 | SSL_aDSS, | ||
472 | SSL_3DES, | ||
473 | SSL_SHA1, | ||
474 | SSL_SSLV3, | ||
475 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
476 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
477 | 168, | ||
478 | 168, | ||
479 | }, | ||
480 | |||
481 | /* Cipher 14 */ | ||
482 | { | ||
483 | 1, | ||
484 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | ||
485 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | ||
486 | SSL_kEDH, | ||
487 | SSL_aRSA, | ||
488 | SSL_DES, | ||
489 | SSL_SHA1, | ||
490 | SSL_SSLV3, | ||
491 | SSL_EXPORT|SSL_EXP40, | ||
492 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
493 | 40, | ||
494 | 56, | ||
495 | }, | ||
496 | |||
497 | /* Cipher 15 */ | ||
498 | { | ||
499 | 1, | ||
500 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | ||
501 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | ||
502 | SSL_kEDH, | ||
503 | SSL_aRSA, | ||
504 | SSL_DES, | ||
505 | SSL_SHA1, | ||
506 | SSL_SSLV3, | ||
507 | SSL_NOT_EXP|SSL_LOW, | ||
508 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
509 | 56, | ||
510 | 56, | ||
511 | }, | ||
512 | |||
513 | /* Cipher 16 */ | ||
514 | { | ||
515 | 1, | ||
516 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | ||
517 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | ||
518 | SSL_kEDH, | ||
519 | SSL_aRSA, | ||
520 | SSL_3DES, | ||
521 | SSL_SHA1, | ||
522 | SSL_SSLV3, | ||
523 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
524 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
525 | 168, | ||
526 | 168, | ||
527 | }, | ||
528 | |||
529 | /* Cipher 17 */ | ||
530 | { | ||
531 | 1, | ||
532 | SSL3_TXT_ADH_RC4_40_MD5, | ||
533 | SSL3_CK_ADH_RC4_40_MD5, | ||
534 | SSL_kEDH, | ||
535 | SSL_aNULL, | ||
536 | SSL_RC4, | ||
537 | SSL_MD5, | ||
538 | SSL_SSLV3, | ||
539 | SSL_EXPORT|SSL_EXP40, | ||
540 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
541 | 40, | ||
542 | 128, | ||
543 | }, | ||
544 | |||
545 | /* Cipher 18 */ | ||
546 | { | ||
547 | 1, | ||
548 | SSL3_TXT_ADH_RC4_128_MD5, | ||
549 | SSL3_CK_ADH_RC4_128_MD5, | ||
550 | SSL_kEDH, | ||
551 | SSL_aNULL, | ||
552 | SSL_RC4, | ||
553 | SSL_MD5, | ||
554 | SSL_SSLV3, | ||
555 | SSL_NOT_EXP|SSL_MEDIUM, | ||
556 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
557 | 128, | ||
558 | 128, | ||
559 | }, | ||
560 | |||
561 | /* Cipher 19 */ | ||
562 | { | ||
563 | 1, | ||
564 | SSL3_TXT_ADH_DES_40_CBC_SHA, | ||
565 | SSL3_CK_ADH_DES_40_CBC_SHA, | ||
566 | SSL_kEDH, | ||
567 | SSL_aNULL, | ||
568 | SSL_DES, | ||
569 | SSL_SHA1, | ||
570 | SSL_SSLV3, | ||
571 | SSL_EXPORT|SSL_EXP40, | ||
572 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
573 | 40, | ||
574 | 128, | ||
575 | }, | ||
576 | |||
577 | /* Cipher 1A */ | ||
578 | { | ||
579 | 1, | ||
580 | SSL3_TXT_ADH_DES_64_CBC_SHA, | ||
581 | SSL3_CK_ADH_DES_64_CBC_SHA, | ||
582 | SSL_kEDH, | ||
583 | SSL_aNULL, | ||
584 | SSL_DES, | ||
585 | SSL_SHA1, | ||
586 | SSL_SSLV3, | ||
587 | SSL_NOT_EXP|SSL_LOW, | ||
588 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
589 | 56, | ||
590 | 56, | ||
591 | }, | ||
592 | |||
593 | /* Cipher 1B */ | ||
594 | { | ||
595 | 1, | ||
596 | SSL3_TXT_ADH_DES_192_CBC_SHA, | ||
597 | SSL3_CK_ADH_DES_192_CBC_SHA, | ||
598 | SSL_kEDH, | ||
599 | SSL_aNULL, | ||
600 | SSL_3DES, | ||
601 | SSL_SHA1, | ||
602 | SSL_SSLV3, | ||
603 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
604 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
605 | 168, | ||
606 | 168, | ||
607 | }, | ||
608 | |||
609 | /* Fortezza ciphersuite from SSL 3.0 spec */ | ||
610 | #if 0 | ||
611 | /* Cipher 1C */ | ||
612 | { | ||
613 | 0, | ||
614 | SSL3_TXT_FZA_DMS_NULL_SHA, | ||
615 | SSL3_CK_FZA_DMS_NULL_SHA, | ||
616 | SSL_kFZA, | ||
617 | SSL_aFZA, | ||
618 | SSL_eNULL, | ||
619 | SSL_SHA1, | ||
620 | SSL_SSLV3, | ||
621 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
622 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
623 | 0, | ||
624 | 0, | ||
625 | }, | ||
626 | |||
627 | /* Cipher 1D */ | ||
628 | { | ||
629 | 0, | ||
630 | SSL3_TXT_FZA_DMS_FZA_SHA, | ||
631 | SSL3_CK_FZA_DMS_FZA_SHA, | ||
632 | SSL_kFZA, | ||
633 | SSL_aFZA, | ||
634 | SSL_eFZA, | ||
635 | SSL_SHA1, | ||
636 | SSL_SSLV3, | ||
637 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
638 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
639 | 0, | ||
640 | 0, | ||
641 | }, | ||
642 | |||
643 | /* Cipher 1E */ | ||
644 | { | ||
645 | 0, | ||
646 | SSL3_TXT_FZA_DMS_RC4_SHA, | ||
647 | SSL3_CK_FZA_DMS_RC4_SHA, | ||
648 | SSL_kFZA, | ||
649 | SSL_aFZA, | ||
650 | SSL_RC4, | ||
651 | SSL_SHA1, | ||
652 | SSL_SSLV3, | ||
653 | SSL_NOT_EXP|SSL_MEDIUM, | ||
654 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
655 | 128, | ||
656 | 128, | ||
657 | }, | ||
658 | #endif | ||
659 | |||
660 | #ifndef OPENSSL_NO_KRB5 | ||
661 | /* The Kerberos ciphers*/ | ||
662 | /* Cipher 1E */ | ||
663 | { | ||
664 | 1, | ||
665 | SSL3_TXT_KRB5_DES_64_CBC_SHA, | ||
666 | SSL3_CK_KRB5_DES_64_CBC_SHA, | ||
667 | SSL_kKRB5, | ||
668 | SSL_aKRB5, | ||
669 | SSL_DES, | ||
670 | SSL_SHA1, | ||
671 | SSL_SSLV3, | ||
672 | SSL_NOT_EXP|SSL_LOW, | ||
673 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
674 | 56, | ||
675 | 56, | ||
676 | }, | ||
677 | |||
678 | /* Cipher 1F */ | ||
679 | { | ||
680 | 1, | ||
681 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, | ||
682 | SSL3_CK_KRB5_DES_192_CBC3_SHA, | ||
683 | SSL_kKRB5, | ||
684 | SSL_aKRB5, | ||
685 | SSL_3DES, | ||
686 | SSL_SHA1, | ||
687 | SSL_SSLV3, | ||
688 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
689 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
690 | 168, | ||
691 | 168, | ||
692 | }, | ||
693 | |||
694 | /* Cipher 20 */ | ||
695 | { | ||
696 | 1, | ||
697 | SSL3_TXT_KRB5_RC4_128_SHA, | ||
698 | SSL3_CK_KRB5_RC4_128_SHA, | ||
699 | SSL_kKRB5, | ||
700 | SSL_aKRB5, | ||
701 | SSL_RC4, | ||
702 | SSL_SHA1, | ||
703 | SSL_SSLV3, | ||
704 | SSL_NOT_EXP|SSL_MEDIUM, | ||
705 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
706 | 128, | ||
707 | 128, | ||
708 | }, | ||
709 | |||
710 | /* Cipher 21 */ | ||
711 | { | ||
712 | 1, | ||
713 | SSL3_TXT_KRB5_IDEA_128_CBC_SHA, | ||
714 | SSL3_CK_KRB5_IDEA_128_CBC_SHA, | ||
715 | SSL_kKRB5, | ||
716 | SSL_aKRB5, | ||
717 | SSL_IDEA, | ||
718 | SSL_SHA1, | ||
719 | SSL_SSLV3, | ||
720 | SSL_NOT_EXP|SSL_MEDIUM, | ||
721 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
722 | 128, | ||
723 | 128, | ||
724 | }, | ||
725 | |||
726 | /* Cipher 22 */ | ||
727 | { | ||
728 | 1, | ||
729 | SSL3_TXT_KRB5_DES_64_CBC_MD5, | ||
730 | SSL3_CK_KRB5_DES_64_CBC_MD5, | ||
731 | SSL_kKRB5, | ||
732 | SSL_aKRB5, | ||
733 | SSL_DES, | ||
734 | SSL_MD5, | ||
735 | SSL_SSLV3, | ||
736 | SSL_NOT_EXP|SSL_LOW, | ||
737 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
738 | 56, | ||
739 | 56, | ||
740 | }, | ||
741 | |||
742 | /* Cipher 23 */ | ||
743 | { | ||
744 | 1, | ||
745 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, | ||
746 | SSL3_CK_KRB5_DES_192_CBC3_MD5, | ||
747 | SSL_kKRB5, | ||
748 | SSL_aKRB5, | ||
749 | SSL_3DES, | ||
750 | SSL_MD5, | ||
751 | SSL_SSLV3, | ||
752 | SSL_NOT_EXP|SSL_HIGH, | ||
753 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
754 | 168, | ||
755 | 168, | ||
756 | }, | ||
757 | |||
758 | /* Cipher 24 */ | ||
759 | { | ||
760 | 1, | ||
761 | SSL3_TXT_KRB5_RC4_128_MD5, | ||
762 | SSL3_CK_KRB5_RC4_128_MD5, | ||
763 | SSL_kKRB5, | ||
764 | SSL_aKRB5, | ||
765 | SSL_RC4, | ||
766 | SSL_MD5, | ||
767 | SSL_SSLV3, | ||
768 | SSL_NOT_EXP|SSL_MEDIUM, | ||
769 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
770 | 128, | ||
771 | 128, | ||
772 | }, | ||
773 | |||
774 | /* Cipher 25 */ | ||
775 | { | ||
776 | 1, | ||
777 | SSL3_TXT_KRB5_IDEA_128_CBC_MD5, | ||
778 | SSL3_CK_KRB5_IDEA_128_CBC_MD5, | ||
779 | SSL_kKRB5, | ||
780 | SSL_aKRB5, | ||
781 | SSL_IDEA, | ||
782 | SSL_MD5, | ||
783 | SSL_SSLV3, | ||
784 | SSL_NOT_EXP|SSL_MEDIUM, | ||
785 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
786 | 128, | ||
787 | 128, | ||
788 | }, | ||
789 | |||
790 | /* Cipher 26 */ | ||
791 | { | ||
792 | 1, | ||
793 | SSL3_TXT_KRB5_DES_40_CBC_SHA, | ||
794 | SSL3_CK_KRB5_DES_40_CBC_SHA, | ||
795 | SSL_kKRB5, | ||
796 | SSL_aKRB5, | ||
797 | SSL_DES, | ||
798 | SSL_SHA1, | ||
799 | SSL_SSLV3, | ||
800 | SSL_EXPORT|SSL_EXP40, | ||
801 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
802 | 40, | ||
803 | 56, | ||
804 | }, | ||
805 | |||
806 | /* Cipher 27 */ | ||
807 | { | ||
808 | 1, | ||
809 | SSL3_TXT_KRB5_RC2_40_CBC_SHA, | ||
810 | SSL3_CK_KRB5_RC2_40_CBC_SHA, | ||
811 | SSL_kKRB5, | ||
812 | SSL_aKRB5, | ||
813 | SSL_RC2, | ||
814 | SSL_SHA1, | ||
815 | SSL_SSLV3, | ||
816 | SSL_EXPORT|SSL_EXP40, | ||
817 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
818 | 40, | ||
819 | 128, | ||
820 | }, | ||
821 | |||
822 | /* Cipher 28 */ | ||
823 | { | ||
824 | 1, | ||
825 | SSL3_TXT_KRB5_RC4_40_SHA, | ||
826 | SSL3_CK_KRB5_RC4_40_SHA, | ||
827 | SSL_kKRB5, | ||
828 | SSL_aKRB5, | ||
829 | SSL_RC4, | ||
830 | SSL_SHA1, | ||
831 | SSL_SSLV3, | ||
832 | SSL_EXPORT|SSL_EXP40, | ||
833 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
834 | 40, | ||
835 | 128, | ||
836 | }, | ||
837 | |||
838 | /* Cipher 29 */ | ||
839 | { | ||
840 | 1, | ||
841 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | ||
842 | SSL3_CK_KRB5_DES_40_CBC_MD5, | ||
843 | SSL_kKRB5, | ||
844 | SSL_aKRB5, | ||
845 | SSL_DES, | ||
846 | SSL_MD5, | ||
847 | SSL_SSLV3, | ||
848 | SSL_EXPORT|SSL_EXP40, | ||
849 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
850 | 40, | ||
851 | 56, | ||
852 | }, | ||
853 | |||
854 | /* Cipher 2A */ | ||
855 | { | ||
856 | 1, | ||
857 | SSL3_TXT_KRB5_RC2_40_CBC_MD5, | ||
858 | SSL3_CK_KRB5_RC2_40_CBC_MD5, | ||
859 | SSL_kKRB5, | ||
860 | SSL_aKRB5, | ||
861 | SSL_RC2, | ||
862 | SSL_MD5, | ||
863 | SSL_SSLV3, | ||
864 | SSL_EXPORT|SSL_EXP40, | ||
865 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
866 | 40, | ||
867 | 128, | ||
868 | }, | ||
869 | |||
870 | /* Cipher 2B */ | ||
871 | { | ||
872 | 1, | ||
873 | SSL3_TXT_KRB5_RC4_40_MD5, | ||
874 | SSL3_CK_KRB5_RC4_40_MD5, | ||
875 | SSL_kKRB5, | ||
876 | SSL_aKRB5, | ||
877 | SSL_RC4, | ||
878 | SSL_MD5, | ||
879 | SSL_SSLV3, | ||
880 | SSL_EXPORT|SSL_EXP40, | ||
881 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
882 | 40, | ||
883 | 128, | ||
884 | }, | ||
885 | #endif /* OPENSSL_NO_KRB5 */ | ||
886 | |||
887 | /* New AES ciphersuites */ | ||
888 | /* Cipher 2F */ | ||
889 | { | ||
890 | 1, | ||
891 | TLS1_TXT_RSA_WITH_AES_128_SHA, | ||
892 | TLS1_CK_RSA_WITH_AES_128_SHA, | ||
893 | SSL_kRSA, | ||
894 | SSL_aRSA, | ||
895 | SSL_AES128, | ||
896 | SSL_SHA1, | ||
897 | SSL_TLSV1, | ||
898 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
899 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
900 | 128, | ||
901 | 128, | ||
902 | }, | ||
903 | /* Cipher 30 */ | ||
904 | { | ||
905 | 0, | ||
906 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | ||
907 | TLS1_CK_DH_DSS_WITH_AES_128_SHA, | ||
908 | SSL_kDHd, | ||
909 | SSL_aDH, | ||
910 | SSL_AES128, | ||
911 | SSL_SHA1, | ||
912 | SSL_TLSV1, | ||
913 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
914 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
915 | 128, | ||
916 | 128, | ||
917 | }, | ||
918 | /* Cipher 31 */ | ||
919 | { | ||
920 | 0, | ||
921 | TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | ||
922 | TLS1_CK_DH_RSA_WITH_AES_128_SHA, | ||
923 | SSL_kDHr, | ||
924 | SSL_aDH, | ||
925 | SSL_AES128, | ||
926 | SSL_SHA1, | ||
927 | SSL_TLSV1, | ||
928 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
929 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
930 | 128, | ||
931 | 128, | ||
932 | }, | ||
933 | /* Cipher 32 */ | ||
934 | { | ||
935 | 1, | ||
936 | TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | ||
937 | TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | ||
938 | SSL_kEDH, | ||
939 | SSL_aDSS, | ||
940 | SSL_AES128, | ||
941 | SSL_SHA1, | ||
942 | SSL_TLSV1, | ||
943 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
944 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
945 | 128, | ||
946 | 128, | ||
947 | }, | ||
948 | /* Cipher 33 */ | ||
949 | { | ||
950 | 1, | ||
951 | TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | ||
952 | TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | ||
953 | SSL_kEDH, | ||
954 | SSL_aRSA, | ||
955 | SSL_AES128, | ||
956 | SSL_SHA1, | ||
957 | SSL_TLSV1, | ||
958 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
959 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
960 | 128, | ||
961 | 128, | ||
962 | }, | ||
963 | /* Cipher 34 */ | ||
964 | { | ||
965 | 1, | ||
966 | TLS1_TXT_ADH_WITH_AES_128_SHA, | ||
967 | TLS1_CK_ADH_WITH_AES_128_SHA, | ||
968 | SSL_kEDH, | ||
969 | SSL_aNULL, | ||
970 | SSL_AES128, | ||
971 | SSL_SHA1, | ||
972 | SSL_TLSV1, | ||
973 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
974 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
975 | 128, | ||
976 | 128, | ||
977 | }, | ||
978 | |||
979 | /* Cipher 35 */ | ||
980 | { | ||
981 | 1, | ||
982 | TLS1_TXT_RSA_WITH_AES_256_SHA, | ||
983 | TLS1_CK_RSA_WITH_AES_256_SHA, | ||
984 | SSL_kRSA, | ||
985 | SSL_aRSA, | ||
986 | SSL_AES256, | ||
987 | SSL_SHA1, | ||
988 | SSL_TLSV1, | ||
989 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
990 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
991 | 256, | ||
992 | 256, | ||
993 | }, | ||
994 | /* Cipher 36 */ | ||
995 | { | ||
996 | 0, | ||
997 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | ||
998 | TLS1_CK_DH_DSS_WITH_AES_256_SHA, | ||
999 | SSL_kDHd, | ||
1000 | SSL_aDH, | ||
1001 | SSL_AES256, | ||
1002 | SSL_SHA1, | ||
1003 | SSL_TLSV1, | ||
1004 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
1005 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1006 | 256, | ||
1007 | 256, | ||
1008 | }, | ||
1009 | |||
1010 | /* Cipher 37 */ | ||
1011 | { | ||
1012 | 0, /* not implemented (non-ephemeral DH) */ | ||
1013 | TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | ||
1014 | TLS1_CK_DH_RSA_WITH_AES_256_SHA, | ||
1015 | SSL_kDHr, | ||
1016 | SSL_aDH, | ||
1017 | SSL_AES256, | ||
1018 | SSL_SHA1, | ||
1019 | SSL_TLSV1, | ||
1020 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
1021 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1022 | 256, | ||
1023 | 256, | ||
1024 | }, | ||
1025 | |||
1026 | /* Cipher 38 */ | ||
1027 | { | ||
1028 | 1, | ||
1029 | TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | ||
1030 | TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | ||
1031 | SSL_kEDH, | ||
1032 | SSL_aDSS, | ||
1033 | SSL_AES256, | ||
1034 | SSL_SHA1, | ||
1035 | SSL_TLSV1, | ||
1036 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
1037 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1038 | 256, | ||
1039 | 256, | ||
1040 | }, | ||
1041 | |||
1042 | /* Cipher 39 */ | ||
1043 | { | ||
1044 | 1, | ||
1045 | TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | ||
1046 | TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | ||
1047 | SSL_kEDH, | ||
1048 | SSL_aRSA, | ||
1049 | SSL_AES256, | ||
1050 | SSL_SHA1, | ||
1051 | SSL_TLSV1, | ||
1052 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
1053 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1054 | 256, | ||
1055 | 256, | ||
1056 | }, | ||
1057 | |||
1058 | /* Cipher 3A */ | ||
1059 | { | ||
1060 | 1, | ||
1061 | TLS1_TXT_ADH_WITH_AES_256_SHA, | ||
1062 | TLS1_CK_ADH_WITH_AES_256_SHA, | ||
1063 | SSL_kEDH, | ||
1064 | SSL_aNULL, | ||
1065 | SSL_AES256, | ||
1066 | SSL_SHA1, | ||
1067 | SSL_TLSV1, | ||
1068 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
1069 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1070 | 256, | ||
1071 | 256, | ||
1072 | }, | ||
1073 | |||
1074 | #ifndef OPENSSL_NO_CAMELLIA | ||
1075 | /* Camellia ciphersuites from RFC4132 (128-bit portion) */ | ||
1076 | |||
1077 | /* Cipher 41 */ | ||
1078 | { | ||
1079 | 1, | ||
1080 | TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
1081 | TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
1082 | SSL_kRSA, | ||
1083 | SSL_aRSA, | ||
1084 | SSL_CAMELLIA128, | ||
1085 | SSL_SHA1, | ||
1086 | SSL_TLSV1, | ||
1087 | SSL_NOT_EXP|SSL_HIGH, | ||
1088 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1089 | 128, | ||
1090 | 128, | ||
1091 | }, | ||
1092 | |||
1093 | /* Cipher 42 */ | ||
1094 | { | ||
1095 | 0, /* not implemented (non-ephemeral DH) */ | ||
1096 | TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
1097 | TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
1098 | SSL_kDHd, | ||
1099 | SSL_aDH, | ||
1100 | SSL_CAMELLIA128, | ||
1101 | SSL_SHA1, | ||
1102 | SSL_TLSV1, | ||
1103 | SSL_NOT_EXP|SSL_HIGH, | ||
1104 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1105 | 128, | ||
1106 | 128, | ||
1107 | }, | ||
1108 | |||
1109 | /* Cipher 43 */ | ||
1110 | { | ||
1111 | 0, /* not implemented (non-ephemeral DH) */ | ||
1112 | TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
1113 | TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
1114 | SSL_kDHr, | ||
1115 | SSL_aDH, | ||
1116 | SSL_CAMELLIA128, | ||
1117 | SSL_SHA1, | ||
1118 | SSL_TLSV1, | ||
1119 | SSL_NOT_EXP|SSL_HIGH, | ||
1120 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1121 | 128, | ||
1122 | 128, | ||
1123 | }, | ||
1124 | |||
1125 | /* Cipher 44 */ | ||
1126 | { | ||
1127 | 1, | ||
1128 | TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
1129 | TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
1130 | SSL_kEDH, | ||
1131 | SSL_aDSS, | ||
1132 | SSL_CAMELLIA128, | ||
1133 | SSL_SHA1, | ||
1134 | SSL_TLSV1, | ||
1135 | SSL_NOT_EXP|SSL_HIGH, | ||
1136 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1137 | 128, | ||
1138 | 128, | ||
1139 | }, | ||
1140 | |||
1141 | /* Cipher 45 */ | ||
1142 | { | ||
1143 | 1, | ||
1144 | TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
1145 | TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
1146 | SSL_kEDH, | ||
1147 | SSL_aRSA, | ||
1148 | SSL_CAMELLIA128, | ||
1149 | SSL_SHA1, | ||
1150 | SSL_TLSV1, | ||
1151 | SSL_NOT_EXP|SSL_HIGH, | ||
1152 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1153 | 128, | ||
1154 | 128, | ||
1155 | }, | ||
1156 | |||
1157 | /* Cipher 46 */ | ||
1158 | { | ||
1159 | 1, | ||
1160 | TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
1161 | TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
1162 | SSL_kEDH, | ||
1163 | SSL_aNULL, | ||
1164 | SSL_CAMELLIA128, | ||
1165 | SSL_SHA1, | ||
1166 | SSL_TLSV1, | ||
1167 | SSL_NOT_EXP|SSL_HIGH, | ||
1168 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1169 | 128, | ||
1170 | 128, | ||
1171 | }, | ||
1172 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
1173 | |||
1174 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES | ||
1175 | /* New TLS Export CipherSuites from expired ID */ | ||
1176 | #if 0 | ||
1177 | /* Cipher 60 */ | ||
1178 | { | ||
1179 | 1, | ||
1180 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, | ||
1181 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, | ||
1182 | SSL_kRSA, | ||
1183 | SSL_aRSA, | ||
1184 | SSL_RC4, | ||
1185 | SSL_MD5, | ||
1186 | SSL_TLSV1, | ||
1187 | SSL_EXPORT|SSL_EXP56, | ||
1188 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1189 | 56, | ||
1190 | 128, | ||
1191 | }, | ||
1192 | |||
1193 | /* Cipher 61 */ | ||
1194 | { | ||
1195 | 1, | ||
1196 | TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | ||
1197 | TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | ||
1198 | SSL_kRSA, | ||
1199 | SSL_aRSA, | ||
1200 | SSL_RC2, | ||
1201 | SSL_MD5, | ||
1202 | SSL_TLSV1, | ||
1203 | SSL_EXPORT|SSL_EXP56, | ||
1204 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1205 | 56, | ||
1206 | 128, | ||
1207 | }, | ||
1208 | #endif | ||
1209 | |||
1210 | /* Cipher 62 */ | ||
1211 | { | ||
1212 | 1, | ||
1213 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, | ||
1214 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, | ||
1215 | SSL_kRSA, | ||
1216 | SSL_aRSA, | ||
1217 | SSL_DES, | ||
1218 | SSL_SHA1, | ||
1219 | SSL_TLSV1, | ||
1220 | SSL_EXPORT|SSL_EXP56, | ||
1221 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1222 | 56, | ||
1223 | 56, | ||
1224 | }, | ||
1225 | |||
1226 | /* Cipher 63 */ | ||
1227 | { | ||
1228 | 1, | ||
1229 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | ||
1230 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | ||
1231 | SSL_kEDH, | ||
1232 | SSL_aDSS, | ||
1233 | SSL_DES, | ||
1234 | SSL_SHA1, | ||
1235 | SSL_TLSV1, | ||
1236 | SSL_EXPORT|SSL_EXP56, | ||
1237 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1238 | 56, | ||
1239 | 56, | ||
1240 | }, | ||
1241 | |||
1242 | /* Cipher 64 */ | ||
1243 | { | ||
1244 | 1, | ||
1245 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, | ||
1246 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, | ||
1247 | SSL_kRSA, | ||
1248 | SSL_aRSA, | ||
1249 | SSL_RC4, | ||
1250 | SSL_SHA1, | ||
1251 | SSL_TLSV1, | ||
1252 | SSL_EXPORT|SSL_EXP56, | ||
1253 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1254 | 56, | ||
1255 | 128, | ||
1256 | }, | ||
1257 | |||
1258 | /* Cipher 65 */ | ||
1259 | { | ||
1260 | 1, | ||
1261 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | ||
1262 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | ||
1263 | SSL_kEDH, | ||
1264 | SSL_aDSS, | ||
1265 | SSL_RC4, | ||
1266 | SSL_SHA1, | ||
1267 | SSL_TLSV1, | ||
1268 | SSL_EXPORT|SSL_EXP56, | ||
1269 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1270 | 56, | ||
1271 | 128, | ||
1272 | }, | ||
1273 | |||
1274 | /* Cipher 66 */ | ||
1275 | { | ||
1276 | 1, | ||
1277 | TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, | ||
1278 | TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, | ||
1279 | SSL_kEDH, | ||
1280 | SSL_aDSS, | ||
1281 | SSL_RC4, | ||
1282 | SSL_SHA1, | ||
1283 | SSL_TLSV1, | ||
1284 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1285 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1286 | 128, | ||
1287 | 128, | ||
1288 | }, | ||
1289 | #endif | ||
1290 | { | ||
1291 | 1, | ||
1292 | "GOST94-GOST89-GOST89", | ||
1293 | 0x3000080, | ||
1294 | SSL_kGOST, | ||
1295 | SSL_aGOST94, | ||
1296 | SSL_eGOST2814789CNT, | ||
1297 | SSL_GOST89MAC, | ||
1298 | SSL_TLSV1, | ||
1299 | SSL_NOT_EXP|SSL_HIGH, | ||
1300 | SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, | ||
1301 | 256, | ||
1302 | 256 | ||
1303 | }, | ||
1304 | { | ||
1305 | 1, | ||
1306 | "GOST2001-GOST89-GOST89", | ||
1307 | 0x3000081, | ||
1308 | SSL_kGOST, | ||
1309 | SSL_aGOST01, | ||
1310 | SSL_eGOST2814789CNT, | ||
1311 | SSL_GOST89MAC, | ||
1312 | SSL_TLSV1, | ||
1313 | SSL_NOT_EXP|SSL_HIGH, | ||
1314 | SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, | ||
1315 | 256, | ||
1316 | 256 | ||
1317 | }, | ||
1318 | { | ||
1319 | 1, | ||
1320 | "GOST94-NULL-GOST94", | ||
1321 | 0x3000082, | ||
1322 | SSL_kGOST, | ||
1323 | SSL_aGOST94, | ||
1324 | SSL_eNULL, | ||
1325 | SSL_GOST94, | ||
1326 | SSL_TLSV1, | ||
1327 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
1328 | SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, | ||
1329 | 0, | ||
1330 | 0 | ||
1331 | }, | ||
1332 | { | ||
1333 | 1, | ||
1334 | "GOST2001-NULL-GOST94", | ||
1335 | 0x3000083, | ||
1336 | SSL_kGOST, | ||
1337 | SSL_aGOST01, | ||
1338 | SSL_eNULL, | ||
1339 | SSL_GOST94, | ||
1340 | SSL_TLSV1, | ||
1341 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
1342 | SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, | ||
1343 | 0, | ||
1344 | 0 | ||
1345 | }, | ||
1346 | |||
1347 | #ifndef OPENSSL_NO_CAMELLIA | ||
1348 | /* Camellia ciphersuites from RFC4132 (256-bit portion) */ | ||
1349 | |||
1350 | /* Cipher 84 */ | ||
1351 | { | ||
1352 | 1, | ||
1353 | TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
1354 | TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
1355 | SSL_kRSA, | ||
1356 | SSL_aRSA, | ||
1357 | SSL_CAMELLIA256, | ||
1358 | SSL_SHA1, | ||
1359 | SSL_TLSV1, | ||
1360 | SSL_NOT_EXP|SSL_HIGH, | ||
1361 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1362 | 256, | ||
1363 | 256, | ||
1364 | }, | ||
1365 | /* Cipher 85 */ | ||
1366 | { | ||
1367 | 0, /* not implemented (non-ephemeral DH) */ | ||
1368 | TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
1369 | TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
1370 | SSL_kDHd, | ||
1371 | SSL_aDH, | ||
1372 | SSL_CAMELLIA256, | ||
1373 | SSL_SHA1, | ||
1374 | SSL_TLSV1, | ||
1375 | SSL_NOT_EXP|SSL_HIGH, | ||
1376 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1377 | 256, | ||
1378 | 256, | ||
1379 | }, | ||
1380 | |||
1381 | /* Cipher 86 */ | ||
1382 | { | ||
1383 | 0, /* not implemented (non-ephemeral DH) */ | ||
1384 | TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
1385 | TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
1386 | SSL_kDHr, | ||
1387 | SSL_aDH, | ||
1388 | SSL_CAMELLIA256, | ||
1389 | SSL_SHA1, | ||
1390 | SSL_TLSV1, | ||
1391 | SSL_NOT_EXP|SSL_HIGH, | ||
1392 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1393 | 256, | ||
1394 | 256, | ||
1395 | }, | ||
1396 | |||
1397 | /* Cipher 87 */ | ||
1398 | { | ||
1399 | 1, | ||
1400 | TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
1401 | TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
1402 | SSL_kEDH, | ||
1403 | SSL_aDSS, | ||
1404 | SSL_CAMELLIA256, | ||
1405 | SSL_SHA1, | ||
1406 | SSL_TLSV1, | ||
1407 | SSL_NOT_EXP|SSL_HIGH, | ||
1408 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1409 | 256, | ||
1410 | 256, | ||
1411 | }, | ||
1412 | |||
1413 | /* Cipher 88 */ | ||
1414 | { | ||
1415 | 1, | ||
1416 | TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
1417 | TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
1418 | SSL_kEDH, | ||
1419 | SSL_aRSA, | ||
1420 | SSL_CAMELLIA256, | ||
1421 | SSL_SHA1, | ||
1422 | SSL_TLSV1, | ||
1423 | SSL_NOT_EXP|SSL_HIGH, | ||
1424 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1425 | 256, | ||
1426 | 256, | ||
1427 | }, | ||
1428 | |||
1429 | /* Cipher 89 */ | ||
1430 | { | ||
1431 | 1, | ||
1432 | TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
1433 | TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
1434 | SSL_kEDH, | ||
1435 | SSL_aNULL, | ||
1436 | SSL_CAMELLIA256, | ||
1437 | SSL_SHA1, | ||
1438 | SSL_TLSV1, | ||
1439 | SSL_NOT_EXP|SSL_HIGH, | ||
1440 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1441 | 256, | ||
1442 | 256, | ||
1443 | }, | ||
1444 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
1445 | |||
1446 | #ifndef OPENSSL_NO_PSK | ||
1447 | /* Cipher 8A */ | ||
1448 | { | ||
1449 | 1, | ||
1450 | TLS1_TXT_PSK_WITH_RC4_128_SHA, | ||
1451 | TLS1_CK_PSK_WITH_RC4_128_SHA, | ||
1452 | SSL_kPSK, | ||
1453 | SSL_aPSK, | ||
1454 | SSL_RC4, | ||
1455 | SSL_SHA1, | ||
1456 | SSL_TLSV1, | ||
1457 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1458 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1459 | 128, | ||
1460 | 128, | ||
1461 | }, | ||
1462 | |||
1463 | /* Cipher 8B */ | ||
1464 | { | ||
1465 | 1, | ||
1466 | TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, | ||
1467 | TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, | ||
1468 | SSL_kPSK, | ||
1469 | SSL_aPSK, | ||
1470 | SSL_3DES, | ||
1471 | SSL_SHA1, | ||
1472 | SSL_TLSV1, | ||
1473 | SSL_NOT_EXP|SSL_HIGH, | ||
1474 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1475 | 168, | ||
1476 | 168, | ||
1477 | }, | ||
1478 | |||
1479 | /* Cipher 8C */ | ||
1480 | { | ||
1481 | 1, | ||
1482 | TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, | ||
1483 | TLS1_CK_PSK_WITH_AES_128_CBC_SHA, | ||
1484 | SSL_kPSK, | ||
1485 | SSL_aPSK, | ||
1486 | SSL_AES128, | ||
1487 | SSL_SHA1, | ||
1488 | SSL_TLSV1, | ||
1489 | SSL_NOT_EXP|SSL_HIGH, | ||
1490 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1491 | 128, | ||
1492 | 128, | ||
1493 | }, | ||
1494 | |||
1495 | /* Cipher 8D */ | ||
1496 | { | ||
1497 | 1, | ||
1498 | TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, | ||
1499 | TLS1_CK_PSK_WITH_AES_256_CBC_SHA, | ||
1500 | SSL_kPSK, | ||
1501 | SSL_aPSK, | ||
1502 | SSL_AES256, | ||
1503 | SSL_SHA1, | ||
1504 | SSL_TLSV1, | ||
1505 | SSL_NOT_EXP|SSL_HIGH, | ||
1506 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1507 | 256, | ||
1508 | 256, | ||
1509 | }, | ||
1510 | #endif /* OPENSSL_NO_PSK */ | ||
1511 | |||
1512 | #ifndef OPENSSL_NO_SEED | ||
1513 | /* SEED ciphersuites from RFC4162 */ | ||
1514 | |||
1515 | /* Cipher 96 */ | ||
1516 | { | ||
1517 | 1, | ||
1518 | TLS1_TXT_RSA_WITH_SEED_SHA, | ||
1519 | TLS1_CK_RSA_WITH_SEED_SHA, | ||
1520 | SSL_kRSA, | ||
1521 | SSL_aRSA, | ||
1522 | SSL_SEED, | ||
1523 | SSL_SHA1, | ||
1524 | SSL_TLSV1, | ||
1525 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1526 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1527 | 128, | ||
1528 | 128, | ||
1529 | }, | ||
1530 | |||
1531 | /* Cipher 97 */ | ||
1532 | { | ||
1533 | 0, /* not implemented (non-ephemeral DH) */ | ||
1534 | TLS1_TXT_DH_DSS_WITH_SEED_SHA, | ||
1535 | TLS1_CK_DH_DSS_WITH_SEED_SHA, | ||
1536 | SSL_kDHd, | ||
1537 | SSL_aDH, | ||
1538 | SSL_SEED, | ||
1539 | SSL_SHA1, | ||
1540 | SSL_TLSV1, | ||
1541 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1542 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1543 | 128, | ||
1544 | 128, | ||
1545 | }, | ||
1546 | |||
1547 | /* Cipher 98 */ | ||
1548 | { | ||
1549 | 0, /* not implemented (non-ephemeral DH) */ | ||
1550 | TLS1_TXT_DH_RSA_WITH_SEED_SHA, | ||
1551 | TLS1_CK_DH_RSA_WITH_SEED_SHA, | ||
1552 | SSL_kDHr, | ||
1553 | SSL_aDH, | ||
1554 | SSL_SEED, | ||
1555 | SSL_SHA1, | ||
1556 | SSL_TLSV1, | ||
1557 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1558 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1559 | 128, | ||
1560 | 128, | ||
1561 | }, | ||
1562 | |||
1563 | /* Cipher 99 */ | ||
1564 | { | ||
1565 | 1, | ||
1566 | TLS1_TXT_DHE_DSS_WITH_SEED_SHA, | ||
1567 | TLS1_CK_DHE_DSS_WITH_SEED_SHA, | ||
1568 | SSL_kEDH, | ||
1569 | SSL_aDSS, | ||
1570 | SSL_SEED, | ||
1571 | SSL_SHA1, | ||
1572 | SSL_TLSV1, | ||
1573 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1574 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1575 | 128, | ||
1576 | 128, | ||
1577 | }, | ||
1578 | |||
1579 | /* Cipher 9A */ | ||
1580 | { | ||
1581 | 1, | ||
1582 | TLS1_TXT_DHE_RSA_WITH_SEED_SHA, | ||
1583 | TLS1_CK_DHE_RSA_WITH_SEED_SHA, | ||
1584 | SSL_kEDH, | ||
1585 | SSL_aRSA, | ||
1586 | SSL_SEED, | ||
1587 | SSL_SHA1, | ||
1588 | SSL_TLSV1, | ||
1589 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1590 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1591 | 128, | ||
1592 | 128, | ||
1593 | }, | ||
1594 | |||
1595 | /* Cipher 9B */ | ||
1596 | { | ||
1597 | 1, | ||
1598 | TLS1_TXT_ADH_WITH_SEED_SHA, | ||
1599 | TLS1_CK_ADH_WITH_SEED_SHA, | ||
1600 | SSL_kEDH, | ||
1601 | SSL_aNULL, | ||
1602 | SSL_SEED, | ||
1603 | SSL_SHA1, | ||
1604 | SSL_TLSV1, | ||
1605 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1606 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1607 | 128, | ||
1608 | 128, | ||
1609 | }, | ||
1610 | |||
1611 | #endif /* OPENSSL_NO_SEED */ | ||
1612 | |||
1613 | #ifndef OPENSSL_NO_ECDH | ||
1614 | /* Cipher C001 */ | ||
1615 | { | ||
1616 | 1, | ||
1617 | TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, | ||
1618 | TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, | ||
1619 | SSL_kECDHe, | ||
1620 | SSL_aECDH, | ||
1621 | SSL_eNULL, | ||
1622 | SSL_SHA1, | ||
1623 | SSL_TLSV1, | ||
1624 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
1625 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1626 | 0, | ||
1627 | 0, | ||
1628 | }, | ||
1629 | |||
1630 | /* Cipher C002 */ | ||
1631 | { | ||
1632 | 1, | ||
1633 | TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, | ||
1634 | TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, | ||
1635 | SSL_kECDHe, | ||
1636 | SSL_aECDH, | ||
1637 | SSL_RC4, | ||
1638 | SSL_SHA1, | ||
1639 | SSL_TLSV1, | ||
1640 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1641 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1642 | 128, | ||
1643 | 128, | ||
1644 | }, | ||
1645 | |||
1646 | /* Cipher C003 */ | ||
1647 | { | ||
1648 | 1, | ||
1649 | TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, | ||
1650 | TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, | ||
1651 | SSL_kECDHe, | ||
1652 | SSL_aECDH, | ||
1653 | SSL_3DES, | ||
1654 | SSL_SHA1, | ||
1655 | SSL_TLSV1, | ||
1656 | SSL_NOT_EXP|SSL_HIGH, | ||
1657 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1658 | 168, | ||
1659 | 168, | ||
1660 | }, | ||
1661 | |||
1662 | /* Cipher C004 */ | ||
1663 | { | ||
1664 | 1, | ||
1665 | TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | ||
1666 | TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | ||
1667 | SSL_kECDHe, | ||
1668 | SSL_aECDH, | ||
1669 | SSL_AES128, | ||
1670 | SSL_SHA1, | ||
1671 | SSL_TLSV1, | ||
1672 | SSL_NOT_EXP|SSL_HIGH, | ||
1673 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1674 | 128, | ||
1675 | 128, | ||
1676 | }, | ||
1677 | |||
1678 | /* Cipher C005 */ | ||
1679 | { | ||
1680 | 1, | ||
1681 | TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | ||
1682 | TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | ||
1683 | SSL_kECDHe, | ||
1684 | SSL_aECDH, | ||
1685 | SSL_AES256, | ||
1686 | SSL_SHA1, | ||
1687 | SSL_TLSV1, | ||
1688 | SSL_NOT_EXP|SSL_HIGH, | ||
1689 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1690 | 256, | ||
1691 | 256, | ||
1692 | }, | ||
1693 | |||
1694 | /* Cipher C006 */ | ||
1695 | { | ||
1696 | 1, | ||
1697 | TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, | ||
1698 | TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, | ||
1699 | SSL_kEECDH, | ||
1700 | SSL_aECDSA, | ||
1701 | SSL_eNULL, | ||
1702 | SSL_SHA1, | ||
1703 | SSL_TLSV1, | ||
1704 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
1705 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1706 | 0, | ||
1707 | 0, | ||
1708 | }, | ||
1709 | |||
1710 | /* Cipher C007 */ | ||
1711 | { | ||
1712 | 1, | ||
1713 | TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, | ||
1714 | TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, | ||
1715 | SSL_kEECDH, | ||
1716 | SSL_aECDSA, | ||
1717 | SSL_RC4, | ||
1718 | SSL_SHA1, | ||
1719 | SSL_TLSV1, | ||
1720 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1721 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1722 | 128, | ||
1723 | 128, | ||
1724 | }, | ||
1725 | |||
1726 | /* Cipher C008 */ | ||
1727 | { | ||
1728 | 1, | ||
1729 | TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | ||
1730 | TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | ||
1731 | SSL_kEECDH, | ||
1732 | SSL_aECDSA, | ||
1733 | SSL_3DES, | ||
1734 | SSL_SHA1, | ||
1735 | SSL_TLSV1, | ||
1736 | SSL_NOT_EXP|SSL_HIGH, | ||
1737 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1738 | 168, | ||
1739 | 168, | ||
1740 | }, | ||
1741 | |||
1742 | /* Cipher C009 */ | ||
1743 | { | ||
1744 | 1, | ||
1745 | TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | ||
1746 | TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | ||
1747 | SSL_kEECDH, | ||
1748 | SSL_aECDSA, | ||
1749 | SSL_AES128, | ||
1750 | SSL_SHA1, | ||
1751 | SSL_TLSV1, | ||
1752 | SSL_NOT_EXP|SSL_HIGH, | ||
1753 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1754 | 128, | ||
1755 | 128, | ||
1756 | }, | ||
1757 | |||
1758 | /* Cipher C00A */ | ||
1759 | { | ||
1760 | 1, | ||
1761 | TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | ||
1762 | TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | ||
1763 | SSL_kEECDH, | ||
1764 | SSL_aECDSA, | ||
1765 | SSL_AES256, | ||
1766 | SSL_SHA1, | ||
1767 | SSL_TLSV1, | ||
1768 | SSL_NOT_EXP|SSL_HIGH, | ||
1769 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1770 | 256, | ||
1771 | 256, | ||
1772 | }, | ||
1773 | |||
1774 | /* Cipher C00B */ | ||
1775 | { | ||
1776 | 1, | ||
1777 | TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, | ||
1778 | TLS1_CK_ECDH_RSA_WITH_NULL_SHA, | ||
1779 | SSL_kECDHr, | ||
1780 | SSL_aECDH, | ||
1781 | SSL_eNULL, | ||
1782 | SSL_SHA1, | ||
1783 | SSL_TLSV1, | ||
1784 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
1785 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1786 | 0, | ||
1787 | 0, | ||
1788 | }, | ||
1789 | |||
1790 | /* Cipher C00C */ | ||
1791 | { | ||
1792 | 1, | ||
1793 | TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, | ||
1794 | TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, | ||
1795 | SSL_kECDHr, | ||
1796 | SSL_aECDH, | ||
1797 | SSL_RC4, | ||
1798 | SSL_SHA1, | ||
1799 | SSL_TLSV1, | ||
1800 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1801 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1802 | 128, | ||
1803 | 128, | ||
1804 | }, | ||
1805 | |||
1806 | /* Cipher C00D */ | ||
1807 | { | ||
1808 | 1, | ||
1809 | TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
1810 | TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
1811 | SSL_kECDHr, | ||
1812 | SSL_aECDH, | ||
1813 | SSL_3DES, | ||
1814 | SSL_SHA1, | ||
1815 | SSL_TLSV1, | ||
1816 | SSL_NOT_EXP|SSL_HIGH, | ||
1817 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1818 | 168, | ||
1819 | 168, | ||
1820 | }, | ||
1821 | |||
1822 | /* Cipher C00E */ | ||
1823 | { | ||
1824 | 1, | ||
1825 | TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
1826 | TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
1827 | SSL_kECDHr, | ||
1828 | SSL_aECDH, | ||
1829 | SSL_AES128, | ||
1830 | SSL_SHA1, | ||
1831 | SSL_TLSV1, | ||
1832 | SSL_NOT_EXP|SSL_HIGH, | ||
1833 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1834 | 128, | ||
1835 | 128, | ||
1836 | }, | ||
1837 | |||
1838 | /* Cipher C00F */ | ||
1839 | { | ||
1840 | 1, | ||
1841 | TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
1842 | TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
1843 | SSL_kECDHr, | ||
1844 | SSL_aECDH, | ||
1845 | SSL_AES256, | ||
1846 | SSL_SHA1, | ||
1847 | SSL_TLSV1, | ||
1848 | SSL_NOT_EXP|SSL_HIGH, | ||
1849 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1850 | 256, | ||
1851 | 256, | ||
1852 | }, | ||
1853 | |||
1854 | /* Cipher C010 */ | ||
1855 | { | ||
1856 | 1, | ||
1857 | TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, | ||
1858 | TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, | ||
1859 | SSL_kEECDH, | ||
1860 | SSL_aRSA, | ||
1861 | SSL_eNULL, | ||
1862 | SSL_SHA1, | ||
1863 | SSL_TLSV1, | ||
1864 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
1865 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1866 | 0, | ||
1867 | 0, | ||
1868 | }, | ||
1869 | |||
1870 | /* Cipher C011 */ | ||
1871 | { | ||
1872 | 1, | ||
1873 | TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, | ||
1874 | TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, | ||
1875 | SSL_kEECDH, | ||
1876 | SSL_aRSA, | ||
1877 | SSL_RC4, | ||
1878 | SSL_SHA1, | ||
1879 | SSL_TLSV1, | ||
1880 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1881 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1882 | 128, | ||
1883 | 128, | ||
1884 | }, | ||
1885 | |||
1886 | /* Cipher C012 */ | ||
1887 | { | ||
1888 | 1, | ||
1889 | TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
1890 | TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
1891 | SSL_kEECDH, | ||
1892 | SSL_aRSA, | ||
1893 | SSL_3DES, | ||
1894 | SSL_SHA1, | ||
1895 | SSL_TLSV1, | ||
1896 | SSL_NOT_EXP|SSL_HIGH, | ||
1897 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1898 | 168, | ||
1899 | 168, | ||
1900 | }, | ||
1901 | |||
1902 | /* Cipher C013 */ | ||
1903 | { | ||
1904 | 1, | ||
1905 | TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
1906 | TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
1907 | SSL_kEECDH, | ||
1908 | SSL_aRSA, | ||
1909 | SSL_AES128, | ||
1910 | SSL_SHA1, | ||
1911 | SSL_TLSV1, | ||
1912 | SSL_NOT_EXP|SSL_HIGH, | ||
1913 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1914 | 128, | ||
1915 | 128, | ||
1916 | }, | ||
1917 | |||
1918 | /* Cipher C014 */ | ||
1919 | { | ||
1920 | 1, | ||
1921 | TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
1922 | TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
1923 | SSL_kEECDH, | ||
1924 | SSL_aRSA, | ||
1925 | SSL_AES256, | ||
1926 | SSL_SHA1, | ||
1927 | SSL_TLSV1, | ||
1928 | SSL_NOT_EXP|SSL_HIGH, | ||
1929 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1930 | 256, | ||
1931 | 256, | ||
1932 | }, | ||
1933 | |||
1934 | /* Cipher C015 */ | ||
1935 | { | ||
1936 | 1, | ||
1937 | TLS1_TXT_ECDH_anon_WITH_NULL_SHA, | ||
1938 | TLS1_CK_ECDH_anon_WITH_NULL_SHA, | ||
1939 | SSL_kEECDH, | ||
1940 | SSL_aNULL, | ||
1941 | SSL_eNULL, | ||
1942 | SSL_SHA1, | ||
1943 | SSL_TLSV1, | ||
1944 | SSL_NOT_EXP|SSL_STRONG_NONE, | ||
1945 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1946 | 0, | ||
1947 | 0, | ||
1948 | }, | ||
1949 | |||
1950 | /* Cipher C016 */ | ||
1951 | { | ||
1952 | 1, | ||
1953 | TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, | ||
1954 | TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, | ||
1955 | SSL_kEECDH, | ||
1956 | SSL_aNULL, | ||
1957 | SSL_RC4, | ||
1958 | SSL_SHA1, | ||
1959 | SSL_TLSV1, | ||
1960 | SSL_NOT_EXP|SSL_MEDIUM, | ||
1961 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1962 | 128, | ||
1963 | 128, | ||
1964 | }, | ||
1965 | |||
1966 | /* Cipher C017 */ | ||
1967 | { | ||
1968 | 1, | ||
1969 | TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
1970 | TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
1971 | SSL_kEECDH, | ||
1972 | SSL_aNULL, | ||
1973 | SSL_3DES, | ||
1974 | SSL_SHA1, | ||
1975 | SSL_TLSV1, | ||
1976 | SSL_NOT_EXP|SSL_HIGH, | ||
1977 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1978 | 168, | ||
1979 | 168, | ||
1980 | }, | ||
1981 | |||
1982 | /* Cipher C018 */ | ||
1983 | { | ||
1984 | 1, | ||
1985 | TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
1986 | TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
1987 | SSL_kEECDH, | ||
1988 | SSL_aNULL, | ||
1989 | SSL_AES128, | ||
1990 | SSL_SHA1, | ||
1991 | SSL_TLSV1, | ||
1992 | SSL_NOT_EXP|SSL_HIGH, | ||
1993 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
1994 | 128, | ||
1995 | 128, | ||
1996 | }, | ||
1997 | |||
1998 | /* Cipher C019 */ | ||
1999 | { | ||
2000 | 1, | ||
2001 | TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
2002 | TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
2003 | SSL_kEECDH, | ||
2004 | SSL_aNULL, | ||
2005 | SSL_AES256, | ||
2006 | SSL_SHA1, | ||
2007 | SSL_TLSV1, | ||
2008 | SSL_NOT_EXP|SSL_HIGH, | ||
2009 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
2010 | 256, | ||
2011 | 256, | ||
2012 | }, | ||
2013 | #endif /* OPENSSL_NO_ECDH */ | ||
2014 | |||
2015 | #ifdef TEMP_GOST_TLS | ||
2016 | /* Cipher FF00 */ | ||
2017 | { | ||
2018 | 1, | ||
2019 | "GOST-MD5", | ||
2020 | 0x0300ff00, | ||
2021 | SSL_kRSA, | ||
2022 | SSL_aRSA, | ||
2023 | SSL_eGOST2814789CNT, | ||
2024 | SSL_MD5, | ||
2025 | SSL_TLSV1, | ||
2026 | SSL_NOT_EXP|SSL_HIGH, | ||
2027 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
2028 | 256, | ||
2029 | 256, | ||
2030 | }, | ||
2031 | { | ||
2032 | 1, | ||
2033 | "GOST-GOST94", | ||
2034 | 0x0300ff01, | ||
2035 | SSL_kRSA, | ||
2036 | SSL_aRSA, | ||
2037 | SSL_eGOST2814789CNT, | ||
2038 | SSL_GOST94, | ||
2039 | SSL_TLSV1, | ||
2040 | SSL_NOT_EXP|SSL_HIGH, | ||
2041 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
2042 | 256, | ||
2043 | 256 | ||
2044 | }, | ||
2045 | { | ||
2046 | 1, | ||
2047 | "GOST-GOST89MAC", | ||
2048 | 0x0300ff02, | ||
2049 | SSL_kRSA, | ||
2050 | SSL_aRSA, | ||
2051 | SSL_eGOST2814789CNT, | ||
2052 | SSL_GOST89MAC, | ||
2053 | SSL_TLSV1, | ||
2054 | SSL_NOT_EXP|SSL_HIGH, | ||
2055 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
2056 | 256, | ||
2057 | 256 | ||
2058 | }, | ||
2059 | { | ||
2060 | 1, | ||
2061 | "GOST-GOST89STREAM", | ||
2062 | 0x0300ff03, | ||
2063 | SSL_kRSA, | ||
2064 | SSL_aRSA, | ||
2065 | SSL_eGOST2814789CNT, | ||
2066 | SSL_GOST89MAC, | ||
2067 | SSL_TLSV1, | ||
2068 | SSL_NOT_EXP|SSL_HIGH, | ||
2069 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, | ||
2070 | 256, | ||
2071 | 256 | ||
2072 | }, | ||
2073 | #endif | ||
2074 | |||
2075 | /* end of list */ | ||
2076 | }; | ||
2077 | |||
2078 | SSL3_ENC_METHOD SSLv3_enc_data={ | ||
2079 | ssl3_enc, | ||
2080 | n_ssl3_mac, | ||
2081 | ssl3_setup_key_block, | ||
2082 | ssl3_generate_master_secret, | ||
2083 | ssl3_change_cipher_state, | ||
2084 | ssl3_final_finish_mac, | ||
2085 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | ||
2086 | ssl3_cert_verify_mac, | ||
2087 | SSL3_MD_CLIENT_FINISHED_CONST,4, | ||
2088 | SSL3_MD_SERVER_FINISHED_CONST,4, | ||
2089 | ssl3_alert_code, | ||
2090 | }; | ||
2091 | |||
2092 | long ssl3_default_timeout(void) | ||
2093 | { | ||
2094 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec | ||
2095 | * is way too long for http, the cache would over fill */ | ||
2096 | return(60*60*2); | ||
2097 | } | ||
2098 | |||
2099 | int ssl3_num_ciphers(void) | ||
2100 | { | ||
2101 | return(SSL3_NUM_CIPHERS); | ||
2102 | } | ||
2103 | |||
2104 | const SSL_CIPHER *ssl3_get_cipher(unsigned int u) | ||
2105 | { | ||
2106 | if (u < SSL3_NUM_CIPHERS) | ||
2107 | return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); | ||
2108 | else | ||
2109 | return(NULL); | ||
2110 | } | ||
2111 | |||
2112 | int ssl3_pending(const SSL *s) | ||
2113 | { | ||
2114 | if (s->rstate == SSL_ST_READ_BODY) | ||
2115 | return 0; | ||
2116 | |||
2117 | return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; | ||
2118 | } | ||
2119 | |||
2120 | int ssl3_new(SSL *s) | ||
2121 | { | ||
2122 | SSL3_STATE *s3; | ||
2123 | |||
2124 | if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; | ||
2125 | memset(s3,0,sizeof *s3); | ||
2126 | memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); | ||
2127 | memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); | ||
2128 | |||
2129 | s->s3=s3; | ||
2130 | |||
2131 | s->method->ssl_clear(s); | ||
2132 | return(1); | ||
2133 | err: | ||
2134 | return(0); | ||
2135 | } | ||
2136 | |||
2137 | void ssl3_free(SSL *s) | ||
2138 | { | ||
2139 | if(s == NULL) | ||
2140 | return; | ||
2141 | |||
2142 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
2143 | if (s->s3->client_opaque_prf_input != NULL) | ||
2144 | OPENSSL_free(s->s3->client_opaque_prf_input); | ||
2145 | if (s->s3->server_opaque_prf_input != NULL) | ||
2146 | OPENSSL_free(s->s3->server_opaque_prf_input); | ||
2147 | #endif | ||
2148 | |||
2149 | ssl3_cleanup_key_block(s); | ||
2150 | if (s->s3->rbuf.buf != NULL) | ||
2151 | ssl3_release_read_buffer(s); | ||
2152 | if (s->s3->wbuf.buf != NULL) | ||
2153 | ssl3_release_write_buffer(s); | ||
2154 | if (s->s3->rrec.comp != NULL) | ||
2155 | OPENSSL_free(s->s3->rrec.comp); | ||
2156 | #ifndef OPENSSL_NO_DH | ||
2157 | if (s->s3->tmp.dh != NULL) | ||
2158 | DH_free(s->s3->tmp.dh); | ||
2159 | #endif | ||
2160 | #ifndef OPENSSL_NO_ECDH | ||
2161 | if (s->s3->tmp.ecdh != NULL) | ||
2162 | EC_KEY_free(s->s3->tmp.ecdh); | ||
2163 | #endif | ||
2164 | |||
2165 | if (s->s3->tmp.ca_names != NULL) | ||
2166 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | ||
2167 | if (s->s3->handshake_buffer) { | ||
2168 | BIO_free(s->s3->handshake_buffer); | ||
2169 | } | ||
2170 | if (s->s3->handshake_dgst) ssl3_free_digest_list(s); | ||
2171 | OPENSSL_cleanse(s->s3,sizeof *s->s3); | ||
2172 | OPENSSL_free(s->s3); | ||
2173 | s->s3=NULL; | ||
2174 | } | ||
2175 | |||
2176 | void ssl3_clear(SSL *s) | ||
2177 | { | ||
2178 | unsigned char *rp,*wp; | ||
2179 | size_t rlen, wlen; | ||
2180 | int init_extra; | ||
2181 | |||
2182 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
2183 | if (s->s3->client_opaque_prf_input != NULL) | ||
2184 | OPENSSL_free(s->s3->client_opaque_prf_input); | ||
2185 | s->s3->client_opaque_prf_input = NULL; | ||
2186 | if (s->s3->server_opaque_prf_input != NULL) | ||
2187 | OPENSSL_free(s->s3->server_opaque_prf_input); | ||
2188 | s->s3->server_opaque_prf_input = NULL; | ||
2189 | #endif | ||
2190 | |||
2191 | ssl3_cleanup_key_block(s); | ||
2192 | if (s->s3->tmp.ca_names != NULL) | ||
2193 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | ||
2194 | |||
2195 | if (s->s3->rrec.comp != NULL) | ||
2196 | { | ||
2197 | OPENSSL_free(s->s3->rrec.comp); | ||
2198 | s->s3->rrec.comp=NULL; | ||
2199 | } | ||
2200 | #ifndef OPENSSL_NO_DH | ||
2201 | if (s->s3->tmp.dh != NULL) | ||
2202 | { | ||
2203 | DH_free(s->s3->tmp.dh); | ||
2204 | s->s3->tmp.dh = NULL; | ||
2205 | } | ||
2206 | #endif | ||
2207 | #ifndef OPENSSL_NO_ECDH | ||
2208 | if (s->s3->tmp.ecdh != NULL) | ||
2209 | { | ||
2210 | EC_KEY_free(s->s3->tmp.ecdh); | ||
2211 | s->s3->tmp.ecdh = NULL; | ||
2212 | } | ||
2213 | #endif | ||
2214 | |||
2215 | rp = s->s3->rbuf.buf; | ||
2216 | wp = s->s3->wbuf.buf; | ||
2217 | rlen = s->s3->rbuf.len; | ||
2218 | wlen = s->s3->wbuf.len; | ||
2219 | init_extra = s->s3->init_extra; | ||
2220 | if (s->s3->handshake_buffer) { | ||
2221 | BIO_free(s->s3->handshake_buffer); | ||
2222 | s->s3->handshake_buffer = NULL; | ||
2223 | } | ||
2224 | if (s->s3->handshake_dgst) { | ||
2225 | ssl3_free_digest_list(s); | ||
2226 | } | ||
2227 | memset(s->s3,0,sizeof *s->s3); | ||
2228 | s->s3->rbuf.buf = rp; | ||
2229 | s->s3->wbuf.buf = wp; | ||
2230 | s->s3->rbuf.len = rlen; | ||
2231 | s->s3->wbuf.len = wlen; | ||
2232 | s->s3->init_extra = init_extra; | ||
2233 | |||
2234 | ssl_free_wbio_buffer(s); | ||
2235 | |||
2236 | s->packet_length=0; | ||
2237 | s->s3->renegotiate=0; | ||
2238 | s->s3->total_renegotiations=0; | ||
2239 | s->s3->num_renegotiations=0; | ||
2240 | s->s3->in_read_app_data=0; | ||
2241 | s->version=SSL3_VERSION; | ||
2242 | } | ||
2243 | |||
2244 | long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | ||
2245 | { | ||
2246 | int ret=0; | ||
2247 | |||
2248 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) | ||
2249 | if ( | ||
2250 | #ifndef OPENSSL_NO_RSA | ||
2251 | cmd == SSL_CTRL_SET_TMP_RSA || | ||
2252 | cmd == SSL_CTRL_SET_TMP_RSA_CB || | ||
2253 | #endif | ||
2254 | #ifndef OPENSSL_NO_DSA | ||
2255 | cmd == SSL_CTRL_SET_TMP_DH || | ||
2256 | cmd == SSL_CTRL_SET_TMP_DH_CB || | ||
2257 | #endif | ||
2258 | 0) | ||
2259 | { | ||
2260 | if (!ssl_cert_inst(&s->cert)) | ||
2261 | { | ||
2262 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); | ||
2263 | return(0); | ||
2264 | } | ||
2265 | } | ||
2266 | #endif | ||
2267 | |||
2268 | switch (cmd) | ||
2269 | { | ||
2270 | case SSL_CTRL_GET_SESSION_REUSED: | ||
2271 | ret=s->hit; | ||
2272 | break; | ||
2273 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: | ||
2274 | break; | ||
2275 | case SSL_CTRL_GET_NUM_RENEGOTIATIONS: | ||
2276 | ret=s->s3->num_renegotiations; | ||
2277 | break; | ||
2278 | case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: | ||
2279 | ret=s->s3->num_renegotiations; | ||
2280 | s->s3->num_renegotiations=0; | ||
2281 | break; | ||
2282 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | ||
2283 | ret=s->s3->total_renegotiations; | ||
2284 | break; | ||
2285 | case SSL_CTRL_GET_FLAGS: | ||
2286 | ret=(int)(s->s3->flags); | ||
2287 | break; | ||
2288 | #ifndef OPENSSL_NO_RSA | ||
2289 | case SSL_CTRL_NEED_TMP_RSA: | ||
2290 | if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && | ||
2291 | ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | ||
2292 | (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) | ||
2293 | ret = 1; | ||
2294 | break; | ||
2295 | case SSL_CTRL_SET_TMP_RSA: | ||
2296 | { | ||
2297 | RSA *rsa = (RSA *)parg; | ||
2298 | if (rsa == NULL) | ||
2299 | { | ||
2300 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | ||
2301 | return(ret); | ||
2302 | } | ||
2303 | if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) | ||
2304 | { | ||
2305 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); | ||
2306 | return(ret); | ||
2307 | } | ||
2308 | if (s->cert->rsa_tmp != NULL) | ||
2309 | RSA_free(s->cert->rsa_tmp); | ||
2310 | s->cert->rsa_tmp = rsa; | ||
2311 | ret = 1; | ||
2312 | } | ||
2313 | break; | ||
2314 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
2315 | { | ||
2316 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2317 | return(ret); | ||
2318 | } | ||
2319 | break; | ||
2320 | #endif | ||
2321 | #ifndef OPENSSL_NO_DH | ||
2322 | case SSL_CTRL_SET_TMP_DH: | ||
2323 | { | ||
2324 | DH *dh = (DH *)parg; | ||
2325 | if (dh == NULL) | ||
2326 | { | ||
2327 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | ||
2328 | return(ret); | ||
2329 | } | ||
2330 | if ((dh = DHparams_dup(dh)) == NULL) | ||
2331 | { | ||
2332 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); | ||
2333 | return(ret); | ||
2334 | } | ||
2335 | if (!(s->options & SSL_OP_SINGLE_DH_USE)) | ||
2336 | { | ||
2337 | if (!DH_generate_key(dh)) | ||
2338 | { | ||
2339 | DH_free(dh); | ||
2340 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); | ||
2341 | return(ret); | ||
2342 | } | ||
2343 | } | ||
2344 | if (s->cert->dh_tmp != NULL) | ||
2345 | DH_free(s->cert->dh_tmp); | ||
2346 | s->cert->dh_tmp = dh; | ||
2347 | ret = 1; | ||
2348 | } | ||
2349 | break; | ||
2350 | case SSL_CTRL_SET_TMP_DH_CB: | ||
2351 | { | ||
2352 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2353 | return(ret); | ||
2354 | } | ||
2355 | break; | ||
2356 | #endif | ||
2357 | #ifndef OPENSSL_NO_ECDH | ||
2358 | case SSL_CTRL_SET_TMP_ECDH: | ||
2359 | { | ||
2360 | EC_KEY *ecdh = NULL; | ||
2361 | |||
2362 | if (parg == NULL) | ||
2363 | { | ||
2364 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | ||
2365 | return(ret); | ||
2366 | } | ||
2367 | if (!EC_KEY_up_ref((EC_KEY *)parg)) | ||
2368 | { | ||
2369 | SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); | ||
2370 | return(ret); | ||
2371 | } | ||
2372 | ecdh = (EC_KEY *)parg; | ||
2373 | if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) | ||
2374 | { | ||
2375 | if (!EC_KEY_generate_key(ecdh)) | ||
2376 | { | ||
2377 | EC_KEY_free(ecdh); | ||
2378 | SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); | ||
2379 | return(ret); | ||
2380 | } | ||
2381 | } | ||
2382 | if (s->cert->ecdh_tmp != NULL) | ||
2383 | EC_KEY_free(s->cert->ecdh_tmp); | ||
2384 | s->cert->ecdh_tmp = ecdh; | ||
2385 | ret = 1; | ||
2386 | } | ||
2387 | break; | ||
2388 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
2389 | { | ||
2390 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2391 | return(ret); | ||
2392 | } | ||
2393 | break; | ||
2394 | #endif /* !OPENSSL_NO_ECDH */ | ||
2395 | #ifndef OPENSSL_NO_TLSEXT | ||
2396 | case SSL_CTRL_SET_TLSEXT_HOSTNAME: | ||
2397 | if (larg == TLSEXT_NAMETYPE_host_name) | ||
2398 | { | ||
2399 | if (s->tlsext_hostname != NULL) | ||
2400 | OPENSSL_free(s->tlsext_hostname); | ||
2401 | s->tlsext_hostname = NULL; | ||
2402 | |||
2403 | ret = 1; | ||
2404 | if (parg == NULL) | ||
2405 | break; | ||
2406 | if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) | ||
2407 | { | ||
2408 | SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); | ||
2409 | return 0; | ||
2410 | } | ||
2411 | if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) | ||
2412 | { | ||
2413 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); | ||
2414 | return 0; | ||
2415 | } | ||
2416 | } | ||
2417 | else | ||
2418 | { | ||
2419 | SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); | ||
2420 | return 0; | ||
2421 | } | ||
2422 | break; | ||
2423 | case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: | ||
2424 | s->tlsext_debug_arg=parg; | ||
2425 | ret = 1; | ||
2426 | break; | ||
2427 | |||
2428 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
2429 | case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: | ||
2430 | if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message | ||
2431 | * (including the cert chain and everything) */ | ||
2432 | { | ||
2433 | SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); | ||
2434 | break; | ||
2435 | } | ||
2436 | if (s->tlsext_opaque_prf_input != NULL) | ||
2437 | OPENSSL_free(s->tlsext_opaque_prf_input); | ||
2438 | if ((size_t)larg == 0) | ||
2439 | s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ | ||
2440 | else | ||
2441 | s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); | ||
2442 | if (s->tlsext_opaque_prf_input != NULL) | ||
2443 | { | ||
2444 | s->tlsext_opaque_prf_input_len = (size_t)larg; | ||
2445 | ret = 1; | ||
2446 | } | ||
2447 | else | ||
2448 | s->tlsext_opaque_prf_input_len = 0; | ||
2449 | break; | ||
2450 | #endif | ||
2451 | |||
2452 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: | ||
2453 | s->tlsext_status_type=larg; | ||
2454 | ret = 1; | ||
2455 | break; | ||
2456 | |||
2457 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: | ||
2458 | *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; | ||
2459 | ret = 1; | ||
2460 | break; | ||
2461 | |||
2462 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: | ||
2463 | s->tlsext_ocsp_exts = parg; | ||
2464 | ret = 1; | ||
2465 | break; | ||
2466 | |||
2467 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: | ||
2468 | *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; | ||
2469 | ret = 1; | ||
2470 | break; | ||
2471 | |||
2472 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: | ||
2473 | s->tlsext_ocsp_ids = parg; | ||
2474 | ret = 1; | ||
2475 | break; | ||
2476 | |||
2477 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
2478 | *(unsigned char **)parg = s->tlsext_ocsp_resp; | ||
2479 | return s->tlsext_ocsp_resplen; | ||
2480 | |||
2481 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
2482 | if (s->tlsext_ocsp_resp) | ||
2483 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
2484 | s->tlsext_ocsp_resp = parg; | ||
2485 | s->tlsext_ocsp_resplen = larg; | ||
2486 | ret = 1; | ||
2487 | break; | ||
2488 | |||
2489 | #endif /* !OPENSSL_NO_TLSEXT */ | ||
2490 | default: | ||
2491 | break; | ||
2492 | } | ||
2493 | return(ret); | ||
2494 | } | ||
2495 | |||
2496 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | ||
2497 | { | ||
2498 | int ret=0; | ||
2499 | |||
2500 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) | ||
2501 | if ( | ||
2502 | #ifndef OPENSSL_NO_RSA | ||
2503 | cmd == SSL_CTRL_SET_TMP_RSA_CB || | ||
2504 | #endif | ||
2505 | #ifndef OPENSSL_NO_DSA | ||
2506 | cmd == SSL_CTRL_SET_TMP_DH_CB || | ||
2507 | #endif | ||
2508 | 0) | ||
2509 | { | ||
2510 | if (!ssl_cert_inst(&s->cert)) | ||
2511 | { | ||
2512 | SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); | ||
2513 | return(0); | ||
2514 | } | ||
2515 | } | ||
2516 | #endif | ||
2517 | |||
2518 | switch (cmd) | ||
2519 | { | ||
2520 | #ifndef OPENSSL_NO_RSA | ||
2521 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
2522 | { | ||
2523 | s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; | ||
2524 | } | ||
2525 | break; | ||
2526 | #endif | ||
2527 | #ifndef OPENSSL_NO_DH | ||
2528 | case SSL_CTRL_SET_TMP_DH_CB: | ||
2529 | { | ||
2530 | s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | ||
2531 | } | ||
2532 | break; | ||
2533 | #endif | ||
2534 | #ifndef OPENSSL_NO_ECDH | ||
2535 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
2536 | { | ||
2537 | s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
2538 | } | ||
2539 | break; | ||
2540 | #endif | ||
2541 | #ifndef OPENSSL_NO_TLSEXT | ||
2542 | case SSL_CTRL_SET_TLSEXT_DEBUG_CB: | ||
2543 | s->tlsext_debug_cb=(void (*)(SSL *,int ,int, | ||
2544 | unsigned char *, int, void *))fp; | ||
2545 | break; | ||
2546 | #endif | ||
2547 | default: | ||
2548 | break; | ||
2549 | } | ||
2550 | return(ret); | ||
2551 | } | ||
2552 | |||
2553 | long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | ||
2554 | { | ||
2555 | CERT *cert; | ||
2556 | |||
2557 | cert=ctx->cert; | ||
2558 | |||
2559 | switch (cmd) | ||
2560 | { | ||
2561 | #ifndef OPENSSL_NO_RSA | ||
2562 | case SSL_CTRL_NEED_TMP_RSA: | ||
2563 | if ( (cert->rsa_tmp == NULL) && | ||
2564 | ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | ||
2565 | (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) | ||
2566 | ) | ||
2567 | return(1); | ||
2568 | else | ||
2569 | return(0); | ||
2570 | /* break; */ | ||
2571 | case SSL_CTRL_SET_TMP_RSA: | ||
2572 | { | ||
2573 | RSA *rsa; | ||
2574 | int i; | ||
2575 | |||
2576 | rsa=(RSA *)parg; | ||
2577 | i=1; | ||
2578 | if (rsa == NULL) | ||
2579 | i=0; | ||
2580 | else | ||
2581 | { | ||
2582 | if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) | ||
2583 | i=0; | ||
2584 | } | ||
2585 | if (!i) | ||
2586 | { | ||
2587 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); | ||
2588 | return(0); | ||
2589 | } | ||
2590 | else | ||
2591 | { | ||
2592 | if (cert->rsa_tmp != NULL) | ||
2593 | RSA_free(cert->rsa_tmp); | ||
2594 | cert->rsa_tmp=rsa; | ||
2595 | return(1); | ||
2596 | } | ||
2597 | } | ||
2598 | /* break; */ | ||
2599 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
2600 | { | ||
2601 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2602 | return(0); | ||
2603 | } | ||
2604 | break; | ||
2605 | #endif | ||
2606 | #ifndef OPENSSL_NO_DH | ||
2607 | case SSL_CTRL_SET_TMP_DH: | ||
2608 | { | ||
2609 | DH *new=NULL,*dh; | ||
2610 | |||
2611 | dh=(DH *)parg; | ||
2612 | if ((new=DHparams_dup(dh)) == NULL) | ||
2613 | { | ||
2614 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); | ||
2615 | return 0; | ||
2616 | } | ||
2617 | if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) | ||
2618 | { | ||
2619 | if (!DH_generate_key(new)) | ||
2620 | { | ||
2621 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); | ||
2622 | DH_free(new); | ||
2623 | return 0; | ||
2624 | } | ||
2625 | } | ||
2626 | if (cert->dh_tmp != NULL) | ||
2627 | DH_free(cert->dh_tmp); | ||
2628 | cert->dh_tmp=new; | ||
2629 | return 1; | ||
2630 | } | ||
2631 | /*break; */ | ||
2632 | case SSL_CTRL_SET_TMP_DH_CB: | ||
2633 | { | ||
2634 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2635 | return(0); | ||
2636 | } | ||
2637 | break; | ||
2638 | #endif | ||
2639 | #ifndef OPENSSL_NO_ECDH | ||
2640 | case SSL_CTRL_SET_TMP_ECDH: | ||
2641 | { | ||
2642 | EC_KEY *ecdh = NULL; | ||
2643 | |||
2644 | if (parg == NULL) | ||
2645 | { | ||
2646 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); | ||
2647 | return 0; | ||
2648 | } | ||
2649 | ecdh = EC_KEY_dup((EC_KEY *)parg); | ||
2650 | if (ecdh == NULL) | ||
2651 | { | ||
2652 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); | ||
2653 | return 0; | ||
2654 | } | ||
2655 | if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) | ||
2656 | { | ||
2657 | if (!EC_KEY_generate_key(ecdh)) | ||
2658 | { | ||
2659 | EC_KEY_free(ecdh); | ||
2660 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); | ||
2661 | return 0; | ||
2662 | } | ||
2663 | } | ||
2664 | |||
2665 | if (cert->ecdh_tmp != NULL) | ||
2666 | { | ||
2667 | EC_KEY_free(cert->ecdh_tmp); | ||
2668 | } | ||
2669 | cert->ecdh_tmp = ecdh; | ||
2670 | return 1; | ||
2671 | } | ||
2672 | /* break; */ | ||
2673 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
2674 | { | ||
2675 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2676 | return(0); | ||
2677 | } | ||
2678 | break; | ||
2679 | #endif /* !OPENSSL_NO_ECDH */ | ||
2680 | #ifndef OPENSSL_NO_TLSEXT | ||
2681 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: | ||
2682 | ctx->tlsext_servername_arg=parg; | ||
2683 | break; | ||
2684 | case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: | ||
2685 | case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: | ||
2686 | { | ||
2687 | unsigned char *keys = parg; | ||
2688 | if (!keys) | ||
2689 | return 48; | ||
2690 | if (larg != 48) | ||
2691 | { | ||
2692 | SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); | ||
2693 | return 0; | ||
2694 | } | ||
2695 | if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) | ||
2696 | { | ||
2697 | memcpy(ctx->tlsext_tick_key_name, keys, 16); | ||
2698 | memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); | ||
2699 | memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); | ||
2700 | } | ||
2701 | else | ||
2702 | { | ||
2703 | memcpy(keys, ctx->tlsext_tick_key_name, 16); | ||
2704 | memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); | ||
2705 | memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); | ||
2706 | } | ||
2707 | return 1; | ||
2708 | } | ||
2709 | |||
2710 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
2711 | case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: | ||
2712 | ctx->tlsext_opaque_prf_input_callback_arg = parg; | ||
2713 | return 1; | ||
2714 | #endif | ||
2715 | |||
2716 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: | ||
2717 | ctx->tlsext_status_arg=parg; | ||
2718 | return 1; | ||
2719 | break; | ||
2720 | |||
2721 | #endif /* !OPENSSL_NO_TLSEXT */ | ||
2722 | |||
2723 | /* A Thawte special :-) */ | ||
2724 | case SSL_CTRL_EXTRA_CHAIN_CERT: | ||
2725 | if (ctx->extra_certs == NULL) | ||
2726 | { | ||
2727 | if ((ctx->extra_certs=sk_X509_new_null()) == NULL) | ||
2728 | return(0); | ||
2729 | } | ||
2730 | sk_X509_push(ctx->extra_certs,(X509 *)parg); | ||
2731 | break; | ||
2732 | |||
2733 | default: | ||
2734 | return(0); | ||
2735 | } | ||
2736 | return(1); | ||
2737 | } | ||
2738 | |||
2739 | long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | ||
2740 | { | ||
2741 | CERT *cert; | ||
2742 | |||
2743 | cert=ctx->cert; | ||
2744 | |||
2745 | switch (cmd) | ||
2746 | { | ||
2747 | #ifndef OPENSSL_NO_RSA | ||
2748 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
2749 | { | ||
2750 | cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; | ||
2751 | } | ||
2752 | break; | ||
2753 | #endif | ||
2754 | #ifndef OPENSSL_NO_DH | ||
2755 | case SSL_CTRL_SET_TMP_DH_CB: | ||
2756 | { | ||
2757 | cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | ||
2758 | } | ||
2759 | break; | ||
2760 | #endif | ||
2761 | #ifndef OPENSSL_NO_ECDH | ||
2762 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
2763 | { | ||
2764 | cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
2765 | } | ||
2766 | break; | ||
2767 | #endif | ||
2768 | #ifndef OPENSSL_NO_TLSEXT | ||
2769 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: | ||
2770 | ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; | ||
2771 | break; | ||
2772 | |||
2773 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
2774 | case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: | ||
2775 | ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; | ||
2776 | break; | ||
2777 | #endif | ||
2778 | |||
2779 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: | ||
2780 | ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; | ||
2781 | break; | ||
2782 | |||
2783 | case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: | ||
2784 | ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, | ||
2785 | unsigned char *, | ||
2786 | EVP_CIPHER_CTX *, | ||
2787 | HMAC_CTX *, int))fp; | ||
2788 | break; | ||
2789 | |||
2790 | #endif | ||
2791 | default: | ||
2792 | return(0); | ||
2793 | } | ||
2794 | return(1); | ||
2795 | } | ||
2796 | |||
2797 | /* This function needs to check if the ciphers required are actually | ||
2798 | * available */ | ||
2799 | const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) | ||
2800 | { | ||
2801 | SSL_CIPHER c; | ||
2802 | const SSL_CIPHER *cp; | ||
2803 | unsigned long id; | ||
2804 | |||
2805 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | ||
2806 | c.id=id; | ||
2807 | cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); | ||
2808 | if (cp == NULL || cp->valid == 0) | ||
2809 | return NULL; | ||
2810 | else | ||
2811 | return cp; | ||
2812 | } | ||
2813 | |||
2814 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | ||
2815 | { | ||
2816 | long l; | ||
2817 | |||
2818 | if (p != NULL) | ||
2819 | { | ||
2820 | l=c->id; | ||
2821 | if ((l & 0xff000000) != 0x03000000) return(0); | ||
2822 | p[0]=((unsigned char)(l>> 8L))&0xFF; | ||
2823 | p[1]=((unsigned char)(l ))&0xFF; | ||
2824 | } | ||
2825 | return(2); | ||
2826 | } | ||
2827 | |||
2828 | SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | ||
2829 | STACK_OF(SSL_CIPHER) *srvr) | ||
2830 | { | ||
2831 | SSL_CIPHER *c,*ret=NULL; | ||
2832 | STACK_OF(SSL_CIPHER) *prio, *allow; | ||
2833 | int i,ii,ok; | ||
2834 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) | ||
2835 | unsigned int j; | ||
2836 | int ec_ok, ec_nid; | ||
2837 | unsigned char ec_search1 = 0, ec_search2 = 0; | ||
2838 | #endif | ||
2839 | CERT *cert; | ||
2840 | unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; | ||
2841 | |||
2842 | /* Let's see which ciphers we can support */ | ||
2843 | cert=s->cert; | ||
2844 | |||
2845 | #if 0 | ||
2846 | /* Do not set the compare functions, because this may lead to a | ||
2847 | * reordering by "id". We want to keep the original ordering. | ||
2848 | * We may pay a price in performance during sk_SSL_CIPHER_find(), | ||
2849 | * but would have to pay with the price of sk_SSL_CIPHER_dup(). | ||
2850 | */ | ||
2851 | sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); | ||
2852 | sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); | ||
2853 | #endif | ||
2854 | |||
2855 | #ifdef CIPHER_DEBUG | ||
2856 | printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); | ||
2857 | for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) | ||
2858 | { | ||
2859 | c=sk_SSL_CIPHER_value(srvr,i); | ||
2860 | printf("%p:%s\n",(void *)c,c->name); | ||
2861 | } | ||
2862 | printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); | ||
2863 | for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) | ||
2864 | { | ||
2865 | c=sk_SSL_CIPHER_value(clnt,i); | ||
2866 | printf("%p:%s\n",(void *)c,c->name); | ||
2867 | } | ||
2868 | #endif | ||
2869 | |||
2870 | if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) | ||
2871 | { | ||
2872 | prio = srvr; | ||
2873 | allow = clnt; | ||
2874 | } | ||
2875 | else | ||
2876 | { | ||
2877 | prio = clnt; | ||
2878 | allow = srvr; | ||
2879 | } | ||
2880 | |||
2881 | for (i=0; i<sk_SSL_CIPHER_num(prio); i++) | ||
2882 | { | ||
2883 | c=sk_SSL_CIPHER_value(prio,i); | ||
2884 | |||
2885 | ssl_set_cert_masks(cert,c); | ||
2886 | mask_k = cert->mask_k; | ||
2887 | mask_a = cert->mask_a; | ||
2888 | emask_k = cert->export_mask_k; | ||
2889 | emask_a = cert->export_mask_a; | ||
2890 | |||
2891 | #ifdef KSSL_DEBUG | ||
2892 | /* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ | ||
2893 | #endif /* KSSL_DEBUG */ | ||
2894 | |||
2895 | alg_k=c->algorithm_mkey; | ||
2896 | alg_a=c->algorithm_auth; | ||
2897 | |||
2898 | #ifndef OPENSSL_NO_KRB5 | ||
2899 | if (alg_k & SSL_kKRB5) | ||
2900 | { | ||
2901 | if ( !kssl_keytab_is_available(s->kssl_ctx) ) | ||
2902 | continue; | ||
2903 | } | ||
2904 | #endif /* OPENSSL_NO_KRB5 */ | ||
2905 | #ifndef OPENSSL_NO_PSK | ||
2906 | /* with PSK there must be server callback set */ | ||
2907 | if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) | ||
2908 | continue; | ||
2909 | #endif /* OPENSSL_NO_PSK */ | ||
2910 | |||
2911 | if (SSL_C_IS_EXPORT(c)) | ||
2912 | { | ||
2913 | ok = (alg_k & emask_k) && (alg_a & emask_a); | ||
2914 | #ifdef CIPHER_DEBUG | ||
2915 | printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, | ||
2916 | (void *)c,c->name); | ||
2917 | #endif | ||
2918 | } | ||
2919 | else | ||
2920 | { | ||
2921 | ok = (alg_k & mask_k) && (alg_a & mask_a); | ||
2922 | #ifdef CIPHER_DEBUG | ||
2923 | printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, | ||
2924 | c->name); | ||
2925 | #endif | ||
2926 | } | ||
2927 | |||
2928 | #ifndef OPENSSL_NO_TLSEXT | ||
2929 | #ifndef OPENSSL_NO_EC | ||
2930 | if ( | ||
2931 | /* if we are considering an ECC cipher suite that uses our certificate */ | ||
2932 | (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) | ||
2933 | /* and we have an ECC certificate */ | ||
2934 | && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) | ||
2935 | /* and the client specified a Supported Point Formats extension */ | ||
2936 | && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) | ||
2937 | /* and our certificate's point is compressed */ | ||
2938 | && ( | ||
2939 | (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) | ||
2940 | && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) | ||
2941 | && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) | ||
2942 | && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) | ||
2943 | && ( | ||
2944 | (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) | ||
2945 | || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) | ||
2946 | ) | ||
2947 | ) | ||
2948 | ) | ||
2949 | { | ||
2950 | ec_ok = 0; | ||
2951 | /* if our certificate's curve is over a field type that the client does not support | ||
2952 | * then do not allow this cipher suite to be negotiated */ | ||
2953 | if ( | ||
2954 | (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) | ||
2955 | && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) | ||
2956 | && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) | ||
2957 | && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) | ||
2958 | ) | ||
2959 | { | ||
2960 | for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) | ||
2961 | { | ||
2962 | if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) | ||
2963 | { | ||
2964 | ec_ok = 1; | ||
2965 | break; | ||
2966 | } | ||
2967 | } | ||
2968 | } | ||
2969 | else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) | ||
2970 | { | ||
2971 | for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) | ||
2972 | { | ||
2973 | if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) | ||
2974 | { | ||
2975 | ec_ok = 1; | ||
2976 | break; | ||
2977 | } | ||
2978 | } | ||
2979 | } | ||
2980 | ok = ok && ec_ok; | ||
2981 | } | ||
2982 | if ( | ||
2983 | /* if we are considering an ECC cipher suite that uses our certificate */ | ||
2984 | (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) | ||
2985 | /* and we have an ECC certificate */ | ||
2986 | && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) | ||
2987 | /* and the client specified an EllipticCurves extension */ | ||
2988 | && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) | ||
2989 | ) | ||
2990 | { | ||
2991 | ec_ok = 0; | ||
2992 | if ( | ||
2993 | (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) | ||
2994 | && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) | ||
2995 | ) | ||
2996 | { | ||
2997 | ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); | ||
2998 | if ((ec_nid == 0) | ||
2999 | && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) | ||
3000 | ) | ||
3001 | { | ||
3002 | if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) | ||
3003 | { | ||
3004 | ec_search1 = 0xFF; | ||
3005 | ec_search2 = 0x01; | ||
3006 | } | ||
3007 | else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) | ||
3008 | { | ||
3009 | ec_search1 = 0xFF; | ||
3010 | ec_search2 = 0x02; | ||
3011 | } | ||
3012 | } | ||
3013 | else | ||
3014 | { | ||
3015 | ec_search1 = 0x00; | ||
3016 | ec_search2 = tls1_ec_nid2curve_id(ec_nid); | ||
3017 | } | ||
3018 | if ((ec_search1 != 0) || (ec_search2 != 0)) | ||
3019 | { | ||
3020 | for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) | ||
3021 | { | ||
3022 | if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) | ||
3023 | { | ||
3024 | ec_ok = 1; | ||
3025 | break; | ||
3026 | } | ||
3027 | } | ||
3028 | } | ||
3029 | } | ||
3030 | ok = ok && ec_ok; | ||
3031 | } | ||
3032 | if ( | ||
3033 | /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ | ||
3034 | (alg_k & SSL_kEECDH) | ||
3035 | /* and we have an ephemeral EC key */ | ||
3036 | && (s->cert->ecdh_tmp != NULL) | ||
3037 | /* and the client specified an EllipticCurves extension */ | ||
3038 | && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) | ||
3039 | ) | ||
3040 | { | ||
3041 | ec_ok = 0; | ||
3042 | if (s->cert->ecdh_tmp->group != NULL) | ||
3043 | { | ||
3044 | ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); | ||
3045 | if ((ec_nid == 0) | ||
3046 | && (s->cert->ecdh_tmp->group->meth != NULL) | ||
3047 | ) | ||
3048 | { | ||
3049 | if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) | ||
3050 | { | ||
3051 | ec_search1 = 0xFF; | ||
3052 | ec_search2 = 0x01; | ||
3053 | } | ||
3054 | else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) | ||
3055 | { | ||
3056 | ec_search1 = 0xFF; | ||
3057 | ec_search2 = 0x02; | ||
3058 | } | ||
3059 | } | ||
3060 | else | ||
3061 | { | ||
3062 | ec_search1 = 0x00; | ||
3063 | ec_search2 = tls1_ec_nid2curve_id(ec_nid); | ||
3064 | } | ||
3065 | if ((ec_search1 != 0) || (ec_search2 != 0)) | ||
3066 | { | ||
3067 | for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) | ||
3068 | { | ||
3069 | if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) | ||
3070 | { | ||
3071 | ec_ok = 1; | ||
3072 | break; | ||
3073 | } | ||
3074 | } | ||
3075 | } | ||
3076 | } | ||
3077 | ok = ok && ec_ok; | ||
3078 | } | ||
3079 | #endif /* OPENSSL_NO_EC */ | ||
3080 | #endif /* OPENSSL_NO_TLSEXT */ | ||
3081 | |||
3082 | if (!ok) continue; | ||
3083 | ii=sk_SSL_CIPHER_find(allow,c); | ||
3084 | if (ii >= 0) | ||
3085 | { | ||
3086 | ret=sk_SSL_CIPHER_value(allow,ii); | ||
3087 | break; | ||
3088 | } | ||
3089 | } | ||
3090 | return(ret); | ||
3091 | } | ||
3092 | |||
3093 | int ssl3_get_req_cert_type(SSL *s, unsigned char *p) | ||
3094 | { | ||
3095 | int ret=0; | ||
3096 | unsigned long alg_k; | ||
3097 | |||
3098 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
3099 | |||
3100 | #ifndef OPENSSL_NO_GOST | ||
3101 | if (s->version >= TLS1_VERSION) | ||
3102 | { | ||
3103 | if (alg_k & SSL_kGOST) | ||
3104 | { | ||
3105 | p[ret++]=TLS_CT_GOST94_SIGN; | ||
3106 | p[ret++]=TLS_CT_GOST01_SIGN; | ||
3107 | return(ret); | ||
3108 | } | ||
3109 | } | ||
3110 | #endif | ||
3111 | |||
3112 | #ifndef OPENSSL_NO_DH | ||
3113 | if (alg_k & (SSL_kDHr|SSL_kEDH)) | ||
3114 | { | ||
3115 | # ifndef OPENSSL_NO_RSA | ||
3116 | p[ret++]=SSL3_CT_RSA_FIXED_DH; | ||
3117 | # endif | ||
3118 | # ifndef OPENSSL_NO_DSA | ||
3119 | p[ret++]=SSL3_CT_DSS_FIXED_DH; | ||
3120 | # endif | ||
3121 | } | ||
3122 | if ((s->version == SSL3_VERSION) && | ||
3123 | (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) | ||
3124 | { | ||
3125 | # ifndef OPENSSL_NO_RSA | ||
3126 | p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; | ||
3127 | # endif | ||
3128 | # ifndef OPENSSL_NO_DSA | ||
3129 | p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; | ||
3130 | # endif | ||
3131 | } | ||
3132 | #endif /* !OPENSSL_NO_DH */ | ||
3133 | #ifndef OPENSSL_NO_RSA | ||
3134 | p[ret++]=SSL3_CT_RSA_SIGN; | ||
3135 | #endif | ||
3136 | #ifndef OPENSSL_NO_DSA | ||
3137 | p[ret++]=SSL3_CT_DSS_SIGN; | ||
3138 | #endif | ||
3139 | #ifndef OPENSSL_NO_ECDH | ||
3140 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) | ||
3141 | { | ||
3142 | p[ret++]=TLS_CT_RSA_FIXED_ECDH; | ||
3143 | p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; | ||
3144 | } | ||
3145 | #endif | ||
3146 | |||
3147 | #ifndef OPENSSL_NO_ECDSA | ||
3148 | /* ECDSA certs can be used with RSA cipher suites as well | ||
3149 | * so we don't need to check for SSL_kECDH or SSL_kEECDH | ||
3150 | */ | ||
3151 | if (s->version >= TLS1_VERSION) | ||
3152 | { | ||
3153 | p[ret++]=TLS_CT_ECDSA_SIGN; | ||
3154 | } | ||
3155 | #endif | ||
3156 | return(ret); | ||
3157 | } | ||
3158 | |||
3159 | int ssl3_shutdown(SSL *s) | ||
3160 | { | ||
3161 | int ret; | ||
3162 | |||
3163 | /* Don't do anything much if we have not done the handshake or | ||
3164 | * we don't want to send messages :-) */ | ||
3165 | if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) | ||
3166 | { | ||
3167 | s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | ||
3168 | return(1); | ||
3169 | } | ||
3170 | |||
3171 | if (!(s->shutdown & SSL_SENT_SHUTDOWN)) | ||
3172 | { | ||
3173 | s->shutdown|=SSL_SENT_SHUTDOWN; | ||
3174 | #if 1 | ||
3175 | ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); | ||
3176 | #endif | ||
3177 | /* our shutdown alert has been sent now, and if it still needs | ||
3178 | * to be written, s->s3->alert_dispatch will be true */ | ||
3179 | if (s->s3->alert_dispatch) | ||
3180 | return(-1); /* return WANT_WRITE */ | ||
3181 | } | ||
3182 | else if (s->s3->alert_dispatch) | ||
3183 | { | ||
3184 | /* resend it if not sent */ | ||
3185 | #if 1 | ||
3186 | ret=s->method->ssl_dispatch_alert(s); | ||
3187 | if(ret == -1) | ||
3188 | { | ||
3189 | /* we only get to return -1 here the 2nd/Nth | ||
3190 | * invocation, we must have already signalled | ||
3191 | * return 0 upon a previous invoation, | ||
3192 | * return WANT_WRITE */ | ||
3193 | return(ret); | ||
3194 | } | ||
3195 | #endif | ||
3196 | } | ||
3197 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) | ||
3198 | { | ||
3199 | /* If we are waiting for a close from our peer, we are closed */ | ||
3200 | s->method->ssl_read_bytes(s,0,NULL,0,0); | ||
3201 | if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) | ||
3202 | { | ||
3203 | return(-1); /* return WANT_READ */ | ||
3204 | } | ||
3205 | } | ||
3206 | |||
3207 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && | ||
3208 | !s->s3->alert_dispatch) | ||
3209 | return(1); | ||
3210 | else | ||
3211 | return(0); | ||
3212 | } | ||
3213 | |||
3214 | int ssl3_write(SSL *s, const void *buf, int len) | ||
3215 | { | ||
3216 | int ret,n; | ||
3217 | |||
3218 | #if 0 | ||
3219 | if (s->shutdown & SSL_SEND_SHUTDOWN) | ||
3220 | { | ||
3221 | s->rwstate=SSL_NOTHING; | ||
3222 | return(0); | ||
3223 | } | ||
3224 | #endif | ||
3225 | clear_sys_error(); | ||
3226 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | ||
3227 | |||
3228 | /* This is an experimental flag that sends the | ||
3229 | * last handshake message in the same packet as the first | ||
3230 | * use data - used to see if it helps the TCP protocol during | ||
3231 | * session-id reuse */ | ||
3232 | /* The second test is because the buffer may have been removed */ | ||
3233 | if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) | ||
3234 | { | ||
3235 | /* First time through, we write into the buffer */ | ||
3236 | if (s->s3->delay_buf_pop_ret == 0) | ||
3237 | { | ||
3238 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | ||
3239 | buf,len); | ||
3240 | if (ret <= 0) return(ret); | ||
3241 | |||
3242 | s->s3->delay_buf_pop_ret=ret; | ||
3243 | } | ||
3244 | |||
3245 | s->rwstate=SSL_WRITING; | ||
3246 | n=BIO_flush(s->wbio); | ||
3247 | if (n <= 0) return(n); | ||
3248 | s->rwstate=SSL_NOTHING; | ||
3249 | |||
3250 | /* We have flushed the buffer, so remove it */ | ||
3251 | ssl_free_wbio_buffer(s); | ||
3252 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | ||
3253 | |||
3254 | ret=s->s3->delay_buf_pop_ret; | ||
3255 | s->s3->delay_buf_pop_ret=0; | ||
3256 | } | ||
3257 | else | ||
3258 | { | ||
3259 | ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, | ||
3260 | buf,len); | ||
3261 | if (ret <= 0) return(ret); | ||
3262 | } | ||
3263 | |||
3264 | return(ret); | ||
3265 | } | ||
3266 | |||
3267 | static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) | ||
3268 | { | ||
3269 | int ret; | ||
3270 | |||
3271 | clear_sys_error(); | ||
3272 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | ||
3273 | s->s3->in_read_app_data=1; | ||
3274 | ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); | ||
3275 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) | ||
3276 | { | ||
3277 | /* ssl3_read_bytes decided to call s->handshake_func, which | ||
3278 | * called ssl3_read_bytes to read handshake data. | ||
3279 | * However, ssl3_read_bytes actually found application data | ||
3280 | * and thinks that application data makes sense here; so disable | ||
3281 | * handshake processing and try to read application data again. */ | ||
3282 | s->in_handshake++; | ||
3283 | ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); | ||
3284 | s->in_handshake--; | ||
3285 | } | ||
3286 | else | ||
3287 | s->s3->in_read_app_data=0; | ||
3288 | |||
3289 | return(ret); | ||
3290 | } | ||
3291 | |||
3292 | int ssl3_read(SSL *s, void *buf, int len) | ||
3293 | { | ||
3294 | return ssl3_read_internal(s, buf, len, 0); | ||
3295 | } | ||
3296 | |||
3297 | int ssl3_peek(SSL *s, void *buf, int len) | ||
3298 | { | ||
3299 | return ssl3_read_internal(s, buf, len, 1); | ||
3300 | } | ||
3301 | |||
3302 | int ssl3_renegotiate(SSL *s) | ||
3303 | { | ||
3304 | if (s->handshake_func == NULL) | ||
3305 | return(1); | ||
3306 | |||
3307 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | ||
3308 | return(0); | ||
3309 | |||
3310 | s->s3->renegotiate=1; | ||
3311 | return(1); | ||
3312 | } | ||
3313 | |||
3314 | int ssl3_renegotiate_check(SSL *s) | ||
3315 | { | ||
3316 | int ret=0; | ||
3317 | |||
3318 | if (s->s3->renegotiate) | ||
3319 | { | ||
3320 | if ( (s->s3->rbuf.left == 0) && | ||
3321 | (s->s3->wbuf.left == 0) && | ||
3322 | !SSL_in_init(s)) | ||
3323 | { | ||
3324 | /* | ||
3325 | if we are the server, and we have sent a 'RENEGOTIATE' message, we | ||
3326 | need to go to SSL_ST_ACCEPT. | ||
3327 | */ | ||
3328 | /* SSL_ST_ACCEPT */ | ||
3329 | s->state=SSL_ST_RENEGOTIATE; | ||
3330 | s->s3->renegotiate=0; | ||
3331 | s->s3->num_renegotiations++; | ||
3332 | s->s3->total_renegotiations++; | ||
3333 | ret=1; | ||
3334 | } | ||
3335 | } | ||
3336 | return(ret); | ||
3337 | } | ||
3338 | |||
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c deleted file mode 100644 index f9b3629cf7..0000000000 --- a/src/lib/libssl/s3_pkt.c +++ /dev/null | |||
@@ -1,1459 +0,0 @@ | |||
1 | /* ssl/s3_pkt.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | |||
112 | #include <stdio.h> | ||
113 | #include <errno.h> | ||
114 | #define USE_SOCKETS | ||
115 | #include "ssl_locl.h" | ||
116 | #include <openssl/evp.h> | ||
117 | #include <openssl/buffer.h> | ||
118 | |||
119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | ||
120 | unsigned int len, int create_empty_fragment); | ||
121 | static int ssl3_get_record(SSL *s); | ||
122 | |||
123 | int ssl3_read_n(SSL *s, int n, int max, int extend) | ||
124 | { | ||
125 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase | ||
126 | * packet by another n bytes. | ||
127 | * The packet will be in the sub-array of s->s3->rbuf.buf specified | ||
128 | * by s->packet and s->packet_length. | ||
129 | * (If s->read_ahead is set, 'max' bytes may be stored in rbuf | ||
130 | * [plus s->packet_length bytes if extend == 1].) | ||
131 | */ | ||
132 | int i,len,left; | ||
133 | long align=0; | ||
134 | unsigned char *pkt; | ||
135 | SSL3_BUFFER *rb; | ||
136 | |||
137 | if (n <= 0) return n; | ||
138 | |||
139 | rb = &(s->s3->rbuf); | ||
140 | if (rb->buf == NULL) | ||
141 | if (!ssl3_setup_read_buffer(s)) | ||
142 | return -1; | ||
143 | |||
144 | left = rb->left; | ||
145 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | ||
146 | align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; | ||
147 | align = (-align)&(SSL3_ALIGN_PAYLOAD-1); | ||
148 | #endif | ||
149 | |||
150 | if (!extend) | ||
151 | { | ||
152 | /* start with empty packet ... */ | ||
153 | if (left == 0) | ||
154 | rb->offset = align; | ||
155 | else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) | ||
156 | { | ||
157 | /* check if next packet length is large | ||
158 | * enough to justify payload alignment... */ | ||
159 | pkt = rb->buf + rb->offset; | ||
160 | if (pkt[0] == SSL3_RT_APPLICATION_DATA | ||
161 | && (pkt[3]<<8|pkt[4]) >= 128) | ||
162 | { | ||
163 | /* Note that even if packet is corrupted | ||
164 | * and its length field is insane, we can | ||
165 | * only be led to wrong decision about | ||
166 | * whether memmove will occur or not. | ||
167 | * Header values has no effect on memmove | ||
168 | * arguments and therefore no buffer | ||
169 | * overrun can be triggered. */ | ||
170 | memmove (rb->buf+align,pkt,left); | ||
171 | rb->offset = align; | ||
172 | } | ||
173 | } | ||
174 | s->packet = rb->buf + rb->offset; | ||
175 | s->packet_length = 0; | ||
176 | /* ... now we can act as if 'extend' was set */ | ||
177 | } | ||
178 | |||
179 | /* For DTLS/UDP reads should not span multiple packets | ||
180 | * because the read operation returns the whole packet | ||
181 | * at once (as long as it fits into the buffer). */ | ||
182 | if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | ||
183 | { | ||
184 | if (left > 0 && n > left) | ||
185 | n = left; | ||
186 | } | ||
187 | |||
188 | /* if there is enough in the buffer from a previous read, take some */ | ||
189 | if (left >= n) | ||
190 | { | ||
191 | s->packet_length+=n; | ||
192 | rb->left=left-n; | ||
193 | rb->offset+=n; | ||
194 | return(n); | ||
195 | } | ||
196 | |||
197 | /* else we need to read more data */ | ||
198 | |||
199 | len = s->packet_length; | ||
200 | pkt = rb->buf+align; | ||
201 | /* Move any available bytes to front of buffer: | ||
202 | * 'len' bytes already pointed to by 'packet', | ||
203 | * 'left' extra ones at the end */ | ||
204 | if (s->packet != pkt) /* len > 0 */ | ||
205 | { | ||
206 | memmove(pkt, s->packet, len+left); | ||
207 | s->packet = pkt; | ||
208 | rb->offset = len + align; | ||
209 | } | ||
210 | |||
211 | if (n > (int)(rb->len - rb->offset)) /* does not happen */ | ||
212 | { | ||
213 | SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); | ||
214 | return -1; | ||
215 | } | ||
216 | |||
217 | if (!s->read_ahead) | ||
218 | /* ignore max parameter */ | ||
219 | max = n; | ||
220 | else | ||
221 | { | ||
222 | if (max < n) | ||
223 | max = n; | ||
224 | if (max > (int)(rb->len - rb->offset)) | ||
225 | max = rb->len - rb->offset; | ||
226 | } | ||
227 | |||
228 | while (left < n) | ||
229 | { | ||
230 | /* Now we have len+left bytes at the front of s->s3->rbuf.buf | ||
231 | * and need to read in more until we have len+n (up to | ||
232 | * len+max if possible) */ | ||
233 | |||
234 | clear_sys_error(); | ||
235 | if (s->rbio != NULL) | ||
236 | { | ||
237 | s->rwstate=SSL_READING; | ||
238 | i=BIO_read(s->rbio,pkt+len+left, max-left); | ||
239 | } | ||
240 | else | ||
241 | { | ||
242 | SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); | ||
243 | i = -1; | ||
244 | } | ||
245 | |||
246 | if (i <= 0) | ||
247 | { | ||
248 | rb->left = left; | ||
249 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | ||
250 | SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) | ||
251 | if (len+left == 0) | ||
252 | ssl3_release_read_buffer(s); | ||
253 | return(i); | ||
254 | } | ||
255 | left+=i; | ||
256 | /* reads should *never* span multiple packets for DTLS because | ||
257 | * the underlying transport protocol is message oriented as opposed | ||
258 | * to byte oriented as in the TLS case. */ | ||
259 | if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | ||
260 | { | ||
261 | if (n > left) | ||
262 | n = left; /* makes the while condition false */ | ||
263 | } | ||
264 | } | ||
265 | |||
266 | /* done reading, now the book-keeping */ | ||
267 | rb->offset += n; | ||
268 | rb->left = left - n; | ||
269 | s->packet_length += n; | ||
270 | s->rwstate=SSL_NOTHING; | ||
271 | return(n); | ||
272 | } | ||
273 | |||
274 | /* Call this to get a new input record. | ||
275 | * It will return <= 0 if more data is needed, normally due to an error | ||
276 | * or non-blocking IO. | ||
277 | * When it finishes, one packet has been decoded and can be found in | ||
278 | * ssl->s3->rrec.type - is the type of record | ||
279 | * ssl->s3->rrec.data, - data | ||
280 | * ssl->s3->rrec.length, - number of bytes | ||
281 | */ | ||
282 | /* used only by ssl3_read_bytes */ | ||
283 | static int ssl3_get_record(SSL *s) | ||
284 | { | ||
285 | int ssl_major,ssl_minor,al; | ||
286 | int enc_err,n,i,ret= -1; | ||
287 | SSL3_RECORD *rr; | ||
288 | SSL_SESSION *sess; | ||
289 | unsigned char *p; | ||
290 | unsigned char md[EVP_MAX_MD_SIZE]; | ||
291 | short version; | ||
292 | int mac_size; | ||
293 | int clear=0; | ||
294 | size_t extra; | ||
295 | int decryption_failed_or_bad_record_mac = 0; | ||
296 | unsigned char *mac = NULL; | ||
297 | |||
298 | rr= &(s->s3->rrec); | ||
299 | sess=s->session; | ||
300 | |||
301 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | ||
302 | extra=SSL3_RT_MAX_EXTRA; | ||
303 | else | ||
304 | extra=0; | ||
305 | if (extra && !s->s3->init_extra) | ||
306 | { | ||
307 | /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | ||
308 | * set after ssl3_setup_buffers() was done */ | ||
309 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | ||
310 | return -1; | ||
311 | } | ||
312 | |||
313 | again: | ||
314 | /* check if we have the header */ | ||
315 | if ( (s->rstate != SSL_ST_READ_BODY) || | ||
316 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) | ||
317 | { | ||
318 | n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); | ||
319 | if (n <= 0) return(n); /* error or non-blocking */ | ||
320 | s->rstate=SSL_ST_READ_BODY; | ||
321 | |||
322 | p=s->packet; | ||
323 | |||
324 | /* Pull apart the header into the SSL3_RECORD */ | ||
325 | rr->type= *(p++); | ||
326 | ssl_major= *(p++); | ||
327 | ssl_minor= *(p++); | ||
328 | version=(ssl_major<<8)|ssl_minor; | ||
329 | n2s(p,rr->length); | ||
330 | #if 0 | ||
331 | fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | ||
332 | #endif | ||
333 | |||
334 | /* Lets check version */ | ||
335 | if (!s->first_packet) | ||
336 | { | ||
337 | if (version != s->version) | ||
338 | { | ||
339 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | ||
340 | if ((s->version & 0xFF00) == (version & 0xFF00)) | ||
341 | /* Send back error using their minor version number :-) */ | ||
342 | s->version = (unsigned short)version; | ||
343 | al=SSL_AD_PROTOCOL_VERSION; | ||
344 | goto f_err; | ||
345 | } | ||
346 | } | ||
347 | |||
348 | if ((version>>8) != SSL3_VERSION_MAJOR) | ||
349 | { | ||
350 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | ||
351 | goto err; | ||
352 | } | ||
353 | |||
354 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) | ||
355 | { | ||
356 | al=SSL_AD_RECORD_OVERFLOW; | ||
357 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); | ||
358 | goto f_err; | ||
359 | } | ||
360 | |||
361 | /* now s->rstate == SSL_ST_READ_BODY */ | ||
362 | } | ||
363 | |||
364 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | ||
365 | |||
366 | if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) | ||
367 | { | ||
368 | /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ | ||
369 | i=rr->length; | ||
370 | n=ssl3_read_n(s,i,i,1); | ||
371 | if (n <= 0) return(n); /* error or non-blocking io */ | ||
372 | /* now n == rr->length, | ||
373 | * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ | ||
374 | } | ||
375 | |||
376 | s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ | ||
377 | |||
378 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | ||
379 | * and we have that many bytes in s->packet | ||
380 | */ | ||
381 | rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); | ||
382 | |||
383 | /* ok, we can now read from 's->packet' data into 'rr' | ||
384 | * rr->input points at rr->length bytes, which | ||
385 | * need to be copied into rr->data by either | ||
386 | * the decryption or by the decompression | ||
387 | * When the data is 'copied' into the rr->data buffer, | ||
388 | * rr->input will be pointed at the new buffer */ | ||
389 | |||
390 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | ||
391 | * rr->length bytes of encrypted compressed stuff. */ | ||
392 | |||
393 | /* check is not needed I believe */ | ||
394 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | ||
395 | { | ||
396 | al=SSL_AD_RECORD_OVERFLOW; | ||
397 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | ||
398 | goto f_err; | ||
399 | } | ||
400 | |||
401 | /* decrypt in place in 'rr->input' */ | ||
402 | rr->data=rr->input; | ||
403 | |||
404 | enc_err = s->method->ssl3_enc->enc(s,0); | ||
405 | if (enc_err <= 0) | ||
406 | { | ||
407 | if (enc_err == 0) | ||
408 | /* SSLerr() and ssl3_send_alert() have been called */ | ||
409 | goto err; | ||
410 | |||
411 | /* Otherwise enc_err == -1, which indicates bad padding | ||
412 | * (rec->length has not been changed in this case). | ||
413 | * To minimize information leaked via timing, we will perform | ||
414 | * the MAC computation anyway. */ | ||
415 | decryption_failed_or_bad_record_mac = 1; | ||
416 | } | ||
417 | |||
418 | #ifdef TLS_DEBUG | ||
419 | printf("dec %d\n",rr->length); | ||
420 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | ||
421 | printf("\n"); | ||
422 | #endif | ||
423 | |||
424 | /* r->length is now the compressed data plus mac */ | ||
425 | if ( (sess == NULL) || | ||
426 | (s->enc_read_ctx == NULL) || | ||
427 | (EVP_MD_CTX_md(s->read_hash) == NULL)) | ||
428 | clear=1; | ||
429 | |||
430 | if (!clear) | ||
431 | { | ||
432 | /* !clear => s->read_hash != NULL => mac_size != -1 */ | ||
433 | mac_size=EVP_MD_CTX_size(s->read_hash); | ||
434 | OPENSSL_assert(mac_size >= 0); | ||
435 | |||
436 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | ||
437 | { | ||
438 | #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ | ||
439 | al=SSL_AD_RECORD_OVERFLOW; | ||
440 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | ||
441 | goto f_err; | ||
442 | #else | ||
443 | decryption_failed_or_bad_record_mac = 1; | ||
444 | #endif | ||
445 | } | ||
446 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ | ||
447 | if (rr->length >= (unsigned int)mac_size) | ||
448 | { | ||
449 | rr->length -= mac_size; | ||
450 | mac = &rr->data[rr->length]; | ||
451 | } | ||
452 | else | ||
453 | { | ||
454 | /* record (minus padding) is too short to contain a MAC */ | ||
455 | #if 0 /* OK only for stream ciphers */ | ||
456 | al=SSL_AD_DECODE_ERROR; | ||
457 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); | ||
458 | goto f_err; | ||
459 | #else | ||
460 | decryption_failed_or_bad_record_mac = 1; | ||
461 | rr->length = 0; | ||
462 | #endif | ||
463 | } | ||
464 | i=s->method->ssl3_enc->mac(s,md,0); | ||
465 | if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0) | ||
466 | { | ||
467 | decryption_failed_or_bad_record_mac = 1; | ||
468 | } | ||
469 | } | ||
470 | |||
471 | if (decryption_failed_or_bad_record_mac) | ||
472 | { | ||
473 | /* A separate 'decryption_failed' alert was introduced with TLS 1.0, | ||
474 | * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | ||
475 | * failure is directly visible from the ciphertext anyway, | ||
476 | * we should not reveal which kind of error occured -- this | ||
477 | * might become visible to an attacker (e.g. via a logfile) */ | ||
478 | al=SSL_AD_BAD_RECORD_MAC; | ||
479 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | ||
480 | goto f_err; | ||
481 | } | ||
482 | |||
483 | /* r->length is now just compressed */ | ||
484 | if (s->expand != NULL) | ||
485 | { | ||
486 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) | ||
487 | { | ||
488 | al=SSL_AD_RECORD_OVERFLOW; | ||
489 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); | ||
490 | goto f_err; | ||
491 | } | ||
492 | if (!ssl3_do_uncompress(s)) | ||
493 | { | ||
494 | al=SSL_AD_DECOMPRESSION_FAILURE; | ||
495 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); | ||
496 | goto f_err; | ||
497 | } | ||
498 | } | ||
499 | |||
500 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) | ||
501 | { | ||
502 | al=SSL_AD_RECORD_OVERFLOW; | ||
503 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); | ||
504 | goto f_err; | ||
505 | } | ||
506 | |||
507 | rr->off=0; | ||
508 | /* So at this point the following is true | ||
509 | * ssl->s3->rrec.type is the type of record | ||
510 | * ssl->s3->rrec.length == number of bytes in record | ||
511 | * ssl->s3->rrec.off == offset to first valid byte | ||
512 | * ssl->s3->rrec.data == where to take bytes from, increment | ||
513 | * after use :-). | ||
514 | */ | ||
515 | |||
516 | /* we have pulled in a full packet so zero things */ | ||
517 | s->packet_length=0; | ||
518 | |||
519 | /* just read a 0 length packet */ | ||
520 | if (rr->length == 0) goto again; | ||
521 | |||
522 | #if 0 | ||
523 | fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); | ||
524 | #endif | ||
525 | |||
526 | return(1); | ||
527 | |||
528 | f_err: | ||
529 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
530 | err: | ||
531 | return(ret); | ||
532 | } | ||
533 | |||
534 | int ssl3_do_uncompress(SSL *ssl) | ||
535 | { | ||
536 | #ifndef OPENSSL_NO_COMP | ||
537 | int i; | ||
538 | SSL3_RECORD *rr; | ||
539 | |||
540 | rr= &(ssl->s3->rrec); | ||
541 | i=COMP_expand_block(ssl->expand,rr->comp, | ||
542 | SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); | ||
543 | if (i < 0) | ||
544 | return(0); | ||
545 | else | ||
546 | rr->length=i; | ||
547 | rr->data=rr->comp; | ||
548 | #endif | ||
549 | return(1); | ||
550 | } | ||
551 | |||
552 | int ssl3_do_compress(SSL *ssl) | ||
553 | { | ||
554 | #ifndef OPENSSL_NO_COMP | ||
555 | int i; | ||
556 | SSL3_RECORD *wr; | ||
557 | |||
558 | wr= &(ssl->s3->wrec); | ||
559 | i=COMP_compress_block(ssl->compress,wr->data, | ||
560 | SSL3_RT_MAX_COMPRESSED_LENGTH, | ||
561 | wr->input,(int)wr->length); | ||
562 | if (i < 0) | ||
563 | return(0); | ||
564 | else | ||
565 | wr->length=i; | ||
566 | |||
567 | wr->input=wr->data; | ||
568 | #endif | ||
569 | return(1); | ||
570 | } | ||
571 | |||
572 | /* Call this to write data in records of type 'type' | ||
573 | * It will return <= 0 if not all data has been sent or non-blocking IO. | ||
574 | */ | ||
575 | int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | ||
576 | { | ||
577 | const unsigned char *buf=buf_; | ||
578 | unsigned int tot,n,nw; | ||
579 | int i; | ||
580 | |||
581 | s->rwstate=SSL_NOTHING; | ||
582 | tot=s->s3->wnum; | ||
583 | s->s3->wnum=0; | ||
584 | |||
585 | if (SSL_in_init(s) && !s->in_handshake) | ||
586 | { | ||
587 | i=s->handshake_func(s); | ||
588 | if (i < 0) return(i); | ||
589 | if (i == 0) | ||
590 | { | ||
591 | SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
592 | return -1; | ||
593 | } | ||
594 | } | ||
595 | |||
596 | n=(len-tot); | ||
597 | for (;;) | ||
598 | { | ||
599 | if (n > s->max_send_fragment) | ||
600 | nw=s->max_send_fragment; | ||
601 | else | ||
602 | nw=n; | ||
603 | |||
604 | i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); | ||
605 | if (i <= 0) | ||
606 | { | ||
607 | s->s3->wnum=tot; | ||
608 | return i; | ||
609 | } | ||
610 | |||
611 | if ((i == (int)n) || | ||
612 | (type == SSL3_RT_APPLICATION_DATA && | ||
613 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) | ||
614 | { | ||
615 | /* next chunk of data should get another prepended empty fragment | ||
616 | * in ciphersuites with known-IV weakness: */ | ||
617 | s->s3->empty_fragment_done = 0; | ||
618 | |||
619 | return tot+i; | ||
620 | } | ||
621 | |||
622 | n-=i; | ||
623 | tot+=i; | ||
624 | } | ||
625 | } | ||
626 | |||
627 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | ||
628 | unsigned int len, int create_empty_fragment) | ||
629 | { | ||
630 | unsigned char *p,*plen; | ||
631 | int i,mac_size,clear=0; | ||
632 | int prefix_len=0; | ||
633 | long align=0; | ||
634 | SSL3_RECORD *wr; | ||
635 | SSL3_BUFFER *wb=&(s->s3->wbuf); | ||
636 | SSL_SESSION *sess; | ||
637 | |||
638 | if (wb->buf == NULL) | ||
639 | if (!ssl3_setup_write_buffer(s)) | ||
640 | return -1; | ||
641 | |||
642 | /* first check if there is a SSL3_BUFFER still being written | ||
643 | * out. This will happen with non blocking IO */ | ||
644 | if (wb->left != 0) | ||
645 | return(ssl3_write_pending(s,type,buf,len)); | ||
646 | |||
647 | /* If we have an alert to send, lets send it */ | ||
648 | if (s->s3->alert_dispatch) | ||
649 | { | ||
650 | i=s->method->ssl_dispatch_alert(s); | ||
651 | if (i <= 0) | ||
652 | return(i); | ||
653 | /* if it went, fall through and send more stuff */ | ||
654 | } | ||
655 | |||
656 | if (len == 0 && !create_empty_fragment) | ||
657 | return 0; | ||
658 | |||
659 | wr= &(s->s3->wrec); | ||
660 | sess=s->session; | ||
661 | |||
662 | if ( (sess == NULL) || | ||
663 | (s->enc_write_ctx == NULL) || | ||
664 | (EVP_MD_CTX_md(s->write_hash) == NULL)) | ||
665 | clear=1; | ||
666 | |||
667 | if (clear) | ||
668 | mac_size=0; | ||
669 | else | ||
670 | { | ||
671 | mac_size=EVP_MD_CTX_size(s->write_hash); | ||
672 | if (mac_size < 0) | ||
673 | goto err; | ||
674 | } | ||
675 | |||
676 | /* 'create_empty_fragment' is true only when this function calls itself */ | ||
677 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) | ||
678 | { | ||
679 | /* countermeasure against known-IV weakness in CBC ciphersuites | ||
680 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | ||
681 | |||
682 | if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) | ||
683 | { | ||
684 | /* recursive function call with 'create_empty_fragment' set; | ||
685 | * this prepares and buffers the data for an empty fragment | ||
686 | * (these 'prefix_len' bytes are sent out later | ||
687 | * together with the actual payload) */ | ||
688 | prefix_len = do_ssl3_write(s, type, buf, 0, 1); | ||
689 | if (prefix_len <= 0) | ||
690 | goto err; | ||
691 | |||
692 | if (prefix_len > | ||
693 | (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) | ||
694 | { | ||
695 | /* insufficient space */ | ||
696 | SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); | ||
697 | goto err; | ||
698 | } | ||
699 | } | ||
700 | |||
701 | s->s3->empty_fragment_done = 1; | ||
702 | } | ||
703 | |||
704 | if (create_empty_fragment) | ||
705 | { | ||
706 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | ||
707 | /* extra fragment would be couple of cipher blocks, | ||
708 | * which would be multiple of SSL3_ALIGN_PAYLOAD, so | ||
709 | * if we want to align the real payload, then we can | ||
710 | * just pretent we simply have two headers. */ | ||
711 | align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; | ||
712 | align = (-align)&(SSL3_ALIGN_PAYLOAD-1); | ||
713 | #endif | ||
714 | p = wb->buf + align; | ||
715 | wb->offset = align; | ||
716 | } | ||
717 | else if (prefix_len) | ||
718 | { | ||
719 | p = wb->buf + wb->offset + prefix_len; | ||
720 | } | ||
721 | else | ||
722 | { | ||
723 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | ||
724 | align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; | ||
725 | align = (-align)&(SSL3_ALIGN_PAYLOAD-1); | ||
726 | #endif | ||
727 | p = wb->buf + align; | ||
728 | wb->offset = align; | ||
729 | } | ||
730 | |||
731 | /* write the header */ | ||
732 | |||
733 | *(p++)=type&0xff; | ||
734 | wr->type=type; | ||
735 | |||
736 | *(p++)=(s->version>>8); | ||
737 | *(p++)=s->version&0xff; | ||
738 | |||
739 | /* field where we are to write out packet length */ | ||
740 | plen=p; | ||
741 | p+=2; | ||
742 | |||
743 | /* lets setup the record stuff. */ | ||
744 | wr->data=p; | ||
745 | wr->length=(int)len; | ||
746 | wr->input=(unsigned char *)buf; | ||
747 | |||
748 | /* we now 'read' from wr->input, wr->length bytes into | ||
749 | * wr->data */ | ||
750 | |||
751 | /* first we compress */ | ||
752 | if (s->compress != NULL) | ||
753 | { | ||
754 | if (!ssl3_do_compress(s)) | ||
755 | { | ||
756 | SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); | ||
757 | goto err; | ||
758 | } | ||
759 | } | ||
760 | else | ||
761 | { | ||
762 | memcpy(wr->data,wr->input,wr->length); | ||
763 | wr->input=wr->data; | ||
764 | } | ||
765 | |||
766 | /* we should still have the output to wr->data and the input | ||
767 | * from wr->input. Length should be wr->length. | ||
768 | * wr->data still points in the wb->buf */ | ||
769 | |||
770 | if (mac_size != 0) | ||
771 | { | ||
772 | if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0) | ||
773 | goto err; | ||
774 | wr->length+=mac_size; | ||
775 | wr->input=p; | ||
776 | wr->data=p; | ||
777 | } | ||
778 | |||
779 | /* ssl3_enc can only have an error on read */ | ||
780 | s->method->ssl3_enc->enc(s,1); | ||
781 | |||
782 | /* record length after mac and block padding */ | ||
783 | s2n(wr->length,plen); | ||
784 | |||
785 | /* we should now have | ||
786 | * wr->data pointing to the encrypted data, which is | ||
787 | * wr->length long */ | ||
788 | wr->type=type; /* not needed but helps for debugging */ | ||
789 | wr->length+=SSL3_RT_HEADER_LENGTH; | ||
790 | |||
791 | if (create_empty_fragment) | ||
792 | { | ||
793 | /* we are in a recursive call; | ||
794 | * just return the length, don't write out anything here | ||
795 | */ | ||
796 | return wr->length; | ||
797 | } | ||
798 | |||
799 | /* now let's set up wb */ | ||
800 | wb->left = prefix_len + wr->length; | ||
801 | |||
802 | /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ | ||
803 | s->s3->wpend_tot=len; | ||
804 | s->s3->wpend_buf=buf; | ||
805 | s->s3->wpend_type=type; | ||
806 | s->s3->wpend_ret=len; | ||
807 | |||
808 | /* we now just need to write the buffer */ | ||
809 | return ssl3_write_pending(s,type,buf,len); | ||
810 | err: | ||
811 | return -1; | ||
812 | } | ||
813 | |||
814 | /* if s->s3->wbuf.left != 0, we need to call this */ | ||
815 | int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | ||
816 | unsigned int len) | ||
817 | { | ||
818 | int i; | ||
819 | SSL3_BUFFER *wb=&(s->s3->wbuf); | ||
820 | |||
821 | /* XXXX */ | ||
822 | if ((s->s3->wpend_tot > (int)len) | ||
823 | || ((s->s3->wpend_buf != buf) && | ||
824 | !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) | ||
825 | || (s->s3->wpend_type != type)) | ||
826 | { | ||
827 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); | ||
828 | return(-1); | ||
829 | } | ||
830 | |||
831 | for (;;) | ||
832 | { | ||
833 | clear_sys_error(); | ||
834 | if (s->wbio != NULL) | ||
835 | { | ||
836 | s->rwstate=SSL_WRITING; | ||
837 | i=BIO_write(s->wbio, | ||
838 | (char *)&(wb->buf[wb->offset]), | ||
839 | (unsigned int)wb->left); | ||
840 | } | ||
841 | else | ||
842 | { | ||
843 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); | ||
844 | i= -1; | ||
845 | } | ||
846 | if (i == wb->left) | ||
847 | { | ||
848 | wb->left=0; | ||
849 | wb->offset+=i; | ||
850 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | ||
851 | SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) | ||
852 | ssl3_release_write_buffer(s); | ||
853 | s->rwstate=SSL_NOTHING; | ||
854 | return(s->s3->wpend_ret); | ||
855 | } | ||
856 | else if (i <= 0) { | ||
857 | if (s->version == DTLS1_VERSION || | ||
858 | s->version == DTLS1_BAD_VER) { | ||
859 | /* For DTLS, just drop it. That's kind of the whole | ||
860 | point in using a datagram service */ | ||
861 | wb->left = 0; | ||
862 | } | ||
863 | return(i); | ||
864 | } | ||
865 | wb->offset+=i; | ||
866 | wb->left-=i; | ||
867 | } | ||
868 | } | ||
869 | |||
870 | /* Return up to 'len' payload bytes received in 'type' records. | ||
871 | * 'type' is one of the following: | ||
872 | * | ||
873 | * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | ||
874 | * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) | ||
875 | * - 0 (during a shutdown, no data has to be returned) | ||
876 | * | ||
877 | * If we don't have stored data to work from, read a SSL/TLS record first | ||
878 | * (possibly multiple records if we still don't have anything to return). | ||
879 | * | ||
880 | * This function must handle any surprises the peer may have for us, such as | ||
881 | * Alert records (e.g. close_notify), ChangeCipherSpec records (not really | ||
882 | * a surprise, but handled as if it were), or renegotiation requests. | ||
883 | * Also if record payloads contain fragments too small to process, we store | ||
884 | * them until there is enough for the respective protocol (the record protocol | ||
885 | * may use arbitrary fragmentation and even interleaving): | ||
886 | * Change cipher spec protocol | ||
887 | * just 1 byte needed, no need for keeping anything stored | ||
888 | * Alert protocol | ||
889 | * 2 bytes needed (AlertLevel, AlertDescription) | ||
890 | * Handshake protocol | ||
891 | * 4 bytes needed (HandshakeType, uint24 length) -- we just have | ||
892 | * to detect unexpected Client Hello and Hello Request messages | ||
893 | * here, anything else is handled by higher layers | ||
894 | * Application data protocol | ||
895 | * none of our business | ||
896 | */ | ||
897 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | ||
898 | { | ||
899 | int al,i,j,ret; | ||
900 | unsigned int n; | ||
901 | SSL3_RECORD *rr; | ||
902 | void (*cb)(const SSL *ssl,int type2,int val)=NULL; | ||
903 | |||
904 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | ||
905 | if (!ssl3_setup_read_buffer(s)) | ||
906 | return(-1); | ||
907 | |||
908 | if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || | ||
909 | (peek && (type != SSL3_RT_APPLICATION_DATA))) | ||
910 | { | ||
911 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
912 | return -1; | ||
913 | } | ||
914 | |||
915 | if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) | ||
916 | /* (partially) satisfy request from storage */ | ||
917 | { | ||
918 | unsigned char *src = s->s3->handshake_fragment; | ||
919 | unsigned char *dst = buf; | ||
920 | unsigned int k; | ||
921 | |||
922 | /* peek == 0 */ | ||
923 | n = 0; | ||
924 | while ((len > 0) && (s->s3->handshake_fragment_len > 0)) | ||
925 | { | ||
926 | *dst++ = *src++; | ||
927 | len--; s->s3->handshake_fragment_len--; | ||
928 | n++; | ||
929 | } | ||
930 | /* move any remaining fragment bytes: */ | ||
931 | for (k = 0; k < s->s3->handshake_fragment_len; k++) | ||
932 | s->s3->handshake_fragment[k] = *src++; | ||
933 | return n; | ||
934 | } | ||
935 | |||
936 | /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ | ||
937 | |||
938 | if (!s->in_handshake && SSL_in_init(s)) | ||
939 | { | ||
940 | /* type == SSL3_RT_APPLICATION_DATA */ | ||
941 | i=s->handshake_func(s); | ||
942 | if (i < 0) return(i); | ||
943 | if (i == 0) | ||
944 | { | ||
945 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
946 | return(-1); | ||
947 | } | ||
948 | } | ||
949 | start: | ||
950 | s->rwstate=SSL_NOTHING; | ||
951 | |||
952 | /* s->s3->rrec.type - is the type of record | ||
953 | * s->s3->rrec.data, - data | ||
954 | * s->s3->rrec.off, - offset into 'data' for next read | ||
955 | * s->s3->rrec.length, - number of bytes. */ | ||
956 | rr = &(s->s3->rrec); | ||
957 | |||
958 | /* get new packet if necessary */ | ||
959 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) | ||
960 | { | ||
961 | ret=ssl3_get_record(s); | ||
962 | if (ret <= 0) return(ret); | ||
963 | } | ||
964 | |||
965 | /* we now have a packet which can be read and processed */ | ||
966 | |||
967 | if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, | ||
968 | * reset by ssl3_get_finished */ | ||
969 | && (rr->type != SSL3_RT_HANDSHAKE)) | ||
970 | { | ||
971 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
972 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | ||
973 | goto f_err; | ||
974 | } | ||
975 | |||
976 | /* If the other end has shut down, throw anything we read away | ||
977 | * (even in 'peek' mode) */ | ||
978 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | ||
979 | { | ||
980 | rr->length=0; | ||
981 | s->rwstate=SSL_NOTHING; | ||
982 | return(0); | ||
983 | } | ||
984 | |||
985 | |||
986 | if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ | ||
987 | { | ||
988 | /* make sure that we are not getting application data when we | ||
989 | * are doing a handshake for the first time */ | ||
990 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | ||
991 | (s->enc_read_ctx == NULL)) | ||
992 | { | ||
993 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
994 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); | ||
995 | goto f_err; | ||
996 | } | ||
997 | |||
998 | if (len <= 0) return(len); | ||
999 | |||
1000 | if ((unsigned int)len > rr->length) | ||
1001 | n = rr->length; | ||
1002 | else | ||
1003 | n = (unsigned int)len; | ||
1004 | |||
1005 | memcpy(buf,&(rr->data[rr->off]),n); | ||
1006 | if (!peek) | ||
1007 | { | ||
1008 | rr->length-=n; | ||
1009 | rr->off+=n; | ||
1010 | if (rr->length == 0) | ||
1011 | { | ||
1012 | s->rstate=SSL_ST_READ_HEADER; | ||
1013 | rr->off=0; | ||
1014 | if (s->mode & SSL_MODE_RELEASE_BUFFERS) | ||
1015 | ssl3_release_read_buffer(s); | ||
1016 | } | ||
1017 | } | ||
1018 | return(n); | ||
1019 | } | ||
1020 | |||
1021 | |||
1022 | /* If we get here, then type != rr->type; if we have a handshake | ||
1023 | * message, then it was unexpected (Hello Request or Client Hello). */ | ||
1024 | |||
1025 | /* In case of record types for which we have 'fragment' storage, | ||
1026 | * fill that so that we can process the data at a fixed place. | ||
1027 | */ | ||
1028 | { | ||
1029 | unsigned int dest_maxlen = 0; | ||
1030 | unsigned char *dest = NULL; | ||
1031 | unsigned int *dest_len = NULL; | ||
1032 | |||
1033 | if (rr->type == SSL3_RT_HANDSHAKE) | ||
1034 | { | ||
1035 | dest_maxlen = sizeof s->s3->handshake_fragment; | ||
1036 | dest = s->s3->handshake_fragment; | ||
1037 | dest_len = &s->s3->handshake_fragment_len; | ||
1038 | } | ||
1039 | else if (rr->type == SSL3_RT_ALERT) | ||
1040 | { | ||
1041 | dest_maxlen = sizeof s->s3->alert_fragment; | ||
1042 | dest = s->s3->alert_fragment; | ||
1043 | dest_len = &s->s3->alert_fragment_len; | ||
1044 | } | ||
1045 | |||
1046 | if (dest_maxlen > 0) | ||
1047 | { | ||
1048 | n = dest_maxlen - *dest_len; /* available space in 'dest' */ | ||
1049 | if (rr->length < n) | ||
1050 | n = rr->length; /* available bytes */ | ||
1051 | |||
1052 | /* now move 'n' bytes: */ | ||
1053 | while (n-- > 0) | ||
1054 | { | ||
1055 | dest[(*dest_len)++] = rr->data[rr->off++]; | ||
1056 | rr->length--; | ||
1057 | } | ||
1058 | |||
1059 | if (*dest_len < dest_maxlen) | ||
1060 | goto start; /* fragment was too small */ | ||
1061 | } | ||
1062 | } | ||
1063 | |||
1064 | /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; | ||
1065 | * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. | ||
1066 | * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ | ||
1067 | |||
1068 | /* If we are a client, check for an incoming 'Hello Request': */ | ||
1069 | if ((!s->server) && | ||
1070 | (s->s3->handshake_fragment_len >= 4) && | ||
1071 | (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && | ||
1072 | (s->session != NULL) && (s->session->cipher != NULL)) | ||
1073 | { | ||
1074 | s->s3->handshake_fragment_len = 0; | ||
1075 | |||
1076 | if ((s->s3->handshake_fragment[1] != 0) || | ||
1077 | (s->s3->handshake_fragment[2] != 0) || | ||
1078 | (s->s3->handshake_fragment[3] != 0)) | ||
1079 | { | ||
1080 | al=SSL_AD_DECODE_ERROR; | ||
1081 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); | ||
1082 | goto f_err; | ||
1083 | } | ||
1084 | |||
1085 | if (s->msg_callback) | ||
1086 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); | ||
1087 | |||
1088 | if (SSL_is_init_finished(s) && | ||
1089 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | ||
1090 | !s->s3->renegotiate) | ||
1091 | { | ||
1092 | ssl3_renegotiate(s); | ||
1093 | if (ssl3_renegotiate_check(s)) | ||
1094 | { | ||
1095 | i=s->handshake_func(s); | ||
1096 | if (i < 0) return(i); | ||
1097 | if (i == 0) | ||
1098 | { | ||
1099 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
1100 | return(-1); | ||
1101 | } | ||
1102 | |||
1103 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) | ||
1104 | { | ||
1105 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ | ||
1106 | { | ||
1107 | BIO *bio; | ||
1108 | /* In the case where we try to read application data, | ||
1109 | * but we trigger an SSL handshake, we return -1 with | ||
1110 | * the retry option set. Otherwise renegotiation may | ||
1111 | * cause nasty problems in the blocking world */ | ||
1112 | s->rwstate=SSL_READING; | ||
1113 | bio=SSL_get_rbio(s); | ||
1114 | BIO_clear_retry_flags(bio); | ||
1115 | BIO_set_retry_read(bio); | ||
1116 | return(-1); | ||
1117 | } | ||
1118 | } | ||
1119 | } | ||
1120 | } | ||
1121 | /* we either finished a handshake or ignored the request, | ||
1122 | * now try again to obtain the (application) data we were asked for */ | ||
1123 | goto start; | ||
1124 | } | ||
1125 | /* If we are a server and get a client hello when renegotiation isn't | ||
1126 | * allowed send back a no renegotiation alert and carry on. | ||
1127 | * WARNING: experimental code, needs reviewing (steve) | ||
1128 | */ | ||
1129 | if (s->server && | ||
1130 | SSL_is_init_finished(s) && | ||
1131 | !s->s3->send_connection_binding && | ||
1132 | (s->version > SSL3_VERSION) && | ||
1133 | (s->s3->handshake_fragment_len >= 4) && | ||
1134 | (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && | ||
1135 | (s->session != NULL) && (s->session->cipher != NULL) && | ||
1136 | !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
1137 | |||
1138 | { | ||
1139 | /*s->s3->handshake_fragment_len = 0;*/ | ||
1140 | rr->length = 0; | ||
1141 | ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); | ||
1142 | goto start; | ||
1143 | } | ||
1144 | if (s->s3->alert_fragment_len >= 2) | ||
1145 | { | ||
1146 | int alert_level = s->s3->alert_fragment[0]; | ||
1147 | int alert_descr = s->s3->alert_fragment[1]; | ||
1148 | |||
1149 | s->s3->alert_fragment_len = 0; | ||
1150 | |||
1151 | if (s->msg_callback) | ||
1152 | s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); | ||
1153 | |||
1154 | if (s->info_callback != NULL) | ||
1155 | cb=s->info_callback; | ||
1156 | else if (s->ctx->info_callback != NULL) | ||
1157 | cb=s->ctx->info_callback; | ||
1158 | |||
1159 | if (cb != NULL) | ||
1160 | { | ||
1161 | j = (alert_level << 8) | alert_descr; | ||
1162 | cb(s, SSL_CB_READ_ALERT, j); | ||
1163 | } | ||
1164 | |||
1165 | if (alert_level == 1) /* warning */ | ||
1166 | { | ||
1167 | s->s3->warn_alert = alert_descr; | ||
1168 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) | ||
1169 | { | ||
1170 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | ||
1171 | return(0); | ||
1172 | } | ||
1173 | /* This is a warning but we receive it if we requested | ||
1174 | * renegotiation and the peer denied it. Terminate with | ||
1175 | * a fatal alert because if application tried to | ||
1176 | * renegotiatie it presumably had a good reason and | ||
1177 | * expects it to succeed. | ||
1178 | * | ||
1179 | * In future we might have a renegotiation where we | ||
1180 | * don't care if the peer refused it where we carry on. | ||
1181 | */ | ||
1182 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) | ||
1183 | { | ||
1184 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
1185 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); | ||
1186 | goto f_err; | ||
1187 | } | ||
1188 | } | ||
1189 | else if (alert_level == 2) /* fatal */ | ||
1190 | { | ||
1191 | char tmp[16]; | ||
1192 | |||
1193 | s->rwstate=SSL_NOTHING; | ||
1194 | s->s3->fatal_alert = alert_descr; | ||
1195 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | ||
1196 | BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); | ||
1197 | ERR_add_error_data(2,"SSL alert number ",tmp); | ||
1198 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | ||
1199 | SSL_CTX_remove_session(s->ctx,s->session); | ||
1200 | return(0); | ||
1201 | } | ||
1202 | else | ||
1203 | { | ||
1204 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
1205 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); | ||
1206 | goto f_err; | ||
1207 | } | ||
1208 | |||
1209 | goto start; | ||
1210 | } | ||
1211 | |||
1212 | if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ | ||
1213 | { | ||
1214 | s->rwstate=SSL_NOTHING; | ||
1215 | rr->length=0; | ||
1216 | return(0); | ||
1217 | } | ||
1218 | |||
1219 | if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) | ||
1220 | { | ||
1221 | /* 'Change Cipher Spec' is just a single byte, so we know | ||
1222 | * exactly what the record payload has to look like */ | ||
1223 | if ( (rr->length != 1) || (rr->off != 0) || | ||
1224 | (rr->data[0] != SSL3_MT_CCS)) | ||
1225 | { | ||
1226 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
1227 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); | ||
1228 | goto f_err; | ||
1229 | } | ||
1230 | |||
1231 | /* Check we have a cipher to change to */ | ||
1232 | if (s->s3->tmp.new_cipher == NULL) | ||
1233 | { | ||
1234 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1235 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); | ||
1236 | goto f_err; | ||
1237 | } | ||
1238 | |||
1239 | rr->length=0; | ||
1240 | |||
1241 | if (s->msg_callback) | ||
1242 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); | ||
1243 | |||
1244 | s->s3->change_cipher_spec=1; | ||
1245 | if (!ssl3_do_change_cipher_spec(s)) | ||
1246 | goto err; | ||
1247 | else | ||
1248 | goto start; | ||
1249 | } | ||
1250 | |||
1251 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | ||
1252 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) | ||
1253 | { | ||
1254 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | ||
1255 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | ||
1256 | { | ||
1257 | #if 0 /* worked only because C operator preferences are not as expected (and | ||
1258 | * because this is not really needed for clients except for detecting | ||
1259 | * protocol violations): */ | ||
1260 | s->state=SSL_ST_BEFORE|(s->server) | ||
1261 | ?SSL_ST_ACCEPT | ||
1262 | :SSL_ST_CONNECT; | ||
1263 | #else | ||
1264 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | ||
1265 | #endif | ||
1266 | s->new_session=1; | ||
1267 | } | ||
1268 | i=s->handshake_func(s); | ||
1269 | if (i < 0) return(i); | ||
1270 | if (i == 0) | ||
1271 | { | ||
1272 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
1273 | return(-1); | ||
1274 | } | ||
1275 | |||
1276 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) | ||
1277 | { | ||
1278 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ | ||
1279 | { | ||
1280 | BIO *bio; | ||
1281 | /* In the case where we try to read application data, | ||
1282 | * but we trigger an SSL handshake, we return -1 with | ||
1283 | * the retry option set. Otherwise renegotiation may | ||
1284 | * cause nasty problems in the blocking world */ | ||
1285 | s->rwstate=SSL_READING; | ||
1286 | bio=SSL_get_rbio(s); | ||
1287 | BIO_clear_retry_flags(bio); | ||
1288 | BIO_set_retry_read(bio); | ||
1289 | return(-1); | ||
1290 | } | ||
1291 | } | ||
1292 | goto start; | ||
1293 | } | ||
1294 | |||
1295 | switch (rr->type) | ||
1296 | { | ||
1297 | default: | ||
1298 | #ifndef OPENSSL_NO_TLS | ||
1299 | /* TLS just ignores unknown message types */ | ||
1300 | if (s->version == TLS1_VERSION) | ||
1301 | { | ||
1302 | rr->length = 0; | ||
1303 | goto start; | ||
1304 | } | ||
1305 | #endif | ||
1306 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1307 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
1308 | goto f_err; | ||
1309 | case SSL3_RT_CHANGE_CIPHER_SPEC: | ||
1310 | case SSL3_RT_ALERT: | ||
1311 | case SSL3_RT_HANDSHAKE: | ||
1312 | /* we already handled all of these, with the possible exception | ||
1313 | * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that | ||
1314 | * should not happen when type != rr->type */ | ||
1315 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1316 | SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); | ||
1317 | goto f_err; | ||
1318 | case SSL3_RT_APPLICATION_DATA: | ||
1319 | /* At this point, we were expecting handshake data, | ||
1320 | * but have application data. If the library was | ||
1321 | * running inside ssl3_read() (i.e. in_read_app_data | ||
1322 | * is set) and it makes sense to read application data | ||
1323 | * at this point (session renegotiation not yet started), | ||
1324 | * we will indulge it. | ||
1325 | */ | ||
1326 | if (s->s3->in_read_app_data && | ||
1327 | (s->s3->total_renegotiations != 0) && | ||
1328 | (( | ||
1329 | (s->state & SSL_ST_CONNECT) && | ||
1330 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | ||
1331 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A) | ||
1332 | ) || ( | ||
1333 | (s->state & SSL_ST_ACCEPT) && | ||
1334 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | ||
1335 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A) | ||
1336 | ) | ||
1337 | )) | ||
1338 | { | ||
1339 | s->s3->in_read_app_data=2; | ||
1340 | return(-1); | ||
1341 | } | ||
1342 | else | ||
1343 | { | ||
1344 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
1345 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
1346 | goto f_err; | ||
1347 | } | ||
1348 | } | ||
1349 | /* not reached */ | ||
1350 | |||
1351 | f_err: | ||
1352 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1353 | err: | ||
1354 | return(-1); | ||
1355 | } | ||
1356 | |||
1357 | int ssl3_do_change_cipher_spec(SSL *s) | ||
1358 | { | ||
1359 | int i; | ||
1360 | const char *sender; | ||
1361 | int slen; | ||
1362 | |||
1363 | if (s->state & SSL_ST_ACCEPT) | ||
1364 | i=SSL3_CHANGE_CIPHER_SERVER_READ; | ||
1365 | else | ||
1366 | i=SSL3_CHANGE_CIPHER_CLIENT_READ; | ||
1367 | |||
1368 | if (s->s3->tmp.key_block == NULL) | ||
1369 | { | ||
1370 | if (s->session == NULL) | ||
1371 | { | ||
1372 | /* might happen if dtls1_read_bytes() calls this */ | ||
1373 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); | ||
1374 | return (0); | ||
1375 | } | ||
1376 | |||
1377 | s->session->cipher=s->s3->tmp.new_cipher; | ||
1378 | if (!s->method->ssl3_enc->setup_key_block(s)) return(0); | ||
1379 | } | ||
1380 | |||
1381 | if (!s->method->ssl3_enc->change_cipher_state(s,i)) | ||
1382 | return(0); | ||
1383 | |||
1384 | /* we have to record the message digest at | ||
1385 | * this point so we can get it before we read | ||
1386 | * the finished message */ | ||
1387 | if (s->state & SSL_ST_CONNECT) | ||
1388 | { | ||
1389 | sender=s->method->ssl3_enc->server_finished_label; | ||
1390 | slen=s->method->ssl3_enc->server_finished_label_len; | ||
1391 | } | ||
1392 | else | ||
1393 | { | ||
1394 | sender=s->method->ssl3_enc->client_finished_label; | ||
1395 | slen=s->method->ssl3_enc->client_finished_label_len; | ||
1396 | } | ||
1397 | |||
1398 | s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | ||
1399 | sender,slen,s->s3->tmp.peer_finish_md); | ||
1400 | |||
1401 | return(1); | ||
1402 | } | ||
1403 | |||
1404 | int ssl3_send_alert(SSL *s, int level, int desc) | ||
1405 | { | ||
1406 | /* Map tls/ssl alert value to correct one */ | ||
1407 | desc=s->method->ssl3_enc->alert_value(desc); | ||
1408 | if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) | ||
1409 | desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ | ||
1410 | if (desc < 0) return -1; | ||
1411 | /* If a fatal one, remove from cache */ | ||
1412 | if ((level == 2) && (s->session != NULL)) | ||
1413 | SSL_CTX_remove_session(s->ctx,s->session); | ||
1414 | |||
1415 | s->s3->alert_dispatch=1; | ||
1416 | s->s3->send_alert[0]=level; | ||
1417 | s->s3->send_alert[1]=desc; | ||
1418 | if (s->s3->wbuf.left == 0) /* data still being written out? */ | ||
1419 | return s->method->ssl_dispatch_alert(s); | ||
1420 | /* else data is still being written out, we will get written | ||
1421 | * some time in the future */ | ||
1422 | return -1; | ||
1423 | } | ||
1424 | |||
1425 | int ssl3_dispatch_alert(SSL *s) | ||
1426 | { | ||
1427 | int i,j; | ||
1428 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
1429 | |||
1430 | s->s3->alert_dispatch=0; | ||
1431 | i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); | ||
1432 | if (i <= 0) | ||
1433 | { | ||
1434 | s->s3->alert_dispatch=1; | ||
1435 | } | ||
1436 | else | ||
1437 | { | ||
1438 | /* Alert sent to BIO. If it is important, flush it now. | ||
1439 | * If the message does not get sent due to non-blocking IO, | ||
1440 | * we will not worry too much. */ | ||
1441 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) | ||
1442 | (void)BIO_flush(s->wbio); | ||
1443 | |||
1444 | if (s->msg_callback) | ||
1445 | s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); | ||
1446 | |||
1447 | if (s->info_callback != NULL) | ||
1448 | cb=s->info_callback; | ||
1449 | else if (s->ctx->info_callback != NULL) | ||
1450 | cb=s->ctx->info_callback; | ||
1451 | |||
1452 | if (cb != NULL) | ||
1453 | { | ||
1454 | j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; | ||
1455 | cb(s,SSL_CB_WRITE_ALERT,j); | ||
1456 | } | ||
1457 | } | ||
1458 | return(i); | ||
1459 | } | ||
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c deleted file mode 100644 index d734c359fb..0000000000 --- a/src/lib/libssl/s3_srvr.c +++ /dev/null | |||
@@ -1,3212 +0,0 @@ | |||
1 | /* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * | ||
114 | * Portions of the attached software ("Contribution") are developed by | ||
115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
116 | * | ||
117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
118 | * license provided above. | ||
119 | * | ||
120 | * ECC cipher suite support in OpenSSL originally written by | ||
121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
122 | * | ||
123 | */ | ||
124 | /* ==================================================================== | ||
125 | * Copyright 2005 Nokia. All rights reserved. | ||
126 | * | ||
127 | * The portions of the attached software ("Contribution") is developed by | ||
128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
129 | * license. | ||
130 | * | ||
131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
133 | * support (see RFC 4279) to OpenSSL. | ||
134 | * | ||
135 | * No patent licenses or other rights except those expressly stated in | ||
136 | * the OpenSSL open source license shall be deemed granted or received | ||
137 | * expressly, by implication, estoppel, or otherwise. | ||
138 | * | ||
139 | * No assurances are provided by Nokia that the Contribution does not | ||
140 | * infringe the patent or other intellectual property rights of any third | ||
141 | * party or that the license provides you with all the necessary rights | ||
142 | * to make use of the Contribution. | ||
143 | * | ||
144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
148 | * OTHERWISE. | ||
149 | */ | ||
150 | |||
151 | #define REUSE_CIPHER_BUG | ||
152 | #define NETSCAPE_HANG_BUG | ||
153 | |||
154 | #include <stdio.h> | ||
155 | #include "ssl_locl.h" | ||
156 | #include "kssl_lcl.h" | ||
157 | #include <openssl/buffer.h> | ||
158 | #include <openssl/rand.h> | ||
159 | #include <openssl/objects.h> | ||
160 | #include <openssl/evp.h> | ||
161 | #include <openssl/hmac.h> | ||
162 | #include <openssl/x509.h> | ||
163 | #ifndef OPENSSL_NO_DH | ||
164 | #include <openssl/dh.h> | ||
165 | #endif | ||
166 | #include <openssl/bn.h> | ||
167 | #ifndef OPENSSL_NO_KRB5 | ||
168 | #include <openssl/krb5_asn.h> | ||
169 | #endif | ||
170 | #include <openssl/md5.h> | ||
171 | |||
172 | static const SSL_METHOD *ssl3_get_server_method(int ver); | ||
173 | |||
174 | static const SSL_METHOD *ssl3_get_server_method(int ver) | ||
175 | { | ||
176 | if (ver == SSL3_VERSION) | ||
177 | return(SSLv3_server_method()); | ||
178 | else | ||
179 | return(NULL); | ||
180 | } | ||
181 | |||
182 | IMPLEMENT_ssl3_meth_func(SSLv3_server_method, | ||
183 | ssl3_accept, | ||
184 | ssl_undefined_function, | ||
185 | ssl3_get_server_method) | ||
186 | |||
187 | int ssl3_accept(SSL *s) | ||
188 | { | ||
189 | BUF_MEM *buf; | ||
190 | unsigned long alg_k,Time=(unsigned long)time(NULL); | ||
191 | void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||
192 | int ret= -1; | ||
193 | int new_state,state,skip=0; | ||
194 | |||
195 | RAND_add(&Time,sizeof(Time),0); | ||
196 | ERR_clear_error(); | ||
197 | clear_sys_error(); | ||
198 | |||
199 | if (s->info_callback != NULL) | ||
200 | cb=s->info_callback; | ||
201 | else if (s->ctx->info_callback != NULL) | ||
202 | cb=s->ctx->info_callback; | ||
203 | |||
204 | /* init things to blank */ | ||
205 | s->in_handshake++; | ||
206 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
207 | |||
208 | if (s->cert == NULL) | ||
209 | { | ||
210 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); | ||
211 | return(-1); | ||
212 | } | ||
213 | |||
214 | for (;;) | ||
215 | { | ||
216 | state=s->state; | ||
217 | |||
218 | switch (s->state) | ||
219 | { | ||
220 | case SSL_ST_RENEGOTIATE: | ||
221 | s->new_session=1; | ||
222 | /* s->state=SSL_ST_ACCEPT; */ | ||
223 | |||
224 | case SSL_ST_BEFORE: | ||
225 | case SSL_ST_ACCEPT: | ||
226 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
227 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
228 | |||
229 | s->server=1; | ||
230 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | ||
231 | |||
232 | if ((s->version>>8) != 3) | ||
233 | { | ||
234 | SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); | ||
235 | return -1; | ||
236 | } | ||
237 | s->type=SSL_ST_ACCEPT; | ||
238 | |||
239 | if (s->init_buf == NULL) | ||
240 | { | ||
241 | if ((buf=BUF_MEM_new()) == NULL) | ||
242 | { | ||
243 | ret= -1; | ||
244 | goto end; | ||
245 | } | ||
246 | if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) | ||
247 | { | ||
248 | ret= -1; | ||
249 | goto end; | ||
250 | } | ||
251 | s->init_buf=buf; | ||
252 | } | ||
253 | |||
254 | if (!ssl3_setup_buffers(s)) | ||
255 | { | ||
256 | ret= -1; | ||
257 | goto end; | ||
258 | } | ||
259 | |||
260 | s->init_num=0; | ||
261 | s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; | ||
262 | |||
263 | if (s->state != SSL_ST_RENEGOTIATE) | ||
264 | { | ||
265 | /* Ok, we now need to push on a buffering BIO so that | ||
266 | * the output is sent in a way that TCP likes :-) | ||
267 | */ | ||
268 | if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } | ||
269 | |||
270 | ssl3_init_finished_mac(s); | ||
271 | s->state=SSL3_ST_SR_CLNT_HELLO_A; | ||
272 | s->ctx->stats.sess_accept++; | ||
273 | } | ||
274 | else if (!s->s3->send_connection_binding && | ||
275 | !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
276 | { | ||
277 | /* Server attempting to renegotiate with | ||
278 | * client that doesn't support secure | ||
279 | * renegotiation. | ||
280 | */ | ||
281 | SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | ||
282 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | ||
283 | ret = -1; | ||
284 | goto end; | ||
285 | } | ||
286 | else | ||
287 | { | ||
288 | /* s->state == SSL_ST_RENEGOTIATE, | ||
289 | * we will just send a HelloRequest */ | ||
290 | s->ctx->stats.sess_accept_renegotiate++; | ||
291 | s->state=SSL3_ST_SW_HELLO_REQ_A; | ||
292 | } | ||
293 | break; | ||
294 | |||
295 | case SSL3_ST_SW_HELLO_REQ_A: | ||
296 | case SSL3_ST_SW_HELLO_REQ_B: | ||
297 | |||
298 | s->shutdown=0; | ||
299 | ret=ssl3_send_hello_request(s); | ||
300 | if (ret <= 0) goto end; | ||
301 | s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; | ||
302 | s->state=SSL3_ST_SW_FLUSH; | ||
303 | s->init_num=0; | ||
304 | |||
305 | ssl3_init_finished_mac(s); | ||
306 | break; | ||
307 | |||
308 | case SSL3_ST_SW_HELLO_REQ_C: | ||
309 | s->state=SSL_ST_OK; | ||
310 | break; | ||
311 | |||
312 | case SSL3_ST_SR_CLNT_HELLO_A: | ||
313 | case SSL3_ST_SR_CLNT_HELLO_B: | ||
314 | case SSL3_ST_SR_CLNT_HELLO_C: | ||
315 | |||
316 | s->shutdown=0; | ||
317 | ret=ssl3_get_client_hello(s); | ||
318 | if (ret <= 0) goto end; | ||
319 | |||
320 | s->new_session = 2; | ||
321 | s->state=SSL3_ST_SW_SRVR_HELLO_A; | ||
322 | s->init_num=0; | ||
323 | break; | ||
324 | |||
325 | case SSL3_ST_SW_SRVR_HELLO_A: | ||
326 | case SSL3_ST_SW_SRVR_HELLO_B: | ||
327 | ret=ssl3_send_server_hello(s); | ||
328 | if (ret <= 0) goto end; | ||
329 | #ifndef OPENSSL_NO_TLSEXT | ||
330 | if (s->hit) | ||
331 | { | ||
332 | if (s->tlsext_ticket_expected) | ||
333 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
334 | else | ||
335 | s->state=SSL3_ST_SW_CHANGE_A; | ||
336 | } | ||
337 | #else | ||
338 | if (s->hit) | ||
339 | s->state=SSL3_ST_SW_CHANGE_A; | ||
340 | #endif | ||
341 | else | ||
342 | s->state=SSL3_ST_SW_CERT_A; | ||
343 | s->init_num=0; | ||
344 | break; | ||
345 | |||
346 | case SSL3_ST_SW_CERT_A: | ||
347 | case SSL3_ST_SW_CERT_B: | ||
348 | /* Check if it is anon DH or anon ECDH, */ | ||
349 | /* normal PSK or KRB5 */ | ||
350 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) | ||
351 | && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) | ||
352 | && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) | ||
353 | { | ||
354 | ret=ssl3_send_server_certificate(s); | ||
355 | if (ret <= 0) goto end; | ||
356 | #ifndef OPENSSL_NO_TLSEXT | ||
357 | if (s->tlsext_status_expected) | ||
358 | s->state=SSL3_ST_SW_CERT_STATUS_A; | ||
359 | else | ||
360 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
361 | } | ||
362 | else | ||
363 | { | ||
364 | skip = 1; | ||
365 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
366 | } | ||
367 | #else | ||
368 | } | ||
369 | else | ||
370 | skip=1; | ||
371 | |||
372 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
373 | #endif | ||
374 | s->init_num=0; | ||
375 | break; | ||
376 | |||
377 | case SSL3_ST_SW_KEY_EXCH_A: | ||
378 | case SSL3_ST_SW_KEY_EXCH_B: | ||
379 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
380 | |||
381 | /* clear this, it may get reset by | ||
382 | * send_server_key_exchange */ | ||
383 | if ((s->options & SSL_OP_EPHEMERAL_RSA) | ||
384 | #ifndef OPENSSL_NO_KRB5 | ||
385 | && !(alg_k & SSL_kKRB5) | ||
386 | #endif /* OPENSSL_NO_KRB5 */ | ||
387 | ) | ||
388 | /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key | ||
389 | * even when forbidden by protocol specs | ||
390 | * (handshake may fail as clients are not required to | ||
391 | * be able to handle this) */ | ||
392 | s->s3->tmp.use_rsa_tmp=1; | ||
393 | else | ||
394 | s->s3->tmp.use_rsa_tmp=0; | ||
395 | |||
396 | |||
397 | /* only send if a DH key exchange, fortezza or | ||
398 | * RSA but we have a sign only certificate | ||
399 | * | ||
400 | * PSK: may send PSK identity hints | ||
401 | * | ||
402 | * For ECC ciphersuites, we send a serverKeyExchange | ||
403 | * message only if the cipher suite is either | ||
404 | * ECDH-anon or ECDHE. In other cases, the | ||
405 | * server certificate contains the server's | ||
406 | * public key for key exchange. | ||
407 | */ | ||
408 | if (s->s3->tmp.use_rsa_tmp | ||
409 | /* PSK: send ServerKeyExchange if PSK identity | ||
410 | * hint if provided */ | ||
411 | #ifndef OPENSSL_NO_PSK | ||
412 | || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) | ||
413 | #endif | ||
414 | || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) | ||
415 | || (alg_k & SSL_kEECDH) | ||
416 | || ((alg_k & SSL_kRSA) | ||
417 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL | ||
418 | || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) | ||
419 | && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) | ||
420 | ) | ||
421 | ) | ||
422 | ) | ||
423 | ) | ||
424 | { | ||
425 | ret=ssl3_send_server_key_exchange(s); | ||
426 | if (ret <= 0) goto end; | ||
427 | } | ||
428 | else | ||
429 | skip=1; | ||
430 | |||
431 | s->state=SSL3_ST_SW_CERT_REQ_A; | ||
432 | s->init_num=0; | ||
433 | break; | ||
434 | |||
435 | case SSL3_ST_SW_CERT_REQ_A: | ||
436 | case SSL3_ST_SW_CERT_REQ_B: | ||
437 | if (/* don't request cert unless asked for it: */ | ||
438 | !(s->verify_mode & SSL_VERIFY_PEER) || | ||
439 | /* if SSL_VERIFY_CLIENT_ONCE is set, | ||
440 | * don't request cert during re-negotiation: */ | ||
441 | ((s->session->peer != NULL) && | ||
442 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | ||
443 | /* never request cert in anonymous ciphersuites | ||
444 | * (see section "Certificate request" in SSL 3 drafts | ||
445 | * and in RFC 2246): */ | ||
446 | ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && | ||
447 | /* ... except when the application insists on verification | ||
448 | * (against the specs, but s3_clnt.c accepts this for SSL 3) */ | ||
449 | !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || | ||
450 | /* never request cert in Kerberos ciphersuites */ | ||
451 | (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) | ||
452 | /* With normal PSK Certificates and | ||
453 | * Certificate Requests are omitted */ | ||
454 | || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | ||
455 | { | ||
456 | /* no cert request */ | ||
457 | skip=1; | ||
458 | s->s3->tmp.cert_request=0; | ||
459 | s->state=SSL3_ST_SW_SRVR_DONE_A; | ||
460 | } | ||
461 | else | ||
462 | { | ||
463 | s->s3->tmp.cert_request=1; | ||
464 | ret=ssl3_send_certificate_request(s); | ||
465 | if (ret <= 0) goto end; | ||
466 | #ifndef NETSCAPE_HANG_BUG | ||
467 | s->state=SSL3_ST_SW_SRVR_DONE_A; | ||
468 | #else | ||
469 | s->state=SSL3_ST_SW_FLUSH; | ||
470 | s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; | ||
471 | #endif | ||
472 | s->init_num=0; | ||
473 | } | ||
474 | break; | ||
475 | |||
476 | case SSL3_ST_SW_SRVR_DONE_A: | ||
477 | case SSL3_ST_SW_SRVR_DONE_B: | ||
478 | ret=ssl3_send_server_done(s); | ||
479 | if (ret <= 0) goto end; | ||
480 | s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; | ||
481 | s->state=SSL3_ST_SW_FLUSH; | ||
482 | s->init_num=0; | ||
483 | break; | ||
484 | |||
485 | case SSL3_ST_SW_FLUSH: | ||
486 | |||
487 | /* This code originally checked to see if | ||
488 | * any data was pending using BIO_CTRL_INFO | ||
489 | * and then flushed. This caused problems | ||
490 | * as documented in PR#1939. The proposed | ||
491 | * fix doesn't completely resolve this issue | ||
492 | * as buggy implementations of BIO_CTRL_PENDING | ||
493 | * still exist. So instead we just flush | ||
494 | * unconditionally. | ||
495 | */ | ||
496 | |||
497 | s->rwstate=SSL_WRITING; | ||
498 | if (BIO_flush(s->wbio) <= 0) | ||
499 | { | ||
500 | ret= -1; | ||
501 | goto end; | ||
502 | } | ||
503 | s->rwstate=SSL_NOTHING; | ||
504 | |||
505 | s->state=s->s3->tmp.next_state; | ||
506 | break; | ||
507 | |||
508 | case SSL3_ST_SR_CERT_A: | ||
509 | case SSL3_ST_SR_CERT_B: | ||
510 | /* Check for second client hello (MS SGC) */ | ||
511 | ret = ssl3_check_client_hello(s); | ||
512 | if (ret <= 0) | ||
513 | goto end; | ||
514 | if (ret == 2) | ||
515 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | ||
516 | else { | ||
517 | if (s->s3->tmp.cert_request) | ||
518 | { | ||
519 | ret=ssl3_get_client_certificate(s); | ||
520 | if (ret <= 0) goto end; | ||
521 | } | ||
522 | s->init_num=0; | ||
523 | s->state=SSL3_ST_SR_KEY_EXCH_A; | ||
524 | } | ||
525 | break; | ||
526 | |||
527 | case SSL3_ST_SR_KEY_EXCH_A: | ||
528 | case SSL3_ST_SR_KEY_EXCH_B: | ||
529 | ret=ssl3_get_client_key_exchange(s); | ||
530 | if (ret <= 0) | ||
531 | goto end; | ||
532 | if (ret == 2) | ||
533 | { | ||
534 | /* For the ECDH ciphersuites when | ||
535 | * the client sends its ECDH pub key in | ||
536 | * a certificate, the CertificateVerify | ||
537 | * message is not sent. | ||
538 | * Also for GOST ciphersuites when | ||
539 | * the client uses its key from the certificate | ||
540 | * for key exchange. | ||
541 | */ | ||
542 | s->state=SSL3_ST_SR_FINISHED_A; | ||
543 | s->init_num = 0; | ||
544 | } | ||
545 | else | ||
546 | { | ||
547 | int offset=0; | ||
548 | int dgst_num; | ||
549 | |||
550 | s->state=SSL3_ST_SR_CERT_VRFY_A; | ||
551 | s->init_num=0; | ||
552 | |||
553 | /* We need to get hashes here so if there is | ||
554 | * a client cert, it can be verified | ||
555 | * FIXME - digest processing for CertificateVerify | ||
556 | * should be generalized. But it is next step | ||
557 | */ | ||
558 | if (s->s3->handshake_buffer) | ||
559 | if (!ssl3_digest_cached_records(s)) | ||
560 | return -1; | ||
561 | for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++) | ||
562 | if (s->s3->handshake_dgst[dgst_num]) | ||
563 | { | ||
564 | int dgst_size; | ||
565 | |||
566 | s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset])); | ||
567 | dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); | ||
568 | if (dgst_size < 0) | ||
569 | { | ||
570 | ret = -1; | ||
571 | goto end; | ||
572 | } | ||
573 | offset+=dgst_size; | ||
574 | } | ||
575 | } | ||
576 | break; | ||
577 | |||
578 | case SSL3_ST_SR_CERT_VRFY_A: | ||
579 | case SSL3_ST_SR_CERT_VRFY_B: | ||
580 | |||
581 | /* we should decide if we expected this one */ | ||
582 | ret=ssl3_get_cert_verify(s); | ||
583 | if (ret <= 0) goto end; | ||
584 | |||
585 | s->state=SSL3_ST_SR_FINISHED_A; | ||
586 | s->init_num=0; | ||
587 | break; | ||
588 | |||
589 | case SSL3_ST_SR_FINISHED_A: | ||
590 | case SSL3_ST_SR_FINISHED_B: | ||
591 | ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, | ||
592 | SSL3_ST_SR_FINISHED_B); | ||
593 | if (ret <= 0) goto end; | ||
594 | #ifndef OPENSSL_NO_TLSEXT | ||
595 | if (s->tlsext_ticket_expected) | ||
596 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
597 | else if (s->hit) | ||
598 | s->state=SSL_ST_OK; | ||
599 | #else | ||
600 | if (s->hit) | ||
601 | s->state=SSL_ST_OK; | ||
602 | #endif | ||
603 | else | ||
604 | s->state=SSL3_ST_SW_CHANGE_A; | ||
605 | s->init_num=0; | ||
606 | break; | ||
607 | |||
608 | #ifndef OPENSSL_NO_TLSEXT | ||
609 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
610 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
611 | ret=ssl3_send_newsession_ticket(s); | ||
612 | if (ret <= 0) goto end; | ||
613 | s->state=SSL3_ST_SW_CHANGE_A; | ||
614 | s->init_num=0; | ||
615 | break; | ||
616 | |||
617 | case SSL3_ST_SW_CERT_STATUS_A: | ||
618 | case SSL3_ST_SW_CERT_STATUS_B: | ||
619 | ret=ssl3_send_cert_status(s); | ||
620 | if (ret <= 0) goto end; | ||
621 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
622 | s->init_num=0; | ||
623 | break; | ||
624 | |||
625 | #endif | ||
626 | |||
627 | case SSL3_ST_SW_CHANGE_A: | ||
628 | case SSL3_ST_SW_CHANGE_B: | ||
629 | |||
630 | s->session->cipher=s->s3->tmp.new_cipher; | ||
631 | if (!s->method->ssl3_enc->setup_key_block(s)) | ||
632 | { ret= -1; goto end; } | ||
633 | |||
634 | ret=ssl3_send_change_cipher_spec(s, | ||
635 | SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); | ||
636 | |||
637 | if (ret <= 0) goto end; | ||
638 | s->state=SSL3_ST_SW_FINISHED_A; | ||
639 | s->init_num=0; | ||
640 | |||
641 | if (!s->method->ssl3_enc->change_cipher_state(s, | ||
642 | SSL3_CHANGE_CIPHER_SERVER_WRITE)) | ||
643 | { | ||
644 | ret= -1; | ||
645 | goto end; | ||
646 | } | ||
647 | |||
648 | break; | ||
649 | |||
650 | case SSL3_ST_SW_FINISHED_A: | ||
651 | case SSL3_ST_SW_FINISHED_B: | ||
652 | ret=ssl3_send_finished(s, | ||
653 | SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, | ||
654 | s->method->ssl3_enc->server_finished_label, | ||
655 | s->method->ssl3_enc->server_finished_label_len); | ||
656 | if (ret <= 0) goto end; | ||
657 | s->state=SSL3_ST_SW_FLUSH; | ||
658 | if (s->hit) | ||
659 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
660 | else | ||
661 | s->s3->tmp.next_state=SSL_ST_OK; | ||
662 | s->init_num=0; | ||
663 | break; | ||
664 | |||
665 | case SSL_ST_OK: | ||
666 | /* clean a few things up */ | ||
667 | ssl3_cleanup_key_block(s); | ||
668 | |||
669 | BUF_MEM_free(s->init_buf); | ||
670 | s->init_buf=NULL; | ||
671 | |||
672 | /* remove buffering on output */ | ||
673 | ssl_free_wbio_buffer(s); | ||
674 | |||
675 | s->init_num=0; | ||
676 | |||
677 | if (s->new_session == 2) /* skipped if we just sent a HelloRequest */ | ||
678 | { | ||
679 | /* actually not necessarily a 'new' session unless | ||
680 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | ||
681 | |||
682 | s->new_session=0; | ||
683 | |||
684 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); | ||
685 | |||
686 | s->ctx->stats.sess_accept_good++; | ||
687 | /* s->server=1; */ | ||
688 | s->handshake_func=ssl3_accept; | ||
689 | |||
690 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | ||
691 | } | ||
692 | |||
693 | ret = 1; | ||
694 | goto end; | ||
695 | /* break; */ | ||
696 | |||
697 | default: | ||
698 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE); | ||
699 | ret= -1; | ||
700 | goto end; | ||
701 | /* break; */ | ||
702 | } | ||
703 | |||
704 | if (!s->s3->tmp.reuse_message && !skip) | ||
705 | { | ||
706 | if (s->debug) | ||
707 | { | ||
708 | if ((ret=BIO_flush(s->wbio)) <= 0) | ||
709 | goto end; | ||
710 | } | ||
711 | |||
712 | |||
713 | if ((cb != NULL) && (s->state != state)) | ||
714 | { | ||
715 | new_state=s->state; | ||
716 | s->state=state; | ||
717 | cb(s,SSL_CB_ACCEPT_LOOP,1); | ||
718 | s->state=new_state; | ||
719 | } | ||
720 | } | ||
721 | skip=0; | ||
722 | } | ||
723 | end: | ||
724 | /* BIO_flush(s->wbio); */ | ||
725 | |||
726 | s->in_handshake--; | ||
727 | if (cb != NULL) | ||
728 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | ||
729 | return(ret); | ||
730 | } | ||
731 | |||
732 | int ssl3_send_hello_request(SSL *s) | ||
733 | { | ||
734 | unsigned char *p; | ||
735 | |||
736 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) | ||
737 | { | ||
738 | p=(unsigned char *)s->init_buf->data; | ||
739 | *(p++)=SSL3_MT_HELLO_REQUEST; | ||
740 | *(p++)=0; | ||
741 | *(p++)=0; | ||
742 | *(p++)=0; | ||
743 | |||
744 | s->state=SSL3_ST_SW_HELLO_REQ_B; | ||
745 | /* number of bytes to write */ | ||
746 | s->init_num=4; | ||
747 | s->init_off=0; | ||
748 | } | ||
749 | |||
750 | /* SSL3_ST_SW_HELLO_REQ_B */ | ||
751 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
752 | } | ||
753 | |||
754 | int ssl3_check_client_hello(SSL *s) | ||
755 | { | ||
756 | int ok; | ||
757 | long n; | ||
758 | |||
759 | /* We only allow the client to restart the handshake once per | ||
760 | * negotiation. */ | ||
761 | if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) | ||
762 | { | ||
763 | SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); | ||
764 | return -1; | ||
765 | } | ||
766 | |||
767 | /* this function is called when we really expect a Certificate message, | ||
768 | * so permit appropriate message length */ | ||
769 | n=s->method->ssl_get_message(s, | ||
770 | SSL3_ST_SR_CERT_A, | ||
771 | SSL3_ST_SR_CERT_B, | ||
772 | -1, | ||
773 | s->max_cert_list, | ||
774 | &ok); | ||
775 | if (!ok) return((int)n); | ||
776 | s->s3->tmp.reuse_message = 1; | ||
777 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) | ||
778 | { | ||
779 | /* Throw away what we have done so far in the current handshake, | ||
780 | * which will now be aborted. (A full SSL_clear would be too much.) */ | ||
781 | #ifndef OPENSSL_NO_DH | ||
782 | if (s->s3->tmp.dh != NULL) | ||
783 | { | ||
784 | DH_free(s->s3->tmp.dh); | ||
785 | s->s3->tmp.dh = NULL; | ||
786 | } | ||
787 | #endif | ||
788 | #ifndef OPENSSL_NO_ECDH | ||
789 | if (s->s3->tmp.ecdh != NULL) | ||
790 | { | ||
791 | EC_KEY_free(s->s3->tmp.ecdh); | ||
792 | s->s3->tmp.ecdh = NULL; | ||
793 | } | ||
794 | #endif | ||
795 | s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; | ||
796 | return 2; | ||
797 | } | ||
798 | return 1; | ||
799 | } | ||
800 | |||
801 | int ssl3_get_client_hello(SSL *s) | ||
802 | { | ||
803 | int i,j,ok,al,ret= -1; | ||
804 | unsigned int cookie_len; | ||
805 | long n; | ||
806 | unsigned long id; | ||
807 | unsigned char *p,*d,*q; | ||
808 | SSL_CIPHER *c; | ||
809 | #ifndef OPENSSL_NO_COMP | ||
810 | SSL_COMP *comp=NULL; | ||
811 | #endif | ||
812 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | ||
813 | |||
814 | /* We do this so that we will respond with our native type. | ||
815 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, | ||
816 | * This down switching should be handled by a different method. | ||
817 | * If we are SSLv3, we will respond with SSLv3, even if prompted with | ||
818 | * TLSv1. | ||
819 | */ | ||
820 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) | ||
821 | { | ||
822 | s->state=SSL3_ST_SR_CLNT_HELLO_B; | ||
823 | } | ||
824 | s->first_packet=1; | ||
825 | n=s->method->ssl_get_message(s, | ||
826 | SSL3_ST_SR_CLNT_HELLO_B, | ||
827 | SSL3_ST_SR_CLNT_HELLO_C, | ||
828 | SSL3_MT_CLIENT_HELLO, | ||
829 | SSL3_RT_MAX_PLAIN_LENGTH, | ||
830 | &ok); | ||
831 | |||
832 | if (!ok) return((int)n); | ||
833 | s->first_packet=0; | ||
834 | d=p=(unsigned char *)s->init_msg; | ||
835 | |||
836 | /* use version from inside client hello, not from record header | ||
837 | * (may differ: see RFC 2246, Appendix E, second paragraph) */ | ||
838 | s->client_version=(((int)p[0])<<8)|(int)p[1]; | ||
839 | p+=2; | ||
840 | |||
841 | if ((s->version == DTLS1_VERSION && s->client_version > s->version) || | ||
842 | (s->version != DTLS1_VERSION && s->client_version < s->version)) | ||
843 | { | ||
844 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); | ||
845 | if ((s->client_version>>8) == SSL3_VERSION_MAJOR) | ||
846 | { | ||
847 | /* similar to ssl3_get_record, send alert using remote version number */ | ||
848 | s->version = s->client_version; | ||
849 | } | ||
850 | al = SSL_AD_PROTOCOL_VERSION; | ||
851 | goto f_err; | ||
852 | } | ||
853 | |||
854 | /* If we require cookies and this ClientHello doesn't | ||
855 | * contain one, just return since we do not want to | ||
856 | * allocate any memory yet. So check cookie length... | ||
857 | */ | ||
858 | if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) | ||
859 | { | ||
860 | unsigned int session_length, cookie_length; | ||
861 | |||
862 | session_length = *(p + SSL3_RANDOM_SIZE); | ||
863 | cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); | ||
864 | |||
865 | if (cookie_length == 0) | ||
866 | return 1; | ||
867 | } | ||
868 | |||
869 | /* load the client random */ | ||
870 | memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); | ||
871 | p+=SSL3_RANDOM_SIZE; | ||
872 | |||
873 | /* get the session-id */ | ||
874 | j= *(p++); | ||
875 | |||
876 | s->hit=0; | ||
877 | /* Versions before 0.9.7 always allow session reuse during renegotiation | ||
878 | * (i.e. when s->new_session is true), option | ||
879 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. | ||
880 | * Maybe this optional behaviour should always have been the default, | ||
881 | * but we cannot safely change the default behaviour (or new applications | ||
882 | * might be written that become totally unsecure when compiled with | ||
883 | * an earlier library version) | ||
884 | */ | ||
885 | if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) | ||
886 | { | ||
887 | if (!ssl_get_new_session(s,1)) | ||
888 | goto err; | ||
889 | } | ||
890 | else | ||
891 | { | ||
892 | i=ssl_get_prev_session(s, p, j, d + n); | ||
893 | if (i == 1) | ||
894 | { /* previous session */ | ||
895 | s->hit=1; | ||
896 | } | ||
897 | else if (i == -1) | ||
898 | goto err; | ||
899 | else /* i == 0 */ | ||
900 | { | ||
901 | if (!ssl_get_new_session(s,1)) | ||
902 | goto err; | ||
903 | } | ||
904 | } | ||
905 | |||
906 | p+=j; | ||
907 | |||
908 | if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) | ||
909 | { | ||
910 | /* cookie stuff */ | ||
911 | cookie_len = *(p++); | ||
912 | |||
913 | /* | ||
914 | * The ClientHello may contain a cookie even if the | ||
915 | * HelloVerify message has not been sent--make sure that it | ||
916 | * does not cause an overflow. | ||
917 | */ | ||
918 | if ( cookie_len > sizeof(s->d1->rcvd_cookie)) | ||
919 | { | ||
920 | /* too much data */ | ||
921 | al = SSL_AD_DECODE_ERROR; | ||
922 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); | ||
923 | goto f_err; | ||
924 | } | ||
925 | |||
926 | /* verify the cookie if appropriate option is set. */ | ||
927 | if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && | ||
928 | cookie_len > 0) | ||
929 | { | ||
930 | memcpy(s->d1->rcvd_cookie, p, cookie_len); | ||
931 | |||
932 | if ( s->ctx->app_verify_cookie_cb != NULL) | ||
933 | { | ||
934 | if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie, | ||
935 | cookie_len) == 0) | ||
936 | { | ||
937 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
938 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
939 | SSL_R_COOKIE_MISMATCH); | ||
940 | goto f_err; | ||
941 | } | ||
942 | /* else cookie verification succeeded */ | ||
943 | } | ||
944 | else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, | ||
945 | s->d1->cookie_len) != 0) /* default verification */ | ||
946 | { | ||
947 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
948 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
949 | SSL_R_COOKIE_MISMATCH); | ||
950 | goto f_err; | ||
951 | } | ||
952 | |||
953 | ret = 2; | ||
954 | } | ||
955 | |||
956 | p += cookie_len; | ||
957 | } | ||
958 | |||
959 | n2s(p,i); | ||
960 | if ((i == 0) && (j != 0)) | ||
961 | { | ||
962 | /* we need a cipher if we are not resuming a session */ | ||
963 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
964 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); | ||
965 | goto f_err; | ||
966 | } | ||
967 | if ((p+i) >= (d+n)) | ||
968 | { | ||
969 | /* not enough data */ | ||
970 | al=SSL_AD_DECODE_ERROR; | ||
971 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); | ||
972 | goto f_err; | ||
973 | } | ||
974 | if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers)) | ||
975 | == NULL)) | ||
976 | { | ||
977 | goto err; | ||
978 | } | ||
979 | p+=i; | ||
980 | |||
981 | /* If it is a hit, check that the cipher is in the list */ | ||
982 | if ((s->hit) && (i > 0)) | ||
983 | { | ||
984 | j=0; | ||
985 | id=s->session->cipher->id; | ||
986 | |||
987 | #ifdef CIPHER_DEBUG | ||
988 | printf("client sent %d ciphers\n",sk_num(ciphers)); | ||
989 | #endif | ||
990 | for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++) | ||
991 | { | ||
992 | c=sk_SSL_CIPHER_value(ciphers,i); | ||
993 | #ifdef CIPHER_DEBUG | ||
994 | printf("client [%2d of %2d]:%s\n", | ||
995 | i,sk_num(ciphers),SSL_CIPHER_get_name(c)); | ||
996 | #endif | ||
997 | if (c->id == id) | ||
998 | { | ||
999 | j=1; | ||
1000 | break; | ||
1001 | } | ||
1002 | } | ||
1003 | /* Disabled because it can be used in a ciphersuite downgrade | ||
1004 | * attack: CVE-2010-4180. | ||
1005 | */ | ||
1006 | #if 0 | ||
1007 | if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) | ||
1008 | { | ||
1009 | /* Special case as client bug workaround: the previously used cipher may | ||
1010 | * not be in the current list, the client instead might be trying to | ||
1011 | * continue using a cipher that before wasn't chosen due to server | ||
1012 | * preferences. We'll have to reject the connection if the cipher is not | ||
1013 | * enabled, though. */ | ||
1014 | c = sk_SSL_CIPHER_value(ciphers, 0); | ||
1015 | if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) | ||
1016 | { | ||
1017 | s->session->cipher = c; | ||
1018 | j = 1; | ||
1019 | } | ||
1020 | } | ||
1021 | #endif | ||
1022 | if (j == 0) | ||
1023 | { | ||
1024 | /* we need to have the cipher in the cipher | ||
1025 | * list if we are asked to reuse it */ | ||
1026 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
1027 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); | ||
1028 | goto f_err; | ||
1029 | } | ||
1030 | } | ||
1031 | |||
1032 | /* compression */ | ||
1033 | i= *(p++); | ||
1034 | if ((p+i) > (d+n)) | ||
1035 | { | ||
1036 | /* not enough data */ | ||
1037 | al=SSL_AD_DECODE_ERROR; | ||
1038 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); | ||
1039 | goto f_err; | ||
1040 | } | ||
1041 | q=p; | ||
1042 | for (j=0; j<i; j++) | ||
1043 | { | ||
1044 | if (p[j] == 0) break; | ||
1045 | } | ||
1046 | |||
1047 | p+=i; | ||
1048 | if (j >= i) | ||
1049 | { | ||
1050 | /* no compress */ | ||
1051 | al=SSL_AD_DECODE_ERROR; | ||
1052 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED); | ||
1053 | goto f_err; | ||
1054 | } | ||
1055 | |||
1056 | #ifndef OPENSSL_NO_TLSEXT | ||
1057 | /* TLS extensions*/ | ||
1058 | if (s->version >= SSL3_VERSION) | ||
1059 | { | ||
1060 | if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) | ||
1061 | { | ||
1062 | /* 'al' set by ssl_parse_clienthello_tlsext */ | ||
1063 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); | ||
1064 | goto f_err; | ||
1065 | } | ||
1066 | } | ||
1067 | if (ssl_check_clienthello_tlsext(s) <= 0) { | ||
1068 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); | ||
1069 | goto err; | ||
1070 | } | ||
1071 | |||
1072 | /* Check if we want to use external pre-shared secret for this | ||
1073 | * handshake for not reused session only. We need to generate | ||
1074 | * server_random before calling tls_session_secret_cb in order to allow | ||
1075 | * SessionTicket processing to use it in key derivation. */ | ||
1076 | { | ||
1077 | unsigned long Time; | ||
1078 | unsigned char *pos; | ||
1079 | Time=(unsigned long)time(NULL); /* Time */ | ||
1080 | pos=s->s3->server_random; | ||
1081 | l2n(Time,pos); | ||
1082 | if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0) | ||
1083 | { | ||
1084 | al=SSL_AD_INTERNAL_ERROR; | ||
1085 | goto f_err; | ||
1086 | } | ||
1087 | } | ||
1088 | |||
1089 | if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) | ||
1090 | { | ||
1091 | SSL_CIPHER *pref_cipher=NULL; | ||
1092 | |||
1093 | s->session->master_key_length=sizeof(s->session->master_key); | ||
1094 | if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, | ||
1095 | ciphers, &pref_cipher, s->tls_session_secret_cb_arg)) | ||
1096 | { | ||
1097 | s->hit=1; | ||
1098 | s->session->ciphers=ciphers; | ||
1099 | s->session->verify_result=X509_V_OK; | ||
1100 | |||
1101 | ciphers=NULL; | ||
1102 | |||
1103 | /* check if some cipher was preferred by call back */ | ||
1104 | pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); | ||
1105 | if (pref_cipher == NULL) | ||
1106 | { | ||
1107 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1108 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER); | ||
1109 | goto f_err; | ||
1110 | } | ||
1111 | |||
1112 | s->session->cipher=pref_cipher; | ||
1113 | |||
1114 | if (s->cipher_list) | ||
1115 | sk_SSL_CIPHER_free(s->cipher_list); | ||
1116 | |||
1117 | if (s->cipher_list_by_id) | ||
1118 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
1119 | |||
1120 | s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); | ||
1121 | s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); | ||
1122 | } | ||
1123 | } | ||
1124 | #endif | ||
1125 | |||
1126 | /* Worst case, we will use the NULL compression, but if we have other | ||
1127 | * options, we will now look for them. We have i-1 compression | ||
1128 | * algorithms from the client, starting at q. */ | ||
1129 | s->s3->tmp.new_compression=NULL; | ||
1130 | #ifndef OPENSSL_NO_COMP | ||
1131 | /* This only happens if we have a cache hit */ | ||
1132 | if (s->session->compress_meth != 0) | ||
1133 | { | ||
1134 | int m, comp_id = s->session->compress_meth; | ||
1135 | /* Perform sanity checks on resumed compression algorithm */ | ||
1136 | /* Can't disable compression */ | ||
1137 | if (s->options & SSL_OP_NO_COMPRESSION) | ||
1138 | { | ||
1139 | al=SSL_AD_INTERNAL_ERROR; | ||
1140 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION); | ||
1141 | goto f_err; | ||
1142 | } | ||
1143 | /* Look for resumed compression method */ | ||
1144 | for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) | ||
1145 | { | ||
1146 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,m); | ||
1147 | if (comp_id == comp->id) | ||
1148 | { | ||
1149 | s->s3->tmp.new_compression=comp; | ||
1150 | break; | ||
1151 | } | ||
1152 | } | ||
1153 | if (s->s3->tmp.new_compression == NULL) | ||
1154 | { | ||
1155 | al=SSL_AD_INTERNAL_ERROR; | ||
1156 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM); | ||
1157 | goto f_err; | ||
1158 | } | ||
1159 | /* Look for resumed method in compression list */ | ||
1160 | for (m = 0; m < i; m++) | ||
1161 | { | ||
1162 | if (q[m] == comp_id) | ||
1163 | break; | ||
1164 | } | ||
1165 | if (m >= i) | ||
1166 | { | ||
1167 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
1168 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING); | ||
1169 | goto f_err; | ||
1170 | } | ||
1171 | } | ||
1172 | else if (s->hit) | ||
1173 | comp = NULL; | ||
1174 | else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) | ||
1175 | { /* See if we have a match */ | ||
1176 | int m,nn,o,v,done=0; | ||
1177 | |||
1178 | nn=sk_SSL_COMP_num(s->ctx->comp_methods); | ||
1179 | for (m=0; m<nn; m++) | ||
1180 | { | ||
1181 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,m); | ||
1182 | v=comp->id; | ||
1183 | for (o=0; o<i; o++) | ||
1184 | { | ||
1185 | if (v == q[o]) | ||
1186 | { | ||
1187 | done=1; | ||
1188 | break; | ||
1189 | } | ||
1190 | } | ||
1191 | if (done) break; | ||
1192 | } | ||
1193 | if (done) | ||
1194 | s->s3->tmp.new_compression=comp; | ||
1195 | else | ||
1196 | comp=NULL; | ||
1197 | } | ||
1198 | #else | ||
1199 | /* If compression is disabled we'd better not try to resume a session | ||
1200 | * using compression. | ||
1201 | */ | ||
1202 | if (s->session->compress_meth != 0) | ||
1203 | { | ||
1204 | al=SSL_AD_INTERNAL_ERROR; | ||
1205 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION); | ||
1206 | goto f_err; | ||
1207 | } | ||
1208 | #endif | ||
1209 | |||
1210 | /* Given s->session->ciphers and SSL_get_ciphers, we must | ||
1211 | * pick a cipher */ | ||
1212 | |||
1213 | if (!s->hit) | ||
1214 | { | ||
1215 | #ifdef OPENSSL_NO_COMP | ||
1216 | s->session->compress_meth=0; | ||
1217 | #else | ||
1218 | s->session->compress_meth=(comp == NULL)?0:comp->id; | ||
1219 | #endif | ||
1220 | if (s->session->ciphers != NULL) | ||
1221 | sk_SSL_CIPHER_free(s->session->ciphers); | ||
1222 | s->session->ciphers=ciphers; | ||
1223 | if (ciphers == NULL) | ||
1224 | { | ||
1225 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
1226 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); | ||
1227 | goto f_err; | ||
1228 | } | ||
1229 | ciphers=NULL; | ||
1230 | c=ssl3_choose_cipher(s,s->session->ciphers, | ||
1231 | SSL_get_ciphers(s)); | ||
1232 | |||
1233 | if (c == NULL) | ||
1234 | { | ||
1235 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1236 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER); | ||
1237 | goto f_err; | ||
1238 | } | ||
1239 | s->s3->tmp.new_cipher=c; | ||
1240 | } | ||
1241 | else | ||
1242 | { | ||
1243 | /* Session-id reuse */ | ||
1244 | #ifdef REUSE_CIPHER_BUG | ||
1245 | STACK_OF(SSL_CIPHER) *sk; | ||
1246 | SSL_CIPHER *nc=NULL; | ||
1247 | SSL_CIPHER *ec=NULL; | ||
1248 | |||
1249 | if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) | ||
1250 | { | ||
1251 | sk=s->session->ciphers; | ||
1252 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | ||
1253 | { | ||
1254 | c=sk_SSL_CIPHER_value(sk,i); | ||
1255 | if (c->algorithm_enc & SSL_eNULL) | ||
1256 | nc=c; | ||
1257 | if (SSL_C_IS_EXPORT(c)) | ||
1258 | ec=c; | ||
1259 | } | ||
1260 | if (nc != NULL) | ||
1261 | s->s3->tmp.new_cipher=nc; | ||
1262 | else if (ec != NULL) | ||
1263 | s->s3->tmp.new_cipher=ec; | ||
1264 | else | ||
1265 | s->s3->tmp.new_cipher=s->session->cipher; | ||
1266 | } | ||
1267 | else | ||
1268 | #endif | ||
1269 | s->s3->tmp.new_cipher=s->session->cipher; | ||
1270 | } | ||
1271 | |||
1272 | if (!ssl3_digest_cached_records(s)) | ||
1273 | goto f_err; | ||
1274 | |||
1275 | /* we now have the following setup. | ||
1276 | * client_random | ||
1277 | * cipher_list - our prefered list of ciphers | ||
1278 | * ciphers - the clients prefered list of ciphers | ||
1279 | * compression - basically ignored right now | ||
1280 | * ssl version is set - sslv3 | ||
1281 | * s->session - The ssl session has been setup. | ||
1282 | * s->hit - session reuse flag | ||
1283 | * s->tmp.new_cipher - the new cipher to use. | ||
1284 | */ | ||
1285 | |||
1286 | if (ret < 0) ret=1; | ||
1287 | if (0) | ||
1288 | { | ||
1289 | f_err: | ||
1290 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1291 | } | ||
1292 | err: | ||
1293 | if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); | ||
1294 | return(ret); | ||
1295 | } | ||
1296 | |||
1297 | int ssl3_send_server_hello(SSL *s) | ||
1298 | { | ||
1299 | unsigned char *buf; | ||
1300 | unsigned char *p,*d; | ||
1301 | int i,sl; | ||
1302 | unsigned long l; | ||
1303 | #ifdef OPENSSL_NO_TLSEXT | ||
1304 | unsigned long Time; | ||
1305 | #endif | ||
1306 | |||
1307 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) | ||
1308 | { | ||
1309 | buf=(unsigned char *)s->init_buf->data; | ||
1310 | #ifdef OPENSSL_NO_TLSEXT | ||
1311 | p=s->s3->server_random; | ||
1312 | /* Generate server_random if it was not needed previously */ | ||
1313 | Time=(unsigned long)time(NULL); /* Time */ | ||
1314 | l2n(Time,p); | ||
1315 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | ||
1316 | return -1; | ||
1317 | #endif | ||
1318 | /* Do the message type and length last */ | ||
1319 | d=p= &(buf[4]); | ||
1320 | |||
1321 | *(p++)=s->version>>8; | ||
1322 | *(p++)=s->version&0xff; | ||
1323 | |||
1324 | /* Random stuff */ | ||
1325 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | ||
1326 | p+=SSL3_RANDOM_SIZE; | ||
1327 | |||
1328 | /* now in theory we have 3 options to sending back the | ||
1329 | * session id. If it is a re-use, we send back the | ||
1330 | * old session-id, if it is a new session, we send | ||
1331 | * back the new session-id or we send back a 0 length | ||
1332 | * session-id if we want it to be single use. | ||
1333 | * Currently I will not implement the '0' length session-id | ||
1334 | * 12-Jan-98 - I'll now support the '0' length stuff. | ||
1335 | * | ||
1336 | * We also have an additional case where stateless session | ||
1337 | * resumption is successful: we always send back the old | ||
1338 | * session id. In this case s->hit is non zero: this can | ||
1339 | * only happen if stateless session resumption is succesful | ||
1340 | * if session caching is disabled so existing functionality | ||
1341 | * is unaffected. | ||
1342 | */ | ||
1343 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) | ||
1344 | && !s->hit) | ||
1345 | s->session->session_id_length=0; | ||
1346 | |||
1347 | sl=s->session->session_id_length; | ||
1348 | if (sl > (int)sizeof(s->session->session_id)) | ||
1349 | { | ||
1350 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | ||
1351 | return -1; | ||
1352 | } | ||
1353 | *(p++)=sl; | ||
1354 | memcpy(p,s->session->session_id,sl); | ||
1355 | p+=sl; | ||
1356 | |||
1357 | /* put the cipher */ | ||
1358 | i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); | ||
1359 | p+=i; | ||
1360 | |||
1361 | /* put the compression method */ | ||
1362 | #ifdef OPENSSL_NO_COMP | ||
1363 | *(p++)=0; | ||
1364 | #else | ||
1365 | if (s->s3->tmp.new_compression == NULL) | ||
1366 | *(p++)=0; | ||
1367 | else | ||
1368 | *(p++)=s->s3->tmp.new_compression->id; | ||
1369 | #endif | ||
1370 | #ifndef OPENSSL_NO_TLSEXT | ||
1371 | if (ssl_prepare_serverhello_tlsext(s) <= 0) | ||
1372 | { | ||
1373 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); | ||
1374 | return -1; | ||
1375 | } | ||
1376 | if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
1377 | { | ||
1378 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); | ||
1379 | return -1; | ||
1380 | } | ||
1381 | #endif | ||
1382 | /* do the header */ | ||
1383 | l=(p-d); | ||
1384 | d=buf; | ||
1385 | *(d++)=SSL3_MT_SERVER_HELLO; | ||
1386 | l2n3(l,d); | ||
1387 | |||
1388 | s->state=SSL3_ST_SW_SRVR_HELLO_B; | ||
1389 | /* number of bytes to write */ | ||
1390 | s->init_num=p-buf; | ||
1391 | s->init_off=0; | ||
1392 | } | ||
1393 | |||
1394 | /* SSL3_ST_SW_SRVR_HELLO_B */ | ||
1395 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1396 | } | ||
1397 | |||
1398 | int ssl3_send_server_done(SSL *s) | ||
1399 | { | ||
1400 | unsigned char *p; | ||
1401 | |||
1402 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) | ||
1403 | { | ||
1404 | p=(unsigned char *)s->init_buf->data; | ||
1405 | |||
1406 | /* do the header */ | ||
1407 | *(p++)=SSL3_MT_SERVER_DONE; | ||
1408 | *(p++)=0; | ||
1409 | *(p++)=0; | ||
1410 | *(p++)=0; | ||
1411 | |||
1412 | s->state=SSL3_ST_SW_SRVR_DONE_B; | ||
1413 | /* number of bytes to write */ | ||
1414 | s->init_num=4; | ||
1415 | s->init_off=0; | ||
1416 | } | ||
1417 | |||
1418 | /* SSL3_ST_SW_SRVR_DONE_B */ | ||
1419 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1420 | } | ||
1421 | |||
1422 | int ssl3_send_server_key_exchange(SSL *s) | ||
1423 | { | ||
1424 | #ifndef OPENSSL_NO_RSA | ||
1425 | unsigned char *q; | ||
1426 | int j,num; | ||
1427 | RSA *rsa; | ||
1428 | unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | ||
1429 | unsigned int u; | ||
1430 | #endif | ||
1431 | #ifndef OPENSSL_NO_DH | ||
1432 | DH *dh=NULL,*dhp; | ||
1433 | #endif | ||
1434 | #ifndef OPENSSL_NO_ECDH | ||
1435 | EC_KEY *ecdh=NULL, *ecdhp; | ||
1436 | unsigned char *encodedPoint = NULL; | ||
1437 | int encodedlen = 0; | ||
1438 | int curve_id = 0; | ||
1439 | BN_CTX *bn_ctx = NULL; | ||
1440 | #endif | ||
1441 | EVP_PKEY *pkey; | ||
1442 | unsigned char *p,*d; | ||
1443 | int al,i; | ||
1444 | unsigned long type; | ||
1445 | int n; | ||
1446 | CERT *cert; | ||
1447 | BIGNUM *r[4]; | ||
1448 | int nr[4],kn; | ||
1449 | BUF_MEM *buf; | ||
1450 | EVP_MD_CTX md_ctx; | ||
1451 | |||
1452 | EVP_MD_CTX_init(&md_ctx); | ||
1453 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) | ||
1454 | { | ||
1455 | type=s->s3->tmp.new_cipher->algorithm_mkey; | ||
1456 | cert=s->cert; | ||
1457 | |||
1458 | buf=s->init_buf; | ||
1459 | |||
1460 | r[0]=r[1]=r[2]=r[3]=NULL; | ||
1461 | n=0; | ||
1462 | #ifndef OPENSSL_NO_RSA | ||
1463 | if (type & SSL_kRSA) | ||
1464 | { | ||
1465 | rsa=cert->rsa_tmp; | ||
1466 | if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) | ||
1467 | { | ||
1468 | rsa=s->cert->rsa_tmp_cb(s, | ||
1469 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
1470 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
1471 | if(rsa == NULL) | ||
1472 | { | ||
1473 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1474 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); | ||
1475 | goto f_err; | ||
1476 | } | ||
1477 | RSA_up_ref(rsa); | ||
1478 | cert->rsa_tmp=rsa; | ||
1479 | } | ||
1480 | if (rsa == NULL) | ||
1481 | { | ||
1482 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1483 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY); | ||
1484 | goto f_err; | ||
1485 | } | ||
1486 | r[0]=rsa->n; | ||
1487 | r[1]=rsa->e; | ||
1488 | s->s3->tmp.use_rsa_tmp=1; | ||
1489 | } | ||
1490 | else | ||
1491 | #endif | ||
1492 | #ifndef OPENSSL_NO_DH | ||
1493 | if (type & SSL_kEDH) | ||
1494 | { | ||
1495 | dhp=cert->dh_tmp; | ||
1496 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | ||
1497 | dhp=s->cert->dh_tmp_cb(s, | ||
1498 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
1499 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
1500 | if (dhp == NULL) | ||
1501 | { | ||
1502 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1503 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); | ||
1504 | goto f_err; | ||
1505 | } | ||
1506 | |||
1507 | if (s->s3->tmp.dh != NULL) | ||
1508 | { | ||
1509 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
1510 | goto err; | ||
1511 | } | ||
1512 | |||
1513 | if ((dh=DHparams_dup(dhp)) == NULL) | ||
1514 | { | ||
1515 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
1516 | goto err; | ||
1517 | } | ||
1518 | |||
1519 | s->s3->tmp.dh=dh; | ||
1520 | if ((dhp->pub_key == NULL || | ||
1521 | dhp->priv_key == NULL || | ||
1522 | (s->options & SSL_OP_SINGLE_DH_USE))) | ||
1523 | { | ||
1524 | if(!DH_generate_key(dh)) | ||
1525 | { | ||
1526 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
1527 | ERR_R_DH_LIB); | ||
1528 | goto err; | ||
1529 | } | ||
1530 | } | ||
1531 | else | ||
1532 | { | ||
1533 | dh->pub_key=BN_dup(dhp->pub_key); | ||
1534 | dh->priv_key=BN_dup(dhp->priv_key); | ||
1535 | if ((dh->pub_key == NULL) || | ||
1536 | (dh->priv_key == NULL)) | ||
1537 | { | ||
1538 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
1539 | goto err; | ||
1540 | } | ||
1541 | } | ||
1542 | r[0]=dh->p; | ||
1543 | r[1]=dh->g; | ||
1544 | r[2]=dh->pub_key; | ||
1545 | } | ||
1546 | else | ||
1547 | #endif | ||
1548 | #ifndef OPENSSL_NO_ECDH | ||
1549 | if (type & SSL_kEECDH) | ||
1550 | { | ||
1551 | const EC_GROUP *group; | ||
1552 | |||
1553 | ecdhp=cert->ecdh_tmp; | ||
1554 | if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) | ||
1555 | { | ||
1556 | ecdhp=s->cert->ecdh_tmp_cb(s, | ||
1557 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
1558 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
1559 | } | ||
1560 | if (ecdhp == NULL) | ||
1561 | { | ||
1562 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1563 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); | ||
1564 | goto f_err; | ||
1565 | } | ||
1566 | |||
1567 | if (s->s3->tmp.ecdh != NULL) | ||
1568 | { | ||
1569 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
1570 | goto err; | ||
1571 | } | ||
1572 | |||
1573 | /* Duplicate the ECDH structure. */ | ||
1574 | if (ecdhp == NULL) | ||
1575 | { | ||
1576 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1577 | goto err; | ||
1578 | } | ||
1579 | if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) | ||
1580 | { | ||
1581 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1582 | goto err; | ||
1583 | } | ||
1584 | |||
1585 | s->s3->tmp.ecdh=ecdh; | ||
1586 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | ||
1587 | (EC_KEY_get0_private_key(ecdh) == NULL) || | ||
1588 | (s->options & SSL_OP_SINGLE_ECDH_USE)) | ||
1589 | { | ||
1590 | if(!EC_KEY_generate_key(ecdh)) | ||
1591 | { | ||
1592 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1593 | goto err; | ||
1594 | } | ||
1595 | } | ||
1596 | |||
1597 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || | ||
1598 | (EC_KEY_get0_public_key(ecdh) == NULL) || | ||
1599 | (EC_KEY_get0_private_key(ecdh) == NULL)) | ||
1600 | { | ||
1601 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1602 | goto err; | ||
1603 | } | ||
1604 | |||
1605 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && | ||
1606 | (EC_GROUP_get_degree(group) > 163)) | ||
1607 | { | ||
1608 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); | ||
1609 | goto err; | ||
1610 | } | ||
1611 | |||
1612 | /* XXX: For now, we only support ephemeral ECDH | ||
1613 | * keys over named (not generic) curves. For | ||
1614 | * supported named curves, curve_id is non-zero. | ||
1615 | */ | ||
1616 | if ((curve_id = | ||
1617 | tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))) | ||
1618 | == 0) | ||
1619 | { | ||
1620 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
1621 | goto err; | ||
1622 | } | ||
1623 | |||
1624 | /* Encode the public key. | ||
1625 | * First check the size of encoding and | ||
1626 | * allocate memory accordingly. | ||
1627 | */ | ||
1628 | encodedlen = EC_POINT_point2oct(group, | ||
1629 | EC_KEY_get0_public_key(ecdh), | ||
1630 | POINT_CONVERSION_UNCOMPRESSED, | ||
1631 | NULL, 0, NULL); | ||
1632 | |||
1633 | encodedPoint = (unsigned char *) | ||
1634 | OPENSSL_malloc(encodedlen*sizeof(unsigned char)); | ||
1635 | bn_ctx = BN_CTX_new(); | ||
1636 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) | ||
1637 | { | ||
1638 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
1639 | goto err; | ||
1640 | } | ||
1641 | |||
1642 | |||
1643 | encodedlen = EC_POINT_point2oct(group, | ||
1644 | EC_KEY_get0_public_key(ecdh), | ||
1645 | POINT_CONVERSION_UNCOMPRESSED, | ||
1646 | encodedPoint, encodedlen, bn_ctx); | ||
1647 | |||
1648 | if (encodedlen == 0) | ||
1649 | { | ||
1650 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
1651 | goto err; | ||
1652 | } | ||
1653 | |||
1654 | BN_CTX_free(bn_ctx); bn_ctx=NULL; | ||
1655 | |||
1656 | /* XXX: For now, we only support named (not | ||
1657 | * generic) curves in ECDH ephemeral key exchanges. | ||
1658 | * In this situation, we need four additional bytes | ||
1659 | * to encode the entire ServerECDHParams | ||
1660 | * structure. | ||
1661 | */ | ||
1662 | n = 4 + encodedlen; | ||
1663 | |||
1664 | /* We'll generate the serverKeyExchange message | ||
1665 | * explicitly so we can set these to NULLs | ||
1666 | */ | ||
1667 | r[0]=NULL; | ||
1668 | r[1]=NULL; | ||
1669 | r[2]=NULL; | ||
1670 | r[3]=NULL; | ||
1671 | } | ||
1672 | else | ||
1673 | #endif /* !OPENSSL_NO_ECDH */ | ||
1674 | #ifndef OPENSSL_NO_PSK | ||
1675 | if (type & SSL_kPSK) | ||
1676 | { | ||
1677 | /* reserve size for record length and PSK identity hint*/ | ||
1678 | n+=2+strlen(s->ctx->psk_identity_hint); | ||
1679 | } | ||
1680 | else | ||
1681 | #endif /* !OPENSSL_NO_PSK */ | ||
1682 | { | ||
1683 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1684 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | ||
1685 | goto f_err; | ||
1686 | } | ||
1687 | for (i=0; r[i] != NULL; i++) | ||
1688 | { | ||
1689 | nr[i]=BN_num_bytes(r[i]); | ||
1690 | n+=2+nr[i]; | ||
1691 | } | ||
1692 | |||
1693 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) | ||
1694 | && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | ||
1695 | { | ||
1696 | if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) | ||
1697 | == NULL) | ||
1698 | { | ||
1699 | al=SSL_AD_DECODE_ERROR; | ||
1700 | goto f_err; | ||
1701 | } | ||
1702 | kn=EVP_PKEY_size(pkey); | ||
1703 | } | ||
1704 | else | ||
1705 | { | ||
1706 | pkey=NULL; | ||
1707 | kn=0; | ||
1708 | } | ||
1709 | |||
1710 | if (!BUF_MEM_grow_clean(buf,n+4+kn)) | ||
1711 | { | ||
1712 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); | ||
1713 | goto err; | ||
1714 | } | ||
1715 | d=(unsigned char *)s->init_buf->data; | ||
1716 | p= &(d[4]); | ||
1717 | |||
1718 | for (i=0; r[i] != NULL; i++) | ||
1719 | { | ||
1720 | s2n(nr[i],p); | ||
1721 | BN_bn2bin(r[i],p); | ||
1722 | p+=nr[i]; | ||
1723 | } | ||
1724 | |||
1725 | #ifndef OPENSSL_NO_ECDH | ||
1726 | if (type & SSL_kEECDH) | ||
1727 | { | ||
1728 | /* XXX: For now, we only support named (not generic) curves. | ||
1729 | * In this situation, the serverKeyExchange message has: | ||
1730 | * [1 byte CurveType], [2 byte CurveName] | ||
1731 | * [1 byte length of encoded point], followed by | ||
1732 | * the actual encoded point itself | ||
1733 | */ | ||
1734 | *p = NAMED_CURVE_TYPE; | ||
1735 | p += 1; | ||
1736 | *p = 0; | ||
1737 | p += 1; | ||
1738 | *p = curve_id; | ||
1739 | p += 1; | ||
1740 | *p = encodedlen; | ||
1741 | p += 1; | ||
1742 | memcpy((unsigned char*)p, | ||
1743 | (unsigned char *)encodedPoint, | ||
1744 | encodedlen); | ||
1745 | OPENSSL_free(encodedPoint); | ||
1746 | encodedPoint = NULL; | ||
1747 | p += encodedlen; | ||
1748 | } | ||
1749 | #endif | ||
1750 | |||
1751 | #ifndef OPENSSL_NO_PSK | ||
1752 | if (type & SSL_kPSK) | ||
1753 | { | ||
1754 | /* copy PSK identity hint */ | ||
1755 | s2n(strlen(s->ctx->psk_identity_hint), p); | ||
1756 | strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); | ||
1757 | p+=strlen(s->ctx->psk_identity_hint); | ||
1758 | } | ||
1759 | #endif | ||
1760 | |||
1761 | /* not anonymous */ | ||
1762 | if (pkey != NULL) | ||
1763 | { | ||
1764 | /* n is the length of the params, they start at &(d[4]) | ||
1765 | * and p points to the space at the end. */ | ||
1766 | #ifndef OPENSSL_NO_RSA | ||
1767 | if (pkey->type == EVP_PKEY_RSA) | ||
1768 | { | ||
1769 | q=md_buf; | ||
1770 | j=0; | ||
1771 | for (num=2; num > 0; num--) | ||
1772 | { | ||
1773 | EVP_DigestInit_ex(&md_ctx,(num == 2) | ||
1774 | ?s->ctx->md5:s->ctx->sha1, NULL); | ||
1775 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1776 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1777 | EVP_DigestUpdate(&md_ctx,&(d[4]),n); | ||
1778 | EVP_DigestFinal_ex(&md_ctx,q, | ||
1779 | (unsigned int *)&i); | ||
1780 | q+=i; | ||
1781 | j+=i; | ||
1782 | } | ||
1783 | if (RSA_sign(NID_md5_sha1, md_buf, j, | ||
1784 | &(p[2]), &u, pkey->pkey.rsa) <= 0) | ||
1785 | { | ||
1786 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); | ||
1787 | goto err; | ||
1788 | } | ||
1789 | s2n(u,p); | ||
1790 | n+=u+2; | ||
1791 | } | ||
1792 | else | ||
1793 | #endif | ||
1794 | #if !defined(OPENSSL_NO_DSA) | ||
1795 | if (pkey->type == EVP_PKEY_DSA) | ||
1796 | { | ||
1797 | /* lets do DSS */ | ||
1798 | EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); | ||
1799 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1800 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1801 | EVP_SignUpdate(&md_ctx,&(d[4]),n); | ||
1802 | if (!EVP_SignFinal(&md_ctx,&(p[2]), | ||
1803 | (unsigned int *)&i,pkey)) | ||
1804 | { | ||
1805 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA); | ||
1806 | goto err; | ||
1807 | } | ||
1808 | s2n(i,p); | ||
1809 | n+=i+2; | ||
1810 | } | ||
1811 | else | ||
1812 | #endif | ||
1813 | #if !defined(OPENSSL_NO_ECDSA) | ||
1814 | if (pkey->type == EVP_PKEY_EC) | ||
1815 | { | ||
1816 | /* let's do ECDSA */ | ||
1817 | EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); | ||
1818 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
1819 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
1820 | EVP_SignUpdate(&md_ctx,&(d[4]),n); | ||
1821 | if (!EVP_SignFinal(&md_ctx,&(p[2]), | ||
1822 | (unsigned int *)&i,pkey)) | ||
1823 | { | ||
1824 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA); | ||
1825 | goto err; | ||
1826 | } | ||
1827 | s2n(i,p); | ||
1828 | n+=i+2; | ||
1829 | } | ||
1830 | else | ||
1831 | #endif | ||
1832 | { | ||
1833 | /* Is this error check actually needed? */ | ||
1834 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
1835 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); | ||
1836 | goto f_err; | ||
1837 | } | ||
1838 | } | ||
1839 | |||
1840 | *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE; | ||
1841 | l2n3(n,d); | ||
1842 | |||
1843 | /* we should now have things packed up, so lets send | ||
1844 | * it off */ | ||
1845 | s->init_num=n+4; | ||
1846 | s->init_off=0; | ||
1847 | } | ||
1848 | |||
1849 | s->state = SSL3_ST_SW_KEY_EXCH_B; | ||
1850 | EVP_MD_CTX_cleanup(&md_ctx); | ||
1851 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1852 | f_err: | ||
1853 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1854 | err: | ||
1855 | #ifndef OPENSSL_NO_ECDH | ||
1856 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
1857 | BN_CTX_free(bn_ctx); | ||
1858 | #endif | ||
1859 | EVP_MD_CTX_cleanup(&md_ctx); | ||
1860 | return(-1); | ||
1861 | } | ||
1862 | |||
1863 | int ssl3_send_certificate_request(SSL *s) | ||
1864 | { | ||
1865 | unsigned char *p,*d; | ||
1866 | int i,j,nl,off,n; | ||
1867 | STACK_OF(X509_NAME) *sk=NULL; | ||
1868 | X509_NAME *name; | ||
1869 | BUF_MEM *buf; | ||
1870 | |||
1871 | if (s->state == SSL3_ST_SW_CERT_REQ_A) | ||
1872 | { | ||
1873 | buf=s->init_buf; | ||
1874 | |||
1875 | d=p=(unsigned char *)&(buf->data[4]); | ||
1876 | |||
1877 | /* get the list of acceptable cert types */ | ||
1878 | p++; | ||
1879 | n=ssl3_get_req_cert_type(s,p); | ||
1880 | d[0]=n; | ||
1881 | p+=n; | ||
1882 | n++; | ||
1883 | |||
1884 | off=n; | ||
1885 | p+=2; | ||
1886 | n+=2; | ||
1887 | |||
1888 | sk=SSL_get_client_CA_list(s); | ||
1889 | nl=0; | ||
1890 | if (sk != NULL) | ||
1891 | { | ||
1892 | for (i=0; i<sk_X509_NAME_num(sk); i++) | ||
1893 | { | ||
1894 | name=sk_X509_NAME_value(sk,i); | ||
1895 | j=i2d_X509_NAME(name,NULL); | ||
1896 | if (!BUF_MEM_grow_clean(buf,4+n+j+2)) | ||
1897 | { | ||
1898 | SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); | ||
1899 | goto err; | ||
1900 | } | ||
1901 | p=(unsigned char *)&(buf->data[4+n]); | ||
1902 | if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) | ||
1903 | { | ||
1904 | s2n(j,p); | ||
1905 | i2d_X509_NAME(name,&p); | ||
1906 | n+=2+j; | ||
1907 | nl+=2+j; | ||
1908 | } | ||
1909 | else | ||
1910 | { | ||
1911 | d=p; | ||
1912 | i2d_X509_NAME(name,&p); | ||
1913 | j-=2; s2n(j,d); j+=2; | ||
1914 | n+=j; | ||
1915 | nl+=j; | ||
1916 | } | ||
1917 | } | ||
1918 | } | ||
1919 | /* else no CA names */ | ||
1920 | p=(unsigned char *)&(buf->data[4+off]); | ||
1921 | s2n(nl,p); | ||
1922 | |||
1923 | d=(unsigned char *)buf->data; | ||
1924 | *(d++)=SSL3_MT_CERTIFICATE_REQUEST; | ||
1925 | l2n3(n,d); | ||
1926 | |||
1927 | /* we should now have things packed up, so lets send | ||
1928 | * it off */ | ||
1929 | |||
1930 | s->init_num=n+4; | ||
1931 | s->init_off=0; | ||
1932 | #ifdef NETSCAPE_HANG_BUG | ||
1933 | p=(unsigned char *)s->init_buf->data + s->init_num; | ||
1934 | |||
1935 | /* do the header */ | ||
1936 | *(p++)=SSL3_MT_SERVER_DONE; | ||
1937 | *(p++)=0; | ||
1938 | *(p++)=0; | ||
1939 | *(p++)=0; | ||
1940 | s->init_num += 4; | ||
1941 | #endif | ||
1942 | |||
1943 | s->state = SSL3_ST_SW_CERT_REQ_B; | ||
1944 | } | ||
1945 | |||
1946 | /* SSL3_ST_SW_CERT_REQ_B */ | ||
1947 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
1948 | err: | ||
1949 | return(-1); | ||
1950 | } | ||
1951 | |||
1952 | int ssl3_get_client_key_exchange(SSL *s) | ||
1953 | { | ||
1954 | int i,al,ok; | ||
1955 | long n; | ||
1956 | unsigned long alg_k; | ||
1957 | unsigned char *p; | ||
1958 | #ifndef OPENSSL_NO_RSA | ||
1959 | RSA *rsa=NULL; | ||
1960 | EVP_PKEY *pkey=NULL; | ||
1961 | #endif | ||
1962 | #ifndef OPENSSL_NO_DH | ||
1963 | BIGNUM *pub=NULL; | ||
1964 | DH *dh_srvr; | ||
1965 | #endif | ||
1966 | #ifndef OPENSSL_NO_KRB5 | ||
1967 | KSSL_ERR kssl_err; | ||
1968 | #endif /* OPENSSL_NO_KRB5 */ | ||
1969 | |||
1970 | #ifndef OPENSSL_NO_ECDH | ||
1971 | EC_KEY *srvr_ecdh = NULL; | ||
1972 | EVP_PKEY *clnt_pub_pkey = NULL; | ||
1973 | EC_POINT *clnt_ecpoint = NULL; | ||
1974 | BN_CTX *bn_ctx = NULL; | ||
1975 | #endif | ||
1976 | |||
1977 | n=s->method->ssl_get_message(s, | ||
1978 | SSL3_ST_SR_KEY_EXCH_A, | ||
1979 | SSL3_ST_SR_KEY_EXCH_B, | ||
1980 | SSL3_MT_CLIENT_KEY_EXCHANGE, | ||
1981 | 2048, /* ??? */ | ||
1982 | &ok); | ||
1983 | |||
1984 | if (!ok) return((int)n); | ||
1985 | p=(unsigned char *)s->init_msg; | ||
1986 | |||
1987 | alg_k=s->s3->tmp.new_cipher->algorithm_mkey; | ||
1988 | |||
1989 | #ifndef OPENSSL_NO_RSA | ||
1990 | if (alg_k & SSL_kRSA) | ||
1991 | { | ||
1992 | /* FIX THIS UP EAY EAY EAY EAY */ | ||
1993 | if (s->s3->tmp.use_rsa_tmp) | ||
1994 | { | ||
1995 | if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) | ||
1996 | rsa=s->cert->rsa_tmp; | ||
1997 | /* Don't do a callback because rsa_tmp should | ||
1998 | * be sent already */ | ||
1999 | if (rsa == NULL) | ||
2000 | { | ||
2001 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2002 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY); | ||
2003 | goto f_err; | ||
2004 | |||
2005 | } | ||
2006 | } | ||
2007 | else | ||
2008 | { | ||
2009 | pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; | ||
2010 | if ( (pkey == NULL) || | ||
2011 | (pkey->type != EVP_PKEY_RSA) || | ||
2012 | (pkey->pkey.rsa == NULL)) | ||
2013 | { | ||
2014 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2015 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE); | ||
2016 | goto f_err; | ||
2017 | } | ||
2018 | rsa=pkey->pkey.rsa; | ||
2019 | } | ||
2020 | |||
2021 | /* TLS and [incidentally] DTLS{0xFEFF} */ | ||
2022 | if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) | ||
2023 | { | ||
2024 | n2s(p,i); | ||
2025 | if (n != i+2) | ||
2026 | { | ||
2027 | if (!(s->options & SSL_OP_TLS_D5_BUG)) | ||
2028 | { | ||
2029 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); | ||
2030 | goto err; | ||
2031 | } | ||
2032 | else | ||
2033 | p-=2; | ||
2034 | } | ||
2035 | else | ||
2036 | n=i; | ||
2037 | } | ||
2038 | |||
2039 | i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); | ||
2040 | |||
2041 | al = -1; | ||
2042 | |||
2043 | if (i != SSL_MAX_MASTER_KEY_LENGTH) | ||
2044 | { | ||
2045 | al=SSL_AD_DECODE_ERROR; | ||
2046 | /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ | ||
2047 | } | ||
2048 | |||
2049 | if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) | ||
2050 | { | ||
2051 | /* The premaster secret must contain the same version number as the | ||
2052 | * ClientHello to detect version rollback attacks (strangely, the | ||
2053 | * protocol does not offer such protection for DH ciphersuites). | ||
2054 | * However, buggy clients exist that send the negotiated protocol | ||
2055 | * version instead if the server does not support the requested | ||
2056 | * protocol version. | ||
2057 | * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ | ||
2058 | if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && | ||
2059 | (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) | ||
2060 | { | ||
2061 | al=SSL_AD_DECODE_ERROR; | ||
2062 | /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ | ||
2063 | |||
2064 | /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack | ||
2065 | * (http://eprint.iacr.org/2003/052/) exploits the version | ||
2066 | * number check as a "bad version oracle" -- an alert would | ||
2067 | * reveal that the plaintext corresponding to some ciphertext | ||
2068 | * made up by the adversary is properly formatted except | ||
2069 | * that the version number is wrong. To avoid such attacks, | ||
2070 | * we should treat this just like any other decryption error. */ | ||
2071 | } | ||
2072 | } | ||
2073 | |||
2074 | if (al != -1) | ||
2075 | { | ||
2076 | /* Some decryption failure -- use random value instead as countermeasure | ||
2077 | * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding | ||
2078 | * (see RFC 2246, section 7.4.7.1). */ | ||
2079 | ERR_clear_error(); | ||
2080 | i = SSL_MAX_MASTER_KEY_LENGTH; | ||
2081 | p[0] = s->client_version >> 8; | ||
2082 | p[1] = s->client_version & 0xff; | ||
2083 | if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ | ||
2084 | goto err; | ||
2085 | } | ||
2086 | |||
2087 | s->session->master_key_length= | ||
2088 | s->method->ssl3_enc->generate_master_secret(s, | ||
2089 | s->session->master_key, | ||
2090 | p,i); | ||
2091 | OPENSSL_cleanse(p,i); | ||
2092 | } | ||
2093 | else | ||
2094 | #endif | ||
2095 | #ifndef OPENSSL_NO_DH | ||
2096 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | ||
2097 | { | ||
2098 | n2s(p,i); | ||
2099 | if (n != i+2) | ||
2100 | { | ||
2101 | if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) | ||
2102 | { | ||
2103 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); | ||
2104 | goto err; | ||
2105 | } | ||
2106 | else | ||
2107 | { | ||
2108 | p-=2; | ||
2109 | i=(int)n; | ||
2110 | } | ||
2111 | } | ||
2112 | |||
2113 | if (n == 0L) /* the parameters are in the cert */ | ||
2114 | { | ||
2115 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2116 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS); | ||
2117 | goto f_err; | ||
2118 | } | ||
2119 | else | ||
2120 | { | ||
2121 | if (s->s3->tmp.dh == NULL) | ||
2122 | { | ||
2123 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2124 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); | ||
2125 | goto f_err; | ||
2126 | } | ||
2127 | else | ||
2128 | dh_srvr=s->s3->tmp.dh; | ||
2129 | } | ||
2130 | |||
2131 | pub=BN_bin2bn(p,i,NULL); | ||
2132 | if (pub == NULL) | ||
2133 | { | ||
2134 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB); | ||
2135 | goto err; | ||
2136 | } | ||
2137 | |||
2138 | i=DH_compute_key(p,pub,dh_srvr); | ||
2139 | |||
2140 | if (i <= 0) | ||
2141 | { | ||
2142 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | ||
2143 | BN_clear_free(pub); | ||
2144 | goto err; | ||
2145 | } | ||
2146 | |||
2147 | DH_free(s->s3->tmp.dh); | ||
2148 | s->s3->tmp.dh=NULL; | ||
2149 | |||
2150 | BN_clear_free(pub); | ||
2151 | pub=NULL; | ||
2152 | s->session->master_key_length= | ||
2153 | s->method->ssl3_enc->generate_master_secret(s, | ||
2154 | s->session->master_key,p,i); | ||
2155 | OPENSSL_cleanse(p,i); | ||
2156 | } | ||
2157 | else | ||
2158 | #endif | ||
2159 | #ifndef OPENSSL_NO_KRB5 | ||
2160 | if (alg_k & SSL_kKRB5) | ||
2161 | { | ||
2162 | krb5_error_code krb5rc; | ||
2163 | krb5_data enc_ticket; | ||
2164 | krb5_data authenticator; | ||
2165 | krb5_data enc_pms; | ||
2166 | KSSL_CTX *kssl_ctx = s->kssl_ctx; | ||
2167 | EVP_CIPHER_CTX ciph_ctx; | ||
2168 | const EVP_CIPHER *enc = NULL; | ||
2169 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
2170 | unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH | ||
2171 | + EVP_MAX_BLOCK_LENGTH]; | ||
2172 | int padl, outl; | ||
2173 | krb5_timestamp authtime = 0; | ||
2174 | krb5_ticket_times ttimes; | ||
2175 | |||
2176 | EVP_CIPHER_CTX_init(&ciph_ctx); | ||
2177 | |||
2178 | if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); | ||
2179 | |||
2180 | n2s(p,i); | ||
2181 | enc_ticket.length = i; | ||
2182 | |||
2183 | if (n < (long)(enc_ticket.length + 6)) | ||
2184 | { | ||
2185 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2186 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
2187 | goto err; | ||
2188 | } | ||
2189 | |||
2190 | enc_ticket.data = (char *)p; | ||
2191 | p+=enc_ticket.length; | ||
2192 | |||
2193 | n2s(p,i); | ||
2194 | authenticator.length = i; | ||
2195 | |||
2196 | if (n < (long)(enc_ticket.length + authenticator.length + 6)) | ||
2197 | { | ||
2198 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2199 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
2200 | goto err; | ||
2201 | } | ||
2202 | |||
2203 | authenticator.data = (char *)p; | ||
2204 | p+=authenticator.length; | ||
2205 | |||
2206 | n2s(p,i); | ||
2207 | enc_pms.length = i; | ||
2208 | enc_pms.data = (char *)p; | ||
2209 | p+=enc_pms.length; | ||
2210 | |||
2211 | /* Note that the length is checked again below, | ||
2212 | ** after decryption | ||
2213 | */ | ||
2214 | if(enc_pms.length > sizeof pms) | ||
2215 | { | ||
2216 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2217 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
2218 | goto err; | ||
2219 | } | ||
2220 | |||
2221 | if (n != (long)(enc_ticket.length + authenticator.length + | ||
2222 | enc_pms.length + 6)) | ||
2223 | { | ||
2224 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2225 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
2226 | goto err; | ||
2227 | } | ||
2228 | |||
2229 | if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, | ||
2230 | &kssl_err)) != 0) | ||
2231 | { | ||
2232 | #ifdef KSSL_DEBUG | ||
2233 | printf("kssl_sget_tkt rtn %d [%d]\n", | ||
2234 | krb5rc, kssl_err.reason); | ||
2235 | if (kssl_err.text) | ||
2236 | printf("kssl_err text= %s\n", kssl_err.text); | ||
2237 | #endif /* KSSL_DEBUG */ | ||
2238 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2239 | kssl_err.reason); | ||
2240 | goto err; | ||
2241 | } | ||
2242 | |||
2243 | /* Note: no authenticator is not considered an error, | ||
2244 | ** but will return authtime == 0. | ||
2245 | */ | ||
2246 | if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator, | ||
2247 | &authtime, &kssl_err)) != 0) | ||
2248 | { | ||
2249 | #ifdef KSSL_DEBUG | ||
2250 | printf("kssl_check_authent rtn %d [%d]\n", | ||
2251 | krb5rc, kssl_err.reason); | ||
2252 | if (kssl_err.text) | ||
2253 | printf("kssl_err text= %s\n", kssl_err.text); | ||
2254 | #endif /* KSSL_DEBUG */ | ||
2255 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2256 | kssl_err.reason); | ||
2257 | goto err; | ||
2258 | } | ||
2259 | |||
2260 | if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) | ||
2261 | { | ||
2262 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); | ||
2263 | goto err; | ||
2264 | } | ||
2265 | |||
2266 | #ifdef KSSL_DEBUG | ||
2267 | kssl_ctx_show(kssl_ctx); | ||
2268 | #endif /* KSSL_DEBUG */ | ||
2269 | |||
2270 | enc = kssl_map_enc(kssl_ctx->enctype); | ||
2271 | if (enc == NULL) | ||
2272 | goto err; | ||
2273 | |||
2274 | memset(iv, 0, sizeof iv); /* per RFC 1510 */ | ||
2275 | |||
2276 | if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv)) | ||
2277 | { | ||
2278 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2279 | SSL_R_DECRYPTION_FAILED); | ||
2280 | goto err; | ||
2281 | } | ||
2282 | if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl, | ||
2283 | (unsigned char *)enc_pms.data, enc_pms.length)) | ||
2284 | { | ||
2285 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2286 | SSL_R_DECRYPTION_FAILED); | ||
2287 | goto err; | ||
2288 | } | ||
2289 | if (outl > SSL_MAX_MASTER_KEY_LENGTH) | ||
2290 | { | ||
2291 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2292 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
2293 | goto err; | ||
2294 | } | ||
2295 | if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl)) | ||
2296 | { | ||
2297 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2298 | SSL_R_DECRYPTION_FAILED); | ||
2299 | goto err; | ||
2300 | } | ||
2301 | outl += padl; | ||
2302 | if (outl > SSL_MAX_MASTER_KEY_LENGTH) | ||
2303 | { | ||
2304 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2305 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
2306 | goto err; | ||
2307 | } | ||
2308 | if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff)))) | ||
2309 | { | ||
2310 | /* The premaster secret must contain the same version number as the | ||
2311 | * ClientHello to detect version rollback attacks (strangely, the | ||
2312 | * protocol does not offer such protection for DH ciphersuites). | ||
2313 | * However, buggy clients exist that send random bytes instead of | ||
2314 | * the protocol version. | ||
2315 | * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. | ||
2316 | * (Perhaps we should have a separate BUG value for the Kerberos cipher) | ||
2317 | */ | ||
2318 | if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) | ||
2319 | { | ||
2320 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2321 | SSL_AD_DECODE_ERROR); | ||
2322 | goto err; | ||
2323 | } | ||
2324 | } | ||
2325 | |||
2326 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | ||
2327 | |||
2328 | s->session->master_key_length= | ||
2329 | s->method->ssl3_enc->generate_master_secret(s, | ||
2330 | s->session->master_key, pms, outl); | ||
2331 | |||
2332 | if (kssl_ctx->client_princ) | ||
2333 | { | ||
2334 | size_t len = strlen(kssl_ctx->client_princ); | ||
2335 | if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) | ||
2336 | { | ||
2337 | s->session->krb5_client_princ_len = len; | ||
2338 | memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len); | ||
2339 | } | ||
2340 | } | ||
2341 | |||
2342 | |||
2343 | /* Was doing kssl_ctx_free() here, | ||
2344 | ** but it caused problems for apache. | ||
2345 | ** kssl_ctx = kssl_ctx_free(kssl_ctx); | ||
2346 | ** if (s->kssl_ctx) s->kssl_ctx = NULL; | ||
2347 | */ | ||
2348 | } | ||
2349 | else | ||
2350 | #endif /* OPENSSL_NO_KRB5 */ | ||
2351 | |||
2352 | #ifndef OPENSSL_NO_ECDH | ||
2353 | if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) | ||
2354 | { | ||
2355 | int ret = 1; | ||
2356 | int field_size = 0; | ||
2357 | const EC_KEY *tkey; | ||
2358 | const EC_GROUP *group; | ||
2359 | const BIGNUM *priv_key; | ||
2360 | |||
2361 | /* initialize structures for server's ECDH key pair */ | ||
2362 | if ((srvr_ecdh = EC_KEY_new()) == NULL) | ||
2363 | { | ||
2364 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2365 | ERR_R_MALLOC_FAILURE); | ||
2366 | goto err; | ||
2367 | } | ||
2368 | |||
2369 | /* Let's get server private key and group information */ | ||
2370 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) | ||
2371 | { | ||
2372 | /* use the certificate */ | ||
2373 | tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; | ||
2374 | } | ||
2375 | else | ||
2376 | { | ||
2377 | /* use the ephermeral values we saved when | ||
2378 | * generating the ServerKeyExchange msg. | ||
2379 | */ | ||
2380 | tkey = s->s3->tmp.ecdh; | ||
2381 | } | ||
2382 | |||
2383 | group = EC_KEY_get0_group(tkey); | ||
2384 | priv_key = EC_KEY_get0_private_key(tkey); | ||
2385 | |||
2386 | if (!EC_KEY_set_group(srvr_ecdh, group) || | ||
2387 | !EC_KEY_set_private_key(srvr_ecdh, priv_key)) | ||
2388 | { | ||
2389 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2390 | ERR_R_EC_LIB); | ||
2391 | goto err; | ||
2392 | } | ||
2393 | |||
2394 | /* Let's get client's public key */ | ||
2395 | if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) | ||
2396 | { | ||
2397 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2398 | ERR_R_MALLOC_FAILURE); | ||
2399 | goto err; | ||
2400 | } | ||
2401 | |||
2402 | if (n == 0L) | ||
2403 | { | ||
2404 | /* Client Publickey was in Client Certificate */ | ||
2405 | |||
2406 | if (alg_k & SSL_kEECDH) | ||
2407 | { | ||
2408 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2409 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); | ||
2410 | goto f_err; | ||
2411 | } | ||
2412 | if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer)) | ||
2413 | == NULL) || | ||
2414 | (clnt_pub_pkey->type != EVP_PKEY_EC)) | ||
2415 | { | ||
2416 | /* XXX: For now, we do not support client | ||
2417 | * authentication using ECDH certificates | ||
2418 | * so this branch (n == 0L) of the code is | ||
2419 | * never executed. When that support is | ||
2420 | * added, we ought to ensure the key | ||
2421 | * received in the certificate is | ||
2422 | * authorized for key agreement. | ||
2423 | * ECDH_compute_key implicitly checks that | ||
2424 | * the two ECDH shares are for the same | ||
2425 | * group. | ||
2426 | */ | ||
2427 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2428 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2429 | SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); | ||
2430 | goto f_err; | ||
2431 | } | ||
2432 | |||
2433 | if (EC_POINT_copy(clnt_ecpoint, | ||
2434 | EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0) | ||
2435 | { | ||
2436 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2437 | ERR_R_EC_LIB); | ||
2438 | goto err; | ||
2439 | } | ||
2440 | ret = 2; /* Skip certificate verify processing */ | ||
2441 | } | ||
2442 | else | ||
2443 | { | ||
2444 | /* Get client's public key from encoded point | ||
2445 | * in the ClientKeyExchange message. | ||
2446 | */ | ||
2447 | if ((bn_ctx = BN_CTX_new()) == NULL) | ||
2448 | { | ||
2449 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2450 | ERR_R_MALLOC_FAILURE); | ||
2451 | goto err; | ||
2452 | } | ||
2453 | |||
2454 | /* Get encoded point length */ | ||
2455 | i = *p; | ||
2456 | p += 1; | ||
2457 | if (n != 1 + i) | ||
2458 | { | ||
2459 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2460 | ERR_R_EC_LIB); | ||
2461 | goto err; | ||
2462 | } | ||
2463 | if (EC_POINT_oct2point(group, | ||
2464 | clnt_ecpoint, p, i, bn_ctx) == 0) | ||
2465 | { | ||
2466 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2467 | ERR_R_EC_LIB); | ||
2468 | goto err; | ||
2469 | } | ||
2470 | /* p is pointing to somewhere in the buffer | ||
2471 | * currently, so set it to the start | ||
2472 | */ | ||
2473 | p=(unsigned char *)s->init_buf->data; | ||
2474 | } | ||
2475 | |||
2476 | /* Compute the shared pre-master secret */ | ||
2477 | field_size = EC_GROUP_get_degree(group); | ||
2478 | if (field_size <= 0) | ||
2479 | { | ||
2480 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2481 | ERR_R_ECDH_LIB); | ||
2482 | goto err; | ||
2483 | } | ||
2484 | i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); | ||
2485 | if (i <= 0) | ||
2486 | { | ||
2487 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2488 | ERR_R_ECDH_LIB); | ||
2489 | goto err; | ||
2490 | } | ||
2491 | |||
2492 | EVP_PKEY_free(clnt_pub_pkey); | ||
2493 | EC_POINT_free(clnt_ecpoint); | ||
2494 | EC_KEY_free(srvr_ecdh); | ||
2495 | BN_CTX_free(bn_ctx); | ||
2496 | EC_KEY_free(s->s3->tmp.ecdh); | ||
2497 | s->s3->tmp.ecdh = NULL; | ||
2498 | |||
2499 | /* Compute the master secret */ | ||
2500 | s->session->master_key_length = s->method->ssl3_enc-> \ | ||
2501 | generate_master_secret(s, s->session->master_key, p, i); | ||
2502 | |||
2503 | OPENSSL_cleanse(p, i); | ||
2504 | return (ret); | ||
2505 | } | ||
2506 | else | ||
2507 | #endif | ||
2508 | #ifndef OPENSSL_NO_PSK | ||
2509 | if (alg_k & SSL_kPSK) | ||
2510 | { | ||
2511 | unsigned char *t = NULL; | ||
2512 | unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; | ||
2513 | unsigned int pre_ms_len = 0, psk_len = 0; | ||
2514 | int psk_err = 1; | ||
2515 | char tmp_id[PSK_MAX_IDENTITY_LEN+1]; | ||
2516 | |||
2517 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2518 | |||
2519 | n2s(p,i); | ||
2520 | if (n != i+2) | ||
2521 | { | ||
2522 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2523 | SSL_R_LENGTH_MISMATCH); | ||
2524 | goto psk_err; | ||
2525 | } | ||
2526 | if (i > PSK_MAX_IDENTITY_LEN) | ||
2527 | { | ||
2528 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2529 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
2530 | goto psk_err; | ||
2531 | } | ||
2532 | if (s->psk_server_callback == NULL) | ||
2533 | { | ||
2534 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2535 | SSL_R_PSK_NO_SERVER_CB); | ||
2536 | goto psk_err; | ||
2537 | } | ||
2538 | |||
2539 | /* Create guaranteed NULL-terminated identity | ||
2540 | * string for the callback */ | ||
2541 | memcpy(tmp_id, p, i); | ||
2542 | memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i); | ||
2543 | psk_len = s->psk_server_callback(s, tmp_id, | ||
2544 | psk_or_pre_ms, sizeof(psk_or_pre_ms)); | ||
2545 | OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1); | ||
2546 | |||
2547 | if (psk_len > PSK_MAX_PSK_LEN) | ||
2548 | { | ||
2549 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2550 | ERR_R_INTERNAL_ERROR); | ||
2551 | goto psk_err; | ||
2552 | } | ||
2553 | else if (psk_len == 0) | ||
2554 | { | ||
2555 | /* PSK related to the given identity not found */ | ||
2556 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2557 | SSL_R_PSK_IDENTITY_NOT_FOUND); | ||
2558 | al=SSL_AD_UNKNOWN_PSK_IDENTITY; | ||
2559 | goto psk_err; | ||
2560 | } | ||
2561 | |||
2562 | /* create PSK pre_master_secret */ | ||
2563 | pre_ms_len=2+psk_len+2+psk_len; | ||
2564 | t = psk_or_pre_ms; | ||
2565 | memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); | ||
2566 | s2n(psk_len, t); | ||
2567 | memset(t, 0, psk_len); | ||
2568 | t+=psk_len; | ||
2569 | s2n(psk_len, t); | ||
2570 | |||
2571 | if (s->session->psk_identity != NULL) | ||
2572 | OPENSSL_free(s->session->psk_identity); | ||
2573 | s->session->psk_identity = BUF_strdup((char *)p); | ||
2574 | if (s->session->psk_identity == NULL) | ||
2575 | { | ||
2576 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2577 | ERR_R_MALLOC_FAILURE); | ||
2578 | goto psk_err; | ||
2579 | } | ||
2580 | |||
2581 | if (s->session->psk_identity_hint != NULL) | ||
2582 | OPENSSL_free(s->session->psk_identity_hint); | ||
2583 | s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); | ||
2584 | if (s->ctx->psk_identity_hint != NULL && | ||
2585 | s->session->psk_identity_hint == NULL) | ||
2586 | { | ||
2587 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2588 | ERR_R_MALLOC_FAILURE); | ||
2589 | goto psk_err; | ||
2590 | } | ||
2591 | |||
2592 | s->session->master_key_length= | ||
2593 | s->method->ssl3_enc->generate_master_secret(s, | ||
2594 | s->session->master_key, psk_or_pre_ms, pre_ms_len); | ||
2595 | psk_err = 0; | ||
2596 | psk_err: | ||
2597 | OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); | ||
2598 | if (psk_err != 0) | ||
2599 | goto f_err; | ||
2600 | } | ||
2601 | else | ||
2602 | #endif | ||
2603 | if (alg_k & SSL_kGOST) | ||
2604 | { | ||
2605 | int ret = 0; | ||
2606 | EVP_PKEY_CTX *pkey_ctx; | ||
2607 | EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; | ||
2608 | unsigned char premaster_secret[32], *start; | ||
2609 | size_t outlen=32, inlen; | ||
2610 | unsigned long alg_a; | ||
2611 | |||
2612 | /* Get our certificate private key*/ | ||
2613 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
2614 | if (alg_a & SSL_aGOST94) | ||
2615 | pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; | ||
2616 | else if (alg_a & SSL_aGOST01) | ||
2617 | pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; | ||
2618 | |||
2619 | pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); | ||
2620 | EVP_PKEY_decrypt_init(pkey_ctx); | ||
2621 | /* If client certificate is present and is of the same type, maybe | ||
2622 | * use it for key exchange. Don't mind errors from | ||
2623 | * EVP_PKEY_derive_set_peer, because it is completely valid to use | ||
2624 | * a client certificate for authorization only. */ | ||
2625 | client_pub_pkey = X509_get_pubkey(s->session->peer); | ||
2626 | if (client_pub_pkey) | ||
2627 | { | ||
2628 | if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0) | ||
2629 | ERR_clear_error(); | ||
2630 | } | ||
2631 | /* Decrypt session key */ | ||
2632 | if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) | ||
2633 | { | ||
2634 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED); | ||
2635 | goto gerr; | ||
2636 | } | ||
2637 | if (p[1] == 0x81) | ||
2638 | { | ||
2639 | start = p+3; | ||
2640 | inlen = p[2]; | ||
2641 | } | ||
2642 | else if (p[1] < 0x80) | ||
2643 | { | ||
2644 | start = p+2; | ||
2645 | inlen = p[1]; | ||
2646 | } | ||
2647 | else | ||
2648 | { | ||
2649 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED); | ||
2650 | goto gerr; | ||
2651 | } | ||
2652 | if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) | ||
2653 | |||
2654 | { | ||
2655 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED); | ||
2656 | goto gerr; | ||
2657 | } | ||
2658 | /* Generate master secret */ | ||
2659 | s->session->master_key_length= | ||
2660 | s->method->ssl3_enc->generate_master_secret(s, | ||
2661 | s->session->master_key,premaster_secret,32); | ||
2662 | /* Check if pubkey from client certificate was used */ | ||
2663 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) | ||
2664 | ret = 2; | ||
2665 | else | ||
2666 | ret = 1; | ||
2667 | gerr: | ||
2668 | EVP_PKEY_free(client_pub_pkey); | ||
2669 | EVP_PKEY_CTX_free(pkey_ctx); | ||
2670 | if (ret) | ||
2671 | return ret; | ||
2672 | else | ||
2673 | goto err; | ||
2674 | } | ||
2675 | else | ||
2676 | { | ||
2677 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2678 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
2679 | SSL_R_UNKNOWN_CIPHER_TYPE); | ||
2680 | goto f_err; | ||
2681 | } | ||
2682 | |||
2683 | return(1); | ||
2684 | f_err: | ||
2685 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
2686 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) | ||
2687 | err: | ||
2688 | #endif | ||
2689 | #ifndef OPENSSL_NO_ECDH | ||
2690 | EVP_PKEY_free(clnt_pub_pkey); | ||
2691 | EC_POINT_free(clnt_ecpoint); | ||
2692 | if (srvr_ecdh != NULL) | ||
2693 | EC_KEY_free(srvr_ecdh); | ||
2694 | BN_CTX_free(bn_ctx); | ||
2695 | #endif | ||
2696 | return(-1); | ||
2697 | } | ||
2698 | |||
2699 | int ssl3_get_cert_verify(SSL *s) | ||
2700 | { | ||
2701 | EVP_PKEY *pkey=NULL; | ||
2702 | unsigned char *p; | ||
2703 | int al,ok,ret=0; | ||
2704 | long n; | ||
2705 | int type=0,i,j; | ||
2706 | X509 *peer; | ||
2707 | |||
2708 | n=s->method->ssl_get_message(s, | ||
2709 | SSL3_ST_SR_CERT_VRFY_A, | ||
2710 | SSL3_ST_SR_CERT_VRFY_B, | ||
2711 | -1, | ||
2712 | 514, /* 514? */ | ||
2713 | &ok); | ||
2714 | |||
2715 | if (!ok) return((int)n); | ||
2716 | |||
2717 | if (s->session->peer != NULL) | ||
2718 | { | ||
2719 | peer=s->session->peer; | ||
2720 | pkey=X509_get_pubkey(peer); | ||
2721 | type=X509_certificate_type(peer,pkey); | ||
2722 | } | ||
2723 | else | ||
2724 | { | ||
2725 | peer=NULL; | ||
2726 | pkey=NULL; | ||
2727 | } | ||
2728 | |||
2729 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) | ||
2730 | { | ||
2731 | s->s3->tmp.reuse_message=1; | ||
2732 | if ((peer != NULL) && (type | EVP_PKT_SIGN)) | ||
2733 | { | ||
2734 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
2735 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); | ||
2736 | goto f_err; | ||
2737 | } | ||
2738 | ret=1; | ||
2739 | goto end; | ||
2740 | } | ||
2741 | |||
2742 | if (peer == NULL) | ||
2743 | { | ||
2744 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED); | ||
2745 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
2746 | goto f_err; | ||
2747 | } | ||
2748 | |||
2749 | if (!(type & EVP_PKT_SIGN)) | ||
2750 | { | ||
2751 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); | ||
2752 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
2753 | goto f_err; | ||
2754 | } | ||
2755 | |||
2756 | if (s->s3->change_cipher_spec) | ||
2757 | { | ||
2758 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); | ||
2759 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
2760 | goto f_err; | ||
2761 | } | ||
2762 | |||
2763 | /* we now have a signature that we need to verify */ | ||
2764 | p=(unsigned char *)s->init_msg; | ||
2765 | /* Check for broken implementations of GOST ciphersuites */ | ||
2766 | /* If key is GOST and n is exactly 64, it is bare | ||
2767 | * signature without length field */ | ||
2768 | if (n==64 && (pkey->type==NID_id_GostR3410_94 || | ||
2769 | pkey->type == NID_id_GostR3410_2001) ) | ||
2770 | { | ||
2771 | i=64; | ||
2772 | } | ||
2773 | else | ||
2774 | { | ||
2775 | n2s(p,i); | ||
2776 | n-=2; | ||
2777 | if (i > n) | ||
2778 | { | ||
2779 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH); | ||
2780 | al=SSL_AD_DECODE_ERROR; | ||
2781 | goto f_err; | ||
2782 | } | ||
2783 | } | ||
2784 | j=EVP_PKEY_size(pkey); | ||
2785 | if ((i > j) || (n > j) || (n <= 0)) | ||
2786 | { | ||
2787 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE); | ||
2788 | al=SSL_AD_DECODE_ERROR; | ||
2789 | goto f_err; | ||
2790 | } | ||
2791 | |||
2792 | #ifndef OPENSSL_NO_RSA | ||
2793 | if (pkey->type == EVP_PKEY_RSA) | ||
2794 | { | ||
2795 | i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, | ||
2796 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, | ||
2797 | pkey->pkey.rsa); | ||
2798 | if (i < 0) | ||
2799 | { | ||
2800 | al=SSL_AD_DECRYPT_ERROR; | ||
2801 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); | ||
2802 | goto f_err; | ||
2803 | } | ||
2804 | if (i == 0) | ||
2805 | { | ||
2806 | al=SSL_AD_DECRYPT_ERROR; | ||
2807 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); | ||
2808 | goto f_err; | ||
2809 | } | ||
2810 | } | ||
2811 | else | ||
2812 | #endif | ||
2813 | #ifndef OPENSSL_NO_DSA | ||
2814 | if (pkey->type == EVP_PKEY_DSA) | ||
2815 | { | ||
2816 | j=DSA_verify(pkey->save_type, | ||
2817 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | ||
2818 | SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); | ||
2819 | if (j <= 0) | ||
2820 | { | ||
2821 | /* bad signature */ | ||
2822 | al=SSL_AD_DECRYPT_ERROR; | ||
2823 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE); | ||
2824 | goto f_err; | ||
2825 | } | ||
2826 | } | ||
2827 | else | ||
2828 | #endif | ||
2829 | #ifndef OPENSSL_NO_ECDSA | ||
2830 | if (pkey->type == EVP_PKEY_EC) | ||
2831 | { | ||
2832 | j=ECDSA_verify(pkey->save_type, | ||
2833 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | ||
2834 | SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec); | ||
2835 | if (j <= 0) | ||
2836 | { | ||
2837 | /* bad signature */ | ||
2838 | al=SSL_AD_DECRYPT_ERROR; | ||
2839 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
2840 | SSL_R_BAD_ECDSA_SIGNATURE); | ||
2841 | goto f_err; | ||
2842 | } | ||
2843 | } | ||
2844 | else | ||
2845 | #endif | ||
2846 | if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) | ||
2847 | { unsigned char signature[64]; | ||
2848 | int idx; | ||
2849 | EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL); | ||
2850 | EVP_PKEY_verify_init(pctx); | ||
2851 | if (i!=64) { | ||
2852 | fprintf(stderr,"GOST signature length is %d",i); | ||
2853 | } | ||
2854 | for (idx=0;idx<64;idx++) { | ||
2855 | signature[63-idx]=p[idx]; | ||
2856 | } | ||
2857 | j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32); | ||
2858 | EVP_PKEY_CTX_free(pctx); | ||
2859 | if (j<=0) | ||
2860 | { | ||
2861 | al=SSL_AD_DECRYPT_ERROR; | ||
2862 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
2863 | SSL_R_BAD_ECDSA_SIGNATURE); | ||
2864 | goto f_err; | ||
2865 | } | ||
2866 | } | ||
2867 | else | ||
2868 | { | ||
2869 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); | ||
2870 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; | ||
2871 | goto f_err; | ||
2872 | } | ||
2873 | |||
2874 | |||
2875 | ret=1; | ||
2876 | if (0) | ||
2877 | { | ||
2878 | f_err: | ||
2879 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
2880 | } | ||
2881 | end: | ||
2882 | EVP_PKEY_free(pkey); | ||
2883 | return(ret); | ||
2884 | } | ||
2885 | |||
2886 | int ssl3_get_client_certificate(SSL *s) | ||
2887 | { | ||
2888 | int i,ok,al,ret= -1; | ||
2889 | X509 *x=NULL; | ||
2890 | unsigned long l,nc,llen,n; | ||
2891 | const unsigned char *p,*q; | ||
2892 | unsigned char *d; | ||
2893 | STACK_OF(X509) *sk=NULL; | ||
2894 | |||
2895 | n=s->method->ssl_get_message(s, | ||
2896 | SSL3_ST_SR_CERT_A, | ||
2897 | SSL3_ST_SR_CERT_B, | ||
2898 | -1, | ||
2899 | s->max_cert_list, | ||
2900 | &ok); | ||
2901 | |||
2902 | if (!ok) return((int)n); | ||
2903 | |||
2904 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) | ||
2905 | { | ||
2906 | if ( (s->verify_mode & SSL_VERIFY_PEER) && | ||
2907 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) | ||
2908 | { | ||
2909 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); | ||
2910 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2911 | goto f_err; | ||
2912 | } | ||
2913 | /* If tls asked for a client cert, the client must return a 0 list */ | ||
2914 | if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) | ||
2915 | { | ||
2916 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); | ||
2917 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
2918 | goto f_err; | ||
2919 | } | ||
2920 | s->s3->tmp.reuse_message=1; | ||
2921 | return(1); | ||
2922 | } | ||
2923 | |||
2924 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) | ||
2925 | { | ||
2926 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
2927 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); | ||
2928 | goto f_err; | ||
2929 | } | ||
2930 | p=d=(unsigned char *)s->init_msg; | ||
2931 | |||
2932 | if ((sk=sk_X509_new_null()) == NULL) | ||
2933 | { | ||
2934 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
2935 | goto err; | ||
2936 | } | ||
2937 | |||
2938 | n2l3(p,llen); | ||
2939 | if (llen+3 != n) | ||
2940 | { | ||
2941 | al=SSL_AD_DECODE_ERROR; | ||
2942 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH); | ||
2943 | goto f_err; | ||
2944 | } | ||
2945 | for (nc=0; nc<llen; ) | ||
2946 | { | ||
2947 | n2l3(p,l); | ||
2948 | if ((l+nc+3) > llen) | ||
2949 | { | ||
2950 | al=SSL_AD_DECODE_ERROR; | ||
2951 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); | ||
2952 | goto f_err; | ||
2953 | } | ||
2954 | |||
2955 | q=p; | ||
2956 | x=d2i_X509(NULL,&p,l); | ||
2957 | if (x == NULL) | ||
2958 | { | ||
2959 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB); | ||
2960 | goto err; | ||
2961 | } | ||
2962 | if (p != (q+l)) | ||
2963 | { | ||
2964 | al=SSL_AD_DECODE_ERROR; | ||
2965 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); | ||
2966 | goto f_err; | ||
2967 | } | ||
2968 | if (!sk_X509_push(sk,x)) | ||
2969 | { | ||
2970 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
2971 | goto err; | ||
2972 | } | ||
2973 | x=NULL; | ||
2974 | nc+=l+3; | ||
2975 | } | ||
2976 | |||
2977 | if (sk_X509_num(sk) <= 0) | ||
2978 | { | ||
2979 | /* TLS does not mind 0 certs returned */ | ||
2980 | if (s->version == SSL3_VERSION) | ||
2981 | { | ||
2982 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2983 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED); | ||
2984 | goto f_err; | ||
2985 | } | ||
2986 | /* Fail for TLS only if we required a certificate */ | ||
2987 | else if ((s->verify_mode & SSL_VERIFY_PEER) && | ||
2988 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) | ||
2989 | { | ||
2990 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); | ||
2991 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
2992 | goto f_err; | ||
2993 | } | ||
2994 | } | ||
2995 | else | ||
2996 | { | ||
2997 | i=ssl_verify_cert_chain(s,sk); | ||
2998 | if (i <= 0) | ||
2999 | { | ||
3000 | al=ssl_verify_alarm_type(s->verify_result); | ||
3001 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); | ||
3002 | goto f_err; | ||
3003 | } | ||
3004 | } | ||
3005 | |||
3006 | if (s->session->peer != NULL) /* This should not be needed */ | ||
3007 | X509_free(s->session->peer); | ||
3008 | s->session->peer=sk_X509_shift(sk); | ||
3009 | s->session->verify_result = s->verify_result; | ||
3010 | |||
3011 | /* With the current implementation, sess_cert will always be NULL | ||
3012 | * when we arrive here. */ | ||
3013 | if (s->session->sess_cert == NULL) | ||
3014 | { | ||
3015 | s->session->sess_cert = ssl_sess_cert_new(); | ||
3016 | if (s->session->sess_cert == NULL) | ||
3017 | { | ||
3018 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); | ||
3019 | goto err; | ||
3020 | } | ||
3021 | } | ||
3022 | if (s->session->sess_cert->cert_chain != NULL) | ||
3023 | sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); | ||
3024 | s->session->sess_cert->cert_chain=sk; | ||
3025 | /* Inconsistency alert: cert_chain does *not* include the | ||
3026 | * peer's own certificate, while we do include it in s3_clnt.c */ | ||
3027 | |||
3028 | sk=NULL; | ||
3029 | |||
3030 | ret=1; | ||
3031 | if (0) | ||
3032 | { | ||
3033 | f_err: | ||
3034 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
3035 | } | ||
3036 | err: | ||
3037 | if (x != NULL) X509_free(x); | ||
3038 | if (sk != NULL) sk_X509_pop_free(sk,X509_free); | ||
3039 | return(ret); | ||
3040 | } | ||
3041 | |||
3042 | int ssl3_send_server_certificate(SSL *s) | ||
3043 | { | ||
3044 | unsigned long l; | ||
3045 | X509 *x; | ||
3046 | |||
3047 | if (s->state == SSL3_ST_SW_CERT_A) | ||
3048 | { | ||
3049 | x=ssl_get_server_send_cert(s); | ||
3050 | if (x == NULL) | ||
3051 | { | ||
3052 | /* VRS: allow null cert if auth == KRB5 */ | ||
3053 | if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) || | ||
3054 | (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) | ||
3055 | { | ||
3056 | SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); | ||
3057 | return(0); | ||
3058 | } | ||
3059 | } | ||
3060 | |||
3061 | l=ssl3_output_cert_chain(s,x); | ||
3062 | s->state=SSL3_ST_SW_CERT_B; | ||
3063 | s->init_num=(int)l; | ||
3064 | s->init_off=0; | ||
3065 | } | ||
3066 | |||
3067 | /* SSL3_ST_SW_CERT_B */ | ||
3068 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
3069 | } | ||
3070 | #ifndef OPENSSL_NO_TLSEXT | ||
3071 | int ssl3_send_newsession_ticket(SSL *s) | ||
3072 | { | ||
3073 | if (s->state == SSL3_ST_SW_SESSION_TICKET_A) | ||
3074 | { | ||
3075 | unsigned char *p, *senc, *macstart; | ||
3076 | int len, slen; | ||
3077 | unsigned int hlen; | ||
3078 | EVP_CIPHER_CTX ctx; | ||
3079 | HMAC_CTX hctx; | ||
3080 | SSL_CTX *tctx = s->initial_ctx; | ||
3081 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
3082 | unsigned char key_name[16]; | ||
3083 | |||
3084 | /* get session encoding length */ | ||
3085 | slen = i2d_SSL_SESSION(s->session, NULL); | ||
3086 | /* Some length values are 16 bits, so forget it if session is | ||
3087 | * too long | ||
3088 | */ | ||
3089 | if (slen > 0xFF00) | ||
3090 | return -1; | ||
3091 | /* Grow buffer if need be: the length calculation is as | ||
3092 | * follows 1 (size of message name) + 3 (message length | ||
3093 | * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + | ||
3094 | * 16 (key name) + max_iv_len (iv length) + | ||
3095 | * session_length + max_enc_block_size (max encrypted session | ||
3096 | * length) + max_md_size (HMAC). | ||
3097 | */ | ||
3098 | if (!BUF_MEM_grow(s->init_buf, | ||
3099 | 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + | ||
3100 | EVP_MAX_MD_SIZE + slen)) | ||
3101 | return -1; | ||
3102 | senc = OPENSSL_malloc(slen); | ||
3103 | if (!senc) | ||
3104 | return -1; | ||
3105 | p = senc; | ||
3106 | i2d_SSL_SESSION(s->session, &p); | ||
3107 | |||
3108 | p=(unsigned char *)s->init_buf->data; | ||
3109 | /* do the header */ | ||
3110 | *(p++)=SSL3_MT_NEWSESSION_TICKET; | ||
3111 | /* Skip message length for now */ | ||
3112 | p += 3; | ||
3113 | EVP_CIPHER_CTX_init(&ctx); | ||
3114 | HMAC_CTX_init(&hctx); | ||
3115 | /* Initialize HMAC and cipher contexts. If callback present | ||
3116 | * it does all the work otherwise use generated values | ||
3117 | * from parent ctx. | ||
3118 | */ | ||
3119 | if (tctx->tlsext_ticket_key_cb) | ||
3120 | { | ||
3121 | if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, | ||
3122 | &hctx, 1) < 0) | ||
3123 | { | ||
3124 | OPENSSL_free(senc); | ||
3125 | return -1; | ||
3126 | } | ||
3127 | } | ||
3128 | else | ||
3129 | { | ||
3130 | RAND_pseudo_bytes(iv, 16); | ||
3131 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
3132 | tctx->tlsext_tick_aes_key, iv); | ||
3133 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | ||
3134 | tlsext_tick_md(), NULL); | ||
3135 | memcpy(key_name, tctx->tlsext_tick_key_name, 16); | ||
3136 | } | ||
3137 | l2n(s->session->tlsext_tick_lifetime_hint, p); | ||
3138 | /* Skip ticket length for now */ | ||
3139 | p += 2; | ||
3140 | /* Output key name */ | ||
3141 | macstart = p; | ||
3142 | memcpy(p, key_name, 16); | ||
3143 | p += 16; | ||
3144 | /* output IV */ | ||
3145 | memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); | ||
3146 | p += EVP_CIPHER_CTX_iv_length(&ctx); | ||
3147 | /* Encrypt session data */ | ||
3148 | EVP_EncryptUpdate(&ctx, p, &len, senc, slen); | ||
3149 | p += len; | ||
3150 | EVP_EncryptFinal(&ctx, p, &len); | ||
3151 | p += len; | ||
3152 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
3153 | |||
3154 | HMAC_Update(&hctx, macstart, p - macstart); | ||
3155 | HMAC_Final(&hctx, p, &hlen); | ||
3156 | HMAC_CTX_cleanup(&hctx); | ||
3157 | |||
3158 | p += hlen; | ||
3159 | /* Now write out lengths: p points to end of data written */ | ||
3160 | /* Total length */ | ||
3161 | len = p - (unsigned char *)s->init_buf->data; | ||
3162 | p=(unsigned char *)s->init_buf->data + 1; | ||
3163 | l2n3(len - 4, p); /* Message length */ | ||
3164 | p += 4; | ||
3165 | s2n(len - 10, p); /* Ticket length */ | ||
3166 | |||
3167 | /* number of bytes to write */ | ||
3168 | s->init_num= len; | ||
3169 | s->state=SSL3_ST_SW_SESSION_TICKET_B; | ||
3170 | s->init_off=0; | ||
3171 | OPENSSL_free(senc); | ||
3172 | } | ||
3173 | |||
3174 | /* SSL3_ST_SW_SESSION_TICKET_B */ | ||
3175 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
3176 | } | ||
3177 | |||
3178 | int ssl3_send_cert_status(SSL *s) | ||
3179 | { | ||
3180 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) | ||
3181 | { | ||
3182 | unsigned char *p; | ||
3183 | /* Grow buffer if need be: the length calculation is as | ||
3184 | * follows 1 (message type) + 3 (message length) + | ||
3185 | * 1 (ocsp response type) + 3 (ocsp response length) | ||
3186 | * + (ocsp response) | ||
3187 | */ | ||
3188 | if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) | ||
3189 | return -1; | ||
3190 | |||
3191 | p=(unsigned char *)s->init_buf->data; | ||
3192 | |||
3193 | /* do the header */ | ||
3194 | *(p++)=SSL3_MT_CERTIFICATE_STATUS; | ||
3195 | /* message length */ | ||
3196 | l2n3(s->tlsext_ocsp_resplen + 4, p); | ||
3197 | /* status type */ | ||
3198 | *(p++)= s->tlsext_status_type; | ||
3199 | /* length of OCSP response */ | ||
3200 | l2n3(s->tlsext_ocsp_resplen, p); | ||
3201 | /* actual response */ | ||
3202 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); | ||
3203 | /* number of bytes to write */ | ||
3204 | s->init_num = 8 + s->tlsext_ocsp_resplen; | ||
3205 | s->state=SSL3_ST_SW_CERT_STATUS_B; | ||
3206 | s->init_off = 0; | ||
3207 | } | ||
3208 | |||
3209 | /* SSL3_ST_SW_CERT_STATUS_B */ | ||
3210 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
3211 | } | ||
3212 | #endif | ||
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version deleted file mode 100644 index 94727e17b3..0000000000 --- a/src/lib/libssl/shlib_version +++ /dev/null | |||
@@ -1,2 +0,0 @@ | |||
1 | major=18 | ||
2 | minor=0 | ||
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h deleted file mode 100644 index 8f922eea72..0000000000 --- a/src/lib/libssl/ssl.h +++ /dev/null | |||
@@ -1,2304 +0,0 @@ | |||
1 | /* ssl/ssl.h */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * ECC cipher suite support in OpenSSL originally developed by | ||
114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
115 | */ | ||
116 | /* ==================================================================== | ||
117 | * Copyright 2005 Nokia. All rights reserved. | ||
118 | * | ||
119 | * The portions of the attached software ("Contribution") is developed by | ||
120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
121 | * license. | ||
122 | * | ||
123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
125 | * support (see RFC 4279) to OpenSSL. | ||
126 | * | ||
127 | * No patent licenses or other rights except those expressly stated in | ||
128 | * the OpenSSL open source license shall be deemed granted or received | ||
129 | * expressly, by implication, estoppel, or otherwise. | ||
130 | * | ||
131 | * No assurances are provided by Nokia that the Contribution does not | ||
132 | * infringe the patent or other intellectual property rights of any third | ||
133 | * party or that the license provides you with all the necessary rights | ||
134 | * to make use of the Contribution. | ||
135 | * | ||
136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
140 | * OTHERWISE. | ||
141 | */ | ||
142 | |||
143 | #ifndef HEADER_SSL_H | ||
144 | #define HEADER_SSL_H | ||
145 | |||
146 | #include <openssl/e_os2.h> | ||
147 | |||
148 | #ifndef OPENSSL_NO_COMP | ||
149 | #include <openssl/comp.h> | ||
150 | #endif | ||
151 | #ifndef OPENSSL_NO_BIO | ||
152 | #include <openssl/bio.h> | ||
153 | #endif | ||
154 | #ifndef OPENSSL_NO_DEPRECATED | ||
155 | #ifndef OPENSSL_NO_X509 | ||
156 | #include <openssl/x509.h> | ||
157 | #endif | ||
158 | #include <openssl/crypto.h> | ||
159 | #include <openssl/lhash.h> | ||
160 | #include <openssl/buffer.h> | ||
161 | #endif | ||
162 | #include <openssl/pem.h> | ||
163 | #include <openssl/hmac.h> | ||
164 | |||
165 | #include <openssl/kssl.h> | ||
166 | #include <openssl/safestack.h> | ||
167 | #include <openssl/symhacks.h> | ||
168 | |||
169 | #ifdef __cplusplus | ||
170 | extern "C" { | ||
171 | #endif | ||
172 | |||
173 | /* SSLeay version number for ASN.1 encoding of the session information */ | ||
174 | /* Version 0 - initial version | ||
175 | * Version 1 - added the optional peer certificate | ||
176 | */ | ||
177 | #define SSL_SESSION_ASN1_VERSION 0x0001 | ||
178 | |||
179 | /* text strings for the ciphers */ | ||
180 | #define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 | ||
181 | #define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 | ||
182 | #define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 | ||
183 | #define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 | ||
184 | #define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 | ||
185 | #define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 | ||
186 | #define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 | ||
187 | #define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA | ||
188 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 | ||
189 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA | ||
190 | |||
191 | /* VRS Additional Kerberos5 entries | ||
192 | */ | ||
193 | #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA | ||
194 | #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA | ||
195 | #define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA | ||
196 | #define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA | ||
197 | #define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 | ||
198 | #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 | ||
199 | #define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 | ||
200 | #define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 | ||
201 | |||
202 | #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA | ||
203 | #define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA | ||
204 | #define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA | ||
205 | #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 | ||
206 | #define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 | ||
207 | #define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 | ||
208 | |||
209 | #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA | ||
210 | #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 | ||
211 | #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA | ||
212 | #define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 | ||
213 | #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA | ||
214 | #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 | ||
215 | #define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 | ||
216 | |||
217 | #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 | ||
218 | #define SSL_MAX_SID_CTX_LENGTH 32 | ||
219 | |||
220 | #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) | ||
221 | #define SSL_MAX_KEY_ARG_LENGTH 8 | ||
222 | #define SSL_MAX_MASTER_KEY_LENGTH 48 | ||
223 | |||
224 | |||
225 | /* These are used to specify which ciphers to use and not to use */ | ||
226 | |||
227 | #define SSL_TXT_EXP40 "EXPORT40" | ||
228 | #define SSL_TXT_EXP56 "EXPORT56" | ||
229 | #define SSL_TXT_LOW "LOW" | ||
230 | #define SSL_TXT_MEDIUM "MEDIUM" | ||
231 | #define SSL_TXT_HIGH "HIGH" | ||
232 | #define SSL_TXT_FIPS "FIPS" | ||
233 | |||
234 | #define SSL_TXT_kFZA "kFZA" /* unused! */ | ||
235 | #define SSL_TXT_aFZA "aFZA" /* unused! */ | ||
236 | #define SSL_TXT_eFZA "eFZA" /* unused! */ | ||
237 | #define SSL_TXT_FZA "FZA" /* unused! */ | ||
238 | |||
239 | #define SSL_TXT_aNULL "aNULL" | ||
240 | #define SSL_TXT_eNULL "eNULL" | ||
241 | #define SSL_TXT_NULL "NULL" | ||
242 | |||
243 | #define SSL_TXT_kRSA "kRSA" | ||
244 | #define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ | ||
245 | #define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ | ||
246 | #define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */ | ||
247 | #define SSL_TXT_kEDH "kEDH" | ||
248 | #define SSL_TXT_kKRB5 "kKRB5" | ||
249 | #define SSL_TXT_kECDHr "kECDHr" | ||
250 | #define SSL_TXT_kECDHe "kECDHe" | ||
251 | #define SSL_TXT_kECDH "kECDH" | ||
252 | #define SSL_TXT_kEECDH "kEECDH" | ||
253 | #define SSL_TXT_kPSK "kPSK" | ||
254 | #define SSL_TXT_kGOST "kGOST" | ||
255 | |||
256 | #define SSL_TXT_aRSA "aRSA" | ||
257 | #define SSL_TXT_aDSS "aDSS" | ||
258 | #define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ | ||
259 | #define SSL_TXT_aECDH "aECDH" | ||
260 | #define SSL_TXT_aKRB5 "aKRB5" | ||
261 | #define SSL_TXT_aECDSA "aECDSA" | ||
262 | #define SSL_TXT_aPSK "aPSK" | ||
263 | #define SSL_TXT_aGOST94 "aGOST94" | ||
264 | #define SSL_TXT_aGOST01 "aGOST01" | ||
265 | #define SSL_TXT_aGOST "aGOST" | ||
266 | |||
267 | #define SSL_TXT_DSS "DSS" | ||
268 | #define SSL_TXT_DH "DH" | ||
269 | #define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */ | ||
270 | #define SSL_TXT_ADH "ADH" | ||
271 | #define SSL_TXT_RSA "RSA" | ||
272 | #define SSL_TXT_ECDH "ECDH" | ||
273 | #define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ | ||
274 | #define SSL_TXT_AECDH "AECDH" | ||
275 | #define SSL_TXT_ECDSA "ECDSA" | ||
276 | #define SSL_TXT_KRB5 "KRB5" | ||
277 | #define SSL_TXT_PSK "PSK" | ||
278 | |||
279 | #define SSL_TXT_DES "DES" | ||
280 | #define SSL_TXT_3DES "3DES" | ||
281 | #define SSL_TXT_RC4 "RC4" | ||
282 | #define SSL_TXT_RC2 "RC2" | ||
283 | #define SSL_TXT_IDEA "IDEA" | ||
284 | #define SSL_TXT_SEED "SEED" | ||
285 | #define SSL_TXT_AES128 "AES128" | ||
286 | #define SSL_TXT_AES256 "AES256" | ||
287 | #define SSL_TXT_AES "AES" | ||
288 | #define SSL_TXT_CAMELLIA128 "CAMELLIA128" | ||
289 | #define SSL_TXT_CAMELLIA256 "CAMELLIA256" | ||
290 | #define SSL_TXT_CAMELLIA "CAMELLIA" | ||
291 | |||
292 | #define SSL_TXT_MD5 "MD5" | ||
293 | #define SSL_TXT_SHA1 "SHA1" | ||
294 | #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ | ||
295 | #define SSL_TXT_GOST94 "GOST94" | ||
296 | #define SSL_TXT_GOST89MAC "GOST89MAC" | ||
297 | |||
298 | #define SSL_TXT_SSLV2 "SSLv2" | ||
299 | #define SSL_TXT_SSLV3 "SSLv3" | ||
300 | #define SSL_TXT_TLSV1 "TLSv1" | ||
301 | |||
302 | #define SSL_TXT_EXP "EXP" | ||
303 | #define SSL_TXT_EXPORT "EXPORT" | ||
304 | |||
305 | #define SSL_TXT_ALL "ALL" | ||
306 | |||
307 | /* | ||
308 | * COMPLEMENTOF* definitions. These identifiers are used to (de-select) | ||
309 | * ciphers normally not being used. | ||
310 | * Example: "RC4" will activate all ciphers using RC4 including ciphers | ||
311 | * without authentication, which would normally disabled by DEFAULT (due | ||
312 | * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" | ||
313 | * will make sure that it is also disabled in the specific selection. | ||
314 | * COMPLEMENTOF* identifiers are portable between version, as adjustments | ||
315 | * to the default cipher setup will also be included here. | ||
316 | * | ||
317 | * COMPLEMENTOFDEFAULT does not experience the same special treatment that | ||
318 | * DEFAULT gets, as only selection is being done and no sorting as needed | ||
319 | * for DEFAULT. | ||
320 | */ | ||
321 | #define SSL_TXT_CMPALL "COMPLEMENTOFALL" | ||
322 | #define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" | ||
323 | |||
324 | /* The following cipher list is used by default. | ||
325 | * It also is substituted when an application-defined cipher list string | ||
326 | * starts with 'DEFAULT'. */ | ||
327 | #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" | ||
328 | /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always | ||
329 | * starts with a reasonable order, and all we have to do for DEFAULT is | ||
330 | * throwing out anonymous and unencrypted ciphersuites! | ||
331 | * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable | ||
332 | * some of them.) | ||
333 | */ | ||
334 | |||
335 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ | ||
336 | #define SSL_SENT_SHUTDOWN 1 | ||
337 | #define SSL_RECEIVED_SHUTDOWN 2 | ||
338 | |||
339 | #ifdef __cplusplus | ||
340 | } | ||
341 | #endif | ||
342 | |||
343 | #ifdef __cplusplus | ||
344 | extern "C" { | ||
345 | #endif | ||
346 | |||
347 | #if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) | ||
348 | #define OPENSSL_NO_SSL2 | ||
349 | #endif | ||
350 | |||
351 | #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 | ||
352 | #define SSL_FILETYPE_PEM X509_FILETYPE_PEM | ||
353 | |||
354 | /* This is needed to stop compilers complaining about the | ||
355 | * 'struct ssl_st *' function parameters used to prototype callbacks | ||
356 | * in SSL_CTX. */ | ||
357 | typedef struct ssl_st *ssl_crock_st; | ||
358 | typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; | ||
359 | |||
360 | /* used to hold info on the particular ciphers used */ | ||
361 | typedef struct ssl_cipher_st | ||
362 | { | ||
363 | int valid; | ||
364 | const char *name; /* text name */ | ||
365 | unsigned long id; /* id, 4 bytes, first is version */ | ||
366 | |||
367 | /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */ | ||
368 | unsigned long algorithm_mkey; /* key exchange algorithm */ | ||
369 | unsigned long algorithm_auth; /* server authentication */ | ||
370 | unsigned long algorithm_enc; /* symmetric encryption */ | ||
371 | unsigned long algorithm_mac; /* symmetric authentication */ | ||
372 | unsigned long algorithm_ssl; /* (major) protocol version */ | ||
373 | |||
374 | unsigned long algo_strength; /* strength and export flags */ | ||
375 | unsigned long algorithm2; /* Extra flags */ | ||
376 | int strength_bits; /* Number of bits really used */ | ||
377 | int alg_bits; /* Number of bits for algorithm */ | ||
378 | } SSL_CIPHER; | ||
379 | |||
380 | DECLARE_STACK_OF(SSL_CIPHER) | ||
381 | |||
382 | typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); | ||
383 | typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); | ||
384 | |||
385 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | ||
386 | typedef struct ssl_method_st | ||
387 | { | ||
388 | int version; | ||
389 | int (*ssl_new)(SSL *s); | ||
390 | void (*ssl_clear)(SSL *s); | ||
391 | void (*ssl_free)(SSL *s); | ||
392 | int (*ssl_accept)(SSL *s); | ||
393 | int (*ssl_connect)(SSL *s); | ||
394 | int (*ssl_read)(SSL *s,void *buf,int len); | ||
395 | int (*ssl_peek)(SSL *s,void *buf,int len); | ||
396 | int (*ssl_write)(SSL *s,const void *buf,int len); | ||
397 | int (*ssl_shutdown)(SSL *s); | ||
398 | int (*ssl_renegotiate)(SSL *s); | ||
399 | int (*ssl_renegotiate_check)(SSL *s); | ||
400 | long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long | ||
401 | max, int *ok); | ||
402 | int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, | ||
403 | int peek); | ||
404 | int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); | ||
405 | int (*ssl_dispatch_alert)(SSL *s); | ||
406 | long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); | ||
407 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); | ||
408 | const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); | ||
409 | int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); | ||
410 | int (*ssl_pending)(const SSL *s); | ||
411 | int (*num_ciphers)(void); | ||
412 | const SSL_CIPHER *(*get_cipher)(unsigned ncipher); | ||
413 | const struct ssl_method_st *(*get_ssl_method)(int version); | ||
414 | long (*get_timeout)(void); | ||
415 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ | ||
416 | int (*ssl_version)(void); | ||
417 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); | ||
418 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); | ||
419 | } SSL_METHOD; | ||
420 | |||
421 | /* Lets make this into an ASN.1 type structure as follows | ||
422 | * SSL_SESSION_ID ::= SEQUENCE { | ||
423 | * version INTEGER, -- structure version number | ||
424 | * SSLversion INTEGER, -- SSL version number | ||
425 | * Cipher OCTET STRING, -- the 3 byte cipher ID | ||
426 | * Session_ID OCTET STRING, -- the Session ID | ||
427 | * Master_key OCTET STRING, -- the master key | ||
428 | * KRB5_principal OCTET STRING -- optional Kerberos principal | ||
429 | * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument | ||
430 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | ||
431 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | ||
432 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | ||
433 | * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context | ||
434 | * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' | ||
435 | * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension | ||
436 | * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension | ||
437 | * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint | ||
438 | * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity | ||
439 | * } | ||
440 | * Look in ssl/ssl_asn1.c for more details | ||
441 | * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). | ||
442 | */ | ||
443 | typedef struct ssl_session_st | ||
444 | { | ||
445 | int ssl_version; /* what ssl version session info is | ||
446 | * being kept in here? */ | ||
447 | |||
448 | /* only really used in SSLv2 */ | ||
449 | unsigned int key_arg_length; | ||
450 | unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | ||
451 | int master_key_length; | ||
452 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | ||
453 | /* session_id - valid? */ | ||
454 | unsigned int session_id_length; | ||
455 | unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; | ||
456 | /* this is used to determine whether the session is being reused in | ||
457 | * the appropriate context. It is up to the application to set this, | ||
458 | * via SSL_new */ | ||
459 | unsigned int sid_ctx_length; | ||
460 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
461 | |||
462 | #ifndef OPENSSL_NO_KRB5 | ||
463 | unsigned int krb5_client_princ_len; | ||
464 | unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; | ||
465 | #endif /* OPENSSL_NO_KRB5 */ | ||
466 | #ifndef OPENSSL_NO_PSK | ||
467 | char *psk_identity_hint; | ||
468 | char *psk_identity; | ||
469 | #endif | ||
470 | int not_resumable; | ||
471 | |||
472 | /* The cert is the certificate used to establish this connection */ | ||
473 | struct sess_cert_st /* SESS_CERT */ *sess_cert; | ||
474 | |||
475 | /* This is the cert for the other end. | ||
476 | * On clients, it will be the same as sess_cert->peer_key->x509 | ||
477 | * (the latter is not enough as sess_cert is not retained | ||
478 | * in the external representation of sessions, see ssl_asn1.c). */ | ||
479 | X509 *peer; | ||
480 | /* when app_verify_callback accepts a session where the peer's certificate | ||
481 | * is not ok, we must remember the error for session reuse: */ | ||
482 | long verify_result; /* only for servers */ | ||
483 | |||
484 | int references; | ||
485 | long timeout; | ||
486 | long time; | ||
487 | |||
488 | unsigned int compress_meth; /* Need to lookup the method */ | ||
489 | |||
490 | const SSL_CIPHER *cipher; | ||
491 | unsigned long cipher_id; /* when ASN.1 loaded, this | ||
492 | * needs to be used to load | ||
493 | * the 'cipher' structure */ | ||
494 | |||
495 | STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ | ||
496 | |||
497 | CRYPTO_EX_DATA ex_data; /* application specific data */ | ||
498 | |||
499 | /* These are used to make removal of session-ids more | ||
500 | * efficient and to implement a maximum cache size. */ | ||
501 | struct ssl_session_st *prev,*next; | ||
502 | #ifndef OPENSSL_NO_TLSEXT | ||
503 | char *tlsext_hostname; | ||
504 | #ifndef OPENSSL_NO_EC | ||
505 | size_t tlsext_ecpointformatlist_length; | ||
506 | unsigned char *tlsext_ecpointformatlist; /* peer's list */ | ||
507 | size_t tlsext_ellipticcurvelist_length; | ||
508 | unsigned char *tlsext_ellipticcurvelist; /* peer's list */ | ||
509 | #endif /* OPENSSL_NO_EC */ | ||
510 | /* RFC4507 info */ | ||
511 | unsigned char *tlsext_tick; /* Session ticket */ | ||
512 | size_t tlsext_ticklen; /* Session ticket length */ | ||
513 | long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ | ||
514 | #endif | ||
515 | } SSL_SESSION; | ||
516 | |||
517 | |||
518 | #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L | ||
519 | #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L | ||
520 | /* Allow initial connection to servers that don't support RI */ | ||
521 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | ||
522 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L | ||
523 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L | ||
524 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | ||
525 | #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ | ||
526 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L | ||
527 | #define SSL_OP_TLS_D5_BUG 0x00000100L | ||
528 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L | ||
529 | |||
530 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | ||
531 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | ||
532 | * the workaround is not needed. Unfortunately some broken SSL/TLS | ||
533 | * implementations cannot handle it at all, which is why we include | ||
534 | * it in SSL_OP_ALL. */ | ||
535 | #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ | ||
536 | |||
537 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. | ||
538 | * This used to be 0x000FFFFFL before 0.9.7. */ | ||
539 | #define SSL_OP_ALL 0x80000FFFL | ||
540 | |||
541 | /* DTLS options */ | ||
542 | #define SSL_OP_NO_QUERY_MTU 0x00001000L | ||
543 | /* Turn on Cookie Exchange (on relevant for servers) */ | ||
544 | #define SSL_OP_COOKIE_EXCHANGE 0x00002000L | ||
545 | /* Don't use RFC4507 ticket extension */ | ||
546 | #define SSL_OP_NO_TICKET 0x00004000L | ||
547 | /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ | ||
548 | #define SSL_OP_CISCO_ANYCONNECT 0x00008000L | ||
549 | |||
550 | /* As server, disallow session resumption on renegotiation */ | ||
551 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L | ||
552 | /* Don't use compression even if supported */ | ||
553 | #define SSL_OP_NO_COMPRESSION 0x00020000L | ||
554 | /* Permit unsafe legacy renegotiation */ | ||
555 | #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L | ||
556 | /* If set, always create a new key when using tmp_ecdh parameters */ | ||
557 | #define SSL_OP_SINGLE_ECDH_USE 0x00080000L | ||
558 | /* If set, always create a new key when using tmp_dh parameters */ | ||
559 | #define SSL_OP_SINGLE_DH_USE 0x00100000L | ||
560 | /* Set to always use the tmp_rsa key when doing RSA operations, | ||
561 | * even when this violates protocol specs */ | ||
562 | #define SSL_OP_EPHEMERAL_RSA 0x00200000L | ||
563 | /* Set on servers to choose the cipher according to the server's | ||
564 | * preferences */ | ||
565 | #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L | ||
566 | /* If set, a server will allow a client to issue a SSLv3.0 version number | ||
567 | * as latest version supported in the premaster secret, even when TLSv1.0 | ||
568 | * (version 3.1) was announced in the client hello. Normally this is | ||
569 | * forbidden to prevent version rollback attacks. */ | ||
570 | #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L | ||
571 | |||
572 | #define SSL_OP_NO_SSLv2 0x01000000L | ||
573 | #define SSL_OP_NO_SSLv3 0x02000000L | ||
574 | #define SSL_OP_NO_TLSv1 0x04000000L | ||
575 | |||
576 | /* The next flag deliberately changes the ciphertest, this is a check | ||
577 | * for the PKCS#1 attack */ | ||
578 | #define SSL_OP_PKCS1_CHECK_1 0x08000000L | ||
579 | #define SSL_OP_PKCS1_CHECK_2 0x10000000L | ||
580 | #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L | ||
581 | #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L | ||
582 | /* Make server add server-hello extension from early version of | ||
583 | * cryptopro draft, when GOST ciphersuite is negotiated. | ||
584 | * Required for interoperability with CryptoPro CSP 3.x | ||
585 | */ | ||
586 | #define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L | ||
587 | |||
588 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | ||
589 | * when just a single record has been written): */ | ||
590 | #define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L | ||
591 | /* Make it possible to retry SSL_write() with changed buffer location | ||
592 | * (buffer contents must stay the same!); this is not the default to avoid | ||
593 | * the misconception that non-blocking SSL_write() behaves like | ||
594 | * non-blocking write(): */ | ||
595 | #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L | ||
596 | /* Never bother the application with retries if the transport | ||
597 | * is blocking: */ | ||
598 | #define SSL_MODE_AUTO_RETRY 0x00000004L | ||
599 | /* Don't attempt to automatically build certificate chain */ | ||
600 | #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L | ||
601 | /* Save RAM by releasing read and write buffers when they're empty. (SSL3 and | ||
602 | * TLS only.) "Released" buffers are put onto a free-list in the context | ||
603 | * or just freed (depending on the context's setting for freelist_max_len). */ | ||
604 | #define SSL_MODE_RELEASE_BUFFERS 0x00000010L | ||
605 | |||
606 | /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, | ||
607 | * they cannot be used to clear bits. */ | ||
608 | |||
609 | #define SSL_CTX_set_options(ctx,op) \ | ||
610 | SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) | ||
611 | #define SSL_CTX_clear_options(ctx,op) \ | ||
612 | SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) | ||
613 | #define SSL_CTX_get_options(ctx) \ | ||
614 | SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) | ||
615 | #define SSL_set_options(ssl,op) \ | ||
616 | SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) | ||
617 | #define SSL_clear_options(ssl,op) \ | ||
618 | SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) | ||
619 | #define SSL_get_options(ssl) \ | ||
620 | SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) | ||
621 | |||
622 | #define SSL_CTX_set_mode(ctx,op) \ | ||
623 | SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) | ||
624 | #define SSL_CTX_clear_mode(ctx,op) \ | ||
625 | SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) | ||
626 | #define SSL_CTX_get_mode(ctx) \ | ||
627 | SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) | ||
628 | #define SSL_clear_mode(ssl,op) \ | ||
629 | SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) | ||
630 | #define SSL_set_mode(ssl,op) \ | ||
631 | SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) | ||
632 | #define SSL_get_mode(ssl) \ | ||
633 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) | ||
634 | #define SSL_set_mtu(ssl, mtu) \ | ||
635 | SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) | ||
636 | |||
637 | #define SSL_get_secure_renegotiation_support(ssl) \ | ||
638 | SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) | ||
639 | |||
640 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | ||
641 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | ||
642 | #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | ||
643 | #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | ||
644 | |||
645 | |||
646 | |||
647 | #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) | ||
648 | #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ | ||
649 | #else | ||
650 | #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ | ||
651 | #endif | ||
652 | |||
653 | #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) | ||
654 | |||
655 | /* This callback type is used inside SSL_CTX, SSL, and in the functions that set | ||
656 | * them. It is used to override the generation of SSL/TLS session IDs in a | ||
657 | * server. Return value should be zero on an error, non-zero to proceed. Also, | ||
658 | * callbacks should themselves check if the id they generate is unique otherwise | ||
659 | * the SSL handshake will fail with an error - callbacks can do this using the | ||
660 | * 'ssl' value they're passed by; | ||
661 | * SSL_has_matching_session_id(ssl, id, *id_len) | ||
662 | * The length value passed in is set at the maximum size the session ID can be. | ||
663 | * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback | ||
664 | * can alter this length to be less if desired, but under SSLv2 session IDs are | ||
665 | * supposed to be fixed at 16 bytes so the id will be padded after the callback | ||
666 | * returns in this case. It is also an error for the callback to set the size to | ||
667 | * zero. */ | ||
668 | typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, | ||
669 | unsigned int *id_len); | ||
670 | |||
671 | typedef struct ssl_comp_st | ||
672 | { | ||
673 | int id; | ||
674 | const char *name; | ||
675 | #ifndef OPENSSL_NO_COMP | ||
676 | COMP_METHOD *method; | ||
677 | #else | ||
678 | char *method; | ||
679 | #endif | ||
680 | } SSL_COMP; | ||
681 | |||
682 | DECLARE_STACK_OF(SSL_COMP) | ||
683 | DECLARE_LHASH_OF(SSL_SESSION); | ||
684 | |||
685 | struct ssl_ctx_st | ||
686 | { | ||
687 | const SSL_METHOD *method; | ||
688 | |||
689 | STACK_OF(SSL_CIPHER) *cipher_list; | ||
690 | /* same as above but sorted for lookup */ | ||
691 | STACK_OF(SSL_CIPHER) *cipher_list_by_id; | ||
692 | |||
693 | struct x509_store_st /* X509_STORE */ *cert_store; | ||
694 | LHASH_OF(SSL_SESSION) *sessions; | ||
695 | /* Most session-ids that will be cached, default is | ||
696 | * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ | ||
697 | unsigned long session_cache_size; | ||
698 | struct ssl_session_st *session_cache_head; | ||
699 | struct ssl_session_st *session_cache_tail; | ||
700 | |||
701 | /* This can have one of 2 values, ored together, | ||
702 | * SSL_SESS_CACHE_CLIENT, | ||
703 | * SSL_SESS_CACHE_SERVER, | ||
704 | * Default is SSL_SESSION_CACHE_SERVER, which means only | ||
705 | * SSL_accept which cache SSL_SESSIONS. */ | ||
706 | int session_cache_mode; | ||
707 | |||
708 | /* If timeout is not 0, it is the default timeout value set | ||
709 | * when SSL_new() is called. This has been put in to make | ||
710 | * life easier to set things up */ | ||
711 | long session_timeout; | ||
712 | |||
713 | /* If this callback is not null, it will be called each | ||
714 | * time a session id is added to the cache. If this function | ||
715 | * returns 1, it means that the callback will do a | ||
716 | * SSL_SESSION_free() when it has finished using it. Otherwise, | ||
717 | * on 0, it means the callback has finished with it. | ||
718 | * If remove_session_cb is not null, it will be called when | ||
719 | * a session-id is removed from the cache. After the call, | ||
720 | * OpenSSL will SSL_SESSION_free() it. */ | ||
721 | int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); | ||
722 | void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); | ||
723 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, | ||
724 | unsigned char *data,int len,int *copy); | ||
725 | |||
726 | struct | ||
727 | { | ||
728 | int sess_connect; /* SSL new conn - started */ | ||
729 | int sess_connect_renegotiate;/* SSL reneg - requested */ | ||
730 | int sess_connect_good; /* SSL new conne/reneg - finished */ | ||
731 | int sess_accept; /* SSL new accept - started */ | ||
732 | int sess_accept_renegotiate;/* SSL reneg - requested */ | ||
733 | int sess_accept_good; /* SSL accept/reneg - finished */ | ||
734 | int sess_miss; /* session lookup misses */ | ||
735 | int sess_timeout; /* reuse attempt on timeouted session */ | ||
736 | int sess_cache_full; /* session removed due to full cache */ | ||
737 | int sess_hit; /* session reuse actually done */ | ||
738 | int sess_cb_hit; /* session-id that was not | ||
739 | * in the cache was | ||
740 | * passed back via the callback. This | ||
741 | * indicates that the application is | ||
742 | * supplying session-id's from other | ||
743 | * processes - spooky :-) */ | ||
744 | } stats; | ||
745 | |||
746 | int references; | ||
747 | |||
748 | /* if defined, these override the X509_verify_cert() calls */ | ||
749 | int (*app_verify_callback)(X509_STORE_CTX *, void *); | ||
750 | void *app_verify_arg; | ||
751 | /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored | ||
752 | * ('app_verify_callback' was called with just one argument) */ | ||
753 | |||
754 | /* Default password callback. */ | ||
755 | pem_password_cb *default_passwd_callback; | ||
756 | |||
757 | /* Default password callback user data. */ | ||
758 | void *default_passwd_callback_userdata; | ||
759 | |||
760 | /* get client cert callback */ | ||
761 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | ||
762 | |||
763 | /* cookie generate callback */ | ||
764 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
765 | unsigned int *cookie_len); | ||
766 | |||
767 | /* verify cookie callback */ | ||
768 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
769 | unsigned int cookie_len); | ||
770 | |||
771 | CRYPTO_EX_DATA ex_data; | ||
772 | |||
773 | const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ | ||
774 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | ||
775 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | ||
776 | |||
777 | STACK_OF(X509) *extra_certs; | ||
778 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | ||
779 | |||
780 | |||
781 | /* Default values used when no per-SSL value is defined follow */ | ||
782 | |||
783 | void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ | ||
784 | |||
785 | /* what we put in client cert requests */ | ||
786 | STACK_OF(X509_NAME) *client_CA; | ||
787 | |||
788 | |||
789 | /* Default values to use in SSL structures follow (these are copied by SSL_new) */ | ||
790 | |||
791 | unsigned long options; | ||
792 | unsigned long mode; | ||
793 | long max_cert_list; | ||
794 | |||
795 | struct cert_st /* CERT */ *cert; | ||
796 | int read_ahead; | ||
797 | |||
798 | /* callback that allows applications to peek at protocol messages */ | ||
799 | void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); | ||
800 | void *msg_callback_arg; | ||
801 | |||
802 | int verify_mode; | ||
803 | unsigned int sid_ctx_length; | ||
804 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
805 | int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ | ||
806 | |||
807 | /* Default generate session ID callback. */ | ||
808 | GEN_SESSION_CB generate_session_id; | ||
809 | |||
810 | X509_VERIFY_PARAM *param; | ||
811 | |||
812 | #if 0 | ||
813 | int purpose; /* Purpose setting */ | ||
814 | int trust; /* Trust setting */ | ||
815 | #endif | ||
816 | |||
817 | int quiet_shutdown; | ||
818 | |||
819 | /* Maximum amount of data to send in one fragment. | ||
820 | * actual record size can be more than this due to | ||
821 | * padding and MAC overheads. | ||
822 | */ | ||
823 | unsigned int max_send_fragment; | ||
824 | |||
825 | #ifndef OPENSSL_ENGINE | ||
826 | /* Engine to pass requests for client certs to | ||
827 | */ | ||
828 | ENGINE *client_cert_engine; | ||
829 | #endif | ||
830 | |||
831 | #ifndef OPENSSL_NO_TLSEXT | ||
832 | /* TLS extensions servername callback */ | ||
833 | int (*tlsext_servername_callback)(SSL*, int *, void *); | ||
834 | void *tlsext_servername_arg; | ||
835 | /* RFC 4507 session ticket keys */ | ||
836 | unsigned char tlsext_tick_key_name[16]; | ||
837 | unsigned char tlsext_tick_hmac_key[16]; | ||
838 | unsigned char tlsext_tick_aes_key[16]; | ||
839 | /* Callback to support customisation of ticket key setting */ | ||
840 | int (*tlsext_ticket_key_cb)(SSL *ssl, | ||
841 | unsigned char *name, unsigned char *iv, | ||
842 | EVP_CIPHER_CTX *ectx, | ||
843 | HMAC_CTX *hctx, int enc); | ||
844 | |||
845 | /* certificate status request info */ | ||
846 | /* Callback for status request */ | ||
847 | int (*tlsext_status_cb)(SSL *ssl, void *arg); | ||
848 | void *tlsext_status_arg; | ||
849 | |||
850 | /* draft-rescorla-tls-opaque-prf-input-00.txt information */ | ||
851 | int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); | ||
852 | void *tlsext_opaque_prf_input_callback_arg; | ||
853 | #endif | ||
854 | |||
855 | #ifndef OPENSSL_NO_PSK | ||
856 | char *psk_identity_hint; | ||
857 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, | ||
858 | unsigned int max_identity_len, unsigned char *psk, | ||
859 | unsigned int max_psk_len); | ||
860 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | ||
861 | unsigned char *psk, unsigned int max_psk_len); | ||
862 | #endif | ||
863 | |||
864 | #ifndef OPENSSL_NO_BUF_FREELISTS | ||
865 | #define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 | ||
866 | unsigned int freelist_max_len; | ||
867 | struct ssl3_buf_freelist_st *wbuf_freelist; | ||
868 | struct ssl3_buf_freelist_st *rbuf_freelist; | ||
869 | #endif | ||
870 | }; | ||
871 | |||
872 | #define SSL_SESS_CACHE_OFF 0x0000 | ||
873 | #define SSL_SESS_CACHE_CLIENT 0x0001 | ||
874 | #define SSL_SESS_CACHE_SERVER 0x0002 | ||
875 | #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) | ||
876 | #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 | ||
877 | /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ | ||
878 | #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 | ||
879 | #define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 | ||
880 | #define SSL_SESS_CACHE_NO_INTERNAL \ | ||
881 | (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) | ||
882 | |||
883 | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); | ||
884 | #define SSL_CTX_sess_number(ctx) \ | ||
885 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) | ||
886 | #define SSL_CTX_sess_connect(ctx) \ | ||
887 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) | ||
888 | #define SSL_CTX_sess_connect_good(ctx) \ | ||
889 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) | ||
890 | #define SSL_CTX_sess_connect_renegotiate(ctx) \ | ||
891 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) | ||
892 | #define SSL_CTX_sess_accept(ctx) \ | ||
893 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) | ||
894 | #define SSL_CTX_sess_accept_renegotiate(ctx) \ | ||
895 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) | ||
896 | #define SSL_CTX_sess_accept_good(ctx) \ | ||
897 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) | ||
898 | #define SSL_CTX_sess_hits(ctx) \ | ||
899 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) | ||
900 | #define SSL_CTX_sess_cb_hits(ctx) \ | ||
901 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) | ||
902 | #define SSL_CTX_sess_misses(ctx) \ | ||
903 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) | ||
904 | #define SSL_CTX_sess_timeouts(ctx) \ | ||
905 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) | ||
906 | #define SSL_CTX_sess_cache_full(ctx) \ | ||
907 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) | ||
908 | |||
909 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); | ||
910 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); | ||
911 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); | ||
912 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); | ||
913 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); | ||
914 | SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); | ||
915 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); | ||
916 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); | ||
917 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); | ||
918 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | ||
919 | #ifndef OPENSSL_NO_ENGINE | ||
920 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); | ||
921 | #endif | ||
922 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); | ||
923 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); | ||
924 | |||
925 | #ifndef OPENSSL_NO_PSK | ||
926 | /* the maximum length of the buffer given to callbacks containing the | ||
927 | * resulting identity/psk */ | ||
928 | #define PSK_MAX_IDENTITY_LEN 128 | ||
929 | #define PSK_MAX_PSK_LEN 256 | ||
930 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | ||
931 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, | ||
932 | char *identity, unsigned int max_identity_len, unsigned char *psk, | ||
933 | unsigned int max_psk_len)); | ||
934 | void SSL_set_psk_client_callback(SSL *ssl, | ||
935 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, | ||
936 | char *identity, unsigned int max_identity_len, unsigned char *psk, | ||
937 | unsigned int max_psk_len)); | ||
938 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | ||
939 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | ||
940 | unsigned char *psk, unsigned int max_psk_len)); | ||
941 | void SSL_set_psk_server_callback(SSL *ssl, | ||
942 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | ||
943 | unsigned char *psk, unsigned int max_psk_len)); | ||
944 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); | ||
945 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); | ||
946 | const char *SSL_get_psk_identity_hint(const SSL *s); | ||
947 | const char *SSL_get_psk_identity(const SSL *s); | ||
948 | #endif | ||
949 | |||
950 | #define SSL_NOTHING 1 | ||
951 | #define SSL_WRITING 2 | ||
952 | #define SSL_READING 3 | ||
953 | #define SSL_X509_LOOKUP 4 | ||
954 | |||
955 | /* These will only be used when doing non-blocking IO */ | ||
956 | #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | ||
957 | #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | ||
958 | #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | ||
959 | #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | ||
960 | |||
961 | #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | ||
962 | #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | ||
963 | |||
964 | struct ssl_st | ||
965 | { | ||
966 | /* protocol version | ||
967 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) | ||
968 | */ | ||
969 | int version; | ||
970 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ | ||
971 | |||
972 | const SSL_METHOD *method; /* SSLv3 */ | ||
973 | |||
974 | /* There are 2 BIO's even though they are normally both the | ||
975 | * same. This is so data can be read and written to different | ||
976 | * handlers */ | ||
977 | |||
978 | #ifndef OPENSSL_NO_BIO | ||
979 | BIO *rbio; /* used by SSL_read */ | ||
980 | BIO *wbio; /* used by SSL_write */ | ||
981 | BIO *bbio; /* used during session-id reuse to concatenate | ||
982 | * messages */ | ||
983 | #else | ||
984 | char *rbio; /* used by SSL_read */ | ||
985 | char *wbio; /* used by SSL_write */ | ||
986 | char *bbio; | ||
987 | #endif | ||
988 | /* This holds a variable that indicates what we were doing | ||
989 | * when a 0 or -1 is returned. This is needed for | ||
990 | * non-blocking IO so we know what request needs re-doing when | ||
991 | * in SSL_accept or SSL_connect */ | ||
992 | int rwstate; | ||
993 | |||
994 | /* true when we are actually in SSL_accept() or SSL_connect() */ | ||
995 | int in_handshake; | ||
996 | int (*handshake_func)(SSL *); | ||
997 | |||
998 | /* Imagine that here's a boolean member "init" that is | ||
999 | * switched as soon as SSL_set_{accept/connect}_state | ||
1000 | * is called for the first time, so that "state" and | ||
1001 | * "handshake_func" are properly initialized. But as | ||
1002 | * handshake_func is == 0 until then, we use this | ||
1003 | * test instead of an "init" member. | ||
1004 | */ | ||
1005 | |||
1006 | int server; /* are we the server side? - mostly used by SSL_clear*/ | ||
1007 | |||
1008 | int new_session;/* 1 if we are to use a new session. | ||
1009 | * 2 if we are a server and are inside a handshake | ||
1010 | * (i.e. not just sending a HelloRequest) | ||
1011 | * NB: For servers, the 'new' session may actually be a previously | ||
1012 | * cached session or even the previous session unless | ||
1013 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | ||
1014 | int quiet_shutdown;/* don't send shutdown packets */ | ||
1015 | int shutdown; /* we have shut things down, 0x01 sent, 0x02 | ||
1016 | * for received */ | ||
1017 | int state; /* where we are */ | ||
1018 | int rstate; /* where we are when reading */ | ||
1019 | |||
1020 | BUF_MEM *init_buf; /* buffer used during init */ | ||
1021 | void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ | ||
1022 | int init_num; /* amount read/written */ | ||
1023 | int init_off; /* amount read/written */ | ||
1024 | |||
1025 | /* used internally to point at a raw packet */ | ||
1026 | unsigned char *packet; | ||
1027 | unsigned int packet_length; | ||
1028 | |||
1029 | struct ssl2_state_st *s2; /* SSLv2 variables */ | ||
1030 | struct ssl3_state_st *s3; /* SSLv3 variables */ | ||
1031 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | ||
1032 | |||
1033 | int read_ahead; /* Read as many input bytes as possible | ||
1034 | * (for non-blocking reads) */ | ||
1035 | |||
1036 | /* callback that allows applications to peek at protocol messages */ | ||
1037 | void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); | ||
1038 | void *msg_callback_arg; | ||
1039 | |||
1040 | int hit; /* reusing a previous session */ | ||
1041 | |||
1042 | X509_VERIFY_PARAM *param; | ||
1043 | |||
1044 | #if 0 | ||
1045 | int purpose; /* Purpose setting */ | ||
1046 | int trust; /* Trust setting */ | ||
1047 | #endif | ||
1048 | |||
1049 | /* crypto */ | ||
1050 | STACK_OF(SSL_CIPHER) *cipher_list; | ||
1051 | STACK_OF(SSL_CIPHER) *cipher_list_by_id; | ||
1052 | |||
1053 | /* These are the ones being used, the ones in SSL_SESSION are | ||
1054 | * the ones to be 'copied' into these ones */ | ||
1055 | int mac_flags; | ||
1056 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ | ||
1057 | EVP_MD_CTX *read_hash; /* used for mac generation */ | ||
1058 | #ifndef OPENSSL_NO_COMP | ||
1059 | COMP_CTX *expand; /* uncompress */ | ||
1060 | #else | ||
1061 | char *expand; | ||
1062 | #endif | ||
1063 | |||
1064 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | ||
1065 | EVP_MD_CTX *write_hash; /* used for mac generation */ | ||
1066 | #ifndef OPENSSL_NO_COMP | ||
1067 | COMP_CTX *compress; /* compression */ | ||
1068 | #else | ||
1069 | char *compress; | ||
1070 | #endif | ||
1071 | |||
1072 | /* session info */ | ||
1073 | |||
1074 | /* client cert? */ | ||
1075 | /* This is used to hold the server certificate used */ | ||
1076 | struct cert_st /* CERT */ *cert; | ||
1077 | |||
1078 | /* the session_id_context is used to ensure sessions are only reused | ||
1079 | * in the appropriate context */ | ||
1080 | unsigned int sid_ctx_length; | ||
1081 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
1082 | |||
1083 | /* This can also be in the session once a session is established */ | ||
1084 | SSL_SESSION *session; | ||
1085 | |||
1086 | /* Default generate session ID callback. */ | ||
1087 | GEN_SESSION_CB generate_session_id; | ||
1088 | |||
1089 | /* Used in SSL2 and SSL3 */ | ||
1090 | int verify_mode; /* 0 don't care about verify failure. | ||
1091 | * 1 fail if verify fails */ | ||
1092 | int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ | ||
1093 | |||
1094 | void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ | ||
1095 | |||
1096 | int error; /* error bytes to be written */ | ||
1097 | int error_code; /* actual code */ | ||
1098 | |||
1099 | #ifndef OPENSSL_NO_KRB5 | ||
1100 | KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ | ||
1101 | #endif /* OPENSSL_NO_KRB5 */ | ||
1102 | |||
1103 | #ifndef OPENSSL_NO_PSK | ||
1104 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, | ||
1105 | unsigned int max_identity_len, unsigned char *psk, | ||
1106 | unsigned int max_psk_len); | ||
1107 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | ||
1108 | unsigned char *psk, unsigned int max_psk_len); | ||
1109 | #endif | ||
1110 | |||
1111 | SSL_CTX *ctx; | ||
1112 | /* set this flag to 1 and a sleep(1) is put into all SSL_read() | ||
1113 | * and SSL_write() calls, good for nbio debuging :-) */ | ||
1114 | int debug; | ||
1115 | |||
1116 | /* extra application data */ | ||
1117 | long verify_result; | ||
1118 | CRYPTO_EX_DATA ex_data; | ||
1119 | |||
1120 | /* for server side, keep the list of CA_dn we can use */ | ||
1121 | STACK_OF(X509_NAME) *client_CA; | ||
1122 | |||
1123 | int references; | ||
1124 | unsigned long options; /* protocol behaviour */ | ||
1125 | unsigned long mode; /* API behaviour */ | ||
1126 | long max_cert_list; | ||
1127 | int first_packet; | ||
1128 | int client_version; /* what was passed, used for | ||
1129 | * SSLv3/TLS rollback check */ | ||
1130 | unsigned int max_send_fragment; | ||
1131 | #ifndef OPENSSL_NO_TLSEXT | ||
1132 | /* TLS extension debug callback */ | ||
1133 | void (*tlsext_debug_cb)(SSL *s, int client_server, int type, | ||
1134 | unsigned char *data, int len, | ||
1135 | void *arg); | ||
1136 | void *tlsext_debug_arg; | ||
1137 | char *tlsext_hostname; | ||
1138 | int servername_done; /* no further mod of servername | ||
1139 | 0 : call the servername extension callback. | ||
1140 | 1 : prepare 2, allow last ack just after in server callback. | ||
1141 | 2 : don't call servername callback, no ack in server hello | ||
1142 | */ | ||
1143 | /* certificate status request info */ | ||
1144 | /* Status type or -1 if no status type */ | ||
1145 | int tlsext_status_type; | ||
1146 | /* Expect OCSP CertificateStatus message */ | ||
1147 | int tlsext_status_expected; | ||
1148 | /* OCSP status request only */ | ||
1149 | STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; | ||
1150 | X509_EXTENSIONS *tlsext_ocsp_exts; | ||
1151 | /* OCSP response received or to be sent */ | ||
1152 | unsigned char *tlsext_ocsp_resp; | ||
1153 | int tlsext_ocsp_resplen; | ||
1154 | |||
1155 | /* RFC4507 session ticket expected to be received or sent */ | ||
1156 | int tlsext_ticket_expected; | ||
1157 | #ifndef OPENSSL_NO_EC | ||
1158 | size_t tlsext_ecpointformatlist_length; | ||
1159 | unsigned char *tlsext_ecpointformatlist; /* our list */ | ||
1160 | size_t tlsext_ellipticcurvelist_length; | ||
1161 | unsigned char *tlsext_ellipticcurvelist; /* our list */ | ||
1162 | #endif /* OPENSSL_NO_EC */ | ||
1163 | |||
1164 | /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */ | ||
1165 | void *tlsext_opaque_prf_input; | ||
1166 | size_t tlsext_opaque_prf_input_len; | ||
1167 | |||
1168 | /* TLS Session Ticket extension override */ | ||
1169 | TLS_SESSION_TICKET_EXT *tlsext_session_ticket; | ||
1170 | |||
1171 | /* TLS Session Ticket extension callback */ | ||
1172 | tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; | ||
1173 | void *tls_session_ticket_ext_cb_arg; | ||
1174 | |||
1175 | /* TLS pre-shared secret session resumption */ | ||
1176 | tls_session_secret_cb_fn tls_session_secret_cb; | ||
1177 | void *tls_session_secret_cb_arg; | ||
1178 | |||
1179 | SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ | ||
1180 | #define session_ctx initial_ctx | ||
1181 | #else | ||
1182 | #define session_ctx ctx | ||
1183 | #endif /* OPENSSL_NO_TLSEXT */ | ||
1184 | }; | ||
1185 | |||
1186 | #ifdef __cplusplus | ||
1187 | } | ||
1188 | #endif | ||
1189 | |||
1190 | #include <openssl/ssl2.h> | ||
1191 | #include <openssl/ssl3.h> | ||
1192 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ | ||
1193 | #include <openssl/dtls1.h> /* Datagram TLS */ | ||
1194 | #include <openssl/ssl23.h> | ||
1195 | |||
1196 | #ifdef __cplusplus | ||
1197 | extern "C" { | ||
1198 | #endif | ||
1199 | |||
1200 | /* compatibility */ | ||
1201 | #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) | ||
1202 | #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) | ||
1203 | #define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) | ||
1204 | #define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) | ||
1205 | #define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) | ||
1206 | #define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) | ||
1207 | |||
1208 | /* The following are the possible values for ssl->state are are | ||
1209 | * used to indicate where we are up to in the SSL connection establishment. | ||
1210 | * The macros that follow are about the only things you should need to use | ||
1211 | * and even then, only when using non-blocking IO. | ||
1212 | * It can also be useful to work out where you were when the connection | ||
1213 | * failed */ | ||
1214 | |||
1215 | #define SSL_ST_CONNECT 0x1000 | ||
1216 | #define SSL_ST_ACCEPT 0x2000 | ||
1217 | #define SSL_ST_MASK 0x0FFF | ||
1218 | #define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) | ||
1219 | #define SSL_ST_BEFORE 0x4000 | ||
1220 | #define SSL_ST_OK 0x03 | ||
1221 | #define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) | ||
1222 | |||
1223 | #define SSL_CB_LOOP 0x01 | ||
1224 | #define SSL_CB_EXIT 0x02 | ||
1225 | #define SSL_CB_READ 0x04 | ||
1226 | #define SSL_CB_WRITE 0x08 | ||
1227 | #define SSL_CB_ALERT 0x4000 /* used in callback */ | ||
1228 | #define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) | ||
1229 | #define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) | ||
1230 | #define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) | ||
1231 | #define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) | ||
1232 | #define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) | ||
1233 | #define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) | ||
1234 | #define SSL_CB_HANDSHAKE_START 0x10 | ||
1235 | #define SSL_CB_HANDSHAKE_DONE 0x20 | ||
1236 | |||
1237 | /* Is the SSL_connection established? */ | ||
1238 | #define SSL_get_state(a) SSL_state(a) | ||
1239 | #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) | ||
1240 | #define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) | ||
1241 | #define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) | ||
1242 | #define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) | ||
1243 | #define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) | ||
1244 | |||
1245 | /* The following 2 states are kept in ssl->rstate when reads fail, | ||
1246 | * you should not need these */ | ||
1247 | #define SSL_ST_READ_HEADER 0xF0 | ||
1248 | #define SSL_ST_READ_BODY 0xF1 | ||
1249 | #define SSL_ST_READ_DONE 0xF2 | ||
1250 | |||
1251 | /* Obtain latest Finished message | ||
1252 | * -- that we sent (SSL_get_finished) | ||
1253 | * -- that we expected from peer (SSL_get_peer_finished). | ||
1254 | * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ | ||
1255 | size_t SSL_get_finished(const SSL *s, void *buf, size_t count); | ||
1256 | size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | ||
1257 | |||
1258 | /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options | ||
1259 | * are 'ored' with SSL_VERIFY_PEER if they are desired */ | ||
1260 | #define SSL_VERIFY_NONE 0x00 | ||
1261 | #define SSL_VERIFY_PEER 0x01 | ||
1262 | #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 | ||
1263 | #define SSL_VERIFY_CLIENT_ONCE 0x04 | ||
1264 | |||
1265 | #define OpenSSL_add_ssl_algorithms() SSL_library_init() | ||
1266 | #define SSLeay_add_ssl_algorithms() SSL_library_init() | ||
1267 | |||
1268 | /* this is for backward compatibility */ | ||
1269 | #if 0 /* NEW_SSLEAY */ | ||
1270 | #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) | ||
1271 | #define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) | ||
1272 | #define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) | ||
1273 | #define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) | ||
1274 | #define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) | ||
1275 | #endif | ||
1276 | /* More backward compatibility */ | ||
1277 | #define SSL_get_cipher(s) \ | ||
1278 | SSL_CIPHER_get_name(SSL_get_current_cipher(s)) | ||
1279 | #define SSL_get_cipher_bits(s,np) \ | ||
1280 | SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) | ||
1281 | #define SSL_get_cipher_version(s) \ | ||
1282 | SSL_CIPHER_get_version(SSL_get_current_cipher(s)) | ||
1283 | #define SSL_get_cipher_name(s) \ | ||
1284 | SSL_CIPHER_get_name(SSL_get_current_cipher(s)) | ||
1285 | #define SSL_get_time(a) SSL_SESSION_get_time(a) | ||
1286 | #define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) | ||
1287 | #define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) | ||
1288 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) | ||
1289 | |||
1290 | #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) | ||
1291 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) | ||
1292 | |||
1293 | DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
1294 | |||
1295 | #define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */ | ||
1296 | |||
1297 | /* These alert types are for SSLv3 and TLSv1 */ | ||
1298 | #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY | ||
1299 | #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ | ||
1300 | #define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ | ||
1301 | #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED | ||
1302 | #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW | ||
1303 | #define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ | ||
1304 | #define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ | ||
1305 | #define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ | ||
1306 | #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE | ||
1307 | #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE | ||
1308 | #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED | ||
1309 | #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED | ||
1310 | #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN | ||
1311 | #define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ | ||
1312 | #define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ | ||
1313 | #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ | ||
1314 | #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ | ||
1315 | #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR | ||
1316 | #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ | ||
1317 | #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ | ||
1318 | #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ | ||
1319 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ | ||
1320 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED | ||
1321 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION | ||
1322 | #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION | ||
1323 | #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE | ||
1324 | #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME | ||
1325 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE | ||
1326 | #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE | ||
1327 | #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ | ||
1328 | |||
1329 | #define SSL_ERROR_NONE 0 | ||
1330 | #define SSL_ERROR_SSL 1 | ||
1331 | #define SSL_ERROR_WANT_READ 2 | ||
1332 | #define SSL_ERROR_WANT_WRITE 3 | ||
1333 | #define SSL_ERROR_WANT_X509_LOOKUP 4 | ||
1334 | #define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ | ||
1335 | #define SSL_ERROR_ZERO_RETURN 6 | ||
1336 | #define SSL_ERROR_WANT_CONNECT 7 | ||
1337 | #define SSL_ERROR_WANT_ACCEPT 8 | ||
1338 | |||
1339 | #define SSL_CTRL_NEED_TMP_RSA 1 | ||
1340 | #define SSL_CTRL_SET_TMP_RSA 2 | ||
1341 | #define SSL_CTRL_SET_TMP_DH 3 | ||
1342 | #define SSL_CTRL_SET_TMP_ECDH 4 | ||
1343 | #define SSL_CTRL_SET_TMP_RSA_CB 5 | ||
1344 | #define SSL_CTRL_SET_TMP_DH_CB 6 | ||
1345 | #define SSL_CTRL_SET_TMP_ECDH_CB 7 | ||
1346 | |||
1347 | #define SSL_CTRL_GET_SESSION_REUSED 8 | ||
1348 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 | ||
1349 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 | ||
1350 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 | ||
1351 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 | ||
1352 | #define SSL_CTRL_GET_FLAGS 13 | ||
1353 | #define SSL_CTRL_EXTRA_CHAIN_CERT 14 | ||
1354 | |||
1355 | #define SSL_CTRL_SET_MSG_CALLBACK 15 | ||
1356 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 | ||
1357 | |||
1358 | /* only applies to datagram connections */ | ||
1359 | #define SSL_CTRL_SET_MTU 17 | ||
1360 | /* Stats */ | ||
1361 | #define SSL_CTRL_SESS_NUMBER 20 | ||
1362 | #define SSL_CTRL_SESS_CONNECT 21 | ||
1363 | #define SSL_CTRL_SESS_CONNECT_GOOD 22 | ||
1364 | #define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 | ||
1365 | #define SSL_CTRL_SESS_ACCEPT 24 | ||
1366 | #define SSL_CTRL_SESS_ACCEPT_GOOD 25 | ||
1367 | #define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 | ||
1368 | #define SSL_CTRL_SESS_HIT 27 | ||
1369 | #define SSL_CTRL_SESS_CB_HIT 28 | ||
1370 | #define SSL_CTRL_SESS_MISSES 29 | ||
1371 | #define SSL_CTRL_SESS_TIMEOUTS 30 | ||
1372 | #define SSL_CTRL_SESS_CACHE_FULL 31 | ||
1373 | #define SSL_CTRL_OPTIONS 32 | ||
1374 | #define SSL_CTRL_MODE 33 | ||
1375 | |||
1376 | #define SSL_CTRL_GET_READ_AHEAD 40 | ||
1377 | #define SSL_CTRL_SET_READ_AHEAD 41 | ||
1378 | #define SSL_CTRL_SET_SESS_CACHE_SIZE 42 | ||
1379 | #define SSL_CTRL_GET_SESS_CACHE_SIZE 43 | ||
1380 | #define SSL_CTRL_SET_SESS_CACHE_MODE 44 | ||
1381 | #define SSL_CTRL_GET_SESS_CACHE_MODE 45 | ||
1382 | |||
1383 | #define SSL_CTRL_GET_MAX_CERT_LIST 50 | ||
1384 | #define SSL_CTRL_SET_MAX_CERT_LIST 51 | ||
1385 | |||
1386 | #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 | ||
1387 | |||
1388 | /* see tls1.h for macros based on these */ | ||
1389 | #ifndef OPENSSL_NO_TLSEXT | ||
1390 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 | ||
1391 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 | ||
1392 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 | ||
1393 | #define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 | ||
1394 | #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 | ||
1395 | #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 | ||
1396 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 | ||
1397 | #define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 | ||
1398 | #define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 | ||
1399 | #define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 | ||
1400 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 | ||
1401 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 | ||
1402 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 | ||
1403 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 | ||
1404 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 | ||
1405 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 | ||
1406 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 | ||
1407 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 | ||
1408 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 | ||
1409 | |||
1410 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 | ||
1411 | #endif | ||
1412 | |||
1413 | #define DTLS_CTRL_GET_TIMEOUT 73 | ||
1414 | #define DTLS_CTRL_HANDLE_TIMEOUT 74 | ||
1415 | #define DTLS_CTRL_LISTEN 75 | ||
1416 | |||
1417 | #define SSL_CTRL_GET_RI_SUPPORT 76 | ||
1418 | #define SSL_CTRL_CLEAR_OPTIONS 77 | ||
1419 | #define SSL_CTRL_CLEAR_MODE 78 | ||
1420 | |||
1421 | #define DTLSv1_get_timeout(ssl, arg) \ | ||
1422 | SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) | ||
1423 | #define DTLSv1_handle_timeout(ssl) \ | ||
1424 | SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) | ||
1425 | #define DTLSv1_listen(ssl, peer) \ | ||
1426 | SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) | ||
1427 | |||
1428 | #define SSL_session_reused(ssl) \ | ||
1429 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) | ||
1430 | #define SSL_num_renegotiations(ssl) \ | ||
1431 | SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) | ||
1432 | #define SSL_clear_num_renegotiations(ssl) \ | ||
1433 | SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) | ||
1434 | #define SSL_total_renegotiations(ssl) \ | ||
1435 | SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) | ||
1436 | |||
1437 | #define SSL_CTX_need_tmp_RSA(ctx) \ | ||
1438 | SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) | ||
1439 | #define SSL_CTX_set_tmp_rsa(ctx,rsa) \ | ||
1440 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | ||
1441 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ | ||
1442 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | ||
1443 | #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ | ||
1444 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
1445 | |||
1446 | #define SSL_need_tmp_RSA(ssl) \ | ||
1447 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) | ||
1448 | #define SSL_set_tmp_rsa(ssl,rsa) \ | ||
1449 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | ||
1450 | #define SSL_set_tmp_dh(ssl,dh) \ | ||
1451 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | ||
1452 | #define SSL_set_tmp_ecdh(ssl,ecdh) \ | ||
1453 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
1454 | |||
1455 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ | ||
1456 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | ||
1457 | |||
1458 | #ifndef OPENSSL_NO_BIO | ||
1459 | BIO_METHOD *BIO_f_ssl(void); | ||
1460 | BIO *BIO_new_ssl(SSL_CTX *ctx,int client); | ||
1461 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx); | ||
1462 | BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); | ||
1463 | int BIO_ssl_copy_session_id(BIO *to,BIO *from); | ||
1464 | void BIO_ssl_shutdown(BIO *ssl_bio); | ||
1465 | |||
1466 | #endif | ||
1467 | |||
1468 | int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); | ||
1469 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); | ||
1470 | void SSL_CTX_free(SSL_CTX *); | ||
1471 | long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); | ||
1472 | long SSL_CTX_get_timeout(const SSL_CTX *ctx); | ||
1473 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); | ||
1474 | void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); | ||
1475 | int SSL_want(const SSL *s); | ||
1476 | int SSL_clear(SSL *s); | ||
1477 | |||
1478 | void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); | ||
1479 | |||
1480 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); | ||
1481 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); | ||
1482 | char * SSL_CIPHER_get_version(const SSL_CIPHER *c); | ||
1483 | const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); | ||
1484 | |||
1485 | int SSL_get_fd(const SSL *s); | ||
1486 | int SSL_get_rfd(const SSL *s); | ||
1487 | int SSL_get_wfd(const SSL *s); | ||
1488 | const char * SSL_get_cipher_list(const SSL *s,int n); | ||
1489 | char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); | ||
1490 | int SSL_get_read_ahead(const SSL * s); | ||
1491 | int SSL_pending(const SSL *s); | ||
1492 | #ifndef OPENSSL_NO_SOCK | ||
1493 | int SSL_set_fd(SSL *s, int fd); | ||
1494 | int SSL_set_rfd(SSL *s, int fd); | ||
1495 | int SSL_set_wfd(SSL *s, int fd); | ||
1496 | #endif | ||
1497 | #ifndef OPENSSL_NO_BIO | ||
1498 | void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); | ||
1499 | BIO * SSL_get_rbio(const SSL *s); | ||
1500 | BIO * SSL_get_wbio(const SSL *s); | ||
1501 | #endif | ||
1502 | int SSL_set_cipher_list(SSL *s, const char *str); | ||
1503 | void SSL_set_read_ahead(SSL *s, int yes); | ||
1504 | int SSL_get_verify_mode(const SSL *s); | ||
1505 | int SSL_get_verify_depth(const SSL *s); | ||
1506 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); | ||
1507 | void SSL_set_verify(SSL *s, int mode, | ||
1508 | int (*callback)(int ok,X509_STORE_CTX *ctx)); | ||
1509 | void SSL_set_verify_depth(SSL *s, int depth); | ||
1510 | #ifndef OPENSSL_NO_RSA | ||
1511 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); | ||
1512 | #endif | ||
1513 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); | ||
1514 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); | ||
1515 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); | ||
1516 | int SSL_use_certificate(SSL *ssl, X509 *x); | ||
1517 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); | ||
1518 | |||
1519 | #ifndef OPENSSL_NO_STDIO | ||
1520 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); | ||
1521 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); | ||
1522 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type); | ||
1523 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); | ||
1524 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); | ||
1525 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); | ||
1526 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ | ||
1527 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); | ||
1528 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | ||
1529 | const char *file); | ||
1530 | #ifndef OPENSSL_SYS_VMS | ||
1531 | #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ | ||
1532 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | ||
1533 | const char *dir); | ||
1534 | #endif | ||
1535 | #endif | ||
1536 | |||
1537 | #endif | ||
1538 | |||
1539 | void SSL_load_error_strings(void ); | ||
1540 | const char *SSL_state_string(const SSL *s); | ||
1541 | const char *SSL_rstate_string(const SSL *s); | ||
1542 | const char *SSL_state_string_long(const SSL *s); | ||
1543 | const char *SSL_rstate_string_long(const SSL *s); | ||
1544 | long SSL_SESSION_get_time(const SSL_SESSION *s); | ||
1545 | long SSL_SESSION_set_time(SSL_SESSION *s, long t); | ||
1546 | long SSL_SESSION_get_timeout(const SSL_SESSION *s); | ||
1547 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); | ||
1548 | void SSL_copy_session_id(SSL *to,const SSL *from); | ||
1549 | |||
1550 | SSL_SESSION *SSL_SESSION_new(void); | ||
1551 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, | ||
1552 | unsigned int *len); | ||
1553 | #ifndef OPENSSL_NO_FP_API | ||
1554 | int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); | ||
1555 | #endif | ||
1556 | #ifndef OPENSSL_NO_BIO | ||
1557 | int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); | ||
1558 | #endif | ||
1559 | void SSL_SESSION_free(SSL_SESSION *ses); | ||
1560 | int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); | ||
1561 | int SSL_set_session(SSL *to, SSL_SESSION *session); | ||
1562 | int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | ||
1563 | int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); | ||
1564 | int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | ||
1565 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); | ||
1566 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | ||
1567 | unsigned int id_len); | ||
1568 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, | ||
1569 | long length); | ||
1570 | |||
1571 | #ifdef HEADER_X509_H | ||
1572 | X509 * SSL_get_peer_certificate(const SSL *s); | ||
1573 | #endif | ||
1574 | |||
1575 | STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); | ||
1576 | |||
1577 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); | ||
1578 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); | ||
1579 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); | ||
1580 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, | ||
1581 | int (*callback)(int, X509_STORE_CTX *)); | ||
1582 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); | ||
1583 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); | ||
1584 | #ifndef OPENSSL_NO_RSA | ||
1585 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); | ||
1586 | #endif | ||
1587 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); | ||
1588 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); | ||
1589 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, | ||
1590 | const unsigned char *d, long len); | ||
1591 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); | ||
1592 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); | ||
1593 | |||
1594 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); | ||
1595 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); | ||
1596 | |||
1597 | int SSL_CTX_check_private_key(const SSL_CTX *ctx); | ||
1598 | int SSL_check_private_key(const SSL *ctx); | ||
1599 | |||
1600 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | ||
1601 | unsigned int sid_ctx_len); | ||
1602 | |||
1603 | SSL * SSL_new(SSL_CTX *ctx); | ||
1604 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | ||
1605 | unsigned int sid_ctx_len); | ||
1606 | |||
1607 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); | ||
1608 | int SSL_set_purpose(SSL *s, int purpose); | ||
1609 | int SSL_CTX_set_trust(SSL_CTX *s, int trust); | ||
1610 | int SSL_set_trust(SSL *s, int trust); | ||
1611 | |||
1612 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); | ||
1613 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); | ||
1614 | |||
1615 | void SSL_free(SSL *ssl); | ||
1616 | int SSL_accept(SSL *ssl); | ||
1617 | int SSL_connect(SSL *ssl); | ||
1618 | int SSL_read(SSL *ssl,void *buf,int num); | ||
1619 | int SSL_peek(SSL *ssl,void *buf,int num); | ||
1620 | int SSL_write(SSL *ssl,const void *buf,int num); | ||
1621 | long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); | ||
1622 | long SSL_callback_ctrl(SSL *, int, void (*)(void)); | ||
1623 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); | ||
1624 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); | ||
1625 | |||
1626 | int SSL_get_error(const SSL *s,int ret_code); | ||
1627 | const char *SSL_get_version(const SSL *s); | ||
1628 | |||
1629 | /* This sets the 'default' SSL version that SSL_new() will create */ | ||
1630 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); | ||
1631 | |||
1632 | #ifndef OPENSSL_NO_SSL2 | ||
1633 | const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ | ||
1634 | const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ | ||
1635 | const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ | ||
1636 | #endif | ||
1637 | |||
1638 | const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | ||
1639 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | ||
1640 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | ||
1641 | |||
1642 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | ||
1643 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | ||
1644 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | ||
1645 | |||
1646 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | ||
1647 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | ||
1648 | const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ | ||
1649 | |||
1650 | const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ | ||
1651 | const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ | ||
1652 | const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ | ||
1653 | |||
1654 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); | ||
1655 | |||
1656 | int SSL_do_handshake(SSL *s); | ||
1657 | int SSL_renegotiate(SSL *s); | ||
1658 | int SSL_renegotiate_pending(SSL *s); | ||
1659 | int SSL_shutdown(SSL *s); | ||
1660 | |||
1661 | const SSL_METHOD *SSL_get_ssl_method(SSL *s); | ||
1662 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); | ||
1663 | const char *SSL_alert_type_string_long(int value); | ||
1664 | const char *SSL_alert_type_string(int value); | ||
1665 | const char *SSL_alert_desc_string_long(int value); | ||
1666 | const char *SSL_alert_desc_string(int value); | ||
1667 | |||
1668 | void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); | ||
1669 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); | ||
1670 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); | ||
1671 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); | ||
1672 | int SSL_add_client_CA(SSL *ssl,X509 *x); | ||
1673 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); | ||
1674 | |||
1675 | void SSL_set_connect_state(SSL *s); | ||
1676 | void SSL_set_accept_state(SSL *s); | ||
1677 | |||
1678 | long SSL_get_default_timeout(const SSL *s); | ||
1679 | |||
1680 | int SSL_library_init(void ); | ||
1681 | |||
1682 | char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); | ||
1683 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); | ||
1684 | |||
1685 | SSL *SSL_dup(SSL *ssl); | ||
1686 | |||
1687 | X509 *SSL_get_certificate(const SSL *ssl); | ||
1688 | /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); | ||
1689 | |||
1690 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); | ||
1691 | int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); | ||
1692 | void SSL_set_quiet_shutdown(SSL *ssl,int mode); | ||
1693 | int SSL_get_quiet_shutdown(const SSL *ssl); | ||
1694 | void SSL_set_shutdown(SSL *ssl,int mode); | ||
1695 | int SSL_get_shutdown(const SSL *ssl); | ||
1696 | int SSL_version(const SSL *ssl); | ||
1697 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); | ||
1698 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | ||
1699 | const char *CApath); | ||
1700 | #define SSL_get0_session SSL_get_session /* just peek at pointer */ | ||
1701 | SSL_SESSION *SSL_get_session(const SSL *ssl); | ||
1702 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ | ||
1703 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); | ||
1704 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); | ||
1705 | void SSL_set_info_callback(SSL *ssl, | ||
1706 | void (*cb)(const SSL *ssl,int type,int val)); | ||
1707 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); | ||
1708 | int SSL_state(const SSL *ssl); | ||
1709 | |||
1710 | void SSL_set_verify_result(SSL *ssl,long v); | ||
1711 | long SSL_get_verify_result(const SSL *ssl); | ||
1712 | |||
1713 | int SSL_set_ex_data(SSL *ssl,int idx,void *data); | ||
1714 | void *SSL_get_ex_data(const SSL *ssl,int idx); | ||
1715 | int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
1716 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
1717 | |||
1718 | int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); | ||
1719 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); | ||
1720 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
1721 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
1722 | |||
1723 | int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); | ||
1724 | void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); | ||
1725 | int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
1726 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
1727 | |||
1728 | int SSL_get_ex_data_X509_STORE_CTX_idx(void ); | ||
1729 | |||
1730 | #define SSL_CTX_sess_set_cache_size(ctx,t) \ | ||
1731 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) | ||
1732 | #define SSL_CTX_sess_get_cache_size(ctx) \ | ||
1733 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) | ||
1734 | #define SSL_CTX_set_session_cache_mode(ctx,m) \ | ||
1735 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) | ||
1736 | #define SSL_CTX_get_session_cache_mode(ctx) \ | ||
1737 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) | ||
1738 | |||
1739 | #define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) | ||
1740 | #define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) | ||
1741 | #define SSL_CTX_get_read_ahead(ctx) \ | ||
1742 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) | ||
1743 | #define SSL_CTX_set_read_ahead(ctx,m) \ | ||
1744 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) | ||
1745 | #define SSL_CTX_get_max_cert_list(ctx) \ | ||
1746 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) | ||
1747 | #define SSL_CTX_set_max_cert_list(ctx,m) \ | ||
1748 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) | ||
1749 | #define SSL_get_max_cert_list(ssl) \ | ||
1750 | SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) | ||
1751 | #define SSL_set_max_cert_list(ssl,m) \ | ||
1752 | SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) | ||
1753 | |||
1754 | #define SSL_CTX_set_max_send_fragment(ctx,m) \ | ||
1755 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) | ||
1756 | #define SSL_set_max_send_fragment(ssl,m) \ | ||
1757 | SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) | ||
1758 | |||
1759 | /* NB: the keylength is only applicable when is_export is true */ | ||
1760 | #ifndef OPENSSL_NO_RSA | ||
1761 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, | ||
1762 | RSA *(*cb)(SSL *ssl,int is_export, | ||
1763 | int keylength)); | ||
1764 | |||
1765 | void SSL_set_tmp_rsa_callback(SSL *ssl, | ||
1766 | RSA *(*cb)(SSL *ssl,int is_export, | ||
1767 | int keylength)); | ||
1768 | #endif | ||
1769 | #ifndef OPENSSL_NO_DH | ||
1770 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, | ||
1771 | DH *(*dh)(SSL *ssl,int is_export, | ||
1772 | int keylength)); | ||
1773 | void SSL_set_tmp_dh_callback(SSL *ssl, | ||
1774 | DH *(*dh)(SSL *ssl,int is_export, | ||
1775 | int keylength)); | ||
1776 | #endif | ||
1777 | #ifndef OPENSSL_NO_ECDH | ||
1778 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, | ||
1779 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
1780 | int keylength)); | ||
1781 | void SSL_set_tmp_ecdh_callback(SSL *ssl, | ||
1782 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
1783 | int keylength)); | ||
1784 | #endif | ||
1785 | |||
1786 | #ifndef OPENSSL_NO_COMP | ||
1787 | const COMP_METHOD *SSL_get_current_compression(SSL *s); | ||
1788 | const COMP_METHOD *SSL_get_current_expansion(SSL *s); | ||
1789 | const char *SSL_COMP_get_name(const COMP_METHOD *comp); | ||
1790 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); | ||
1791 | int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); | ||
1792 | #else | ||
1793 | const void *SSL_get_current_compression(SSL *s); | ||
1794 | const void *SSL_get_current_expansion(SSL *s); | ||
1795 | const char *SSL_COMP_get_name(const void *comp); | ||
1796 | void *SSL_COMP_get_compression_methods(void); | ||
1797 | int SSL_COMP_add_compression_method(int id,void *cm); | ||
1798 | #endif | ||
1799 | |||
1800 | /* TLS extensions functions */ | ||
1801 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); | ||
1802 | |||
1803 | int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | ||
1804 | void *arg); | ||
1805 | |||
1806 | /* Pre-shared secret session resumption functions */ | ||
1807 | int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); | ||
1808 | |||
1809 | /* BEGIN ERROR CODES */ | ||
1810 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
1811 | * made after this point may be overwritten when the script is next run. | ||
1812 | */ | ||
1813 | void ERR_load_SSL_strings(void); | ||
1814 | |||
1815 | /* Error codes for the SSL functions. */ | ||
1816 | |||
1817 | /* Function codes. */ | ||
1818 | #define SSL_F_CLIENT_CERTIFICATE 100 | ||
1819 | #define SSL_F_CLIENT_FINISHED 167 | ||
1820 | #define SSL_F_CLIENT_HELLO 101 | ||
1821 | #define SSL_F_CLIENT_MASTER_KEY 102 | ||
1822 | #define SSL_F_D2I_SSL_SESSION 103 | ||
1823 | #define SSL_F_DO_DTLS1_WRITE 245 | ||
1824 | #define SSL_F_DO_SSL3_WRITE 104 | ||
1825 | #define SSL_F_DTLS1_ACCEPT 246 | ||
1826 | #define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 | ||
1827 | #define SSL_F_DTLS1_BUFFER_RECORD 247 | ||
1828 | #define SSL_F_DTLS1_CLIENT_HELLO 248 | ||
1829 | #define SSL_F_DTLS1_CONNECT 249 | ||
1830 | #define SSL_F_DTLS1_ENC 250 | ||
1831 | #define SSL_F_DTLS1_GET_HELLO_VERIFY 251 | ||
1832 | #define SSL_F_DTLS1_GET_MESSAGE 252 | ||
1833 | #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 | ||
1834 | #define SSL_F_DTLS1_GET_RECORD 254 | ||
1835 | #define SSL_F_DTLS1_HANDLE_TIMEOUT 297 | ||
1836 | #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 | ||
1837 | #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 | ||
1838 | #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 | ||
1839 | #define SSL_F_DTLS1_PROCESS_RECORD 257 | ||
1840 | #define SSL_F_DTLS1_READ_BYTES 258 | ||
1841 | #define SSL_F_DTLS1_READ_FAILED 259 | ||
1842 | #define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 | ||
1843 | #define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 | ||
1844 | #define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 | ||
1845 | #define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 | ||
1846 | #define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 | ||
1847 | #define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 | ||
1848 | #define SSL_F_DTLS1_SEND_SERVER_HELLO 266 | ||
1849 | #define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 | ||
1850 | #define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 | ||
1851 | #define SSL_F_GET_CLIENT_FINISHED 105 | ||
1852 | #define SSL_F_GET_CLIENT_HELLO 106 | ||
1853 | #define SSL_F_GET_CLIENT_MASTER_KEY 107 | ||
1854 | #define SSL_F_GET_SERVER_FINISHED 108 | ||
1855 | #define SSL_F_GET_SERVER_HELLO 109 | ||
1856 | #define SSL_F_GET_SERVER_VERIFY 110 | ||
1857 | #define SSL_F_I2D_SSL_SESSION 111 | ||
1858 | #define SSL_F_READ_N 112 | ||
1859 | #define SSL_F_REQUEST_CERTIFICATE 113 | ||
1860 | #define SSL_F_SERVER_FINISH 239 | ||
1861 | #define SSL_F_SERVER_HELLO 114 | ||
1862 | #define SSL_F_SERVER_VERIFY 240 | ||
1863 | #define SSL_F_SSL23_ACCEPT 115 | ||
1864 | #define SSL_F_SSL23_CLIENT_HELLO 116 | ||
1865 | #define SSL_F_SSL23_CONNECT 117 | ||
1866 | #define SSL_F_SSL23_GET_CLIENT_HELLO 118 | ||
1867 | #define SSL_F_SSL23_GET_SERVER_HELLO 119 | ||
1868 | #define SSL_F_SSL23_PEEK 237 | ||
1869 | #define SSL_F_SSL23_READ 120 | ||
1870 | #define SSL_F_SSL23_WRITE 121 | ||
1871 | #define SSL_F_SSL2_ACCEPT 122 | ||
1872 | #define SSL_F_SSL2_CONNECT 123 | ||
1873 | #define SSL_F_SSL2_ENC_INIT 124 | ||
1874 | #define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 | ||
1875 | #define SSL_F_SSL2_PEEK 234 | ||
1876 | #define SSL_F_SSL2_READ 125 | ||
1877 | #define SSL_F_SSL2_READ_INTERNAL 236 | ||
1878 | #define SSL_F_SSL2_SET_CERTIFICATE 126 | ||
1879 | #define SSL_F_SSL2_WRITE 127 | ||
1880 | #define SSL_F_SSL3_ACCEPT 128 | ||
1881 | #define SSL_F_SSL3_ADD_CERT_TO_BUF 296 | ||
1882 | #define SSL_F_SSL3_CALLBACK_CTRL 233 | ||
1883 | #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 | ||
1884 | #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 | ||
1885 | #define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 | ||
1886 | #define SSL_F_SSL3_CLIENT_HELLO 131 | ||
1887 | #define SSL_F_SSL3_CONNECT 132 | ||
1888 | #define SSL_F_SSL3_CTRL 213 | ||
1889 | #define SSL_F_SSL3_CTX_CTRL 133 | ||
1890 | #define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 | ||
1891 | #define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 | ||
1892 | #define SSL_F_SSL3_ENC 134 | ||
1893 | #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 | ||
1894 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 | ||
1895 | #define SSL_F_SSL3_GET_CERT_STATUS 289 | ||
1896 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 | ||
1897 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 | ||
1898 | #define SSL_F_SSL3_GET_CLIENT_HELLO 138 | ||
1899 | #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 | ||
1900 | #define SSL_F_SSL3_GET_FINISHED 140 | ||
1901 | #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 | ||
1902 | #define SSL_F_SSL3_GET_MESSAGE 142 | ||
1903 | #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 | ||
1904 | #define SSL_F_SSL3_GET_RECORD 143 | ||
1905 | #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 | ||
1906 | #define SSL_F_SSL3_GET_SERVER_DONE 145 | ||
1907 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 | ||
1908 | #define SSL_F_SSL3_HANDSHAKE_MAC 285 | ||
1909 | #define SSL_F_SSL3_NEW_SESSION_TICKET 287 | ||
1910 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 | ||
1911 | #define SSL_F_SSL3_PEEK 235 | ||
1912 | #define SSL_F_SSL3_READ_BYTES 148 | ||
1913 | #define SSL_F_SSL3_READ_N 149 | ||
1914 | #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 | ||
1915 | #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 | ||
1916 | #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 | ||
1917 | #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 | ||
1918 | #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 | ||
1919 | #define SSL_F_SSL3_SEND_SERVER_HELLO 242 | ||
1920 | #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 | ||
1921 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | ||
1922 | #define SSL_F_SSL3_SETUP_READ_BUFFER 156 | ||
1923 | #define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 | ||
1924 | #define SSL_F_SSL3_WRITE_BYTES 158 | ||
1925 | #define SSL_F_SSL3_WRITE_PENDING 159 | ||
1926 | #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 | ||
1927 | #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 | ||
1928 | #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 | ||
1929 | #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 | ||
1930 | #define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 | ||
1931 | #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 | ||
1932 | #define SSL_F_SSL_BAD_METHOD 160 | ||
1933 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 | ||
1934 | #define SSL_F_SSL_CERT_DUP 221 | ||
1935 | #define SSL_F_SSL_CERT_INST 222 | ||
1936 | #define SSL_F_SSL_CERT_INSTANTIATE 214 | ||
1937 | #define SSL_F_SSL_CERT_NEW 162 | ||
1938 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 | ||
1939 | #define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 | ||
1940 | #define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 | ||
1941 | #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 | ||
1942 | #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 | ||
1943 | #define SSL_F_SSL_CLEAR 164 | ||
1944 | #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 | ||
1945 | #define SSL_F_SSL_CREATE_CIPHER_LIST 166 | ||
1946 | #define SSL_F_SSL_CTRL 232 | ||
1947 | #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 | ||
1948 | #define SSL_F_SSL_CTX_NEW 169 | ||
1949 | #define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 | ||
1950 | #define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 | ||
1951 | #define SSL_F_SSL_CTX_SET_PURPOSE 226 | ||
1952 | #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 | ||
1953 | #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 | ||
1954 | #define SSL_F_SSL_CTX_SET_TRUST 229 | ||
1955 | #define SSL_F_SSL_CTX_USE_CERTIFICATE 171 | ||
1956 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 | ||
1957 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 | ||
1958 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 | ||
1959 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 | ||
1960 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 | ||
1961 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 | ||
1962 | #define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 | ||
1963 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 | ||
1964 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 | ||
1965 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 | ||
1966 | #define SSL_F_SSL_DO_HANDSHAKE 180 | ||
1967 | #define SSL_F_SSL_GET_NEW_SESSION 181 | ||
1968 | #define SSL_F_SSL_GET_PREV_SESSION 217 | ||
1969 | #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 | ||
1970 | #define SSL_F_SSL_GET_SIGN_PKEY 183 | ||
1971 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 | ||
1972 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 | ||
1973 | #define SSL_F_SSL_NEW 186 | ||
1974 | #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 | ||
1975 | #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 | ||
1976 | #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 | ||
1977 | #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 | ||
1978 | #define SSL_F_SSL_PEEK 270 | ||
1979 | #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 | ||
1980 | #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 | ||
1981 | #define SSL_F_SSL_READ 223 | ||
1982 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 | ||
1983 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 | ||
1984 | #define SSL_F_SSL_SESSION_NEW 189 | ||
1985 | #define SSL_F_SSL_SESSION_PRINT_FP 190 | ||
1986 | #define SSL_F_SSL_SESS_CERT_NEW 225 | ||
1987 | #define SSL_F_SSL_SET_CERT 191 | ||
1988 | #define SSL_F_SSL_SET_CIPHER_LIST 271 | ||
1989 | #define SSL_F_SSL_SET_FD 192 | ||
1990 | #define SSL_F_SSL_SET_PKEY 193 | ||
1991 | #define SSL_F_SSL_SET_PURPOSE 227 | ||
1992 | #define SSL_F_SSL_SET_RFD 194 | ||
1993 | #define SSL_F_SSL_SET_SESSION 195 | ||
1994 | #define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 | ||
1995 | #define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 | ||
1996 | #define SSL_F_SSL_SET_TRUST 228 | ||
1997 | #define SSL_F_SSL_SET_WFD 196 | ||
1998 | #define SSL_F_SSL_SHUTDOWN 224 | ||
1999 | #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 | ||
2000 | #define SSL_F_SSL_UNDEFINED_FUNCTION 197 | ||
2001 | #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 | ||
2002 | #define SSL_F_SSL_USE_CERTIFICATE 198 | ||
2003 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 | ||
2004 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 | ||
2005 | #define SSL_F_SSL_USE_PRIVATEKEY 201 | ||
2006 | #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 | ||
2007 | #define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 | ||
2008 | #define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 | ||
2009 | #define SSL_F_SSL_USE_RSAPRIVATEKEY 204 | ||
2010 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 | ||
2011 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 | ||
2012 | #define SSL_F_SSL_VERIFY_CERT_CHAIN 207 | ||
2013 | #define SSL_F_SSL_WRITE 208 | ||
2014 | #define SSL_F_TLS1_CERT_VERIFY_MAC 286 | ||
2015 | #define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 | ||
2016 | #define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 | ||
2017 | #define SSL_F_TLS1_ENC 210 | ||
2018 | #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 | ||
2019 | #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 | ||
2020 | #define SSL_F_TLS1_PRF 284 | ||
2021 | #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 | ||
2022 | #define SSL_F_WRITE_PENDING 212 | ||
2023 | |||
2024 | /* Reason codes. */ | ||
2025 | #define SSL_R_APP_DATA_IN_HANDSHAKE 100 | ||
2026 | #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 | ||
2027 | #define SSL_R_BAD_ALERT_RECORD 101 | ||
2028 | #define SSL_R_BAD_AUTHENTICATION_TYPE 102 | ||
2029 | #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 | ||
2030 | #define SSL_R_BAD_CHECKSUM 104 | ||
2031 | #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 | ||
2032 | #define SSL_R_BAD_DECOMPRESSION 107 | ||
2033 | #define SSL_R_BAD_DH_G_LENGTH 108 | ||
2034 | #define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 | ||
2035 | #define SSL_R_BAD_DH_P_LENGTH 110 | ||
2036 | #define SSL_R_BAD_DIGEST_LENGTH 111 | ||
2037 | #define SSL_R_BAD_DSA_SIGNATURE 112 | ||
2038 | #define SSL_R_BAD_ECC_CERT 304 | ||
2039 | #define SSL_R_BAD_ECDSA_SIGNATURE 305 | ||
2040 | #define SSL_R_BAD_ECPOINT 306 | ||
2041 | #define SSL_R_BAD_HANDSHAKE_LENGTH 332 | ||
2042 | #define SSL_R_BAD_HELLO_REQUEST 105 | ||
2043 | #define SSL_R_BAD_LENGTH 271 | ||
2044 | #define SSL_R_BAD_MAC_DECODE 113 | ||
2045 | #define SSL_R_BAD_MAC_LENGTH 333 | ||
2046 | #define SSL_R_BAD_MESSAGE_TYPE 114 | ||
2047 | #define SSL_R_BAD_PACKET_LENGTH 115 | ||
2048 | #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 | ||
2049 | #define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 | ||
2050 | #define SSL_R_BAD_RESPONSE_ARGUMENT 117 | ||
2051 | #define SSL_R_BAD_RSA_DECRYPT 118 | ||
2052 | #define SSL_R_BAD_RSA_ENCRYPT 119 | ||
2053 | #define SSL_R_BAD_RSA_E_LENGTH 120 | ||
2054 | #define SSL_R_BAD_RSA_MODULUS_LENGTH 121 | ||
2055 | #define SSL_R_BAD_RSA_SIGNATURE 122 | ||
2056 | #define SSL_R_BAD_SIGNATURE 123 | ||
2057 | #define SSL_R_BAD_SSL_FILETYPE 124 | ||
2058 | #define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 | ||
2059 | #define SSL_R_BAD_STATE 126 | ||
2060 | #define SSL_R_BAD_WRITE_RETRY 127 | ||
2061 | #define SSL_R_BIO_NOT_SET 128 | ||
2062 | #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 | ||
2063 | #define SSL_R_BN_LIB 130 | ||
2064 | #define SSL_R_CA_DN_LENGTH_MISMATCH 131 | ||
2065 | #define SSL_R_CA_DN_TOO_LONG 132 | ||
2066 | #define SSL_R_CCS_RECEIVED_EARLY 133 | ||
2067 | #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 | ||
2068 | #define SSL_R_CERT_LENGTH_MISMATCH 135 | ||
2069 | #define SSL_R_CHALLENGE_IS_DIFFERENT 136 | ||
2070 | #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 | ||
2071 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 | ||
2072 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 | ||
2073 | #define SSL_R_CLIENTHELLO_TLSEXT 226 | ||
2074 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 | ||
2075 | #define SSL_R_COMPRESSION_DISABLED 343 | ||
2076 | #define SSL_R_COMPRESSION_FAILURE 141 | ||
2077 | #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 | ||
2078 | #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 | ||
2079 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 | ||
2080 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 | ||
2081 | #define SSL_R_COOKIE_MISMATCH 308 | ||
2082 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 | ||
2083 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 | ||
2084 | #define SSL_R_DECRYPTION_FAILED 147 | ||
2085 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 | ||
2086 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 | ||
2087 | #define SSL_R_DIGEST_CHECK_FAILED 149 | ||
2088 | #define SSL_R_DTLS_MESSAGE_TOO_BIG 334 | ||
2089 | #define SSL_R_DUPLICATE_COMPRESSION_ID 309 | ||
2090 | #define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 | ||
2091 | #define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 | ||
2092 | #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 | ||
2093 | #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 | ||
2094 | #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 | ||
2095 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 | ||
2096 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 | ||
2097 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 | ||
2098 | #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 | ||
2099 | #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 | ||
2100 | #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 | ||
2101 | #define SSL_R_HTTPS_PROXY_REQUEST 155 | ||
2102 | #define SSL_R_HTTP_REQUEST 156 | ||
2103 | #define SSL_R_ILLEGAL_PADDING 283 | ||
2104 | #define SSL_R_INCONSISTENT_COMPRESSION 340 | ||
2105 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 | ||
2106 | #define SSL_R_INVALID_COMMAND 280 | ||
2107 | #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 | ||
2108 | #define SSL_R_INVALID_PURPOSE 278 | ||
2109 | #define SSL_R_INVALID_STATUS_RESPONSE 328 | ||
2110 | #define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 | ||
2111 | #define SSL_R_INVALID_TRUST 279 | ||
2112 | #define SSL_R_KEY_ARG_TOO_LONG 284 | ||
2113 | #define SSL_R_KRB5 285 | ||
2114 | #define SSL_R_KRB5_C_CC_PRINC 286 | ||
2115 | #define SSL_R_KRB5_C_GET_CRED 287 | ||
2116 | #define SSL_R_KRB5_C_INIT 288 | ||
2117 | #define SSL_R_KRB5_C_MK_REQ 289 | ||
2118 | #define SSL_R_KRB5_S_BAD_TICKET 290 | ||
2119 | #define SSL_R_KRB5_S_INIT 291 | ||
2120 | #define SSL_R_KRB5_S_RD_REQ 292 | ||
2121 | #define SSL_R_KRB5_S_TKT_EXPIRED 293 | ||
2122 | #define SSL_R_KRB5_S_TKT_NYV 294 | ||
2123 | #define SSL_R_KRB5_S_TKT_SKEW 295 | ||
2124 | #define SSL_R_LENGTH_MISMATCH 159 | ||
2125 | #define SSL_R_LENGTH_TOO_SHORT 160 | ||
2126 | #define SSL_R_LIBRARY_BUG 274 | ||
2127 | #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 | ||
2128 | #define SSL_R_MESSAGE_TOO_LONG 296 | ||
2129 | #define SSL_R_MISSING_DH_DSA_CERT 162 | ||
2130 | #define SSL_R_MISSING_DH_KEY 163 | ||
2131 | #define SSL_R_MISSING_DH_RSA_CERT 164 | ||
2132 | #define SSL_R_MISSING_DSA_SIGNING_CERT 165 | ||
2133 | #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 | ||
2134 | #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 | ||
2135 | #define SSL_R_MISSING_RSA_CERTIFICATE 168 | ||
2136 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 | ||
2137 | #define SSL_R_MISSING_RSA_SIGNING_CERT 170 | ||
2138 | #define SSL_R_MISSING_TMP_DH_KEY 171 | ||
2139 | #define SSL_R_MISSING_TMP_ECDH_KEY 311 | ||
2140 | #define SSL_R_MISSING_TMP_RSA_KEY 172 | ||
2141 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 | ||
2142 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 | ||
2143 | #define SSL_R_MULTIPLE_SGC_RESTARTS 346 | ||
2144 | #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 | ||
2145 | #define SSL_R_NO_CERTIFICATES_RETURNED 176 | ||
2146 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 | ||
2147 | #define SSL_R_NO_CERTIFICATE_RETURNED 178 | ||
2148 | #define SSL_R_NO_CERTIFICATE_SET 179 | ||
2149 | #define SSL_R_NO_CERTIFICATE_SPECIFIED 180 | ||
2150 | #define SSL_R_NO_CIPHERS_AVAILABLE 181 | ||
2151 | #define SSL_R_NO_CIPHERS_PASSED 182 | ||
2152 | #define SSL_R_NO_CIPHERS_SPECIFIED 183 | ||
2153 | #define SSL_R_NO_CIPHER_LIST 184 | ||
2154 | #define SSL_R_NO_CIPHER_MATCH 185 | ||
2155 | #define SSL_R_NO_CLIENT_CERT_METHOD 331 | ||
2156 | #define SSL_R_NO_CLIENT_CERT_RECEIVED 186 | ||
2157 | #define SSL_R_NO_COMPRESSION_SPECIFIED 187 | ||
2158 | #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 | ||
2159 | #define SSL_R_NO_METHOD_SPECIFIED 188 | ||
2160 | #define SSL_R_NO_PRIVATEKEY 189 | ||
2161 | #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 | ||
2162 | #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 | ||
2163 | #define SSL_R_NO_PUBLICKEY 192 | ||
2164 | #define SSL_R_NO_RENEGOTIATION 339 | ||
2165 | #define SSL_R_NO_REQUIRED_DIGEST 324 | ||
2166 | #define SSL_R_NO_SHARED_CIPHER 193 | ||
2167 | #define SSL_R_NO_VERIFY_CALLBACK 194 | ||
2168 | #define SSL_R_NULL_SSL_CTX 195 | ||
2169 | #define SSL_R_NULL_SSL_METHOD_PASSED 196 | ||
2170 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 | ||
2171 | #define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 | ||
2172 | #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 | ||
2173 | #define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 | ||
2174 | #define SSL_R_PACKET_LENGTH_TOO_LONG 198 | ||
2175 | #define SSL_R_PARSE_TLSEXT 227 | ||
2176 | #define SSL_R_PATH_TOO_LONG 270 | ||
2177 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 | ||
2178 | #define SSL_R_PEER_ERROR 200 | ||
2179 | #define SSL_R_PEER_ERROR_CERTIFICATE 201 | ||
2180 | #define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 | ||
2181 | #define SSL_R_PEER_ERROR_NO_CIPHER 203 | ||
2182 | #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 | ||
2183 | #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 | ||
2184 | #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 | ||
2185 | #define SSL_R_PROTOCOL_IS_SHUTDOWN 207 | ||
2186 | #define SSL_R_PSK_IDENTITY_NOT_FOUND 223 | ||
2187 | #define SSL_R_PSK_NO_CLIENT_CB 224 | ||
2188 | #define SSL_R_PSK_NO_SERVER_CB 225 | ||
2189 | #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 | ||
2190 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 | ||
2191 | #define SSL_R_PUBLIC_KEY_NOT_RSA 210 | ||
2192 | #define SSL_R_READ_BIO_NOT_SET 211 | ||
2193 | #define SSL_R_READ_TIMEOUT_EXPIRED 312 | ||
2194 | #define SSL_R_READ_WRONG_PACKET_TYPE 212 | ||
2195 | #define SSL_R_RECORD_LENGTH_MISMATCH 213 | ||
2196 | #define SSL_R_RECORD_TOO_LARGE 214 | ||
2197 | #define SSL_R_RECORD_TOO_SMALL 298 | ||
2198 | #define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 | ||
2199 | #define SSL_R_RENEGOTIATION_ENCODING_ERR 336 | ||
2200 | #define SSL_R_RENEGOTIATION_MISMATCH 337 | ||
2201 | #define SSL_R_REQUIRED_CIPHER_MISSING 215 | ||
2202 | #define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 | ||
2203 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 | ||
2204 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 | ||
2205 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 | ||
2206 | #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 | ||
2207 | #define SSL_R_SERVERHELLO_TLSEXT 275 | ||
2208 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 | ||
2209 | #define SSL_R_SHORT_READ 219 | ||
2210 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | ||
2211 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | ||
2212 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 | ||
2213 | #define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 | ||
2214 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 | ||
2215 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 | ||
2216 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 | ||
2217 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | ||
2218 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | ||
2219 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 | ||
2220 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 | ||
2221 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 | ||
2222 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 | ||
2223 | #define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 | ||
2224 | #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 | ||
2225 | #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 | ||
2226 | #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 | ||
2227 | #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 | ||
2228 | #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 | ||
2229 | #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 | ||
2230 | #define SSL_R_SSL_HANDSHAKE_FAILURE 229 | ||
2231 | #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 | ||
2232 | #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 | ||
2233 | #define SSL_R_SSL_SESSION_ID_CONFLICT 302 | ||
2234 | #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 | ||
2235 | #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 | ||
2236 | #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 | ||
2237 | #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 | ||
2238 | #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 | ||
2239 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 | ||
2240 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 | ||
2241 | #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 | ||
2242 | #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 | ||
2243 | #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 | ||
2244 | #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 | ||
2245 | #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 | ||
2246 | #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 | ||
2247 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 | ||
2248 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 | ||
2249 | #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 | ||
2250 | #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 | ||
2251 | #define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 | ||
2252 | #define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 | ||
2253 | #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 | ||
2254 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 | ||
2255 | #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 | ||
2256 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 | ||
2257 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 | ||
2258 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 | ||
2259 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 | ||
2260 | #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 | ||
2261 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 | ||
2262 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 | ||
2263 | #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 | ||
2264 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 | ||
2265 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 | ||
2266 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 | ||
2267 | #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 | ||
2268 | #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 | ||
2269 | #define SSL_R_UNEXPECTED_MESSAGE 244 | ||
2270 | #define SSL_R_UNEXPECTED_RECORD 245 | ||
2271 | #define SSL_R_UNINITIALIZED 276 | ||
2272 | #define SSL_R_UNKNOWN_ALERT_TYPE 246 | ||
2273 | #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 | ||
2274 | #define SSL_R_UNKNOWN_CIPHER_RETURNED 248 | ||
2275 | #define SSL_R_UNKNOWN_CIPHER_TYPE 249 | ||
2276 | #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 | ||
2277 | #define SSL_R_UNKNOWN_PKEY_TYPE 251 | ||
2278 | #define SSL_R_UNKNOWN_PROTOCOL 252 | ||
2279 | #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 | ||
2280 | #define SSL_R_UNKNOWN_SSL_VERSION 254 | ||
2281 | #define SSL_R_UNKNOWN_STATE 255 | ||
2282 | #define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 | ||
2283 | #define SSL_R_UNSUPPORTED_CIPHER 256 | ||
2284 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 | ||
2285 | #define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 | ||
2286 | #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 | ||
2287 | #define SSL_R_UNSUPPORTED_PROTOCOL 258 | ||
2288 | #define SSL_R_UNSUPPORTED_SSL_VERSION 259 | ||
2289 | #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 | ||
2290 | #define SSL_R_WRITE_BIO_NOT_SET 260 | ||
2291 | #define SSL_R_WRONG_CIPHER_RETURNED 261 | ||
2292 | #define SSL_R_WRONG_MESSAGE_TYPE 262 | ||
2293 | #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 | ||
2294 | #define SSL_R_WRONG_SIGNATURE_LENGTH 264 | ||
2295 | #define SSL_R_WRONG_SIGNATURE_SIZE 265 | ||
2296 | #define SSL_R_WRONG_SSL_VERSION 266 | ||
2297 | #define SSL_R_WRONG_VERSION_NUMBER 267 | ||
2298 | #define SSL_R_X509_LIB 268 | ||
2299 | #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 | ||
2300 | |||
2301 | #ifdef __cplusplus | ||
2302 | } | ||
2303 | #endif | ||
2304 | #endif | ||
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h deleted file mode 100644 index 99a52ea0dd..0000000000 --- a/src/lib/libssl/ssl2.h +++ /dev/null | |||
@@ -1,268 +0,0 @@ | |||
1 | /* ssl/ssl2.h */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #ifndef HEADER_SSL2_H | ||
60 | #define HEADER_SSL2_H | ||
61 | |||
62 | #ifdef __cplusplus | ||
63 | extern "C" { | ||
64 | #endif | ||
65 | |||
66 | /* Protocol Version Codes */ | ||
67 | #define SSL2_VERSION 0x0002 | ||
68 | #define SSL2_VERSION_MAJOR 0x00 | ||
69 | #define SSL2_VERSION_MINOR 0x02 | ||
70 | /* #define SSL2_CLIENT_VERSION 0x0002 */ | ||
71 | /* #define SSL2_SERVER_VERSION 0x0002 */ | ||
72 | |||
73 | /* Protocol Message Codes */ | ||
74 | #define SSL2_MT_ERROR 0 | ||
75 | #define SSL2_MT_CLIENT_HELLO 1 | ||
76 | #define SSL2_MT_CLIENT_MASTER_KEY 2 | ||
77 | #define SSL2_MT_CLIENT_FINISHED 3 | ||
78 | #define SSL2_MT_SERVER_HELLO 4 | ||
79 | #define SSL2_MT_SERVER_VERIFY 5 | ||
80 | #define SSL2_MT_SERVER_FINISHED 6 | ||
81 | #define SSL2_MT_REQUEST_CERTIFICATE 7 | ||
82 | #define SSL2_MT_CLIENT_CERTIFICATE 8 | ||
83 | |||
84 | /* Error Message Codes */ | ||
85 | #define SSL2_PE_UNDEFINED_ERROR 0x0000 | ||
86 | #define SSL2_PE_NO_CIPHER 0x0001 | ||
87 | #define SSL2_PE_NO_CERTIFICATE 0x0002 | ||
88 | #define SSL2_PE_BAD_CERTIFICATE 0x0004 | ||
89 | #define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 | ||
90 | |||
91 | /* Cipher Kind Values */ | ||
92 | #define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */ | ||
93 | #define SSL2_CK_RC4_128_WITH_MD5 0x02010080 | ||
94 | #define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 | ||
95 | #define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 | ||
96 | #define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 | ||
97 | #define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 | ||
98 | #define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 | ||
99 | #define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */ | ||
100 | #define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 | ||
101 | #define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */ | ||
102 | #define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */ | ||
103 | |||
104 | #define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */ | ||
105 | #define SSL2_CK_NULL 0x02ff0810 /* SSLeay */ | ||
106 | |||
107 | #define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" | ||
108 | #define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" | ||
109 | #define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" | ||
110 | #define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" | ||
111 | #define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" | ||
112 | #define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" | ||
113 | #define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" | ||
114 | #define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" | ||
115 | #define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" | ||
116 | #define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" | ||
117 | #define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" | ||
118 | #define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" | ||
119 | |||
120 | #define SSL2_TXT_NULL "NULL" | ||
121 | |||
122 | /* Flags for the SSL_CIPHER.algorithm2 field */ | ||
123 | #define SSL2_CF_5_BYTE_ENC 0x01 | ||
124 | #define SSL2_CF_8_BYTE_ENC 0x02 | ||
125 | |||
126 | /* Certificate Type Codes */ | ||
127 | #define SSL2_CT_X509_CERTIFICATE 0x01 | ||
128 | |||
129 | /* Authentication Type Code */ | ||
130 | #define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 | ||
131 | |||
132 | #define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 | ||
133 | |||
134 | /* Upper/Lower Bounds */ | ||
135 | #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 | ||
136 | #ifdef OPENSSL_SYS_MPE | ||
137 | #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u | ||
138 | #else | ||
139 | #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ | ||
140 | #endif | ||
141 | #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ | ||
142 | |||
143 | #define SSL2_CHALLENGE_LENGTH 16 | ||
144 | /*#define SSL2_CHALLENGE_LENGTH 32 */ | ||
145 | #define SSL2_MIN_CHALLENGE_LENGTH 16 | ||
146 | #define SSL2_MAX_CHALLENGE_LENGTH 32 | ||
147 | #define SSL2_CONNECTION_ID_LENGTH 16 | ||
148 | #define SSL2_MAX_CONNECTION_ID_LENGTH 16 | ||
149 | #define SSL2_SSL_SESSION_ID_LENGTH 16 | ||
150 | #define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 | ||
151 | #define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 | ||
152 | #define SSL2_MAX_KEY_MATERIAL_LENGTH 24 | ||
153 | |||
154 | #ifndef HEADER_SSL_LOCL_H | ||
155 | #define CERT char | ||
156 | #endif | ||
157 | |||
158 | typedef struct ssl2_state_st | ||
159 | { | ||
160 | int three_byte_header; | ||
161 | int clear_text; /* clear text */ | ||
162 | int escape; /* not used in SSLv2 */ | ||
163 | int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ | ||
164 | |||
165 | /* non-blocking io info, used to make sure the same | ||
166 | * args were passwd */ | ||
167 | unsigned int wnum; /* number of bytes sent so far */ | ||
168 | int wpend_tot; | ||
169 | const unsigned char *wpend_buf; | ||
170 | |||
171 | int wpend_off; /* offset to data to write */ | ||
172 | int wpend_len; /* number of bytes passwd to write */ | ||
173 | int wpend_ret; /* number of bytes to return to caller */ | ||
174 | |||
175 | /* buffer raw data */ | ||
176 | int rbuf_left; | ||
177 | int rbuf_offs; | ||
178 | unsigned char *rbuf; | ||
179 | unsigned char *wbuf; | ||
180 | |||
181 | unsigned char *write_ptr;/* used to point to the start due to | ||
182 | * 2/3 byte header. */ | ||
183 | |||
184 | unsigned int padding; | ||
185 | unsigned int rlength; /* passed to ssl2_enc */ | ||
186 | int ract_data_length; /* Set when things are encrypted. */ | ||
187 | unsigned int wlength; /* passed to ssl2_enc */ | ||
188 | int wact_data_length; /* Set when things are decrypted. */ | ||
189 | unsigned char *ract_data; | ||
190 | unsigned char *wact_data; | ||
191 | unsigned char *mac_data; | ||
192 | |||
193 | unsigned char *read_key; | ||
194 | unsigned char *write_key; | ||
195 | |||
196 | /* Stuff specifically to do with this SSL session */ | ||
197 | unsigned int challenge_length; | ||
198 | unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; | ||
199 | unsigned int conn_id_length; | ||
200 | unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; | ||
201 | unsigned int key_material_length; | ||
202 | unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2]; | ||
203 | |||
204 | unsigned long read_sequence; | ||
205 | unsigned long write_sequence; | ||
206 | |||
207 | struct { | ||
208 | unsigned int conn_id_length; | ||
209 | unsigned int cert_type; | ||
210 | unsigned int cert_length; | ||
211 | unsigned int csl; | ||
212 | unsigned int clear; | ||
213 | unsigned int enc; | ||
214 | unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; | ||
215 | unsigned int cipher_spec_length; | ||
216 | unsigned int session_id_length; | ||
217 | unsigned int clen; | ||
218 | unsigned int rlen; | ||
219 | } tmp; | ||
220 | } SSL2_STATE; | ||
221 | |||
222 | /* SSLv2 */ | ||
223 | /* client */ | ||
224 | #define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) | ||
225 | #define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) | ||
226 | #define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) | ||
227 | #define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) | ||
228 | #define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) | ||
229 | #define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) | ||
230 | #define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) | ||
231 | #define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) | ||
232 | #define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) | ||
233 | #define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) | ||
234 | #define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) | ||
235 | #define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) | ||
236 | #define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) | ||
237 | #define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) | ||
238 | #define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) | ||
239 | #define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) | ||
240 | #define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) | ||
241 | #define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) | ||
242 | /* server */ | ||
243 | #define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) | ||
244 | #define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) | ||
245 | #define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) | ||
246 | #define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) | ||
247 | #define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) | ||
248 | #define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) | ||
249 | #define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) | ||
250 | #define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) | ||
251 | #define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) | ||
252 | #define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) | ||
253 | #define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) | ||
254 | #define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) | ||
255 | #define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) | ||
256 | #define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) | ||
257 | #define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) | ||
258 | #define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) | ||
259 | #define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) | ||
260 | #define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) | ||
261 | #define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) | ||
262 | #define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) | ||
263 | |||
264 | #ifdef __cplusplus | ||
265 | } | ||
266 | #endif | ||
267 | #endif | ||
268 | |||
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h deleted file mode 100644 index d3228983c7..0000000000 --- a/src/lib/libssl/ssl23.h +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | /* ssl/ssl23.h */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #ifndef HEADER_SSL23_H | ||
60 | #define HEADER_SSL23_H | ||
61 | |||
62 | #ifdef __cplusplus | ||
63 | extern "C" { | ||
64 | #endif | ||
65 | |||
66 | /*client */ | ||
67 | /* write to server */ | ||
68 | #define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) | ||
69 | #define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) | ||
70 | /* read from server */ | ||
71 | #define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) | ||
72 | #define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) | ||
73 | |||
74 | /* server */ | ||
75 | /* read from client */ | ||
76 | #define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) | ||
77 | #define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) | ||
78 | |||
79 | #ifdef __cplusplus | ||
80 | } | ||
81 | #endif | ||
82 | #endif | ||
83 | |||
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h deleted file mode 100644 index 9c2c41287a..0000000000 --- a/src/lib/libssl/ssl3.h +++ /dev/null | |||
@@ -1,648 +0,0 @@ | |||
1 | /* ssl/ssl3.h */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * ECC cipher suite support in OpenSSL originally developed by | ||
114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
115 | */ | ||
116 | |||
117 | #ifndef HEADER_SSL3_H | ||
118 | #define HEADER_SSL3_H | ||
119 | |||
120 | #ifndef OPENSSL_NO_COMP | ||
121 | #include <openssl/comp.h> | ||
122 | #endif | ||
123 | #include <openssl/buffer.h> | ||
124 | #include <openssl/evp.h> | ||
125 | #include <openssl/ssl.h> | ||
126 | |||
127 | #ifdef __cplusplus | ||
128 | extern "C" { | ||
129 | #endif | ||
130 | |||
131 | /* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ | ||
132 | #define SSL3_CK_SCSV 0x030000FF | ||
133 | |||
134 | #define SSL3_CK_RSA_NULL_MD5 0x03000001 | ||
135 | #define SSL3_CK_RSA_NULL_SHA 0x03000002 | ||
136 | #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 | ||
137 | #define SSL3_CK_RSA_RC4_128_MD5 0x03000004 | ||
138 | #define SSL3_CK_RSA_RC4_128_SHA 0x03000005 | ||
139 | #define SSL3_CK_RSA_RC2_40_MD5 0x03000006 | ||
140 | #define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 | ||
141 | #define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 | ||
142 | #define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 | ||
143 | #define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A | ||
144 | |||
145 | #define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B | ||
146 | #define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C | ||
147 | #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D | ||
148 | #define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E | ||
149 | #define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F | ||
150 | #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 | ||
151 | |||
152 | #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 | ||
153 | #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 | ||
154 | #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 | ||
155 | #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 | ||
156 | #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 | ||
157 | #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 | ||
158 | |||
159 | #define SSL3_CK_ADH_RC4_40_MD5 0x03000017 | ||
160 | #define SSL3_CK_ADH_RC4_128_MD5 0x03000018 | ||
161 | #define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 | ||
162 | #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A | ||
163 | #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B | ||
164 | |||
165 | #if 0 | ||
166 | #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C | ||
167 | #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D | ||
168 | #if 0 /* Because it clashes with KRB5, is never used any more, and is safe | ||
169 | to remove according to David Hopwood <david.hopwood@zetnet.co.uk> | ||
170 | of the ietf-tls list */ | ||
171 | #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E | ||
172 | #endif | ||
173 | #endif | ||
174 | |||
175 | /* VRS Additional Kerberos5 entries | ||
176 | */ | ||
177 | #define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E | ||
178 | #define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F | ||
179 | #define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 | ||
180 | #define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 | ||
181 | #define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 | ||
182 | #define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 | ||
183 | #define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 | ||
184 | #define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 | ||
185 | |||
186 | #define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 | ||
187 | #define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 | ||
188 | #define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 | ||
189 | #define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 | ||
190 | #define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A | ||
191 | #define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B | ||
192 | |||
193 | #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" | ||
194 | #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" | ||
195 | #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" | ||
196 | #define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" | ||
197 | #define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" | ||
198 | #define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" | ||
199 | #define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" | ||
200 | #define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" | ||
201 | #define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" | ||
202 | #define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" | ||
203 | |||
204 | #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" | ||
205 | #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" | ||
206 | #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" | ||
207 | #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" | ||
208 | #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" | ||
209 | #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" | ||
210 | |||
211 | #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" | ||
212 | #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" | ||
213 | #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" | ||
214 | #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" | ||
215 | #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" | ||
216 | #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" | ||
217 | |||
218 | #define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" | ||
219 | #define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" | ||
220 | #define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" | ||
221 | #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" | ||
222 | #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" | ||
223 | |||
224 | #if 0 | ||
225 | #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" | ||
226 | #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" | ||
227 | #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" | ||
228 | #endif | ||
229 | |||
230 | #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" | ||
231 | #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" | ||
232 | #define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" | ||
233 | #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" | ||
234 | #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" | ||
235 | #define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" | ||
236 | #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" | ||
237 | #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" | ||
238 | |||
239 | #define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" | ||
240 | #define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" | ||
241 | #define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" | ||
242 | #define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" | ||
243 | #define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" | ||
244 | #define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" | ||
245 | |||
246 | #define SSL3_SSL_SESSION_ID_LENGTH 32 | ||
247 | #define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 | ||
248 | |||
249 | #define SSL3_MASTER_SECRET_SIZE 48 | ||
250 | #define SSL3_RANDOM_SIZE 32 | ||
251 | #define SSL3_SESSION_ID_SIZE 32 | ||
252 | #define SSL3_RT_HEADER_LENGTH 5 | ||
253 | |||
254 | #ifndef SSL3_ALIGN_PAYLOAD | ||
255 | /* Some will argue that this increases memory footprint, but it's | ||
256 | * not actually true. Point is that malloc has to return at least | ||
257 | * 64-bit aligned pointers, meaning that allocating 5 bytes wastes | ||
258 | * 3 bytes in either case. Suggested pre-gaping simply moves these | ||
259 | * wasted bytes from the end of allocated region to its front, | ||
260 | * but makes data payload aligned, which improves performance:-) */ | ||
261 | # define SSL3_ALIGN_PAYLOAD 8 | ||
262 | #else | ||
263 | # if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 | ||
264 | # error "insane SSL3_ALIGN_PAYLOAD" | ||
265 | # undef SSL3_ALIGN_PAYLOAD | ||
266 | # endif | ||
267 | #endif | ||
268 | |||
269 | /* This is the maximum MAC (digest) size used by the SSL library. | ||
270 | * Currently maximum of 20 is used by SHA1, but we reserve for | ||
271 | * future extension for 512-bit hashes. | ||
272 | */ | ||
273 | |||
274 | #define SSL3_RT_MAX_MD_SIZE 64 | ||
275 | |||
276 | /* Maximum block size used in all ciphersuites. Currently 16 for AES. | ||
277 | */ | ||
278 | |||
279 | #define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 | ||
280 | |||
281 | #define SSL3_RT_MAX_EXTRA (16384) | ||
282 | |||
283 | /* Maximum plaintext length: defined by SSL/TLS standards */ | ||
284 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 | ||
285 | /* Maximum compression overhead: defined by SSL/TLS standards */ | ||
286 | #define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 | ||
287 | |||
288 | /* The standards give a maximum encryption overhead of 1024 bytes. | ||
289 | * In practice the value is lower than this. The overhead is the maximum | ||
290 | * number of padding bytes (256) plus the mac size. | ||
291 | */ | ||
292 | #define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) | ||
293 | |||
294 | /* OpenSSL currently only uses a padding length of at most one block so | ||
295 | * the send overhead is smaller. | ||
296 | */ | ||
297 | |||
298 | #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ | ||
299 | (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) | ||
300 | |||
301 | /* If compression isn't used don't include the compression overhead */ | ||
302 | |||
303 | #ifdef OPENSSL_NO_COMP | ||
304 | #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH | ||
305 | #else | ||
306 | #define SSL3_RT_MAX_COMPRESSED_LENGTH \ | ||
307 | (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) | ||
308 | #endif | ||
309 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH \ | ||
310 | (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) | ||
311 | #define SSL3_RT_MAX_PACKET_SIZE \ | ||
312 | (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) | ||
313 | |||
314 | #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" | ||
315 | #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" | ||
316 | |||
317 | #define SSL3_VERSION 0x0300 | ||
318 | #define SSL3_VERSION_MAJOR 0x03 | ||
319 | #define SSL3_VERSION_MINOR 0x00 | ||
320 | |||
321 | #define SSL3_RT_CHANGE_CIPHER_SPEC 20 | ||
322 | #define SSL3_RT_ALERT 21 | ||
323 | #define SSL3_RT_HANDSHAKE 22 | ||
324 | #define SSL3_RT_APPLICATION_DATA 23 | ||
325 | |||
326 | #define SSL3_AL_WARNING 1 | ||
327 | #define SSL3_AL_FATAL 2 | ||
328 | |||
329 | #define SSL3_AD_CLOSE_NOTIFY 0 | ||
330 | #define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ | ||
331 | #define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ | ||
332 | #define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ | ||
333 | #define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ | ||
334 | #define SSL3_AD_NO_CERTIFICATE 41 | ||
335 | #define SSL3_AD_BAD_CERTIFICATE 42 | ||
336 | #define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 | ||
337 | #define SSL3_AD_CERTIFICATE_REVOKED 44 | ||
338 | #define SSL3_AD_CERTIFICATE_EXPIRED 45 | ||
339 | #define SSL3_AD_CERTIFICATE_UNKNOWN 46 | ||
340 | #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ | ||
341 | |||
342 | typedef struct ssl3_record_st | ||
343 | { | ||
344 | /*r */ int type; /* type of record */ | ||
345 | /*rw*/ unsigned int length; /* How many bytes available */ | ||
346 | /*r */ unsigned int off; /* read/write offset into 'buf' */ | ||
347 | /*rw*/ unsigned char *data; /* pointer to the record data */ | ||
348 | /*rw*/ unsigned char *input; /* where the decode bytes are */ | ||
349 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ | ||
350 | /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ | ||
351 | /*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ | ||
352 | } SSL3_RECORD; | ||
353 | |||
354 | typedef struct ssl3_buffer_st | ||
355 | { | ||
356 | unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, | ||
357 | * see ssl3_setup_buffers() */ | ||
358 | size_t len; /* buffer size */ | ||
359 | int offset; /* where to 'copy from' */ | ||
360 | int left; /* how many bytes left */ | ||
361 | } SSL3_BUFFER; | ||
362 | |||
363 | #define SSL3_CT_RSA_SIGN 1 | ||
364 | #define SSL3_CT_DSS_SIGN 2 | ||
365 | #define SSL3_CT_RSA_FIXED_DH 3 | ||
366 | #define SSL3_CT_DSS_FIXED_DH 4 | ||
367 | #define SSL3_CT_RSA_EPHEMERAL_DH 5 | ||
368 | #define SSL3_CT_DSS_EPHEMERAL_DH 6 | ||
369 | #define SSL3_CT_FORTEZZA_DMS 20 | ||
370 | /* SSL3_CT_NUMBER is used to size arrays and it must be large | ||
371 | * enough to contain all of the cert types defined either for | ||
372 | * SSLv3 and TLSv1. | ||
373 | */ | ||
374 | #define SSL3_CT_NUMBER 9 | ||
375 | |||
376 | |||
377 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | ||
378 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | ||
379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | ||
380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | ||
381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | ||
382 | |||
383 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
384 | * restart a handshake because of MS SGC and so prevents us | ||
385 | * from restarting the handshake in a loop. It's reset on a | ||
386 | * renegotiation, so effectively limits the client to one restart | ||
387 | * per negotiation. This limits the possibility of a DDoS | ||
388 | * attack where the client handshakes in a loop using SGC to | ||
389 | * restart. Servers which permit renegotiation can still be | ||
390 | * effected, but we can't prevent that. | ||
391 | */ | ||
392 | #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 | ||
393 | |||
394 | typedef struct ssl3_state_st | ||
395 | { | ||
396 | long flags; | ||
397 | int delay_buf_pop_ret; | ||
398 | |||
399 | unsigned char read_sequence[8]; | ||
400 | int read_mac_secret_size; | ||
401 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; | ||
402 | unsigned char write_sequence[8]; | ||
403 | int write_mac_secret_size; | ||
404 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; | ||
405 | |||
406 | unsigned char server_random[SSL3_RANDOM_SIZE]; | ||
407 | unsigned char client_random[SSL3_RANDOM_SIZE]; | ||
408 | |||
409 | /* flags for countermeasure against known-IV weakness */ | ||
410 | int need_empty_fragments; | ||
411 | int empty_fragment_done; | ||
412 | |||
413 | /* The value of 'extra' when the buffers were initialized */ | ||
414 | int init_extra; | ||
415 | |||
416 | SSL3_BUFFER rbuf; /* read IO goes into here */ | ||
417 | SSL3_BUFFER wbuf; /* write IO goes into here */ | ||
418 | |||
419 | SSL3_RECORD rrec; /* each decoded record goes in here */ | ||
420 | SSL3_RECORD wrec; /* goes out from here */ | ||
421 | |||
422 | /* storage for Alert/Handshake protocol data received but not | ||
423 | * yet processed by ssl3_read_bytes: */ | ||
424 | unsigned char alert_fragment[2]; | ||
425 | unsigned int alert_fragment_len; | ||
426 | unsigned char handshake_fragment[4]; | ||
427 | unsigned int handshake_fragment_len; | ||
428 | |||
429 | /* partial write - check the numbers match */ | ||
430 | unsigned int wnum; /* number of bytes sent so far */ | ||
431 | int wpend_tot; /* number bytes written */ | ||
432 | int wpend_type; | ||
433 | int wpend_ret; /* number of bytes submitted */ | ||
434 | const unsigned char *wpend_buf; | ||
435 | |||
436 | /* used during startup, digest all incoming/outgoing packets */ | ||
437 | BIO *handshake_buffer; | ||
438 | /* When set of handshake digests is determined, buffer is hashed | ||
439 | * and freed and MD_CTX-es for all required digests are stored in | ||
440 | * this array */ | ||
441 | EVP_MD_CTX **handshake_dgst; | ||
442 | /* this is set whenerver we see a change_cipher_spec message | ||
443 | * come in when we are not looking for one */ | ||
444 | int change_cipher_spec; | ||
445 | |||
446 | int warn_alert; | ||
447 | int fatal_alert; | ||
448 | /* we allow one fatal and one warning alert to be outstanding, | ||
449 | * send close alert via the warning alert */ | ||
450 | int alert_dispatch; | ||
451 | unsigned char send_alert[2]; | ||
452 | |||
453 | /* This flag is set when we should renegotiate ASAP, basically when | ||
454 | * there is no more data in the read or write buffers */ | ||
455 | int renegotiate; | ||
456 | int total_renegotiations; | ||
457 | int num_renegotiations; | ||
458 | |||
459 | int in_read_app_data; | ||
460 | |||
461 | /* Opaque PRF input as used for the current handshake. | ||
462 | * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined | ||
463 | * (otherwise, they are merely present to improve binary compatibility) */ | ||
464 | void *client_opaque_prf_input; | ||
465 | size_t client_opaque_prf_input_len; | ||
466 | void *server_opaque_prf_input; | ||
467 | size_t server_opaque_prf_input_len; | ||
468 | |||
469 | struct { | ||
470 | /* actually only needs to be 16+20 */ | ||
471 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | ||
472 | |||
473 | /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ | ||
474 | unsigned char finish_md[EVP_MAX_MD_SIZE*2]; | ||
475 | int finish_md_len; | ||
476 | unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; | ||
477 | int peer_finish_md_len; | ||
478 | |||
479 | unsigned long message_size; | ||
480 | int message_type; | ||
481 | |||
482 | /* used to hold the new cipher we are going to use */ | ||
483 | const SSL_CIPHER *new_cipher; | ||
484 | #ifndef OPENSSL_NO_DH | ||
485 | DH *dh; | ||
486 | #endif | ||
487 | |||
488 | #ifndef OPENSSL_NO_ECDH | ||
489 | EC_KEY *ecdh; /* holds short lived ECDH key */ | ||
490 | #endif | ||
491 | |||
492 | /* used when SSL_ST_FLUSH_DATA is entered */ | ||
493 | int next_state; | ||
494 | |||
495 | int reuse_message; | ||
496 | |||
497 | /* used for certificate requests */ | ||
498 | int cert_req; | ||
499 | int ctype_num; | ||
500 | char ctype[SSL3_CT_NUMBER]; | ||
501 | STACK_OF(X509_NAME) *ca_names; | ||
502 | |||
503 | int use_rsa_tmp; | ||
504 | |||
505 | int key_block_length; | ||
506 | unsigned char *key_block; | ||
507 | |||
508 | const EVP_CIPHER *new_sym_enc; | ||
509 | const EVP_MD *new_hash; | ||
510 | int new_mac_pkey_type; | ||
511 | int new_mac_secret_size; | ||
512 | #ifndef OPENSSL_NO_COMP | ||
513 | const SSL_COMP *new_compression; | ||
514 | #else | ||
515 | char *new_compression; | ||
516 | #endif | ||
517 | int cert_request; | ||
518 | } tmp; | ||
519 | |||
520 | /* Connection binding to prevent renegotiation attacks */ | ||
521 | unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; | ||
522 | unsigned char previous_client_finished_len; | ||
523 | unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; | ||
524 | unsigned char previous_server_finished_len; | ||
525 | int send_connection_binding; /* TODOEKR */ | ||
526 | } SSL3_STATE; | ||
527 | |||
528 | |||
529 | /* SSLv3 */ | ||
530 | /*client */ | ||
531 | /* extra state */ | ||
532 | #define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) | ||
533 | /* write to server */ | ||
534 | #define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) | ||
535 | #define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) | ||
536 | /* read from server */ | ||
537 | #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) | ||
538 | #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) | ||
539 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) | ||
540 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) | ||
541 | #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) | ||
542 | #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) | ||
543 | #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) | ||
544 | #define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) | ||
545 | #define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) | ||
546 | #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) | ||
547 | #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) | ||
548 | #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) | ||
549 | /* write to server */ | ||
550 | #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) | ||
551 | #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) | ||
552 | #define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) | ||
553 | #define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) | ||
554 | #define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) | ||
555 | #define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) | ||
556 | #define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) | ||
557 | #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) | ||
558 | #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) | ||
559 | #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) | ||
560 | #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) | ||
561 | #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) | ||
562 | /* read from server */ | ||
563 | #define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) | ||
564 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) | ||
565 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) | ||
566 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) | ||
567 | #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) | ||
568 | #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) | ||
569 | #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) | ||
570 | #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) | ||
571 | |||
572 | /* server */ | ||
573 | /* extra state */ | ||
574 | #define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) | ||
575 | /* read from client */ | ||
576 | /* Do not change the number values, they do matter */ | ||
577 | #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) | ||
578 | #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) | ||
579 | #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) | ||
580 | /* write to client */ | ||
581 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) | ||
582 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) | ||
583 | #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) | ||
584 | #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) | ||
585 | #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) | ||
586 | #define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) | ||
587 | #define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) | ||
588 | #define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) | ||
589 | #define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) | ||
590 | #define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) | ||
591 | #define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) | ||
592 | #define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) | ||
593 | #define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) | ||
594 | #define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) | ||
595 | #define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) | ||
596 | /* read from client */ | ||
597 | #define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) | ||
598 | #define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) | ||
599 | #define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) | ||
600 | #define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) | ||
601 | #define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) | ||
602 | #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) | ||
603 | #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) | ||
604 | #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) | ||
605 | #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) | ||
606 | #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) | ||
607 | /* write to client */ | ||
608 | #define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) | ||
609 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) | ||
610 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) | ||
611 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) | ||
612 | #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) | ||
613 | #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) | ||
614 | #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) | ||
615 | #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) | ||
616 | |||
617 | #define SSL3_MT_HELLO_REQUEST 0 | ||
618 | #define SSL3_MT_CLIENT_HELLO 1 | ||
619 | #define SSL3_MT_SERVER_HELLO 2 | ||
620 | #define SSL3_MT_NEWSESSION_TICKET 4 | ||
621 | #define SSL3_MT_CERTIFICATE 11 | ||
622 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 | ||
623 | #define SSL3_MT_CERTIFICATE_REQUEST 13 | ||
624 | #define SSL3_MT_SERVER_DONE 14 | ||
625 | #define SSL3_MT_CERTIFICATE_VERIFY 15 | ||
626 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | ||
627 | #define SSL3_MT_FINISHED 20 | ||
628 | #define SSL3_MT_CERTIFICATE_STATUS 22 | ||
629 | #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | ||
630 | |||
631 | |||
632 | #define SSL3_MT_CCS 1 | ||
633 | |||
634 | /* These are used when changing over to a new cipher */ | ||
635 | #define SSL3_CC_READ 0x01 | ||
636 | #define SSL3_CC_WRITE 0x02 | ||
637 | #define SSL3_CC_CLIENT 0x10 | ||
638 | #define SSL3_CC_SERVER 0x20 | ||
639 | #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) | ||
640 | #define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) | ||
641 | #define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) | ||
642 | #define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) | ||
643 | |||
644 | #ifdef __cplusplus | ||
645 | } | ||
646 | #endif | ||
647 | #endif | ||
648 | |||
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c deleted file mode 100644 index 0967b2dfe4..0000000000 --- a/src/lib/libssl/ssl_algs.c +++ /dev/null | |||
@@ -1,140 +0,0 @@ | |||
1 | /* ssl/ssl_algs.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <openssl/objects.h> | ||
61 | #include <openssl/lhash.h> | ||
62 | #include "ssl_locl.h" | ||
63 | |||
64 | int SSL_library_init(void) | ||
65 | { | ||
66 | |||
67 | #ifndef OPENSSL_NO_DES | ||
68 | EVP_add_cipher(EVP_des_cbc()); | ||
69 | EVP_add_cipher(EVP_des_ede3_cbc()); | ||
70 | #endif | ||
71 | #ifndef OPENSSL_NO_IDEA | ||
72 | EVP_add_cipher(EVP_idea_cbc()); | ||
73 | #endif | ||
74 | #ifndef OPENSSL_NO_RC4 | ||
75 | EVP_add_cipher(EVP_rc4()); | ||
76 | #endif | ||
77 | #ifndef OPENSSL_NO_RC2 | ||
78 | EVP_add_cipher(EVP_rc2_cbc()); | ||
79 | /* Not actually used for SSL/TLS but this makes PKCS#12 work | ||
80 | * if an application only calls SSL_library_init(). | ||
81 | */ | ||
82 | EVP_add_cipher(EVP_rc2_40_cbc()); | ||
83 | #endif | ||
84 | #ifndef OPENSSL_NO_AES | ||
85 | EVP_add_cipher(EVP_aes_128_cbc()); | ||
86 | EVP_add_cipher(EVP_aes_192_cbc()); | ||
87 | EVP_add_cipher(EVP_aes_256_cbc()); | ||
88 | #endif | ||
89 | #ifndef OPENSSL_NO_CAMELLIA | ||
90 | EVP_add_cipher(EVP_camellia_128_cbc()); | ||
91 | EVP_add_cipher(EVP_camellia_256_cbc()); | ||
92 | #endif | ||
93 | |||
94 | #ifndef OPENSSL_NO_SEED | ||
95 | EVP_add_cipher(EVP_seed_cbc()); | ||
96 | #endif | ||
97 | |||
98 | #ifndef OPENSSL_NO_MD5 | ||
99 | EVP_add_digest(EVP_md5()); | ||
100 | EVP_add_digest_alias(SN_md5,"ssl2-md5"); | ||
101 | EVP_add_digest_alias(SN_md5,"ssl3-md5"); | ||
102 | #endif | ||
103 | #ifndef OPENSSL_NO_SHA | ||
104 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | ||
105 | EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); | ||
106 | EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | ||
107 | #endif | ||
108 | #ifndef OPENSSL_NO_SHA256 | ||
109 | EVP_add_digest(EVP_sha224()); | ||
110 | EVP_add_digest(EVP_sha256()); | ||
111 | #endif | ||
112 | #ifndef OPENSSL_NO_SHA512 | ||
113 | EVP_add_digest(EVP_sha384()); | ||
114 | EVP_add_digest(EVP_sha512()); | ||
115 | #endif | ||
116 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | ||
117 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | ||
118 | EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | ||
119 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | ||
120 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | ||
121 | #endif | ||
122 | #ifndef OPENSSL_NO_ECDSA | ||
123 | EVP_add_digest(EVP_ecdsa()); | ||
124 | #endif | ||
125 | /* If you want support for phased out ciphers, add the following */ | ||
126 | #if 0 | ||
127 | EVP_add_digest(EVP_sha()); | ||
128 | EVP_add_digest(EVP_dss()); | ||
129 | #endif | ||
130 | #ifndef OPENSSL_NO_COMP | ||
131 | /* This will initialise the built-in compression algorithms. | ||
132 | The value returned is a STACK_OF(SSL_COMP), but that can | ||
133 | be discarded safely */ | ||
134 | (void)SSL_COMP_get_compression_methods(); | ||
135 | #endif | ||
136 | /* initialize cipher/digest methods table */ | ||
137 | ssl_load_ciphers(); | ||
138 | return(1); | ||
139 | } | ||
140 | |||
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c deleted file mode 100644 index d7f4c6087e..0000000000 --- a/src/lib/libssl/ssl_asn1.c +++ /dev/null | |||
@@ -1,592 +0,0 @@ | |||
1 | /* ssl/ssl_asn1.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright 2005 Nokia. All rights reserved. | ||
60 | * | ||
61 | * The portions of the attached software ("Contribution") is developed by | ||
62 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
63 | * license. | ||
64 | * | ||
65 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
66 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
67 | * support (see RFC 4279) to OpenSSL. | ||
68 | * | ||
69 | * No patent licenses or other rights except those expressly stated in | ||
70 | * the OpenSSL open source license shall be deemed granted or received | ||
71 | * expressly, by implication, estoppel, or otherwise. | ||
72 | * | ||
73 | * No assurances are provided by Nokia that the Contribution does not | ||
74 | * infringe the patent or other intellectual property rights of any third | ||
75 | * party or that the license provides you with all the necessary rights | ||
76 | * to make use of the Contribution. | ||
77 | * | ||
78 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
79 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
80 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
81 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
82 | * OTHERWISE. | ||
83 | */ | ||
84 | |||
85 | #include <stdio.h> | ||
86 | #include <stdlib.h> | ||
87 | #include "ssl_locl.h" | ||
88 | #include <openssl/asn1_mac.h> | ||
89 | #include <openssl/objects.h> | ||
90 | #include <openssl/x509.h> | ||
91 | |||
92 | typedef struct ssl_session_asn1_st | ||
93 | { | ||
94 | ASN1_INTEGER version; | ||
95 | ASN1_INTEGER ssl_version; | ||
96 | ASN1_OCTET_STRING cipher; | ||
97 | ASN1_OCTET_STRING comp_id; | ||
98 | ASN1_OCTET_STRING master_key; | ||
99 | ASN1_OCTET_STRING session_id; | ||
100 | ASN1_OCTET_STRING session_id_context; | ||
101 | ASN1_OCTET_STRING key_arg; | ||
102 | #ifndef OPENSSL_NO_KRB5 | ||
103 | ASN1_OCTET_STRING krb5_princ; | ||
104 | #endif /* OPENSSL_NO_KRB5 */ | ||
105 | ASN1_INTEGER time; | ||
106 | ASN1_INTEGER timeout; | ||
107 | ASN1_INTEGER verify_result; | ||
108 | #ifndef OPENSSL_NO_TLSEXT | ||
109 | ASN1_OCTET_STRING tlsext_hostname; | ||
110 | ASN1_INTEGER tlsext_tick_lifetime; | ||
111 | ASN1_OCTET_STRING tlsext_tick; | ||
112 | #endif /* OPENSSL_NO_TLSEXT */ | ||
113 | #ifndef OPENSSL_NO_PSK | ||
114 | ASN1_OCTET_STRING psk_identity_hint; | ||
115 | ASN1_OCTET_STRING psk_identity; | ||
116 | #endif /* OPENSSL_NO_PSK */ | ||
117 | } SSL_SESSION_ASN1; | ||
118 | |||
119 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | ||
120 | { | ||
121 | #define LSIZE2 (sizeof(long)*2) | ||
122 | int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0; | ||
123 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | ||
124 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; | ||
125 | #ifndef OPENSSL_NO_TLSEXT | ||
126 | int v6=0,v9=0,v10=0; | ||
127 | unsigned char ibuf6[LSIZE2]; | ||
128 | #endif | ||
129 | #ifndef OPENSSL_NO_COMP | ||
130 | unsigned char cbuf; | ||
131 | int v11=0; | ||
132 | #endif | ||
133 | long l; | ||
134 | SSL_SESSION_ASN1 a; | ||
135 | M_ASN1_I2D_vars(in); | ||
136 | |||
137 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | ||
138 | return(0); | ||
139 | |||
140 | /* Note that I cheat in the following 2 assignments. I know | ||
141 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set | ||
142 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. | ||
143 | * This is a bit evil but makes things simple, no dynamic allocation | ||
144 | * to clean up :-) */ | ||
145 | a.version.length=LSIZE2; | ||
146 | a.version.type=V_ASN1_INTEGER; | ||
147 | a.version.data=ibuf1; | ||
148 | ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); | ||
149 | |||
150 | a.ssl_version.length=LSIZE2; | ||
151 | a.ssl_version.type=V_ASN1_INTEGER; | ||
152 | a.ssl_version.data=ibuf2; | ||
153 | ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); | ||
154 | |||
155 | a.cipher.type=V_ASN1_OCTET_STRING; | ||
156 | a.cipher.data=buf; | ||
157 | |||
158 | if (in->cipher == NULL) | ||
159 | l=in->cipher_id; | ||
160 | else | ||
161 | l=in->cipher->id; | ||
162 | if (in->ssl_version == SSL2_VERSION) | ||
163 | { | ||
164 | a.cipher.length=3; | ||
165 | buf[0]=((unsigned char)(l>>16L))&0xff; | ||
166 | buf[1]=((unsigned char)(l>> 8L))&0xff; | ||
167 | buf[2]=((unsigned char)(l ))&0xff; | ||
168 | } | ||
169 | else | ||
170 | { | ||
171 | a.cipher.length=2; | ||
172 | buf[0]=((unsigned char)(l>>8L))&0xff; | ||
173 | buf[1]=((unsigned char)(l ))&0xff; | ||
174 | } | ||
175 | |||
176 | #ifndef OPENSSL_NO_COMP | ||
177 | if (in->compress_meth) | ||
178 | { | ||
179 | cbuf = (unsigned char)in->compress_meth; | ||
180 | a.comp_id.length = 1; | ||
181 | a.comp_id.type = V_ASN1_OCTET_STRING; | ||
182 | a.comp_id.data = &cbuf; | ||
183 | } | ||
184 | #endif | ||
185 | |||
186 | a.master_key.length=in->master_key_length; | ||
187 | a.master_key.type=V_ASN1_OCTET_STRING; | ||
188 | a.master_key.data=in->master_key; | ||
189 | |||
190 | a.session_id.length=in->session_id_length; | ||
191 | a.session_id.type=V_ASN1_OCTET_STRING; | ||
192 | a.session_id.data=in->session_id; | ||
193 | |||
194 | a.session_id_context.length=in->sid_ctx_length; | ||
195 | a.session_id_context.type=V_ASN1_OCTET_STRING; | ||
196 | a.session_id_context.data=in->sid_ctx; | ||
197 | |||
198 | a.key_arg.length=in->key_arg_length; | ||
199 | a.key_arg.type=V_ASN1_OCTET_STRING; | ||
200 | a.key_arg.data=in->key_arg; | ||
201 | |||
202 | #ifndef OPENSSL_NO_KRB5 | ||
203 | if (in->krb5_client_princ_len) | ||
204 | { | ||
205 | a.krb5_princ.length=in->krb5_client_princ_len; | ||
206 | a.krb5_princ.type=V_ASN1_OCTET_STRING; | ||
207 | a.krb5_princ.data=in->krb5_client_princ; | ||
208 | } | ||
209 | #endif /* OPENSSL_NO_KRB5 */ | ||
210 | |||
211 | if (in->time != 0L) | ||
212 | { | ||
213 | a.time.length=LSIZE2; | ||
214 | a.time.type=V_ASN1_INTEGER; | ||
215 | a.time.data=ibuf3; | ||
216 | ASN1_INTEGER_set(&(a.time),in->time); | ||
217 | } | ||
218 | |||
219 | if (in->timeout != 0L) | ||
220 | { | ||
221 | a.timeout.length=LSIZE2; | ||
222 | a.timeout.type=V_ASN1_INTEGER; | ||
223 | a.timeout.data=ibuf4; | ||
224 | ASN1_INTEGER_set(&(a.timeout),in->timeout); | ||
225 | } | ||
226 | |||
227 | if (in->verify_result != X509_V_OK) | ||
228 | { | ||
229 | a.verify_result.length=LSIZE2; | ||
230 | a.verify_result.type=V_ASN1_INTEGER; | ||
231 | a.verify_result.data=ibuf5; | ||
232 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | ||
233 | } | ||
234 | |||
235 | #ifndef OPENSSL_NO_TLSEXT | ||
236 | if (in->tlsext_hostname) | ||
237 | { | ||
238 | a.tlsext_hostname.length=strlen(in->tlsext_hostname); | ||
239 | a.tlsext_hostname.type=V_ASN1_OCTET_STRING; | ||
240 | a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; | ||
241 | } | ||
242 | if (in->tlsext_tick) | ||
243 | { | ||
244 | a.tlsext_tick.length= in->tlsext_ticklen; | ||
245 | a.tlsext_tick.type=V_ASN1_OCTET_STRING; | ||
246 | a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; | ||
247 | } | ||
248 | if (in->tlsext_tick_lifetime_hint > 0) | ||
249 | { | ||
250 | a.tlsext_tick_lifetime.length=LSIZE2; | ||
251 | a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; | ||
252 | a.tlsext_tick_lifetime.data=ibuf6; | ||
253 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | ||
254 | } | ||
255 | #endif /* OPENSSL_NO_TLSEXT */ | ||
256 | #ifndef OPENSSL_NO_PSK | ||
257 | if (in->psk_identity_hint) | ||
258 | { | ||
259 | a.psk_identity_hint.length=strlen(in->psk_identity_hint); | ||
260 | a.psk_identity_hint.type=V_ASN1_OCTET_STRING; | ||
261 | a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); | ||
262 | } | ||
263 | if (in->psk_identity) | ||
264 | { | ||
265 | a.psk_identity.length=strlen(in->psk_identity); | ||
266 | a.psk_identity.type=V_ASN1_OCTET_STRING; | ||
267 | a.psk_identity.data=(unsigned char *)(in->psk_identity); | ||
268 | } | ||
269 | #endif /* OPENSSL_NO_PSK */ | ||
270 | |||
271 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | ||
272 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); | ||
273 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | ||
274 | M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); | ||
275 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | ||
276 | #ifndef OPENSSL_NO_KRB5 | ||
277 | if (in->krb5_client_princ_len) | ||
278 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | ||
279 | #endif /* OPENSSL_NO_KRB5 */ | ||
280 | if (in->key_arg_length > 0) | ||
281 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | ||
282 | if (in->time != 0L) | ||
283 | M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | ||
284 | if (in->timeout != 0L) | ||
285 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | ||
286 | if (in->peer != NULL) | ||
287 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); | ||
288 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); | ||
289 | if (in->verify_result != X509_V_OK) | ||
290 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | ||
291 | |||
292 | #ifndef OPENSSL_NO_TLSEXT | ||
293 | if (in->tlsext_tick_lifetime_hint > 0) | ||
294 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | ||
295 | if (in->tlsext_tick) | ||
296 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | ||
297 | if (in->tlsext_hostname) | ||
298 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | ||
299 | #ifndef OPENSSL_NO_COMP | ||
300 | if (in->compress_meth) | ||
301 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | ||
302 | #endif | ||
303 | #endif /* OPENSSL_NO_TLSEXT */ | ||
304 | #ifndef OPENSSL_NO_PSK | ||
305 | if (in->psk_identity_hint) | ||
306 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | ||
307 | if (in->psk_identity) | ||
308 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | ||
309 | #endif /* OPENSSL_NO_PSK */ | ||
310 | |||
311 | M_ASN1_I2D_seq_total(); | ||
312 | |||
313 | M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); | ||
314 | M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER); | ||
315 | M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); | ||
316 | M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); | ||
317 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | ||
318 | #ifndef OPENSSL_NO_KRB5 | ||
319 | if (in->krb5_client_princ_len) | ||
320 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | ||
321 | #endif /* OPENSSL_NO_KRB5 */ | ||
322 | if (in->key_arg_length > 0) | ||
323 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | ||
324 | if (in->time != 0L) | ||
325 | M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | ||
326 | if (in->timeout != 0L) | ||
327 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | ||
328 | if (in->peer != NULL) | ||
329 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); | ||
330 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, | ||
331 | v4); | ||
332 | if (in->verify_result != X509_V_OK) | ||
333 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | ||
334 | #ifndef OPENSSL_NO_TLSEXT | ||
335 | if (in->tlsext_hostname) | ||
336 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | ||
337 | #endif /* OPENSSL_NO_TLSEXT */ | ||
338 | #ifndef OPENSSL_NO_PSK | ||
339 | if (in->psk_identity_hint) | ||
340 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | ||
341 | if (in->psk_identity) | ||
342 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | ||
343 | #endif /* OPENSSL_NO_PSK */ | ||
344 | #ifndef OPENSSL_NO_TLSEXT | ||
345 | if (in->tlsext_tick_lifetime_hint > 0) | ||
346 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | ||
347 | if (in->tlsext_tick) | ||
348 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | ||
349 | #endif /* OPENSSL_NO_TLSEXT */ | ||
350 | #ifndef OPENSSL_NO_COMP | ||
351 | if (in->compress_meth) | ||
352 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | ||
353 | #endif | ||
354 | M_ASN1_I2D_finish(); | ||
355 | } | ||
356 | |||
357 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | ||
358 | long length) | ||
359 | { | ||
360 | int ssl_version=0,i; | ||
361 | long id; | ||
362 | ASN1_INTEGER ai,*aip; | ||
363 | ASN1_OCTET_STRING os,*osp; | ||
364 | M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); | ||
365 | |||
366 | aip= &ai; | ||
367 | osp= &os; | ||
368 | |||
369 | M_ASN1_D2I_Init(); | ||
370 | M_ASN1_D2I_start_sequence(); | ||
371 | |||
372 | ai.data=NULL; ai.length=0; | ||
373 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | ||
374 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | ||
375 | |||
376 | /* we don't care about the version right now :-) */ | ||
377 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | ||
378 | ssl_version=(int)ASN1_INTEGER_get(aip); | ||
379 | ret->ssl_version=ssl_version; | ||
380 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | ||
381 | |||
382 | os.data=NULL; os.length=0; | ||
383 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | ||
384 | if (ssl_version == SSL2_VERSION) | ||
385 | { | ||
386 | if (os.length != 3) | ||
387 | { | ||
388 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
389 | goto err; | ||
390 | } | ||
391 | id=0x02000000L| | ||
392 | ((unsigned long)os.data[0]<<16L)| | ||
393 | ((unsigned long)os.data[1]<< 8L)| | ||
394 | (unsigned long)os.data[2]; | ||
395 | } | ||
396 | else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | ||
397 | { | ||
398 | if (os.length != 2) | ||
399 | { | ||
400 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
401 | goto err; | ||
402 | } | ||
403 | id=0x03000000L| | ||
404 | ((unsigned long)os.data[0]<<8L)| | ||
405 | (unsigned long)os.data[1]; | ||
406 | } | ||
407 | else | ||
408 | { | ||
409 | c.error=SSL_R_UNKNOWN_SSL_VERSION; | ||
410 | goto err; | ||
411 | } | ||
412 | |||
413 | ret->cipher=NULL; | ||
414 | ret->cipher_id=id; | ||
415 | |||
416 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | ||
417 | if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | ||
418 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; | ||
419 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ | ||
420 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | ||
421 | |||
422 | if (os.length > i) | ||
423 | os.length = i; | ||
424 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ | ||
425 | os.length = sizeof(ret->session_id); | ||
426 | |||
427 | ret->session_id_length=os.length; | ||
428 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); | ||
429 | memcpy(ret->session_id,os.data,os.length); | ||
430 | |||
431 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | ||
432 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) | ||
433 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | ||
434 | else | ||
435 | ret->master_key_length=os.length; | ||
436 | memcpy(ret->master_key,os.data,ret->master_key_length); | ||
437 | |||
438 | os.length=0; | ||
439 | |||
440 | #ifndef OPENSSL_NO_KRB5 | ||
441 | os.length=0; | ||
442 | M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); | ||
443 | if (os.data) | ||
444 | { | ||
445 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) | ||
446 | ret->krb5_client_princ_len=0; | ||
447 | else | ||
448 | ret->krb5_client_princ_len=os.length; | ||
449 | memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); | ||
450 | OPENSSL_free(os.data); | ||
451 | os.data = NULL; | ||
452 | os.length = 0; | ||
453 | } | ||
454 | else | ||
455 | ret->krb5_client_princ_len=0; | ||
456 | #endif /* OPENSSL_NO_KRB5 */ | ||
457 | |||
458 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | ||
459 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | ||
460 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | ||
461 | else | ||
462 | ret->key_arg_length=os.length; | ||
463 | memcpy(ret->key_arg,os.data,ret->key_arg_length); | ||
464 | if (os.data != NULL) OPENSSL_free(os.data); | ||
465 | |||
466 | ai.length=0; | ||
467 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); | ||
468 | if (ai.data != NULL) | ||
469 | { | ||
470 | ret->time=ASN1_INTEGER_get(aip); | ||
471 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
472 | } | ||
473 | else | ||
474 | ret->time=(unsigned long)time(NULL); | ||
475 | |||
476 | ai.length=0; | ||
477 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); | ||
478 | if (ai.data != NULL) | ||
479 | { | ||
480 | ret->timeout=ASN1_INTEGER_get(aip); | ||
481 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
482 | } | ||
483 | else | ||
484 | ret->timeout=3; | ||
485 | |||
486 | if (ret->peer != NULL) | ||
487 | { | ||
488 | X509_free(ret->peer); | ||
489 | ret->peer=NULL; | ||
490 | } | ||
491 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); | ||
492 | |||
493 | os.length=0; | ||
494 | os.data=NULL; | ||
495 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); | ||
496 | |||
497 | if(os.data != NULL) | ||
498 | { | ||
499 | if (os.length > SSL_MAX_SID_CTX_LENGTH) | ||
500 | { | ||
501 | c.error=SSL_R_BAD_LENGTH; | ||
502 | goto err; | ||
503 | } | ||
504 | else | ||
505 | { | ||
506 | ret->sid_ctx_length=os.length; | ||
507 | memcpy(ret->sid_ctx,os.data,os.length); | ||
508 | } | ||
509 | OPENSSL_free(os.data); os.data=NULL; os.length=0; | ||
510 | } | ||
511 | else | ||
512 | ret->sid_ctx_length=0; | ||
513 | |||
514 | ai.length=0; | ||
515 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); | ||
516 | if (ai.data != NULL) | ||
517 | { | ||
518 | ret->verify_result=ASN1_INTEGER_get(aip); | ||
519 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
520 | } | ||
521 | else | ||
522 | ret->verify_result=X509_V_OK; | ||
523 | |||
524 | #ifndef OPENSSL_NO_TLSEXT | ||
525 | os.length=0; | ||
526 | os.data=NULL; | ||
527 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); | ||
528 | if (os.data) | ||
529 | { | ||
530 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); | ||
531 | OPENSSL_free(os.data); | ||
532 | os.data = NULL; | ||
533 | os.length = 0; | ||
534 | } | ||
535 | else | ||
536 | ret->tlsext_hostname=NULL; | ||
537 | #endif /* OPENSSL_NO_TLSEXT */ | ||
538 | |||
539 | #ifndef OPENSSL_NO_PSK | ||
540 | os.length=0; | ||
541 | os.data=NULL; | ||
542 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); | ||
543 | if (os.data) | ||
544 | { | ||
545 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); | ||
546 | OPENSSL_free(os.data); | ||
547 | os.data = NULL; | ||
548 | os.length = 0; | ||
549 | } | ||
550 | else | ||
551 | ret->psk_identity_hint=NULL; | ||
552 | #endif /* OPENSSL_NO_PSK */ | ||
553 | |||
554 | #ifndef OPENSSL_NO_TLSEXT | ||
555 | ai.length=0; | ||
556 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | ||
557 | if (ai.data != NULL) | ||
558 | { | ||
559 | ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); | ||
560 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
561 | } | ||
562 | else if (ret->tlsext_ticklen && ret->session_id_length) | ||
563 | ret->tlsext_tick_lifetime_hint = -1; | ||
564 | else | ||
565 | ret->tlsext_tick_lifetime_hint=0; | ||
566 | os.length=0; | ||
567 | os.data=NULL; | ||
568 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); | ||
569 | if (os.data) | ||
570 | { | ||
571 | ret->tlsext_tick = os.data; | ||
572 | ret->tlsext_ticklen = os.length; | ||
573 | os.data = NULL; | ||
574 | os.length = 0; | ||
575 | } | ||
576 | else | ||
577 | ret->tlsext_tick=NULL; | ||
578 | #endif /* OPENSSL_NO_TLSEXT */ | ||
579 | #ifndef OPENSSL_NO_COMP | ||
580 | os.length=0; | ||
581 | os.data=NULL; | ||
582 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); | ||
583 | if (os.data) | ||
584 | { | ||
585 | ret->compress_meth = os.data[0]; | ||
586 | OPENSSL_free(os.data); | ||
587 | os.data = NULL; | ||
588 | } | ||
589 | #endif | ||
590 | |||
591 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | ||
592 | } | ||
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c deleted file mode 100644 index 27256eea81..0000000000 --- a/src/lib/libssl/ssl_cert.c +++ /dev/null | |||
@@ -1,834 +0,0 @@ | |||
1 | /*! \file ssl/ssl_cert.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * ECC cipher suite support in OpenSSL originally developed by | ||
114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
115 | */ | ||
116 | |||
117 | #include <stdio.h> | ||
118 | |||
119 | #include "e_os.h" | ||
120 | #ifndef NO_SYS_TYPES_H | ||
121 | # include <sys/types.h> | ||
122 | #endif | ||
123 | |||
124 | #include "o_dir.h" | ||
125 | #include <openssl/objects.h> | ||
126 | #include <openssl/bio.h> | ||
127 | #include <openssl/pem.h> | ||
128 | #include <openssl/x509v3.h> | ||
129 | #ifndef OPENSSL_NO_DH | ||
130 | #include <openssl/dh.h> | ||
131 | #endif | ||
132 | #include <openssl/bn.h> | ||
133 | #include "ssl_locl.h" | ||
134 | |||
135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) | ||
136 | { | ||
137 | static volatile int ssl_x509_store_ctx_idx= -1; | ||
138 | int got_write_lock = 0; | ||
139 | |||
140 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
141 | |||
142 | if (ssl_x509_store_ctx_idx < 0) | ||
143 | { | ||
144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
146 | got_write_lock = 1; | ||
147 | |||
148 | if (ssl_x509_store_ctx_idx < 0) | ||
149 | { | ||
150 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | ||
151 | 0,"SSL for verify callback",NULL,NULL,NULL); | ||
152 | } | ||
153 | } | ||
154 | |||
155 | if (got_write_lock) | ||
156 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
157 | else | ||
158 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
159 | |||
160 | return ssl_x509_store_ctx_idx; | ||
161 | } | ||
162 | |||
163 | CERT *ssl_cert_new(void) | ||
164 | { | ||
165 | CERT *ret; | ||
166 | |||
167 | ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); | ||
168 | if (ret == NULL) | ||
169 | { | ||
170 | SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); | ||
171 | return(NULL); | ||
172 | } | ||
173 | memset(ret,0,sizeof(CERT)); | ||
174 | |||
175 | ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); | ||
176 | ret->references=1; | ||
177 | |||
178 | return(ret); | ||
179 | } | ||
180 | |||
181 | CERT *ssl_cert_dup(CERT *cert) | ||
182 | { | ||
183 | CERT *ret; | ||
184 | int i; | ||
185 | |||
186 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); | ||
187 | if (ret == NULL) | ||
188 | { | ||
189 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); | ||
190 | return(NULL); | ||
191 | } | ||
192 | |||
193 | memset(ret, 0, sizeof(CERT)); | ||
194 | |||
195 | ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; | ||
196 | /* or ret->key = ret->pkeys + (cert->key - cert->pkeys), | ||
197 | * if you find that more readable */ | ||
198 | |||
199 | ret->valid = cert->valid; | ||
200 | ret->mask_k = cert->mask_k; | ||
201 | ret->mask_a = cert->mask_a; | ||
202 | ret->export_mask_k = cert->export_mask_k; | ||
203 | ret->export_mask_a = cert->export_mask_a; | ||
204 | |||
205 | #ifndef OPENSSL_NO_RSA | ||
206 | if (cert->rsa_tmp != NULL) | ||
207 | { | ||
208 | RSA_up_ref(cert->rsa_tmp); | ||
209 | ret->rsa_tmp = cert->rsa_tmp; | ||
210 | } | ||
211 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; | ||
212 | #endif | ||
213 | |||
214 | #ifndef OPENSSL_NO_DH | ||
215 | if (cert->dh_tmp != NULL) | ||
216 | { | ||
217 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | ||
218 | if (ret->dh_tmp == NULL) | ||
219 | { | ||
220 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); | ||
221 | goto err; | ||
222 | } | ||
223 | if (cert->dh_tmp->priv_key) | ||
224 | { | ||
225 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | ||
226 | if (!b) | ||
227 | { | ||
228 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | ||
229 | goto err; | ||
230 | } | ||
231 | ret->dh_tmp->priv_key = b; | ||
232 | } | ||
233 | if (cert->dh_tmp->pub_key) | ||
234 | { | ||
235 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | ||
236 | if (!b) | ||
237 | { | ||
238 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | ||
239 | goto err; | ||
240 | } | ||
241 | ret->dh_tmp->pub_key = b; | ||
242 | } | ||
243 | } | ||
244 | ret->dh_tmp_cb = cert->dh_tmp_cb; | ||
245 | #endif | ||
246 | |||
247 | #ifndef OPENSSL_NO_ECDH | ||
248 | if (cert->ecdh_tmp) | ||
249 | { | ||
250 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | ||
251 | if (ret->ecdh_tmp == NULL) | ||
252 | { | ||
253 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | ||
254 | goto err; | ||
255 | } | ||
256 | } | ||
257 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | ||
258 | #endif | ||
259 | |||
260 | for (i = 0; i < SSL_PKEY_NUM; i++) | ||
261 | { | ||
262 | if (cert->pkeys[i].x509 != NULL) | ||
263 | { | ||
264 | ret->pkeys[i].x509 = cert->pkeys[i].x509; | ||
265 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, | ||
266 | CRYPTO_LOCK_X509); | ||
267 | } | ||
268 | |||
269 | if (cert->pkeys[i].privatekey != NULL) | ||
270 | { | ||
271 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; | ||
272 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, | ||
273 | CRYPTO_LOCK_EVP_PKEY); | ||
274 | |||
275 | switch(i) | ||
276 | { | ||
277 | /* If there was anything special to do for | ||
278 | * certain types of keys, we'd do it here. | ||
279 | * (Nothing at the moment, I think.) */ | ||
280 | |||
281 | case SSL_PKEY_RSA_ENC: | ||
282 | case SSL_PKEY_RSA_SIGN: | ||
283 | /* We have an RSA key. */ | ||
284 | break; | ||
285 | |||
286 | case SSL_PKEY_DSA_SIGN: | ||
287 | /* We have a DSA key. */ | ||
288 | break; | ||
289 | |||
290 | case SSL_PKEY_DH_RSA: | ||
291 | case SSL_PKEY_DH_DSA: | ||
292 | /* We have a DH key. */ | ||
293 | break; | ||
294 | |||
295 | case SSL_PKEY_ECC: | ||
296 | /* We have an ECC key */ | ||
297 | break; | ||
298 | |||
299 | default: | ||
300 | /* Can't happen. */ | ||
301 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | ||
302 | } | ||
303 | } | ||
304 | } | ||
305 | |||
306 | /* ret->extra_certs *should* exist, but currently the own certificate | ||
307 | * chain is held inside SSL_CTX */ | ||
308 | |||
309 | ret->references=1; | ||
310 | |||
311 | return(ret); | ||
312 | |||
313 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) | ||
314 | err: | ||
315 | #endif | ||
316 | #ifndef OPENSSL_NO_RSA | ||
317 | if (ret->rsa_tmp != NULL) | ||
318 | RSA_free(ret->rsa_tmp); | ||
319 | #endif | ||
320 | #ifndef OPENSSL_NO_DH | ||
321 | if (ret->dh_tmp != NULL) | ||
322 | DH_free(ret->dh_tmp); | ||
323 | #endif | ||
324 | #ifndef OPENSSL_NO_ECDH | ||
325 | if (ret->ecdh_tmp != NULL) | ||
326 | EC_KEY_free(ret->ecdh_tmp); | ||
327 | #endif | ||
328 | |||
329 | for (i = 0; i < SSL_PKEY_NUM; i++) | ||
330 | { | ||
331 | if (ret->pkeys[i].x509 != NULL) | ||
332 | X509_free(ret->pkeys[i].x509); | ||
333 | if (ret->pkeys[i].privatekey != NULL) | ||
334 | EVP_PKEY_free(ret->pkeys[i].privatekey); | ||
335 | } | ||
336 | |||
337 | return NULL; | ||
338 | } | ||
339 | |||
340 | |||
341 | void ssl_cert_free(CERT *c) | ||
342 | { | ||
343 | int i; | ||
344 | |||
345 | if(c == NULL) | ||
346 | return; | ||
347 | |||
348 | i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); | ||
349 | #ifdef REF_PRINT | ||
350 | REF_PRINT("CERT",c); | ||
351 | #endif | ||
352 | if (i > 0) return; | ||
353 | #ifdef REF_CHECK | ||
354 | if (i < 0) | ||
355 | { | ||
356 | fprintf(stderr,"ssl_cert_free, bad reference count\n"); | ||
357 | abort(); /* ok */ | ||
358 | } | ||
359 | #endif | ||
360 | |||
361 | #ifndef OPENSSL_NO_RSA | ||
362 | if (c->rsa_tmp) RSA_free(c->rsa_tmp); | ||
363 | #endif | ||
364 | #ifndef OPENSSL_NO_DH | ||
365 | if (c->dh_tmp) DH_free(c->dh_tmp); | ||
366 | #endif | ||
367 | #ifndef OPENSSL_NO_ECDH | ||
368 | if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); | ||
369 | #endif | ||
370 | |||
371 | for (i=0; i<SSL_PKEY_NUM; i++) | ||
372 | { | ||
373 | if (c->pkeys[i].x509 != NULL) | ||
374 | X509_free(c->pkeys[i].x509); | ||
375 | if (c->pkeys[i].privatekey != NULL) | ||
376 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
377 | #if 0 | ||
378 | if (c->pkeys[i].publickey != NULL) | ||
379 | EVP_PKEY_free(c->pkeys[i].publickey); | ||
380 | #endif | ||
381 | } | ||
382 | OPENSSL_free(c); | ||
383 | } | ||
384 | |||
385 | int ssl_cert_inst(CERT **o) | ||
386 | { | ||
387 | /* Create a CERT if there isn't already one | ||
388 | * (which cannot really happen, as it is initially created in | ||
389 | * SSL_CTX_new; but the earlier code usually allows for that one | ||
390 | * being non-existant, so we follow that behaviour, as it might | ||
391 | * turn out that there actually is a reason for it -- but I'm | ||
392 | * not sure that *all* of the existing code could cope with | ||
393 | * s->cert being NULL, otherwise we could do without the | ||
394 | * initialization in SSL_CTX_new). | ||
395 | */ | ||
396 | |||
397 | if (o == NULL) | ||
398 | { | ||
399 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); | ||
400 | return(0); | ||
401 | } | ||
402 | if (*o == NULL) | ||
403 | { | ||
404 | if ((*o = ssl_cert_new()) == NULL) | ||
405 | { | ||
406 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); | ||
407 | return(0); | ||
408 | } | ||
409 | } | ||
410 | return(1); | ||
411 | } | ||
412 | |||
413 | |||
414 | SESS_CERT *ssl_sess_cert_new(void) | ||
415 | { | ||
416 | SESS_CERT *ret; | ||
417 | |||
418 | ret = OPENSSL_malloc(sizeof *ret); | ||
419 | if (ret == NULL) | ||
420 | { | ||
421 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); | ||
422 | return NULL; | ||
423 | } | ||
424 | |||
425 | memset(ret, 0 ,sizeof *ret); | ||
426 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | ||
427 | ret->references = 1; | ||
428 | |||
429 | return ret; | ||
430 | } | ||
431 | |||
432 | void ssl_sess_cert_free(SESS_CERT *sc) | ||
433 | { | ||
434 | int i; | ||
435 | |||
436 | if (sc == NULL) | ||
437 | return; | ||
438 | |||
439 | i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); | ||
440 | #ifdef REF_PRINT | ||
441 | REF_PRINT("SESS_CERT", sc); | ||
442 | #endif | ||
443 | if (i > 0) | ||
444 | return; | ||
445 | #ifdef REF_CHECK | ||
446 | if (i < 0) | ||
447 | { | ||
448 | fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); | ||
449 | abort(); /* ok */ | ||
450 | } | ||
451 | #endif | ||
452 | |||
453 | /* i == 0 */ | ||
454 | if (sc->cert_chain != NULL) | ||
455 | sk_X509_pop_free(sc->cert_chain, X509_free); | ||
456 | for (i = 0; i < SSL_PKEY_NUM; i++) | ||
457 | { | ||
458 | if (sc->peer_pkeys[i].x509 != NULL) | ||
459 | X509_free(sc->peer_pkeys[i].x509); | ||
460 | #if 0 /* We don't have the peer's private key. These lines are just | ||
461 | * here as a reminder that we're still using a not-quite-appropriate | ||
462 | * data structure. */ | ||
463 | if (sc->peer_pkeys[i].privatekey != NULL) | ||
464 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); | ||
465 | #endif | ||
466 | } | ||
467 | |||
468 | #ifndef OPENSSL_NO_RSA | ||
469 | if (sc->peer_rsa_tmp != NULL) | ||
470 | RSA_free(sc->peer_rsa_tmp); | ||
471 | #endif | ||
472 | #ifndef OPENSSL_NO_DH | ||
473 | if (sc->peer_dh_tmp != NULL) | ||
474 | DH_free(sc->peer_dh_tmp); | ||
475 | #endif | ||
476 | #ifndef OPENSSL_NO_ECDH | ||
477 | if (sc->peer_ecdh_tmp != NULL) | ||
478 | EC_KEY_free(sc->peer_ecdh_tmp); | ||
479 | #endif | ||
480 | |||
481 | OPENSSL_free(sc); | ||
482 | } | ||
483 | |||
484 | int ssl_set_peer_cert_type(SESS_CERT *sc,int type) | ||
485 | { | ||
486 | sc->peer_cert_type = type; | ||
487 | return(1); | ||
488 | } | ||
489 | |||
490 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | ||
491 | { | ||
492 | X509 *x; | ||
493 | int i; | ||
494 | X509_STORE_CTX ctx; | ||
495 | |||
496 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | ||
497 | return(0); | ||
498 | |||
499 | x=sk_X509_value(sk,0); | ||
500 | if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) | ||
501 | { | ||
502 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | ||
503 | return(0); | ||
504 | } | ||
505 | #if 0 | ||
506 | if (SSL_get_verify_depth(s) >= 0) | ||
507 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | ||
508 | #endif | ||
509 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | ||
510 | |||
511 | /* We need to inherit the verify parameters. These can be determined by | ||
512 | * the context: if its a server it will verify SSL client certificates | ||
513 | * or vice versa. | ||
514 | */ | ||
515 | |||
516 | X509_STORE_CTX_set_default(&ctx, | ||
517 | s->server ? "ssl_client" : "ssl_server"); | ||
518 | /* Anything non-default in "param" should overwrite anything in the | ||
519 | * ctx. | ||
520 | */ | ||
521 | X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); | ||
522 | |||
523 | if (s->verify_callback) | ||
524 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); | ||
525 | |||
526 | if (s->ctx->app_verify_callback != NULL) | ||
527 | #if 1 /* new with OpenSSL 0.9.7 */ | ||
528 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | ||
529 | #else | ||
530 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ | ||
531 | #endif | ||
532 | else | ||
533 | { | ||
534 | #ifndef OPENSSL_NO_X509_VERIFY | ||
535 | i=X509_verify_cert(&ctx); | ||
536 | #else | ||
537 | i=0; | ||
538 | ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; | ||
539 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); | ||
540 | #endif | ||
541 | } | ||
542 | |||
543 | s->verify_result=ctx.error; | ||
544 | X509_STORE_CTX_cleanup(&ctx); | ||
545 | |||
546 | return(i); | ||
547 | } | ||
548 | |||
549 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) | ||
550 | { | ||
551 | if (*ca_list != NULL) | ||
552 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); | ||
553 | |||
554 | *ca_list=name_list; | ||
555 | } | ||
556 | |||
557 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | ||
558 | { | ||
559 | int i; | ||
560 | STACK_OF(X509_NAME) *ret; | ||
561 | X509_NAME *name; | ||
562 | |||
563 | ret=sk_X509_NAME_new_null(); | ||
564 | for (i=0; i<sk_X509_NAME_num(sk); i++) | ||
565 | { | ||
566 | name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); | ||
567 | if ((name == NULL) || !sk_X509_NAME_push(ret,name)) | ||
568 | { | ||
569 | sk_X509_NAME_pop_free(ret,X509_NAME_free); | ||
570 | return(NULL); | ||
571 | } | ||
572 | } | ||
573 | return(ret); | ||
574 | } | ||
575 | |||
576 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) | ||
577 | { | ||
578 | set_client_CA_list(&(s->client_CA),name_list); | ||
579 | } | ||
580 | |||
581 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) | ||
582 | { | ||
583 | set_client_CA_list(&(ctx->client_CA),name_list); | ||
584 | } | ||
585 | |||
586 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) | ||
587 | { | ||
588 | return(ctx->client_CA); | ||
589 | } | ||
590 | |||
591 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) | ||
592 | { | ||
593 | if (s->type == SSL_ST_CONNECT) | ||
594 | { /* we are in the client */ | ||
595 | if (((s->version>>8) == SSL3_VERSION_MAJOR) && | ||
596 | (s->s3 != NULL)) | ||
597 | return(s->s3->tmp.ca_names); | ||
598 | else | ||
599 | return(NULL); | ||
600 | } | ||
601 | else | ||
602 | { | ||
603 | if (s->client_CA != NULL) | ||
604 | return(s->client_CA); | ||
605 | else | ||
606 | return(s->ctx->client_CA); | ||
607 | } | ||
608 | } | ||
609 | |||
610 | static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) | ||
611 | { | ||
612 | X509_NAME *name; | ||
613 | |||
614 | if (x == NULL) return(0); | ||
615 | if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) | ||
616 | return(0); | ||
617 | |||
618 | if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) | ||
619 | return(0); | ||
620 | |||
621 | if (!sk_X509_NAME_push(*sk,name)) | ||
622 | { | ||
623 | X509_NAME_free(name); | ||
624 | return(0); | ||
625 | } | ||
626 | return(1); | ||
627 | } | ||
628 | |||
629 | int SSL_add_client_CA(SSL *ssl,X509 *x) | ||
630 | { | ||
631 | return(add_client_CA(&(ssl->client_CA),x)); | ||
632 | } | ||
633 | |||
634 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) | ||
635 | { | ||
636 | return(add_client_CA(&(ctx->client_CA),x)); | ||
637 | } | ||
638 | |||
639 | static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
640 | { | ||
641 | return(X509_NAME_cmp(*a,*b)); | ||
642 | } | ||
643 | |||
644 | #ifndef OPENSSL_NO_STDIO | ||
645 | /*! | ||
646 | * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; | ||
647 | * it doesn't really have anything to do with clients (except that a common use | ||
648 | * for a stack of CAs is to send it to the client). Actually, it doesn't have | ||
649 | * much to do with CAs, either, since it will load any old cert. | ||
650 | * \param file the file containing one or more certs. | ||
651 | * \return a ::STACK containing the certs. | ||
652 | */ | ||
653 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) | ||
654 | { | ||
655 | BIO *in; | ||
656 | X509 *x=NULL; | ||
657 | X509_NAME *xn=NULL; | ||
658 | STACK_OF(X509_NAME) *ret = NULL,*sk; | ||
659 | |||
660 | sk=sk_X509_NAME_new(xname_cmp); | ||
661 | |||
662 | in=BIO_new(BIO_s_file_internal()); | ||
663 | |||
664 | if ((sk == NULL) || (in == NULL)) | ||
665 | { | ||
666 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
667 | goto err; | ||
668 | } | ||
669 | |||
670 | if (!BIO_read_filename(in,file)) | ||
671 | goto err; | ||
672 | |||
673 | for (;;) | ||
674 | { | ||
675 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
676 | break; | ||
677 | if (ret == NULL) | ||
678 | { | ||
679 | ret = sk_X509_NAME_new_null(); | ||
680 | if (ret == NULL) | ||
681 | { | ||
682 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
683 | goto err; | ||
684 | } | ||
685 | } | ||
686 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | ||
687 | /* check for duplicates */ | ||
688 | xn=X509_NAME_dup(xn); | ||
689 | if (xn == NULL) goto err; | ||
690 | if (sk_X509_NAME_find(sk,xn) >= 0) | ||
691 | X509_NAME_free(xn); | ||
692 | else | ||
693 | { | ||
694 | sk_X509_NAME_push(sk,xn); | ||
695 | sk_X509_NAME_push(ret,xn); | ||
696 | } | ||
697 | } | ||
698 | |||
699 | if (0) | ||
700 | { | ||
701 | err: | ||
702 | if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); | ||
703 | ret=NULL; | ||
704 | } | ||
705 | if (sk != NULL) sk_X509_NAME_free(sk); | ||
706 | if (in != NULL) BIO_free(in); | ||
707 | if (x != NULL) X509_free(x); | ||
708 | if (ret != NULL) | ||
709 | ERR_clear_error(); | ||
710 | return(ret); | ||
711 | } | ||
712 | #endif | ||
713 | |||
714 | /*! | ||
715 | * Add a file of certs to a stack. | ||
716 | * \param stack the stack to add to. | ||
717 | * \param file the file to add from. All certs in this file that are not | ||
718 | * already in the stack will be added. | ||
719 | * \return 1 for success, 0 for failure. Note that in the case of failure some | ||
720 | * certs may have been added to \c stack. | ||
721 | */ | ||
722 | |||
723 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
724 | const char *file) | ||
725 | { | ||
726 | BIO *in; | ||
727 | X509 *x=NULL; | ||
728 | X509_NAME *xn=NULL; | ||
729 | int ret=1; | ||
730 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); | ||
731 | |||
732 | oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); | ||
733 | |||
734 | in=BIO_new(BIO_s_file_internal()); | ||
735 | |||
736 | if (in == NULL) | ||
737 | { | ||
738 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); | ||
739 | goto err; | ||
740 | } | ||
741 | |||
742 | if (!BIO_read_filename(in,file)) | ||
743 | goto err; | ||
744 | |||
745 | for (;;) | ||
746 | { | ||
747 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
748 | break; | ||
749 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | ||
750 | xn=X509_NAME_dup(xn); | ||
751 | if (xn == NULL) goto err; | ||
752 | if (sk_X509_NAME_find(stack,xn) >= 0) | ||
753 | X509_NAME_free(xn); | ||
754 | else | ||
755 | sk_X509_NAME_push(stack,xn); | ||
756 | } | ||
757 | |||
758 | ERR_clear_error(); | ||
759 | |||
760 | if (0) | ||
761 | { | ||
762 | err: | ||
763 | ret=0; | ||
764 | } | ||
765 | if(in != NULL) | ||
766 | BIO_free(in); | ||
767 | if(x != NULL) | ||
768 | X509_free(x); | ||
769 | |||
770 | (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); | ||
771 | |||
772 | return ret; | ||
773 | } | ||
774 | |||
775 | /*! | ||
776 | * Add a directory of certs to a stack. | ||
777 | * \param stack the stack to append to. | ||
778 | * \param dir the directory to append from. All files in this directory will be | ||
779 | * examined as potential certs. Any that are acceptable to | ||
780 | * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be | ||
781 | * included. | ||
782 | * \return 1 for success, 0 for failure. Note that in the case of failure some | ||
783 | * certs may have been added to \c stack. | ||
784 | */ | ||
785 | |||
786 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
787 | const char *dir) | ||
788 | { | ||
789 | OPENSSL_DIR_CTX *d = NULL; | ||
790 | const char *filename; | ||
791 | int ret = 0; | ||
792 | |||
793 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | ||
794 | |||
795 | /* Note that a side effect is that the CAs will be sorted by name */ | ||
796 | |||
797 | while((filename = OPENSSL_DIR_read(&d, dir))) | ||
798 | { | ||
799 | char buf[1024]; | ||
800 | int r; | ||
801 | |||
802 | if(strlen(dir)+strlen(filename)+2 > sizeof buf) | ||
803 | { | ||
804 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
805 | goto err; | ||
806 | } | ||
807 | |||
808 | #ifdef OPENSSL_SYS_VMS | ||
809 | r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename); | ||
810 | #else | ||
811 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); | ||
812 | #endif | ||
813 | if (r <= 0 || r >= (int)sizeof(buf)) | ||
814 | goto err; | ||
815 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | ||
816 | goto err; | ||
817 | } | ||
818 | |||
819 | if (errno) | ||
820 | { | ||
821 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); | ||
822 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); | ||
823 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | ||
824 | goto err; | ||
825 | } | ||
826 | |||
827 | ret = 1; | ||
828 | |||
829 | err: | ||
830 | if (d) OPENSSL_DIR_end(&d); | ||
831 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | ||
832 | return ret; | ||
833 | } | ||
834 | |||
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c deleted file mode 100644 index 54ba7ef5b4..0000000000 --- a/src/lib/libssl/ssl_ciph.c +++ /dev/null | |||
@@ -1,1747 +0,0 @@ | |||
1 | /* ssl/ssl_ciph.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * ECC cipher suite support in OpenSSL originally developed by | ||
114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
115 | */ | ||
116 | /* ==================================================================== | ||
117 | * Copyright 2005 Nokia. All rights reserved. | ||
118 | * | ||
119 | * The portions of the attached software ("Contribution") is developed by | ||
120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
121 | * license. | ||
122 | * | ||
123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
125 | * support (see RFC 4279) to OpenSSL. | ||
126 | * | ||
127 | * No patent licenses or other rights except those expressly stated in | ||
128 | * the OpenSSL open source license shall be deemed granted or received | ||
129 | * expressly, by implication, estoppel, or otherwise. | ||
130 | * | ||
131 | * No assurances are provided by Nokia that the Contribution does not | ||
132 | * infringe the patent or other intellectual property rights of any third | ||
133 | * party or that the license provides you with all the necessary rights | ||
134 | * to make use of the Contribution. | ||
135 | * | ||
136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
140 | * OTHERWISE. | ||
141 | */ | ||
142 | |||
143 | #include <stdio.h> | ||
144 | #include <openssl/objects.h> | ||
145 | #ifndef OPENSSL_NO_COMP | ||
146 | #include <openssl/comp.h> | ||
147 | #endif | ||
148 | #ifndef OPENSSL_NO_ENGINE | ||
149 | #include <openssl/engine.h> | ||
150 | #endif | ||
151 | #include "ssl_locl.h" | ||
152 | |||
153 | #define SSL_ENC_DES_IDX 0 | ||
154 | #define SSL_ENC_3DES_IDX 1 | ||
155 | #define SSL_ENC_RC4_IDX 2 | ||
156 | #define SSL_ENC_RC2_IDX 3 | ||
157 | #define SSL_ENC_IDEA_IDX 4 | ||
158 | #define SSL_ENC_NULL_IDX 5 | ||
159 | #define SSL_ENC_AES128_IDX 6 | ||
160 | #define SSL_ENC_AES256_IDX 7 | ||
161 | #define SSL_ENC_CAMELLIA128_IDX 8 | ||
162 | #define SSL_ENC_CAMELLIA256_IDX 9 | ||
163 | #define SSL_ENC_GOST89_IDX 10 | ||
164 | #define SSL_ENC_SEED_IDX 11 | ||
165 | #define SSL_ENC_NUM_IDX 12 | ||
166 | |||
167 | |||
168 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | ||
169 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, | ||
170 | }; | ||
171 | |||
172 | #define SSL_COMP_NULL_IDX 0 | ||
173 | #define SSL_COMP_ZLIB_IDX 1 | ||
174 | #define SSL_COMP_NUM_IDX 2 | ||
175 | |||
176 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | ||
177 | |||
178 | #define SSL_MD_MD5_IDX 0 | ||
179 | #define SSL_MD_SHA1_IDX 1 | ||
180 | #define SSL_MD_GOST94_IDX 2 | ||
181 | #define SSL_MD_GOST89MAC_IDX 3 | ||
182 | /*Constant SSL_MAX_DIGEST equal to size of digests array should be | ||
183 | * defined in the | ||
184 | * ssl_locl.h */ | ||
185 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | ||
186 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ | ||
187 | NULL,NULL,NULL,NULL | ||
188 | }; | ||
189 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because | ||
190 | * implementation is engine-provided, we'll fill it only if | ||
191 | * corresponding EVP_PKEY_METHOD is found | ||
192 | */ | ||
193 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ | ||
194 | EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef | ||
195 | }; | ||
196 | |||
197 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ | ||
198 | 0,0,0,0 | ||
199 | }; | ||
200 | |||
201 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | ||
202 | SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, | ||
203 | SSL_HANDSHAKE_MAC_GOST94,0 | ||
204 | }; | ||
205 | |||
206 | #define CIPHER_ADD 1 | ||
207 | #define CIPHER_KILL 2 | ||
208 | #define CIPHER_DEL 3 | ||
209 | #define CIPHER_ORD 4 | ||
210 | #define CIPHER_SPECIAL 5 | ||
211 | |||
212 | typedef struct cipher_order_st | ||
213 | { | ||
214 | const SSL_CIPHER *cipher; | ||
215 | int active; | ||
216 | int dead; | ||
217 | struct cipher_order_st *next,*prev; | ||
218 | } CIPHER_ORDER; | ||
219 | |||
220 | static const SSL_CIPHER cipher_aliases[]={ | ||
221 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ | ||
222 | {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, | ||
223 | /* "COMPLEMENTOFALL" */ | ||
224 | {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, | ||
225 | |||
226 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ | ||
227 | {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, | ||
228 | |||
229 | /* key exchange aliases | ||
230 | * (some of those using only a single bit here combine | ||
231 | * multiple key exchange algs according to the RFCs, | ||
232 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ | ||
233 | {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, | ||
234 | |||
235 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | ||
236 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | ||
237 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | ||
238 | {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, | ||
239 | {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, | ||
240 | |||
241 | {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, | ||
242 | |||
243 | {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, | ||
244 | {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, | ||
245 | {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, | ||
246 | {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, | ||
247 | {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, | ||
248 | |||
249 | {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, | ||
250 | {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, | ||
251 | |||
252 | /* server authentication aliases */ | ||
253 | {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, | ||
254 | {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | ||
255 | {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | ||
256 | {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, | ||
257 | {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, | ||
258 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | ||
259 | {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, | ||
260 | {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, | ||
261 | {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, | ||
262 | {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, | ||
263 | {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, | ||
264 | {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, | ||
265 | {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, | ||
266 | |||
267 | /* aliases combining key exchange and server authentication */ | ||
268 | {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, | ||
269 | {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, | ||
270 | {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | ||
271 | {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, | ||
272 | {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, | ||
273 | {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, | ||
274 | {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, | ||
275 | {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, | ||
276 | |||
277 | |||
278 | /* symmetric encryption aliases */ | ||
279 | {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, | ||
280 | {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, | ||
281 | {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, | ||
282 | {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, | ||
283 | {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, | ||
284 | {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, | ||
285 | {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | ||
286 | {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0}, | ||
287 | {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0}, | ||
288 | {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0}, | ||
289 | {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, | ||
290 | {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, | ||
291 | {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, | ||
292 | |||
293 | /* MAC aliases */ | ||
294 | {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, | ||
295 | {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | ||
296 | {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | ||
297 | {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, | ||
298 | {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, | ||
299 | |||
300 | /* protocol version aliases */ | ||
301 | {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, | ||
302 | {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, | ||
303 | {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, | ||
304 | |||
305 | /* export flag */ | ||
306 | {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | ||
307 | {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | ||
308 | |||
309 | /* strength classes */ | ||
310 | {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, | ||
311 | {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, | ||
312 | {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, | ||
313 | {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, | ||
314 | {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, | ||
315 | /* FIPS 140-2 approved ciphersuite */ | ||
316 | {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, | ||
317 | }; | ||
318 | /* Search for public key algorithm with given name and | ||
319 | * return its pkey_id if it is available. Otherwise return 0 | ||
320 | */ | ||
321 | #ifdef OPENSSL_NO_ENGINE | ||
322 | |||
323 | static int get_optional_pkey_id(const char *pkey_name) | ||
324 | { | ||
325 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
326 | int pkey_id=0; | ||
327 | ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); | ||
328 | if (ameth) | ||
329 | { | ||
330 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
331 | } | ||
332 | return pkey_id; | ||
333 | } | ||
334 | |||
335 | #else | ||
336 | |||
337 | static int get_optional_pkey_id(const char *pkey_name) | ||
338 | { | ||
339 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
340 | ENGINE *tmpeng = NULL; | ||
341 | int pkey_id=0; | ||
342 | ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); | ||
343 | if (ameth) | ||
344 | { | ||
345 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
346 | } | ||
347 | if (tmpeng) ENGINE_finish(tmpeng); | ||
348 | return pkey_id; | ||
349 | } | ||
350 | |||
351 | #endif | ||
352 | |||
353 | void ssl_load_ciphers(void) | ||
354 | { | ||
355 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | ||
356 | EVP_get_cipherbyname(SN_des_cbc); | ||
357 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= | ||
358 | EVP_get_cipherbyname(SN_des_ede3_cbc); | ||
359 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= | ||
360 | EVP_get_cipherbyname(SN_rc4); | ||
361 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | ||
362 | EVP_get_cipherbyname(SN_rc2_cbc); | ||
363 | #ifndef OPENSSL_NO_IDEA | ||
364 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | ||
365 | EVP_get_cipherbyname(SN_idea_cbc); | ||
366 | #else | ||
367 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | ||
368 | #endif | ||
369 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | ||
370 | EVP_get_cipherbyname(SN_aes_128_cbc); | ||
371 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | ||
372 | EVP_get_cipherbyname(SN_aes_256_cbc); | ||
373 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= | ||
374 | EVP_get_cipherbyname(SN_camellia_128_cbc); | ||
375 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | ||
376 | EVP_get_cipherbyname(SN_camellia_256_cbc); | ||
377 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= | ||
378 | EVP_get_cipherbyname(SN_gost89_cnt); | ||
379 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= | ||
380 | EVP_get_cipherbyname(SN_seed_cbc); | ||
381 | |||
382 | ssl_digest_methods[SSL_MD_MD5_IDX]= | ||
383 | EVP_get_digestbyname(SN_md5); | ||
384 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= | ||
385 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); | ||
386 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); | ||
387 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | ||
388 | EVP_get_digestbyname(SN_sha1); | ||
389 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= | ||
390 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); | ||
391 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); | ||
392 | ssl_digest_methods[SSL_MD_GOST94_IDX]= | ||
393 | EVP_get_digestbyname(SN_id_GostR3411_94); | ||
394 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) | ||
395 | { | ||
396 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= | ||
397 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); | ||
398 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); | ||
399 | } | ||
400 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= | ||
401 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | ||
402 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); | ||
403 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | ||
404 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; | ||
405 | } | ||
406 | |||
407 | } | ||
408 | #ifndef OPENSSL_NO_COMP | ||
409 | |||
410 | static int sk_comp_cmp(const SSL_COMP * const *a, | ||
411 | const SSL_COMP * const *b) | ||
412 | { | ||
413 | return((*a)->id-(*b)->id); | ||
414 | } | ||
415 | |||
416 | static void load_builtin_compressions(void) | ||
417 | { | ||
418 | int got_write_lock = 0; | ||
419 | |||
420 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | ||
421 | if (ssl_comp_methods == NULL) | ||
422 | { | ||
423 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
424 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
425 | got_write_lock = 1; | ||
426 | |||
427 | if (ssl_comp_methods == NULL) | ||
428 | { | ||
429 | SSL_COMP *comp = NULL; | ||
430 | |||
431 | MemCheck_off(); | ||
432 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | ||
433 | if (ssl_comp_methods != NULL) | ||
434 | { | ||
435 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | ||
436 | if (comp != NULL) | ||
437 | { | ||
438 | comp->method=COMP_zlib(); | ||
439 | if (comp->method | ||
440 | && comp->method->type == NID_undef) | ||
441 | OPENSSL_free(comp); | ||
442 | else | ||
443 | { | ||
444 | comp->id=SSL_COMP_ZLIB_IDX; | ||
445 | comp->name=comp->method->name; | ||
446 | sk_SSL_COMP_push(ssl_comp_methods,comp); | ||
447 | } | ||
448 | } | ||
449 | sk_SSL_COMP_sort(ssl_comp_methods); | ||
450 | } | ||
451 | MemCheck_on(); | ||
452 | } | ||
453 | } | ||
454 | |||
455 | if (got_write_lock) | ||
456 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
457 | else | ||
458 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
459 | } | ||
460 | #endif | ||
461 | |||
462 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
463 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) | ||
464 | { | ||
465 | int i; | ||
466 | const SSL_CIPHER *c; | ||
467 | |||
468 | c=s->cipher; | ||
469 | if (c == NULL) return(0); | ||
470 | if (comp != NULL) | ||
471 | { | ||
472 | SSL_COMP ctmp; | ||
473 | #ifndef OPENSSL_NO_COMP | ||
474 | load_builtin_compressions(); | ||
475 | #endif | ||
476 | |||
477 | *comp=NULL; | ||
478 | ctmp.id=s->compress_meth; | ||
479 | if (ssl_comp_methods != NULL) | ||
480 | { | ||
481 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | ||
482 | if (i >= 0) | ||
483 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | ||
484 | else | ||
485 | *comp=NULL; | ||
486 | } | ||
487 | } | ||
488 | |||
489 | if ((enc == NULL) || (md == NULL)) return(0); | ||
490 | |||
491 | switch (c->algorithm_enc) | ||
492 | { | ||
493 | case SSL_DES: | ||
494 | i=SSL_ENC_DES_IDX; | ||
495 | break; | ||
496 | case SSL_3DES: | ||
497 | i=SSL_ENC_3DES_IDX; | ||
498 | break; | ||
499 | case SSL_RC4: | ||
500 | i=SSL_ENC_RC4_IDX; | ||
501 | break; | ||
502 | case SSL_RC2: | ||
503 | i=SSL_ENC_RC2_IDX; | ||
504 | break; | ||
505 | case SSL_IDEA: | ||
506 | i=SSL_ENC_IDEA_IDX; | ||
507 | break; | ||
508 | case SSL_eNULL: | ||
509 | i=SSL_ENC_NULL_IDX; | ||
510 | break; | ||
511 | case SSL_AES128: | ||
512 | i=SSL_ENC_AES128_IDX; | ||
513 | break; | ||
514 | case SSL_AES256: | ||
515 | i=SSL_ENC_AES256_IDX; | ||
516 | break; | ||
517 | case SSL_CAMELLIA128: | ||
518 | i=SSL_ENC_CAMELLIA128_IDX; | ||
519 | break; | ||
520 | case SSL_CAMELLIA256: | ||
521 | i=SSL_ENC_CAMELLIA256_IDX; | ||
522 | break; | ||
523 | case SSL_eGOST2814789CNT: | ||
524 | i=SSL_ENC_GOST89_IDX; | ||
525 | break; | ||
526 | case SSL_SEED: | ||
527 | i=SSL_ENC_SEED_IDX; | ||
528 | break; | ||
529 | default: | ||
530 | i= -1; | ||
531 | break; | ||
532 | } | ||
533 | |||
534 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) | ||
535 | *enc=NULL; | ||
536 | else | ||
537 | { | ||
538 | if (i == SSL_ENC_NULL_IDX) | ||
539 | *enc=EVP_enc_null(); | ||
540 | else | ||
541 | *enc=ssl_cipher_methods[i]; | ||
542 | } | ||
543 | |||
544 | switch (c->algorithm_mac) | ||
545 | { | ||
546 | case SSL_MD5: | ||
547 | i=SSL_MD_MD5_IDX; | ||
548 | break; | ||
549 | case SSL_SHA1: | ||
550 | i=SSL_MD_SHA1_IDX; | ||
551 | break; | ||
552 | case SSL_GOST94: | ||
553 | i = SSL_MD_GOST94_IDX; | ||
554 | break; | ||
555 | case SSL_GOST89MAC: | ||
556 | i = SSL_MD_GOST89MAC_IDX; | ||
557 | break; | ||
558 | default: | ||
559 | i= -1; | ||
560 | break; | ||
561 | } | ||
562 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) | ||
563 | { | ||
564 | *md=NULL; | ||
565 | if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; | ||
566 | if (mac_secret_size!=NULL) *mac_secret_size = 0; | ||
567 | |||
568 | } | ||
569 | else | ||
570 | { | ||
571 | *md=ssl_digest_methods[i]; | ||
572 | if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; | ||
573 | if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; | ||
574 | } | ||
575 | |||
576 | if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef)) | ||
577 | return(1); | ||
578 | else | ||
579 | return(0); | ||
580 | } | ||
581 | |||
582 | int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | ||
583 | { | ||
584 | if (idx <0||idx>=SSL_MD_NUM_IDX) | ||
585 | { | ||
586 | return 0; | ||
587 | } | ||
588 | if (ssl_handshake_digest_flag[idx]==0) return 0; | ||
589 | *mask = ssl_handshake_digest_flag[idx]; | ||
590 | *md = ssl_digest_methods[idx]; | ||
591 | return 1; | ||
592 | } | ||
593 | |||
594 | #define ITEM_SEP(a) \ | ||
595 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | ||
596 | |||
597 | static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | ||
598 | CIPHER_ORDER **tail) | ||
599 | { | ||
600 | if (curr == *tail) return; | ||
601 | if (curr == *head) | ||
602 | *head=curr->next; | ||
603 | if (curr->prev != NULL) | ||
604 | curr->prev->next=curr->next; | ||
605 | if (curr->next != NULL) | ||
606 | curr->next->prev=curr->prev; | ||
607 | (*tail)->next=curr; | ||
608 | curr->prev= *tail; | ||
609 | curr->next=NULL; | ||
610 | *tail=curr; | ||
611 | } | ||
612 | |||
613 | static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, | ||
614 | CIPHER_ORDER **tail) | ||
615 | { | ||
616 | if (curr == *head) return; | ||
617 | if (curr == *tail) | ||
618 | *tail=curr->prev; | ||
619 | if (curr->next != NULL) | ||
620 | curr->next->prev=curr->prev; | ||
621 | if (curr->prev != NULL) | ||
622 | curr->prev->next=curr->next; | ||
623 | (*head)->prev=curr; | ||
624 | curr->next= *head; | ||
625 | curr->prev=NULL; | ||
626 | *head=curr; | ||
627 | } | ||
628 | |||
629 | static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) | ||
630 | { | ||
631 | *mkey = 0; | ||
632 | *auth = 0; | ||
633 | *enc = 0; | ||
634 | *mac = 0; | ||
635 | *ssl = 0; | ||
636 | |||
637 | #ifdef OPENSSL_NO_RSA | ||
638 | *mkey |= SSL_kRSA; | ||
639 | *auth |= SSL_aRSA; | ||
640 | #endif | ||
641 | #ifdef OPENSSL_NO_DSA | ||
642 | *auth |= SSL_aDSS; | ||
643 | #endif | ||
644 | *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */ | ||
645 | *auth |= SSL_aDH; | ||
646 | #ifdef OPENSSL_NO_DH | ||
647 | *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH; | ||
648 | *auth |= SSL_aDH; | ||
649 | #endif | ||
650 | #ifdef OPENSSL_NO_KRB5 | ||
651 | *mkey |= SSL_kKRB5; | ||
652 | *auth |= SSL_aKRB5; | ||
653 | #endif | ||
654 | #ifdef OPENSSL_NO_ECDSA | ||
655 | *auth |= SSL_aECDSA; | ||
656 | #endif | ||
657 | #ifdef OPENSSL_NO_ECDH | ||
658 | *mkey |= SSL_kECDHe|SSL_kECDHr; | ||
659 | *auth |= SSL_aECDH; | ||
660 | #endif | ||
661 | #ifdef OPENSSL_NO_PSK | ||
662 | *mkey |= SSL_kPSK; | ||
663 | *auth |= SSL_aPSK; | ||
664 | #endif | ||
665 | /* Check for presence of GOST 34.10 algorithms, and if they | ||
666 | * do not present, disable appropriate auth and key exchange */ | ||
667 | if (!get_optional_pkey_id("gost94")) { | ||
668 | *auth |= SSL_aGOST94; | ||
669 | } | ||
670 | if (!get_optional_pkey_id("gost2001")) { | ||
671 | *auth |= SSL_aGOST01; | ||
672 | } | ||
673 | /* Disable GOST key exchange if no GOST signature algs are available * */ | ||
674 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { | ||
675 | *mkey |= SSL_kGOST; | ||
676 | } | ||
677 | #ifdef SSL_FORBID_ENULL | ||
678 | *enc |= SSL_eNULL; | ||
679 | #endif | ||
680 | |||
681 | |||
682 | |||
683 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; | ||
684 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; | ||
685 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; | ||
686 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | ||
687 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | ||
688 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; | ||
689 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; | ||
690 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; | ||
691 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; | ||
692 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; | ||
693 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; | ||
694 | |||
695 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; | ||
696 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | ||
697 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; | ||
698 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; | ||
699 | |||
700 | } | ||
701 | |||
702 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | ||
703 | int num_of_ciphers, | ||
704 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
705 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
706 | unsigned long disabled_ssl, | ||
707 | CIPHER_ORDER *co_list, | ||
708 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
709 | { | ||
710 | int i, co_list_num; | ||
711 | const SSL_CIPHER *c; | ||
712 | |||
713 | /* | ||
714 | * We have num_of_ciphers descriptions compiled in, depending on the | ||
715 | * method selected (SSLv2 and/or SSLv3, TLSv1 etc). | ||
716 | * These will later be sorted in a linked list with at most num | ||
717 | * entries. | ||
718 | */ | ||
719 | |||
720 | /* Get the initial list of ciphers */ | ||
721 | co_list_num = 0; /* actual count of ciphers */ | ||
722 | for (i = 0; i < num_of_ciphers; i++) | ||
723 | { | ||
724 | c = ssl_method->get_cipher(i); | ||
725 | /* drop those that use any of that is not available */ | ||
726 | if ((c != NULL) && c->valid && | ||
727 | !(c->algorithm_mkey & disabled_mkey) && | ||
728 | !(c->algorithm_auth & disabled_auth) && | ||
729 | !(c->algorithm_enc & disabled_enc) && | ||
730 | !(c->algorithm_mac & disabled_mac) && | ||
731 | !(c->algorithm_ssl & disabled_ssl)) | ||
732 | { | ||
733 | co_list[co_list_num].cipher = c; | ||
734 | co_list[co_list_num].next = NULL; | ||
735 | co_list[co_list_num].prev = NULL; | ||
736 | co_list[co_list_num].active = 0; | ||
737 | co_list_num++; | ||
738 | #ifdef KSSL_DEBUG | ||
739 | printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); | ||
740 | #endif /* KSSL_DEBUG */ | ||
741 | /* | ||
742 | if (!sk_push(ca_list,(char *)c)) goto err; | ||
743 | */ | ||
744 | } | ||
745 | } | ||
746 | |||
747 | /* | ||
748 | * Prepare linked list from list entries | ||
749 | */ | ||
750 | if (co_list_num > 0) | ||
751 | { | ||
752 | co_list[0].prev = NULL; | ||
753 | |||
754 | if (co_list_num > 1) | ||
755 | { | ||
756 | co_list[0].next = &co_list[1]; | ||
757 | |||
758 | for (i = 1; i < co_list_num - 1; i++) | ||
759 | { | ||
760 | co_list[i].prev = &co_list[i - 1]; | ||
761 | co_list[i].next = &co_list[i + 1]; | ||
762 | } | ||
763 | |||
764 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; | ||
765 | } | ||
766 | |||
767 | co_list[co_list_num - 1].next = NULL; | ||
768 | |||
769 | *head_p = &co_list[0]; | ||
770 | *tail_p = &co_list[co_list_num - 1]; | ||
771 | } | ||
772 | } | ||
773 | |||
774 | static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | ||
775 | int num_of_group_aliases, | ||
776 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
777 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
778 | unsigned long disabled_ssl, | ||
779 | CIPHER_ORDER *head) | ||
780 | { | ||
781 | CIPHER_ORDER *ciph_curr; | ||
782 | const SSL_CIPHER **ca_curr; | ||
783 | int i; | ||
784 | unsigned long mask_mkey = ~disabled_mkey; | ||
785 | unsigned long mask_auth = ~disabled_auth; | ||
786 | unsigned long mask_enc = ~disabled_enc; | ||
787 | unsigned long mask_mac = ~disabled_mac; | ||
788 | unsigned long mask_ssl = ~disabled_ssl; | ||
789 | |||
790 | /* | ||
791 | * First, add the real ciphers as already collected | ||
792 | */ | ||
793 | ciph_curr = head; | ||
794 | ca_curr = ca_list; | ||
795 | while (ciph_curr != NULL) | ||
796 | { | ||
797 | *ca_curr = ciph_curr->cipher; | ||
798 | ca_curr++; | ||
799 | ciph_curr = ciph_curr->next; | ||
800 | } | ||
801 | |||
802 | /* | ||
803 | * Now we add the available ones from the cipher_aliases[] table. | ||
804 | * They represent either one or more algorithms, some of which | ||
805 | * in any affected category must be supported (set in enabled_mask), | ||
806 | * or represent a cipher strength value (will be added in any case because algorithms=0). | ||
807 | */ | ||
808 | for (i = 0; i < num_of_group_aliases; i++) | ||
809 | { | ||
810 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; | ||
811 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; | ||
812 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; | ||
813 | unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; | ||
814 | unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; | ||
815 | |||
816 | if (algorithm_mkey) | ||
817 | if ((algorithm_mkey & mask_mkey) == 0) | ||
818 | continue; | ||
819 | |||
820 | if (algorithm_auth) | ||
821 | if ((algorithm_auth & mask_auth) == 0) | ||
822 | continue; | ||
823 | |||
824 | if (algorithm_enc) | ||
825 | if ((algorithm_enc & mask_enc) == 0) | ||
826 | continue; | ||
827 | |||
828 | if (algorithm_mac) | ||
829 | if ((algorithm_mac & mask_mac) == 0) | ||
830 | continue; | ||
831 | |||
832 | if (algorithm_ssl) | ||
833 | if ((algorithm_ssl & mask_ssl) == 0) | ||
834 | continue; | ||
835 | |||
836 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | ||
837 | ca_curr++; | ||
838 | } | ||
839 | |||
840 | *ca_curr = NULL; /* end of list */ | ||
841 | } | ||
842 | |||
843 | static void ssl_cipher_apply_rule(unsigned long cipher_id, | ||
844 | unsigned long alg_mkey, unsigned long alg_auth, | ||
845 | unsigned long alg_enc, unsigned long alg_mac, | ||
846 | unsigned long alg_ssl, | ||
847 | unsigned long algo_strength, | ||
848 | int rule, int strength_bits, | ||
849 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
850 | { | ||
851 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; | ||
852 | const SSL_CIPHER *cp; | ||
853 | int reverse = 0; | ||
854 | |||
855 | #ifdef CIPHER_DEBUG | ||
856 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", | ||
857 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); | ||
858 | #endif | ||
859 | |||
860 | if (rule == CIPHER_DEL) | ||
861 | reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ | ||
862 | |||
863 | head = *head_p; | ||
864 | tail = *tail_p; | ||
865 | |||
866 | if (reverse) | ||
867 | { | ||
868 | curr = tail; | ||
869 | last = head; | ||
870 | } | ||
871 | else | ||
872 | { | ||
873 | curr = head; | ||
874 | last = tail; | ||
875 | } | ||
876 | |||
877 | curr2 = curr; | ||
878 | for (;;) | ||
879 | { | ||
880 | if ((curr == NULL) || (curr == last)) break; | ||
881 | curr = curr2; | ||
882 | curr2 = reverse ? curr->prev : curr->next; | ||
883 | |||
884 | cp = curr->cipher; | ||
885 | |||
886 | /* | ||
887 | * Selection criteria is either the value of strength_bits | ||
888 | * or the algorithms used. | ||
889 | */ | ||
890 | if (strength_bits >= 0) | ||
891 | { | ||
892 | if (strength_bits != cp->strength_bits) | ||
893 | continue; | ||
894 | } | ||
895 | else | ||
896 | { | ||
897 | #ifdef CIPHER_DEBUG | ||
898 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); | ||
899 | #endif | ||
900 | |||
901 | if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) | ||
902 | continue; | ||
903 | if (alg_auth && !(alg_auth & cp->algorithm_auth)) | ||
904 | continue; | ||
905 | if (alg_enc && !(alg_enc & cp->algorithm_enc)) | ||
906 | continue; | ||
907 | if (alg_mac && !(alg_mac & cp->algorithm_mac)) | ||
908 | continue; | ||
909 | if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) | ||
910 | continue; | ||
911 | if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength)) | ||
912 | continue; | ||
913 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) | ||
914 | continue; | ||
915 | } | ||
916 | |||
917 | #ifdef CIPHER_DEBUG | ||
918 | printf("Action = %d\n", rule); | ||
919 | #endif | ||
920 | |||
921 | /* add the cipher if it has not been added yet. */ | ||
922 | if (rule == CIPHER_ADD) | ||
923 | { | ||
924 | /* reverse == 0 */ | ||
925 | if (!curr->active) | ||
926 | { | ||
927 | ll_append_tail(&head, curr, &tail); | ||
928 | curr->active = 1; | ||
929 | } | ||
930 | } | ||
931 | /* Move the added cipher to this location */ | ||
932 | else if (rule == CIPHER_ORD) | ||
933 | { | ||
934 | /* reverse == 0 */ | ||
935 | if (curr->active) | ||
936 | { | ||
937 | ll_append_tail(&head, curr, &tail); | ||
938 | } | ||
939 | } | ||
940 | else if (rule == CIPHER_DEL) | ||
941 | { | ||
942 | /* reverse == 1 */ | ||
943 | if (curr->active) | ||
944 | { | ||
945 | /* most recently deleted ciphersuites get best positions | ||
946 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop | ||
947 | * works in reverse to maintain the order) */ | ||
948 | ll_append_head(&head, curr, &tail); | ||
949 | curr->active = 0; | ||
950 | } | ||
951 | } | ||
952 | else if (rule == CIPHER_KILL) | ||
953 | { | ||
954 | /* reverse == 0 */ | ||
955 | if (head == curr) | ||
956 | head = curr->next; | ||
957 | else | ||
958 | curr->prev->next = curr->next; | ||
959 | if (tail == curr) | ||
960 | tail = curr->prev; | ||
961 | curr->active = 0; | ||
962 | if (curr->next != NULL) | ||
963 | curr->next->prev = curr->prev; | ||
964 | if (curr->prev != NULL) | ||
965 | curr->prev->next = curr->next; | ||
966 | curr->next = NULL; | ||
967 | curr->prev = NULL; | ||
968 | } | ||
969 | } | ||
970 | |||
971 | *head_p = head; | ||
972 | *tail_p = tail; | ||
973 | } | ||
974 | |||
975 | static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | ||
976 | CIPHER_ORDER **tail_p) | ||
977 | { | ||
978 | int max_strength_bits, i, *number_uses; | ||
979 | CIPHER_ORDER *curr; | ||
980 | |||
981 | /* | ||
982 | * This routine sorts the ciphers with descending strength. The sorting | ||
983 | * must keep the pre-sorted sequence, so we apply the normal sorting | ||
984 | * routine as '+' movement to the end of the list. | ||
985 | */ | ||
986 | max_strength_bits = 0; | ||
987 | curr = *head_p; | ||
988 | while (curr != NULL) | ||
989 | { | ||
990 | if (curr->active && | ||
991 | (curr->cipher->strength_bits > max_strength_bits)) | ||
992 | max_strength_bits = curr->cipher->strength_bits; | ||
993 | curr = curr->next; | ||
994 | } | ||
995 | |||
996 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); | ||
997 | if (!number_uses) | ||
998 | { | ||
999 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); | ||
1000 | return(0); | ||
1001 | } | ||
1002 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); | ||
1003 | |||
1004 | /* | ||
1005 | * Now find the strength_bits values actually used | ||
1006 | */ | ||
1007 | curr = *head_p; | ||
1008 | while (curr != NULL) | ||
1009 | { | ||
1010 | if (curr->active) | ||
1011 | number_uses[curr->cipher->strength_bits]++; | ||
1012 | curr = curr->next; | ||
1013 | } | ||
1014 | /* | ||
1015 | * Go through the list of used strength_bits values in descending | ||
1016 | * order. | ||
1017 | */ | ||
1018 | for (i = max_strength_bits; i >= 0; i--) | ||
1019 | if (number_uses[i] > 0) | ||
1020 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); | ||
1021 | |||
1022 | OPENSSL_free(number_uses); | ||
1023 | return(1); | ||
1024 | } | ||
1025 | |||
1026 | static int ssl_cipher_process_rulestr(const char *rule_str, | ||
1027 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, | ||
1028 | const SSL_CIPHER **ca_list) | ||
1029 | { | ||
1030 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; | ||
1031 | const char *l, *buf; | ||
1032 | int j, multi, found, rule, retval, ok, buflen; | ||
1033 | unsigned long cipher_id = 0; | ||
1034 | char ch; | ||
1035 | |||
1036 | retval = 1; | ||
1037 | l = rule_str; | ||
1038 | for (;;) | ||
1039 | { | ||
1040 | ch = *l; | ||
1041 | |||
1042 | if (ch == '\0') | ||
1043 | break; /* done */ | ||
1044 | if (ch == '-') | ||
1045 | { rule = CIPHER_DEL; l++; } | ||
1046 | else if (ch == '+') | ||
1047 | { rule = CIPHER_ORD; l++; } | ||
1048 | else if (ch == '!') | ||
1049 | { rule = CIPHER_KILL; l++; } | ||
1050 | else if (ch == '@') | ||
1051 | { rule = CIPHER_SPECIAL; l++; } | ||
1052 | else | ||
1053 | { rule = CIPHER_ADD; } | ||
1054 | |||
1055 | if (ITEM_SEP(ch)) | ||
1056 | { | ||
1057 | l++; | ||
1058 | continue; | ||
1059 | } | ||
1060 | |||
1061 | alg_mkey = 0; | ||
1062 | alg_auth = 0; | ||
1063 | alg_enc = 0; | ||
1064 | alg_mac = 0; | ||
1065 | alg_ssl = 0; | ||
1066 | algo_strength = 0; | ||
1067 | |||
1068 | for (;;) | ||
1069 | { | ||
1070 | ch = *l; | ||
1071 | buf = l; | ||
1072 | buflen = 0; | ||
1073 | #ifndef CHARSET_EBCDIC | ||
1074 | while ( ((ch >= 'A') && (ch <= 'Z')) || | ||
1075 | ((ch >= '0') && (ch <= '9')) || | ||
1076 | ((ch >= 'a') && (ch <= 'z')) || | ||
1077 | (ch == '-')) | ||
1078 | #else | ||
1079 | while ( isalnum(ch) || (ch == '-')) | ||
1080 | #endif | ||
1081 | { | ||
1082 | ch = *(++l); | ||
1083 | buflen++; | ||
1084 | } | ||
1085 | |||
1086 | if (buflen == 0) | ||
1087 | { | ||
1088 | /* | ||
1089 | * We hit something we cannot deal with, | ||
1090 | * it is no command or separator nor | ||
1091 | * alphanumeric, so we call this an error. | ||
1092 | */ | ||
1093 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | ||
1094 | SSL_R_INVALID_COMMAND); | ||
1095 | retval = found = 0; | ||
1096 | l++; | ||
1097 | break; | ||
1098 | } | ||
1099 | |||
1100 | if (rule == CIPHER_SPECIAL) | ||
1101 | { | ||
1102 | found = 0; /* unused -- avoid compiler warning */ | ||
1103 | break; /* special treatment */ | ||
1104 | } | ||
1105 | |||
1106 | /* check for multi-part specification */ | ||
1107 | if (ch == '+') | ||
1108 | { | ||
1109 | multi=1; | ||
1110 | l++; | ||
1111 | } | ||
1112 | else | ||
1113 | multi=0; | ||
1114 | |||
1115 | /* | ||
1116 | * Now search for the cipher alias in the ca_list. Be careful | ||
1117 | * with the strncmp, because the "buflen" limitation | ||
1118 | * will make the rule "ADH:SOME" and the cipher | ||
1119 | * "ADH-MY-CIPHER" look like a match for buflen=3. | ||
1120 | * So additionally check whether the cipher name found | ||
1121 | * has the correct length. We can save a strlen() call: | ||
1122 | * just checking for the '\0' at the right place is | ||
1123 | * sufficient, we have to strncmp() anyway. (We cannot | ||
1124 | * use strcmp(), because buf is not '\0' terminated.) | ||
1125 | */ | ||
1126 | j = found = 0; | ||
1127 | cipher_id = 0; | ||
1128 | while (ca_list[j]) | ||
1129 | { | ||
1130 | if (!strncmp(buf, ca_list[j]->name, buflen) && | ||
1131 | (ca_list[j]->name[buflen] == '\0')) | ||
1132 | { | ||
1133 | found = 1; | ||
1134 | break; | ||
1135 | } | ||
1136 | else | ||
1137 | j++; | ||
1138 | } | ||
1139 | |||
1140 | if (!found) | ||
1141 | break; /* ignore this entry */ | ||
1142 | |||
1143 | if (ca_list[j]->algorithm_mkey) | ||
1144 | { | ||
1145 | if (alg_mkey) | ||
1146 | { | ||
1147 | alg_mkey &= ca_list[j]->algorithm_mkey; | ||
1148 | if (!alg_mkey) { found = 0; break; } | ||
1149 | } | ||
1150 | else | ||
1151 | alg_mkey = ca_list[j]->algorithm_mkey; | ||
1152 | } | ||
1153 | |||
1154 | if (ca_list[j]->algorithm_auth) | ||
1155 | { | ||
1156 | if (alg_auth) | ||
1157 | { | ||
1158 | alg_auth &= ca_list[j]->algorithm_auth; | ||
1159 | if (!alg_auth) { found = 0; break; } | ||
1160 | } | ||
1161 | else | ||
1162 | alg_auth = ca_list[j]->algorithm_auth; | ||
1163 | } | ||
1164 | |||
1165 | if (ca_list[j]->algorithm_enc) | ||
1166 | { | ||
1167 | if (alg_enc) | ||
1168 | { | ||
1169 | alg_enc &= ca_list[j]->algorithm_enc; | ||
1170 | if (!alg_enc) { found = 0; break; } | ||
1171 | } | ||
1172 | else | ||
1173 | alg_enc = ca_list[j]->algorithm_enc; | ||
1174 | } | ||
1175 | |||
1176 | if (ca_list[j]->algorithm_mac) | ||
1177 | { | ||
1178 | if (alg_mac) | ||
1179 | { | ||
1180 | alg_mac &= ca_list[j]->algorithm_mac; | ||
1181 | if (!alg_mac) { found = 0; break; } | ||
1182 | } | ||
1183 | else | ||
1184 | alg_mac = ca_list[j]->algorithm_mac; | ||
1185 | } | ||
1186 | |||
1187 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) | ||
1188 | { | ||
1189 | if (algo_strength & SSL_EXP_MASK) | ||
1190 | { | ||
1191 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; | ||
1192 | if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } | ||
1193 | } | ||
1194 | else | ||
1195 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; | ||
1196 | } | ||
1197 | |||
1198 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ||
1199 | { | ||
1200 | if (algo_strength & SSL_STRONG_MASK) | ||
1201 | { | ||
1202 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | ||
1203 | if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } | ||
1204 | } | ||
1205 | else | ||
1206 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; | ||
1207 | } | ||
1208 | |||
1209 | if (ca_list[j]->valid) | ||
1210 | { | ||
1211 | /* explicit ciphersuite found; its protocol version | ||
1212 | * does not become part of the search pattern!*/ | ||
1213 | |||
1214 | cipher_id = ca_list[j]->id; | ||
1215 | } | ||
1216 | else | ||
1217 | { | ||
1218 | /* not an explicit ciphersuite; only in this case, the | ||
1219 | * protocol version is considered part of the search pattern */ | ||
1220 | |||
1221 | if (ca_list[j]->algorithm_ssl) | ||
1222 | { | ||
1223 | if (alg_ssl) | ||
1224 | { | ||
1225 | alg_ssl &= ca_list[j]->algorithm_ssl; | ||
1226 | if (!alg_ssl) { found = 0; break; } | ||
1227 | } | ||
1228 | else | ||
1229 | alg_ssl = ca_list[j]->algorithm_ssl; | ||
1230 | } | ||
1231 | } | ||
1232 | |||
1233 | if (!multi) break; | ||
1234 | } | ||
1235 | |||
1236 | /* | ||
1237 | * Ok, we have the rule, now apply it | ||
1238 | */ | ||
1239 | if (rule == CIPHER_SPECIAL) | ||
1240 | { /* special command */ | ||
1241 | ok = 0; | ||
1242 | if ((buflen == 8) && | ||
1243 | !strncmp(buf, "STRENGTH", 8)) | ||
1244 | ok = ssl_cipher_strength_sort(head_p, tail_p); | ||
1245 | else | ||
1246 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | ||
1247 | SSL_R_INVALID_COMMAND); | ||
1248 | if (ok == 0) | ||
1249 | retval = 0; | ||
1250 | /* | ||
1251 | * We do not support any "multi" options | ||
1252 | * together with "@", so throw away the | ||
1253 | * rest of the command, if any left, until | ||
1254 | * end or ':' is found. | ||
1255 | */ | ||
1256 | while ((*l != '\0') && !ITEM_SEP(*l)) | ||
1257 | l++; | ||
1258 | } | ||
1259 | else if (found) | ||
1260 | { | ||
1261 | ssl_cipher_apply_rule(cipher_id, | ||
1262 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, | ||
1263 | rule, -1, head_p, tail_p); | ||
1264 | } | ||
1265 | else | ||
1266 | { | ||
1267 | while ((*l != '\0') && !ITEM_SEP(*l)) | ||
1268 | l++; | ||
1269 | } | ||
1270 | if (*l == '\0') break; /* done */ | ||
1271 | } | ||
1272 | |||
1273 | return(retval); | ||
1274 | } | ||
1275 | |||
1276 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | ||
1277 | STACK_OF(SSL_CIPHER) **cipher_list, | ||
1278 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | ||
1279 | const char *rule_str) | ||
1280 | { | ||
1281 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | ||
1282 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; | ||
1283 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | ||
1284 | const char *rule_p; | ||
1285 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; | ||
1286 | const SSL_CIPHER **ca_list = NULL; | ||
1287 | |||
1288 | /* | ||
1289 | * Return with error if nothing to do. | ||
1290 | */ | ||
1291 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) | ||
1292 | return NULL; | ||
1293 | |||
1294 | /* | ||
1295 | * To reduce the work to do we only want to process the compiled | ||
1296 | * in algorithms, so we first get the mask of disabled ciphers. | ||
1297 | */ | ||
1298 | ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl); | ||
1299 | |||
1300 | /* | ||
1301 | * Now we have to collect the available ciphers from the compiled | ||
1302 | * in ciphers. We cannot get more than the number compiled in, so | ||
1303 | * it is used for allocation. | ||
1304 | */ | ||
1305 | num_of_ciphers = ssl_method->num_ciphers(); | ||
1306 | #ifdef KSSL_DEBUG | ||
1307 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | ||
1308 | #endif /* KSSL_DEBUG */ | ||
1309 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); | ||
1310 | if (co_list == NULL) | ||
1311 | { | ||
1312 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
1313 | return(NULL); /* Failure */ | ||
1314 | } | ||
1315 | |||
1316 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | ||
1317 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | ||
1318 | co_list, &head, &tail); | ||
1319 | |||
1320 | |||
1321 | /* Now arrange all ciphers by preference: */ | ||
1322 | |||
1323 | /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ | ||
1324 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
1325 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | ||
1326 | |||
1327 | /* AES is our preferred symmetric cipher */ | ||
1328 | ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
1329 | |||
1330 | /* Temporarily enable everything else for sorting */ | ||
1331 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
1332 | |||
1333 | /* Low priority for MD5 */ | ||
1334 | ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
1335 | |||
1336 | /* Move anonymous ciphers to the end. Usually, these will remain disabled. | ||
1337 | * (For applications that allow them, they aren't too bad, but we prefer | ||
1338 | * authenticated ciphers.) */ | ||
1339 | ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
1340 | |||
1341 | /* Move ciphers without forward secrecy to the end */ | ||
1342 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
1343 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ | ||
1344 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
1345 | ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
1346 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
1347 | |||
1348 | /* RC4 is sort-of broken -- move the the end */ | ||
1349 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
1350 | |||
1351 | /* Now sort by symmetric encryption strength. The above ordering remains | ||
1352 | * in force within each class */ | ||
1353 | if (!ssl_cipher_strength_sort(&head, &tail)) | ||
1354 | { | ||
1355 | OPENSSL_free(co_list); | ||
1356 | return NULL; | ||
1357 | } | ||
1358 | |||
1359 | /* Now disable everything (maintaining the ordering!) */ | ||
1360 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | ||
1361 | |||
1362 | |||
1363 | /* | ||
1364 | * We also need cipher aliases for selecting based on the rule_str. | ||
1365 | * There might be two types of entries in the rule_str: 1) names | ||
1366 | * of ciphers themselves 2) aliases for groups of ciphers. | ||
1367 | * For 1) we need the available ciphers and for 2) the cipher | ||
1368 | * groups of cipher_aliases added together in one list (otherwise | ||
1369 | * we would be happy with just the cipher_aliases table). | ||
1370 | */ | ||
1371 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | ||
1372 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | ||
1373 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); | ||
1374 | if (ca_list == NULL) | ||
1375 | { | ||
1376 | OPENSSL_free(co_list); | ||
1377 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
1378 | return(NULL); /* Failure */ | ||
1379 | } | ||
1380 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, | ||
1381 | disabled_mkey, disabled_auth, disabled_enc, | ||
1382 | disabled_mac, disabled_ssl, head); | ||
1383 | |||
1384 | /* | ||
1385 | * If the rule_string begins with DEFAULT, apply the default rule | ||
1386 | * before using the (possibly available) additional rules. | ||
1387 | */ | ||
1388 | ok = 1; | ||
1389 | rule_p = rule_str; | ||
1390 | if (strncmp(rule_str,"DEFAULT",7) == 0) | ||
1391 | { | ||
1392 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | ||
1393 | &head, &tail, ca_list); | ||
1394 | rule_p += 7; | ||
1395 | if (*rule_p == ':') | ||
1396 | rule_p++; | ||
1397 | } | ||
1398 | |||
1399 | if (ok && (strlen(rule_p) > 0)) | ||
1400 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); | ||
1401 | |||
1402 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ | ||
1403 | |||
1404 | if (!ok) | ||
1405 | { /* Rule processing failure */ | ||
1406 | OPENSSL_free(co_list); | ||
1407 | return(NULL); | ||
1408 | } | ||
1409 | |||
1410 | /* | ||
1411 | * Allocate new "cipherstack" for the result, return with error | ||
1412 | * if we cannot get one. | ||
1413 | */ | ||
1414 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) | ||
1415 | { | ||
1416 | OPENSSL_free(co_list); | ||
1417 | return(NULL); | ||
1418 | } | ||
1419 | |||
1420 | /* | ||
1421 | * The cipher selection for the list is done. The ciphers are added | ||
1422 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | ||
1423 | */ | ||
1424 | for (curr = head; curr != NULL; curr = curr->next) | ||
1425 | { | ||
1426 | if (curr->active) | ||
1427 | { | ||
1428 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | ||
1429 | #ifdef CIPHER_DEBUG | ||
1430 | printf("<%s>\n",curr->cipher->name); | ||
1431 | #endif | ||
1432 | } | ||
1433 | } | ||
1434 | OPENSSL_free(co_list); /* Not needed any longer */ | ||
1435 | |||
1436 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | ||
1437 | if (tmp_cipher_list == NULL) | ||
1438 | { | ||
1439 | sk_SSL_CIPHER_free(cipherstack); | ||
1440 | return NULL; | ||
1441 | } | ||
1442 | if (*cipher_list != NULL) | ||
1443 | sk_SSL_CIPHER_free(*cipher_list); | ||
1444 | *cipher_list = cipherstack; | ||
1445 | if (*cipher_list_by_id != NULL) | ||
1446 | sk_SSL_CIPHER_free(*cipher_list_by_id); | ||
1447 | *cipher_list_by_id = tmp_cipher_list; | ||
1448 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | ||
1449 | |||
1450 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | ||
1451 | return(cipherstack); | ||
1452 | } | ||
1453 | |||
1454 | char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | ||
1455 | { | ||
1456 | int is_export,pkl,kl; | ||
1457 | const char *ver,*exp_str; | ||
1458 | const char *kx,*au,*enc,*mac; | ||
1459 | unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; | ||
1460 | #ifdef KSSL_DEBUG | ||
1461 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; | ||
1462 | #else | ||
1463 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; | ||
1464 | #endif /* KSSL_DEBUG */ | ||
1465 | |||
1466 | alg_mkey = cipher->algorithm_mkey; | ||
1467 | alg_auth = cipher->algorithm_auth; | ||
1468 | alg_enc = cipher->algorithm_enc; | ||
1469 | alg_mac = cipher->algorithm_mac; | ||
1470 | alg_ssl = cipher->algorithm_ssl; | ||
1471 | |||
1472 | alg2=cipher->algorithm2; | ||
1473 | |||
1474 | is_export=SSL_C_IS_EXPORT(cipher); | ||
1475 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
1476 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | ||
1477 | exp_str=is_export?" export":""; | ||
1478 | |||
1479 | if (alg_ssl & SSL_SSLV2) | ||
1480 | ver="SSLv2"; | ||
1481 | else if (alg_ssl & SSL_SSLV3) | ||
1482 | ver="SSLv3"; | ||
1483 | else | ||
1484 | ver="unknown"; | ||
1485 | |||
1486 | switch (alg_mkey) | ||
1487 | { | ||
1488 | case SSL_kRSA: | ||
1489 | kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; | ||
1490 | break; | ||
1491 | case SSL_kDHr: | ||
1492 | kx="DH/RSA"; | ||
1493 | break; | ||
1494 | case SSL_kDHd: | ||
1495 | kx="DH/DSS"; | ||
1496 | break; | ||
1497 | case SSL_kKRB5: | ||
1498 | kx="KRB5"; | ||
1499 | break; | ||
1500 | case SSL_kEDH: | ||
1501 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; | ||
1502 | break; | ||
1503 | case SSL_kECDHr: | ||
1504 | kx="ECDH/RSA"; | ||
1505 | break; | ||
1506 | case SSL_kECDHe: | ||
1507 | kx="ECDH/ECDSA"; | ||
1508 | break; | ||
1509 | case SSL_kEECDH: | ||
1510 | kx="ECDH"; | ||
1511 | break; | ||
1512 | case SSL_kPSK: | ||
1513 | kx="PSK"; | ||
1514 | break; | ||
1515 | default: | ||
1516 | kx="unknown"; | ||
1517 | } | ||
1518 | |||
1519 | switch (alg_auth) | ||
1520 | { | ||
1521 | case SSL_aRSA: | ||
1522 | au="RSA"; | ||
1523 | break; | ||
1524 | case SSL_aDSS: | ||
1525 | au="DSS"; | ||
1526 | break; | ||
1527 | case SSL_aDH: | ||
1528 | au="DH"; | ||
1529 | break; | ||
1530 | case SSL_aKRB5: | ||
1531 | au="KRB5"; | ||
1532 | break; | ||
1533 | case SSL_aECDH: | ||
1534 | au="ECDH"; | ||
1535 | break; | ||
1536 | case SSL_aNULL: | ||
1537 | au="None"; | ||
1538 | break; | ||
1539 | case SSL_aECDSA: | ||
1540 | au="ECDSA"; | ||
1541 | break; | ||
1542 | case SSL_aPSK: | ||
1543 | au="PSK"; | ||
1544 | break; | ||
1545 | default: | ||
1546 | au="unknown"; | ||
1547 | break; | ||
1548 | } | ||
1549 | |||
1550 | switch (alg_enc) | ||
1551 | { | ||
1552 | case SSL_DES: | ||
1553 | enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; | ||
1554 | break; | ||
1555 | case SSL_3DES: | ||
1556 | enc="3DES(168)"; | ||
1557 | break; | ||
1558 | case SSL_RC4: | ||
1559 | enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") | ||
1560 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); | ||
1561 | break; | ||
1562 | case SSL_RC2: | ||
1563 | enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; | ||
1564 | break; | ||
1565 | case SSL_IDEA: | ||
1566 | enc="IDEA(128)"; | ||
1567 | break; | ||
1568 | case SSL_eNULL: | ||
1569 | enc="None"; | ||
1570 | break; | ||
1571 | case SSL_AES128: | ||
1572 | enc="AES(128)"; | ||
1573 | break; | ||
1574 | case SSL_AES256: | ||
1575 | enc="AES(256)"; | ||
1576 | break; | ||
1577 | case SSL_CAMELLIA128: | ||
1578 | enc="Camellia(128)"; | ||
1579 | break; | ||
1580 | case SSL_CAMELLIA256: | ||
1581 | enc="Camellia(256)"; | ||
1582 | break; | ||
1583 | case SSL_SEED: | ||
1584 | enc="SEED(128)"; | ||
1585 | break; | ||
1586 | default: | ||
1587 | enc="unknown"; | ||
1588 | break; | ||
1589 | } | ||
1590 | |||
1591 | switch (alg_mac) | ||
1592 | { | ||
1593 | case SSL_MD5: | ||
1594 | mac="MD5"; | ||
1595 | break; | ||
1596 | case SSL_SHA1: | ||
1597 | mac="SHA1"; | ||
1598 | break; | ||
1599 | default: | ||
1600 | mac="unknown"; | ||
1601 | break; | ||
1602 | } | ||
1603 | |||
1604 | if (buf == NULL) | ||
1605 | { | ||
1606 | len=128; | ||
1607 | buf=OPENSSL_malloc(len); | ||
1608 | if (buf == NULL) return("OPENSSL_malloc Error"); | ||
1609 | } | ||
1610 | else if (len < 128) | ||
1611 | return("Buffer too small"); | ||
1612 | |||
1613 | #ifdef KSSL_DEBUG | ||
1614 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); | ||
1615 | #else | ||
1616 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); | ||
1617 | #endif /* KSSL_DEBUG */ | ||
1618 | return(buf); | ||
1619 | } | ||
1620 | |||
1621 | char *SSL_CIPHER_get_version(const SSL_CIPHER *c) | ||
1622 | { | ||
1623 | int i; | ||
1624 | |||
1625 | if (c == NULL) return("(NONE)"); | ||
1626 | i=(int)(c->id>>24L); | ||
1627 | if (i == 3) | ||
1628 | return("TLSv1/SSLv3"); | ||
1629 | else if (i == 2) | ||
1630 | return("SSLv2"); | ||
1631 | else | ||
1632 | return("unknown"); | ||
1633 | } | ||
1634 | |||
1635 | /* return the actual cipher being used */ | ||
1636 | const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) | ||
1637 | { | ||
1638 | if (c != NULL) | ||
1639 | return(c->name); | ||
1640 | return("(NONE)"); | ||
1641 | } | ||
1642 | |||
1643 | /* number of bits for symmetric cipher */ | ||
1644 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) | ||
1645 | { | ||
1646 | int ret=0; | ||
1647 | |||
1648 | if (c != NULL) | ||
1649 | { | ||
1650 | if (alg_bits != NULL) *alg_bits = c->alg_bits; | ||
1651 | ret = c->strength_bits; | ||
1652 | } | ||
1653 | return(ret); | ||
1654 | } | ||
1655 | |||
1656 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | ||
1657 | { | ||
1658 | SSL_COMP *ctmp; | ||
1659 | int i,nn; | ||
1660 | |||
1661 | if ((n == 0) || (sk == NULL)) return(NULL); | ||
1662 | nn=sk_SSL_COMP_num(sk); | ||
1663 | for (i=0; i<nn; i++) | ||
1664 | { | ||
1665 | ctmp=sk_SSL_COMP_value(sk,i); | ||
1666 | if (ctmp->id == n) | ||
1667 | return(ctmp); | ||
1668 | } | ||
1669 | return(NULL); | ||
1670 | } | ||
1671 | |||
1672 | #ifdef OPENSSL_NO_COMP | ||
1673 | void *SSL_COMP_get_compression_methods(void) | ||
1674 | { | ||
1675 | return NULL; | ||
1676 | } | ||
1677 | int SSL_COMP_add_compression_method(int id, void *cm) | ||
1678 | { | ||
1679 | return 1; | ||
1680 | } | ||
1681 | |||
1682 | const char *SSL_COMP_get_name(const void *comp) | ||
1683 | { | ||
1684 | return NULL; | ||
1685 | } | ||
1686 | #else | ||
1687 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | ||
1688 | { | ||
1689 | load_builtin_compressions(); | ||
1690 | return(ssl_comp_methods); | ||
1691 | } | ||
1692 | |||
1693 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | ||
1694 | { | ||
1695 | SSL_COMP *comp; | ||
1696 | |||
1697 | if (cm == NULL || cm->type == NID_undef) | ||
1698 | return 1; | ||
1699 | |||
1700 | /* According to draft-ietf-tls-compression-04.txt, the | ||
1701 | compression number ranges should be the following: | ||
1702 | |||
1703 | 0 to 63: methods defined by the IETF | ||
1704 | 64 to 192: external party methods assigned by IANA | ||
1705 | 193 to 255: reserved for private use */ | ||
1706 | if (id < 193 || id > 255) | ||
1707 | { | ||
1708 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
1709 | return 0; | ||
1710 | } | ||
1711 | |||
1712 | MemCheck_off(); | ||
1713 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | ||
1714 | comp->id=id; | ||
1715 | comp->method=cm; | ||
1716 | load_builtin_compressions(); | ||
1717 | if (ssl_comp_methods | ||
1718 | && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) | ||
1719 | { | ||
1720 | OPENSSL_free(comp); | ||
1721 | MemCheck_on(); | ||
1722 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | ||
1723 | return(1); | ||
1724 | } | ||
1725 | else if ((ssl_comp_methods == NULL) | ||
1726 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) | ||
1727 | { | ||
1728 | OPENSSL_free(comp); | ||
1729 | MemCheck_on(); | ||
1730 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | ||
1731 | return(1); | ||
1732 | } | ||
1733 | else | ||
1734 | { | ||
1735 | MemCheck_on(); | ||
1736 | return(0); | ||
1737 | } | ||
1738 | } | ||
1739 | |||
1740 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | ||
1741 | { | ||
1742 | if (comp) | ||
1743 | return comp->name; | ||
1744 | return NULL; | ||
1745 | } | ||
1746 | |||
1747 | #endif | ||
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c deleted file mode 100644 index e9be77109f..0000000000 --- a/src/lib/libssl/ssl_err.c +++ /dev/null | |||
@@ -1,573 +0,0 @@ | |||
1 | /* ssl/ssl_err.c */ | ||
2 | /* ==================================================================== | ||
3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * | ||
12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer in | ||
14 | * the documentation and/or other materials provided with the | ||
15 | * distribution. | ||
16 | * | ||
17 | * 3. All advertising materials mentioning features or use of this | ||
18 | * software must display the following acknowledgment: | ||
19 | * "This product includes software developed by the OpenSSL Project | ||
20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
21 | * | ||
22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
23 | * endorse or promote products derived from this software without | ||
24 | * prior written permission. For written permission, please contact | ||
25 | * openssl-core@OpenSSL.org. | ||
26 | * | ||
27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
28 | * nor may "OpenSSL" appear in their names without prior written | ||
29 | * permission of the OpenSSL Project. | ||
30 | * | ||
31 | * 6. Redistributions of any form whatsoever must retain the following | ||
32 | * acknowledgment: | ||
33 | * "This product includes software developed by the OpenSSL Project | ||
34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
35 | * | ||
36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
48 | * ==================================================================== | ||
49 | * | ||
50 | * This product includes cryptographic software written by Eric Young | ||
51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
52 | * Hudson (tjh@cryptsoft.com). | ||
53 | * | ||
54 | */ | ||
55 | |||
56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
57 | * made to it will be overwritten when the script next updates this file, | ||
58 | * only reason strings will be preserved. | ||
59 | */ | ||
60 | |||
61 | #include <stdio.h> | ||
62 | #include <openssl/err.h> | ||
63 | #include <openssl/ssl.h> | ||
64 | |||
65 | /* BEGIN ERROR CODES */ | ||
66 | #ifndef OPENSSL_NO_ERR | ||
67 | |||
68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) | ||
69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) | ||
70 | |||
71 | static ERR_STRING_DATA SSL_str_functs[]= | ||
72 | { | ||
73 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, | ||
74 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, | ||
75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | ||
76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | ||
77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | ||
78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | ||
79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | ||
80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | ||
81 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, | ||
82 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | ||
83 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | ||
84 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | ||
85 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | ||
86 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | ||
87 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | ||
88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | ||
89 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | ||
90 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, | ||
91 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | ||
92 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | ||
93 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | ||
94 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | ||
95 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | ||
96 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | ||
97 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | ||
98 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | ||
99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | ||
100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | ||
101 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | ||
102 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | ||
103 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | ||
104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | ||
105 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | ||
106 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | ||
107 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | ||
108 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | ||
109 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, | ||
110 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, | ||
111 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, | ||
112 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, | ||
113 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, | ||
114 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, | ||
115 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, | ||
116 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, | ||
117 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, | ||
118 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, | ||
119 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, | ||
120 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, | ||
121 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, | ||
122 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, | ||
123 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, | ||
124 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, | ||
125 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, | ||
126 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, | ||
127 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, | ||
128 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, | ||
129 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, | ||
130 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, | ||
131 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, | ||
132 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, | ||
133 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, | ||
134 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, | ||
135 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, | ||
136 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, | ||
137 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, | ||
138 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, | ||
139 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | ||
140 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, | ||
141 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, | ||
142 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, | ||
143 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, | ||
144 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, | ||
145 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, | ||
146 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, | ||
147 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | ||
148 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | ||
149 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | ||
150 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | ||
151 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | ||
152 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | ||
153 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | ||
154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, | ||
155 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | ||
156 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | ||
157 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | ||
158 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | ||
159 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | ||
160 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | ||
161 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | ||
162 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | ||
163 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, | ||
164 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | ||
165 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | ||
166 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | ||
167 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | ||
168 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, | ||
169 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, | ||
170 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, | ||
171 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | ||
172 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, | ||
173 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, | ||
174 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, | ||
175 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | ||
176 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | ||
177 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, | ||
178 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, | ||
179 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | ||
180 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | ||
181 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, | ||
182 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | ||
183 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | ||
184 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | ||
185 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, | ||
186 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | ||
187 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | ||
188 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | ||
189 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | ||
190 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, | ||
191 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | ||
192 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | ||
193 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | ||
194 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | ||
195 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, | ||
196 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | ||
197 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | ||
198 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | ||
199 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, | ||
200 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, | ||
201 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, | ||
202 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, | ||
203 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, | ||
204 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, | ||
205 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, | ||
206 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, | ||
207 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, | ||
208 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, | ||
209 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, | ||
210 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, | ||
211 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, | ||
212 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | ||
213 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | ||
214 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | ||
215 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | ||
216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | ||
217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | ||
218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | ||
219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | ||
220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | ||
221 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | ||
222 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | ||
223 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | ||
224 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | ||
225 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | ||
226 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | ||
227 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | ||
228 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | ||
229 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | ||
230 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | ||
231 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | ||
232 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | ||
233 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | ||
234 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | ||
235 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | ||
236 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | ||
237 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | ||
238 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | ||
239 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, | ||
240 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, | ||
241 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, | ||
242 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, | ||
243 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, | ||
244 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, | ||
245 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, | ||
246 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, | ||
247 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, | ||
248 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, | ||
249 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, | ||
250 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, | ||
251 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, | ||
252 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, | ||
253 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | ||
254 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | ||
255 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | ||
256 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | ||
257 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | ||
258 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | ||
259 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | ||
260 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, | ||
261 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, | ||
262 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, | ||
263 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, | ||
264 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, | ||
265 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, | ||
266 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, | ||
267 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, | ||
268 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, | ||
269 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, | ||
270 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, | ||
271 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, | ||
272 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, | ||
273 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, | ||
274 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, | ||
275 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, | ||
276 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, | ||
277 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, | ||
278 | {0,NULL} | ||
279 | }; | ||
280 | |||
281 | static ERR_STRING_DATA SSL_str_reasons[]= | ||
282 | { | ||
283 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, | ||
284 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, | ||
285 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, | ||
286 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, | ||
287 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, | ||
288 | {ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, | ||
289 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, | ||
290 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, | ||
291 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, | ||
292 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, | ||
293 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, | ||
294 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, | ||
295 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, | ||
296 | {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, | ||
297 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, | ||
298 | {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, | ||
299 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, | ||
300 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, | ||
301 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, | ||
302 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, | ||
303 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, | ||
304 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, | ||
305 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, | ||
306 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, | ||
307 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, | ||
308 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, | ||
309 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, | ||
310 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, | ||
311 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, | ||
312 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, | ||
313 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, | ||
314 | {ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, | ||
315 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, | ||
316 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, | ||
317 | {ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, | ||
318 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, | ||
319 | {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, | ||
320 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, | ||
321 | {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, | ||
322 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, | ||
323 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, | ||
324 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, | ||
325 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, | ||
326 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, | ||
327 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, | ||
328 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | ||
329 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | ||
330 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | ||
331 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, | ||
332 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, | ||
333 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, | ||
334 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, | ||
335 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, | ||
336 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, | ||
337 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | ||
338 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | ||
339 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | ||
340 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, | ||
341 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | ||
342 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | ||
343 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, | ||
344 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, | ||
345 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, | ||
346 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, | ||
347 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, | ||
348 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, | ||
349 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, | ||
350 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, | ||
351 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, | ||
352 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, | ||
353 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | ||
354 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, | ||
355 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, | ||
356 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, | ||
357 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, | ||
358 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, | ||
359 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, | ||
360 | {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, | ||
361 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, | ||
362 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, | ||
363 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | ||
364 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | ||
365 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, | ||
366 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | ||
367 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | ||
368 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, | ||
369 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, | ||
370 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, | ||
371 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, | ||
372 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, | ||
373 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, | ||
374 | {ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, | ||
375 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, | ||
376 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, | ||
377 | {ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, | ||
378 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, | ||
379 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, | ||
380 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, | ||
381 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, | ||
382 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, | ||
383 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, | ||
384 | {ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, | ||
385 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, | ||
386 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, | ||
387 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, | ||
388 | {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, | ||
389 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, | ||
390 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, | ||
391 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, | ||
392 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, | ||
393 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, | ||
394 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, | ||
395 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, | ||
396 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, | ||
397 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, | ||
398 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | ||
399 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | ||
400 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | ||
401 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, | ||
402 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, | ||
403 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, | ||
404 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, | ||
405 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, | ||
406 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, | ||
407 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, | ||
408 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, | ||
409 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, | ||
410 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, | ||
411 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, | ||
412 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, | ||
413 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, | ||
414 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, | ||
415 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, | ||
416 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, | ||
417 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, | ||
418 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, | ||
419 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, | ||
420 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, | ||
421 | {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, | ||
422 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, | ||
423 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, | ||
424 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, | ||
425 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, | ||
426 | {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, | ||
427 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, | ||
428 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, | ||
429 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, | ||
430 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, | ||
431 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, | ||
432 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, | ||
433 | {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, | ||
434 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, | ||
435 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, | ||
436 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, | ||
437 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, | ||
438 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, | ||
439 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, | ||
440 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, | ||
441 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, | ||
442 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, | ||
443 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, | ||
444 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, | ||
445 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, | ||
446 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, | ||
447 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, | ||
448 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, | ||
449 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, | ||
450 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, | ||
451 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, | ||
452 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, | ||
453 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, | ||
454 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, | ||
455 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, | ||
456 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, | ||
457 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, | ||
458 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, | ||
459 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, | ||
460 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, | ||
461 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, | ||
462 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, | ||
463 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, | ||
464 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, | ||
465 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, | ||
466 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, | ||
467 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, | ||
468 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, | ||
469 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, | ||
470 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, | ||
471 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, | ||
472 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, | ||
473 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, | ||
474 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, | ||
475 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, | ||
476 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, | ||
477 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, | ||
478 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, | ||
479 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, | ||
480 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, | ||
481 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, | ||
482 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, | ||
483 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, | ||
484 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, | ||
485 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, | ||
486 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, | ||
487 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, | ||
488 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, | ||
489 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, | ||
490 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, | ||
491 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, | ||
492 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, | ||
493 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, | ||
494 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, | ||
495 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, | ||
496 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, | ||
497 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, | ||
498 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, | ||
499 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, | ||
500 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, | ||
501 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, | ||
502 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, | ||
503 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, | ||
504 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, | ||
505 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, | ||
506 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, | ||
507 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, | ||
508 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, | ||
509 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, | ||
510 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, | ||
511 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, | ||
512 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, | ||
513 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, | ||
514 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, | ||
515 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, | ||
516 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, | ||
517 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, | ||
518 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, | ||
519 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, | ||
520 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, | ||
521 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, | ||
522 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, | ||
523 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, | ||
524 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, | ||
525 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, | ||
526 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, | ||
527 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, | ||
528 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, | ||
529 | {ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, | ||
530 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, | ||
531 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, | ||
532 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, | ||
533 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, | ||
534 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, | ||
535 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, | ||
536 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, | ||
537 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, | ||
538 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, | ||
539 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, | ||
540 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, | ||
541 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | ||
542 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, | ||
543 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, | ||
544 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, | ||
545 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, | ||
546 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, | ||
547 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, | ||
548 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, | ||
549 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, | ||
550 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, | ||
551 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, | ||
552 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, | ||
553 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, | ||
554 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, | ||
555 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, | ||
556 | {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, | ||
557 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, | ||
558 | {0,NULL} | ||
559 | }; | ||
560 | |||
561 | #endif | ||
562 | |||
563 | void ERR_load_SSL_strings(void) | ||
564 | { | ||
565 | #ifndef OPENSSL_NO_ERR | ||
566 | |||
567 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) | ||
568 | { | ||
569 | ERR_load_strings(0,SSL_str_functs); | ||
570 | ERR_load_strings(0,SSL_str_reasons); | ||
571 | } | ||
572 | #endif | ||
573 | } | ||
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c deleted file mode 100644 index ea95a5f983..0000000000 --- a/src/lib/libssl/ssl_err2.c +++ /dev/null | |||
@@ -1,70 +0,0 @@ | |||
1 | /* ssl/ssl_err2.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <openssl/err.h> | ||
61 | #include <openssl/ssl.h> | ||
62 | |||
63 | void SSL_load_error_strings(void) | ||
64 | { | ||
65 | #ifndef OPENSSL_NO_ERR | ||
66 | ERR_load_crypto_strings(); | ||
67 | ERR_load_SSL_strings(); | ||
68 | #endif | ||
69 | } | ||
70 | |||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c deleted file mode 100644 index 7755476de3..0000000000 --- a/src/lib/libssl/ssl_lib.c +++ /dev/null | |||
@@ -1,3045 +0,0 @@ | |||
1 | /*! \file ssl/ssl_lib.c | ||
2 | * \brief Version independent SSL functions. | ||
3 | */ | ||
4 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
5 | * All rights reserved. | ||
6 | * | ||
7 | * This package is an SSL implementation written | ||
8 | * by Eric Young (eay@cryptsoft.com). | ||
9 | * The implementation was written so as to conform with Netscapes SSL. | ||
10 | * | ||
11 | * This library is free for commercial and non-commercial use as long as | ||
12 | * the following conditions are aheared to. The following conditions | ||
13 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
14 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
15 | * included with this distribution is covered by the same copyright terms | ||
16 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
17 | * | ||
18 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
19 | * the code are not to be removed. | ||
20 | * If this package is used in a product, Eric Young should be given attribution | ||
21 | * as the author of the parts of the library used. | ||
22 | * This can be in the form of a textual message at program startup or | ||
23 | * in documentation (online or textual) provided with the package. | ||
24 | * | ||
25 | * Redistribution and use in source and binary forms, with or without | ||
26 | * modification, are permitted provided that the following conditions | ||
27 | * are met: | ||
28 | * 1. Redistributions of source code must retain the copyright | ||
29 | * notice, this list of conditions and the following disclaimer. | ||
30 | * 2. Redistributions in binary form must reproduce the above copyright | ||
31 | * notice, this list of conditions and the following disclaimer in the | ||
32 | * documentation and/or other materials provided with the distribution. | ||
33 | * 3. All advertising materials mentioning features or use of this software | ||
34 | * must display the following acknowledgement: | ||
35 | * "This product includes cryptographic software written by | ||
36 | * Eric Young (eay@cryptsoft.com)" | ||
37 | * The word 'cryptographic' can be left out if the rouines from the library | ||
38 | * being used are not cryptographic related :-). | ||
39 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
40 | * the apps directory (application code) you must include an acknowledgement: | ||
41 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
42 | * | ||
43 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
44 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
45 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
46 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
47 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
48 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
49 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
50 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
51 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
52 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
53 | * SUCH DAMAGE. | ||
54 | * | ||
55 | * The licence and distribution terms for any publically available version or | ||
56 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
57 | * copied and put under another distribution licence | ||
58 | * [including the GNU Public Licence.] | ||
59 | */ | ||
60 | /* ==================================================================== | ||
61 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
62 | * | ||
63 | * Redistribution and use in source and binary forms, with or without | ||
64 | * modification, are permitted provided that the following conditions | ||
65 | * are met: | ||
66 | * | ||
67 | * 1. Redistributions of source code must retain the above copyright | ||
68 | * notice, this list of conditions and the following disclaimer. | ||
69 | * | ||
70 | * 2. Redistributions in binary form must reproduce the above copyright | ||
71 | * notice, this list of conditions and the following disclaimer in | ||
72 | * the documentation and/or other materials provided with the | ||
73 | * distribution. | ||
74 | * | ||
75 | * 3. All advertising materials mentioning features or use of this | ||
76 | * software must display the following acknowledgment: | ||
77 | * "This product includes software developed by the OpenSSL Project | ||
78 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
79 | * | ||
80 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
81 | * endorse or promote products derived from this software without | ||
82 | * prior written permission. For written permission, please contact | ||
83 | * openssl-core@openssl.org. | ||
84 | * | ||
85 | * 5. Products derived from this software may not be called "OpenSSL" | ||
86 | * nor may "OpenSSL" appear in their names without prior written | ||
87 | * permission of the OpenSSL Project. | ||
88 | * | ||
89 | * 6. Redistributions of any form whatsoever must retain the following | ||
90 | * acknowledgment: | ||
91 | * "This product includes software developed by the OpenSSL Project | ||
92 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
93 | * | ||
94 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
95 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
96 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
97 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
98 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
99 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
100 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
101 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
102 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
103 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
104 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
105 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
106 | * ==================================================================== | ||
107 | * | ||
108 | * This product includes cryptographic software written by Eric Young | ||
109 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
110 | * Hudson (tjh@cryptsoft.com). | ||
111 | * | ||
112 | */ | ||
113 | /* ==================================================================== | ||
114 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
115 | * ECC cipher suite support in OpenSSL originally developed by | ||
116 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
117 | */ | ||
118 | /* ==================================================================== | ||
119 | * Copyright 2005 Nokia. All rights reserved. | ||
120 | * | ||
121 | * The portions of the attached software ("Contribution") is developed by | ||
122 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
123 | * license. | ||
124 | * | ||
125 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
126 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
127 | * support (see RFC 4279) to OpenSSL. | ||
128 | * | ||
129 | * No patent licenses or other rights except those expressly stated in | ||
130 | * the OpenSSL open source license shall be deemed granted or received | ||
131 | * expressly, by implication, estoppel, or otherwise. | ||
132 | * | ||
133 | * No assurances are provided by Nokia that the Contribution does not | ||
134 | * infringe the patent or other intellectual property rights of any third | ||
135 | * party or that the license provides you with all the necessary rights | ||
136 | * to make use of the Contribution. | ||
137 | * | ||
138 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
139 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
140 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
141 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
142 | * OTHERWISE. | ||
143 | */ | ||
144 | |||
145 | #ifdef REF_CHECK | ||
146 | # include <assert.h> | ||
147 | #endif | ||
148 | #include <stdio.h> | ||
149 | #include "ssl_locl.h" | ||
150 | #include "kssl_lcl.h" | ||
151 | #include <openssl/objects.h> | ||
152 | #include <openssl/lhash.h> | ||
153 | #include <openssl/x509v3.h> | ||
154 | #include <openssl/rand.h> | ||
155 | #include <openssl/ocsp.h> | ||
156 | #ifndef OPENSSL_NO_DH | ||
157 | #include <openssl/dh.h> | ||
158 | #endif | ||
159 | #ifndef OPENSSL_NO_ENGINE | ||
160 | #include <openssl/engine.h> | ||
161 | #endif | ||
162 | |||
163 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | ||
164 | |||
165 | SSL3_ENC_METHOD ssl3_undef_enc_method={ | ||
166 | /* evil casts, but these functions are only called if there's a library bug */ | ||
167 | (int (*)(SSL *,int))ssl_undefined_function, | ||
168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, | ||
169 | ssl_undefined_function, | ||
170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | ||
171 | (int (*)(SSL*, int))ssl_undefined_function, | ||
172 | (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function, | ||
173 | 0, /* finish_mac_length */ | ||
174 | (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, | ||
175 | NULL, /* client_finished_label */ | ||
176 | 0, /* client_finished_label_len */ | ||
177 | NULL, /* server_finished_label */ | ||
178 | 0, /* server_finished_label_len */ | ||
179 | (int (*)(int))ssl_undefined_function | ||
180 | }; | ||
181 | |||
182 | int SSL_clear(SSL *s) | ||
183 | { | ||
184 | |||
185 | if (s->method == NULL) | ||
186 | { | ||
187 | SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); | ||
188 | return(0); | ||
189 | } | ||
190 | |||
191 | if (ssl_clear_bad_session(s)) | ||
192 | { | ||
193 | SSL_SESSION_free(s->session); | ||
194 | s->session=NULL; | ||
195 | } | ||
196 | |||
197 | s->error=0; | ||
198 | s->hit=0; | ||
199 | s->shutdown=0; | ||
200 | |||
201 | #if 0 /* Disabled since version 1.10 of this file (early return not | ||
202 | * needed because SSL_clear is not called when doing renegotiation) */ | ||
203 | /* This is set if we are doing dynamic renegotiation so keep | ||
204 | * the old cipher. It is sort of a SSL_clear_lite :-) */ | ||
205 | if (s->new_session) return(1); | ||
206 | #else | ||
207 | if (s->new_session) | ||
208 | { | ||
209 | SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); | ||
210 | return 0; | ||
211 | } | ||
212 | #endif | ||
213 | |||
214 | s->type=0; | ||
215 | |||
216 | s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); | ||
217 | |||
218 | s->version=s->method->version; | ||
219 | s->client_version=s->version; | ||
220 | s->rwstate=SSL_NOTHING; | ||
221 | s->rstate=SSL_ST_READ_HEADER; | ||
222 | #if 0 | ||
223 | s->read_ahead=s->ctx->read_ahead; | ||
224 | #endif | ||
225 | |||
226 | if (s->init_buf != NULL) | ||
227 | { | ||
228 | BUF_MEM_free(s->init_buf); | ||
229 | s->init_buf=NULL; | ||
230 | } | ||
231 | |||
232 | ssl_clear_cipher_ctx(s); | ||
233 | ssl_clear_hash_ctx(&s->read_hash); | ||
234 | ssl_clear_hash_ctx(&s->write_hash); | ||
235 | |||
236 | s->first_packet=0; | ||
237 | |||
238 | #if 1 | ||
239 | /* Check to see if we were changed into a different method, if | ||
240 | * so, revert back if we are not doing session-id reuse. */ | ||
241 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) | ||
242 | { | ||
243 | s->method->ssl_free(s); | ||
244 | s->method=s->ctx->method; | ||
245 | if (!s->method->ssl_new(s)) | ||
246 | return(0); | ||
247 | } | ||
248 | else | ||
249 | #endif | ||
250 | s->method->ssl_clear(s); | ||
251 | return(1); | ||
252 | } | ||
253 | |||
254 | /** Used to change an SSL_CTXs default SSL method type */ | ||
255 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) | ||
256 | { | ||
257 | STACK_OF(SSL_CIPHER) *sk; | ||
258 | |||
259 | ctx->method=meth; | ||
260 | |||
261 | sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), | ||
262 | &(ctx->cipher_list_by_id), | ||
263 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | ||
264 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) | ||
265 | { | ||
266 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | ||
267 | return(0); | ||
268 | } | ||
269 | return(1); | ||
270 | } | ||
271 | |||
272 | SSL *SSL_new(SSL_CTX *ctx) | ||
273 | { | ||
274 | SSL *s; | ||
275 | |||
276 | if (ctx == NULL) | ||
277 | { | ||
278 | SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); | ||
279 | return(NULL); | ||
280 | } | ||
281 | if (ctx->method == NULL) | ||
282 | { | ||
283 | SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); | ||
284 | return(NULL); | ||
285 | } | ||
286 | |||
287 | s=(SSL *)OPENSSL_malloc(sizeof(SSL)); | ||
288 | if (s == NULL) goto err; | ||
289 | memset(s,0,sizeof(SSL)); | ||
290 | |||
291 | #ifndef OPENSSL_NO_KRB5 | ||
292 | s->kssl_ctx = kssl_ctx_new(); | ||
293 | #endif /* OPENSSL_NO_KRB5 */ | ||
294 | |||
295 | s->options=ctx->options; | ||
296 | s->mode=ctx->mode; | ||
297 | s->max_cert_list=ctx->max_cert_list; | ||
298 | |||
299 | if (ctx->cert != NULL) | ||
300 | { | ||
301 | /* Earlier library versions used to copy the pointer to | ||
302 | * the CERT, not its contents; only when setting new | ||
303 | * parameters for the per-SSL copy, ssl_cert_new would be | ||
304 | * called (and the direct reference to the per-SSL_CTX | ||
305 | * settings would be lost, but those still were indirectly | ||
306 | * accessed for various purposes, and for that reason they | ||
307 | * used to be known as s->ctx->default_cert). | ||
308 | * Now we don't look at the SSL_CTX's CERT after having | ||
309 | * duplicated it once. */ | ||
310 | |||
311 | s->cert = ssl_cert_dup(ctx->cert); | ||
312 | if (s->cert == NULL) | ||
313 | goto err; | ||
314 | } | ||
315 | else | ||
316 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | ||
317 | |||
318 | s->read_ahead=ctx->read_ahead; | ||
319 | s->msg_callback=ctx->msg_callback; | ||
320 | s->msg_callback_arg=ctx->msg_callback_arg; | ||
321 | s->verify_mode=ctx->verify_mode; | ||
322 | #if 0 | ||
323 | s->verify_depth=ctx->verify_depth; | ||
324 | #endif | ||
325 | s->sid_ctx_length=ctx->sid_ctx_length; | ||
326 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | ||
327 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | ||
328 | s->verify_callback=ctx->default_verify_callback; | ||
329 | s->generate_session_id=ctx->generate_session_id; | ||
330 | |||
331 | s->param = X509_VERIFY_PARAM_new(); | ||
332 | if (!s->param) | ||
333 | goto err; | ||
334 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); | ||
335 | #if 0 | ||
336 | s->purpose = ctx->purpose; | ||
337 | s->trust = ctx->trust; | ||
338 | #endif | ||
339 | s->quiet_shutdown=ctx->quiet_shutdown; | ||
340 | s->max_send_fragment = ctx->max_send_fragment; | ||
341 | |||
342 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | ||
343 | s->ctx=ctx; | ||
344 | #ifndef OPENSSL_NO_TLSEXT | ||
345 | s->tlsext_debug_cb = 0; | ||
346 | s->tlsext_debug_arg = NULL; | ||
347 | s->tlsext_ticket_expected = 0; | ||
348 | s->tlsext_status_type = -1; | ||
349 | s->tlsext_status_expected = 0; | ||
350 | s->tlsext_ocsp_ids = NULL; | ||
351 | s->tlsext_ocsp_exts = NULL; | ||
352 | s->tlsext_ocsp_resp = NULL; | ||
353 | s->tlsext_ocsp_resplen = -1; | ||
354 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | ||
355 | s->initial_ctx=ctx; | ||
356 | #endif | ||
357 | |||
358 | s->verify_result=X509_V_OK; | ||
359 | |||
360 | s->method=ctx->method; | ||
361 | |||
362 | if (!s->method->ssl_new(s)) | ||
363 | goto err; | ||
364 | |||
365 | s->references=1; | ||
366 | s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; | ||
367 | |||
368 | SSL_clear(s); | ||
369 | |||
370 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | ||
371 | |||
372 | #ifndef OPENSSL_NO_PSK | ||
373 | s->psk_client_callback=ctx->psk_client_callback; | ||
374 | s->psk_server_callback=ctx->psk_server_callback; | ||
375 | #endif | ||
376 | |||
377 | return(s); | ||
378 | err: | ||
379 | if (s != NULL) | ||
380 | { | ||
381 | if (s->cert != NULL) | ||
382 | ssl_cert_free(s->cert); | ||
383 | if (s->ctx != NULL) | ||
384 | SSL_CTX_free(s->ctx); /* decrement reference count */ | ||
385 | OPENSSL_free(s); | ||
386 | } | ||
387 | SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | ||
388 | return(NULL); | ||
389 | } | ||
390 | |||
391 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | ||
392 | unsigned int sid_ctx_len) | ||
393 | { | ||
394 | if(sid_ctx_len > sizeof ctx->sid_ctx) | ||
395 | { | ||
396 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | ||
397 | return 0; | ||
398 | } | ||
399 | ctx->sid_ctx_length=sid_ctx_len; | ||
400 | memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); | ||
401 | |||
402 | return 1; | ||
403 | } | ||
404 | |||
405 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | ||
406 | unsigned int sid_ctx_len) | ||
407 | { | ||
408 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | ||
409 | { | ||
410 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | ||
411 | return 0; | ||
412 | } | ||
413 | ssl->sid_ctx_length=sid_ctx_len; | ||
414 | memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); | ||
415 | |||
416 | return 1; | ||
417 | } | ||
418 | |||
419 | int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) | ||
420 | { | ||
421 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
422 | ctx->generate_session_id = cb; | ||
423 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
424 | return 1; | ||
425 | } | ||
426 | |||
427 | int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) | ||
428 | { | ||
429 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
430 | ssl->generate_session_id = cb; | ||
431 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
432 | return 1; | ||
433 | } | ||
434 | |||
435 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | ||
436 | unsigned int id_len) | ||
437 | { | ||
438 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how | ||
439 | * we can "construct" a session to give us the desired check - ie. to | ||
440 | * find if there's a session in the hash table that would conflict with | ||
441 | * any new session built out of this id/id_len and the ssl_version in | ||
442 | * use by this SSL. */ | ||
443 | SSL_SESSION r, *p; | ||
444 | |||
445 | if(id_len > sizeof r.session_id) | ||
446 | return 0; | ||
447 | |||
448 | r.ssl_version = ssl->version; | ||
449 | r.session_id_length = id_len; | ||
450 | memcpy(r.session_id, id, id_len); | ||
451 | /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a | ||
452 | * callback is calling us to check the uniqueness of a shorter ID, it | ||
453 | * must be compared as a padded-out ID because that is what it will be | ||
454 | * converted to when the callback has finished choosing it. */ | ||
455 | if((r.ssl_version == SSL2_VERSION) && | ||
456 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) | ||
457 | { | ||
458 | memset(r.session_id + id_len, 0, | ||
459 | SSL2_SSL_SESSION_ID_LENGTH - id_len); | ||
460 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; | ||
461 | } | ||
462 | |||
463 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
464 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); | ||
465 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
466 | return (p != NULL); | ||
467 | } | ||
468 | |||
469 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | ||
470 | { | ||
471 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | ||
472 | } | ||
473 | |||
474 | int SSL_set_purpose(SSL *s, int purpose) | ||
475 | { | ||
476 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | ||
477 | } | ||
478 | |||
479 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | ||
480 | { | ||
481 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | ||
482 | } | ||
483 | |||
484 | int SSL_set_trust(SSL *s, int trust) | ||
485 | { | ||
486 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | ||
487 | } | ||
488 | |||
489 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) | ||
490 | { | ||
491 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); | ||
492 | } | ||
493 | |||
494 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) | ||
495 | { | ||
496 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); | ||
497 | } | ||
498 | |||
499 | void SSL_free(SSL *s) | ||
500 | { | ||
501 | int i; | ||
502 | |||
503 | if(s == NULL) | ||
504 | return; | ||
505 | |||
506 | i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); | ||
507 | #ifdef REF_PRINT | ||
508 | REF_PRINT("SSL",s); | ||
509 | #endif | ||
510 | if (i > 0) return; | ||
511 | #ifdef REF_CHECK | ||
512 | if (i < 0) | ||
513 | { | ||
514 | fprintf(stderr,"SSL_free, bad reference count\n"); | ||
515 | abort(); /* ok */ | ||
516 | } | ||
517 | #endif | ||
518 | |||
519 | if (s->param) | ||
520 | X509_VERIFY_PARAM_free(s->param); | ||
521 | |||
522 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | ||
523 | |||
524 | if (s->bbio != NULL) | ||
525 | { | ||
526 | /* If the buffering BIO is in place, pop it off */ | ||
527 | if (s->bbio == s->wbio) | ||
528 | { | ||
529 | s->wbio=BIO_pop(s->wbio); | ||
530 | } | ||
531 | BIO_free(s->bbio); | ||
532 | s->bbio=NULL; | ||
533 | } | ||
534 | if (s->rbio != NULL) | ||
535 | BIO_free_all(s->rbio); | ||
536 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) | ||
537 | BIO_free_all(s->wbio); | ||
538 | |||
539 | if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); | ||
540 | |||
541 | /* add extra stuff */ | ||
542 | if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); | ||
543 | if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
544 | |||
545 | /* Make the next call work :-) */ | ||
546 | if (s->session != NULL) | ||
547 | { | ||
548 | ssl_clear_bad_session(s); | ||
549 | SSL_SESSION_free(s->session); | ||
550 | } | ||
551 | |||
552 | ssl_clear_cipher_ctx(s); | ||
553 | ssl_clear_hash_ctx(&s->read_hash); | ||
554 | ssl_clear_hash_ctx(&s->write_hash); | ||
555 | |||
556 | if (s->cert != NULL) ssl_cert_free(s->cert); | ||
557 | /* Free up if allocated */ | ||
558 | |||
559 | #ifndef OPENSSL_NO_TLSEXT | ||
560 | if (s->tlsext_hostname) | ||
561 | OPENSSL_free(s->tlsext_hostname); | ||
562 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | ||
563 | #ifndef OPENSSL_NO_EC | ||
564 | if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); | ||
565 | if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); | ||
566 | #endif /* OPENSSL_NO_EC */ | ||
567 | if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); | ||
568 | if (s->tlsext_ocsp_exts) | ||
569 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | ||
570 | X509_EXTENSION_free); | ||
571 | if (s->tlsext_ocsp_ids) | ||
572 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | ||
573 | if (s->tlsext_ocsp_resp) | ||
574 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
575 | #endif | ||
576 | |||
577 | if (s->client_CA != NULL) | ||
578 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | ||
579 | |||
580 | if (s->method != NULL) s->method->ssl_free(s); | ||
581 | |||
582 | if (s->ctx) SSL_CTX_free(s->ctx); | ||
583 | |||
584 | #ifndef OPENSSL_NO_KRB5 | ||
585 | if (s->kssl_ctx != NULL) | ||
586 | kssl_ctx_free(s->kssl_ctx); | ||
587 | #endif /* OPENSSL_NO_KRB5 */ | ||
588 | |||
589 | OPENSSL_free(s); | ||
590 | } | ||
591 | |||
592 | void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) | ||
593 | { | ||
594 | /* If the output buffering BIO is still in place, remove it | ||
595 | */ | ||
596 | if (s->bbio != NULL) | ||
597 | { | ||
598 | if (s->wbio == s->bbio) | ||
599 | { | ||
600 | s->wbio=s->wbio->next_bio; | ||
601 | s->bbio->next_bio=NULL; | ||
602 | } | ||
603 | } | ||
604 | if ((s->rbio != NULL) && (s->rbio != rbio)) | ||
605 | BIO_free_all(s->rbio); | ||
606 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) | ||
607 | BIO_free_all(s->wbio); | ||
608 | s->rbio=rbio; | ||
609 | s->wbio=wbio; | ||
610 | } | ||
611 | |||
612 | BIO *SSL_get_rbio(const SSL *s) | ||
613 | { return(s->rbio); } | ||
614 | |||
615 | BIO *SSL_get_wbio(const SSL *s) | ||
616 | { return(s->wbio); } | ||
617 | |||
618 | int SSL_get_fd(const SSL *s) | ||
619 | { | ||
620 | return(SSL_get_rfd(s)); | ||
621 | } | ||
622 | |||
623 | int SSL_get_rfd(const SSL *s) | ||
624 | { | ||
625 | int ret= -1; | ||
626 | BIO *b,*r; | ||
627 | |||
628 | b=SSL_get_rbio(s); | ||
629 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | ||
630 | if (r != NULL) | ||
631 | BIO_get_fd(r,&ret); | ||
632 | return(ret); | ||
633 | } | ||
634 | |||
635 | int SSL_get_wfd(const SSL *s) | ||
636 | { | ||
637 | int ret= -1; | ||
638 | BIO *b,*r; | ||
639 | |||
640 | b=SSL_get_wbio(s); | ||
641 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | ||
642 | if (r != NULL) | ||
643 | BIO_get_fd(r,&ret); | ||
644 | return(ret); | ||
645 | } | ||
646 | |||
647 | #ifndef OPENSSL_NO_SOCK | ||
648 | int SSL_set_fd(SSL *s,int fd) | ||
649 | { | ||
650 | int ret=0; | ||
651 | BIO *bio=NULL; | ||
652 | |||
653 | bio=BIO_new(BIO_s_socket()); | ||
654 | |||
655 | if (bio == NULL) | ||
656 | { | ||
657 | SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); | ||
658 | goto err; | ||
659 | } | ||
660 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
661 | SSL_set_bio(s,bio,bio); | ||
662 | ret=1; | ||
663 | err: | ||
664 | return(ret); | ||
665 | } | ||
666 | |||
667 | int SSL_set_wfd(SSL *s,int fd) | ||
668 | { | ||
669 | int ret=0; | ||
670 | BIO *bio=NULL; | ||
671 | |||
672 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) | ||
673 | || ((int)BIO_get_fd(s->rbio,NULL) != fd)) | ||
674 | { | ||
675 | bio=BIO_new(BIO_s_socket()); | ||
676 | |||
677 | if (bio == NULL) | ||
678 | { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } | ||
679 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
680 | SSL_set_bio(s,SSL_get_rbio(s),bio); | ||
681 | } | ||
682 | else | ||
683 | SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); | ||
684 | ret=1; | ||
685 | err: | ||
686 | return(ret); | ||
687 | } | ||
688 | |||
689 | int SSL_set_rfd(SSL *s,int fd) | ||
690 | { | ||
691 | int ret=0; | ||
692 | BIO *bio=NULL; | ||
693 | |||
694 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) | ||
695 | || ((int)BIO_get_fd(s->wbio,NULL) != fd)) | ||
696 | { | ||
697 | bio=BIO_new(BIO_s_socket()); | ||
698 | |||
699 | if (bio == NULL) | ||
700 | { | ||
701 | SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); | ||
702 | goto err; | ||
703 | } | ||
704 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
705 | SSL_set_bio(s,bio,SSL_get_wbio(s)); | ||
706 | } | ||
707 | else | ||
708 | SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); | ||
709 | ret=1; | ||
710 | err: | ||
711 | return(ret); | ||
712 | } | ||
713 | #endif | ||
714 | |||
715 | |||
716 | /* return length of latest Finished message we sent, copy to 'buf' */ | ||
717 | size_t SSL_get_finished(const SSL *s, void *buf, size_t count) | ||
718 | { | ||
719 | size_t ret = 0; | ||
720 | |||
721 | if (s->s3 != NULL) | ||
722 | { | ||
723 | ret = s->s3->tmp.finish_md_len; | ||
724 | if (count > ret) | ||
725 | count = ret; | ||
726 | memcpy(buf, s->s3->tmp.finish_md, count); | ||
727 | } | ||
728 | return ret; | ||
729 | } | ||
730 | |||
731 | /* return length of latest Finished message we expected, copy to 'buf' */ | ||
732 | size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | ||
733 | { | ||
734 | size_t ret = 0; | ||
735 | |||
736 | if (s->s3 != NULL) | ||
737 | { | ||
738 | ret = s->s3->tmp.peer_finish_md_len; | ||
739 | if (count > ret) | ||
740 | count = ret; | ||
741 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | ||
742 | } | ||
743 | return ret; | ||
744 | } | ||
745 | |||
746 | |||
747 | int SSL_get_verify_mode(const SSL *s) | ||
748 | { | ||
749 | return(s->verify_mode); | ||
750 | } | ||
751 | |||
752 | int SSL_get_verify_depth(const SSL *s) | ||
753 | { | ||
754 | return X509_VERIFY_PARAM_get_depth(s->param); | ||
755 | } | ||
756 | |||
757 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) | ||
758 | { | ||
759 | return(s->verify_callback); | ||
760 | } | ||
761 | |||
762 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | ||
763 | { | ||
764 | return(ctx->verify_mode); | ||
765 | } | ||
766 | |||
767 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | ||
768 | { | ||
769 | return X509_VERIFY_PARAM_get_depth(ctx->param); | ||
770 | } | ||
771 | |||
772 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) | ||
773 | { | ||
774 | return(ctx->default_verify_callback); | ||
775 | } | ||
776 | |||
777 | void SSL_set_verify(SSL *s,int mode, | ||
778 | int (*callback)(int ok,X509_STORE_CTX *ctx)) | ||
779 | { | ||
780 | s->verify_mode=mode; | ||
781 | if (callback != NULL) | ||
782 | s->verify_callback=callback; | ||
783 | } | ||
784 | |||
785 | void SSL_set_verify_depth(SSL *s,int depth) | ||
786 | { | ||
787 | X509_VERIFY_PARAM_set_depth(s->param, depth); | ||
788 | } | ||
789 | |||
790 | void SSL_set_read_ahead(SSL *s,int yes) | ||
791 | { | ||
792 | s->read_ahead=yes; | ||
793 | } | ||
794 | |||
795 | int SSL_get_read_ahead(const SSL *s) | ||
796 | { | ||
797 | return(s->read_ahead); | ||
798 | } | ||
799 | |||
800 | int SSL_pending(const SSL *s) | ||
801 | { | ||
802 | /* SSL_pending cannot work properly if read-ahead is enabled | ||
803 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), | ||
804 | * and it is impossible to fix since SSL_pending cannot report | ||
805 | * errors that may be observed while scanning the new data. | ||
806 | * (Note that SSL_pending() is often used as a boolean value, | ||
807 | * so we'd better not return -1.) | ||
808 | */ | ||
809 | return(s->method->ssl_pending(s)); | ||
810 | } | ||
811 | |||
812 | X509 *SSL_get_peer_certificate(const SSL *s) | ||
813 | { | ||
814 | X509 *r; | ||
815 | |||
816 | if ((s == NULL) || (s->session == NULL)) | ||
817 | r=NULL; | ||
818 | else | ||
819 | r=s->session->peer; | ||
820 | |||
821 | if (r == NULL) return(r); | ||
822 | |||
823 | CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); | ||
824 | |||
825 | return(r); | ||
826 | } | ||
827 | |||
828 | STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) | ||
829 | { | ||
830 | STACK_OF(X509) *r; | ||
831 | |||
832 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) | ||
833 | r=NULL; | ||
834 | else | ||
835 | r=s->session->sess_cert->cert_chain; | ||
836 | |||
837 | /* If we are a client, cert_chain includes the peer's own | ||
838 | * certificate; if we are a server, it does not. */ | ||
839 | |||
840 | return(r); | ||
841 | } | ||
842 | |||
843 | /* Now in theory, since the calling process own 't' it should be safe to | ||
844 | * modify. We need to be able to read f without being hassled */ | ||
845 | void SSL_copy_session_id(SSL *t,const SSL *f) | ||
846 | { | ||
847 | CERT *tmp; | ||
848 | |||
849 | /* Do we need to to SSL locking? */ | ||
850 | SSL_set_session(t,SSL_get_session(f)); | ||
851 | |||
852 | /* what if we are setup as SSLv2 but want to talk SSLv3 or | ||
853 | * vice-versa */ | ||
854 | if (t->method != f->method) | ||
855 | { | ||
856 | t->method->ssl_free(t); /* cleanup current */ | ||
857 | t->method=f->method; /* change method */ | ||
858 | t->method->ssl_new(t); /* setup new */ | ||
859 | } | ||
860 | |||
861 | tmp=t->cert; | ||
862 | if (f->cert != NULL) | ||
863 | { | ||
864 | CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
865 | t->cert=f->cert; | ||
866 | } | ||
867 | else | ||
868 | t->cert=NULL; | ||
869 | if (tmp != NULL) ssl_cert_free(tmp); | ||
870 | SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); | ||
871 | } | ||
872 | |||
873 | /* Fix this so it checks all the valid key/cert options */ | ||
874 | int SSL_CTX_check_private_key(const SSL_CTX *ctx) | ||
875 | { | ||
876 | if ( (ctx == NULL) || | ||
877 | (ctx->cert == NULL) || | ||
878 | (ctx->cert->key->x509 == NULL)) | ||
879 | { | ||
880 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
881 | return(0); | ||
882 | } | ||
883 | if (ctx->cert->key->privatekey == NULL) | ||
884 | { | ||
885 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
886 | return(0); | ||
887 | } | ||
888 | return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
889 | } | ||
890 | |||
891 | /* Fix this function so that it takes an optional type parameter */ | ||
892 | int SSL_check_private_key(const SSL *ssl) | ||
893 | { | ||
894 | if (ssl == NULL) | ||
895 | { | ||
896 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); | ||
897 | return(0); | ||
898 | } | ||
899 | if (ssl->cert == NULL) | ||
900 | { | ||
901 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
902 | return 0; | ||
903 | } | ||
904 | if (ssl->cert->key->x509 == NULL) | ||
905 | { | ||
906 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
907 | return(0); | ||
908 | } | ||
909 | if (ssl->cert->key->privatekey == NULL) | ||
910 | { | ||
911 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
912 | return(0); | ||
913 | } | ||
914 | return(X509_check_private_key(ssl->cert->key->x509, | ||
915 | ssl->cert->key->privatekey)); | ||
916 | } | ||
917 | |||
918 | int SSL_accept(SSL *s) | ||
919 | { | ||
920 | if (s->handshake_func == 0) | ||
921 | /* Not properly initialized yet */ | ||
922 | SSL_set_accept_state(s); | ||
923 | |||
924 | return(s->method->ssl_accept(s)); | ||
925 | } | ||
926 | |||
927 | int SSL_connect(SSL *s) | ||
928 | { | ||
929 | if (s->handshake_func == 0) | ||
930 | /* Not properly initialized yet */ | ||
931 | SSL_set_connect_state(s); | ||
932 | |||
933 | return(s->method->ssl_connect(s)); | ||
934 | } | ||
935 | |||
936 | long SSL_get_default_timeout(const SSL *s) | ||
937 | { | ||
938 | return(s->method->get_timeout()); | ||
939 | } | ||
940 | |||
941 | int SSL_read(SSL *s,void *buf,int num) | ||
942 | { | ||
943 | if (s->handshake_func == 0) | ||
944 | { | ||
945 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | ||
946 | return -1; | ||
947 | } | ||
948 | |||
949 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | ||
950 | { | ||
951 | s->rwstate=SSL_NOTHING; | ||
952 | return(0); | ||
953 | } | ||
954 | return(s->method->ssl_read(s,buf,num)); | ||
955 | } | ||
956 | |||
957 | int SSL_peek(SSL *s,void *buf,int num) | ||
958 | { | ||
959 | if (s->handshake_func == 0) | ||
960 | { | ||
961 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); | ||
962 | return -1; | ||
963 | } | ||
964 | |||
965 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | ||
966 | { | ||
967 | return(0); | ||
968 | } | ||
969 | return(s->method->ssl_peek(s,buf,num)); | ||
970 | } | ||
971 | |||
972 | int SSL_write(SSL *s,const void *buf,int num) | ||
973 | { | ||
974 | if (s->handshake_func == 0) | ||
975 | { | ||
976 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); | ||
977 | return -1; | ||
978 | } | ||
979 | |||
980 | if (s->shutdown & SSL_SENT_SHUTDOWN) | ||
981 | { | ||
982 | s->rwstate=SSL_NOTHING; | ||
983 | SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); | ||
984 | return(-1); | ||
985 | } | ||
986 | return(s->method->ssl_write(s,buf,num)); | ||
987 | } | ||
988 | |||
989 | int SSL_shutdown(SSL *s) | ||
990 | { | ||
991 | /* Note that this function behaves differently from what one might | ||
992 | * expect. Return values are 0 for no success (yet), | ||
993 | * 1 for success; but calling it once is usually not enough, | ||
994 | * even if blocking I/O is used (see ssl3_shutdown). | ||
995 | */ | ||
996 | |||
997 | if (s->handshake_func == 0) | ||
998 | { | ||
999 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); | ||
1000 | return -1; | ||
1001 | } | ||
1002 | |||
1003 | if ((s != NULL) && !SSL_in_init(s)) | ||
1004 | return(s->method->ssl_shutdown(s)); | ||
1005 | else | ||
1006 | return(1); | ||
1007 | } | ||
1008 | |||
1009 | int SSL_renegotiate(SSL *s) | ||
1010 | { | ||
1011 | if (s->new_session == 0) | ||
1012 | { | ||
1013 | s->new_session=1; | ||
1014 | } | ||
1015 | return(s->method->ssl_renegotiate(s)); | ||
1016 | } | ||
1017 | |||
1018 | int SSL_renegotiate_pending(SSL *s) | ||
1019 | { | ||
1020 | /* becomes true when negotiation is requested; | ||
1021 | * false again once a handshake has finished */ | ||
1022 | return (s->new_session != 0); | ||
1023 | } | ||
1024 | |||
1025 | long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | ||
1026 | { | ||
1027 | long l; | ||
1028 | |||
1029 | switch (cmd) | ||
1030 | { | ||
1031 | case SSL_CTRL_GET_READ_AHEAD: | ||
1032 | return(s->read_ahead); | ||
1033 | case SSL_CTRL_SET_READ_AHEAD: | ||
1034 | l=s->read_ahead; | ||
1035 | s->read_ahead=larg; | ||
1036 | return(l); | ||
1037 | |||
1038 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | ||
1039 | s->msg_callback_arg = parg; | ||
1040 | return 1; | ||
1041 | |||
1042 | case SSL_CTRL_OPTIONS: | ||
1043 | return(s->options|=larg); | ||
1044 | case SSL_CTRL_CLEAR_OPTIONS: | ||
1045 | return(s->options&=~larg); | ||
1046 | case SSL_CTRL_MODE: | ||
1047 | return(s->mode|=larg); | ||
1048 | case SSL_CTRL_CLEAR_MODE: | ||
1049 | return(s->mode &=~larg); | ||
1050 | case SSL_CTRL_GET_MAX_CERT_LIST: | ||
1051 | return(s->max_cert_list); | ||
1052 | case SSL_CTRL_SET_MAX_CERT_LIST: | ||
1053 | l=s->max_cert_list; | ||
1054 | s->max_cert_list=larg; | ||
1055 | return(l); | ||
1056 | case SSL_CTRL_SET_MTU: | ||
1057 | if (larg < (long)dtls1_min_mtu()) | ||
1058 | return 0; | ||
1059 | |||
1060 | if (SSL_version(s) == DTLS1_VERSION || | ||
1061 | SSL_version(s) == DTLS1_BAD_VER) | ||
1062 | { | ||
1063 | s->d1->mtu = larg; | ||
1064 | return larg; | ||
1065 | } | ||
1066 | return 0; | ||
1067 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | ||
1068 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | ||
1069 | return 0; | ||
1070 | s->max_send_fragment = larg; | ||
1071 | return 1; | ||
1072 | case SSL_CTRL_GET_RI_SUPPORT: | ||
1073 | if (s->s3) | ||
1074 | return s->s3->send_connection_binding; | ||
1075 | else return 0; | ||
1076 | default: | ||
1077 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | ||
1078 | } | ||
1079 | } | ||
1080 | |||
1081 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | ||
1082 | { | ||
1083 | switch(cmd) | ||
1084 | { | ||
1085 | case SSL_CTRL_SET_MSG_CALLBACK: | ||
1086 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | ||
1087 | return 1; | ||
1088 | |||
1089 | default: | ||
1090 | return(s->method->ssl_callback_ctrl(s,cmd,fp)); | ||
1091 | } | ||
1092 | } | ||
1093 | |||
1094 | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) | ||
1095 | { | ||
1096 | return ctx->sessions; | ||
1097 | } | ||
1098 | |||
1099 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) | ||
1100 | { | ||
1101 | long l; | ||
1102 | |||
1103 | switch (cmd) | ||
1104 | { | ||
1105 | case SSL_CTRL_GET_READ_AHEAD: | ||
1106 | return(ctx->read_ahead); | ||
1107 | case SSL_CTRL_SET_READ_AHEAD: | ||
1108 | l=ctx->read_ahead; | ||
1109 | ctx->read_ahead=larg; | ||
1110 | return(l); | ||
1111 | |||
1112 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | ||
1113 | ctx->msg_callback_arg = parg; | ||
1114 | return 1; | ||
1115 | |||
1116 | case SSL_CTRL_GET_MAX_CERT_LIST: | ||
1117 | return(ctx->max_cert_list); | ||
1118 | case SSL_CTRL_SET_MAX_CERT_LIST: | ||
1119 | l=ctx->max_cert_list; | ||
1120 | ctx->max_cert_list=larg; | ||
1121 | return(l); | ||
1122 | |||
1123 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | ||
1124 | l=ctx->session_cache_size; | ||
1125 | ctx->session_cache_size=larg; | ||
1126 | return(l); | ||
1127 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | ||
1128 | return(ctx->session_cache_size); | ||
1129 | case SSL_CTRL_SET_SESS_CACHE_MODE: | ||
1130 | l=ctx->session_cache_mode; | ||
1131 | ctx->session_cache_mode=larg; | ||
1132 | return(l); | ||
1133 | case SSL_CTRL_GET_SESS_CACHE_MODE: | ||
1134 | return(ctx->session_cache_mode); | ||
1135 | |||
1136 | case SSL_CTRL_SESS_NUMBER: | ||
1137 | return(lh_SSL_SESSION_num_items(ctx->sessions)); | ||
1138 | case SSL_CTRL_SESS_CONNECT: | ||
1139 | return(ctx->stats.sess_connect); | ||
1140 | case SSL_CTRL_SESS_CONNECT_GOOD: | ||
1141 | return(ctx->stats.sess_connect_good); | ||
1142 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: | ||
1143 | return(ctx->stats.sess_connect_renegotiate); | ||
1144 | case SSL_CTRL_SESS_ACCEPT: | ||
1145 | return(ctx->stats.sess_accept); | ||
1146 | case SSL_CTRL_SESS_ACCEPT_GOOD: | ||
1147 | return(ctx->stats.sess_accept_good); | ||
1148 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: | ||
1149 | return(ctx->stats.sess_accept_renegotiate); | ||
1150 | case SSL_CTRL_SESS_HIT: | ||
1151 | return(ctx->stats.sess_hit); | ||
1152 | case SSL_CTRL_SESS_CB_HIT: | ||
1153 | return(ctx->stats.sess_cb_hit); | ||
1154 | case SSL_CTRL_SESS_MISSES: | ||
1155 | return(ctx->stats.sess_miss); | ||
1156 | case SSL_CTRL_SESS_TIMEOUTS: | ||
1157 | return(ctx->stats.sess_timeout); | ||
1158 | case SSL_CTRL_SESS_CACHE_FULL: | ||
1159 | return(ctx->stats.sess_cache_full); | ||
1160 | case SSL_CTRL_OPTIONS: | ||
1161 | return(ctx->options|=larg); | ||
1162 | case SSL_CTRL_CLEAR_OPTIONS: | ||
1163 | return(ctx->options&=~larg); | ||
1164 | case SSL_CTRL_MODE: | ||
1165 | return(ctx->mode|=larg); | ||
1166 | case SSL_CTRL_CLEAR_MODE: | ||
1167 | return(ctx->mode&=~larg); | ||
1168 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | ||
1169 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | ||
1170 | return 0; | ||
1171 | ctx->max_send_fragment = larg; | ||
1172 | return 1; | ||
1173 | default: | ||
1174 | return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); | ||
1175 | } | ||
1176 | } | ||
1177 | |||
1178 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | ||
1179 | { | ||
1180 | switch(cmd) | ||
1181 | { | ||
1182 | case SSL_CTRL_SET_MSG_CALLBACK: | ||
1183 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | ||
1184 | return 1; | ||
1185 | |||
1186 | default: | ||
1187 | return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); | ||
1188 | } | ||
1189 | } | ||
1190 | |||
1191 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | ||
1192 | { | ||
1193 | long l; | ||
1194 | |||
1195 | l=a->id-b->id; | ||
1196 | if (l == 0L) | ||
1197 | return(0); | ||
1198 | else | ||
1199 | return((l > 0)?1:-1); | ||
1200 | } | ||
1201 | |||
1202 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | ||
1203 | const SSL_CIPHER * const *bp) | ||
1204 | { | ||
1205 | long l; | ||
1206 | |||
1207 | l=(*ap)->id-(*bp)->id; | ||
1208 | if (l == 0L) | ||
1209 | return(0); | ||
1210 | else | ||
1211 | return((l > 0)?1:-1); | ||
1212 | } | ||
1213 | |||
1214 | /** return a STACK of the ciphers available for the SSL and in order of | ||
1215 | * preference */ | ||
1216 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) | ||
1217 | { | ||
1218 | if (s != NULL) | ||
1219 | { | ||
1220 | if (s->cipher_list != NULL) | ||
1221 | { | ||
1222 | return(s->cipher_list); | ||
1223 | } | ||
1224 | else if ((s->ctx != NULL) && | ||
1225 | (s->ctx->cipher_list != NULL)) | ||
1226 | { | ||
1227 | return(s->ctx->cipher_list); | ||
1228 | } | ||
1229 | } | ||
1230 | return(NULL); | ||
1231 | } | ||
1232 | |||
1233 | /** return a STACK of the ciphers available for the SSL and in order of | ||
1234 | * algorithm id */ | ||
1235 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) | ||
1236 | { | ||
1237 | if (s != NULL) | ||
1238 | { | ||
1239 | if (s->cipher_list_by_id != NULL) | ||
1240 | { | ||
1241 | return(s->cipher_list_by_id); | ||
1242 | } | ||
1243 | else if ((s->ctx != NULL) && | ||
1244 | (s->ctx->cipher_list_by_id != NULL)) | ||
1245 | { | ||
1246 | return(s->ctx->cipher_list_by_id); | ||
1247 | } | ||
1248 | } | ||
1249 | return(NULL); | ||
1250 | } | ||
1251 | |||
1252 | /** The old interface to get the same thing as SSL_get_ciphers() */ | ||
1253 | const char *SSL_get_cipher_list(const SSL *s,int n) | ||
1254 | { | ||
1255 | SSL_CIPHER *c; | ||
1256 | STACK_OF(SSL_CIPHER) *sk; | ||
1257 | |||
1258 | if (s == NULL) return(NULL); | ||
1259 | sk=SSL_get_ciphers(s); | ||
1260 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) | ||
1261 | return(NULL); | ||
1262 | c=sk_SSL_CIPHER_value(sk,n); | ||
1263 | if (c == NULL) return(NULL); | ||
1264 | return(c->name); | ||
1265 | } | ||
1266 | |||
1267 | /** specify the ciphers to be used by default by the SSL_CTX */ | ||
1268 | int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | ||
1269 | { | ||
1270 | STACK_OF(SSL_CIPHER) *sk; | ||
1271 | |||
1272 | sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, | ||
1273 | &ctx->cipher_list_by_id,str); | ||
1274 | /* ssl_create_cipher_list may return an empty stack if it | ||
1275 | * was unable to find a cipher matching the given rule string | ||
1276 | * (for example if the rule string specifies a cipher which | ||
1277 | * has been disabled). This is not an error as far as | ||
1278 | * ssl_create_cipher_list is concerned, and hence | ||
1279 | * ctx->cipher_list and ctx->cipher_list_by_id has been | ||
1280 | * updated. */ | ||
1281 | if (sk == NULL) | ||
1282 | return 0; | ||
1283 | else if (sk_SSL_CIPHER_num(sk) == 0) | ||
1284 | { | ||
1285 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | ||
1286 | return 0; | ||
1287 | } | ||
1288 | return 1; | ||
1289 | } | ||
1290 | |||
1291 | /** specify the ciphers to be used by the SSL */ | ||
1292 | int SSL_set_cipher_list(SSL *s,const char *str) | ||
1293 | { | ||
1294 | STACK_OF(SSL_CIPHER) *sk; | ||
1295 | |||
1296 | sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, | ||
1297 | &s->cipher_list_by_id,str); | ||
1298 | /* see comment in SSL_CTX_set_cipher_list */ | ||
1299 | if (sk == NULL) | ||
1300 | return 0; | ||
1301 | else if (sk_SSL_CIPHER_num(sk) == 0) | ||
1302 | { | ||
1303 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | ||
1304 | return 0; | ||
1305 | } | ||
1306 | return 1; | ||
1307 | } | ||
1308 | |||
1309 | /* works well for SSLv2, not so good for SSLv3 */ | ||
1310 | char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | ||
1311 | { | ||
1312 | char *end; | ||
1313 | STACK_OF(SSL_CIPHER) *sk; | ||
1314 | SSL_CIPHER *c; | ||
1315 | size_t curlen = 0; | ||
1316 | int i; | ||
1317 | |||
1318 | if ((s->session == NULL) || (s->session->ciphers == NULL) || | ||
1319 | (len < 2)) | ||
1320 | return(NULL); | ||
1321 | |||
1322 | sk=s->session->ciphers; | ||
1323 | buf[0] = '\0'; | ||
1324 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | ||
1325 | { | ||
1326 | c=sk_SSL_CIPHER_value(sk,i); | ||
1327 | end = buf + curlen; | ||
1328 | if (strlcat(buf, c->name, len) >= len || | ||
1329 | (curlen = strlcat(buf, ":", len)) >= len) | ||
1330 | { | ||
1331 | /* remove truncated cipher from list */ | ||
1332 | *end = '\0'; | ||
1333 | break; | ||
1334 | } | ||
1335 | } | ||
1336 | /* remove trailing colon */ | ||
1337 | if ((end = strrchr(buf, ':')) != NULL) | ||
1338 | *end = '\0'; | ||
1339 | return(buf); | ||
1340 | } | ||
1341 | |||
1342 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | ||
1343 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) | ||
1344 | { | ||
1345 | int i,j=0; | ||
1346 | SSL_CIPHER *c; | ||
1347 | unsigned char *q; | ||
1348 | #ifndef OPENSSL_NO_KRB5 | ||
1349 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); | ||
1350 | #endif /* OPENSSL_NO_KRB5 */ | ||
1351 | |||
1352 | if (sk == NULL) return(0); | ||
1353 | q=p; | ||
1354 | |||
1355 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | ||
1356 | { | ||
1357 | c=sk_SSL_CIPHER_value(sk,i); | ||
1358 | #ifndef OPENSSL_NO_KRB5 | ||
1359 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && | ||
1360 | nokrb5) | ||
1361 | continue; | ||
1362 | #endif /* OPENSSL_NO_KRB5 */ | ||
1363 | #ifndef OPENSSL_NO_PSK | ||
1364 | /* with PSK there must be client callback set */ | ||
1365 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && | ||
1366 | s->psk_client_callback == NULL) | ||
1367 | continue; | ||
1368 | #endif /* OPENSSL_NO_PSK */ | ||
1369 | j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); | ||
1370 | p+=j; | ||
1371 | } | ||
1372 | /* If p == q, no ciphers and caller indicates an error. Otherwise | ||
1373 | * add SCSV if not renegotiating. | ||
1374 | */ | ||
1375 | if (p != q && !s->new_session) | ||
1376 | { | ||
1377 | static SSL_CIPHER scsv = | ||
1378 | { | ||
1379 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 | ||
1380 | }; | ||
1381 | j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); | ||
1382 | p+=j; | ||
1383 | #ifdef OPENSSL_RI_DEBUG | ||
1384 | fprintf(stderr, "SCSV sent by client\n"); | ||
1385 | #endif | ||
1386 | } | ||
1387 | |||
1388 | return(p-q); | ||
1389 | } | ||
1390 | |||
1391 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | ||
1392 | STACK_OF(SSL_CIPHER) **skp) | ||
1393 | { | ||
1394 | const SSL_CIPHER *c; | ||
1395 | STACK_OF(SSL_CIPHER) *sk; | ||
1396 | int i,n; | ||
1397 | if (s->s3) | ||
1398 | s->s3->send_connection_binding = 0; | ||
1399 | |||
1400 | n=ssl_put_cipher_by_char(s,NULL,NULL); | ||
1401 | if ((num%n) != 0) | ||
1402 | { | ||
1403 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | ||
1404 | return(NULL); | ||
1405 | } | ||
1406 | if ((skp == NULL) || (*skp == NULL)) | ||
1407 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ | ||
1408 | else | ||
1409 | { | ||
1410 | sk= *skp; | ||
1411 | sk_SSL_CIPHER_zero(sk); | ||
1412 | } | ||
1413 | |||
1414 | for (i=0; i<num; i+=n) | ||
1415 | { | ||
1416 | /* Check for SCSV */ | ||
1417 | if (s->s3 && (n != 3 || !p[0]) && | ||
1418 | (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && | ||
1419 | (p[n-1] == (SSL3_CK_SCSV & 0xff))) | ||
1420 | { | ||
1421 | /* SCSV fatal if renegotiating */ | ||
1422 | if (s->new_session) | ||
1423 | { | ||
1424 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); | ||
1425 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | ||
1426 | goto err; | ||
1427 | } | ||
1428 | s->s3->send_connection_binding = 1; | ||
1429 | p += n; | ||
1430 | #ifdef OPENSSL_RI_DEBUG | ||
1431 | fprintf(stderr, "SCSV received by server\n"); | ||
1432 | #endif | ||
1433 | continue; | ||
1434 | } | ||
1435 | |||
1436 | c=ssl_get_cipher_by_char(s,p); | ||
1437 | p+=n; | ||
1438 | if (c != NULL) | ||
1439 | { | ||
1440 | if (!sk_SSL_CIPHER_push(sk,c)) | ||
1441 | { | ||
1442 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
1443 | goto err; | ||
1444 | } | ||
1445 | } | ||
1446 | } | ||
1447 | |||
1448 | if (skp != NULL) | ||
1449 | *skp=sk; | ||
1450 | return(sk); | ||
1451 | err: | ||
1452 | if ((skp == NULL) || (*skp == NULL)) | ||
1453 | sk_SSL_CIPHER_free(sk); | ||
1454 | return(NULL); | ||
1455 | } | ||
1456 | |||
1457 | |||
1458 | #ifndef OPENSSL_NO_TLSEXT | ||
1459 | /** return a servername extension value if provided in Client Hello, or NULL. | ||
1460 | * So far, only host_name types are defined (RFC 3546). | ||
1461 | */ | ||
1462 | |||
1463 | const char *SSL_get_servername(const SSL *s, const int type) | ||
1464 | { | ||
1465 | if (type != TLSEXT_NAMETYPE_host_name) | ||
1466 | return NULL; | ||
1467 | |||
1468 | return s->session && !s->tlsext_hostname ? | ||
1469 | s->session->tlsext_hostname : | ||
1470 | s->tlsext_hostname; | ||
1471 | } | ||
1472 | |||
1473 | int SSL_get_servername_type(const SSL *s) | ||
1474 | { | ||
1475 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) | ||
1476 | return TLSEXT_NAMETYPE_host_name; | ||
1477 | return -1; | ||
1478 | } | ||
1479 | #endif | ||
1480 | |||
1481 | static unsigned long ssl_session_hash(const SSL_SESSION *a) | ||
1482 | { | ||
1483 | unsigned long l; | ||
1484 | |||
1485 | l=(unsigned long) | ||
1486 | ((unsigned int) a->session_id[0] )| | ||
1487 | ((unsigned int) a->session_id[1]<< 8L)| | ||
1488 | ((unsigned long)a->session_id[2]<<16L)| | ||
1489 | ((unsigned long)a->session_id[3]<<24L); | ||
1490 | return(l); | ||
1491 | } | ||
1492 | |||
1493 | /* NB: If this function (or indeed the hash function which uses a sort of | ||
1494 | * coarser function than this one) is changed, ensure | ||
1495 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being | ||
1496 | * able to construct an SSL_SESSION that will collide with any existing session | ||
1497 | * with a matching session ID. */ | ||
1498 | static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) | ||
1499 | { | ||
1500 | if (a->ssl_version != b->ssl_version) | ||
1501 | return(1); | ||
1502 | if (a->session_id_length != b->session_id_length) | ||
1503 | return(1); | ||
1504 | return(memcmp(a->session_id,b->session_id,a->session_id_length)); | ||
1505 | } | ||
1506 | |||
1507 | /* These wrapper functions should remain rather than redeclaring | ||
1508 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each | ||
1509 | * variable. The reason is that the functions aren't static, they're exposed via | ||
1510 | * ssl.h. */ | ||
1511 | static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) | ||
1512 | static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | ||
1513 | |||
1514 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | ||
1515 | { | ||
1516 | SSL_CTX *ret=NULL; | ||
1517 | |||
1518 | if (meth == NULL) | ||
1519 | { | ||
1520 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); | ||
1521 | return(NULL); | ||
1522 | } | ||
1523 | |||
1524 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | ||
1525 | { | ||
1526 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | ||
1527 | goto err; | ||
1528 | } | ||
1529 | ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); | ||
1530 | if (ret == NULL) | ||
1531 | goto err; | ||
1532 | |||
1533 | memset(ret,0,sizeof(SSL_CTX)); | ||
1534 | |||
1535 | ret->method=meth; | ||
1536 | |||
1537 | ret->cert_store=NULL; | ||
1538 | ret->session_cache_mode=SSL_SESS_CACHE_SERVER; | ||
1539 | ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; | ||
1540 | ret->session_cache_head=NULL; | ||
1541 | ret->session_cache_tail=NULL; | ||
1542 | |||
1543 | /* We take the system default */ | ||
1544 | ret->session_timeout=meth->get_timeout(); | ||
1545 | |||
1546 | ret->new_session_cb=0; | ||
1547 | ret->remove_session_cb=0; | ||
1548 | ret->get_session_cb=0; | ||
1549 | ret->generate_session_id=0; | ||
1550 | |||
1551 | memset((char *)&ret->stats,0,sizeof(ret->stats)); | ||
1552 | |||
1553 | ret->references=1; | ||
1554 | ret->quiet_shutdown=0; | ||
1555 | |||
1556 | /* ret->cipher=NULL;*/ | ||
1557 | /* ret->s2->challenge=NULL; | ||
1558 | ret->master_key=NULL; | ||
1559 | ret->key_arg=NULL; | ||
1560 | ret->s2->conn_id=NULL; */ | ||
1561 | |||
1562 | ret->info_callback=NULL; | ||
1563 | |||
1564 | ret->app_verify_callback=0; | ||
1565 | ret->app_verify_arg=NULL; | ||
1566 | |||
1567 | ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; | ||
1568 | ret->read_ahead=0; | ||
1569 | ret->msg_callback=0; | ||
1570 | ret->msg_callback_arg=NULL; | ||
1571 | ret->verify_mode=SSL_VERIFY_NONE; | ||
1572 | #if 0 | ||
1573 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | ||
1574 | #endif | ||
1575 | ret->sid_ctx_length=0; | ||
1576 | ret->default_verify_callback=NULL; | ||
1577 | if ((ret->cert=ssl_cert_new()) == NULL) | ||
1578 | goto err; | ||
1579 | |||
1580 | ret->default_passwd_callback=0; | ||
1581 | ret->default_passwd_callback_userdata=NULL; | ||
1582 | ret->client_cert_cb=0; | ||
1583 | ret->app_gen_cookie_cb=0; | ||
1584 | ret->app_verify_cookie_cb=0; | ||
1585 | |||
1586 | ret->sessions=lh_SSL_SESSION_new(); | ||
1587 | if (ret->sessions == NULL) goto err; | ||
1588 | ret->cert_store=X509_STORE_new(); | ||
1589 | if (ret->cert_store == NULL) goto err; | ||
1590 | |||
1591 | ssl_create_cipher_list(ret->method, | ||
1592 | &ret->cipher_list,&ret->cipher_list_by_id, | ||
1593 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | ||
1594 | if (ret->cipher_list == NULL | ||
1595 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) | ||
1596 | { | ||
1597 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); | ||
1598 | goto err2; | ||
1599 | } | ||
1600 | |||
1601 | ret->param = X509_VERIFY_PARAM_new(); | ||
1602 | if (!ret->param) | ||
1603 | goto err; | ||
1604 | |||
1605 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) | ||
1606 | { | ||
1607 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); | ||
1608 | goto err2; | ||
1609 | } | ||
1610 | if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) | ||
1611 | { | ||
1612 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); | ||
1613 | goto err2; | ||
1614 | } | ||
1615 | if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) | ||
1616 | { | ||
1617 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); | ||
1618 | goto err2; | ||
1619 | } | ||
1620 | |||
1621 | if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) | ||
1622 | goto err; | ||
1623 | |||
1624 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); | ||
1625 | |||
1626 | ret->extra_certs=NULL; | ||
1627 | ret->comp_methods=SSL_COMP_get_compression_methods(); | ||
1628 | |||
1629 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; | ||
1630 | |||
1631 | #ifndef OPENSSL_NO_TLSEXT | ||
1632 | ret->tlsext_servername_callback = 0; | ||
1633 | ret->tlsext_servername_arg = NULL; | ||
1634 | /* Setup RFC4507 ticket keys */ | ||
1635 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) | ||
1636 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) | ||
1637 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) | ||
1638 | ret->options |= SSL_OP_NO_TICKET; | ||
1639 | |||
1640 | ret->tlsext_status_cb = 0; | ||
1641 | ret->tlsext_status_arg = NULL; | ||
1642 | |||
1643 | #endif | ||
1644 | #ifndef OPENSSL_NO_PSK | ||
1645 | ret->psk_identity_hint=NULL; | ||
1646 | ret->psk_client_callback=NULL; | ||
1647 | ret->psk_server_callback=NULL; | ||
1648 | #endif | ||
1649 | #ifndef OPENSSL_NO_BUF_FREELISTS | ||
1650 | ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; | ||
1651 | ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); | ||
1652 | if (!ret->rbuf_freelist) | ||
1653 | goto err; | ||
1654 | ret->rbuf_freelist->chunklen = 0; | ||
1655 | ret->rbuf_freelist->len = 0; | ||
1656 | ret->rbuf_freelist->head = NULL; | ||
1657 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); | ||
1658 | if (!ret->wbuf_freelist) | ||
1659 | { | ||
1660 | OPENSSL_free(ret->rbuf_freelist); | ||
1661 | goto err; | ||
1662 | } | ||
1663 | ret->wbuf_freelist->chunklen = 0; | ||
1664 | ret->wbuf_freelist->len = 0; | ||
1665 | ret->wbuf_freelist->head = NULL; | ||
1666 | #endif | ||
1667 | #ifndef OPENSSL_NO_ENGINE | ||
1668 | ret->client_cert_engine = NULL; | ||
1669 | #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO | ||
1670 | #define eng_strx(x) #x | ||
1671 | #define eng_str(x) eng_strx(x) | ||
1672 | /* Use specific client engine automatically... ignore errors */ | ||
1673 | { | ||
1674 | ENGINE *eng; | ||
1675 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
1676 | if (!eng) | ||
1677 | { | ||
1678 | ERR_clear_error(); | ||
1679 | ENGINE_load_builtin_engines(); | ||
1680 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
1681 | } | ||
1682 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) | ||
1683 | ERR_clear_error(); | ||
1684 | } | ||
1685 | #endif | ||
1686 | #endif | ||
1687 | /* Default is to connect to non-RI servers. When RI is more widely | ||
1688 | * deployed might change this. | ||
1689 | */ | ||
1690 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; | ||
1691 | |||
1692 | return(ret); | ||
1693 | err: | ||
1694 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); | ||
1695 | err2: | ||
1696 | if (ret != NULL) SSL_CTX_free(ret); | ||
1697 | return(NULL); | ||
1698 | } | ||
1699 | |||
1700 | #if 0 | ||
1701 | static void SSL_COMP_free(SSL_COMP *comp) | ||
1702 | { OPENSSL_free(comp); } | ||
1703 | #endif | ||
1704 | |||
1705 | #ifndef OPENSSL_NO_BUF_FREELISTS | ||
1706 | static void | ||
1707 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) | ||
1708 | { | ||
1709 | SSL3_BUF_FREELIST_ENTRY *ent, *next; | ||
1710 | for (ent = list->head; ent; ent = next) | ||
1711 | { | ||
1712 | next = ent->next; | ||
1713 | OPENSSL_free(ent); | ||
1714 | } | ||
1715 | OPENSSL_free(list); | ||
1716 | } | ||
1717 | #endif | ||
1718 | |||
1719 | void SSL_CTX_free(SSL_CTX *a) | ||
1720 | { | ||
1721 | int i; | ||
1722 | |||
1723 | if (a == NULL) return; | ||
1724 | |||
1725 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); | ||
1726 | #ifdef REF_PRINT | ||
1727 | REF_PRINT("SSL_CTX",a); | ||
1728 | #endif | ||
1729 | if (i > 0) return; | ||
1730 | #ifdef REF_CHECK | ||
1731 | if (i < 0) | ||
1732 | { | ||
1733 | fprintf(stderr,"SSL_CTX_free, bad reference count\n"); | ||
1734 | abort(); /* ok */ | ||
1735 | } | ||
1736 | #endif | ||
1737 | |||
1738 | if (a->param) | ||
1739 | X509_VERIFY_PARAM_free(a->param); | ||
1740 | |||
1741 | /* | ||
1742 | * Free internal session cache. However: the remove_cb() may reference | ||
1743 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed | ||
1744 | * after the sessions were flushed. | ||
1745 | * As the ex_data handling routines might also touch the session cache, | ||
1746 | * the most secure solution seems to be: empty (flush) the cache, then | ||
1747 | * free ex_data, then finally free the cache. | ||
1748 | * (See ticket [openssl.org #212].) | ||
1749 | */ | ||
1750 | if (a->sessions != NULL) | ||
1751 | SSL_CTX_flush_sessions(a,0); | ||
1752 | |||
1753 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
1754 | |||
1755 | if (a->sessions != NULL) | ||
1756 | lh_SSL_SESSION_free(a->sessions); | ||
1757 | |||
1758 | if (a->cert_store != NULL) | ||
1759 | X509_STORE_free(a->cert_store); | ||
1760 | if (a->cipher_list != NULL) | ||
1761 | sk_SSL_CIPHER_free(a->cipher_list); | ||
1762 | if (a->cipher_list_by_id != NULL) | ||
1763 | sk_SSL_CIPHER_free(a->cipher_list_by_id); | ||
1764 | if (a->cert != NULL) | ||
1765 | ssl_cert_free(a->cert); | ||
1766 | if (a->client_CA != NULL) | ||
1767 | sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); | ||
1768 | if (a->extra_certs != NULL) | ||
1769 | sk_X509_pop_free(a->extra_certs,X509_free); | ||
1770 | #if 0 /* This should never be done, since it removes a global database */ | ||
1771 | if (a->comp_methods != NULL) | ||
1772 | sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); | ||
1773 | #else | ||
1774 | a->comp_methods = NULL; | ||
1775 | #endif | ||
1776 | |||
1777 | #ifndef OPENSSL_NO_PSK | ||
1778 | if (a->psk_identity_hint) | ||
1779 | OPENSSL_free(a->psk_identity_hint); | ||
1780 | #endif | ||
1781 | #ifndef OPENSSL_NO_ENGINE | ||
1782 | if (a->client_cert_engine) | ||
1783 | ENGINE_finish(a->client_cert_engine); | ||
1784 | #endif | ||
1785 | |||
1786 | #ifndef OPENSSL_NO_BUF_FREELISTS | ||
1787 | if (a->wbuf_freelist) | ||
1788 | ssl_buf_freelist_free(a->wbuf_freelist); | ||
1789 | if (a->rbuf_freelist) | ||
1790 | ssl_buf_freelist_free(a->rbuf_freelist); | ||
1791 | #endif | ||
1792 | |||
1793 | OPENSSL_free(a); | ||
1794 | } | ||
1795 | |||
1796 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) | ||
1797 | { | ||
1798 | ctx->default_passwd_callback=cb; | ||
1799 | } | ||
1800 | |||
1801 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) | ||
1802 | { | ||
1803 | ctx->default_passwd_callback_userdata=u; | ||
1804 | } | ||
1805 | |||
1806 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) | ||
1807 | { | ||
1808 | ctx->app_verify_callback=cb; | ||
1809 | ctx->app_verify_arg=arg; | ||
1810 | } | ||
1811 | |||
1812 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) | ||
1813 | { | ||
1814 | ctx->verify_mode=mode; | ||
1815 | ctx->default_verify_callback=cb; | ||
1816 | } | ||
1817 | |||
1818 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) | ||
1819 | { | ||
1820 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | ||
1821 | } | ||
1822 | |||
1823 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | ||
1824 | { | ||
1825 | CERT_PKEY *cpk; | ||
1826 | int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; | ||
1827 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | ||
1828 | int rsa_tmp_export,dh_tmp_export,kl; | ||
1829 | unsigned long mask_k,mask_a,emask_k,emask_a; | ||
1830 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; | ||
1831 | #ifndef OPENSSL_NO_ECDH | ||
1832 | int have_ecdh_tmp; | ||
1833 | #endif | ||
1834 | X509 *x = NULL; | ||
1835 | EVP_PKEY *ecc_pkey = NULL; | ||
1836 | int signature_nid = 0, pk_nid = 0, md_nid = 0; | ||
1837 | |||
1838 | if (c == NULL) return; | ||
1839 | |||
1840 | kl=SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
1841 | |||
1842 | #ifndef OPENSSL_NO_RSA | ||
1843 | rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); | ||
1844 | rsa_tmp_export=(c->rsa_tmp_cb != NULL || | ||
1845 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); | ||
1846 | #else | ||
1847 | rsa_tmp=rsa_tmp_export=0; | ||
1848 | #endif | ||
1849 | #ifndef OPENSSL_NO_DH | ||
1850 | dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); | ||
1851 | dh_tmp_export=(c->dh_tmp_cb != NULL || | ||
1852 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); | ||
1853 | #else | ||
1854 | dh_tmp=dh_tmp_export=0; | ||
1855 | #endif | ||
1856 | |||
1857 | #ifndef OPENSSL_NO_ECDH | ||
1858 | have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); | ||
1859 | #endif | ||
1860 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | ||
1861 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
1862 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | ||
1863 | cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); | ||
1864 | rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | ||
1865 | cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); | ||
1866 | dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | ||
1867 | cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); | ||
1868 | dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
1869 | dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | ||
1870 | cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); | ||
1871 | /* FIX THIS EAY EAY EAY */ | ||
1872 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
1873 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | ||
1874 | cpk= &(c->pkeys[SSL_PKEY_ECC]); | ||
1875 | have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
1876 | mask_k=0; | ||
1877 | mask_a=0; | ||
1878 | emask_k=0; | ||
1879 | emask_a=0; | ||
1880 | |||
1881 | |||
1882 | |||
1883 | #ifdef CIPHER_DEBUG | ||
1884 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", | ||
1885 | rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, | ||
1886 | rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); | ||
1887 | #endif | ||
1888 | |||
1889 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); | ||
1890 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { | ||
1891 | mask_k |= SSL_kGOST; | ||
1892 | mask_a |= SSL_aGOST01; | ||
1893 | } | ||
1894 | cpk = &(c->pkeys[SSL_PKEY_GOST94]); | ||
1895 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { | ||
1896 | mask_k |= SSL_kGOST; | ||
1897 | mask_a |= SSL_aGOST94; | ||
1898 | } | ||
1899 | |||
1900 | if (rsa_enc || (rsa_tmp && rsa_sign)) | ||
1901 | mask_k|=SSL_kRSA; | ||
1902 | if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) | ||
1903 | emask_k|=SSL_kRSA; | ||
1904 | |||
1905 | #if 0 | ||
1906 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ | ||
1907 | if ( (dh_tmp || dh_rsa || dh_dsa) && | ||
1908 | (rsa_enc || rsa_sign || dsa_sign)) | ||
1909 | mask_k|=SSL_kEDH; | ||
1910 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && | ||
1911 | (rsa_enc || rsa_sign || dsa_sign)) | ||
1912 | emask_k|=SSL_kEDH; | ||
1913 | #endif | ||
1914 | |||
1915 | if (dh_tmp_export) | ||
1916 | emask_k|=SSL_kEDH; | ||
1917 | |||
1918 | if (dh_tmp) | ||
1919 | mask_k|=SSL_kEDH; | ||
1920 | |||
1921 | if (dh_rsa) mask_k|=SSL_kDHr; | ||
1922 | if (dh_rsa_export) emask_k|=SSL_kDHr; | ||
1923 | |||
1924 | if (dh_dsa) mask_k|=SSL_kDHd; | ||
1925 | if (dh_dsa_export) emask_k|=SSL_kDHd; | ||
1926 | |||
1927 | if (rsa_enc || rsa_sign) | ||
1928 | { | ||
1929 | mask_a|=SSL_aRSA; | ||
1930 | emask_a|=SSL_aRSA; | ||
1931 | } | ||
1932 | |||
1933 | if (dsa_sign) | ||
1934 | { | ||
1935 | mask_a|=SSL_aDSS; | ||
1936 | emask_a|=SSL_aDSS; | ||
1937 | } | ||
1938 | |||
1939 | mask_a|=SSL_aNULL; | ||
1940 | emask_a|=SSL_aNULL; | ||
1941 | |||
1942 | #ifndef OPENSSL_NO_KRB5 | ||
1943 | mask_k|=SSL_kKRB5; | ||
1944 | mask_a|=SSL_aKRB5; | ||
1945 | emask_k|=SSL_kKRB5; | ||
1946 | emask_a|=SSL_aKRB5; | ||
1947 | #endif | ||
1948 | |||
1949 | /* An ECC certificate may be usable for ECDH and/or | ||
1950 | * ECDSA cipher suites depending on the key usage extension. | ||
1951 | */ | ||
1952 | if (have_ecc_cert) | ||
1953 | { | ||
1954 | /* This call populates extension flags (ex_flags) */ | ||
1955 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | ||
1956 | X509_check_purpose(x, -1, 0); | ||
1957 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
1958 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | ||
1959 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
1960 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | ||
1961 | ecc_pkey = X509_get_pubkey(x); | ||
1962 | ecc_pkey_size = (ecc_pkey != NULL) ? | ||
1963 | EVP_PKEY_bits(ecc_pkey) : 0; | ||
1964 | EVP_PKEY_free(ecc_pkey); | ||
1965 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | ||
1966 | { | ||
1967 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
1968 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | ||
1969 | } | ||
1970 | #ifndef OPENSSL_NO_ECDH | ||
1971 | if (ecdh_ok) | ||
1972 | { | ||
1973 | |||
1974 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) | ||
1975 | { | ||
1976 | mask_k|=SSL_kECDHr; | ||
1977 | mask_a|=SSL_aECDH; | ||
1978 | if (ecc_pkey_size <= 163) | ||
1979 | { | ||
1980 | emask_k|=SSL_kECDHr; | ||
1981 | emask_a|=SSL_aECDH; | ||
1982 | } | ||
1983 | } | ||
1984 | |||
1985 | if (pk_nid == NID_X9_62_id_ecPublicKey) | ||
1986 | { | ||
1987 | mask_k|=SSL_kECDHe; | ||
1988 | mask_a|=SSL_aECDH; | ||
1989 | if (ecc_pkey_size <= 163) | ||
1990 | { | ||
1991 | emask_k|=SSL_kECDHe; | ||
1992 | emask_a|=SSL_aECDH; | ||
1993 | } | ||
1994 | } | ||
1995 | } | ||
1996 | #endif | ||
1997 | #ifndef OPENSSL_NO_ECDSA | ||
1998 | if (ecdsa_ok) | ||
1999 | { | ||
2000 | mask_a|=SSL_aECDSA; | ||
2001 | emask_a|=SSL_aECDSA; | ||
2002 | } | ||
2003 | #endif | ||
2004 | } | ||
2005 | |||
2006 | #ifndef OPENSSL_NO_ECDH | ||
2007 | if (have_ecdh_tmp) | ||
2008 | { | ||
2009 | mask_k|=SSL_kEECDH; | ||
2010 | emask_k|=SSL_kEECDH; | ||
2011 | } | ||
2012 | #endif | ||
2013 | |||
2014 | #ifndef OPENSSL_NO_PSK | ||
2015 | mask_k |= SSL_kPSK; | ||
2016 | mask_a |= SSL_aPSK; | ||
2017 | emask_k |= SSL_kPSK; | ||
2018 | emask_a |= SSL_aPSK; | ||
2019 | #endif | ||
2020 | |||
2021 | c->mask_k=mask_k; | ||
2022 | c->mask_a=mask_a; | ||
2023 | c->export_mask_k=emask_k; | ||
2024 | c->export_mask_a=emask_a; | ||
2025 | c->valid=1; | ||
2026 | } | ||
2027 | |||
2028 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | ||
2029 | #define ku_reject(x, usage) \ | ||
2030 | (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) | ||
2031 | |||
2032 | #ifndef OPENSSL_NO_EC | ||
2033 | |||
2034 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) | ||
2035 | { | ||
2036 | unsigned long alg_k, alg_a; | ||
2037 | EVP_PKEY *pkey = NULL; | ||
2038 | int keysize = 0; | ||
2039 | int signature_nid = 0, md_nid = 0, pk_nid = 0; | ||
2040 | |||
2041 | alg_k = cs->algorithm_mkey; | ||
2042 | alg_a = cs->algorithm_auth; | ||
2043 | |||
2044 | if (SSL_C_IS_EXPORT(cs)) | ||
2045 | { | ||
2046 | /* ECDH key length in export ciphers must be <= 163 bits */ | ||
2047 | pkey = X509_get_pubkey(x); | ||
2048 | if (pkey == NULL) return 0; | ||
2049 | keysize = EVP_PKEY_bits(pkey); | ||
2050 | EVP_PKEY_free(pkey); | ||
2051 | if (keysize > 163) return 0; | ||
2052 | } | ||
2053 | |||
2054 | /* This call populates the ex_flags field correctly */ | ||
2055 | X509_check_purpose(x, -1, 0); | ||
2056 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | ||
2057 | { | ||
2058 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
2059 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | ||
2060 | } | ||
2061 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) | ||
2062 | { | ||
2063 | /* key usage, if present, must allow key agreement */ | ||
2064 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) | ||
2065 | { | ||
2066 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); | ||
2067 | return 0; | ||
2068 | } | ||
2069 | if (alg_k & SSL_kECDHe) | ||
2070 | { | ||
2071 | /* signature alg must be ECDSA */ | ||
2072 | if (pk_nid != NID_X9_62_id_ecPublicKey) | ||
2073 | { | ||
2074 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); | ||
2075 | return 0; | ||
2076 | } | ||
2077 | } | ||
2078 | if (alg_k & SSL_kECDHr) | ||
2079 | { | ||
2080 | /* signature alg must be RSA */ | ||
2081 | |||
2082 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) | ||
2083 | { | ||
2084 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); | ||
2085 | return 0; | ||
2086 | } | ||
2087 | } | ||
2088 | } | ||
2089 | if (alg_a & SSL_aECDSA) | ||
2090 | { | ||
2091 | /* key usage, if present, must allow signing */ | ||
2092 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) | ||
2093 | { | ||
2094 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); | ||
2095 | return 0; | ||
2096 | } | ||
2097 | } | ||
2098 | |||
2099 | return 1; /* all checks are ok */ | ||
2100 | } | ||
2101 | |||
2102 | #endif | ||
2103 | |||
2104 | /* THIS NEEDS CLEANING UP */ | ||
2105 | X509 *ssl_get_server_send_cert(SSL *s) | ||
2106 | { | ||
2107 | unsigned long alg_k,alg_a; | ||
2108 | CERT *c; | ||
2109 | int i; | ||
2110 | |||
2111 | c=s->cert; | ||
2112 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); | ||
2113 | |||
2114 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
2115 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
2116 | |||
2117 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) | ||
2118 | { | ||
2119 | /* we don't need to look at SSL_kEECDH | ||
2120 | * since no certificate is needed for | ||
2121 | * anon ECDH and for authenticated | ||
2122 | * EECDH, the check for the auth | ||
2123 | * algorithm will set i correctly | ||
2124 | * NOTE: For ECDH-RSA, we need an ECC | ||
2125 | * not an RSA cert but for EECDH-RSA | ||
2126 | * we need an RSA cert. Placing the | ||
2127 | * checks for SSL_kECDH before RSA | ||
2128 | * checks ensures the correct cert is chosen. | ||
2129 | */ | ||
2130 | i=SSL_PKEY_ECC; | ||
2131 | } | ||
2132 | else if (alg_a & SSL_aECDSA) | ||
2133 | { | ||
2134 | i=SSL_PKEY_ECC; | ||
2135 | } | ||
2136 | else if (alg_k & SSL_kDHr) | ||
2137 | i=SSL_PKEY_DH_RSA; | ||
2138 | else if (alg_k & SSL_kDHd) | ||
2139 | i=SSL_PKEY_DH_DSA; | ||
2140 | else if (alg_a & SSL_aDSS) | ||
2141 | i=SSL_PKEY_DSA_SIGN; | ||
2142 | else if (alg_a & SSL_aRSA) | ||
2143 | { | ||
2144 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) | ||
2145 | i=SSL_PKEY_RSA_SIGN; | ||
2146 | else | ||
2147 | i=SSL_PKEY_RSA_ENC; | ||
2148 | } | ||
2149 | else if (alg_a & SSL_aKRB5) | ||
2150 | { | ||
2151 | /* VRS something else here? */ | ||
2152 | return(NULL); | ||
2153 | } | ||
2154 | else if (alg_a & SSL_aGOST94) | ||
2155 | i=SSL_PKEY_GOST94; | ||
2156 | else if (alg_a & SSL_aGOST01) | ||
2157 | i=SSL_PKEY_GOST01; | ||
2158 | else /* if (alg_a & SSL_aNULL) */ | ||
2159 | { | ||
2160 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); | ||
2161 | return(NULL); | ||
2162 | } | ||
2163 | if (c->pkeys[i].x509 == NULL) return(NULL); | ||
2164 | |||
2165 | return(c->pkeys[i].x509); | ||
2166 | } | ||
2167 | |||
2168 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher) | ||
2169 | { | ||
2170 | unsigned long alg_a; | ||
2171 | CERT *c; | ||
2172 | |||
2173 | alg_a = cipher->algorithm_auth; | ||
2174 | c=s->cert; | ||
2175 | |||
2176 | if ((alg_a & SSL_aDSS) && | ||
2177 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) | ||
2178 | return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey); | ||
2179 | else if (alg_a & SSL_aRSA) | ||
2180 | { | ||
2181 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) | ||
2182 | return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey); | ||
2183 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) | ||
2184 | return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey); | ||
2185 | else | ||
2186 | return(NULL); | ||
2187 | } | ||
2188 | else if ((alg_a & SSL_aECDSA) && | ||
2189 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | ||
2190 | return(c->pkeys[SSL_PKEY_ECC].privatekey); | ||
2191 | else /* if (alg_a & SSL_aNULL) */ | ||
2192 | { | ||
2193 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); | ||
2194 | return(NULL); | ||
2195 | } | ||
2196 | } | ||
2197 | |||
2198 | void ssl_update_cache(SSL *s,int mode) | ||
2199 | { | ||
2200 | int i; | ||
2201 | |||
2202 | /* If the session_id_length is 0, we are not supposed to cache it, | ||
2203 | * and it would be rather hard to do anyway :-) */ | ||
2204 | if (s->session->session_id_length == 0) return; | ||
2205 | |||
2206 | i=s->session_ctx->session_cache_mode; | ||
2207 | if ((i & mode) && (!s->hit) | ||
2208 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | ||
2209 | || SSL_CTX_add_session(s->session_ctx,s->session)) | ||
2210 | && (s->session_ctx->new_session_cb != NULL)) | ||
2211 | { | ||
2212 | CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
2213 | if (!s->session_ctx->new_session_cb(s,s->session)) | ||
2214 | SSL_SESSION_free(s->session); | ||
2215 | } | ||
2216 | |||
2217 | /* auto flush every 255 connections */ | ||
2218 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && | ||
2219 | ((i & mode) == mode)) | ||
2220 | { | ||
2221 | if ( (((mode & SSL_SESS_CACHE_CLIENT) | ||
2222 | ?s->session_ctx->stats.sess_connect_good | ||
2223 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) | ||
2224 | { | ||
2225 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | ||
2226 | } | ||
2227 | } | ||
2228 | } | ||
2229 | |||
2230 | const SSL_METHOD *SSL_get_ssl_method(SSL *s) | ||
2231 | { | ||
2232 | return(s->method); | ||
2233 | } | ||
2234 | |||
2235 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) | ||
2236 | { | ||
2237 | int conn= -1; | ||
2238 | int ret=1; | ||
2239 | |||
2240 | if (s->method != meth) | ||
2241 | { | ||
2242 | if (s->handshake_func != NULL) | ||
2243 | conn=(s->handshake_func == s->method->ssl_connect); | ||
2244 | |||
2245 | if (s->method->version == meth->version) | ||
2246 | s->method=meth; | ||
2247 | else | ||
2248 | { | ||
2249 | s->method->ssl_free(s); | ||
2250 | s->method=meth; | ||
2251 | ret=s->method->ssl_new(s); | ||
2252 | } | ||
2253 | |||
2254 | if (conn == 1) | ||
2255 | s->handshake_func=meth->ssl_connect; | ||
2256 | else if (conn == 0) | ||
2257 | s->handshake_func=meth->ssl_accept; | ||
2258 | } | ||
2259 | return(ret); | ||
2260 | } | ||
2261 | |||
2262 | int SSL_get_error(const SSL *s,int i) | ||
2263 | { | ||
2264 | int reason; | ||
2265 | unsigned long l; | ||
2266 | BIO *bio; | ||
2267 | |||
2268 | if (i > 0) return(SSL_ERROR_NONE); | ||
2269 | |||
2270 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake | ||
2271 | * etc, where we do encode the error */ | ||
2272 | if ((l=ERR_peek_error()) != 0) | ||
2273 | { | ||
2274 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) | ||
2275 | return(SSL_ERROR_SYSCALL); | ||
2276 | else | ||
2277 | return(SSL_ERROR_SSL); | ||
2278 | } | ||
2279 | |||
2280 | if ((i < 0) && SSL_want_read(s)) | ||
2281 | { | ||
2282 | bio=SSL_get_rbio(s); | ||
2283 | if (BIO_should_read(bio)) | ||
2284 | return(SSL_ERROR_WANT_READ); | ||
2285 | else if (BIO_should_write(bio)) | ||
2286 | /* This one doesn't make too much sense ... We never try | ||
2287 | * to write to the rbio, and an application program where | ||
2288 | * rbio and wbio are separate couldn't even know what it | ||
2289 | * should wait for. | ||
2290 | * However if we ever set s->rwstate incorrectly | ||
2291 | * (so that we have SSL_want_read(s) instead of | ||
2292 | * SSL_want_write(s)) and rbio and wbio *are* the same, | ||
2293 | * this test works around that bug; so it might be safer | ||
2294 | * to keep it. */ | ||
2295 | return(SSL_ERROR_WANT_WRITE); | ||
2296 | else if (BIO_should_io_special(bio)) | ||
2297 | { | ||
2298 | reason=BIO_get_retry_reason(bio); | ||
2299 | if (reason == BIO_RR_CONNECT) | ||
2300 | return(SSL_ERROR_WANT_CONNECT); | ||
2301 | else if (reason == BIO_RR_ACCEPT) | ||
2302 | return(SSL_ERROR_WANT_ACCEPT); | ||
2303 | else | ||
2304 | return(SSL_ERROR_SYSCALL); /* unknown */ | ||
2305 | } | ||
2306 | } | ||
2307 | |||
2308 | if ((i < 0) && SSL_want_write(s)) | ||
2309 | { | ||
2310 | bio=SSL_get_wbio(s); | ||
2311 | if (BIO_should_write(bio)) | ||
2312 | return(SSL_ERROR_WANT_WRITE); | ||
2313 | else if (BIO_should_read(bio)) | ||
2314 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ | ||
2315 | return(SSL_ERROR_WANT_READ); | ||
2316 | else if (BIO_should_io_special(bio)) | ||
2317 | { | ||
2318 | reason=BIO_get_retry_reason(bio); | ||
2319 | if (reason == BIO_RR_CONNECT) | ||
2320 | return(SSL_ERROR_WANT_CONNECT); | ||
2321 | else if (reason == BIO_RR_ACCEPT) | ||
2322 | return(SSL_ERROR_WANT_ACCEPT); | ||
2323 | else | ||
2324 | return(SSL_ERROR_SYSCALL); | ||
2325 | } | ||
2326 | } | ||
2327 | if ((i < 0) && SSL_want_x509_lookup(s)) | ||
2328 | { | ||
2329 | return(SSL_ERROR_WANT_X509_LOOKUP); | ||
2330 | } | ||
2331 | |||
2332 | if (i == 0) | ||
2333 | { | ||
2334 | if (s->version == SSL2_VERSION) | ||
2335 | { | ||
2336 | /* assume it is the socket being closed */ | ||
2337 | return(SSL_ERROR_ZERO_RETURN); | ||
2338 | } | ||
2339 | else | ||
2340 | { | ||
2341 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | ||
2342 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) | ||
2343 | return(SSL_ERROR_ZERO_RETURN); | ||
2344 | } | ||
2345 | } | ||
2346 | return(SSL_ERROR_SYSCALL); | ||
2347 | } | ||
2348 | |||
2349 | int SSL_do_handshake(SSL *s) | ||
2350 | { | ||
2351 | int ret=1; | ||
2352 | |||
2353 | if (s->handshake_func == NULL) | ||
2354 | { | ||
2355 | SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); | ||
2356 | return(-1); | ||
2357 | } | ||
2358 | |||
2359 | s->method->ssl_renegotiate_check(s); | ||
2360 | |||
2361 | if (SSL_in_init(s) || SSL_in_before(s)) | ||
2362 | { | ||
2363 | ret=s->handshake_func(s); | ||
2364 | } | ||
2365 | return(ret); | ||
2366 | } | ||
2367 | |||
2368 | /* For the next 2 functions, SSL_clear() sets shutdown and so | ||
2369 | * one of these calls will reset it */ | ||
2370 | void SSL_set_accept_state(SSL *s) | ||
2371 | { | ||
2372 | s->server=1; | ||
2373 | s->shutdown=0; | ||
2374 | s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; | ||
2375 | s->handshake_func=s->method->ssl_accept; | ||
2376 | /* clear the current cipher */ | ||
2377 | ssl_clear_cipher_ctx(s); | ||
2378 | ssl_clear_hash_ctx(&s->read_hash); | ||
2379 | ssl_clear_hash_ctx(&s->write_hash); | ||
2380 | } | ||
2381 | |||
2382 | void SSL_set_connect_state(SSL *s) | ||
2383 | { | ||
2384 | s->server=0; | ||
2385 | s->shutdown=0; | ||
2386 | s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; | ||
2387 | s->handshake_func=s->method->ssl_connect; | ||
2388 | /* clear the current cipher */ | ||
2389 | ssl_clear_cipher_ctx(s); | ||
2390 | ssl_clear_hash_ctx(&s->read_hash); | ||
2391 | ssl_clear_hash_ctx(&s->write_hash); | ||
2392 | } | ||
2393 | |||
2394 | int ssl_undefined_function(SSL *s) | ||
2395 | { | ||
2396 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2397 | return(0); | ||
2398 | } | ||
2399 | |||
2400 | int ssl_undefined_void_function(void) | ||
2401 | { | ||
2402 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2403 | return(0); | ||
2404 | } | ||
2405 | |||
2406 | int ssl_undefined_const_function(const SSL *s) | ||
2407 | { | ||
2408 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2409 | return(0); | ||
2410 | } | ||
2411 | |||
2412 | SSL_METHOD *ssl_bad_method(int ver) | ||
2413 | { | ||
2414 | SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
2415 | return(NULL); | ||
2416 | } | ||
2417 | |||
2418 | const char *SSL_get_version(const SSL *s) | ||
2419 | { | ||
2420 | if (s->version == TLS1_VERSION) | ||
2421 | return("TLSv1"); | ||
2422 | else if (s->version == SSL3_VERSION) | ||
2423 | return("SSLv3"); | ||
2424 | else if (s->version == SSL2_VERSION) | ||
2425 | return("SSLv2"); | ||
2426 | else | ||
2427 | return("unknown"); | ||
2428 | } | ||
2429 | |||
2430 | SSL *SSL_dup(SSL *s) | ||
2431 | { | ||
2432 | STACK_OF(X509_NAME) *sk; | ||
2433 | X509_NAME *xn; | ||
2434 | SSL *ret; | ||
2435 | int i; | ||
2436 | |||
2437 | if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) | ||
2438 | return(NULL); | ||
2439 | |||
2440 | ret->version = s->version; | ||
2441 | ret->type = s->type; | ||
2442 | ret->method = s->method; | ||
2443 | |||
2444 | if (s->session != NULL) | ||
2445 | { | ||
2446 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ | ||
2447 | SSL_copy_session_id(ret,s); | ||
2448 | } | ||
2449 | else | ||
2450 | { | ||
2451 | /* No session has been established yet, so we have to expect | ||
2452 | * that s->cert or ret->cert will be changed later -- | ||
2453 | * they should not both point to the same object, | ||
2454 | * and thus we can't use SSL_copy_session_id. */ | ||
2455 | |||
2456 | ret->method->ssl_free(ret); | ||
2457 | ret->method = s->method; | ||
2458 | ret->method->ssl_new(ret); | ||
2459 | |||
2460 | if (s->cert != NULL) | ||
2461 | { | ||
2462 | if (ret->cert != NULL) | ||
2463 | { | ||
2464 | ssl_cert_free(ret->cert); | ||
2465 | } | ||
2466 | ret->cert = ssl_cert_dup(s->cert); | ||
2467 | if (ret->cert == NULL) | ||
2468 | goto err; | ||
2469 | } | ||
2470 | |||
2471 | SSL_set_session_id_context(ret, | ||
2472 | s->sid_ctx, s->sid_ctx_length); | ||
2473 | } | ||
2474 | |||
2475 | ret->options=s->options; | ||
2476 | ret->mode=s->mode; | ||
2477 | SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); | ||
2478 | SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); | ||
2479 | ret->msg_callback = s->msg_callback; | ||
2480 | ret->msg_callback_arg = s->msg_callback_arg; | ||
2481 | SSL_set_verify(ret,SSL_get_verify_mode(s), | ||
2482 | SSL_get_verify_callback(s)); | ||
2483 | SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); | ||
2484 | ret->generate_session_id = s->generate_session_id; | ||
2485 | |||
2486 | SSL_set_info_callback(ret,SSL_get_info_callback(s)); | ||
2487 | |||
2488 | ret->debug=s->debug; | ||
2489 | |||
2490 | /* copy app data, a little dangerous perhaps */ | ||
2491 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) | ||
2492 | goto err; | ||
2493 | |||
2494 | /* setup rbio, and wbio */ | ||
2495 | if (s->rbio != NULL) | ||
2496 | { | ||
2497 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) | ||
2498 | goto err; | ||
2499 | } | ||
2500 | if (s->wbio != NULL) | ||
2501 | { | ||
2502 | if (s->wbio != s->rbio) | ||
2503 | { | ||
2504 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) | ||
2505 | goto err; | ||
2506 | } | ||
2507 | else | ||
2508 | ret->wbio=ret->rbio; | ||
2509 | } | ||
2510 | ret->rwstate = s->rwstate; | ||
2511 | ret->in_handshake = s->in_handshake; | ||
2512 | ret->handshake_func = s->handshake_func; | ||
2513 | ret->server = s->server; | ||
2514 | ret->new_session = s->new_session; | ||
2515 | ret->quiet_shutdown = s->quiet_shutdown; | ||
2516 | ret->shutdown=s->shutdown; | ||
2517 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ | ||
2518 | ret->rstate=s->rstate; | ||
2519 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | ||
2520 | ret->hit=s->hit; | ||
2521 | |||
2522 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | ||
2523 | |||
2524 | /* dup the cipher_list and cipher_list_by_id stacks */ | ||
2525 | if (s->cipher_list != NULL) | ||
2526 | { | ||
2527 | if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | ||
2528 | goto err; | ||
2529 | } | ||
2530 | if (s->cipher_list_by_id != NULL) | ||
2531 | if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) | ||
2532 | == NULL) | ||
2533 | goto err; | ||
2534 | |||
2535 | /* Dup the client_CA list */ | ||
2536 | if (s->client_CA != NULL) | ||
2537 | { | ||
2538 | if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; | ||
2539 | ret->client_CA=sk; | ||
2540 | for (i=0; i<sk_X509_NAME_num(sk); i++) | ||
2541 | { | ||
2542 | xn=sk_X509_NAME_value(sk,i); | ||
2543 | if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) | ||
2544 | { | ||
2545 | X509_NAME_free(xn); | ||
2546 | goto err; | ||
2547 | } | ||
2548 | } | ||
2549 | } | ||
2550 | |||
2551 | if (0) | ||
2552 | { | ||
2553 | err: | ||
2554 | if (ret != NULL) SSL_free(ret); | ||
2555 | ret=NULL; | ||
2556 | } | ||
2557 | return(ret); | ||
2558 | } | ||
2559 | |||
2560 | void ssl_clear_cipher_ctx(SSL *s) | ||
2561 | { | ||
2562 | if (s->enc_read_ctx != NULL) | ||
2563 | { | ||
2564 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); | ||
2565 | OPENSSL_free(s->enc_read_ctx); | ||
2566 | s->enc_read_ctx=NULL; | ||
2567 | } | ||
2568 | if (s->enc_write_ctx != NULL) | ||
2569 | { | ||
2570 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); | ||
2571 | OPENSSL_free(s->enc_write_ctx); | ||
2572 | s->enc_write_ctx=NULL; | ||
2573 | } | ||
2574 | #ifndef OPENSSL_NO_COMP | ||
2575 | if (s->expand != NULL) | ||
2576 | { | ||
2577 | COMP_CTX_free(s->expand); | ||
2578 | s->expand=NULL; | ||
2579 | } | ||
2580 | if (s->compress != NULL) | ||
2581 | { | ||
2582 | COMP_CTX_free(s->compress); | ||
2583 | s->compress=NULL; | ||
2584 | } | ||
2585 | #endif | ||
2586 | } | ||
2587 | |||
2588 | /* Fix this function so that it takes an optional type parameter */ | ||
2589 | X509 *SSL_get_certificate(const SSL *s) | ||
2590 | { | ||
2591 | if (s->cert != NULL) | ||
2592 | return(s->cert->key->x509); | ||
2593 | else | ||
2594 | return(NULL); | ||
2595 | } | ||
2596 | |||
2597 | /* Fix this function so that it takes an optional type parameter */ | ||
2598 | EVP_PKEY *SSL_get_privatekey(SSL *s) | ||
2599 | { | ||
2600 | if (s->cert != NULL) | ||
2601 | return(s->cert->key->privatekey); | ||
2602 | else | ||
2603 | return(NULL); | ||
2604 | } | ||
2605 | |||
2606 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) | ||
2607 | { | ||
2608 | if ((s->session != NULL) && (s->session->cipher != NULL)) | ||
2609 | return(s->session->cipher); | ||
2610 | return(NULL); | ||
2611 | } | ||
2612 | #ifdef OPENSSL_NO_COMP | ||
2613 | const void *SSL_get_current_compression(SSL *s) | ||
2614 | { | ||
2615 | return NULL; | ||
2616 | } | ||
2617 | const void *SSL_get_current_expansion(SSL *s) | ||
2618 | { | ||
2619 | return NULL; | ||
2620 | } | ||
2621 | #else | ||
2622 | |||
2623 | const COMP_METHOD *SSL_get_current_compression(SSL *s) | ||
2624 | { | ||
2625 | if (s->compress != NULL) | ||
2626 | return(s->compress->meth); | ||
2627 | return(NULL); | ||
2628 | } | ||
2629 | |||
2630 | const COMP_METHOD *SSL_get_current_expansion(SSL *s) | ||
2631 | { | ||
2632 | if (s->expand != NULL) | ||
2633 | return(s->expand->meth); | ||
2634 | return(NULL); | ||
2635 | } | ||
2636 | #endif | ||
2637 | |||
2638 | int ssl_init_wbio_buffer(SSL *s,int push) | ||
2639 | { | ||
2640 | BIO *bbio; | ||
2641 | |||
2642 | if (s->bbio == NULL) | ||
2643 | { | ||
2644 | bbio=BIO_new(BIO_f_buffer()); | ||
2645 | if (bbio == NULL) return(0); | ||
2646 | s->bbio=bbio; | ||
2647 | } | ||
2648 | else | ||
2649 | { | ||
2650 | bbio=s->bbio; | ||
2651 | if (s->bbio == s->wbio) | ||
2652 | s->wbio=BIO_pop(s->wbio); | ||
2653 | } | ||
2654 | (void)BIO_reset(bbio); | ||
2655 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ | ||
2656 | if (!BIO_set_read_buffer_size(bbio,1)) | ||
2657 | { | ||
2658 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); | ||
2659 | return(0); | ||
2660 | } | ||
2661 | if (push) | ||
2662 | { | ||
2663 | if (s->wbio != bbio) | ||
2664 | s->wbio=BIO_push(bbio,s->wbio); | ||
2665 | } | ||
2666 | else | ||
2667 | { | ||
2668 | if (s->wbio == bbio) | ||
2669 | s->wbio=BIO_pop(bbio); | ||
2670 | } | ||
2671 | return(1); | ||
2672 | } | ||
2673 | |||
2674 | void ssl_free_wbio_buffer(SSL *s) | ||
2675 | { | ||
2676 | if (s->bbio == NULL) return; | ||
2677 | |||
2678 | if (s->bbio == s->wbio) | ||
2679 | { | ||
2680 | /* remove buffering */ | ||
2681 | s->wbio=BIO_pop(s->wbio); | ||
2682 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ | ||
2683 | assert(s->wbio != NULL); | ||
2684 | #endif | ||
2685 | } | ||
2686 | BIO_free(s->bbio); | ||
2687 | s->bbio=NULL; | ||
2688 | } | ||
2689 | |||
2690 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) | ||
2691 | { | ||
2692 | ctx->quiet_shutdown=mode; | ||
2693 | } | ||
2694 | |||
2695 | int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | ||
2696 | { | ||
2697 | return(ctx->quiet_shutdown); | ||
2698 | } | ||
2699 | |||
2700 | void SSL_set_quiet_shutdown(SSL *s,int mode) | ||
2701 | { | ||
2702 | s->quiet_shutdown=mode; | ||
2703 | } | ||
2704 | |||
2705 | int SSL_get_quiet_shutdown(const SSL *s) | ||
2706 | { | ||
2707 | return(s->quiet_shutdown); | ||
2708 | } | ||
2709 | |||
2710 | void SSL_set_shutdown(SSL *s,int mode) | ||
2711 | { | ||
2712 | s->shutdown=mode; | ||
2713 | } | ||
2714 | |||
2715 | int SSL_get_shutdown(const SSL *s) | ||
2716 | { | ||
2717 | return(s->shutdown); | ||
2718 | } | ||
2719 | |||
2720 | int SSL_version(const SSL *s) | ||
2721 | { | ||
2722 | return(s->version); | ||
2723 | } | ||
2724 | |||
2725 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) | ||
2726 | { | ||
2727 | return(ssl->ctx); | ||
2728 | } | ||
2729 | |||
2730 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
2731 | { | ||
2732 | if (ssl->ctx == ctx) | ||
2733 | return ssl->ctx; | ||
2734 | #ifndef OPENSSL_NO_TLSEXT | ||
2735 | if (ctx == NULL) | ||
2736 | ctx = ssl->initial_ctx; | ||
2737 | #endif | ||
2738 | if (ssl->cert != NULL) | ||
2739 | ssl_cert_free(ssl->cert); | ||
2740 | ssl->cert = ssl_cert_dup(ctx->cert); | ||
2741 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | ||
2742 | if (ssl->ctx != NULL) | ||
2743 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | ||
2744 | ssl->ctx = ctx; | ||
2745 | return(ssl->ctx); | ||
2746 | } | ||
2747 | |||
2748 | #ifndef OPENSSL_NO_STDIO | ||
2749 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | ||
2750 | { | ||
2751 | return(X509_STORE_set_default_paths(ctx->cert_store)); | ||
2752 | } | ||
2753 | |||
2754 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | ||
2755 | const char *CApath) | ||
2756 | { | ||
2757 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); | ||
2758 | } | ||
2759 | #endif | ||
2760 | |||
2761 | void SSL_set_info_callback(SSL *ssl, | ||
2762 | void (*cb)(const SSL *ssl,int type,int val)) | ||
2763 | { | ||
2764 | ssl->info_callback=cb; | ||
2765 | } | ||
2766 | |||
2767 | /* One compiler (Diab DCC) doesn't like argument names in returned | ||
2768 | function pointer. */ | ||
2769 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) | ||
2770 | { | ||
2771 | return ssl->info_callback; | ||
2772 | } | ||
2773 | |||
2774 | int SSL_state(const SSL *ssl) | ||
2775 | { | ||
2776 | return(ssl->state); | ||
2777 | } | ||
2778 | |||
2779 | void SSL_set_verify_result(SSL *ssl,long arg) | ||
2780 | { | ||
2781 | ssl->verify_result=arg; | ||
2782 | } | ||
2783 | |||
2784 | long SSL_get_verify_result(const SSL *ssl) | ||
2785 | { | ||
2786 | return(ssl->verify_result); | ||
2787 | } | ||
2788 | |||
2789 | int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | ||
2790 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | ||
2791 | { | ||
2792 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, | ||
2793 | new_func, dup_func, free_func); | ||
2794 | } | ||
2795 | |||
2796 | int SSL_set_ex_data(SSL *s,int idx,void *arg) | ||
2797 | { | ||
2798 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | ||
2799 | } | ||
2800 | |||
2801 | void *SSL_get_ex_data(const SSL *s,int idx) | ||
2802 | { | ||
2803 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | ||
2804 | } | ||
2805 | |||
2806 | int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | ||
2807 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | ||
2808 | { | ||
2809 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, | ||
2810 | new_func, dup_func, free_func); | ||
2811 | } | ||
2812 | |||
2813 | int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) | ||
2814 | { | ||
2815 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | ||
2816 | } | ||
2817 | |||
2818 | void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) | ||
2819 | { | ||
2820 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | ||
2821 | } | ||
2822 | |||
2823 | int ssl_ok(SSL *s) | ||
2824 | { | ||
2825 | return(1); | ||
2826 | } | ||
2827 | |||
2828 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) | ||
2829 | { | ||
2830 | return(ctx->cert_store); | ||
2831 | } | ||
2832 | |||
2833 | void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) | ||
2834 | { | ||
2835 | if (ctx->cert_store != NULL) | ||
2836 | X509_STORE_free(ctx->cert_store); | ||
2837 | ctx->cert_store=store; | ||
2838 | } | ||
2839 | |||
2840 | int SSL_want(const SSL *s) | ||
2841 | { | ||
2842 | return(s->rwstate); | ||
2843 | } | ||
2844 | |||
2845 | /*! | ||
2846 | * \brief Set the callback for generating temporary RSA keys. | ||
2847 | * \param ctx the SSL context. | ||
2848 | * \param cb the callback | ||
2849 | */ | ||
2850 | |||
2851 | #ifndef OPENSSL_NO_RSA | ||
2852 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | ||
2853 | int is_export, | ||
2854 | int keylength)) | ||
2855 | { | ||
2856 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
2857 | } | ||
2858 | |||
2859 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | ||
2860 | int is_export, | ||
2861 | int keylength)) | ||
2862 | { | ||
2863 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
2864 | } | ||
2865 | #endif | ||
2866 | |||
2867 | #ifdef DOXYGEN | ||
2868 | /*! | ||
2869 | * \brief The RSA temporary key callback function. | ||
2870 | * \param ssl the SSL session. | ||
2871 | * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. | ||
2872 | * \param keylength if \c is_export is \c TRUE, then \c keylength is the size | ||
2873 | * of the required key in bits. | ||
2874 | * \return the temporary RSA key. | ||
2875 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback | ||
2876 | */ | ||
2877 | |||
2878 | RSA *cb(SSL *ssl,int is_export,int keylength) | ||
2879 | {} | ||
2880 | #endif | ||
2881 | |||
2882 | /*! | ||
2883 | * \brief Set the callback for generating temporary DH keys. | ||
2884 | * \param ctx the SSL context. | ||
2885 | * \param dh the callback | ||
2886 | */ | ||
2887 | |||
2888 | #ifndef OPENSSL_NO_DH | ||
2889 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | ||
2890 | int keylength)) | ||
2891 | { | ||
2892 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | ||
2893 | } | ||
2894 | |||
2895 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | ||
2896 | int keylength)) | ||
2897 | { | ||
2898 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | ||
2899 | } | ||
2900 | #endif | ||
2901 | |||
2902 | #ifndef OPENSSL_NO_ECDH | ||
2903 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
2904 | int keylength)) | ||
2905 | { | ||
2906 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | ||
2907 | } | ||
2908 | |||
2909 | void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
2910 | int keylength)) | ||
2911 | { | ||
2912 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | ||
2913 | } | ||
2914 | #endif | ||
2915 | |||
2916 | #ifndef OPENSSL_NO_PSK | ||
2917 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) | ||
2918 | { | ||
2919 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | ||
2920 | { | ||
2921 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | ||
2922 | return 0; | ||
2923 | } | ||
2924 | if (ctx->psk_identity_hint != NULL) | ||
2925 | OPENSSL_free(ctx->psk_identity_hint); | ||
2926 | if (identity_hint != NULL) | ||
2927 | { | ||
2928 | ctx->psk_identity_hint = BUF_strdup(identity_hint); | ||
2929 | if (ctx->psk_identity_hint == NULL) | ||
2930 | return 0; | ||
2931 | } | ||
2932 | else | ||
2933 | ctx->psk_identity_hint = NULL; | ||
2934 | return 1; | ||
2935 | } | ||
2936 | |||
2937 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) | ||
2938 | { | ||
2939 | if (s == NULL) | ||
2940 | return 0; | ||
2941 | |||
2942 | if (s->session == NULL) | ||
2943 | return 1; /* session not created yet, ignored */ | ||
2944 | |||
2945 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | ||
2946 | { | ||
2947 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | ||
2948 | return 0; | ||
2949 | } | ||
2950 | if (s->session->psk_identity_hint != NULL) | ||
2951 | OPENSSL_free(s->session->psk_identity_hint); | ||
2952 | if (identity_hint != NULL) | ||
2953 | { | ||
2954 | s->session->psk_identity_hint = BUF_strdup(identity_hint); | ||
2955 | if (s->session->psk_identity_hint == NULL) | ||
2956 | return 0; | ||
2957 | } | ||
2958 | else | ||
2959 | s->session->psk_identity_hint = NULL; | ||
2960 | return 1; | ||
2961 | } | ||
2962 | |||
2963 | const char *SSL_get_psk_identity_hint(const SSL *s) | ||
2964 | { | ||
2965 | if (s == NULL || s->session == NULL) | ||
2966 | return NULL; | ||
2967 | return(s->session->psk_identity_hint); | ||
2968 | } | ||
2969 | |||
2970 | const char *SSL_get_psk_identity(const SSL *s) | ||
2971 | { | ||
2972 | if (s == NULL || s->session == NULL) | ||
2973 | return NULL; | ||
2974 | return(s->session->psk_identity); | ||
2975 | } | ||
2976 | |||
2977 | void SSL_set_psk_client_callback(SSL *s, | ||
2978 | unsigned int (*cb)(SSL *ssl, const char *hint, | ||
2979 | char *identity, unsigned int max_identity_len, unsigned char *psk, | ||
2980 | unsigned int max_psk_len)) | ||
2981 | { | ||
2982 | s->psk_client_callback = cb; | ||
2983 | } | ||
2984 | |||
2985 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | ||
2986 | unsigned int (*cb)(SSL *ssl, const char *hint, | ||
2987 | char *identity, unsigned int max_identity_len, unsigned char *psk, | ||
2988 | unsigned int max_psk_len)) | ||
2989 | { | ||
2990 | ctx->psk_client_callback = cb; | ||
2991 | } | ||
2992 | |||
2993 | void SSL_set_psk_server_callback(SSL *s, | ||
2994 | unsigned int (*cb)(SSL *ssl, const char *identity, | ||
2995 | unsigned char *psk, unsigned int max_psk_len)) | ||
2996 | { | ||
2997 | s->psk_server_callback = cb; | ||
2998 | } | ||
2999 | |||
3000 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | ||
3001 | unsigned int (*cb)(SSL *ssl, const char *identity, | ||
3002 | unsigned char *psk, unsigned int max_psk_len)) | ||
3003 | { | ||
3004 | ctx->psk_server_callback = cb; | ||
3005 | } | ||
3006 | #endif | ||
3007 | |||
3008 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
3009 | { | ||
3010 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | ||
3011 | } | ||
3012 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
3013 | { | ||
3014 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | ||
3015 | } | ||
3016 | |||
3017 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer | ||
3018 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if | ||
3019 | * any. If EVP_MD pointer is passed, initializes ctx with this md | ||
3020 | * Returns newly allocated ctx; | ||
3021 | */ | ||
3022 | |||
3023 | EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) | ||
3024 | { | ||
3025 | ssl_clear_hash_ctx(hash); | ||
3026 | *hash = EVP_MD_CTX_create(); | ||
3027 | if (md) EVP_DigestInit_ex(*hash,md,NULL); | ||
3028 | return *hash; | ||
3029 | } | ||
3030 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash) | ||
3031 | { | ||
3032 | |||
3033 | if (*hash) EVP_MD_CTX_destroy(*hash); | ||
3034 | *hash=NULL; | ||
3035 | } | ||
3036 | |||
3037 | #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) | ||
3038 | #include "../crypto/bio/bss_file.c" | ||
3039 | #endif | ||
3040 | |||
3041 | IMPLEMENT_STACK_OF(SSL_CIPHER) | ||
3042 | IMPLEMENT_STACK_OF(SSL_COMP) | ||
3043 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, | ||
3044 | ssl_cipher_id); | ||
3045 | |||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h deleted file mode 100644 index cea622a2a6..0000000000 --- a/src/lib/libssl/ssl_locl.h +++ /dev/null | |||
@@ -1,1079 +0,0 @@ | |||
1 | /* ssl/ssl_locl.h */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * ECC cipher suite support in OpenSSL originally developed by | ||
114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
115 | */ | ||
116 | /* ==================================================================== | ||
117 | * Copyright 2005 Nokia. All rights reserved. | ||
118 | * | ||
119 | * The portions of the attached software ("Contribution") is developed by | ||
120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
121 | * license. | ||
122 | * | ||
123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
125 | * support (see RFC 4279) to OpenSSL. | ||
126 | * | ||
127 | * No patent licenses or other rights except those expressly stated in | ||
128 | * the OpenSSL open source license shall be deemed granted or received | ||
129 | * expressly, by implication, estoppel, or otherwise. | ||
130 | * | ||
131 | * No assurances are provided by Nokia that the Contribution does not | ||
132 | * infringe the patent or other intellectual property rights of any third | ||
133 | * party or that the license provides you with all the necessary rights | ||
134 | * to make use of the Contribution. | ||
135 | * | ||
136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
140 | * OTHERWISE. | ||
141 | */ | ||
142 | |||
143 | #ifndef HEADER_SSL_LOCL_H | ||
144 | #define HEADER_SSL_LOCL_H | ||
145 | #include <stdlib.h> | ||
146 | #include <time.h> | ||
147 | #include <string.h> | ||
148 | #include <errno.h> | ||
149 | |||
150 | #include "e_os.h" | ||
151 | |||
152 | #include <openssl/buffer.h> | ||
153 | #ifndef OPENSSL_NO_COMP | ||
154 | #include <openssl/comp.h> | ||
155 | #endif | ||
156 | #include <openssl/bio.h> | ||
157 | #include <openssl/stack.h> | ||
158 | #ifndef OPENSSL_NO_RSA | ||
159 | #include <openssl/rsa.h> | ||
160 | #endif | ||
161 | #ifndef OPENSSL_NO_DSA | ||
162 | #include <openssl/dsa.h> | ||
163 | #endif | ||
164 | #include <openssl/err.h> | ||
165 | #include <openssl/ssl.h> | ||
166 | #include <openssl/symhacks.h> | ||
167 | |||
168 | #ifdef OPENSSL_BUILD_SHLIBSSL | ||
169 | # undef OPENSSL_EXTERN | ||
170 | # define OPENSSL_EXTERN OPENSSL_EXPORT | ||
171 | #endif | ||
172 | |||
173 | #define PKCS1_CHECK | ||
174 | |||
175 | #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ | ||
176 | l|=(((unsigned long)(*((c)++)))<< 8), \ | ||
177 | l|=(((unsigned long)(*((c)++)))<<16), \ | ||
178 | l|=(((unsigned long)(*((c)++)))<<24)) | ||
179 | |||
180 | /* NOTE - c is not incremented as per c2l */ | ||
181 | #define c2ln(c,l1,l2,n) { \ | ||
182 | c+=n; \ | ||
183 | l1=l2=0; \ | ||
184 | switch (n) { \ | ||
185 | case 8: l2 =((unsigned long)(*(--(c))))<<24; \ | ||
186 | case 7: l2|=((unsigned long)(*(--(c))))<<16; \ | ||
187 | case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ | ||
188 | case 5: l2|=((unsigned long)(*(--(c)))); \ | ||
189 | case 4: l1 =((unsigned long)(*(--(c))))<<24; \ | ||
190 | case 3: l1|=((unsigned long)(*(--(c))))<<16; \ | ||
191 | case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ | ||
192 | case 1: l1|=((unsigned long)(*(--(c)))); \ | ||
193 | } \ | ||
194 | } | ||
195 | |||
196 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | ||
197 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
198 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
199 | *((c)++)=(unsigned char)(((l)>>24)&0xff)) | ||
200 | |||
201 | #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ | ||
202 | l|=((unsigned long)(*((c)++)))<<16, \ | ||
203 | l|=((unsigned long)(*((c)++)))<< 8, \ | ||
204 | l|=((unsigned long)(*((c)++)))) | ||
205 | |||
206 | #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
207 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
208 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
209 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
210 | |||
211 | #define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ | ||
212 | *((c)++)=(unsigned char)(((l)>>32)&0xff), \ | ||
213 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
214 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
215 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
216 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
217 | |||
218 | #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ | ||
219 | l|=((BN_ULLONG)(*((c)++)))<<32, \ | ||
220 | l|=((BN_ULLONG)(*((c)++)))<<24, \ | ||
221 | l|=((BN_ULLONG)(*((c)++)))<<16, \ | ||
222 | l|=((BN_ULLONG)(*((c)++)))<< 8, \ | ||
223 | l|=((BN_ULLONG)(*((c)++)))) | ||
224 | |||
225 | /* NOTE - c is not incremented as per l2c */ | ||
226 | #define l2cn(l1,l2,c,n) { \ | ||
227 | c+=n; \ | ||
228 | switch (n) { \ | ||
229 | case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ | ||
230 | case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ | ||
231 | case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ | ||
232 | case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | ||
233 | case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ | ||
234 | case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ | ||
235 | case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ | ||
236 | case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | ||
237 | } \ | ||
238 | } | ||
239 | |||
240 | #define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ | ||
241 | (((unsigned int)(c[1])) )),c+=2) | ||
242 | #define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ | ||
243 | c[1]=(unsigned char)(((s) )&0xff)),c+=2) | ||
244 | |||
245 | #define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ | ||
246 | (((unsigned long)(c[1]))<< 8)| \ | ||
247 | (((unsigned long)(c[2])) )),c+=3) | ||
248 | |||
249 | #define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ | ||
250 | c[1]=(unsigned char)(((l)>> 8)&0xff), \ | ||
251 | c[2]=(unsigned char)(((l) )&0xff)),c+=3) | ||
252 | |||
253 | /* LOCAL STUFF */ | ||
254 | |||
255 | #define SSL_DECRYPT 0 | ||
256 | #define SSL_ENCRYPT 1 | ||
257 | |||
258 | #define TWO_BYTE_BIT 0x80 | ||
259 | #define SEC_ESC_BIT 0x40 | ||
260 | #define TWO_BYTE_MASK 0x7fff | ||
261 | #define THREE_BYTE_MASK 0x3fff | ||
262 | |||
263 | #define INC32(a) ((a)=((a)+1)&0xffffffffL) | ||
264 | #define DEC32(a) ((a)=((a)-1)&0xffffffffL) | ||
265 | #define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ | ||
266 | |||
267 | /* | ||
268 | * Define the Bitmasks for SSL_CIPHER.algorithms. | ||
269 | * This bits are used packed as dense as possible. If new methods/ciphers | ||
270 | * etc will be added, the bits a likely to change, so this information | ||
271 | * is for internal library use only, even though SSL_CIPHER.algorithms | ||
272 | * can be publicly accessed. | ||
273 | * Use the according functions for cipher management instead. | ||
274 | * | ||
275 | * The bit mask handling in the selection and sorting scheme in | ||
276 | * ssl_create_cipher_list() has only limited capabilities, reflecting | ||
277 | * that the different entities within are mutually exclusive: | ||
278 | * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. | ||
279 | */ | ||
280 | |||
281 | /* Bits for algorithm_mkey (key exchange algorithm) */ | ||
282 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | ||
283 | #define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ | ||
284 | #define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ | ||
285 | #define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ | ||
286 | #define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ | ||
287 | #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ | ||
288 | #define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ | ||
289 | #define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ | ||
290 | #define SSL_kPSK 0x00000100L /* PSK */ | ||
291 | #define SSL_kGOST 0x00000200L /* GOST key exchange */ | ||
292 | |||
293 | /* Bits for algorithm_auth (server authentication) */ | ||
294 | #define SSL_aRSA 0x00000001L /* RSA auth */ | ||
295 | #define SSL_aDSS 0x00000002L /* DSS auth */ | ||
296 | #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ | ||
297 | #define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */ | ||
298 | #define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ | ||
299 | #define SSL_aKRB5 0x00000020L /* KRB5 auth */ | ||
300 | #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ | ||
301 | #define SSL_aPSK 0x00000080L /* PSK auth */ | ||
302 | #define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ | ||
303 | #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ | ||
304 | |||
305 | |||
306 | /* Bits for algorithm_enc (symmetric encryption) */ | ||
307 | #define SSL_DES 0x00000001L | ||
308 | #define SSL_3DES 0x00000002L | ||
309 | #define SSL_RC4 0x00000004L | ||
310 | #define SSL_RC2 0x00000008L | ||
311 | #define SSL_IDEA 0x00000010L | ||
312 | #define SSL_eNULL 0x00000020L | ||
313 | #define SSL_AES128 0x00000040L | ||
314 | #define SSL_AES256 0x00000080L | ||
315 | #define SSL_CAMELLIA128 0x00000100L | ||
316 | #define SSL_CAMELLIA256 0x00000200L | ||
317 | #define SSL_eGOST2814789CNT 0x00000400L | ||
318 | #define SSL_SEED 0x00000800L | ||
319 | |||
320 | #define SSL_AES (SSL_AES128|SSL_AES256) | ||
321 | #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) | ||
322 | |||
323 | |||
324 | /* Bits for algorithm_mac (symmetric authentication) */ | ||
325 | #define SSL_MD5 0x00000001L | ||
326 | #define SSL_SHA1 0x00000002L | ||
327 | #define SSL_GOST94 0x00000004L | ||
328 | #define SSL_GOST89MAC 0x00000008L | ||
329 | |||
330 | /* Bits for algorithm_ssl (protocol version) */ | ||
331 | #define SSL_SSLV2 0x00000001L | ||
332 | #define SSL_SSLV3 0x00000002L | ||
333 | #define SSL_TLSV1 SSL_SSLV3 /* for now */ | ||
334 | |||
335 | |||
336 | /* Bits for algorithm2 (handshake digests and other extra flags) */ | ||
337 | |||
338 | #define SSL_HANDSHAKE_MAC_MD5 0x10 | ||
339 | #define SSL_HANDSHAKE_MAC_SHA 0x20 | ||
340 | #define SSL_HANDSHAKE_MAC_GOST94 0x40 | ||
341 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) | ||
342 | |||
343 | /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX | ||
344 | * make sure to update this constant too */ | ||
345 | #define SSL_MAX_DIGEST 4 | ||
346 | |||
347 | #define TLS1_PRF_DGST_SHIFT 8 | ||
348 | #define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) | ||
349 | #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) | ||
350 | #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) | ||
351 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) | ||
352 | |||
353 | /* Stream MAC for GOST ciphersuites from cryptopro draft | ||
354 | * (currently this also goes into algorithm2) */ | ||
355 | #define TLS1_STREAM_MAC 0x04 | ||
356 | |||
357 | |||
358 | |||
359 | /* | ||
360 | * Export and cipher strength information. For each cipher we have to decide | ||
361 | * whether it is exportable or not. This information is likely to change | ||
362 | * over time, since the export control rules are no static technical issue. | ||
363 | * | ||
364 | * Independent of the export flag the cipher strength is sorted into classes. | ||
365 | * SSL_EXP40 was denoting the 40bit US export limit of past times, which now | ||
366 | * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change | ||
367 | * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, | ||
368 | * since SSL_EXP64 could be similar to SSL_LOW. | ||
369 | * For this reason SSL_MICRO and SSL_MINI macros are included to widen the | ||
370 | * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed | ||
371 | * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would | ||
372 | * be possible. | ||
373 | */ | ||
374 | #define SSL_EXP_MASK 0x00000003L | ||
375 | #define SSL_STRONG_MASK 0x000001fcL | ||
376 | |||
377 | #define SSL_NOT_EXP 0x00000001L | ||
378 | #define SSL_EXPORT 0x00000002L | ||
379 | |||
380 | #define SSL_STRONG_NONE 0x00000004L | ||
381 | #define SSL_EXP40 0x00000008L | ||
382 | #define SSL_MICRO (SSL_EXP40) | ||
383 | #define SSL_EXP56 0x00000010L | ||
384 | #define SSL_MINI (SSL_EXP56) | ||
385 | #define SSL_LOW 0x00000020L | ||
386 | #define SSL_MEDIUM 0x00000040L | ||
387 | #define SSL_HIGH 0x00000080L | ||
388 | #define SSL_FIPS 0x00000100L | ||
389 | |||
390 | /* we have used 000001ff - 23 bits left to go */ | ||
391 | |||
392 | /* | ||
393 | * Macros to check the export status and cipher strength for export ciphers. | ||
394 | * Even though the macros for EXPORT and EXPORT40/56 have similar names, | ||
395 | * their meaning is different: | ||
396 | * *_EXPORT macros check the 'exportable' status. | ||
397 | * *_EXPORT40/56 macros are used to check whether a certain cipher strength | ||
398 | * is given. | ||
399 | * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct | ||
400 | * algorithm structure element to be passed (algorithms, algo_strength) and no | ||
401 | * typechecking can be done as they are all of type unsigned long, their | ||
402 | * direct usage is discouraged. | ||
403 | * Use the SSL_C_* macros instead. | ||
404 | */ | ||
405 | #define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) | ||
406 | #define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) | ||
407 | #define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) | ||
408 | #define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) | ||
409 | #define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) | ||
410 | #define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) | ||
411 | |||
412 | #define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ | ||
413 | (a) == SSL_DES ? 8 : 7) | ||
414 | #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) | ||
415 | #define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \ | ||
416 | (c)->algo_strength) | ||
417 | #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) | ||
418 | |||
419 | |||
420 | |||
421 | |||
422 | /* Mostly for SSLv3 */ | ||
423 | #define SSL_PKEY_RSA_ENC 0 | ||
424 | #define SSL_PKEY_RSA_SIGN 1 | ||
425 | #define SSL_PKEY_DSA_SIGN 2 | ||
426 | #define SSL_PKEY_DH_RSA 3 | ||
427 | #define SSL_PKEY_DH_DSA 4 | ||
428 | #define SSL_PKEY_ECC 5 | ||
429 | #define SSL_PKEY_GOST94 6 | ||
430 | #define SSL_PKEY_GOST01 7 | ||
431 | #define SSL_PKEY_NUM 8 | ||
432 | |||
433 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | ||
434 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | ||
435 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) | ||
436 | * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN | ||
437 | * SSL_aRSA <- RSA_ENC | RSA_SIGN | ||
438 | * SSL_aDSS <- DSA_SIGN | ||
439 | */ | ||
440 | |||
441 | /* | ||
442 | #define CERT_INVALID 0 | ||
443 | #define CERT_PUBLIC_KEY 1 | ||
444 | #define CERT_PRIVATE_KEY 2 | ||
445 | */ | ||
446 | |||
447 | #ifndef OPENSSL_NO_EC | ||
448 | /* From ECC-TLS draft, used in encoding the curve type in | ||
449 | * ECParameters | ||
450 | */ | ||
451 | #define EXPLICIT_PRIME_CURVE_TYPE 1 | ||
452 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | ||
453 | #define NAMED_CURVE_TYPE 3 | ||
454 | #endif /* OPENSSL_NO_EC */ | ||
455 | |||
456 | typedef struct cert_pkey_st | ||
457 | { | ||
458 | X509 *x509; | ||
459 | EVP_PKEY *privatekey; | ||
460 | } CERT_PKEY; | ||
461 | |||
462 | typedef struct cert_st | ||
463 | { | ||
464 | /* Current active set */ | ||
465 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | ||
466 | * Probably it would make more sense to store | ||
467 | * an index, not a pointer. */ | ||
468 | |||
469 | /* The following masks are for the key and auth | ||
470 | * algorithms that are supported by the certs below */ | ||
471 | int valid; | ||
472 | unsigned long mask_k; | ||
473 | unsigned long mask_a; | ||
474 | unsigned long export_mask_k; | ||
475 | unsigned long export_mask_a; | ||
476 | #ifndef OPENSSL_NO_RSA | ||
477 | RSA *rsa_tmp; | ||
478 | RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); | ||
479 | #endif | ||
480 | #ifndef OPENSSL_NO_DH | ||
481 | DH *dh_tmp; | ||
482 | DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); | ||
483 | #endif | ||
484 | #ifndef OPENSSL_NO_ECDH | ||
485 | EC_KEY *ecdh_tmp; | ||
486 | /* Callback for generating ephemeral ECDH keys */ | ||
487 | EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize); | ||
488 | #endif | ||
489 | |||
490 | CERT_PKEY pkeys[SSL_PKEY_NUM]; | ||
491 | |||
492 | int references; /* >1 only if SSL_copy_session_id is used */ | ||
493 | } CERT; | ||
494 | |||
495 | |||
496 | typedef struct sess_cert_st | ||
497 | { | ||
498 | STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ | ||
499 | |||
500 | /* The 'peer_...' members are used only by clients. */ | ||
501 | int peer_cert_type; | ||
502 | |||
503 | CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ | ||
504 | CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; | ||
505 | /* Obviously we don't have the private keys of these, | ||
506 | * so maybe we shouldn't even use the CERT_PKEY type here. */ | ||
507 | |||
508 | #ifndef OPENSSL_NO_RSA | ||
509 | RSA *peer_rsa_tmp; /* not used for SSL 2 */ | ||
510 | #endif | ||
511 | #ifndef OPENSSL_NO_DH | ||
512 | DH *peer_dh_tmp; /* not used for SSL 2 */ | ||
513 | #endif | ||
514 | #ifndef OPENSSL_NO_ECDH | ||
515 | EC_KEY *peer_ecdh_tmp; | ||
516 | #endif | ||
517 | |||
518 | int references; /* actually always 1 at the moment */ | ||
519 | } SESS_CERT; | ||
520 | |||
521 | |||
522 | /*#define MAC_DEBUG */ | ||
523 | |||
524 | /*#define ERR_DEBUG */ | ||
525 | /*#define ABORT_DEBUG */ | ||
526 | /*#define PKT_DEBUG 1 */ | ||
527 | /*#define DES_DEBUG */ | ||
528 | /*#define DES_OFB_DEBUG */ | ||
529 | /*#define SSL_DEBUG */ | ||
530 | /*#define RSA_DEBUG */ | ||
531 | /*#define IDEA_DEBUG */ | ||
532 | |||
533 | #define FP_ICC (int (*)(const void *,const void *)) | ||
534 | #define ssl_put_cipher_by_char(ssl,ciph,ptr) \ | ||
535 | ((ssl)->method->put_cipher_by_char((ciph),(ptr))) | ||
536 | #define ssl_get_cipher_by_char(ssl,ptr) \ | ||
537 | ((ssl)->method->get_cipher_by_char(ptr)) | ||
538 | |||
539 | /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff | ||
540 | * It is a bit of a mess of functions, but hell, think of it as | ||
541 | * an opaque structure :-) */ | ||
542 | typedef struct ssl3_enc_method | ||
543 | { | ||
544 | int (*enc)(SSL *, int); | ||
545 | int (*mac)(SSL *, unsigned char *, int); | ||
546 | int (*setup_key_block)(SSL *); | ||
547 | int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int); | ||
548 | int (*change_cipher_state)(SSL *, int); | ||
549 | int (*final_finish_mac)(SSL *, const char *, int, unsigned char *); | ||
550 | int finish_mac_length; | ||
551 | int (*cert_verify_mac)(SSL *, int, unsigned char *); | ||
552 | const char *client_finished_label; | ||
553 | int client_finished_label_len; | ||
554 | const char *server_finished_label; | ||
555 | int server_finished_label_len; | ||
556 | int (*alert_value)(int); | ||
557 | } SSL3_ENC_METHOD; | ||
558 | |||
559 | #ifndef OPENSSL_NO_COMP | ||
560 | /* Used for holding the relevant compression methods loaded into SSL_CTX */ | ||
561 | typedef struct ssl3_comp_st | ||
562 | { | ||
563 | int comp_id; /* The identifier byte for this compression type */ | ||
564 | char *name; /* Text name used for the compression type */ | ||
565 | COMP_METHOD *method; /* The method :-) */ | ||
566 | } SSL3_COMP; | ||
567 | #endif | ||
568 | |||
569 | #ifndef OPENSSL_NO_BUF_FREELISTS | ||
570 | typedef struct ssl3_buf_freelist_st | ||
571 | { | ||
572 | size_t chunklen; | ||
573 | unsigned int len; | ||
574 | struct ssl3_buf_freelist_entry_st *head; | ||
575 | } SSL3_BUF_FREELIST; | ||
576 | |||
577 | typedef struct ssl3_buf_freelist_entry_st | ||
578 | { | ||
579 | struct ssl3_buf_freelist_entry_st *next; | ||
580 | } SSL3_BUF_FREELIST_ENTRY; | ||
581 | #endif | ||
582 | |||
583 | extern SSL3_ENC_METHOD ssl3_undef_enc_method; | ||
584 | OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; | ||
585 | OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; | ||
586 | |||
587 | |||
588 | SSL_METHOD *ssl_bad_method(int ver); | ||
589 | |||
590 | extern SSL3_ENC_METHOD TLSv1_enc_data; | ||
591 | extern SSL3_ENC_METHOD SSLv3_enc_data; | ||
592 | extern SSL3_ENC_METHOD DTLSv1_enc_data; | ||
593 | |||
594 | #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
595 | const SSL_METHOD *func_name(void) \ | ||
596 | { \ | ||
597 | static const SSL_METHOD func_name##_data= { \ | ||
598 | TLS1_VERSION, \ | ||
599 | tls1_new, \ | ||
600 | tls1_clear, \ | ||
601 | tls1_free, \ | ||
602 | s_accept, \ | ||
603 | s_connect, \ | ||
604 | ssl3_read, \ | ||
605 | ssl3_peek, \ | ||
606 | ssl3_write, \ | ||
607 | ssl3_shutdown, \ | ||
608 | ssl3_renegotiate, \ | ||
609 | ssl3_renegotiate_check, \ | ||
610 | ssl3_get_message, \ | ||
611 | ssl3_read_bytes, \ | ||
612 | ssl3_write_bytes, \ | ||
613 | ssl3_dispatch_alert, \ | ||
614 | ssl3_ctrl, \ | ||
615 | ssl3_ctx_ctrl, \ | ||
616 | ssl3_get_cipher_by_char, \ | ||
617 | ssl3_put_cipher_by_char, \ | ||
618 | ssl3_pending, \ | ||
619 | ssl3_num_ciphers, \ | ||
620 | ssl3_get_cipher, \ | ||
621 | s_get_meth, \ | ||
622 | tls1_default_timeout, \ | ||
623 | &TLSv1_enc_data, \ | ||
624 | ssl_undefined_void_function, \ | ||
625 | ssl3_callback_ctrl, \ | ||
626 | ssl3_ctx_callback_ctrl, \ | ||
627 | }; \ | ||
628 | return &func_name##_data; \ | ||
629 | } | ||
630 | |||
631 | #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
632 | const SSL_METHOD *func_name(void) \ | ||
633 | { \ | ||
634 | static const SSL_METHOD func_name##_data= { \ | ||
635 | SSL3_VERSION, \ | ||
636 | ssl3_new, \ | ||
637 | ssl3_clear, \ | ||
638 | ssl3_free, \ | ||
639 | s_accept, \ | ||
640 | s_connect, \ | ||
641 | ssl3_read, \ | ||
642 | ssl3_peek, \ | ||
643 | ssl3_write, \ | ||
644 | ssl3_shutdown, \ | ||
645 | ssl3_renegotiate, \ | ||
646 | ssl3_renegotiate_check, \ | ||
647 | ssl3_get_message, \ | ||
648 | ssl3_read_bytes, \ | ||
649 | ssl3_write_bytes, \ | ||
650 | ssl3_dispatch_alert, \ | ||
651 | ssl3_ctrl, \ | ||
652 | ssl3_ctx_ctrl, \ | ||
653 | ssl3_get_cipher_by_char, \ | ||
654 | ssl3_put_cipher_by_char, \ | ||
655 | ssl3_pending, \ | ||
656 | ssl3_num_ciphers, \ | ||
657 | ssl3_get_cipher, \ | ||
658 | s_get_meth, \ | ||
659 | ssl3_default_timeout, \ | ||
660 | &SSLv3_enc_data, \ | ||
661 | ssl_undefined_void_function, \ | ||
662 | ssl3_callback_ctrl, \ | ||
663 | ssl3_ctx_callback_ctrl, \ | ||
664 | }; \ | ||
665 | return &func_name##_data; \ | ||
666 | } | ||
667 | |||
668 | #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
669 | const SSL_METHOD *func_name(void) \ | ||
670 | { \ | ||
671 | static const SSL_METHOD func_name##_data= { \ | ||
672 | TLS1_VERSION, \ | ||
673 | tls1_new, \ | ||
674 | tls1_clear, \ | ||
675 | tls1_free, \ | ||
676 | s_accept, \ | ||
677 | s_connect, \ | ||
678 | ssl23_read, \ | ||
679 | ssl23_peek, \ | ||
680 | ssl23_write, \ | ||
681 | ssl_undefined_function, \ | ||
682 | ssl_undefined_function, \ | ||
683 | ssl_ok, \ | ||
684 | ssl3_get_message, \ | ||
685 | ssl3_read_bytes, \ | ||
686 | ssl3_write_bytes, \ | ||
687 | ssl3_dispatch_alert, \ | ||
688 | ssl3_ctrl, \ | ||
689 | ssl3_ctx_ctrl, \ | ||
690 | ssl23_get_cipher_by_char, \ | ||
691 | ssl23_put_cipher_by_char, \ | ||
692 | ssl_undefined_const_function, \ | ||
693 | ssl23_num_ciphers, \ | ||
694 | ssl23_get_cipher, \ | ||
695 | s_get_meth, \ | ||
696 | ssl23_default_timeout, \ | ||
697 | &ssl3_undef_enc_method, \ | ||
698 | ssl_undefined_void_function, \ | ||
699 | ssl3_callback_ctrl, \ | ||
700 | ssl3_ctx_callback_ctrl, \ | ||
701 | }; \ | ||
702 | return &func_name##_data; \ | ||
703 | } | ||
704 | |||
705 | #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
706 | const SSL_METHOD *func_name(void) \ | ||
707 | { \ | ||
708 | static const SSL_METHOD func_name##_data= { \ | ||
709 | SSL2_VERSION, \ | ||
710 | ssl2_new, /* local */ \ | ||
711 | ssl2_clear, /* local */ \ | ||
712 | ssl2_free, /* local */ \ | ||
713 | s_accept, \ | ||
714 | s_connect, \ | ||
715 | ssl2_read, \ | ||
716 | ssl2_peek, \ | ||
717 | ssl2_write, \ | ||
718 | ssl2_shutdown, \ | ||
719 | ssl_ok, /* NULL - renegotiate */ \ | ||
720 | ssl_ok, /* NULL - check renegotiate */ \ | ||
721 | NULL, /* NULL - ssl_get_message */ \ | ||
722 | NULL, /* NULL - ssl_get_record */ \ | ||
723 | NULL, /* NULL - ssl_write_bytes */ \ | ||
724 | NULL, /* NULL - dispatch_alert */ \ | ||
725 | ssl2_ctrl, /* local */ \ | ||
726 | ssl2_ctx_ctrl, /* local */ \ | ||
727 | ssl2_get_cipher_by_char, \ | ||
728 | ssl2_put_cipher_by_char, \ | ||
729 | ssl2_pending, \ | ||
730 | ssl2_num_ciphers, \ | ||
731 | ssl2_get_cipher, \ | ||
732 | s_get_meth, \ | ||
733 | ssl2_default_timeout, \ | ||
734 | &ssl3_undef_enc_method, \ | ||
735 | ssl_undefined_void_function, \ | ||
736 | ssl2_callback_ctrl, /* local */ \ | ||
737 | ssl2_ctx_callback_ctrl, /* local */ \ | ||
738 | }; \ | ||
739 | return &func_name##_data; \ | ||
740 | } | ||
741 | |||
742 | #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
743 | const SSL_METHOD *func_name(void) \ | ||
744 | { \ | ||
745 | static const SSL_METHOD func_name##_data= { \ | ||
746 | DTLS1_VERSION, \ | ||
747 | dtls1_new, \ | ||
748 | dtls1_clear, \ | ||
749 | dtls1_free, \ | ||
750 | s_accept, \ | ||
751 | s_connect, \ | ||
752 | ssl3_read, \ | ||
753 | ssl3_peek, \ | ||
754 | ssl3_write, \ | ||
755 | ssl3_shutdown, \ | ||
756 | ssl3_renegotiate, \ | ||
757 | ssl3_renegotiate_check, \ | ||
758 | dtls1_get_message, \ | ||
759 | dtls1_read_bytes, \ | ||
760 | dtls1_write_app_data_bytes, \ | ||
761 | dtls1_dispatch_alert, \ | ||
762 | dtls1_ctrl, \ | ||
763 | ssl3_ctx_ctrl, \ | ||
764 | ssl3_get_cipher_by_char, \ | ||
765 | ssl3_put_cipher_by_char, \ | ||
766 | ssl3_pending, \ | ||
767 | ssl3_num_ciphers, \ | ||
768 | dtls1_get_cipher, \ | ||
769 | s_get_meth, \ | ||
770 | dtls1_default_timeout, \ | ||
771 | &DTLSv1_enc_data, \ | ||
772 | ssl_undefined_void_function, \ | ||
773 | ssl3_callback_ctrl, \ | ||
774 | ssl3_ctx_callback_ctrl, \ | ||
775 | }; \ | ||
776 | return &func_name##_data; \ | ||
777 | } | ||
778 | |||
779 | void ssl_clear_cipher_ctx(SSL *s); | ||
780 | int ssl_clear_bad_session(SSL *s); | ||
781 | CERT *ssl_cert_new(void); | ||
782 | CERT *ssl_cert_dup(CERT *cert); | ||
783 | int ssl_cert_inst(CERT **o); | ||
784 | void ssl_cert_free(CERT *c); | ||
785 | SESS_CERT *ssl_sess_cert_new(void); | ||
786 | void ssl_sess_cert_free(SESS_CERT *sc); | ||
787 | int ssl_set_peer_cert_type(SESS_CERT *c, int type); | ||
788 | int ssl_get_new_session(SSL *s, int session); | ||
789 | int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); | ||
790 | int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); | ||
791 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, | ||
792 | ssl_cipher_id); | ||
793 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | ||
794 | const SSL_CIPHER * const *bp); | ||
795 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | ||
796 | STACK_OF(SSL_CIPHER) **skp); | ||
797 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | ||
798 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)); | ||
799 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | ||
800 | STACK_OF(SSL_CIPHER) **pref, | ||
801 | STACK_OF(SSL_CIPHER) **sorted, | ||
802 | const char *rule_str); | ||
803 | void ssl_update_cache(SSL *s, int mode); | ||
804 | int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, | ||
805 | const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp); | ||
806 | int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); | ||
807 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | ||
808 | int ssl_undefined_function(SSL *s); | ||
809 | int ssl_undefined_void_function(void); | ||
810 | int ssl_undefined_const_function(const SSL *s); | ||
811 | X509 *ssl_get_server_send_cert(SSL *); | ||
812 | EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *); | ||
813 | int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | ||
814 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); | ||
815 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | ||
816 | int ssl_verify_alarm_type(long type); | ||
817 | void ssl_load_ciphers(void); | ||
818 | |||
819 | int ssl2_enc_init(SSL *s, int client); | ||
820 | int ssl2_generate_key_material(SSL *s); | ||
821 | void ssl2_enc(SSL *s,int send_data); | ||
822 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | ||
823 | const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | ||
824 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | ||
825 | int ssl2_part_read(SSL *s, unsigned long f, int i); | ||
826 | int ssl2_do_write(SSL *s); | ||
827 | int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); | ||
828 | void ssl2_return_error(SSL *s,int reason); | ||
829 | void ssl2_write_error(SSL *s); | ||
830 | int ssl2_num_ciphers(void); | ||
831 | const SSL_CIPHER *ssl2_get_cipher(unsigned int u); | ||
832 | int ssl2_new(SSL *s); | ||
833 | void ssl2_free(SSL *s); | ||
834 | int ssl2_accept(SSL *s); | ||
835 | int ssl2_connect(SSL *s); | ||
836 | int ssl2_read(SSL *s, void *buf, int len); | ||
837 | int ssl2_peek(SSL *s, void *buf, int len); | ||
838 | int ssl2_write(SSL *s, const void *buf, int len); | ||
839 | int ssl2_shutdown(SSL *s); | ||
840 | void ssl2_clear(SSL *s); | ||
841 | long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); | ||
842 | long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | ||
843 | long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); | ||
844 | long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); | ||
845 | int ssl2_pending(const SSL *s); | ||
846 | long ssl2_default_timeout(void ); | ||
847 | |||
848 | const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); | ||
849 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | ||
850 | void ssl3_init_finished_mac(SSL *s); | ||
851 | int ssl3_send_server_certificate(SSL *s); | ||
852 | int ssl3_send_newsession_ticket(SSL *s); | ||
853 | int ssl3_send_cert_status(SSL *s); | ||
854 | int ssl3_get_finished(SSL *s,int state_a,int state_b); | ||
855 | int ssl3_setup_key_block(SSL *s); | ||
856 | int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); | ||
857 | int ssl3_change_cipher_state(SSL *s,int which); | ||
858 | void ssl3_cleanup_key_block(SSL *s); | ||
859 | int ssl3_do_write(SSL *s,int type); | ||
860 | int ssl3_send_alert(SSL *s,int level, int desc); | ||
861 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, | ||
862 | unsigned char *p, int len); | ||
863 | int ssl3_get_req_cert_type(SSL *s,unsigned char *p); | ||
864 | long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | ||
865 | int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); | ||
866 | int ssl3_num_ciphers(void); | ||
867 | const SSL_CIPHER *ssl3_get_cipher(unsigned int u); | ||
868 | int ssl3_renegotiate(SSL *ssl); | ||
869 | int ssl3_renegotiate_check(SSL *ssl); | ||
870 | int ssl3_dispatch_alert(SSL *s); | ||
871 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | ||
872 | int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); | ||
873 | int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p); | ||
874 | int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); | ||
875 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); | ||
876 | int ssl3_enc(SSL *s, int send_data); | ||
877 | int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); | ||
878 | void ssl3_free_digest_list(SSL *s); | ||
879 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); | ||
880 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, | ||
881 | STACK_OF(SSL_CIPHER) *srvr); | ||
882 | int ssl3_setup_buffers(SSL *s); | ||
883 | int ssl3_setup_read_buffer(SSL *s); | ||
884 | int ssl3_setup_write_buffer(SSL *s); | ||
885 | int ssl3_release_read_buffer(SSL *s); | ||
886 | int ssl3_release_write_buffer(SSL *s); | ||
887 | int ssl3_digest_cached_records(SSL *s); | ||
888 | int ssl3_new(SSL *s); | ||
889 | void ssl3_free(SSL *s); | ||
890 | int ssl3_accept(SSL *s); | ||
891 | int ssl3_connect(SSL *s); | ||
892 | int ssl3_read(SSL *s, void *buf, int len); | ||
893 | int ssl3_peek(SSL *s, void *buf, int len); | ||
894 | int ssl3_write(SSL *s, const void *buf, int len); | ||
895 | int ssl3_shutdown(SSL *s); | ||
896 | void ssl3_clear(SSL *s); | ||
897 | long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); | ||
898 | long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | ||
899 | long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); | ||
900 | long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); | ||
901 | int ssl3_pending(const SSL *s); | ||
902 | |||
903 | void ssl3_record_sequence_update(unsigned char *seq); | ||
904 | int ssl3_do_change_cipher_spec(SSL *ssl); | ||
905 | long ssl3_default_timeout(void ); | ||
906 | |||
907 | int ssl23_num_ciphers(void ); | ||
908 | const SSL_CIPHER *ssl23_get_cipher(unsigned int u); | ||
909 | int ssl23_read(SSL *s, void *buf, int len); | ||
910 | int ssl23_peek(SSL *s, void *buf, int len); | ||
911 | int ssl23_write(SSL *s, const void *buf, int len); | ||
912 | int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); | ||
913 | const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); | ||
914 | long ssl23_default_timeout(void ); | ||
915 | |||
916 | long tls1_default_timeout(void); | ||
917 | int dtls1_do_write(SSL *s,int type); | ||
918 | int ssl3_read_n(SSL *s, int n, int max, int extend); | ||
919 | int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | ||
920 | int ssl3_do_compress(SSL *ssl); | ||
921 | int ssl3_do_uncompress(SSL *ssl); | ||
922 | int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | ||
923 | unsigned int len); | ||
924 | unsigned char *dtls1_set_message_header(SSL *s, | ||
925 | unsigned char *p, unsigned char mt, unsigned long len, | ||
926 | unsigned long frag_off, unsigned long frag_len); | ||
927 | |||
928 | int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); | ||
929 | int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); | ||
930 | |||
931 | int dtls1_send_change_cipher_spec(SSL *s, int a, int b); | ||
932 | int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); | ||
933 | unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); | ||
934 | int dtls1_read_failed(SSL *s, int code); | ||
935 | int dtls1_buffer_message(SSL *s, int ccs); | ||
936 | int dtls1_retransmit_message(SSL *s, unsigned short seq, | ||
937 | unsigned long frag_off, int *found); | ||
938 | int dtls1_get_queue_priority(unsigned short seq, int is_ccs); | ||
939 | int dtls1_retransmit_buffered_messages(SSL *s); | ||
940 | void dtls1_clear_record_buffer(SSL *s); | ||
941 | void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); | ||
942 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); | ||
943 | void dtls1_reset_seq_numbers(SSL *s, int rw); | ||
944 | long dtls1_default_timeout(void); | ||
945 | struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); | ||
946 | int dtls1_handle_timeout(SSL *s); | ||
947 | const SSL_CIPHER *dtls1_get_cipher(unsigned int u); | ||
948 | void dtls1_start_timer(SSL *s); | ||
949 | void dtls1_stop_timer(SSL *s); | ||
950 | int dtls1_is_timer_expired(SSL *s); | ||
951 | void dtls1_double_timeout(SSL *s); | ||
952 | int dtls1_send_newsession_ticket(SSL *s); | ||
953 | unsigned int dtls1_min_mtu(void); | ||
954 | |||
955 | /* some client-only functions */ | ||
956 | int ssl3_client_hello(SSL *s); | ||
957 | int ssl3_get_server_hello(SSL *s); | ||
958 | int ssl3_get_certificate_request(SSL *s); | ||
959 | int ssl3_get_new_session_ticket(SSL *s); | ||
960 | int ssl3_get_cert_status(SSL *s); | ||
961 | int ssl3_get_server_done(SSL *s); | ||
962 | int ssl3_send_client_verify(SSL *s); | ||
963 | int ssl3_send_client_certificate(SSL *s); | ||
964 | int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); | ||
965 | int ssl3_send_client_key_exchange(SSL *s); | ||
966 | int ssl3_get_key_exchange(SSL *s); | ||
967 | int ssl3_get_server_certificate(SSL *s); | ||
968 | int ssl3_check_cert_and_algorithm(SSL *s); | ||
969 | #ifndef OPENSSL_NO_TLSEXT | ||
970 | int ssl3_check_finished(SSL *s); | ||
971 | #endif | ||
972 | |||
973 | int dtls1_client_hello(SSL *s); | ||
974 | int dtls1_send_client_certificate(SSL *s); | ||
975 | int dtls1_send_client_key_exchange(SSL *s); | ||
976 | int dtls1_send_client_verify(SSL *s); | ||
977 | |||
978 | /* some server-only functions */ | ||
979 | int ssl3_get_client_hello(SSL *s); | ||
980 | int ssl3_send_server_hello(SSL *s); | ||
981 | int ssl3_send_hello_request(SSL *s); | ||
982 | int ssl3_send_server_key_exchange(SSL *s); | ||
983 | int ssl3_send_certificate_request(SSL *s); | ||
984 | int ssl3_send_server_done(SSL *s); | ||
985 | int ssl3_check_client_hello(SSL *s); | ||
986 | int ssl3_get_client_certificate(SSL *s); | ||
987 | int ssl3_get_client_key_exchange(SSL *s); | ||
988 | int ssl3_get_cert_verify(SSL *s); | ||
989 | |||
990 | int dtls1_send_hello_request(SSL *s); | ||
991 | int dtls1_send_server_hello(SSL *s); | ||
992 | int dtls1_send_server_certificate(SSL *s); | ||
993 | int dtls1_send_server_key_exchange(SSL *s); | ||
994 | int dtls1_send_certificate_request(SSL *s); | ||
995 | int dtls1_send_server_done(SSL *s); | ||
996 | |||
997 | |||
998 | |||
999 | int ssl23_accept(SSL *s); | ||
1000 | int ssl23_connect(SSL *s); | ||
1001 | int ssl23_read_bytes(SSL *s, int n); | ||
1002 | int ssl23_write_bytes(SSL *s); | ||
1003 | |||
1004 | int tls1_new(SSL *s); | ||
1005 | void tls1_free(SSL *s); | ||
1006 | void tls1_clear(SSL *s); | ||
1007 | long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); | ||
1008 | long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); | ||
1009 | |||
1010 | int dtls1_new(SSL *s); | ||
1011 | int dtls1_accept(SSL *s); | ||
1012 | int dtls1_connect(SSL *s); | ||
1013 | void dtls1_free(SSL *s); | ||
1014 | void dtls1_clear(SSL *s); | ||
1015 | long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); | ||
1016 | |||
1017 | long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | ||
1018 | int dtls1_get_record(SSL *s); | ||
1019 | int do_dtls1_write(SSL *s, int type, const unsigned char *buf, | ||
1020 | unsigned int len, int create_empty_fragement); | ||
1021 | int dtls1_dispatch_alert(SSL *s); | ||
1022 | int dtls1_enc(SSL *s, int snd); | ||
1023 | |||
1024 | int ssl_init_wbio_buffer(SSL *s, int push); | ||
1025 | void ssl_free_wbio_buffer(SSL *s); | ||
1026 | |||
1027 | int tls1_change_cipher_state(SSL *s, int which); | ||
1028 | int tls1_setup_key_block(SSL *s); | ||
1029 | int tls1_enc(SSL *s, int snd); | ||
1030 | int tls1_final_finish_mac(SSL *s, | ||
1031 | const char *str, int slen, unsigned char *p); | ||
1032 | int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); | ||
1033 | int tls1_mac(SSL *ssl, unsigned char *md, int snd); | ||
1034 | int tls1_generate_master_secret(SSL *s, unsigned char *out, | ||
1035 | unsigned char *p, int len); | ||
1036 | int tls1_alert_code(int code); | ||
1037 | int ssl3_alert_code(int code); | ||
1038 | int ssl_ok(SSL *s); | ||
1039 | |||
1040 | #ifndef OPENSSL_NO_ECDH | ||
1041 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs); | ||
1042 | #endif | ||
1043 | |||
1044 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); | ||
1045 | |||
1046 | #ifndef OPENSSL_NO_EC | ||
1047 | int tls1_ec_curve_id2nid(int curve_id); | ||
1048 | int tls1_ec_nid2curve_id(int nid); | ||
1049 | #endif /* OPENSSL_NO_EC */ | ||
1050 | |||
1051 | #ifndef OPENSSL_NO_TLSEXT | ||
1052 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | ||
1053 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | ||
1054 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | ||
1055 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | ||
1056 | int ssl_prepare_clienthello_tlsext(SSL *s); | ||
1057 | int ssl_prepare_serverhello_tlsext(SSL *s); | ||
1058 | int ssl_check_clienthello_tlsext(SSL *s); | ||
1059 | int ssl_check_serverhello_tlsext(SSL *s); | ||
1060 | |||
1061 | #ifdef OPENSSL_NO_SHA256 | ||
1062 | #define tlsext_tick_md EVP_sha1 | ||
1063 | #else | ||
1064 | #define tlsext_tick_md EVP_sha256 | ||
1065 | #endif | ||
1066 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
1067 | const unsigned char *limit, SSL_SESSION **ret); | ||
1068 | #endif | ||
1069 | EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; | ||
1070 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash); | ||
1071 | int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | ||
1072 | int maxlen); | ||
1073 | int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | ||
1074 | int *al); | ||
1075 | int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | ||
1076 | int maxlen); | ||
1077 | int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | ||
1078 | int *al); | ||
1079 | #endif | ||
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c deleted file mode 100644 index c0960b5712..0000000000 --- a/src/lib/libssl/ssl_rsa.c +++ /dev/null | |||
@@ -1,779 +0,0 @@ | |||
1 | /* ssl/ssl_rsa.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include "ssl_locl.h" | ||
61 | #include <openssl/bio.h> | ||
62 | #include <openssl/objects.h> | ||
63 | #include <openssl/evp.h> | ||
64 | #include <openssl/x509.h> | ||
65 | #include <openssl/pem.h> | ||
66 | |||
67 | static int ssl_set_cert(CERT *c, X509 *x509); | ||
68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | ||
69 | int SSL_use_certificate(SSL *ssl, X509 *x) | ||
70 | { | ||
71 | if (x == NULL) | ||
72 | { | ||
73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | ||
74 | return(0); | ||
75 | } | ||
76 | if (!ssl_cert_inst(&ssl->cert)) | ||
77 | { | ||
78 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
79 | return(0); | ||
80 | } | ||
81 | return(ssl_set_cert(ssl->cert,x)); | ||
82 | } | ||
83 | |||
84 | #ifndef OPENSSL_NO_STDIO | ||
85 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type) | ||
86 | { | ||
87 | int j; | ||
88 | BIO *in; | ||
89 | int ret=0; | ||
90 | X509 *x=NULL; | ||
91 | |||
92 | in=BIO_new(BIO_s_file_internal()); | ||
93 | if (in == NULL) | ||
94 | { | ||
95 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
96 | goto end; | ||
97 | } | ||
98 | |||
99 | if (BIO_read_filename(in,file) <= 0) | ||
100 | { | ||
101 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
102 | goto end; | ||
103 | } | ||
104 | if (type == SSL_FILETYPE_ASN1) | ||
105 | { | ||
106 | j=ERR_R_ASN1_LIB; | ||
107 | x=d2i_X509_bio(in,NULL); | ||
108 | } | ||
109 | else if (type == SSL_FILETYPE_PEM) | ||
110 | { | ||
111 | j=ERR_R_PEM_LIB; | ||
112 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
113 | } | ||
114 | else | ||
115 | { | ||
116 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
117 | goto end; | ||
118 | } | ||
119 | |||
120 | if (x == NULL) | ||
121 | { | ||
122 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); | ||
123 | goto end; | ||
124 | } | ||
125 | |||
126 | ret=SSL_use_certificate(ssl,x); | ||
127 | end: | ||
128 | if (x != NULL) X509_free(x); | ||
129 | if (in != NULL) BIO_free(in); | ||
130 | return(ret); | ||
131 | } | ||
132 | #endif | ||
133 | |||
134 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) | ||
135 | { | ||
136 | X509 *x; | ||
137 | int ret; | ||
138 | |||
139 | x=d2i_X509(NULL,&d,(long)len); | ||
140 | if (x == NULL) | ||
141 | { | ||
142 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | ||
143 | return(0); | ||
144 | } | ||
145 | |||
146 | ret=SSL_use_certificate(ssl,x); | ||
147 | X509_free(x); | ||
148 | return(ret); | ||
149 | } | ||
150 | |||
151 | #ifndef OPENSSL_NO_RSA | ||
152 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | ||
153 | { | ||
154 | EVP_PKEY *pkey; | ||
155 | int ret; | ||
156 | |||
157 | if (rsa == NULL) | ||
158 | { | ||
159 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | ||
160 | return(0); | ||
161 | } | ||
162 | if (!ssl_cert_inst(&ssl->cert)) | ||
163 | { | ||
164 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
165 | return(0); | ||
166 | } | ||
167 | if ((pkey=EVP_PKEY_new()) == NULL) | ||
168 | { | ||
169 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
170 | return(0); | ||
171 | } | ||
172 | |||
173 | RSA_up_ref(rsa); | ||
174 | EVP_PKEY_assign_RSA(pkey,rsa); | ||
175 | |||
176 | ret=ssl_set_pkey(ssl->cert,pkey); | ||
177 | EVP_PKEY_free(pkey); | ||
178 | return(ret); | ||
179 | } | ||
180 | #endif | ||
181 | |||
182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | ||
183 | { | ||
184 | int i; | ||
185 | |||
186 | i=ssl_cert_type(NULL,pkey); | ||
187 | if (i < 0) | ||
188 | { | ||
189 | SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
190 | return(0); | ||
191 | } | ||
192 | |||
193 | if (c->pkeys[i].x509 != NULL) | ||
194 | { | ||
195 | EVP_PKEY *pktmp; | ||
196 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | ||
197 | EVP_PKEY_copy_parameters(pktmp,pkey); | ||
198 | EVP_PKEY_free(pktmp); | ||
199 | ERR_clear_error(); | ||
200 | |||
201 | #ifndef OPENSSL_NO_RSA | ||
202 | /* Don't check the public/private key, this is mostly | ||
203 | * for smart cards. */ | ||
204 | if ((pkey->type == EVP_PKEY_RSA) && | ||
205 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) | ||
206 | ; | ||
207 | else | ||
208 | #endif | ||
209 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | ||
210 | { | ||
211 | X509_free(c->pkeys[i].x509); | ||
212 | c->pkeys[i].x509 = NULL; | ||
213 | return 0; | ||
214 | } | ||
215 | } | ||
216 | |||
217 | if (c->pkeys[i].privatekey != NULL) | ||
218 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
219 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | ||
220 | c->pkeys[i].privatekey=pkey; | ||
221 | c->key= &(c->pkeys[i]); | ||
222 | |||
223 | c->valid=0; | ||
224 | return(1); | ||
225 | } | ||
226 | |||
227 | #ifndef OPENSSL_NO_RSA | ||
228 | #ifndef OPENSSL_NO_STDIO | ||
229 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) | ||
230 | { | ||
231 | int j,ret=0; | ||
232 | BIO *in; | ||
233 | RSA *rsa=NULL; | ||
234 | |||
235 | in=BIO_new(BIO_s_file_internal()); | ||
236 | if (in == NULL) | ||
237 | { | ||
238 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
239 | goto end; | ||
240 | } | ||
241 | |||
242 | if (BIO_read_filename(in,file) <= 0) | ||
243 | { | ||
244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
245 | goto end; | ||
246 | } | ||
247 | if (type == SSL_FILETYPE_ASN1) | ||
248 | { | ||
249 | j=ERR_R_ASN1_LIB; | ||
250 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | ||
251 | } | ||
252 | else if (type == SSL_FILETYPE_PEM) | ||
253 | { | ||
254 | j=ERR_R_PEM_LIB; | ||
255 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | ||
256 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
257 | } | ||
258 | else | ||
259 | { | ||
260 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
261 | goto end; | ||
262 | } | ||
263 | if (rsa == NULL) | ||
264 | { | ||
265 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); | ||
266 | goto end; | ||
267 | } | ||
268 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | ||
269 | RSA_free(rsa); | ||
270 | end: | ||
271 | if (in != NULL) BIO_free(in); | ||
272 | return(ret); | ||
273 | } | ||
274 | #endif | ||
275 | |||
276 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) | ||
277 | { | ||
278 | int ret; | ||
279 | const unsigned char *p; | ||
280 | RSA *rsa; | ||
281 | |||
282 | p=d; | ||
283 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | ||
284 | { | ||
285 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | ||
286 | return(0); | ||
287 | } | ||
288 | |||
289 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | ||
290 | RSA_free(rsa); | ||
291 | return(ret); | ||
292 | } | ||
293 | #endif /* !OPENSSL_NO_RSA */ | ||
294 | |||
295 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) | ||
296 | { | ||
297 | int ret; | ||
298 | |||
299 | if (pkey == NULL) | ||
300 | { | ||
301 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | ||
302 | return(0); | ||
303 | } | ||
304 | if (!ssl_cert_inst(&ssl->cert)) | ||
305 | { | ||
306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
307 | return(0); | ||
308 | } | ||
309 | ret=ssl_set_pkey(ssl->cert,pkey); | ||
310 | return(ret); | ||
311 | } | ||
312 | |||
313 | #ifndef OPENSSL_NO_STDIO | ||
314 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | ||
315 | { | ||
316 | int j,ret=0; | ||
317 | BIO *in; | ||
318 | EVP_PKEY *pkey=NULL; | ||
319 | |||
320 | in=BIO_new(BIO_s_file_internal()); | ||
321 | if (in == NULL) | ||
322 | { | ||
323 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
324 | goto end; | ||
325 | } | ||
326 | |||
327 | if (BIO_read_filename(in,file) <= 0) | ||
328 | { | ||
329 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
330 | goto end; | ||
331 | } | ||
332 | if (type == SSL_FILETYPE_PEM) | ||
333 | { | ||
334 | j=ERR_R_PEM_LIB; | ||
335 | pkey=PEM_read_bio_PrivateKey(in,NULL, | ||
336 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
337 | } | ||
338 | else if (type == SSL_FILETYPE_ASN1) | ||
339 | { | ||
340 | j = ERR_R_ASN1_LIB; | ||
341 | pkey = d2i_PrivateKey_bio(in,NULL); | ||
342 | } | ||
343 | else | ||
344 | { | ||
345 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
346 | goto end; | ||
347 | } | ||
348 | if (pkey == NULL) | ||
349 | { | ||
350 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); | ||
351 | goto end; | ||
352 | } | ||
353 | ret=SSL_use_PrivateKey(ssl,pkey); | ||
354 | EVP_PKEY_free(pkey); | ||
355 | end: | ||
356 | if (in != NULL) BIO_free(in); | ||
357 | return(ret); | ||
358 | } | ||
359 | #endif | ||
360 | |||
361 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) | ||
362 | { | ||
363 | int ret; | ||
364 | const unsigned char *p; | ||
365 | EVP_PKEY *pkey; | ||
366 | |||
367 | p=d; | ||
368 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | ||
369 | { | ||
370 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | ||
371 | return(0); | ||
372 | } | ||
373 | |||
374 | ret=SSL_use_PrivateKey(ssl,pkey); | ||
375 | EVP_PKEY_free(pkey); | ||
376 | return(ret); | ||
377 | } | ||
378 | |||
379 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | ||
380 | { | ||
381 | if (x == NULL) | ||
382 | { | ||
383 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | ||
384 | return(0); | ||
385 | } | ||
386 | if (!ssl_cert_inst(&ctx->cert)) | ||
387 | { | ||
388 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
389 | return(0); | ||
390 | } | ||
391 | return(ssl_set_cert(ctx->cert, x)); | ||
392 | } | ||
393 | |||
394 | static int ssl_set_cert(CERT *c, X509 *x) | ||
395 | { | ||
396 | EVP_PKEY *pkey; | ||
397 | int i; | ||
398 | |||
399 | pkey=X509_get_pubkey(x); | ||
400 | if (pkey == NULL) | ||
401 | { | ||
402 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); | ||
403 | return(0); | ||
404 | } | ||
405 | |||
406 | i=ssl_cert_type(x,pkey); | ||
407 | if (i < 0) | ||
408 | { | ||
409 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
410 | EVP_PKEY_free(pkey); | ||
411 | return(0); | ||
412 | } | ||
413 | |||
414 | if (c->pkeys[i].privatekey != NULL) | ||
415 | { | ||
416 | EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); | ||
417 | ERR_clear_error(); | ||
418 | |||
419 | #ifndef OPENSSL_NO_RSA | ||
420 | /* Don't check the public/private key, this is mostly | ||
421 | * for smart cards. */ | ||
422 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | ||
423 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | ||
424 | RSA_METHOD_FLAG_NO_CHECK)) | ||
425 | ; | ||
426 | else | ||
427 | #endif /* OPENSSL_NO_RSA */ | ||
428 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | ||
429 | { | ||
430 | /* don't fail for a cert/key mismatch, just free | ||
431 | * current private key (when switching to a different | ||
432 | * cert & key, first this function should be used, | ||
433 | * then ssl_set_pkey */ | ||
434 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
435 | c->pkeys[i].privatekey=NULL; | ||
436 | /* clear error queue */ | ||
437 | ERR_clear_error(); | ||
438 | } | ||
439 | } | ||
440 | |||
441 | EVP_PKEY_free(pkey); | ||
442 | |||
443 | if (c->pkeys[i].x509 != NULL) | ||
444 | X509_free(c->pkeys[i].x509); | ||
445 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | ||
446 | c->pkeys[i].x509=x; | ||
447 | c->key= &(c->pkeys[i]); | ||
448 | |||
449 | c->valid=0; | ||
450 | return(1); | ||
451 | } | ||
452 | |||
453 | #ifndef OPENSSL_NO_STDIO | ||
454 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) | ||
455 | { | ||
456 | int j; | ||
457 | BIO *in; | ||
458 | int ret=0; | ||
459 | X509 *x=NULL; | ||
460 | |||
461 | in=BIO_new(BIO_s_file_internal()); | ||
462 | if (in == NULL) | ||
463 | { | ||
464 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
465 | goto end; | ||
466 | } | ||
467 | |||
468 | if (BIO_read_filename(in,file) <= 0) | ||
469 | { | ||
470 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
471 | goto end; | ||
472 | } | ||
473 | if (type == SSL_FILETYPE_ASN1) | ||
474 | { | ||
475 | j=ERR_R_ASN1_LIB; | ||
476 | x=d2i_X509_bio(in,NULL); | ||
477 | } | ||
478 | else if (type == SSL_FILETYPE_PEM) | ||
479 | { | ||
480 | j=ERR_R_PEM_LIB; | ||
481 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
482 | } | ||
483 | else | ||
484 | { | ||
485 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
486 | goto end; | ||
487 | } | ||
488 | |||
489 | if (x == NULL) | ||
490 | { | ||
491 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); | ||
492 | goto end; | ||
493 | } | ||
494 | |||
495 | ret=SSL_CTX_use_certificate(ctx,x); | ||
496 | end: | ||
497 | if (x != NULL) X509_free(x); | ||
498 | if (in != NULL) BIO_free(in); | ||
499 | return(ret); | ||
500 | } | ||
501 | #endif | ||
502 | |||
503 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) | ||
504 | { | ||
505 | X509 *x; | ||
506 | int ret; | ||
507 | |||
508 | x=d2i_X509(NULL,&d,(long)len); | ||
509 | if (x == NULL) | ||
510 | { | ||
511 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | ||
512 | return(0); | ||
513 | } | ||
514 | |||
515 | ret=SSL_CTX_use_certificate(ctx,x); | ||
516 | X509_free(x); | ||
517 | return(ret); | ||
518 | } | ||
519 | |||
520 | #ifndef OPENSSL_NO_RSA | ||
521 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) | ||
522 | { | ||
523 | int ret; | ||
524 | EVP_PKEY *pkey; | ||
525 | |||
526 | if (rsa == NULL) | ||
527 | { | ||
528 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | ||
529 | return(0); | ||
530 | } | ||
531 | if (!ssl_cert_inst(&ctx->cert)) | ||
532 | { | ||
533 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
534 | return(0); | ||
535 | } | ||
536 | if ((pkey=EVP_PKEY_new()) == NULL) | ||
537 | { | ||
538 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
539 | return(0); | ||
540 | } | ||
541 | |||
542 | RSA_up_ref(rsa); | ||
543 | EVP_PKEY_assign_RSA(pkey,rsa); | ||
544 | |||
545 | ret=ssl_set_pkey(ctx->cert, pkey); | ||
546 | EVP_PKEY_free(pkey); | ||
547 | return(ret); | ||
548 | } | ||
549 | |||
550 | #ifndef OPENSSL_NO_STDIO | ||
551 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) | ||
552 | { | ||
553 | int j,ret=0; | ||
554 | BIO *in; | ||
555 | RSA *rsa=NULL; | ||
556 | |||
557 | in=BIO_new(BIO_s_file_internal()); | ||
558 | if (in == NULL) | ||
559 | { | ||
560 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
561 | goto end; | ||
562 | } | ||
563 | |||
564 | if (BIO_read_filename(in,file) <= 0) | ||
565 | { | ||
566 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
567 | goto end; | ||
568 | } | ||
569 | if (type == SSL_FILETYPE_ASN1) | ||
570 | { | ||
571 | j=ERR_R_ASN1_LIB; | ||
572 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | ||
573 | } | ||
574 | else if (type == SSL_FILETYPE_PEM) | ||
575 | { | ||
576 | j=ERR_R_PEM_LIB; | ||
577 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | ||
578 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
579 | } | ||
580 | else | ||
581 | { | ||
582 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
583 | goto end; | ||
584 | } | ||
585 | if (rsa == NULL) | ||
586 | { | ||
587 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); | ||
588 | goto end; | ||
589 | } | ||
590 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | ||
591 | RSA_free(rsa); | ||
592 | end: | ||
593 | if (in != NULL) BIO_free(in); | ||
594 | return(ret); | ||
595 | } | ||
596 | #endif | ||
597 | |||
598 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) | ||
599 | { | ||
600 | int ret; | ||
601 | const unsigned char *p; | ||
602 | RSA *rsa; | ||
603 | |||
604 | p=d; | ||
605 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | ||
606 | { | ||
607 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | ||
608 | return(0); | ||
609 | } | ||
610 | |||
611 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | ||
612 | RSA_free(rsa); | ||
613 | return(ret); | ||
614 | } | ||
615 | #endif /* !OPENSSL_NO_RSA */ | ||
616 | |||
617 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | ||
618 | { | ||
619 | if (pkey == NULL) | ||
620 | { | ||
621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | ||
622 | return(0); | ||
623 | } | ||
624 | if (!ssl_cert_inst(&ctx->cert)) | ||
625 | { | ||
626 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
627 | return(0); | ||
628 | } | ||
629 | return(ssl_set_pkey(ctx->cert,pkey)); | ||
630 | } | ||
631 | |||
632 | #ifndef OPENSSL_NO_STDIO | ||
633 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | ||
634 | { | ||
635 | int j,ret=0; | ||
636 | BIO *in; | ||
637 | EVP_PKEY *pkey=NULL; | ||
638 | |||
639 | in=BIO_new(BIO_s_file_internal()); | ||
640 | if (in == NULL) | ||
641 | { | ||
642 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
643 | goto end; | ||
644 | } | ||
645 | |||
646 | if (BIO_read_filename(in,file) <= 0) | ||
647 | { | ||
648 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
649 | goto end; | ||
650 | } | ||
651 | if (type == SSL_FILETYPE_PEM) | ||
652 | { | ||
653 | j=ERR_R_PEM_LIB; | ||
654 | pkey=PEM_read_bio_PrivateKey(in,NULL, | ||
655 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
656 | } | ||
657 | else if (type == SSL_FILETYPE_ASN1) | ||
658 | { | ||
659 | j = ERR_R_ASN1_LIB; | ||
660 | pkey = d2i_PrivateKey_bio(in,NULL); | ||
661 | } | ||
662 | else | ||
663 | { | ||
664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
665 | goto end; | ||
666 | } | ||
667 | if (pkey == NULL) | ||
668 | { | ||
669 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); | ||
670 | goto end; | ||
671 | } | ||
672 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | ||
673 | EVP_PKEY_free(pkey); | ||
674 | end: | ||
675 | if (in != NULL) BIO_free(in); | ||
676 | return(ret); | ||
677 | } | ||
678 | #endif | ||
679 | |||
680 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | ||
681 | long len) | ||
682 | { | ||
683 | int ret; | ||
684 | const unsigned char *p; | ||
685 | EVP_PKEY *pkey; | ||
686 | |||
687 | p=d; | ||
688 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | ||
689 | { | ||
690 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | ||
691 | return(0); | ||
692 | } | ||
693 | |||
694 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | ||
695 | EVP_PKEY_free(pkey); | ||
696 | return(ret); | ||
697 | } | ||
698 | |||
699 | |||
700 | #ifndef OPENSSL_NO_STDIO | ||
701 | /* Read a file that contains our certificate in "PEM" format, | ||
702 | * possibly followed by a sequence of CA certificates that should be | ||
703 | * sent to the peer in the Certificate message. | ||
704 | */ | ||
705 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | ||
706 | { | ||
707 | BIO *in; | ||
708 | int ret=0; | ||
709 | X509 *x=NULL; | ||
710 | |||
711 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | ||
712 | |||
713 | in=BIO_new(BIO_s_file_internal()); | ||
714 | if (in == NULL) | ||
715 | { | ||
716 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); | ||
717 | goto end; | ||
718 | } | ||
719 | |||
720 | if (BIO_read_filename(in,file) <= 0) | ||
721 | { | ||
722 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); | ||
723 | goto end; | ||
724 | } | ||
725 | |||
726 | x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
727 | if (x == NULL) | ||
728 | { | ||
729 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); | ||
730 | goto end; | ||
731 | } | ||
732 | |||
733 | ret=SSL_CTX_use_certificate(ctx,x); | ||
734 | if (ERR_peek_error() != 0) | ||
735 | ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ | ||
736 | if (ret) | ||
737 | { | ||
738 | /* If we could set up our certificate, now proceed to | ||
739 | * the CA certificates. | ||
740 | */ | ||
741 | X509 *ca; | ||
742 | int r; | ||
743 | unsigned long err; | ||
744 | |||
745 | if (ctx->extra_certs != NULL) | ||
746 | { | ||
747 | sk_X509_pop_free(ctx->extra_certs, X509_free); | ||
748 | ctx->extra_certs = NULL; | ||
749 | } | ||
750 | |||
751 | while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata)) | ||
752 | != NULL) | ||
753 | { | ||
754 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | ||
755 | if (!r) | ||
756 | { | ||
757 | X509_free(ca); | ||
758 | ret = 0; | ||
759 | goto end; | ||
760 | } | ||
761 | /* Note that we must not free r if it was successfully | ||
762 | * added to the chain (while we must free the main | ||
763 | * certificate, since its reference count is increased | ||
764 | * by SSL_CTX_use_certificate). */ | ||
765 | } | ||
766 | /* When the while loop ends, it's usually just EOF. */ | ||
767 | err = ERR_peek_last_error(); | ||
768 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) | ||
769 | ERR_clear_error(); | ||
770 | else | ||
771 | ret = 0; /* some real error */ | ||
772 | } | ||
773 | |||
774 | end: | ||
775 | if (x != NULL) X509_free(x); | ||
776 | if (in != NULL) BIO_free(in); | ||
777 | return(ret); | ||
778 | } | ||
779 | #endif | ||
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c deleted file mode 100644 index 8e5d8a0972..0000000000 --- a/src/lib/libssl/ssl_sess.c +++ /dev/null | |||
@@ -1,1095 +0,0 @@ | |||
1 | /* ssl/ssl_sess.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2005 Nokia. All rights reserved. | ||
113 | * | ||
114 | * The portions of the attached software ("Contribution") is developed by | ||
115 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
116 | * license. | ||
117 | * | ||
118 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
119 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
120 | * support (see RFC 4279) to OpenSSL. | ||
121 | * | ||
122 | * No patent licenses or other rights except those expressly stated in | ||
123 | * the OpenSSL open source license shall be deemed granted or received | ||
124 | * expressly, by implication, estoppel, or otherwise. | ||
125 | * | ||
126 | * No assurances are provided by Nokia that the Contribution does not | ||
127 | * infringe the patent or other intellectual property rights of any third | ||
128 | * party or that the license provides you with all the necessary rights | ||
129 | * to make use of the Contribution. | ||
130 | * | ||
131 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
132 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
133 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
134 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
135 | * OTHERWISE. | ||
136 | */ | ||
137 | |||
138 | #include <stdio.h> | ||
139 | #include <openssl/lhash.h> | ||
140 | #include <openssl/rand.h> | ||
141 | #ifndef OPENSSL_NO_ENGINE | ||
142 | #include <openssl/engine.h> | ||
143 | #endif | ||
144 | #include "ssl_locl.h" | ||
145 | |||
146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | ||
147 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | ||
148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); | ||
149 | |||
150 | SSL_SESSION *SSL_get_session(const SSL *ssl) | ||
151 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ | ||
152 | { | ||
153 | return(ssl->session); | ||
154 | } | ||
155 | |||
156 | SSL_SESSION *SSL_get1_session(SSL *ssl) | ||
157 | /* variant of SSL_get_session: caller really gets something */ | ||
158 | { | ||
159 | SSL_SESSION *sess; | ||
160 | /* Need to lock this all up rather than just use CRYPTO_add so that | ||
161 | * somebody doesn't free ssl->session between when we check it's | ||
162 | * non-null and when we up the reference count. */ | ||
163 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); | ||
164 | sess = ssl->session; | ||
165 | if(sess) | ||
166 | sess->references++; | ||
167 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); | ||
168 | return(sess); | ||
169 | } | ||
170 | |||
171 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
172 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
173 | { | ||
174 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, | ||
175 | new_func, dup_func, free_func); | ||
176 | } | ||
177 | |||
178 | int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | ||
179 | { | ||
180 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | ||
181 | } | ||
182 | |||
183 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) | ||
184 | { | ||
185 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | ||
186 | } | ||
187 | |||
188 | SSL_SESSION *SSL_SESSION_new(void) | ||
189 | { | ||
190 | SSL_SESSION *ss; | ||
191 | |||
192 | ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); | ||
193 | if (ss == NULL) | ||
194 | { | ||
195 | SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); | ||
196 | return(0); | ||
197 | } | ||
198 | memset(ss,0,sizeof(SSL_SESSION)); | ||
199 | |||
200 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | ||
201 | ss->references=1; | ||
202 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | ||
203 | ss->time=(unsigned long)time(NULL); | ||
204 | ss->prev=NULL; | ||
205 | ss->next=NULL; | ||
206 | ss->compress_meth=0; | ||
207 | #ifndef OPENSSL_NO_TLSEXT | ||
208 | ss->tlsext_hostname = NULL; | ||
209 | #ifndef OPENSSL_NO_EC | ||
210 | ss->tlsext_ecpointformatlist_length = 0; | ||
211 | ss->tlsext_ecpointformatlist = NULL; | ||
212 | ss->tlsext_ellipticcurvelist_length = 0; | ||
213 | ss->tlsext_ellipticcurvelist = NULL; | ||
214 | #endif | ||
215 | #endif | ||
216 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | ||
217 | #ifndef OPENSSL_NO_PSK | ||
218 | ss->psk_identity_hint=NULL; | ||
219 | ss->psk_identity=NULL; | ||
220 | #endif | ||
221 | return(ss); | ||
222 | } | ||
223 | |||
224 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | ||
225 | { | ||
226 | if(len) | ||
227 | *len = s->session_id_length; | ||
228 | return s->session_id; | ||
229 | } | ||
230 | |||
231 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 | ||
232 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly | ||
233 | * until we have no conflict is going to complete in one iteration pretty much | ||
234 | * "most" of the time (btw: understatement). So, if it takes us 10 iterations | ||
235 | * and we still can't avoid a conflict - well that's a reasonable point to call | ||
236 | * it quits. Either the RAND code is broken or someone is trying to open roughly | ||
237 | * very close to 2^128 (or 2^256) SSL sessions to our server. How you might | ||
238 | * store that many sessions is perhaps a more interesting question ... */ | ||
239 | |||
240 | #define MAX_SESS_ID_ATTEMPTS 10 | ||
241 | static int def_generate_session_id(const SSL *ssl, unsigned char *id, | ||
242 | unsigned int *id_len) | ||
243 | { | ||
244 | unsigned int retry = 0; | ||
245 | do | ||
246 | if (RAND_pseudo_bytes(id, *id_len) <= 0) | ||
247 | return 0; | ||
248 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | ||
249 | (++retry < MAX_SESS_ID_ATTEMPTS)); | ||
250 | if(retry < MAX_SESS_ID_ATTEMPTS) | ||
251 | return 1; | ||
252 | /* else - woops a session_id match */ | ||
253 | /* XXX We should also check the external cache -- | ||
254 | * but the probability of a collision is negligible, and | ||
255 | * we could not prevent the concurrent creation of sessions | ||
256 | * with identical IDs since we currently don't have means | ||
257 | * to atomically check whether a session ID already exists | ||
258 | * and make a reservation for it if it does not | ||
259 | * (this problem applies to the internal cache as well). | ||
260 | */ | ||
261 | return 0; | ||
262 | } | ||
263 | |||
264 | int ssl_get_new_session(SSL *s, int session) | ||
265 | { | ||
266 | /* This gets used by clients and servers. */ | ||
267 | |||
268 | unsigned int tmp; | ||
269 | SSL_SESSION *ss=NULL; | ||
270 | GEN_SESSION_CB cb = def_generate_session_id; | ||
271 | |||
272 | if ((ss=SSL_SESSION_new()) == NULL) return(0); | ||
273 | |||
274 | /* If the context has a default timeout, use it */ | ||
275 | if (s->session_ctx->session_timeout == 0) | ||
276 | ss->timeout=SSL_get_default_timeout(s); | ||
277 | else | ||
278 | ss->timeout=s->session_ctx->session_timeout; | ||
279 | |||
280 | if (s->session != NULL) | ||
281 | { | ||
282 | SSL_SESSION_free(s->session); | ||
283 | s->session=NULL; | ||
284 | } | ||
285 | |||
286 | if (session) | ||
287 | { | ||
288 | if (s->version == SSL2_VERSION) | ||
289 | { | ||
290 | ss->ssl_version=SSL2_VERSION; | ||
291 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; | ||
292 | } | ||
293 | else if (s->version == SSL3_VERSION) | ||
294 | { | ||
295 | ss->ssl_version=SSL3_VERSION; | ||
296 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
297 | } | ||
298 | else if (s->version == TLS1_VERSION) | ||
299 | { | ||
300 | ss->ssl_version=TLS1_VERSION; | ||
301 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
302 | } | ||
303 | else if (s->version == DTLS1_BAD_VER) | ||
304 | { | ||
305 | ss->ssl_version=DTLS1_BAD_VER; | ||
306 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
307 | } | ||
308 | else if (s->version == DTLS1_VERSION) | ||
309 | { | ||
310 | ss->ssl_version=DTLS1_VERSION; | ||
311 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
312 | } | ||
313 | else | ||
314 | { | ||
315 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); | ||
316 | SSL_SESSION_free(ss); | ||
317 | return(0); | ||
318 | } | ||
319 | #ifndef OPENSSL_NO_TLSEXT | ||
320 | /* If RFC4507 ticket use empty session ID */ | ||
321 | if (s->tlsext_ticket_expected) | ||
322 | { | ||
323 | ss->session_id_length = 0; | ||
324 | goto sess_id_done; | ||
325 | } | ||
326 | #endif | ||
327 | /* Choose which callback will set the session ID */ | ||
328 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
329 | if(s->generate_session_id) | ||
330 | cb = s->generate_session_id; | ||
331 | else if(s->session_ctx->generate_session_id) | ||
332 | cb = s->session_ctx->generate_session_id; | ||
333 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
334 | /* Choose a session ID */ | ||
335 | tmp = ss->session_id_length; | ||
336 | if(!cb(s, ss->session_id, &tmp)) | ||
337 | { | ||
338 | /* The callback failed */ | ||
339 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
340 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); | ||
341 | SSL_SESSION_free(ss); | ||
342 | return(0); | ||
343 | } | ||
344 | /* Don't allow the callback to set the session length to zero. | ||
345 | * nor set it higher than it was. */ | ||
346 | if(!tmp || (tmp > ss->session_id_length)) | ||
347 | { | ||
348 | /* The callback set an illegal length */ | ||
349 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
350 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); | ||
351 | SSL_SESSION_free(ss); | ||
352 | return(0); | ||
353 | } | ||
354 | /* If the session length was shrunk and we're SSLv2, pad it */ | ||
355 | if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) | ||
356 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); | ||
357 | else | ||
358 | ss->session_id_length = tmp; | ||
359 | /* Finally, check for a conflict */ | ||
360 | if(SSL_has_matching_session_id(s, ss->session_id, | ||
361 | ss->session_id_length)) | ||
362 | { | ||
363 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
364 | SSL_R_SSL_SESSION_ID_CONFLICT); | ||
365 | SSL_SESSION_free(ss); | ||
366 | return(0); | ||
367 | } | ||
368 | #ifndef OPENSSL_NO_TLSEXT | ||
369 | sess_id_done: | ||
370 | if (s->tlsext_hostname) { | ||
371 | ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); | ||
372 | if (ss->tlsext_hostname == NULL) { | ||
373 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | ||
374 | SSL_SESSION_free(ss); | ||
375 | return 0; | ||
376 | } | ||
377 | } | ||
378 | #ifndef OPENSSL_NO_EC | ||
379 | if (s->tlsext_ecpointformatlist) | ||
380 | { | ||
381 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | ||
382 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) | ||
383 | { | ||
384 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | ||
385 | SSL_SESSION_free(ss); | ||
386 | return 0; | ||
387 | } | ||
388 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; | ||
389 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | ||
390 | } | ||
391 | if (s->tlsext_ellipticcurvelist) | ||
392 | { | ||
393 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | ||
394 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) | ||
395 | { | ||
396 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | ||
397 | SSL_SESSION_free(ss); | ||
398 | return 0; | ||
399 | } | ||
400 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; | ||
401 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | ||
402 | } | ||
403 | #endif | ||
404 | #endif | ||
405 | } | ||
406 | else | ||
407 | { | ||
408 | ss->session_id_length=0; | ||
409 | } | ||
410 | |||
411 | if (s->sid_ctx_length > sizeof ss->sid_ctx) | ||
412 | { | ||
413 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | ||
414 | SSL_SESSION_free(ss); | ||
415 | return 0; | ||
416 | } | ||
417 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | ||
418 | ss->sid_ctx_length=s->sid_ctx_length; | ||
419 | s->session=ss; | ||
420 | ss->ssl_version=s->version; | ||
421 | ss->verify_result = X509_V_OK; | ||
422 | |||
423 | return(1); | ||
424 | } | ||
425 | |||
426 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | ||
427 | const unsigned char *limit) | ||
428 | { | ||
429 | /* This is used only by servers. */ | ||
430 | |||
431 | SSL_SESSION *ret=NULL; | ||
432 | int fatal = 0; | ||
433 | #ifndef OPENSSL_NO_TLSEXT | ||
434 | int r; | ||
435 | #endif | ||
436 | |||
437 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) | ||
438 | goto err; | ||
439 | #ifndef OPENSSL_NO_TLSEXT | ||
440 | r = tls1_process_ticket(s, session_id, len, limit, &ret); | ||
441 | if (r == -1) | ||
442 | { | ||
443 | fatal = 1; | ||
444 | goto err; | ||
445 | } | ||
446 | else if (r == 0 || (!ret && !len)) | ||
447 | goto err; | ||
448 | else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | ||
449 | #else | ||
450 | if (len == 0) | ||
451 | goto err; | ||
452 | if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | ||
453 | #endif | ||
454 | { | ||
455 | SSL_SESSION data; | ||
456 | data.ssl_version=s->version; | ||
457 | data.session_id_length=len; | ||
458 | if (len == 0) | ||
459 | return 0; | ||
460 | memcpy(data.session_id,session_id,len); | ||
461 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
462 | ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); | ||
463 | if (ret != NULL) | ||
464 | /* don't allow other threads to steal it: */ | ||
465 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
466 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
467 | } | ||
468 | |||
469 | if (ret == NULL) | ||
470 | { | ||
471 | int copy=1; | ||
472 | |||
473 | s->session_ctx->stats.sess_miss++; | ||
474 | ret=NULL; | ||
475 | if (s->session_ctx->get_session_cb != NULL | ||
476 | && (ret=s->session_ctx->get_session_cb(s,session_id,len,©)) | ||
477 | != NULL) | ||
478 | { | ||
479 | s->session_ctx->stats.sess_cb_hit++; | ||
480 | |||
481 | /* Increment reference count now if the session callback | ||
482 | * asks us to do so (note that if the session structures | ||
483 | * returned by the callback are shared between threads, | ||
484 | * it must handle the reference count itself [i.e. copy == 0], | ||
485 | * or things won't be thread-safe). */ | ||
486 | if (copy) | ||
487 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
488 | |||
489 | /* Add the externally cached session to the internal | ||
490 | * cache as well if and only if we are supposed to. */ | ||
491 | if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) | ||
492 | /* The following should not return 1, otherwise, | ||
493 | * things are very strange */ | ||
494 | SSL_CTX_add_session(s->session_ctx,ret); | ||
495 | } | ||
496 | if (ret == NULL) | ||
497 | goto err; | ||
498 | } | ||
499 | |||
500 | /* Now ret is non-NULL, and we own one of its reference counts. */ | ||
501 | |||
502 | if (ret->sid_ctx_length != s->sid_ctx_length | ||
503 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) | ||
504 | { | ||
505 | /* We've found the session named by the client, but we don't | ||
506 | * want to use it in this context. */ | ||
507 | |||
508 | #if 0 /* The client cannot always know when a session is not appropriate, | ||
509 | * so we shouldn't generate an error message. */ | ||
510 | |||
511 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
512 | #endif | ||
513 | goto err; /* treat like cache miss */ | ||
514 | } | ||
515 | |||
516 | if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) | ||
517 | { | ||
518 | /* We can't be sure if this session is being used out of | ||
519 | * context, which is especially important for SSL_VERIFY_PEER. | ||
520 | * The application should have used SSL[_CTX]_set_session_id_context. | ||
521 | * | ||
522 | * For this error case, we generate an error instead of treating | ||
523 | * the event like a cache miss (otherwise it would be easy for | ||
524 | * applications to effectively disable the session cache by | ||
525 | * accident without anyone noticing). | ||
526 | */ | ||
527 | |||
528 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
529 | fatal = 1; | ||
530 | goto err; | ||
531 | } | ||
532 | |||
533 | if (ret->cipher == NULL) | ||
534 | { | ||
535 | unsigned char buf[5],*p; | ||
536 | unsigned long l; | ||
537 | |||
538 | p=buf; | ||
539 | l=ret->cipher_id; | ||
540 | l2n(l,p); | ||
541 | if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) | ||
542 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); | ||
543 | else | ||
544 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); | ||
545 | if (ret->cipher == NULL) | ||
546 | goto err; | ||
547 | } | ||
548 | |||
549 | |||
550 | #if 0 /* This is way too late. */ | ||
551 | |||
552 | /* If a thread got the session, then 'swaped', and another got | ||
553 | * it and then due to a time-out decided to 'OPENSSL_free' it we could | ||
554 | * be in trouble. So I'll increment it now, then double decrement | ||
555 | * later - am I speaking rubbish?. */ | ||
556 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
557 | #endif | ||
558 | |||
559 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | ||
560 | { | ||
561 | s->session_ctx->stats.sess_timeout++; | ||
562 | /* remove it from the cache */ | ||
563 | SSL_CTX_remove_session(s->session_ctx,ret); | ||
564 | goto err; | ||
565 | } | ||
566 | |||
567 | s->session_ctx->stats.sess_hit++; | ||
568 | |||
569 | /* ret->time=time(NULL); */ /* rezero timeout? */ | ||
570 | /* again, just leave the session | ||
571 | * if it is the same session, we have just incremented and | ||
572 | * then decremented the reference count :-) */ | ||
573 | if (s->session != NULL) | ||
574 | SSL_SESSION_free(s->session); | ||
575 | s->session=ret; | ||
576 | s->verify_result = s->session->verify_result; | ||
577 | return(1); | ||
578 | |||
579 | err: | ||
580 | if (ret != NULL) | ||
581 | SSL_SESSION_free(ret); | ||
582 | if (fatal) | ||
583 | return -1; | ||
584 | else | ||
585 | return 0; | ||
586 | } | ||
587 | |||
588 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
589 | { | ||
590 | int ret=0; | ||
591 | SSL_SESSION *s; | ||
592 | |||
593 | /* add just 1 reference count for the SSL_CTX's session cache | ||
594 | * even though it has two ways of access: each session is in a | ||
595 | * doubly linked list and an lhash */ | ||
596 | CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
597 | /* if session c is in already in cache, we take back the increment later */ | ||
598 | |||
599 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
600 | s=lh_SSL_SESSION_insert(ctx->sessions,c); | ||
601 | |||
602 | /* s != NULL iff we already had a session with the given PID. | ||
603 | * In this case, s == c should hold (then we did not really modify | ||
604 | * ctx->sessions), or we're in trouble. */ | ||
605 | if (s != NULL && s != c) | ||
606 | { | ||
607 | /* We *are* in trouble ... */ | ||
608 | SSL_SESSION_list_remove(ctx,s); | ||
609 | SSL_SESSION_free(s); | ||
610 | /* ... so pretend the other session did not exist in cache | ||
611 | * (we cannot handle two SSL_SESSION structures with identical | ||
612 | * session ID in the same cache, which could happen e.g. when | ||
613 | * two threads concurrently obtain the same session from an external | ||
614 | * cache) */ | ||
615 | s = NULL; | ||
616 | } | ||
617 | |||
618 | /* Put at the head of the queue unless it is already in the cache */ | ||
619 | if (s == NULL) | ||
620 | SSL_SESSION_list_add(ctx,c); | ||
621 | |||
622 | if (s != NULL) | ||
623 | { | ||
624 | /* existing cache entry -- decrement previously incremented reference | ||
625 | * count because it already takes into account the cache */ | ||
626 | |||
627 | SSL_SESSION_free(s); /* s == c */ | ||
628 | ret=0; | ||
629 | } | ||
630 | else | ||
631 | { | ||
632 | /* new cache entry -- remove old ones if cache has become too large */ | ||
633 | |||
634 | ret=1; | ||
635 | |||
636 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) | ||
637 | { | ||
638 | while (SSL_CTX_sess_number(ctx) > | ||
639 | SSL_CTX_sess_get_cache_size(ctx)) | ||
640 | { | ||
641 | if (!remove_session_lock(ctx, | ||
642 | ctx->session_cache_tail, 0)) | ||
643 | break; | ||
644 | else | ||
645 | ctx->stats.sess_cache_full++; | ||
646 | } | ||
647 | } | ||
648 | } | ||
649 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
650 | return(ret); | ||
651 | } | ||
652 | |||
653 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
654 | { | ||
655 | return remove_session_lock(ctx, c, 1); | ||
656 | } | ||
657 | |||
658 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | ||
659 | { | ||
660 | SSL_SESSION *r; | ||
661 | int ret=0; | ||
662 | |||
663 | if ((c != NULL) && (c->session_id_length != 0)) | ||
664 | { | ||
665 | if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
666 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) | ||
667 | { | ||
668 | ret=1; | ||
669 | r=lh_SSL_SESSION_delete(ctx->sessions,c); | ||
670 | SSL_SESSION_list_remove(ctx,c); | ||
671 | } | ||
672 | |||
673 | if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
674 | |||
675 | if (ret) | ||
676 | { | ||
677 | r->not_resumable=1; | ||
678 | if (ctx->remove_session_cb != NULL) | ||
679 | ctx->remove_session_cb(ctx,r); | ||
680 | SSL_SESSION_free(r); | ||
681 | } | ||
682 | } | ||
683 | else | ||
684 | ret=0; | ||
685 | return(ret); | ||
686 | } | ||
687 | |||
688 | void SSL_SESSION_free(SSL_SESSION *ss) | ||
689 | { | ||
690 | int i; | ||
691 | |||
692 | if(ss == NULL) | ||
693 | return; | ||
694 | |||
695 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); | ||
696 | #ifdef REF_PRINT | ||
697 | REF_PRINT("SSL_SESSION",ss); | ||
698 | #endif | ||
699 | if (i > 0) return; | ||
700 | #ifdef REF_CHECK | ||
701 | if (i < 0) | ||
702 | { | ||
703 | fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); | ||
704 | abort(); /* ok */ | ||
705 | } | ||
706 | #endif | ||
707 | |||
708 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | ||
709 | |||
710 | OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); | ||
711 | OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | ||
712 | OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | ||
713 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | ||
714 | if (ss->peer != NULL) X509_free(ss->peer); | ||
715 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); | ||
716 | #ifndef OPENSSL_NO_TLSEXT | ||
717 | if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); | ||
718 | if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); | ||
719 | #ifndef OPENSSL_NO_EC | ||
720 | ss->tlsext_ecpointformatlist_length = 0; | ||
721 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | ||
722 | ss->tlsext_ellipticcurvelist_length = 0; | ||
723 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | ||
724 | #endif /* OPENSSL_NO_EC */ | ||
725 | #endif | ||
726 | #ifndef OPENSSL_NO_PSK | ||
727 | if (ss->psk_identity_hint != NULL) | ||
728 | OPENSSL_free(ss->psk_identity_hint); | ||
729 | if (ss->psk_identity != NULL) | ||
730 | OPENSSL_free(ss->psk_identity); | ||
731 | #endif | ||
732 | OPENSSL_cleanse(ss,sizeof(*ss)); | ||
733 | OPENSSL_free(ss); | ||
734 | } | ||
735 | |||
736 | int SSL_set_session(SSL *s, SSL_SESSION *session) | ||
737 | { | ||
738 | int ret=0; | ||
739 | const SSL_METHOD *meth; | ||
740 | |||
741 | if (session != NULL) | ||
742 | { | ||
743 | meth=s->ctx->method->get_ssl_method(session->ssl_version); | ||
744 | if (meth == NULL) | ||
745 | meth=s->method->get_ssl_method(session->ssl_version); | ||
746 | if (meth == NULL) | ||
747 | { | ||
748 | SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); | ||
749 | return(0); | ||
750 | } | ||
751 | |||
752 | if (meth != s->method) | ||
753 | { | ||
754 | if (!SSL_set_ssl_method(s,meth)) | ||
755 | return(0); | ||
756 | if (s->ctx->session_timeout == 0) | ||
757 | session->timeout=SSL_get_default_timeout(s); | ||
758 | else | ||
759 | session->timeout=s->ctx->session_timeout; | ||
760 | } | ||
761 | |||
762 | #ifndef OPENSSL_NO_KRB5 | ||
763 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | ||
764 | session->krb5_client_princ_len > 0) | ||
765 | { | ||
766 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); | ||
767 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | ||
768 | session->krb5_client_princ_len); | ||
769 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | ||
770 | } | ||
771 | #endif /* OPENSSL_NO_KRB5 */ | ||
772 | |||
773 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | ||
774 | CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
775 | if (s->session != NULL) | ||
776 | SSL_SESSION_free(s->session); | ||
777 | s->session=session; | ||
778 | s->verify_result = s->session->verify_result; | ||
779 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | ||
780 | ret=1; | ||
781 | } | ||
782 | else | ||
783 | { | ||
784 | if (s->session != NULL) | ||
785 | { | ||
786 | SSL_SESSION_free(s->session); | ||
787 | s->session=NULL; | ||
788 | } | ||
789 | |||
790 | meth=s->ctx->method; | ||
791 | if (meth != s->method) | ||
792 | { | ||
793 | if (!SSL_set_ssl_method(s,meth)) | ||
794 | return(0); | ||
795 | } | ||
796 | ret=1; | ||
797 | } | ||
798 | return(ret); | ||
799 | } | ||
800 | |||
801 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) | ||
802 | { | ||
803 | if (s == NULL) return(0); | ||
804 | s->timeout=t; | ||
805 | return(1); | ||
806 | } | ||
807 | |||
808 | long SSL_SESSION_get_timeout(const SSL_SESSION *s) | ||
809 | { | ||
810 | if (s == NULL) return(0); | ||
811 | return(s->timeout); | ||
812 | } | ||
813 | |||
814 | long SSL_SESSION_get_time(const SSL_SESSION *s) | ||
815 | { | ||
816 | if (s == NULL) return(0); | ||
817 | return(s->time); | ||
818 | } | ||
819 | |||
820 | long SSL_SESSION_set_time(SSL_SESSION *s, long t) | ||
821 | { | ||
822 | if (s == NULL) return(0); | ||
823 | s->time=t; | ||
824 | return(t); | ||
825 | } | ||
826 | |||
827 | long SSL_CTX_set_timeout(SSL_CTX *s, long t) | ||
828 | { | ||
829 | long l; | ||
830 | if (s == NULL) return(0); | ||
831 | l=s->session_timeout; | ||
832 | s->session_timeout=t; | ||
833 | return(l); | ||
834 | } | ||
835 | |||
836 | long SSL_CTX_get_timeout(const SSL_CTX *s) | ||
837 | { | ||
838 | if (s == NULL) return(0); | ||
839 | return(s->session_timeout); | ||
840 | } | ||
841 | |||
842 | #ifndef OPENSSL_NO_TLSEXT | ||
843 | int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, | ||
844 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) | ||
845 | { | ||
846 | if (s == NULL) return(0); | ||
847 | s->tls_session_secret_cb = tls_session_secret_cb; | ||
848 | s->tls_session_secret_cb_arg = arg; | ||
849 | return(1); | ||
850 | } | ||
851 | |||
852 | int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | ||
853 | void *arg) | ||
854 | { | ||
855 | if (s == NULL) return(0); | ||
856 | s->tls_session_ticket_ext_cb = cb; | ||
857 | s->tls_session_ticket_ext_cb_arg = arg; | ||
858 | return(1); | ||
859 | } | ||
860 | |||
861 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) | ||
862 | { | ||
863 | if (s->version >= TLS1_VERSION) | ||
864 | { | ||
865 | if (s->tlsext_session_ticket) | ||
866 | { | ||
867 | OPENSSL_free(s->tlsext_session_ticket); | ||
868 | s->tlsext_session_ticket = NULL; | ||
869 | } | ||
870 | |||
871 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); | ||
872 | if (!s->tlsext_session_ticket) | ||
873 | { | ||
874 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); | ||
875 | return 0; | ||
876 | } | ||
877 | |||
878 | if (ext_data) | ||
879 | { | ||
880 | s->tlsext_session_ticket->length = ext_len; | ||
881 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; | ||
882 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); | ||
883 | } | ||
884 | else | ||
885 | { | ||
886 | s->tlsext_session_ticket->length = 0; | ||
887 | s->tlsext_session_ticket->data = NULL; | ||
888 | } | ||
889 | |||
890 | return 1; | ||
891 | } | ||
892 | |||
893 | return 0; | ||
894 | } | ||
895 | #endif /* OPENSSL_NO_TLSEXT */ | ||
896 | |||
897 | typedef struct timeout_param_st | ||
898 | { | ||
899 | SSL_CTX *ctx; | ||
900 | long time; | ||
901 | LHASH_OF(SSL_SESSION) *cache; | ||
902 | } TIMEOUT_PARAM; | ||
903 | |||
904 | static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | ||
905 | { | ||
906 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | ||
907 | { | ||
908 | /* The reason we don't call SSL_CTX_remove_session() is to | ||
909 | * save on locking overhead */ | ||
910 | (void)lh_SSL_SESSION_delete(p->cache,s); | ||
911 | SSL_SESSION_list_remove(p->ctx,s); | ||
912 | s->not_resumable=1; | ||
913 | if (p->ctx->remove_session_cb != NULL) | ||
914 | p->ctx->remove_session_cb(p->ctx,s); | ||
915 | SSL_SESSION_free(s); | ||
916 | } | ||
917 | } | ||
918 | |||
919 | static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | ||
920 | |||
921 | void SSL_CTX_flush_sessions(SSL_CTX *s, long t) | ||
922 | { | ||
923 | unsigned long i; | ||
924 | TIMEOUT_PARAM tp; | ||
925 | |||
926 | tp.ctx=s; | ||
927 | tp.cache=s->sessions; | ||
928 | if (tp.cache == NULL) return; | ||
929 | tp.time=t; | ||
930 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
931 | i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | ||
932 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; | ||
933 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | ||
934 | TIMEOUT_PARAM, &tp); | ||
935 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; | ||
936 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
937 | } | ||
938 | |||
939 | int ssl_clear_bad_session(SSL *s) | ||
940 | { | ||
941 | if ( (s->session != NULL) && | ||
942 | !(s->shutdown & SSL_SENT_SHUTDOWN) && | ||
943 | !(SSL_in_init(s) || SSL_in_before(s))) | ||
944 | { | ||
945 | SSL_CTX_remove_session(s->ctx,s->session); | ||
946 | return(1); | ||
947 | } | ||
948 | else | ||
949 | return(0); | ||
950 | } | ||
951 | |||
952 | /* locked by SSL_CTX in the calling function */ | ||
953 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) | ||
954 | { | ||
955 | if ((s->next == NULL) || (s->prev == NULL)) return; | ||
956 | |||
957 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) | ||
958 | { /* last element in list */ | ||
959 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | ||
960 | { /* only one element in list */ | ||
961 | ctx->session_cache_head=NULL; | ||
962 | ctx->session_cache_tail=NULL; | ||
963 | } | ||
964 | else | ||
965 | { | ||
966 | ctx->session_cache_tail=s->prev; | ||
967 | s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); | ||
968 | } | ||
969 | } | ||
970 | else | ||
971 | { | ||
972 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | ||
973 | { /* first element in list */ | ||
974 | ctx->session_cache_head=s->next; | ||
975 | s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); | ||
976 | } | ||
977 | else | ||
978 | { /* middle of list */ | ||
979 | s->next->prev=s->prev; | ||
980 | s->prev->next=s->next; | ||
981 | } | ||
982 | } | ||
983 | s->prev=s->next=NULL; | ||
984 | } | ||
985 | |||
986 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | ||
987 | { | ||
988 | if ((s->next != NULL) && (s->prev != NULL)) | ||
989 | SSL_SESSION_list_remove(ctx,s); | ||
990 | |||
991 | if (ctx->session_cache_head == NULL) | ||
992 | { | ||
993 | ctx->session_cache_head=s; | ||
994 | ctx->session_cache_tail=s; | ||
995 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | ||
996 | s->next=(SSL_SESSION *)&(ctx->session_cache_tail); | ||
997 | } | ||
998 | else | ||
999 | { | ||
1000 | s->next=ctx->session_cache_head; | ||
1001 | s->next->prev=s; | ||
1002 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | ||
1003 | ctx->session_cache_head=s; | ||
1004 | } | ||
1005 | } | ||
1006 | |||
1007 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | ||
1008 | int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) | ||
1009 | { | ||
1010 | ctx->new_session_cb=cb; | ||
1011 | } | ||
1012 | |||
1013 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | ||
1014 | { | ||
1015 | return ctx->new_session_cb; | ||
1016 | } | ||
1017 | |||
1018 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | ||
1019 | void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) | ||
1020 | { | ||
1021 | ctx->remove_session_cb=cb; | ||
1022 | } | ||
1023 | |||
1024 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) | ||
1025 | { | ||
1026 | return ctx->remove_session_cb; | ||
1027 | } | ||
1028 | |||
1029 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | ||
1030 | SSL_SESSION *(*cb)(struct ssl_st *ssl, | ||
1031 | unsigned char *data,int len,int *copy)) | ||
1032 | { | ||
1033 | ctx->get_session_cb=cb; | ||
1034 | } | ||
1035 | |||
1036 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, | ||
1037 | unsigned char *data,int len,int *copy) | ||
1038 | { | ||
1039 | return ctx->get_session_cb; | ||
1040 | } | ||
1041 | |||
1042 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, | ||
1043 | void (*cb)(const SSL *ssl,int type,int val)) | ||
1044 | { | ||
1045 | ctx->info_callback=cb; | ||
1046 | } | ||
1047 | |||
1048 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) | ||
1049 | { | ||
1050 | return ctx->info_callback; | ||
1051 | } | ||
1052 | |||
1053 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | ||
1054 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | ||
1055 | { | ||
1056 | ctx->client_cert_cb=cb; | ||
1057 | } | ||
1058 | |||
1059 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) | ||
1060 | { | ||
1061 | return ctx->client_cert_cb; | ||
1062 | } | ||
1063 | |||
1064 | #ifndef OPENSSL_NO_ENGINE | ||
1065 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | ||
1066 | { | ||
1067 | if (!ENGINE_init(e)) | ||
1068 | { | ||
1069 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); | ||
1070 | return 0; | ||
1071 | } | ||
1072 | if(!ENGINE_get_ssl_client_cert_function(e)) | ||
1073 | { | ||
1074 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); | ||
1075 | ENGINE_finish(e); | ||
1076 | return 0; | ||
1077 | } | ||
1078 | ctx->client_cert_engine = e; | ||
1079 | return 1; | ||
1080 | } | ||
1081 | #endif | ||
1082 | |||
1083 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | ||
1084 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | ||
1085 | { | ||
1086 | ctx->app_gen_cookie_cb=cb; | ||
1087 | } | ||
1088 | |||
1089 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | ||
1090 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | ||
1091 | { | ||
1092 | ctx->app_verify_cookie_cb=cb; | ||
1093 | } | ||
1094 | |||
1095 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) | ||
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c deleted file mode 100644 index 144b81e55f..0000000000 --- a/src/lib/libssl/ssl_stat.c +++ /dev/null | |||
@@ -1,567 +0,0 @@ | |||
1 | /* ssl/ssl_stat.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright 2005 Nokia. All rights reserved. | ||
60 | * | ||
61 | * The portions of the attached software ("Contribution") is developed by | ||
62 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
63 | * license. | ||
64 | * | ||
65 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
66 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
67 | * support (see RFC 4279) to OpenSSL. | ||
68 | * | ||
69 | * No patent licenses or other rights except those expressly stated in | ||
70 | * the OpenSSL open source license shall be deemed granted or received | ||
71 | * expressly, by implication, estoppel, or otherwise. | ||
72 | * | ||
73 | * No assurances are provided by Nokia that the Contribution does not | ||
74 | * infringe the patent or other intellectual property rights of any third | ||
75 | * party or that the license provides you with all the necessary rights | ||
76 | * to make use of the Contribution. | ||
77 | * | ||
78 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
79 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
80 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
81 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
82 | * OTHERWISE. | ||
83 | */ | ||
84 | |||
85 | #include <stdio.h> | ||
86 | #include "ssl_locl.h" | ||
87 | |||
88 | const char *SSL_state_string_long(const SSL *s) | ||
89 | { | ||
90 | const char *str; | ||
91 | |||
92 | switch (s->state) | ||
93 | { | ||
94 | case SSL_ST_BEFORE: str="before SSL initialization"; break; | ||
95 | case SSL_ST_ACCEPT: str="before accept initialization"; break; | ||
96 | case SSL_ST_CONNECT: str="before connect initialization"; break; | ||
97 | case SSL_ST_OK: str="SSL negotiation finished successfully"; break; | ||
98 | case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; | ||
99 | case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; | ||
100 | case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; | ||
101 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; | ||
102 | case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; | ||
103 | #ifndef OPENSSL_NO_SSL2 | ||
104 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; | ||
105 | case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; | ||
106 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; | ||
107 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; | ||
108 | case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; | ||
109 | case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; | ||
110 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; | ||
111 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; | ||
112 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; | ||
113 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; | ||
114 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; | ||
115 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; | ||
116 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; | ||
117 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; | ||
118 | case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; | ||
119 | case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; | ||
120 | case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; | ||
121 | case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; | ||
122 | case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; | ||
123 | case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; | ||
124 | case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; | ||
125 | case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; | ||
126 | case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; | ||
127 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; | ||
128 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; | ||
129 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; | ||
130 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; | ||
131 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; | ||
132 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; | ||
133 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; | ||
134 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; | ||
135 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; | ||
136 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; | ||
137 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; | ||
138 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; | ||
139 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; | ||
140 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; | ||
141 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; | ||
142 | #endif | ||
143 | |||
144 | #ifndef OPENSSL_NO_SSL3 | ||
145 | /* SSLv3 additions */ | ||
146 | case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; | ||
147 | case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; | ||
148 | case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; | ||
149 | case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; | ||
150 | case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; | ||
151 | case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; | ||
152 | case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; | ||
153 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; | ||
154 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; | ||
155 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; | ||
156 | case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; | ||
157 | case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; | ||
158 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | ||
159 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | ||
160 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | ||
161 | case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; | ||
162 | case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; | ||
163 | case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; | ||
164 | case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; | ||
165 | case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; | ||
166 | case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; | ||
167 | case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; | ||
168 | |||
169 | case SSL3_ST_CW_CHANGE_A: | ||
170 | case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; | ||
171 | case SSL3_ST_CW_CHANGE_B: | ||
172 | case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; | ||
173 | case SSL3_ST_CW_FINISHED_A: | ||
174 | case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; | ||
175 | case SSL3_ST_CW_FINISHED_B: | ||
176 | case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; | ||
177 | case SSL3_ST_CR_CHANGE_A: | ||
178 | case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; | ||
179 | case SSL3_ST_CR_CHANGE_B: | ||
180 | case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; | ||
181 | case SSL3_ST_CR_FINISHED_A: | ||
182 | case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; | ||
183 | case SSL3_ST_CR_FINISHED_B: | ||
184 | case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; | ||
185 | |||
186 | case SSL3_ST_CW_FLUSH: | ||
187 | case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; | ||
188 | |||
189 | case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; | ||
190 | case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; | ||
191 | case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; | ||
192 | case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; | ||
193 | case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; | ||
194 | case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; | ||
195 | case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; | ||
196 | case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; | ||
197 | case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; | ||
198 | case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; | ||
199 | case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; | ||
200 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; | ||
201 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; | ||
202 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; | ||
203 | case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; | ||
204 | case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; | ||
205 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; | ||
206 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; | ||
207 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; | ||
208 | case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; | ||
209 | case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; | ||
210 | case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; | ||
211 | case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; | ||
212 | case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; | ||
213 | #endif | ||
214 | |||
215 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | ||
216 | /* SSLv2/v3 compatibility states */ | ||
217 | /* client */ | ||
218 | case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; | ||
219 | case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; | ||
220 | case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; | ||
221 | case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; | ||
222 | /* server */ | ||
223 | case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; | ||
224 | case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; | ||
225 | #endif | ||
226 | |||
227 | /* DTLS */ | ||
228 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; | ||
229 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; | ||
230 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; | ||
231 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; | ||
232 | |||
233 | default: str="unknown state"; break; | ||
234 | } | ||
235 | return(str); | ||
236 | } | ||
237 | |||
238 | const char *SSL_rstate_string_long(const SSL *s) | ||
239 | { | ||
240 | const char *str; | ||
241 | |||
242 | switch (s->rstate) | ||
243 | { | ||
244 | case SSL_ST_READ_HEADER: str="read header"; break; | ||
245 | case SSL_ST_READ_BODY: str="read body"; break; | ||
246 | case SSL_ST_READ_DONE: str="read done"; break; | ||
247 | default: str="unknown"; break; | ||
248 | } | ||
249 | return(str); | ||
250 | } | ||
251 | |||
252 | const char *SSL_state_string(const SSL *s) | ||
253 | { | ||
254 | const char *str; | ||
255 | |||
256 | switch (s->state) | ||
257 | { | ||
258 | case SSL_ST_BEFORE: str="PINIT "; break; | ||
259 | case SSL_ST_ACCEPT: str="AINIT "; break; | ||
260 | case SSL_ST_CONNECT: str="CINIT "; break; | ||
261 | case SSL_ST_OK: str="SSLOK "; break; | ||
262 | #ifndef OPENSSL_NO_SSL2 | ||
263 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; | ||
264 | case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; | ||
265 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; | ||
266 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; | ||
267 | case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; | ||
268 | case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; | ||
269 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; | ||
270 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; | ||
271 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; | ||
272 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; | ||
273 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; | ||
274 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; | ||
275 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; | ||
276 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; | ||
277 | case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; | ||
278 | case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; | ||
279 | case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; | ||
280 | case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; | ||
281 | case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; | ||
282 | case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; | ||
283 | case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; | ||
284 | case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; | ||
285 | case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; | ||
286 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; | ||
287 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; | ||
288 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; | ||
289 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; | ||
290 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; | ||
291 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; | ||
292 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; | ||
293 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; | ||
294 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; | ||
295 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; | ||
296 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; | ||
297 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; | ||
298 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; | ||
299 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; | ||
300 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; | ||
301 | #endif | ||
302 | |||
303 | #ifndef OPENSSL_NO_SSL3 | ||
304 | /* SSLv3 additions */ | ||
305 | case SSL3_ST_SW_FLUSH: | ||
306 | case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; | ||
307 | case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; | ||
308 | case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; | ||
309 | case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; | ||
310 | case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; | ||
311 | case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; | ||
312 | case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; | ||
313 | case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; | ||
314 | case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; | ||
315 | case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; | ||
316 | case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; | ||
317 | case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; | ||
318 | case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; | ||
319 | case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; | ||
320 | case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; | ||
321 | case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; | ||
322 | case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; | ||
323 | case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; | ||
324 | case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; | ||
325 | case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; | ||
326 | case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; | ||
327 | |||
328 | case SSL3_ST_SW_CHANGE_A: | ||
329 | case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; | ||
330 | case SSL3_ST_SW_CHANGE_B: | ||
331 | case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; | ||
332 | case SSL3_ST_SW_FINISHED_A: | ||
333 | case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; | ||
334 | case SSL3_ST_SW_FINISHED_B: | ||
335 | case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; | ||
336 | case SSL3_ST_SR_CHANGE_A: | ||
337 | case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; | ||
338 | case SSL3_ST_SR_CHANGE_B: | ||
339 | case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; | ||
340 | case SSL3_ST_SR_FINISHED_A: | ||
341 | case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; | ||
342 | case SSL3_ST_SR_FINISHED_B: | ||
343 | case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; | ||
344 | |||
345 | case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; | ||
346 | case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; | ||
347 | case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; | ||
348 | case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; | ||
349 | case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; | ||
350 | case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; | ||
351 | case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; | ||
352 | case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; | ||
353 | case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; | ||
354 | case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; | ||
355 | case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; | ||
356 | case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; | ||
357 | case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; | ||
358 | case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; | ||
359 | case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; | ||
360 | case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; | ||
361 | case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; | ||
362 | case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; | ||
363 | case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; | ||
364 | case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; | ||
365 | case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; | ||
366 | case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; | ||
367 | #endif | ||
368 | |||
369 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | ||
370 | /* SSLv2/v3 compatibility states */ | ||
371 | /* client */ | ||
372 | case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; | ||
373 | case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; | ||
374 | case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; | ||
375 | case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; | ||
376 | /* server */ | ||
377 | case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; | ||
378 | case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; | ||
379 | #endif | ||
380 | /* DTLS */ | ||
381 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; | ||
382 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; | ||
383 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; | ||
384 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; | ||
385 | |||
386 | default: str="UNKWN "; break; | ||
387 | } | ||
388 | return(str); | ||
389 | } | ||
390 | |||
391 | const char *SSL_alert_type_string_long(int value) | ||
392 | { | ||
393 | value>>=8; | ||
394 | if (value == SSL3_AL_WARNING) | ||
395 | return("warning"); | ||
396 | else if (value == SSL3_AL_FATAL) | ||
397 | return("fatal"); | ||
398 | else | ||
399 | return("unknown"); | ||
400 | } | ||
401 | |||
402 | const char *SSL_alert_type_string(int value) | ||
403 | { | ||
404 | value>>=8; | ||
405 | if (value == SSL3_AL_WARNING) | ||
406 | return("W"); | ||
407 | else if (value == SSL3_AL_FATAL) | ||
408 | return("F"); | ||
409 | else | ||
410 | return("U"); | ||
411 | } | ||
412 | |||
413 | const char *SSL_alert_desc_string(int value) | ||
414 | { | ||
415 | const char *str; | ||
416 | |||
417 | switch (value & 0xff) | ||
418 | { | ||
419 | case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; | ||
420 | case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; | ||
421 | case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; | ||
422 | case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; | ||
423 | case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; | ||
424 | case SSL3_AD_NO_CERTIFICATE: str="NC"; break; | ||
425 | case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; | ||
426 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; | ||
427 | case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; | ||
428 | case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; | ||
429 | case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; | ||
430 | case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; | ||
431 | case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; | ||
432 | case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; | ||
433 | case TLS1_AD_UNKNOWN_CA: str="CA"; break; | ||
434 | case TLS1_AD_ACCESS_DENIED: str="AD"; break; | ||
435 | case TLS1_AD_DECODE_ERROR: str="DE"; break; | ||
436 | case TLS1_AD_DECRYPT_ERROR: str="CY"; break; | ||
437 | case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; | ||
438 | case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; | ||
439 | case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; | ||
440 | case TLS1_AD_INTERNAL_ERROR: str="IE"; break; | ||
441 | case TLS1_AD_USER_CANCELLED: str="US"; break; | ||
442 | case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; | ||
443 | case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; | ||
444 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; | ||
445 | case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; | ||
446 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; | ||
447 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; | ||
448 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; | ||
449 | default: str="UK"; break; | ||
450 | } | ||
451 | return(str); | ||
452 | } | ||
453 | |||
454 | const char *SSL_alert_desc_string_long(int value) | ||
455 | { | ||
456 | const char *str; | ||
457 | |||
458 | switch (value & 0xff) | ||
459 | { | ||
460 | case SSL3_AD_CLOSE_NOTIFY: | ||
461 | str="close notify"; | ||
462 | break; | ||
463 | case SSL3_AD_UNEXPECTED_MESSAGE: | ||
464 | str="unexpected_message"; | ||
465 | break; | ||
466 | case SSL3_AD_BAD_RECORD_MAC: | ||
467 | str="bad record mac"; | ||
468 | break; | ||
469 | case SSL3_AD_DECOMPRESSION_FAILURE: | ||
470 | str="decompression failure"; | ||
471 | break; | ||
472 | case SSL3_AD_HANDSHAKE_FAILURE: | ||
473 | str="handshake failure"; | ||
474 | break; | ||
475 | case SSL3_AD_NO_CERTIFICATE: | ||
476 | str="no certificate"; | ||
477 | break; | ||
478 | case SSL3_AD_BAD_CERTIFICATE: | ||
479 | str="bad certificate"; | ||
480 | break; | ||
481 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: | ||
482 | str="unsupported certificate"; | ||
483 | break; | ||
484 | case SSL3_AD_CERTIFICATE_REVOKED: | ||
485 | str="certificate revoked"; | ||
486 | break; | ||
487 | case SSL3_AD_CERTIFICATE_EXPIRED: | ||
488 | str="certificate expired"; | ||
489 | break; | ||
490 | case SSL3_AD_CERTIFICATE_UNKNOWN: | ||
491 | str="certificate unknown"; | ||
492 | break; | ||
493 | case SSL3_AD_ILLEGAL_PARAMETER: | ||
494 | str="illegal parameter"; | ||
495 | break; | ||
496 | case TLS1_AD_DECRYPTION_FAILED: | ||
497 | str="decryption failed"; | ||
498 | break; | ||
499 | case TLS1_AD_RECORD_OVERFLOW: | ||
500 | str="record overflow"; | ||
501 | break; | ||
502 | case TLS1_AD_UNKNOWN_CA: | ||
503 | str="unknown CA"; | ||
504 | break; | ||
505 | case TLS1_AD_ACCESS_DENIED: | ||
506 | str="access denied"; | ||
507 | break; | ||
508 | case TLS1_AD_DECODE_ERROR: | ||
509 | str="decode error"; | ||
510 | break; | ||
511 | case TLS1_AD_DECRYPT_ERROR: | ||
512 | str="decrypt error"; | ||
513 | break; | ||
514 | case TLS1_AD_EXPORT_RESTRICTION: | ||
515 | str="export restriction"; | ||
516 | break; | ||
517 | case TLS1_AD_PROTOCOL_VERSION: | ||
518 | str="protocol version"; | ||
519 | break; | ||
520 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
521 | str="insufficient security"; | ||
522 | break; | ||
523 | case TLS1_AD_INTERNAL_ERROR: | ||
524 | str="internal error"; | ||
525 | break; | ||
526 | case TLS1_AD_USER_CANCELLED: | ||
527 | str="user canceled"; | ||
528 | break; | ||
529 | case TLS1_AD_NO_RENEGOTIATION: | ||
530 | str="no renegotiation"; | ||
531 | break; | ||
532 | case TLS1_AD_UNSUPPORTED_EXTENSION: | ||
533 | str="unsupported extension"; | ||
534 | break; | ||
535 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: | ||
536 | str="certificate unobtainable"; | ||
537 | break; | ||
538 | case TLS1_AD_UNRECOGNIZED_NAME: | ||
539 | str="unrecognized name"; | ||
540 | break; | ||
541 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
542 | str="bad certificate status response"; | ||
543 | break; | ||
544 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
545 | str="bad certificate hash value"; | ||
546 | break; | ||
547 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | ||
548 | str="unknown PSK identity"; | ||
549 | break; | ||
550 | default: str="unknown"; break; | ||
551 | } | ||
552 | return(str); | ||
553 | } | ||
554 | |||
555 | const char *SSL_rstate_string(const SSL *s) | ||
556 | { | ||
557 | const char *str; | ||
558 | |||
559 | switch (s->rstate) | ||
560 | { | ||
561 | case SSL_ST_READ_HEADER:str="RH"; break; | ||
562 | case SSL_ST_READ_BODY: str="RB"; break; | ||
563 | case SSL_ST_READ_DONE: str="RD"; break; | ||
564 | default: str="unknown"; break; | ||
565 | } | ||
566 | return(str); | ||
567 | } | ||
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c deleted file mode 100644 index 3122440e26..0000000000 --- a/src/lib/libssl/ssl_txt.c +++ /dev/null | |||
@@ -1,240 +0,0 @@ | |||
1 | /* ssl/ssl_txt.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright 2005 Nokia. All rights reserved. | ||
60 | * | ||
61 | * The portions of the attached software ("Contribution") is developed by | ||
62 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
63 | * license. | ||
64 | * | ||
65 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
66 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
67 | * support (see RFC 4279) to OpenSSL. | ||
68 | * | ||
69 | * No patent licenses or other rights except those expressly stated in | ||
70 | * the OpenSSL open source license shall be deemed granted or received | ||
71 | * expressly, by implication, estoppel, or otherwise. | ||
72 | * | ||
73 | * No assurances are provided by Nokia that the Contribution does not | ||
74 | * infringe the patent or other intellectual property rights of any third | ||
75 | * party or that the license provides you with all the necessary rights | ||
76 | * to make use of the Contribution. | ||
77 | * | ||
78 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
79 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
80 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
81 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
82 | * OTHERWISE. | ||
83 | */ | ||
84 | |||
85 | #include <stdio.h> | ||
86 | #include <openssl/buffer.h> | ||
87 | #include "ssl_locl.h" | ||
88 | |||
89 | #ifndef OPENSSL_NO_FP_API | ||
90 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | ||
91 | { | ||
92 | BIO *b; | ||
93 | int ret; | ||
94 | |||
95 | if ((b=BIO_new(BIO_s_file_internal())) == NULL) | ||
96 | { | ||
97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); | ||
98 | return(0); | ||
99 | } | ||
100 | BIO_set_fp(b,fp,BIO_NOCLOSE); | ||
101 | ret=SSL_SESSION_print(b,x); | ||
102 | BIO_free(b); | ||
103 | return(ret); | ||
104 | } | ||
105 | #endif | ||
106 | |||
107 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | ||
108 | { | ||
109 | unsigned int i; | ||
110 | const char *s; | ||
111 | |||
112 | if (x == NULL) goto err; | ||
113 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | ||
114 | if (x->ssl_version == SSL2_VERSION) | ||
115 | s="SSLv2"; | ||
116 | else if (x->ssl_version == SSL3_VERSION) | ||
117 | s="SSLv3"; | ||
118 | else if (x->ssl_version == TLS1_VERSION) | ||
119 | s="TLSv1"; | ||
120 | else if (x->ssl_version == DTLS1_VERSION) | ||
121 | s="DTLSv1"; | ||
122 | else if (x->ssl_version == DTLS1_BAD_VER) | ||
123 | s="DTLSv1-bad"; | ||
124 | else | ||
125 | s="unknown"; | ||
126 | if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; | ||
127 | |||
128 | if (x->cipher == NULL) | ||
129 | { | ||
130 | if (((x->cipher_id) & 0xff000000) == 0x02000000) | ||
131 | { | ||
132 | if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) | ||
133 | goto err; | ||
134 | } | ||
135 | else | ||
136 | { | ||
137 | if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) | ||
138 | goto err; | ||
139 | } | ||
140 | } | ||
141 | else | ||
142 | { | ||
143 | if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) | ||
144 | goto err; | ||
145 | } | ||
146 | if (BIO_puts(bp," Session-ID: ") <= 0) goto err; | ||
147 | for (i=0; i<x->session_id_length; i++) | ||
148 | { | ||
149 | if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; | ||
150 | } | ||
151 | if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; | ||
152 | for (i=0; i<x->sid_ctx_length; i++) | ||
153 | { | ||
154 | if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) | ||
155 | goto err; | ||
156 | } | ||
157 | if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; | ||
158 | for (i=0; i<(unsigned int)x->master_key_length; i++) | ||
159 | { | ||
160 | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | ||
161 | } | ||
162 | if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | ||
163 | if (x->key_arg_length == 0) | ||
164 | { | ||
165 | if (BIO_puts(bp,"None") <= 0) goto err; | ||
166 | } | ||
167 | else | ||
168 | for (i=0; i<x->key_arg_length; i++) | ||
169 | { | ||
170 | if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | ||
171 | } | ||
172 | #ifndef OPENSSL_NO_KRB5 | ||
173 | if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; | ||
174 | if (x->krb5_client_princ_len == 0) | ||
175 | { | ||
176 | if (BIO_puts(bp,"None") <= 0) goto err; | ||
177 | } | ||
178 | else | ||
179 | for (i=0; i<x->krb5_client_princ_len; i++) | ||
180 | { | ||
181 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | ||
182 | } | ||
183 | #endif /* OPENSSL_NO_KRB5 */ | ||
184 | #ifndef OPENSSL_NO_PSK | ||
185 | if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | ||
186 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | ||
187 | if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | ||
188 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; | ||
189 | #endif | ||
190 | #ifndef OPENSSL_NO_TLSEXT | ||
191 | if (x->tlsext_tick_lifetime_hint) | ||
192 | { | ||
193 | if (BIO_printf(bp, | ||
194 | "\n TLS session ticket lifetime hint: %ld (seconds)", | ||
195 | x->tlsext_tick_lifetime_hint) <=0) | ||
196 | goto err; | ||
197 | } | ||
198 | if (x->tlsext_tick) | ||
199 | { | ||
200 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; | ||
201 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | ||
202 | goto err; | ||
203 | } | ||
204 | #endif | ||
205 | |||
206 | #ifndef OPENSSL_NO_COMP | ||
207 | if (x->compress_meth != 0) | ||
208 | { | ||
209 | SSL_COMP *comp = NULL; | ||
210 | |||
211 | ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); | ||
212 | if (comp == NULL) | ||
213 | { | ||
214 | if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; | ||
215 | } | ||
216 | else | ||
217 | { | ||
218 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | ||
219 | } | ||
220 | } | ||
221 | #endif | ||
222 | if (x->time != 0L) | ||
223 | { | ||
224 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; | ||
225 | } | ||
226 | if (x->timeout != 0L) | ||
227 | { | ||
228 | if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; | ||
229 | } | ||
230 | if (BIO_puts(bp,"\n") <= 0) goto err; | ||
231 | |||
232 | if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; | ||
233 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, | ||
234 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; | ||
235 | |||
236 | return(1); | ||
237 | err: | ||
238 | return(0); | ||
239 | } | ||
240 | |||
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c deleted file mode 100644 index c87af17712..0000000000 --- a/src/lib/libssl/t1_clnt.c +++ /dev/null | |||
@@ -1,79 +0,0 @@ | |||
1 | /* ssl/t1_clnt.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include "ssl_locl.h" | ||
61 | #include <openssl/buffer.h> | ||
62 | #include <openssl/rand.h> | ||
63 | #include <openssl/objects.h> | ||
64 | #include <openssl/evp.h> | ||
65 | |||
66 | static const SSL_METHOD *tls1_get_client_method(int ver); | ||
67 | static const SSL_METHOD *tls1_get_client_method(int ver) | ||
68 | { | ||
69 | if (ver == TLS1_VERSION) | ||
70 | return(TLSv1_client_method()); | ||
71 | else | ||
72 | return(NULL); | ||
73 | } | ||
74 | |||
75 | IMPLEMENT_tls1_meth_func(TLSv1_client_method, | ||
76 | ssl_undefined_function, | ||
77 | ssl3_connect, | ||
78 | tls1_get_client_method) | ||
79 | |||
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c deleted file mode 100644 index 793ea43e90..0000000000 --- a/src/lib/libssl/t1_enc.c +++ /dev/null | |||
@@ -1,1045 +0,0 @@ | |||
1 | /* ssl/t1_enc.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2005 Nokia. All rights reserved. | ||
113 | * | ||
114 | * The portions of the attached software ("Contribution") is developed by | ||
115 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
116 | * license. | ||
117 | * | ||
118 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
119 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
120 | * support (see RFC 4279) to OpenSSL. | ||
121 | * | ||
122 | * No patent licenses or other rights except those expressly stated in | ||
123 | * the OpenSSL open source license shall be deemed granted or received | ||
124 | * expressly, by implication, estoppel, or otherwise. | ||
125 | * | ||
126 | * No assurances are provided by Nokia that the Contribution does not | ||
127 | * infringe the patent or other intellectual property rights of any third | ||
128 | * party or that the license provides you with all the necessary rights | ||
129 | * to make use of the Contribution. | ||
130 | * | ||
131 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
132 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
133 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
134 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
135 | * OTHERWISE. | ||
136 | */ | ||
137 | |||
138 | #include <stdio.h> | ||
139 | #include "ssl_locl.h" | ||
140 | #ifndef OPENSSL_NO_COMP | ||
141 | #include <openssl/comp.h> | ||
142 | #endif | ||
143 | #include <openssl/evp.h> | ||
144 | #include <openssl/hmac.h> | ||
145 | #include <openssl/md5.h> | ||
146 | #ifdef KSSL_DEBUG | ||
147 | #include <openssl/des.h> | ||
148 | #endif | ||
149 | |||
150 | /* seed1 through seed5 are virtually concatenated */ | ||
151 | static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | ||
152 | int sec_len, | ||
153 | const void *seed1, int seed1_len, | ||
154 | const void *seed2, int seed2_len, | ||
155 | const void *seed3, int seed3_len, | ||
156 | const void *seed4, int seed4_len, | ||
157 | const void *seed5, int seed5_len, | ||
158 | unsigned char *out, int olen) | ||
159 | { | ||
160 | int chunk; | ||
161 | unsigned int j; | ||
162 | HMAC_CTX ctx; | ||
163 | HMAC_CTX ctx_tmp; | ||
164 | unsigned char A1[EVP_MAX_MD_SIZE]; | ||
165 | unsigned int A1_len; | ||
166 | int ret = 0; | ||
167 | |||
168 | chunk=EVP_MD_size(md); | ||
169 | OPENSSL_assert(chunk >= 0); | ||
170 | |||
171 | HMAC_CTX_init(&ctx); | ||
172 | HMAC_CTX_init(&ctx_tmp); | ||
173 | if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL)) | ||
174 | goto err; | ||
175 | if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL)) | ||
176 | goto err; | ||
177 | if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) | ||
178 | goto err; | ||
179 | if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) | ||
180 | goto err; | ||
181 | if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) | ||
182 | goto err; | ||
183 | if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) | ||
184 | goto err; | ||
185 | if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) | ||
186 | goto err; | ||
187 | if (!HMAC_Final(&ctx,A1,&A1_len)) | ||
188 | goto err; | ||
189 | |||
190 | for (;;) | ||
191 | { | ||
192 | if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ | ||
193 | goto err; | ||
194 | if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */ | ||
195 | goto err; | ||
196 | if (!HMAC_Update(&ctx,A1,A1_len)) | ||
197 | goto err; | ||
198 | if (!HMAC_Update(&ctx_tmp,A1,A1_len)) | ||
199 | goto err; | ||
200 | if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) | ||
201 | goto err; | ||
202 | if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) | ||
203 | goto err; | ||
204 | if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) | ||
205 | goto err; | ||
206 | if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) | ||
207 | goto err; | ||
208 | if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) | ||
209 | goto err; | ||
210 | |||
211 | if (olen > chunk) | ||
212 | { | ||
213 | if (!HMAC_Final(&ctx,out,&j)) | ||
214 | goto err; | ||
215 | out+=j; | ||
216 | olen-=j; | ||
217 | if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */ | ||
218 | goto err; | ||
219 | } | ||
220 | else /* last one */ | ||
221 | { | ||
222 | if (!HMAC_Final(&ctx,A1,&A1_len)) | ||
223 | goto err; | ||
224 | memcpy(out,A1,olen); | ||
225 | break; | ||
226 | } | ||
227 | } | ||
228 | ret = 1; | ||
229 | err: | ||
230 | HMAC_CTX_cleanup(&ctx); | ||
231 | HMAC_CTX_cleanup(&ctx_tmp); | ||
232 | OPENSSL_cleanse(A1,sizeof(A1)); | ||
233 | return ret; | ||
234 | } | ||
235 | |||
236 | /* seed1 through seed5 are virtually concatenated */ | ||
237 | static int tls1_PRF(long digest_mask, | ||
238 | const void *seed1, int seed1_len, | ||
239 | const void *seed2, int seed2_len, | ||
240 | const void *seed3, int seed3_len, | ||
241 | const void *seed4, int seed4_len, | ||
242 | const void *seed5, int seed5_len, | ||
243 | const unsigned char *sec, int slen, | ||
244 | unsigned char *out1, | ||
245 | unsigned char *out2, int olen) | ||
246 | { | ||
247 | int len,i,idx,count; | ||
248 | const unsigned char *S1; | ||
249 | long m; | ||
250 | const EVP_MD *md; | ||
251 | int ret = 0; | ||
252 | |||
253 | /* Count number of digests and partition sec evenly */ | ||
254 | count=0; | ||
255 | for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) { | ||
256 | if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++; | ||
257 | } | ||
258 | len=slen/count; | ||
259 | S1=sec; | ||
260 | memset(out1,0,olen); | ||
261 | for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) { | ||
262 | if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) { | ||
263 | if (!md) { | ||
264 | SSLerr(SSL_F_TLS1_PRF, | ||
265 | SSL_R_UNSUPPORTED_DIGEST_TYPE); | ||
266 | goto err; | ||
267 | } | ||
268 | if (!tls1_P_hash(md ,S1,len+(slen&1), | ||
269 | seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len, | ||
270 | out2,olen)) | ||
271 | goto err; | ||
272 | S1+=len; | ||
273 | for (i=0; i<olen; i++) | ||
274 | { | ||
275 | out1[i]^=out2[i]; | ||
276 | } | ||
277 | } | ||
278 | } | ||
279 | ret = 1; | ||
280 | err: | ||
281 | return ret; | ||
282 | } | ||
283 | static int tls1_generate_key_block(SSL *s, unsigned char *km, | ||
284 | unsigned char *tmp, int num) | ||
285 | { | ||
286 | int ret; | ||
287 | ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, | ||
288 | TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE, | ||
289 | s->s3->server_random,SSL3_RANDOM_SIZE, | ||
290 | s->s3->client_random,SSL3_RANDOM_SIZE, | ||
291 | NULL,0,NULL,0, | ||
292 | s->session->master_key,s->session->master_key_length, | ||
293 | km,tmp,num); | ||
294 | #ifdef KSSL_DEBUG | ||
295 | printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", | ||
296 | s->session->master_key_length); | ||
297 | { | ||
298 | int i; | ||
299 | for (i=0; i < s->session->master_key_length; i++) | ||
300 | { | ||
301 | printf("%02X", s->session->master_key[i]); | ||
302 | } | ||
303 | printf("\n"); } | ||
304 | #endif /* KSSL_DEBUG */ | ||
305 | return ret; | ||
306 | } | ||
307 | |||
308 | int tls1_change_cipher_state(SSL *s, int which) | ||
309 | { | ||
310 | static const unsigned char empty[]=""; | ||
311 | unsigned char *p,*mac_secret; | ||
312 | unsigned char *exp_label; | ||
313 | unsigned char tmp1[EVP_MAX_KEY_LENGTH]; | ||
314 | unsigned char tmp2[EVP_MAX_KEY_LENGTH]; | ||
315 | unsigned char iv1[EVP_MAX_IV_LENGTH*2]; | ||
316 | unsigned char iv2[EVP_MAX_IV_LENGTH*2]; | ||
317 | unsigned char *ms,*key,*iv; | ||
318 | int client_write; | ||
319 | EVP_CIPHER_CTX *dd; | ||
320 | const EVP_CIPHER *c; | ||
321 | #ifndef OPENSSL_NO_COMP | ||
322 | const SSL_COMP *comp; | ||
323 | #endif | ||
324 | const EVP_MD *m; | ||
325 | int mac_type; | ||
326 | int *mac_secret_size; | ||
327 | EVP_MD_CTX *mac_ctx; | ||
328 | EVP_PKEY *mac_key; | ||
329 | int is_export,n,i,j,k,exp_label_len,cl; | ||
330 | int reuse_dd = 0; | ||
331 | |||
332 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | ||
333 | c=s->s3->tmp.new_sym_enc; | ||
334 | m=s->s3->tmp.new_hash; | ||
335 | mac_type = s->s3->tmp.new_mac_pkey_type; | ||
336 | #ifndef OPENSSL_NO_COMP | ||
337 | comp=s->s3->tmp.new_compression; | ||
338 | #endif | ||
339 | |||
340 | #ifdef KSSL_DEBUG | ||
341 | printf("tls1_change_cipher_state(which= %d) w/\n", which); | ||
342 | printf("\talg= %ld/%ld, comp= %p\n", | ||
343 | s->s3->tmp.new_cipher->algorithm_mkey, | ||
344 | s->s3->tmp.new_cipher->algorithm_auth, | ||
345 | comp); | ||
346 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); | ||
347 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | ||
348 | c->nid,c->block_size,c->key_len,c->iv_len); | ||
349 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | ||
350 | { | ||
351 | int i; | ||
352 | for (i=0; i<s->s3->tmp.key_block_length; i++) | ||
353 | printf("%02x", key_block[i]); printf("\n"); | ||
354 | } | ||
355 | #endif /* KSSL_DEBUG */ | ||
356 | |||
357 | if (which & SSL3_CC_READ) | ||
358 | { | ||
359 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | ||
360 | s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; | ||
361 | else | ||
362 | s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | ||
363 | |||
364 | if (s->enc_read_ctx != NULL) | ||
365 | reuse_dd = 1; | ||
366 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | ||
367 | goto err; | ||
368 | else | ||
369 | /* make sure it's intialized in case we exit later with an error */ | ||
370 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | ||
371 | dd= s->enc_read_ctx; | ||
372 | mac_ctx=ssl_replace_hash(&s->read_hash,NULL); | ||
373 | #ifndef OPENSSL_NO_COMP | ||
374 | if (s->expand != NULL) | ||
375 | { | ||
376 | COMP_CTX_free(s->expand); | ||
377 | s->expand=NULL; | ||
378 | } | ||
379 | if (comp != NULL) | ||
380 | { | ||
381 | s->expand=COMP_CTX_new(comp->method); | ||
382 | if (s->expand == NULL) | ||
383 | { | ||
384 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); | ||
385 | goto err2; | ||
386 | } | ||
387 | if (s->s3->rrec.comp == NULL) | ||
388 | s->s3->rrec.comp=(unsigned char *) | ||
389 | OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); | ||
390 | if (s->s3->rrec.comp == NULL) | ||
391 | goto err; | ||
392 | } | ||
393 | #endif | ||
394 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
395 | if (s->version != DTLS1_VERSION) | ||
396 | memset(&(s->s3->read_sequence[0]),0,8); | ||
397 | mac_secret= &(s->s3->read_mac_secret[0]); | ||
398 | mac_secret_size=&(s->s3->read_mac_secret_size); | ||
399 | } | ||
400 | else | ||
401 | { | ||
402 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | ||
403 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | ||
404 | else | ||
405 | s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; | ||
406 | if (s->enc_write_ctx != NULL) | ||
407 | reuse_dd = 1; | ||
408 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | ||
409 | goto err; | ||
410 | else | ||
411 | /* make sure it's intialized in case we exit later with an error */ | ||
412 | EVP_CIPHER_CTX_init(s->enc_write_ctx); | ||
413 | dd= s->enc_write_ctx; | ||
414 | mac_ctx = ssl_replace_hash(&s->write_hash,NULL); | ||
415 | #ifndef OPENSSL_NO_COMP | ||
416 | if (s->compress != NULL) | ||
417 | { | ||
418 | COMP_CTX_free(s->compress); | ||
419 | s->compress=NULL; | ||
420 | } | ||
421 | if (comp != NULL) | ||
422 | { | ||
423 | s->compress=COMP_CTX_new(comp->method); | ||
424 | if (s->compress == NULL) | ||
425 | { | ||
426 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); | ||
427 | goto err2; | ||
428 | } | ||
429 | } | ||
430 | #endif | ||
431 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
432 | if (s->version != DTLS1_VERSION) | ||
433 | memset(&(s->s3->write_sequence[0]),0,8); | ||
434 | mac_secret= &(s->s3->write_mac_secret[0]); | ||
435 | mac_secret_size = &(s->s3->write_mac_secret_size); | ||
436 | } | ||
437 | |||
438 | if (reuse_dd) | ||
439 | EVP_CIPHER_CTX_cleanup(dd); | ||
440 | |||
441 | p=s->s3->tmp.key_block; | ||
442 | i=*mac_secret_size=s->s3->tmp.new_mac_secret_size; | ||
443 | |||
444 | cl=EVP_CIPHER_key_length(c); | ||
445 | j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | ||
446 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | ||
447 | /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ | ||
448 | k=EVP_CIPHER_iv_length(c); | ||
449 | if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | ||
450 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) | ||
451 | { | ||
452 | ms= &(p[ 0]); n=i+i; | ||
453 | key= &(p[ n]); n+=j+j; | ||
454 | iv= &(p[ n]); n+=k+k; | ||
455 | exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; | ||
456 | exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; | ||
457 | client_write=1; | ||
458 | } | ||
459 | else | ||
460 | { | ||
461 | n=i; | ||
462 | ms= &(p[ n]); n+=i+j; | ||
463 | key= &(p[ n]); n+=j+k; | ||
464 | iv= &(p[ n]); n+=k; | ||
465 | exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; | ||
466 | exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; | ||
467 | client_write=0; | ||
468 | } | ||
469 | |||
470 | if (n > s->s3->tmp.key_block_length) | ||
471 | { | ||
472 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); | ||
473 | goto err2; | ||
474 | } | ||
475 | |||
476 | memcpy(mac_secret,ms,i); | ||
477 | mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, | ||
478 | mac_secret,*mac_secret_size); | ||
479 | EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key); | ||
480 | EVP_PKEY_free(mac_key); | ||
481 | #ifdef TLS_DEBUG | ||
482 | printf("which = %04X\nmac key=",which); | ||
483 | { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } | ||
484 | #endif | ||
485 | if (is_export) | ||
486 | { | ||
487 | /* In here I set both the read and write key/iv to the | ||
488 | * same value since only the correct one will be used :-). | ||
489 | */ | ||
490 | if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, | ||
491 | exp_label,exp_label_len, | ||
492 | s->s3->client_random,SSL3_RANDOM_SIZE, | ||
493 | s->s3->server_random,SSL3_RANDOM_SIZE, | ||
494 | NULL,0,NULL,0, | ||
495 | key,j,tmp1,tmp2,EVP_CIPHER_key_length(c))) | ||
496 | goto err2; | ||
497 | key=tmp1; | ||
498 | |||
499 | if (k > 0) | ||
500 | { | ||
501 | if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, | ||
502 | TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE, | ||
503 | s->s3->client_random,SSL3_RANDOM_SIZE, | ||
504 | s->s3->server_random,SSL3_RANDOM_SIZE, | ||
505 | NULL,0,NULL,0, | ||
506 | empty,0,iv1,iv2,k*2)) | ||
507 | goto err2; | ||
508 | if (client_write) | ||
509 | iv=iv1; | ||
510 | else | ||
511 | iv= &(iv1[k]); | ||
512 | } | ||
513 | } | ||
514 | |||
515 | s->session->key_arg_length=0; | ||
516 | #ifdef KSSL_DEBUG | ||
517 | { | ||
518 | int i; | ||
519 | printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); | ||
520 | printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]); | ||
521 | printf("\n"); | ||
522 | printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]); | ||
523 | printf("\n"); | ||
524 | } | ||
525 | #endif /* KSSL_DEBUG */ | ||
526 | |||
527 | EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); | ||
528 | #ifdef TLS_DEBUG | ||
529 | printf("which = %04X\nkey=",which); | ||
530 | { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); } | ||
531 | printf("\niv="); | ||
532 | { int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); } | ||
533 | printf("\n"); | ||
534 | #endif | ||
535 | |||
536 | OPENSSL_cleanse(tmp1,sizeof(tmp1)); | ||
537 | OPENSSL_cleanse(tmp2,sizeof(tmp1)); | ||
538 | OPENSSL_cleanse(iv1,sizeof(iv1)); | ||
539 | OPENSSL_cleanse(iv2,sizeof(iv2)); | ||
540 | return(1); | ||
541 | err: | ||
542 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); | ||
543 | err2: | ||
544 | return(0); | ||
545 | } | ||
546 | |||
547 | int tls1_setup_key_block(SSL *s) | ||
548 | { | ||
549 | unsigned char *p1,*p2=NULL; | ||
550 | const EVP_CIPHER *c; | ||
551 | const EVP_MD *hash; | ||
552 | int num; | ||
553 | SSL_COMP *comp; | ||
554 | int mac_type= NID_undef,mac_secret_size=0; | ||
555 | int ret=0; | ||
556 | |||
557 | #ifdef KSSL_DEBUG | ||
558 | printf ("tls1_setup_key_block()\n"); | ||
559 | #endif /* KSSL_DEBUG */ | ||
560 | |||
561 | if (s->s3->tmp.key_block_length != 0) | ||
562 | return(1); | ||
563 | |||
564 | if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp)) | ||
565 | { | ||
566 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | ||
567 | return(0); | ||
568 | } | ||
569 | |||
570 | s->s3->tmp.new_sym_enc=c; | ||
571 | s->s3->tmp.new_hash=hash; | ||
572 | s->s3->tmp.new_mac_pkey_type = mac_type; | ||
573 | s->s3->tmp.new_mac_secret_size = mac_secret_size; | ||
574 | num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c); | ||
575 | num*=2; | ||
576 | |||
577 | ssl3_cleanup_key_block(s); | ||
578 | |||
579 | if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) | ||
580 | { | ||
581 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | ||
582 | goto err; | ||
583 | } | ||
584 | |||
585 | s->s3->tmp.key_block_length=num; | ||
586 | s->s3->tmp.key_block=p1; | ||
587 | |||
588 | if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) | ||
589 | { | ||
590 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | ||
591 | goto err; | ||
592 | } | ||
593 | |||
594 | #ifdef TLS_DEBUG | ||
595 | printf("client random\n"); | ||
596 | { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); } | ||
597 | printf("server random\n"); | ||
598 | { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); } | ||
599 | printf("pre-master\n"); | ||
600 | { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } | ||
601 | #endif | ||
602 | if (!tls1_generate_key_block(s,p1,p2,num)) | ||
603 | goto err; | ||
604 | #ifdef TLS_DEBUG | ||
605 | printf("\nkey block\n"); | ||
606 | { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } | ||
607 | #endif | ||
608 | |||
609 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) | ||
610 | { | ||
611 | /* enable vulnerability countermeasure for CBC ciphers with | ||
612 | * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) | ||
613 | */ | ||
614 | s->s3->need_empty_fragments = 1; | ||
615 | |||
616 | if (s->session->cipher != NULL) | ||
617 | { | ||
618 | if (s->session->cipher->algorithm_enc == SSL_eNULL) | ||
619 | s->s3->need_empty_fragments = 0; | ||
620 | |||
621 | #ifndef OPENSSL_NO_RC4 | ||
622 | if (s->session->cipher->algorithm_enc == SSL_RC4) | ||
623 | s->s3->need_empty_fragments = 0; | ||
624 | #endif | ||
625 | } | ||
626 | } | ||
627 | |||
628 | ret = 1; | ||
629 | err: | ||
630 | if (p2) | ||
631 | { | ||
632 | OPENSSL_cleanse(p2,num); | ||
633 | OPENSSL_free(p2); | ||
634 | } | ||
635 | return(ret); | ||
636 | } | ||
637 | |||
638 | int tls1_enc(SSL *s, int send) | ||
639 | { | ||
640 | SSL3_RECORD *rec; | ||
641 | EVP_CIPHER_CTX *ds; | ||
642 | unsigned long l; | ||
643 | int bs,i,ii,j,k,n=0; | ||
644 | const EVP_CIPHER *enc; | ||
645 | |||
646 | if (send) | ||
647 | { | ||
648 | if (EVP_MD_CTX_md(s->write_hash)) | ||
649 | { | ||
650 | n=EVP_MD_CTX_size(s->write_hash); | ||
651 | OPENSSL_assert(n >= 0); | ||
652 | } | ||
653 | ds=s->enc_write_ctx; | ||
654 | rec= &(s->s3->wrec); | ||
655 | if (s->enc_write_ctx == NULL) | ||
656 | enc=NULL; | ||
657 | else | ||
658 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | ||
659 | } | ||
660 | else | ||
661 | { | ||
662 | if (EVP_MD_CTX_md(s->read_hash)) | ||
663 | { | ||
664 | n=EVP_MD_CTX_size(s->read_hash); | ||
665 | OPENSSL_assert(n >= 0); | ||
666 | } | ||
667 | ds=s->enc_read_ctx; | ||
668 | rec= &(s->s3->rrec); | ||
669 | if (s->enc_read_ctx == NULL) | ||
670 | enc=NULL; | ||
671 | else | ||
672 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | ||
673 | } | ||
674 | |||
675 | #ifdef KSSL_DEBUG | ||
676 | printf("tls1_enc(%d)\n", send); | ||
677 | #endif /* KSSL_DEBUG */ | ||
678 | |||
679 | if ((s->session == NULL) || (ds == NULL) || | ||
680 | (enc == NULL)) | ||
681 | { | ||
682 | memmove(rec->data,rec->input,rec->length); | ||
683 | rec->input=rec->data; | ||
684 | } | ||
685 | else | ||
686 | { | ||
687 | l=rec->length; | ||
688 | bs=EVP_CIPHER_block_size(ds->cipher); | ||
689 | |||
690 | if ((bs != 1) && send) | ||
691 | { | ||
692 | i=bs-((int)l%bs); | ||
693 | |||
694 | /* Add weird padding of upto 256 bytes */ | ||
695 | |||
696 | /* we need to add 'i' padding bytes of value j */ | ||
697 | j=i-1; | ||
698 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
699 | { | ||
700 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
701 | j++; | ||
702 | } | ||
703 | for (k=(int)l; k<(int)(l+i); k++) | ||
704 | rec->input[k]=j; | ||
705 | l+=i; | ||
706 | rec->length+=i; | ||
707 | } | ||
708 | |||
709 | #ifdef KSSL_DEBUG | ||
710 | { | ||
711 | unsigned long ui; | ||
712 | printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", | ||
713 | ds,rec->data,rec->input,l); | ||
714 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | ||
715 | ds->buf_len, ds->cipher->key_len, | ||
716 | DES_KEY_SZ, DES_SCHEDULE_SZ, | ||
717 | ds->cipher->iv_len); | ||
718 | printf("\t\tIV: "); | ||
719 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | ||
720 | printf("\n"); | ||
721 | printf("\trec->input="); | ||
722 | for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | ||
723 | printf("\n"); | ||
724 | } | ||
725 | #endif /* KSSL_DEBUG */ | ||
726 | |||
727 | if (!send) | ||
728 | { | ||
729 | if (l == 0 || l%bs != 0) | ||
730 | { | ||
731 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | ||
732 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | ||
733 | return 0; | ||
734 | } | ||
735 | } | ||
736 | |||
737 | EVP_Cipher(ds,rec->data,rec->input,l); | ||
738 | |||
739 | #ifdef KSSL_DEBUG | ||
740 | { | ||
741 | unsigned long i; | ||
742 | printf("\trec->data="); | ||
743 | for (i=0; i<l; i++) | ||
744 | printf(" %02x", rec->data[i]); printf("\n"); | ||
745 | } | ||
746 | #endif /* KSSL_DEBUG */ | ||
747 | |||
748 | if ((bs != 1) && !send) | ||
749 | { | ||
750 | ii=i=rec->data[l-1]; /* padding_length */ | ||
751 | i++; | ||
752 | /* NB: if compression is in operation the first packet | ||
753 | * may not be of even length so the padding bug check | ||
754 | * cannot be performed. This bug workaround has been | ||
755 | * around since SSLeay so hopefully it is either fixed | ||
756 | * now or no buggy implementation supports compression | ||
757 | * [steve] | ||
758 | */ | ||
759 | if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
760 | && !s->expand) | ||
761 | { | ||
762 | /* First packet is even in size, so check */ | ||
763 | if ((memcmp(s->s3->read_sequence, | ||
764 | "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) | ||
765 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | ||
766 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
767 | i--; | ||
768 | } | ||
769 | /* TLS 1.0 does not bound the number of padding bytes by the block size. | ||
770 | * All of them must have value 'padding_length'. */ | ||
771 | if (i > (int)rec->length) | ||
772 | { | ||
773 | /* Incorrect padding. SSLerr() and ssl3_alert are done | ||
774 | * by caller: we don't want to reveal whether this is | ||
775 | * a decryption error or a MAC verification failure | ||
776 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | ||
777 | return -1; | ||
778 | } | ||
779 | for (j=(int)(l-i); j<(int)l; j++) | ||
780 | { | ||
781 | if (rec->data[j] != ii) | ||
782 | { | ||
783 | /* Incorrect padding */ | ||
784 | return -1; | ||
785 | } | ||
786 | } | ||
787 | rec->length-=i; | ||
788 | } | ||
789 | } | ||
790 | return(1); | ||
791 | } | ||
792 | int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | ||
793 | { | ||
794 | unsigned int ret; | ||
795 | EVP_MD_CTX ctx, *d=NULL; | ||
796 | int i; | ||
797 | |||
798 | if (s->s3->handshake_buffer) | ||
799 | if (!ssl3_digest_cached_records(s)) | ||
800 | return 0; | ||
801 | |||
802 | for (i=0;i<SSL_MAX_DIGEST;i++) | ||
803 | { | ||
804 | if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) | ||
805 | { | ||
806 | d=s->s3->handshake_dgst[i]; | ||
807 | break; | ||
808 | } | ||
809 | } | ||
810 | if (!d) { | ||
811 | SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST); | ||
812 | return 0; | ||
813 | } | ||
814 | |||
815 | EVP_MD_CTX_init(&ctx); | ||
816 | EVP_MD_CTX_copy_ex(&ctx,d); | ||
817 | EVP_DigestFinal_ex(&ctx,out,&ret); | ||
818 | EVP_MD_CTX_cleanup(&ctx); | ||
819 | return((int)ret); | ||
820 | } | ||
821 | |||
822 | int tls1_final_finish_mac(SSL *s, | ||
823 | const char *str, int slen, unsigned char *out) | ||
824 | { | ||
825 | unsigned int i; | ||
826 | EVP_MD_CTX ctx; | ||
827 | unsigned char buf[2*EVP_MAX_MD_SIZE]; | ||
828 | unsigned char *q,buf2[12]; | ||
829 | int idx; | ||
830 | long mask; | ||
831 | int err=0; | ||
832 | const EVP_MD *md; | ||
833 | |||
834 | q=buf; | ||
835 | |||
836 | if (s->s3->handshake_buffer) | ||
837 | if (!ssl3_digest_cached_records(s)) | ||
838 | return 0; | ||
839 | |||
840 | EVP_MD_CTX_init(&ctx); | ||
841 | |||
842 | for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) | ||
843 | { | ||
844 | if (mask & s->s3->tmp.new_cipher->algorithm2) | ||
845 | { | ||
846 | int hashsize = EVP_MD_size(md); | ||
847 | if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) | ||
848 | { | ||
849 | /* internal error: 'buf' is too small for this cipersuite! */ | ||
850 | err = 1; | ||
851 | } | ||
852 | else | ||
853 | { | ||
854 | EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); | ||
855 | EVP_DigestFinal_ex(&ctx,q,&i); | ||
856 | if (i != (unsigned int)hashsize) /* can't really happen */ | ||
857 | err = 1; | ||
858 | q+=i; | ||
859 | } | ||
860 | } | ||
861 | } | ||
862 | |||
863 | if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, | ||
864 | str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, | ||
865 | s->session->master_key,s->session->master_key_length, | ||
866 | out,buf2,sizeof buf2)) | ||
867 | err = 1; | ||
868 | EVP_MD_CTX_cleanup(&ctx); | ||
869 | |||
870 | if (err) | ||
871 | return 0; | ||
872 | else | ||
873 | return sizeof buf2; | ||
874 | } | ||
875 | |||
876 | int tls1_mac(SSL *ssl, unsigned char *md, int send) | ||
877 | { | ||
878 | SSL3_RECORD *rec; | ||
879 | unsigned char *seq; | ||
880 | EVP_MD_CTX *hash; | ||
881 | size_t md_size; | ||
882 | int i; | ||
883 | EVP_MD_CTX hmac, *mac_ctx; | ||
884 | unsigned char buf[5]; | ||
885 | int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); | ||
886 | int t; | ||
887 | |||
888 | if (send) | ||
889 | { | ||
890 | rec= &(ssl->s3->wrec); | ||
891 | seq= &(ssl->s3->write_sequence[0]); | ||
892 | hash=ssl->write_hash; | ||
893 | } | ||
894 | else | ||
895 | { | ||
896 | rec= &(ssl->s3->rrec); | ||
897 | seq= &(ssl->s3->read_sequence[0]); | ||
898 | hash=ssl->read_hash; | ||
899 | } | ||
900 | |||
901 | t=EVP_MD_CTX_size(hash); | ||
902 | OPENSSL_assert(t >= 0); | ||
903 | md_size=t; | ||
904 | |||
905 | buf[0]=rec->type; | ||
906 | buf[1]=(unsigned char)(ssl->version>>8); | ||
907 | buf[2]=(unsigned char)(ssl->version); | ||
908 | buf[3]=rec->length>>8; | ||
909 | buf[4]=rec->length&0xff; | ||
910 | |||
911 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | ||
912 | if (stream_mac) | ||
913 | { | ||
914 | mac_ctx = hash; | ||
915 | } | ||
916 | else | ||
917 | { | ||
918 | EVP_MD_CTX_copy(&hmac,hash); | ||
919 | mac_ctx = &hmac; | ||
920 | } | ||
921 | |||
922 | if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) | ||
923 | { | ||
924 | unsigned char dtlsseq[8],*p=dtlsseq; | ||
925 | |||
926 | s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); | ||
927 | memcpy (p,&seq[2],6); | ||
928 | |||
929 | EVP_DigestSignUpdate(mac_ctx,dtlsseq,8); | ||
930 | } | ||
931 | else | ||
932 | EVP_DigestSignUpdate(mac_ctx,seq,8); | ||
933 | |||
934 | EVP_DigestSignUpdate(mac_ctx,buf,5); | ||
935 | EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length); | ||
936 | t=EVP_DigestSignFinal(mac_ctx,md,&md_size); | ||
937 | OPENSSL_assert(t > 0); | ||
938 | |||
939 | if (!stream_mac) EVP_MD_CTX_cleanup(&hmac); | ||
940 | #ifdef TLS_DEBUG | ||
941 | printf("sec="); | ||
942 | {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } | ||
943 | printf("seq="); | ||
944 | {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } | ||
945 | printf("buf="); | ||
946 | {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } | ||
947 | printf("rec="); | ||
948 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | ||
949 | #endif | ||
950 | |||
951 | if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) | ||
952 | { | ||
953 | for (i=7; i>=0; i--) | ||
954 | { | ||
955 | ++seq[i]; | ||
956 | if (seq[i] != 0) break; | ||
957 | } | ||
958 | } | ||
959 | |||
960 | #ifdef TLS_DEBUG | ||
961 | {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); } | ||
962 | #endif | ||
963 | return(md_size); | ||
964 | } | ||
965 | |||
966 | int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, | ||
967 | int len) | ||
968 | { | ||
969 | unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; | ||
970 | const void *co = NULL, *so = NULL; | ||
971 | int col = 0, sol = 0; | ||
972 | |||
973 | #ifdef KSSL_DEBUG | ||
974 | printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); | ||
975 | #endif /* KSSL_DEBUG */ | ||
976 | |||
977 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
978 | if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL && | ||
979 | s->s3->client_opaque_prf_input_len > 0 && | ||
980 | s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len) | ||
981 | { | ||
982 | co = s->s3->client_opaque_prf_input; | ||
983 | col = s->s3->server_opaque_prf_input_len; | ||
984 | so = s->s3->server_opaque_prf_input; | ||
985 | sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */ | ||
986 | } | ||
987 | #endif | ||
988 | |||
989 | tls1_PRF(s->s3->tmp.new_cipher->algorithm2, | ||
990 | TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE, | ||
991 | s->s3->client_random,SSL3_RANDOM_SIZE, | ||
992 | co, col, | ||
993 | s->s3->server_random,SSL3_RANDOM_SIZE, | ||
994 | so, sol, | ||
995 | p,len, | ||
996 | s->session->master_key,buff,sizeof buff); | ||
997 | |||
998 | #ifdef KSSL_DEBUG | ||
999 | printf ("tls1_generate_master_secret() complete\n"); | ||
1000 | #endif /* KSSL_DEBUG */ | ||
1001 | return(SSL3_MASTER_SECRET_SIZE); | ||
1002 | } | ||
1003 | |||
1004 | int tls1_alert_code(int code) | ||
1005 | { | ||
1006 | switch (code) | ||
1007 | { | ||
1008 | case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); | ||
1009 | case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); | ||
1010 | case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); | ||
1011 | case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED); | ||
1012 | case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW); | ||
1013 | case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); | ||
1014 | case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); | ||
1015 | case SSL_AD_NO_CERTIFICATE: return(-1); | ||
1016 | case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); | ||
1017 | case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); | ||
1018 | case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); | ||
1019 | case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); | ||
1020 | case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); | ||
1021 | case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); | ||
1022 | case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA); | ||
1023 | case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); | ||
1024 | case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); | ||
1025 | case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); | ||
1026 | case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION); | ||
1027 | case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); | ||
1028 | case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); | ||
1029 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | ||
1030 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); | ||
1031 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | ||
1032 | case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION); | ||
1033 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE); | ||
1034 | case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME); | ||
1035 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); | ||
1036 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); | ||
1037 | case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); | ||
1038 | #if 0 /* not appropriate for TLS, not used for DTLS */ | ||
1039 | case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | ||
1040 | (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | ||
1041 | #endif | ||
1042 | default: return(-1); | ||
1043 | } | ||
1044 | } | ||
1045 | |||
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c deleted file mode 100644 index 26cbae449e..0000000000 --- a/src/lib/libssl/t1_lib.c +++ /dev/null | |||
@@ -1,1753 +0,0 @@ | |||
1 | /* ssl/t1_lib.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | |||
112 | #include <stdio.h> | ||
113 | #include <openssl/objects.h> | ||
114 | #include <openssl/evp.h> | ||
115 | #include <openssl/hmac.h> | ||
116 | #include <openssl/ocsp.h> | ||
117 | #include "ssl_locl.h" | ||
118 | |||
119 | const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; | ||
120 | |||
121 | #ifndef OPENSSL_NO_TLSEXT | ||
122 | static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | ||
123 | const unsigned char *sess_id, int sesslen, | ||
124 | SSL_SESSION **psess); | ||
125 | #endif | ||
126 | |||
127 | SSL3_ENC_METHOD TLSv1_enc_data={ | ||
128 | tls1_enc, | ||
129 | tls1_mac, | ||
130 | tls1_setup_key_block, | ||
131 | tls1_generate_master_secret, | ||
132 | tls1_change_cipher_state, | ||
133 | tls1_final_finish_mac, | ||
134 | TLS1_FINISH_MAC_LENGTH, | ||
135 | tls1_cert_verify_mac, | ||
136 | TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
137 | TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
138 | tls1_alert_code, | ||
139 | }; | ||
140 | |||
141 | long tls1_default_timeout(void) | ||
142 | { | ||
143 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | ||
144 | * is way too long for http, the cache would over fill */ | ||
145 | return(60*60*2); | ||
146 | } | ||
147 | |||
148 | int tls1_new(SSL *s) | ||
149 | { | ||
150 | if (!ssl3_new(s)) return(0); | ||
151 | s->method->ssl_clear(s); | ||
152 | return(1); | ||
153 | } | ||
154 | |||
155 | void tls1_free(SSL *s) | ||
156 | { | ||
157 | #ifndef OPENSSL_NO_TLSEXT | ||
158 | if (s->tlsext_session_ticket) | ||
159 | { | ||
160 | OPENSSL_free(s->tlsext_session_ticket); | ||
161 | } | ||
162 | #endif /* OPENSSL_NO_TLSEXT */ | ||
163 | ssl3_free(s); | ||
164 | } | ||
165 | |||
166 | void tls1_clear(SSL *s) | ||
167 | { | ||
168 | ssl3_clear(s); | ||
169 | s->version=TLS1_VERSION; | ||
170 | } | ||
171 | |||
172 | #ifndef OPENSSL_NO_EC | ||
173 | static int nid_list[] = | ||
174 | { | ||
175 | NID_sect163k1, /* sect163k1 (1) */ | ||
176 | NID_sect163r1, /* sect163r1 (2) */ | ||
177 | NID_sect163r2, /* sect163r2 (3) */ | ||
178 | NID_sect193r1, /* sect193r1 (4) */ | ||
179 | NID_sect193r2, /* sect193r2 (5) */ | ||
180 | NID_sect233k1, /* sect233k1 (6) */ | ||
181 | NID_sect233r1, /* sect233r1 (7) */ | ||
182 | NID_sect239k1, /* sect239k1 (8) */ | ||
183 | NID_sect283k1, /* sect283k1 (9) */ | ||
184 | NID_sect283r1, /* sect283r1 (10) */ | ||
185 | NID_sect409k1, /* sect409k1 (11) */ | ||
186 | NID_sect409r1, /* sect409r1 (12) */ | ||
187 | NID_sect571k1, /* sect571k1 (13) */ | ||
188 | NID_sect571r1, /* sect571r1 (14) */ | ||
189 | NID_secp160k1, /* secp160k1 (15) */ | ||
190 | NID_secp160r1, /* secp160r1 (16) */ | ||
191 | NID_secp160r2, /* secp160r2 (17) */ | ||
192 | NID_secp192k1, /* secp192k1 (18) */ | ||
193 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | ||
194 | NID_secp224k1, /* secp224k1 (20) */ | ||
195 | NID_secp224r1, /* secp224r1 (21) */ | ||
196 | NID_secp256k1, /* secp256k1 (22) */ | ||
197 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | ||
198 | NID_secp384r1, /* secp384r1 (24) */ | ||
199 | NID_secp521r1 /* secp521r1 (25) */ | ||
200 | }; | ||
201 | |||
202 | int tls1_ec_curve_id2nid(int curve_id) | ||
203 | { | ||
204 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | ||
205 | if ((curve_id < 1) || ((unsigned int)curve_id > | ||
206 | sizeof(nid_list)/sizeof(nid_list[0]))) | ||
207 | return 0; | ||
208 | return nid_list[curve_id-1]; | ||
209 | } | ||
210 | |||
211 | int tls1_ec_nid2curve_id(int nid) | ||
212 | { | ||
213 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | ||
214 | switch (nid) | ||
215 | { | ||
216 | case NID_sect163k1: /* sect163k1 (1) */ | ||
217 | return 1; | ||
218 | case NID_sect163r1: /* sect163r1 (2) */ | ||
219 | return 2; | ||
220 | case NID_sect163r2: /* sect163r2 (3) */ | ||
221 | return 3; | ||
222 | case NID_sect193r1: /* sect193r1 (4) */ | ||
223 | return 4; | ||
224 | case NID_sect193r2: /* sect193r2 (5) */ | ||
225 | return 5; | ||
226 | case NID_sect233k1: /* sect233k1 (6) */ | ||
227 | return 6; | ||
228 | case NID_sect233r1: /* sect233r1 (7) */ | ||
229 | return 7; | ||
230 | case NID_sect239k1: /* sect239k1 (8) */ | ||
231 | return 8; | ||
232 | case NID_sect283k1: /* sect283k1 (9) */ | ||
233 | return 9; | ||
234 | case NID_sect283r1: /* sect283r1 (10) */ | ||
235 | return 10; | ||
236 | case NID_sect409k1: /* sect409k1 (11) */ | ||
237 | return 11; | ||
238 | case NID_sect409r1: /* sect409r1 (12) */ | ||
239 | return 12; | ||
240 | case NID_sect571k1: /* sect571k1 (13) */ | ||
241 | return 13; | ||
242 | case NID_sect571r1: /* sect571r1 (14) */ | ||
243 | return 14; | ||
244 | case NID_secp160k1: /* secp160k1 (15) */ | ||
245 | return 15; | ||
246 | case NID_secp160r1: /* secp160r1 (16) */ | ||
247 | return 16; | ||
248 | case NID_secp160r2: /* secp160r2 (17) */ | ||
249 | return 17; | ||
250 | case NID_secp192k1: /* secp192k1 (18) */ | ||
251 | return 18; | ||
252 | case NID_X9_62_prime192v1: /* secp192r1 (19) */ | ||
253 | return 19; | ||
254 | case NID_secp224k1: /* secp224k1 (20) */ | ||
255 | return 20; | ||
256 | case NID_secp224r1: /* secp224r1 (21) */ | ||
257 | return 21; | ||
258 | case NID_secp256k1: /* secp256k1 (22) */ | ||
259 | return 22; | ||
260 | case NID_X9_62_prime256v1: /* secp256r1 (23) */ | ||
261 | return 23; | ||
262 | case NID_secp384r1: /* secp384r1 (24) */ | ||
263 | return 24; | ||
264 | case NID_secp521r1: /* secp521r1 (25) */ | ||
265 | return 25; | ||
266 | default: | ||
267 | return 0; | ||
268 | } | ||
269 | } | ||
270 | #endif /* OPENSSL_NO_EC */ | ||
271 | |||
272 | #ifndef OPENSSL_NO_TLSEXT | ||
273 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
274 | { | ||
275 | int extdatalen=0; | ||
276 | unsigned char *ret = p; | ||
277 | |||
278 | /* don't add extensions for SSLv3 unless doing secure renegotiation */ | ||
279 | if (s->client_version == SSL3_VERSION | ||
280 | && !s->s3->send_connection_binding) | ||
281 | return p; | ||
282 | |||
283 | ret+=2; | ||
284 | |||
285 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | ||
286 | |||
287 | if (s->tlsext_hostname != NULL) | ||
288 | { | ||
289 | /* Add TLS extension servername to the Client Hello message */ | ||
290 | unsigned long size_str; | ||
291 | long lenmax; | ||
292 | |||
293 | /* check for enough space. | ||
294 | 4 for the servername type and entension length | ||
295 | 2 for servernamelist length | ||
296 | 1 for the hostname type | ||
297 | 2 for hostname length | ||
298 | + hostname length | ||
299 | */ | ||
300 | |||
301 | if ((lenmax = limit - ret - 9) < 0 | ||
302 | || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) | ||
303 | return NULL; | ||
304 | |||
305 | /* extension type and length */ | ||
306 | s2n(TLSEXT_TYPE_server_name,ret); | ||
307 | s2n(size_str+5,ret); | ||
308 | |||
309 | /* length of servername list */ | ||
310 | s2n(size_str+3,ret); | ||
311 | |||
312 | /* hostname type, length and hostname */ | ||
313 | *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; | ||
314 | s2n(size_str,ret); | ||
315 | memcpy(ret, s->tlsext_hostname, size_str); | ||
316 | ret+=size_str; | ||
317 | } | ||
318 | |||
319 | /* Add RI if renegotiating */ | ||
320 | if (s->new_session) | ||
321 | { | ||
322 | int el; | ||
323 | |||
324 | if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) | ||
325 | { | ||
326 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | ||
327 | return NULL; | ||
328 | } | ||
329 | |||
330 | if((limit - p - 4 - el) < 0) return NULL; | ||
331 | |||
332 | s2n(TLSEXT_TYPE_renegotiate,ret); | ||
333 | s2n(el,ret); | ||
334 | |||
335 | if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) | ||
336 | { | ||
337 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | ||
338 | return NULL; | ||
339 | } | ||
340 | |||
341 | ret += el; | ||
342 | } | ||
343 | |||
344 | #ifndef OPENSSL_NO_EC | ||
345 | if (s->tlsext_ecpointformatlist != NULL && | ||
346 | s->version != DTLS1_VERSION) | ||
347 | { | ||
348 | /* Add TLS extension ECPointFormats to the ClientHello message */ | ||
349 | long lenmax; | ||
350 | |||
351 | if ((lenmax = limit - ret - 5) < 0) return NULL; | ||
352 | if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; | ||
353 | if (s->tlsext_ecpointformatlist_length > 255) | ||
354 | { | ||
355 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | ||
356 | return NULL; | ||
357 | } | ||
358 | |||
359 | s2n(TLSEXT_TYPE_ec_point_formats,ret); | ||
360 | s2n(s->tlsext_ecpointformatlist_length + 1,ret); | ||
361 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | ||
362 | memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | ||
363 | ret+=s->tlsext_ecpointformatlist_length; | ||
364 | } | ||
365 | if (s->tlsext_ellipticcurvelist != NULL && | ||
366 | s->version != DTLS1_VERSION) | ||
367 | { | ||
368 | /* Add TLS extension EllipticCurves to the ClientHello message */ | ||
369 | long lenmax; | ||
370 | |||
371 | if ((lenmax = limit - ret - 6) < 0) return NULL; | ||
372 | if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; | ||
373 | if (s->tlsext_ellipticcurvelist_length > 65532) | ||
374 | { | ||
375 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | ||
376 | return NULL; | ||
377 | } | ||
378 | |||
379 | s2n(TLSEXT_TYPE_elliptic_curves,ret); | ||
380 | s2n(s->tlsext_ellipticcurvelist_length + 2, ret); | ||
381 | |||
382 | /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for | ||
383 | * elliptic_curve_list, but the examples use two bytes. | ||
384 | * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html | ||
385 | * resolves this to two bytes. | ||
386 | */ | ||
387 | s2n(s->tlsext_ellipticcurvelist_length, ret); | ||
388 | memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | ||
389 | ret+=s->tlsext_ellipticcurvelist_length; | ||
390 | } | ||
391 | #endif /* OPENSSL_NO_EC */ | ||
392 | |||
393 | if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) | ||
394 | { | ||
395 | int ticklen; | ||
396 | if (!s->new_session && s->session && s->session->tlsext_tick) | ||
397 | ticklen = s->session->tlsext_ticklen; | ||
398 | else if (s->session && s->tlsext_session_ticket && | ||
399 | s->tlsext_session_ticket->data) | ||
400 | { | ||
401 | ticklen = s->tlsext_session_ticket->length; | ||
402 | s->session->tlsext_tick = OPENSSL_malloc(ticklen); | ||
403 | if (!s->session->tlsext_tick) | ||
404 | return NULL; | ||
405 | memcpy(s->session->tlsext_tick, | ||
406 | s->tlsext_session_ticket->data, | ||
407 | ticklen); | ||
408 | s->session->tlsext_ticklen = ticklen; | ||
409 | } | ||
410 | else | ||
411 | ticklen = 0; | ||
412 | if (ticklen == 0 && s->tlsext_session_ticket && | ||
413 | s->tlsext_session_ticket->data == NULL) | ||
414 | goto skip_ext; | ||
415 | /* Check for enough room 2 for extension type, 2 for len | ||
416 | * rest for ticket | ||
417 | */ | ||
418 | if ((long)(limit - ret - 4 - ticklen) < 0) return NULL; | ||
419 | s2n(TLSEXT_TYPE_session_ticket,ret); | ||
420 | s2n(ticklen,ret); | ||
421 | if (ticklen) | ||
422 | { | ||
423 | memcpy(ret, s->session->tlsext_tick, ticklen); | ||
424 | ret += ticklen; | ||
425 | } | ||
426 | } | ||
427 | skip_ext: | ||
428 | |||
429 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
430 | if (s->s3->client_opaque_prf_input != NULL && | ||
431 | s->version != DTLS1_VERSION) | ||
432 | { | ||
433 | size_t col = s->s3->client_opaque_prf_input_len; | ||
434 | |||
435 | if ((long)(limit - ret - 6 - col < 0)) | ||
436 | return NULL; | ||
437 | if (col > 0xFFFD) /* can't happen */ | ||
438 | return NULL; | ||
439 | |||
440 | s2n(TLSEXT_TYPE_opaque_prf_input, ret); | ||
441 | s2n(col + 2, ret); | ||
442 | s2n(col, ret); | ||
443 | memcpy(ret, s->s3->client_opaque_prf_input, col); | ||
444 | ret += col; | ||
445 | } | ||
446 | #endif | ||
447 | |||
448 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && | ||
449 | s->version != DTLS1_VERSION) | ||
450 | { | ||
451 | int i; | ||
452 | long extlen, idlen, itmp; | ||
453 | OCSP_RESPID *id; | ||
454 | |||
455 | idlen = 0; | ||
456 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) | ||
457 | { | ||
458 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
459 | itmp = i2d_OCSP_RESPID(id, NULL); | ||
460 | if (itmp <= 0) | ||
461 | return NULL; | ||
462 | idlen += itmp + 2; | ||
463 | } | ||
464 | |||
465 | if (s->tlsext_ocsp_exts) | ||
466 | { | ||
467 | extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); | ||
468 | if (extlen < 0) | ||
469 | return NULL; | ||
470 | } | ||
471 | else | ||
472 | extlen = 0; | ||
473 | |||
474 | if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; | ||
475 | s2n(TLSEXT_TYPE_status_request, ret); | ||
476 | if (extlen + idlen > 0xFFF0) | ||
477 | return NULL; | ||
478 | s2n(extlen + idlen + 5, ret); | ||
479 | *(ret++) = TLSEXT_STATUSTYPE_ocsp; | ||
480 | s2n(idlen, ret); | ||
481 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) | ||
482 | { | ||
483 | /* save position of id len */ | ||
484 | unsigned char *q = ret; | ||
485 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
486 | /* skip over id len */ | ||
487 | ret += 2; | ||
488 | itmp = i2d_OCSP_RESPID(id, &ret); | ||
489 | /* write id len */ | ||
490 | s2n(itmp, q); | ||
491 | } | ||
492 | s2n(extlen, ret); | ||
493 | if (extlen > 0) | ||
494 | i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); | ||
495 | } | ||
496 | |||
497 | if ((extdatalen = ret-p-2)== 0) | ||
498 | return p; | ||
499 | |||
500 | s2n(extdatalen,p); | ||
501 | return ret; | ||
502 | } | ||
503 | |||
504 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
505 | { | ||
506 | int extdatalen=0; | ||
507 | unsigned char *ret = p; | ||
508 | |||
509 | /* don't add extensions for SSLv3, unless doing secure renegotiation */ | ||
510 | if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) | ||
511 | return p; | ||
512 | |||
513 | ret+=2; | ||
514 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | ||
515 | |||
516 | if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) | ||
517 | { | ||
518 | if ((long)(limit - ret - 4) < 0) return NULL; | ||
519 | |||
520 | s2n(TLSEXT_TYPE_server_name,ret); | ||
521 | s2n(0,ret); | ||
522 | } | ||
523 | |||
524 | if(s->s3->send_connection_binding) | ||
525 | { | ||
526 | int el; | ||
527 | |||
528 | if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) | ||
529 | { | ||
530 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | ||
531 | return NULL; | ||
532 | } | ||
533 | |||
534 | if((limit - p - 4 - el) < 0) return NULL; | ||
535 | |||
536 | s2n(TLSEXT_TYPE_renegotiate,ret); | ||
537 | s2n(el,ret); | ||
538 | |||
539 | if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) | ||
540 | { | ||
541 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | ||
542 | return NULL; | ||
543 | } | ||
544 | |||
545 | ret += el; | ||
546 | } | ||
547 | |||
548 | #ifndef OPENSSL_NO_EC | ||
549 | if (s->tlsext_ecpointformatlist != NULL && | ||
550 | s->version != DTLS1_VERSION) | ||
551 | { | ||
552 | /* Add TLS extension ECPointFormats to the ServerHello message */ | ||
553 | long lenmax; | ||
554 | |||
555 | if ((lenmax = limit - ret - 5) < 0) return NULL; | ||
556 | if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; | ||
557 | if (s->tlsext_ecpointformatlist_length > 255) | ||
558 | { | ||
559 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | ||
560 | return NULL; | ||
561 | } | ||
562 | |||
563 | s2n(TLSEXT_TYPE_ec_point_formats,ret); | ||
564 | s2n(s->tlsext_ecpointformatlist_length + 1,ret); | ||
565 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | ||
566 | memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | ||
567 | ret+=s->tlsext_ecpointformatlist_length; | ||
568 | |||
569 | } | ||
570 | /* Currently the server should not respond with a SupportedCurves extension */ | ||
571 | #endif /* OPENSSL_NO_EC */ | ||
572 | |||
573 | if (s->tlsext_ticket_expected | ||
574 | && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) | ||
575 | { | ||
576 | if ((long)(limit - ret - 4) < 0) return NULL; | ||
577 | s2n(TLSEXT_TYPE_session_ticket,ret); | ||
578 | s2n(0,ret); | ||
579 | } | ||
580 | |||
581 | if (s->tlsext_status_expected) | ||
582 | { | ||
583 | if ((long)(limit - ret - 4) < 0) return NULL; | ||
584 | s2n(TLSEXT_TYPE_status_request,ret); | ||
585 | s2n(0,ret); | ||
586 | } | ||
587 | |||
588 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
589 | if (s->s3->server_opaque_prf_input != NULL && | ||
590 | s->version != DTLS1_VERSION) | ||
591 | { | ||
592 | size_t sol = s->s3->server_opaque_prf_input_len; | ||
593 | |||
594 | if ((long)(limit - ret - 6 - sol) < 0) | ||
595 | return NULL; | ||
596 | if (sol > 0xFFFD) /* can't happen */ | ||
597 | return NULL; | ||
598 | |||
599 | s2n(TLSEXT_TYPE_opaque_prf_input, ret); | ||
600 | s2n(sol + 2, ret); | ||
601 | s2n(sol, ret); | ||
602 | memcpy(ret, s->s3->server_opaque_prf_input, sol); | ||
603 | ret += sol; | ||
604 | } | ||
605 | #endif | ||
606 | if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) | ||
607 | && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) | ||
608 | { const unsigned char cryptopro_ext[36] = { | ||
609 | 0xfd, 0xe8, /*65000*/ | ||
610 | 0x00, 0x20, /*32 bytes length*/ | ||
611 | 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, | ||
612 | 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, | ||
613 | 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, | ||
614 | 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17}; | ||
615 | if (limit-ret<36) return NULL; | ||
616 | memcpy(ret,cryptopro_ext,36); | ||
617 | ret+=36; | ||
618 | |||
619 | } | ||
620 | |||
621 | if ((extdatalen = ret-p-2)== 0) | ||
622 | return p; | ||
623 | |||
624 | s2n(extdatalen,p); | ||
625 | return ret; | ||
626 | } | ||
627 | |||
628 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | ||
629 | { | ||
630 | unsigned short type; | ||
631 | unsigned short size; | ||
632 | unsigned short len; | ||
633 | unsigned char *data = *p; | ||
634 | int renegotiate_seen = 0; | ||
635 | |||
636 | s->servername_done = 0; | ||
637 | s->tlsext_status_type = -1; | ||
638 | |||
639 | if (data >= (d+n-2)) | ||
640 | goto ri_check; | ||
641 | n2s(data,len); | ||
642 | |||
643 | if (data > (d+n-len)) | ||
644 | goto ri_check; | ||
645 | |||
646 | while (data <= (d+n-4)) | ||
647 | { | ||
648 | n2s(data,type); | ||
649 | n2s(data,size); | ||
650 | |||
651 | if (data+size > (d+n)) | ||
652 | goto ri_check; | ||
653 | #if 0 | ||
654 | fprintf(stderr,"Received extension type %d size %d\n",type,size); | ||
655 | #endif | ||
656 | if (s->tlsext_debug_cb) | ||
657 | s->tlsext_debug_cb(s, 0, type, data, size, | ||
658 | s->tlsext_debug_arg); | ||
659 | /* The servername extension is treated as follows: | ||
660 | |||
661 | - Only the hostname type is supported with a maximum length of 255. | ||
662 | - The servername is rejected if too long or if it contains zeros, | ||
663 | in which case an fatal alert is generated. | ||
664 | - The servername field is maintained together with the session cache. | ||
665 | - When a session is resumed, the servername call back invoked in order | ||
666 | to allow the application to position itself to the right context. | ||
667 | - The servername is acknowledged if it is new for a session or when | ||
668 | it is identical to a previously used for the same session. | ||
669 | Applications can control the behaviour. They can at any time | ||
670 | set a 'desirable' servername for a new SSL object. This can be the | ||
671 | case for example with HTTPS when a Host: header field is received and | ||
672 | a renegotiation is requested. In this case, a possible servername | ||
673 | presented in the new client hello is only acknowledged if it matches | ||
674 | the value of the Host: field. | ||
675 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ||
676 | if they provide for changing an explicit servername context for the session, | ||
677 | i.e. when the session has been established with a servername extension. | ||
678 | - On session reconnect, the servername extension may be absent. | ||
679 | |||
680 | */ | ||
681 | |||
682 | if (type == TLSEXT_TYPE_server_name) | ||
683 | { | ||
684 | unsigned char *sdata; | ||
685 | int servname_type; | ||
686 | int dsize; | ||
687 | |||
688 | if (size < 2) | ||
689 | { | ||
690 | *al = SSL_AD_DECODE_ERROR; | ||
691 | return 0; | ||
692 | } | ||
693 | n2s(data,dsize); | ||
694 | size -= 2; | ||
695 | if (dsize > size ) | ||
696 | { | ||
697 | *al = SSL_AD_DECODE_ERROR; | ||
698 | return 0; | ||
699 | } | ||
700 | |||
701 | sdata = data; | ||
702 | while (dsize > 3) | ||
703 | { | ||
704 | servname_type = *(sdata++); | ||
705 | n2s(sdata,len); | ||
706 | dsize -= 3; | ||
707 | |||
708 | if (len > dsize) | ||
709 | { | ||
710 | *al = SSL_AD_DECODE_ERROR; | ||
711 | return 0; | ||
712 | } | ||
713 | if (s->servername_done == 0) | ||
714 | switch (servname_type) | ||
715 | { | ||
716 | case TLSEXT_NAMETYPE_host_name: | ||
717 | if (!s->hit) | ||
718 | { | ||
719 | if(s->session->tlsext_hostname) | ||
720 | { | ||
721 | *al = SSL_AD_DECODE_ERROR; | ||
722 | return 0; | ||
723 | } | ||
724 | if (len > TLSEXT_MAXLEN_host_name) | ||
725 | { | ||
726 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
727 | return 0; | ||
728 | } | ||
729 | if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) | ||
730 | { | ||
731 | *al = TLS1_AD_INTERNAL_ERROR; | ||
732 | return 0; | ||
733 | } | ||
734 | memcpy(s->session->tlsext_hostname, sdata, len); | ||
735 | s->session->tlsext_hostname[len]='\0'; | ||
736 | if (strlen(s->session->tlsext_hostname) != len) { | ||
737 | OPENSSL_free(s->session->tlsext_hostname); | ||
738 | s->session->tlsext_hostname = NULL; | ||
739 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
740 | return 0; | ||
741 | } | ||
742 | s->servername_done = 1; | ||
743 | |||
744 | } | ||
745 | else | ||
746 | s->servername_done = s->session->tlsext_hostname | ||
747 | && strlen(s->session->tlsext_hostname) == len | ||
748 | && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
749 | |||
750 | break; | ||
751 | |||
752 | default: | ||
753 | break; | ||
754 | } | ||
755 | |||
756 | dsize -= len; | ||
757 | } | ||
758 | if (dsize != 0) | ||
759 | { | ||
760 | *al = SSL_AD_DECODE_ERROR; | ||
761 | return 0; | ||
762 | } | ||
763 | |||
764 | } | ||
765 | |||
766 | #ifndef OPENSSL_NO_EC | ||
767 | else if (type == TLSEXT_TYPE_ec_point_formats && | ||
768 | s->version != DTLS1_VERSION) | ||
769 | { | ||
770 | unsigned char *sdata = data; | ||
771 | int ecpointformatlist_length = *(sdata++); | ||
772 | |||
773 | if (ecpointformatlist_length != size - 1) | ||
774 | { | ||
775 | *al = TLS1_AD_DECODE_ERROR; | ||
776 | return 0; | ||
777 | } | ||
778 | if (!s->hit) | ||
779 | { | ||
780 | if(s->session->tlsext_ecpointformatlist) | ||
781 | { | ||
782 | OPENSSL_free(s->session->tlsext_ecpointformatlist); | ||
783 | s->session->tlsext_ecpointformatlist = NULL; | ||
784 | } | ||
785 | s->session->tlsext_ecpointformatlist_length = 0; | ||
786 | if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) | ||
787 | { | ||
788 | *al = TLS1_AD_INTERNAL_ERROR; | ||
789 | return 0; | ||
790 | } | ||
791 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; | ||
792 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); | ||
793 | } | ||
794 | #if 0 | ||
795 | fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); | ||
796 | sdata = s->session->tlsext_ecpointformatlist; | ||
797 | for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) | ||
798 | fprintf(stderr,"%i ",*(sdata++)); | ||
799 | fprintf(stderr,"\n"); | ||
800 | #endif | ||
801 | } | ||
802 | else if (type == TLSEXT_TYPE_elliptic_curves && | ||
803 | s->version != DTLS1_VERSION) | ||
804 | { | ||
805 | unsigned char *sdata = data; | ||
806 | int ellipticcurvelist_length = (*(sdata++) << 8); | ||
807 | ellipticcurvelist_length += (*(sdata++)); | ||
808 | |||
809 | if (ellipticcurvelist_length != size - 2) | ||
810 | { | ||
811 | *al = TLS1_AD_DECODE_ERROR; | ||
812 | return 0; | ||
813 | } | ||
814 | if (!s->hit) | ||
815 | { | ||
816 | if(s->session->tlsext_ellipticcurvelist) | ||
817 | { | ||
818 | *al = TLS1_AD_DECODE_ERROR; | ||
819 | return 0; | ||
820 | } | ||
821 | s->session->tlsext_ellipticcurvelist_length = 0; | ||
822 | if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) | ||
823 | { | ||
824 | *al = TLS1_AD_INTERNAL_ERROR; | ||
825 | return 0; | ||
826 | } | ||
827 | s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; | ||
828 | memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); | ||
829 | } | ||
830 | #if 0 | ||
831 | fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); | ||
832 | sdata = s->session->tlsext_ellipticcurvelist; | ||
833 | for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++) | ||
834 | fprintf(stderr,"%i ",*(sdata++)); | ||
835 | fprintf(stderr,"\n"); | ||
836 | #endif | ||
837 | } | ||
838 | #endif /* OPENSSL_NO_EC */ | ||
839 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
840 | else if (type == TLSEXT_TYPE_opaque_prf_input && | ||
841 | s->version != DTLS1_VERSION) | ||
842 | { | ||
843 | unsigned char *sdata = data; | ||
844 | |||
845 | if (size < 2) | ||
846 | { | ||
847 | *al = SSL_AD_DECODE_ERROR; | ||
848 | return 0; | ||
849 | } | ||
850 | n2s(sdata, s->s3->client_opaque_prf_input_len); | ||
851 | if (s->s3->client_opaque_prf_input_len != size - 2) | ||
852 | { | ||
853 | *al = SSL_AD_DECODE_ERROR; | ||
854 | return 0; | ||
855 | } | ||
856 | |||
857 | if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ | ||
858 | OPENSSL_free(s->s3->client_opaque_prf_input); | ||
859 | if (s->s3->client_opaque_prf_input_len == 0) | ||
860 | s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ | ||
861 | else | ||
862 | s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); | ||
863 | if (s->s3->client_opaque_prf_input == NULL) | ||
864 | { | ||
865 | *al = TLS1_AD_INTERNAL_ERROR; | ||
866 | return 0; | ||
867 | } | ||
868 | } | ||
869 | #endif | ||
870 | else if (type == TLSEXT_TYPE_session_ticket) | ||
871 | { | ||
872 | if (s->tls_session_ticket_ext_cb && | ||
873 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) | ||
874 | { | ||
875 | *al = TLS1_AD_INTERNAL_ERROR; | ||
876 | return 0; | ||
877 | } | ||
878 | } | ||
879 | else if (type == TLSEXT_TYPE_renegotiate) | ||
880 | { | ||
881 | if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) | ||
882 | return 0; | ||
883 | renegotiate_seen = 1; | ||
884 | } | ||
885 | else if (type == TLSEXT_TYPE_status_request && | ||
886 | s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) | ||
887 | { | ||
888 | |||
889 | if (size < 5) | ||
890 | { | ||
891 | *al = SSL_AD_DECODE_ERROR; | ||
892 | return 0; | ||
893 | } | ||
894 | |||
895 | s->tlsext_status_type = *data++; | ||
896 | size--; | ||
897 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) | ||
898 | { | ||
899 | const unsigned char *sdata; | ||
900 | int dsize; | ||
901 | /* Read in responder_id_list */ | ||
902 | n2s(data,dsize); | ||
903 | size -= 2; | ||
904 | if (dsize > size ) | ||
905 | { | ||
906 | *al = SSL_AD_DECODE_ERROR; | ||
907 | return 0; | ||
908 | } | ||
909 | while (dsize > 0) | ||
910 | { | ||
911 | OCSP_RESPID *id; | ||
912 | int idsize; | ||
913 | if (dsize < 4) | ||
914 | { | ||
915 | *al = SSL_AD_DECODE_ERROR; | ||
916 | return 0; | ||
917 | } | ||
918 | n2s(data, idsize); | ||
919 | dsize -= 2 + idsize; | ||
920 | size -= 2 + idsize; | ||
921 | if (dsize < 0) | ||
922 | { | ||
923 | *al = SSL_AD_DECODE_ERROR; | ||
924 | return 0; | ||
925 | } | ||
926 | sdata = data; | ||
927 | data += idsize; | ||
928 | id = d2i_OCSP_RESPID(NULL, | ||
929 | &sdata, idsize); | ||
930 | if (!id) | ||
931 | { | ||
932 | *al = SSL_AD_DECODE_ERROR; | ||
933 | return 0; | ||
934 | } | ||
935 | if (data != sdata) | ||
936 | { | ||
937 | OCSP_RESPID_free(id); | ||
938 | *al = SSL_AD_DECODE_ERROR; | ||
939 | return 0; | ||
940 | } | ||
941 | if (!s->tlsext_ocsp_ids | ||
942 | && !(s->tlsext_ocsp_ids = | ||
943 | sk_OCSP_RESPID_new_null())) | ||
944 | { | ||
945 | OCSP_RESPID_free(id); | ||
946 | *al = SSL_AD_INTERNAL_ERROR; | ||
947 | return 0; | ||
948 | } | ||
949 | if (!sk_OCSP_RESPID_push( | ||
950 | s->tlsext_ocsp_ids, id)) | ||
951 | { | ||
952 | OCSP_RESPID_free(id); | ||
953 | *al = SSL_AD_INTERNAL_ERROR; | ||
954 | return 0; | ||
955 | } | ||
956 | } | ||
957 | |||
958 | /* Read in request_extensions */ | ||
959 | if (size < 2) | ||
960 | { | ||
961 | *al = SSL_AD_DECODE_ERROR; | ||
962 | return 0; | ||
963 | } | ||
964 | n2s(data,dsize); | ||
965 | size -= 2; | ||
966 | if (dsize != size) | ||
967 | { | ||
968 | *al = SSL_AD_DECODE_ERROR; | ||
969 | return 0; | ||
970 | } | ||
971 | sdata = data; | ||
972 | if (dsize > 0) | ||
973 | { | ||
974 | if (s->tlsext_ocsp_exts) | ||
975 | { | ||
976 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | ||
977 | X509_EXTENSION_free); | ||
978 | } | ||
979 | |||
980 | s->tlsext_ocsp_exts = | ||
981 | d2i_X509_EXTENSIONS(NULL, | ||
982 | &sdata, dsize); | ||
983 | if (!s->tlsext_ocsp_exts | ||
984 | || (data + dsize != sdata)) | ||
985 | { | ||
986 | *al = SSL_AD_DECODE_ERROR; | ||
987 | return 0; | ||
988 | } | ||
989 | } | ||
990 | } | ||
991 | /* We don't know what to do with any other type | ||
992 | * so ignore it. | ||
993 | */ | ||
994 | else | ||
995 | s->tlsext_status_type = -1; | ||
996 | } | ||
997 | |||
998 | /* session ticket processed earlier */ | ||
999 | data+=size; | ||
1000 | } | ||
1001 | |||
1002 | *p = data; | ||
1003 | |||
1004 | ri_check: | ||
1005 | |||
1006 | /* Need RI if renegotiating */ | ||
1007 | |||
1008 | if (!renegotiate_seen && s->new_session && | ||
1009 | !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
1010 | { | ||
1011 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
1012 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, | ||
1013 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | ||
1014 | return 0; | ||
1015 | } | ||
1016 | |||
1017 | return 1; | ||
1018 | } | ||
1019 | |||
1020 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | ||
1021 | { | ||
1022 | unsigned short length; | ||
1023 | unsigned short type; | ||
1024 | unsigned short size; | ||
1025 | unsigned char *data = *p; | ||
1026 | int tlsext_servername = 0; | ||
1027 | int renegotiate_seen = 0; | ||
1028 | |||
1029 | if (data >= (d+n-2)) | ||
1030 | goto ri_check; | ||
1031 | |||
1032 | n2s(data,length); | ||
1033 | if (data+length != d+n) | ||
1034 | { | ||
1035 | *al = SSL_AD_DECODE_ERROR; | ||
1036 | return 0; | ||
1037 | } | ||
1038 | |||
1039 | while(data <= (d+n-4)) | ||
1040 | { | ||
1041 | n2s(data,type); | ||
1042 | n2s(data,size); | ||
1043 | |||
1044 | if (data+size > (d+n)) | ||
1045 | goto ri_check; | ||
1046 | |||
1047 | if (s->tlsext_debug_cb) | ||
1048 | s->tlsext_debug_cb(s, 1, type, data, size, | ||
1049 | s->tlsext_debug_arg); | ||
1050 | |||
1051 | if (type == TLSEXT_TYPE_server_name) | ||
1052 | { | ||
1053 | if (s->tlsext_hostname == NULL || size > 0) | ||
1054 | { | ||
1055 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
1056 | return 0; | ||
1057 | } | ||
1058 | tlsext_servername = 1; | ||
1059 | } | ||
1060 | |||
1061 | #ifndef OPENSSL_NO_EC | ||
1062 | else if (type == TLSEXT_TYPE_ec_point_formats && | ||
1063 | s->version != DTLS1_VERSION) | ||
1064 | { | ||
1065 | unsigned char *sdata = data; | ||
1066 | int ecpointformatlist_length = *(sdata++); | ||
1067 | |||
1068 | if (ecpointformatlist_length != size - 1) | ||
1069 | { | ||
1070 | *al = TLS1_AD_DECODE_ERROR; | ||
1071 | return 0; | ||
1072 | } | ||
1073 | s->session->tlsext_ecpointformatlist_length = 0; | ||
1074 | if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); | ||
1075 | if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) | ||
1076 | { | ||
1077 | *al = TLS1_AD_INTERNAL_ERROR; | ||
1078 | return 0; | ||
1079 | } | ||
1080 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; | ||
1081 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); | ||
1082 | #if 0 | ||
1083 | fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); | ||
1084 | sdata = s->session->tlsext_ecpointformatlist; | ||
1085 | for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) | ||
1086 | fprintf(stderr,"%i ",*(sdata++)); | ||
1087 | fprintf(stderr,"\n"); | ||
1088 | #endif | ||
1089 | } | ||
1090 | #endif /* OPENSSL_NO_EC */ | ||
1091 | |||
1092 | else if (type == TLSEXT_TYPE_session_ticket) | ||
1093 | { | ||
1094 | if (s->tls_session_ticket_ext_cb && | ||
1095 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) | ||
1096 | { | ||
1097 | *al = TLS1_AD_INTERNAL_ERROR; | ||
1098 | return 0; | ||
1099 | } | ||
1100 | if ((SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
1101 | || (size > 0)) | ||
1102 | { | ||
1103 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
1104 | return 0; | ||
1105 | } | ||
1106 | s->tlsext_ticket_expected = 1; | ||
1107 | } | ||
1108 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
1109 | else if (type == TLSEXT_TYPE_opaque_prf_input && | ||
1110 | s->version != DTLS1_VERSION) | ||
1111 | { | ||
1112 | unsigned char *sdata = data; | ||
1113 | |||
1114 | if (size < 2) | ||
1115 | { | ||
1116 | *al = SSL_AD_DECODE_ERROR; | ||
1117 | return 0; | ||
1118 | } | ||
1119 | n2s(sdata, s->s3->server_opaque_prf_input_len); | ||
1120 | if (s->s3->server_opaque_prf_input_len != size - 2) | ||
1121 | { | ||
1122 | *al = SSL_AD_DECODE_ERROR; | ||
1123 | return 0; | ||
1124 | } | ||
1125 | |||
1126 | if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ | ||
1127 | OPENSSL_free(s->s3->server_opaque_prf_input); | ||
1128 | if (s->s3->server_opaque_prf_input_len == 0) | ||
1129 | s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ | ||
1130 | else | ||
1131 | s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); | ||
1132 | |||
1133 | if (s->s3->server_opaque_prf_input == NULL) | ||
1134 | { | ||
1135 | *al = TLS1_AD_INTERNAL_ERROR; | ||
1136 | return 0; | ||
1137 | } | ||
1138 | } | ||
1139 | #endif | ||
1140 | else if (type == TLSEXT_TYPE_status_request && | ||
1141 | s->version != DTLS1_VERSION) | ||
1142 | { | ||
1143 | /* MUST be empty and only sent if we've requested | ||
1144 | * a status request message. | ||
1145 | */ | ||
1146 | if ((s->tlsext_status_type == -1) || (size > 0)) | ||
1147 | { | ||
1148 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
1149 | return 0; | ||
1150 | } | ||
1151 | /* Set flag to expect CertificateStatus message */ | ||
1152 | s->tlsext_status_expected = 1; | ||
1153 | } | ||
1154 | else if (type == TLSEXT_TYPE_renegotiate) | ||
1155 | { | ||
1156 | if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) | ||
1157 | return 0; | ||
1158 | renegotiate_seen = 1; | ||
1159 | } | ||
1160 | data+=size; | ||
1161 | } | ||
1162 | |||
1163 | if (data != d+n) | ||
1164 | { | ||
1165 | *al = SSL_AD_DECODE_ERROR; | ||
1166 | return 0; | ||
1167 | } | ||
1168 | |||
1169 | if (!s->hit && tlsext_servername == 1) | ||
1170 | { | ||
1171 | if (s->tlsext_hostname) | ||
1172 | { | ||
1173 | if (s->session->tlsext_hostname == NULL) | ||
1174 | { | ||
1175 | s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); | ||
1176 | if (!s->session->tlsext_hostname) | ||
1177 | { | ||
1178 | *al = SSL_AD_UNRECOGNIZED_NAME; | ||
1179 | return 0; | ||
1180 | } | ||
1181 | } | ||
1182 | else | ||
1183 | { | ||
1184 | *al = SSL_AD_DECODE_ERROR; | ||
1185 | return 0; | ||
1186 | } | ||
1187 | } | ||
1188 | } | ||
1189 | |||
1190 | *p = data; | ||
1191 | |||
1192 | ri_check: | ||
1193 | |||
1194 | /* Determine if we need to see RI. Strictly speaking if we want to | ||
1195 | * avoid an attack we should *always* see RI even on initial server | ||
1196 | * hello because the client doesn't see any renegotiation during an | ||
1197 | * attack. However this would mean we could not connect to any server | ||
1198 | * which doesn't support RI so for the immediate future tolerate RI | ||
1199 | * absence on initial connect only. | ||
1200 | */ | ||
1201 | if (!renegotiate_seen | ||
1202 | && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) | ||
1203 | && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
1204 | { | ||
1205 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
1206 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, | ||
1207 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | ||
1208 | return 0; | ||
1209 | } | ||
1210 | |||
1211 | return 1; | ||
1212 | } | ||
1213 | |||
1214 | |||
1215 | int ssl_prepare_clienthello_tlsext(SSL *s) | ||
1216 | { | ||
1217 | #ifndef OPENSSL_NO_EC | ||
1218 | /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats | ||
1219 | * and elliptic curves we support. | ||
1220 | */ | ||
1221 | int using_ecc = 0; | ||
1222 | int i; | ||
1223 | unsigned char *j; | ||
1224 | unsigned long alg_k, alg_a; | ||
1225 | STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); | ||
1226 | |||
1227 | for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) | ||
1228 | { | ||
1229 | SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); | ||
1230 | |||
1231 | alg_k = c->algorithm_mkey; | ||
1232 | alg_a = c->algorithm_auth; | ||
1233 | if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) | ||
1234 | { | ||
1235 | using_ecc = 1; | ||
1236 | break; | ||
1237 | } | ||
1238 | } | ||
1239 | using_ecc = using_ecc && (s->version == TLS1_VERSION); | ||
1240 | if (using_ecc) | ||
1241 | { | ||
1242 | if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); | ||
1243 | if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) | ||
1244 | { | ||
1245 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); | ||
1246 | return -1; | ||
1247 | } | ||
1248 | s->tlsext_ecpointformatlist_length = 3; | ||
1249 | s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; | ||
1250 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; | ||
1251 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | ||
1252 | |||
1253 | /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ | ||
1254 | if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); | ||
1255 | s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2; | ||
1256 | if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) | ||
1257 | { | ||
1258 | s->tlsext_ellipticcurvelist_length = 0; | ||
1259 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); | ||
1260 | return -1; | ||
1261 | } | ||
1262 | for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <= | ||
1263 | sizeof(nid_list)/sizeof(nid_list[0]); i++) | ||
1264 | s2n(i,j); | ||
1265 | } | ||
1266 | #endif /* OPENSSL_NO_EC */ | ||
1267 | |||
1268 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
1269 | { | ||
1270 | int r = 1; | ||
1271 | |||
1272 | if (s->ctx->tlsext_opaque_prf_input_callback != 0) | ||
1273 | { | ||
1274 | r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); | ||
1275 | if (!r) | ||
1276 | return -1; | ||
1277 | } | ||
1278 | |||
1279 | if (s->tlsext_opaque_prf_input != NULL) | ||
1280 | { | ||
1281 | if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ | ||
1282 | OPENSSL_free(s->s3->client_opaque_prf_input); | ||
1283 | |||
1284 | if (s->tlsext_opaque_prf_input_len == 0) | ||
1285 | s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ | ||
1286 | else | ||
1287 | s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); | ||
1288 | if (s->s3->client_opaque_prf_input == NULL) | ||
1289 | { | ||
1290 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); | ||
1291 | return -1; | ||
1292 | } | ||
1293 | s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; | ||
1294 | } | ||
1295 | |||
1296 | if (r == 2) | ||
1297 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ | ||
1298 | s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; | ||
1299 | } | ||
1300 | #endif | ||
1301 | |||
1302 | return 1; | ||
1303 | } | ||
1304 | |||
1305 | int ssl_prepare_serverhello_tlsext(SSL *s) | ||
1306 | { | ||
1307 | #ifndef OPENSSL_NO_EC | ||
1308 | /* If we are server and using an ECC cipher suite, send the point formats we support | ||
1309 | * if the client sent us an ECPointsFormat extension. Note that the server is not | ||
1310 | * supposed to send an EllipticCurves extension. | ||
1311 | */ | ||
1312 | |||
1313 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
1314 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
1315 | int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); | ||
1316 | using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); | ||
1317 | |||
1318 | if (using_ecc) | ||
1319 | { | ||
1320 | if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); | ||
1321 | if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) | ||
1322 | { | ||
1323 | SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); | ||
1324 | return -1; | ||
1325 | } | ||
1326 | s->tlsext_ecpointformatlist_length = 3; | ||
1327 | s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; | ||
1328 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; | ||
1329 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | ||
1330 | } | ||
1331 | #endif /* OPENSSL_NO_EC */ | ||
1332 | |||
1333 | return 1; | ||
1334 | } | ||
1335 | |||
1336 | int ssl_check_clienthello_tlsext(SSL *s) | ||
1337 | { | ||
1338 | int ret=SSL_TLSEXT_ERR_NOACK; | ||
1339 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
1340 | |||
1341 | #ifndef OPENSSL_NO_EC | ||
1342 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | ||
1343 | * ssl3_choose_cipher in s3_lib.c. | ||
1344 | */ | ||
1345 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | ||
1346 | * ssl3_choose_cipher in s3_lib.c. | ||
1347 | */ | ||
1348 | #endif | ||
1349 | |||
1350 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
1351 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
1352 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
1353 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
1354 | |||
1355 | /* If status request then ask callback what to do. | ||
1356 | * Note: this must be called after servername callbacks in case | ||
1357 | * the certificate has changed. | ||
1358 | */ | ||
1359 | if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) | ||
1360 | { | ||
1361 | int r; | ||
1362 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
1363 | switch (r) | ||
1364 | { | ||
1365 | /* We don't want to send a status request response */ | ||
1366 | case SSL_TLSEXT_ERR_NOACK: | ||
1367 | s->tlsext_status_expected = 0; | ||
1368 | break; | ||
1369 | /* status request response should be sent */ | ||
1370 | case SSL_TLSEXT_ERR_OK: | ||
1371 | if (s->tlsext_ocsp_resp) | ||
1372 | s->tlsext_status_expected = 1; | ||
1373 | else | ||
1374 | s->tlsext_status_expected = 0; | ||
1375 | break; | ||
1376 | /* something bad happened */ | ||
1377 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
1378 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1379 | al = SSL_AD_INTERNAL_ERROR; | ||
1380 | goto err; | ||
1381 | } | ||
1382 | } | ||
1383 | else | ||
1384 | s->tlsext_status_expected = 0; | ||
1385 | |||
1386 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
1387 | { | ||
1388 | /* This sort of belongs into ssl_prepare_serverhello_tlsext(), | ||
1389 | * but we might be sending an alert in response to the client hello, | ||
1390 | * so this has to happen here in ssl_check_clienthello_tlsext(). */ | ||
1391 | |||
1392 | int r = 1; | ||
1393 | |||
1394 | if (s->ctx->tlsext_opaque_prf_input_callback != 0) | ||
1395 | { | ||
1396 | r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); | ||
1397 | if (!r) | ||
1398 | { | ||
1399 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1400 | al = SSL_AD_INTERNAL_ERROR; | ||
1401 | goto err; | ||
1402 | } | ||
1403 | } | ||
1404 | |||
1405 | if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ | ||
1406 | OPENSSL_free(s->s3->server_opaque_prf_input); | ||
1407 | s->s3->server_opaque_prf_input = NULL; | ||
1408 | |||
1409 | if (s->tlsext_opaque_prf_input != NULL) | ||
1410 | { | ||
1411 | if (s->s3->client_opaque_prf_input != NULL && | ||
1412 | s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) | ||
1413 | { | ||
1414 | /* can only use this extension if we have a server opaque PRF input | ||
1415 | * of the same length as the client opaque PRF input! */ | ||
1416 | |||
1417 | if (s->tlsext_opaque_prf_input_len == 0) | ||
1418 | s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ | ||
1419 | else | ||
1420 | s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); | ||
1421 | if (s->s3->server_opaque_prf_input == NULL) | ||
1422 | { | ||
1423 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1424 | al = SSL_AD_INTERNAL_ERROR; | ||
1425 | goto err; | ||
1426 | } | ||
1427 | s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; | ||
1428 | } | ||
1429 | } | ||
1430 | |||
1431 | if (r == 2 && s->s3->server_opaque_prf_input == NULL) | ||
1432 | { | ||
1433 | /* The callback wants to enforce use of the extension, | ||
1434 | * but we can't do that with the client opaque PRF input; | ||
1435 | * abort the handshake. | ||
1436 | */ | ||
1437 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1438 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
1439 | } | ||
1440 | } | ||
1441 | |||
1442 | #endif | ||
1443 | err: | ||
1444 | switch (ret) | ||
1445 | { | ||
1446 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
1447 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1448 | return -1; | ||
1449 | |||
1450 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
1451 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | ||
1452 | return 1; | ||
1453 | |||
1454 | case SSL_TLSEXT_ERR_NOACK: | ||
1455 | s->servername_done=0; | ||
1456 | default: | ||
1457 | return 1; | ||
1458 | } | ||
1459 | } | ||
1460 | |||
1461 | int ssl_check_serverhello_tlsext(SSL *s) | ||
1462 | { | ||
1463 | int ret=SSL_TLSEXT_ERR_NOACK; | ||
1464 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
1465 | |||
1466 | #ifndef OPENSSL_NO_EC | ||
1467 | /* If we are client and using an elliptic curve cryptography cipher | ||
1468 | * suite, then if server returns an EC point formats lists extension | ||
1469 | * it must contain uncompressed. | ||
1470 | */ | ||
1471 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
1472 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
1473 | if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && | ||
1474 | (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && | ||
1475 | ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) | ||
1476 | { | ||
1477 | /* we are using an ECC cipher */ | ||
1478 | size_t i; | ||
1479 | unsigned char *list; | ||
1480 | int found_uncompressed = 0; | ||
1481 | list = s->session->tlsext_ecpointformatlist; | ||
1482 | for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) | ||
1483 | { | ||
1484 | if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) | ||
1485 | { | ||
1486 | found_uncompressed = 1; | ||
1487 | break; | ||
1488 | } | ||
1489 | } | ||
1490 | if (!found_uncompressed) | ||
1491 | { | ||
1492 | SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); | ||
1493 | return -1; | ||
1494 | } | ||
1495 | } | ||
1496 | ret = SSL_TLSEXT_ERR_OK; | ||
1497 | #endif /* OPENSSL_NO_EC */ | ||
1498 | |||
1499 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
1500 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
1501 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
1502 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
1503 | |||
1504 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
1505 | if (s->s3->server_opaque_prf_input_len > 0) | ||
1506 | { | ||
1507 | /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs. | ||
1508 | * So first verify that we really have a value from the server too. */ | ||
1509 | |||
1510 | if (s->s3->server_opaque_prf_input == NULL) | ||
1511 | { | ||
1512 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1513 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
1514 | } | ||
1515 | |||
1516 | /* Anytime the server *has* sent an opaque PRF input, we need to check | ||
1517 | * that we have a client opaque PRF input of the same size. */ | ||
1518 | if (s->s3->client_opaque_prf_input == NULL || | ||
1519 | s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) | ||
1520 | { | ||
1521 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1522 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
1523 | } | ||
1524 | } | ||
1525 | #endif | ||
1526 | |||
1527 | /* If we've requested certificate status and we wont get one | ||
1528 | * tell the callback | ||
1529 | */ | ||
1530 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) | ||
1531 | && s->ctx && s->ctx->tlsext_status_cb) | ||
1532 | { | ||
1533 | int r; | ||
1534 | /* Set resp to NULL, resplen to -1 so callback knows | ||
1535 | * there is no response. | ||
1536 | */ | ||
1537 | if (s->tlsext_ocsp_resp) | ||
1538 | { | ||
1539 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
1540 | s->tlsext_ocsp_resp = NULL; | ||
1541 | } | ||
1542 | s->tlsext_ocsp_resplen = -1; | ||
1543 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
1544 | if (r == 0) | ||
1545 | { | ||
1546 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
1547 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1548 | } | ||
1549 | if (r < 0) | ||
1550 | { | ||
1551 | al = SSL_AD_INTERNAL_ERROR; | ||
1552 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
1553 | } | ||
1554 | } | ||
1555 | |||
1556 | switch (ret) | ||
1557 | { | ||
1558 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
1559 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
1560 | return -1; | ||
1561 | |||
1562 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
1563 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | ||
1564 | return 1; | ||
1565 | |||
1566 | case SSL_TLSEXT_ERR_NOACK: | ||
1567 | s->servername_done=0; | ||
1568 | default: | ||
1569 | return 1; | ||
1570 | } | ||
1571 | } | ||
1572 | |||
1573 | /* Since the server cache lookup is done early on in the processing of client | ||
1574 | * hello and other operations depend on the result we need to handle any TLS | ||
1575 | * session ticket extension at the same time. | ||
1576 | */ | ||
1577 | |||
1578 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
1579 | const unsigned char *limit, SSL_SESSION **ret) | ||
1580 | { | ||
1581 | /* Point after session ID in client hello */ | ||
1582 | const unsigned char *p = session_id + len; | ||
1583 | unsigned short i; | ||
1584 | |||
1585 | /* If tickets disabled behave as if no ticket present | ||
1586 | * to permit stateful resumption. | ||
1587 | */ | ||
1588 | if (SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
1589 | return 1; | ||
1590 | |||
1591 | if ((s->version <= SSL3_VERSION) || !limit) | ||
1592 | return 1; | ||
1593 | if (p >= limit) | ||
1594 | return -1; | ||
1595 | /* Skip past DTLS cookie */ | ||
1596 | if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) | ||
1597 | { | ||
1598 | i = *(p++); | ||
1599 | p+= i; | ||
1600 | if (p >= limit) | ||
1601 | return -1; | ||
1602 | } | ||
1603 | /* Skip past cipher list */ | ||
1604 | n2s(p, i); | ||
1605 | p+= i; | ||
1606 | if (p >= limit) | ||
1607 | return -1; | ||
1608 | /* Skip past compression algorithm list */ | ||
1609 | i = *(p++); | ||
1610 | p += i; | ||
1611 | if (p > limit) | ||
1612 | return -1; | ||
1613 | /* Now at start of extensions */ | ||
1614 | if ((p + 2) >= limit) | ||
1615 | return 1; | ||
1616 | n2s(p, i); | ||
1617 | while ((p + 4) <= limit) | ||
1618 | { | ||
1619 | unsigned short type, size; | ||
1620 | n2s(p, type); | ||
1621 | n2s(p, size); | ||
1622 | if (p + size > limit) | ||
1623 | return 1; | ||
1624 | if (type == TLSEXT_TYPE_session_ticket) | ||
1625 | { | ||
1626 | /* If tickets disabled indicate cache miss which will | ||
1627 | * trigger a full handshake | ||
1628 | */ | ||
1629 | if (SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
1630 | return 1; | ||
1631 | /* If zero length note client will accept a ticket | ||
1632 | * and indicate cache miss to trigger full handshake | ||
1633 | */ | ||
1634 | if (size == 0) | ||
1635 | { | ||
1636 | s->tlsext_ticket_expected = 1; | ||
1637 | return 0; /* Cache miss */ | ||
1638 | } | ||
1639 | if (s->tls_session_secret_cb) | ||
1640 | { | ||
1641 | /* Indicate cache miss here and instead of | ||
1642 | * generating the session from ticket now, | ||
1643 | * trigger abbreviated handshake based on | ||
1644 | * external mechanism to calculate the master | ||
1645 | * secret later. */ | ||
1646 | return 0; | ||
1647 | } | ||
1648 | return tls_decrypt_ticket(s, p, size, session_id, len, | ||
1649 | ret); | ||
1650 | } | ||
1651 | p += size; | ||
1652 | } | ||
1653 | return 1; | ||
1654 | } | ||
1655 | |||
1656 | static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | ||
1657 | const unsigned char *sess_id, int sesslen, | ||
1658 | SSL_SESSION **psess) | ||
1659 | { | ||
1660 | SSL_SESSION *sess; | ||
1661 | unsigned char *sdec; | ||
1662 | const unsigned char *p; | ||
1663 | int slen, mlen, renew_ticket = 0; | ||
1664 | unsigned char tick_hmac[EVP_MAX_MD_SIZE]; | ||
1665 | HMAC_CTX hctx; | ||
1666 | EVP_CIPHER_CTX ctx; | ||
1667 | SSL_CTX *tctx = s->initial_ctx; | ||
1668 | /* Need at least keyname + iv + some encrypted data */ | ||
1669 | if (eticklen < 48) | ||
1670 | goto tickerr; | ||
1671 | /* Initialize session ticket encryption and HMAC contexts */ | ||
1672 | HMAC_CTX_init(&hctx); | ||
1673 | EVP_CIPHER_CTX_init(&ctx); | ||
1674 | if (tctx->tlsext_ticket_key_cb) | ||
1675 | { | ||
1676 | unsigned char *nctick = (unsigned char *)etick; | ||
1677 | int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, | ||
1678 | &ctx, &hctx, 0); | ||
1679 | if (rv < 0) | ||
1680 | return -1; | ||
1681 | if (rv == 0) | ||
1682 | goto tickerr; | ||
1683 | if (rv == 2) | ||
1684 | renew_ticket = 1; | ||
1685 | } | ||
1686 | else | ||
1687 | { | ||
1688 | /* Check key name matches */ | ||
1689 | if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) | ||
1690 | goto tickerr; | ||
1691 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | ||
1692 | tlsext_tick_md(), NULL); | ||
1693 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
1694 | tctx->tlsext_tick_aes_key, etick + 16); | ||
1695 | } | ||
1696 | /* Attempt to process session ticket, first conduct sanity and | ||
1697 | * integrity checks on ticket. | ||
1698 | */ | ||
1699 | mlen = HMAC_size(&hctx); | ||
1700 | if (mlen < 0) | ||
1701 | { | ||
1702 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
1703 | return -1; | ||
1704 | } | ||
1705 | eticklen -= mlen; | ||
1706 | /* Check HMAC of encrypted ticket */ | ||
1707 | HMAC_Update(&hctx, etick, eticklen); | ||
1708 | HMAC_Final(&hctx, tick_hmac, NULL); | ||
1709 | HMAC_CTX_cleanup(&hctx); | ||
1710 | if (memcmp(tick_hmac, etick + eticklen, mlen)) | ||
1711 | goto tickerr; | ||
1712 | /* Attempt to decrypt session data */ | ||
1713 | /* Move p after IV to start of encrypted ticket, update length */ | ||
1714 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
1715 | eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
1716 | sdec = OPENSSL_malloc(eticklen); | ||
1717 | if (!sdec) | ||
1718 | { | ||
1719 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
1720 | return -1; | ||
1721 | } | ||
1722 | EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); | ||
1723 | if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) | ||
1724 | goto tickerr; | ||
1725 | slen += mlen; | ||
1726 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
1727 | p = sdec; | ||
1728 | |||
1729 | sess = d2i_SSL_SESSION(NULL, &p, slen); | ||
1730 | OPENSSL_free(sdec); | ||
1731 | if (sess) | ||
1732 | { | ||
1733 | /* The session ID if non-empty is used by some clients to | ||
1734 | * detect that the ticket has been accepted. So we copy it to | ||
1735 | * the session structure. If it is empty set length to zero | ||
1736 | * as required by standard. | ||
1737 | */ | ||
1738 | if (sesslen) | ||
1739 | memcpy(sess->session_id, sess_id, sesslen); | ||
1740 | sess->session_id_length = sesslen; | ||
1741 | *psess = sess; | ||
1742 | s->tlsext_ticket_expected = renew_ticket; | ||
1743 | return 1; | ||
1744 | } | ||
1745 | /* If session decrypt failure indicate a cache miss and set state to | ||
1746 | * send a new ticket | ||
1747 | */ | ||
1748 | tickerr: | ||
1749 | s->tlsext_ticket_expected = 1; | ||
1750 | return 0; | ||
1751 | } | ||
1752 | |||
1753 | #endif | ||
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c deleted file mode 100644 index 6ce7c0bbf5..0000000000 --- a/src/lib/libssl/t1_meth.c +++ /dev/null | |||
@@ -1,76 +0,0 @@ | |||
1 | /* ssl/t1_meth.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <openssl/objects.h> | ||
61 | #include "ssl_locl.h" | ||
62 | |||
63 | static const SSL_METHOD *tls1_get_method(int ver); | ||
64 | static const SSL_METHOD *tls1_get_method(int ver) | ||
65 | { | ||
66 | if (ver == TLS1_VERSION) | ||
67 | return(TLSv1_method()); | ||
68 | else | ||
69 | return(NULL); | ||
70 | } | ||
71 | |||
72 | IMPLEMENT_tls1_meth_func(TLSv1_method, | ||
73 | ssl3_accept, | ||
74 | ssl3_connect, | ||
75 | tls1_get_method) | ||
76 | |||
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c deleted file mode 100644 index 9c2cc3c712..0000000000 --- a/src/lib/libssl/t1_reneg.c +++ /dev/null | |||
@@ -1,292 +0,0 @@ | |||
1 | /* ssl/t1_reneg.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | #include <stdio.h> | ||
112 | #include <openssl/objects.h> | ||
113 | #include "ssl_locl.h" | ||
114 | |||
115 | /* Add the client's renegotiation binding */ | ||
116 | int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | ||
117 | int maxlen) | ||
118 | { | ||
119 | if(p) | ||
120 | { | ||
121 | if((s->s3->previous_client_finished_len+1) > maxlen) | ||
122 | { | ||
123 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
124 | return 0; | ||
125 | } | ||
126 | |||
127 | /* Length byte */ | ||
128 | *p = s->s3->previous_client_finished_len; | ||
129 | p++; | ||
130 | |||
131 | memcpy(p, s->s3->previous_client_finished, | ||
132 | s->s3->previous_client_finished_len); | ||
133 | #ifdef OPENSSL_RI_DEBUG | ||
134 | fprintf(stderr, "%s RI extension sent by client\n", | ||
135 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); | ||
136 | #endif | ||
137 | } | ||
138 | |||
139 | *len=s->s3->previous_client_finished_len + 1; | ||
140 | |||
141 | |||
142 | return 1; | ||
143 | } | ||
144 | |||
145 | /* Parse the client's renegotiation binding and abort if it's not | ||
146 | right */ | ||
147 | int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | ||
148 | int *al) | ||
149 | { | ||
150 | int ilen; | ||
151 | |||
152 | /* Parse the length byte */ | ||
153 | if(len < 1) | ||
154 | { | ||
155 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
156 | *al=SSL_AD_ILLEGAL_PARAMETER; | ||
157 | return 0; | ||
158 | } | ||
159 | ilen = *d; | ||
160 | d++; | ||
161 | |||
162 | /* Consistency check */ | ||
163 | if((ilen+1) != len) | ||
164 | { | ||
165 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
166 | *al=SSL_AD_ILLEGAL_PARAMETER; | ||
167 | return 0; | ||
168 | } | ||
169 | |||
170 | /* Check that the extension matches */ | ||
171 | if(ilen != s->s3->previous_client_finished_len) | ||
172 | { | ||
173 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); | ||
174 | *al=SSL_AD_HANDSHAKE_FAILURE; | ||
175 | return 0; | ||
176 | } | ||
177 | |||
178 | if(memcmp(d, s->s3->previous_client_finished, | ||
179 | s->s3->previous_client_finished_len)) | ||
180 | { | ||
181 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); | ||
182 | *al=SSL_AD_HANDSHAKE_FAILURE; | ||
183 | return 0; | ||
184 | } | ||
185 | #ifdef OPENSSL_RI_DEBUG | ||
186 | fprintf(stderr, "%s RI extension received by server\n", | ||
187 | ilen ? "Non-empty" : "Empty"); | ||
188 | #endif | ||
189 | |||
190 | s->s3->send_connection_binding=1; | ||
191 | |||
192 | return 1; | ||
193 | } | ||
194 | |||
195 | /* Add the server's renegotiation binding */ | ||
196 | int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | ||
197 | int maxlen) | ||
198 | { | ||
199 | if(p) | ||
200 | { | ||
201 | if((s->s3->previous_client_finished_len + | ||
202 | s->s3->previous_server_finished_len + 1) > maxlen) | ||
203 | { | ||
204 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
205 | return 0; | ||
206 | } | ||
207 | |||
208 | /* Length byte */ | ||
209 | *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; | ||
210 | p++; | ||
211 | |||
212 | memcpy(p, s->s3->previous_client_finished, | ||
213 | s->s3->previous_client_finished_len); | ||
214 | p += s->s3->previous_client_finished_len; | ||
215 | |||
216 | memcpy(p, s->s3->previous_server_finished, | ||
217 | s->s3->previous_server_finished_len); | ||
218 | #ifdef OPENSSL_RI_DEBUG | ||
219 | fprintf(stderr, "%s RI extension sent by server\n", | ||
220 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); | ||
221 | #endif | ||
222 | } | ||
223 | |||
224 | *len=s->s3->previous_client_finished_len | ||
225 | + s->s3->previous_server_finished_len + 1; | ||
226 | |||
227 | return 1; | ||
228 | } | ||
229 | |||
230 | /* Parse the server's renegotiation binding and abort if it's not | ||
231 | right */ | ||
232 | int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | ||
233 | int *al) | ||
234 | { | ||
235 | int expected_len=s->s3->previous_client_finished_len | ||
236 | + s->s3->previous_server_finished_len; | ||
237 | int ilen; | ||
238 | |||
239 | /* Check for logic errors */ | ||
240 | OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); | ||
241 | OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); | ||
242 | |||
243 | /* Parse the length byte */ | ||
244 | if(len < 1) | ||
245 | { | ||
246 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
247 | *al=SSL_AD_ILLEGAL_PARAMETER; | ||
248 | return 0; | ||
249 | } | ||
250 | ilen = *d; | ||
251 | d++; | ||
252 | |||
253 | /* Consistency check */ | ||
254 | if(ilen+1 != len) | ||
255 | { | ||
256 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
257 | *al=SSL_AD_ILLEGAL_PARAMETER; | ||
258 | return 0; | ||
259 | } | ||
260 | |||
261 | /* Check that the extension matches */ | ||
262 | if(ilen != expected_len) | ||
263 | { | ||
264 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); | ||
265 | *al=SSL_AD_HANDSHAKE_FAILURE; | ||
266 | return 0; | ||
267 | } | ||
268 | |||
269 | if(memcmp(d, s->s3->previous_client_finished, | ||
270 | s->s3->previous_client_finished_len)) | ||
271 | { | ||
272 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); | ||
273 | *al=SSL_AD_HANDSHAKE_FAILURE; | ||
274 | return 0; | ||
275 | } | ||
276 | d += s->s3->previous_client_finished_len; | ||
277 | |||
278 | if(memcmp(d, s->s3->previous_server_finished, | ||
279 | s->s3->previous_server_finished_len)) | ||
280 | { | ||
281 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); | ||
282 | *al=SSL_AD_ILLEGAL_PARAMETER; | ||
283 | return 0; | ||
284 | } | ||
285 | #ifdef OPENSSL_RI_DEBUG | ||
286 | fprintf(stderr, "%s RI extension received by client\n", | ||
287 | ilen ? "Non-empty" : "Empty"); | ||
288 | #endif | ||
289 | s->s3->send_connection_binding=1; | ||
290 | |||
291 | return 1; | ||
292 | } | ||
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c deleted file mode 100644 index 42525e9e89..0000000000 --- a/src/lib/libssl/t1_srvr.c +++ /dev/null | |||
@@ -1,80 +0,0 @@ | |||
1 | /* ssl/t1_srvr.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include "ssl_locl.h" | ||
61 | #include <openssl/buffer.h> | ||
62 | #include <openssl/rand.h> | ||
63 | #include <openssl/objects.h> | ||
64 | #include <openssl/evp.h> | ||
65 | #include <openssl/x509.h> | ||
66 | |||
67 | static const SSL_METHOD *tls1_get_server_method(int ver); | ||
68 | static const SSL_METHOD *tls1_get_server_method(int ver) | ||
69 | { | ||
70 | if (ver == TLS1_VERSION) | ||
71 | return(TLSv1_server_method()); | ||
72 | else | ||
73 | return(NULL); | ||
74 | } | ||
75 | |||
76 | IMPLEMENT_tls1_meth_func(TLSv1_server_method, | ||
77 | ssl3_accept, | ||
78 | ssl_undefined_function, | ||
79 | tls1_get_server_method) | ||
80 | |||
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf deleted file mode 100644 index 546e660626..0000000000 --- a/src/lib/libssl/test/CAss.cnf +++ /dev/null | |||
@@ -1,76 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | |||
6 | RANDFILE = ./.rnd | ||
7 | |||
8 | #################################################################### | ||
9 | [ req ] | ||
10 | default_bits = 1024 | ||
11 | default_keyfile = keySS.pem | ||
12 | distinguished_name = req_distinguished_name | ||
13 | encrypt_rsa_key = no | ||
14 | default_md = sha1 | ||
15 | |||
16 | [ req_distinguished_name ] | ||
17 | countryName = Country Name (2 letter code) | ||
18 | countryName_default = AU | ||
19 | countryName_value = AU | ||
20 | |||
21 | organizationName = Organization Name (eg, company) | ||
22 | organizationName_value = Dodgy Brothers | ||
23 | |||
24 | commonName = Common Name (eg, YOUR name) | ||
25 | commonName_value = Dodgy CA | ||
26 | |||
27 | #################################################################### | ||
28 | [ ca ] | ||
29 | default_ca = CA_default # The default ca section | ||
30 | |||
31 | #################################################################### | ||
32 | [ CA_default ] | ||
33 | |||
34 | dir = ./demoCA # Where everything is kept | ||
35 | certs = $dir/certs # Where the issued certs are kept | ||
36 | crl_dir = $dir/crl # Where the issued crl are kept | ||
37 | database = $dir/index.txt # database index file. | ||
38 | #unique_subject = no # Set to 'no' to allow creation of | ||
39 | # several ctificates with same subject. | ||
40 | new_certs_dir = $dir/newcerts # default place for new certs. | ||
41 | |||
42 | certificate = $dir/cacert.pem # The CA certificate | ||
43 | serial = $dir/serial # The current serial number | ||
44 | crl = $dir/crl.pem # The current CRL | ||
45 | private_key = $dir/private/cakey.pem# The private key | ||
46 | RANDFILE = $dir/private/.rand # private random number file | ||
47 | |||
48 | x509_extensions = v3_ca # The extentions to add to the cert | ||
49 | |||
50 | name_opt = ca_default # Subject Name options | ||
51 | cert_opt = ca_default # Certificate field options | ||
52 | |||
53 | default_days = 365 # how long to certify for | ||
54 | default_crl_days= 30 # how long before next CRL | ||
55 | default_md = md5 # which md to use. | ||
56 | preserve = no # keep passed DN ordering | ||
57 | |||
58 | policy = policy_anything | ||
59 | |||
60 | [ policy_anything ] | ||
61 | countryName = optional | ||
62 | stateOrProvinceName = optional | ||
63 | localityName = optional | ||
64 | organizationName = optional | ||
65 | organizationalUnitName = optional | ||
66 | commonName = supplied | ||
67 | emailAddress = optional | ||
68 | |||
69 | |||
70 | |||
71 | [ v3_ca ] | ||
72 | subjectKeyIdentifier=hash | ||
73 | authorityKeyIdentifier=keyid:always,issuer:always | ||
74 | basicConstraints = CA:true,pathlen:1 | ||
75 | keyUsage = cRLSign, keyCertSign | ||
76 | issuerAltName=issuer:copy | ||
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf deleted file mode 100644 index 4e0a908679..0000000000 --- a/src/lib/libssl/test/CAssdh.cnf +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | # hacked by iang to do DH certs - CA | ||
6 | |||
7 | RANDFILE = ./.rnd | ||
8 | |||
9 | #################################################################### | ||
10 | [ req ] | ||
11 | distinguished_name = req_distinguished_name | ||
12 | encrypt_rsa_key = no | ||
13 | |||
14 | [ req_distinguished_name ] | ||
15 | countryName = Country Name (2 letter code) | ||
16 | countryName_default = CU | ||
17 | countryName_value = CU | ||
18 | |||
19 | organizationName = Organization Name (eg, company) | ||
20 | organizationName_value = La Junta de la Revolucion | ||
21 | |||
22 | commonName = Common Name (eg, YOUR name) | ||
23 | commonName_value = Junta | ||
24 | |||
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf deleted file mode 100644 index a6b4d1810c..0000000000 --- a/src/lib/libssl/test/CAssdsa.cnf +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | # hacked by iang to do DSA certs - CA | ||
6 | |||
7 | RANDFILE = ./.rnd | ||
8 | |||
9 | #################################################################### | ||
10 | [ req ] | ||
11 | distinguished_name = req_distinguished_name | ||
12 | encrypt_rsa_key = no | ||
13 | |||
14 | [ req_distinguished_name ] | ||
15 | countryName = Country Name (2 letter code) | ||
16 | countryName_default = ES | ||
17 | countryName_value = ES | ||
18 | |||
19 | organizationName = Organization Name (eg, company) | ||
20 | organizationName_value = Hermanos Locos | ||
21 | |||
22 | commonName = Common Name (eg, YOUR name) | ||
23 | commonName_value = Hermanos Locos CA | ||
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf deleted file mode 100644 index eb24a6dfc0..0000000000 --- a/src/lib/libssl/test/CAssrsa.cnf +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | # create RSA certs - CA | ||
6 | |||
7 | RANDFILE = ./.rnd | ||
8 | |||
9 | #################################################################### | ||
10 | [ req ] | ||
11 | distinguished_name = req_distinguished_name | ||
12 | encrypt_key = no | ||
13 | |||
14 | [ req_distinguished_name ] | ||
15 | countryName = Country Name (2 letter code) | ||
16 | countryName_default = ES | ||
17 | countryName_value = ES | ||
18 | |||
19 | organizationName = Organization Name (eg, company) | ||
20 | organizationName_value = Hermanos Locos | ||
21 | |||
22 | commonName = Common Name (eg, YOUR name) | ||
23 | commonName_value = Hermanos Locos CA | ||
24 | |||
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf deleted file mode 100644 index f5a275bfc2..0000000000 --- a/src/lib/libssl/test/CAtsa.cnf +++ /dev/null | |||
@@ -1,163 +0,0 @@ | |||
1 | |||
2 | # | ||
3 | # This config is used by the Time Stamp Authority tests. | ||
4 | # | ||
5 | |||
6 | RANDFILE = ./.rnd | ||
7 | |||
8 | # Extra OBJECT IDENTIFIER info: | ||
9 | oid_section = new_oids | ||
10 | |||
11 | TSDNSECT = ts_cert_dn | ||
12 | INDEX = 1 | ||
13 | |||
14 | [ new_oids ] | ||
15 | |||
16 | # Policies used by the TSA tests. | ||
17 | tsa_policy1 = 1.2.3.4.1 | ||
18 | tsa_policy2 = 1.2.3.4.5.6 | ||
19 | tsa_policy3 = 1.2.3.4.5.7 | ||
20 | |||
21 | #---------------------------------------------------------------------- | ||
22 | [ ca ] | ||
23 | default_ca = CA_default # The default ca section | ||
24 | |||
25 | [ CA_default ] | ||
26 | |||
27 | dir = ./demoCA | ||
28 | certs = $dir/certs # Where the issued certs are kept | ||
29 | database = $dir/index.txt # database index file. | ||
30 | new_certs_dir = $dir/newcerts # default place for new certs. | ||
31 | |||
32 | certificate = $dir/cacert.pem # The CA certificate | ||
33 | serial = $dir/serial # The current serial number | ||
34 | private_key = $dir/private/cakey.pem# The private key | ||
35 | RANDFILE = $dir/private/.rand # private random number file | ||
36 | |||
37 | default_days = 365 # how long to certify for | ||
38 | default_md = sha1 # which md to use. | ||
39 | preserve = no # keep passed DN ordering | ||
40 | |||
41 | policy = policy_match | ||
42 | |||
43 | # For the CA policy | ||
44 | [ policy_match ] | ||
45 | countryName = supplied | ||
46 | stateOrProvinceName = supplied | ||
47 | organizationName = supplied | ||
48 | organizationalUnitName = optional | ||
49 | commonName = supplied | ||
50 | emailAddress = optional | ||
51 | |||
52 | #---------------------------------------------------------------------- | ||
53 | [ req ] | ||
54 | default_bits = 1024 | ||
55 | default_md = sha1 | ||
56 | distinguished_name = $ENV::TSDNSECT | ||
57 | encrypt_rsa_key = no | ||
58 | prompt = no | ||
59 | # attributes = req_attributes | ||
60 | x509_extensions = v3_ca # The extentions to add to the self signed cert | ||
61 | |||
62 | string_mask = nombstr | ||
63 | |||
64 | [ ts_ca_dn ] | ||
65 | countryName = HU | ||
66 | stateOrProvinceName = Budapest | ||
67 | localityName = Budapest | ||
68 | organizationName = Gov-CA Ltd. | ||
69 | commonName = ca1 | ||
70 | |||
71 | [ ts_cert_dn ] | ||
72 | countryName = HU | ||
73 | stateOrProvinceName = Budapest | ||
74 | localityName = Buda | ||
75 | organizationName = Hun-TSA Ltd. | ||
76 | commonName = tsa$ENV::INDEX | ||
77 | |||
78 | [ tsa_cert ] | ||
79 | |||
80 | # TSA server cert is not a CA cert. | ||
81 | basicConstraints=CA:FALSE | ||
82 | |||
83 | # The following key usage flags are needed for TSA server certificates. | ||
84 | keyUsage = nonRepudiation, digitalSignature | ||
85 | extendedKeyUsage = critical,timeStamping | ||
86 | |||
87 | # PKIX recommendations harmless if included in all certificates. | ||
88 | subjectKeyIdentifier=hash | ||
89 | authorityKeyIdentifier=keyid,issuer:always | ||
90 | |||
91 | [ non_tsa_cert ] | ||
92 | |||
93 | # This is not a CA cert and not a TSA cert, either (timeStamping usage missing) | ||
94 | basicConstraints=CA:FALSE | ||
95 | |||
96 | # The following key usage flags are needed for TSA server certificates. | ||
97 | keyUsage = nonRepudiation, digitalSignature | ||
98 | # timeStamping is not supported by this certificate | ||
99 | # extendedKeyUsage = critical,timeStamping | ||
100 | |||
101 | # PKIX recommendations harmless if included in all certificates. | ||
102 | subjectKeyIdentifier=hash | ||
103 | authorityKeyIdentifier=keyid,issuer:always | ||
104 | |||
105 | [ v3_req ] | ||
106 | |||
107 | # Extensions to add to a certificate request | ||
108 | basicConstraints = CA:FALSE | ||
109 | keyUsage = nonRepudiation, digitalSignature | ||
110 | |||
111 | [ v3_ca ] | ||
112 | |||
113 | # Extensions for a typical CA | ||
114 | |||
115 | subjectKeyIdentifier=hash | ||
116 | authorityKeyIdentifier=keyid:always,issuer:always | ||
117 | basicConstraints = critical,CA:true | ||
118 | keyUsage = cRLSign, keyCertSign | ||
119 | |||
120 | #---------------------------------------------------------------------- | ||
121 | [ tsa ] | ||
122 | |||
123 | default_tsa = tsa_config1 # the default TSA section | ||
124 | |||
125 | [ tsa_config1 ] | ||
126 | |||
127 | # These are used by the TSA reply generation only. | ||
128 | dir = . # TSA root directory | ||
129 | serial = $dir/tsa_serial # The current serial number (mandatory) | ||
130 | signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate | ||
131 | # (optional) | ||
132 | certs = $dir/tsaca.pem # Certificate chain to include in reply | ||
133 | # (optional) | ||
134 | signer_key = $dir/tsa_key1.pem # The TSA private key (optional) | ||
135 | |||
136 | default_policy = tsa_policy1 # Policy if request did not specify it | ||
137 | # (optional) | ||
138 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) | ||
139 | digests = md5, sha1 # Acceptable message digests (mandatory) | ||
140 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional) | ||
141 | ordering = yes # Is ordering defined for timestamps? | ||
142 | # (optional, default: no) | ||
143 | tsa_name = yes # Must the TSA name be included in the reply? | ||
144 | # (optional, default: no) | ||
145 | ess_cert_id_chain = yes # Must the ESS cert id chain be included? | ||
146 | # (optional, default: no) | ||
147 | |||
148 | [ tsa_config2 ] | ||
149 | |||
150 | # This configuration uses a certificate which doesn't have timeStamping usage. | ||
151 | # These are used by the TSA reply generation only. | ||
152 | dir = . # TSA root directory | ||
153 | serial = $dir/tsa_serial # The current serial number (mandatory) | ||
154 | signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate | ||
155 | # (optional) | ||
156 | certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply | ||
157 | # (optional) | ||
158 | signer_key = $dir/tsa_key2.pem # The TSA private key (optional) | ||
159 | |||
160 | default_policy = tsa_policy1 # Policy if request did not specify it | ||
161 | # (optional) | ||
162 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) | ||
163 | digests = md5, sha1 # Acceptable message digests (mandatory) | ||
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf deleted file mode 100644 index 876a0d35f8..0000000000 --- a/src/lib/libssl/test/P1ss.cnf +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | |||
6 | RANDFILE = ./.rnd | ||
7 | |||
8 | #################################################################### | ||
9 | [ req ] | ||
10 | default_bits = 512 | ||
11 | default_keyfile = keySS.pem | ||
12 | distinguished_name = req_distinguished_name | ||
13 | encrypt_rsa_key = no | ||
14 | default_md = md2 | ||
15 | |||
16 | [ req_distinguished_name ] | ||
17 | countryName = Country Name (2 letter code) | ||
18 | countryName_default = AU | ||
19 | countryName_value = AU | ||
20 | |||
21 | organizationName = Organization Name (eg, company) | ||
22 | organizationName_value = Dodgy Brothers | ||
23 | |||
24 | 0.commonName = Common Name (eg, YOUR name) | ||
25 | 0.commonName_value = Brother 1 | ||
26 | |||
27 | 1.commonName = Common Name (eg, YOUR name) | ||
28 | 1.commonName_value = Brother 2 | ||
29 | |||
30 | 2.commonName = Common Name (eg, YOUR name) | ||
31 | 2.commonName_value = Proxy 1 | ||
32 | |||
33 | [ v3_proxy ] | ||
34 | basicConstraints=CA:FALSE | ||
35 | subjectKeyIdentifier=hash | ||
36 | authorityKeyIdentifier=keyid,issuer:always | ||
37 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB | ||
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf deleted file mode 100644 index 373a87e7c2..0000000000 --- a/src/lib/libssl/test/P2ss.cnf +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | |||
6 | RANDFILE = ./.rnd | ||
7 | |||
8 | #################################################################### | ||
9 | [ req ] | ||
10 | default_bits = 512 | ||
11 | default_keyfile = keySS.pem | ||
12 | distinguished_name = req_distinguished_name | ||
13 | encrypt_rsa_key = no | ||
14 | default_md = md2 | ||
15 | |||
16 | [ req_distinguished_name ] | ||
17 | countryName = Country Name (2 letter code) | ||
18 | countryName_default = AU | ||
19 | countryName_value = AU | ||
20 | |||
21 | organizationName = Organization Name (eg, company) | ||
22 | organizationName_value = Dodgy Brothers | ||
23 | |||
24 | 0.commonName = Common Name (eg, YOUR name) | ||
25 | 0.commonName_value = Brother 1 | ||
26 | |||
27 | 1.commonName = Common Name (eg, YOUR name) | ||
28 | 1.commonName_value = Brother 2 | ||
29 | |||
30 | 2.commonName = Common Name (eg, YOUR name) | ||
31 | 2.commonName_value = Proxy 1 | ||
32 | |||
33 | 3.commonName = Common Name (eg, YOUR name) | ||
34 | 3.commonName_value = Proxy 2 | ||
35 | |||
36 | [ v3_proxy ] | ||
37 | basicConstraints=CA:FALSE | ||
38 | subjectKeyIdentifier=hash | ||
39 | authorityKeyIdentifier=keyid,issuer:always | ||
40 | proxyCertInfo=critical,@proxy_ext | ||
41 | |||
42 | [ proxy_ext ] | ||
43 | language=id-ppl-anyLanguage | ||
44 | pathlen=0 | ||
45 | policy=text:BC | ||
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf deleted file mode 100644 index 8e170a28ef..0000000000 --- a/src/lib/libssl/test/Sssdsa.cnf +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | # hacked by iang to do DSA certs - Server | ||
6 | |||
7 | RANDFILE = ./.rnd | ||
8 | |||
9 | #################################################################### | ||
10 | [ req ] | ||
11 | distinguished_name = req_distinguished_name | ||
12 | encrypt_rsa_key = no | ||
13 | |||
14 | [ req_distinguished_name ] | ||
15 | countryName = Country Name (2 letter code) | ||
16 | countryName_default = ES | ||
17 | countryName_value = ES | ||
18 | |||
19 | organizationName = Organization Name (eg, company) | ||
20 | organizationName_value = Tortilleras S.A. | ||
21 | |||
22 | 0.commonName = Common Name (eg, YOUR name) | ||
23 | 0.commonName_value = Torti | ||
24 | |||
25 | 1.commonName = Common Name (eg, YOUR name) | ||
26 | 1.commonName_value = Gordita | ||
27 | |||
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf deleted file mode 100644 index 8c79a03fca..0000000000 --- a/src/lib/libssl/test/Sssrsa.cnf +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | # create RSA certs - Server | ||
6 | |||
7 | RANDFILE = ./.rnd | ||
8 | |||
9 | #################################################################### | ||
10 | [ req ] | ||
11 | distinguished_name = req_distinguished_name | ||
12 | encrypt_key = no | ||
13 | |||
14 | [ req_distinguished_name ] | ||
15 | countryName = Country Name (2 letter code) | ||
16 | countryName_default = ES | ||
17 | countryName_value = ES | ||
18 | |||
19 | organizationName = Organization Name (eg, company) | ||
20 | organizationName_value = Tortilleras S.A. | ||
21 | |||
22 | 0.commonName = Common Name (eg, YOUR name) | ||
23 | 0.commonName_value = Torti | ||
24 | |||
25 | 1.commonName = Common Name (eg, YOUR name) | ||
26 | 1.commonName_value = Gordita | ||
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf deleted file mode 100644 index 98b2e054b7..0000000000 --- a/src/lib/libssl/test/Uss.cnf +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | |||
6 | RANDFILE = ./.rnd | ||
7 | |||
8 | #################################################################### | ||
9 | [ req ] | ||
10 | default_bits = 1024 | ||
11 | default_keyfile = keySS.pem | ||
12 | distinguished_name = req_distinguished_name | ||
13 | encrypt_rsa_key = no | ||
14 | default_md = md2 | ||
15 | |||
16 | [ req_distinguished_name ] | ||
17 | countryName = Country Name (2 letter code) | ||
18 | countryName_default = AU | ||
19 | countryName_value = AU | ||
20 | |||
21 | organizationName = Organization Name (eg, company) | ||
22 | organizationName_value = Dodgy Brothers | ||
23 | |||
24 | 0.commonName = Common Name (eg, YOUR name) | ||
25 | 0.commonName_value = Brother 1 | ||
26 | |||
27 | 1.commonName = Common Name (eg, YOUR name) | ||
28 | 1.commonName_value = Brother 2 | ||
29 | |||
30 | [ v3_ee ] | ||
31 | subjectKeyIdentifier=hash | ||
32 | authorityKeyIdentifier=keyid,issuer:always | ||
33 | basicConstraints = CA:false | ||
34 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
35 | issuerAltName=issuer:copy | ||
36 | |||
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1 deleted file mode 100644 index 8b13789179..0000000000 --- a/src/lib/libssl/test/VMSca-response.1 +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | |||
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2 deleted file mode 100644 index 9b48ee4cf9..0000000000 --- a/src/lib/libssl/test/VMSca-response.2 +++ /dev/null | |||
@@ -1,2 +0,0 @@ | |||
1 | y | ||
2 | y | ||
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c deleted file mode 100755 index 9f53d80344..0000000000 --- a/src/lib/libssl/test/asn1test.c +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | #include <openssl/x509.h> | ||
2 | #include <openssl/asn1_mac.h> | ||
3 | |||
4 | typedef struct X | ||
5 | { | ||
6 | STACK_OF(X509_EXTENSION) *ext; | ||
7 | } X; | ||
8 | |||
9 | /* This isn't meant to run particularly, it's just to test type checking */ | ||
10 | int main(int argc, char **argv) | ||
11 | { | ||
12 | X *x = NULL; | ||
13 | unsigned char **pp = NULL; | ||
14 | |||
15 | M_ASN1_I2D_vars(x); | ||
16 | M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext, | ||
17 | i2d_X509_EXTENSION); | ||
18 | M_ASN1_I2D_seq_total(); | ||
19 | M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext, | ||
20 | i2d_X509_EXTENSION); | ||
21 | M_ASN1_I2D_finish(); | ||
22 | } | ||
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest deleted file mode 100644 index bdb3218f7a..0000000000 --- a/src/lib/libssl/test/bctest +++ /dev/null | |||
@@ -1,111 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | # This script is used by test/Makefile.ssl to check whether a sane 'bc' | ||
4 | # is installed. | ||
5 | # ('make test_bn' should not try to run 'bc' if it does not exist or if | ||
6 | # it is a broken 'bc' version that is known to cause trouble.) | ||
7 | # | ||
8 | # If 'bc' works, we also test if it knows the 'print' command. | ||
9 | # | ||
10 | # In any case, output an appropriate command line for running (or not | ||
11 | # running) bc. | ||
12 | |||
13 | |||
14 | IFS=: | ||
15 | try_without_dir=true | ||
16 | # First we try "bc", then "$dir/bc" for each item in $PATH. | ||
17 | for dir in dummy:$PATH; do | ||
18 | if [ "$try_without_dir" = true ]; then | ||
19 | # first iteration | ||
20 | bc=bc | ||
21 | try_without_dir=false | ||
22 | else | ||
23 | # second and later iterations | ||
24 | bc="$dir/bc" | ||
25 | if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix | ||
26 | bc='' | ||
27 | fi | ||
28 | fi | ||
29 | |||
30 | if [ ! "$bc" = '' ]; then | ||
31 | failure=none | ||
32 | |||
33 | |||
34 | # Test for SunOS 5.[78] bc bug | ||
35 | "$bc" >tmp.bctest <<\EOF | ||
36 | obase=16 | ||
37 | ibase=16 | ||
38 | a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ | ||
39 | CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ | ||
40 | 10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ | ||
41 | C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ | ||
42 | 3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ | ||
43 | 4FC3CADF855448B24A9D7640BCF473E | ||
44 | b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ | ||
45 | 9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ | ||
46 | 8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ | ||
47 | 3ED0E2017D60A68775B75481449 | ||
48 | (a/b)*b + (a%b) - a | ||
49 | EOF | ||
50 | if [ 0 != "`cat tmp.bctest`" ]; then | ||
51 | failure=SunOStest | ||
52 | fi | ||
53 | |||
54 | |||
55 | if [ "$failure" = none ]; then | ||
56 | # Test for SCO bc bug. | ||
57 | "$bc" >tmp.bctest <<\EOF | ||
58 | obase=16 | ||
59 | ibase=16 | ||
60 | -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ | ||
61 | 9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ | ||
62 | 11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ | ||
63 | 1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ | ||
64 | AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ | ||
65 | F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ | ||
66 | B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ | ||
67 | 02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ | ||
68 | 85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ | ||
69 | A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ | ||
70 | E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ | ||
71 | 8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ | ||
72 | 04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ | ||
73 | 89C8D71 | ||
74 | AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ | ||
75 | 928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ | ||
76 | 8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ | ||
77 | 37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ | ||
78 | E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ | ||
79 | F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ | ||
80 | 9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ | ||
81 | D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ | ||
82 | 5296964 | ||
83 | EOF | ||
84 | if [ "0 | ||
85 | 0" != "`cat tmp.bctest`" ]; then | ||
86 | failure=SCOtest | ||
87 | fi | ||
88 | fi | ||
89 | |||
90 | |||
91 | if [ "$failure" = none ]; then | ||
92 | # bc works; now check if it knows the 'print' command. | ||
93 | if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] | ||
94 | then | ||
95 | echo "$bc" | ||
96 | else | ||
97 | echo "sed 's/print.*//' | $bc" | ||
98 | fi | ||
99 | exit 0 | ||
100 | fi | ||
101 | |||
102 | echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 | ||
103 | fi | ||
104 | done | ||
105 | |||
106 | echo "No working bc found. Consider installing GNU bc." >&2 | ||
107 | if [ "$1" = ignore ]; then | ||
108 | echo "cat >/dev/null" | ||
109 | exit 0 | ||
110 | fi | ||
111 | exit 1 | ||
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl deleted file mode 100644 index 2e95b48ba4..0000000000 --- a/src/lib/libssl/test/cms-examples.pl +++ /dev/null | |||
@@ -1,409 +0,0 @@ | |||
1 | # test/cms-examples.pl | ||
2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
3 | # project. | ||
4 | # | ||
5 | # ==================================================================== | ||
6 | # Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
7 | # | ||
8 | # Redistribution and use in source and binary forms, with or without | ||
9 | # modification, are permitted provided that the following conditions | ||
10 | # are met: | ||
11 | # | ||
12 | # 1. Redistributions of source code must retain the above copyright | ||
13 | # notice, this list of conditions and the following disclaimer. | ||
14 | # | ||
15 | # 2. Redistributions in binary form must reproduce the above copyright | ||
16 | # notice, this list of conditions and the following disclaimer in | ||
17 | # the documentation and/or other materials provided with the | ||
18 | # distribution. | ||
19 | # | ||
20 | # 3. All advertising materials mentioning features or use of this | ||
21 | # software must display the following acknowledgment: | ||
22 | # "This product includes software developed by the OpenSSL Project | ||
23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | # | ||
25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | # endorse or promote products derived from this software without | ||
27 | # prior written permission. For written permission, please contact | ||
28 | # licensing@OpenSSL.org. | ||
29 | # | ||
30 | # 5. Products derived from this software may not be called "OpenSSL" | ||
31 | # nor may "OpenSSL" appear in their names without prior written | ||
32 | # permission of the OpenSSL Project. | ||
33 | # | ||
34 | # 6. Redistributions of any form whatsoever must retain the following | ||
35 | # acknowledgment: | ||
36 | # "This product includes software developed by the OpenSSL Project | ||
37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | # | ||
39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | # ==================================================================== | ||
52 | |||
53 | # Perl script to run tests against S/MIME examples in RFC4134 | ||
54 | # Assumes RFC is in current directory and called "rfc4134.txt" | ||
55 | |||
56 | use MIME::Base64; | ||
57 | |||
58 | my $badttest = 0; | ||
59 | my $verbose = 1; | ||
60 | |||
61 | my $cmscmd; | ||
62 | my $exdir = "./"; | ||
63 | my $exfile = "./rfc4134.txt"; | ||
64 | |||
65 | if (-f "../apps/openssl") | ||
66 | { | ||
67 | $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; | ||
68 | } | ||
69 | elsif (-f "..\\out32dll\\openssl.exe") | ||
70 | { | ||
71 | $cmscmd = "..\\out32dll\\openssl.exe cms"; | ||
72 | } | ||
73 | elsif (-f "..\\out32\\openssl.exe") | ||
74 | { | ||
75 | $cmscmd = "..\\out32\\openssl.exe cms"; | ||
76 | } | ||
77 | |||
78 | my @test_list = ( | ||
79 | [ "3.1.bin" => "dataout" ], | ||
80 | [ "3.2.bin" => "encode, dataout" ], | ||
81 | [ "4.1.bin" => "encode, verifyder, cont, dss" ], | ||
82 | [ "4.2.bin" => "encode, verifyder, cont, rsa" ], | ||
83 | [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], | ||
84 | [ "4.4.bin" => "encode, verifyder, cont, dss" ], | ||
85 | [ "4.5.bin" => "verifyder, cont, rsa" ], | ||
86 | [ "4.6.bin" => "encode, verifyder, cont, dss" ], | ||
87 | [ "4.7.bin" => "encode, verifyder, cont, dss" ], | ||
88 | [ "4.8.eml" => "verifymime, dss" ], | ||
89 | [ "4.9.eml" => "verifymime, dss" ], | ||
90 | [ "4.10.bin" => "encode, verifyder, cont, dss" ], | ||
91 | [ "4.11.bin" => "encode, certsout" ], | ||
92 | [ "5.1.bin" => "encode, envelopeder, cont" ], | ||
93 | [ "5.2.bin" => "encode, envelopeder, cont" ], | ||
94 | [ "5.3.eml" => "envelopemime, cont" ], | ||
95 | [ "6.0.bin" => "encode, digest, cont" ], | ||
96 | [ "7.1.bin" => "encode, encrypted, cont" ], | ||
97 | [ "7.2.bin" => "encode, encrypted, cont" ] | ||
98 | ); | ||
99 | |||
100 | # Extract examples from RFC4134 text. | ||
101 | # Base64 decode all examples, certificates and | ||
102 | # private keys are converted to PEM format. | ||
103 | |||
104 | my ( $filename, $data ); | ||
105 | |||
106 | my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); | ||
107 | |||
108 | $data = ""; | ||
109 | |||
110 | open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; | ||
111 | |||
112 | while (<IN>) { | ||
113 | next unless (/^\|/); | ||
114 | s/^\|//; | ||
115 | next if (/^\*/); | ||
116 | if (/^>(.*)$/) { | ||
117 | $filename = $1; | ||
118 | next; | ||
119 | } | ||
120 | if (/^</) { | ||
121 | $filename = "$exdir/$filename"; | ||
122 | if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) { | ||
123 | $data = decode_base64($data); | ||
124 | open OUT, ">$filename"; | ||
125 | binmode OUT; | ||
126 | print OUT $data; | ||
127 | close OUT; | ||
128 | push @cleanup, $filename; | ||
129 | } | ||
130 | elsif ( $filename =~ /\.cer$/ ) { | ||
131 | write_pem( $filename, "CERTIFICATE", $data ); | ||
132 | } | ||
133 | elsif ( $filename =~ /\.pri$/ ) { | ||
134 | write_pem( $filename, "PRIVATE KEY", $data ); | ||
135 | } | ||
136 | $data = ""; | ||
137 | $filename = ""; | ||
138 | } | ||
139 | else { | ||
140 | $data .= $_; | ||
141 | } | ||
142 | |||
143 | } | ||
144 | |||
145 | my $secretkey = | ||
146 | "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; | ||
147 | |||
148 | foreach (@test_list) { | ||
149 | my ( $file, $tlist ) = @$_; | ||
150 | print "Example file $file:\n"; | ||
151 | if ( $tlist =~ /encode/ ) { | ||
152 | run_reencode_test( $exdir, $file ); | ||
153 | } | ||
154 | if ( $tlist =~ /certsout/ ) { | ||
155 | run_certsout_test( $exdir, $file ); | ||
156 | } | ||
157 | if ( $tlist =~ /dataout/ ) { | ||
158 | run_dataout_test( $exdir, $file ); | ||
159 | } | ||
160 | if ( $tlist =~ /verify/ ) { | ||
161 | run_verify_test( $exdir, $tlist, $file ); | ||
162 | } | ||
163 | if ( $tlist =~ /digest/ ) { | ||
164 | run_digest_test( $exdir, $tlist, $file ); | ||
165 | } | ||
166 | if ( $tlist =~ /encrypted/ ) { | ||
167 | run_encrypted_test( $exdir, $tlist, $file, $secretkey ); | ||
168 | } | ||
169 | if ( $tlist =~ /envelope/ ) { | ||
170 | run_envelope_test( $exdir, $tlist, $file ); | ||
171 | } | ||
172 | |||
173 | } | ||
174 | |||
175 | foreach (@cleanup) { | ||
176 | unlink $_; | ||
177 | } | ||
178 | |||
179 | if ($badtest) { | ||
180 | print "\n$badtest TESTS FAILED!!\n"; | ||
181 | } | ||
182 | else { | ||
183 | print "\n***All tests successful***\n"; | ||
184 | } | ||
185 | |||
186 | sub write_pem { | ||
187 | my ( $filename, $str, $data ) = @_; | ||
188 | |||
189 | $filename =~ s/\.[^.]*$/.pem/; | ||
190 | |||
191 | push @cleanup, $filename; | ||
192 | |||
193 | open OUT, ">$filename"; | ||
194 | |||
195 | print OUT "-----BEGIN $str-----\n"; | ||
196 | print OUT $data; | ||
197 | print OUT "-----END $str-----\n"; | ||
198 | |||
199 | close OUT; | ||
200 | } | ||
201 | |||
202 | sub run_reencode_test { | ||
203 | my ( $cmsdir, $tfile ) = @_; | ||
204 | unlink "tmp.der"; | ||
205 | |||
206 | system( "$cmscmd -cmsout -inform DER -outform DER" | ||
207 | . " -in $cmsdir/$tfile -out tmp.der" ); | ||
208 | |||
209 | if ($?) { | ||
210 | print "\tReencode command FAILED!!\n"; | ||
211 | $badtest++; | ||
212 | } | ||
213 | elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { | ||
214 | print "\tReencode FAILED!!\n"; | ||
215 | $badtest++; | ||
216 | } | ||
217 | else { | ||
218 | print "\tReencode passed\n" if $verbose; | ||
219 | } | ||
220 | } | ||
221 | |||
222 | sub run_certsout_test { | ||
223 | my ( $cmsdir, $tfile ) = @_; | ||
224 | unlink "tmp.der"; | ||
225 | unlink "tmp.pem"; | ||
226 | |||
227 | system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" | ||
228 | . " -in $cmsdir/$tfile -out tmp.der" ); | ||
229 | |||
230 | if ($?) { | ||
231 | print "\tCertificate output command FAILED!!\n"; | ||
232 | $badtest++; | ||
233 | } | ||
234 | else { | ||
235 | print "\tCertificate output passed\n" if $verbose; | ||
236 | } | ||
237 | } | ||
238 | |||
239 | sub run_dataout_test { | ||
240 | my ( $cmsdir, $tfile ) = @_; | ||
241 | unlink "tmp.txt"; | ||
242 | |||
243 | system( | ||
244 | "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); | ||
245 | |||
246 | if ($?) { | ||
247 | print "\tDataout command FAILED!!\n"; | ||
248 | $badtest++; | ||
249 | } | ||
250 | elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { | ||
251 | print "\tDataout compare FAILED!!\n"; | ||
252 | $badtest++; | ||
253 | } | ||
254 | else { | ||
255 | print "\tDataout passed\n" if $verbose; | ||
256 | } | ||
257 | } | ||
258 | |||
259 | sub run_verify_test { | ||
260 | my ( $cmsdir, $tlist, $tfile ) = @_; | ||
261 | unlink "tmp.txt"; | ||
262 | |||
263 | $form = "DER" if $tlist =~ /verifyder/; | ||
264 | $form = "SMIME" if $tlist =~ /verifymime/; | ||
265 | $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; | ||
266 | $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; | ||
267 | |||
268 | $cmd = | ||
269 | "$cmscmd -verify -inform $form" | ||
270 | . " -CAfile $cafile" | ||
271 | . " -in $cmsdir/$tfile -out tmp.txt"; | ||
272 | |||
273 | $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; | ||
274 | |||
275 | system("$cmd 2>cms.err 1>cms.out"); | ||
276 | |||
277 | if ($?) { | ||
278 | print "\tVerify command FAILED!!\n"; | ||
279 | $badtest++; | ||
280 | } | ||
281 | elsif ( $tlist =~ /cont/ | ||
282 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
283 | { | ||
284 | print "\tVerify content compare FAILED!!\n"; | ||
285 | $badtest++; | ||
286 | } | ||
287 | else { | ||
288 | print "\tVerify passed\n" if $verbose; | ||
289 | } | ||
290 | } | ||
291 | |||
292 | sub run_envelope_test { | ||
293 | my ( $cmsdir, $tlist, $tfile ) = @_; | ||
294 | unlink "tmp.txt"; | ||
295 | |||
296 | $form = "DER" if $tlist =~ /envelopeder/; | ||
297 | $form = "SMIME" if $tlist =~ /envelopemime/; | ||
298 | |||
299 | $cmd = | ||
300 | "$cmscmd -decrypt -inform $form" | ||
301 | . " -recip $cmsdir/BobRSASignByCarl.pem" | ||
302 | . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" | ||
303 | . " -in $cmsdir/$tfile -out tmp.txt"; | ||
304 | |||
305 | system("$cmd 2>cms.err 1>cms.out"); | ||
306 | |||
307 | if ($?) { | ||
308 | print "\tDecrypt command FAILED!!\n"; | ||
309 | $badtest++; | ||
310 | } | ||
311 | elsif ( $tlist =~ /cont/ | ||
312 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
313 | { | ||
314 | print "\tDecrypt content compare FAILED!!\n"; | ||
315 | $badtest++; | ||
316 | } | ||
317 | else { | ||
318 | print "\tDecrypt passed\n" if $verbose; | ||
319 | } | ||
320 | } | ||
321 | |||
322 | sub run_digest_test { | ||
323 | my ( $cmsdir, $tlist, $tfile ) = @_; | ||
324 | unlink "tmp.txt"; | ||
325 | |||
326 | my $cmd = | ||
327 | "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; | ||
328 | |||
329 | system("$cmd 2>cms.err 1>cms.out"); | ||
330 | |||
331 | if ($?) { | ||
332 | print "\tDigest verify command FAILED!!\n"; | ||
333 | $badtest++; | ||
334 | } | ||
335 | elsif ( $tlist =~ /cont/ | ||
336 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
337 | { | ||
338 | print "\tDigest verify content compare FAILED!!\n"; | ||
339 | $badtest++; | ||
340 | } | ||
341 | else { | ||
342 | print "\tDigest verify passed\n" if $verbose; | ||
343 | } | ||
344 | } | ||
345 | |||
346 | sub run_encrypted_test { | ||
347 | my ( $cmsdir, $tlist, $tfile, $key ) = @_; | ||
348 | unlink "tmp.txt"; | ||
349 | |||
350 | system( "$cmscmd -EncryptedData_decrypt -inform DER" | ||
351 | . " -secretkey $key" | ||
352 | . " -in $cmsdir/$tfile -out tmp.txt" ); | ||
353 | |||
354 | if ($?) { | ||
355 | print "\tEncrypted Data command FAILED!!\n"; | ||
356 | $badtest++; | ||
357 | } | ||
358 | elsif ( $tlist =~ /cont/ | ||
359 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
360 | { | ||
361 | print "\tEncrypted Data content compare FAILED!!\n"; | ||
362 | $badtest++; | ||
363 | } | ||
364 | else { | ||
365 | print "\tEncryptedData verify passed\n" if $verbose; | ||
366 | } | ||
367 | } | ||
368 | |||
369 | sub cmp_files { | ||
370 | my ( $f1, $f2 ) = @_; | ||
371 | my ( $fp1, $fp2 ); | ||
372 | |||
373 | my ( $rd1, $rd2 ); | ||
374 | |||
375 | if ( !open( $fp1, "<$f1" ) ) { | ||
376 | print STDERR "Can't Open file $f1\n"; | ||
377 | return 0; | ||
378 | } | ||
379 | |||
380 | if ( !open( $fp2, "<$f2" ) ) { | ||
381 | print STDERR "Can't Open file $f2\n"; | ||
382 | return 0; | ||
383 | } | ||
384 | |||
385 | binmode $fp1; | ||
386 | binmode $fp2; | ||
387 | |||
388 | my $ret = 0; | ||
389 | |||
390 | for ( ; ; ) { | ||
391 | $n1 = sysread $fp1, $rd1, 4096; | ||
392 | $n2 = sysread $fp2, $rd2, 4096; | ||
393 | last if ( $n1 != $n2 ); | ||
394 | last if ( $rd1 ne $rd2 ); | ||
395 | |||
396 | if ( $n1 == 0 ) { | ||
397 | $ret = 1; | ||
398 | last; | ||
399 | } | ||
400 | |||
401 | } | ||
402 | |||
403 | close $fp1; | ||
404 | close $fp2; | ||
405 | |||
406 | return $ret; | ||
407 | |||
408 | } | ||
409 | |||
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl deleted file mode 100644 index c938bcf00d..0000000000 --- a/src/lib/libssl/test/cms-test.pl +++ /dev/null | |||
@@ -1,457 +0,0 @@ | |||
1 | # test/cms-test.pl | ||
2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
3 | # project. | ||
4 | # | ||
5 | # ==================================================================== | ||
6 | # Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
7 | # | ||
8 | # Redistribution and use in source and binary forms, with or without | ||
9 | # modification, are permitted provided that the following conditions | ||
10 | # are met: | ||
11 | # | ||
12 | # 1. Redistributions of source code must retain the above copyright | ||
13 | # notice, this list of conditions and the following disclaimer. | ||
14 | # | ||
15 | # 2. Redistributions in binary form must reproduce the above copyright | ||
16 | # notice, this list of conditions and the following disclaimer in | ||
17 | # the documentation and/or other materials provided with the | ||
18 | # distribution. | ||
19 | # | ||
20 | # 3. All advertising materials mentioning features or use of this | ||
21 | # software must display the following acknowledgment: | ||
22 | # "This product includes software developed by the OpenSSL Project | ||
23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | # | ||
25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | # endorse or promote products derived from this software without | ||
27 | # prior written permission. For written permission, please contact | ||
28 | # licensing@OpenSSL.org. | ||
29 | # | ||
30 | # 5. Products derived from this software may not be called "OpenSSL" | ||
31 | # nor may "OpenSSL" appear in their names without prior written | ||
32 | # permission of the OpenSSL Project. | ||
33 | # | ||
34 | # 6. Redistributions of any form whatsoever must retain the following | ||
35 | # acknowledgment: | ||
36 | # "This product includes software developed by the OpenSSL Project | ||
37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | # | ||
39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | # ==================================================================== | ||
52 | |||
53 | # CMS, PKCS7 consistency test script. Run extensive tests on | ||
54 | # OpenSSL PKCS#7 and CMS implementations. | ||
55 | |||
56 | my $ossl_path; | ||
57 | my $redir = " 2> cms.err > cms.out"; | ||
58 | # Make VMS work | ||
59 | if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { | ||
60 | $ossl_path = "pipe mcr OSSLX:openssl"; | ||
61 | } | ||
62 | # Make MSYS work | ||
63 | elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { | ||
64 | $ossl_path = "cmd /c ..\\apps\\openssl"; | ||
65 | } | ||
66 | elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { | ||
67 | $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; | ||
68 | } | ||
69 | elsif ( -f "..\\out32dll\\openssl.exe" ) { | ||
70 | $ossl_path = "..\\out32dll\\openssl.exe"; | ||
71 | } | ||
72 | elsif ( -f "..\\out32\\openssl.exe" ) { | ||
73 | $ossl_path = "..\\out32\\openssl.exe"; | ||
74 | } | ||
75 | else { | ||
76 | die "Can't find OpenSSL executable"; | ||
77 | } | ||
78 | |||
79 | my $pk7cmd = "$ossl_path smime "; | ||
80 | my $cmscmd = "$ossl_path cms "; | ||
81 | my $smdir = "smime-certs"; | ||
82 | my $halt_err = 1; | ||
83 | |||
84 | my $badcmd = 0; | ||
85 | my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; | ||
86 | |||
87 | my @smime_pkcs7_tests = ( | ||
88 | |||
89 | [ | ||
90 | "signed content DER format, RSA key", | ||
91 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
92 | . " -certfile $smdir/smroot.pem" | ||
93 | . " -signer $smdir/smrsa1.pem -out test.cms", | ||
94 | "-verify -in test.cms -inform \"DER\" " | ||
95 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
96 | ], | ||
97 | |||
98 | [ | ||
99 | "signed detached content DER format, RSA key", | ||
100 | "-sign -in smcont.txt -outform \"DER\"" | ||
101 | . " -signer $smdir/smrsa1.pem -out test.cms", | ||
102 | "-verify -in test.cms -inform \"DER\" " | ||
103 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
104 | ], | ||
105 | |||
106 | [ | ||
107 | "signed content test streaming BER format, RSA", | ||
108 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
109 | . " -stream -signer $smdir/smrsa1.pem -out test.cms", | ||
110 | "-verify -in test.cms -inform \"DER\" " | ||
111 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
112 | ], | ||
113 | |||
114 | [ | ||
115 | "signed content DER format, DSA key", | ||
116 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
117 | . " -signer $smdir/smdsa1.pem -out test.cms", | ||
118 | "-verify -in test.cms -inform \"DER\" " | ||
119 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
120 | ], | ||
121 | |||
122 | [ | ||
123 | "signed detached content DER format, DSA key", | ||
124 | "-sign -in smcont.txt -outform \"DER\"" | ||
125 | . " -signer $smdir/smdsa1.pem -out test.cms", | ||
126 | "-verify -in test.cms -inform \"DER\" " | ||
127 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
128 | ], | ||
129 | |||
130 | [ | ||
131 | "signed detached content DER format, add RSA signer", | ||
132 | "-resign -inform \"DER\" -in test.cms -outform \"DER\"" | ||
133 | . " -signer $smdir/smrsa1.pem -out test2.cms", | ||
134 | "-verify -in test2.cms -inform \"DER\" " | ||
135 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
136 | ], | ||
137 | |||
138 | [ | ||
139 | "signed content test streaming BER format, DSA key", | ||
140 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
141 | . " -stream -signer $smdir/smdsa1.pem -out test.cms", | ||
142 | "-verify -in test.cms -inform \"DER\" " | ||
143 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
144 | ], | ||
145 | |||
146 | [ | ||
147 | "signed content test streaming BER format, 2 DSA and 2 RSA keys", | ||
148 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
149 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
150 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
151 | . " -stream -out test.cms", | ||
152 | "-verify -in test.cms -inform \"DER\" " | ||
153 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
154 | ], | ||
155 | |||
156 | [ | ||
157 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", | ||
158 | "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" | ||
159 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
160 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
161 | . " -stream -out test.cms", | ||
162 | "-verify -in test.cms -inform \"DER\" " | ||
163 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
164 | ], | ||
165 | |||
166 | [ | ||
167 | "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", | ||
168 | "-sign -in smcont.txt -nodetach" | ||
169 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
170 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
171 | . " -stream -out test.cms", | ||
172 | "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
173 | ], | ||
174 | |||
175 | [ | ||
176 | "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", | ||
177 | "-sign -in smcont.txt" | ||
178 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
179 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
180 | . " -stream -out test.cms", | ||
181 | "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
182 | ], | ||
183 | |||
184 | [ | ||
185 | "enveloped content test streaming S/MIME format, 3 recipients", | ||
186 | "-encrypt -in smcont.txt" | ||
187 | . " -stream -out test.cms" | ||
188 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
189 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
190 | ], | ||
191 | |||
192 | [ | ||
193 | "enveloped content test streaming S/MIME format, 3 recipients, 3rd used", | ||
194 | "-encrypt -in smcont.txt" | ||
195 | . " -stream -out test.cms" | ||
196 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
197 | "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" | ||
198 | ], | ||
199 | |||
200 | [ | ||
201 | "enveloped content test streaming S/MIME format, 3 recipients, key only used", | ||
202 | "-encrypt -in smcont.txt" | ||
203 | . " -stream -out test.cms" | ||
204 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
205 | "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" | ||
206 | ], | ||
207 | |||
208 | [ | ||
209 | "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", | ||
210 | "-encrypt -in smcont.txt" | ||
211 | . " -aes256 -stream -out test.cms" | ||
212 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
213 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
214 | ], | ||
215 | |||
216 | ); | ||
217 | |||
218 | my @smime_cms_tests = ( | ||
219 | |||
220 | [ | ||
221 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", | ||
222 | "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" | ||
223 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
224 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
225 | . " -stream -out test.cms", | ||
226 | "-verify -in test.cms -inform \"DER\" " | ||
227 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
228 | ], | ||
229 | |||
230 | [ | ||
231 | "signed content test streaming PEM format, 2 DSA and 2 RSA keys", | ||
232 | "-sign -in smcont.txt -outform PEM -nodetach" | ||
233 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
234 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
235 | . " -stream -out test.cms", | ||
236 | "-verify -in test.cms -inform PEM " | ||
237 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
238 | ], | ||
239 | |||
240 | [ | ||
241 | "signed content MIME format, RSA key, signed receipt request", | ||
242 | "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" | ||
243 | . " -receipt_request_to test\@openssl.org -receipt_request_all" | ||
244 | . " -out test.cms", | ||
245 | "-verify -in test.cms " | ||
246 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
247 | ], | ||
248 | |||
249 | [ | ||
250 | "signed receipt MIME format, RSA key", | ||
251 | "-sign_receipt -in test.cms" | ||
252 | . " -signer $smdir/smrsa2.pem" | ||
253 | . " -out test2.cms", | ||
254 | "-verify_receipt test2.cms -in test.cms" | ||
255 | . " \"-CAfile\" $smdir/smroot.pem" | ||
256 | ], | ||
257 | |||
258 | [ | ||
259 | "enveloped content test streaming S/MIME format, 3 recipients, keyid", | ||
260 | "-encrypt -in smcont.txt" | ||
261 | . " -stream -out test.cms -keyid" | ||
262 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
263 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
264 | ], | ||
265 | |||
266 | [ | ||
267 | "enveloped content test streaming PEM format, KEK", | ||
268 | "-encrypt -in smcont.txt -outform PEM -aes128" | ||
269 | . " -stream -out test.cms " | ||
270 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
271 | . " -secretkeyid C0FEE0", | ||
272 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | ||
273 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
274 | . " -secretkeyid C0FEE0" | ||
275 | ], | ||
276 | |||
277 | [ | ||
278 | "enveloped content test streaming PEM format, KEK, key only", | ||
279 | "-encrypt -in smcont.txt -outform PEM -aes128" | ||
280 | . " -stream -out test.cms " | ||
281 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
282 | . " -secretkeyid C0FEE0", | ||
283 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | ||
284 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
285 | ], | ||
286 | |||
287 | [ | ||
288 | "data content test streaming PEM format", | ||
289 | "-data_create -in smcont.txt -outform PEM -nodetach" | ||
290 | . " -stream -out test.cms", | ||
291 | "-data_out -in test.cms -inform PEM -out smtst.txt" | ||
292 | ], | ||
293 | |||
294 | [ | ||
295 | "encrypted content test streaming PEM format, 128 bit RC2 key", | ||
296 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
297 | . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" | ||
298 | . " -stream -out test.cms", | ||
299 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
300 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" | ||
301 | ], | ||
302 | |||
303 | [ | ||
304 | "encrypted content test streaming PEM format, 40 bit RC2 key", | ||
305 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
306 | . " -rc2 -secretkey 0001020304" | ||
307 | . " -stream -out test.cms", | ||
308 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
309 | . " -secretkey 0001020304 -out smtst.txt" | ||
310 | ], | ||
311 | |||
312 | [ | ||
313 | "encrypted content test streaming PEM format, triple DES key", | ||
314 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
315 | . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" | ||
316 | . " -stream -out test.cms", | ||
317 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
318 | . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" | ||
319 | . " -out smtst.txt" | ||
320 | ], | ||
321 | |||
322 | [ | ||
323 | "encrypted content test streaming PEM format, 128 bit AES key", | ||
324 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
325 | . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" | ||
326 | . " -stream -out test.cms", | ||
327 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
328 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" | ||
329 | ], | ||
330 | |||
331 | ); | ||
332 | |||
333 | my @smime_cms_comp_tests = ( | ||
334 | |||
335 | [ | ||
336 | "compressed content test streaming PEM format", | ||
337 | "-compress -in smcont.txt -outform PEM -nodetach" | ||
338 | . " -stream -out test.cms", | ||
339 | "-uncompress -in test.cms -inform PEM -out smtst.txt" | ||
340 | ] | ||
341 | |||
342 | ); | ||
343 | |||
344 | print "CMS => PKCS#7 compatibility tests\n"; | ||
345 | |||
346 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); | ||
347 | |||
348 | print "CMS <= PKCS#7 compatibility tests\n"; | ||
349 | |||
350 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); | ||
351 | |||
352 | print "CMS <=> CMS consistency tests\n"; | ||
353 | |||
354 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); | ||
355 | run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); | ||
356 | |||
357 | if ( `$ossl_path version -f` =~ /ZLIB/ ) { | ||
358 | run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); | ||
359 | } | ||
360 | else { | ||
361 | print "Zlib not supported: compression tests skipped\n"; | ||
362 | } | ||
363 | |||
364 | print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); | ||
365 | |||
366 | if ($badcmd) { | ||
367 | print "$badcmd TESTS FAILED!!\n"; | ||
368 | } | ||
369 | else { | ||
370 | print "ALL TESTS SUCCESSFUL.\n"; | ||
371 | } | ||
372 | |||
373 | unlink "test.cms"; | ||
374 | unlink "test2.cms"; | ||
375 | unlink "smtst.txt"; | ||
376 | unlink "cms.out"; | ||
377 | unlink "cms.err"; | ||
378 | |||
379 | sub run_smime_tests { | ||
380 | my ( $rv, $aref, $scmd, $vcmd ) = @_; | ||
381 | |||
382 | foreach $smtst (@$aref) { | ||
383 | my ( $tnam, $rscmd, $rvcmd ) = @$smtst; | ||
384 | if ($ossl8) | ||
385 | { | ||
386 | # Skip smime resign: 0.9.8 smime doesn't support -resign | ||
387 | next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); | ||
388 | # Disable streaming: option not supported in 0.9.8 | ||
389 | $tnam =~ s/streaming//; | ||
390 | $rscmd =~ s/-stream//; | ||
391 | $rvcmd =~ s/-stream//; | ||
392 | } | ||
393 | system("$scmd$rscmd$redir"); | ||
394 | if ($?) { | ||
395 | print "$tnam: generation error\n"; | ||
396 | $$rv++; | ||
397 | exit 1 if $halt_err; | ||
398 | next; | ||
399 | } | ||
400 | system("$vcmd$rvcmd$redir"); | ||
401 | if ($?) { | ||
402 | print "$tnam: verify error\n"; | ||
403 | $$rv++; | ||
404 | exit 1 if $halt_err; | ||
405 | next; | ||
406 | } | ||
407 | if (!cmp_files("smtst.txt", "smcont.txt")) { | ||
408 | print "$tnam: content verify error\n"; | ||
409 | $$rv++; | ||
410 | exit 1 if $halt_err; | ||
411 | next; | ||
412 | } | ||
413 | print "$tnam: OK\n"; | ||
414 | } | ||
415 | } | ||
416 | |||
417 | sub cmp_files { | ||
418 | my ( $f1, $f2 ) = @_; | ||
419 | my ( $fp1, $fp2 ); | ||
420 | |||
421 | my ( $rd1, $rd2 ); | ||
422 | |||
423 | if ( !open( $fp1, "<$f1" ) ) { | ||
424 | print STDERR "Can't Open file $f1\n"; | ||
425 | return 0; | ||
426 | } | ||
427 | |||
428 | if ( !open( $fp2, "<$f2" ) ) { | ||
429 | print STDERR "Can't Open file $f2\n"; | ||
430 | return 0; | ||
431 | } | ||
432 | |||
433 | binmode $fp1; | ||
434 | binmode $fp2; | ||
435 | |||
436 | my $ret = 0; | ||
437 | |||
438 | for ( ; ; ) { | ||
439 | $n1 = sysread $fp1, $rd1, 4096; | ||
440 | $n2 = sysread $fp2, $rd2, 4096; | ||
441 | last if ( $n1 != $n2 ); | ||
442 | last if ( $rd1 ne $rd2 ); | ||
443 | |||
444 | if ( $n1 == 0 ) { | ||
445 | $ret = 1; | ||
446 | last; | ||
447 | } | ||
448 | |||
449 | } | ||
450 | |||
451 | close $fp1; | ||
452 | close $fp2; | ||
453 | |||
454 | return $ret; | ||
455 | |||
456 | } | ||
457 | |||
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c deleted file mode 100644 index 005c2f4822..0000000000 --- a/src/lib/libssl/test/methtest.c +++ /dev/null | |||
@@ -1,105 +0,0 @@ | |||
1 | /* test/methtest.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <stdlib.h> | ||
61 | #include <openssl/rsa.h> | ||
62 | #include <openssl/x509.h> | ||
63 | #include "meth.h" | ||
64 | #include <openssl/err.h> | ||
65 | |||
66 | int main(argc,argv) | ||
67 | int argc; | ||
68 | char *argv[]; | ||
69 | { | ||
70 | METHOD_CTX *top,*tmp1,*tmp2; | ||
71 | |||
72 | top=METH_new(x509_lookup()); /* get a top level context */ | ||
73 | if (top == NULL) goto err; | ||
74 | |||
75 | tmp1=METH_new(x509_by_file()); | ||
76 | if (top == NULL) goto err; | ||
77 | METH_arg(tmp1,METH_TYPE_FILE,"cafile1"); | ||
78 | METH_arg(tmp1,METH_TYPE_FILE,"cafile2"); | ||
79 | METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1); | ||
80 | |||
81 | tmp2=METH_new(x509_by_dir()); | ||
82 | METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts"); | ||
83 | METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs"); | ||
84 | METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs"); | ||
85 | METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2); | ||
86 | |||
87 | /* tmp=METH_new(x509_by_issuer_dir); | ||
88 | METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); | ||
89 | METH_push(top,METH_X509_BY_ISSUER,tmp); | ||
90 | |||
91 | tmp=METH_new(x509_by_issuer_primary); | ||
92 | METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); | ||
93 | METH_push(top,METH_X509_BY_ISSUER,tmp); | ||
94 | */ | ||
95 | |||
96 | METH_init(top); | ||
97 | METH_control(tmp1,METH_CONTROL_DUMP,stdout); | ||
98 | METH_control(tmp2,METH_CONTROL_DUMP,stdout); | ||
99 | EXIT(0); | ||
100 | err: | ||
101 | ERR_load_crypto_strings(); | ||
102 | ERR_print_errors_fp(stderr); | ||
103 | EXIT(1); | ||
104 | return(0); | ||
105 | } | ||
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem deleted file mode 100644 index c47b27af88..0000000000 --- a/src/lib/libssl/test/pkcs7-1.pem +++ /dev/null | |||
@@ -1,15 +0,0 @@ | |||
1 | -----BEGIN PKCS7----- | ||
2 | MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG | ||
3 | SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE | ||
4 | AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF | ||
5 | eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 | ||
6 | MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv | ||
7 | bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK | ||
8 | ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB | ||
9 | FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N | ||
10 | 9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 | ||
11 | BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w | ||
12 | bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB | ||
13 | BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C | ||
14 | j7Kie1x339mxW/w9VZNTUDQQweHh | ||
15 | -----END PKCS7----- | ||
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem deleted file mode 100644 index d55c60b94e..0000000000 --- a/src/lib/libssl/test/pkcs7.pem +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg | ||
2 | AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH | ||
3 | EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl | ||
4 | cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw | ||
5 | ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 | ||
6 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh | ||
7 | c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh | ||
8 | bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE | ||
9 | CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl | ||
10 | Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G | ||
11 | CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK | ||
12 | ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 | ||
13 | l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC | ||
14 | HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg | ||
15 | Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 | ||
16 | c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj | ||
17 | YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 | ||
18 | dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx | ||
19 | dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu | ||
20 | LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU | ||
21 | ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln | ||
22 | biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT | ||
23 | IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB | ||
24 | AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t | ||
25 | L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL | ||
26 | HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF | ||
27 | slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 | ||
28 | ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR | ||
29 | /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT | ||
30 | aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp | ||
31 | ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 | ||
32 | OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu | ||
33 | MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz | ||
34 | Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv | ||
35 | qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy | ||
36 | sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb | ||
37 | P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG | ||
38 | A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA | ||
39 | KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 | ||
40 | Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 | ||
41 | Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq | ||
42 | hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp | ||
43 | Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk | ||
44 | dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ | ||
45 | KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 | ||
46 | dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW | ||
47 | I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow | ||
48 | ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W | ||
49 | ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD | ||
50 | ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw | ||
51 | MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK | ||
52 | /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ | ||
53 | DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP | ||
54 | b+xSu/jH0gAAMYAAAAAAAAAAAA== | ||
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl deleted file mode 100644 index 69dffa16f9..0000000000 --- a/src/lib/libssl/test/pkits-test.pl +++ /dev/null | |||
@@ -1,940 +0,0 @@ | |||
1 | # test/pkits-test.pl | ||
2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
3 | # project. | ||
4 | # | ||
5 | # ==================================================================== | ||
6 | # Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
7 | # | ||
8 | # Redistribution and use in source and binary forms, with or without | ||
9 | # modification, are permitted provided that the following conditions | ||
10 | # are met: | ||
11 | # | ||
12 | # 1. Redistributions of source code must retain the above copyright | ||
13 | # notice, this list of conditions and the following disclaimer. | ||
14 | # | ||
15 | # 2. Redistributions in binary form must reproduce the above copyright | ||
16 | # notice, this list of conditions and the following disclaimer in | ||
17 | # the documentation and/or other materials provided with the | ||
18 | # distribution. | ||
19 | # | ||
20 | # 3. All advertising materials mentioning features or use of this | ||
21 | # software must display the following acknowledgment: | ||
22 | # "This product includes software developed by the OpenSSL Project | ||
23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | # | ||
25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | # endorse or promote products derived from this software without | ||
27 | # prior written permission. For written permission, please contact | ||
28 | # licensing@OpenSSL.org. | ||
29 | # | ||
30 | # 5. Products derived from this software may not be called "OpenSSL" | ||
31 | # nor may "OpenSSL" appear in their names without prior written | ||
32 | # permission of the OpenSSL Project. | ||
33 | # | ||
34 | # 6. Redistributions of any form whatsoever must retain the following | ||
35 | # acknowledgment: | ||
36 | # "This product includes software developed by the OpenSSL Project | ||
37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | # | ||
39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | # ==================================================================== | ||
52 | |||
53 | # Perl utility to run PKITS tests for RFC3280 compliance. | ||
54 | |||
55 | my $ossl_path; | ||
56 | |||
57 | if ( -f "../apps/openssl" ) { | ||
58 | $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; | ||
59 | } | ||
60 | elsif ( -f "..\\out32dll\\openssl.exe" ) { | ||
61 | $ossl_path = "..\\out32dll\\openssl.exe"; | ||
62 | } | ||
63 | elsif ( -f "..\\out32\\openssl.exe" ) { | ||
64 | $ossl_path = "..\\out32\\openssl.exe"; | ||
65 | } | ||
66 | else { | ||
67 | die "Can't find OpenSSL executable"; | ||
68 | } | ||
69 | |||
70 | my $pkitsdir = "pkits/smime"; | ||
71 | my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; | ||
72 | |||
73 | die "Can't find PKITS test data" if !-d $pkitsdir; | ||
74 | |||
75 | my $nist1 = "2.16.840.1.101.3.2.1.48.1"; | ||
76 | my $nist2 = "2.16.840.1.101.3.2.1.48.2"; | ||
77 | my $nist3 = "2.16.840.1.101.3.2.1.48.3"; | ||
78 | my $nist4 = "2.16.840.1.101.3.2.1.48.4"; | ||
79 | my $nist5 = "2.16.840.1.101.3.2.1.48.5"; | ||
80 | my $nist6 = "2.16.840.1.101.3.2.1.48.6"; | ||
81 | |||
82 | my $apolicy = "X509v3 Any Policy"; | ||
83 | |||
84 | # This table contains the chapter headings of the accompanying PKITS | ||
85 | # document. They provide useful informational output and their names | ||
86 | # can be converted into the filename to test. | ||
87 | |||
88 | my @testlists = ( | ||
89 | [ "4.1", "Signature Verification" ], | ||
90 | [ "4.1.1", "Valid Signatures Test1", 0 ], | ||
91 | [ "4.1.2", "Invalid CA Signature Test2", 7 ], | ||
92 | [ "4.1.3", "Invalid EE Signature Test3", 7 ], | ||
93 | [ "4.1.4", "Valid DSA Signatures Test4", 0 ], | ||
94 | [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], | ||
95 | [ "4.1.6", "Invalid DSA Signature Test6", 7 ], | ||
96 | [ "4.2", "Validity Periods" ], | ||
97 | [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], | ||
98 | [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], | ||
99 | [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], | ||
100 | [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], | ||
101 | [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], | ||
102 | [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], | ||
103 | [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], | ||
104 | [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], | ||
105 | [ "4.3", "Verifying Name Chaining" ], | ||
106 | [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], | ||
107 | [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], | ||
108 | [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], | ||
109 | [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], | ||
110 | [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], | ||
111 | [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], | ||
112 | [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], | ||
113 | [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], | ||
114 | [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], | ||
115 | [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], | ||
116 | [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], | ||
117 | [ "4.4", "Basic Certificate Revocation Tests" ], | ||
118 | [ "4.4.1", "Missing CRL Test1", 3 ], | ||
119 | [ "4.4.2", "Invalid Revoked CA Test2", 23 ], | ||
120 | [ "4.4.3", "Invalid Revoked EE Test3", 23 ], | ||
121 | [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], | ||
122 | [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], | ||
123 | [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], | ||
124 | [ "4.4.7", "Valid Two CRLs Test7", 0 ], | ||
125 | |||
126 | # The test document suggests these should return certificate revoked... | ||
127 | # Subsquent discussion has concluded they should not due to unhandle | ||
128 | # critical CRL extensions. | ||
129 | [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], | ||
130 | [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], | ||
131 | |||
132 | [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], | ||
133 | [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], | ||
134 | [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], | ||
135 | [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], | ||
136 | [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], | ||
137 | [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], | ||
138 | [ "4.4.16", "Valid Long Serial Number Test16", 0 ], | ||
139 | [ "4.4.17", "Valid Long Serial Number Test17", 0 ], | ||
140 | [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], | ||
141 | [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], | ||
142 | [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], | ||
143 | |||
144 | # CRL path is revoked so get a CRL path validation error | ||
145 | [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], | ||
146 | [ "4.5", "Verifying Paths with Self-Issued Certificates" ], | ||
147 | [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], | ||
148 | [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], | ||
149 | [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], | ||
150 | [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], | ||
151 | [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], | ||
152 | [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], | ||
153 | [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], | ||
154 | [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], | ||
155 | [ "4.6", "Verifying Basic Constraints" ], | ||
156 | [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], | ||
157 | [ "4.6.2", "Invalid cA False Test2", 24 ], | ||
158 | [ "4.6.3", "Invalid cA False Test3", 24 ], | ||
159 | [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], | ||
160 | [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], | ||
161 | [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], | ||
162 | [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], | ||
163 | [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], | ||
164 | [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], | ||
165 | [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], | ||
166 | [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], | ||
167 | [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], | ||
168 | [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], | ||
169 | [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], | ||
170 | [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], | ||
171 | [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], | ||
172 | [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], | ||
173 | [ "4.7", "Key Usage" ], | ||
174 | [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], | ||
175 | [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], | ||
176 | [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], | ||
177 | [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], | ||
178 | [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], | ||
179 | |||
180 | # Certificate policy tests need special handling. They can have several | ||
181 | # sub tests and we need to check the outputs are correct. | ||
182 | |||
183 | [ "4.8", "Certificate Policies" ], | ||
184 | [ | ||
185 | "4.8.1.1", | ||
186 | "All Certificates Same Policy Test1", | ||
187 | "-policy anyPolicy -explicit_policy", | ||
188 | "True", $nist1, $nist1, 0 | ||
189 | ], | ||
190 | [ | ||
191 | "4.8.1.2", | ||
192 | "All Certificates Same Policy Test1", | ||
193 | "-policy $nist1 -explicit_policy", | ||
194 | "True", $nist1, $nist1, 0 | ||
195 | ], | ||
196 | [ | ||
197 | "4.8.1.3", | ||
198 | "All Certificates Same Policy Test1", | ||
199 | "-policy $nist2 -explicit_policy", | ||
200 | "True", $nist1, "<empty>", 43 | ||
201 | ], | ||
202 | [ | ||
203 | "4.8.1.4", | ||
204 | "All Certificates Same Policy Test1", | ||
205 | "-policy $nist1 -policy $nist2 -explicit_policy", | ||
206 | "True", $nist1, $nist1, 0 | ||
207 | ], | ||
208 | [ | ||
209 | "4.8.2.1", | ||
210 | "All Certificates No Policies Test2", | ||
211 | "-policy anyPolicy", | ||
212 | "False", "<empty>", "<empty>", 0 | ||
213 | ], | ||
214 | [ | ||
215 | "4.8.2.2", | ||
216 | "All Certificates No Policies Test2", | ||
217 | "-policy anyPolicy -explicit_policy", | ||
218 | "True", "<empty>", "<empty>", 43 | ||
219 | ], | ||
220 | [ | ||
221 | "4.8.3.1", | ||
222 | "Different Policies Test3", | ||
223 | "-policy anyPolicy", | ||
224 | "False", "<empty>", "<empty>", 0 | ||
225 | ], | ||
226 | [ | ||
227 | "4.8.3.2", | ||
228 | "Different Policies Test3", | ||
229 | "-policy anyPolicy -explicit_policy", | ||
230 | "True", "<empty>", "<empty>", 43 | ||
231 | ], | ||
232 | [ | ||
233 | "4.8.3.3", | ||
234 | "Different Policies Test3", | ||
235 | "-policy $nist1 -policy $nist2 -explicit_policy", | ||
236 | "True", "<empty>", "<empty>", 43 | ||
237 | ], | ||
238 | |||
239 | [ | ||
240 | "4.8.4", | ||
241 | "Different Policies Test4", | ||
242 | "-policy anyPolicy", | ||
243 | "True", "<empty>", "<empty>", 43 | ||
244 | ], | ||
245 | [ | ||
246 | "4.8.5", | ||
247 | "Different Policies Test5", | ||
248 | "-policy anyPolicy", | ||
249 | "True", "<empty>", "<empty>", 43 | ||
250 | ], | ||
251 | [ | ||
252 | "4.8.6.1", | ||
253 | "Overlapping Policies Test6", | ||
254 | "-policy anyPolicy", | ||
255 | "True", $nist1, $nist1, 0 | ||
256 | ], | ||
257 | [ | ||
258 | "4.8.6.2", | ||
259 | "Overlapping Policies Test6", | ||
260 | "-policy $nist1", | ||
261 | "True", $nist1, $nist1, 0 | ||
262 | ], | ||
263 | [ | ||
264 | "4.8.6.3", | ||
265 | "Overlapping Policies Test6", | ||
266 | "-policy $nist2", | ||
267 | "True", $nist1, "<empty>", 43 | ||
268 | ], | ||
269 | [ | ||
270 | "4.8.7", | ||
271 | "Different Policies Test7", | ||
272 | "-policy anyPolicy", | ||
273 | "True", "<empty>", "<empty>", 43 | ||
274 | ], | ||
275 | [ | ||
276 | "4.8.8", | ||
277 | "Different Policies Test8", | ||
278 | "-policy anyPolicy", | ||
279 | "True", "<empty>", "<empty>", 43 | ||
280 | ], | ||
281 | [ | ||
282 | "4.8.9", | ||
283 | "Different Policies Test9", | ||
284 | "-policy anyPolicy", | ||
285 | "True", "<empty>", "<empty>", 43 | ||
286 | ], | ||
287 | [ | ||
288 | "4.8.10.1", | ||
289 | "All Certificates Same Policies Test10", | ||
290 | "-policy $nist1", | ||
291 | "True", "$nist1:$nist2", "$nist1", 0 | ||
292 | ], | ||
293 | [ | ||
294 | "4.8.10.2", | ||
295 | "All Certificates Same Policies Test10", | ||
296 | "-policy $nist2", | ||
297 | "True", "$nist1:$nist2", "$nist2", 0 | ||
298 | ], | ||
299 | [ | ||
300 | "4.8.10.3", | ||
301 | "All Certificates Same Policies Test10", | ||
302 | "-policy anyPolicy", | ||
303 | "True", "$nist1:$nist2", "$nist1:$nist2", 0 | ||
304 | ], | ||
305 | [ | ||
306 | "4.8.11.1", | ||
307 | "All Certificates AnyPolicy Test11", | ||
308 | "-policy anyPolicy", | ||
309 | "True", "$apolicy", "$apolicy", 0 | ||
310 | ], | ||
311 | [ | ||
312 | "4.8.11.2", | ||
313 | "All Certificates AnyPolicy Test11", | ||
314 | "-policy $nist1", | ||
315 | "True", "$apolicy", "$nist1", 0 | ||
316 | ], | ||
317 | [ | ||
318 | "4.8.12", | ||
319 | "Different Policies Test12", | ||
320 | "-policy anyPolicy", | ||
321 | "True", "<empty>", "<empty>", 43 | ||
322 | ], | ||
323 | [ | ||
324 | "4.8.13.1", | ||
325 | "All Certificates Same Policies Test13", | ||
326 | "-policy $nist1", | ||
327 | "True", "$nist1:$nist2:$nist3", "$nist1", 0 | ||
328 | ], | ||
329 | [ | ||
330 | "4.8.13.2", | ||
331 | "All Certificates Same Policies Test13", | ||
332 | "-policy $nist2", | ||
333 | "True", "$nist1:$nist2:$nist3", "$nist2", 0 | ||
334 | ], | ||
335 | [ | ||
336 | "4.8.13.3", | ||
337 | "All Certificates Same Policies Test13", | ||
338 | "-policy $nist3", | ||
339 | "True", "$nist1:$nist2:$nist3", "$nist3", 0 | ||
340 | ], | ||
341 | [ | ||
342 | "4.8.14.1", "AnyPolicy Test14", | ||
343 | "-policy $nist1", "True", | ||
344 | "$nist1", "$nist1", | ||
345 | 0 | ||
346 | ], | ||
347 | [ | ||
348 | "4.8.14.2", "AnyPolicy Test14", | ||
349 | "-policy $nist2", "True", | ||
350 | "$nist1", "<empty>", | ||
351 | 43 | ||
352 | ], | ||
353 | [ | ||
354 | "4.8.15", | ||
355 | "User Notice Qualifier Test15", | ||
356 | "-policy anyPolicy", | ||
357 | "False", "$nist1", "$nist1", 0 | ||
358 | ], | ||
359 | [ | ||
360 | "4.8.16", | ||
361 | "User Notice Qualifier Test16", | ||
362 | "-policy anyPolicy", | ||
363 | "False", "$nist1", "$nist1", 0 | ||
364 | ], | ||
365 | [ | ||
366 | "4.8.17", | ||
367 | "User Notice Qualifier Test17", | ||
368 | "-policy anyPolicy", | ||
369 | "False", "$nist1", "$nist1", 0 | ||
370 | ], | ||
371 | [ | ||
372 | "4.8.18.1", | ||
373 | "User Notice Qualifier Test18", | ||
374 | "-policy $nist1", | ||
375 | "True", "$nist1:$nist2", "$nist1", 0 | ||
376 | ], | ||
377 | [ | ||
378 | "4.8.18.2", | ||
379 | "User Notice Qualifier Test18", | ||
380 | "-policy $nist2", | ||
381 | "True", "$nist1:$nist2", "$nist2", 0 | ||
382 | ], | ||
383 | [ | ||
384 | "4.8.19", | ||
385 | "User Notice Qualifier Test19", | ||
386 | "-policy anyPolicy", | ||
387 | "False", "$nist1", "$nist1", 0 | ||
388 | ], | ||
389 | [ | ||
390 | "4.8.20", | ||
391 | "CPS Pointer Qualifier Test20", | ||
392 | "-policy anyPolicy -explicit_policy", | ||
393 | "True", "$nist1", "$nist1", 0 | ||
394 | ], | ||
395 | [ "4.9", "Require Explicit Policy" ], | ||
396 | [ | ||
397 | "4.9.1", | ||
398 | "Valid RequireExplicitPolicy Test1", | ||
399 | "-policy anyPolicy", | ||
400 | "False", "<empty>", "<empty>", 0 | ||
401 | ], | ||
402 | [ | ||
403 | "4.9.2", | ||
404 | "Valid RequireExplicitPolicy Test2", | ||
405 | "-policy anyPolicy", | ||
406 | "False", "<empty>", "<empty>", 0 | ||
407 | ], | ||
408 | [ | ||
409 | "4.9.3", | ||
410 | "Invalid RequireExplicitPolicy Test3", | ||
411 | "-policy anyPolicy", | ||
412 | "True", "<empty>", "<empty>", 43 | ||
413 | ], | ||
414 | [ | ||
415 | "4.9.4", | ||
416 | "Valid RequireExplicitPolicy Test4", | ||
417 | "-policy anyPolicy", | ||
418 | "True", "$nist1", "$nist1", 0 | ||
419 | ], | ||
420 | [ | ||
421 | "4.9.5", | ||
422 | "Invalid RequireExplicitPolicy Test5", | ||
423 | "-policy anyPolicy", | ||
424 | "True", "<empty>", "<empty>", 43 | ||
425 | ], | ||
426 | [ | ||
427 | "4.9.6", | ||
428 | "Valid Self-Issued requireExplicitPolicy Test6", | ||
429 | "-policy anyPolicy", | ||
430 | "False", "<empty>", "<empty>", 0 | ||
431 | ], | ||
432 | [ | ||
433 | "4.9.7", | ||
434 | "Invalid Self-Issued requireExplicitPolicy Test7", | ||
435 | "-policy anyPolicy", | ||
436 | "True", "<empty>", "<empty>", 43 | ||
437 | ], | ||
438 | [ | ||
439 | "4.9.8", | ||
440 | "Invalid Self-Issued requireExplicitPolicy Test8", | ||
441 | "-policy anyPolicy", | ||
442 | "True", "<empty>", "<empty>", 43 | ||
443 | ], | ||
444 | [ "4.10", "Policy Mappings" ], | ||
445 | [ | ||
446 | "4.10.1.1", | ||
447 | "Valid Policy Mapping Test1", | ||
448 | "-policy $nist1", | ||
449 | "True", "$nist1", "$nist1", 0 | ||
450 | ], | ||
451 | [ | ||
452 | "4.10.1.2", | ||
453 | "Valid Policy Mapping Test1", | ||
454 | "-policy $nist2", | ||
455 | "True", "$nist1", "<empty>", 43 | ||
456 | ], | ||
457 | [ | ||
458 | "4.10.1.3", | ||
459 | "Valid Policy Mapping Test1", | ||
460 | "-policy anyPolicy -inhibit_map", | ||
461 | "True", "<empty>", "<empty>", 43 | ||
462 | ], | ||
463 | [ | ||
464 | "4.10.2.1", | ||
465 | "Invalid Policy Mapping Test2", | ||
466 | "-policy anyPolicy", | ||
467 | "True", "<empty>", "<empty>", 43 | ||
468 | ], | ||
469 | [ | ||
470 | "4.10.2.2", | ||
471 | "Invalid Policy Mapping Test2", | ||
472 | "-policy anyPolicy -inhibit_map", | ||
473 | "True", "<empty>", "<empty>", 43 | ||
474 | ], | ||
475 | [ | ||
476 | "4.10.3.1", | ||
477 | "Valid Policy Mapping Test3", | ||
478 | "-policy $nist1", | ||
479 | "True", "$nist2", "<empty>", 43 | ||
480 | ], | ||
481 | [ | ||
482 | "4.10.3.2", | ||
483 | "Valid Policy Mapping Test3", | ||
484 | "-policy $nist2", | ||
485 | "True", "$nist2", "$nist2", 0 | ||
486 | ], | ||
487 | [ | ||
488 | "4.10.4", | ||
489 | "Invalid Policy Mapping Test4", | ||
490 | "-policy anyPolicy", | ||
491 | "True", "<empty>", "<empty>", 43 | ||
492 | ], | ||
493 | [ | ||
494 | "4.10.5.1", | ||
495 | "Valid Policy Mapping Test5", | ||
496 | "-policy $nist1", | ||
497 | "True", "$nist1", "$nist1", 0 | ||
498 | ], | ||
499 | [ | ||
500 | "4.10.5.2", | ||
501 | "Valid Policy Mapping Test5", | ||
502 | "-policy $nist6", | ||
503 | "True", "$nist1", "<empty>", 43 | ||
504 | ], | ||
505 | [ | ||
506 | "4.10.6.1", | ||
507 | "Valid Policy Mapping Test6", | ||
508 | "-policy $nist1", | ||
509 | "True", "$nist1", "$nist1", 0 | ||
510 | ], | ||
511 | [ | ||
512 | "4.10.6.2", | ||
513 | "Valid Policy Mapping Test6", | ||
514 | "-policy $nist6", | ||
515 | "True", "$nist1", "<empty>", 43 | ||
516 | ], | ||
517 | [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], | ||
518 | [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], | ||
519 | [ | ||
520 | "4.10.9", | ||
521 | "Valid Policy Mapping Test9", | ||
522 | "-policy anyPolicy", | ||
523 | "True", "$nist1", "$nist1", 0 | ||
524 | ], | ||
525 | [ | ||
526 | "4.10.10", | ||
527 | "Invalid Policy Mapping Test10", | ||
528 | "-policy anyPolicy", | ||
529 | "True", "<empty>", "<empty>", 43 | ||
530 | ], | ||
531 | [ | ||
532 | "4.10.11", | ||
533 | "Valid Policy Mapping Test11", | ||
534 | "-policy anyPolicy", | ||
535 | "True", "$nist1", "$nist1", 0 | ||
536 | ], | ||
537 | |||
538 | # TODO: check notice display | ||
539 | [ | ||
540 | "4.10.12.1", | ||
541 | "Valid Policy Mapping Test12", | ||
542 | "-policy $nist1", | ||
543 | "True", "$nist1:$nist2", "$nist1", 0 | ||
544 | ], | ||
545 | |||
546 | # TODO: check notice display | ||
547 | [ | ||
548 | "4.10.12.2", | ||
549 | "Valid Policy Mapping Test12", | ||
550 | "-policy $nist2", | ||
551 | "True", "$nist1:$nist2", "$nist2", 0 | ||
552 | ], | ||
553 | [ | ||
554 | "4.10.13", | ||
555 | "Valid Policy Mapping Test13", | ||
556 | "-policy anyPolicy", | ||
557 | "True", "$nist1", "$nist1", 0 | ||
558 | ], | ||
559 | |||
560 | # TODO: check notice display | ||
561 | [ | ||
562 | "4.10.14", | ||
563 | "Valid Policy Mapping Test14", | ||
564 | "-policy anyPolicy", | ||
565 | "True", "$nist1", "$nist1", 0 | ||
566 | ], | ||
567 | [ "4.11", "Inhibit Policy Mapping" ], | ||
568 | [ | ||
569 | "4.11.1", | ||
570 | "Invalid inhibitPolicyMapping Test1", | ||
571 | "-policy anyPolicy", | ||
572 | "True", "<empty>", "<empty>", 43 | ||
573 | ], | ||
574 | [ | ||
575 | "4.11.2", | ||
576 | "Valid inhibitPolicyMapping Test2", | ||
577 | "-policy anyPolicy", | ||
578 | "True", "$nist1", "$nist1", 0 | ||
579 | ], | ||
580 | [ | ||
581 | "4.11.3", | ||
582 | "Invalid inhibitPolicyMapping Test3", | ||
583 | "-policy anyPolicy", | ||
584 | "True", "<empty>", "<empty>", 43 | ||
585 | ], | ||
586 | [ | ||
587 | "4.11.4", | ||
588 | "Valid inhibitPolicyMapping Test4", | ||
589 | "-policy anyPolicy", | ||
590 | "True", "$nist2", "$nist2", 0 | ||
591 | ], | ||
592 | [ | ||
593 | "4.11.5", | ||
594 | "Invalid inhibitPolicyMapping Test5", | ||
595 | "-policy anyPolicy", | ||
596 | "True", "<empty>", "<empty>", 43 | ||
597 | ], | ||
598 | [ | ||
599 | "4.11.6", | ||
600 | "Invalid inhibitPolicyMapping Test6", | ||
601 | "-policy anyPolicy", | ||
602 | "True", "<empty>", "<empty>", 43 | ||
603 | ], | ||
604 | [ | ||
605 | "4.11.7", | ||
606 | "Valid Self-Issued inhibitPolicyMapping Test7", | ||
607 | "-policy anyPolicy", | ||
608 | "True", "$nist1", "$nist1", 0 | ||
609 | ], | ||
610 | [ | ||
611 | "4.11.8", | ||
612 | "Invalid Self-Issued inhibitPolicyMapping Test8", | ||
613 | "-policy anyPolicy", | ||
614 | "True", "<empty>", "<empty>", 43 | ||
615 | ], | ||
616 | [ | ||
617 | "4.11.9", | ||
618 | "Invalid Self-Issued inhibitPolicyMapping Test9", | ||
619 | "-policy anyPolicy", | ||
620 | "True", "<empty>", "<empty>", 43 | ||
621 | ], | ||
622 | [ | ||
623 | "4.11.10", | ||
624 | "Invalid Self-Issued inhibitPolicyMapping Test10", | ||
625 | "-policy anyPolicy", | ||
626 | "True", "<empty>", "<empty>", 43 | ||
627 | ], | ||
628 | [ | ||
629 | "4.11.11", | ||
630 | "Invalid Self-Issued inhibitPolicyMapping Test11", | ||
631 | "-policy anyPolicy", | ||
632 | "True", "<empty>", "<empty>", 43 | ||
633 | ], | ||
634 | [ "4.12", "Inhibit Any Policy" ], | ||
635 | [ | ||
636 | "4.12.1", | ||
637 | "Invalid inhibitAnyPolicy Test1", | ||
638 | "-policy anyPolicy", | ||
639 | "True", "<empty>", "<empty>", 43 | ||
640 | ], | ||
641 | [ | ||
642 | "4.12.2", | ||
643 | "Valid inhibitAnyPolicy Test2", | ||
644 | "-policy anyPolicy", | ||
645 | "True", "$nist1", "$nist1", 0 | ||
646 | ], | ||
647 | [ | ||
648 | "4.12.3.1", | ||
649 | "inhibitAnyPolicy Test3", | ||
650 | "-policy anyPolicy", | ||
651 | "True", "$nist1", "$nist1", 0 | ||
652 | ], | ||
653 | [ | ||
654 | "4.12.3.2", | ||
655 | "inhibitAnyPolicy Test3", | ||
656 | "-policy anyPolicy -inhibit_any", | ||
657 | "True", "<empty>", "<empty>", 43 | ||
658 | ], | ||
659 | [ | ||
660 | "4.12.4", | ||
661 | "Invalid inhibitAnyPolicy Test4", | ||
662 | "-policy anyPolicy", | ||
663 | "True", "<empty>", "<empty>", 43 | ||
664 | ], | ||
665 | [ | ||
666 | "4.12.5", | ||
667 | "Invalid inhibitAnyPolicy Test5", | ||
668 | "-policy anyPolicy", | ||
669 | "True", "<empty>", "<empty>", 43 | ||
670 | ], | ||
671 | [ | ||
672 | "4.12.6", | ||
673 | "Invalid inhibitAnyPolicy Test6", | ||
674 | "-policy anyPolicy", | ||
675 | "True", "<empty>", "<empty>", 43 | ||
676 | ], | ||
677 | [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], | ||
678 | [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], | ||
679 | [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], | ||
680 | [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], | ||
681 | [ "4.13", "Name Constraints" ], | ||
682 | [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], | ||
683 | [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], | ||
684 | [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], | ||
685 | [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], | ||
686 | [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], | ||
687 | [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], | ||
688 | [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], | ||
689 | [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], | ||
690 | [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], | ||
691 | [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], | ||
692 | [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], | ||
693 | [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], | ||
694 | [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], | ||
695 | [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], | ||
696 | [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], | ||
697 | [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], | ||
698 | [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], | ||
699 | [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], | ||
700 | [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], | ||
701 | [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], | ||
702 | [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], | ||
703 | [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], | ||
704 | [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], | ||
705 | [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], | ||
706 | [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], | ||
707 | [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], | ||
708 | [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], | ||
709 | [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], | ||
710 | [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], | ||
711 | [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], | ||
712 | [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], | ||
713 | [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], | ||
714 | [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], | ||
715 | [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], | ||
716 | [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], | ||
717 | [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], | ||
718 | [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], | ||
719 | [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], | ||
720 | [ "4.14", "Distribution Points" ], | ||
721 | [ "4.14.1", "Valid distributionPoint Test1", 0 ], | ||
722 | [ "4.14.2", "Invalid distributionPoint Test2", 23 ], | ||
723 | [ "4.14.3", "Invalid distributionPoint Test3", 44 ], | ||
724 | [ "4.14.4", "Valid distributionPoint Test4", 0 ], | ||
725 | [ "4.14.5", "Valid distributionPoint Test5", 0 ], | ||
726 | [ "4.14.6", "Invalid distributionPoint Test6", 23 ], | ||
727 | [ "4.14.7", "Valid distributionPoint Test7", 0 ], | ||
728 | [ "4.14.8", "Invalid distributionPoint Test8", 44 ], | ||
729 | [ "4.14.9", "Invalid distributionPoint Test9", 44 ], | ||
730 | [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], | ||
731 | [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], | ||
732 | [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], | ||
733 | [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], | ||
734 | [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], | ||
735 | [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], | ||
736 | [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], | ||
737 | [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], | ||
738 | [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], | ||
739 | [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], | ||
740 | [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], | ||
741 | [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], | ||
742 | [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], | ||
743 | [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], | ||
744 | [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], | ||
745 | [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], | ||
746 | [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], | ||
747 | [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], | ||
748 | [ "4.14.28", "Valid cRLIssuer Test28", 0 ], | ||
749 | [ "4.14.29", "Valid cRLIssuer Test29", 0 ], | ||
750 | |||
751 | # Although this test is valid it has a circular dependency. As a result | ||
752 | # an attempt is made to reursively checks a CRL path and rejected due to | ||
753 | # a CRL path validation error. PKITS notes suggest this test does not | ||
754 | # need to be run due to this issue. | ||
755 | [ "4.14.30", "Valid cRLIssuer Test30", 54 ], | ||
756 | [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], | ||
757 | [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], | ||
758 | [ "4.14.33", "Valid cRLIssuer Test33", 0 ], | ||
759 | [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], | ||
760 | [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], | ||
761 | [ "4.15", "Delta-CRLs" ], | ||
762 | [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], | ||
763 | [ "4.15.2", "Valid delta-CRL Test2", 0 ], | ||
764 | [ "4.15.3", "Invalid delta-CRL Test3", 23 ], | ||
765 | [ "4.15.4", "Invalid delta-CRL Test4", 23 ], | ||
766 | [ "4.15.5", "Valid delta-CRL Test5", 0 ], | ||
767 | [ "4.15.6", "Invalid delta-CRL Test6", 23 ], | ||
768 | [ "4.15.7", "Valid delta-CRL Test7", 0 ], | ||
769 | [ "4.15.8", "Valid delta-CRL Test8", 0 ], | ||
770 | [ "4.15.9", "Invalid delta-CRL Test9", 23 ], | ||
771 | [ "4.15.10", "Invalid delta-CRL Test10", 12 ], | ||
772 | [ "4.16", "Private Certificate Extensions" ], | ||
773 | [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], | ||
774 | [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], | ||
775 | ); | ||
776 | |||
777 | |||
778 | my $verbose = 1; | ||
779 | |||
780 | my $numtest = 0; | ||
781 | my $numfail = 0; | ||
782 | |||
783 | my $ossl = "ossl/apps/openssl"; | ||
784 | |||
785 | my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; | ||
786 | $ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; | ||
787 | $ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; | ||
788 | |||
789 | system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; | ||
790 | |||
791 | die "Can't create trust anchor file" if $?; | ||
792 | |||
793 | print "Running PKITS tests:\n" if $verbose; | ||
794 | |||
795 | foreach (@testlists) { | ||
796 | my $argnum = @$_; | ||
797 | if ( $argnum == 2 ) { | ||
798 | my ( $tnum, $title ) = @$_; | ||
799 | print "$tnum $title\n" if $verbose; | ||
800 | } | ||
801 | elsif ( $argnum == 3 ) { | ||
802 | my ( $tnum, $title, $exp_ret ) = @$_; | ||
803 | my $filename = $title; | ||
804 | $exp_ret += 32 if $exp_ret; | ||
805 | $filename =~ tr/ -//d; | ||
806 | $filename = "Signed${filename}.eml"; | ||
807 | if ( !-f "$pkitsdir/$filename" ) { | ||
808 | print "\"$filename\" not found\n"; | ||
809 | } | ||
810 | else { | ||
811 | my $ret; | ||
812 | my $test_fail = 0; | ||
813 | my $errmsg = ""; | ||
814 | my $cmd = $ossl_cmd; | ||
815 | $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; | ||
816 | my $cmdout = `$cmd`; | ||
817 | $ret = $? >> 8; | ||
818 | if ( $? & 0xff ) { | ||
819 | $errmsg .= "Abnormal OpenSSL termination\n"; | ||
820 | $test_fail = 1; | ||
821 | } | ||
822 | if ( $exp_ret != $ret ) { | ||
823 | $errmsg .= "Return code:$ret, "; | ||
824 | $errmsg .= "expected $exp_ret\n"; | ||
825 | $test_fail = 1; | ||
826 | } | ||
827 | if ($test_fail) { | ||
828 | print "$tnum $title : Failed!\n"; | ||
829 | print "Filename: $pkitsdir/$filename\n"; | ||
830 | print $errmsg; | ||
831 | print "Command output:\n$cmdout\n"; | ||
832 | $numfail++; | ||
833 | } | ||
834 | $numtest++; | ||
835 | } | ||
836 | } | ||
837 | elsif ( $argnum == 7 ) { | ||
838 | my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) | ||
839 | = @$_; | ||
840 | my $filename = $title; | ||
841 | $exp_ret += 32 if $exp_ret; | ||
842 | $filename =~ tr/ -//d; | ||
843 | $filename = "Signed${filename}.eml"; | ||
844 | if ( !-f "$pkitsdir/$filename" ) { | ||
845 | print "\"$filename\" not found\n"; | ||
846 | } | ||
847 | else { | ||
848 | my $ret; | ||
849 | my $cmdout = ""; | ||
850 | my $errmsg = ""; | ||
851 | my $epol = ""; | ||
852 | my $aset = ""; | ||
853 | my $uset = ""; | ||
854 | my $pol = -1; | ||
855 | my $test_fail = 0; | ||
856 | my $cmd = $ossl_cmd; | ||
857 | $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; | ||
858 | @oparr = `$cmd`; | ||
859 | $ret = $? >> 8; | ||
860 | |||
861 | if ( $? & 0xff ) { | ||
862 | $errmsg .= "Abnormal OpenSSL termination\n"; | ||
863 | $test_fail = 1; | ||
864 | } | ||
865 | foreach (@oparr) { | ||
866 | my $test_failed = 0; | ||
867 | $cmdout .= $_; | ||
868 | if (/^Require explicit Policy: (.*)$/) { | ||
869 | $epol = $1; | ||
870 | } | ||
871 | if (/^Authority Policies/) { | ||
872 | if (/empty/) { | ||
873 | $aset = "<empty>"; | ||
874 | } | ||
875 | else { | ||
876 | $pol = 1; | ||
877 | } | ||
878 | } | ||
879 | $test_fail = 1 if (/leak/i); | ||
880 | if (/^User Policies/) { | ||
881 | if (/empty/) { | ||
882 | $uset = "<empty>"; | ||
883 | } | ||
884 | else { | ||
885 | $pol = 2; | ||
886 | } | ||
887 | } | ||
888 | if (/\s+Policy: (.*)$/) { | ||
889 | if ( $pol == 1 ) { | ||
890 | $aset .= ":" if $aset ne ""; | ||
891 | $aset .= $1; | ||
892 | } | ||
893 | elsif ( $pol == 2 ) { | ||
894 | $uset .= ":" if $uset ne ""; | ||
895 | $uset .= $1; | ||
896 | } | ||
897 | } | ||
898 | } | ||
899 | |||
900 | if ( $epol ne $exp_epol ) { | ||
901 | $errmsg .= "Explicit policy:$epol, "; | ||
902 | $errmsg .= "expected $exp_epol\n"; | ||
903 | $test_fail = 1; | ||
904 | } | ||
905 | if ( $aset ne $exp_aset ) { | ||
906 | $errmsg .= "Authority policy set :$aset, "; | ||
907 | $errmsg .= "expected $exp_aset\n"; | ||
908 | $test_fail = 1; | ||
909 | } | ||
910 | if ( $uset ne $exp_uset ) { | ||
911 | $errmsg .= "User policy set :$uset, "; | ||
912 | $errmsg .= "expected $exp_uset\n"; | ||
913 | $test_fail = 1; | ||
914 | } | ||
915 | |||
916 | if ( $exp_ret != $ret ) { | ||
917 | print "Return code:$ret, expected $exp_ret\n"; | ||
918 | $test_fail = 1; | ||
919 | } | ||
920 | |||
921 | if ($test_fail) { | ||
922 | print "$tnum $title : Failed!\n"; | ||
923 | print "Filename: $pkitsdir/$filename\n"; | ||
924 | print "Command output:\n$cmdout\n"; | ||
925 | $numfail++; | ||
926 | } | ||
927 | $numtest++; | ||
928 | } | ||
929 | } | ||
930 | } | ||
931 | |||
932 | if ($numfail) { | ||
933 | print "$numfail tests failed out of $numtest\n"; | ||
934 | } | ||
935 | else { | ||
936 | print "All Tests Successful.\n"; | ||
937 | } | ||
938 | |||
939 | unlink "pkitsta.pem"; | ||
940 | |||
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c deleted file mode 100644 index a172e393ca..0000000000 --- a/src/lib/libssl/test/r160test.c +++ /dev/null | |||
@@ -1,57 +0,0 @@ | |||
1 | /* test/r160test.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt deleted file mode 100644 index e837c0b75b..0000000000 --- a/src/lib/libssl/test/smcont.txt +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | Some test content for OpenSSL CMS \ No newline at end of file | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem deleted file mode 100644 index d5677dbfbe..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa1.pem +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | -----BEGIN DSA PRIVATE KEY----- | ||
2 | MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 | ||
3 | OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt | ||
4 | GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J | ||
5 | jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt | ||
6 | wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK | ||
7 | +FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z | ||
8 | SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd | ||
9 | YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 | ||
10 | C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx | ||
11 | 9fMUZq1v0ePD4Wo0Xkxo | ||
12 | -----END DSA PRIVATE KEY----- | ||
13 | -----BEGIN CERTIFICATE----- | ||
14 | MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
15 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
16 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
17 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
18 | ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 | ||
19 | CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ | ||
20 | mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 | ||
21 | jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB | ||
22 | CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV | ||
23 | kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D | ||
24 | xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN | ||
25 | CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M | ||
26 | 7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG | ||
27 | h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU | ||
28 | 4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput | ||
29 | aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV | ||
30 | c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO | ||
31 | kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 | ||
32 | phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n | ||
33 | hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv | ||
34 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem deleted file mode 100644 index ef86c115d7..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa2.pem +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | -----BEGIN DSA PRIVATE KEY----- | ||
2 | MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 | ||
3 | OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt | ||
4 | GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J | ||
5 | jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt | ||
6 | wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK | ||
7 | +FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z | ||
8 | SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v | ||
9 | It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ | ||
10 | VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 | ||
11 | Nf8SimTZYB0/CKje6M5ufA== | ||
12 | -----END DSA PRIVATE KEY----- | ||
13 | -----BEGIN CERTIFICATE----- | ||
14 | MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
15 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
16 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
17 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
18 | ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 | ||
19 | CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ | ||
20 | mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 | ||
21 | jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB | ||
22 | CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV | ||
23 | kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D | ||
24 | xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA | ||
25 | g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm | ||
26 | 6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs | ||
27 | j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE | ||
28 | FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab | ||
29 | rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB | ||
30 | FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF | ||
31 | FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l | ||
32 | 6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 | ||
33 | jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== | ||
34 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem deleted file mode 100644 index eeb848dabc..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa3.pem +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | -----BEGIN DSA PRIVATE KEY----- | ||
2 | MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 | ||
3 | OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt | ||
4 | GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J | ||
5 | jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt | ||
6 | wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK | ||
7 | +FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z | ||
8 | SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 | ||
9 | GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju | ||
10 | TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g | ||
11 | Y+XZd0Sv69CatDIRYWvaIA== | ||
12 | -----END DSA PRIVATE KEY----- | ||
13 | -----BEGIN CERTIFICATE----- | ||
14 | MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
15 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
16 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
17 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
18 | ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 | ||
19 | CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ | ||
20 | mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 | ||
21 | jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB | ||
22 | CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV | ||
23 | kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D | ||
24 | xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj | ||
25 | M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz | ||
26 | aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ | ||
27 | pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU | ||
28 | VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput | ||
29 | aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV | ||
30 | c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m | ||
31 | k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu | ||
32 | rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 | ||
33 | OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x | ||
34 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem deleted file mode 100644 index 249706c8c7..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsap.pem +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | -----BEGIN DSA PARAMETERS----- | ||
2 | MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG | ||
3 | Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA | ||
4 | gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d | ||
5 | qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv | ||
6 | Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO | ||
7 | GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB | ||
8 | Qw5z | ||
9 | -----END DSA PARAMETERS----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem deleted file mode 100644 index a59eb2684c..0000000000 --- a/src/lib/libssl/test/smime-certs/smroot.pem +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | -----BEGIN RSA PRIVATE KEY----- | ||
2 | MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki | ||
3 | 9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ | ||
4 | speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB | ||
5 | AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY | ||
6 | JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 | ||
7 | xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ | ||
8 | U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS | ||
9 | Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO | ||
10 | 1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 | ||
11 | 3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a | ||
12 | 3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN | ||
13 | U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 | ||
14 | 0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= | ||
15 | -----END RSA PRIVATE KEY----- | ||
16 | -----BEGIN CERTIFICATE----- | ||
17 | MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx | ||
20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU | ||
21 | ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA | ||
22 | wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF | ||
23 | 9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk | ||
24 | 81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O | ||
25 | BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX | ||
26 | dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG | ||
27 | SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS | ||
28 | l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp | ||
29 | r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG | ||
30 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem deleted file mode 100644 index 2cf3148e33..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa1.pem +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | -----BEGIN RSA PRIVATE KEY----- | ||
2 | MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E | ||
3 | ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 | ||
4 | JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB | ||
5 | AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i | ||
6 | KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl | ||
7 | JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn | ||
8 | xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf | ||
9 | KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY | ||
10 | Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW | ||
11 | h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg | ||
12 | oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f | ||
13 | QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 | ||
14 | SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== | ||
15 | -----END RSA PRIVATE KEY----- | ||
16 | -----BEGIN CERTIFICATE----- | ||
17 | MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx | ||
20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
21 | ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB | ||
22 | ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl | ||
23 | ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ | ||
24 | yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD | ||
25 | VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z | ||
26 | OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud | ||
27 | EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi | ||
28 | O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj | ||
29 | 9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC | ||
30 | I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== | ||
31 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem deleted file mode 100644 index d41f69c82f..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa2.pem +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | -----BEGIN RSA PRIVATE KEY----- | ||
2 | MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe | ||
3 | 59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT | ||
4 | WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB | ||
5 | AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 | ||
6 | +rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q | ||
7 | dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx | ||
8 | bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 | ||
9 | QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS | ||
10 | M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY | ||
11 | iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex | ||
12 | A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 | ||
13 | jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG | ||
14 | 6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== | ||
15 | -----END RSA PRIVATE KEY----- | ||
16 | -----BEGIN CERTIFICATE----- | ||
17 | MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx | ||
20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
21 | ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB | ||
22 | ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ | ||
23 | eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 | ||
24 | 00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD | ||
25 | VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z | ||
26 | OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud | ||
27 | EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 | ||
28 | rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe | ||
29 | ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 | ||
30 | YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== | ||
31 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem deleted file mode 100644 index c8cbe55151..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa3.pem +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | -----BEGIN RSA PRIVATE KEY----- | ||
2 | MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy | ||
3 | ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM | ||
4 | h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB | ||
5 | AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi | ||
6 | iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT | ||
7 | /1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p | ||
8 | ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC | ||
9 | hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs | ||
10 | OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj | ||
11 | RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T | ||
12 | 9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 | ||
13 | GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd | ||
14 | VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= | ||
15 | -----END RSA PRIVATE KEY----- | ||
16 | -----BEGIN CERTIFICATE----- | ||
17 | MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
21 | ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB | ||
22 | ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z | ||
23 | Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H | ||
24 | Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD | ||
25 | VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z | ||
26 | OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud | ||
27 | EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE | ||
28 | tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq | ||
29 | jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ | ||
30 | PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== | ||
31 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl deleted file mode 100644 index 055269eab8..0000000000 --- a/src/lib/libssl/test/tcrl +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | cmd='../util/shlib_wrap.sh ../apps/openssl crl' | ||
4 | |||
5 | if [ "$1"x != "x" ]; then | ||
6 | t=$1 | ||
7 | else | ||
8 | t=testcrl.pem | ||
9 | fi | ||
10 | |||
11 | echo testing crl conversions | ||
12 | cp $t fff.p | ||
13 | |||
14 | echo "p -> d" | ||
15 | $cmd -in fff.p -inform p -outform d >f.d | ||
16 | if [ $? != 0 ]; then exit 1; fi | ||
17 | #echo "p -> t" | ||
18 | #$cmd -in fff.p -inform p -outform t >f.t | ||
19 | #if [ $? != 0 ]; then exit 1; fi | ||
20 | echo "p -> p" | ||
21 | $cmd -in fff.p -inform p -outform p >f.p | ||
22 | if [ $? != 0 ]; then exit 1; fi | ||
23 | |||
24 | echo "d -> d" | ||
25 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
26 | if [ $? != 0 ]; then exit 1; fi | ||
27 | #echo "t -> d" | ||
28 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
29 | #if [ $? != 0 ]; then exit 1; fi | ||
30 | echo "p -> d" | ||
31 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
32 | if [ $? != 0 ]; then exit 1; fi | ||
33 | |||
34 | #echo "d -> t" | ||
35 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
36 | #if [ $? != 0 ]; then exit 1; fi | ||
37 | #echo "t -> t" | ||
38 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
39 | #if [ $? != 0 ]; then exit 1; fi | ||
40 | #echo "p -> t" | ||
41 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
42 | #if [ $? != 0 ]; then exit 1; fi | ||
43 | |||
44 | echo "d -> p" | ||
45 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
46 | if [ $? != 0 ]; then exit 1; fi | ||
47 | #echo "t -> p" | ||
48 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
49 | #if [ $? != 0 ]; then exit 1; fi | ||
50 | echo "p -> p" | ||
51 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
52 | if [ $? != 0 ]; then exit 1; fi | ||
53 | |||
54 | cmp fff.p f.p | ||
55 | if [ $? != 0 ]; then exit 1; fi | ||
56 | cmp fff.p ff.p1 | ||
57 | if [ $? != 0 ]; then exit 1; fi | ||
58 | #cmp fff.p ff.p2 | ||
59 | #if [ $? != 0 ]; then exit 1; fi | ||
60 | cmp fff.p ff.p3 | ||
61 | if [ $? != 0 ]; then exit 1; fi | ||
62 | |||
63 | #cmp f.t ff.t1 | ||
64 | #if [ $? != 0 ]; then exit 1; fi | ||
65 | #cmp f.t ff.t2 | ||
66 | #if [ $? != 0 ]; then exit 1; fi | ||
67 | #cmp f.t ff.t3 | ||
68 | #if [ $? != 0 ]; then exit 1; fi | ||
69 | |||
70 | cmp f.p ff.p1 | ||
71 | if [ $? != 0 ]; then exit 1; fi | ||
72 | #cmp f.p ff.p2 | ||
73 | #if [ $? != 0 ]; then exit 1; fi | ||
74 | cmp f.p ff.p3 | ||
75 | if [ $? != 0 ]; then exit 1; fi | ||
76 | |||
77 | /bin/rm -f f.* ff.* fff.* | ||
78 | exit 0 | ||
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf deleted file mode 100644 index faad3914a8..0000000000 --- a/src/lib/libssl/test/test.cnf +++ /dev/null | |||
@@ -1,88 +0,0 @@ | |||
1 | # | ||
2 | # SSLeay example configuration file. | ||
3 | # This is mostly being used for generation of certificate requests. | ||
4 | # | ||
5 | |||
6 | RANDFILE = ./.rnd | ||
7 | |||
8 | #################################################################### | ||
9 | [ ca ] | ||
10 | default_ca = CA_default # The default ca section | ||
11 | |||
12 | #################################################################### | ||
13 | [ CA_default ] | ||
14 | |||
15 | dir = ./demoCA # Where everything is kept | ||
16 | certs = $dir/certs # Where the issued certs are kept | ||
17 | crl_dir = $dir/crl # Where the issued crl are kept | ||
18 | database = $dir/index.txt # database index file. | ||
19 | new_certs_dir = $dir/new_certs # default place for new certs. | ||
20 | |||
21 | certificate = $dir/CAcert.pem # The CA certificate | ||
22 | serial = $dir/serial # The current serial number | ||
23 | crl = $dir/crl.pem # The current CRL | ||
24 | private_key = $dir/private/CAkey.pem# The private key | ||
25 | RANDFILE = $dir/private/.rand # private random number file | ||
26 | |||
27 | default_days = 365 # how long to certify for | ||
28 | default_crl_days= 30 # how long before next CRL | ||
29 | default_md = md5 # which md to use. | ||
30 | |||
31 | # A few difference way of specifying how similar the request should look | ||
32 | # For type CA, the listed attributes must be the same, and the optional | ||
33 | # and supplied fields are just that :-) | ||
34 | policy = policy_match | ||
35 | |||
36 | # For the CA policy | ||
37 | [ policy_match ] | ||
38 | countryName = match | ||
39 | stateOrProvinceName = match | ||
40 | organizationName = match | ||
41 | organizationalUnitName = optional | ||
42 | commonName = supplied | ||
43 | emailAddress = optional | ||
44 | |||
45 | # For the 'anything' policy | ||
46 | # At this point in time, you must list all acceptable 'object' | ||
47 | # types. | ||
48 | [ policy_anything ] | ||
49 | countryName = optional | ||
50 | stateOrProvinceName = optional | ||
51 | localityName = optional | ||
52 | organizationName = optional | ||
53 | organizationalUnitName = optional | ||
54 | commonName = supplied | ||
55 | emailAddress = optional | ||
56 | |||
57 | #################################################################### | ||
58 | [ req ] | ||
59 | default_bits = 512 | ||
60 | default_keyfile = testkey.pem | ||
61 | distinguished_name = req_distinguished_name | ||
62 | encrypt_rsa_key = no | ||
63 | |||
64 | [ req_distinguished_name ] | ||
65 | countryName = Country Name (2 letter code) | ||
66 | countryName_default = AU | ||
67 | countryName_value = AU | ||
68 | |||
69 | stateOrProvinceName = State or Province Name (full name) | ||
70 | stateOrProvinceName_default = Queensland | ||
71 | stateOrProvinceName_value = | ||
72 | |||
73 | localityName = Locality Name (eg, city) | ||
74 | localityName_value = Brisbane | ||
75 | |||
76 | organizationName = Organization Name (eg, company) | ||
77 | organizationName_default = | ||
78 | organizationName_value = CryptSoft Pty Ltd | ||
79 | |||
80 | organizationalUnitName = Organizational Unit Name (eg, section) | ||
81 | organizationalUnitName_default = | ||
82 | organizationalUnitName_value = . | ||
83 | |||
84 | commonName = Common Name (eg, YOUR name) | ||
85 | commonName_value = Eric Young | ||
86 | |||
87 | emailAddress = Email Address | ||
88 | emailAddress_value = eay@mincom.oz.au | ||
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni deleted file mode 100644 index e8fb63ee2b..0000000000 --- a/src/lib/libssl/test/test_aesni +++ /dev/null | |||
@@ -1,69 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | PROG=$1 | ||
4 | |||
5 | if [ -x $PROG ]; then | ||
6 | if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then | ||
7 | : | ||
8 | else | ||
9 | echo "$PROG is not OpenSSL executable" | ||
10 | exit 1 | ||
11 | fi | ||
12 | else | ||
13 | echo "$PROG is not executable" | ||
14 | exit 1; | ||
15 | fi | ||
16 | |||
17 | if $PROG engine aesni | grep -v no-aesni; then | ||
18 | |||
19 | HASH=`cat $PROG | $PROG dgst -hex` | ||
20 | |||
21 | AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ | ||
22 | aes-128-cbc aes-192-cbc aes-256-cbc \ | ||
23 | aes-128-cfb aes-192-cfb aes-256-cfb \ | ||
24 | aes-128-ofb aes-192-ofb aes-256-ofb" | ||
25 | BUFSIZE="16 32 48 64 80 96 128 144 999" | ||
26 | |||
27 | nerr=0 | ||
28 | |||
29 | for alg in $AES_ALGS; do | ||
30 | echo $alg | ||
31 | for bufsize in $BUFSIZE; do | ||
32 | TEST=`( cat $PROG | \ | ||
33 | $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ | ||
34 | $PROG enc -d -k "$HASH" -$alg | \ | ||
35 | $PROG dgst -hex ) 2>/dev/null` | ||
36 | if [ "$TEST" != "$HASH" ]; then | ||
37 | echo "-$alg/$bufsize encrypt test failed" | ||
38 | nerr=`expr $nerr + 1` | ||
39 | fi | ||
40 | done | ||
41 | for bufsize in $BUFSIZE; do | ||
42 | TEST=`( cat $PROG | \ | ||
43 | $PROG enc -e -k "$HASH" -$alg | \ | ||
44 | $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ | ||
45 | $PROG dgst -hex ) 2>/dev/null` | ||
46 | if [ "$TEST" != "$HASH" ]; then | ||
47 | echo "-$alg/$bufsize decrypt test failed" | ||
48 | nerr=`expr $nerr + 1` | ||
49 | fi | ||
50 | done | ||
51 | TEST=`( cat $PROG | \ | ||
52 | $PROG enc -e -k "$HASH" -$alg -engine aesni | \ | ||
53 | $PROG enc -d -k "$HASH" -$alg -engine aesni | \ | ||
54 | $PROG dgst -hex ) 2>/dev/null` | ||
55 | if [ "$TEST" != "$HASH" ]; then | ||
56 | echo "-$alg en/decrypt test failed" | ||
57 | nerr=`expr $nerr + 1` | ||
58 | fi | ||
59 | done | ||
60 | |||
61 | if [ $nerr -gt 0 ]; then | ||
62 | echo "AESNI engine test failed." | ||
63 | exit 1; | ||
64 | fi | ||
65 | else | ||
66 | echo "AESNI engine is not available" | ||
67 | fi | ||
68 | |||
69 | exit 0 | ||
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock deleted file mode 100755 index 5c0f21043c..0000000000 --- a/src/lib/libssl/test/test_padlock +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | PROG=$1 | ||
4 | |||
5 | if [ -x $PROG ]; then | ||
6 | if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then | ||
7 | : | ||
8 | else | ||
9 | echo "$PROG is not OpenSSL executable" | ||
10 | exit 1 | ||
11 | fi | ||
12 | else | ||
13 | echo "$PROG is not executable" | ||
14 | exit 1; | ||
15 | fi | ||
16 | |||
17 | if $PROG engine padlock | grep -v no-ACE; then | ||
18 | |||
19 | HASH=`cat $PROG | $PROG dgst -hex` | ||
20 | |||
21 | ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ | ||
22 | aes-128-cbc aes-192-cbc aes-256-cbc \ | ||
23 | aes-128-cfb aes-192-cfb aes-256-cfb \ | ||
24 | aes-128-ofb aes-192-ofb aes-256-ofb" | ||
25 | |||
26 | nerr=0 | ||
27 | |||
28 | for alg in $ACE_ALGS; do | ||
29 | echo $alg | ||
30 | TEST=`( cat $PROG | \ | ||
31 | $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ | ||
32 | $PROG enc -d -k "$HASH" -$alg | \ | ||
33 | $PROG dgst -hex ) 2>/dev/null` | ||
34 | if [ "$TEST" != "$HASH" ]; then | ||
35 | echo "-$alg encrypt test failed" | ||
36 | nerr=`expr $nerr + 1` | ||
37 | fi | ||
38 | TEST=`( cat $PROG | \ | ||
39 | $PROG enc -e -k "$HASH" -$alg | \ | ||
40 | $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ | ||
41 | $PROG dgst -hex ) 2>/dev/null` | ||
42 | if [ "$TEST" != "$HASH" ]; then | ||
43 | echo "-$alg decrypt test failed" | ||
44 | nerr=`expr $nerr + 1` | ||
45 | fi | ||
46 | TEST=`( cat $PROG | \ | ||
47 | $PROG enc -e -k "$HASH" -$alg -engine padlock | \ | ||
48 | $PROG enc -d -k "$HASH" -$alg -engine padlock | \ | ||
49 | $PROG dgst -hex ) 2>/dev/null` | ||
50 | if [ "$TEST" != "$HASH" ]; then | ||
51 | echo "-$alg en/decrypt test failed" | ||
52 | nerr=`expr $nerr + 1` | ||
53 | fi | ||
54 | done | ||
55 | |||
56 | if [ $nerr -gt 0 ]; then | ||
57 | echo "PadLock ACE test failed." | ||
58 | exit 1; | ||
59 | fi | ||
60 | else | ||
61 | echo "PadLock ACE is not available" | ||
62 | fi | ||
63 | |||
64 | exit 0 | ||
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca deleted file mode 100644 index b109cfe271..0000000000 --- a/src/lib/libssl/test/testca +++ /dev/null | |||
@@ -1,51 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | SH="/bin/sh" | ||
4 | if test "$OSTYPE" = msdosdjgpp; then | ||
5 | PATH="../apps\;$PATH" | ||
6 | else | ||
7 | PATH="../apps:$PATH" | ||
8 | fi | ||
9 | export SH PATH | ||
10 | |||
11 | SSLEAY_CONFIG="-config CAss.cnf" | ||
12 | export SSLEAY_CONFIG | ||
13 | |||
14 | OPENSSL="`pwd`/../util/opensslwrap.sh" | ||
15 | export OPENSSL | ||
16 | |||
17 | /bin/rm -fr demoCA | ||
18 | $SH ../apps/CA.sh -newca <<EOF | ||
19 | EOF | ||
20 | |||
21 | if [ $? != 0 ]; then | ||
22 | exit 1; | ||
23 | fi | ||
24 | |||
25 | SSLEAY_CONFIG="-config Uss.cnf" | ||
26 | export SSLEAY_CONFIG | ||
27 | $SH ../apps/CA.sh -newreq | ||
28 | if [ $? != 0 ]; then | ||
29 | exit 1; | ||
30 | fi | ||
31 | |||
32 | |||
33 | SSLEAY_CONFIG="-config ../apps/openssl.cnf" | ||
34 | export SSLEAY_CONFIG | ||
35 | $SH ../apps/CA.sh -sign <<EOF | ||
36 | y | ||
37 | y | ||
38 | EOF | ||
39 | if [ $? != 0 ]; then | ||
40 | exit 1; | ||
41 | fi | ||
42 | |||
43 | |||
44 | $SH ../apps/CA.sh -verify newcert.pem | ||
45 | if [ $? != 0 ]; then | ||
46 | exit 1; | ||
47 | fi | ||
48 | |||
49 | /bin/rm -fr demoCA newcert.pem newreq.pem | ||
50 | #usage: CA -newcert|-newreq|-newca|-sign|-verify | ||
51 | |||
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem deleted file mode 100644 index 0989788354..0000000000 --- a/src/lib/libssl/test/testcrl.pem +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | -----BEGIN X509 CRL----- | ||
2 | MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT | ||
3 | F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy | ||
4 | IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw | ||
5 | MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw | ||
6 | MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw | ||
7 | MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw | ||
8 | MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw | ||
9 | MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw | ||
10 | MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw | ||
11 | NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw | ||
12 | NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF | ||
13 | AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ | ||
14 | wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt | ||
15 | JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v | ||
16 | -----END X509 CRL----- | ||
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc deleted file mode 100644 index f5ce7c0c45..0000000000 --- a/src/lib/libssl/test/testenc +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | testsrc=Makefile | ||
4 | test=./p | ||
5 | cmd="../util/shlib_wrap.sh ../apps/openssl" | ||
6 | |||
7 | cat $testsrc >$test; | ||
8 | |||
9 | echo cat | ||
10 | $cmd enc < $test > $test.cipher | ||
11 | $cmd enc < $test.cipher >$test.clear | ||
12 | cmp $test $test.clear | ||
13 | if [ $? != 0 ] | ||
14 | then | ||
15 | exit 1 | ||
16 | else | ||
17 | /bin/rm $test.cipher $test.clear | ||
18 | fi | ||
19 | echo base64 | ||
20 | $cmd enc -a -e < $test > $test.cipher | ||
21 | $cmd enc -a -d < $test.cipher >$test.clear | ||
22 | cmp $test $test.clear | ||
23 | if [ $? != 0 ] | ||
24 | then | ||
25 | exit 1 | ||
26 | else | ||
27 | /bin/rm $test.cipher $test.clear | ||
28 | fi | ||
29 | |||
30 | for i in `$cmd list-cipher-commands` | ||
31 | do | ||
32 | echo $i | ||
33 | $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher | ||
34 | $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear | ||
35 | cmp $test $test.$i.clear | ||
36 | if [ $? != 0 ] | ||
37 | then | ||
38 | exit 1 | ||
39 | else | ||
40 | /bin/rm $test.$i.cipher $test.$i.clear | ||
41 | fi | ||
42 | |||
43 | echo $i base64 | ||
44 | $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher | ||
45 | $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear | ||
46 | cmp $test $test.$i.clear | ||
47 | if [ $? != 0 ] | ||
48 | then | ||
49 | exit 1 | ||
50 | else | ||
51 | /bin/rm $test.$i.cipher $test.$i.clear | ||
52 | fi | ||
53 | done | ||
54 | rm -f $test | ||
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen deleted file mode 100644 index 524c0d134c..0000000000 --- a/src/lib/libssl/test/testgen +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | T=testcert | ||
4 | KEY=512 | ||
5 | CA=../certs/testca.pem | ||
6 | |||
7 | /bin/rm -f $T.1 $T.2 $T.key | ||
8 | |||
9 | if test "$OSTYPE" = msdosdjgpp; then | ||
10 | PATH=../apps\;$PATH; | ||
11 | else | ||
12 | PATH=../apps:$PATH; | ||
13 | fi | ||
14 | export PATH | ||
15 | |||
16 | echo "generating certificate request" | ||
17 | |||
18 | echo "string to make the random number generator think it has entropy" >> ./.rnd | ||
19 | |||
20 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
21 | req_new='-newkey dsa:../apps/dsa512.pem' | ||
22 | else | ||
23 | req_new='-new' | ||
24 | echo "There should be a 2 sequences of .'s and some +'s." | ||
25 | echo "There should not be more that at most 80 per line" | ||
26 | fi | ||
27 | |||
28 | echo "This could take some time." | ||
29 | |||
30 | rm -f testkey.pem testreq.pem | ||
31 | |||
32 | ../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem | ||
33 | if [ $? != 0 ]; then | ||
34 | echo problems creating request | ||
35 | exit 1 | ||
36 | fi | ||
37 | |||
38 | ../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout | ||
39 | if [ $? != 0 ]; then | ||
40 | echo signature on req is wrong | ||
41 | exit 1 | ||
42 | fi | ||
43 | |||
44 | exit 0 | ||
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem deleted file mode 100644 index e5b7866c31..0000000000 --- a/src/lib/libssl/test/testp7.pem +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | -----BEGIN PKCS7----- | ||
2 | MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE | ||
3 | cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw | ||
4 | DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV | ||
5 | BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw | ||
6 | HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 | ||
7 | ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln | ||
8 | biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E | ||
9 | aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy | ||
10 | aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M | ||
11 | VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq | ||
12 | UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC | ||
13 | AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR | ||
14 | BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 | ||
15 | ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 | ||
16 | IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l | ||
17 | bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t | ||
18 | L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t | ||
19 | OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s | ||
20 | IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 | ||
21 | ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 | ||
22 | cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ | ||
23 | QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC | ||
24 | MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu | ||
25 | AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr | ||
26 | cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC | ||
27 | AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | ||
28 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | ||
29 | QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu | ||
30 | dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp | ||
31 | Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 | ||
32 | DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES | ||
33 | TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE | ||
34 | AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD | ||
35 | 2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU | ||
36 | 47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | ||
37 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | ||
38 | QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB | ||
39 | AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl | ||
40 | ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE | ||
41 | BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW | ||
42 | ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 | ||
43 | MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW | ||
44 | sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 | ||
45 | XfZsaiiIgotQHjEA | ||
46 | -----END PKCS7----- | ||
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem deleted file mode 100644 index c3cdcffcbc..0000000000 --- a/src/lib/libssl/test/testreq2.pem +++ /dev/null | |||
@@ -1,7 +0,0 @@ | |||
1 | -----BEGIN CERTIFICATE REQUEST----- | ||
2 | MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC | ||
3 | QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG | ||
4 | DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq | ||
5 | hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi | ||
6 | gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= | ||
7 | -----END CERTIFICATE REQUEST----- | ||
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem deleted file mode 100644 index aad21067a8..0000000000 --- a/src/lib/libssl/test/testrsa.pem +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | -----BEGIN RSA PRIVATE KEY----- | ||
2 | MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I | ||
3 | Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R | ||
4 | rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy | ||
5 | oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S | ||
6 | mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz | ||
7 | rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA | ||
8 | mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= | ||
9 | -----END RSA PRIVATE KEY----- | ||
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem deleted file mode 100644 index 7ffd008f66..0000000000 --- a/src/lib/libssl/test/testsid.pem +++ /dev/null | |||
@@ -1,12 +0,0 @@ | |||
1 | -----BEGIN SSL SESSION PARAMETERS----- | ||
2 | MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV | ||
3 | bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw | ||
4 | ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz | ||
5 | YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG | ||
6 | A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk | ||
7 | LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G | ||
8 | CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD | ||
9 | TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI | ||
10 | hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L | ||
11 | CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0 | ||
12 | -----END SSL SESSION PARAMETERS----- | ||
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss deleted file mode 100644 index 1a426857d3..0000000000 --- a/src/lib/libssl/test/testss +++ /dev/null | |||
@@ -1,163 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | digest='-sha1' | ||
4 | reqcmd="../util/shlib_wrap.sh ../apps/openssl req" | ||
5 | x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" | ||
6 | verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" | ||
7 | dummycnf="../apps/openssl.cnf" | ||
8 | |||
9 | CAkey="keyCA.ss" | ||
10 | CAcert="certCA.ss" | ||
11 | CAreq="reqCA.ss" | ||
12 | CAconf="CAss.cnf" | ||
13 | CAreq2="req2CA.ss" # temp | ||
14 | |||
15 | Uconf="Uss.cnf" | ||
16 | Ukey="keyU.ss" | ||
17 | Ureq="reqU.ss" | ||
18 | Ucert="certU.ss" | ||
19 | |||
20 | P1conf="P1ss.cnf" | ||
21 | P1key="keyP1.ss" | ||
22 | P1req="reqP1.ss" | ||
23 | P1cert="certP1.ss" | ||
24 | P1intermediate="tmp_intP1.ss" | ||
25 | |||
26 | P2conf="P2ss.cnf" | ||
27 | P2key="keyP2.ss" | ||
28 | P2req="reqP2.ss" | ||
29 | P2cert="certP2.ss" | ||
30 | P2intermediate="tmp_intP2.ss" | ||
31 | |||
32 | echo | ||
33 | echo "make a certificate request using 'req'" | ||
34 | |||
35 | echo "string to make the random number generator think it has entropy" >> ./.rnd | ||
36 | |||
37 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
38 | req_new='-newkey dsa:../apps/dsa512.pem' | ||
39 | else | ||
40 | req_new='-new' | ||
41 | fi | ||
42 | |||
43 | $reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss | ||
44 | if [ $? != 0 ]; then | ||
45 | echo "error using 'req' to generate a certificate request" | ||
46 | exit 1 | ||
47 | fi | ||
48 | echo | ||
49 | echo "convert the certificate request into a self signed certificate using 'x509'" | ||
50 | $x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss | ||
51 | if [ $? != 0 ]; then | ||
52 | echo "error using 'x509' to self sign a certificate request" | ||
53 | exit 1 | ||
54 | fi | ||
55 | |||
56 | echo | ||
57 | echo "convert a certificate into a certificate request using 'x509'" | ||
58 | $x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss | ||
59 | if [ $? != 0 ]; then | ||
60 | echo "error using 'x509' convert a certificate to a certificate request" | ||
61 | exit 1 | ||
62 | fi | ||
63 | |||
64 | $reqcmd -config $dummycnf -verify -in $CAreq -noout | ||
65 | if [ $? != 0 ]; then | ||
66 | echo first generated request is invalid | ||
67 | exit 1 | ||
68 | fi | ||
69 | |||
70 | $reqcmd -config $dummycnf -verify -in $CAreq2 -noout | ||
71 | if [ $? != 0 ]; then | ||
72 | echo second generated request is invalid | ||
73 | exit 1 | ||
74 | fi | ||
75 | |||
76 | $verifycmd -CAfile $CAcert $CAcert | ||
77 | if [ $? != 0 ]; then | ||
78 | echo first generated cert is invalid | ||
79 | exit 1 | ||
80 | fi | ||
81 | |||
82 | echo | ||
83 | echo "make a user certificate request using 'req'" | ||
84 | $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss | ||
85 | if [ $? != 0 ]; then | ||
86 | echo "error using 'req' to generate a user certificate request" | ||
87 | exit 1 | ||
88 | fi | ||
89 | |||
90 | echo | ||
91 | echo "sign user certificate request with the just created CA via 'x509'" | ||
92 | $x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss | ||
93 | if [ $? != 0 ]; then | ||
94 | echo "error using 'x509' to sign a user certificate request" | ||
95 | exit 1 | ||
96 | fi | ||
97 | |||
98 | $verifycmd -CAfile $CAcert $Ucert | ||
99 | echo | ||
100 | echo "Certificate details" | ||
101 | $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert | ||
102 | |||
103 | echo | ||
104 | echo "make a proxy certificate request using 'req'" | ||
105 | $reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss | ||
106 | if [ $? != 0 ]; then | ||
107 | echo "error using 'req' to generate a proxy certificate request" | ||
108 | exit 1 | ||
109 | fi | ||
110 | |||
111 | echo | ||
112 | echo "sign proxy certificate request with the just created user certificate via 'x509'" | ||
113 | $x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss | ||
114 | if [ $? != 0 ]; then | ||
115 | echo "error using 'x509' to sign a proxy certificate request" | ||
116 | exit 1 | ||
117 | fi | ||
118 | |||
119 | cat $Ucert > $P1intermediate | ||
120 | $verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert | ||
121 | echo | ||
122 | echo "Certificate details" | ||
123 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert | ||
124 | |||
125 | echo | ||
126 | echo "make another proxy certificate request using 'req'" | ||
127 | $reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss | ||
128 | if [ $? != 0 ]; then | ||
129 | echo "error using 'req' to generate another proxy certificate request" | ||
130 | exit 1 | ||
131 | fi | ||
132 | |||
133 | echo | ||
134 | echo "sign second proxy certificate request with the first proxy certificate via 'x509'" | ||
135 | $x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss | ||
136 | if [ $? != 0 ]; then | ||
137 | echo "error using 'x509' to sign a second proxy certificate request" | ||
138 | exit 1 | ||
139 | fi | ||
140 | |||
141 | cat $Ucert $P1cert > $P2intermediate | ||
142 | $verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert | ||
143 | echo | ||
144 | echo "Certificate details" | ||
145 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert | ||
146 | |||
147 | echo | ||
148 | echo The generated CA certificate is $CAcert | ||
149 | echo The generated CA private key is $CAkey | ||
150 | |||
151 | echo The generated user certificate is $Ucert | ||
152 | echo The generated user private key is $Ukey | ||
153 | |||
154 | echo The first generated proxy certificate is $P1cert | ||
155 | echo The first generated proxy private key is $P1key | ||
156 | |||
157 | echo The second generated proxy certificate is $P2cert | ||
158 | echo The second generated proxy private key is $P2key | ||
159 | |||
160 | /bin/rm err.ss | ||
161 | #/bin/rm $P1intermediate | ||
162 | #/bin/rm $P2intermediate | ||
163 | exit 0 | ||
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl deleted file mode 100644 index b55364ae88..0000000000 --- a/src/lib/libssl/test/testssl +++ /dev/null | |||
@@ -1,151 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | if [ "$1" = "" ]; then | ||
4 | key=../apps/server.pem | ||
5 | else | ||
6 | key="$1" | ||
7 | fi | ||
8 | if [ "$2" = "" ]; then | ||
9 | cert=../apps/server.pem | ||
10 | else | ||
11 | cert="$2" | ||
12 | fi | ||
13 | ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" | ||
14 | |||
15 | if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then | ||
16 | dsa_cert=YES | ||
17 | else | ||
18 | dsa_cert=NO | ||
19 | fi | ||
20 | |||
21 | if [ "$3" = "" ]; then | ||
22 | CA="-CApath ../certs" | ||
23 | else | ||
24 | CA="-CAfile $3" | ||
25 | fi | ||
26 | |||
27 | if [ "$4" = "" ]; then | ||
28 | extra="" | ||
29 | else | ||
30 | extra="$4" | ||
31 | fi | ||
32 | |||
33 | ############################################################################# | ||
34 | |||
35 | echo test sslv2 | ||
36 | $ssltest -ssl2 $extra || exit 1 | ||
37 | |||
38 | echo test sslv2 with server authentication | ||
39 | $ssltest -ssl2 -server_auth $CA $extra || exit 1 | ||
40 | |||
41 | if [ $dsa_cert = NO ]; then | ||
42 | echo test sslv2 with client authentication | ||
43 | $ssltest -ssl2 -client_auth $CA $extra || exit 1 | ||
44 | |||
45 | echo test sslv2 with both client and server authentication | ||
46 | $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 | ||
47 | fi | ||
48 | |||
49 | echo test sslv3 | ||
50 | $ssltest -ssl3 $extra || exit 1 | ||
51 | |||
52 | echo test sslv3 with server authentication | ||
53 | $ssltest -ssl3 -server_auth $CA $extra || exit 1 | ||
54 | |||
55 | echo test sslv3 with client authentication | ||
56 | $ssltest -ssl3 -client_auth $CA $extra || exit 1 | ||
57 | |||
58 | echo test sslv3 with both client and server authentication | ||
59 | $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 | ||
60 | |||
61 | echo test sslv2/sslv3 | ||
62 | $ssltest $extra || exit 1 | ||
63 | |||
64 | echo test sslv2/sslv3 with server authentication | ||
65 | $ssltest -server_auth $CA $extra || exit 1 | ||
66 | |||
67 | echo test sslv2/sslv3 with client authentication | ||
68 | $ssltest -client_auth $CA $extra || exit 1 | ||
69 | |||
70 | echo test sslv2/sslv3 with both client and server authentication | ||
71 | $ssltest -server_auth -client_auth $CA $extra || exit 1 | ||
72 | |||
73 | echo test sslv2 via BIO pair | ||
74 | $ssltest -bio_pair -ssl2 $extra || exit 1 | ||
75 | |||
76 | echo test sslv2 with server authentication via BIO pair | ||
77 | $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 | ||
78 | |||
79 | if [ $dsa_cert = NO ]; then | ||
80 | echo test sslv2 with client authentication via BIO pair | ||
81 | $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 | ||
82 | |||
83 | echo test sslv2 with both client and server authentication via BIO pair | ||
84 | $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 | ||
85 | fi | ||
86 | |||
87 | echo test sslv3 via BIO pair | ||
88 | $ssltest -bio_pair -ssl3 $extra || exit 1 | ||
89 | |||
90 | echo test sslv3 with server authentication via BIO pair | ||
91 | $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 | ||
92 | |||
93 | echo test sslv3 with client authentication via BIO pair | ||
94 | $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 | ||
95 | |||
96 | echo test sslv3 with both client and server authentication via BIO pair | ||
97 | $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 | ||
98 | |||
99 | echo test sslv2/sslv3 via BIO pair | ||
100 | $ssltest $extra || exit 1 | ||
101 | |||
102 | if [ $dsa_cert = NO ]; then | ||
103 | echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' | ||
104 | $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 | ||
105 | fi | ||
106 | |||
107 | echo test sslv2/sslv3 with 1024bit DHE via BIO pair | ||
108 | $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 | ||
109 | |||
110 | echo test sslv2/sslv3 with server authentication | ||
111 | $ssltest -bio_pair -server_auth $CA $extra || exit 1 | ||
112 | |||
113 | echo test sslv2/sslv3 with client authentication via BIO pair | ||
114 | $ssltest -bio_pair -client_auth $CA $extra || exit 1 | ||
115 | |||
116 | echo test sslv2/sslv3 with both client and server authentication via BIO pair | ||
117 | $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 | ||
118 | |||
119 | echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify | ||
120 | $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 | ||
121 | |||
122 | ############################################################################# | ||
123 | |||
124 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then | ||
125 | echo skipping anonymous DH tests | ||
126 | else | ||
127 | echo test tls1 with 1024bit anonymous DH, multiple handshakes | ||
128 | $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 | ||
129 | fi | ||
130 | |||
131 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
132 | echo skipping RSA tests | ||
133 | else | ||
134 | echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' | ||
135 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 | ||
136 | |||
137 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then | ||
138 | echo skipping RSA+DHE tests | ||
139 | else | ||
140 | echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes | ||
141 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 | ||
142 | fi | ||
143 | fi | ||
144 | |||
145 | echo test tls1 with PSK | ||
146 | $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 | ||
147 | |||
148 | echo test tls1 with PSK via BIO pair | ||
149 | $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 | ||
150 | |||
151 | exit 0 | ||
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy deleted file mode 100644 index 58bbda8ab7..0000000000 --- a/src/lib/libssl/test/testsslproxy +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | #! /bin/sh | ||
2 | |||
3 | echo 'Testing a lot of proxy conditions.' | ||
4 | echo 'Some of them may turn out being invalid, which is fine.' | ||
5 | for auth in A B C BC; do | ||
6 | for cond in A B C 'A|B&!C'; do | ||
7 | sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" | ||
8 | if [ $? = 3 ]; then exit 1; fi | ||
9 | done | ||
10 | done | ||
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa deleted file mode 100644 index bb653b5f73..0000000000 --- a/src/lib/libssl/test/testtsa +++ /dev/null | |||
@@ -1,238 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | # | ||
4 | # A few very basic tests for the 'ts' time stamping authority command. | ||
5 | # | ||
6 | |||
7 | SH="/bin/sh" | ||
8 | if test "$OSTYPE" = msdosdjgpp; then | ||
9 | PATH="../apps\;$PATH" | ||
10 | else | ||
11 | PATH="../apps:$PATH" | ||
12 | fi | ||
13 | export SH PATH | ||
14 | |||
15 | OPENSSL_CONF="../CAtsa.cnf" | ||
16 | export OPENSSL_CONF | ||
17 | # Because that's what ../apps/CA.sh really looks at | ||
18 | SSLEAY_CONFIG="-config $OPENSSL_CONF" | ||
19 | export SSLEAY_CONFIG | ||
20 | |||
21 | OPENSSL="`pwd`/../util/opensslwrap.sh" | ||
22 | export OPENSSL | ||
23 | |||
24 | error () { | ||
25 | |||
26 | echo "TSA test failed!" >&2 | ||
27 | exit 1 | ||
28 | } | ||
29 | |||
30 | setup_dir () { | ||
31 | |||
32 | rm -rf tsa 2>/dev/null | ||
33 | mkdir tsa | ||
34 | cd ./tsa | ||
35 | } | ||
36 | |||
37 | clean_up_dir () { | ||
38 | |||
39 | cd .. | ||
40 | rm -rf tsa | ||
41 | } | ||
42 | |||
43 | create_ca () { | ||
44 | |||
45 | echo "Creating a new CA for the TSA tests..." | ||
46 | TSDNSECT=ts_ca_dn | ||
47 | export TSDNSECT | ||
48 | ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ | ||
49 | -out tsaca.pem -keyout tsacakey.pem | ||
50 | test $? != 0 && error | ||
51 | } | ||
52 | |||
53 | create_tsa_cert () { | ||
54 | |||
55 | INDEX=$1 | ||
56 | export INDEX | ||
57 | EXT=$2 | ||
58 | TSDNSECT=ts_cert_dn | ||
59 | export TSDNSECT | ||
60 | |||
61 | ../../util/shlib_wrap.sh ../../apps/openssl req -new \ | ||
62 | -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem | ||
63 | test $? != 0 && error | ||
64 | echo Using extension $EXT | ||
65 | ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ | ||
66 | -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ | ||
67 | -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ | ||
68 | -extfile $OPENSSL_CONF -extensions $EXT | ||
69 | test $? != 0 && error | ||
70 | } | ||
71 | |||
72 | print_request () { | ||
73 | |||
74 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text | ||
75 | } | ||
76 | |||
77 | create_time_stamp_request1 () { | ||
78 | |||
79 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq | ||
80 | test $? != 0 && error | ||
81 | } | ||
82 | |||
83 | create_time_stamp_request2 () { | ||
84 | |||
85 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ | ||
86 | -out req2.tsq | ||
87 | test $? != 0 && error | ||
88 | } | ||
89 | |||
90 | create_time_stamp_request3 () { | ||
91 | |||
92 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq | ||
93 | test $? != 0 && error | ||
94 | } | ||
95 | |||
96 | print_response () { | ||
97 | |||
98 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text | ||
99 | test $? != 0 && error | ||
100 | } | ||
101 | |||
102 | create_time_stamp_response () { | ||
103 | |||
104 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 | ||
105 | test $? != 0 && error | ||
106 | } | ||
107 | |||
108 | time_stamp_response_token_test () { | ||
109 | |||
110 | RESPONSE2=$2.copy.tsr | ||
111 | TOKEN_DER=$2.token.der | ||
112 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out | ||
113 | test $? != 0 && error | ||
114 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 | ||
115 | test $? != 0 && error | ||
116 | cmp $RESPONSE2 $2 | ||
117 | test $? != 0 && error | ||
118 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out | ||
119 | test $? != 0 && error | ||
120 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out | ||
121 | test $? != 0 && error | ||
122 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out | ||
123 | test $? != 0 && error | ||
124 | } | ||
125 | |||
126 | verify_time_stamp_response () { | ||
127 | |||
128 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ | ||
129 | -untrusted tsa_cert1.pem | ||
130 | test $? != 0 && error | ||
131 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ | ||
132 | -untrusted tsa_cert1.pem | ||
133 | test $? != 0 && error | ||
134 | } | ||
135 | |||
136 | verify_time_stamp_token () { | ||
137 | |||
138 | # create the token from the response first | ||
139 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out | ||
140 | test $? != 0 && error | ||
141 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ | ||
142 | -CAfile tsaca.pem -untrusted tsa_cert1.pem | ||
143 | test $? != 0 && error | ||
144 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ | ||
145 | -CAfile tsaca.pem -untrusted tsa_cert1.pem | ||
146 | test $? != 0 && error | ||
147 | } | ||
148 | |||
149 | verify_time_stamp_response_fail () { | ||
150 | |||
151 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ | ||
152 | -untrusted tsa_cert1.pem | ||
153 | # Checks if the verification failed, as it should have. | ||
154 | test $? = 0 && error | ||
155 | echo Ok | ||
156 | } | ||
157 | |||
158 | # main functions | ||
159 | |||
160 | echo "Setting up TSA test directory..." | ||
161 | setup_dir | ||
162 | |||
163 | echo "Creating CA for TSA tests..." | ||
164 | create_ca | ||
165 | |||
166 | echo "Creating tsa_cert1.pem TSA server cert..." | ||
167 | create_tsa_cert 1 tsa_cert | ||
168 | |||
169 | echo "Creating tsa_cert2.pem non-TSA server cert..." | ||
170 | create_tsa_cert 2 non_tsa_cert | ||
171 | |||
172 | echo "Creating req1.req time stamp request for file testtsa..." | ||
173 | create_time_stamp_request1 | ||
174 | |||
175 | echo "Printing req1.req..." | ||
176 | print_request req1.tsq | ||
177 | |||
178 | echo "Generating valid response for req1.req..." | ||
179 | create_time_stamp_response req1.tsq resp1.tsr tsa_config1 | ||
180 | |||
181 | echo "Printing response..." | ||
182 | print_response resp1.tsr | ||
183 | |||
184 | echo "Verifying valid response..." | ||
185 | verify_time_stamp_response req1.tsq resp1.tsr ../testtsa | ||
186 | |||
187 | echo "Verifying valid token..." | ||
188 | verify_time_stamp_token req1.tsq resp1.tsr ../testtsa | ||
189 | |||
190 | # The tests below are commented out, because invalid signer certificates | ||
191 | # can no longer be specified in the config file. | ||
192 | |||
193 | # echo "Generating _invalid_ response for req1.req..." | ||
194 | # create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 | ||
195 | |||
196 | # echo "Printing response..." | ||
197 | # print_response resp1_bad.tsr | ||
198 | |||
199 | # echo "Verifying invalid response, it should fail..." | ||
200 | # verify_time_stamp_response_fail req1.tsq resp1_bad.tsr | ||
201 | |||
202 | echo "Creating req2.req time stamp request for file testtsa..." | ||
203 | create_time_stamp_request2 | ||
204 | |||
205 | echo "Printing req2.req..." | ||
206 | print_request req2.tsq | ||
207 | |||
208 | echo "Generating valid response for req2.req..." | ||
209 | create_time_stamp_response req2.tsq resp2.tsr tsa_config1 | ||
210 | |||
211 | echo "Checking '-token_in' and '-token_out' options with '-reply'..." | ||
212 | time_stamp_response_token_test req2.tsq resp2.tsr | ||
213 | |||
214 | echo "Printing response..." | ||
215 | print_response resp2.tsr | ||
216 | |||
217 | echo "Verifying valid response..." | ||
218 | verify_time_stamp_response req2.tsq resp2.tsr ../testtsa | ||
219 | |||
220 | echo "Verifying response against wrong request, it should fail..." | ||
221 | verify_time_stamp_response_fail req1.tsq resp2.tsr | ||
222 | |||
223 | echo "Verifying response against wrong request, it should fail..." | ||
224 | verify_time_stamp_response_fail req2.tsq resp1.tsr | ||
225 | |||
226 | echo "Creating req3.req time stamp request for file CAtsa.cnf..." | ||
227 | create_time_stamp_request3 | ||
228 | |||
229 | echo "Printing req3.req..." | ||
230 | print_request req3.tsq | ||
231 | |||
232 | echo "Verifying response against wrong request, it should fail..." | ||
233 | verify_time_stamp_response_fail req3.tsq resp1.tsr | ||
234 | |||
235 | echo "Cleaning up..." | ||
236 | clean_up_dir | ||
237 | |||
238 | exit 0 | ||
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem deleted file mode 100644 index 8a85d14964..0000000000 --- a/src/lib/libssl/test/testx509.pem +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV | ||
3 | BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz | ||
4 | MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM | ||
5 | RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF | ||
6 | AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO | ||
7 | /Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE | ||
8 | Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ | ||
9 | zl9HYIMxATFyqSiD9jsx | ||
10 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times deleted file mode 100644 index 6b66eb342e..0000000000 --- a/src/lib/libssl/test/times +++ /dev/null | |||
@@ -1,113 +0,0 @@ | |||
1 | |||
2 | More number for the questions about SSL overheads.... | ||
3 | |||
4 | The following numbers were generated on a Pentium pro 200, running Linux. | ||
5 | They give an indication of the SSL protocol and encryption overheads. | ||
6 | |||
7 | The program that generated them is an unreleased version of ssl/ssltest.c | ||
8 | which is the SSLeay ssl protocol testing program. It is a single process that | ||
9 | talks both sides of the SSL protocol via a non-blocking memory buffer | ||
10 | interface. | ||
11 | |||
12 | How do I read this? The protocol and cipher are reasonable obvious. | ||
13 | The next number is the number of connections being made. The next is the | ||
14 | number of bytes exchanged between the client and server side of the protocol. | ||
15 | This is the number of bytes that the client sends to the server, and then | ||
16 | the server sends back. Because this is all happening in one process, | ||
17 | the data is being encrypted, decrypted, encrypted and then decrypted again. | ||
18 | It is a round trip of that many bytes. Because the one process performs | ||
19 | both the client and server sides of the protocol and it sends this many bytes | ||
20 | each direction, multiply this number by 4 to generate the number | ||
21 | of bytes encrypted/decrypted/MACed. The first time value is how many seconds | ||
22 | elapsed doing a full SSL handshake, the second is the cost of one | ||
23 | full handshake and the rest being session-id reuse. | ||
24 | |||
25 | SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s | ||
26 | SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s | ||
27 | SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s | ||
28 | SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA | ||
29 | SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s | ||
30 | SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s | ||
31 | SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s | ||
32 | |||
33 | SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s | ||
34 | SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s | ||
35 | SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA | ||
36 | SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s | ||
37 | SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s | ||
38 | SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s | ||
39 | |||
40 | SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s | ||
41 | SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s | ||
42 | SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s | ||
43 | SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA | ||
44 | SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s | ||
45 | SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s | ||
46 | SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s | ||
47 | |||
48 | SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s | ||
49 | SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s | ||
50 | SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s | ||
51 | SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA | ||
52 | SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s | ||
53 | SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s | ||
54 | SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s | ||
55 | |||
56 | What does this all mean? Well for a server, with no session-id reuse, with | ||
57 | a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, | ||
58 | a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of | ||
59 | about 49 connections a second. Reality will be quite different :-). | ||
60 | |||
61 | Remember the first number is 1000 full ssl handshakes, the second is | ||
62 | 1 full and 999 with session-id reuse. The RSA overheads for each exchange | ||
63 | would be one public and one private operation, but the protocol/MAC/cipher | ||
64 | cost would be quite similar in both the client and server. | ||
65 | |||
66 | eric (adding numbers to speculation) | ||
67 | |||
68 | --- Appendix --- | ||
69 | - The time measured is user time but these number a very rough. | ||
70 | - Remember this is the cost of both client and server sides of the protocol. | ||
71 | - The TCP/kernel overhead of connection establishment is normally the | ||
72 | killer in SSL. Often delays in the TCP protocol will make session-id | ||
73 | reuse look slower that new sessions, but this would not be the case on | ||
74 | a loaded server. | ||
75 | - The TCP round trip latencies, while slowing individual connections, | ||
76 | would have minimal impact on throughput. | ||
77 | - Instead of sending one 102400 byte buffer, one 8k buffer is sent until | ||
78 | - the required number of bytes are processed. | ||
79 | - The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. | ||
80 | - A 512bit server key was being used except where noted. | ||
81 | - No server key verification was being performed on the client side of the | ||
82 | protocol. This would slow things down very little. | ||
83 | - The library being used is SSLeay 0.8.x. | ||
84 | - The normal measuring system was commands of the form | ||
85 | time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse | ||
86 | This modified version of ssltest should be in the next public release of | ||
87 | SSLeay. | ||
88 | |||
89 | The general cipher performance number for this platform are | ||
90 | |||
91 | SSLeay 0.8.2a 04-Sep-1997 | ||
92 | built on Fri Sep 5 17:37:05 EST 1997 | ||
93 | options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) | ||
94 | C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized | ||
95 | The 'numbers' are in 1000s of bytes per second processed. | ||
96 | type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes | ||
97 | md2 131.02k 368.41k 500.57k 549.21k 566.09k | ||
98 | mdc2 535.60k 589.10k 595.88k 595.97k 594.54k | ||
99 | md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k | ||
100 | sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k | ||
101 | sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k | ||
102 | rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k | ||
103 | des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k | ||
104 | des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k | ||
105 | idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k | ||
106 | rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k | ||
107 | blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k | ||
108 | sign verify | ||
109 | rsa 512 bits 0.0100s 0.0011s | ||
110 | rsa 1024 bits 0.0451s 0.0012s | ||
111 | rsa 2048 bits 0.2605s 0.0086s | ||
112 | rsa 4096 bits 1.6883s 0.0302s | ||
113 | |||
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7 deleted file mode 100644 index 3e435ffbf9..0000000000 --- a/src/lib/libssl/test/tpkcs7 +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | ||
4 | |||
5 | if [ "$1"x != "x" ]; then | ||
6 | t=$1 | ||
7 | else | ||
8 | t=testp7.pem | ||
9 | fi | ||
10 | |||
11 | echo testing pkcs7 conversions | ||
12 | cp $t fff.p | ||
13 | |||
14 | echo "p -> d" | ||
15 | $cmd -in fff.p -inform p -outform d >f.d | ||
16 | if [ $? != 0 ]; then exit 1; fi | ||
17 | echo "p -> p" | ||
18 | $cmd -in fff.p -inform p -outform p >f.p | ||
19 | if [ $? != 0 ]; then exit 1; fi | ||
20 | |||
21 | echo "d -> d" | ||
22 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
23 | if [ $? != 0 ]; then exit 1; fi | ||
24 | echo "p -> d" | ||
25 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
26 | if [ $? != 0 ]; then exit 1; fi | ||
27 | |||
28 | echo "d -> p" | ||
29 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
30 | if [ $? != 0 ]; then exit 1; fi | ||
31 | echo "p -> p" | ||
32 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
33 | if [ $? != 0 ]; then exit 1; fi | ||
34 | |||
35 | cmp fff.p f.p | ||
36 | if [ $? != 0 ]; then exit 1; fi | ||
37 | cmp fff.p ff.p1 | ||
38 | if [ $? != 0 ]; then exit 1; fi | ||
39 | cmp fff.p ff.p3 | ||
40 | if [ $? != 0 ]; then exit 1; fi | ||
41 | |||
42 | cmp f.p ff.p1 | ||
43 | if [ $? != 0 ]; then exit 1; fi | ||
44 | cmp f.p ff.p3 | ||
45 | if [ $? != 0 ]; then exit 1; fi | ||
46 | |||
47 | /bin/rm -f f.* ff.* fff.* | ||
48 | exit 0 | ||
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d deleted file mode 100644 index 64fc28e88f..0000000000 --- a/src/lib/libssl/test/tpkcs7d +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | ||
4 | |||
5 | if [ "$1"x != "x" ]; then | ||
6 | t=$1 | ||
7 | else | ||
8 | t=pkcs7-1.pem | ||
9 | fi | ||
10 | |||
11 | echo "testing pkcs7 conversions (2)" | ||
12 | cp $t fff.p | ||
13 | |||
14 | echo "p -> d" | ||
15 | $cmd -in fff.p -inform p -outform d >f.d | ||
16 | if [ $? != 0 ]; then exit 1; fi | ||
17 | echo "p -> p" | ||
18 | $cmd -in fff.p -inform p -outform p >f.p | ||
19 | if [ $? != 0 ]; then exit 1; fi | ||
20 | |||
21 | echo "d -> d" | ||
22 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
23 | if [ $? != 0 ]; then exit 1; fi | ||
24 | echo "p -> d" | ||
25 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
26 | if [ $? != 0 ]; then exit 1; fi | ||
27 | |||
28 | echo "d -> p" | ||
29 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
30 | if [ $? != 0 ]; then exit 1; fi | ||
31 | echo "p -> p" | ||
32 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
33 | if [ $? != 0 ]; then exit 1; fi | ||
34 | |||
35 | cmp f.p ff.p1 | ||
36 | if [ $? != 0 ]; then exit 1; fi | ||
37 | cmp f.p ff.p3 | ||
38 | if [ $? != 0 ]; then exit 1; fi | ||
39 | |||
40 | /bin/rm -f f.* ff.* fff.* | ||
41 | exit 0 | ||
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq deleted file mode 100644 index 77f37dcf3a..0000000000 --- a/src/lib/libssl/test/treq +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' | ||
4 | |||
5 | if [ "$1"x != "x" ]; then | ||
6 | t=$1 | ||
7 | else | ||
8 | t=testreq.pem | ||
9 | fi | ||
10 | |||
11 | if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then | ||
12 | echo "skipping req conversion test for $t" | ||
13 | exit 0 | ||
14 | fi | ||
15 | |||
16 | echo testing req conversions | ||
17 | cp $t fff.p | ||
18 | |||
19 | echo "p -> d" | ||
20 | $cmd -in fff.p -inform p -outform d >f.d | ||
21 | if [ $? != 0 ]; then exit 1; fi | ||
22 | #echo "p -> t" | ||
23 | #$cmd -in fff.p -inform p -outform t >f.t | ||
24 | #if [ $? != 0 ]; then exit 1; fi | ||
25 | echo "p -> p" | ||
26 | $cmd -in fff.p -inform p -outform p >f.p | ||
27 | if [ $? != 0 ]; then exit 1; fi | ||
28 | |||
29 | echo "d -> d" | ||
30 | $cmd -verify -in f.d -inform d -outform d >ff.d1 | ||
31 | if [ $? != 0 ]; then exit 1; fi | ||
32 | #echo "t -> d" | ||
33 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
34 | #if [ $? != 0 ]; then exit 1; fi | ||
35 | echo "p -> d" | ||
36 | $cmd -verify -in f.p -inform p -outform d >ff.d3 | ||
37 | if [ $? != 0 ]; then exit 1; fi | ||
38 | |||
39 | #echo "d -> t" | ||
40 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
41 | #if [ $? != 0 ]; then exit 1; fi | ||
42 | #echo "t -> t" | ||
43 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
44 | #if [ $? != 0 ]; then exit 1; fi | ||
45 | #echo "p -> t" | ||
46 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
47 | #if [ $? != 0 ]; then exit 1; fi | ||
48 | |||
49 | echo "d -> p" | ||
50 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
51 | if [ $? != 0 ]; then exit 1; fi | ||
52 | #echo "t -> p" | ||
53 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
54 | #if [ $? != 0 ]; then exit 1; fi | ||
55 | echo "p -> p" | ||
56 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
57 | if [ $? != 0 ]; then exit 1; fi | ||
58 | |||
59 | cmp fff.p f.p | ||
60 | if [ $? != 0 ]; then exit 1; fi | ||
61 | cmp fff.p ff.p1 | ||
62 | if [ $? != 0 ]; then exit 1; fi | ||
63 | #cmp fff.p ff.p2 | ||
64 | #if [ $? != 0 ]; then exit 1; fi | ||
65 | cmp fff.p ff.p3 | ||
66 | if [ $? != 0 ]; then exit 1; fi | ||
67 | |||
68 | #cmp f.t ff.t1 | ||
69 | #if [ $? != 0 ]; then exit 1; fi | ||
70 | #cmp f.t ff.t2 | ||
71 | #if [ $? != 0 ]; then exit 1; fi | ||
72 | #cmp f.t ff.t3 | ||
73 | #if [ $? != 0 ]; then exit 1; fi | ||
74 | |||
75 | cmp f.p ff.p1 | ||
76 | if [ $? != 0 ]; then exit 1; fi | ||
77 | #cmp f.p ff.p2 | ||
78 | #if [ $? != 0 ]; then exit 1; fi | ||
79 | cmp f.p ff.p3 | ||
80 | if [ $? != 0 ]; then exit 1; fi | ||
81 | |||
82 | /bin/rm -f f.* ff.* fff.* | ||
83 | exit 0 | ||
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa deleted file mode 100644 index 249ac1ddcc..0000000000 --- a/src/lib/libssl/test/trsa +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
4 | echo skipping rsa conversion test | ||
5 | exit 0 | ||
6 | fi | ||
7 | |||
8 | cmd='../util/shlib_wrap.sh ../apps/openssl rsa' | ||
9 | |||
10 | if [ "$1"x != "x" ]; then | ||
11 | t=$1 | ||
12 | else | ||
13 | t=testrsa.pem | ||
14 | fi | ||
15 | |||
16 | echo testing rsa conversions | ||
17 | cp $t fff.p | ||
18 | |||
19 | echo "p -> d" | ||
20 | $cmd -in fff.p -inform p -outform d >f.d | ||
21 | if [ $? != 0 ]; then exit 1; fi | ||
22 | #echo "p -> t" | ||
23 | #$cmd -in fff.p -inform p -outform t >f.t | ||
24 | #if [ $? != 0 ]; then exit 1; fi | ||
25 | echo "p -> p" | ||
26 | $cmd -in fff.p -inform p -outform p >f.p | ||
27 | if [ $? != 0 ]; then exit 1; fi | ||
28 | |||
29 | echo "d -> d" | ||
30 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
31 | if [ $? != 0 ]; then exit 1; fi | ||
32 | #echo "t -> d" | ||
33 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
34 | #if [ $? != 0 ]; then exit 1; fi | ||
35 | echo "p -> d" | ||
36 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
37 | if [ $? != 0 ]; then exit 1; fi | ||
38 | |||
39 | #echo "d -> t" | ||
40 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
41 | #if [ $? != 0 ]; then exit 1; fi | ||
42 | #echo "t -> t" | ||
43 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
44 | #if [ $? != 0 ]; then exit 1; fi | ||
45 | #echo "p -> t" | ||
46 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
47 | #if [ $? != 0 ]; then exit 1; fi | ||
48 | |||
49 | echo "d -> p" | ||
50 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
51 | if [ $? != 0 ]; then exit 1; fi | ||
52 | #echo "t -> p" | ||
53 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
54 | #if [ $? != 0 ]; then exit 1; fi | ||
55 | echo "p -> p" | ||
56 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
57 | if [ $? != 0 ]; then exit 1; fi | ||
58 | |||
59 | cmp fff.p f.p | ||
60 | if [ $? != 0 ]; then exit 1; fi | ||
61 | cmp fff.p ff.p1 | ||
62 | if [ $? != 0 ]; then exit 1; fi | ||
63 | #cmp fff.p ff.p2 | ||
64 | #if [ $? != 0 ]; then exit 1; fi | ||
65 | cmp fff.p ff.p3 | ||
66 | if [ $? != 0 ]; then exit 1; fi | ||
67 | |||
68 | #cmp f.t ff.t1 | ||
69 | #if [ $? != 0 ]; then exit 1; fi | ||
70 | #cmp f.t ff.t2 | ||
71 | #if [ $? != 0 ]; then exit 1; fi | ||
72 | #cmp f.t ff.t3 | ||
73 | #if [ $? != 0 ]; then exit 1; fi | ||
74 | |||
75 | cmp f.p ff.p1 | ||
76 | if [ $? != 0 ]; then exit 1; fi | ||
77 | #cmp f.p ff.p2 | ||
78 | #if [ $? != 0 ]; then exit 1; fi | ||
79 | cmp f.p ff.p3 | ||
80 | if [ $? != 0 ]; then exit 1; fi | ||
81 | |||
82 | /bin/rm -f f.* ff.* fff.* | ||
83 | exit 0 | ||
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid deleted file mode 100644 index 6adbd531ce..0000000000 --- a/src/lib/libssl/test/tsid +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' | ||
4 | |||
5 | if [ "$1"x != "x" ]; then | ||
6 | t=$1 | ||
7 | else | ||
8 | t=testsid.pem | ||
9 | fi | ||
10 | |||
11 | echo testing session-id conversions | ||
12 | cp $t fff.p | ||
13 | |||
14 | echo "p -> d" | ||
15 | $cmd -in fff.p -inform p -outform d >f.d | ||
16 | if [ $? != 0 ]; then exit 1; fi | ||
17 | #echo "p -> t" | ||
18 | #$cmd -in fff.p -inform p -outform t >f.t | ||
19 | #if [ $? != 0 ]; then exit 1; fi | ||
20 | echo "p -> p" | ||
21 | $cmd -in fff.p -inform p -outform p >f.p | ||
22 | if [ $? != 0 ]; then exit 1; fi | ||
23 | |||
24 | echo "d -> d" | ||
25 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
26 | if [ $? != 0 ]; then exit 1; fi | ||
27 | #echo "t -> d" | ||
28 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
29 | #if [ $? != 0 ]; then exit 1; fi | ||
30 | echo "p -> d" | ||
31 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
32 | if [ $? != 0 ]; then exit 1; fi | ||
33 | |||
34 | #echo "d -> t" | ||
35 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
36 | #if [ $? != 0 ]; then exit 1; fi | ||
37 | #echo "t -> t" | ||
38 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
39 | #if [ $? != 0 ]; then exit 1; fi | ||
40 | #echo "p -> t" | ||
41 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
42 | #if [ $? != 0 ]; then exit 1; fi | ||
43 | |||
44 | echo "d -> p" | ||
45 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
46 | if [ $? != 0 ]; then exit 1; fi | ||
47 | #echo "t -> p" | ||
48 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
49 | #if [ $? != 0 ]; then exit 1; fi | ||
50 | echo "p -> p" | ||
51 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
52 | if [ $? != 0 ]; then exit 1; fi | ||
53 | |||
54 | cmp fff.p f.p | ||
55 | if [ $? != 0 ]; then exit 1; fi | ||
56 | cmp fff.p ff.p1 | ||
57 | if [ $? != 0 ]; then exit 1; fi | ||
58 | #cmp fff.p ff.p2 | ||
59 | #if [ $? != 0 ]; then exit 1; fi | ||
60 | cmp fff.p ff.p3 | ||
61 | if [ $? != 0 ]; then exit 1; fi | ||
62 | |||
63 | #cmp f.t ff.t1 | ||
64 | #if [ $? != 0 ]; then exit 1; fi | ||
65 | #cmp f.t ff.t2 | ||
66 | #if [ $? != 0 ]; then exit 1; fi | ||
67 | #cmp f.t ff.t3 | ||
68 | #if [ $? != 0 ]; then exit 1; fi | ||
69 | |||
70 | cmp f.p ff.p1 | ||
71 | if [ $? != 0 ]; then exit 1; fi | ||
72 | #cmp f.p ff.p2 | ||
73 | #if [ $? != 0 ]; then exit 1; fi | ||
74 | cmp f.p ff.p3 | ||
75 | if [ $? != 0 ]; then exit 1; fi | ||
76 | |||
77 | /bin/rm -f f.* ff.* fff.* | ||
78 | exit 0 | ||
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509 deleted file mode 100644 index 4a15b98d17..0000000000 --- a/src/lib/libssl/test/tx509 +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | cmd='../util/shlib_wrap.sh ../apps/openssl x509' | ||
4 | |||
5 | if [ "$1"x != "x" ]; then | ||
6 | t=$1 | ||
7 | else | ||
8 | t=testx509.pem | ||
9 | fi | ||
10 | |||
11 | echo testing X509 conversions | ||
12 | cp $t fff.p | ||
13 | |||
14 | echo "p -> d" | ||
15 | $cmd -in fff.p -inform p -outform d >f.d | ||
16 | if [ $? != 0 ]; then exit 1; fi | ||
17 | echo "p -> n" | ||
18 | $cmd -in fff.p -inform p -outform n >f.n | ||
19 | if [ $? != 0 ]; then exit 1; fi | ||
20 | echo "p -> p" | ||
21 | $cmd -in fff.p -inform p -outform p >f.p | ||
22 | if [ $? != 0 ]; then exit 1; fi | ||
23 | |||
24 | echo "d -> d" | ||
25 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
26 | if [ $? != 0 ]; then exit 1; fi | ||
27 | echo "n -> d" | ||
28 | $cmd -in f.n -inform n -outform d >ff.d2 | ||
29 | if [ $? != 0 ]; then exit 1; fi | ||
30 | echo "p -> d" | ||
31 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
32 | if [ $? != 0 ]; then exit 1; fi | ||
33 | |||
34 | echo "d -> n" | ||
35 | $cmd -in f.d -inform d -outform n >ff.n1 | ||
36 | if [ $? != 0 ]; then exit 1; fi | ||
37 | echo "n -> n" | ||
38 | $cmd -in f.n -inform n -outform n >ff.n2 | ||
39 | if [ $? != 0 ]; then exit 1; fi | ||
40 | echo "p -> n" | ||
41 | $cmd -in f.p -inform p -outform n >ff.n3 | ||
42 | if [ $? != 0 ]; then exit 1; fi | ||
43 | |||
44 | echo "d -> p" | ||
45 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
46 | if [ $? != 0 ]; then exit 1; fi | ||
47 | echo "n -> p" | ||
48 | $cmd -in f.n -inform n -outform p >ff.p2 | ||
49 | if [ $? != 0 ]; then exit 1; fi | ||
50 | echo "p -> p" | ||
51 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
52 | if [ $? != 0 ]; then exit 1; fi | ||
53 | |||
54 | cmp fff.p f.p | ||
55 | if [ $? != 0 ]; then exit 1; fi | ||
56 | cmp fff.p ff.p1 | ||
57 | if [ $? != 0 ]; then exit 1; fi | ||
58 | cmp fff.p ff.p2 | ||
59 | if [ $? != 0 ]; then exit 1; fi | ||
60 | cmp fff.p ff.p3 | ||
61 | if [ $? != 0 ]; then exit 1; fi | ||
62 | |||
63 | cmp f.n ff.n1 | ||
64 | if [ $? != 0 ]; then exit 1; fi | ||
65 | cmp f.n ff.n2 | ||
66 | if [ $? != 0 ]; then exit 1; fi | ||
67 | cmp f.n ff.n3 | ||
68 | if [ $? != 0 ]; then exit 1; fi | ||
69 | |||
70 | cmp f.p ff.p1 | ||
71 | if [ $? != 0 ]; then exit 1; fi | ||
72 | cmp f.p ff.p2 | ||
73 | if [ $? != 0 ]; then exit 1; fi | ||
74 | cmp f.p ff.p3 | ||
75 | if [ $? != 0 ]; then exit 1; fi | ||
76 | |||
77 | /bin/rm -f f.* ff.* fff.* | ||
78 | exit 0 | ||
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem deleted file mode 100644 index 0da253d5c3..0000000000 --- a/src/lib/libssl/test/v3-cert1.pem +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx | ||
3 | NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz | ||
4 | dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw | ||
5 | ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu | ||
6 | ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 | ||
7 | ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp | ||
8 | miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C | ||
9 | AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK | ||
10 | Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x | ||
11 | DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR | ||
12 | MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB | ||
13 | AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 | ||
14 | X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 | ||
15 | WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO | ||
16 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem deleted file mode 100644 index de0723ff8d..0000000000 --- a/src/lib/libssl/test/v3-cert2.pem +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD | ||
3 | YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 | ||
4 | ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu | ||
5 | dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 | ||
6 | WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV | ||
7 | BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx | ||
8 | FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA | ||
9 | 6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT | ||
10 | G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ | ||
11 | YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm | ||
12 | b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc | ||
13 | F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz | ||
14 | lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap | ||
15 | jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= | ||
16 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h deleted file mode 100644 index b3cc8f098b..0000000000 --- a/src/lib/libssl/tls1.h +++ /dev/null | |||
@@ -1,532 +0,0 @@ | |||
1 | /* ssl/tls1.h */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | /* ==================================================================== | ||
59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
60 | * | ||
61 | * Redistribution and use in source and binary forms, with or without | ||
62 | * modification, are permitted provided that the following conditions | ||
63 | * are met: | ||
64 | * | ||
65 | * 1. Redistributions of source code must retain the above copyright | ||
66 | * notice, this list of conditions and the following disclaimer. | ||
67 | * | ||
68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
69 | * notice, this list of conditions and the following disclaimer in | ||
70 | * the documentation and/or other materials provided with the | ||
71 | * distribution. | ||
72 | * | ||
73 | * 3. All advertising materials mentioning features or use of this | ||
74 | * software must display the following acknowledgment: | ||
75 | * "This product includes software developed by the OpenSSL Project | ||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
77 | * | ||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
79 | * endorse or promote products derived from this software without | ||
80 | * prior written permission. For written permission, please contact | ||
81 | * openssl-core@openssl.org. | ||
82 | * | ||
83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
84 | * nor may "OpenSSL" appear in their names without prior written | ||
85 | * permission of the OpenSSL Project. | ||
86 | * | ||
87 | * 6. Redistributions of any form whatsoever must retain the following | ||
88 | * acknowledgment: | ||
89 | * "This product includes software developed by the OpenSSL Project | ||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
91 | * | ||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
104 | * ==================================================================== | ||
105 | * | ||
106 | * This product includes cryptographic software written by Eric Young | ||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
108 | * Hudson (tjh@cryptsoft.com). | ||
109 | * | ||
110 | */ | ||
111 | /* ==================================================================== | ||
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
113 | * | ||
114 | * Portions of the attached software ("Contribution") are developed by | ||
115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
116 | * | ||
117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
118 | * license provided above. | ||
119 | * | ||
120 | * ECC cipher suite support in OpenSSL originally written by | ||
121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
122 | * | ||
123 | */ | ||
124 | /* ==================================================================== | ||
125 | * Copyright 2005 Nokia. All rights reserved. | ||
126 | * | ||
127 | * The portions of the attached software ("Contribution") is developed by | ||
128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
129 | * license. | ||
130 | * | ||
131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
133 | * support (see RFC 4279) to OpenSSL. | ||
134 | * | ||
135 | * No patent licenses or other rights except those expressly stated in | ||
136 | * the OpenSSL open source license shall be deemed granted or received | ||
137 | * expressly, by implication, estoppel, or otherwise. | ||
138 | * | ||
139 | * No assurances are provided by Nokia that the Contribution does not | ||
140 | * infringe the patent or other intellectual property rights of any third | ||
141 | * party or that the license provides you with all the necessary rights | ||
142 | * to make use of the Contribution. | ||
143 | * | ||
144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
148 | * OTHERWISE. | ||
149 | */ | ||
150 | |||
151 | #ifndef HEADER_TLS1_H | ||
152 | #define HEADER_TLS1_H | ||
153 | |||
154 | #include <openssl/buffer.h> | ||
155 | |||
156 | #ifdef __cplusplus | ||
157 | extern "C" { | ||
158 | #endif | ||
159 | |||
160 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 | ||
161 | |||
162 | #define TLS1_VERSION 0x0301 | ||
163 | #define TLS1_VERSION_MAJOR 0x03 | ||
164 | #define TLS1_VERSION_MINOR 0x01 | ||
165 | |||
166 | #define TLS1_AD_DECRYPTION_FAILED 21 | ||
167 | #define TLS1_AD_RECORD_OVERFLOW 22 | ||
168 | #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ | ||
169 | #define TLS1_AD_ACCESS_DENIED 49 /* fatal */ | ||
170 | #define TLS1_AD_DECODE_ERROR 50 /* fatal */ | ||
171 | #define TLS1_AD_DECRYPT_ERROR 51 | ||
172 | #define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ | ||
173 | #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ | ||
174 | #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ | ||
175 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ | ||
176 | #define TLS1_AD_USER_CANCELLED 90 | ||
177 | #define TLS1_AD_NO_RENEGOTIATION 100 | ||
178 | /* codes 110-114 are from RFC3546 */ | ||
179 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 | ||
180 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 | ||
181 | #define TLS1_AD_UNRECOGNIZED_NAME 112 | ||
182 | #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 | ||
183 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 | ||
184 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ | ||
185 | |||
186 | /* ExtensionType values from RFC3546 / RFC4366 */ | ||
187 | #define TLSEXT_TYPE_server_name 0 | ||
188 | #define TLSEXT_TYPE_max_fragment_length 1 | ||
189 | #define TLSEXT_TYPE_client_certificate_url 2 | ||
190 | #define TLSEXT_TYPE_trusted_ca_keys 3 | ||
191 | #define TLSEXT_TYPE_truncated_hmac 4 | ||
192 | #define TLSEXT_TYPE_status_request 5 | ||
193 | /* ExtensionType values from RFC4492 */ | ||
194 | #define TLSEXT_TYPE_elliptic_curves 10 | ||
195 | #define TLSEXT_TYPE_ec_point_formats 11 | ||
196 | #define TLSEXT_TYPE_session_ticket 35 | ||
197 | /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ | ||
198 | #if 0 /* will have to be provided externally for now , | ||
199 | * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 | ||
200 | * using whatever extension number you'd like to try */ | ||
201 | # define TLSEXT_TYPE_opaque_prf_input ?? */ | ||
202 | #endif | ||
203 | |||
204 | /* Temporary extension type */ | ||
205 | #define TLSEXT_TYPE_renegotiate 0xff01 | ||
206 | |||
207 | /* NameType value from RFC 3546 */ | ||
208 | #define TLSEXT_NAMETYPE_host_name 0 | ||
209 | /* status request value from RFC 3546 */ | ||
210 | #define TLSEXT_STATUSTYPE_ocsp 1 | ||
211 | |||
212 | /* ECPointFormat values from draft-ietf-tls-ecc-12 */ | ||
213 | #define TLSEXT_ECPOINTFORMAT_first 0 | ||
214 | #define TLSEXT_ECPOINTFORMAT_uncompressed 0 | ||
215 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 | ||
216 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 | ||
217 | #define TLSEXT_ECPOINTFORMAT_last 2 | ||
218 | |||
219 | #ifndef OPENSSL_NO_TLSEXT | ||
220 | |||
221 | #define TLSEXT_MAXLEN_host_name 255 | ||
222 | |||
223 | const char *SSL_get_servername(const SSL *s, const int type) ; | ||
224 | int SSL_get_servername_type(const SSL *s) ; | ||
225 | |||
226 | #define SSL_set_tlsext_host_name(s,name) \ | ||
227 | SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) | ||
228 | |||
229 | #define SSL_set_tlsext_debug_callback(ssl, cb) \ | ||
230 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) | ||
231 | |||
232 | #define SSL_set_tlsext_debug_arg(ssl, arg) \ | ||
233 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) | ||
234 | |||
235 | #define SSL_set_tlsext_status_type(ssl, type) \ | ||
236 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) | ||
237 | |||
238 | #define SSL_get_tlsext_status_exts(ssl, arg) \ | ||
239 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
240 | |||
241 | #define SSL_set_tlsext_status_exts(ssl, arg) \ | ||
242 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
243 | |||
244 | #define SSL_get_tlsext_status_ids(ssl, arg) \ | ||
245 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
246 | |||
247 | #define SSL_set_tlsext_status_ids(ssl, arg) \ | ||
248 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
249 | |||
250 | #define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ | ||
251 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) | ||
252 | |||
253 | #define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ | ||
254 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) | ||
255 | |||
256 | #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ | ||
257 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) | ||
258 | |||
259 | #define SSL_TLSEXT_ERR_OK 0 | ||
260 | #define SSL_TLSEXT_ERR_ALERT_WARNING 1 | ||
261 | #define SSL_TLSEXT_ERR_ALERT_FATAL 2 | ||
262 | #define SSL_TLSEXT_ERR_NOACK 3 | ||
263 | |||
264 | #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ | ||
265 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) | ||
266 | |||
267 | #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
268 | SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) | ||
269 | #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
270 | SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) | ||
271 | |||
272 | #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ | ||
273 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) | ||
274 | |||
275 | #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ | ||
276 | SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | ||
277 | |||
278 | #define SSL_set_tlsext_opaque_prf_input(s, src, len) \ | ||
279 | SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) | ||
280 | #define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ | ||
281 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) | ||
282 | #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ | ||
283 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) | ||
284 | |||
285 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ | ||
286 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | ||
287 | |||
288 | #endif | ||
289 | |||
290 | /* PSK ciphersuites from 4279 */ | ||
291 | #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A | ||
292 | #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B | ||
293 | #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C | ||
294 | #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D | ||
295 | |||
296 | /* Additional TLS ciphersuites from expired Internet Draft | ||
297 | * draft-ietf-tls-56-bit-ciphersuites-01.txt | ||
298 | * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see | ||
299 | * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably | ||
300 | * shouldn't. Note that the first two are actually not in the IDs. */ | ||
301 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ | ||
302 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ | ||
303 | #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 | ||
304 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 | ||
305 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 | ||
306 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 | ||
307 | #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 | ||
308 | |||
309 | /* AES ciphersuites from RFC3268 */ | ||
310 | |||
311 | #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F | ||
312 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 | ||
313 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 | ||
314 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 | ||
315 | #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 | ||
316 | #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 | ||
317 | |||
318 | #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 | ||
319 | #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 | ||
320 | #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 | ||
321 | #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 | ||
322 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 | ||
323 | #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A | ||
324 | |||
325 | /* Camellia ciphersuites from RFC4132 */ | ||
326 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 | ||
327 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 | ||
328 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 | ||
329 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 | ||
330 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 | ||
331 | #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 | ||
332 | |||
333 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 | ||
334 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 | ||
335 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 | ||
336 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 | ||
337 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 | ||
338 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 | ||
339 | |||
340 | /* SEED ciphersuites from RFC4162 */ | ||
341 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 | ||
342 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 | ||
343 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 | ||
344 | #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 | ||
345 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A | ||
346 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B | ||
347 | |||
348 | /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ | ||
349 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 | ||
350 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 | ||
351 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 | ||
352 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 | ||
353 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 | ||
354 | |||
355 | #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 | ||
356 | #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 | ||
357 | #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 | ||
358 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 | ||
359 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A | ||
360 | |||
361 | #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B | ||
362 | #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C | ||
363 | #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D | ||
364 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E | ||
365 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F | ||
366 | |||
367 | #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 | ||
368 | #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 | ||
369 | #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 | ||
370 | #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 | ||
371 | #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 | ||
372 | |||
373 | #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 | ||
374 | #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 | ||
375 | #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 | ||
376 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 | ||
377 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 | ||
378 | |||
379 | /* XXX | ||
380 | * Inconsistency alert: | ||
381 | * The OpenSSL names of ciphers with ephemeral DH here include the string | ||
382 | * "DHE", while elsewhere it has always been "EDH". | ||
383 | * (The alias for the list of all such ciphers also is "EDH".) | ||
384 | * The specifications speak of "EDH"; maybe we should allow both forms | ||
385 | * for everything. */ | ||
386 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" | ||
387 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" | ||
388 | #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" | ||
389 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" | ||
390 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" | ||
391 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" | ||
392 | #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" | ||
393 | |||
394 | /* AES ciphersuites from RFC3268 */ | ||
395 | #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" | ||
396 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" | ||
397 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" | ||
398 | #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" | ||
399 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" | ||
400 | #define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" | ||
401 | |||
402 | #define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" | ||
403 | #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" | ||
404 | #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" | ||
405 | #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" | ||
406 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" | ||
407 | #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" | ||
408 | |||
409 | /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ | ||
410 | #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" | ||
411 | #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" | ||
412 | #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" | ||
413 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" | ||
414 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" | ||
415 | |||
416 | #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" | ||
417 | #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" | ||
418 | #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" | ||
419 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" | ||
420 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" | ||
421 | |||
422 | #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" | ||
423 | #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" | ||
424 | #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" | ||
425 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" | ||
426 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" | ||
427 | |||
428 | #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" | ||
429 | #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" | ||
430 | #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" | ||
431 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" | ||
432 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" | ||
433 | |||
434 | #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" | ||
435 | #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" | ||
436 | #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" | ||
437 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" | ||
438 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" | ||
439 | |||
440 | /* PSK ciphersuites from RFC 4279 */ | ||
441 | #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" | ||
442 | #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" | ||
443 | #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" | ||
444 | #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" | ||
445 | |||
446 | /* Camellia ciphersuites from RFC4132 */ | ||
447 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" | ||
448 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" | ||
449 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" | ||
450 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" | ||
451 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" | ||
452 | #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" | ||
453 | |||
454 | #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" | ||
455 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" | ||
456 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" | ||
457 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" | ||
458 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" | ||
459 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" | ||
460 | |||
461 | /* SEED ciphersuites from RFC4162 */ | ||
462 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" | ||
463 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" | ||
464 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" | ||
465 | #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" | ||
466 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" | ||
467 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" | ||
468 | |||
469 | |||
470 | #define TLS_CT_RSA_SIGN 1 | ||
471 | #define TLS_CT_DSS_SIGN 2 | ||
472 | #define TLS_CT_RSA_FIXED_DH 3 | ||
473 | #define TLS_CT_DSS_FIXED_DH 4 | ||
474 | #define TLS_CT_ECDSA_SIGN 64 | ||
475 | #define TLS_CT_RSA_FIXED_ECDH 65 | ||
476 | #define TLS_CT_ECDSA_FIXED_ECDH 66 | ||
477 | #define TLS_CT_GOST94_SIGN 21 | ||
478 | #define TLS_CT_GOST01_SIGN 22 | ||
479 | /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see | ||
480 | * comment there) */ | ||
481 | #define TLS_CT_NUMBER 9 | ||
482 | |||
483 | #define TLS1_FINISH_MAC_LENGTH 12 | ||
484 | |||
485 | #define TLS_MD_MAX_CONST_SIZE 20 | ||
486 | #define TLS_MD_CLIENT_FINISH_CONST "client finished" | ||
487 | #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 | ||
488 | #define TLS_MD_SERVER_FINISH_CONST "server finished" | ||
489 | #define TLS_MD_SERVER_FINISH_CONST_SIZE 15 | ||
490 | #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" | ||
491 | #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 | ||
492 | #define TLS_MD_KEY_EXPANSION_CONST "key expansion" | ||
493 | #define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 | ||
494 | #define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" | ||
495 | #define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 | ||
496 | #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" | ||
497 | #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 | ||
498 | #define TLS_MD_IV_BLOCK_CONST "IV block" | ||
499 | #define TLS_MD_IV_BLOCK_CONST_SIZE 8 | ||
500 | #define TLS_MD_MASTER_SECRET_CONST "master secret" | ||
501 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 | ||
502 | |||
503 | #ifdef CHARSET_EBCDIC | ||
504 | #undef TLS_MD_CLIENT_FINISH_CONST | ||
505 | #define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ | ||
506 | #undef TLS_MD_SERVER_FINISH_CONST | ||
507 | #define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ | ||
508 | #undef TLS_MD_SERVER_WRITE_KEY_CONST | ||
509 | #define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ | ||
510 | #undef TLS_MD_KEY_EXPANSION_CONST | ||
511 | #define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ | ||
512 | #undef TLS_MD_CLIENT_WRITE_KEY_CONST | ||
513 | #define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ | ||
514 | #undef TLS_MD_SERVER_WRITE_KEY_CONST | ||
515 | #define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ | ||
516 | #undef TLS_MD_IV_BLOCK_CONST | ||
517 | #define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ | ||
518 | #undef TLS_MD_MASTER_SECRET_CONST | ||
519 | #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ | ||
520 | #endif | ||
521 | |||
522 | /* TLS Session Ticket extension struct */ | ||
523 | struct tls_session_ticket_ext_st | ||
524 | { | ||
525 | unsigned short length; | ||
526 | void *data; | ||
527 | }; | ||
528 | |||
529 | #ifdef __cplusplus | ||
530 | } | ||
531 | #endif | ||
532 | #endif | ||