diff options
| author | jsing <> | 2014-04-14 13:10:35 +0000 |
|---|---|---|
| committer | jsing <> | 2014-04-14 13:10:35 +0000 |
| commit | b12a89b75a526f5ae9bbd6bfff6053e21295fd2a (patch) | |
| tree | 7ee2ebf15684ee99e649ef8b3b2dd289398f6325 /src | |
| parent | abb7d374248574dba5fd92eb363fdf180c877abc (diff) | |
| download | openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.gz openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.bz2 openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.zip | |
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_algs.c | 25 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_asn1.c | 634 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_cert.c | 649 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_ciph.c | 1393 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_err.c | 1064 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_err2.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 3159 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_rsa.c | 882 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_sess.c | 1094 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_stat.c | 893 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_task.c | 287 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_txt.c | 211 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_algs.c | 25 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_asn1.c | 634 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 649 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 1393 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_err.c | 1064 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_err2.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 3159 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_rsa.c | 882 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 1094 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_stat.c | 893 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_txt.c | 211 |
23 files changed, 10335 insertions, 9974 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c index 9c34d19725..76644bda91 100644 --- a/src/lib/libssl/src/ssl/ssl_algs.c +++ b/src/lib/libssl/src/ssl/ssl_algs.c | |||
| @@ -61,8 +61,9 @@ | |||
| 61 | #include <openssl/lhash.h> | 61 | #include <openssl/lhash.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | 63 | ||
| 64 | int SSL_library_init(void) | 64 | int |
| 65 | { | 65 | SSL_library_init(void) |
| 66 | { | ||
| 66 | 67 | ||
| 67 | #ifndef OPENSSL_NO_DES | 68 | #ifndef OPENSSL_NO_DES |
| 68 | EVP_add_cipher(EVP_des_cbc()); | 69 | EVP_add_cipher(EVP_des_cbc()); |
| @@ -104,16 +105,16 @@ int SSL_library_init(void) | |||
| 104 | #ifndef OPENSSL_NO_SEED | 105 | #ifndef OPENSSL_NO_SEED |
| 105 | EVP_add_cipher(EVP_seed_cbc()); | 106 | EVP_add_cipher(EVP_seed_cbc()); |
| 106 | #endif | 107 | #endif |
| 107 | 108 | ||
| 108 | #ifndef OPENSSL_NO_MD5 | 109 | #ifndef OPENSSL_NO_MD5 |
| 109 | EVP_add_digest(EVP_md5()); | 110 | EVP_add_digest(EVP_md5()); |
| 110 | EVP_add_digest_alias(SN_md5,"ssl2-md5"); | 111 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); |
| 111 | EVP_add_digest_alias(SN_md5,"ssl3-md5"); | 112 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); |
| 112 | #endif | 113 | #endif |
| 113 | #ifndef OPENSSL_NO_SHA | 114 | #ifndef OPENSSL_NO_SHA |
| 114 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | 115 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ |
| 115 | EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); | 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); |
| 116 | EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
| 117 | #endif | 118 | #endif |
| 118 | #ifndef OPENSSL_NO_SHA256 | 119 | #ifndef OPENSSL_NO_SHA256 |
| 119 | EVP_add_digest(EVP_sha224()); | 120 | EVP_add_digest(EVP_sha224()); |
| @@ -125,9 +126,9 @@ int SSL_library_init(void) | |||
| 125 | #endif | 126 | #endif |
| 126 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | 127 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) |
| 127 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | 128 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ |
| 128 | EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | 129 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); |
| 129 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | 130 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); |
| 130 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | 131 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); |
| 131 | #endif | 132 | #endif |
| 132 | #ifndef OPENSSL_NO_ECDSA | 133 | #ifndef OPENSSL_NO_ECDSA |
| 133 | EVP_add_digest(EVP_ecdsa()); | 134 | EVP_add_digest(EVP_ecdsa()); |
| @@ -145,6 +146,6 @@ int SSL_library_init(void) | |||
| 145 | #endif | 146 | #endif |
| 146 | /* initialize cipher/digest methods table */ | 147 | /* initialize cipher/digest methods table */ |
| 147 | ssl_load_ciphers(); | 148 | ssl_load_ciphers(); |
| 148 | return(1); | 149 | return (1); |
| 149 | } | 150 | } |
| 150 | 151 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index 38540be1e5..51668db785 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c | |||
| @@ -89,8 +89,7 @@ | |||
| 89 | #include <openssl/objects.h> | 89 | #include <openssl/objects.h> |
| 90 | #include <openssl/x509.h> | 90 | #include <openssl/x509.h> |
| 91 | 91 | ||
| 92 | typedef struct ssl_session_asn1_st | 92 | typedef struct ssl_session_asn1_st { |
| 93 | { | ||
| 94 | ASN1_INTEGER version; | 93 | ASN1_INTEGER version; |
| 95 | ASN1_INTEGER ssl_version; | 94 | ASN1_INTEGER ssl_version; |
| 96 | ASN1_OCTET_STRING cipher; | 95 | ASN1_OCTET_STRING cipher; |
| @@ -100,7 +99,7 @@ typedef struct ssl_session_asn1_st | |||
| 100 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 101 | ASN1_OCTET_STRING key_arg; | 100 | ASN1_OCTET_STRING key_arg; |
| 102 | #ifndef OPENSSL_NO_KRB5 | 101 | #ifndef OPENSSL_NO_KRB5 |
| 103 | ASN1_OCTET_STRING krb5_princ; | 102 | ASN1_OCTET_STRING krb5_princ; |
| 104 | #endif /* OPENSSL_NO_KRB5 */ | 103 | #endif /* OPENSSL_NO_KRB5 */ |
| 105 | ASN1_INTEGER time; | 104 | ASN1_INTEGER time; |
| 106 | ASN1_INTEGER timeout; | 105 | ASN1_INTEGER timeout; |
| @@ -117,169 +116,156 @@ typedef struct ssl_session_asn1_st | |||
| 117 | #ifndef OPENSSL_NO_SRP | 116 | #ifndef OPENSSL_NO_SRP |
| 118 | ASN1_OCTET_STRING srp_username; | 117 | ASN1_OCTET_STRING srp_username; |
| 119 | #endif /* OPENSSL_NO_SRP */ | 118 | #endif /* OPENSSL_NO_SRP */ |
| 120 | } SSL_SESSION_ASN1; | 119 | } SSL_SESSION_ASN1; |
| 121 | 120 | ||
| 122 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | 121 | int |
| 123 | { | 122 | i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| 123 | { | ||
| 124 | #define LSIZE2 (sizeof(long)*2) | 124 | #define LSIZE2 (sizeof(long)*2) |
| 125 | int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0; | 125 | int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; |
| 126 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 126 | unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; |
| 127 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; | 127 | unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; |
| 128 | #ifndef OPENSSL_NO_TLSEXT | 128 | #ifndef OPENSSL_NO_TLSEXT |
| 129 | int v6=0,v9=0,v10=0; | 129 | int v6 = 0, v9 = 0, v10 = 0; |
| 130 | unsigned char ibuf6[LSIZE2]; | 130 | unsigned char ibuf6[LSIZE2]; |
| 131 | #endif | 131 | #endif |
| 132 | #ifndef OPENSSL_NO_COMP | 132 | #ifndef OPENSSL_NO_COMP |
| 133 | unsigned char cbuf; | 133 | unsigned char cbuf; |
| 134 | int v11=0; | 134 | int v11 = 0; |
| 135 | #endif | 135 | #endif |
| 136 | #ifndef OPENSSL_NO_SRP | 136 | #ifndef OPENSSL_NO_SRP |
| 137 | int v12=0; | 137 | int v12 = 0; |
| 138 | #endif | 138 | #endif |
| 139 | long l; | 139 | long l; |
| 140 | SSL_SESSION_ASN1 a; | 140 | SSL_SESSION_ASN1 a; |
| 141 | M_ASN1_I2D_vars(in); | 141 | M_ASN1_I2D_vars(in); |
| 142 | 142 | ||
| 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) |
| 144 | return(0); | 144 | return (0); |
| 145 | 145 | ||
| 146 | /* Note that I cheat in the following 2 assignments. I know | 146 | /* Note that I cheat in the following 2 assignments. I know |
| 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set | 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set |
| 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. | 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. |
| 149 | * This is a bit evil but makes things simple, no dynamic allocation | 149 | * This is a bit evil but makes things simple, no dynamic allocation |
| 150 | * to clean up :-) */ | 150 | * to clean up :-) */ |
| 151 | a.version.length=LSIZE2; | 151 | a.version.length = LSIZE2; |
| 152 | a.version.type=V_ASN1_INTEGER; | 152 | a.version.type = V_ASN1_INTEGER; |
| 153 | a.version.data=ibuf1; | 153 | a.version.data = ibuf1; |
| 154 | ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); | 154 | ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION); |
| 155 | 155 | ||
| 156 | a.ssl_version.length=LSIZE2; | 156 | a.ssl_version.length = LSIZE2; |
| 157 | a.ssl_version.type=V_ASN1_INTEGER; | 157 | a.ssl_version.type = V_ASN1_INTEGER; |
| 158 | a.ssl_version.data=ibuf2; | 158 | a.ssl_version.data = ibuf2; |
| 159 | ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); | 159 | ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version); |
| 160 | 160 | ||
| 161 | a.cipher.type=V_ASN1_OCTET_STRING; | 161 | a.cipher.type = V_ASN1_OCTET_STRING; |
| 162 | a.cipher.data=buf; | 162 | a.cipher.data = buf; |
| 163 | 163 | ||
| 164 | if (in->cipher == NULL) | 164 | if (in->cipher == NULL) |
| 165 | l=in->cipher_id; | 165 | l = in->cipher_id; |
| 166 | else | 166 | else |
| 167 | l=in->cipher->id; | 167 | l = in->cipher->id; |
| 168 | if (in->ssl_version == SSL2_VERSION) | 168 | if (in->ssl_version == SSL2_VERSION) { |
| 169 | { | 169 | a.cipher.length = 3; |
| 170 | a.cipher.length=3; | 170 | buf[0] = ((unsigned char)(l >> 16L))&0xff; |
| 171 | buf[0]=((unsigned char)(l>>16L))&0xff; | 171 | buf[1] = ((unsigned char)(l >> 8L))&0xff; |
| 172 | buf[1]=((unsigned char)(l>> 8L))&0xff; | 172 | buf[2] = ((unsigned char)(l ))&0xff; |
| 173 | buf[2]=((unsigned char)(l ))&0xff; | 173 | } else { |
| 174 | } | 174 | a.cipher.length = 2; |
| 175 | else | 175 | buf[0] = ((unsigned char)(l >> 8L))&0xff; |
| 176 | { | 176 | buf[1] = ((unsigned char)(l ))&0xff; |
| 177 | a.cipher.length=2; | 177 | } |
| 178 | buf[0]=((unsigned char)(l>>8L))&0xff; | ||
| 179 | buf[1]=((unsigned char)(l ))&0xff; | ||
| 180 | } | ||
| 181 | 178 | ||
| 182 | #ifndef OPENSSL_NO_COMP | 179 | #ifndef OPENSSL_NO_COMP |
| 183 | if (in->compress_meth) | 180 | if (in->compress_meth) { |
| 184 | { | ||
| 185 | cbuf = (unsigned char)in->compress_meth; | 181 | cbuf = (unsigned char)in->compress_meth; |
| 186 | a.comp_id.length = 1; | 182 | a.comp_id.length = 1; |
| 187 | a.comp_id.type = V_ASN1_OCTET_STRING; | 183 | a.comp_id.type = V_ASN1_OCTET_STRING; |
| 188 | a.comp_id.data = &cbuf; | 184 | a.comp_id.data = &cbuf; |
| 189 | } | 185 | } |
| 190 | #endif | 186 | #endif |
| 191 | 187 | ||
| 192 | a.master_key.length=in->master_key_length; | 188 | a.master_key.length = in->master_key_length; |
| 193 | a.master_key.type=V_ASN1_OCTET_STRING; | 189 | a.master_key.type = V_ASN1_OCTET_STRING; |
| 194 | a.master_key.data=in->master_key; | 190 | a.master_key.data = in->master_key; |
| 195 | 191 | ||
| 196 | a.session_id.length=in->session_id_length; | 192 | a.session_id.length = in->session_id_length; |
| 197 | a.session_id.type=V_ASN1_OCTET_STRING; | 193 | a.session_id.type = V_ASN1_OCTET_STRING; |
| 198 | a.session_id.data=in->session_id; | 194 | a.session_id.data = in->session_id; |
| 199 | 195 | ||
| 200 | a.session_id_context.length=in->sid_ctx_length; | 196 | a.session_id_context.length = in->sid_ctx_length; |
| 201 | a.session_id_context.type=V_ASN1_OCTET_STRING; | 197 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 202 | a.session_id_context.data=in->sid_ctx; | 198 | a.session_id_context.data = in->sid_ctx; |
| 203 | 199 | ||
| 204 | a.key_arg.length=in->key_arg_length; | 200 | a.key_arg.length = in->key_arg_length; |
| 205 | a.key_arg.type=V_ASN1_OCTET_STRING; | 201 | a.key_arg.type = V_ASN1_OCTET_STRING; |
| 206 | a.key_arg.data=in->key_arg; | 202 | a.key_arg.data = in->key_arg; |
| 207 | 203 | ||
| 208 | #ifndef OPENSSL_NO_KRB5 | 204 | #ifndef OPENSSL_NO_KRB5 |
| 209 | if (in->krb5_client_princ_len) | 205 | if (in->krb5_client_princ_len) { |
| 210 | { | 206 | a.krb5_princ.length = in->krb5_client_princ_len; |
| 211 | a.krb5_princ.length=in->krb5_client_princ_len; | 207 | a.krb5_princ.type = V_ASN1_OCTET_STRING; |
| 212 | a.krb5_princ.type=V_ASN1_OCTET_STRING; | 208 | a.krb5_princ.data = in->krb5_client_princ; |
| 213 | a.krb5_princ.data=in->krb5_client_princ; | 209 | } |
| 214 | } | ||
| 215 | #endif /* OPENSSL_NO_KRB5 */ | 210 | #endif /* OPENSSL_NO_KRB5 */ |
| 216 | 211 | ||
| 217 | if (in->time != 0L) | 212 | if (in->time != 0L) { |
| 218 | { | 213 | a.time.length = LSIZE2; |
| 219 | a.time.length=LSIZE2; | 214 | a.time.type = V_ASN1_INTEGER; |
| 220 | a.time.type=V_ASN1_INTEGER; | 215 | a.time.data = ibuf3; |
| 221 | a.time.data=ibuf3; | 216 | ASN1_INTEGER_set(&(a.time), in->time); |
| 222 | ASN1_INTEGER_set(&(a.time),in->time); | 217 | } |
| 223 | } | ||
| 224 | 218 | ||
| 225 | if (in->timeout != 0L) | 219 | if (in->timeout != 0L) { |
| 226 | { | 220 | a.timeout.length = LSIZE2; |
| 227 | a.timeout.length=LSIZE2; | 221 | a.timeout.type = V_ASN1_INTEGER; |
| 228 | a.timeout.type=V_ASN1_INTEGER; | 222 | a.timeout.data = ibuf4; |
| 229 | a.timeout.data=ibuf4; | 223 | ASN1_INTEGER_set(&(a.timeout), in->timeout); |
| 230 | ASN1_INTEGER_set(&(a.timeout),in->timeout); | 224 | } |
| 231 | } | ||
| 232 | 225 | ||
| 233 | if (in->verify_result != X509_V_OK) | 226 | if (in->verify_result != X509_V_OK) { |
| 234 | { | 227 | a.verify_result.length = LSIZE2; |
| 235 | a.verify_result.length=LSIZE2; | 228 | a.verify_result.type = V_ASN1_INTEGER; |
| 236 | a.verify_result.type=V_ASN1_INTEGER; | 229 | a.verify_result.data = ibuf5; |
| 237 | a.verify_result.data=ibuf5; | 230 | ASN1_INTEGER_set(&a.verify_result, in->verify_result); |
| 238 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | 231 | } |
| 239 | } | ||
| 240 | 232 | ||
| 241 | #ifndef OPENSSL_NO_TLSEXT | 233 | #ifndef OPENSSL_NO_TLSEXT |
| 242 | if (in->tlsext_hostname) | 234 | if (in->tlsext_hostname) { |
| 243 | { | 235 | a.tlsext_hostname.length = strlen(in->tlsext_hostname); |
| 244 | a.tlsext_hostname.length=strlen(in->tlsext_hostname); | 236 | a.tlsext_hostname.type = V_ASN1_OCTET_STRING; |
| 245 | a.tlsext_hostname.type=V_ASN1_OCTET_STRING; | 237 | a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname; |
| 246 | a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; | 238 | } |
| 247 | } | 239 | if (in->tlsext_tick) { |
| 248 | if (in->tlsext_tick) | 240 | a.tlsext_tick.length = in->tlsext_ticklen; |
| 249 | { | 241 | a.tlsext_tick.type = V_ASN1_OCTET_STRING; |
| 250 | a.tlsext_tick.length= in->tlsext_ticklen; | 242 | a.tlsext_tick.data = (unsigned char *)in->tlsext_tick; |
| 251 | a.tlsext_tick.type=V_ASN1_OCTET_STRING; | 243 | } |
| 252 | a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; | 244 | if (in->tlsext_tick_lifetime_hint > 0) { |
| 253 | } | 245 | a.tlsext_tick_lifetime.length = LSIZE2; |
| 254 | if (in->tlsext_tick_lifetime_hint > 0) | 246 | a.tlsext_tick_lifetime.type = V_ASN1_INTEGER; |
| 255 | { | 247 | a.tlsext_tick_lifetime.data = ibuf6; |
| 256 | a.tlsext_tick_lifetime.length=LSIZE2; | 248 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); |
| 257 | a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; | 249 | } |
| 258 | a.tlsext_tick_lifetime.data=ibuf6; | ||
| 259 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | ||
| 260 | } | ||
| 261 | #endif /* OPENSSL_NO_TLSEXT */ | 250 | #endif /* OPENSSL_NO_TLSEXT */ |
| 262 | #ifndef OPENSSL_NO_PSK | 251 | #ifndef OPENSSL_NO_PSK |
| 263 | if (in->psk_identity_hint) | 252 | if (in->psk_identity_hint) { |
| 264 | { | 253 | a.psk_identity_hint.length = strlen(in->psk_identity_hint); |
| 265 | a.psk_identity_hint.length=strlen(in->psk_identity_hint); | 254 | a.psk_identity_hint.type = V_ASN1_OCTET_STRING; |
| 266 | a.psk_identity_hint.type=V_ASN1_OCTET_STRING; | 255 | a.psk_identity_hint.data = (unsigned char *)(in->psk_identity_hint); |
| 267 | a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); | 256 | } |
| 268 | } | 257 | if (in->psk_identity) { |
| 269 | if (in->psk_identity) | 258 | a.psk_identity.length = strlen(in->psk_identity); |
| 270 | { | 259 | a.psk_identity.type = V_ASN1_OCTET_STRING; |
| 271 | a.psk_identity.length=strlen(in->psk_identity); | 260 | a.psk_identity.data = (unsigned char *)(in->psk_identity); |
| 272 | a.psk_identity.type=V_ASN1_OCTET_STRING; | 261 | } |
| 273 | a.psk_identity.data=(unsigned char *)(in->psk_identity); | ||
| 274 | } | ||
| 275 | #endif /* OPENSSL_NO_PSK */ | 262 | #endif /* OPENSSL_NO_PSK */ |
| 276 | #ifndef OPENSSL_NO_SRP | 263 | #ifndef OPENSSL_NO_SRP |
| 277 | if (in->srp_username) | 264 | if (in->srp_username) { |
| 278 | { | 265 | a.srp_username.length = strlen(in->srp_username); |
| 279 | a.srp_username.length=strlen(in->srp_username); | 266 | a.srp_username.type = V_ASN1_OCTET_STRING; |
| 280 | a.srp_username.type=V_ASN1_OCTET_STRING; | 267 | a.srp_username.data = (unsigned char *)(in->srp_username); |
| 281 | a.srp_username.data=(unsigned char *)(in->srp_username); | 268 | } |
| 282 | } | ||
| 283 | #endif /* OPENSSL_NO_SRP */ | 269 | #endif /* OPENSSL_NO_SRP */ |
| 284 | 270 | ||
| 285 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 271 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| @@ -289,41 +275,41 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 289 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | 275 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 290 | #ifndef OPENSSL_NO_KRB5 | 276 | #ifndef OPENSSL_NO_KRB5 |
| 291 | if (in->krb5_client_princ_len) | 277 | if (in->krb5_client_princ_len) |
| 292 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 278 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 293 | #endif /* OPENSSL_NO_KRB5 */ | 279 | #endif /* OPENSSL_NO_KRB5 */ |
| 294 | if (in->key_arg_length > 0) | 280 | if (in->key_arg_length > 0) |
| 295 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | 281 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); |
| 296 | if (in->time != 0L) | 282 | if (in->time != 0L) |
| 297 | M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 283 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 298 | if (in->timeout != 0L) | 284 | if (in->timeout != 0L) |
| 299 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 285 | M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 300 | if (in->peer != NULL) | 286 | if (in->peer != NULL) |
| 301 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); | 287 | M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 302 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); | 288 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4); |
| 303 | if (in->verify_result != X509_V_OK) | 289 | if (in->verify_result != X509_V_OK) |
| 304 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | 290 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); |
| 305 | 291 | ||
| 306 | #ifndef OPENSSL_NO_TLSEXT | 292 | #ifndef OPENSSL_NO_TLSEXT |
| 307 | if (in->tlsext_tick_lifetime_hint > 0) | 293 | if (in->tlsext_tick_lifetime_hint > 0) |
| 308 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 294 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 309 | if (in->tlsext_tick) | 295 | if (in->tlsext_tick) |
| 310 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 296 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 311 | if (in->tlsext_hostname) | 297 | if (in->tlsext_hostname) |
| 312 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 298 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 313 | #ifndef OPENSSL_NO_COMP | 299 | #ifndef OPENSSL_NO_COMP |
| 314 | if (in->compress_meth) | 300 | if (in->compress_meth) |
| 315 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 301 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 316 | #endif | 302 | #endif |
| 317 | #endif /* OPENSSL_NO_TLSEXT */ | 303 | #endif /* OPENSSL_NO_TLSEXT */ |
| 318 | #ifndef OPENSSL_NO_PSK | 304 | #ifndef OPENSSL_NO_PSK |
| 319 | if (in->psk_identity_hint) | 305 | if (in->psk_identity_hint) |
| 320 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 306 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 321 | if (in->psk_identity) | 307 | if (in->psk_identity) |
| 322 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 308 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 323 | #endif /* OPENSSL_NO_PSK */ | 309 | #endif /* OPENSSL_NO_PSK */ |
| 324 | #ifndef OPENSSL_NO_SRP | 310 | #ifndef OPENSSL_NO_SRP |
| 325 | if (in->srp_username) | 311 | if (in->srp_username) |
| 326 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 312 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 327 | #endif /* OPENSSL_NO_SRP */ | 313 | #endif /* OPENSSL_NO_SRP */ |
| 328 | 314 | ||
| 329 | M_ASN1_I2D_seq_total(); | 315 | M_ASN1_I2D_seq_total(); |
| @@ -335,308 +321,296 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 335 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | 321 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 336 | #ifndef OPENSSL_NO_KRB5 | 322 | #ifndef OPENSSL_NO_KRB5 |
| 337 | if (in->krb5_client_princ_len) | 323 | if (in->krb5_client_princ_len) |
| 338 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 324 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 339 | #endif /* OPENSSL_NO_KRB5 */ | 325 | #endif /* OPENSSL_NO_KRB5 */ |
| 340 | if (in->key_arg_length > 0) | 326 | if (in->key_arg_length > 0) |
| 341 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | 327 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); |
| 342 | if (in->time != 0L) | 328 | if (in->time != 0L) |
| 343 | M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 329 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 344 | if (in->timeout != 0L) | 330 | if (in->timeout != 0L) |
| 345 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 331 | M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 346 | if (in->peer != NULL) | 332 | if (in->peer != NULL) |
| 347 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); | 333 | M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 348 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, | 334 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, |
| 349 | v4); | 335 | v4); |
| 350 | if (in->verify_result != X509_V_OK) | 336 | if (in->verify_result != X509_V_OK) |
| 351 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | 337 | M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); |
| 352 | #ifndef OPENSSL_NO_TLSEXT | 338 | #ifndef OPENSSL_NO_TLSEXT |
| 353 | if (in->tlsext_hostname) | 339 | if (in->tlsext_hostname) |
| 354 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 340 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 355 | #endif /* OPENSSL_NO_TLSEXT */ | 341 | #endif /* OPENSSL_NO_TLSEXT */ |
| 356 | #ifndef OPENSSL_NO_PSK | 342 | #ifndef OPENSSL_NO_PSK |
| 357 | if (in->psk_identity_hint) | 343 | if (in->psk_identity_hint) |
| 358 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 344 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 359 | if (in->psk_identity) | 345 | if (in->psk_identity) |
| 360 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 346 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 361 | #endif /* OPENSSL_NO_PSK */ | 347 | #endif /* OPENSSL_NO_PSK */ |
| 362 | #ifndef OPENSSL_NO_TLSEXT | 348 | #ifndef OPENSSL_NO_TLSEXT |
| 363 | if (in->tlsext_tick_lifetime_hint > 0) | 349 | if (in->tlsext_tick_lifetime_hint > 0) |
| 364 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 350 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 365 | if (in->tlsext_tick) | 351 | if (in->tlsext_tick) |
| 366 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 352 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 367 | #endif /* OPENSSL_NO_TLSEXT */ | 353 | #endif /* OPENSSL_NO_TLSEXT */ |
| 368 | #ifndef OPENSSL_NO_COMP | 354 | #ifndef OPENSSL_NO_COMP |
| 369 | if (in->compress_meth) | 355 | if (in->compress_meth) |
| 370 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 356 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 371 | #endif | 357 | #endif |
| 372 | #ifndef OPENSSL_NO_SRP | 358 | #ifndef OPENSSL_NO_SRP |
| 373 | if (in->srp_username) | 359 | if (in->srp_username) |
| 374 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 360 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 375 | #endif /* OPENSSL_NO_SRP */ | 361 | #endif /* OPENSSL_NO_SRP */ |
| 376 | M_ASN1_I2D_finish(); | 362 | M_ASN1_I2D_finish(); |
| 377 | } | 363 | } |
| 378 | 364 | ||
| 379 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | 365 | SSL_SESSION |
| 380 | long length) | 366 | *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
| 381 | { | 367 | long length) |
| 382 | int ssl_version=0,i; | 368 | { |
| 369 | int ssl_version = 0, i; | ||
| 383 | long id; | 370 | long id; |
| 384 | ASN1_INTEGER ai,*aip; | 371 | ASN1_INTEGER ai, *aip; |
| 385 | ASN1_OCTET_STRING os,*osp; | 372 | ASN1_OCTET_STRING os, *osp; |
| 386 | M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); | 373 | M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new); |
| 387 | 374 | ||
| 388 | aip= &ai; | 375 | aip = &ai; |
| 389 | osp= &os; | 376 | osp = &os; |
| 390 | 377 | ||
| 391 | M_ASN1_D2I_Init(); | 378 | M_ASN1_D2I_Init(); |
| 392 | M_ASN1_D2I_start_sequence(); | 379 | M_ASN1_D2I_start_sequence(); |
| 393 | 380 | ||
| 394 | ai.data=NULL; ai.length=0; | 381 | ai.data = NULL; |
| 395 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 382 | ai.length = 0; |
| 396 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 383 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 384 | if (ai.data != NULL) { | ||
| 385 | OPENSSL_free(ai.data); | ||
| 386 | ai.data = NULL; | ||
| 387 | ai.length = 0; | ||
| 388 | } | ||
| 397 | 389 | ||
| 398 | /* we don't care about the version right now :-) */ | 390 | /* we don't care about the version right now :-) */ |
| 399 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 391 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 400 | ssl_version=(int)ASN1_INTEGER_get(aip); | 392 | ssl_version = (int)ASN1_INTEGER_get(aip); |
| 401 | ret->ssl_version=ssl_version; | 393 | ret->ssl_version = ssl_version; |
| 402 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 394 | if (ai.data != NULL) { |
| 403 | 395 | OPENSSL_free(ai.data); | |
| 404 | os.data=NULL; os.length=0; | 396 | ai.data = NULL; |
| 405 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 397 | ai.length = 0; |
| 406 | if (ssl_version == SSL2_VERSION) | 398 | } |
| 407 | { | 399 | |
| 408 | if (os.length != 3) | 400 | os.data = NULL; |
| 409 | { | 401 | os.length = 0; |
| 410 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 402 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 403 | if (ssl_version == SSL2_VERSION) { | ||
| 404 | if (os.length != 3) { | ||
| 405 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 411 | goto err; | 406 | goto err; |
| 412 | } | ||
| 413 | id=0x02000000L| | ||
| 414 | ((unsigned long)os.data[0]<<16L)| | ||
| 415 | ((unsigned long)os.data[1]<< 8L)| | ||
| 416 | (unsigned long)os.data[2]; | ||
| 417 | } | 407 | } |
| 418 | else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 408 | id = 0x02000000L| |
| 419 | { | 409 | ((unsigned long)os.data[0]<<16L)| |
| 420 | if (os.length != 2) | 410 | ((unsigned long)os.data[1]<< 8L)| |
| 421 | { | 411 | (unsigned long)os.data[2]; |
| 422 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 412 | } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { |
| 413 | if (os.length != 2) { | ||
| 414 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 423 | goto err; | 415 | goto err; |
| 424 | } | ||
| 425 | id=0x03000000L| | ||
| 426 | ((unsigned long)os.data[0]<<8L)| | ||
| 427 | (unsigned long)os.data[1]; | ||
| 428 | } | 416 | } |
| 429 | else | 417 | id = 0x03000000L| |
| 430 | { | 418 | ((unsigned long)os.data[0]<<8L)| |
| 431 | c.error=SSL_R_UNKNOWN_SSL_VERSION; | 419 | (unsigned long)os.data[1]; |
| 420 | } else { | ||
| 421 | c.error = SSL_R_UNKNOWN_SSL_VERSION; | ||
| 432 | goto err; | 422 | goto err; |
| 433 | } | 423 | } |
| 434 | 424 | ||
| 435 | ret->cipher=NULL; | 425 | ret->cipher = NULL; |
| 436 | ret->cipher_id=id; | 426 | ret->cipher_id = id; |
| 437 | 427 | ||
| 438 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 428 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 439 | if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 429 | if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 440 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; | 430 | i = SSL3_MAX_SSL_SESSION_ID_LENGTH; |
| 441 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ | 431 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ |
| 442 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 432 | i = SSL2_MAX_SSL_SESSION_ID_LENGTH; |
| 443 | 433 | ||
| 444 | if (os.length > i) | 434 | if (os.length > i) |
| 445 | os.length = i; | 435 | os.length = i; |
| 446 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ | 436 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ |
| 447 | os.length = sizeof(ret->session_id); | 437 | os.length = sizeof(ret->session_id); |
| 448 | 438 | ||
| 449 | ret->session_id_length=os.length; | 439 | ret->session_id_length = os.length; |
| 450 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); | 440 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); |
| 451 | memcpy(ret->session_id,os.data,os.length); | 441 | memcpy(ret->session_id, os.data, os.length); |
| 452 | 442 | ||
| 453 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 443 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 454 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) | 444 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) |
| 455 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | 445 | ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; |
| 456 | else | 446 | else |
| 457 | ret->master_key_length=os.length; | 447 | ret->master_key_length = os.length; |
| 458 | memcpy(ret->master_key,os.data,ret->master_key_length); | 448 | memcpy(ret->master_key, os.data, ret->master_key_length); |
| 459 | 449 | ||
| 460 | os.length=0; | 450 | os.length = 0; |
| 461 | 451 | ||
| 462 | #ifndef OPENSSL_NO_KRB5 | 452 | #ifndef OPENSSL_NO_KRB5 |
| 463 | os.length=0; | 453 | os.length = 0; |
| 464 | M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); | 454 | M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); |
| 465 | if (os.data) | 455 | if (os.data) { |
| 466 | { | 456 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) |
| 467 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) | 457 | ret->krb5_client_princ_len = 0; |
| 468 | ret->krb5_client_princ_len=0; | ||
| 469 | else | 458 | else |
| 470 | ret->krb5_client_princ_len=os.length; | 459 | ret->krb5_client_princ_len = os.length; |
| 471 | memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); | 460 | memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len); |
| 472 | OPENSSL_free(os.data); | 461 | OPENSSL_free(os.data); |
| 473 | os.data = NULL; | 462 | os.data = NULL; |
| 474 | os.length = 0; | 463 | os.length = 0; |
| 475 | } | 464 | } else |
| 476 | else | 465 | ret->krb5_client_princ_len = 0; |
| 477 | ret->krb5_client_princ_len=0; | ||
| 478 | #endif /* OPENSSL_NO_KRB5 */ | 466 | #endif /* OPENSSL_NO_KRB5 */ |
| 479 | 467 | ||
| 480 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | 468 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); |
| 481 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | 469 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) |
| 482 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | 470 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; |
| 483 | else | 471 | else |
| 484 | ret->key_arg_length=os.length; | 472 | ret->key_arg_length = os.length; |
| 485 | memcpy(ret->key_arg,os.data,ret->key_arg_length); | 473 | memcpy(ret->key_arg, os.data, ret->key_arg_length); |
| 486 | if (os.data != NULL) OPENSSL_free(os.data); | 474 | if (os.data != NULL) |
| 487 | 475 | OPENSSL_free(os.data); | |
| 488 | ai.length=0; | ||
| 489 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); | ||
| 490 | if (ai.data != NULL) | ||
| 491 | { | ||
| 492 | ret->time=ASN1_INTEGER_get(aip); | ||
| 493 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 494 | } | ||
| 495 | else | ||
| 496 | ret->time=(unsigned long)time(NULL); | ||
| 497 | |||
| 498 | ai.length=0; | ||
| 499 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); | ||
| 500 | if (ai.data != NULL) | ||
| 501 | { | ||
| 502 | ret->timeout=ASN1_INTEGER_get(aip); | ||
| 503 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 504 | } | ||
| 505 | else | ||
| 506 | ret->timeout=3; | ||
| 507 | 476 | ||
| 508 | if (ret->peer != NULL) | 477 | ai.length = 0; |
| 509 | { | 478 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); |
| 479 | if (ai.data != NULL) { | ||
| 480 | ret->time = ASN1_INTEGER_get(aip); | ||
| 481 | OPENSSL_free(ai.data); | ||
| 482 | ai.data = NULL; | ||
| 483 | ai.length = 0; | ||
| 484 | } else | ||
| 485 | ret->time = (unsigned long)time(NULL); | ||
| 486 | |||
| 487 | ai.length = 0; | ||
| 488 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | ||
| 489 | if (ai.data != NULL) { | ||
| 490 | ret->timeout = ASN1_INTEGER_get(aip); | ||
| 491 | OPENSSL_free(ai.data); | ||
| 492 | ai.data = NULL; | ||
| 493 | ai.length = 0; | ||
| 494 | } else | ||
| 495 | ret->timeout = 3; | ||
| 496 | |||
| 497 | if (ret->peer != NULL) { | ||
| 510 | X509_free(ret->peer); | 498 | X509_free(ret->peer); |
| 511 | ret->peer=NULL; | 499 | ret->peer = NULL; |
| 512 | } | 500 | } |
| 513 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); | 501 | M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3); |
| 514 | 502 | ||
| 515 | os.length=0; | 503 | os.length = 0; |
| 516 | os.data=NULL; | 504 | os.data = NULL; |
| 517 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); | 505 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4); |
| 518 | 506 | ||
| 519 | if(os.data != NULL) | 507 | if (os.data != NULL) { |
| 520 | { | 508 | if (os.length > SSL_MAX_SID_CTX_LENGTH) { |
| 521 | if (os.length > SSL_MAX_SID_CTX_LENGTH) | 509 | c.error = SSL_R_BAD_LENGTH; |
| 522 | { | 510 | goto err; |
| 523 | c.error=SSL_R_BAD_LENGTH; | 511 | } else { |
| 524 | goto err; | 512 | ret->sid_ctx_length = os.length; |
| 525 | } | 513 | memcpy(ret->sid_ctx, os.data, os.length); |
| 526 | else | ||
| 527 | { | ||
| 528 | ret->sid_ctx_length=os.length; | ||
| 529 | memcpy(ret->sid_ctx,os.data,os.length); | ||
| 530 | } | ||
| 531 | OPENSSL_free(os.data); os.data=NULL; os.length=0; | ||
| 532 | } | ||
| 533 | else | ||
| 534 | ret->sid_ctx_length=0; | ||
| 535 | |||
| 536 | ai.length=0; | ||
| 537 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); | ||
| 538 | if (ai.data != NULL) | ||
| 539 | { | ||
| 540 | ret->verify_result=ASN1_INTEGER_get(aip); | ||
| 541 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 542 | } | 514 | } |
| 543 | else | 515 | OPENSSL_free(os.data); |
| 544 | ret->verify_result=X509_V_OK; | 516 | os.data = NULL; |
| 517 | os.length = 0; | ||
| 518 | } else | ||
| 519 | ret->sid_ctx_length = 0; | ||
| 520 | |||
| 521 | ai.length = 0; | ||
| 522 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5); | ||
| 523 | if (ai.data != NULL) { | ||
| 524 | ret->verify_result = ASN1_INTEGER_get(aip); | ||
| 525 | OPENSSL_free(ai.data); | ||
| 526 | ai.data = NULL; | ||
| 527 | ai.length = 0; | ||
| 528 | } else | ||
| 529 | ret->verify_result = X509_V_OK; | ||
| 545 | 530 | ||
| 546 | #ifndef OPENSSL_NO_TLSEXT | 531 | #ifndef OPENSSL_NO_TLSEXT |
| 547 | os.length=0; | 532 | os.length = 0; |
| 548 | os.data=NULL; | 533 | os.data = NULL; |
| 549 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); | 534 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); |
| 550 | if (os.data) | 535 | if (os.data) { |
| 551 | { | ||
| 552 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); | 536 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); |
| 553 | OPENSSL_free(os.data); | 537 | OPENSSL_free(os.data); |
| 554 | os.data = NULL; | 538 | os.data = NULL; |
| 555 | os.length = 0; | 539 | os.length = 0; |
| 556 | } | 540 | } else |
| 557 | else | 541 | ret->tlsext_hostname = NULL; |
| 558 | ret->tlsext_hostname=NULL; | ||
| 559 | #endif /* OPENSSL_NO_TLSEXT */ | 542 | #endif /* OPENSSL_NO_TLSEXT */ |
| 560 | 543 | ||
| 561 | #ifndef OPENSSL_NO_PSK | 544 | #ifndef OPENSSL_NO_PSK |
| 562 | os.length=0; | 545 | os.length = 0; |
| 563 | os.data=NULL; | 546 | os.data = NULL; |
| 564 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); | 547 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 7); |
| 565 | if (os.data) | 548 | if (os.data) { |
| 566 | { | ||
| 567 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); | 549 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); |
| 568 | OPENSSL_free(os.data); | 550 | OPENSSL_free(os.data); |
| 569 | os.data = NULL; | 551 | os.data = NULL; |
| 570 | os.length = 0; | 552 | os.length = 0; |
| 571 | } | 553 | } else |
| 572 | else | 554 | ret->psk_identity_hint = NULL; |
| 573 | ret->psk_identity_hint=NULL; | ||
| 574 | 555 | ||
| 575 | os.length=0; | 556 | os.length = 0; |
| 576 | os.data=NULL; | 557 | os.data = NULL; |
| 577 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8); | 558 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 8); |
| 578 | if (os.data) | 559 | if (os.data) { |
| 579 | { | ||
| 580 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); | 560 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); |
| 581 | OPENSSL_free(os.data); | 561 | OPENSSL_free(os.data); |
| 582 | os.data = NULL; | 562 | os.data = NULL; |
| 583 | os.length = 0; | 563 | os.length = 0; |
| 584 | } | 564 | } else |
| 585 | else | 565 | ret->psk_identity = NULL; |
| 586 | ret->psk_identity=NULL; | ||
| 587 | #endif /* OPENSSL_NO_PSK */ | 566 | #endif /* OPENSSL_NO_PSK */ |
| 588 | 567 | ||
| 589 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 590 | ai.length=0; | 569 | ai.length = 0; |
| 591 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | 570 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); |
| 592 | if (ai.data != NULL) | 571 | if (ai.data != NULL) { |
| 593 | { | 572 | ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip); |
| 594 | ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); | 573 | OPENSSL_free(ai.data); |
| 595 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | 574 | ai.data = NULL; |
| 596 | } | 575 | ai.length = 0; |
| 597 | else if (ret->tlsext_ticklen && ret->session_id_length) | 576 | } else if (ret->tlsext_ticklen && ret->session_id_length) |
| 598 | ret->tlsext_tick_lifetime_hint = -1; | 577 | ret->tlsext_tick_lifetime_hint = -1; |
| 599 | else | 578 | else |
| 600 | ret->tlsext_tick_lifetime_hint=0; | 579 | ret->tlsext_tick_lifetime_hint = 0; |
| 601 | os.length=0; | 580 | os.length = 0; |
| 602 | os.data=NULL; | 581 | os.data = NULL; |
| 603 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); | 582 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10); |
| 604 | if (os.data) | 583 | if (os.data) { |
| 605 | { | ||
| 606 | ret->tlsext_tick = os.data; | 584 | ret->tlsext_tick = os.data; |
| 607 | ret->tlsext_ticklen = os.length; | 585 | ret->tlsext_ticklen = os.length; |
| 608 | os.data = NULL; | 586 | os.data = NULL; |
| 609 | os.length = 0; | 587 | os.length = 0; |
| 610 | } | 588 | } else |
| 611 | else | 589 | ret->tlsext_tick = NULL; |
| 612 | ret->tlsext_tick=NULL; | ||
| 613 | #endif /* OPENSSL_NO_TLSEXT */ | 590 | #endif /* OPENSSL_NO_TLSEXT */ |
| 614 | #ifndef OPENSSL_NO_COMP | 591 | #ifndef OPENSSL_NO_COMP |
| 615 | os.length=0; | 592 | os.length = 0; |
| 616 | os.data=NULL; | 593 | os.data = NULL; |
| 617 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); | 594 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11); |
| 618 | if (os.data) | 595 | if (os.data) { |
| 619 | { | ||
| 620 | ret->compress_meth = os.data[0]; | 596 | ret->compress_meth = os.data[0]; |
| 621 | OPENSSL_free(os.data); | 597 | OPENSSL_free(os.data); |
| 622 | os.data = NULL; | 598 | os.data = NULL; |
| 623 | } | 599 | } |
| 624 | #endif | 600 | #endif |
| 625 | 601 | ||
| 626 | #ifndef OPENSSL_NO_SRP | 602 | #ifndef OPENSSL_NO_SRP |
| 627 | os.length=0; | 603 | os.length = 0; |
| 628 | os.data=NULL; | 604 | os.data = NULL; |
| 629 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12); | 605 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12); |
| 630 | if (os.data) | 606 | if (os.data) { |
| 631 | { | ||
| 632 | ret->srp_username = BUF_strndup((char *)os.data, os.length); | 607 | ret->srp_username = BUF_strndup((char *)os.data, os.length); |
| 633 | OPENSSL_free(os.data); | 608 | OPENSSL_free(os.data); |
| 634 | os.data = NULL; | 609 | os.data = NULL; |
| 635 | os.length = 0; | 610 | os.length = 0; |
| 636 | } | 611 | } else |
| 637 | else | 612 | ret->srp_username = NULL; |
| 638 | ret->srp_username=NULL; | ||
| 639 | #endif /* OPENSSL_NO_SRP */ | 613 | #endif /* OPENSSL_NO_SRP */ |
| 640 | 614 | ||
| 641 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 615 | M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); |
| 642 | } | 616 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c index 1aaddc351f..79eb4ee031 100644 --- a/src/lib/libssl/src/ssl/ssl_cert.c +++ b/src/lib/libssl/src/ssl/ssl_cert.c | |||
| @@ -132,36 +132,36 @@ | |||
| 132 | #include <openssl/bn.h> | 132 | #include <openssl/bn.h> |
| 133 | #include "ssl_locl.h" | 133 | #include "ssl_locl.h" |
| 134 | 134 | ||
| 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) | 135 | int |
| 136 | { | 136 | SSL_get_ex_data_X509_STORE_CTX_idx(void) |
| 137 | static volatile int ssl_x509_store_ctx_idx= -1; | 137 | { |
| 138 | static volatile int ssl_x509_store_ctx_idx = -1; | ||
| 138 | int got_write_lock = 0; | 139 | int got_write_lock = 0; |
| 139 | 140 | ||
| 140 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 141 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 141 | 142 | ||
| 142 | if (ssl_x509_store_ctx_idx < 0) | 143 | if (ssl_x509_store_ctx_idx < 0) { |
| 143 | { | ||
| 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 146 | got_write_lock = 1; | 146 | got_write_lock = 1; |
| 147 | 147 | ||
| 148 | if (ssl_x509_store_ctx_idx < 0) | 148 | if (ssl_x509_store_ctx_idx < 0) { |
| 149 | { | 149 | ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( |
| 150 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | 150 | 0, "SSL for verify callback", NULL, NULL, NULL); |
| 151 | 0,"SSL for verify callback",NULL,NULL,NULL); | ||
| 152 | } | ||
| 153 | } | 151 | } |
| 152 | } | ||
| 154 | 153 | ||
| 155 | if (got_write_lock) | 154 | if (got_write_lock) |
| 156 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 155 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 157 | else | 156 | else |
| 158 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 157 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 159 | 158 | ||
| 160 | return ssl_x509_store_ctx_idx; | 159 | return ssl_x509_store_ctx_idx; |
| 161 | } | 160 | } |
| 162 | 161 | ||
| 163 | static void ssl_cert_set_default_md(CERT *cert) | 162 | static void |
| 164 | { | 163 | ssl_cert_set_default_md(CERT *cert) |
| 164 | { | ||
| 165 | /* Set digest values to defaults */ | 165 | /* Set digest values to defaults */ |
| 166 | #ifndef OPENSSL_NO_DSA | 166 | #ifndef OPENSSL_NO_DSA |
| 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); |
| @@ -173,37 +173,37 @@ static void ssl_cert_set_default_md(CERT *cert) | |||
| 173 | #ifndef OPENSSL_NO_ECDSA | 173 | #ifndef OPENSSL_NO_ECDSA |
| 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 175 | #endif | 175 | #endif |
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | CERT *ssl_cert_new(void) | 178 | CERT |
| 179 | { | 179 | *ssl_cert_new(void) |
| 180 | { | ||
| 180 | CERT *ret; | 181 | CERT *ret; |
| 181 | 182 | ||
| 182 | ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); | 183 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 183 | if (ret == NULL) | 184 | if (ret == NULL) { |
| 184 | { | 185 | SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 185 | SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); | 186 | return (NULL); |
| 186 | return(NULL); | 187 | } |
| 187 | } | 188 | memset(ret, 0, sizeof(CERT)); |
| 188 | memset(ret,0,sizeof(CERT)); | ||
| 189 | 189 | ||
| 190 | ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); | 190 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); |
| 191 | ret->references=1; | 191 | ret->references = 1; |
| 192 | ssl_cert_set_default_md(ret); | 192 | ssl_cert_set_default_md(ret); |
| 193 | return(ret); | 193 | return (ret); |
| 194 | } | 194 | } |
| 195 | 195 | ||
| 196 | CERT *ssl_cert_dup(CERT *cert) | 196 | CERT |
| 197 | { | 197 | *ssl_cert_dup(CERT *cert) |
| 198 | { | ||
| 198 | CERT *ret; | 199 | CERT *ret; |
| 199 | int i; | 200 | int i; |
| 200 | 201 | ||
| 201 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); | 202 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 202 | if (ret == NULL) | 203 | if (ret == NULL) { |
| 203 | { | ||
| 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); | 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); |
| 205 | return(NULL); | 205 | return (NULL); |
| 206 | } | 206 | } |
| 207 | 207 | ||
| 208 | memset(ret, 0, sizeof(CERT)); | 208 | memset(ret, 0, sizeof(CERT)); |
| 209 | 209 | ||
| @@ -218,77 +218,64 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 218 | ret->export_mask_a = cert->export_mask_a; | 218 | ret->export_mask_a = cert->export_mask_a; |
| 219 | 219 | ||
| 220 | #ifndef OPENSSL_NO_RSA | 220 | #ifndef OPENSSL_NO_RSA |
| 221 | if (cert->rsa_tmp != NULL) | 221 | if (cert->rsa_tmp != NULL) { |
| 222 | { | ||
| 223 | RSA_up_ref(cert->rsa_tmp); | 222 | RSA_up_ref(cert->rsa_tmp); |
| 224 | ret->rsa_tmp = cert->rsa_tmp; | 223 | ret->rsa_tmp = cert->rsa_tmp; |
| 225 | } | 224 | } |
| 226 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; | 225 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | #ifndef OPENSSL_NO_DH | 228 | #ifndef OPENSSL_NO_DH |
| 230 | if (cert->dh_tmp != NULL) | 229 | if (cert->dh_tmp != NULL) { |
| 231 | { | ||
| 232 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 230 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); |
| 233 | if (ret->dh_tmp == NULL) | 231 | if (ret->dh_tmp == NULL) { |
| 234 | { | ||
| 235 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); | 232 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); |
| 236 | goto err; | 233 | goto err; |
| 237 | } | 234 | } |
| 238 | if (cert->dh_tmp->priv_key) | 235 | if (cert->dh_tmp->priv_key) { |
| 239 | { | ||
| 240 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | 236 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); |
| 241 | if (!b) | 237 | if (!b) { |
| 242 | { | ||
| 243 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 238 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 244 | goto err; | 239 | goto err; |
| 245 | } | ||
| 246 | ret->dh_tmp->priv_key = b; | ||
| 247 | } | 240 | } |
| 248 | if (cert->dh_tmp->pub_key) | 241 | ret->dh_tmp->priv_key = b; |
| 249 | { | 242 | } |
| 243 | if (cert->dh_tmp->pub_key) { | ||
| 250 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | 244 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); |
| 251 | if (!b) | 245 | if (!b) { |
| 252 | { | ||
| 253 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 246 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 254 | goto err; | 247 | goto err; |
| 255 | } | ||
| 256 | ret->dh_tmp->pub_key = b; | ||
| 257 | } | 248 | } |
| 249 | ret->dh_tmp->pub_key = b; | ||
| 258 | } | 250 | } |
| 251 | } | ||
| 259 | ret->dh_tmp_cb = cert->dh_tmp_cb; | 252 | ret->dh_tmp_cb = cert->dh_tmp_cb; |
| 260 | #endif | 253 | #endif |
| 261 | 254 | ||
| 262 | #ifndef OPENSSL_NO_ECDH | 255 | #ifndef OPENSSL_NO_ECDH |
| 263 | if (cert->ecdh_tmp) | 256 | if (cert->ecdh_tmp) { |
| 264 | { | ||
| 265 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | 257 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); |
| 266 | if (ret->ecdh_tmp == NULL) | 258 | if (ret->ecdh_tmp == NULL) { |
| 267 | { | ||
| 268 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | 259 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); |
| 269 | goto err; | 260 | goto err; |
| 270 | } | ||
| 271 | } | 261 | } |
| 262 | } | ||
| 272 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | 263 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; |
| 273 | #endif | 264 | #endif |
| 274 | 265 | ||
| 275 | for (i = 0; i < SSL_PKEY_NUM; i++) | 266 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 276 | { | 267 | if (cert->pkeys[i].x509 != NULL) { |
| 277 | if (cert->pkeys[i].x509 != NULL) | ||
| 278 | { | ||
| 279 | ret->pkeys[i].x509 = cert->pkeys[i].x509; | 268 | ret->pkeys[i].x509 = cert->pkeys[i].x509; |
| 280 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, | 269 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, |
| 281 | CRYPTO_LOCK_X509); | 270 | CRYPTO_LOCK_X509); |
| 282 | } | 271 | } |
| 283 | 272 | ||
| 284 | if (cert->pkeys[i].privatekey != NULL) | 273 | if (cert->pkeys[i].privatekey != NULL) { |
| 285 | { | ||
| 286 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; | 274 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; |
| 287 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, | 275 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, |
| 288 | CRYPTO_LOCK_EVP_PKEY); | 276 | CRYPTO_LOCK_EVP_PKEY); |
| 289 | 277 | ||
| 290 | switch(i) | 278 | switch (i) { |
| 291 | { | ||
| 292 | /* If there was anything special to do for | 279 | /* If there was anything special to do for |
| 293 | * certain types of keys, we'd do it here. | 280 | * certain types of keys, we'd do it here. |
| 294 | * (Nothing at the moment, I think.) */ | 281 | * (Nothing at the moment, I think.) */ |
| @@ -297,11 +284,11 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 297 | case SSL_PKEY_RSA_SIGN: | 284 | case SSL_PKEY_RSA_SIGN: |
| 298 | /* We have an RSA key. */ | 285 | /* We have an RSA key. */ |
| 299 | break; | 286 | break; |
| 300 | 287 | ||
| 301 | case SSL_PKEY_DSA_SIGN: | 288 | case SSL_PKEY_DSA_SIGN: |
| 302 | /* We have a DSA key. */ | 289 | /* We have a DSA key. */ |
| 303 | break; | 290 | break; |
| 304 | 291 | ||
| 305 | case SSL_PKEY_DH_RSA: | 292 | case SSL_PKEY_DH_RSA: |
| 306 | case SSL_PKEY_DH_DSA: | 293 | case SSL_PKEY_DH_DSA: |
| 307 | /* We have a DH key. */ | 294 | /* We have a DH key. */ |
| @@ -314,21 +301,21 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 314 | default: | 301 | default: |
| 315 | /* Can't happen. */ | 302 | /* Can't happen. */ |
| 316 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | 303 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); |
| 317 | } | ||
| 318 | } | 304 | } |
| 319 | } | 305 | } |
| 320 | 306 | } | |
| 307 | |||
| 321 | /* ret->extra_certs *should* exist, but currently the own certificate | 308 | /* ret->extra_certs *should* exist, but currently the own certificate |
| 322 | * chain is held inside SSL_CTX */ | 309 | * chain is held inside SSL_CTX */ |
| 323 | 310 | ||
| 324 | ret->references=1; | 311 | ret->references = 1; |
| 325 | /* Set digests to defaults. NB: we don't copy existing values as they | 312 | /* Set digests to defaults. NB: we don't copy existing values as they |
| 326 | * will be set during handshake. | 313 | * will be set during handshake. |
| 327 | */ | 314 | */ |
| 328 | ssl_cert_set_default_md(ret); | 315 | ssl_cert_set_default_md(ret); |
| 329 | 316 | ||
| 330 | return(ret); | 317 | return (ret); |
| 331 | 318 | ||
| 332 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) | 319 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) |
| 333 | err: | 320 | err: |
| 334 | #endif | 321 | #endif |
| @@ -345,50 +332,52 @@ err: | |||
| 345 | EC_KEY_free(ret->ecdh_tmp); | 332 | EC_KEY_free(ret->ecdh_tmp); |
| 346 | #endif | 333 | #endif |
| 347 | 334 | ||
| 348 | for (i = 0; i < SSL_PKEY_NUM; i++) | 335 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 349 | { | ||
| 350 | if (ret->pkeys[i].x509 != NULL) | 336 | if (ret->pkeys[i].x509 != NULL) |
| 351 | X509_free(ret->pkeys[i].x509); | 337 | X509_free(ret->pkeys[i].x509); |
| 352 | if (ret->pkeys[i].privatekey != NULL) | 338 | if (ret->pkeys[i].privatekey != NULL) |
| 353 | EVP_PKEY_free(ret->pkeys[i].privatekey); | 339 | EVP_PKEY_free(ret->pkeys[i].privatekey); |
| 354 | } | 340 | } |
| 355 | 341 | ||
| 356 | return NULL; | 342 | return NULL; |
| 357 | } | 343 | } |
| 358 | 344 | ||
| 359 | 345 | ||
| 360 | void ssl_cert_free(CERT *c) | 346 | void |
| 361 | { | 347 | ssl_cert_free(CERT *c) |
| 348 | { | ||
| 362 | int i; | 349 | int i; |
| 363 | 350 | ||
| 364 | if(c == NULL) | 351 | if (c == NULL) |
| 365 | return; | 352 | return; |
| 366 | 353 | ||
| 367 | i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); | 354 | i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); |
| 368 | #ifdef REF_PRINT | 355 | #ifdef REF_PRINT |
| 369 | REF_PRINT("CERT",c); | 356 | REF_PRINT("CERT", c); |
| 370 | #endif | 357 | #endif |
| 371 | if (i > 0) return; | 358 | if (i > 0) |
| 359 | return; | ||
| 372 | #ifdef REF_CHECK | 360 | #ifdef REF_CHECK |
| 373 | if (i < 0) | 361 | if (i < 0) { |
| 374 | { | 362 | fprintf(stderr, "ssl_cert_free, bad reference count\n"); |
| 375 | fprintf(stderr,"ssl_cert_free, bad reference count\n"); | ||
| 376 | abort(); /* ok */ | 363 | abort(); /* ok */ |
| 377 | } | 364 | } |
| 378 | #endif | 365 | #endif |
| 379 | 366 | ||
| 380 | #ifndef OPENSSL_NO_RSA | 367 | #ifndef OPENSSL_NO_RSA |
| 381 | if (c->rsa_tmp) RSA_free(c->rsa_tmp); | 368 | if (c->rsa_tmp) |
| 369 | RSA_free(c->rsa_tmp); | ||
| 382 | #endif | 370 | #endif |
| 383 | #ifndef OPENSSL_NO_DH | 371 | #ifndef OPENSSL_NO_DH |
| 384 | if (c->dh_tmp) DH_free(c->dh_tmp); | 372 | if (c->dh_tmp) |
| 373 | DH_free(c->dh_tmp); | ||
| 385 | #endif | 374 | #endif |
| 386 | #ifndef OPENSSL_NO_ECDH | 375 | #ifndef OPENSSL_NO_ECDH |
| 387 | if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); | 376 | if (c->ecdh_tmp) |
| 377 | EC_KEY_free(c->ecdh_tmp); | ||
| 388 | #endif | 378 | #endif |
| 389 | 379 | ||
| 390 | for (i=0; i<SSL_PKEY_NUM; i++) | 380 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 391 | { | ||
| 392 | if (c->pkeys[i].x509 != NULL) | 381 | if (c->pkeys[i].x509 != NULL) |
| 393 | X509_free(c->pkeys[i].x509); | 382 | X509_free(c->pkeys[i].x509); |
| 394 | if (c->pkeys[i].privatekey != NULL) | 383 | if (c->pkeys[i].privatekey != NULL) |
| @@ -397,12 +386,13 @@ void ssl_cert_free(CERT *c) | |||
| 397 | if (c->pkeys[i].publickey != NULL) | 386 | if (c->pkeys[i].publickey != NULL) |
| 398 | EVP_PKEY_free(c->pkeys[i].publickey); | 387 | EVP_PKEY_free(c->pkeys[i].publickey); |
| 399 | #endif | 388 | #endif |
| 400 | } | ||
| 401 | OPENSSL_free(c); | ||
| 402 | } | 389 | } |
| 390 | OPENSSL_free(c); | ||
| 391 | } | ||
| 403 | 392 | ||
| 404 | int ssl_cert_inst(CERT **o) | 393 | int |
| 405 | { | 394 | ssl_cert_inst(CERT **o) |
| 395 | { | ||
| 406 | /* Create a CERT if there isn't already one | 396 | /* Create a CERT if there isn't already one |
| 407 | * (which cannot really happen, as it is initially created in | 397 | * (which cannot really happen, as it is initially created in |
| 408 | * SSL_CTX_new; but the earlier code usually allows for that one | 398 | * SSL_CTX_new; but the earlier code usually allows for that one |
| @@ -412,44 +402,42 @@ int ssl_cert_inst(CERT **o) | |||
| 412 | * s->cert being NULL, otherwise we could do without the | 402 | * s->cert being NULL, otherwise we could do without the |
| 413 | * initialization in SSL_CTX_new). | 403 | * initialization in SSL_CTX_new). |
| 414 | */ | 404 | */ |
| 415 | 405 | ||
| 416 | if (o == NULL) | 406 | if (o == NULL) { |
| 417 | { | ||
| 418 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); | 407 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); |
| 419 | return(0); | 408 | return (0); |
| 420 | } | 409 | } |
| 421 | if (*o == NULL) | 410 | if (*o == NULL) { |
| 422 | { | 411 | if ((*o = ssl_cert_new()) == NULL) { |
| 423 | if ((*o = ssl_cert_new()) == NULL) | ||
| 424 | { | ||
| 425 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); | 412 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); |
| 426 | return(0); | 413 | return (0); |
| 427 | } | ||
| 428 | } | 414 | } |
| 429 | return(1); | ||
| 430 | } | 415 | } |
| 416 | return (1); | ||
| 417 | } | ||
| 431 | 418 | ||
| 432 | 419 | ||
| 433 | SESS_CERT *ssl_sess_cert_new(void) | 420 | SESS_CERT |
| 434 | { | 421 | *ssl_sess_cert_new(void) |
| 422 | { | ||
| 435 | SESS_CERT *ret; | 423 | SESS_CERT *ret; |
| 436 | 424 | ||
| 437 | ret = OPENSSL_malloc(sizeof *ret); | 425 | ret = OPENSSL_malloc(sizeof *ret); |
| 438 | if (ret == NULL) | 426 | if (ret == NULL) { |
| 439 | { | ||
| 440 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); | 427 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 441 | return NULL; | 428 | return NULL; |
| 442 | } | 429 | } |
| 443 | 430 | ||
| 444 | memset(ret, 0 ,sizeof *ret); | 431 | memset(ret, 0 , sizeof *ret); |
| 445 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | 432 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); |
| 446 | ret->references = 1; | 433 | ret->references = 1; |
| 447 | 434 | ||
| 448 | return ret; | 435 | return ret; |
| 449 | } | 436 | } |
| 450 | 437 | ||
| 451 | void ssl_sess_cert_free(SESS_CERT *sc) | 438 | void |
| 452 | { | 439 | ssl_sess_cert_free(SESS_CERT *sc) |
| 440 | { | ||
| 453 | int i; | 441 | int i; |
| 454 | 442 | ||
| 455 | if (sc == NULL) | 443 | if (sc == NULL) |
| @@ -462,27 +450,25 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 462 | if (i > 0) | 450 | if (i > 0) |
| 463 | return; | 451 | return; |
| 464 | #ifdef REF_CHECK | 452 | #ifdef REF_CHECK |
| 465 | if (i < 0) | 453 | if (i < 0) { |
| 466 | { | 454 | fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); |
| 467 | fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); | ||
| 468 | abort(); /* ok */ | 455 | abort(); /* ok */ |
| 469 | } | 456 | } |
| 470 | #endif | 457 | #endif |
| 471 | 458 | ||
| 472 | /* i == 0 */ | 459 | /* i == 0 */ |
| 473 | if (sc->cert_chain != NULL) | 460 | if (sc->cert_chain != NULL) |
| 474 | sk_X509_pop_free(sc->cert_chain, X509_free); | 461 | sk_X509_pop_free(sc->cert_chain, X509_free); |
| 475 | for (i = 0; i < SSL_PKEY_NUM; i++) | 462 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 476 | { | ||
| 477 | if (sc->peer_pkeys[i].x509 != NULL) | 463 | if (sc->peer_pkeys[i].x509 != NULL) |
| 478 | X509_free(sc->peer_pkeys[i].x509); | 464 | X509_free(sc->peer_pkeys[i].x509); |
| 479 | #if 0 /* We don't have the peer's private key. These lines are just | 465 | #if 0 /* We don't have the peer's private key. These lines are just |
| 480 | * here as a reminder that we're still using a not-quite-appropriate | 466 | * here as a reminder that we're still using a not-quite-appropriate |
| 481 | * data structure. */ | 467 | * data structure. */ |
| 482 | if (sc->peer_pkeys[i].privatekey != NULL) | 468 | if (sc->peer_pkeys[i].privatekey != NULL) |
| 483 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); | 469 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); |
| 484 | #endif | 470 | #endif |
| 485 | } | 471 | } |
| 486 | 472 | ||
| 487 | #ifndef OPENSSL_NO_RSA | 473 | #ifndef OPENSSL_NO_RSA |
| 488 | if (sc->peer_rsa_tmp != NULL) | 474 | if (sc->peer_rsa_tmp != NULL) |
| @@ -498,34 +484,35 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 498 | #endif | 484 | #endif |
| 499 | 485 | ||
| 500 | OPENSSL_free(sc); | 486 | OPENSSL_free(sc); |
| 501 | } | 487 | } |
| 502 | 488 | ||
| 503 | int ssl_set_peer_cert_type(SESS_CERT *sc,int type) | 489 | int |
| 504 | { | 490 | ssl_set_peer_cert_type(SESS_CERT *sc, int type) |
| 491 | { | ||
| 505 | sc->peer_cert_type = type; | 492 | sc->peer_cert_type = type; |
| 506 | return(1); | 493 | return (1); |
| 507 | } | 494 | } |
| 508 | 495 | ||
| 509 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | 496 | int |
| 510 | { | 497 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) |
| 498 | { | ||
| 511 | X509 *x; | 499 | X509 *x; |
| 512 | int i; | 500 | int i; |
| 513 | X509_STORE_CTX ctx; | 501 | X509_STORE_CTX ctx; |
| 514 | 502 | ||
| 515 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | 503 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) |
| 516 | return(0); | 504 | return (0); |
| 517 | 505 | ||
| 518 | x=sk_X509_value(sk,0); | 506 | x = sk_X509_value(sk, 0); |
| 519 | if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) | 507 | if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { |
| 520 | { | 508 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); |
| 521 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | 509 | return (0); |
| 522 | return(0); | 510 | } |
| 523 | } | ||
| 524 | #if 0 | 511 | #if 0 |
| 525 | if (SSL_get_verify_depth(s) >= 0) | 512 | if (SSL_get_verify_depth(s) >= 0) |
| 526 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | 513 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); |
| 527 | #endif | 514 | #endif |
| 528 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | 515 | X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); |
| 529 | 516 | ||
| 530 | /* We need to inherit the verify parameters. These can be determined by | 517 | /* We need to inherit the verify parameters. These can be determined by |
| 531 | * the context: if its a server it will verify SSL client certificates | 518 | * the context: if its a server it will verify SSL client certificates |
| @@ -533,7 +520,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 533 | */ | 520 | */ |
| 534 | 521 | ||
| 535 | X509_STORE_CTX_set_default(&ctx, | 522 | X509_STORE_CTX_set_default(&ctx, |
| 536 | s->server ? "ssl_client" : "ssl_server"); | 523 | s->server ? "ssl_client" : "ssl_server"); |
| 537 | /* Anything non-default in "param" should overwrite anything in the | 524 | /* Anything non-default in "param" should overwrite anything in the |
| 538 | * ctx. | 525 | * ctx. |
| 539 | */ | 526 | */ |
| @@ -544,121 +531,127 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 544 | 531 | ||
| 545 | if (s->ctx->app_verify_callback != NULL) | 532 | if (s->ctx->app_verify_callback != NULL) |
| 546 | #if 1 /* new with OpenSSL 0.9.7 */ | 533 | #if 1 /* new with OpenSSL 0.9.7 */ |
| 547 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | 534 | i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); |
| 535 | |||
| 548 | #else | 536 | #else |
| 549 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ | 537 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ |
| 550 | #endif | 538 | #endif |
| 551 | else | 539 | else { |
| 552 | { | ||
| 553 | #ifndef OPENSSL_NO_X509_VERIFY | 540 | #ifndef OPENSSL_NO_X509_VERIFY |
| 554 | i=X509_verify_cert(&ctx); | 541 | i = X509_verify_cert(&ctx); |
| 555 | #else | 542 | #else |
| 556 | i=0; | 543 | i = 0; |
| 557 | ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; | 544 | ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; |
| 558 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); | 545 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); |
| 559 | #endif | 546 | #endif |
| 560 | } | 547 | } |
| 561 | 548 | ||
| 562 | s->verify_result=ctx.error; | 549 | s->verify_result = ctx.error; |
| 563 | X509_STORE_CTX_cleanup(&ctx); | 550 | X509_STORE_CTX_cleanup(&ctx); |
| 564 | 551 | ||
| 565 | return(i); | 552 | return (i); |
| 566 | } | 553 | } |
| 567 | 554 | ||
| 568 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) | 555 | static void |
| 569 | { | 556 | set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) |
| 557 | { | ||
| 570 | if (*ca_list != NULL) | 558 | if (*ca_list != NULL) |
| 571 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); | 559 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); |
| 572 | 560 | ||
| 573 | *ca_list=name_list; | 561 | *ca_list = name_list; |
| 574 | } | 562 | } |
| 575 | 563 | ||
| 576 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | 564 | STACK_OF(X509_NAME) |
| 577 | { | 565 | *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) |
| 566 | { | ||
| 578 | int i; | 567 | int i; |
| 579 | STACK_OF(X509_NAME) *ret; | 568 | STACK_OF(X509_NAME) *ret; |
| 580 | X509_NAME *name; | 569 | X509_NAME *name; |
| 581 | 570 | ||
| 582 | ret=sk_X509_NAME_new_null(); | 571 | ret = sk_X509_NAME_new_null(); |
| 583 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 572 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 584 | { | 573 | name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); |
| 585 | name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); | 574 | if ((name == NULL) || !sk_X509_NAME_push(ret, name)) { |
| 586 | if ((name == NULL) || !sk_X509_NAME_push(ret,name)) | 575 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 587 | { | 576 | return (NULL); |
| 588 | sk_X509_NAME_pop_free(ret,X509_NAME_free); | ||
| 589 | return(NULL); | ||
| 590 | } | ||
| 591 | } | 577 | } |
| 592 | return(ret); | ||
| 593 | } | 578 | } |
| 594 | 579 | return (ret); | |
| 595 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) | 580 | } |
| 596 | { | 581 | |
| 597 | set_client_CA_list(&(s->client_CA),name_list); | 582 | void |
| 598 | } | 583 | SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) |
| 599 | 584 | { | |
| 600 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) | 585 | set_client_CA_list(&(s->client_CA), name_list); |
| 601 | { | 586 | } |
| 602 | set_client_CA_list(&(ctx->client_CA),name_list); | 587 | |
| 603 | } | 588 | void |
| 604 | 589 | SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) | |
| 605 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) | 590 | { |
| 606 | { | 591 | set_client_CA_list(&(ctx->client_CA), name_list); |
| 607 | return(ctx->client_CA); | 592 | } |
| 608 | } | 593 | |
| 609 | 594 | STACK_OF(X509_NAME) | |
| 610 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) | 595 | *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) |
| 611 | { | 596 | { |
| 597 | return (ctx->client_CA); | ||
| 598 | } | ||
| 599 | |||
| 600 | STACK_OF(X509_NAME) | ||
| 601 | *SSL_get_client_CA_list(const SSL *s) | ||
| 602 | { | ||
| 612 | if (s->type == SSL_ST_CONNECT) | 603 | if (s->type == SSL_ST_CONNECT) |
| 613 | { /* we are in the client */ | 604 | { /* we are in the client */ |
| 614 | if (((s->version>>8) == SSL3_VERSION_MAJOR) && | 605 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && |
| 615 | (s->s3 != NULL)) | 606 | (s->s3 != NULL)) |
| 616 | return(s->s3->tmp.ca_names); | 607 | return (s->s3->tmp.ca_names); |
| 617 | else | 608 | else |
| 618 | return(NULL); | 609 | return (NULL); |
| 619 | } | 610 | } else { |
| 620 | else | ||
| 621 | { | ||
| 622 | if (s->client_CA != NULL) | 611 | if (s->client_CA != NULL) |
| 623 | return(s->client_CA); | 612 | return (s->client_CA); |
| 624 | else | 613 | else |
| 625 | return(s->ctx->client_CA); | 614 | return (s->ctx->client_CA); |
| 626 | } | ||
| 627 | } | 615 | } |
| 616 | } | ||
| 628 | 617 | ||
| 629 | static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) | 618 | static int |
| 630 | { | 619 | add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) |
| 620 | { | ||
| 631 | X509_NAME *name; | 621 | X509_NAME *name; |
| 632 | 622 | ||
| 633 | if (x == NULL) return(0); | 623 | if (x == NULL) |
| 634 | if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) | 624 | return (0); |
| 635 | return(0); | 625 | if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) |
| 636 | 626 | return (0); | |
| 637 | if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) | ||
| 638 | return(0); | ||
| 639 | |||
| 640 | if (!sk_X509_NAME_push(*sk,name)) | ||
| 641 | { | ||
| 642 | X509_NAME_free(name); | ||
| 643 | return(0); | ||
| 644 | } | ||
| 645 | return(1); | ||
| 646 | } | ||
| 647 | 627 | ||
| 648 | int SSL_add_client_CA(SSL *ssl,X509 *x) | 628 | if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) |
| 649 | { | 629 | return (0); |
| 650 | return(add_client_CA(&(ssl->client_CA),x)); | ||
| 651 | } | ||
| 652 | 630 | ||
| 653 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) | 631 | if (!sk_X509_NAME_push(*sk, name)) { |
| 654 | { | 632 | X509_NAME_free(name); |
| 655 | return(add_client_CA(&(ctx->client_CA),x)); | 633 | return (0); |
| 656 | } | ||
| 657 | |||
| 658 | static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 659 | { | ||
| 660 | return(X509_NAME_cmp(*a,*b)); | ||
| 661 | } | 634 | } |
| 635 | return (1); | ||
| 636 | } | ||
| 637 | |||
| 638 | int | ||
| 639 | SSL_add_client_CA(SSL *ssl, X509 *x) | ||
| 640 | { | ||
| 641 | return (add_client_CA(&(ssl->client_CA), x)); | ||
| 642 | } | ||
| 643 | |||
| 644 | int | ||
| 645 | SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) | ||
| 646 | { | ||
| 647 | return (add_client_CA(&(ctx->client_CA), x)); | ||
| 648 | } | ||
| 649 | |||
| 650 | static int | ||
| 651 | xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 652 | { | ||
| 653 | return (X509_NAME_cmp(*a, *b)); | ||
| 654 | } | ||
| 662 | 655 | ||
| 663 | #ifndef OPENSSL_NO_STDIO | 656 | #ifndef OPENSSL_NO_STDIO |
| 664 | /*! | 657 | /*! |
| @@ -669,65 +662,65 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | |||
| 669 | * \param file the file containing one or more certs. | 662 | * \param file the file containing one or more certs. |
| 670 | * \return a ::STACK containing the certs. | 663 | * \return a ::STACK containing the certs. |
| 671 | */ | 664 | */ |
| 672 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) | 665 | STACK_OF(X509_NAME) |
| 673 | { | 666 | *SSL_load_client_CA_file(const char *file) |
| 667 | { | ||
| 674 | BIO *in; | 668 | BIO *in; |
| 675 | X509 *x=NULL; | 669 | X509 *x = NULL; |
| 676 | X509_NAME *xn=NULL; | 670 | X509_NAME *xn = NULL; |
| 677 | STACK_OF(X509_NAME) *ret = NULL,*sk; | 671 | STACK_OF(X509_NAME) *ret = NULL, *sk; |
| 678 | 672 | ||
| 679 | sk=sk_X509_NAME_new(xname_cmp); | 673 | sk = sk_X509_NAME_new(xname_cmp); |
| 680 | 674 | ||
| 681 | in=BIO_new(BIO_s_file_internal()); | 675 | in = BIO_new(BIO_s_file_internal()); |
| 682 | 676 | ||
| 683 | if ((sk == NULL) || (in == NULL)) | 677 | if ((sk == NULL) || (in == NULL)) { |
| 684 | { | 678 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 685 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 686 | goto err; | 679 | goto err; |
| 687 | } | 680 | } |
| 688 | 681 | ||
| 689 | if (!BIO_read_filename(in,file)) | 682 | if (!BIO_read_filename(in, file)) |
| 690 | goto err; | 683 | goto err; |
| 691 | 684 | ||
| 692 | for (;;) | 685 | for (;;) { |
| 693 | { | 686 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 694 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 695 | break; | 687 | break; |
| 696 | if (ret == NULL) | 688 | if (ret == NULL) { |
| 697 | { | ||
| 698 | ret = sk_X509_NAME_new_null(); | 689 | ret = sk_X509_NAME_new_null(); |
| 699 | if (ret == NULL) | 690 | if (ret == NULL) { |
| 700 | { | 691 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 701 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 702 | goto err; | 692 | goto err; |
| 703 | } | ||
| 704 | } | 693 | } |
| 705 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 694 | } |
| 706 | /* check for duplicates */ | 695 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 707 | xn=X509_NAME_dup(xn); | 696 | /* check for duplicates */ |
| 708 | if (xn == NULL) goto err; | 697 | xn = X509_NAME_dup(xn); |
| 709 | if (sk_X509_NAME_find(sk,xn) >= 0) | 698 | if (xn == NULL) |
| 699 | goto err; | ||
| 700 | if (sk_X509_NAME_find(sk, xn) >= 0) | ||
| 710 | X509_NAME_free(xn); | 701 | X509_NAME_free(xn); |
| 711 | else | 702 | else { |
| 712 | { | 703 | sk_X509_NAME_push(sk, xn); |
| 713 | sk_X509_NAME_push(sk,xn); | 704 | sk_X509_NAME_push(ret, xn); |
| 714 | sk_X509_NAME_push(ret,xn); | ||
| 715 | } | ||
| 716 | } | 705 | } |
| 706 | } | ||
| 717 | 707 | ||
| 718 | if (0) | 708 | if (0) { |
| 719 | { | ||
| 720 | err: | 709 | err: |
| 721 | if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); | 710 | if (ret != NULL) |
| 722 | ret=NULL; | 711 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 723 | } | 712 | ret = NULL; |
| 724 | if (sk != NULL) sk_X509_NAME_free(sk); | 713 | } |
| 725 | if (in != NULL) BIO_free(in); | 714 | if (sk != NULL) |
| 726 | if (x != NULL) X509_free(x); | 715 | sk_X509_NAME_free(sk); |
| 716 | if (in != NULL) | ||
| 717 | BIO_free(in); | ||
| 718 | if (x != NULL) | ||
| 719 | X509_free(x); | ||
| 727 | if (ret != NULL) | 720 | if (ret != NULL) |
| 728 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 729 | return(ret); | 722 | return (ret); |
| 730 | } | 723 | } |
| 731 | #endif | 724 | #endif |
| 732 | 725 | ||
| 733 | /*! | 726 | /*! |
| @@ -739,57 +732,56 @@ err: | |||
| 739 | * certs may have been added to \c stack. | 732 | * certs may have been added to \c stack. |
| 740 | */ | 733 | */ |
| 741 | 734 | ||
| 742 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 735 | int |
| 743 | const char *file) | 736 | SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 744 | { | 737 | const char *file) |
| 738 | { | ||
| 745 | BIO *in; | 739 | BIO *in; |
| 746 | X509 *x=NULL; | 740 | X509 *x = NULL; |
| 747 | X509_NAME *xn=NULL; | 741 | X509_NAME *xn = NULL; |
| 748 | int ret=1; | 742 | int ret = 1; |
| 749 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); | 743 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); |
| 750 | 744 | ||
| 751 | oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); | 745 | oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); |
| 752 | 746 | ||
| 753 | in=BIO_new(BIO_s_file_internal()); | 747 | in = BIO_new(BIO_s_file_internal()); |
| 754 | 748 | ||
| 755 | if (in == NULL) | 749 | if (in == NULL) { |
| 756 | { | 750 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); |
| 757 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); | ||
| 758 | goto err; | 751 | goto err; |
| 759 | } | 752 | } |
| 760 | 753 | ||
| 761 | if (!BIO_read_filename(in,file)) | 754 | if (!BIO_read_filename(in, file)) |
| 762 | goto err; | 755 | goto err; |
| 763 | 756 | ||
| 764 | for (;;) | 757 | for (;;) { |
| 765 | { | 758 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 766 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 767 | break; | 759 | break; |
| 768 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 760 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 769 | xn=X509_NAME_dup(xn); | 761 | xn = X509_NAME_dup(xn); |
| 770 | if (xn == NULL) goto err; | 762 | if (xn == NULL) |
| 771 | if (sk_X509_NAME_find(stack,xn) >= 0) | 763 | goto err; |
| 764 | if (sk_X509_NAME_find(stack, xn) >= 0) | ||
| 772 | X509_NAME_free(xn); | 765 | X509_NAME_free(xn); |
| 773 | else | 766 | else |
| 774 | sk_X509_NAME_push(stack,xn); | 767 | sk_X509_NAME_push(stack, xn); |
| 775 | } | 768 | } |
| 776 | 769 | ||
| 777 | ERR_clear_error(); | 770 | ERR_clear_error(); |
| 778 | 771 | ||
| 779 | if (0) | 772 | if (0) { |
| 780 | { | ||
| 781 | err: | 773 | err: |
| 782 | ret=0; | 774 | ret = 0; |
| 783 | } | 775 | } |
| 784 | if(in != NULL) | 776 | if (in != NULL) |
| 785 | BIO_free(in); | 777 | BIO_free(in); |
| 786 | if(x != NULL) | 778 | if (x != NULL) |
| 787 | X509_free(x); | 779 | X509_free(x); |
| 788 | 780 | ||
| 789 | (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); | 781 | (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); |
| 790 | 782 | ||
| 791 | return ret; | 783 | return ret; |
| 792 | } | 784 | } |
| 793 | 785 | ||
| 794 | /*! | 786 | /*! |
| 795 | * Add a directory of certs to a stack. | 787 | * Add a directory of certs to a stack. |
| @@ -802,9 +794,10 @@ err: | |||
| 802 | * certs may have been added to \c stack. | 794 | * certs may have been added to \c stack. |
| 803 | */ | 795 | */ |
| 804 | 796 | ||
| 805 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 797 | int |
| 806 | const char *dir) | 798 | SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 807 | { | 799 | const char *dir) |
| 800 | { | ||
| 808 | OPENSSL_DIR_CTX *d = NULL; | 801 | OPENSSL_DIR_CTX *d = NULL; |
| 809 | const char *filename; | 802 | const char *filename; |
| 810 | int ret = 0; | 803 | int ret = 0; |
| @@ -813,36 +806,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 813 | 806 | ||
| 814 | /* Note that a side effect is that the CAs will be sorted by name */ | 807 | /* Note that a side effect is that the CAs will be sorted by name */ |
| 815 | 808 | ||
| 816 | while((filename = OPENSSL_DIR_read(&d, dir))) | 809 | while ((filename = OPENSSL_DIR_read(&d, dir))) { |
| 817 | { | ||
| 818 | char buf[1024]; | 810 | char buf[1024]; |
| 819 | int r; | 811 | int r; |
| 820 | 812 | ||
| 821 | if(strlen(dir)+strlen(filename)+2 > sizeof buf) | 813 | if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { |
| 822 | { | 814 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); |
| 823 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 824 | goto err; | 815 | goto err; |
| 825 | } | 816 | } |
| 826 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); | 817 | r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); |
| 827 | if (r <= 0 || r >= (int)sizeof(buf)) | 818 | if (r <= 0 || r >= (int)sizeof(buf)) |
| 828 | goto err; | 819 | goto err; |
| 829 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | 820 | if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) |
| 830 | goto err; | 821 | goto err; |
| 831 | } | 822 | } |
| 832 | 823 | ||
| 833 | if (errno) | 824 | if (errno) { |
| 834 | { | ||
| 835 | SYSerr(SYS_F_OPENDIR, errno); | 825 | SYSerr(SYS_F_OPENDIR, errno); |
| 836 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); | 826 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); |
| 837 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | 827 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); |
| 838 | goto err; | 828 | goto err; |
| 839 | } | 829 | } |
| 840 | 830 | ||
| 841 | ret = 1; | 831 | ret = 1; |
| 842 | 832 | ||
| 843 | err: | 833 | err: |
| 844 | if (d) OPENSSL_DIR_end(&d); | 834 | if (d) |
| 835 | OPENSSL_DIR_end(&d); | ||
| 845 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | 836 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); |
| 846 | return ret; | 837 | return ret; |
| 847 | } | 838 | } |
| 848 | 839 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 0aba8e048c..f37c70cf91 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -167,15 +167,15 @@ | |||
| 167 | #define SSL_ENC_NUM_IDX 14 | 167 | #define SSL_ENC_NUM_IDX 14 |
| 168 | 168 | ||
| 169 | 169 | ||
| 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { |
| 171 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL | 171 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
| 172 | }; | 172 | }; |
| 173 | 173 | ||
| 174 | #define SSL_COMP_NULL_IDX 0 | 174 | #define SSL_COMP_NULL_IDX 0 |
| 175 | #define SSL_COMP_ZLIB_IDX 1 | 175 | #define SSL_COMP_ZLIB_IDX 1 |
| 176 | #define SSL_COMP_NUM_IDX 2 | 176 | #define SSL_COMP_NUM_IDX 2 |
| 177 | 177 | ||
| 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; |
| 179 | 179 | ||
| 180 | #define SSL_MD_MD5_IDX 0 | 180 | #define SSL_MD_MD5_IDX 0 |
| 181 | #define SSL_MD_SHA1_IDX 1 | 181 | #define SSL_MD_SHA1_IDX 1 |
| @@ -187,27 +187,27 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | |||
| 187 | * defined in the | 187 | * defined in the |
| 188 | * ssl_locl.h */ | 188 | * ssl_locl.h */ |
| 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST |
| 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ | 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { |
| 191 | NULL,NULL,NULL,NULL,NULL,NULL | 191 | NULL, NULL, NULL, NULL, NULL, NULL |
| 192 | }; | 192 | }; |
| 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because | 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because |
| 194 | * implementation is engine-provided, we'll fill it only if | 194 | * implementation is engine-provided, we'll fill it only if |
| 195 | * corresponding EVP_PKEY_METHOD is found | 195 | * corresponding EVP_PKEY_METHOD is found |
| 196 | */ | 196 | */ |
| 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ | 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { |
| 198 | EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, | 198 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, |
| 199 | EVP_PKEY_HMAC,EVP_PKEY_HMAC | 199 | EVP_PKEY_HMAC, EVP_PKEY_HMAC |
| 200 | }; | 200 | }; |
| 201 | 201 | ||
| 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ | 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { |
| 203 | 0,0,0,0,0,0 | 203 | 0, 0, 0, 0, 0, 0 |
| 204 | }; | 204 | }; |
| 205 | 205 | ||
| 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { |
| 207 | SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, | 207 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, |
| 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, | 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, |
| 209 | SSL_HANDSHAKE_MAC_SHA384 | 209 | SSL_HANDSHAKE_MAC_SHA384 |
| 210 | }; | 210 | }; |
| 211 | 211 | ||
| 212 | #define CIPHER_ADD 1 | 212 | #define CIPHER_ADD 1 |
| 213 | #define CIPHER_KILL 2 | 213 | #define CIPHER_KILL 2 |
| @@ -215,376 +215,371 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | |||
| 215 | #define CIPHER_ORD 4 | 215 | #define CIPHER_ORD 4 |
| 216 | #define CIPHER_SPECIAL 5 | 216 | #define CIPHER_SPECIAL 5 |
| 217 | 217 | ||
| 218 | typedef struct cipher_order_st | 218 | typedef struct cipher_order_st { |
| 219 | { | ||
| 220 | const SSL_CIPHER *cipher; | 219 | const SSL_CIPHER *cipher; |
| 221 | int active; | 220 | int active; |
| 222 | int dead; | 221 | int dead; |
| 223 | struct cipher_order_st *next,*prev; | 222 | struct cipher_order_st *next, *prev; |
| 224 | } CIPHER_ORDER; | 223 | } CIPHER_ORDER; |
| 225 | 224 | ||
| 226 | static const SSL_CIPHER cipher_aliases[]={ | 225 | static const SSL_CIPHER cipher_aliases[] = { |
| 227 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ | 226 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ |
| 228 | {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, | 227 | {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 229 | /* "COMPLEMENTOFALL" */ | 228 | /* "COMPLEMENTOFALL" */ |
| 230 | {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, | 229 | {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 231 | 230 | ||
| 232 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ | 231 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ |
| 233 | {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, | 232 | {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 234 | 233 | ||
| 235 | /* key exchange aliases | 234 | /* key exchange aliases |
| 236 | * (some of those using only a single bit here combine | 235 | * (some of those using only a single bit here combine |
| 237 | * multiple key exchange algs according to the RFCs, | 236 | * multiple key exchange algs according to the RFCs, |
| 238 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ | 237 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ |
| 239 | {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, | 238 | {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 240 | 239 | ||
| 241 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 240 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 242 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 241 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 243 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 242 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 244 | {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, | 243 | {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 245 | {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, | 244 | {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 246 | 245 | ||
| 247 | {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, | 246 | {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 248 | 247 | ||
| 249 | {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, | 248 | {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 250 | {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, | 249 | {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 251 | {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, | 250 | {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 252 | {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, | 251 | {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 253 | {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, | 252 | {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 254 | 253 | ||
| 255 | {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, | 254 | {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 256 | {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, | 255 | {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 257 | {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, | 256 | {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 258 | 257 | ||
| 259 | /* server authentication aliases */ | 258 | /* server authentication aliases */ |
| 260 | {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, | 259 | {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 261 | {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 260 | {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 262 | {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 261 | {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 263 | {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, | 262 | {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 264 | {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, | 263 | {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 265 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 264 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 266 | {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, | 265 | {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, |
| 267 | {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, | 266 | {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 268 | {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, | 267 | {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 269 | {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, | 268 | {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 270 | {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, | 269 | {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, |
| 271 | {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, | 270 | {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 272 | {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, | 271 | {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 273 | 272 | ||
| 274 | /* aliases combining key exchange and server authentication */ | 273 | /* aliases combining key exchange and server authentication */ |
| 275 | {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 274 | {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 276 | {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 275 | {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 277 | {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 276 | {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 278 | {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, | 277 | {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 279 | {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, | 278 | {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 280 | {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, | 279 | {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 281 | {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, | 280 | {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 282 | {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, | 281 | {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 283 | {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, | 282 | {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 284 | 283 | ||
| 285 | 284 | ||
| 286 | /* symmetric encryption aliases */ | 285 | /* symmetric encryption aliases */ |
| 287 | {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, | 286 | {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, |
| 288 | {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, | 287 | {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, |
| 289 | {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, | 288 | {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, |
| 290 | {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, | 289 | {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, |
| 291 | {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, | 290 | {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, |
| 292 | {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, | 291 | {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, |
| 293 | {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 292 | {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 294 | {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, | 293 | {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, |
| 295 | {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, | 294 | {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 296 | {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, | 295 | {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, |
| 297 | {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, | 296 | {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 298 | {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, | 297 | {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, |
| 299 | {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, | 298 | {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 300 | {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, | 299 | {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 301 | 300 | ||
| 302 | /* MAC aliases */ | 301 | /* MAC aliases */ |
| 303 | {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, | 302 | {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, |
| 304 | {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 303 | {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 305 | {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 304 | {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 306 | {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, | 305 | {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, |
| 307 | {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, | 306 | {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, |
| 308 | {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, | 307 | {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, |
| 309 | {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, | 308 | {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, |
| 310 | 309 | ||
| 311 | /* protocol version aliases */ | 310 | /* protocol version aliases */ |
| 312 | {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, | 311 | {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, |
| 313 | {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, | 312 | {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, |
| 314 | {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, | 313 | {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, |
| 315 | {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, | 314 | {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, |
| 316 | 315 | ||
| 317 | /* export flag */ | 316 | /* export flag */ |
| 318 | {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 317 | {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 319 | {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 318 | {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 320 | 319 | ||
| 321 | /* strength classes */ | 320 | /* strength classes */ |
| 322 | {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, | 321 | {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, |
| 323 | {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, | 322 | {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, |
| 324 | {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, | 323 | {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, |
| 325 | {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, | 324 | {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, |
| 326 | {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, | 325 | {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, |
| 327 | /* FIPS 140-2 approved ciphersuite */ | 326 | /* FIPS 140-2 approved ciphersuite */ |
| 328 | {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, | 327 | {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, |
| 329 | }; | 328 | }; |
| 330 | /* Search for public key algorithm with given name and | 329 | /* Search for public key algorithm with given name and |
| 331 | * return its pkey_id if it is available. Otherwise return 0 | 330 | * return its pkey_id if it is available. Otherwise return 0 |
| 332 | */ | 331 | */ |
| 333 | #ifdef OPENSSL_NO_ENGINE | 332 | #ifdef OPENSSL_NO_ENGINE |
| 334 | 333 | ||
| 335 | static int get_optional_pkey_id(const char *pkey_name) | 334 | static int |
| 336 | { | 335 | get_optional_pkey_id(const char *pkey_name) |
| 336 | { | ||
| 337 | const EVP_PKEY_ASN1_METHOD *ameth; | 337 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 338 | int pkey_id=0; | 338 | int pkey_id = 0; |
| 339 | ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); | 339 | ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); |
| 340 | if (ameth) | 340 | if (ameth) { |
| 341 | { | 341 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 342 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 343 | } | ||
| 344 | return pkey_id; | ||
| 345 | } | 342 | } |
| 343 | return pkey_id; | ||
| 344 | } | ||
| 346 | 345 | ||
| 347 | #else | 346 | #else |
| 348 | 347 | ||
| 349 | static int get_optional_pkey_id(const char *pkey_name) | 348 | static int |
| 350 | { | 349 | get_optional_pkey_id(const char *pkey_name) |
| 350 | { | ||
| 351 | const EVP_PKEY_ASN1_METHOD *ameth; | 351 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 352 | ENGINE *tmpeng = NULL; | 352 | ENGINE *tmpeng = NULL; |
| 353 | int pkey_id=0; | 353 | int pkey_id = 0; |
| 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); | 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); |
| 355 | if (ameth) | 355 | if (ameth) { |
| 356 | { | 356 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 357 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 358 | } | ||
| 359 | if (tmpeng) ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | 357 | } |
| 358 | if (tmpeng) | ||
| 359 | ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | ||
| 362 | 362 | ||
| 363 | #endif | 363 | #endif |
| 364 | 364 | ||
| 365 | void ssl_load_ciphers(void) | 365 | void |
| 366 | { | 366 | ssl_load_ciphers(void) |
| 367 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 367 | { |
| 368 | EVP_get_cipherbyname(SN_des_cbc); | 368 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| 369 | EVP_get_cipherbyname(SN_des_cbc); | ||
| 369 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= | 370 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= |
| 370 | EVP_get_cipherbyname(SN_des_ede3_cbc); | 371 | EVP_get_cipherbyname(SN_des_ede3_cbc); |
| 371 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= | 372 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= |
| 372 | EVP_get_cipherbyname(SN_rc4); | 373 | EVP_get_cipherbyname(SN_rc4); |
| 373 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 374 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 374 | EVP_get_cipherbyname(SN_rc2_cbc); | 375 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 375 | #ifndef OPENSSL_NO_IDEA | 376 | #ifndef OPENSSL_NO_IDEA |
| 376 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 377 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 377 | EVP_get_cipherbyname(SN_idea_cbc); | 378 | EVP_get_cipherbyname(SN_idea_cbc); |
| 378 | #else | 379 | #else |
| 379 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | 380 | ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; |
| 380 | #endif | 381 | #endif |
| 381 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 382 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 382 | EVP_get_cipherbyname(SN_aes_128_cbc); | 383 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 383 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 384 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| 384 | EVP_get_cipherbyname(SN_aes_256_cbc); | 385 | EVP_get_cipherbyname(SN_aes_256_cbc); |
| 385 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= | 386 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= |
| 386 | EVP_get_cipherbyname(SN_camellia_128_cbc); | 387 | EVP_get_cipherbyname(SN_camellia_128_cbc); |
| 387 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | 388 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= |
| 388 | EVP_get_cipherbyname(SN_camellia_256_cbc); | 389 | EVP_get_cipherbyname(SN_camellia_256_cbc); |
| 389 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= | 390 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= |
| 390 | EVP_get_cipherbyname(SN_gost89_cnt); | 391 | EVP_get_cipherbyname(SN_gost89_cnt); |
| 391 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= | 392 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= |
| 392 | EVP_get_cipherbyname(SN_seed_cbc); | 393 | EVP_get_cipherbyname(SN_seed_cbc); |
| 393 | 394 | ||
| 394 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= | 395 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= |
| 395 | EVP_get_cipherbyname(SN_aes_128_gcm); | 396 | EVP_get_cipherbyname(SN_aes_128_gcm); |
| 396 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= | 397 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= |
| 397 | EVP_get_cipherbyname(SN_aes_256_gcm); | 398 | EVP_get_cipherbyname(SN_aes_256_gcm); |
| 398 | 399 | ||
| 399 | ssl_digest_methods[SSL_MD_MD5_IDX]= | 400 | ssl_digest_methods[SSL_MD_MD5_IDX]= |
| 400 | EVP_get_digestbyname(SN_md5); | 401 | EVP_get_digestbyname(SN_md5); |
| 401 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= | 402 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= |
| 402 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); | 403 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); |
| 403 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); | 404 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); |
| 404 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | 405 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
| 405 | EVP_get_digestbyname(SN_sha1); | 406 | EVP_get_digestbyname(SN_sha1); |
| 406 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= | 407 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= |
| 407 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); | 408 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); |
| 408 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); | 409 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); |
| 409 | ssl_digest_methods[SSL_MD_GOST94_IDX]= | 410 | ssl_digest_methods[SSL_MD_GOST94_IDX]= |
| 410 | EVP_get_digestbyname(SN_id_GostR3411_94); | 411 | EVP_get_digestbyname(SN_id_GostR3411_94); |
| 411 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) | 412 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { |
| 412 | { | ||
| 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= | 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= |
| 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); | 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); |
| 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); | 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); |
| 416 | } | 416 | } |
| 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= | 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= |
| 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); |
| 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); | 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); |
| 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { |
| 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; | 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; |
| 422 | } | 422 | } |
| 423 | 423 | ||
| 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= | 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= |
| 425 | EVP_get_digestbyname(SN_sha256); | 425 | EVP_get_digestbyname(SN_sha256); |
| 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= | 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= |
| 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); | 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); |
| 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= | 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= |
| 429 | EVP_get_digestbyname(SN_sha384); | 429 | EVP_get_digestbyname(SN_sha384); |
| 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= |
| 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); |
| 432 | } | 432 | } |
| 433 | #ifndef OPENSSL_NO_COMP | 433 | #ifndef OPENSSL_NO_COMP |
| 434 | 434 | ||
| 435 | static int sk_comp_cmp(const SSL_COMP * const *a, | 435 | static int |
| 436 | const SSL_COMP * const *b) | 436 | sk_comp_cmp(const SSL_COMP * const *a, |
| 437 | { | 437 | const SSL_COMP * const *b) |
| 438 | return((*a)->id-(*b)->id); | 438 | { |
| 439 | } | 439 | return ((*a)->id - (*b)->id); |
| 440 | } | ||
| 440 | 441 | ||
| 441 | static void load_builtin_compressions(void) | 442 | static void |
| 442 | { | 443 | load_builtin_compressions(void) |
| 444 | { | ||
| 443 | int got_write_lock = 0; | 445 | int got_write_lock = 0; |
| 444 | 446 | ||
| 445 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | 447 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); |
| 446 | if (ssl_comp_methods == NULL) | 448 | if (ssl_comp_methods == NULL) { |
| 447 | { | ||
| 448 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 449 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 449 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 450 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 450 | got_write_lock = 1; | 451 | got_write_lock = 1; |
| 451 | 452 | ||
| 452 | if (ssl_comp_methods == NULL) | 453 | if (ssl_comp_methods == NULL) { |
| 453 | { | ||
| 454 | SSL_COMP *comp = NULL; | 454 | SSL_COMP *comp = NULL; |
| 455 | 455 | ||
| 456 | MemCheck_off(); | 456 | MemCheck_off(); |
| 457 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | 457 | ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); |
| 458 | if (ssl_comp_methods != NULL) | 458 | if (ssl_comp_methods != NULL) { |
| 459 | { | 459 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 460 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 460 | if (comp != NULL) { |
| 461 | if (comp != NULL) | 461 | comp->method = COMP_zlib(); |
| 462 | { | ||
| 463 | comp->method=COMP_zlib(); | ||
| 464 | if (comp->method | 462 | if (comp->method |
| 465 | && comp->method->type == NID_undef) | 463 | && comp->method->type == NID_undef) |
| 466 | OPENSSL_free(comp); | 464 | OPENSSL_free(comp); |
| 467 | else | 465 | else { |
| 468 | { | 466 | comp->id = SSL_COMP_ZLIB_IDX; |
| 469 | comp->id=SSL_COMP_ZLIB_IDX; | 467 | comp->name = comp->method->name; |
| 470 | comp->name=comp->method->name; | 468 | sk_SSL_COMP_push(ssl_comp_methods, comp); |
| 471 | sk_SSL_COMP_push(ssl_comp_methods,comp); | ||
| 472 | } | ||
| 473 | } | 469 | } |
| 474 | sk_SSL_COMP_sort(ssl_comp_methods); | ||
| 475 | } | 470 | } |
| 476 | MemCheck_on(); | 471 | sk_SSL_COMP_sort(ssl_comp_methods); |
| 477 | } | 472 | } |
| 473 | MemCheck_on(); | ||
| 478 | } | 474 | } |
| 479 | 475 | } | |
| 476 | |||
| 480 | if (got_write_lock) | 477 | if (got_write_lock) |
| 481 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 478 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 482 | else | 479 | else |
| 483 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 480 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 484 | } | 481 | } |
| 485 | #endif | 482 | #endif |
| 486 | 483 | ||
| 487 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 484 | int |
| 488 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) | 485 | ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 489 | { | 486 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp) |
| 487 | { | ||
| 490 | int i; | 488 | int i; |
| 491 | const SSL_CIPHER *c; | 489 | const SSL_CIPHER *c; |
| 492 | 490 | ||
| 493 | c=s->cipher; | 491 | c = s->cipher; |
| 494 | if (c == NULL) return(0); | 492 | if (c == NULL) |
| 495 | if (comp != NULL) | 493 | return (0); |
| 496 | { | 494 | if (comp != NULL) { |
| 497 | SSL_COMP ctmp; | 495 | SSL_COMP ctmp; |
| 498 | #ifndef OPENSSL_NO_COMP | 496 | #ifndef OPENSSL_NO_COMP |
| 499 | load_builtin_compressions(); | 497 | load_builtin_compressions(); |
| 500 | #endif | 498 | #endif |
| 501 | 499 | ||
| 502 | *comp=NULL; | 500 | *comp = NULL; |
| 503 | ctmp.id=s->compress_meth; | 501 | ctmp.id = s->compress_meth; |
| 504 | if (ssl_comp_methods != NULL) | 502 | if (ssl_comp_methods != NULL) { |
| 505 | { | 503 | i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); |
| 506 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | ||
| 507 | if (i >= 0) | 504 | if (i >= 0) |
| 508 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | 505 | *comp = sk_SSL_COMP_value(ssl_comp_methods, i); |
| 509 | else | 506 | else |
| 510 | *comp=NULL; | 507 | *comp = NULL; |
| 511 | } | ||
| 512 | } | 508 | } |
| 509 | } | ||
| 513 | 510 | ||
| 514 | if ((enc == NULL) || (md == NULL)) return(0); | 511 | if ((enc == NULL) |
| 512 | || (md == NULL)) return (0); | ||
| 515 | 513 | ||
| 516 | switch (c->algorithm_enc) | 514 | switch (c->algorithm_enc) { |
| 517 | { | ||
| 518 | case SSL_DES: | 515 | case SSL_DES: |
| 519 | i=SSL_ENC_DES_IDX; | 516 | i = SSL_ENC_DES_IDX; |
| 520 | break; | 517 | break; |
| 521 | case SSL_3DES: | 518 | case SSL_3DES: |
| 522 | i=SSL_ENC_3DES_IDX; | 519 | i = SSL_ENC_3DES_IDX; |
| 523 | break; | 520 | break; |
| 524 | case SSL_RC4: | 521 | case SSL_RC4: |
| 525 | i=SSL_ENC_RC4_IDX; | 522 | i = SSL_ENC_RC4_IDX; |
| 526 | break; | 523 | break; |
| 527 | case SSL_RC2: | 524 | case SSL_RC2: |
| 528 | i=SSL_ENC_RC2_IDX; | 525 | i = SSL_ENC_RC2_IDX; |
| 529 | break; | 526 | break; |
| 530 | case SSL_IDEA: | 527 | case SSL_IDEA: |
| 531 | i=SSL_ENC_IDEA_IDX; | 528 | i = SSL_ENC_IDEA_IDX; |
| 532 | break; | 529 | break; |
| 533 | case SSL_eNULL: | 530 | case SSL_eNULL: |
| 534 | i=SSL_ENC_NULL_IDX; | 531 | i = SSL_ENC_NULL_IDX; |
| 535 | break; | 532 | break; |
| 536 | case SSL_AES128: | 533 | case SSL_AES128: |
| 537 | i=SSL_ENC_AES128_IDX; | 534 | i = SSL_ENC_AES128_IDX; |
| 538 | break; | 535 | break; |
| 539 | case SSL_AES256: | 536 | case SSL_AES256: |
| 540 | i=SSL_ENC_AES256_IDX; | 537 | i = SSL_ENC_AES256_IDX; |
| 541 | break; | 538 | break; |
| 542 | case SSL_CAMELLIA128: | 539 | case SSL_CAMELLIA128: |
| 543 | i=SSL_ENC_CAMELLIA128_IDX; | 540 | i = SSL_ENC_CAMELLIA128_IDX; |
| 544 | break; | 541 | break; |
| 545 | case SSL_CAMELLIA256: | 542 | case SSL_CAMELLIA256: |
| 546 | i=SSL_ENC_CAMELLIA256_IDX; | 543 | i = SSL_ENC_CAMELLIA256_IDX; |
| 547 | break; | 544 | break; |
| 548 | case SSL_eGOST2814789CNT: | 545 | case SSL_eGOST2814789CNT: |
| 549 | i=SSL_ENC_GOST89_IDX; | 546 | i = SSL_ENC_GOST89_IDX; |
| 550 | break; | 547 | break; |
| 551 | case SSL_SEED: | 548 | case SSL_SEED: |
| 552 | i=SSL_ENC_SEED_IDX; | 549 | i = SSL_ENC_SEED_IDX; |
| 553 | break; | 550 | break; |
| 554 | case SSL_AES128GCM: | 551 | case SSL_AES128GCM: |
| 555 | i=SSL_ENC_AES128GCM_IDX; | 552 | i = SSL_ENC_AES128GCM_IDX; |
| 556 | break; | 553 | break; |
| 557 | case SSL_AES256GCM: | 554 | case SSL_AES256GCM: |
| 558 | i=SSL_ENC_AES256GCM_IDX; | 555 | i = SSL_ENC_AES256GCM_IDX; |
| 559 | break; | 556 | break; |
| 560 | default: | 557 | default: |
| 561 | i= -1; | 558 | i = -1; |
| 562 | break; | 559 | break; |
| 563 | } | 560 | } |
| 564 | 561 | ||
| 565 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) | 562 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) |
| 566 | *enc=NULL; | 563 | *enc = NULL; |
| 567 | else | 564 | else { |
| 568 | { | ||
| 569 | if (i == SSL_ENC_NULL_IDX) | 565 | if (i == SSL_ENC_NULL_IDX) |
| 570 | *enc=EVP_enc_null(); | 566 | *enc = EVP_enc_null(); |
| 571 | else | 567 | else |
| 572 | *enc=ssl_cipher_methods[i]; | 568 | *enc = ssl_cipher_methods[i]; |
| 573 | } | 569 | } |
| 574 | 570 | ||
| 575 | switch (c->algorithm_mac) | 571 | switch (c->algorithm_mac) { |
| 576 | { | ||
| 577 | case SSL_MD5: | 572 | case SSL_MD5: |
| 578 | i=SSL_MD_MD5_IDX; | 573 | i = SSL_MD_MD5_IDX; |
| 579 | break; | 574 | break; |
| 580 | case SSL_SHA1: | 575 | case SSL_SHA1: |
| 581 | i=SSL_MD_SHA1_IDX; | 576 | i = SSL_MD_SHA1_IDX; |
| 582 | break; | 577 | break; |
| 583 | case SSL_SHA256: | 578 | case SSL_SHA256: |
| 584 | i=SSL_MD_SHA256_IDX; | 579 | i = SSL_MD_SHA256_IDX; |
| 585 | break; | 580 | break; |
| 586 | case SSL_SHA384: | 581 | case SSL_SHA384: |
| 587 | i=SSL_MD_SHA384_IDX; | 582 | i = SSL_MD_SHA384_IDX; |
| 588 | break; | 583 | break; |
| 589 | case SSL_GOST94: | 584 | case SSL_GOST94: |
| 590 | i = SSL_MD_GOST94_IDX; | 585 | i = SSL_MD_GOST94_IDX; |
| @@ -593,63 +588,63 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 593 | i = SSL_MD_GOST89MAC_IDX; | 588 | i = SSL_MD_GOST89MAC_IDX; |
| 594 | break; | 589 | break; |
| 595 | default: | 590 | default: |
| 596 | i= -1; | 591 | i = -1; |
| 597 | break; | 592 | break; |
| 598 | } | 593 | } |
| 599 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) | 594 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) { |
| 600 | { | 595 | *md = NULL; |
| 601 | *md=NULL; | 596 | |
| 602 | if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; | 597 | if (mac_pkey_type != NULL) |
| 603 | if (mac_secret_size!=NULL) *mac_secret_size = 0; | 598 | *mac_pkey_type = NID_undef; |
| 599 | if (mac_secret_size != NULL) | ||
| 600 | *mac_secret_size = 0; | ||
| 604 | if (c->algorithm_mac == SSL_AEAD) | 601 | if (c->algorithm_mac == SSL_AEAD) |
| 605 | mac_pkey_type = NULL; | 602 | mac_pkey_type = NULL; |
| 606 | } | 603 | } else { |
| 607 | else | 604 | *md = ssl_digest_methods[i]; |
| 608 | { | 605 | if (mac_pkey_type != NULL) |
| 609 | *md=ssl_digest_methods[i]; | 606 | *mac_pkey_type = ssl_mac_pkey_id[i]; |
| 610 | if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; | 607 | if (mac_secret_size != NULL) |
| 611 | if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; | 608 | *mac_secret_size = ssl_mac_secret_size[i]; |
| 612 | } | 609 | } |
| 613 | 610 | ||
| 614 | if ((*enc != NULL) && | 611 | if ((*enc != NULL) && |
| 615 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && | 612 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && |
| 616 | (!mac_pkey_type||*mac_pkey_type != NID_undef)) | 613 | (!mac_pkey_type || *mac_pkey_type != NID_undef)) { |
| 617 | { | ||
| 618 | const EVP_CIPHER *evp; | 614 | const EVP_CIPHER *evp; |
| 619 | 615 | ||
| 620 | if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || | 616 | if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || |
| 621 | s->ssl_version < TLS1_VERSION) | 617 | s->ssl_version < TLS1_VERSION) |
| 622 | return 1; | 618 | return 1; |
| 623 | 619 | ||
| 624 | #ifdef OPENSSL_FIPS | 620 | #ifdef OPENSSL_FIPS |
| 625 | if (FIPS_mode()) | 621 | if (FIPS_mode()) |
| 626 | return 1; | 622 | return 1; |
| 627 | #endif | 623 | #endif |
| 628 | 624 | ||
| 629 | if (c->algorithm_enc == SSL_RC4 && | 625 | if (c->algorithm_enc == SSL_RC4 && |
| 630 | c->algorithm_mac == SSL_MD5 && | 626 | c->algorithm_mac == SSL_MD5 && |
| 631 | (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) | 627 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) |
| 632 | *enc = evp, *md = NULL; | 628 | *enc = evp, *md = NULL; |
| 633 | else if (c->algorithm_enc == SSL_AES128 && | 629 | else if (c->algorithm_enc == SSL_AES128 && |
| 634 | c->algorithm_mac == SSL_SHA1 && | 630 | c->algorithm_mac == SSL_SHA1 && |
| 635 | (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | 631 | (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) |
| 636 | *enc = evp, *md = NULL; | 632 | *enc = evp, *md = NULL; |
| 637 | else if (c->algorithm_enc == SSL_AES256 && | 633 | else if (c->algorithm_enc == SSL_AES256 && |
| 638 | c->algorithm_mac == SSL_SHA1 && | 634 | c->algorithm_mac == SSL_SHA1 && |
| 639 | (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | 635 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) |
| 640 | *enc = evp, *md = NULL; | 636 | *enc = evp, *md = NULL; |
| 641 | return(1); | 637 | return (1); |
| 642 | } | 638 | } else |
| 643 | else | 639 | return (0); |
| 644 | return(0); | 640 | } |
| 645 | } | ||
| 646 | 641 | ||
| 647 | int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | 642 | int |
| 643 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | ||
| 648 | { | 644 | { |
| 649 | if (idx <0||idx>=SSL_MD_NUM_IDX) | 645 | if (idx < 0 || idx >= SSL_MD_NUM_IDX) { |
| 650 | { | ||
| 651 | return 0; | 646 | return 0; |
| 652 | } | 647 | } |
| 653 | *mask = ssl_handshake_digest_flag[idx]; | 648 | *mask = ssl_handshake_digest_flag[idx]; |
| 654 | if (*mask) | 649 | if (*mask) |
| 655 | *md = ssl_digest_methods[idx]; | 650 | *md = ssl_digest_methods[idx]; |
| @@ -661,40 +656,45 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | |||
| 661 | #define ITEM_SEP(a) \ | 656 | #define ITEM_SEP(a) \ |
| 662 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | 657 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) |
| 663 | 658 | ||
| 664 | static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 659 | static void |
| 665 | CIPHER_ORDER **tail) | 660 | ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 666 | { | 661 | CIPHER_ORDER **tail) |
| 667 | if (curr == *tail) return; | 662 | { |
| 663 | if (curr == *tail) | ||
| 664 | return; | ||
| 668 | if (curr == *head) | 665 | if (curr == *head) |
| 669 | *head=curr->next; | 666 | *head = curr->next; |
| 670 | if (curr->prev != NULL) | 667 | if (curr->prev != NULL) |
| 671 | curr->prev->next=curr->next; | 668 | curr->prev->next = curr->next; |
| 672 | if (curr->next != NULL) | 669 | if (curr->next != NULL) |
| 673 | curr->next->prev=curr->prev; | 670 | curr->next->prev = curr->prev; |
| 674 | (*tail)->next=curr; | 671 | (*tail)->next = curr; |
| 675 | curr->prev= *tail; | 672 | curr->prev= *tail; |
| 676 | curr->next=NULL; | 673 | curr->next = NULL; |
| 677 | *tail=curr; | 674 | *tail = curr; |
| 678 | } | 675 | } |
| 679 | 676 | ||
| 680 | static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 677 | static void |
| 681 | CIPHER_ORDER **tail) | 678 | ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 682 | { | 679 | CIPHER_ORDER **tail) |
| 683 | if (curr == *head) return; | 680 | { |
| 681 | if (curr == *head) | ||
| 682 | return; | ||
| 684 | if (curr == *tail) | 683 | if (curr == *tail) |
| 685 | *tail=curr->prev; | 684 | *tail = curr->prev; |
| 686 | if (curr->next != NULL) | 685 | if (curr->next != NULL) |
| 687 | curr->next->prev=curr->prev; | 686 | curr->next->prev = curr->prev; |
| 688 | if (curr->prev != NULL) | 687 | if (curr->prev != NULL) |
| 689 | curr->prev->next=curr->next; | 688 | curr->prev->next = curr->next; |
| 690 | (*head)->prev=curr; | 689 | (*head)->prev = curr; |
| 691 | curr->next= *head; | 690 | curr->next= *head; |
| 692 | curr->prev=NULL; | 691 | curr->prev = NULL; |
| 693 | *head=curr; | 692 | *head = curr; |
| 694 | } | 693 | } |
| 695 | 694 | ||
| 696 | static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) | 695 | static void |
| 697 | { | 696 | ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) |
| 697 | { | ||
| 698 | *mkey = 0; | 698 | *mkey = 0; |
| 699 | *auth = 0; | 699 | *auth = 0; |
| 700 | *enc = 0; | 700 | *enc = 0; |
| @@ -743,44 +743,45 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un | |||
| 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ | 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ |
| 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { | 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { |
| 745 | *mkey |= SSL_kGOST; | 745 | *mkey |= SSL_kGOST; |
| 746 | } | 746 | } |
| 747 | #ifdef SSL_FORBID_ENULL | 747 | #ifdef SSL_FORBID_ENULL |
| 748 | *enc |= SSL_eNULL; | 748 | *enc |= SSL_eNULL; |
| 749 | #endif | 749 | #endif |
| 750 | |||
| 751 | |||
| 752 | |||
| 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; | ||
| 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; | ||
| 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; | ||
| 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | ||
| 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | ||
| 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; | ||
| 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; | ||
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; | ||
| 773 | 750 | ||
| 774 | } | ||
| 775 | 751 | ||
| 776 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | 752 | |
| 777 | int num_of_ciphers, | 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; |
| 778 | unsigned long disabled_mkey, unsigned long disabled_auth, | 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; |
| 779 | unsigned long disabled_enc, unsigned long disabled_mac, | 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; |
| 780 | unsigned long disabled_ssl, | 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0; |
| 781 | CIPHER_ORDER *co_list, | 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; |
| 782 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; |
| 783 | { | 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; |
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; | ||
| 773 | |||
| 774 | } | ||
| 775 | |||
| 776 | static void | ||
| 777 | ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | ||
| 778 | int num_of_ciphers, | ||
| 779 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
| 780 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
| 781 | unsigned long disabled_ssl, | ||
| 782 | CIPHER_ORDER *co_list, | ||
| 783 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 784 | { | ||
| 784 | int i, co_list_num; | 785 | int i, co_list_num; |
| 785 | const SSL_CIPHER *c; | 786 | const SSL_CIPHER *c; |
| 786 | 787 | ||
| @@ -793,68 +794,64 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 793 | 794 | ||
| 794 | /* Get the initial list of ciphers */ | 795 | /* Get the initial list of ciphers */ |
| 795 | co_list_num = 0; /* actual count of ciphers */ | 796 | co_list_num = 0; /* actual count of ciphers */ |
| 796 | for (i = 0; i < num_of_ciphers; i++) | 797 | for (i = 0; i < num_of_ciphers; i++) { |
| 797 | { | ||
| 798 | c = ssl_method->get_cipher(i); | 798 | c = ssl_method->get_cipher(i); |
| 799 | /* drop those that use any of that is not available */ | 799 | /* drop those that use any of that is not available */ |
| 800 | if ((c != NULL) && c->valid && | 800 | if ((c != NULL) && c->valid && |
| 801 | #ifdef OPENSSL_FIPS | 801 | #ifdef OPENSSL_FIPS |
| 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && | 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && |
| 803 | #endif | 803 | #endif |
| 804 | !(c->algorithm_mkey & disabled_mkey) && | 804 | !(c->algorithm_mkey & disabled_mkey) && |
| 805 | !(c->algorithm_auth & disabled_auth) && | 805 | !(c->algorithm_auth & disabled_auth) && |
| 806 | !(c->algorithm_enc & disabled_enc) && | 806 | !(c->algorithm_enc & disabled_enc) && |
| 807 | !(c->algorithm_mac & disabled_mac) && | 807 | !(c->algorithm_mac & disabled_mac) && |
| 808 | !(c->algorithm_ssl & disabled_ssl)) | 808 | !(c->algorithm_ssl & disabled_ssl)) { |
| 809 | { | ||
| 810 | co_list[co_list_num].cipher = c; | 809 | co_list[co_list_num].cipher = c; |
| 811 | co_list[co_list_num].next = NULL; | 810 | co_list[co_list_num].next = NULL; |
| 812 | co_list[co_list_num].prev = NULL; | 811 | co_list[co_list_num].prev = NULL; |
| 813 | co_list[co_list_num].active = 0; | 812 | co_list[co_list_num].active = 0; |
| 814 | co_list_num++; | 813 | co_list_num++; |
| 815 | #ifdef KSSL_DEBUG | 814 | #ifdef KSSL_DEBUG |
| 816 | printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); | 815 | printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth); |
| 817 | #endif /* KSSL_DEBUG */ | 816 | #endif /* KSSL_DEBUG */ |
| 818 | /* | 817 | /* |
| 819 | if (!sk_push(ca_list,(char *)c)) goto err; | 818 | if (!sk_push(ca_list,(char *)c)) goto err; |
| 820 | */ | 819 | */ |
| 821 | } | ||
| 822 | } | 820 | } |
| 821 | } | ||
| 823 | 822 | ||
| 824 | /* | 823 | /* |
| 825 | * Prepare linked list from list entries | 824 | * Prepare linked list from list entries |
| 826 | */ | 825 | */ |
| 827 | if (co_list_num > 0) | 826 | if (co_list_num > 0) { |
| 828 | { | ||
| 829 | co_list[0].prev = NULL; | 827 | co_list[0].prev = NULL; |
| 830 | 828 | ||
| 831 | if (co_list_num > 1) | 829 | if (co_list_num > 1) { |
| 832 | { | ||
| 833 | co_list[0].next = &co_list[1]; | 830 | co_list[0].next = &co_list[1]; |
| 834 | 831 | ||
| 835 | for (i = 1; i < co_list_num - 1; i++) | 832 | for (i = 1; i < co_list_num - 1; i++) { |
| 836 | { | ||
| 837 | co_list[i].prev = &co_list[i - 1]; | 833 | co_list[i].prev = &co_list[i - 1]; |
| 838 | co_list[i].next = &co_list[i + 1]; | 834 | co_list[i].next = &co_list[i + 1]; |
| 839 | } | 835 | } |
| 840 | 836 | ||
| 841 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; | 837 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; |
| 842 | } | 838 | } |
| 843 | 839 | ||
| 844 | co_list[co_list_num - 1].next = NULL; | 840 | co_list[co_list_num - 1].next = NULL; |
| 845 | 841 | ||
| 846 | *head_p = &co_list[0]; | 842 | *head_p = &co_list[0]; |
| 847 | *tail_p = &co_list[co_list_num - 1]; | 843 | *tail_p = &co_list[co_list_num - 1]; |
| 848 | } | ||
| 849 | } | 844 | } |
| 845 | } | ||
| 850 | 846 | ||
| 851 | static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | 847 | static void |
| 852 | int num_of_group_aliases, | 848 | ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, |
| 853 | unsigned long disabled_mkey, unsigned long disabled_auth, | 849 | int num_of_group_aliases, |
| 854 | unsigned long disabled_enc, unsigned long disabled_mac, | 850 | unsigned long disabled_mkey, unsigned long disabled_auth, |
| 855 | unsigned long disabled_ssl, | 851 | unsigned long disabled_enc, unsigned long disabled_mac, |
| 856 | CIPHER_ORDER *head) | 852 | unsigned long disabled_ssl, |
| 857 | { | 853 | CIPHER_ORDER *head) |
| 854 | { | ||
| 858 | CIPHER_ORDER *ciph_curr; | 855 | CIPHER_ORDER *ciph_curr; |
| 859 | const SSL_CIPHER **ca_curr; | 856 | const SSL_CIPHER **ca_curr; |
| 860 | int i; | 857 | int i; |
| @@ -869,12 +866,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 869 | */ | 866 | */ |
| 870 | ciph_curr = head; | 867 | ciph_curr = head; |
| 871 | ca_curr = ca_list; | 868 | ca_curr = ca_list; |
| 872 | while (ciph_curr != NULL) | 869 | while (ciph_curr != NULL) { |
| 873 | { | ||
| 874 | *ca_curr = ciph_curr->cipher; | 870 | *ca_curr = ciph_curr->cipher; |
| 875 | ca_curr++; | 871 | ca_curr++; |
| 876 | ciph_curr = ciph_curr->next; | 872 | ciph_curr = ciph_curr->next; |
| 877 | } | 873 | } |
| 878 | 874 | ||
| 879 | /* | 875 | /* |
| 880 | * Now we add the available ones from the cipher_aliases[] table. | 876 | * Now we add the available ones from the cipher_aliases[] table. |
| @@ -882,8 +878,7 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 882 | * in any affected category must be supported (set in enabled_mask), | 878 | * in any affected category must be supported (set in enabled_mask), |
| 883 | * or represent a cipher strength value (will be added in any case because algorithms=0). | 879 | * or represent a cipher strength value (will be added in any case because algorithms=0). |
| 884 | */ | 880 | */ |
| 885 | for (i = 0; i < num_of_group_aliases; i++) | 881 | for (i = 0; i < num_of_group_aliases; i++) { |
| 886 | { | ||
| 887 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; | 882 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; |
| 888 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; | 883 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; |
| 889 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; | 884 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; |
| @@ -893,45 +888,46 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 893 | if (algorithm_mkey) | 888 | if (algorithm_mkey) |
| 894 | if ((algorithm_mkey & mask_mkey) == 0) | 889 | if ((algorithm_mkey & mask_mkey) == 0) |
| 895 | continue; | 890 | continue; |
| 896 | 891 | ||
| 897 | if (algorithm_auth) | 892 | if (algorithm_auth) |
| 898 | if ((algorithm_auth & mask_auth) == 0) | 893 | if ((algorithm_auth & mask_auth) == 0) |
| 899 | continue; | 894 | continue; |
| 900 | 895 | ||
| 901 | if (algorithm_enc) | 896 | if (algorithm_enc) |
| 902 | if ((algorithm_enc & mask_enc) == 0) | 897 | if ((algorithm_enc & mask_enc) == 0) |
| 903 | continue; | 898 | continue; |
| 904 | 899 | ||
| 905 | if (algorithm_mac) | 900 | if (algorithm_mac) |
| 906 | if ((algorithm_mac & mask_mac) == 0) | 901 | if ((algorithm_mac & mask_mac) == 0) |
| 907 | continue; | 902 | continue; |
| 908 | 903 | ||
| 909 | if (algorithm_ssl) | 904 | if (algorithm_ssl) |
| 910 | if ((algorithm_ssl & mask_ssl) == 0) | 905 | if ((algorithm_ssl & mask_ssl) == 0) |
| 911 | continue; | 906 | continue; |
| 912 | 907 | ||
| 913 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | 908 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); |
| 914 | ca_curr++; | 909 | ca_curr++; |
| 915 | } | 910 | } |
| 916 | 911 | ||
| 917 | *ca_curr = NULL; /* end of list */ | 912 | *ca_curr = NULL; /* end of list */ |
| 918 | } | 913 | } |
| 919 | 914 | ||
| 920 | static void ssl_cipher_apply_rule(unsigned long cipher_id, | 915 | static void |
| 921 | unsigned long alg_mkey, unsigned long alg_auth, | 916 | ssl_cipher_apply_rule(unsigned long cipher_id, |
| 922 | unsigned long alg_enc, unsigned long alg_mac, | 917 | unsigned long alg_mkey, unsigned long alg_auth, |
| 923 | unsigned long alg_ssl, | 918 | unsigned long alg_enc, unsigned long alg_mac, |
| 924 | unsigned long algo_strength, | 919 | unsigned long alg_ssl, |
| 925 | int rule, int strength_bits, | 920 | unsigned long algo_strength, |
| 926 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 921 | int rule, int strength_bits, |
| 927 | { | 922 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| 923 | { | ||
| 928 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; | 924 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; |
| 929 | const SSL_CIPHER *cp; | 925 | const SSL_CIPHER *cp; |
| 930 | int reverse = 0; | 926 | int reverse = 0; |
| 931 | 927 | ||
| 932 | #ifdef CIPHER_DEBUG | 928 | #ifdef CIPHER_DEBUG |
| 933 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", | 929 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", |
| 934 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); | 930 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); |
| 935 | #endif | 931 | #endif |
| 936 | 932 | ||
| 937 | if (rule == CIPHER_DEL) | 933 | if (rule == CIPHER_DEL) |
| @@ -940,21 +936,18 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 940 | head = *head_p; | 936 | head = *head_p; |
| 941 | tail = *tail_p; | 937 | tail = *tail_p; |
| 942 | 938 | ||
| 943 | if (reverse) | 939 | if (reverse) { |
| 944 | { | ||
| 945 | curr = tail; | 940 | curr = tail; |
| 946 | last = head; | 941 | last = head; |
| 947 | } | 942 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | curr = head; | 943 | curr = head; |
| 951 | last = tail; | 944 | last = tail; |
| 952 | } | 945 | } |
| 953 | 946 | ||
| 954 | curr2 = curr; | 947 | curr2 = curr; |
| 955 | for (;;) | 948 | for (;;) { |
| 956 | { | 949 | if ((curr == NULL) |
| 957 | if ((curr == NULL) || (curr == last)) break; | 950 | || (curr == last)) break; |
| 958 | curr = curr2; | 951 | curr = curr2; |
| 959 | curr2 = reverse ? curr->prev : curr->next; | 952 | curr2 = reverse ? curr->prev : curr->next; |
| 960 | 953 | ||
| @@ -964,13 +957,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 964 | * Selection criteria is either the value of strength_bits | 957 | * Selection criteria is either the value of strength_bits |
| 965 | * or the algorithms used. | 958 | * or the algorithms used. |
| 966 | */ | 959 | */ |
| 967 | if (strength_bits >= 0) | 960 | if (strength_bits >= 0) { |
| 968 | { | ||
| 969 | if (strength_bits != cp->strength_bits) | 961 | if (strength_bits != cp->strength_bits) |
| 970 | continue; | 962 | continue; |
| 971 | } | 963 | } else { |
| 972 | else | ||
| 973 | { | ||
| 974 | #ifdef CIPHER_DEBUG | 964 | #ifdef CIPHER_DEBUG |
| 975 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); | 965 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); |
| 976 | #endif | 966 | #endif |
| @@ -989,45 +979,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 989 | continue; | 979 | continue; |
| 990 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) | 980 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) |
| 991 | continue; | 981 | continue; |
| 992 | } | 982 | } |
| 993 | 983 | ||
| 994 | #ifdef CIPHER_DEBUG | 984 | #ifdef CIPHER_DEBUG |
| 995 | printf("Action = %d\n", rule); | 985 | printf("Action = %d\n", rule); |
| 996 | #endif | 986 | #endif |
| 997 | 987 | ||
| 998 | /* add the cipher if it has not been added yet. */ | 988 | /* add the cipher if it has not been added yet. */ |
| 999 | if (rule == CIPHER_ADD) | 989 | if (rule == CIPHER_ADD) { |
| 1000 | { | ||
| 1001 | /* reverse == 0 */ | 990 | /* reverse == 0 */ |
| 1002 | if (!curr->active) | 991 | if (!curr->active) { |
| 1003 | { | ||
| 1004 | ll_append_tail(&head, curr, &tail); | 992 | ll_append_tail(&head, curr, &tail); |
| 1005 | curr->active = 1; | 993 | curr->active = 1; |
| 1006 | } | ||
| 1007 | } | 994 | } |
| 995 | } | ||
| 1008 | /* Move the added cipher to this location */ | 996 | /* Move the added cipher to this location */ |
| 1009 | else if (rule == CIPHER_ORD) | 997 | else if (rule == CIPHER_ORD) { |
| 1010 | { | ||
| 1011 | /* reverse == 0 */ | 998 | /* reverse == 0 */ |
| 1012 | if (curr->active) | 999 | if (curr->active) { |
| 1013 | { | ||
| 1014 | ll_append_tail(&head, curr, &tail); | 1000 | ll_append_tail(&head, curr, &tail); |
| 1015 | } | ||
| 1016 | } | 1001 | } |
| 1017 | else if (rule == CIPHER_DEL) | 1002 | } else if (rule == CIPHER_DEL) { |
| 1018 | { | ||
| 1019 | /* reverse == 1 */ | 1003 | /* reverse == 1 */ |
| 1020 | if (curr->active) | 1004 | if (curr->active) { |
| 1021 | { | ||
| 1022 | /* most recently deleted ciphersuites get best positions | 1005 | /* most recently deleted ciphersuites get best positions |
| 1023 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop | 1006 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop |
| 1024 | * works in reverse to maintain the order) */ | 1007 | * works in reverse to maintain the order) */ |
| 1025 | ll_append_head(&head, curr, &tail); | 1008 | ll_append_head(&head, curr, &tail); |
| 1026 | curr->active = 0; | 1009 | curr->active = 0; |
| 1027 | } | ||
| 1028 | } | 1010 | } |
| 1029 | else if (rule == CIPHER_KILL) | 1011 | } else if (rule == CIPHER_KILL) { |
| 1030 | { | ||
| 1031 | /* reverse == 0 */ | 1012 | /* reverse == 0 */ |
| 1032 | if (head == curr) | 1013 | if (head == curr) |
| 1033 | head = curr->next; | 1014 | head = curr->next; |
| @@ -1042,16 +1023,17 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 1042 | curr->prev->next = curr->next; | 1023 | curr->prev->next = curr->next; |
| 1043 | curr->next = NULL; | 1024 | curr->next = NULL; |
| 1044 | curr->prev = NULL; | 1025 | curr->prev = NULL; |
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1027 | } | ||
| 1047 | 1028 | ||
| 1048 | *head_p = head; | 1029 | *head_p = head; |
| 1049 | *tail_p = tail; | 1030 | *tail_p = tail; |
| 1050 | } | 1031 | } |
| 1051 | 1032 | ||
| 1052 | static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | 1033 | static int |
| 1053 | CIPHER_ORDER **tail_p) | 1034 | ssl_cipher_strength_sort(CIPHER_ORDER **head_p, |
| 1054 | { | 1035 | CIPHER_ORDER **tail_p) |
| 1036 | { | ||
| 1055 | int max_strength_bits, i, *number_uses; | 1037 | int max_strength_bits, i, *number_uses; |
| 1056 | CIPHER_ORDER *curr; | 1038 | CIPHER_ORDER *curr; |
| 1057 | 1039 | ||
| @@ -1062,32 +1044,29 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1062 | */ | 1044 | */ |
| 1063 | max_strength_bits = 0; | 1045 | max_strength_bits = 0; |
| 1064 | curr = *head_p; | 1046 | curr = *head_p; |
| 1065 | while (curr != NULL) | 1047 | while (curr != NULL) { |
| 1066 | { | ||
| 1067 | if (curr->active && | 1048 | if (curr->active && |
| 1068 | (curr->cipher->strength_bits > max_strength_bits)) | 1049 | (curr->cipher->strength_bits > max_strength_bits)) |
| 1069 | max_strength_bits = curr->cipher->strength_bits; | 1050 | max_strength_bits = curr->cipher->strength_bits; |
| 1070 | curr = curr->next; | 1051 | curr = curr->next; |
| 1071 | } | 1052 | } |
| 1072 | 1053 | ||
| 1073 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); | 1054 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); |
| 1074 | if (!number_uses) | 1055 | if (!number_uses) { |
| 1075 | { | 1056 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); |
| 1076 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); | 1057 | return (0); |
| 1077 | return(0); | 1058 | } |
| 1078 | } | ||
| 1079 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); | 1059 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); |
| 1080 | 1060 | ||
| 1081 | /* | 1061 | /* |
| 1082 | * Now find the strength_bits values actually used | 1062 | * Now find the strength_bits values actually used |
| 1083 | */ | 1063 | */ |
| 1084 | curr = *head_p; | 1064 | curr = *head_p; |
| 1085 | while (curr != NULL) | 1065 | while (curr != NULL) { |
| 1086 | { | ||
| 1087 | if (curr->active) | 1066 | if (curr->active) |
| 1088 | number_uses[curr->cipher->strength_bits]++; | 1067 | number_uses[curr->cipher->strength_bits]++; |
| 1089 | curr = curr->next; | 1068 | curr = curr->next; |
| 1090 | } | 1069 | } |
| 1091 | /* | 1070 | /* |
| 1092 | * Go through the list of used strength_bits values in descending | 1071 | * Go through the list of used strength_bits values in descending |
| 1093 | * order. | 1072 | * order. |
| @@ -1097,13 +1076,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1097 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); | 1076 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); |
| 1098 | 1077 | ||
| 1099 | OPENSSL_free(number_uses); | 1078 | OPENSSL_free(number_uses); |
| 1100 | return(1); | 1079 | return (1); |
| 1101 | } | 1080 | } |
| 1102 | 1081 | ||
| 1103 | static int ssl_cipher_process_rulestr(const char *rule_str, | 1082 | static int |
| 1104 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, | 1083 | ssl_cipher_process_rulestr(const char *rule_str, |
| 1105 | const SSL_CIPHER **ca_list) | 1084 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, |
| 1106 | { | 1085 | const SSL_CIPHER **ca_list) |
| 1086 | { | ||
| 1107 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; | 1087 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; |
| 1108 | const char *l, *buf; | 1088 | const char *l, *buf; |
| 1109 | int j, multi, found, rule, retval, ok, buflen; | 1089 | int j, multi, found, rule, retval, ok, buflen; |
| @@ -1112,28 +1092,32 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1112 | 1092 | ||
| 1113 | retval = 1; | 1093 | retval = 1; |
| 1114 | l = rule_str; | 1094 | l = rule_str; |
| 1115 | for (;;) | 1095 | for (;;) { |
| 1116 | { | ||
| 1117 | ch = *l; | 1096 | ch = *l; |
| 1118 | 1097 | ||
| 1119 | if (ch == '\0') | 1098 | if (ch == '\0') |
| 1120 | break; /* done */ | 1099 | break; |
| 1100 | /* done */ | ||
| 1121 | if (ch == '-') | 1101 | if (ch == '-') |
| 1122 | { rule = CIPHER_DEL; l++; } | 1102 | { rule = CIPHER_DEL; |
| 1123 | else if (ch == '+') | 1103 | l++; |
| 1124 | { rule = CIPHER_ORD; l++; } | 1104 | } else if (ch == '+') |
| 1125 | else if (ch == '!') | 1105 | { rule = CIPHER_ORD; |
| 1126 | { rule = CIPHER_KILL; l++; } | 1106 | l++; |
| 1127 | else if (ch == '@') | 1107 | } else if (ch == '!') |
| 1128 | { rule = CIPHER_SPECIAL; l++; } | 1108 | { rule = CIPHER_KILL; |
| 1129 | else | 1109 | l++; |
| 1130 | { rule = CIPHER_ADD; } | 1110 | } else if (ch == '@') |
| 1111 | { rule = CIPHER_SPECIAL; | ||
| 1112 | l++; | ||
| 1113 | } else | ||
| 1114 | { rule = CIPHER_ADD; | ||
| 1115 | } | ||
| 1131 | 1116 | ||
| 1132 | if (ITEM_SEP(ch)) | 1117 | if (ITEM_SEP(ch)) { |
| 1133 | { | ||
| 1134 | l++; | 1118 | l++; |
| 1135 | continue; | 1119 | continue; |
| 1136 | } | 1120 | } |
| 1137 | 1121 | ||
| 1138 | alg_mkey = 0; | 1122 | alg_mkey = 0; |
| 1139 | alg_auth = 0; | 1123 | alg_auth = 0; |
| @@ -1142,52 +1126,47 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1142 | alg_ssl = 0; | 1126 | alg_ssl = 0; |
| 1143 | algo_strength = 0; | 1127 | algo_strength = 0; |
| 1144 | 1128 | ||
| 1145 | for (;;) | 1129 | for (;;) { |
| 1146 | { | ||
| 1147 | ch = *l; | 1130 | ch = *l; |
| 1148 | buf = l; | 1131 | buf = l; |
| 1149 | buflen = 0; | 1132 | buflen = 0; |
| 1150 | #ifndef CHARSET_EBCDIC | 1133 | #ifndef CHARSET_EBCDIC |
| 1151 | while ( ((ch >= 'A') && (ch <= 'Z')) || | 1134 | while (((ch >= 'A') && (ch <= 'Z')) || |
| 1152 | ((ch >= '0') && (ch <= '9')) || | 1135 | ((ch >= '0') && (ch <= '9')) || |
| 1153 | ((ch >= 'a') && (ch <= 'z')) || | 1136 | ((ch >= 'a') && (ch <= 'z')) || |
| 1154 | (ch == '-') || (ch == '.')) | 1137 | (ch == '-') || (ch == '.')) |
| 1155 | #else | 1138 | #else |
| 1156 | while ( isalnum(ch) || (ch == '-') || (ch == '.')) | 1139 | while (isalnum(ch) || (ch == '-') || (ch == '.')) |
| 1157 | #endif | 1140 | #endif |
| 1158 | { | 1141 | { |
| 1159 | ch = *(++l); | 1142 | ch = *(++l); |
| 1160 | buflen++; | 1143 | buflen++; |
| 1161 | } | 1144 | } |
| 1162 | 1145 | ||
| 1163 | if (buflen == 0) | 1146 | if (buflen == 0) { |
| 1164 | { | ||
| 1165 | /* | 1147 | /* |
| 1166 | * We hit something we cannot deal with, | 1148 | * We hit something we cannot deal with, |
| 1167 | * it is no command or separator nor | 1149 | * it is no command or separator nor |
| 1168 | * alphanumeric, so we call this an error. | 1150 | * alphanumeric, so we call this an error. |
| 1169 | */ | 1151 | */ |
| 1170 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1152 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1171 | SSL_R_INVALID_COMMAND); | 1153 | SSL_R_INVALID_COMMAND); |
| 1172 | retval = found = 0; | 1154 | retval = found = 0; |
| 1173 | l++; | 1155 | l++; |
| 1174 | break; | 1156 | break; |
| 1175 | } | 1157 | } |
| 1176 | 1158 | ||
| 1177 | if (rule == CIPHER_SPECIAL) | 1159 | if (rule == CIPHER_SPECIAL) { |
| 1178 | { | ||
| 1179 | found = 0; /* unused -- avoid compiler warning */ | 1160 | found = 0; /* unused -- avoid compiler warning */ |
| 1180 | break; /* special treatment */ | 1161 | break; /* special treatment */ |
| 1181 | } | 1162 | } |
| 1182 | 1163 | ||
| 1183 | /* check for multi-part specification */ | 1164 | /* check for multi-part specification */ |
| 1184 | if (ch == '+') | 1165 | if (ch == '+') { |
| 1185 | { | 1166 | multi = 1; |
| 1186 | multi=1; | ||
| 1187 | l++; | 1167 | l++; |
| 1188 | } | 1168 | } else |
| 1189 | else | 1169 | multi = 0; |
| 1190 | multi=0; | ||
| 1191 | 1170 | ||
| 1192 | /* | 1171 | /* |
| 1193 | * Now search for the cipher alias in the ca_list. Be careful | 1172 | * Now search for the cipher alias in the ca_list. Be careful |
| @@ -1202,126 +1181,121 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1202 | */ | 1181 | */ |
| 1203 | j = found = 0; | 1182 | j = found = 0; |
| 1204 | cipher_id = 0; | 1183 | cipher_id = 0; |
| 1205 | while (ca_list[j]) | 1184 | while (ca_list[j]) { |
| 1206 | { | ||
| 1207 | if (!strncmp(buf, ca_list[j]->name, buflen) && | 1185 | if (!strncmp(buf, ca_list[j]->name, buflen) && |
| 1208 | (ca_list[j]->name[buflen] == '\0')) | 1186 | (ca_list[j]->name[buflen] == '\0')) { |
| 1209 | { | ||
| 1210 | found = 1; | 1187 | found = 1; |
| 1211 | break; | 1188 | break; |
| 1212 | } | 1189 | } else |
| 1213 | else | ||
| 1214 | j++; | 1190 | j++; |
| 1215 | } | 1191 | } |
| 1216 | 1192 | ||
| 1217 | if (!found) | 1193 | if (!found) |
| 1218 | break; /* ignore this entry */ | 1194 | break; /* ignore this entry */ |
| 1219 | 1195 | ||
| 1220 | if (ca_list[j]->algorithm_mkey) | 1196 | if (ca_list[j]->algorithm_mkey) { |
| 1221 | { | 1197 | if (alg_mkey) { |
| 1222 | if (alg_mkey) | ||
| 1223 | { | ||
| 1224 | alg_mkey &= ca_list[j]->algorithm_mkey; | 1198 | alg_mkey &= ca_list[j]->algorithm_mkey; |
| 1225 | if (!alg_mkey) { found = 0; break; } | 1199 | if (!alg_mkey) { |
| 1200 | found = 0; | ||
| 1201 | break; | ||
| 1226 | } | 1202 | } |
| 1227 | else | 1203 | } else |
| 1228 | alg_mkey = ca_list[j]->algorithm_mkey; | 1204 | alg_mkey = ca_list[j]->algorithm_mkey; |
| 1229 | } | 1205 | } |
| 1230 | 1206 | ||
| 1231 | if (ca_list[j]->algorithm_auth) | 1207 | if (ca_list[j]->algorithm_auth) { |
| 1232 | { | 1208 | if (alg_auth) { |
| 1233 | if (alg_auth) | ||
| 1234 | { | ||
| 1235 | alg_auth &= ca_list[j]->algorithm_auth; | 1209 | alg_auth &= ca_list[j]->algorithm_auth; |
| 1236 | if (!alg_auth) { found = 0; break; } | 1210 | if (!alg_auth) { |
| 1211 | found = 0; | ||
| 1212 | break; | ||
| 1237 | } | 1213 | } |
| 1238 | else | 1214 | } else |
| 1239 | alg_auth = ca_list[j]->algorithm_auth; | 1215 | alg_auth = ca_list[j]->algorithm_auth; |
| 1240 | } | 1216 | } |
| 1241 | 1217 | ||
| 1242 | if (ca_list[j]->algorithm_enc) | 1218 | if (ca_list[j]->algorithm_enc) { |
| 1243 | { | 1219 | if (alg_enc) { |
| 1244 | if (alg_enc) | ||
| 1245 | { | ||
| 1246 | alg_enc &= ca_list[j]->algorithm_enc; | 1220 | alg_enc &= ca_list[j]->algorithm_enc; |
| 1247 | if (!alg_enc) { found = 0; break; } | 1221 | if (!alg_enc) { |
| 1222 | found = 0; | ||
| 1223 | break; | ||
| 1248 | } | 1224 | } |
| 1249 | else | 1225 | } else |
| 1250 | alg_enc = ca_list[j]->algorithm_enc; | 1226 | alg_enc = ca_list[j]->algorithm_enc; |
| 1251 | } | 1227 | } |
| 1252 | 1228 | ||
| 1253 | if (ca_list[j]->algorithm_mac) | 1229 | if (ca_list[j]->algorithm_mac) { |
| 1254 | { | 1230 | if (alg_mac) { |
| 1255 | if (alg_mac) | ||
| 1256 | { | ||
| 1257 | alg_mac &= ca_list[j]->algorithm_mac; | 1231 | alg_mac &= ca_list[j]->algorithm_mac; |
| 1258 | if (!alg_mac) { found = 0; break; } | 1232 | if (!alg_mac) { |
| 1233 | found = 0; | ||
| 1234 | break; | ||
| 1259 | } | 1235 | } |
| 1260 | else | 1236 | } else |
| 1261 | alg_mac = ca_list[j]->algorithm_mac; | 1237 | alg_mac = ca_list[j]->algorithm_mac; |
| 1262 | } | 1238 | } |
| 1263 | 1239 | ||
| 1264 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) | 1240 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { |
| 1265 | { | 1241 | if (algo_strength & SSL_EXP_MASK) { |
| 1266 | if (algo_strength & SSL_EXP_MASK) | ||
| 1267 | { | ||
| 1268 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; | 1242 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; |
| 1269 | if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } | 1243 | if (!(algo_strength & SSL_EXP_MASK)) { |
| 1244 | found = 0; | ||
| 1245 | break; | ||
| 1270 | } | 1246 | } |
| 1271 | else | 1247 | } else |
| 1272 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; | 1248 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; |
| 1273 | } | 1249 | } |
| 1274 | 1250 | ||
| 1275 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) | 1251 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { |
| 1276 | { | 1252 | if (algo_strength & SSL_STRONG_MASK) { |
| 1277 | if (algo_strength & SSL_STRONG_MASK) | ||
| 1278 | { | ||
| 1279 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | 1253 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; |
| 1280 | if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } | 1254 | if (!(algo_strength & SSL_STRONG_MASK)) { |
| 1255 | found = 0; | ||
| 1256 | break; | ||
| 1281 | } | 1257 | } |
| 1282 | else | 1258 | } else |
| 1283 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; | 1259 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; |
| 1284 | } | 1260 | } |
| 1285 | 1261 | ||
| 1286 | if (ca_list[j]->valid) | 1262 | if (ca_list[j]->valid) { |
| 1287 | { | ||
| 1288 | /* explicit ciphersuite found; its protocol version | 1263 | /* explicit ciphersuite found; its protocol version |
| 1289 | * does not become part of the search pattern!*/ | 1264 | * does not become part of the search pattern!*/ |
| 1290 | 1265 | ||
| 1291 | cipher_id = ca_list[j]->id; | 1266 | cipher_id = ca_list[j]->id; |
| 1292 | } | 1267 | } else { |
| 1293 | else | ||
| 1294 | { | ||
| 1295 | /* not an explicit ciphersuite; only in this case, the | 1268 | /* not an explicit ciphersuite; only in this case, the |
| 1296 | * protocol version is considered part of the search pattern */ | 1269 | * protocol version is considered part of the search pattern */ |
| 1297 | 1270 | ||
| 1298 | if (ca_list[j]->algorithm_ssl) | 1271 | if (ca_list[j]->algorithm_ssl) { |
| 1299 | { | 1272 | if (alg_ssl) { |
| 1300 | if (alg_ssl) | ||
| 1301 | { | ||
| 1302 | alg_ssl &= ca_list[j]->algorithm_ssl; | 1273 | alg_ssl &= ca_list[j]->algorithm_ssl; |
| 1303 | if (!alg_ssl) { found = 0; break; } | 1274 | if (!alg_ssl) { |
| 1275 | found = 0; | ||
| 1276 | break; | ||
| 1304 | } | 1277 | } |
| 1305 | else | 1278 | } else |
| 1306 | alg_ssl = ca_list[j]->algorithm_ssl; | 1279 | alg_ssl = ca_list[j]->algorithm_ssl; |
| 1307 | } | ||
| 1308 | } | 1280 | } |
| 1309 | |||
| 1310 | if (!multi) break; | ||
| 1311 | } | 1281 | } |
| 1312 | 1282 | ||
| 1283 | if (!multi) | ||
| 1284 | break; | ||
| 1285 | } | ||
| 1286 | |||
| 1313 | /* | 1287 | /* |
| 1314 | * Ok, we have the rule, now apply it | 1288 | * Ok, we have the rule, now apply it |
| 1315 | */ | 1289 | */ |
| 1316 | if (rule == CIPHER_SPECIAL) | 1290 | if (rule == CIPHER_SPECIAL) |
| 1317 | { /* special command */ | 1291 | { /* special command */ |
| 1318 | ok = 0; | 1292 | ok = 0; |
| 1319 | if ((buflen == 8) && | 1293 | if ((buflen == 8) && |
| 1320 | !strncmp(buf, "STRENGTH", 8)) | 1294 | !strncmp(buf, "STRENGTH", 8)) |
| 1321 | ok = ssl_cipher_strength_sort(head_p, tail_p); | 1295 | ok = ssl_cipher_strength_sort(head_p, tail_p); |
| 1322 | else | 1296 | else |
| 1323 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1297 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1324 | SSL_R_INVALID_COMMAND); | 1298 | SSL_R_INVALID_COMMAND); |
| 1325 | if (ok == 0) | 1299 | if (ok == 0) |
| 1326 | retval = 0; | 1300 | retval = 0; |
| 1327 | /* | 1301 | /* |
| @@ -1331,30 +1305,27 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1331 | * end or ':' is found. | 1305 | * end or ':' is found. |
| 1332 | */ | 1306 | */ |
| 1333 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1307 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1334 | l++; | 1308 | l++; |
| 1335 | } | 1309 | } else if (found) { |
| 1336 | else if (found) | ||
| 1337 | { | ||
| 1338 | ssl_cipher_apply_rule(cipher_id, | 1310 | ssl_cipher_apply_rule(cipher_id, |
| 1339 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, | 1311 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, |
| 1340 | rule, -1, head_p, tail_p); | 1312 | rule, -1, head_p, tail_p); |
| 1341 | } | 1313 | } else { |
| 1342 | else | ||
| 1343 | { | ||
| 1344 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1314 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1345 | l++; | 1315 | l++; |
| 1346 | } | 1316 | } |
| 1347 | if (*l == '\0') break; /* done */ | 1317 | if (*l == '\0') break; /* done */ |
| 1348 | } | 1318 | } |
| 1349 | 1319 | ||
| 1350 | return(retval); | 1320 | return (retval); |
| 1351 | } | 1321 | } |
| 1352 | 1322 | ||
| 1353 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | 1323 | STACK_OF(SSL_CIPHER) |
| 1354 | STACK_OF(SSL_CIPHER) **cipher_list, | 1324 | *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
| 1355 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | 1325 | STACK_OF(SSL_CIPHER) **cipher_list, |
| 1356 | const char *rule_str) | 1326 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, |
| 1357 | { | 1327 | const char *rule_str) |
| 1328 | { | ||
| 1358 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | 1329 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
| 1359 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; | 1330 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; |
| 1360 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | 1331 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
| @@ -1384,15 +1355,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1384 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | 1355 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); |
| 1385 | #endif /* KSSL_DEBUG */ | 1356 | #endif /* KSSL_DEBUG */ |
| 1386 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); | 1357 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); |
| 1387 | if (co_list == NULL) | 1358 | if (co_list == NULL) { |
| 1388 | { | 1359 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1389 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1390 | return(NULL); /* Failure */ | 1360 | return(NULL); /* Failure */ |
| 1391 | } | 1361 | } |
| 1392 | 1362 | ||
| 1393 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | 1363 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
| 1394 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | 1364 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, |
| 1395 | co_list, &head, &tail); | 1365 | co_list, &head, &tail); |
| 1396 | 1366 | ||
| 1397 | 1367 | ||
| 1398 | /* Now arrange all ciphers by preference: */ | 1368 | /* Now arrange all ciphers by preference: */ |
| @@ -1419,19 +1389,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1419 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1389 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1420 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ | 1390 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ |
| 1421 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1391 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1422 | ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1392 | ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1423 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1393 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1424 | 1394 | ||
| 1425 | /* RC4 is sort-of broken -- move the the end */ | 1395 | /* RC4 is sort-of broken -- move the the end */ |
| 1426 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1396 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1427 | 1397 | ||
| 1428 | /* Now sort by symmetric encryption strength. The above ordering remains | 1398 | /* Now sort by symmetric encryption strength. The above ordering remains |
| 1429 | * in force within each class */ | 1399 | * in force within each class */ |
| 1430 | if (!ssl_cipher_strength_sort(&head, &tail)) | 1400 | if (!ssl_cipher_strength_sort(&head, &tail)) { |
| 1431 | { | ||
| 1432 | OPENSSL_free(co_list); | 1401 | OPENSSL_free(co_list); |
| 1433 | return NULL; | 1402 | return NULL; |
| 1434 | } | 1403 | } |
| 1435 | 1404 | ||
| 1436 | /* Now disable everything (maintaining the ordering!) */ | 1405 | /* Now disable everything (maintaining the ordering!) */ |
| 1437 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1406 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| @@ -1448,15 +1417,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1448 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | 1417 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); |
| 1449 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | 1418 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; |
| 1450 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); | 1419 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); |
| 1451 | if (ca_list == NULL) | 1420 | if (ca_list == NULL) { |
| 1452 | { | ||
| 1453 | OPENSSL_free(co_list); | 1421 | OPENSSL_free(co_list); |
| 1454 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 1422 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1455 | return(NULL); /* Failure */ | 1423 | return(NULL); /* Failure */ |
| 1456 | } | 1424 | } |
| 1457 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, | 1425 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
| 1458 | disabled_mkey, disabled_auth, disabled_enc, | 1426 | disabled_mkey, disabled_auth, disabled_enc, |
| 1459 | disabled_mac, disabled_ssl, head); | 1427 | disabled_mac, disabled_ssl, head); |
| 1460 | 1428 | ||
| 1461 | /* | 1429 | /* |
| 1462 | * If the rule_string begins with DEFAULT, apply the default rule | 1430 | * If the rule_string begins with DEFAULT, apply the default rule |
| @@ -1464,14 +1432,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1464 | */ | 1432 | */ |
| 1465 | ok = 1; | 1433 | ok = 1; |
| 1466 | rule_p = rule_str; | 1434 | rule_p = rule_str; |
| 1467 | if (strncmp(rule_str,"DEFAULT",7) == 0) | 1435 | if (strncmp(rule_str, "DEFAULT", 7) == 0) { |
| 1468 | { | ||
| 1469 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | 1436 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, |
| 1470 | &head, &tail, ca_list); | 1437 | &head, &tail, ca_list); |
| 1471 | rule_p += 7; | 1438 | rule_p += 7; |
| 1472 | if (*rule_p == ':') | 1439 | if (*rule_p == ':') |
| 1473 | rule_p++; | 1440 | rule_p++; |
| 1474 | } | 1441 | } |
| 1475 | 1442 | ||
| 1476 | if (ok && (strlen(rule_p) > 0)) | 1443 | if (ok && (strlen(rule_p) > 0)) |
| 1477 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); | 1444 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); |
| @@ -1479,65 +1446,63 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1479 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ | 1446 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ |
| 1480 | 1447 | ||
| 1481 | if (!ok) | 1448 | if (!ok) |
| 1482 | { /* Rule processing failure */ | 1449 | { /* Rule processing failure */ |
| 1483 | OPENSSL_free(co_list); | 1450 | OPENSSL_free(co_list); |
| 1484 | return(NULL); | 1451 | return (NULL); |
| 1485 | } | 1452 | } |
| 1486 | 1453 | ||
| 1487 | /* | 1454 | /* |
| 1488 | * Allocate new "cipherstack" for the result, return with error | 1455 | * Allocate new "cipherstack" for the result, return with error |
| 1489 | * if we cannot get one. | 1456 | * if we cannot get one. |
| 1490 | */ | 1457 | */ |
| 1491 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) | 1458 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { |
| 1492 | { | ||
| 1493 | OPENSSL_free(co_list); | 1459 | OPENSSL_free(co_list); |
| 1494 | return(NULL); | 1460 | return (NULL); |
| 1495 | } | 1461 | } |
| 1496 | 1462 | ||
| 1497 | /* | 1463 | /* |
| 1498 | * The cipher selection for the list is done. The ciphers are added | 1464 | * The cipher selection for the list is done. The ciphers are added |
| 1499 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | 1465 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). |
| 1500 | */ | 1466 | */ |
| 1501 | for (curr = head; curr != NULL; curr = curr->next) | 1467 | for (curr = head; curr != NULL; curr = curr->next) { |
| 1502 | { | ||
| 1503 | #ifdef OPENSSL_FIPS | 1468 | #ifdef OPENSSL_FIPS |
| 1504 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | 1469 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) |
| 1505 | #else | 1470 | #else |
| 1506 | if (curr->active) | 1471 | if (curr->active) |
| 1507 | #endif | 1472 | #endif |
| 1508 | { | 1473 | { |
| 1509 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1474 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 1510 | #ifdef CIPHER_DEBUG | 1475 | #ifdef CIPHER_DEBUG |
| 1511 | printf("<%s>\n",curr->cipher->name); | 1476 | printf("<%s>\n", curr->cipher->name); |
| 1512 | #endif | 1477 | #endif |
| 1513 | } | ||
| 1514 | } | 1478 | } |
| 1479 | } | ||
| 1515 | OPENSSL_free(co_list); /* Not needed any longer */ | 1480 | OPENSSL_free(co_list); /* Not needed any longer */ |
| 1516 | 1481 | ||
| 1517 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | 1482 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); |
| 1518 | if (tmp_cipher_list == NULL) | 1483 | if (tmp_cipher_list == NULL) { |
| 1519 | { | ||
| 1520 | sk_SSL_CIPHER_free(cipherstack); | 1484 | sk_SSL_CIPHER_free(cipherstack); |
| 1521 | return NULL; | 1485 | return NULL; |
| 1522 | } | 1486 | } |
| 1523 | if (*cipher_list != NULL) | 1487 | if (*cipher_list != NULL) |
| 1524 | sk_SSL_CIPHER_free(*cipher_list); | 1488 | sk_SSL_CIPHER_free(*cipher_list); |
| 1525 | *cipher_list = cipherstack; | 1489 | *cipher_list = cipherstack; |
| 1526 | if (*cipher_list_by_id != NULL) | 1490 | if (*cipher_list_by_id != NULL) |
| 1527 | sk_SSL_CIPHER_free(*cipher_list_by_id); | 1491 | sk_SSL_CIPHER_free(*cipher_list_by_id); |
| 1528 | *cipher_list_by_id = tmp_cipher_list; | 1492 | *cipher_list_by_id = tmp_cipher_list; |
| 1529 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 1493 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); |
| 1530 | 1494 | ||
| 1531 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | 1495 | sk_SSL_CIPHER_sort(*cipher_list_by_id); |
| 1532 | return(cipherstack); | 1496 | return (cipherstack); |
| 1533 | } | 1497 | } |
| 1534 | 1498 | ||
| 1535 | char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | 1499 | char |
| 1536 | { | 1500 | *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) |
| 1537 | int is_export,pkl,kl; | 1501 | { |
| 1538 | const char *ver,*exp_str; | 1502 | int is_export, pkl, kl; |
| 1539 | const char *kx,*au,*enc,*mac; | 1503 | const char *ver, *exp_str; |
| 1540 | unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; | 1504 | const char *kx, *au, *enc, *mac; |
| 1505 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; | ||
| 1541 | #ifdef KSSL_DEBUG | 1506 | #ifdef KSSL_DEBUG |
| 1542 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; | 1507 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; |
| 1543 | #else | 1508 | #else |
| @@ -1550,13 +1515,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1550 | alg_mac = cipher->algorithm_mac; | 1515 | alg_mac = cipher->algorithm_mac; |
| 1551 | alg_ssl = cipher->algorithm_ssl; | 1516 | alg_ssl = cipher->algorithm_ssl; |
| 1552 | 1517 | ||
| 1553 | alg2=cipher->algorithm2; | 1518 | alg2 = cipher->algorithm2; |
| 1519 | |||
| 1520 | is_export = SSL_C_IS_EXPORT(cipher); | ||
| 1521 | pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1522 | kl = SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1523 | exp_str = is_export?" export":""; | ||
| 1554 | 1524 | ||
| 1555 | is_export=SSL_C_IS_EXPORT(cipher); | ||
| 1556 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1557 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1558 | exp_str=is_export?" export":""; | ||
| 1559 | |||
| 1560 | if (alg_ssl & SSL_SSLV2) | 1525 | if (alg_ssl & SSL_SSLV2) |
| 1561 | ver="SSLv2"; | 1526 | ver="SSLv2"; |
| 1562 | else if (alg_ssl & SSL_SSLV3) | 1527 | else if (alg_ssl & SSL_SSLV3) |
| @@ -1566,10 +1531,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1566 | else | 1531 | else |
| 1567 | ver="unknown"; | 1532 | ver="unknown"; |
| 1568 | 1533 | ||
| 1569 | switch (alg_mkey) | 1534 | switch (alg_mkey) { |
| 1570 | { | ||
| 1571 | case SSL_kRSA: | 1535 | case SSL_kRSA: |
| 1572 | kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; | 1536 | kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; |
| 1573 | break; | 1537 | break; |
| 1574 | case SSL_kDHr: | 1538 | case SSL_kDHr: |
| 1575 | kx="DH/RSA"; | 1539 | kx="DH/RSA"; |
| @@ -1577,11 +1541,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1577 | case SSL_kDHd: | 1541 | case SSL_kDHd: |
| 1578 | kx="DH/DSS"; | 1542 | kx="DH/DSS"; |
| 1579 | break; | 1543 | break; |
| 1580 | case SSL_kKRB5: | 1544 | case SSL_kKRB5: |
| 1581 | kx="KRB5"; | 1545 | kx="KRB5"; |
| 1582 | break; | 1546 | break; |
| 1583 | case SSL_kEDH: | 1547 | case SSL_kEDH: |
| 1584 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; | 1548 | kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
| 1585 | break; | 1549 | break; |
| 1586 | case SSL_kECDHr: | 1550 | case SSL_kECDHr: |
| 1587 | kx="ECDH/RSA"; | 1551 | kx="ECDH/RSA"; |
| @@ -1600,10 +1564,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1600 | break; | 1564 | break; |
| 1601 | default: | 1565 | default: |
| 1602 | kx="unknown"; | 1566 | kx="unknown"; |
| 1603 | } | 1567 | } |
| 1604 | 1568 | ||
| 1605 | switch (alg_auth) | 1569 | switch (alg_auth) { |
| 1606 | { | ||
| 1607 | case SSL_aRSA: | 1570 | case SSL_aRSA: |
| 1608 | au="RSA"; | 1571 | au="RSA"; |
| 1609 | break; | 1572 | break; |
| @@ -1613,10 +1576,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1613 | case SSL_aDH: | 1576 | case SSL_aDH: |
| 1614 | au="DH"; | 1577 | au="DH"; |
| 1615 | break; | 1578 | break; |
| 1616 | case SSL_aKRB5: | 1579 | case SSL_aKRB5: |
| 1617 | au="KRB5"; | 1580 | au="KRB5"; |
| 1618 | break; | 1581 | break; |
| 1619 | case SSL_aECDH: | 1582 | case SSL_aECDH: |
| 1620 | au="ECDH"; | 1583 | au="ECDH"; |
| 1621 | break; | 1584 | break; |
| 1622 | case SSL_aNULL: | 1585 | case SSL_aNULL: |
| @@ -1631,22 +1594,21 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1631 | default: | 1594 | default: |
| 1632 | au="unknown"; | 1595 | au="unknown"; |
| 1633 | break; | 1596 | break; |
| 1634 | } | 1597 | } |
| 1635 | 1598 | ||
| 1636 | switch (alg_enc) | 1599 | switch (alg_enc) { |
| 1637 | { | ||
| 1638 | case SSL_DES: | 1600 | case SSL_DES: |
| 1639 | enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; | 1601 | enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; |
| 1640 | break; | 1602 | break; |
| 1641 | case SSL_3DES: | 1603 | case SSL_3DES: |
| 1642 | enc="3DES(168)"; | 1604 | enc="3DES(168)"; |
| 1643 | break; | 1605 | break; |
| 1644 | case SSL_RC4: | 1606 | case SSL_RC4: |
| 1645 | enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") | 1607 | enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") |
| 1646 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); | 1608 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); |
| 1647 | break; | 1609 | break; |
| 1648 | case SSL_RC2: | 1610 | case SSL_RC2: |
| 1649 | enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; | 1611 | enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; |
| 1650 | break; | 1612 | break; |
| 1651 | case SSL_IDEA: | 1613 | case SSL_IDEA: |
| 1652 | enc="IDEA(128)"; | 1614 | enc="IDEA(128)"; |
| @@ -1678,10 +1640,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1678 | default: | 1640 | default: |
| 1679 | enc="unknown"; | 1641 | enc="unknown"; |
| 1680 | break; | 1642 | break; |
| 1681 | } | 1643 | } |
| 1682 | 1644 | ||
| 1683 | switch (alg_mac) | 1645 | switch (alg_mac) { |
| 1684 | { | ||
| 1685 | case SSL_MD5: | 1646 | case SSL_MD5: |
| 1686 | mac="MD5"; | 1647 | mac="MD5"; |
| 1687 | break; | 1648 | break; |
| @@ -1700,108 +1661,119 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1700 | default: | 1661 | default: |
| 1701 | mac="unknown"; | 1662 | mac="unknown"; |
| 1702 | break; | 1663 | break; |
| 1703 | } | 1664 | } |
| 1704 | 1665 | ||
| 1705 | if (buf == NULL) | 1666 | if (buf == NULL) { |
| 1706 | { | 1667 | len = 128; |
| 1707 | len=128; | 1668 | buf = OPENSSL_malloc(len); |
| 1708 | buf=OPENSSL_malloc(len); | 1669 | if (buf == NULL) |
| 1709 | if (buf == NULL) return("OPENSSL_malloc Error"); | 1670 | return("OPENSSL_malloc Error"); |
| 1710 | } | 1671 | } else if (len < 128) |
| 1711 | else if (len < 128) | 1672 | return("Buffer too small"); |
| 1712 | return("Buffer too small"); | ||
| 1713 | 1673 | ||
| 1714 | #ifdef KSSL_DEBUG | 1674 | #ifdef KSSL_DEBUG |
| 1715 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); | 1675 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); |
| 1716 | #else | 1676 | #else |
| 1717 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); | 1677 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); |
| 1718 | #endif /* KSSL_DEBUG */ | 1678 | #endif /* KSSL_DEBUG */ |
| 1719 | return(buf); | 1679 | return (buf); |
| 1720 | } | 1680 | } |
| 1721 | 1681 | ||
| 1722 | char *SSL_CIPHER_get_version(const SSL_CIPHER *c) | 1682 | char |
| 1723 | { | 1683 | *SSL_CIPHER_get_version(const SSL_CIPHER *c) |
| 1684 | { | ||
| 1724 | int i; | 1685 | int i; |
| 1725 | 1686 | ||
| 1726 | if (c == NULL) return("(NONE)"); | 1687 | if (c == NULL) |
| 1727 | i=(int)(c->id>>24L); | 1688 | return("(NONE)"); |
| 1689 | i = (int)(c->id >> 24L); | ||
| 1728 | if (i == 3) | 1690 | if (i == 3) |
| 1729 | return("TLSv1/SSLv3"); | 1691 | return("TLSv1/SSLv3"); |
| 1730 | else if (i == 2) | 1692 | else if (i == 2) |
| 1731 | return("SSLv2"); | 1693 | return("SSLv2"); |
| 1732 | else | 1694 | else |
| 1733 | return("unknown"); | 1695 | return("unknown"); |
| 1734 | } | 1696 | } |
| 1735 | 1697 | ||
| 1736 | /* return the actual cipher being used */ | 1698 | /* return the actual cipher being used */ |
| 1737 | const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) | 1699 | const char |
| 1738 | { | 1700 | *SSL_CIPHER_get_name(const SSL_CIPHER *c) |
| 1701 | { | ||
| 1739 | if (c != NULL) | 1702 | if (c != NULL) |
| 1740 | return(c->name); | 1703 | return (c->name); |
| 1741 | return("(NONE)"); | 1704 | return("(NONE)"); |
| 1742 | } | 1705 | } |
| 1743 | 1706 | ||
| 1744 | /* number of bits for symmetric cipher */ | 1707 | /* number of bits for symmetric cipher */ |
| 1745 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) | 1708 | int |
| 1746 | { | 1709 | SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) |
| 1747 | int ret=0; | 1710 | { |
| 1711 | int ret = 0; | ||
| 1748 | 1712 | ||
| 1749 | if (c != NULL) | 1713 | if (c != NULL) { |
| 1750 | { | 1714 | if (alg_bits != NULL) |
| 1751 | if (alg_bits != NULL) *alg_bits = c->alg_bits; | 1715 | *alg_bits = c->alg_bits; |
| 1752 | ret = c->strength_bits; | 1716 | ret = c->strength_bits; |
| 1753 | } | ||
| 1754 | return(ret); | ||
| 1755 | } | 1717 | } |
| 1718 | return (ret); | ||
| 1719 | } | ||
| 1756 | 1720 | ||
| 1757 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) | 1721 | unsigned long |
| 1758 | { | 1722 | SSL_CIPHER_get_id(const SSL_CIPHER *c) |
| 1723 | { | ||
| 1759 | return c->id; | 1724 | return c->id; |
| 1760 | } | 1725 | } |
| 1761 | 1726 | ||
| 1762 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | 1727 | SSL_COMP |
| 1763 | { | 1728 | *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) |
| 1729 | { | ||
| 1764 | SSL_COMP *ctmp; | 1730 | SSL_COMP *ctmp; |
| 1765 | int i,nn; | 1731 | int i, nn; |
| 1766 | 1732 | ||
| 1767 | if ((n == 0) || (sk == NULL)) return(NULL); | 1733 | if ((n == 0) |
| 1768 | nn=sk_SSL_COMP_num(sk); | 1734 | || (sk == NULL)) return (NULL); |
| 1769 | for (i=0; i<nn; i++) | 1735 | nn = sk_SSL_COMP_num(sk); |
| 1770 | { | 1736 | for (i = 0; i < nn; i++) { |
| 1771 | ctmp=sk_SSL_COMP_value(sk,i); | 1737 | ctmp = sk_SSL_COMP_value(sk, i); |
| 1772 | if (ctmp->id == n) | 1738 | if (ctmp->id == n) |
| 1773 | return(ctmp); | 1739 | return (ctmp); |
| 1774 | } | ||
| 1775 | return(NULL); | ||
| 1776 | } | 1740 | } |
| 1741 | return (NULL); | ||
| 1742 | } | ||
| 1777 | 1743 | ||
| 1778 | #ifdef OPENSSL_NO_COMP | 1744 | #ifdef OPENSSL_NO_COMP |
| 1779 | void *SSL_COMP_get_compression_methods(void) | 1745 | void |
| 1780 | { | 1746 | *SSL_COMP_get_compression_methods(void) |
| 1747 | { | ||
| 1781 | return NULL; | 1748 | return NULL; |
| 1782 | } | 1749 | } |
| 1783 | int SSL_COMP_add_compression_method(int id, void *cm) | 1750 | |
| 1784 | { | 1751 | int |
| 1752 | SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1753 | { | ||
| 1785 | return 1; | 1754 | return 1; |
| 1786 | } | 1755 | } |
| 1787 | 1756 | ||
| 1788 | const char *SSL_COMP_get_name(const void *comp) | 1757 | const char |
| 1789 | { | 1758 | *SSL_COMP_get_name(const void *comp) |
| 1759 | { | ||
| 1790 | return NULL; | 1760 | return NULL; |
| 1791 | } | 1761 | } |
| 1792 | #else | 1762 | #else |
| 1793 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | 1763 | STACK_OF(SSL_COMP) |
| 1794 | { | 1764 | *SSL_COMP_get_compression_methods(void) |
| 1765 | { | ||
| 1795 | load_builtin_compressions(); | 1766 | load_builtin_compressions(); |
| 1796 | return(ssl_comp_methods); | 1767 | return (ssl_comp_methods); |
| 1797 | } | 1768 | } |
| 1798 | 1769 | ||
| 1799 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | 1770 | int |
| 1800 | { | 1771 | SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) |
| 1772 | { | ||
| 1801 | SSL_COMP *comp; | 1773 | SSL_COMP *comp; |
| 1802 | 1774 | ||
| 1803 | if (cm == NULL || cm->type == NID_undef) | 1775 | if (cm == NULL || cm->type == NID_undef) |
| 1804 | return 1; | 1776 | return 1; |
| 1805 | 1777 | ||
| 1806 | /* According to draft-ietf-tls-compression-04.txt, the | 1778 | /* According to draft-ietf-tls-compression-04.txt, the |
| 1807 | compression number ranges should be the following: | 1779 | compression number ranges should be the following: |
| @@ -1809,45 +1781,40 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1809 | 0 to 63: methods defined by the IETF | 1781 | 0 to 63: methods defined by the IETF |
| 1810 | 64 to 192: external party methods assigned by IANA | 1782 | 64 to 192: external party methods assigned by IANA |
| 1811 | 193 to 255: reserved for private use */ | 1783 | 193 to 255: reserved for private use */ |
| 1812 | if (id < 193 || id > 255) | 1784 | if (id < 193 || id > 255) { |
| 1813 | { | 1785 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); |
| 1814 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
| 1815 | return 0; | 1786 | return 0; |
| 1816 | } | 1787 | } |
| 1817 | 1788 | ||
| 1818 | MemCheck_off(); | 1789 | MemCheck_off(); |
| 1819 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 1790 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 1820 | comp->id=id; | 1791 | comp->id = id; |
| 1821 | comp->method=cm; | 1792 | comp->method = cm; |
| 1822 | load_builtin_compressions(); | 1793 | load_builtin_compressions(); |
| 1823 | if (ssl_comp_methods | 1794 | if (ssl_comp_methods |
| 1824 | && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) | 1795 | && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { |
| 1825 | { | ||
| 1826 | OPENSSL_free(comp); | 1796 | OPENSSL_free(comp); |
| 1827 | MemCheck_on(); | 1797 | MemCheck_on(); |
| 1828 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | 1798 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); |
| 1829 | return(1); | 1799 | return (1); |
| 1830 | } | 1800 | } else if ((ssl_comp_methods == NULL) |
| 1831 | else if ((ssl_comp_methods == NULL) | 1801 | || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { |
| 1832 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) | ||
| 1833 | { | ||
| 1834 | OPENSSL_free(comp); | 1802 | OPENSSL_free(comp); |
| 1835 | MemCheck_on(); | 1803 | MemCheck_on(); |
| 1836 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | 1804 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); |
| 1837 | return(1); | 1805 | return (1); |
| 1838 | } | 1806 | } else { |
| 1839 | else | ||
| 1840 | { | ||
| 1841 | MemCheck_on(); | 1807 | MemCheck_on(); |
| 1842 | return(0); | 1808 | return (0); |
| 1843 | } | ||
| 1844 | } | 1809 | } |
| 1810 | } | ||
| 1845 | 1811 | ||
| 1846 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | 1812 | const char |
| 1847 | { | 1813 | *SSL_COMP_get_name(const COMP_METHOD *comp) |
| 1814 | { | ||
| 1848 | if (comp) | 1815 | if (comp) |
| 1849 | return comp->name; | 1816 | return comp->name; |
| 1850 | return NULL; | 1817 | return NULL; |
| 1851 | } | 1818 | } |
| 1852 | 1819 | ||
| 1853 | #endif | 1820 | #endif |
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c index 370fb57e3b..67ba3c7699 100644 --- a/src/lib/libssl/src/ssl/ssl_err.c +++ b/src/lib/libssl/src/ssl/ssl_err.c | |||
| @@ -68,543 +68,541 @@ | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) | 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) |
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) | 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) |
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA SSL_str_functs[]= | 71 | static ERR_STRING_DATA SSL_str_functs[]= { |
| 72 | { | 72 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, |
| 73 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, | 73 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, |
| 74 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, | 74 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, |
| 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | 75 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, |
| 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | 76 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, |
| 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | 77 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, |
| 78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | 78 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, |
| 79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | 79 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, |
| 80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | 80 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, |
| 81 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, | 81 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, |
| 82 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | 82 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, |
| 83 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, | 83 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, |
| 84 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | 84 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, |
| 85 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | 85 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, |
| 86 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | 86 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, |
| 87 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | 87 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, |
| 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, |
| 89 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | 89 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, |
| 90 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | 90 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, |
| 91 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, | 91 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, |
| 92 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, | 92 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, |
| 93 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | 93 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, |
| 94 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | 94 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, |
| 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, |
| 96 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | 96 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, |
| 97 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | 97 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, |
| 98 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | 98 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, |
| 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, |
| 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, |
| 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, |
| 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, |
| 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, |
| 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, |
| 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, |
| 106 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | 106 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, |
| 107 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | 107 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, |
| 108 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | 108 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, |
| 109 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | 109 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, |
| 110 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | 110 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, |
| 111 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, | 111 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, |
| 112 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, | 112 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, |
| 113 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, | 113 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, |
| 114 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, | 114 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, |
| 115 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, | 115 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, |
| 116 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, | 116 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, |
| 117 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, | 117 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, |
| 118 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, | 118 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, |
| 119 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, | 119 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, |
| 120 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, | 120 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, |
| 121 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, | 121 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, |
| 122 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, | 122 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, |
| 123 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, | 123 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, |
| 124 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, | 124 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, |
| 125 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, | 125 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, |
| 126 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, | 126 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, |
| 127 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, | 127 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, |
| 128 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, | 128 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, |
| 129 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, | 129 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, |
| 130 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, | 130 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, |
| 131 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, | 131 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, |
| 132 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, | 132 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, |
| 133 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, | 133 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, |
| 134 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, | 134 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, |
| 135 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, | 135 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, |
| 136 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, | 136 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, |
| 137 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, | 137 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, |
| 138 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, | 138 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, |
| 139 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, | 139 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, |
| 140 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, | 140 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, |
| 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, |
| 142 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, | 142 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, |
| 143 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, | 143 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, | 144 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
| 145 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, | 145 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, |
| 146 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, | 146 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, |
| 147 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, | 147 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, |
| 148 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, | 148 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
| 149 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | 149 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
| 150 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | 150 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, |
| 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, |
| 153 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | 153 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, |
| 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, |
| 156 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, | 156 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, |
| 157 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | 157 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, |
| 158 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | 158 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, |
| 159 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | 159 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, |
| 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, |
| 161 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, | 161 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, |
| 162 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | 162 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, |
| 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, |
| 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, |
| 165 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | 165 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, |
| 166 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, | 166 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, |
| 167 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | 167 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, |
| 168 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | 168 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, |
| 169 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | 169 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, |
| 170 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | 170 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, |
| 171 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, | 171 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, |
| 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, | 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, |
| 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, | 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, |
| 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, |
| 175 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, | 175 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, |
| 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, | 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, |
| 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, | 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, |
| 178 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | 178 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, |
| 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, |
| 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, | 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, |
| 181 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, | 181 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, |
| 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, |
| 183 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | 183 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, | 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, |
| 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, |
| 186 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, | 186 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, |
| 187 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | 187 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, |
| 188 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | 188 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, | 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, |
| 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, |
| 191 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, | 191 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, |
| 192 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | 192 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, |
| 193 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | 193 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, |
| 194 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | 194 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, |
| 195 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, | 195 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, |
| 196 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | 196 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, |
| 197 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | 197 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, |
| 198 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | 198 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, |
| 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, |
| 200 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, | 200 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, |
| 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, |
| 202 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | 202 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, |
| 203 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | 203 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, |
| 204 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, | 204 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, |
| 205 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, | 205 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, |
| 206 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, | 206 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, |
| 207 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, | 207 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, |
| 208 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, | 208 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, |
| 209 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, | 209 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, |
| 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, | 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, |
| 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, | 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, |
| 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, | 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, |
| 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, | 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, |
| 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, | 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, |
| 215 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, | 215 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, |
| 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, | 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, |
| 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, | 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, |
| 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, |
| 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, |
| 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, |
| 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, |
| 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, |
| 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, |
| 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, |
| 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, |
| 226 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | 226 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, |
| 227 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | 227 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, |
| 228 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | 228 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, |
| 229 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | 229 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, |
| 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, |
| 231 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, | 231 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, |
| 232 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | 232 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, |
| 233 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | 233 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, |
| 234 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | 234 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, |
| 235 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | 235 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, |
| 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, |
| 238 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, | 238 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, |
| 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, |
| 241 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, | 241 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, |
| 242 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | 242 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, |
| 244 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | 244 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, |
| 245 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | 245 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, |
| 246 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | 246 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, |
| 247 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | 247 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, |
| 248 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, | 248 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, |
| 249 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, | 249 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, |
| 250 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, | 250 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, |
| 251 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, | 251 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, |
| 252 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, | 252 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, |
| 253 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, | 253 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, |
| 254 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, | 254 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, |
| 255 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, | 255 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, |
| 256 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, | 256 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, |
| 257 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, | 257 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, |
| 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, | 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, |
| 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, | 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, |
| 260 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, | 260 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, |
| 261 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, | 261 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, |
| 262 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, | 262 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, |
| 263 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | 263 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, |
| 264 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, | 264 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, |
| 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, |
| 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, |
| 267 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | 267 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, |
| 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, |
| 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, |
| 270 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | 270 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, |
| 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, | 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, |
| 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, | 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, |
| 273 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, | 273 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, |
| 274 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, | 274 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, |
| 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, | 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, |
| 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, | 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, |
| 277 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, | 277 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, |
| 278 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, | 278 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, |
| 279 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, | 279 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, |
| 280 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, | 280 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, |
| 281 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, | 281 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, |
| 282 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, | 282 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, |
| 283 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, | 283 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, |
| 284 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, | 284 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, |
| 285 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, | 285 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, | 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, |
| 287 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, | 287 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, |
| 288 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, | 288 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, |
| 289 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, | 289 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, |
| 290 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, | 290 | {0, NULL} |
| 291 | {0,NULL} | 291 | }; |
| 292 | }; | ||
| 293 | 292 | ||
| 294 | static ERR_STRING_DATA SSL_str_reasons[]= | 293 | static ERR_STRING_DATA SSL_str_reasons[]= { |
| 295 | { | 294 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, |
| 296 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, | 295 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, |
| 297 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, | 296 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, |
| 298 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, | 297 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, |
| 299 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, | 298 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, |
| 300 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, | 299 | {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, |
| 301 | {ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, | 300 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, |
| 302 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, | 301 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, |
| 303 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, | 302 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, |
| 304 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, | 303 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, |
| 305 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, | 304 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, |
| 306 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, | 305 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, |
| 307 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, | 306 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, |
| 308 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, | 307 | {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, |
| 309 | {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, | 308 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, |
| 310 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, | 309 | {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, |
| 311 | {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, | 310 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, |
| 312 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, | 311 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, |
| 313 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, | 312 | {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, |
| 314 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, | 313 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, |
| 315 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, | 314 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, |
| 316 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, | 315 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, |
| 317 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, | 316 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, |
| 318 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, | 317 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, |
| 319 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, | 318 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, |
| 320 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, | 319 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, |
| 321 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, | 320 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, |
| 322 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, | 321 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, |
| 323 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, | 322 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, |
| 324 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, | 323 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, |
| 325 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, | 324 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, |
| 326 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, | 325 | {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, |
| 327 | {ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, | 326 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, |
| 328 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"}, | 327 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, |
| 329 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"}, | 328 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, |
| 330 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"}, | 329 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, |
| 331 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"}, | 330 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, |
| 332 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"}, | 331 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, |
| 333 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"}, | 332 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, |
| 334 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"}, | 333 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, |
| 335 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, | 334 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, |
| 336 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, | 335 | {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, |
| 337 | {ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, | 336 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, |
| 338 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, | 337 | {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, |
| 339 | {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, | 338 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, |
| 340 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, | 339 | {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, |
| 341 | {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, | 340 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, |
| 342 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, | 341 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, |
| 343 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, | 342 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, |
| 344 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, | 343 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, |
| 345 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, | 344 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, |
| 346 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, | 345 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, |
| 347 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, | 346 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, |
| 348 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | 347 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, |
| 349 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | 348 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, |
| 350 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | 349 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, |
| 351 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, | 350 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, |
| 352 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, | 351 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, |
| 353 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, | 352 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, |
| 354 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, | 353 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, |
| 355 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, | 354 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, |
| 356 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, | 355 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, |
| 357 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | 356 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, |
| 358 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | 357 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, |
| 359 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | 358 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, |
| 360 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, | 359 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, |
| 361 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | 360 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, |
| 362 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | 361 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, |
| 363 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, | 362 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, |
| 364 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, | 363 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, |
| 365 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, | 364 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, |
| 366 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, | 365 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, |
| 367 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, | 366 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, |
| 368 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, | 367 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, |
| 369 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, | 368 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, |
| 370 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, | 369 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, |
| 371 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, | 370 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, |
| 372 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, | 371 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, |
| 373 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, | 372 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, |
| 374 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | 373 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, |
| 375 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, | 374 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, |
| 376 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, | 375 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, |
| 377 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, | 376 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, |
| 378 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, | 377 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, |
| 379 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, | 378 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, |
| 380 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, | 379 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, |
| 381 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, | 380 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, |
| 382 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, | 381 | {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, |
| 383 | {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, | 382 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, |
| 384 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, | 383 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, |
| 385 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, | 384 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, |
| 386 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | 385 | {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, |
| 387 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | 386 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, |
| 388 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, | 387 | {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, |
| 389 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | 388 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, |
| 390 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, | 389 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, |
| 391 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | 390 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, |
| 392 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, | 391 | {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, |
| 393 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, | 392 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, |
| 394 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, | 393 | {ERR_REASON(SSL_R_KRB5) , "krb5"}, |
| 395 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, | 394 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, |
| 396 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, | 395 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, |
| 397 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, | 396 | {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, |
| 398 | {ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, | 397 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, |
| 399 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, | 398 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, |
| 400 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, | 399 | {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, |
| 401 | {ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, | 400 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, |
| 402 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, | 401 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, |
| 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, | 402 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, |
| 404 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, | 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, |
| 405 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, | 404 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, |
| 406 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, | 405 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, |
| 407 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, | 406 | {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, |
| 408 | {ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, | 407 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, |
| 409 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, | 408 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, |
| 410 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, | 409 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, |
| 411 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, | 410 | {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, |
| 412 | {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, | 411 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, |
| 413 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, | 412 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, |
| 414 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, | 413 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, |
| 415 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, | 414 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, |
| 416 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, | 415 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, |
| 417 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, | 416 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, |
| 418 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, | 417 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, |
| 419 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, | 418 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, |
| 420 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"}, | 419 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, |
| 421 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, | 420 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, |
| 422 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, | 421 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, |
| 423 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | 422 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, |
| 424 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | 423 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, |
| 425 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | 424 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, |
| 426 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, | 425 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, |
| 427 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, | 426 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, |
| 428 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, | 427 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, |
| 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, | 428 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, |
| 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, | 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, |
| 431 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, | 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, |
| 432 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, | 431 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, |
| 433 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, | 432 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, |
| 434 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, | 433 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, |
| 435 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, | 434 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, |
| 436 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, | 435 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, |
| 437 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, | 436 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, |
| 438 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, | 437 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, |
| 439 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, | 438 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, |
| 440 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, | 439 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, |
| 441 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, | 440 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, |
| 442 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, | 441 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, |
| 443 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, | 442 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, |
| 444 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, | 443 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, |
| 445 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, | 444 | {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, |
| 446 | {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, | 445 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, |
| 447 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, | 446 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, |
| 448 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, | 447 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, |
| 449 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, | 448 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, |
| 450 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"}, | 449 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, |
| 451 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, | 450 | {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, |
| 452 | {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, | 451 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, |
| 453 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, | 452 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, |
| 454 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, | 453 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, |
| 455 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, | 454 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, |
| 456 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, | 455 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"}, |
| 457 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, | 456 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, |
| 458 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, | 457 | {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, |
| 459 | {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, | 458 | {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, |
| 460 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, | 459 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, |
| 461 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, | 460 | {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, |
| 462 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, | 461 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, |
| 463 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, | 462 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, |
| 464 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, | 463 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, |
| 465 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, | 464 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, |
| 466 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, | 465 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, |
| 467 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, | 466 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, |
| 468 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, | 467 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, |
| 469 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, | 468 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, |
| 470 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, | 469 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, |
| 471 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, | 470 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, |
| 472 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, | 471 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, |
| 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, | 472 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, |
| 474 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, | 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, |
| 475 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, | 474 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, |
| 476 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, | 475 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, |
| 477 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, | 476 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, |
| 478 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, | 477 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, |
| 479 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, | 478 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, |
| 480 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, | 479 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, |
| 481 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, | 480 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, |
| 482 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, | 481 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, |
| 483 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, | 482 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, |
| 484 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, | 483 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, |
| 485 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, | 484 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, |
| 486 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, | 485 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, |
| 487 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, | 486 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, |
| 488 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, | 487 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, |
| 489 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, | 488 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, |
| 490 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, | 489 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, |
| 491 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, | 490 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, |
| 492 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, | 491 | {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, |
| 493 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, | 492 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, |
| 494 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"}, | 493 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, |
| 495 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, | 494 | {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, |
| 496 | {ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"}, | 495 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, |
| 497 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"}, | 496 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, |
| 498 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"}, | 497 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, |
| 499 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"}, | 498 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, |
| 500 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, | 499 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, |
| 501 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, | 500 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, |
| 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, | 501 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, |
| 503 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, | 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, |
| 504 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, | 503 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, |
| 505 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, | 504 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, |
| 506 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, | 505 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, |
| 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, | 506 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, |
| 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, | 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, |
| 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, | 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, |
| 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, | 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, |
| 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, | 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, |
| 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, | 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, |
| 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, | 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, |
| 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, | 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, |
| 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, | 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, |
| 516 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, | 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, |
| 517 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, | 516 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, |
| 518 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, | 517 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, |
| 519 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, | 518 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, |
| 520 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, | 519 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, |
| 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, | 520 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, |
| 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, | 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, |
| 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, | 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, |
| 524 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, | 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, |
| 525 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, | 524 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, |
| 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, | 525 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, |
| 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, | 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, |
| 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, | 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, |
| 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, | 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, |
| 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, | 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, |
| 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, | 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, |
| 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, | 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, |
| 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, | 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, |
| 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, | 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, |
| 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, | 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, |
| 536 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, | 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, |
| 537 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, | 536 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, |
| 538 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, | 537 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, |
| 539 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, | 538 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, |
| 540 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, | 539 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, |
| 541 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, | 540 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, |
| 542 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, | 541 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, |
| 543 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, | 542 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbearts"}, |
| 544 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"}, | 543 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, |
| 545 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"}, | 544 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, |
| 546 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"}, | 545 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, |
| 547 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, | 546 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, |
| 548 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, | 547 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, |
| 549 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, | 548 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"}, |
| 550 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, | 549 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, |
| 551 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, | 550 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, |
| 552 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, | 551 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, |
| 553 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, | 552 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, |
| 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, | 553 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, |
| 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, | 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, |
| 556 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, | 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, |
| 557 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, | 556 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, |
| 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, | 557 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, |
| 559 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, | 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, |
| 560 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, | 559 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, |
| 561 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, | 560 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, |
| 562 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, | 561 | {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, |
| 563 | {ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, | 562 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, |
| 564 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, | 563 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, |
| 565 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, | 564 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, |
| 566 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, | 565 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, |
| 567 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, | 566 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, |
| 568 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"}, | 567 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, |
| 569 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, | 568 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, |
| 570 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, | 569 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, |
| 571 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, | 570 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, |
| 572 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, | 571 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, |
| 573 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, | 572 | {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, |
| 574 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, | 573 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, |
| 575 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, | 574 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, |
| 576 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 575 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, |
| 577 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, | 576 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, |
| 578 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, | 577 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, |
| 579 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, | 578 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, |
| 580 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, | 579 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, |
| 581 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, | 580 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, |
| 582 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, | 581 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, |
| 583 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, | 582 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, |
| 584 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, | 583 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, |
| 585 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, | 584 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, |
| 586 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, | 585 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, |
| 587 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, | 586 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, |
| 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, | 587 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, |
| 589 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, | 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, |
| 590 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"}, | 589 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, |
| 591 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, | 590 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, |
| 592 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, | 591 | {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, |
| 593 | {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, | 592 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, |
| 594 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, | 593 | {0, NULL} |
| 595 | {0,NULL} | 594 | }; |
| 596 | }; | ||
| 597 | 595 | ||
| 598 | #endif | 596 | #endif |
| 599 | 597 | ||
| 600 | void ERR_load_SSL_strings(void) | 598 | void |
| 601 | { | 599 | ERR_load_SSL_strings(void) |
| 600 | { | ||
| 602 | #ifndef OPENSSL_NO_ERR | 601 | #ifndef OPENSSL_NO_ERR |
| 603 | 602 | ||
| 604 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) | 603 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { |
| 605 | { | 604 | ERR_load_strings(0, SSL_str_functs); |
| 606 | ERR_load_strings(0,SSL_str_functs); | 605 | ERR_load_strings(0, SSL_str_reasons); |
| 607 | ERR_load_strings(0,SSL_str_reasons); | ||
| 608 | } | ||
| 609 | #endif | ||
| 610 | } | 606 | } |
| 607 | #endif | ||
| 608 | } | ||
diff --git a/src/lib/libssl/src/ssl/ssl_err2.c b/src/lib/libssl/src/ssl/ssl_err2.c index ea95a5f983..cd781d38aa 100644 --- a/src/lib/libssl/src/ssl/ssl_err2.c +++ b/src/lib/libssl/src/ssl/ssl_err2.c | |||
| @@ -60,11 +60,12 @@ | |||
| 60 | #include <openssl/err.h> | 60 | #include <openssl/err.h> |
| 61 | #include <openssl/ssl.h> | 61 | #include <openssl/ssl.h> |
| 62 | 62 | ||
| 63 | void SSL_load_error_strings(void) | 63 | void |
| 64 | { | 64 | SSL_load_error_strings(void) |
| 65 | { | ||
| 65 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | ERR_load_crypto_strings(); | 67 | ERR_load_crypto_strings(); |
| 67 | ERR_load_SSL_strings(); | 68 | ERR_load_SSL_strings(); |
| 68 | #endif | 69 | #endif |
| 69 | } | 70 | } |
| 70 | 71 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index d9a728493e..98764b82aa 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -160,11 +160,11 @@ | |||
| 160 | #include <openssl/engine.h> | 160 | #include <openssl/engine.h> |
| 161 | #endif | 161 | #endif |
| 162 | 162 | ||
| 163 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 163 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 164 | 164 | ||
| 165 | SSL3_ENC_METHOD ssl3_undef_enc_method={ | 165 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| 166 | /* evil casts, but these functions are only called if there's a library bug */ | 166 | /* evil casts, but these functions are only called if there's a library bug */ |
| 167 | (int (*)(SSL *,int))ssl_undefined_function, | 167 | (int (*)(SSL *, int))ssl_undefined_function, |
| 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, | 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, |
| 169 | ssl_undefined_function, | 169 | ssl_undefined_function, |
| 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, |
| @@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ | |||
| 178 | 0, /* server_finished_label_len */ | 178 | 0, /* server_finished_label_len */ |
| 179 | (int (*)(int))ssl_undefined_function, | 179 | (int (*)(int))ssl_undefined_function, |
| 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, | 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, |
| 181 | size_t, const unsigned char *, size_t, | 181 | size_t, const unsigned char *, size_t, |
| 182 | int use_context)) ssl_undefined_function, | 182 | int use_context)) ssl_undefined_function, |
| 183 | }; | 183 | }; |
| 184 | 184 | ||
| 185 | int SSL_clear(SSL *s) | 185 | int |
| 186 | { | 186 | SSL_clear(SSL *s) |
| 187 | { | ||
| 187 | 188 | ||
| 188 | if (s->method == NULL) | 189 | if (s->method == NULL) { |
| 189 | { | 190 | SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); |
| 190 | SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); | 191 | return (0); |
| 191 | return(0); | 192 | } |
| 192 | } | ||
| 193 | 193 | ||
| 194 | if (ssl_clear_bad_session(s)) | 194 | if (ssl_clear_bad_session(s)) { |
| 195 | { | ||
| 196 | SSL_SESSION_free(s->session); | 195 | SSL_SESSION_free(s->session); |
| 197 | s->session=NULL; | 196 | s->session = NULL; |
| 198 | } | 197 | } |
| 199 | 198 | ||
| 200 | s->error=0; | 199 | s->error = 0; |
| 201 | s->hit=0; | 200 | s->hit = 0; |
| 202 | s->shutdown=0; | 201 | s->shutdown = 0; |
| 203 | 202 | ||
| 204 | #if 0 /* Disabled since version 1.10 of this file (early return not | 203 | #if 0 /* Disabled since version 1.10 of this file (early return not |
| 205 | * needed because SSL_clear is not called when doing renegotiation) */ | 204 | * needed because SSL_clear is not called when doing renegotiation) */ |
| 206 | /* This is set if we are doing dynamic renegotiation so keep | 205 | /* This is set if we are doing dynamic renegotiation so keep |
| 207 | * the old cipher. It is sort of a SSL_clear_lite :-) */ | 206 | * the old cipher. It is sort of a SSL_clear_lite :-) */ |
| 208 | if (s->renegotiate) return(1); | ||
| 209 | #else | ||
| 210 | if (s->renegotiate) | 207 | if (s->renegotiate) |
| 211 | { | 208 | return (1); |
| 212 | SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); | 209 | #else |
| 210 | if (s->renegotiate) { | ||
| 211 | SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); | ||
| 213 | return 0; | 212 | return 0; |
| 214 | } | 213 | } |
| 215 | #endif | 214 | #endif |
| 216 | 215 | ||
| 217 | s->type=0; | 216 | s->type = 0; |
| 218 | 217 | ||
| 219 | s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); | 218 | s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); |
| 220 | 219 | ||
| 221 | s->version=s->method->version; | 220 | s->version = s->method->version; |
| 222 | s->client_version=s->version; | 221 | s->client_version = s->version; |
| 223 | s->rwstate=SSL_NOTHING; | 222 | s->rwstate = SSL_NOTHING; |
| 224 | s->rstate=SSL_ST_READ_HEADER; | 223 | s->rstate = SSL_ST_READ_HEADER; |
| 225 | #if 0 | 224 | #if 0 |
| 226 | s->read_ahead=s->ctx->read_ahead; | 225 | s->read_ahead = s->ctx->read_ahead; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | if (s->init_buf != NULL) | 228 | if (s->init_buf != NULL) { |
| 230 | { | ||
| 231 | BUF_MEM_free(s->init_buf); | 229 | BUF_MEM_free(s->init_buf); |
| 232 | s->init_buf=NULL; | 230 | s->init_buf = NULL; |
| 233 | } | 231 | } |
| 234 | 232 | ||
| 235 | ssl_clear_cipher_ctx(s); | 233 | ssl_clear_cipher_ctx(s); |
| 236 | ssl_clear_hash_ctx(&s->read_hash); | 234 | ssl_clear_hash_ctx(&s->read_hash); |
| 237 | ssl_clear_hash_ctx(&s->write_hash); | 235 | ssl_clear_hash_ctx(&s->write_hash); |
| 238 | 236 | ||
| 239 | s->first_packet=0; | 237 | s->first_packet = 0; |
| 240 | 238 | ||
| 241 | #if 1 | 239 | #if 1 |
| 242 | /* Check to see if we were changed into a different method, if | 240 | /* Check to see if we were changed into a different method, if |
| 243 | * so, revert back if we are not doing session-id reuse. */ | 241 | * so, revert back if we are not doing session-id reuse. */ |
| 244 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) | 242 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { |
| 245 | { | ||
| 246 | s->method->ssl_free(s); | 243 | s->method->ssl_free(s); |
| 247 | s->method=s->ctx->method; | 244 | s->method = s->ctx->method; |
| 248 | if (!s->method->ssl_new(s)) | 245 | if (!s->method->ssl_new(s)) |
| 249 | return(0); | 246 | return (0); |
| 250 | } | 247 | } else |
| 251 | else | ||
| 252 | #endif | 248 | #endif |
| 253 | s->method->ssl_clear(s); | 249 | s->method->ssl_clear(s); |
| 254 | return(1); | 250 | return (1); |
| 255 | } | 251 | } |
| 256 | 252 | ||
| 257 | /** Used to change an SSL_CTXs default SSL method type */ | 253 | /** Used to change an SSL_CTXs default SSL method type */ |
| 258 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) | 254 | int |
| 259 | { | 255 | SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) |
| 256 | { | ||
| 260 | STACK_OF(SSL_CIPHER) *sk; | 257 | STACK_OF(SSL_CIPHER) *sk; |
| 261 | 258 | ||
| 262 | ctx->method=meth; | 259 | ctx->method = meth; |
| 263 | 260 | ||
| 264 | sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), | 261 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), |
| 265 | &(ctx->cipher_list_by_id), | 262 | &(ctx->cipher_list_by_id), |
| 266 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 263 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 267 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) | 264 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { |
| 268 | { | 265 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| 269 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 266 | return (0); |
| 270 | return(0); | ||
| 271 | } | ||
| 272 | return(1); | ||
| 273 | } | 267 | } |
| 268 | return (1); | ||
| 269 | } | ||
| 274 | 270 | ||
| 275 | SSL *SSL_new(SSL_CTX *ctx) | 271 | SSL |
| 276 | { | 272 | *SSL_new(SSL_CTX *ctx) |
| 273 | { | ||
| 277 | SSL *s; | 274 | SSL *s; |
| 278 | 275 | ||
| 279 | if (ctx == NULL) | 276 | if (ctx == NULL) { |
| 280 | { | 277 | SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); |
| 281 | SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); | 278 | return (NULL); |
| 282 | return(NULL); | 279 | } |
| 283 | } | 280 | if (ctx->method == NULL) { |
| 284 | if (ctx->method == NULL) | 281 | SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); |
| 285 | { | 282 | return (NULL); |
| 286 | SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); | 283 | } |
| 287 | return(NULL); | ||
| 288 | } | ||
| 289 | 284 | ||
| 290 | s=(SSL *)OPENSSL_malloc(sizeof(SSL)); | 285 | s = (SSL *)OPENSSL_malloc(sizeof(SSL)); |
| 291 | if (s == NULL) goto err; | 286 | if (s == NULL) |
| 292 | memset(s,0,sizeof(SSL)); | 287 | goto err; |
| 288 | memset(s, 0, sizeof(SSL)); | ||
| 293 | 289 | ||
| 294 | #ifndef OPENSSL_NO_KRB5 | 290 | #ifndef OPENSSL_NO_KRB5 |
| 295 | s->kssl_ctx = kssl_ctx_new(); | 291 | s->kssl_ctx = kssl_ctx_new(); |
| 296 | #endif /* OPENSSL_NO_KRB5 */ | 292 | #endif /* OPENSSL_NO_KRB5 */ |
| 297 | 293 | ||
| 298 | s->options=ctx->options; | 294 | s->options = ctx->options; |
| 299 | s->mode=ctx->mode; | 295 | s->mode = ctx->mode; |
| 300 | s->max_cert_list=ctx->max_cert_list; | 296 | s->max_cert_list = ctx->max_cert_list; |
| 301 | 297 | ||
| 302 | if (ctx->cert != NULL) | 298 | if (ctx->cert != NULL) { |
| 303 | { | ||
| 304 | /* Earlier library versions used to copy the pointer to | 299 | /* Earlier library versions used to copy the pointer to |
| 305 | * the CERT, not its contents; only when setting new | 300 | * the CERT, not its contents; only when setting new |
| 306 | * parameters for the per-SSL copy, ssl_cert_new would be | 301 | * parameters for the per-SSL copy, ssl_cert_new would be |
| @@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 314 | s->cert = ssl_cert_dup(ctx->cert); | 309 | s->cert = ssl_cert_dup(ctx->cert); |
| 315 | if (s->cert == NULL) | 310 | if (s->cert == NULL) |
| 316 | goto err; | 311 | goto err; |
| 317 | } | 312 | } else |
| 318 | else | ||
| 319 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | 313 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ |
| 320 | 314 | ||
| 321 | s->read_ahead=ctx->read_ahead; | 315 | s->read_ahead = ctx->read_ahead; |
| 322 | s->msg_callback=ctx->msg_callback; | 316 | s->msg_callback = ctx->msg_callback; |
| 323 | s->msg_callback_arg=ctx->msg_callback_arg; | 317 | s->msg_callback_arg = ctx->msg_callback_arg; |
| 324 | s->verify_mode=ctx->verify_mode; | 318 | s->verify_mode = ctx->verify_mode; |
| 325 | #if 0 | 319 | #if 0 |
| 326 | s->verify_depth=ctx->verify_depth; | 320 | s->verify_depth = ctx->verify_depth; |
| 327 | #endif | 321 | #endif |
| 328 | s->sid_ctx_length=ctx->sid_ctx_length; | 322 | s->sid_ctx_length = ctx->sid_ctx_length; |
| 329 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | 323 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); |
| 330 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 324 | memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); |
| 331 | s->verify_callback=ctx->default_verify_callback; | 325 | s->verify_callback = ctx->default_verify_callback; |
| 332 | s->generate_session_id=ctx->generate_session_id; | 326 | s->generate_session_id = ctx->generate_session_id; |
| 333 | 327 | ||
| 334 | s->param = X509_VERIFY_PARAM_new(); | 328 | s->param = X509_VERIFY_PARAM_new(); |
| 335 | if (!s->param) | 329 | if (!s->param) |
| @@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 339 | s->purpose = ctx->purpose; | 333 | s->purpose = ctx->purpose; |
| 340 | s->trust = ctx->trust; | 334 | s->trust = ctx->trust; |
| 341 | #endif | 335 | #endif |
| 342 | s->quiet_shutdown=ctx->quiet_shutdown; | 336 | s->quiet_shutdown = ctx->quiet_shutdown; |
| 343 | s->max_send_fragment = ctx->max_send_fragment; | 337 | s->max_send_fragment = ctx->max_send_fragment; |
| 344 | 338 | ||
| 345 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 339 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 346 | s->ctx=ctx; | 340 | s->ctx = ctx; |
| 347 | #ifndef OPENSSL_NO_TLSEXT | 341 | #ifndef OPENSSL_NO_TLSEXT |
| 348 | s->tlsext_debug_cb = 0; | 342 | s->tlsext_debug_cb = 0; |
| 349 | s->tlsext_debug_arg = NULL; | 343 | s->tlsext_debug_arg = NULL; |
| @@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 354 | s->tlsext_ocsp_exts = NULL; | 348 | s->tlsext_ocsp_exts = NULL; |
| 355 | s->tlsext_ocsp_resp = NULL; | 349 | s->tlsext_ocsp_resp = NULL; |
| 356 | s->tlsext_ocsp_resplen = -1; | 350 | s->tlsext_ocsp_resplen = -1; |
| 357 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 351 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 358 | s->initial_ctx=ctx; | 352 | s->initial_ctx = ctx; |
| 359 | # ifndef OPENSSL_NO_NEXTPROTONEG | 353 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 360 | s->next_proto_negotiated = NULL; | 354 | s->next_proto_negotiated = NULL; |
| 361 | # endif | 355 | # endif |
| 362 | #endif | 356 | #endif |
| 363 | 357 | ||
| 364 | s->verify_result=X509_V_OK; | 358 | s->verify_result = X509_V_OK; |
| 365 | 359 | ||
| 366 | s->method=ctx->method; | 360 | s->method = ctx->method; |
| 367 | 361 | ||
| 368 | if (!s->method->ssl_new(s)) | 362 | if (!s->method->ssl_new(s)) |
| 369 | goto err; | 363 | goto err; |
| 370 | 364 | ||
| 371 | s->references=1; | 365 | s->references = 1; |
| 372 | s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; | 366 | s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; |
| 373 | 367 | ||
| 374 | SSL_clear(s); | 368 | SSL_clear(s); |
| 375 | 369 | ||
| 376 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 370 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 377 | 371 | ||
| 378 | #ifndef OPENSSL_NO_PSK | 372 | #ifndef OPENSSL_NO_PSK |
| 379 | s->psk_client_callback=ctx->psk_client_callback; | 373 | s->psk_client_callback = ctx->psk_client_callback; |
| 380 | s->psk_server_callback=ctx->psk_server_callback; | 374 | s->psk_server_callback = ctx->psk_server_callback; |
| 381 | #endif | 375 | #endif |
| 382 | 376 | ||
| 383 | return(s); | 377 | return (s); |
| 384 | err: | 378 | err: |
| 385 | if (s != NULL) | 379 | if (s != NULL) { |
| 386 | { | ||
| 387 | if (s->cert != NULL) | 380 | if (s->cert != NULL) |
| 388 | ssl_cert_free(s->cert); | 381 | ssl_cert_free(s->cert); |
| 389 | if (s->ctx != NULL) | 382 | if (s->ctx != NULL) |
| 390 | SSL_CTX_free(s->ctx); /* decrement reference count */ | 383 | SSL_CTX_free(s->ctx); /* decrement reference count */ |
| 391 | OPENSSL_free(s); | 384 | OPENSSL_free(s); |
| 392 | } | ||
| 393 | SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | ||
| 394 | return(NULL); | ||
| 395 | } | 385 | } |
| 386 | SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); | ||
| 387 | return (NULL); | ||
| 388 | } | ||
| 396 | 389 | ||
| 397 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | 390 | int |
| 398 | unsigned int sid_ctx_len) | 391 | SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, |
| 399 | { | 392 | unsigned int sid_ctx_len) |
| 400 | if(sid_ctx_len > sizeof ctx->sid_ctx) | 393 | { |
| 401 | { | 394 | if (sid_ctx_len > sizeof ctx->sid_ctx) { |
| 402 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 395 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 403 | return 0; | 396 | return 0; |
| 404 | } | 397 | } |
| 405 | ctx->sid_ctx_length=sid_ctx_len; | 398 | ctx->sid_ctx_length = sid_ctx_len; |
| 406 | memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); | 399 | memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); |
| 407 | 400 | ||
| 408 | return 1; | 401 | return 1; |
| 409 | } | 402 | } |
| 410 | 403 | ||
| 411 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | 404 | int |
| 412 | unsigned int sid_ctx_len) | 405 | SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, |
| 413 | { | 406 | unsigned int sid_ctx_len) |
| 414 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 407 | { |
| 415 | { | 408 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 416 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 409 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 417 | return 0; | 410 | return 0; |
| 418 | } | 411 | } |
| 419 | ssl->sid_ctx_length=sid_ctx_len; | 412 | ssl->sid_ctx_length = sid_ctx_len; |
| 420 | memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); | 413 | memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); |
| 421 | 414 | ||
| 422 | return 1; | 415 | return 1; |
| 423 | } | 416 | } |
| 424 | 417 | ||
| 425 | int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) | 418 | int |
| 426 | { | 419 | SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) |
| 420 | { | ||
| 427 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 421 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 428 | ctx->generate_session_id = cb; | 422 | ctx->generate_session_id = cb; |
| 429 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 423 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 430 | return 1; | 424 | return 1; |
| 431 | } | 425 | } |
| 432 | 426 | ||
| 433 | int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) | 427 | int |
| 434 | { | 428 | SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) |
| 429 | { | ||
| 435 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 430 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 436 | ssl->generate_session_id = cb; | 431 | ssl->generate_session_id = cb; |
| 437 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 432 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 438 | return 1; | 433 | return 1; |
| 439 | } | 434 | } |
| 440 | 435 | ||
| 441 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | 436 | int |
| 442 | unsigned int id_len) | 437 | SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, |
| 443 | { | 438 | unsigned int id_len) |
| 439 | { | ||
| 444 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how | 440 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how |
| 445 | * we can "construct" a session to give us the desired check - ie. to | 441 | * we can "construct" a session to give us the desired check - ie. to |
| 446 | * find if there's a session in the hash table that would conflict with | 442 | * find if there's a session in the hash table that would conflict with |
| @@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 448 | * use by this SSL. */ | 444 | * use by this SSL. */ |
| 449 | SSL_SESSION r, *p; | 445 | SSL_SESSION r, *p; |
| 450 | 446 | ||
| 451 | if(id_len > sizeof r.session_id) | 447 | if (id_len > sizeof r.session_id) |
| 452 | return 0; | 448 | return 0; |
| 453 | 449 | ||
| 454 | r.ssl_version = ssl->version; | 450 | r.ssl_version = ssl->version; |
| @@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 458 | * callback is calling us to check the uniqueness of a shorter ID, it | 454 | * callback is calling us to check the uniqueness of a shorter ID, it |
| 459 | * must be compared as a padded-out ID because that is what it will be | 455 | * must be compared as a padded-out ID because that is what it will be |
| 460 | * converted to when the callback has finished choosing it. */ | 456 | * converted to when the callback has finished choosing it. */ |
| 461 | if((r.ssl_version == SSL2_VERSION) && | 457 | if ((r.ssl_version == SSL2_VERSION) && |
| 462 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) | 458 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { |
| 463 | { | ||
| 464 | memset(r.session_id + id_len, 0, | 459 | memset(r.session_id + id_len, 0, |
| 465 | SSL2_SSL_SESSION_ID_LENGTH - id_len); | 460 | SSL2_SSL_SESSION_ID_LENGTH - id_len); |
| 466 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; | 461 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 467 | } | 462 | } |
| 468 | 463 | ||
| 469 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 464 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 470 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); | 465 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); |
| 471 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 466 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 472 | return (p != NULL); | 467 | return (p != NULL); |
| 473 | } | 468 | } |
| 474 | 469 | ||
| 475 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | 470 | int |
| 476 | { | 471 | SSL_CTX_set_purpose(SSL_CTX *s, int purpose) |
| 472 | { | ||
| 477 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 473 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 478 | } | 474 | } |
| 479 | 475 | ||
| 480 | int SSL_set_purpose(SSL *s, int purpose) | 476 | int |
| 481 | { | 477 | SSL_set_purpose(SSL *s, int purpose) |
| 478 | { | ||
| 482 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 479 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 483 | } | 480 | } |
| 484 | 481 | ||
| 485 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | 482 | int |
| 486 | { | 483 | SSL_CTX_set_trust(SSL_CTX *s, int trust) |
| 484 | { | ||
| 487 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 485 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 488 | } | 486 | } |
| 489 | 487 | ||
| 490 | int SSL_set_trust(SSL *s, int trust) | 488 | int |
| 491 | { | 489 | SSL_set_trust(SSL *s, int trust) |
| 490 | { | ||
| 492 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 491 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 493 | } | 492 | } |
| 494 | 493 | ||
| 495 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) | 494 | int |
| 496 | { | 495 | SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) |
| 496 | { | ||
| 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); | 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); |
| 498 | } | 498 | } |
| 499 | 499 | ||
| 500 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) | 500 | int |
| 501 | { | 501 | SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) |
| 502 | { | ||
| 502 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); | 503 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); |
| 503 | } | 504 | } |
| 504 | 505 | ||
| 505 | void SSL_free(SSL *s) | 506 | void |
| 506 | { | 507 | SSL_free(SSL *s) |
| 508 | { | ||
| 507 | int i; | 509 | int i; |
| 508 | 510 | ||
| 509 | if(s == NULL) | 511 | if (s == NULL) |
| 510 | return; | 512 | return; |
| 511 | 513 | ||
| 512 | i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); | 514 | i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); |
| 513 | #ifdef REF_PRINT | 515 | #ifdef REF_PRINT |
| 514 | REF_PRINT("SSL",s); | 516 | REF_PRINT("SSL", s); |
| 515 | #endif | 517 | #endif |
| 516 | if (i > 0) return; | 518 | if (i > 0) |
| 519 | return; | ||
| 517 | #ifdef REF_CHECK | 520 | #ifdef REF_CHECK |
| 518 | if (i < 0) | 521 | if (i < 0) { |
| 519 | { | 522 | fprintf(stderr, "SSL_free, bad reference count\n"); |
| 520 | fprintf(stderr,"SSL_free, bad reference count\n"); | ||
| 521 | abort(); /* ok */ | 523 | abort(); /* ok */ |
| 522 | } | 524 | } |
| 523 | #endif | 525 | #endif |
| 524 | 526 | ||
| 525 | if (s->param) | 527 | if (s->param) |
| @@ -527,53 +529,58 @@ void SSL_free(SSL *s) | |||
| 527 | 529 | ||
| 528 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 530 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 529 | 531 | ||
| 530 | if (s->bbio != NULL) | 532 | if (s->bbio != NULL) { |
| 531 | { | ||
| 532 | /* If the buffering BIO is in place, pop it off */ | 533 | /* If the buffering BIO is in place, pop it off */ |
| 533 | if (s->bbio == s->wbio) | 534 | if (s->bbio == s->wbio) { |
| 534 | { | 535 | s->wbio = BIO_pop(s->wbio); |
| 535 | s->wbio=BIO_pop(s->wbio); | ||
| 536 | } | ||
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio=NULL; | ||
| 539 | } | 536 | } |
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio = NULL; | ||
| 539 | } | ||
| 540 | if (s->rbio != NULL) | 540 | if (s->rbio != NULL) |
| 541 | BIO_free_all(s->rbio); | 541 | BIO_free_all(s->rbio); |
| 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) | 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) |
| 543 | BIO_free_all(s->wbio); | 543 | BIO_free_all(s->wbio); |
| 544 | 544 | ||
| 545 | if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); | 545 | if (s->init_buf != NULL) |
| 546 | BUF_MEM_free(s->init_buf); | ||
| 546 | 547 | ||
| 547 | /* add extra stuff */ | 548 | /* add extra stuff */ |
| 548 | if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); | 549 | if (s->cipher_list != NULL) |
| 549 | if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); | 550 | sk_SSL_CIPHER_free(s->cipher_list); |
| 551 | if (s->cipher_list_by_id != NULL) | ||
| 552 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
| 550 | 553 | ||
| 551 | /* Make the next call work :-) */ | 554 | /* Make the next call work :-) */ |
| 552 | if (s->session != NULL) | 555 | if (s->session != NULL) { |
| 553 | { | ||
| 554 | ssl_clear_bad_session(s); | 556 | ssl_clear_bad_session(s); |
| 555 | SSL_SESSION_free(s->session); | 557 | SSL_SESSION_free(s->session); |
| 556 | } | 558 | } |
| 557 | 559 | ||
| 558 | ssl_clear_cipher_ctx(s); | 560 | ssl_clear_cipher_ctx(s); |
| 559 | ssl_clear_hash_ctx(&s->read_hash); | 561 | ssl_clear_hash_ctx(&s->read_hash); |
| 560 | ssl_clear_hash_ctx(&s->write_hash); | 562 | ssl_clear_hash_ctx(&s->write_hash); |
| 561 | 563 | ||
| 562 | if (s->cert != NULL) ssl_cert_free(s->cert); | 564 | if (s->cert != NULL) |
| 565 | ssl_cert_free(s->cert); | ||
| 563 | /* Free up if allocated */ | 566 | /* Free up if allocated */ |
| 564 | 567 | ||
| 565 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 566 | if (s->tlsext_hostname) | 569 | if (s->tlsext_hostname) |
| 567 | OPENSSL_free(s->tlsext_hostname); | 570 | OPENSSL_free(s->tlsext_hostname); |
| 568 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | 571 | if (s->initial_ctx) |
| 572 | SSL_CTX_free(s->initial_ctx); | ||
| 569 | #ifndef OPENSSL_NO_EC | 573 | #ifndef OPENSSL_NO_EC |
| 570 | if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); | 574 | if (s->tlsext_ecpointformatlist) |
| 571 | if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); | 575 | OPENSSL_free(s->tlsext_ecpointformatlist); |
| 576 | if (s->tlsext_ellipticcurvelist) | ||
| 577 | OPENSSL_free(s->tlsext_ellipticcurvelist); | ||
| 572 | #endif /* OPENSSL_NO_EC */ | 578 | #endif /* OPENSSL_NO_EC */ |
| 573 | if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); | 579 | if (s->tlsext_opaque_prf_input) |
| 580 | OPENSSL_free(s->tlsext_opaque_prf_input); | ||
| 574 | if (s->tlsext_ocsp_exts) | 581 | if (s->tlsext_ocsp_exts) |
| 575 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 582 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, |
| 576 | X509_EXTENSION_free); | 583 | X509_EXTENSION_free); |
| 577 | if (s->tlsext_ocsp_ids) | 584 | if (s->tlsext_ocsp_ids) |
| 578 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | 585 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); |
| 579 | if (s->tlsext_ocsp_resp) | 586 | if (s->tlsext_ocsp_resp) |
| @@ -581,11 +588,13 @@ void SSL_free(SSL *s) | |||
| 581 | #endif | 588 | #endif |
| 582 | 589 | ||
| 583 | if (s->client_CA != NULL) | 590 | if (s->client_CA != NULL) |
| 584 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | 591 | sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); |
| 585 | 592 | ||
| 586 | if (s->method != NULL) s->method->ssl_free(s); | 593 | if (s->method != NULL) |
| 594 | s->method->ssl_free(s); | ||
| 587 | 595 | ||
| 588 | if (s->ctx) SSL_CTX_free(s->ctx); | 596 | if (s->ctx) |
| 597 | SSL_CTX_free(s->ctx); | ||
| 589 | 598 | ||
| 590 | #ifndef OPENSSL_NO_KRB5 | 599 | #ifndef OPENSSL_NO_KRB5 |
| 591 | if (s->kssl_ctx != NULL) | 600 | if (s->kssl_ctx != NULL) |
| @@ -598,223 +607,237 @@ void SSL_free(SSL *s) | |||
| 598 | #endif | 607 | #endif |
| 599 | 608 | ||
| 600 | #ifndef OPENSSL_NO_SRTP | 609 | #ifndef OPENSSL_NO_SRTP |
| 601 | if (s->srtp_profiles) | 610 | if (s->srtp_profiles) |
| 602 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); | 611 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); |
| 603 | #endif | 612 | #endif |
| 604 | 613 | ||
| 605 | OPENSSL_free(s); | 614 | OPENSSL_free(s); |
| 606 | } | 615 | } |
| 607 | 616 | ||
| 608 | void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) | 617 | void |
| 609 | { | 618 | SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) |
| 619 | { | ||
| 610 | /* If the output buffering BIO is still in place, remove it | 620 | /* If the output buffering BIO is still in place, remove it |
| 611 | */ | 621 | */ |
| 612 | if (s->bbio != NULL) | 622 | if (s->bbio != NULL) { |
| 613 | { | 623 | if (s->wbio == s->bbio) { |
| 614 | if (s->wbio == s->bbio) | 624 | s->wbio = s->wbio->next_bio; |
| 615 | { | 625 | s->bbio->next_bio = NULL; |
| 616 | s->wbio=s->wbio->next_bio; | ||
| 617 | s->bbio->next_bio=NULL; | ||
| 618 | } | ||
| 619 | } | 626 | } |
| 627 | } | ||
| 620 | if ((s->rbio != NULL) && (s->rbio != rbio)) | 628 | if ((s->rbio != NULL) && (s->rbio != rbio)) |
| 621 | BIO_free_all(s->rbio); | 629 | BIO_free_all(s->rbio); |
| 622 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) | 630 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) |
| 623 | BIO_free_all(s->wbio); | 631 | BIO_free_all(s->wbio); |
| 624 | s->rbio=rbio; | 632 | s->rbio = rbio; |
| 625 | s->wbio=wbio; | 633 | s->wbio = wbio; |
| 626 | } | 634 | } |
| 627 | 635 | ||
| 628 | BIO *SSL_get_rbio(const SSL *s) | 636 | BIO |
| 629 | { return(s->rbio); } | 637 | *SSL_get_rbio(const SSL *s) |
| 638 | { return (s->rbio); | ||
| 639 | } | ||
| 630 | 640 | ||
| 631 | BIO *SSL_get_wbio(const SSL *s) | 641 | BIO |
| 632 | { return(s->wbio); } | 642 | *SSL_get_wbio(const SSL *s) |
| 643 | { return (s->wbio); | ||
| 644 | } | ||
| 633 | 645 | ||
| 634 | int SSL_get_fd(const SSL *s) | 646 | int |
| 635 | { | 647 | SSL_get_fd(const SSL *s) |
| 636 | return(SSL_get_rfd(s)); | 648 | { |
| 637 | } | 649 | return (SSL_get_rfd(s)); |
| 650 | } | ||
| 638 | 651 | ||
| 639 | int SSL_get_rfd(const SSL *s) | 652 | int |
| 640 | { | 653 | SSL_get_rfd(const SSL *s) |
| 641 | int ret= -1; | 654 | { |
| 642 | BIO *b,*r; | 655 | int ret = -1; |
| 656 | BIO *b, *r; | ||
| 643 | 657 | ||
| 644 | b=SSL_get_rbio(s); | 658 | b = SSL_get_rbio(s); |
| 645 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 659 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 646 | if (r != NULL) | 660 | if (r != NULL) |
| 647 | BIO_get_fd(r,&ret); | 661 | BIO_get_fd(r, &ret); |
| 648 | return(ret); | 662 | return (ret); |
| 649 | } | 663 | } |
| 650 | 664 | ||
| 651 | int SSL_get_wfd(const SSL *s) | 665 | int |
| 652 | { | 666 | SSL_get_wfd(const SSL *s) |
| 653 | int ret= -1; | 667 | { |
| 654 | BIO *b,*r; | 668 | int ret = -1; |
| 669 | BIO *b, *r; | ||
| 655 | 670 | ||
| 656 | b=SSL_get_wbio(s); | 671 | b = SSL_get_wbio(s); |
| 657 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 672 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 658 | if (r != NULL) | 673 | if (r != NULL) |
| 659 | BIO_get_fd(r,&ret); | 674 | BIO_get_fd(r, &ret); |
| 660 | return(ret); | 675 | return (ret); |
| 661 | } | 676 | } |
| 662 | 677 | ||
| 663 | #ifndef OPENSSL_NO_SOCK | 678 | #ifndef OPENSSL_NO_SOCK |
| 664 | int SSL_set_fd(SSL *s,int fd) | 679 | int |
| 665 | { | 680 | SSL_set_fd(SSL *s, int fd) |
| 666 | int ret=0; | 681 | { |
| 667 | BIO *bio=NULL; | 682 | int ret = 0; |
| 683 | BIO *bio = NULL; | ||
| 668 | 684 | ||
| 669 | bio=BIO_new(BIO_s_socket()); | 685 | bio = BIO_new(BIO_s_socket()); |
| 670 | 686 | ||
| 671 | if (bio == NULL) | 687 | if (bio == NULL) { |
| 672 | { | 688 | SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); |
| 673 | SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); | ||
| 674 | goto err; | 689 | goto err; |
| 675 | } | ||
| 676 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 677 | SSL_set_bio(s,bio,bio); | ||
| 678 | ret=1; | ||
| 679 | err: | ||
| 680 | return(ret); | ||
| 681 | } | 690 | } |
| 691 | BIO_set_fd(bio, fd, BIO_NOCLOSE); | ||
| 692 | SSL_set_bio(s, bio, bio); | ||
| 693 | ret = 1; | ||
| 694 | err: | ||
| 695 | return (ret); | ||
| 696 | } | ||
| 682 | 697 | ||
| 683 | int SSL_set_wfd(SSL *s,int fd) | 698 | int |
| 684 | { | 699 | SSL_set_wfd(SSL *s, int fd) |
| 685 | int ret=0; | 700 | { |
| 686 | BIO *bio=NULL; | 701 | int ret = 0; |
| 702 | BIO *bio = NULL; | ||
| 687 | 703 | ||
| 688 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) | 704 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) |
| 689 | || ((int)BIO_get_fd(s->rbio,NULL) != fd)) | 705 | || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { |
| 690 | { | 706 | bio = BIO_new(BIO_s_socket()); |
| 691 | bio=BIO_new(BIO_s_socket()); | ||
| 692 | 707 | ||
| 693 | if (bio == NULL) | 708 | if (bio == NULL) |
| 694 | { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } | 709 | { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); |
| 695 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | 710 | goto err; |
| 696 | SSL_set_bio(s,SSL_get_rbio(s),bio); | ||
| 697 | } | 711 | } |
| 698 | else | 712 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 699 | SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); | 713 | SSL_set_bio(s, SSL_get_rbio(s), bio); |
| 700 | ret=1; | 714 | } else |
| 715 | SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); | ||
| 716 | ret = 1; | ||
| 701 | err: | 717 | err: |
| 702 | return(ret); | 718 | return (ret); |
| 703 | } | 719 | } |
| 704 | 720 | ||
| 705 | int SSL_set_rfd(SSL *s,int fd) | 721 | int |
| 706 | { | 722 | SSL_set_rfd(SSL *s, int fd) |
| 707 | int ret=0; | 723 | { |
| 708 | BIO *bio=NULL; | 724 | int ret = 0; |
| 725 | BIO *bio = NULL; | ||
| 709 | 726 | ||
| 710 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) | 727 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) |
| 711 | || ((int)BIO_get_fd(s->wbio,NULL) != fd)) | 728 | || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { |
| 712 | { | 729 | bio = BIO_new(BIO_s_socket()); |
| 713 | bio=BIO_new(BIO_s_socket()); | ||
| 714 | 730 | ||
| 715 | if (bio == NULL) | 731 | if (bio == NULL) { |
| 716 | { | 732 | SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); |
| 717 | SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); | ||
| 718 | goto err; | 733 | goto err; |
| 719 | } | ||
| 720 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 721 | SSL_set_bio(s,bio,SSL_get_wbio(s)); | ||
| 722 | } | 734 | } |
| 723 | else | 735 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 724 | SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); | 736 | SSL_set_bio(s, bio, SSL_get_wbio(s)); |
| 725 | ret=1; | 737 | } else |
| 738 | SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); | ||
| 739 | ret = 1; | ||
| 726 | err: | 740 | err: |
| 727 | return(ret); | 741 | return (ret); |
| 728 | } | 742 | } |
| 729 | #endif | 743 | #endif |
| 730 | 744 | ||
| 731 | 745 | ||
| 732 | /* return length of latest Finished message we sent, copy to 'buf' */ | 746 | /* return length of latest Finished message we sent, copy to 'buf' */ |
| 733 | size_t SSL_get_finished(const SSL *s, void *buf, size_t count) | 747 | size_t |
| 734 | { | 748 | SSL_get_finished(const SSL *s, void *buf, size_t count) |
| 749 | { | ||
| 735 | size_t ret = 0; | 750 | size_t ret = 0; |
| 736 | 751 | ||
| 737 | if (s->s3 != NULL) | 752 | if (s->s3 != NULL) { |
| 738 | { | ||
| 739 | ret = s->s3->tmp.finish_md_len; | 753 | ret = s->s3->tmp.finish_md_len; |
| 740 | if (count > ret) | 754 | if (count > ret) |
| 741 | count = ret; | 755 | count = ret; |
| 742 | memcpy(buf, s->s3->tmp.finish_md, count); | 756 | memcpy(buf, s->s3->tmp.finish_md, count); |
| 743 | } | ||
| 744 | return ret; | ||
| 745 | } | 757 | } |
| 758 | return ret; | ||
| 759 | } | ||
| 746 | 760 | ||
| 747 | /* return length of latest Finished message we expected, copy to 'buf' */ | 761 | /* return length of latest Finished message we expected, copy to 'buf' */ |
| 748 | size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | 762 | size_t |
| 749 | { | 763 | SSL_get_peer_finished(const SSL *s, void *buf, size_t count) |
| 764 | { | ||
| 750 | size_t ret = 0; | 765 | size_t ret = 0; |
| 751 | 766 | ||
| 752 | if (s->s3 != NULL) | 767 | if (s->s3 != NULL) { |
| 753 | { | ||
| 754 | ret = s->s3->tmp.peer_finish_md_len; | 768 | ret = s->s3->tmp.peer_finish_md_len; |
| 755 | if (count > ret) | 769 | if (count > ret) |
| 756 | count = ret; | 770 | count = ret; |
| 757 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | 771 | memcpy(buf, s->s3->tmp.peer_finish_md, count); |
| 758 | } | ||
| 759 | return ret; | ||
| 760 | } | 772 | } |
| 773 | return ret; | ||
| 774 | } | ||
| 761 | 775 | ||
| 762 | 776 | ||
| 763 | int SSL_get_verify_mode(const SSL *s) | 777 | int |
| 764 | { | 778 | SSL_get_verify_mode(const SSL *s) |
| 765 | return(s->verify_mode); | 779 | { |
| 766 | } | 780 | return (s->verify_mode); |
| 781 | } | ||
| 767 | 782 | ||
| 768 | int SSL_get_verify_depth(const SSL *s) | 783 | int |
| 769 | { | 784 | SSL_get_verify_depth(const SSL *s) |
| 785 | { | ||
| 770 | return X509_VERIFY_PARAM_get_depth(s->param); | 786 | return X509_VERIFY_PARAM_get_depth(s->param); |
| 771 | } | 787 | } |
| 772 | 788 | ||
| 773 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) | 789 | int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) |
| 774 | { | 790 | { |
| 775 | return(s->verify_callback); | 791 | return (s->verify_callback); |
| 776 | } | 792 | } |
| 777 | 793 | ||
| 778 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | 794 | int |
| 779 | { | 795 | SSL_CTX_get_verify_mode(const SSL_CTX *ctx) |
| 780 | return(ctx->verify_mode); | 796 | { |
| 781 | } | 797 | return (ctx->verify_mode); |
| 798 | } | ||
| 782 | 799 | ||
| 783 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | 800 | int |
| 784 | { | 801 | SSL_CTX_get_verify_depth(const SSL_CTX *ctx) |
| 802 | { | ||
| 785 | return X509_VERIFY_PARAM_get_depth(ctx->param); | 803 | return X509_VERIFY_PARAM_get_depth(ctx->param); |
| 786 | } | 804 | } |
| 787 | 805 | ||
| 788 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) | 806 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) |
| 789 | { | 807 | { |
| 790 | return(ctx->default_verify_callback); | 808 | return (ctx->default_verify_callback); |
| 791 | } | 809 | } |
| 792 | 810 | ||
| 793 | void SSL_set_verify(SSL *s,int mode, | 811 | void |
| 794 | int (*callback)(int ok,X509_STORE_CTX *ctx)) | 812 | SSL_set_verify(SSL *s, int mode, |
| 795 | { | 813 | int (*callback)(int ok, X509_STORE_CTX *ctx)) |
| 796 | s->verify_mode=mode; | 814 | { |
| 815 | s->verify_mode = mode; | ||
| 797 | if (callback != NULL) | 816 | if (callback != NULL) |
| 798 | s->verify_callback=callback; | 817 | s->verify_callback = callback; |
| 799 | } | 818 | } |
| 800 | 819 | ||
| 801 | void SSL_set_verify_depth(SSL *s,int depth) | 820 | void |
| 802 | { | 821 | SSL_set_verify_depth(SSL *s, int depth) |
| 822 | { | ||
| 803 | X509_VERIFY_PARAM_set_depth(s->param, depth); | 823 | X509_VERIFY_PARAM_set_depth(s->param, depth); |
| 804 | } | 824 | } |
| 805 | 825 | ||
| 806 | void SSL_set_read_ahead(SSL *s,int yes) | 826 | void |
| 807 | { | 827 | SSL_set_read_ahead(SSL *s, int yes) |
| 808 | s->read_ahead=yes; | 828 | { |
| 809 | } | 829 | s->read_ahead = yes; |
| 830 | } | ||
| 810 | 831 | ||
| 811 | int SSL_get_read_ahead(const SSL *s) | 832 | int |
| 812 | { | 833 | SSL_get_read_ahead(const SSL *s) |
| 813 | return(s->read_ahead); | 834 | { |
| 814 | } | 835 | return (s->read_ahead); |
| 836 | } | ||
| 815 | 837 | ||
| 816 | int SSL_pending(const SSL *s) | 838 | int |
| 817 | { | 839 | SSL_pending(const SSL *s) |
| 840 | { | ||
| 818 | /* SSL_pending cannot work properly if read-ahead is enabled | 841 | /* SSL_pending cannot work properly if read-ahead is enabled |
| 819 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), | 842 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), |
| 820 | * and it is impossible to fix since SSL_pending cannot report | 843 | * and it is impossible to fix since SSL_pending cannot report |
| @@ -822,264 +845,266 @@ int SSL_pending(const SSL *s) | |||
| 822 | * (Note that SSL_pending() is often used as a boolean value, | 845 | * (Note that SSL_pending() is often used as a boolean value, |
| 823 | * so we'd better not return -1.) | 846 | * so we'd better not return -1.) |
| 824 | */ | 847 | */ |
| 825 | return(s->method->ssl_pending(s)); | 848 | return (s->method->ssl_pending(s)); |
| 826 | } | 849 | } |
| 827 | 850 | ||
| 828 | X509 *SSL_get_peer_certificate(const SSL *s) | 851 | X509 |
| 829 | { | 852 | *SSL_get_peer_certificate(const SSL *s) |
| 853 | { | ||
| 830 | X509 *r; | 854 | X509 *r; |
| 831 | 855 | ||
| 832 | if ((s == NULL) || (s->session == NULL)) | 856 | if ((s == NULL) || (s->session == NULL)) |
| 833 | r=NULL; | 857 | r = NULL; |
| 834 | else | 858 | else |
| 835 | r=s->session->peer; | 859 | r = s->session->peer; |
| 836 | 860 | ||
| 837 | if (r == NULL) return(r); | 861 | if (r == NULL) |
| 862 | return (r); | ||
| 838 | 863 | ||
| 839 | CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); | 864 | CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); |
| 840 | 865 | ||
| 841 | return(r); | 866 | return (r); |
| 842 | } | 867 | } |
| 843 | 868 | ||
| 844 | STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) | 869 | STACK_OF(X509) |
| 845 | { | 870 | *SSL_get_peer_cert_chain(const SSL *s) |
| 871 | { | ||
| 846 | STACK_OF(X509) *r; | 872 | STACK_OF(X509) *r; |
| 847 | 873 | ||
| 848 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) | 874 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) |
| 849 | r=NULL; | 875 | r = NULL; |
| 850 | else | 876 | else |
| 851 | r=s->session->sess_cert->cert_chain; | 877 | r = s->session->sess_cert->cert_chain; |
| 852 | 878 | ||
| 853 | /* If we are a client, cert_chain includes the peer's own | 879 | /* If we are a client, cert_chain includes the peer's own |
| 854 | * certificate; if we are a server, it does not. */ | 880 | * certificate; |
| 855 | 881 | if we are a server, it does not. */ | |
| 856 | return(r); | 882 | |
| 857 | } | 883 | return (r); |
| 884 | } | ||
| 858 | 885 | ||
| 859 | /* Now in theory, since the calling process own 't' it should be safe to | 886 | /* Now in theory, since the calling process own 't' it should be safe to |
| 860 | * modify. We need to be able to read f without being hassled */ | 887 | * modify. We need to be able to read f without being hassled */ |
| 861 | void SSL_copy_session_id(SSL *t,const SSL *f) | 888 | void |
| 862 | { | 889 | SSL_copy_session_id(SSL *t, const SSL *f) |
| 890 | { | ||
| 863 | CERT *tmp; | 891 | CERT *tmp; |
| 864 | 892 | ||
| 865 | /* Do we need to to SSL locking? */ | 893 | /* Do we need to to SSL locking? */ |
| 866 | SSL_set_session(t,SSL_get_session(f)); | 894 | SSL_set_session(t, SSL_get_session(f)); |
| 867 | 895 | ||
| 868 | /* what if we are setup as SSLv2 but want to talk SSLv3 or | 896 | /* what if we are setup as SSLv2 but want to talk SSLv3 or |
| 869 | * vice-versa */ | 897 | * vice-versa */ |
| 870 | if (t->method != f->method) | 898 | if (t->method != f->method) { |
| 871 | { | ||
| 872 | t->method->ssl_free(t); /* cleanup current */ | 899 | t->method->ssl_free(t); /* cleanup current */ |
| 873 | t->method=f->method; /* change method */ | 900 | t->method=f->method; /* change method */ |
| 874 | t->method->ssl_new(t); /* setup new */ | 901 | t->method->ssl_new(t); /* setup new */ |
| 875 | } | ||
| 876 | |||
| 877 | tmp=t->cert; | ||
| 878 | if (f->cert != NULL) | ||
| 879 | { | ||
| 880 | CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 881 | t->cert=f->cert; | ||
| 882 | } | ||
| 883 | else | ||
| 884 | t->cert=NULL; | ||
| 885 | if (tmp != NULL) ssl_cert_free(tmp); | ||
| 886 | SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); | ||
| 887 | } | 902 | } |
| 888 | 903 | ||
| 904 | tmp = t->cert; | ||
| 905 | if (f->cert != NULL) { | ||
| 906 | CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); | ||
| 907 | t->cert = f->cert; | ||
| 908 | } else | ||
| 909 | t->cert = NULL; | ||
| 910 | if (tmp != NULL) | ||
| 911 | ssl_cert_free(tmp); | ||
| 912 | SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); | ||
| 913 | } | ||
| 914 | |||
| 889 | /* Fix this so it checks all the valid key/cert options */ | 915 | /* Fix this so it checks all the valid key/cert options */ |
| 890 | int SSL_CTX_check_private_key(const SSL_CTX *ctx) | 916 | int |
| 891 | { | 917 | SSL_CTX_check_private_key(const SSL_CTX *ctx) |
| 892 | if ( (ctx == NULL) || | 918 | { |
| 919 | if ((ctx == NULL) || | ||
| 893 | (ctx->cert == NULL) || | 920 | (ctx->cert == NULL) || |
| 894 | (ctx->cert->key->x509 == NULL)) | 921 | (ctx->cert->key->x509 == NULL)) { |
| 895 | { | 922 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 896 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | 923 | return (0); |
| 897 | return(0); | 924 | } |
| 898 | } | 925 | if (ctx->cert->key->privatekey == NULL) { |
| 899 | if (ctx->cert->key->privatekey == NULL) | 926 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); |
| 900 | { | 927 | return (0); |
| 901 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 902 | return(0); | ||
| 903 | } | ||
| 904 | return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 905 | } | 928 | } |
| 929 | return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 930 | } | ||
| 906 | 931 | ||
| 907 | /* Fix this function so that it takes an optional type parameter */ | 932 | /* Fix this function so that it takes an optional type parameter */ |
| 908 | int SSL_check_private_key(const SSL *ssl) | 933 | int |
| 909 | { | 934 | SSL_check_private_key(const SSL *ssl) |
| 910 | if (ssl == NULL) | 935 | { |
| 911 | { | 936 | if (ssl == NULL) { |
| 912 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); | 937 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); |
| 913 | return(0); | 938 | return (0); |
| 914 | } | 939 | } |
| 915 | if (ssl->cert == NULL) | 940 | if (ssl->cert == NULL) { |
| 916 | { | 941 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 917 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 918 | return 0; | 942 | return 0; |
| 919 | } | ||
| 920 | if (ssl->cert->key->x509 == NULL) | ||
| 921 | { | ||
| 922 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 923 | return(0); | ||
| 924 | } | ||
| 925 | if (ssl->cert->key->privatekey == NULL) | ||
| 926 | { | ||
| 927 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 928 | return(0); | ||
| 929 | } | ||
| 930 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 931 | ssl->cert->key->privatekey)); | ||
| 932 | } | 943 | } |
| 944 | if (ssl->cert->key->x509 == NULL) { | ||
| 945 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 946 | return (0); | ||
| 947 | } | ||
| 948 | if (ssl->cert->key->privatekey == NULL) { | ||
| 949 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 950 | return (0); | ||
| 951 | } | ||
| 952 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 953 | ssl->cert->key->privatekey)); | ||
| 954 | } | ||
| 933 | 955 | ||
| 934 | int SSL_accept(SSL *s) | 956 | int |
| 935 | { | 957 | SSL_accept(SSL *s) |
| 958 | { | ||
| 936 | if (s->handshake_func == 0) | 959 | if (s->handshake_func == 0) |
| 937 | /* Not properly initialized yet */ | 960 | /* Not properly initialized yet */ |
| 938 | SSL_set_accept_state(s); | 961 | SSL_set_accept_state(s); |
| 939 | 962 | ||
| 940 | return(s->method->ssl_accept(s)); | 963 | return (s->method->ssl_accept(s)); |
| 941 | } | 964 | } |
| 942 | 965 | ||
| 943 | int SSL_connect(SSL *s) | 966 | int |
| 944 | { | 967 | SSL_connect(SSL *s) |
| 968 | { | ||
| 945 | if (s->handshake_func == 0) | 969 | if (s->handshake_func == 0) |
| 946 | /* Not properly initialized yet */ | 970 | /* Not properly initialized yet */ |
| 947 | SSL_set_connect_state(s); | 971 | SSL_set_connect_state(s); |
| 948 | 972 | ||
| 949 | return(s->method->ssl_connect(s)); | 973 | return (s->method->ssl_connect(s)); |
| 950 | } | 974 | } |
| 951 | 975 | ||
| 952 | long SSL_get_default_timeout(const SSL *s) | 976 | long |
| 953 | { | 977 | SSL_get_default_timeout(const SSL *s) |
| 954 | return(s->method->get_timeout()); | 978 | { |
| 955 | } | 979 | return (s->method->get_timeout()); |
| 980 | } | ||
| 956 | 981 | ||
| 957 | int SSL_read(SSL *s,void *buf,int num) | 982 | int |
| 958 | { | 983 | SSL_read(SSL *s, void *buf, int num) |
| 959 | if (s->handshake_func == 0) | 984 | { |
| 960 | { | 985 | if (s->handshake_func == 0) { |
| 961 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | 986 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); |
| 962 | return -1; | 987 | return -1; |
| 963 | } | 988 | } |
| 964 | 989 | ||
| 965 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 990 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 966 | { | 991 | s->rwstate = SSL_NOTHING; |
| 967 | s->rwstate=SSL_NOTHING; | 992 | return (0); |
| 968 | return(0); | ||
| 969 | } | ||
| 970 | return(s->method->ssl_read(s,buf,num)); | ||
| 971 | } | 993 | } |
| 994 | return (s->method->ssl_read(s, buf, num)); | ||
| 995 | } | ||
| 972 | 996 | ||
| 973 | int SSL_peek(SSL *s,void *buf,int num) | 997 | int |
| 974 | { | 998 | SSL_peek(SSL *s, void *buf, int num) |
| 975 | if (s->handshake_func == 0) | 999 | { |
| 976 | { | 1000 | if (s->handshake_func == 0) { |
| 977 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); | 1001 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); |
| 978 | return -1; | 1002 | return -1; |
| 979 | } | 1003 | } |
| 980 | 1004 | ||
| 981 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 1005 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 982 | { | 1006 | return (0); |
| 983 | return(0); | ||
| 984 | } | ||
| 985 | return(s->method->ssl_peek(s,buf,num)); | ||
| 986 | } | 1007 | } |
| 1008 | return (s->method->ssl_peek(s, buf, num)); | ||
| 1009 | } | ||
| 987 | 1010 | ||
| 988 | int SSL_write(SSL *s,const void *buf,int num) | 1011 | int |
| 989 | { | 1012 | SSL_write(SSL *s, const void *buf, int num) |
| 990 | if (s->handshake_func == 0) | 1013 | { |
| 991 | { | 1014 | if (s->handshake_func == 0) { |
| 992 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); | 1015 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); |
| 993 | return -1; | 1016 | return -1; |
| 994 | } | 1017 | } |
| 995 | 1018 | ||
| 996 | if (s->shutdown & SSL_SENT_SHUTDOWN) | 1019 | if (s->shutdown & SSL_SENT_SHUTDOWN) { |
| 997 | { | 1020 | s->rwstate = SSL_NOTHING; |
| 998 | s->rwstate=SSL_NOTHING; | 1021 | SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); |
| 999 | SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); | 1022 | return (-1); |
| 1000 | return(-1); | ||
| 1001 | } | ||
| 1002 | return(s->method->ssl_write(s,buf,num)); | ||
| 1003 | } | 1023 | } |
| 1024 | return (s->method->ssl_write(s, buf, num)); | ||
| 1025 | } | ||
| 1004 | 1026 | ||
| 1005 | int SSL_shutdown(SSL *s) | 1027 | int |
| 1006 | { | 1028 | SSL_shutdown(SSL *s) |
| 1029 | { | ||
| 1007 | /* Note that this function behaves differently from what one might | 1030 | /* Note that this function behaves differently from what one might |
| 1008 | * expect. Return values are 0 for no success (yet), | 1031 | * expect. Return values are 0 for no success (yet), |
| 1009 | * 1 for success; but calling it once is usually not enough, | 1032 | * 1 for success; but calling it once is usually not enough, |
| 1010 | * even if blocking I/O is used (see ssl3_shutdown). | 1033 | * even if blocking I/O is used (see ssl3_shutdown). |
| 1011 | */ | 1034 | */ |
| 1012 | 1035 | ||
| 1013 | if (s->handshake_func == 0) | 1036 | if (s->handshake_func == 0) { |
| 1014 | { | ||
| 1015 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); | 1037 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); |
| 1016 | return -1; | 1038 | return -1; |
| 1017 | } | 1039 | } |
| 1018 | 1040 | ||
| 1019 | if ((s != NULL) && !SSL_in_init(s)) | 1041 | if ((s != NULL) && !SSL_in_init(s)) |
| 1020 | return(s->method->ssl_shutdown(s)); | 1042 | return (s->method->ssl_shutdown(s)); |
| 1021 | else | 1043 | else |
| 1022 | return(1); | 1044 | return (1); |
| 1023 | } | 1045 | } |
| 1024 | 1046 | ||
| 1025 | int SSL_renegotiate(SSL *s) | 1047 | int |
| 1026 | { | 1048 | SSL_renegotiate(SSL *s) |
| 1049 | { | ||
| 1027 | if (s->renegotiate == 0) | 1050 | if (s->renegotiate == 0) |
| 1028 | s->renegotiate=1; | 1051 | s->renegotiate = 1; |
| 1029 | 1052 | ||
| 1030 | s->new_session=1; | 1053 | s->new_session = 1; |
| 1031 | 1054 | ||
| 1032 | return(s->method->ssl_renegotiate(s)); | 1055 | return (s->method->ssl_renegotiate(s)); |
| 1033 | } | 1056 | } |
| 1034 | 1057 | ||
| 1035 | int SSL_renegotiate_abbreviated(SSL *s) | 1058 | int |
| 1036 | { | 1059 | SSL_renegotiate_abbreviated(SSL *s) |
| 1060 | { | ||
| 1037 | if (s->renegotiate == 0) | 1061 | if (s->renegotiate == 0) |
| 1038 | s->renegotiate=1; | 1062 | s->renegotiate = 1; |
| 1039 | 1063 | ||
| 1040 | s->new_session=0; | 1064 | s->new_session = 0; |
| 1041 | 1065 | ||
| 1042 | return(s->method->ssl_renegotiate(s)); | 1066 | return (s->method->ssl_renegotiate(s)); |
| 1043 | } | 1067 | } |
| 1044 | 1068 | ||
| 1045 | int SSL_renegotiate_pending(SSL *s) | 1069 | int |
| 1046 | { | 1070 | SSL_renegotiate_pending(SSL *s) |
| 1071 | { | ||
| 1047 | /* becomes true when negotiation is requested; | 1072 | /* becomes true when negotiation is requested; |
| 1048 | * false again once a handshake has finished */ | 1073 | * false again once a handshake has finished */ |
| 1049 | return (s->renegotiate != 0); | 1074 | return (s->renegotiate != 0); |
| 1050 | } | 1075 | } |
| 1051 | 1076 | ||
| 1052 | long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | 1077 | long |
| 1053 | { | 1078 | SSL_ctrl(SSL *s, int cmd, long larg, void *parg) |
| 1079 | { | ||
| 1054 | long l; | 1080 | long l; |
| 1055 | 1081 | ||
| 1056 | switch (cmd) | 1082 | switch (cmd) { |
| 1057 | { | ||
| 1058 | case SSL_CTRL_GET_READ_AHEAD: | 1083 | case SSL_CTRL_GET_READ_AHEAD: |
| 1059 | return(s->read_ahead); | 1084 | return (s->read_ahead); |
| 1060 | case SSL_CTRL_SET_READ_AHEAD: | 1085 | case SSL_CTRL_SET_READ_AHEAD: |
| 1061 | l=s->read_ahead; | 1086 | l = s->read_ahead; |
| 1062 | s->read_ahead=larg; | 1087 | s->read_ahead = larg; |
| 1063 | return(l); | 1088 | return (l); |
| 1064 | 1089 | ||
| 1065 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1090 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1066 | s->msg_callback_arg = parg; | 1091 | s->msg_callback_arg = parg; |
| 1067 | return 1; | 1092 | return 1; |
| 1068 | 1093 | ||
| 1069 | case SSL_CTRL_OPTIONS: | 1094 | case SSL_CTRL_OPTIONS: |
| 1070 | return(s->options|=larg); | 1095 | return (s->options|=larg); |
| 1071 | case SSL_CTRL_CLEAR_OPTIONS: | 1096 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1072 | return(s->options&=~larg); | 1097 | return (s->options&=~larg); |
| 1073 | case SSL_CTRL_MODE: | 1098 | case SSL_CTRL_MODE: |
| 1074 | return(s->mode|=larg); | 1099 | return (s->mode|=larg); |
| 1075 | case SSL_CTRL_CLEAR_MODE: | 1100 | case SSL_CTRL_CLEAR_MODE: |
| 1076 | return(s->mode &=~larg); | 1101 | return (s->mode &=~larg); |
| 1077 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1102 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1078 | return(s->max_cert_list); | 1103 | return (s->max_cert_list); |
| 1079 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1104 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1080 | l=s->max_cert_list; | 1105 | l = s->max_cert_list; |
| 1081 | s->max_cert_list=larg; | 1106 | s->max_cert_list = larg; |
| 1082 | return(l); | 1107 | return (l); |
| 1083 | case SSL_CTRL_SET_MTU: | 1108 | case SSL_CTRL_SET_MTU: |
| 1084 | #ifndef OPENSSL_NO_DTLS1 | 1109 | #ifndef OPENSSL_NO_DTLS1 |
| 1085 | if (larg < (long)dtls1_min_mtu()) | 1110 | if (larg < (long)dtls1_min_mtu()) |
| @@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1087 | #endif | 1112 | #endif |
| 1088 | 1113 | ||
| 1089 | if (SSL_version(s) == DTLS1_VERSION || | 1114 | if (SSL_version(s) == DTLS1_VERSION || |
| 1090 | SSL_version(s) == DTLS1_BAD_VER) | 1115 | SSL_version(s) == DTLS1_BAD_VER) { |
| 1091 | { | ||
| 1092 | s->d1->mtu = larg; | 1116 | s->d1->mtu = larg; |
| 1093 | return larg; | 1117 | return larg; |
| 1094 | } | 1118 | } |
| 1095 | return 0; | 1119 | return 0; |
| 1096 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1120 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1097 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1121 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| @@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1103 | return s->s3->send_connection_binding; | 1127 | return s->s3->send_connection_binding; |
| 1104 | else return 0; | 1128 | else return 0; |
| 1105 | default: | 1129 | default: |
| 1106 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | 1130 | return (s->method->ssl_ctrl(s, cmd, larg, parg)); |
| 1107 | } | ||
| 1108 | } | 1131 | } |
| 1132 | } | ||
| 1109 | 1133 | ||
| 1110 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | 1134 | long |
| 1111 | { | 1135 | SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 1112 | switch(cmd) | 1136 | { |
| 1113 | { | 1137 | switch (cmd) { |
| 1114 | case SSL_CTRL_SET_MSG_CALLBACK: | 1138 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1115 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1139 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1116 | return 1; | 1140 | return 1; |
| 1117 | 1141 | ||
| 1118 | default: | 1142 | default: |
| 1119 | return(s->method->ssl_callback_ctrl(s,cmd,fp)); | 1143 | return (s->method->ssl_callback_ctrl(s, cmd, fp)); |
| 1120 | } | ||
| 1121 | } | 1144 | } |
| 1145 | } | ||
| 1122 | 1146 | ||
| 1123 | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) | 1147 | LHASH_OF(SSL_SESSION) |
| 1124 | { | 1148 | *SSL_CTX_sessions(SSL_CTX *ctx) |
| 1149 | { | ||
| 1125 | return ctx->sessions; | 1150 | return ctx->sessions; |
| 1126 | } | 1151 | } |
| 1127 | 1152 | ||
| 1128 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) | 1153 | long |
| 1129 | { | 1154 | SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
| 1155 | { | ||
| 1130 | long l; | 1156 | long l; |
| 1131 | 1157 | ||
| 1132 | switch (cmd) | 1158 | switch (cmd) { |
| 1133 | { | ||
| 1134 | case SSL_CTRL_GET_READ_AHEAD: | 1159 | case SSL_CTRL_GET_READ_AHEAD: |
| 1135 | return(ctx->read_ahead); | 1160 | return (ctx->read_ahead); |
| 1136 | case SSL_CTRL_SET_READ_AHEAD: | 1161 | case SSL_CTRL_SET_READ_AHEAD: |
| 1137 | l=ctx->read_ahead; | 1162 | l = ctx->read_ahead; |
| 1138 | ctx->read_ahead=larg; | 1163 | ctx->read_ahead = larg; |
| 1139 | return(l); | 1164 | return (l); |
| 1140 | 1165 | ||
| 1141 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1166 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1142 | ctx->msg_callback_arg = parg; | 1167 | ctx->msg_callback_arg = parg; |
| 1143 | return 1; | 1168 | return 1; |
| 1144 | 1169 | ||
| 1145 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1170 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1146 | return(ctx->max_cert_list); | 1171 | return (ctx->max_cert_list); |
| 1147 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1172 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1148 | l=ctx->max_cert_list; | 1173 | l = ctx->max_cert_list; |
| 1149 | ctx->max_cert_list=larg; | 1174 | ctx->max_cert_list = larg; |
| 1150 | return(l); | 1175 | return (l); |
| 1151 | 1176 | ||
| 1152 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | 1177 | case SSL_CTRL_SET_SESS_CACHE_SIZE: |
| 1153 | l=ctx->session_cache_size; | 1178 | l = ctx->session_cache_size; |
| 1154 | ctx->session_cache_size=larg; | 1179 | ctx->session_cache_size = larg; |
| 1155 | return(l); | 1180 | return (l); |
| 1156 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | 1181 | case SSL_CTRL_GET_SESS_CACHE_SIZE: |
| 1157 | return(ctx->session_cache_size); | 1182 | return (ctx->session_cache_size); |
| 1158 | case SSL_CTRL_SET_SESS_CACHE_MODE: | 1183 | case SSL_CTRL_SET_SESS_CACHE_MODE: |
| 1159 | l=ctx->session_cache_mode; | 1184 | l = ctx->session_cache_mode; |
| 1160 | ctx->session_cache_mode=larg; | 1185 | ctx->session_cache_mode = larg; |
| 1161 | return(l); | 1186 | return (l); |
| 1162 | case SSL_CTRL_GET_SESS_CACHE_MODE: | 1187 | case SSL_CTRL_GET_SESS_CACHE_MODE: |
| 1163 | return(ctx->session_cache_mode); | 1188 | return (ctx->session_cache_mode); |
| 1164 | 1189 | ||
| 1165 | case SSL_CTRL_SESS_NUMBER: | 1190 | case SSL_CTRL_SESS_NUMBER: |
| 1166 | return(lh_SSL_SESSION_num_items(ctx->sessions)); | 1191 | return (lh_SSL_SESSION_num_items(ctx->sessions)); |
| 1167 | case SSL_CTRL_SESS_CONNECT: | 1192 | case SSL_CTRL_SESS_CONNECT: |
| 1168 | return(ctx->stats.sess_connect); | 1193 | return (ctx->stats.sess_connect); |
| 1169 | case SSL_CTRL_SESS_CONNECT_GOOD: | 1194 | case SSL_CTRL_SESS_CONNECT_GOOD: |
| 1170 | return(ctx->stats.sess_connect_good); | 1195 | return (ctx->stats.sess_connect_good); |
| 1171 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: | 1196 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: |
| 1172 | return(ctx->stats.sess_connect_renegotiate); | 1197 | return (ctx->stats.sess_connect_renegotiate); |
| 1173 | case SSL_CTRL_SESS_ACCEPT: | 1198 | case SSL_CTRL_SESS_ACCEPT: |
| 1174 | return(ctx->stats.sess_accept); | 1199 | return (ctx->stats.sess_accept); |
| 1175 | case SSL_CTRL_SESS_ACCEPT_GOOD: | 1200 | case SSL_CTRL_SESS_ACCEPT_GOOD: |
| 1176 | return(ctx->stats.sess_accept_good); | 1201 | return (ctx->stats.sess_accept_good); |
| 1177 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: | 1202 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: |
| 1178 | return(ctx->stats.sess_accept_renegotiate); | 1203 | return (ctx->stats.sess_accept_renegotiate); |
| 1179 | case SSL_CTRL_SESS_HIT: | 1204 | case SSL_CTRL_SESS_HIT: |
| 1180 | return(ctx->stats.sess_hit); | 1205 | return (ctx->stats.sess_hit); |
| 1181 | case SSL_CTRL_SESS_CB_HIT: | 1206 | case SSL_CTRL_SESS_CB_HIT: |
| 1182 | return(ctx->stats.sess_cb_hit); | 1207 | return (ctx->stats.sess_cb_hit); |
| 1183 | case SSL_CTRL_SESS_MISSES: | 1208 | case SSL_CTRL_SESS_MISSES: |
| 1184 | return(ctx->stats.sess_miss); | 1209 | return (ctx->stats.sess_miss); |
| 1185 | case SSL_CTRL_SESS_TIMEOUTS: | 1210 | case SSL_CTRL_SESS_TIMEOUTS: |
| 1186 | return(ctx->stats.sess_timeout); | 1211 | return (ctx->stats.sess_timeout); |
| 1187 | case SSL_CTRL_SESS_CACHE_FULL: | 1212 | case SSL_CTRL_SESS_CACHE_FULL: |
| 1188 | return(ctx->stats.sess_cache_full); | 1213 | return (ctx->stats.sess_cache_full); |
| 1189 | case SSL_CTRL_OPTIONS: | 1214 | case SSL_CTRL_OPTIONS: |
| 1190 | return(ctx->options|=larg); | 1215 | return (ctx->options|=larg); |
| 1191 | case SSL_CTRL_CLEAR_OPTIONS: | 1216 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1192 | return(ctx->options&=~larg); | 1217 | return (ctx->options&=~larg); |
| 1193 | case SSL_CTRL_MODE: | 1218 | case SSL_CTRL_MODE: |
| 1194 | return(ctx->mode|=larg); | 1219 | return (ctx->mode|=larg); |
| 1195 | case SSL_CTRL_CLEAR_MODE: | 1220 | case SSL_CTRL_CLEAR_MODE: |
| 1196 | return(ctx->mode&=~larg); | 1221 | return (ctx->mode&=~larg); |
| 1197 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1222 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1198 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1223 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| 1199 | return 0; | 1224 | return 0; |
| 1200 | ctx->max_send_fragment = larg; | 1225 | ctx->max_send_fragment = larg; |
| 1201 | return 1; | 1226 | return 1; |
| 1202 | default: | 1227 | default: |
| 1203 | return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); | 1228 | return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); |
| 1204 | } | ||
| 1205 | } | 1229 | } |
| 1230 | } | ||
| 1206 | 1231 | ||
| 1207 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | 1232 | long |
| 1208 | { | 1233 | SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1209 | switch(cmd) | 1234 | { |
| 1210 | { | 1235 | switch (cmd) { |
| 1211 | case SSL_CTRL_SET_MSG_CALLBACK: | 1236 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1212 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1237 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1213 | return 1; | 1238 | return 1; |
| 1214 | 1239 | ||
| 1215 | default: | 1240 | default: |
| 1216 | return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); | 1241 | return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); |
| 1217 | } | ||
| 1218 | } | 1242 | } |
| 1243 | } | ||
| 1219 | 1244 | ||
| 1220 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | 1245 | int |
| 1221 | { | 1246 | ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) |
| 1247 | { | ||
| 1222 | long l; | 1248 | long l; |
| 1223 | 1249 | ||
| 1224 | l=a->id-b->id; | 1250 | l = a->id - b->id; |
| 1225 | if (l == 0L) | 1251 | if (l == 0L) |
| 1226 | return(0); | 1252 | return (0); |
| 1227 | else | 1253 | else |
| 1228 | return((l > 0)?1:-1); | 1254 | return ((l > 0) ? 1:-1); |
| 1229 | } | 1255 | } |
| 1230 | 1256 | ||
| 1231 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 1257 | int |
| 1232 | const SSL_CIPHER * const *bp) | 1258 | ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 1233 | { | 1259 | const SSL_CIPHER * const *bp) |
| 1260 | { | ||
| 1234 | long l; | 1261 | long l; |
| 1235 | 1262 | ||
| 1236 | l=(*ap)->id-(*bp)->id; | 1263 | l = (*ap)->id - (*bp)->id; |
| 1237 | if (l == 0L) | 1264 | if (l == 0L) |
| 1238 | return(0); | 1265 | return (0); |
| 1239 | else | 1266 | else |
| 1240 | return((l > 0)?1:-1); | 1267 | return ((l > 0) ? 1:-1); |
| 1241 | } | 1268 | } |
| 1242 | 1269 | ||
| 1243 | /** return a STACK of the ciphers available for the SSL and in order of | 1270 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1244 | * preference */ | 1271 | * preference */ |
| 1245 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) | 1272 | STACK_OF(SSL_CIPHER) |
| 1246 | { | 1273 | *SSL_get_ciphers(const SSL *s) |
| 1247 | if (s != NULL) | 1274 | { |
| 1248 | { | 1275 | if (s != NULL) { |
| 1249 | if (s->cipher_list != NULL) | 1276 | if (s->cipher_list != NULL) { |
| 1250 | { | 1277 | return (s->cipher_list); |
| 1251 | return(s->cipher_list); | 1278 | } else if ((s->ctx != NULL) && |
| 1252 | } | 1279 | (s->ctx->cipher_list != NULL)) { |
| 1253 | else if ((s->ctx != NULL) && | 1280 | return (s->ctx->cipher_list); |
| 1254 | (s->ctx->cipher_list != NULL)) | ||
| 1255 | { | ||
| 1256 | return(s->ctx->cipher_list); | ||
| 1257 | } | ||
| 1258 | } | 1281 | } |
| 1259 | return(NULL); | ||
| 1260 | } | 1282 | } |
| 1283 | return (NULL); | ||
| 1284 | } | ||
| 1261 | 1285 | ||
| 1262 | /** return a STACK of the ciphers available for the SSL and in order of | 1286 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1263 | * algorithm id */ | 1287 | * algorithm id */ |
| 1264 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) | 1288 | STACK_OF(SSL_CIPHER) |
| 1265 | { | 1289 | *ssl_get_ciphers_by_id(SSL *s) |
| 1266 | if (s != NULL) | 1290 | { |
| 1267 | { | 1291 | if (s != NULL) { |
| 1268 | if (s->cipher_list_by_id != NULL) | 1292 | if (s->cipher_list_by_id != NULL) { |
| 1269 | { | 1293 | return (s->cipher_list_by_id); |
| 1270 | return(s->cipher_list_by_id); | 1294 | } else if ((s->ctx != NULL) && |
| 1271 | } | 1295 | (s->ctx->cipher_list_by_id != NULL)) { |
| 1272 | else if ((s->ctx != NULL) && | 1296 | return (s->ctx->cipher_list_by_id); |
| 1273 | (s->ctx->cipher_list_by_id != NULL)) | ||
| 1274 | { | ||
| 1275 | return(s->ctx->cipher_list_by_id); | ||
| 1276 | } | ||
| 1277 | } | 1297 | } |
| 1278 | return(NULL); | ||
| 1279 | } | 1298 | } |
| 1299 | return (NULL); | ||
| 1300 | } | ||
| 1280 | 1301 | ||
| 1281 | /** The old interface to get the same thing as SSL_get_ciphers() */ | 1302 | /** The old interface to get the same thing as SSL_get_ciphers() */ |
| 1282 | const char *SSL_get_cipher_list(const SSL *s,int n) | 1303 | const char |
| 1283 | { | 1304 | *SSL_get_cipher_list(const SSL *s, int n) |
| 1305 | { | ||
| 1284 | SSL_CIPHER *c; | 1306 | SSL_CIPHER *c; |
| 1285 | STACK_OF(SSL_CIPHER) *sk; | 1307 | STACK_OF(SSL_CIPHER) *sk; |
| 1286 | 1308 | ||
| 1287 | if (s == NULL) return(NULL); | 1309 | if (s == NULL) |
| 1288 | sk=SSL_get_ciphers(s); | 1310 | return (NULL); |
| 1311 | sk = SSL_get_ciphers(s); | ||
| 1289 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) | 1312 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) |
| 1290 | return(NULL); | 1313 | return (NULL); |
| 1291 | c=sk_SSL_CIPHER_value(sk,n); | 1314 | c = sk_SSL_CIPHER_value(sk, n); |
| 1292 | if (c == NULL) return(NULL); | 1315 | if (c == NULL) |
| 1293 | return(c->name); | 1316 | return (NULL); |
| 1294 | } | 1317 | return (c->name); |
| 1318 | } | ||
| 1295 | 1319 | ||
| 1296 | /** specify the ciphers to be used by default by the SSL_CTX */ | 1320 | /** specify the ciphers to be used by default by the SSL_CTX */ |
| 1297 | int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | 1321 | int |
| 1298 | { | 1322 | SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) |
| 1323 | { | ||
| 1299 | STACK_OF(SSL_CIPHER) *sk; | 1324 | STACK_OF(SSL_CIPHER) *sk; |
| 1300 | 1325 | ||
| 1301 | sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, | 1326 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 1302 | &ctx->cipher_list_by_id,str); | 1327 | &ctx->cipher_list_by_id, str); |
| 1303 | /* ssl_create_cipher_list may return an empty stack if it | 1328 | /* ssl_create_cipher_list may return an empty stack if it |
| 1304 | * was unable to find a cipher matching the given rule string | 1329 | * was unable to find a cipher matching the given rule string |
| 1305 | * (for example if the rule string specifies a cipher which | 1330 | * (for example if the rule string specifies a cipher which |
| @@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | |||
| 1309 | * updated. */ | 1334 | * updated. */ |
| 1310 | if (sk == NULL) | 1335 | if (sk == NULL) |
| 1311 | return 0; | 1336 | return 0; |
| 1312 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1337 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1313 | { | ||
| 1314 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1338 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1315 | return 0; | 1339 | return 0; |
| 1316 | } | ||
| 1317 | return 1; | ||
| 1318 | } | 1340 | } |
| 1341 | return 1; | ||
| 1342 | } | ||
| 1319 | 1343 | ||
| 1320 | /** specify the ciphers to be used by the SSL */ | 1344 | /** specify the ciphers to be used by the SSL */ |
| 1321 | int SSL_set_cipher_list(SSL *s,const char *str) | 1345 | int |
| 1322 | { | 1346 | SSL_set_cipher_list(SSL *s, const char *str) |
| 1347 | { | ||
| 1323 | STACK_OF(SSL_CIPHER) *sk; | 1348 | STACK_OF(SSL_CIPHER) *sk; |
| 1324 | 1349 | ||
| 1325 | sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, | 1350 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, |
| 1326 | &s->cipher_list_by_id,str); | 1351 | &s->cipher_list_by_id, str); |
| 1327 | /* see comment in SSL_CTX_set_cipher_list */ | 1352 | /* see comment in SSL_CTX_set_cipher_list */ |
| 1328 | if (sk == NULL) | 1353 | if (sk == NULL) |
| 1329 | return 0; | 1354 | return 0; |
| 1330 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1355 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1331 | { | ||
| 1332 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1356 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1333 | return 0; | 1357 | return 0; |
| 1334 | } | ||
| 1335 | return 1; | ||
| 1336 | } | 1358 | } |
| 1359 | return 1; | ||
| 1360 | } | ||
| 1337 | 1361 | ||
| 1338 | /* works well for SSLv2, not so good for SSLv3 */ | 1362 | /* works well for SSLv2, not so good for SSLv3 */ |
| 1339 | char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | 1363 | char |
| 1340 | { | 1364 | *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) |
| 1365 | { | ||
| 1341 | char *end; | 1366 | char *end; |
| 1342 | STACK_OF(SSL_CIPHER) *sk; | 1367 | STACK_OF(SSL_CIPHER) *sk; |
| 1343 | SSL_CIPHER *c; | 1368 | SSL_CIPHER *c; |
| @@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | |||
| 1346 | 1371 | ||
| 1347 | if ((s->session == NULL) || (s->session->ciphers == NULL) || | 1372 | if ((s->session == NULL) || (s->session->ciphers == NULL) || |
| 1348 | (len < 2)) | 1373 | (len < 2)) |
| 1349 | return(NULL); | 1374 | return (NULL); |
| 1350 | 1375 | ||
| 1351 | sk=s->session->ciphers; | 1376 | sk = s->session->ciphers; |
| 1352 | buf[0] = '\0'; | 1377 | buf[0] = '\0'; |
| 1353 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1378 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1354 | { | 1379 | c = sk_SSL_CIPHER_value(sk, i); |
| 1355 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1356 | end = buf + curlen; | 1380 | end = buf + curlen; |
| 1357 | if (strlcat(buf, c->name, len) >= len || | 1381 | if (strlcat(buf, c->name, len) >= len || |
| 1358 | (curlen = strlcat(buf, ":", len)) >= len) | 1382 | (curlen = strlcat(buf, ":", len)) >= len) { |
| 1359 | { | ||
| 1360 | /* remove truncated cipher from list */ | 1383 | /* remove truncated cipher from list */ |
| 1361 | *end = '\0'; | 1384 | *end = '\0'; |
| 1362 | break; | 1385 | break; |
| 1363 | } | ||
| 1364 | } | 1386 | } |
| 1387 | } | ||
| 1365 | /* remove trailing colon */ | 1388 | /* remove trailing colon */ |
| 1366 | if ((end = strrchr(buf, ':')) != NULL) | 1389 | if ((end = strrchr(buf, ':')) != NULL) |
| 1367 | *end = '\0'; | 1390 | *end = '\0'; |
| 1368 | return(buf); | 1391 | return (buf); |
| 1369 | } | 1392 | } |
| 1370 | 1393 | ||
| 1371 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | 1394 | int |
| 1372 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) | 1395 | ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, |
| 1373 | { | 1396 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) |
| 1374 | int i,j=0; | 1397 | { |
| 1398 | int i, j = 0; | ||
| 1375 | SSL_CIPHER *c; | 1399 | SSL_CIPHER *c; |
| 1376 | unsigned char *q; | 1400 | unsigned char *q; |
| 1377 | #ifndef OPENSSL_NO_KRB5 | 1401 | #ifndef OPENSSL_NO_KRB5 |
| 1378 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); | 1402 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); |
| 1379 | #endif /* OPENSSL_NO_KRB5 */ | 1403 | #endif /* OPENSSL_NO_KRB5 */ |
| 1380 | 1404 | ||
| 1381 | if (sk == NULL) return(0); | 1405 | if (sk == NULL) |
| 1382 | q=p; | 1406 | return (0); |
| 1407 | q = p; | ||
| 1383 | 1408 | ||
| 1384 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1409 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1385 | { | 1410 | c = sk_SSL_CIPHER_value(sk, i); |
| 1386 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1387 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ | 1411 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ |
| 1388 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | 1412 | if ((c->algorithm_ssl & SSL_TLSV1_2) && |
| 1389 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) | 1413 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) |
| 1390 | continue; | 1414 | continue; |
| 1391 | #ifndef OPENSSL_NO_KRB5 | 1415 | #ifndef OPENSSL_NO_KRB5 |
| 1392 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && | 1416 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && |
| 1393 | nokrb5) | 1417 | nokrb5) |
| 1394 | continue; | 1418 | continue; |
| 1395 | #endif /* OPENSSL_NO_KRB5 */ | 1419 | #endif /* OPENSSL_NO_KRB5 */ |
| 1396 | #ifndef OPENSSL_NO_PSK | 1420 | #ifndef OPENSSL_NO_PSK |
| 1397 | /* with PSK there must be client callback set */ | 1421 | /* with PSK there must be client callback set */ |
| 1398 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && | 1422 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && |
| 1399 | s->psk_client_callback == NULL) | 1423 | s->psk_client_callback == NULL) |
| 1400 | continue; | 1424 | continue; |
| 1401 | #endif /* OPENSSL_NO_PSK */ | 1425 | #endif /* OPENSSL_NO_PSK */ |
| 1402 | j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); | 1426 | j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); |
| 1403 | p+=j; | 1427 | p += j; |
| 1404 | } | 1428 | } |
| 1405 | /* If p == q, no ciphers and caller indicates an error. Otherwise | 1429 | /* If p == q, no ciphers and caller indicates an error. Otherwise |
| 1406 | * add SCSV if not renegotiating. | 1430 | * add SCSV if not renegotiating. |
| 1407 | */ | 1431 | */ |
| 1408 | if (p != q && !s->renegotiate) | 1432 | if (p != q && !s->renegotiate) { |
| 1409 | { | 1433 | static SSL_CIPHER scsv = { |
| 1410 | static SSL_CIPHER scsv = | ||
| 1411 | { | ||
| 1412 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 | 1434 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 |
| 1413 | }; | 1435 | }; |
| 1414 | j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); | 1436 | j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); |
| 1415 | p+=j; | 1437 | p += j; |
| 1416 | #ifdef OPENSSL_RI_DEBUG | 1438 | #ifdef OPENSSL_RI_DEBUG |
| 1417 | fprintf(stderr, "SCSV sent by client\n"); | 1439 | fprintf(stderr, "SCSV sent by client\n"); |
| 1418 | #endif | 1440 | #endif |
| 1419 | } | ||
| 1420 | |||
| 1421 | return(p-q); | ||
| 1422 | } | 1441 | } |
| 1423 | 1442 | ||
| 1424 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | 1443 | return (p - q); |
| 1425 | STACK_OF(SSL_CIPHER) **skp) | 1444 | } |
| 1426 | { | 1445 | |
| 1446 | STACK_OF(SSL_CIPHER) | ||
| 1447 | *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | ||
| 1448 | STACK_OF(SSL_CIPHER) **skp) | ||
| 1449 | { | ||
| 1427 | const SSL_CIPHER *c; | 1450 | const SSL_CIPHER *c; |
| 1428 | STACK_OF(SSL_CIPHER) *sk; | 1451 | STACK_OF(SSL_CIPHER) *sk; |
| 1429 | int i,n; | 1452 | int i, n; |
| 1430 | if (s->s3) | 1453 | if (s->s3) |
| 1431 | s->s3->send_connection_binding = 0; | 1454 | s->s3->send_connection_binding = 0; |
| 1432 | 1455 | ||
| 1433 | n=ssl_put_cipher_by_char(s,NULL,NULL); | 1456 | n = ssl_put_cipher_by_char(s, NULL, NULL); |
| 1434 | if ((num%n) != 0) | 1457 | if ((num % n) != 0) { |
| 1435 | { | 1458 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1436 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1459 | return (NULL); |
| 1437 | return(NULL); | 1460 | } |
| 1438 | } | ||
| 1439 | if ((skp == NULL) || (*skp == NULL)) | 1461 | if ((skp == NULL) || (*skp == NULL)) |
| 1440 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ | 1462 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ |
| 1441 | else | 1463 | else { |
| 1442 | { | ||
| 1443 | sk= *skp; | 1464 | sk= *skp; |
| 1444 | sk_SSL_CIPHER_zero(sk); | 1465 | sk_SSL_CIPHER_zero(sk); |
| 1445 | } | 1466 | } |
| 1446 | 1467 | ||
| 1447 | for (i=0; i<num; i+=n) | 1468 | for (i = 0; i < num; i += n) { |
| 1448 | { | ||
| 1449 | /* Check for SCSV */ | 1469 | /* Check for SCSV */ |
| 1450 | if (s->s3 && (n != 3 || !p[0]) && | 1470 | if (s->s3 && (n != 3 || !p[0]) && |
| 1451 | (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && | 1471 | (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && |
| 1452 | (p[n-1] == (SSL3_CK_SCSV & 0xff))) | 1472 | (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { |
| 1453 | { | ||
| 1454 | /* SCSV fatal if renegotiating */ | 1473 | /* SCSV fatal if renegotiating */ |
| 1455 | if (s->renegotiate) | 1474 | if (s->renegotiate) { |
| 1456 | { | 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); |
| 1457 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); | 1476 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); |
| 1458 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 1477 | |
| 1459 | goto err; | 1478 | goto err; |
| 1460 | } | 1479 | } |
| 1461 | s->s3->send_connection_binding = 1; | 1480 | s->s3->send_connection_binding = 1; |
| 1462 | p += n; | 1481 | p += n; |
| 1463 | #ifdef OPENSSL_RI_DEBUG | 1482 | #ifdef OPENSSL_RI_DEBUG |
| 1464 | fprintf(stderr, "SCSV received by server\n"); | 1483 | fprintf(stderr, "SCSV received by server\n"); |
| 1465 | #endif | 1484 | #endif |
| 1466 | continue; | 1485 | continue; |
| 1467 | } | 1486 | } |
| 1468 | 1487 | ||
| 1469 | c=ssl_get_cipher_by_char(s,p); | 1488 | c = ssl_get_cipher_by_char(s, p); |
| 1470 | p+=n; | 1489 | p += n; |
| 1471 | if (c != NULL) | 1490 | if (c != NULL) { |
| 1472 | { | 1491 | if (!sk_SSL_CIPHER_push(sk, c)) { |
| 1473 | if (!sk_SSL_CIPHER_push(sk,c)) | 1492 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1474 | { | ||
| 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1476 | goto err; | 1493 | goto err; |
| 1477 | } | ||
| 1478 | } | 1494 | } |
| 1479 | } | 1495 | } |
| 1496 | } | ||
| 1480 | 1497 | ||
| 1481 | if (skp != NULL) | 1498 | if (skp != NULL) |
| 1482 | *skp=sk; | 1499 | *skp = sk; |
| 1483 | return(sk); | 1500 | return (sk); |
| 1484 | err: | 1501 | err: |
| 1485 | if ((skp == NULL) || (*skp == NULL)) | 1502 | if ((skp == NULL) || (*skp == NULL)) |
| 1486 | sk_SSL_CIPHER_free(sk); | 1503 | sk_SSL_CIPHER_free(sk); |
| 1487 | return(NULL); | 1504 | return (NULL); |
| 1488 | } | 1505 | } |
| 1489 | 1506 | ||
| 1490 | 1507 | ||
| 1491 | #ifndef OPENSSL_NO_TLSEXT | 1508 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -1493,22 +1510,24 @@ err: | |||
| 1493 | * So far, only host_name types are defined (RFC 3546). | 1510 | * So far, only host_name types are defined (RFC 3546). |
| 1494 | */ | 1511 | */ |
| 1495 | 1512 | ||
| 1496 | const char *SSL_get_servername(const SSL *s, const int type) | 1513 | const char |
| 1497 | { | 1514 | *SSL_get_servername(const SSL *s, const int type) |
| 1515 | { | ||
| 1498 | if (type != TLSEXT_NAMETYPE_host_name) | 1516 | if (type != TLSEXT_NAMETYPE_host_name) |
| 1499 | return NULL; | 1517 | return NULL; |
| 1500 | 1518 | ||
| 1501 | return s->session && !s->tlsext_hostname ? | 1519 | return s->session && !s->tlsext_hostname ? |
| 1502 | s->session->tlsext_hostname : | 1520 | s->session->tlsext_hostname : |
| 1503 | s->tlsext_hostname; | 1521 | s->tlsext_hostname; |
| 1504 | } | 1522 | } |
| 1505 | 1523 | ||
| 1506 | int SSL_get_servername_type(const SSL *s) | 1524 | int |
| 1507 | { | 1525 | SSL_get_servername_type(const SSL *s) |
| 1526 | { | ||
| 1508 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) | 1527 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) |
| 1509 | return TLSEXT_NAMETYPE_host_name; | 1528 | return TLSEXT_NAMETYPE_host_name; |
| 1510 | return -1; | 1529 | return -1; |
| 1511 | } | 1530 | } |
| 1512 | 1531 | ||
| 1513 | # ifndef OPENSSL_NO_NEXTPROTONEG | 1532 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 1514 | /* SSL_select_next_proto implements the standard protocol selection. It is | 1533 | /* SSL_select_next_proto implements the standard protocol selection. It is |
| @@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s) | |||
| 1541 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or | 1560 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or |
| 1542 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. | 1561 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. |
| 1543 | */ | 1562 | */ |
| 1544 | int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) | 1563 | int |
| 1545 | { | 1564 | SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) |
| 1565 | { | ||
| 1546 | unsigned int i, j; | 1566 | unsigned int i, j; |
| 1547 | const unsigned char *result; | 1567 | const unsigned char *result; |
| 1548 | int status = OPENSSL_NPN_UNSUPPORTED; | 1568 | int status = OPENSSL_NPN_UNSUPPORTED; |
| 1549 | 1569 | ||
| 1550 | /* For each protocol in server preference order, see if we support it. */ | 1570 | /* For each protocol in server preference order, see if we support it. */ |
| 1551 | for (i = 0; i < server_len; ) | 1571 | for (i = 0; i < server_len; ) { |
| 1552 | { | 1572 | for (j = 0; j < client_len; ) { |
| 1553 | for (j = 0; j < client_len; ) | ||
| 1554 | { | ||
| 1555 | if (server[i] == client[j] && | 1573 | if (server[i] == client[j] && |
| 1556 | memcmp(&server[i+1], &client[j+1], server[i]) == 0) | 1574 | memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { |
| 1557 | { | ||
| 1558 | /* We found a match */ | 1575 | /* We found a match */ |
| 1559 | result = &server[i]; | 1576 | result = &server[i]; |
| 1560 | status = OPENSSL_NPN_NEGOTIATED; | 1577 | status = OPENSSL_NPN_NEGOTIATED; |
| 1561 | goto found; | 1578 | goto found; |
| 1562 | } | 1579 | } |
| 1563 | j += client[j]; | 1580 | j += client[j]; |
| 1564 | j++; | 1581 | j++; |
| 1565 | } | 1582 | } |
| 1566 | i += server[i]; | 1583 | i += server[i]; |
| 1567 | i++; | 1584 | i++; |
| 1568 | } | 1585 | } |
| 1569 | 1586 | ||
| 1570 | /* There's no overlap between our protocols and the server's list. */ | 1587 | /* There's no overlap between our protocols and the server's list. */ |
| 1571 | result = client; | 1588 | result = client; |
| @@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1575 | *out = (unsigned char *) result + 1; | 1592 | *out = (unsigned char *) result + 1; |
| 1576 | *outlen = result[0]; | 1593 | *outlen = result[0]; |
| 1577 | return status; | 1594 | return status; |
| 1578 | } | 1595 | } |
| 1579 | 1596 | ||
| 1580 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's | 1597 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's |
| 1581 | * requested protocol for this connection and returns 0. If the client didn't | 1598 | * requested protocol for this connection and returns 0. If the client didn't |
| @@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1585 | * from this function need not be a member of the list of supported protocols | 1602 | * from this function need not be a member of the list of supported protocols |
| 1586 | * provided by the callback. | 1603 | * provided by the callback. |
| 1587 | */ | 1604 | */ |
| 1588 | void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) | 1605 | void |
| 1589 | { | 1606 | SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) |
| 1607 | { | ||
| 1590 | *data = s->next_proto_negotiated; | 1608 | *data = s->next_proto_negotiated; |
| 1591 | if (!*data) { | 1609 | if (!*data) { |
| 1592 | *len = 0; | 1610 | *len = 0; |
| @@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un | |||
| 1604 | * | 1622 | * |
| 1605 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no | 1623 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no |
| 1606 | * such extension will be included in the ServerHello. */ | 1624 | * such extension will be included in the ServerHello. */ |
| 1607 | void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) | 1625 | void |
| 1608 | { | 1626 | SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) |
| 1627 | { | ||
| 1609 | ctx->next_protos_advertised_cb = cb; | 1628 | ctx->next_protos_advertised_cb = cb; |
| 1610 | ctx->next_protos_advertised_cb_arg = arg; | 1629 | ctx->next_protos_advertised_cb_arg = arg; |
| 1611 | } | 1630 | } |
| 1612 | 1631 | ||
| 1613 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a | 1632 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a |
| 1614 | * client needs to select a protocol from the server's provided list. |out| | 1633 | * client needs to select a protocol from the server's provided list. |out| |
| @@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co | |||
| 1620 | * The client must select a protocol. It is fatal to the connection if this | 1639 | * The client must select a protocol. It is fatal to the connection if this |
| 1621 | * callback returns a value other than SSL_TLSEXT_ERR_OK. | 1640 | * callback returns a value other than SSL_TLSEXT_ERR_OK. |
| 1622 | */ | 1641 | */ |
| 1623 | void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) | 1642 | void |
| 1624 | { | 1643 | SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) |
| 1644 | { | ||
| 1625 | ctx->next_proto_select_cb = cb; | 1645 | ctx->next_proto_select_cb = cb; |
| 1626 | ctx->next_proto_select_cb_arg = arg; | 1646 | ctx->next_proto_select_cb_arg = arg; |
| 1627 | } | 1647 | } |
| 1628 | # endif | 1648 | # endif |
| 1629 | #endif | 1649 | #endif |
| 1630 | 1650 | ||
| 1631 | int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | 1651 | int |
| 1632 | const char *label, size_t llen, const unsigned char *p, size_t plen, | 1652 | SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, |
| 1633 | int use_context) | 1653 | const char *label, size_t llen, const unsigned char *p, size_t plen, |
| 1634 | { | 1654 | int use_context) |
| 1655 | { | ||
| 1635 | if (s->version < TLS1_VERSION) | 1656 | if (s->version < TLS1_VERSION) |
| 1636 | return -1; | 1657 | return -1; |
| 1637 | 1658 | ||
| 1638 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, | 1659 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, |
| 1639 | llen, p, plen, | 1660 | llen, p, plen, |
| 1640 | use_context); | 1661 | use_context); |
| 1641 | } | 1662 | } |
| 1642 | 1663 | ||
| 1643 | static unsigned long ssl_session_hash(const SSL_SESSION *a) | 1664 | static unsigned long |
| 1644 | { | 1665 | ssl_session_hash(const SSL_SESSION *a) |
| 1666 | { | ||
| 1645 | unsigned long l; | 1667 | unsigned long l; |
| 1646 | 1668 | ||
| 1647 | l=(unsigned long) | 1669 | l = (unsigned long) |
| 1648 | ((unsigned int) a->session_id[0] )| | 1670 | ((unsigned int) a->session_id[0] )| |
| 1649 | ((unsigned int) a->session_id[1]<< 8L)| | 1671 | ((unsigned int) a->session_id[1]<< 8L)| |
| 1650 | ((unsigned long)a->session_id[2]<<16L)| | 1672 | ((unsigned long)a->session_id[2]<<16L)| |
| 1651 | ((unsigned long)a->session_id[3]<<24L); | 1673 | ((unsigned long)a->session_id[3]<<24L); |
| 1652 | return(l); | 1674 | return (l); |
| 1653 | } | 1675 | } |
| 1654 | 1676 | ||
| 1655 | /* NB: If this function (or indeed the hash function which uses a sort of | 1677 | /* NB: If this function (or indeed the hash function which uses a sort of |
| 1656 | * coarser function than this one) is changed, ensure | 1678 | * coarser function than this one) is changed, ensure |
| 1657 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being | 1679 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being |
| 1658 | * able to construct an SSL_SESSION that will collide with any existing session | 1680 | * able to construct an SSL_SESSION that will collide with any existing session |
| 1659 | * with a matching session ID. */ | 1681 | * with a matching session ID. */ |
| 1660 | static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) | 1682 | static int |
| 1661 | { | 1683 | ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) |
| 1684 | { | ||
| 1662 | if (a->ssl_version != b->ssl_version) | 1685 | if (a->ssl_version != b->ssl_version) |
| 1663 | return(1); | 1686 | return (1); |
| 1664 | if (a->session_id_length != b->session_id_length) | 1687 | if (a->session_id_length != b->session_id_length) |
| 1665 | return(1); | 1688 | return (1); |
| 1666 | return(memcmp(a->session_id,b->session_id,a->session_id_length)); | 1689 | return (memcmp(a->session_id, b->session_id, a->session_id_length)); |
| 1667 | } | 1690 | } |
| 1668 | 1691 | ||
| 1669 | /* These wrapper functions should remain rather than redeclaring | 1692 | /* These wrapper functions should remain rather than redeclaring |
| 1670 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each | 1693 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each |
| 1671 | * variable. The reason is that the functions aren't static, they're exposed via | 1694 | * variable. The reason is that the functions aren't static, they're exposed via |
| 1672 | * ssl.h. */ | 1695 | * ssl.h. */ |
| 1673 | static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) | 1696 | static |
| 1674 | static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | 1697 | IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) |
| 1698 | static | ||
| 1699 | IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | ||
| 1675 | 1700 | ||
| 1676 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | 1701 | SSL_CTX |
| 1677 | { | 1702 | *SSL_CTX_new(const SSL_METHOD *meth) |
| 1678 | SSL_CTX *ret=NULL; | 1703 | { |
| 1704 | SSL_CTX *ret = NULL; | ||
| 1679 | 1705 | ||
| 1680 | if (meth == NULL) | 1706 | if (meth == NULL) { |
| 1681 | { | 1707 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); |
| 1682 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); | 1708 | return (NULL); |
| 1683 | return(NULL); | 1709 | } |
| 1684 | } | ||
| 1685 | 1710 | ||
| 1686 | #ifdef OPENSSL_FIPS | 1711 | #ifdef OPENSSL_FIPS |
| 1687 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) | 1712 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) { |
| 1688 | { | ||
| 1689 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | 1713 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); |
| 1690 | return NULL; | 1714 | return NULL; |
| 1691 | } | 1715 | } |
| 1692 | #endif | 1716 | #endif |
| 1693 | 1717 | ||
| 1694 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | 1718 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { |
| 1695 | { | 1719 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); |
| 1696 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | ||
| 1697 | goto err; | 1720 | goto err; |
| 1698 | } | 1721 | } |
| 1699 | ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); | 1722 | ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); |
| 1700 | if (ret == NULL) | 1723 | if (ret == NULL) |
| 1701 | goto err; | 1724 | goto err; |
| 1702 | 1725 | ||
| 1703 | memset(ret,0,sizeof(SSL_CTX)); | 1726 | memset(ret, 0, sizeof(SSL_CTX)); |
| 1704 | 1727 | ||
| 1705 | ret->method=meth; | 1728 | ret->method = meth; |
| 1706 | 1729 | ||
| 1707 | ret->cert_store=NULL; | 1730 | ret->cert_store = NULL; |
| 1708 | ret->session_cache_mode=SSL_SESS_CACHE_SERVER; | 1731 | ret->session_cache_mode = SSL_SESS_CACHE_SERVER; |
| 1709 | ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; | 1732 | ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; |
| 1710 | ret->session_cache_head=NULL; | 1733 | ret->session_cache_head = NULL; |
| 1711 | ret->session_cache_tail=NULL; | 1734 | ret->session_cache_tail = NULL; |
| 1712 | 1735 | ||
| 1713 | /* We take the system default */ | 1736 | /* We take the system default */ |
| 1714 | ret->session_timeout=meth->get_timeout(); | 1737 | ret->session_timeout = meth->get_timeout(); |
| 1715 | 1738 | ||
| 1716 | ret->new_session_cb=0; | 1739 | ret->new_session_cb = 0; |
| 1717 | ret->remove_session_cb=0; | 1740 | ret->remove_session_cb = 0; |
| 1718 | ret->get_session_cb=0; | 1741 | ret->get_session_cb = 0; |
| 1719 | ret->generate_session_id=0; | 1742 | ret->generate_session_id = 0; |
| 1720 | 1743 | ||
| 1721 | memset((char *)&ret->stats,0,sizeof(ret->stats)); | 1744 | memset((char *)&ret->stats, 0, sizeof(ret->stats)); |
| 1722 | 1745 | ||
| 1723 | ret->references=1; | 1746 | ret->references = 1; |
| 1724 | ret->quiet_shutdown=0; | 1747 | ret->quiet_shutdown = 0; |
| 1725 | 1748 | ||
| 1726 | /* ret->cipher=NULL;*/ | 1749 | /* ret->cipher=NULL;*/ |
| 1727 | /* ret->s2->challenge=NULL; | 1750 | /* ret->s2->challenge=NULL; |
| 1728 | ret->master_key=NULL; | 1751 | ret->master_key=NULL; |
| 1729 | ret->key_arg=NULL; | 1752 | ret->key_arg=NULL; |
| 1730 | ret->s2->conn_id=NULL; */ | 1753 | ret->s2->conn_id=NULL; |
| 1754 | */ | ||
| 1731 | 1755 | ||
| 1732 | ret->info_callback=NULL; | 1756 | ret->info_callback = NULL; |
| 1733 | 1757 | ||
| 1734 | ret->app_verify_callback=0; | 1758 | ret->app_verify_callback = 0; |
| 1735 | ret->app_verify_arg=NULL; | 1759 | ret->app_verify_arg = NULL; |
| 1736 | 1760 | ||
| 1737 | ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; | 1761 | ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; |
| 1738 | ret->read_ahead=0; | 1762 | ret->read_ahead = 0; |
| 1739 | ret->msg_callback=0; | 1763 | ret->msg_callback = 0; |
| 1740 | ret->msg_callback_arg=NULL; | 1764 | ret->msg_callback_arg = NULL; |
| 1741 | ret->verify_mode=SSL_VERIFY_NONE; | 1765 | ret->verify_mode = SSL_VERIFY_NONE; |
| 1742 | #if 0 | 1766 | #if 0 |
| 1743 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | 1767 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ |
| 1744 | #endif | 1768 | #endif |
| 1745 | ret->sid_ctx_length=0; | 1769 | ret->sid_ctx_length = 0; |
| 1746 | ret->default_verify_callback=NULL; | 1770 | ret->default_verify_callback = NULL; |
| 1747 | if ((ret->cert=ssl_cert_new()) == NULL) | 1771 | if ((ret->cert = ssl_cert_new()) == NULL) |
| 1748 | goto err; | 1772 | goto err; |
| 1749 | 1773 | ||
| 1750 | ret->default_passwd_callback=0; | 1774 | ret->default_passwd_callback = 0; |
| 1751 | ret->default_passwd_callback_userdata=NULL; | 1775 | ret->default_passwd_callback_userdata = NULL; |
| 1752 | ret->client_cert_cb=0; | 1776 | ret->client_cert_cb = 0; |
| 1753 | ret->app_gen_cookie_cb=0; | 1777 | ret->app_gen_cookie_cb = 0; |
| 1754 | ret->app_verify_cookie_cb=0; | 1778 | ret->app_verify_cookie_cb = 0; |
| 1755 | 1779 | ||
| 1756 | ret->sessions=lh_SSL_SESSION_new(); | 1780 | ret->sessions = lh_SSL_SESSION_new(); |
| 1757 | if (ret->sessions == NULL) goto err; | 1781 | if (ret->sessions == NULL) |
| 1758 | ret->cert_store=X509_STORE_new(); | 1782 | goto err; |
| 1759 | if (ret->cert_store == NULL) goto err; | 1783 | ret->cert_store = X509_STORE_new(); |
| 1784 | if (ret->cert_store == NULL) | ||
| 1785 | goto err; | ||
| 1760 | 1786 | ||
| 1761 | ssl_create_cipher_list(ret->method, | 1787 | ssl_create_cipher_list(ret->method, |
| 1762 | &ret->cipher_list,&ret->cipher_list_by_id, | 1788 | &ret->cipher_list, &ret->cipher_list_by_id, |
| 1763 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 1789 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 1764 | if (ret->cipher_list == NULL | 1790 | if (ret->cipher_list == NULL |
| 1765 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) | 1791 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
| 1766 | { | 1792 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); |
| 1767 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); | ||
| 1768 | goto err2; | 1793 | goto err2; |
| 1769 | } | 1794 | } |
| 1770 | 1795 | ||
| 1771 | ret->param = X509_VERIFY_PARAM_new(); | 1796 | ret->param = X509_VERIFY_PARAM_new(); |
| 1772 | if (!ret->param) | 1797 | if (!ret->param) |
| 1773 | goto err; | 1798 | goto err; |
| 1774 | 1799 | ||
| 1775 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) | 1800 | if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { |
| 1776 | { | 1801 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); |
| 1777 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); | ||
| 1778 | goto err2; | 1802 | goto err2; |
| 1779 | } | 1803 | } |
| 1780 | if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) | 1804 | if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { |
| 1781 | { | 1805 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); |
| 1782 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); | ||
| 1783 | goto err2; | 1806 | goto err2; |
| 1784 | } | 1807 | } |
| 1785 | if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) | 1808 | if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { |
| 1786 | { | 1809 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); |
| 1787 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); | ||
| 1788 | goto err2; | 1810 | goto err2; |
| 1789 | } | 1811 | } |
| 1790 | 1812 | ||
| 1791 | if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) | 1813 | if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) |
| 1792 | goto err; | 1814 | goto err; |
| 1793 | 1815 | ||
| 1794 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); | 1816 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); |
| 1795 | 1817 | ||
| 1796 | ret->extra_certs=NULL; | 1818 | ret->extra_certs = NULL; |
| 1797 | /* No compression for DTLS */ | 1819 | /* No compression for DTLS */ |
| 1798 | if (meth->version != DTLS1_VERSION) | 1820 | if (meth->version != DTLS1_VERSION) |
| 1799 | ret->comp_methods=SSL_COMP_get_compression_methods(); | 1821 | ret->comp_methods = SSL_COMP_get_compression_methods(); |
| 1800 | 1822 | ||
| 1801 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; | 1823 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; |
| 1802 | 1824 | ||
| @@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1806 | /* Setup RFC4507 ticket keys */ | 1828 | /* Setup RFC4507 ticket keys */ |
| 1807 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) | 1829 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) |
| 1808 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) | 1830 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) |
| 1809 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) | 1831 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) |
| 1810 | ret->options |= SSL_OP_NO_TICKET; | 1832 | ret->options |= SSL_OP_NO_TICKET; |
| 1811 | 1833 | ||
| 1812 | ret->tlsext_status_cb = 0; | 1834 | ret->tlsext_status_cb = 0; |
| 1813 | ret->tlsext_status_arg = NULL; | 1835 | ret->tlsext_status_arg = NULL; |
| @@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1818 | # endif | 1840 | # endif |
| 1819 | #endif | 1841 | #endif |
| 1820 | #ifndef OPENSSL_NO_PSK | 1842 | #ifndef OPENSSL_NO_PSK |
| 1821 | ret->psk_identity_hint=NULL; | 1843 | ret->psk_identity_hint = NULL; |
| 1822 | ret->psk_client_callback=NULL; | 1844 | ret->psk_client_callback = NULL; |
| 1823 | ret->psk_server_callback=NULL; | 1845 | ret->psk_server_callback = NULL; |
| 1824 | #endif | 1846 | #endif |
| 1825 | #ifndef OPENSSL_NO_SRP | 1847 | #ifndef OPENSSL_NO_SRP |
| 1826 | SSL_CTX_SRP_CTX_init(ret); | 1848 | SSL_CTX_SRP_CTX_init(ret); |
| @@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1834 | ret->rbuf_freelist->len = 0; | 1856 | ret->rbuf_freelist->len = 0; |
| 1835 | ret->rbuf_freelist->head = NULL; | 1857 | ret->rbuf_freelist->head = NULL; |
| 1836 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); | 1858 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); |
| 1837 | if (!ret->wbuf_freelist) | 1859 | if (!ret->wbuf_freelist) { |
| 1838 | { | ||
| 1839 | OPENSSL_free(ret->rbuf_freelist); | 1860 | OPENSSL_free(ret->rbuf_freelist); |
| 1840 | goto err; | 1861 | goto err; |
| 1841 | } | 1862 | } |
| 1842 | ret->wbuf_freelist->chunklen = 0; | 1863 | ret->wbuf_freelist->chunklen = 0; |
| 1843 | ret->wbuf_freelist->len = 0; | 1864 | ret->wbuf_freelist->len = 0; |
| 1844 | ret->wbuf_freelist->head = NULL; | 1865 | ret->wbuf_freelist->head = NULL; |
| @@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1850 | #define eng_str(x) eng_strx(x) | 1871 | #define eng_str(x) eng_strx(x) |
| 1851 | /* Use specific client engine automatically... ignore errors */ | 1872 | /* Use specific client engine automatically... ignore errors */ |
| 1852 | { | 1873 | { |
| 1853 | ENGINE *eng; | 1874 | ENGINE *eng; |
| 1854 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1855 | if (!eng) | ||
| 1856 | { | ||
| 1857 | ERR_clear_error(); | ||
| 1858 | ENGINE_load_builtin_engines(); | ||
| 1859 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | 1875 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); |
| 1876 | if (!eng) { | ||
| 1877 | ERR_clear_error(); | ||
| 1878 | ENGINE_load_builtin_engines(); | ||
| 1879 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1860 | } | 1880 | } |
| 1861 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) | 1881 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) |
| 1862 | ERR_clear_error(); | 1882 | ERR_clear_error(); |
| 1863 | } | 1883 | } |
| 1864 | #endif | 1884 | #endif |
| 1865 | #endif | 1885 | #endif |
| @@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1868 | */ | 1888 | */ |
| 1869 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; | 1889 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; |
| 1870 | 1890 | ||
| 1871 | return(ret); | 1891 | return (ret); |
| 1872 | err: | 1892 | err: |
| 1873 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); | 1893 | SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); |
| 1874 | err2: | 1894 | err2: |
| 1875 | if (ret != NULL) SSL_CTX_free(ret); | 1895 | if (ret != NULL) |
| 1876 | return(NULL); | 1896 | SSL_CTX_free(ret); |
| 1877 | } | 1897 | return (NULL); |
| 1898 | } | ||
| 1878 | 1899 | ||
| 1879 | #if 0 | 1900 | #if 0 |
| 1880 | static void SSL_COMP_free(SSL_COMP *comp) | 1901 | static void |
| 1881 | { OPENSSL_free(comp); } | 1902 | SSL_COMP_free(SSL_COMP *comp) |
| 1903 | { OPENSSL_free(comp); | ||
| 1904 | } | ||
| 1882 | #endif | 1905 | #endif |
| 1883 | 1906 | ||
| 1884 | #ifndef OPENSSL_NO_BUF_FREELISTS | 1907 | #ifndef OPENSSL_NO_BUF_FREELISTS |
| 1885 | static void | 1908 | static void |
| 1886 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) | 1909 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) |
| 1887 | { | 1910 | { |
| 1888 | SSL3_BUF_FREELIST_ENTRY *ent, *next; | 1911 | SSL3_BUF_FREELIST_ENTRY *ent, *next; |
| 1889 | for (ent = list->head; ent; ent = next) | 1912 | for (ent = list->head; ent; ent = next) { |
| 1890 | { | ||
| 1891 | next = ent->next; | 1913 | next = ent->next; |
| 1892 | OPENSSL_free(ent); | 1914 | OPENSSL_free(ent); |
| 1893 | } | ||
| 1894 | OPENSSL_free(list); | ||
| 1895 | } | 1915 | } |
| 1916 | OPENSSL_free(list); | ||
| 1917 | } | ||
| 1896 | #endif | 1918 | #endif |
| 1897 | 1919 | ||
| 1898 | void SSL_CTX_free(SSL_CTX *a) | 1920 | void |
| 1899 | { | 1921 | SSL_CTX_free(SSL_CTX *a) |
| 1922 | { | ||
| 1900 | int i; | 1923 | int i; |
| 1901 | 1924 | ||
| 1902 | if (a == NULL) return; | 1925 | if (a == NULL) |
| 1926 | return; | ||
| 1903 | 1927 | ||
| 1904 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); | 1928 | i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); |
| 1905 | #ifdef REF_PRINT | 1929 | #ifdef REF_PRINT |
| 1906 | REF_PRINT("SSL_CTX",a); | 1930 | REF_PRINT("SSL_CTX", a); |
| 1907 | #endif | 1931 | #endif |
| 1908 | if (i > 0) return; | 1932 | if (i > 0) |
| 1933 | return; | ||
| 1909 | #ifdef REF_CHECK | 1934 | #ifdef REF_CHECK |
| 1910 | if (i < 0) | 1935 | if (i < 0) { |
| 1911 | { | 1936 | fprintf(stderr, "SSL_CTX_free, bad reference count\n"); |
| 1912 | fprintf(stderr,"SSL_CTX_free, bad reference count\n"); | ||
| 1913 | abort(); /* ok */ | 1937 | abort(); /* ok */ |
| 1914 | } | 1938 | } |
| 1915 | #endif | 1939 | #endif |
| 1916 | 1940 | ||
| 1917 | if (a->param) | 1941 | if (a->param) |
| @@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1927 | * (See ticket [openssl.org #212].) | 1951 | * (See ticket [openssl.org #212].) |
| 1928 | */ | 1952 | */ |
| 1929 | if (a->sessions != NULL) | 1953 | if (a->sessions != NULL) |
| 1930 | SSL_CTX_flush_sessions(a,0); | 1954 | SSL_CTX_flush_sessions(a, 0); |
| 1931 | 1955 | ||
| 1932 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | 1956 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); |
| 1933 | 1957 | ||
| @@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1943 | if (a->cert != NULL) | 1967 | if (a->cert != NULL) |
| 1944 | ssl_cert_free(a->cert); | 1968 | ssl_cert_free(a->cert); |
| 1945 | if (a->client_CA != NULL) | 1969 | if (a->client_CA != NULL) |
| 1946 | sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); | 1970 | sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); |
| 1947 | if (a->extra_certs != NULL) | 1971 | if (a->extra_certs != NULL) |
| 1948 | sk_X509_pop_free(a->extra_certs,X509_free); | 1972 | sk_X509_pop_free(a->extra_certs, X509_free); |
| 1949 | #if 0 /* This should never be done, since it removes a global database */ | 1973 | #if 0 /* This should never be done, since it removes a global database */ |
| 1950 | if (a->comp_methods != NULL) | 1974 | if (a->comp_methods != NULL) |
| 1951 | sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); | 1975 | sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); |
| 1952 | #else | 1976 | #else |
| 1953 | a->comp_methods = NULL; | 1977 | a->comp_methods = NULL; |
| 1954 | #endif | 1978 | #endif |
| 1955 | 1979 | ||
| 1956 | #ifndef OPENSSL_NO_SRTP | 1980 | #ifndef OPENSSL_NO_SRTP |
| 1957 | if (a->srtp_profiles) | 1981 | if (a->srtp_profiles) |
| 1958 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); | 1982 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); |
| 1959 | #endif | 1983 | #endif |
| 1960 | 1984 | ||
| 1961 | #ifndef OPENSSL_NO_PSK | 1985 | #ifndef OPENSSL_NO_PSK |
| @@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1978 | #endif | 2002 | #endif |
| 1979 | 2003 | ||
| 1980 | OPENSSL_free(a); | 2004 | OPENSSL_free(a); |
| 1981 | } | 2005 | } |
| 1982 | 2006 | ||
| 1983 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) | 2007 | void |
| 1984 | { | 2008 | SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) |
| 1985 | ctx->default_passwd_callback=cb; | 2009 | { |
| 1986 | } | 2010 | ctx->default_passwd_callback = cb; |
| 2011 | } | ||
| 1987 | 2012 | ||
| 1988 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) | 2013 | void |
| 1989 | { | 2014 | SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) |
| 1990 | ctx->default_passwd_callback_userdata=u; | 2015 | { |
| 1991 | } | 2016 | ctx->default_passwd_callback_userdata = u; |
| 2017 | } | ||
| 1992 | 2018 | ||
| 1993 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) | 2019 | void |
| 1994 | { | 2020 | SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) |
| 1995 | ctx->app_verify_callback=cb; | 2021 | { |
| 1996 | ctx->app_verify_arg=arg; | 2022 | ctx->app_verify_callback = cb; |
| 1997 | } | 2023 | ctx->app_verify_arg = arg; |
| 2024 | } | ||
| 1998 | 2025 | ||
| 1999 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) | 2026 | void |
| 2000 | { | 2027 | SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) |
| 2001 | ctx->verify_mode=mode; | 2028 | { |
| 2002 | ctx->default_verify_callback=cb; | 2029 | ctx->verify_mode = mode; |
| 2003 | } | 2030 | ctx->default_verify_callback = cb; |
| 2031 | } | ||
| 2004 | 2032 | ||
| 2005 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) | 2033 | void |
| 2006 | { | 2034 | SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) |
| 2035 | { | ||
| 2007 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | 2036 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
| 2008 | } | 2037 | } |
| 2009 | 2038 | ||
| 2010 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | 2039 | void |
| 2011 | { | 2040 | ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) |
| 2041 | { | ||
| 2012 | CERT_PKEY *cpk; | 2042 | CERT_PKEY *cpk; |
| 2013 | int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; | 2043 | int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; |
| 2014 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | 2044 | int rsa_enc_export, dh_rsa_export, dh_dsa_export; |
| 2015 | int rsa_tmp_export,dh_tmp_export,kl; | 2045 | int rsa_tmp_export, dh_tmp_export, kl; |
| 2016 | unsigned long mask_k,mask_a,emask_k,emask_a; | 2046 | unsigned long mask_k, mask_a, emask_k, emask_a; |
| 2017 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; | 2047 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; |
| 2018 | #ifndef OPENSSL_NO_ECDH | 2048 | #ifndef OPENSSL_NO_ECDH |
| 2019 | int have_ecdh_tmp; | 2049 | int have_ecdh_tmp; |
| @@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2022 | EVP_PKEY *ecc_pkey = NULL; | 2052 | EVP_PKEY *ecc_pkey = NULL; |
| 2023 | int signature_nid = 0, pk_nid = 0, md_nid = 0; | 2053 | int signature_nid = 0, pk_nid = 0, md_nid = 0; |
| 2024 | 2054 | ||
| 2025 | if (c == NULL) return; | 2055 | if (c == NULL) |
| 2056 | return; | ||
| 2026 | 2057 | ||
| 2027 | kl=SSL_C_EXPORT_PKEYLENGTH(cipher); | 2058 | kl = SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 2028 | 2059 | ||
| 2029 | #ifndef OPENSSL_NO_RSA | 2060 | #ifndef OPENSSL_NO_RSA |
| 2030 | rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); | 2061 | rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); |
| 2031 | rsa_tmp_export=(c->rsa_tmp_cb != NULL || | 2062 | rsa_tmp_export = (c->rsa_tmp_cb != NULL || |
| 2032 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); | 2063 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); |
| 2033 | #else | 2064 | #else |
| 2034 | rsa_tmp=rsa_tmp_export=0; | 2065 | rsa_tmp = rsa_tmp_export = 0; |
| 2035 | #endif | 2066 | #endif |
| 2036 | #ifndef OPENSSL_NO_DH | 2067 | #ifndef OPENSSL_NO_DH |
| 2037 | dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); | 2068 | dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); |
| 2038 | dh_tmp_export=(c->dh_tmp_cb != NULL || | 2069 | dh_tmp_export = (c->dh_tmp_cb != NULL || |
| 2039 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); | 2070 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); |
| 2040 | #else | 2071 | #else |
| 2041 | dh_tmp=dh_tmp_export=0; | 2072 | dh_tmp = dh_tmp_export = 0; |
| 2042 | #endif | 2073 | #endif |
| 2043 | 2074 | ||
| 2044 | #ifndef OPENSSL_NO_ECDH | 2075 | #ifndef OPENSSL_NO_ECDH |
| 2045 | have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); | 2076 | have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); |
| 2046 | #endif | 2077 | #endif |
| 2047 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | 2078 | cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); |
| 2048 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2079 | rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2049 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2080 | rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2050 | cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); | 2081 | cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); |
| 2051 | rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2082 | rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2052 | cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); | 2083 | cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); |
| 2053 | dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2084 | dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2054 | cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); | 2085 | cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); |
| 2055 | dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2086 | dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2056 | dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2087 | dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2057 | cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); | 2088 | cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); |
| 2058 | /* FIX THIS EAY EAY EAY */ | 2089 | /* FIX THIS EAY EAY EAY */ |
| 2059 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2090 | dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2060 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2091 | dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2061 | cpk= &(c->pkeys[SSL_PKEY_ECC]); | 2092 | cpk = &(c->pkeys[SSL_PKEY_ECC]); |
| 2062 | have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2093 | have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2063 | mask_k=0; | 2094 | mask_k = 0; |
| 2064 | mask_a=0; | 2095 | mask_a = 0; |
| 2065 | emask_k=0; | 2096 | emask_k = 0; |
| 2066 | emask_a=0; | 2097 | emask_a = 0; |
| 2098 | |||
| 2067 | 2099 | ||
| 2068 | |||
| 2069 | 2100 | ||
| 2070 | #ifdef CIPHER_DEBUG | 2101 | #ifdef CIPHER_DEBUG |
| 2071 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", | 2102 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", |
| 2072 | rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, | 2103 | rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, |
| 2073 | rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); | 2104 | rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); |
| 2074 | #endif | 2105 | #endif |
| 2075 | 2106 | ||
| 2076 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); | 2107 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); |
| 2077 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { | 2108 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { |
| 2078 | mask_k |= SSL_kGOST; | 2109 | mask_k |= SSL_kGOST; |
| @@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2091 | 2122 | ||
| 2092 | #if 0 | 2123 | #if 0 |
| 2093 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ | 2124 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ |
| 2094 | if ( (dh_tmp || dh_rsa || dh_dsa) && | 2125 | if ((dh_tmp || dh_rsa || dh_dsa) && |
| 2095 | (rsa_enc || rsa_sign || dsa_sign)) | 2126 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2096 | mask_k|=SSL_kEDH; | 2127 | mask_k|=SSL_kEDH; |
| 2097 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && | 2128 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && |
| 2098 | (rsa_enc || rsa_sign || dsa_sign)) | 2129 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2099 | emask_k|=SSL_kEDH; | 2130 | emask_k|=SSL_kEDH; |
| 2100 | #endif | 2131 | #endif |
| 2101 | 2132 | ||
| 2102 | if (dh_tmp_export) | 2133 | if (dh_tmp_export) |
| @@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2105 | if (dh_tmp) | 2136 | if (dh_tmp) |
| 2106 | mask_k|=SSL_kEDH; | 2137 | mask_k|=SSL_kEDH; |
| 2107 | 2138 | ||
| 2108 | if (dh_rsa) mask_k|=SSL_kDHr; | 2139 | if (dh_rsa) |
| 2109 | if (dh_rsa_export) emask_k|=SSL_kDHr; | 2140 | mask_k|=SSL_kDHr; |
| 2141 | if (dh_rsa_export) | ||
| 2142 | emask_k|=SSL_kDHr; | ||
| 2110 | 2143 | ||
| 2111 | if (dh_dsa) mask_k|=SSL_kDHd; | 2144 | if (dh_dsa) |
| 2112 | if (dh_dsa_export) emask_k|=SSL_kDHd; | 2145 | mask_k|=SSL_kDHd; |
| 2146 | if (dh_dsa_export) | ||
| 2147 | emask_k|=SSL_kDHd; | ||
| 2113 | 2148 | ||
| 2114 | if (rsa_enc || rsa_sign) | 2149 | if (rsa_enc || rsa_sign) { |
| 2115 | { | ||
| 2116 | mask_a|=SSL_aRSA; | 2150 | mask_a|=SSL_aRSA; |
| 2117 | emask_a|=SSL_aRSA; | 2151 | emask_a|=SSL_aRSA; |
| 2118 | } | 2152 | } |
| 2119 | 2153 | ||
| 2120 | if (dsa_sign) | 2154 | if (dsa_sign) { |
| 2121 | { | ||
| 2122 | mask_a|=SSL_aDSS; | 2155 | mask_a|=SSL_aDSS; |
| 2123 | emask_a|=SSL_aDSS; | 2156 | emask_a|=SSL_aDSS; |
| 2124 | } | 2157 | } |
| 2125 | 2158 | ||
| 2126 | mask_a|=SSL_aNULL; | 2159 | mask_a|=SSL_aNULL; |
| 2127 | emask_a|=SSL_aNULL; | 2160 | emask_a|=SSL_aNULL; |
| @@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2136 | /* An ECC certificate may be usable for ECDH and/or | 2169 | /* An ECC certificate may be usable for ECDH and/or |
| 2137 | * ECDSA cipher suites depending on the key usage extension. | 2170 | * ECDSA cipher suites depending on the key usage extension. |
| 2138 | */ | 2171 | */ |
| 2139 | if (have_ecc_cert) | 2172 | if (have_ecc_cert) { |
| 2140 | { | ||
| 2141 | /* This call populates extension flags (ex_flags) */ | 2173 | /* This call populates extension flags (ex_flags) */ |
| 2142 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | 2174 | x = (c->pkeys[SSL_PKEY_ECC]).x509; |
| 2143 | X509_check_purpose(x, -1, 0); | 2175 | X509_check_purpose(x, -1, 0); |
| 2144 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2176 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2145 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | 2177 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; |
| 2146 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2178 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2147 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | 2179 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; |
| 2148 | ecc_pkey = X509_get_pubkey(x); | 2180 | ecc_pkey = X509_get_pubkey(x); |
| 2149 | ecc_pkey_size = (ecc_pkey != NULL) ? | 2181 | ecc_pkey_size = (ecc_pkey != NULL) ? |
| 2150 | EVP_PKEY_bits(ecc_pkey) : 0; | 2182 | EVP_PKEY_bits(ecc_pkey) : 0; |
| 2151 | EVP_PKEY_free(ecc_pkey); | 2183 | EVP_PKEY_free(ecc_pkey); |
| 2152 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2184 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2153 | { | ||
| 2154 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2185 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2155 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2186 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2156 | } | 2187 | } |
| 2157 | #ifndef OPENSSL_NO_ECDH | 2188 | #ifndef OPENSSL_NO_ECDH |
| 2158 | if (ecdh_ok) | 2189 | if (ecdh_ok) { |
| 2159 | { | ||
| 2160 | 2190 | ||
| 2161 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) | 2191 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { |
| 2162 | { | ||
| 2163 | mask_k|=SSL_kECDHr; | 2192 | mask_k|=SSL_kECDHr; |
| 2164 | mask_a|=SSL_aECDH; | 2193 | mask_a|=SSL_aECDH; |
| 2165 | if (ecc_pkey_size <= 163) | 2194 | if (ecc_pkey_size <= 163) { |
| 2166 | { | ||
| 2167 | emask_k|=SSL_kECDHr; | 2195 | emask_k|=SSL_kECDHr; |
| 2168 | emask_a|=SSL_aECDH; | 2196 | emask_a|=SSL_aECDH; |
| 2169 | } | ||
| 2170 | } | 2197 | } |
| 2198 | } | ||
| 2171 | 2199 | ||
| 2172 | if (pk_nid == NID_X9_62_id_ecPublicKey) | 2200 | if (pk_nid == NID_X9_62_id_ecPublicKey) { |
| 2173 | { | ||
| 2174 | mask_k|=SSL_kECDHe; | 2201 | mask_k|=SSL_kECDHe; |
| 2175 | mask_a|=SSL_aECDH; | 2202 | mask_a|=SSL_aECDH; |
| 2176 | if (ecc_pkey_size <= 163) | 2203 | if (ecc_pkey_size <= 163) { |
| 2177 | { | ||
| 2178 | emask_k|=SSL_kECDHe; | 2204 | emask_k|=SSL_kECDHe; |
| 2179 | emask_a|=SSL_aECDH; | 2205 | emask_a|=SSL_aECDH; |
| 2180 | } | ||
| 2181 | } | 2206 | } |
| 2182 | } | 2207 | } |
| 2208 | } | ||
| 2183 | #endif | 2209 | #endif |
| 2184 | #ifndef OPENSSL_NO_ECDSA | 2210 | #ifndef OPENSSL_NO_ECDSA |
| 2185 | if (ecdsa_ok) | 2211 | if (ecdsa_ok) { |
| 2186 | { | ||
| 2187 | mask_a|=SSL_aECDSA; | 2212 | mask_a|=SSL_aECDSA; |
| 2188 | emask_a|=SSL_aECDSA; | 2213 | emask_a|=SSL_aECDSA; |
| 2189 | } | ||
| 2190 | #endif | ||
| 2191 | } | 2214 | } |
| 2215 | #endif | ||
| 2216 | } | ||
| 2192 | 2217 | ||
| 2193 | #ifndef OPENSSL_NO_ECDH | 2218 | #ifndef OPENSSL_NO_ECDH |
| 2194 | if (have_ecdh_tmp) | 2219 | if (have_ecdh_tmp) { |
| 2195 | { | ||
| 2196 | mask_k|=SSL_kEECDH; | 2220 | mask_k|=SSL_kEECDH; |
| 2197 | emask_k|=SSL_kEECDH; | 2221 | emask_k|=SSL_kEECDH; |
| 2198 | } | 2222 | } |
| 2199 | #endif | 2223 | #endif |
| 2200 | 2224 | ||
| 2201 | #ifndef OPENSSL_NO_PSK | 2225 | #ifndef OPENSSL_NO_PSK |
| @@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2205 | emask_a |= SSL_aPSK; | 2229 | emask_a |= SSL_aPSK; |
| 2206 | #endif | 2230 | #endif |
| 2207 | 2231 | ||
| 2208 | c->mask_k=mask_k; | 2232 | c->mask_k = mask_k; |
| 2209 | c->mask_a=mask_a; | 2233 | c->mask_a = mask_a; |
| 2210 | c->export_mask_k=emask_k; | 2234 | c->export_mask_k = emask_k; |
| 2211 | c->export_mask_a=emask_a; | 2235 | c->export_mask_a = emask_a; |
| 2212 | c->valid=1; | 2236 | c->valid = 1; |
| 2213 | } | 2237 | } |
| 2214 | 2238 | ||
| 2215 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | 2239 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ |
| 2216 | #define ku_reject(x, usage) \ | 2240 | #define ku_reject(x, usage) \ |
| @@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2218 | 2242 | ||
| 2219 | #ifndef OPENSSL_NO_EC | 2243 | #ifndef OPENSSL_NO_EC |
| 2220 | 2244 | ||
| 2221 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | 2245 | int |
| 2222 | { | 2246 | ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) |
| 2247 | { | ||
| 2223 | unsigned long alg_k, alg_a; | 2248 | unsigned long alg_k, alg_a; |
| 2224 | EVP_PKEY *pkey = NULL; | 2249 | EVP_PKEY *pkey = NULL; |
| 2225 | int keysize = 0; | 2250 | int keysize = 0; |
| @@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | |||
| 2229 | alg_k = cs->algorithm_mkey; | 2254 | alg_k = cs->algorithm_mkey; |
| 2230 | alg_a = cs->algorithm_auth; | 2255 | alg_a = cs->algorithm_auth; |
| 2231 | 2256 | ||
| 2232 | if (SSL_C_IS_EXPORT(cs)) | 2257 | if (SSL_C_IS_EXPORT(cs)) { |
| 2233 | { | ||
| 2234 | /* ECDH key length in export ciphers must be <= 163 bits */ | 2258 | /* ECDH key length in export ciphers must be <= 163 bits */ |
| 2235 | pkey = X509_get_pubkey(x); | 2259 | pkey = X509_get_pubkey(x); |
| 2236 | if (pkey == NULL) return 0; | 2260 | if (pkey == NULL) |
| 2261 | return 0; | ||
| 2237 | keysize = EVP_PKEY_bits(pkey); | 2262 | keysize = EVP_PKEY_bits(pkey); |
| 2238 | EVP_PKEY_free(pkey); | 2263 | EVP_PKEY_free(pkey); |
| 2239 | if (keysize > 163) return 0; | 2264 | if (keysize > 163) |
| 2240 | } | 2265 | return 0; |
| 2266 | } | ||
| 2241 | 2267 | ||
| 2242 | /* This call populates the ex_flags field correctly */ | 2268 | /* This call populates the ex_flags field correctly */ |
| 2243 | X509_check_purpose(x, -1, 0); | 2269 | X509_check_purpose(x, -1, 0); |
| 2244 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2270 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2245 | { | ||
| 2246 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2271 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2247 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2272 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2248 | } | 2273 | } |
| 2249 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) | 2274 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { |
| 2250 | { | ||
| 2251 | /* key usage, if present, must allow key agreement */ | 2275 | /* key usage, if present, must allow key agreement */ |
| 2252 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) | 2276 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { |
| 2253 | { | ||
| 2254 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); | 2277 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); |
| 2255 | return 0; | 2278 | return 0; |
| 2256 | } | 2279 | } |
| 2257 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) | 2280 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2258 | { | ||
| 2259 | /* signature alg must be ECDSA */ | 2281 | /* signature alg must be ECDSA */ |
| 2260 | if (pk_nid != NID_X9_62_id_ecPublicKey) | 2282 | if (pk_nid != NID_X9_62_id_ecPublicKey) { |
| 2261 | { | ||
| 2262 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); | 2283 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); |
| 2263 | return 0; | 2284 | return 0; |
| 2264 | } | ||
| 2265 | } | 2285 | } |
| 2266 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) | 2286 | } |
| 2267 | { | 2287 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2268 | /* signature alg must be RSA */ | 2288 | /* signature alg must be RSA */ |
| 2269 | 2289 | ||
| 2270 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) | 2290 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { |
| 2271 | { | ||
| 2272 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); | 2291 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); |
| 2273 | return 0; | 2292 | return 0; |
| 2274 | } | ||
| 2275 | } | 2293 | } |
| 2276 | } | 2294 | } |
| 2277 | if (alg_a & SSL_aECDSA) | 2295 | } |
| 2278 | { | 2296 | if (alg_a & SSL_aECDSA) { |
| 2279 | /* key usage, if present, must allow signing */ | 2297 | /* key usage, if present, must allow signing */ |
| 2280 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) | 2298 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { |
| 2281 | { | ||
| 2282 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); | 2299 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); |
| 2283 | return 0; | 2300 | return 0; |
| 2284 | } | ||
| 2285 | } | 2301 | } |
| 2286 | |||
| 2287 | return 1; /* all checks are ok */ | ||
| 2288 | } | 2302 | } |
| 2289 | 2303 | ||
| 2304 | return 1; | ||
| 2305 | /* all checks are ok */ | ||
| 2306 | } | ||
| 2307 | |||
| 2290 | #endif | 2308 | #endif |
| 2291 | 2309 | ||
| 2292 | /* THIS NEEDS CLEANING UP */ | 2310 | /* THIS NEEDS CLEANING UP */ |
| 2293 | CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | 2311 | CERT_PKEY |
| 2294 | { | 2312 | *ssl_get_server_send_pkey(const SSL *s) |
| 2295 | unsigned long alg_k,alg_a; | 2313 | { |
| 2314 | unsigned long alg_k, alg_a; | ||
| 2296 | CERT *c; | 2315 | CERT *c; |
| 2297 | int i; | 2316 | int i; |
| 2298 | 2317 | ||
| 2299 | c=s->cert; | 2318 | c = s->cert; |
| 2300 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); | 2319 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); |
| 2301 | 2320 | ||
| 2302 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2321 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 2303 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2322 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 2304 | 2323 | ||
| 2305 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) | 2324 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { |
| 2306 | { | ||
| 2307 | /* we don't need to look at SSL_kEECDH | 2325 | /* we don't need to look at SSL_kEECDH |
| 2308 | * since no certificate is needed for | 2326 | * since no certificate is needed for |
| 2309 | * anon ECDH and for authenticated | 2327 | * anon ECDH and for authenticated |
| @@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | |||
| 2315 | * checks for SSL_kECDH before RSA | 2333 | * checks for SSL_kECDH before RSA |
| 2316 | * checks ensures the correct cert is chosen. | 2334 | * checks ensures the correct cert is chosen. |
| 2317 | */ | 2335 | */ |
| 2318 | i=SSL_PKEY_ECC; | 2336 | i = SSL_PKEY_ECC; |
| 2319 | } | 2337 | } else if (alg_a & SSL_aECDSA) { |
| 2320 | else if (alg_a & SSL_aECDSA) | 2338 | i = SSL_PKEY_ECC; |
| 2321 | { | 2339 | } else if (alg_k & SSL_kDHr) |
| 2322 | i=SSL_PKEY_ECC; | 2340 | i = SSL_PKEY_DH_RSA; |
| 2323 | } | ||
| 2324 | else if (alg_k & SSL_kDHr) | ||
| 2325 | i=SSL_PKEY_DH_RSA; | ||
| 2326 | else if (alg_k & SSL_kDHd) | 2341 | else if (alg_k & SSL_kDHd) |
| 2327 | i=SSL_PKEY_DH_DSA; | 2342 | i = SSL_PKEY_DH_DSA; |
| 2328 | else if (alg_a & SSL_aDSS) | 2343 | else if (alg_a & SSL_aDSS) |
| 2329 | i=SSL_PKEY_DSA_SIGN; | 2344 | i = SSL_PKEY_DSA_SIGN; |
| 2330 | else if (alg_a & SSL_aRSA) | 2345 | else if (alg_a & SSL_aRSA) { |
| 2331 | { | ||
| 2332 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) | 2346 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) |
| 2333 | i=SSL_PKEY_RSA_SIGN; | 2347 | i = SSL_PKEY_RSA_SIGN; |
| 2334 | else | 2348 | else |
| 2335 | i=SSL_PKEY_RSA_ENC; | 2349 | i = SSL_PKEY_RSA_ENC; |
| 2336 | } | 2350 | } else if (alg_a & SSL_aKRB5) { |
| 2337 | else if (alg_a & SSL_aKRB5) | ||
| 2338 | { | ||
| 2339 | /* VRS something else here? */ | 2351 | /* VRS something else here? */ |
| 2340 | return(NULL); | 2352 | return (NULL); |
| 2341 | } | 2353 | } else if (alg_a & SSL_aGOST94) |
| 2342 | else if (alg_a & SSL_aGOST94) | 2354 | i = SSL_PKEY_GOST94; |
| 2343 | i=SSL_PKEY_GOST94; | ||
| 2344 | else if (alg_a & SSL_aGOST01) | 2355 | else if (alg_a & SSL_aGOST01) |
| 2345 | i=SSL_PKEY_GOST01; | 2356 | i = SSL_PKEY_GOST01; |
| 2346 | else /* if (alg_a & SSL_aNULL) */ | 2357 | else /* if (alg_a & SSL_aNULL) */ |
| 2347 | { | 2358 | { |
| 2348 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); | 2359 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); |
| 2349 | return(NULL); | 2360 | return (NULL); |
| 2350 | } | 2361 | } |
| 2351 | 2362 | ||
| 2352 | return c->pkeys + i; | 2363 | return c->pkeys + i; |
| 2353 | } | 2364 | } |
| 2354 | 2365 | ||
| 2355 | X509 *ssl_get_server_send_cert(const SSL *s) | 2366 | X509 |
| 2356 | { | 2367 | *ssl_get_server_send_cert(const SSL *s) |
| 2368 | { | ||
| 2357 | CERT_PKEY *cpk; | 2369 | CERT_PKEY *cpk; |
| 2358 | cpk = ssl_get_server_send_pkey(s); | 2370 | cpk = ssl_get_server_send_pkey(s); |
| 2359 | if (!cpk) | 2371 | if (!cpk) |
| 2360 | return NULL; | 2372 | return NULL; |
| 2361 | return cpk->x509; | 2373 | return cpk->x509; |
| 2362 | } | 2374 | } |
| 2363 | 2375 | ||
| 2364 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) | 2376 | EVP_PKEY |
| 2365 | { | 2377 | *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) |
| 2378 | { | ||
| 2366 | unsigned long alg_a; | 2379 | unsigned long alg_a; |
| 2367 | CERT *c; | 2380 | CERT *c; |
| 2368 | int idx = -1; | 2381 | int idx = -1; |
| 2369 | 2382 | ||
| 2370 | alg_a = cipher->algorithm_auth; | 2383 | alg_a = cipher->algorithm_auth; |
| 2371 | c=s->cert; | 2384 | c = s->cert; |
| 2372 | 2385 | ||
| 2373 | if ((alg_a & SSL_aDSS) && | 2386 | if ((alg_a & SSL_aDSS) && |
| 2374 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) | 2387 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) |
| 2375 | idx = SSL_PKEY_DSA_SIGN; | 2388 | idx = SSL_PKEY_DSA_SIGN; |
| 2376 | else if (alg_a & SSL_aRSA) | 2389 | else if (alg_a & SSL_aRSA) { |
| 2377 | { | ||
| 2378 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) | 2390 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) |
| 2379 | idx = SSL_PKEY_RSA_SIGN; | 2391 | idx = SSL_PKEY_RSA_SIGN; |
| 2380 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) | 2392 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) |
| 2381 | idx = SSL_PKEY_RSA_ENC; | 2393 | idx = SSL_PKEY_RSA_ENC; |
| 2382 | } | 2394 | } else if ((alg_a & SSL_aECDSA) && |
| 2383 | else if ((alg_a & SSL_aECDSA) && | 2395 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) |
| 2384 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | 2396 | idx = SSL_PKEY_ECC; |
| 2385 | idx = SSL_PKEY_ECC; | 2397 | if (idx == -1) { |
| 2386 | if (idx == -1) | 2398 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); |
| 2387 | { | 2399 | return (NULL); |
| 2388 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); | 2400 | } |
| 2389 | return(NULL); | ||
| 2390 | } | ||
| 2391 | if (pmd) | 2401 | if (pmd) |
| 2392 | *pmd = c->pkeys[idx].digest; | 2402 | *pmd = c->pkeys[idx].digest; |
| 2393 | return c->pkeys[idx].privatekey; | 2403 | return c->pkeys[idx].privatekey; |
| 2394 | } | 2404 | } |
| 2395 | 2405 | ||
| 2396 | void ssl_update_cache(SSL *s,int mode) | 2406 | void |
| 2397 | { | 2407 | ssl_update_cache(SSL *s, int mode) |
| 2408 | { | ||
| 2398 | int i; | 2409 | int i; |
| 2399 | 2410 | ||
| 2400 | /* If the session_id_length is 0, we are not supposed to cache it, | 2411 | /* If the session_id_length is 0, we are not supposed to cache it, |
| 2401 | * and it would be rather hard to do anyway :-) */ | 2412 | * and it would be rather hard to do anyway :-) */ |
| 2402 | if (s->session->session_id_length == 0) return; | 2413 | if (s->session->session_id_length == 0) |
| 2414 | return; | ||
| 2403 | 2415 | ||
| 2404 | i=s->session_ctx->session_cache_mode; | 2416 | i = s->session_ctx->session_cache_mode; |
| 2405 | if ((i & mode) && (!s->hit) | 2417 | if ((i & mode) && (!s->hit) |
| 2406 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | 2418 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 2407 | || SSL_CTX_add_session(s->session_ctx,s->session)) | 2419 | || SSL_CTX_add_session(s->session_ctx, s->session)) |
| 2408 | && (s->session_ctx->new_session_cb != NULL)) | 2420 | && (s->session_ctx->new_session_cb != NULL)) { |
| 2409 | { | 2421 | CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 2410 | CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); | 2422 | if (!s->session_ctx->new_session_cb(s, s->session)) |
| 2411 | if (!s->session_ctx->new_session_cb(s,s->session)) | ||
| 2412 | SSL_SESSION_free(s->session); | 2423 | SSL_SESSION_free(s->session); |
| 2413 | } | 2424 | } |
| 2414 | 2425 | ||
| 2415 | /* auto flush every 255 connections */ | 2426 | /* auto flush every 255 connections */ |
| 2416 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && | 2427 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && |
| 2417 | ((i & mode) == mode)) | 2428 | ((i & mode) == mode)) { |
| 2418 | { | 2429 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2419 | if ( (((mode & SSL_SESS_CACHE_CLIENT) | ||
| 2420 | ?s->session_ctx->stats.sess_connect_good | 2430 | ?s->session_ctx->stats.sess_connect_good |
| 2421 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) | 2431 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2422 | { | ||
| 2423 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2432 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); |
| 2424 | } | ||
| 2425 | } | 2433 | } |
| 2426 | } | 2434 | } |
| 2435 | } | ||
| 2427 | 2436 | ||
| 2428 | const SSL_METHOD *SSL_get_ssl_method(SSL *s) | 2437 | const SSL_METHOD |
| 2429 | { | 2438 | *SSL_get_ssl_method(SSL *s) |
| 2430 | return(s->method); | 2439 | { |
| 2431 | } | 2440 | return (s->method); |
| 2441 | } | ||
| 2432 | 2442 | ||
| 2433 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) | 2443 | int |
| 2434 | { | 2444 | SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) |
| 2435 | int conn= -1; | 2445 | { |
| 2436 | int ret=1; | 2446 | int conn = -1; |
| 2447 | int ret = 1; | ||
| 2437 | 2448 | ||
| 2438 | if (s->method != meth) | 2449 | if (s->method != meth) { |
| 2439 | { | ||
| 2440 | if (s->handshake_func != NULL) | 2450 | if (s->handshake_func != NULL) |
| 2441 | conn=(s->handshake_func == s->method->ssl_connect); | 2451 | conn = (s->handshake_func == s->method->ssl_connect); |
| 2442 | 2452 | ||
| 2443 | if (s->method->version == meth->version) | 2453 | if (s->method->version == meth->version) |
| 2444 | s->method=meth; | 2454 | s->method = meth; |
| 2445 | else | 2455 | else { |
| 2446 | { | ||
| 2447 | s->method->ssl_free(s); | 2456 | s->method->ssl_free(s); |
| 2448 | s->method=meth; | 2457 | s->method = meth; |
| 2449 | ret=s->method->ssl_new(s); | 2458 | ret = s->method->ssl_new(s); |
| 2450 | } | 2459 | } |
| 2451 | 2460 | ||
| 2452 | if (conn == 1) | 2461 | if (conn == 1) |
| 2453 | s->handshake_func=meth->ssl_connect; | 2462 | s->handshake_func = meth->ssl_connect; |
| 2454 | else if (conn == 0) | 2463 | else if (conn == 0) |
| 2455 | s->handshake_func=meth->ssl_accept; | 2464 | s->handshake_func = meth->ssl_accept; |
| 2456 | } | ||
| 2457 | return(ret); | ||
| 2458 | } | 2465 | } |
| 2466 | return (ret); | ||
| 2467 | } | ||
| 2459 | 2468 | ||
| 2460 | int SSL_get_error(const SSL *s,int i) | 2469 | int |
| 2461 | { | 2470 | SSL_get_error(const SSL *s, int i) |
| 2471 | { | ||
| 2462 | int reason; | 2472 | int reason; |
| 2463 | unsigned long l; | 2473 | unsigned long l; |
| 2464 | BIO *bio; | 2474 | BIO *bio; |
| 2465 | 2475 | ||
| 2466 | if (i > 0) return(SSL_ERROR_NONE); | 2476 | if (i > 0) |
| 2477 | return (SSL_ERROR_NONE); | ||
| 2467 | 2478 | ||
| 2468 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake | 2479 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake |
| 2469 | * etc, where we do encode the error */ | 2480 | * etc, where we do encode the error */ |
| 2470 | if ((l=ERR_peek_error()) != 0) | 2481 | if ((l = ERR_peek_error()) != 0) { |
| 2471 | { | ||
| 2472 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) | 2482 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) |
| 2473 | return(SSL_ERROR_SYSCALL); | 2483 | return (SSL_ERROR_SYSCALL); |
| 2474 | else | 2484 | else |
| 2475 | return(SSL_ERROR_SSL); | 2485 | return (SSL_ERROR_SSL); |
| 2476 | } | 2486 | } |
| 2477 | 2487 | ||
| 2478 | if ((i < 0) && SSL_want_read(s)) | 2488 | if ((i < 0) && SSL_want_read(s)) { |
| 2479 | { | 2489 | bio = SSL_get_rbio(s); |
| 2480 | bio=SSL_get_rbio(s); | ||
| 2481 | if (BIO_should_read(bio)) | 2490 | if (BIO_should_read(bio)) |
| 2482 | return(SSL_ERROR_WANT_READ); | 2491 | return (SSL_ERROR_WANT_READ); |
| 2483 | else if (BIO_should_write(bio)) | 2492 | else if (BIO_should_write(bio)) |
| 2484 | /* This one doesn't make too much sense ... We never try | 2493 | /* This one doesn't make too much sense ... We never try |
| 2485 | * to write to the rbio, and an application program where | 2494 | * to write to the rbio, and an application program where |
| @@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i) | |||
| 2490 | * SSL_want_write(s)) and rbio and wbio *are* the same, | 2499 | * SSL_want_write(s)) and rbio and wbio *are* the same, |
| 2491 | * this test works around that bug; so it might be safer | 2500 | * this test works around that bug; so it might be safer |
| 2492 | * to keep it. */ | 2501 | * to keep it. */ |
| 2493 | return(SSL_ERROR_WANT_WRITE); | 2502 | return (SSL_ERROR_WANT_WRITE); |
| 2494 | else if (BIO_should_io_special(bio)) | 2503 | else if (BIO_should_io_special(bio)) { |
| 2495 | { | 2504 | reason = BIO_get_retry_reason(bio); |
| 2496 | reason=BIO_get_retry_reason(bio); | ||
| 2497 | if (reason == BIO_RR_CONNECT) | 2505 | if (reason == BIO_RR_CONNECT) |
| 2498 | return(SSL_ERROR_WANT_CONNECT); | 2506 | return (SSL_ERROR_WANT_CONNECT); |
| 2499 | else if (reason == BIO_RR_ACCEPT) | 2507 | else if (reason == BIO_RR_ACCEPT) |
| 2500 | return(SSL_ERROR_WANT_ACCEPT); | 2508 | return (SSL_ERROR_WANT_ACCEPT); |
| 2501 | else | 2509 | else |
| 2502 | return(SSL_ERROR_SYSCALL); /* unknown */ | 2510 | return(SSL_ERROR_SYSCALL); /* unknown */ |
| 2503 | } | ||
| 2504 | } | 2511 | } |
| 2512 | } | ||
| 2505 | 2513 | ||
| 2506 | if ((i < 0) && SSL_want_write(s)) | 2514 | if ((i < 0) && SSL_want_write(s)) { |
| 2507 | { | 2515 | bio = SSL_get_wbio(s); |
| 2508 | bio=SSL_get_wbio(s); | ||
| 2509 | if (BIO_should_write(bio)) | 2516 | if (BIO_should_write(bio)) |
| 2510 | return(SSL_ERROR_WANT_WRITE); | 2517 | return (SSL_ERROR_WANT_WRITE); |
| 2511 | else if (BIO_should_read(bio)) | 2518 | else if (BIO_should_read(bio)) |
| 2512 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ | 2519 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ |
| 2513 | return(SSL_ERROR_WANT_READ); | 2520 | return (SSL_ERROR_WANT_READ); |
| 2514 | else if (BIO_should_io_special(bio)) | 2521 | else if (BIO_should_io_special(bio)) { |
| 2515 | { | 2522 | reason = BIO_get_retry_reason(bio); |
| 2516 | reason=BIO_get_retry_reason(bio); | ||
| 2517 | if (reason == BIO_RR_CONNECT) | 2523 | if (reason == BIO_RR_CONNECT) |
| 2518 | return(SSL_ERROR_WANT_CONNECT); | 2524 | return (SSL_ERROR_WANT_CONNECT); |
| 2519 | else if (reason == BIO_RR_ACCEPT) | 2525 | else if (reason == BIO_RR_ACCEPT) |
| 2520 | return(SSL_ERROR_WANT_ACCEPT); | 2526 | return (SSL_ERROR_WANT_ACCEPT); |
| 2521 | else | 2527 | else |
| 2522 | return(SSL_ERROR_SYSCALL); | 2528 | return (SSL_ERROR_SYSCALL); |
| 2523 | } | ||
| 2524 | } | ||
| 2525 | if ((i < 0) && SSL_want_x509_lookup(s)) | ||
| 2526 | { | ||
| 2527 | return(SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2528 | } | 2529 | } |
| 2530 | } | ||
| 2531 | if ((i < 0) && SSL_want_x509_lookup(s)) { | ||
| 2532 | return (SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2533 | } | ||
| 2529 | 2534 | ||
| 2530 | if (i == 0) | 2535 | if (i == 0) { |
| 2531 | { | 2536 | if (s->version == SSL2_VERSION) { |
| 2532 | if (s->version == SSL2_VERSION) | ||
| 2533 | { | ||
| 2534 | /* assume it is the socket being closed */ | 2537 | /* assume it is the socket being closed */ |
| 2535 | return(SSL_ERROR_ZERO_RETURN); | 2538 | return (SSL_ERROR_ZERO_RETURN); |
| 2536 | } | 2539 | } else { |
| 2537 | else | ||
| 2538 | { | ||
| 2539 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | 2540 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && |
| 2540 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) | 2541 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) |
| 2541 | return(SSL_ERROR_ZERO_RETURN); | 2542 | return (SSL_ERROR_ZERO_RETURN); |
| 2542 | } | ||
| 2543 | } | 2543 | } |
| 2544 | return(SSL_ERROR_SYSCALL); | ||
| 2545 | } | 2544 | } |
| 2545 | return (SSL_ERROR_SYSCALL); | ||
| 2546 | } | ||
| 2546 | 2547 | ||
| 2547 | int SSL_do_handshake(SSL *s) | 2548 | int |
| 2548 | { | 2549 | SSL_do_handshake(SSL *s) |
| 2549 | int ret=1; | 2550 | { |
| 2551 | int ret = 1; | ||
| 2550 | 2552 | ||
| 2551 | if (s->handshake_func == NULL) | 2553 | if (s->handshake_func == NULL) { |
| 2552 | { | 2554 | SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); |
| 2553 | SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); | 2555 | return (-1); |
| 2554 | return(-1); | 2556 | } |
| 2555 | } | ||
| 2556 | 2557 | ||
| 2557 | s->method->ssl_renegotiate_check(s); | 2558 | s->method->ssl_renegotiate_check(s); |
| 2558 | 2559 | ||
| 2559 | if (SSL_in_init(s) || SSL_in_before(s)) | 2560 | if (SSL_in_init(s) || SSL_in_before(s)) { |
| 2560 | { | 2561 | ret = s->handshake_func(s); |
| 2561 | ret=s->handshake_func(s); | ||
| 2562 | } | ||
| 2563 | return(ret); | ||
| 2564 | } | 2562 | } |
| 2563 | return (ret); | ||
| 2564 | } | ||
| 2565 | 2565 | ||
| 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so | 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so |
| 2567 | * one of these calls will reset it */ | 2567 | * one of these calls will reset it */ |
| 2568 | void SSL_set_accept_state(SSL *s) | 2568 | void |
| 2569 | { | 2569 | SSL_set_accept_state(SSL *s) |
| 2570 | s->server=1; | 2570 | { |
| 2571 | s->shutdown=0; | 2571 | s->server = 1; |
| 2572 | s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; | 2572 | s->shutdown = 0; |
| 2573 | s->handshake_func=s->method->ssl_accept; | 2573 | s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; |
| 2574 | s->handshake_func = s->method->ssl_accept; | ||
| 2574 | /* clear the current cipher */ | 2575 | /* clear the current cipher */ |
| 2575 | ssl_clear_cipher_ctx(s); | 2576 | ssl_clear_cipher_ctx(s); |
| 2576 | ssl_clear_hash_ctx(&s->read_hash); | 2577 | ssl_clear_hash_ctx(&s->read_hash); |
| 2577 | ssl_clear_hash_ctx(&s->write_hash); | 2578 | ssl_clear_hash_ctx(&s->write_hash); |
| 2578 | } | 2579 | } |
| 2579 | 2580 | ||
| 2580 | void SSL_set_connect_state(SSL *s) | 2581 | void |
| 2581 | { | 2582 | SSL_set_connect_state(SSL *s) |
| 2582 | s->server=0; | 2583 | { |
| 2583 | s->shutdown=0; | 2584 | s->server = 0; |
| 2584 | s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; | 2585 | s->shutdown = 0; |
| 2585 | s->handshake_func=s->method->ssl_connect; | 2586 | s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; |
| 2587 | s->handshake_func = s->method->ssl_connect; | ||
| 2586 | /* clear the current cipher */ | 2588 | /* clear the current cipher */ |
| 2587 | ssl_clear_cipher_ctx(s); | 2589 | ssl_clear_cipher_ctx(s); |
| 2588 | ssl_clear_hash_ctx(&s->read_hash); | 2590 | ssl_clear_hash_ctx(&s->read_hash); |
| 2589 | ssl_clear_hash_ctx(&s->write_hash); | 2591 | ssl_clear_hash_ctx(&s->write_hash); |
| 2590 | } | 2592 | } |
| 2591 | 2593 | ||
| 2592 | int ssl_undefined_function(SSL *s) | 2594 | int |
| 2593 | { | 2595 | ssl_undefined_function(SSL *s) |
| 2594 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2596 | { |
| 2595 | return(0); | 2597 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2596 | } | 2598 | return (0); |
| 2599 | } | ||
| 2597 | 2600 | ||
| 2598 | int ssl_undefined_void_function(void) | 2601 | int |
| 2599 | { | 2602 | ssl_undefined_void_function(void) |
| 2600 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2603 | { |
| 2601 | return(0); | 2604 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2602 | } | 2605 | return (0); |
| 2606 | } | ||
| 2603 | 2607 | ||
| 2604 | int ssl_undefined_const_function(const SSL *s) | 2608 | int |
| 2605 | { | 2609 | ssl_undefined_const_function(const SSL *s) |
| 2606 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2610 | { |
| 2607 | return(0); | 2611 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2608 | } | 2612 | return (0); |
| 2613 | } | ||
| 2609 | 2614 | ||
| 2610 | SSL_METHOD *ssl_bad_method(int ver) | 2615 | SSL_METHOD |
| 2611 | { | 2616 | *ssl_bad_method(int ver) |
| 2612 | SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2617 | { |
| 2613 | return(NULL); | 2618 | SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2614 | } | 2619 | return (NULL); |
| 2620 | } | ||
| 2615 | 2621 | ||
| 2616 | const char *SSL_get_version(const SSL *s) | 2622 | const char |
| 2617 | { | 2623 | *SSL_get_version(const SSL *s) |
| 2624 | { | ||
| 2618 | if (s->version == TLS1_2_VERSION) | 2625 | if (s->version == TLS1_2_VERSION) |
| 2619 | return("TLSv1.2"); | 2626 | return("TLSv1.2"); |
| 2620 | else if (s->version == TLS1_1_VERSION) | 2627 | else if (s->version == TLS1_1_VERSION) |
| @@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s) | |||
| 2627 | return("SSLv2"); | 2634 | return("SSLv2"); |
| 2628 | else | 2635 | else |
| 2629 | return("unknown"); | 2636 | return("unknown"); |
| 2630 | } | 2637 | } |
| 2631 | 2638 | ||
| 2632 | SSL *SSL_dup(SSL *s) | 2639 | SSL |
| 2633 | { | 2640 | *SSL_dup(SSL *s) |
| 2641 | { | ||
| 2634 | STACK_OF(X509_NAME) *sk; | 2642 | STACK_OF(X509_NAME) *sk; |
| 2635 | X509_NAME *xn; | 2643 | X509_NAME *xn; |
| 2636 | SSL *ret; | 2644 | SSL *ret; |
| 2637 | int i; | 2645 | int i; |
| 2638 | 2646 | ||
| 2639 | if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) | 2647 | if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) |
| 2640 | return(NULL); | 2648 | return (NULL); |
| 2641 | 2649 | ||
| 2642 | ret->version = s->version; | 2650 | ret->version = s->version; |
| 2643 | ret->type = s->type; | 2651 | ret->type = s->type; |
| 2644 | ret->method = s->method; | 2652 | ret->method = s->method; |
| 2645 | 2653 | ||
| 2646 | if (s->session != NULL) | 2654 | if (s->session != NULL) { |
| 2647 | { | ||
| 2648 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ | 2655 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ |
| 2649 | SSL_copy_session_id(ret,s); | 2656 | SSL_copy_session_id(ret, s); |
| 2650 | } | 2657 | } else { |
| 2651 | else | ||
| 2652 | { | ||
| 2653 | /* No session has been established yet, so we have to expect | 2658 | /* No session has been established yet, so we have to expect |
| 2654 | * that s->cert or ret->cert will be changed later -- | 2659 | * that s->cert or ret->cert will be changed later -- |
| 2655 | * they should not both point to the same object, | 2660 | * they should not both point to the same object, |
| @@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s) | |||
| 2659 | ret->method = s->method; | 2664 | ret->method = s->method; |
| 2660 | ret->method->ssl_new(ret); | 2665 | ret->method->ssl_new(ret); |
| 2661 | 2666 | ||
| 2662 | if (s->cert != NULL) | 2667 | if (s->cert != NULL) { |
| 2663 | { | 2668 | if (ret->cert != NULL) { |
| 2664 | if (ret->cert != NULL) | ||
| 2665 | { | ||
| 2666 | ssl_cert_free(ret->cert); | 2669 | ssl_cert_free(ret->cert); |
| 2667 | } | 2670 | } |
| 2668 | ret->cert = ssl_cert_dup(s->cert); | 2671 | ret->cert = ssl_cert_dup(s->cert); |
| 2669 | if (ret->cert == NULL) | 2672 | if (ret->cert == NULL) |
| 2670 | goto err; | 2673 | goto err; |
| 2671 | } | ||
| 2672 | |||
| 2673 | SSL_set_session_id_context(ret, | ||
| 2674 | s->sid_ctx, s->sid_ctx_length); | ||
| 2675 | } | 2674 | } |
| 2676 | 2675 | ||
| 2677 | ret->options=s->options; | 2676 | SSL_set_session_id_context(ret, |
| 2678 | ret->mode=s->mode; | 2677 | s->sid_ctx, s->sid_ctx_length); |
| 2679 | SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); | 2678 | } |
| 2680 | SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); | 2679 | |
| 2680 | ret->options = s->options; | ||
| 2681 | ret->mode = s->mode; | ||
| 2682 | SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); | ||
| 2683 | SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); | ||
| 2681 | ret->msg_callback = s->msg_callback; | 2684 | ret->msg_callback = s->msg_callback; |
| 2682 | ret->msg_callback_arg = s->msg_callback_arg; | 2685 | ret->msg_callback_arg = s->msg_callback_arg; |
| 2683 | SSL_set_verify(ret,SSL_get_verify_mode(s), | 2686 | SSL_set_verify(ret, SSL_get_verify_mode(s), |
| 2684 | SSL_get_verify_callback(s)); | 2687 | SSL_get_verify_callback(s)); |
| 2685 | SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); | 2688 | SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); |
| 2686 | ret->generate_session_id = s->generate_session_id; | 2689 | ret->generate_session_id = s->generate_session_id; |
| 2687 | 2690 | ||
| 2688 | SSL_set_info_callback(ret,SSL_get_info_callback(s)); | 2691 | SSL_set_info_callback(ret, SSL_get_info_callback(s)); |
| 2689 | 2692 | ||
| 2690 | ret->debug=s->debug; | 2693 | ret->debug = s->debug; |
| 2691 | 2694 | ||
| 2692 | /* copy app data, a little dangerous perhaps */ | 2695 | /* copy app data, a little dangerous perhaps */ |
| 2693 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) | 2696 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) |
| 2694 | goto err; | 2697 | goto err; |
| 2695 | 2698 | ||
| 2696 | /* setup rbio, and wbio */ | 2699 | /* setup rbio, and wbio */ |
| 2697 | if (s->rbio != NULL) | 2700 | if (s->rbio != NULL) { |
| 2698 | { | ||
| 2699 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) | 2701 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) |
| 2700 | goto err; | 2702 | goto err; |
| 2701 | } | 2703 | } |
| 2702 | if (s->wbio != NULL) | 2704 | if (s->wbio != NULL) { |
| 2703 | { | 2705 | if (s->wbio != s->rbio) { |
| 2704 | if (s->wbio != s->rbio) | ||
| 2705 | { | ||
| 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) | 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) |
| 2707 | goto err; | 2707 | goto err; |
| 2708 | } | 2708 | } else |
| 2709 | else | 2709 | ret->wbio = ret->rbio; |
| 2710 | ret->wbio=ret->rbio; | 2710 | } |
| 2711 | } | ||
| 2712 | ret->rwstate = s->rwstate; | 2711 | ret->rwstate = s->rwstate; |
| 2713 | ret->in_handshake = s->in_handshake; | 2712 | ret->in_handshake = s->in_handshake; |
| 2714 | ret->handshake_func = s->handshake_func; | 2713 | ret->handshake_func = s->handshake_func; |
| @@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s) | |||
| 2716 | ret->renegotiate = s->renegotiate; | 2715 | ret->renegotiate = s->renegotiate; |
| 2717 | ret->new_session = s->new_session; | 2716 | ret->new_session = s->new_session; |
| 2718 | ret->quiet_shutdown = s->quiet_shutdown; | 2717 | ret->quiet_shutdown = s->quiet_shutdown; |
| 2719 | ret->shutdown=s->shutdown; | 2718 | ret->shutdown = s->shutdown; |
| 2720 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ | 2719 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ |
| 2721 | ret->rstate=s->rstate; | 2720 | ret->rstate = s->rstate; |
| 2722 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | 2721 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ |
| 2723 | ret->hit=s->hit; | 2722 | ret->hit = s->hit; |
| 2724 | 2723 | ||
| 2725 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | 2724 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2726 | 2725 | ||
| 2727 | /* dup the cipher_list and cipher_list_by_id stacks */ | 2726 | /* dup the cipher_list and cipher_list_by_id stacks */ |
| 2728 | if (s->cipher_list != NULL) | 2727 | if (s->cipher_list != NULL) { |
| 2729 | { | 2728 | if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) |
| 2730 | if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | ||
| 2731 | goto err; | 2729 | goto err; |
| 2732 | } | 2730 | } |
| 2733 | if (s->cipher_list_by_id != NULL) | 2731 | if (s->cipher_list_by_id != NULL) |
| 2734 | if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) | 2732 | if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) |
| 2735 | == NULL) | 2733 | == NULL) |
| 2736 | goto err; | 2734 | goto err; |
| 2737 | 2735 | ||
| 2738 | /* Dup the client_CA list */ | 2736 | /* Dup the client_CA list */ |
| 2739 | if (s->client_CA != NULL) | 2737 | if (s->client_CA != NULL) { |
| 2740 | { | 2738 | if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; |
| 2741 | if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; | 2739 | ret->client_CA = sk; |
| 2742 | ret->client_CA=sk; | 2740 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 2743 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 2741 | xn = sk_X509_NAME_value(sk, i); |
| 2744 | { | 2742 | if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { |
| 2745 | xn=sk_X509_NAME_value(sk,i); | ||
| 2746 | if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) | ||
| 2747 | { | ||
| 2748 | X509_NAME_free(xn); | 2743 | X509_NAME_free(xn); |
| 2749 | goto err; | 2744 | goto err; |
| 2750 | } | ||
| 2751 | } | 2745 | } |
| 2752 | } | 2746 | } |
| 2747 | } | ||
| 2753 | 2748 | ||
| 2754 | if (0) | 2749 | if (0) { |
| 2755 | { | ||
| 2756 | err: | 2750 | err: |
| 2757 | if (ret != NULL) SSL_free(ret); | 2751 | if (ret != NULL) |
| 2758 | ret=NULL; | 2752 | SSL_free(ret); |
| 2759 | } | 2753 | ret = NULL; |
| 2760 | return(ret); | ||
| 2761 | } | 2754 | } |
| 2755 | return (ret); | ||
| 2756 | } | ||
| 2762 | 2757 | ||
| 2763 | void ssl_clear_cipher_ctx(SSL *s) | 2758 | void |
| 2764 | { | 2759 | ssl_clear_cipher_ctx(SSL *s) |
| 2765 | if (s->enc_read_ctx != NULL) | 2760 | { |
| 2766 | { | 2761 | if (s->enc_read_ctx != NULL) { |
| 2767 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); | 2762 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); |
| 2768 | OPENSSL_free(s->enc_read_ctx); | 2763 | OPENSSL_free(s->enc_read_ctx); |
| 2769 | s->enc_read_ctx=NULL; | 2764 | s->enc_read_ctx = NULL; |
| 2770 | } | 2765 | } |
| 2771 | if (s->enc_write_ctx != NULL) | 2766 | if (s->enc_write_ctx != NULL) { |
| 2772 | { | ||
| 2773 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); | 2767 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); |
| 2774 | OPENSSL_free(s->enc_write_ctx); | 2768 | OPENSSL_free(s->enc_write_ctx); |
| 2775 | s->enc_write_ctx=NULL; | 2769 | s->enc_write_ctx = NULL; |
| 2776 | } | 2770 | } |
| 2777 | #ifndef OPENSSL_NO_COMP | 2771 | #ifndef OPENSSL_NO_COMP |
| 2778 | if (s->expand != NULL) | 2772 | if (s->expand != NULL) { |
| 2779 | { | ||
| 2780 | COMP_CTX_free(s->expand); | 2773 | COMP_CTX_free(s->expand); |
| 2781 | s->expand=NULL; | 2774 | s->expand = NULL; |
| 2782 | } | 2775 | } |
| 2783 | if (s->compress != NULL) | 2776 | if (s->compress != NULL) { |
| 2784 | { | ||
| 2785 | COMP_CTX_free(s->compress); | 2777 | COMP_CTX_free(s->compress); |
| 2786 | s->compress=NULL; | 2778 | s->compress = NULL; |
| 2787 | } | ||
| 2788 | #endif | ||
| 2789 | } | 2779 | } |
| 2780 | #endif | ||
| 2781 | } | ||
| 2790 | 2782 | ||
| 2791 | /* Fix this function so that it takes an optional type parameter */ | 2783 | /* Fix this function so that it takes an optional type parameter */ |
| 2792 | X509 *SSL_get_certificate(const SSL *s) | 2784 | X509 |
| 2793 | { | 2785 | *SSL_get_certificate(const SSL *s) |
| 2786 | { | ||
| 2794 | if (s->cert != NULL) | 2787 | if (s->cert != NULL) |
| 2795 | return(s->cert->key->x509); | 2788 | return (s->cert->key->x509); |
| 2796 | else | 2789 | else |
| 2797 | return(NULL); | 2790 | return (NULL); |
| 2798 | } | 2791 | } |
| 2799 | 2792 | ||
| 2800 | /* Fix this function so that it takes an optional type parameter */ | 2793 | /* Fix this function so that it takes an optional type parameter */ |
| 2801 | EVP_PKEY *SSL_get_privatekey(SSL *s) | 2794 | EVP_PKEY |
| 2802 | { | 2795 | *SSL_get_privatekey(SSL *s) |
| 2796 | { | ||
| 2803 | if (s->cert != NULL) | 2797 | if (s->cert != NULL) |
| 2804 | return(s->cert->key->privatekey); | 2798 | return (s->cert->key->privatekey); |
| 2805 | else | 2799 | else |
| 2806 | return(NULL); | 2800 | return (NULL); |
| 2807 | } | 2801 | } |
| 2808 | 2802 | ||
| 2809 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) | 2803 | const SSL_CIPHER |
| 2810 | { | 2804 | *SSL_get_current_cipher(const SSL *s) |
| 2805 | { | ||
| 2811 | if ((s->session != NULL) && (s->session->cipher != NULL)) | 2806 | if ((s->session != NULL) && (s->session->cipher != NULL)) |
| 2812 | return(s->session->cipher); | 2807 | return (s->session->cipher); |
| 2813 | return(NULL); | 2808 | return (NULL); |
| 2814 | } | 2809 | } |
| 2815 | #ifdef OPENSSL_NO_COMP | 2810 | #ifdef OPENSSL_NO_COMP |
| 2816 | const void *SSL_get_current_compression(SSL *s) | 2811 | const void |
| 2817 | { | 2812 | *SSL_get_current_compression(SSL *s) |
| 2813 | { | ||
| 2818 | return NULL; | 2814 | return NULL; |
| 2819 | } | 2815 | } |
| 2820 | const void *SSL_get_current_expansion(SSL *s) | 2816 | |
| 2821 | { | 2817 | const void |
| 2818 | *SSL_get_current_expansion(SSL *s) | ||
| 2819 | { | ||
| 2822 | return NULL; | 2820 | return NULL; |
| 2823 | } | 2821 | } |
| 2824 | #else | 2822 | #else |
| 2825 | 2823 | ||
| 2826 | const COMP_METHOD *SSL_get_current_compression(SSL *s) | 2824 | const COMP_METHOD |
| 2827 | { | 2825 | *SSL_get_current_compression(SSL *s) |
| 2826 | { | ||
| 2828 | if (s->compress != NULL) | 2827 | if (s->compress != NULL) |
| 2829 | return(s->compress->meth); | 2828 | return (s->compress->meth); |
| 2830 | return(NULL); | 2829 | return (NULL); |
| 2831 | } | 2830 | } |
| 2832 | 2831 | ||
| 2833 | const COMP_METHOD *SSL_get_current_expansion(SSL *s) | 2832 | const COMP_METHOD |
| 2834 | { | 2833 | *SSL_get_current_expansion(SSL *s) |
| 2834 | { | ||
| 2835 | if (s->expand != NULL) | 2835 | if (s->expand != NULL) |
| 2836 | return(s->expand->meth); | 2836 | return (s->expand->meth); |
| 2837 | return(NULL); | 2837 | return (NULL); |
| 2838 | } | 2838 | } |
| 2839 | #endif | 2839 | #endif |
| 2840 | 2840 | ||
| 2841 | int ssl_init_wbio_buffer(SSL *s,int push) | 2841 | int |
| 2842 | { | 2842 | ssl_init_wbio_buffer(SSL *s, int push) |
| 2843 | { | ||
| 2843 | BIO *bbio; | 2844 | BIO *bbio; |
| 2844 | 2845 | ||
| 2845 | if (s->bbio == NULL) | 2846 | if (s->bbio == NULL) { |
| 2846 | { | 2847 | bbio = BIO_new(BIO_f_buffer()); |
| 2847 | bbio=BIO_new(BIO_f_buffer()); | 2848 | if (bbio == NULL) |
| 2848 | if (bbio == NULL) return(0); | 2849 | return (0); |
| 2849 | s->bbio=bbio; | 2850 | s->bbio = bbio; |
| 2850 | } | 2851 | } else { |
| 2851 | else | 2852 | bbio = s->bbio; |
| 2852 | { | ||
| 2853 | bbio=s->bbio; | ||
| 2854 | if (s->bbio == s->wbio) | 2853 | if (s->bbio == s->wbio) |
| 2855 | s->wbio=BIO_pop(s->wbio); | 2854 | s->wbio = BIO_pop(s->wbio); |
| 2856 | } | 2855 | } |
| 2857 | (void)BIO_reset(bbio); | 2856 | (void)BIO_reset(bbio); |
| 2858 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ | 2857 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ |
| 2859 | if (!BIO_set_read_buffer_size(bbio,1)) | 2858 | if (!BIO_set_read_buffer_size(bbio, 1)) { |
| 2860 | { | 2859 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); |
| 2861 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); | 2860 | return (0); |
| 2862 | return(0); | 2861 | } |
| 2863 | } | 2862 | if (push) { |
| 2864 | if (push) | ||
| 2865 | { | ||
| 2866 | if (s->wbio != bbio) | 2863 | if (s->wbio != bbio) |
| 2867 | s->wbio=BIO_push(bbio,s->wbio); | 2864 | s->wbio = BIO_push(bbio, s->wbio); |
| 2868 | } | 2865 | } else { |
| 2869 | else | ||
| 2870 | { | ||
| 2871 | if (s->wbio == bbio) | 2866 | if (s->wbio == bbio) |
| 2872 | s->wbio=BIO_pop(bbio); | 2867 | s->wbio = BIO_pop(bbio); |
| 2873 | } | ||
| 2874 | return(1); | ||
| 2875 | } | 2868 | } |
| 2869 | return (1); | ||
| 2870 | } | ||
| 2876 | 2871 | ||
| 2877 | void ssl_free_wbio_buffer(SSL *s) | 2872 | void |
| 2878 | { | 2873 | ssl_free_wbio_buffer(SSL *s) |
| 2879 | if (s->bbio == NULL) return; | 2874 | { |
| 2875 | if (s->bbio == NULL) | ||
| 2876 | return; | ||
| 2880 | 2877 | ||
| 2881 | if (s->bbio == s->wbio) | 2878 | if (s->bbio == s->wbio) { |
| 2882 | { | ||
| 2883 | /* remove buffering */ | 2879 | /* remove buffering */ |
| 2884 | s->wbio=BIO_pop(s->wbio); | 2880 | s->wbio = BIO_pop(s->wbio); |
| 2885 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ | 2881 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ |
| 2886 | assert(s->wbio != NULL); | 2882 | assert(s->wbio != NULL); |
| 2887 | #endif | 2883 | #endif |
| 2888 | } | 2884 | } |
| 2889 | BIO_free(s->bbio); | 2885 | BIO_free(s->bbio); |
| 2890 | s->bbio=NULL; | 2886 | s->bbio = NULL; |
| 2891 | } | 2887 | } |
| 2892 | |||
| 2893 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) | ||
| 2894 | { | ||
| 2895 | ctx->quiet_shutdown=mode; | ||
| 2896 | } | ||
| 2897 | 2888 | ||
| 2898 | int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | 2889 | void |
| 2899 | { | 2890 | SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) |
| 2900 | return(ctx->quiet_shutdown); | 2891 | { |
| 2901 | } | 2892 | ctx->quiet_shutdown = mode; |
| 2893 | } | ||
| 2902 | 2894 | ||
| 2903 | void SSL_set_quiet_shutdown(SSL *s,int mode) | 2895 | int |
| 2904 | { | 2896 | SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) |
| 2905 | s->quiet_shutdown=mode; | 2897 | { |
| 2906 | } | 2898 | return (ctx->quiet_shutdown); |
| 2899 | } | ||
| 2907 | 2900 | ||
| 2908 | int SSL_get_quiet_shutdown(const SSL *s) | 2901 | void |
| 2909 | { | 2902 | SSL_set_quiet_shutdown(SSL *s, int mode) |
| 2910 | return(s->quiet_shutdown); | 2903 | { |
| 2911 | } | 2904 | s->quiet_shutdown = mode; |
| 2905 | } | ||
| 2912 | 2906 | ||
| 2913 | void SSL_set_shutdown(SSL *s,int mode) | 2907 | int |
| 2914 | { | 2908 | SSL_get_quiet_shutdown(const SSL *s) |
| 2915 | s->shutdown=mode; | 2909 | { |
| 2916 | } | 2910 | return (s->quiet_shutdown); |
| 2911 | } | ||
| 2917 | 2912 | ||
| 2918 | int SSL_get_shutdown(const SSL *s) | 2913 | void |
| 2919 | { | 2914 | SSL_set_shutdown(SSL *s, int mode) |
| 2920 | return(s->shutdown); | 2915 | { |
| 2921 | } | 2916 | s->shutdown = mode; |
| 2917 | } | ||
| 2922 | 2918 | ||
| 2923 | int SSL_version(const SSL *s) | 2919 | int |
| 2924 | { | 2920 | SSL_get_shutdown(const SSL *s) |
| 2925 | return(s->version); | 2921 | { |
| 2926 | } | 2922 | return (s->shutdown); |
| 2923 | } | ||
| 2927 | 2924 | ||
| 2928 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) | 2925 | int |
| 2929 | { | 2926 | SSL_version(const SSL *s) |
| 2930 | return(ssl->ctx); | 2927 | { |
| 2931 | } | 2928 | return (s->version); |
| 2929 | } | ||
| 2932 | 2930 | ||
| 2933 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | 2931 | SSL_CTX |
| 2934 | { | 2932 | *SSL_get_SSL_CTX(const SSL *ssl) |
| 2933 | { | ||
| 2934 | return (ssl->ctx); | ||
| 2935 | } | ||
| 2936 | |||
| 2937 | SSL_CTX | ||
| 2938 | *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
| 2939 | { | ||
| 2935 | if (ssl->ctx == ctx) | 2940 | if (ssl->ctx == ctx) |
| 2936 | return ssl->ctx; | 2941 | return ssl->ctx; |
| 2937 | #ifndef OPENSSL_NO_TLSEXT | 2942 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | |||
| 2941 | if (ssl->cert != NULL) | 2946 | if (ssl->cert != NULL) |
| 2942 | ssl_cert_free(ssl->cert); | 2947 | ssl_cert_free(ssl->cert); |
| 2943 | ssl->cert = ssl_cert_dup(ctx->cert); | 2948 | ssl->cert = ssl_cert_dup(ctx->cert); |
| 2944 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 2949 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 2945 | if (ssl->ctx != NULL) | 2950 | if (ssl->ctx != NULL) |
| 2946 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | 2951 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ |
| 2947 | ssl->ctx = ctx; | 2952 | ssl->ctx = ctx; |
| 2948 | return(ssl->ctx); | 2953 | return (ssl->ctx); |
| 2949 | } | 2954 | } |
| 2950 | 2955 | ||
| 2951 | #ifndef OPENSSL_NO_STDIO | 2956 | #ifndef OPENSSL_NO_STDIO |
| 2952 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | 2957 | int |
| 2953 | { | 2958 | SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) |
| 2954 | return(X509_STORE_set_default_paths(ctx->cert_store)); | 2959 | { |
| 2955 | } | 2960 | return (X509_STORE_set_default_paths(ctx->cert_store)); |
| 2961 | } | ||
| 2956 | 2962 | ||
| 2957 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | 2963 | int |
| 2958 | const char *CApath) | 2964 | SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 2959 | { | 2965 | const char *CApath) |
| 2960 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); | 2966 | { |
| 2961 | } | 2967 | return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); |
| 2968 | } | ||
| 2962 | #endif | 2969 | #endif |
| 2963 | 2970 | ||
| 2964 | void SSL_set_info_callback(SSL *ssl, | 2971 | void |
| 2965 | void (*cb)(const SSL *ssl,int type,int val)) | 2972 | SSL_set_info_callback(SSL *ssl, |
| 2966 | { | 2973 | void (*cb)(const SSL *ssl, int type, int val)) |
| 2967 | ssl->info_callback=cb; | 2974 | { |
| 2968 | } | 2975 | ssl->info_callback = cb; |
| 2976 | } | ||
| 2969 | 2977 | ||
| 2970 | /* One compiler (Diab DCC) doesn't like argument names in returned | 2978 | /* One compiler (Diab DCC) doesn't like argument names in returned |
| 2971 | function pointer. */ | 2979 | function pointer. */ |
| 2972 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) | 2980 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) |
| 2973 | { | 2981 | { |
| 2974 | return ssl->info_callback; | 2982 | return ssl->info_callback; |
| 2975 | } | 2983 | } |
| 2976 | 2984 | ||
| 2977 | int SSL_state(const SSL *ssl) | 2985 | int |
| 2978 | { | 2986 | SSL_state(const SSL *ssl) |
| 2979 | return(ssl->state); | 2987 | { |
| 2980 | } | 2988 | return (ssl->state); |
| 2989 | } | ||
| 2981 | 2990 | ||
| 2982 | void SSL_set_state(SSL *ssl, int state) | 2991 | void |
| 2983 | { | 2992 | SSL_set_state(SSL *ssl, int state) |
| 2993 | { | ||
| 2984 | ssl->state = state; | 2994 | ssl->state = state; |
| 2985 | } | 2995 | } |
| 2986 | 2996 | ||
| 2987 | void SSL_set_verify_result(SSL *ssl,long arg) | 2997 | void |
| 2988 | { | 2998 | SSL_set_verify_result(SSL *ssl, long arg) |
| 2989 | ssl->verify_result=arg; | 2999 | { |
| 2990 | } | 3000 | ssl->verify_result = arg; |
| 3001 | } | ||
| 2991 | 3002 | ||
| 2992 | long SSL_get_verify_result(const SSL *ssl) | 3003 | long |
| 2993 | { | 3004 | SSL_get_verify_result(const SSL *ssl) |
| 2994 | return(ssl->verify_result); | 3005 | { |
| 2995 | } | 3006 | return (ssl->verify_result); |
| 3007 | } | ||
| 2996 | 3008 | ||
| 2997 | int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3009 | int |
| 2998 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3010 | SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 2999 | { | 3011 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3012 | { | ||
| 3000 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, | 3013 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, |
| 3001 | new_func, dup_func, free_func); | 3014 | new_func, dup_func, free_func); |
| 3002 | } | 3015 | } |
| 3003 | 3016 | ||
| 3004 | int SSL_set_ex_data(SSL *s,int idx,void *arg) | 3017 | int |
| 3005 | { | 3018 | SSL_set_ex_data(SSL *s, int idx, void *arg) |
| 3006 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3019 | { |
| 3007 | } | 3020 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3021 | } | ||
| 3008 | 3022 | ||
| 3009 | void *SSL_get_ex_data(const SSL *s,int idx) | 3023 | void |
| 3010 | { | 3024 | *SSL_get_ex_data(const SSL *s, int idx) |
| 3011 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3025 | { |
| 3012 | } | 3026 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3027 | } | ||
| 3013 | 3028 | ||
| 3014 | int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3029 | int |
| 3015 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3030 | SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 3016 | { | 3031 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3032 | { | ||
| 3017 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, | 3033 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, |
| 3018 | new_func, dup_func, free_func); | 3034 | new_func, dup_func, free_func); |
| 3019 | } | 3035 | } |
| 3020 | 3036 | ||
| 3021 | int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) | 3037 | int |
| 3022 | { | 3038 | SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) |
| 3023 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3039 | { |
| 3024 | } | 3040 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3041 | } | ||
| 3025 | 3042 | ||
| 3026 | void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) | 3043 | void |
| 3027 | { | 3044 | *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) |
| 3028 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3045 | { |
| 3029 | } | 3046 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3047 | } | ||
| 3030 | 3048 | ||
| 3031 | int ssl_ok(SSL *s) | 3049 | int |
| 3032 | { | 3050 | ssl_ok(SSL *s) |
| 3033 | return(1); | 3051 | { |
| 3034 | } | 3052 | return (1); |
| 3053 | } | ||
| 3035 | 3054 | ||
| 3036 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) | 3055 | X509_STORE |
| 3037 | { | 3056 | *SSL_CTX_get_cert_store(const SSL_CTX *ctx) |
| 3038 | return(ctx->cert_store); | 3057 | { |
| 3039 | } | 3058 | return (ctx->cert_store); |
| 3059 | } | ||
| 3040 | 3060 | ||
| 3041 | void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) | 3061 | void |
| 3042 | { | 3062 | SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) |
| 3063 | { | ||
| 3043 | if (ctx->cert_store != NULL) | 3064 | if (ctx->cert_store != NULL) |
| 3044 | X509_STORE_free(ctx->cert_store); | 3065 | X509_STORE_free(ctx->cert_store); |
| 3045 | ctx->cert_store=store; | 3066 | ctx->cert_store = store; |
| 3046 | } | 3067 | } |
| 3047 | 3068 | ||
| 3048 | int SSL_want(const SSL *s) | 3069 | int |
| 3049 | { | 3070 | SSL_want(const SSL *s) |
| 3050 | return(s->rwstate); | 3071 | { |
| 3051 | } | 3072 | return (s->rwstate); |
| 3073 | } | ||
| 3052 | 3074 | ||
| 3053 | /*! | 3075 | /*! |
| 3054 | * \brief Set the callback for generating temporary RSA keys. | 3076 | * \brief Set the callback for generating temporary RSA keys. |
| @@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s) | |||
| 3057 | */ | 3079 | */ |
| 3058 | 3080 | ||
| 3059 | #ifndef OPENSSL_NO_RSA | 3081 | #ifndef OPENSSL_NO_RSA |
| 3060 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | 3082 | void |
| 3061 | int is_export, | 3083 | SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, |
| 3062 | int keylength)) | 3084 | int is_export, |
| 3063 | { | 3085 | int keylength)) |
| 3064 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3086 | { |
| 3065 | } | 3087 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 3066 | 3088 | } | |
| 3067 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | 3089 | |
| 3068 | int is_export, | 3090 | void |
| 3069 | int keylength)) | 3091 | SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, |
| 3070 | { | 3092 | int is_export, |
| 3071 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3093 | int keylength)) |
| 3072 | } | 3094 | { |
| 3095 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
| 3096 | } | ||
| 3073 | #endif | 3097 | #endif |
| 3074 | 3098 | ||
| 3075 | #ifdef DOXYGEN | 3099 | #ifdef DOXYGEN |
| @@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | |||
| 3083 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback | 3107 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback |
| 3084 | */ | 3108 | */ |
| 3085 | 3109 | ||
| 3086 | RSA *cb(SSL *ssl,int is_export,int keylength) | 3110 | RSA |
| 3087 | {} | 3111 | *cb(SSL *ssl, int is_export, int keylength) |
| 3112 | {} | ||
| 3088 | #endif | 3113 | #endif |
| 3089 | 3114 | ||
| 3090 | /*! | 3115 | /*! |
| @@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength) | |||
| 3094 | */ | 3119 | */ |
| 3095 | 3120 | ||
| 3096 | #ifndef OPENSSL_NO_DH | 3121 | #ifndef OPENSSL_NO_DH |
| 3097 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | 3122 | void |
| 3098 | int keylength)) | 3123 | SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, |
| 3099 | { | 3124 | int keylength)) |
| 3100 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3125 | { |
| 3101 | } | 3126 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3127 | } | ||
| 3102 | 3128 | ||
| 3103 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | 3129 | void |
| 3104 | int keylength)) | 3130 | SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, |
| 3105 | { | 3131 | int keylength)) |
| 3106 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3132 | { |
| 3107 | } | 3133 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3134 | } | ||
| 3108 | #endif | 3135 | #endif |
| 3109 | 3136 | ||
| 3110 | #ifndef OPENSSL_NO_ECDH | 3137 | #ifndef OPENSSL_NO_ECDH |
| 3111 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3138 | void |
| 3112 | int keylength)) | 3139 | SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3113 | { | 3140 | int keylength)) |
| 3114 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3141 | { |
| 3115 | } | 3142 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3143 | } | ||
| 3116 | 3144 | ||
| 3117 | void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3145 | void |
| 3118 | int keylength)) | 3146 | SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3119 | { | 3147 | int keylength)) |
| 3120 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3148 | { |
| 3121 | } | 3149 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3150 | } | ||
| 3122 | #endif | 3151 | #endif |
| 3123 | 3152 | ||
| 3124 | #ifndef OPENSSL_NO_PSK | 3153 | #ifndef OPENSSL_NO_PSK |
| 3125 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) | 3154 | int |
| 3126 | { | 3155 | SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) |
| 3127 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3156 | { |
| 3128 | { | 3157 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3129 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3158 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3130 | return 0; | 3159 | return 0; |
| 3131 | } | 3160 | } |
| 3132 | if (ctx->psk_identity_hint != NULL) | 3161 | if (ctx->psk_identity_hint != NULL) |
| 3133 | OPENSSL_free(ctx->psk_identity_hint); | 3162 | OPENSSL_free(ctx->psk_identity_hint); |
| 3134 | if (identity_hint != NULL) | 3163 | if (identity_hint != NULL) { |
| 3135 | { | ||
| 3136 | ctx->psk_identity_hint = BUF_strdup(identity_hint); | 3164 | ctx->psk_identity_hint = BUF_strdup(identity_hint); |
| 3137 | if (ctx->psk_identity_hint == NULL) | 3165 | if (ctx->psk_identity_hint == NULL) |
| 3138 | return 0; | 3166 | return 0; |
| 3139 | } | 3167 | } else |
| 3140 | else | ||
| 3141 | ctx->psk_identity_hint = NULL; | 3168 | ctx->psk_identity_hint = NULL; |
| 3142 | return 1; | 3169 | return 1; |
| 3143 | } | 3170 | } |
| 3144 | 3171 | ||
| 3145 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) | 3172 | int |
| 3146 | { | 3173 | SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) |
| 3174 | { | ||
| 3147 | if (s == NULL) | 3175 | if (s == NULL) |
| 3148 | return 0; | 3176 | return 0; |
| 3149 | 3177 | ||
| 3150 | if (s->session == NULL) | 3178 | if (s->session == NULL) |
| 3151 | return 1; /* session not created yet, ignored */ | 3179 | return 1; /* session not created yet, ignored */ |
| 3152 | 3180 | ||
| 3153 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3181 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3154 | { | ||
| 3155 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3182 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3156 | return 0; | 3183 | return 0; |
| 3157 | } | 3184 | } |
| 3158 | if (s->session->psk_identity_hint != NULL) | 3185 | if (s->session->psk_identity_hint != NULL) |
| 3159 | OPENSSL_free(s->session->psk_identity_hint); | 3186 | OPENSSL_free(s->session->psk_identity_hint); |
| 3160 | if (identity_hint != NULL) | 3187 | if (identity_hint != NULL) { |
| 3161 | { | ||
| 3162 | s->session->psk_identity_hint = BUF_strdup(identity_hint); | 3188 | s->session->psk_identity_hint = BUF_strdup(identity_hint); |
| 3163 | if (s->session->psk_identity_hint == NULL) | 3189 | if (s->session->psk_identity_hint == NULL) |
| 3164 | return 0; | 3190 | return 0; |
| 3165 | } | 3191 | } else |
| 3166 | else | ||
| 3167 | s->session->psk_identity_hint = NULL; | 3192 | s->session->psk_identity_hint = NULL; |
| 3168 | return 1; | 3193 | return 1; |
| 3169 | } | 3194 | } |
| 3170 | 3195 | ||
| 3171 | const char *SSL_get_psk_identity_hint(const SSL *s) | 3196 | const char |
| 3172 | { | 3197 | *SSL_get_psk_identity_hint(const SSL *s) |
| 3198 | { | ||
| 3173 | if (s == NULL || s->session == NULL) | 3199 | if (s == NULL || s->session == NULL) |
| 3174 | return NULL; | 3200 | return NULL; |
| 3175 | return(s->session->psk_identity_hint); | 3201 | return (s->session->psk_identity_hint); |
| 3176 | } | 3202 | } |
| 3177 | 3203 | ||
| 3178 | const char *SSL_get_psk_identity(const SSL *s) | 3204 | const char |
| 3179 | { | 3205 | *SSL_get_psk_identity(const SSL *s) |
| 3206 | { | ||
| 3180 | if (s == NULL || s->session == NULL) | 3207 | if (s == NULL || s->session == NULL) |
| 3181 | return NULL; | 3208 | return NULL; |
| 3182 | return(s->session->psk_identity); | 3209 | return (s->session->psk_identity); |
| 3183 | } | 3210 | } |
| 3184 | 3211 | ||
| 3185 | void SSL_set_psk_client_callback(SSL *s, | 3212 | void |
| 3213 | SSL_set_psk_client_callback(SSL *s, | ||
| 3186 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3214 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3187 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3215 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3188 | unsigned int max_psk_len)) | 3216 | unsigned int max_psk_len)) |
| 3189 | { | 3217 | { |
| 3190 | s->psk_client_callback = cb; | 3218 | s->psk_client_callback = cb; |
| 3191 | } | 3219 | } |
| 3192 | 3220 | ||
| 3193 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | 3221 | void |
| 3222 | SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | ||
| 3194 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3223 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3195 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3224 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3196 | unsigned int max_psk_len)) | 3225 | unsigned int max_psk_len)) |
| 3197 | { | 3226 | { |
| 3198 | ctx->psk_client_callback = cb; | 3227 | ctx->psk_client_callback = cb; |
| 3199 | } | 3228 | } |
| 3200 | 3229 | ||
| 3201 | void SSL_set_psk_server_callback(SSL *s, | 3230 | void |
| 3231 | SSL_set_psk_server_callback(SSL *s, | ||
| 3202 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3232 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3203 | unsigned char *psk, unsigned int max_psk_len)) | 3233 | unsigned char *psk, unsigned int max_psk_len)) |
| 3204 | { | 3234 | { |
| 3205 | s->psk_server_callback = cb; | 3235 | s->psk_server_callback = cb; |
| 3206 | } | 3236 | } |
| 3207 | 3237 | ||
| 3208 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | 3238 | void |
| 3239 | SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | ||
| 3209 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3240 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3210 | unsigned char *psk, unsigned int max_psk_len)) | 3241 | unsigned char *psk, unsigned int max_psk_len)) |
| 3211 | { | 3242 | { |
| 3212 | ctx->psk_server_callback = cb; | 3243 | ctx->psk_server_callback = cb; |
| 3213 | } | 3244 | } |
| 3214 | #endif | 3245 | #endif |
| 3215 | 3246 | ||
| 3216 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3247 | void |
| 3217 | { | 3248 | SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 3249 | { | ||
| 3218 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3250 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3219 | } | 3251 | } |
| 3220 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3252 | |
| 3221 | { | 3253 | void |
| 3254 | SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 3255 | { | ||
| 3222 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3256 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3223 | } | 3257 | } |
| 3224 | 3258 | ||
| 3225 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer | 3259 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer |
| 3226 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if | 3260 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if |
| @@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con | |||
| 3228 | * Returns newly allocated ctx; | 3262 | * Returns newly allocated ctx; |
| 3229 | */ | 3263 | */ |
| 3230 | 3264 | ||
| 3231 | EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) | 3265 | EVP_MD_CTX |
| 3266 | *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) | ||
| 3232 | { | 3267 | { |
| 3233 | ssl_clear_hash_ctx(hash); | 3268 | ssl_clear_hash_ctx(hash); |
| 3234 | *hash = EVP_MD_CTX_create(); | 3269 | *hash = EVP_MD_CTX_create(); |
| 3235 | if (md) EVP_DigestInit_ex(*hash,md,NULL); | 3270 | if (md) |
| 3271 | EVP_DigestInit_ex(*hash, md, NULL); | ||
| 3236 | return *hash; | 3272 | return *hash; |
| 3237 | } | 3273 | } |
| 3238 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash) | 3274 | |
| 3275 | void | ||
| 3276 | ssl_clear_hash_ctx(EVP_MD_CTX **hash) | ||
| 3239 | { | 3277 | { |
| 3240 | 3278 | ||
| 3241 | if (*hash) EVP_MD_CTX_destroy(*hash); | 3279 | if (*hash) |
| 3242 | *hash=NULL; | 3280 | EVP_MD_CTX_destroy(*hash); |
| 3281 | *hash = NULL; | ||
| 3243 | } | 3282 | } |
| 3244 | 3283 | ||
| 3245 | void SSL_set_debug(SSL *s, int debug) | 3284 | void |
| 3246 | { | 3285 | SSL_set_debug(SSL *s, int debug) |
| 3286 | { | ||
| 3247 | s->debug = debug; | 3287 | s->debug = debug; |
| 3248 | } | 3288 | } |
| 3249 | 3289 | ||
| 3250 | int SSL_cache_hit(SSL *s) | 3290 | int |
| 3251 | { | 3291 | SSL_cache_hit(SSL *s) |
| 3292 | { | ||
| 3252 | return s->hit; | 3293 | return s->hit; |
| 3253 | } | 3294 | } |
| 3254 | 3295 | ||
| 3255 | IMPLEMENT_STACK_OF(SSL_CIPHER) | 3296 | IMPLEMENT_STACK_OF(SSL_CIPHER) |
| 3256 | IMPLEMENT_STACK_OF(SSL_COMP) | 3297 | IMPLEMENT_STACK_OF(SSL_COMP) |
| 3257 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, | 3298 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, |
| 3258 | ssl_cipher_id); | 3299 | ssl_cipher_id); |
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c index 60e7b66859..078df55f06 100644 --- a/src/lib/libssl/src/ssl/ssl_rsa.c +++ b/src/lib/libssl/src/ssl/ssl_rsa.c | |||
| @@ -66,135 +66,126 @@ | |||
| 66 | 66 | ||
| 67 | static int ssl_set_cert(CERT *c, X509 *x509); | 67 | static int ssl_set_cert(CERT *c, X509 *x509); |
| 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); |
| 69 | int SSL_use_certificate(SSL *ssl, X509 *x) | 69 | int |
| 70 | { | 70 | SSL_use_certificate(SSL *ssl, X509 *x) |
| 71 | if (x == NULL) | 71 | { |
| 72 | { | 72 | if (x == NULL) { |
| 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); |
| 74 | return(0); | 74 | return (0); |
| 75 | } | 75 | } |
| 76 | if (!ssl_cert_inst(&ssl->cert)) | 76 | if (!ssl_cert_inst(&ssl->cert)) { |
| 77 | { | 77 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 78 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 78 | return (0); |
| 79 | return(0); | ||
| 80 | } | ||
| 81 | return(ssl_set_cert(ssl->cert,x)); | ||
| 82 | } | 79 | } |
| 80 | return (ssl_set_cert(ssl->cert, x)); | ||
| 81 | } | ||
| 83 | 82 | ||
| 84 | #ifndef OPENSSL_NO_STDIO | 83 | #ifndef OPENSSL_NO_STDIO |
| 85 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type) | 84 | int |
| 86 | { | 85 | SSL_use_certificate_file(SSL *ssl, const char *file, int type) |
| 86 | { | ||
| 87 | int j; | 87 | int j; |
| 88 | BIO *in; | 88 | BIO *in; |
| 89 | int ret=0; | 89 | int ret = 0; |
| 90 | X509 *x=NULL; | 90 | X509 *x = NULL; |
| 91 | 91 | ||
| 92 | in=BIO_new(BIO_s_file_internal()); | 92 | in = BIO_new(BIO_s_file_internal()); |
| 93 | if (in == NULL) | 93 | if (in == NULL) { |
| 94 | { | 94 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 95 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 96 | goto end; | 95 | goto end; |
| 97 | } | 96 | } |
| 98 | 97 | ||
| 99 | if (BIO_read_filename(in,file) <= 0) | 98 | if (BIO_read_filename(in, file) <= 0) { |
| 100 | { | 99 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 101 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 102 | goto end; | 100 | goto end; |
| 103 | } | 101 | } |
| 104 | if (type == SSL_FILETYPE_ASN1) | 102 | if (type == SSL_FILETYPE_ASN1) { |
| 105 | { | 103 | j = ERR_R_ASN1_LIB; |
| 106 | j=ERR_R_ASN1_LIB; | 104 | x = d2i_X509_bio(in, NULL); |
| 107 | x=d2i_X509_bio(in,NULL); | 105 | } else if (type == SSL_FILETYPE_PEM) { |
| 108 | } | 106 | j = ERR_R_PEM_LIB; |
| 109 | else if (type == SSL_FILETYPE_PEM) | 107 | x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 110 | { | 108 | } else { |
| 111 | j=ERR_R_PEM_LIB; | 109 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 112 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 113 | } | ||
| 114 | else | ||
| 115 | { | ||
| 116 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 117 | goto end; | 110 | goto end; |
| 118 | } | 111 | } |
| 119 | 112 | ||
| 120 | if (x == NULL) | 113 | if (x == NULL) { |
| 121 | { | 114 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); |
| 122 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); | ||
| 123 | goto end; | 115 | goto end; |
| 124 | } | 116 | } |
| 125 | 117 | ||
| 126 | ret=SSL_use_certificate(ssl,x); | 118 | ret = SSL_use_certificate(ssl, x); |
| 127 | end: | 119 | end: |
| 128 | if (x != NULL) X509_free(x); | 120 | if (x != NULL) |
| 129 | if (in != NULL) BIO_free(in); | 121 | X509_free(x); |
| 130 | return(ret); | 122 | if (in != NULL) |
| 131 | } | 123 | BIO_free(in); |
| 124 | return (ret); | ||
| 125 | } | ||
| 132 | #endif | 126 | #endif |
| 133 | 127 | ||
| 134 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) | 128 | int |
| 135 | { | 129 | SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) |
| 130 | { | ||
| 136 | X509 *x; | 131 | X509 *x; |
| 137 | int ret; | 132 | int ret; |
| 138 | 133 | ||
| 139 | x=d2i_X509(NULL,&d,(long)len); | 134 | x = d2i_X509(NULL, &d,(long)len); |
| 140 | if (x == NULL) | 135 | if (x == NULL) { |
| 141 | { | 136 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 142 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 137 | return (0); |
| 143 | return(0); | 138 | } |
| 144 | } | ||
| 145 | 139 | ||
| 146 | ret=SSL_use_certificate(ssl,x); | 140 | ret = SSL_use_certificate(ssl, x); |
| 147 | X509_free(x); | 141 | X509_free(x); |
| 148 | return(ret); | 142 | return (ret); |
| 149 | } | 143 | } |
| 150 | 144 | ||
| 151 | #ifndef OPENSSL_NO_RSA | 145 | #ifndef OPENSSL_NO_RSA |
| 152 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | 146 | int |
| 153 | { | 147 | SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) |
| 148 | { | ||
| 154 | EVP_PKEY *pkey; | 149 | EVP_PKEY *pkey; |
| 155 | int ret; | 150 | int ret; |
| 156 | 151 | ||
| 157 | if (rsa == NULL) | 152 | if (rsa == NULL) { |
| 158 | { | 153 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 159 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 154 | return (0); |
| 160 | return(0); | 155 | } |
| 161 | } | 156 | if (!ssl_cert_inst(&ssl->cert)) { |
| 162 | if (!ssl_cert_inst(&ssl->cert)) | 157 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 163 | { | 158 | return (0); |
| 164 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 159 | } |
| 165 | return(0); | 160 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 166 | } | 161 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 167 | if ((pkey=EVP_PKEY_new()) == NULL) | 162 | return (0); |
| 168 | { | 163 | } |
| 169 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 170 | return(0); | ||
| 171 | } | ||
| 172 | 164 | ||
| 173 | RSA_up_ref(rsa); | 165 | RSA_up_ref(rsa); |
| 174 | EVP_PKEY_assign_RSA(pkey,rsa); | 166 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 175 | 167 | ||
| 176 | ret=ssl_set_pkey(ssl->cert,pkey); | 168 | ret = ssl_set_pkey(ssl->cert, pkey); |
| 177 | EVP_PKEY_free(pkey); | 169 | EVP_PKEY_free(pkey); |
| 178 | return(ret); | 170 | return (ret); |
| 179 | } | 171 | } |
| 180 | #endif | 172 | #endif |
| 181 | 173 | ||
| 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | 174 | static int |
| 183 | { | 175 | ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
| 176 | { | ||
| 184 | int i; | 177 | int i; |
| 185 | 178 | ||
| 186 | i=ssl_cert_type(NULL,pkey); | 179 | i = ssl_cert_type(NULL, pkey); |
| 187 | if (i < 0) | 180 | if (i < 0) { |
| 188 | { | 181 | SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 189 | SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | 182 | return (0); |
| 190 | return(0); | 183 | } |
| 191 | } | ||
| 192 | 184 | ||
| 193 | if (c->pkeys[i].x509 != NULL) | 185 | if (c->pkeys[i].x509 != NULL) { |
| 194 | { | ||
| 195 | EVP_PKEY *pktmp; | 186 | EVP_PKEY *pktmp; |
| 196 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | 187 | pktmp = X509_get_pubkey(c->pkeys[i].x509); |
| 197 | EVP_PKEY_copy_parameters(pktmp,pkey); | 188 | EVP_PKEY_copy_parameters(pktmp, pkey); |
| 198 | EVP_PKEY_free(pktmp); | 189 | EVP_PKEY_free(pktmp); |
| 199 | ERR_clear_error(); | 190 | ERR_clear_error(); |
| 200 | 191 | ||
| @@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | |||
| 203 | * for smart cards. */ | 194 | * for smart cards. */ |
| 204 | if ((pkey->type == EVP_PKEY_RSA) && | 195 | if ((pkey->type == EVP_PKEY_RSA) && |
| 205 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) | 196 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) |
| 206 | ; | 197 | ; |
| 207 | else | 198 | else |
| 208 | #endif | 199 | #endif |
| 209 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | 200 | if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { |
| 210 | { | ||
| 211 | X509_free(c->pkeys[i].x509); | 201 | X509_free(c->pkeys[i].x509); |
| 212 | c->pkeys[i].x509 = NULL; | 202 | c->pkeys[i].x509 = NULL; |
| 213 | return 0; | 203 | return 0; |
| 214 | } | ||
| 215 | } | 204 | } |
| 205 | } | ||
| 216 | 206 | ||
| 217 | if (c->pkeys[i].privatekey != NULL) | 207 | if (c->pkeys[i].privatekey != NULL) |
| 218 | EVP_PKEY_free(c->pkeys[i].privatekey); | 208 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 219 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 209 | CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 220 | c->pkeys[i].privatekey=pkey; | 210 | c->pkeys[i].privatekey = pkey; |
| 221 | c->key= &(c->pkeys[i]); | 211 | c->key = &(c->pkeys[i]); |
| 222 | 212 | ||
| 223 | c->valid=0; | 213 | c->valid = 0; |
| 224 | return(1); | 214 | return (1); |
| 225 | } | 215 | } |
| 226 | 216 | ||
| 227 | #ifndef OPENSSL_NO_RSA | 217 | #ifndef OPENSSL_NO_RSA |
| 228 | #ifndef OPENSSL_NO_STDIO | 218 | #ifndef OPENSSL_NO_STDIO |
| 229 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) | 219 | int |
| 230 | { | 220 | SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) |
| 231 | int j,ret=0; | 221 | { |
| 222 | int j, ret = 0; | ||
| 232 | BIO *in; | 223 | BIO *in; |
| 233 | RSA *rsa=NULL; | 224 | RSA *rsa = NULL; |
| 234 | 225 | ||
| 235 | in=BIO_new(BIO_s_file_internal()); | 226 | in = BIO_new(BIO_s_file_internal()); |
| 236 | if (in == NULL) | 227 | if (in == NULL) { |
| 237 | { | 228 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 238 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 239 | goto end; | 229 | goto end; |
| 240 | } | 230 | } |
| 241 | 231 | ||
| 242 | if (BIO_read_filename(in,file) <= 0) | 232 | if (BIO_read_filename(in, file) <= 0) { |
| 243 | { | 233 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 245 | goto end; | 234 | goto end; |
| 246 | } | 235 | } |
| 247 | if (type == SSL_FILETYPE_ASN1) | 236 | if (type == SSL_FILETYPE_ASN1) { |
| 248 | { | 237 | j = ERR_R_ASN1_LIB; |
| 249 | j=ERR_R_ASN1_LIB; | 238 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 250 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 239 | } else if (type == SSL_FILETYPE_PEM) { |
| 251 | } | 240 | j = ERR_R_PEM_LIB; |
| 252 | else if (type == SSL_FILETYPE_PEM) | 241 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 253 | { | 242 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 254 | j=ERR_R_PEM_LIB; | 243 | } else { |
| 255 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 256 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 257 | } | ||
| 258 | else | ||
| 259 | { | ||
| 260 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 261 | goto end; | 245 | goto end; |
| 262 | } | 246 | } |
| 263 | if (rsa == NULL) | 247 | if (rsa == NULL) { |
| 264 | { | 248 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); |
| 265 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); | ||
| 266 | goto end; | 249 | goto end; |
| 267 | } | 250 | } |
| 268 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 251 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 269 | RSA_free(rsa); | 252 | RSA_free(rsa); |
| 270 | end: | 253 | end: |
| 271 | if (in != NULL) BIO_free(in); | 254 | if (in != NULL) |
| 272 | return(ret); | 255 | BIO_free(in); |
| 273 | } | 256 | return (ret); |
| 257 | } | ||
| 274 | #endif | 258 | #endif |
| 275 | 259 | ||
| 276 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) | 260 | int |
| 277 | { | 261 | SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) |
| 262 | { | ||
| 278 | int ret; | 263 | int ret; |
| 279 | const unsigned char *p; | 264 | const unsigned char *p; |
| 280 | RSA *rsa; | 265 | RSA *rsa; |
| 281 | 266 | ||
| 282 | p=d; | 267 | p = d; |
| 283 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 268 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 284 | { | 269 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 285 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 270 | return (0); |
| 286 | return(0); | 271 | } |
| 287 | } | ||
| 288 | 272 | ||
| 289 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 273 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 290 | RSA_free(rsa); | 274 | RSA_free(rsa); |
| 291 | return(ret); | 275 | return (ret); |
| 292 | } | 276 | } |
| 293 | #endif /* !OPENSSL_NO_RSA */ | 277 | #endif /* !OPENSSL_NO_RSA */ |
| 294 | 278 | ||
| 295 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) | 279 | int |
| 296 | { | 280 | SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) |
| 281 | { | ||
| 297 | int ret; | 282 | int ret; |
| 298 | 283 | ||
| 299 | if (pkey == NULL) | 284 | if (pkey == NULL) { |
| 300 | { | 285 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 301 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 286 | return (0); |
| 302 | return(0); | 287 | } |
| 303 | } | 288 | if (!ssl_cert_inst(&ssl->cert)) { |
| 304 | if (!ssl_cert_inst(&ssl->cert)) | 289 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 305 | { | 290 | return (0); |
| 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 307 | return(0); | ||
| 308 | } | ||
| 309 | ret=ssl_set_pkey(ssl->cert,pkey); | ||
| 310 | return(ret); | ||
| 311 | } | 291 | } |
| 292 | ret = ssl_set_pkey(ssl->cert, pkey); | ||
| 293 | return (ret); | ||
| 294 | } | ||
| 312 | 295 | ||
| 313 | #ifndef OPENSSL_NO_STDIO | 296 | #ifndef OPENSSL_NO_STDIO |
| 314 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | 297 | int |
| 315 | { | 298 | SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) |
| 316 | int j,ret=0; | 299 | { |
| 300 | int j, ret = 0; | ||
| 317 | BIO *in; | 301 | BIO *in; |
| 318 | EVP_PKEY *pkey=NULL; | 302 | EVP_PKEY *pkey = NULL; |
| 319 | 303 | ||
| 320 | in=BIO_new(BIO_s_file_internal()); | 304 | in = BIO_new(BIO_s_file_internal()); |
| 321 | if (in == NULL) | 305 | if (in == NULL) { |
| 322 | { | 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 323 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 324 | goto end; | 307 | goto end; |
| 325 | } | 308 | } |
| 326 | 309 | ||
| 327 | if (BIO_read_filename(in,file) <= 0) | 310 | if (BIO_read_filename(in, file) <= 0) { |
| 328 | { | 311 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 329 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 330 | goto end; | 312 | goto end; |
| 331 | } | 313 | } |
| 332 | if (type == SSL_FILETYPE_PEM) | 314 | if (type == SSL_FILETYPE_PEM) { |
| 333 | { | 315 | j = ERR_R_PEM_LIB; |
| 334 | j=ERR_R_PEM_LIB; | 316 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 335 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 317 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 336 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | 318 | } else if (type == SSL_FILETYPE_ASN1) { |
| 337 | } | ||
| 338 | else if (type == SSL_FILETYPE_ASN1) | ||
| 339 | { | ||
| 340 | j = ERR_R_ASN1_LIB; | 319 | j = ERR_R_ASN1_LIB; |
| 341 | pkey = d2i_PrivateKey_bio(in,NULL); | 320 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 342 | } | 321 | } else { |
| 343 | else | 322 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 344 | { | ||
| 345 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 346 | goto end; | 323 | goto end; |
| 347 | } | 324 | } |
| 348 | if (pkey == NULL) | 325 | if (pkey == NULL) { |
| 349 | { | 326 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); |
| 350 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); | ||
| 351 | goto end; | 327 | goto end; |
| 352 | } | 328 | } |
| 353 | ret=SSL_use_PrivateKey(ssl,pkey); | 329 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 354 | EVP_PKEY_free(pkey); | 330 | EVP_PKEY_free(pkey); |
| 355 | end: | 331 | end: |
| 356 | if (in != NULL) BIO_free(in); | 332 | if (in != NULL) |
| 357 | return(ret); | 333 | BIO_free(in); |
| 358 | } | 334 | return (ret); |
| 335 | } | ||
| 359 | #endif | 336 | #endif |
| 360 | 337 | ||
| 361 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) | 338 | int |
| 362 | { | 339 | SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) |
| 340 | { | ||
| 363 | int ret; | 341 | int ret; |
| 364 | const unsigned char *p; | 342 | const unsigned char *p; |
| 365 | EVP_PKEY *pkey; | 343 | EVP_PKEY *pkey; |
| 366 | 344 | ||
| 367 | p=d; | 345 | p = d; |
| 368 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 346 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 369 | { | 347 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 370 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 348 | return (0); |
| 371 | return(0); | 349 | } |
| 372 | } | ||
| 373 | 350 | ||
| 374 | ret=SSL_use_PrivateKey(ssl,pkey); | 351 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 375 | EVP_PKEY_free(pkey); | 352 | EVP_PKEY_free(pkey); |
| 376 | return(ret); | 353 | return (ret); |
| 354 | } | ||
| 355 | |||
| 356 | int | ||
| 357 | SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | ||
| 358 | { | ||
| 359 | if (x == NULL) { | ||
| 360 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); | ||
| 361 | return (0); | ||
| 377 | } | 362 | } |
| 378 | 363 | if (!ssl_cert_inst(&ctx->cert)) { | |
| 379 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | 364 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 380 | { | 365 | return (0); |
| 381 | if (x == NULL) | ||
| 382 | { | ||
| 383 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | ||
| 384 | return(0); | ||
| 385 | } | ||
| 386 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 387 | { | ||
| 388 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 389 | return(0); | ||
| 390 | } | ||
| 391 | return(ssl_set_cert(ctx->cert, x)); | ||
| 392 | } | 366 | } |
| 367 | return (ssl_set_cert(ctx->cert, x)); | ||
| 368 | } | ||
| 393 | 369 | ||
| 394 | static int ssl_set_cert(CERT *c, X509 *x) | 370 | static int |
| 395 | { | 371 | ssl_set_cert(CERT *c, X509 *x) |
| 372 | { | ||
| 396 | EVP_PKEY *pkey; | 373 | EVP_PKEY *pkey; |
| 397 | int i; | 374 | int i; |
| 398 | 375 | ||
| 399 | pkey=X509_get_pubkey(x); | 376 | pkey = X509_get_pubkey(x); |
| 400 | if (pkey == NULL) | 377 | if (pkey == NULL) { |
| 401 | { | 378 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); |
| 402 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); | 379 | return (0); |
| 403 | return(0); | 380 | } |
| 404 | } | ||
| 405 | 381 | ||
| 406 | i=ssl_cert_type(x,pkey); | 382 | i = ssl_cert_type(x, pkey); |
| 407 | if (i < 0) | 383 | if (i < 0) { |
| 408 | { | 384 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 409 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 410 | EVP_PKEY_free(pkey); | 385 | EVP_PKEY_free(pkey); |
| 411 | return(0); | 386 | return (0); |
| 412 | } | 387 | } |
| 413 | 388 | ||
| 414 | if (c->pkeys[i].privatekey != NULL) | 389 | if (c->pkeys[i].privatekey != NULL) { |
| 415 | { | 390 | EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); |
| 416 | EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); | ||
| 417 | ERR_clear_error(); | 391 | ERR_clear_error(); |
| 418 | 392 | ||
| 419 | #ifndef OPENSSL_NO_RSA | 393 | #ifndef OPENSSL_NO_RSA |
| @@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x) | |||
| 421 | * for smart cards. */ | 395 | * for smart cards. */ |
| 422 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | 396 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && |
| 423 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | 397 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & |
| 424 | RSA_METHOD_FLAG_NO_CHECK)) | 398 | RSA_METHOD_FLAG_NO_CHECK)) |
| 425 | ; | 399 | ; |
| 426 | else | 400 | else |
| 427 | #endif /* OPENSSL_NO_RSA */ | 401 | #endif /* OPENSSL_NO_RSA */ |
| 428 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | 402 | if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { |
| 429 | { | ||
| 430 | /* don't fail for a cert/key mismatch, just free | 403 | /* don't fail for a cert/key mismatch, just free |
| 431 | * current private key (when switching to a different | 404 | * current private key (when switching to a different |
| 432 | * cert & key, first this function should be used, | 405 | * cert & key, first this function should be used, |
| 433 | * then ssl_set_pkey */ | 406 | * then ssl_set_pkey */ |
| 434 | EVP_PKEY_free(c->pkeys[i].privatekey); | 407 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 435 | c->pkeys[i].privatekey=NULL; | 408 | c->pkeys[i].privatekey = NULL; |
| 436 | /* clear error queue */ | 409 | /* clear error queue */ |
| 437 | ERR_clear_error(); | 410 | ERR_clear_error(); |
| 438 | } | ||
| 439 | } | 411 | } |
| 412 | } | ||
| 440 | 413 | ||
| 441 | EVP_PKEY_free(pkey); | 414 | EVP_PKEY_free(pkey); |
| 442 | 415 | ||
| 443 | if (c->pkeys[i].x509 != NULL) | 416 | if (c->pkeys[i].x509 != NULL) |
| 444 | X509_free(c->pkeys[i].x509); | 417 | X509_free(c->pkeys[i].x509); |
| 445 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 418 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 446 | c->pkeys[i].x509=x; | 419 | c->pkeys[i].x509 = x; |
| 447 | c->key= &(c->pkeys[i]); | 420 | c->key = &(c->pkeys[i]); |
| 448 | 421 | ||
| 449 | c->valid=0; | 422 | c->valid = 0; |
| 450 | return(1); | 423 | return (1); |
| 451 | } | 424 | } |
| 452 | 425 | ||
| 453 | #ifndef OPENSSL_NO_STDIO | 426 | #ifndef OPENSSL_NO_STDIO |
| 454 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) | 427 | int |
| 455 | { | 428 | SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) |
| 429 | { | ||
| 456 | int j; | 430 | int j; |
| 457 | BIO *in; | 431 | BIO *in; |
| 458 | int ret=0; | 432 | int ret = 0; |
| 459 | X509 *x=NULL; | 433 | X509 *x = NULL; |
| 460 | 434 | ||
| 461 | in=BIO_new(BIO_s_file_internal()); | 435 | in = BIO_new(BIO_s_file_internal()); |
| 462 | if (in == NULL) | 436 | if (in == NULL) { |
| 463 | { | 437 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 464 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 465 | goto end; | 438 | goto end; |
| 466 | } | 439 | } |
| 467 | 440 | ||
| 468 | if (BIO_read_filename(in,file) <= 0) | 441 | if (BIO_read_filename(in, file) <= 0) { |
| 469 | { | 442 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 470 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 471 | goto end; | 443 | goto end; |
| 472 | } | 444 | } |
| 473 | if (type == SSL_FILETYPE_ASN1) | 445 | if (type == SSL_FILETYPE_ASN1) { |
| 474 | { | 446 | j = ERR_R_ASN1_LIB; |
| 475 | j=ERR_R_ASN1_LIB; | 447 | x = d2i_X509_bio(in, NULL); |
| 476 | x=d2i_X509_bio(in,NULL); | 448 | } else if (type == SSL_FILETYPE_PEM) { |
| 477 | } | 449 | j = ERR_R_PEM_LIB; |
| 478 | else if (type == SSL_FILETYPE_PEM) | 450 | x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 479 | { | 451 | } else { |
| 480 | j=ERR_R_PEM_LIB; | 452 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 481 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 482 | } | ||
| 483 | else | ||
| 484 | { | ||
| 485 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 486 | goto end; | 453 | goto end; |
| 487 | } | 454 | } |
| 488 | 455 | ||
| 489 | if (x == NULL) | 456 | if (x == NULL) { |
| 490 | { | 457 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); |
| 491 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); | ||
| 492 | goto end; | 458 | goto end; |
| 493 | } | 459 | } |
| 494 | 460 | ||
| 495 | ret=SSL_CTX_use_certificate(ctx,x); | 461 | ret = SSL_CTX_use_certificate(ctx, x); |
| 496 | end: | 462 | end: |
| 497 | if (x != NULL) X509_free(x); | 463 | if (x != NULL) |
| 498 | if (in != NULL) BIO_free(in); | 464 | X509_free(x); |
| 499 | return(ret); | 465 | if (in != NULL) |
| 500 | } | 466 | BIO_free(in); |
| 467 | return (ret); | ||
| 468 | } | ||
| 501 | #endif | 469 | #endif |
| 502 | 470 | ||
| 503 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) | 471 | int |
| 504 | { | 472 | SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) |
| 473 | { | ||
| 505 | X509 *x; | 474 | X509 *x; |
| 506 | int ret; | 475 | int ret; |
| 507 | 476 | ||
| 508 | x=d2i_X509(NULL,&d,(long)len); | 477 | x = d2i_X509(NULL, &d,(long)len); |
| 509 | if (x == NULL) | 478 | if (x == NULL) { |
| 510 | { | 479 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 511 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 480 | return (0); |
| 512 | return(0); | 481 | } |
| 513 | } | ||
| 514 | 482 | ||
| 515 | ret=SSL_CTX_use_certificate(ctx,x); | 483 | ret = SSL_CTX_use_certificate(ctx, x); |
| 516 | X509_free(x); | 484 | X509_free(x); |
| 517 | return(ret); | 485 | return (ret); |
| 518 | } | 486 | } |
| 519 | 487 | ||
| 520 | #ifndef OPENSSL_NO_RSA | 488 | #ifndef OPENSSL_NO_RSA |
| 521 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) | 489 | int |
| 522 | { | 490 | SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) |
| 491 | { | ||
| 523 | int ret; | 492 | int ret; |
| 524 | EVP_PKEY *pkey; | 493 | EVP_PKEY *pkey; |
| 525 | 494 | ||
| 526 | if (rsa == NULL) | 495 | if (rsa == NULL) { |
| 527 | { | 496 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 528 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 497 | return (0); |
| 529 | return(0); | 498 | } |
| 530 | } | 499 | if (!ssl_cert_inst(&ctx->cert)) { |
| 531 | if (!ssl_cert_inst(&ctx->cert)) | 500 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 532 | { | 501 | return (0); |
| 533 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 502 | } |
| 534 | return(0); | 503 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 535 | } | 504 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 536 | if ((pkey=EVP_PKEY_new()) == NULL) | 505 | return (0); |
| 537 | { | 506 | } |
| 538 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 539 | return(0); | ||
| 540 | } | ||
| 541 | 507 | ||
| 542 | RSA_up_ref(rsa); | 508 | RSA_up_ref(rsa); |
| 543 | EVP_PKEY_assign_RSA(pkey,rsa); | 509 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 544 | 510 | ||
| 545 | ret=ssl_set_pkey(ctx->cert, pkey); | 511 | ret = ssl_set_pkey(ctx->cert, pkey); |
| 546 | EVP_PKEY_free(pkey); | 512 | EVP_PKEY_free(pkey); |
| 547 | return(ret); | 513 | return (ret); |
| 548 | } | 514 | } |
| 549 | 515 | ||
| 550 | #ifndef OPENSSL_NO_STDIO | 516 | #ifndef OPENSSL_NO_STDIO |
| 551 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 517 | int |
| 552 | { | 518 | SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 553 | int j,ret=0; | 519 | { |
| 520 | int j, ret = 0; | ||
| 554 | BIO *in; | 521 | BIO *in; |
| 555 | RSA *rsa=NULL; | 522 | RSA *rsa = NULL; |
| 556 | 523 | ||
| 557 | in=BIO_new(BIO_s_file_internal()); | 524 | in = BIO_new(BIO_s_file_internal()); |
| 558 | if (in == NULL) | 525 | if (in == NULL) { |
| 559 | { | 526 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 560 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 561 | goto end; | 527 | goto end; |
| 562 | } | 528 | } |
| 563 | 529 | ||
| 564 | if (BIO_read_filename(in,file) <= 0) | 530 | if (BIO_read_filename(in, file) <= 0) { |
| 565 | { | 531 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 566 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 567 | goto end; | 532 | goto end; |
| 568 | } | 533 | } |
| 569 | if (type == SSL_FILETYPE_ASN1) | 534 | if (type == SSL_FILETYPE_ASN1) { |
| 570 | { | 535 | j = ERR_R_ASN1_LIB; |
| 571 | j=ERR_R_ASN1_LIB; | 536 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 572 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 537 | } else if (type == SSL_FILETYPE_PEM) { |
| 573 | } | 538 | j = ERR_R_PEM_LIB; |
| 574 | else if (type == SSL_FILETYPE_PEM) | 539 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 575 | { | 540 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 576 | j=ERR_R_PEM_LIB; | 541 | } else { |
| 577 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 542 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 578 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 579 | } | ||
| 580 | else | ||
| 581 | { | ||
| 582 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 583 | goto end; | 543 | goto end; |
| 584 | } | 544 | } |
| 585 | if (rsa == NULL) | 545 | if (rsa == NULL) { |
| 586 | { | 546 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); |
| 587 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); | ||
| 588 | goto end; | 547 | goto end; |
| 589 | } | 548 | } |
| 590 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 549 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 591 | RSA_free(rsa); | 550 | RSA_free(rsa); |
| 592 | end: | 551 | end: |
| 593 | if (in != NULL) BIO_free(in); | 552 | if (in != NULL) |
| 594 | return(ret); | 553 | BIO_free(in); |
| 595 | } | 554 | return (ret); |
| 555 | } | ||
| 596 | #endif | 556 | #endif |
| 597 | 557 | ||
| 598 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) | 558 | int |
| 599 | { | 559 | SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) |
| 560 | { | ||
| 600 | int ret; | 561 | int ret; |
| 601 | const unsigned char *p; | 562 | const unsigned char *p; |
| 602 | RSA *rsa; | 563 | RSA *rsa; |
| 603 | 564 | ||
| 604 | p=d; | 565 | p = d; |
| 605 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 566 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 606 | { | 567 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 607 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 568 | return (0); |
| 608 | return(0); | 569 | } |
| 609 | } | ||
| 610 | 570 | ||
| 611 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 571 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 612 | RSA_free(rsa); | 572 | RSA_free(rsa); |
| 613 | return(ret); | 573 | return (ret); |
| 614 | } | 574 | } |
| 615 | #endif /* !OPENSSL_NO_RSA */ | 575 | #endif /* !OPENSSL_NO_RSA */ |
| 616 | 576 | ||
| 617 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | 577 | int |
| 618 | { | 578 | SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) |
| 619 | if (pkey == NULL) | 579 | { |
| 620 | { | 580 | if (pkey == NULL) { |
| 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 581 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 622 | return(0); | 582 | return (0); |
| 623 | } | ||
| 624 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 625 | { | ||
| 626 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 627 | return(0); | ||
| 628 | } | ||
| 629 | return(ssl_set_pkey(ctx->cert,pkey)); | ||
| 630 | } | 583 | } |
| 584 | if (!ssl_cert_inst(&ctx->cert)) { | ||
| 585 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 586 | return (0); | ||
| 587 | } | ||
| 588 | return (ssl_set_pkey(ctx->cert, pkey)); | ||
| 589 | } | ||
| 631 | 590 | ||
| 632 | #ifndef OPENSSL_NO_STDIO | 591 | #ifndef OPENSSL_NO_STDIO |
| 633 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 592 | int |
| 634 | { | 593 | SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 635 | int j,ret=0; | 594 | { |
| 595 | int j, ret = 0; | ||
| 636 | BIO *in; | 596 | BIO *in; |
| 637 | EVP_PKEY *pkey=NULL; | 597 | EVP_PKEY *pkey = NULL; |
| 638 | 598 | ||
| 639 | in=BIO_new(BIO_s_file_internal()); | 599 | in = BIO_new(BIO_s_file_internal()); |
| 640 | if (in == NULL) | 600 | if (in == NULL) { |
| 641 | { | 601 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 642 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 643 | goto end; | 602 | goto end; |
| 644 | } | 603 | } |
| 645 | 604 | ||
| 646 | if (BIO_read_filename(in,file) <= 0) | 605 | if (BIO_read_filename(in, file) <= 0) { |
| 647 | { | 606 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 648 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 649 | goto end; | 607 | goto end; |
| 650 | } | 608 | } |
| 651 | if (type == SSL_FILETYPE_PEM) | 609 | if (type == SSL_FILETYPE_PEM) { |
| 652 | { | 610 | j = ERR_R_PEM_LIB; |
| 653 | j=ERR_R_PEM_LIB; | 611 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 654 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 612 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 655 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | 613 | } else if (type == SSL_FILETYPE_ASN1) { |
| 656 | } | ||
| 657 | else if (type == SSL_FILETYPE_ASN1) | ||
| 658 | { | ||
| 659 | j = ERR_R_ASN1_LIB; | 614 | j = ERR_R_ASN1_LIB; |
| 660 | pkey = d2i_PrivateKey_bio(in,NULL); | 615 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 661 | } | 616 | } else { |
| 662 | else | 617 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 663 | { | ||
| 664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 665 | goto end; | 618 | goto end; |
| 666 | } | 619 | } |
| 667 | if (pkey == NULL) | 620 | if (pkey == NULL) { |
| 668 | { | 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); |
| 669 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); | ||
| 670 | goto end; | 622 | goto end; |
| 671 | } | 623 | } |
| 672 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 624 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 673 | EVP_PKEY_free(pkey); | 625 | EVP_PKEY_free(pkey); |
| 674 | end: | 626 | end: |
| 675 | if (in != NULL) BIO_free(in); | 627 | if (in != NULL) |
| 676 | return(ret); | 628 | BIO_free(in); |
| 677 | } | 629 | return (ret); |
| 630 | } | ||
| 678 | #endif | 631 | #endif |
| 679 | 632 | ||
| 680 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | 633 | int |
| 681 | long len) | 634 | SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, |
| 682 | { | 635 | long len) |
| 636 | { | ||
| 683 | int ret; | 637 | int ret; |
| 684 | const unsigned char *p; | 638 | const unsigned char *p; |
| 685 | EVP_PKEY *pkey; | 639 | EVP_PKEY *pkey; |
| 686 | 640 | ||
| 687 | p=d; | 641 | p = d; |
| 688 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 642 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 689 | { | 643 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 690 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 644 | return (0); |
| 691 | return(0); | 645 | } |
| 692 | } | ||
| 693 | 646 | ||
| 694 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 647 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 695 | EVP_PKEY_free(pkey); | 648 | EVP_PKEY_free(pkey); |
| 696 | return(ret); | 649 | return (ret); |
| 697 | } | 650 | } |
| 698 | 651 | ||
| 699 | 652 | ||
| 700 | #ifndef OPENSSL_NO_STDIO | 653 | #ifndef OPENSSL_NO_STDIO |
| @@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | |||
| 702 | * possibly followed by a sequence of CA certificates that should be | 655 | * possibly followed by a sequence of CA certificates that should be |
| 703 | * sent to the peer in the Certificate message. | 656 | * sent to the peer in the Certificate message. |
| 704 | */ | 657 | */ |
| 705 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | 658 | int |
| 706 | { | 659 | SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) |
| 660 | { | ||
| 707 | BIO *in; | 661 | BIO *in; |
| 708 | int ret=0; | 662 | int ret = 0; |
| 709 | X509 *x=NULL; | 663 | X509 *x = NULL; |
| 710 | 664 | ||
| 711 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | 665 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ |
| 712 | 666 | ||
| 713 | in = BIO_new(BIO_s_file_internal()); | 667 | in = BIO_new(BIO_s_file_internal()); |
| 714 | if (in == NULL) | 668 | if (in == NULL) { |
| 715 | { | 669 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); |
| 716 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); | ||
| 717 | goto end; | 670 | goto end; |
| 718 | } | 671 | } |
| 719 | 672 | ||
| 720 | if (BIO_read_filename(in,file) <= 0) | 673 | if (BIO_read_filename(in, file) <= 0) { |
| 721 | { | 674 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); |
| 722 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); | ||
| 723 | goto end; | 675 | goto end; |
| 724 | } | 676 | } |
| 725 | 677 | ||
| 726 | x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, | 678 | x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, |
| 727 | ctx->default_passwd_callback_userdata); | 679 | ctx->default_passwd_callback_userdata); |
| 728 | if (x == NULL) | 680 | if (x == NULL) { |
| 729 | { | 681 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); |
| 730 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); | ||
| 731 | goto end; | 682 | goto end; |
| 732 | } | 683 | } |
| 733 | 684 | ||
| 734 | ret = SSL_CTX_use_certificate(ctx, x); | 685 | ret = SSL_CTX_use_certificate(ctx, x); |
| 735 | 686 | ||
| 736 | if (ERR_peek_error() != 0) | 687 | if (ERR_peek_error() != 0) |
| 737 | ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ | 688 | ret = 0; |
| 738 | if (ret) | 689 | /* Key/certificate mismatch doesn't imply ret==0 ... */ |
| 739 | { | 690 | if (ret) { |
| 740 | /* If we could set up our certificate, now proceed to | 691 | /* If we could set up our certificate, now proceed to |
| 741 | * the CA certificates. | 692 | * the CA certificates. |
| 742 | */ | 693 | */ |
| 743 | X509 *ca; | 694 | X509 *ca; |
| 744 | int r; | 695 | int r; |
| 745 | unsigned long err; | 696 | unsigned long err; |
| 746 | 697 | ||
| 747 | if (ctx->extra_certs != NULL) | 698 | if (ctx->extra_certs != NULL) { |
| 748 | { | ||
| 749 | sk_X509_pop_free(ctx->extra_certs, X509_free); | 699 | sk_X509_pop_free(ctx->extra_certs, X509_free); |
| 750 | ctx->extra_certs = NULL; | 700 | ctx->extra_certs = NULL; |
| 751 | } | 701 | } |
| 752 | 702 | ||
| 753 | while ((ca = PEM_read_bio_X509(in, NULL, | 703 | while ((ca = PEM_read_bio_X509(in, NULL, |
| 754 | ctx->default_passwd_callback, | 704 | ctx->default_passwd_callback, |
| 755 | ctx->default_passwd_callback_userdata)) | 705 | ctx->default_passwd_callback_userdata)) |
| 756 | != NULL) | 706 | != NULL) { |
| 757 | { | ||
| 758 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | 707 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); |
| 759 | if (!r) | 708 | if (!r) { |
| 760 | { | ||
| 761 | X509_free(ca); | 709 | X509_free(ca); |
| 762 | ret = 0; | 710 | ret = 0; |
| 763 | goto end; | 711 | goto end; |
| 764 | } | 712 | } |
| 765 | /* Note that we must not free r if it was successfully | 713 | /* Note that we must not free r if it was successfully |
| 766 | * added to the chain (while we must free the main | 714 | * added to the chain (while we must free the main |
| 767 | * certificate, since its reference count is increased | 715 | * certificate, since its reference count is increased |
| 768 | * by SSL_CTX_use_certificate). */ | 716 | * by SSL_CTX_use_certificate). */ |
| 769 | } | 717 | } |
| 770 | /* When the while loop ends, it's usually just EOF. */ | 718 | /* When the while loop ends, it's usually just EOF. */ |
| 771 | err = ERR_peek_last_error(); | 719 | err = ERR_peek_last_error(); |
| 772 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) | 720 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) |
| 773 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 774 | else | 722 | else |
| 775 | ret = 0; /* some real error */ | 723 | ret = 0; /* some real error */ |
| 776 | } | 724 | } |
| 777 | 725 | ||
| 778 | end: | 726 | end: |
| 779 | if (x != NULL) X509_free(x); | 727 | if (x != NULL) |
| 780 | if (in != NULL) BIO_free(in); | 728 | X509_free(x); |
| 781 | return(ret); | 729 | if (in != NULL) |
| 782 | } | 730 | BIO_free(in); |
| 731 | return (ret); | ||
| 732 | } | ||
| 783 | #endif | 733 | #endif |
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index ad40fadd02..b29115862b 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -144,68 +144,74 @@ | |||
| 144 | #include "ssl_locl.h" | 144 | #include "ssl_locl.h" |
| 145 | 145 | ||
| 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); |
| 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); |
| 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); | 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); |
| 149 | 149 | ||
| 150 | SSL_SESSION *SSL_get_session(const SSL *ssl) | 150 | SSL_SESSION |
| 151 | *SSL_get_session(const SSL *ssl) | ||
| 151 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ | 152 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ |
| 152 | { | 153 | { |
| 153 | return(ssl->session); | 154 | return (ssl->session); |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 156 | SSL_SESSION *SSL_get1_session(SSL *ssl) | 157 | SSL_SESSION |
| 158 | *SSL_get1_session(SSL *ssl) | ||
| 157 | /* variant of SSL_get_session: caller really gets something */ | 159 | /* variant of SSL_get_session: caller really gets something */ |
| 158 | { | 160 | { |
| 159 | SSL_SESSION *sess; | 161 | SSL_SESSION *sess; |
| 160 | /* Need to lock this all up rather than just use CRYPTO_add so that | 162 | /* Need to lock this all up rather than just use CRYPTO_add so that |
| 161 | * somebody doesn't free ssl->session between when we check it's | 163 | * somebody doesn't free ssl->session between when we check it's |
| 162 | * non-null and when we up the reference count. */ | 164 | * non-null and when we up the reference count. */ |
| 163 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); | 165 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); |
| 164 | sess = ssl->session; | 166 | sess = ssl->session; |
| 165 | if(sess) | 167 | if (sess) |
| 166 | sess->references++; | 168 | sess->references++; |
| 167 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); | 169 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); |
| 168 | return(sess); | 170 | return (sess); |
| 169 | } | 171 | } |
| 170 | 172 | ||
| 171 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 173 | int |
| 172 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | 174 | SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 173 | { | 175 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 176 | { | ||
| 174 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, | 177 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, |
| 175 | new_func, dup_func, free_func); | 178 | new_func, dup_func, free_func); |
| 176 | } | 179 | } |
| 177 | 180 | ||
| 178 | int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | 181 | int |
| 179 | { | 182 | SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) |
| 180 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 183 | { |
| 181 | } | 184 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 185 | } | ||
| 182 | 186 | ||
| 183 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) | 187 | void |
| 184 | { | 188 | *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) |
| 185 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 189 | { |
| 186 | } | 190 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 191 | } | ||
| 187 | 192 | ||
| 188 | SSL_SESSION *SSL_SESSION_new(void) | 193 | SSL_SESSION |
| 189 | { | 194 | *SSL_SESSION_new(void) |
| 195 | { | ||
| 190 | SSL_SESSION *ss; | 196 | SSL_SESSION *ss; |
| 191 | 197 | ||
| 192 | ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); | 198 | ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); |
| 193 | if (ss == NULL) | 199 | if (ss == NULL) { |
| 194 | { | 200 | SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); |
| 195 | SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); | 201 | return (0); |
| 196 | return(0); | 202 | } |
| 197 | } | 203 | memset(ss, 0, sizeof(SSL_SESSION)); |
| 198 | memset(ss,0,sizeof(SSL_SESSION)); | ||
| 199 | 204 | ||
| 200 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 201 | ss->references=1; | 206 | ss->references = 1; |
| 202 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 203 | ss->time=(unsigned long)time(NULL); | 208 | ss->time = (unsigned long)time(NULL); |
| 204 | ss->prev=NULL; | 209 | ss->prev = NULL; |
| 205 | ss->next=NULL; | 210 | ss->next = NULL; |
| 206 | ss->compress_meth=0; | 211 | ss->compress_meth = 0; |
| 207 | #ifndef OPENSSL_NO_TLSEXT | 212 | #ifndef OPENSSL_NO_TLSEXT |
| 208 | ss->tlsext_hostname = NULL; | 213 | ss->tlsext_hostname = NULL; |
| 214 | |||
| 209 | #ifndef OPENSSL_NO_EC | 215 | #ifndef OPENSSL_NO_EC |
| 210 | ss->tlsext_ecpointformatlist_length = 0; | 216 | ss->tlsext_ecpointformatlist_length = 0; |
| 211 | ss->tlsext_ecpointformatlist = NULL; | 217 | ss->tlsext_ecpointformatlist = NULL; |
| @@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void) | |||
| 215 | #endif | 221 | #endif |
| 216 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 222 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 217 | #ifndef OPENSSL_NO_PSK | 223 | #ifndef OPENSSL_NO_PSK |
| 218 | ss->psk_identity_hint=NULL; | 224 | ss->psk_identity_hint = NULL; |
| 219 | ss->psk_identity=NULL; | 225 | ss->psk_identity = NULL; |
| 220 | #endif | 226 | #endif |
| 221 | #ifndef OPENSSL_NO_SRP | 227 | #ifndef OPENSSL_NO_SRP |
| 222 | ss->srp_username=NULL; | 228 | ss->srp_username = NULL; |
| 223 | #endif | 229 | #endif |
| 224 | return(ss); | 230 | return (ss); |
| 225 | } | 231 | } |
| 226 | 232 | ||
| 227 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | 233 | const unsigned char |
| 228 | { | 234 | *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) |
| 229 | if(len) | 235 | { |
| 236 | if (len) | ||
| 230 | *len = s->session_id_length; | 237 | *len = s->session_id_length; |
| 231 | return s->session_id; | 238 | return s->session_id; |
| 232 | } | 239 | } |
| 233 | 240 | ||
| 234 | unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | 241 | unsigned int |
| 235 | { | 242 | SSL_SESSION_get_compress_id(const SSL_SESSION *s) |
| 243 | { | ||
| 236 | return s->compress_meth; | 244 | return s->compress_meth; |
| 237 | } | 245 | } |
| 238 | 246 | ||
| 239 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 | 247 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 |
| 240 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly | 248 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly |
| @@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | |||
| 246 | * store that many sessions is perhaps a more interesting question ... */ | 254 | * store that many sessions is perhaps a more interesting question ... */ |
| 247 | 255 | ||
| 248 | #define MAX_SESS_ID_ATTEMPTS 10 | 256 | #define MAX_SESS_ID_ATTEMPTS 10 |
| 249 | static int def_generate_session_id(const SSL *ssl, unsigned char *id, | 257 | static int |
| 250 | unsigned int *id_len) | 258 | def_generate_session_id(const SSL *ssl, unsigned char *id, |
| 259 | unsigned int *id_len) | ||
| 251 | { | 260 | { |
| 252 | unsigned int retry = 0; | 261 | unsigned int retry = 0; |
| 253 | do | 262 | do |
| 254 | if (RAND_pseudo_bytes(id, *id_len) <= 0) | 263 | if (RAND_pseudo_bytes(id, *id_len) <= 0) |
| 255 | return 0; | 264 | return 0; |
| 256 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | 265 | while (SSL_has_matching_session_id(ssl, id, *id_len) && |
| 257 | (++retry < MAX_SESS_ID_ATTEMPTS)); | 266 | (++retry < MAX_SESS_ID_ATTEMPTS)); |
| 258 | if(retry < MAX_SESS_ID_ATTEMPTS) | 267 | if (retry < MAX_SESS_ID_ATTEMPTS) |
| 259 | return 1; | 268 | return 1; |
| 260 | /* else - woops a session_id match */ | 269 | /* else - woops a session_id match */ |
| 261 | /* XXX We should also check the external cache -- | 270 | /* XXX We should also check the external cache -- |
| @@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, | |||
| 269 | return 0; | 278 | return 0; |
| 270 | } | 279 | } |
| 271 | 280 | ||
| 272 | int ssl_get_new_session(SSL *s, int session) | 281 | int |
| 273 | { | 282 | ssl_get_new_session(SSL *s, int session) |
| 283 | { | ||
| 274 | /* This gets used by clients and servers. */ | 284 | /* This gets used by clients and servers. */ |
| 275 | 285 | ||
| 276 | unsigned int tmp; | 286 | unsigned int tmp; |
| 277 | SSL_SESSION *ss=NULL; | 287 | SSL_SESSION *ss = NULL; |
| 278 | GEN_SESSION_CB cb = def_generate_session_id; | 288 | GEN_SESSION_CB cb = def_generate_session_id; |
| 279 | 289 | ||
| 280 | if ((ss=SSL_SESSION_new()) == NULL) return(0); | 290 | if ((ss = SSL_SESSION_new()) == NULL) return (0); |
| 281 | 291 | ||
| 282 | /* If the context has a default timeout, use it */ | 292 | /* If the context has a default timeout, use it */ |
| 283 | if (s->session_ctx->session_timeout == 0) | 293 | if (s->session_ctx->session_timeout == 0) |
| 284 | ss->timeout=SSL_get_default_timeout(s); | 294 | ss->timeout = SSL_get_default_timeout(s); |
| 285 | else | 295 | else |
| 286 | ss->timeout=s->session_ctx->session_timeout; | 296 | ss->timeout = s->session_ctx->session_timeout; |
| 287 | 297 | ||
| 288 | if (s->session != NULL) | 298 | if (s->session != NULL) { |
| 289 | { | ||
| 290 | SSL_SESSION_free(s->session); | 299 | SSL_SESSION_free(s->session); |
| 291 | s->session=NULL; | 300 | s->session = NULL; |
| 292 | } | 301 | } |
| 293 | 302 | ||
| 294 | if (session) | 303 | if (session) { |
| 295 | { | 304 | if (s->version == SSL2_VERSION) { |
| 296 | if (s->version == SSL2_VERSION) | 305 | ss->ssl_version = SSL2_VERSION; |
| 297 | { | 306 | ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 298 | ss->ssl_version=SSL2_VERSION; | 307 | } else if (s->version == SSL3_VERSION) { |
| 299 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; | 308 | ss->ssl_version = SSL3_VERSION; |
| 300 | } | 309 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 301 | else if (s->version == SSL3_VERSION) | 310 | } else if (s->version == TLS1_VERSION) { |
| 302 | { | 311 | ss->ssl_version = TLS1_VERSION; |
| 303 | ss->ssl_version=SSL3_VERSION; | 312 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 304 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 313 | } else if (s->version == TLS1_1_VERSION) { |
| 305 | } | 314 | ss->ssl_version = TLS1_1_VERSION; |
| 306 | else if (s->version == TLS1_VERSION) | 315 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 307 | { | 316 | } else if (s->version == TLS1_2_VERSION) { |
| 308 | ss->ssl_version=TLS1_VERSION; | 317 | ss->ssl_version = TLS1_2_VERSION; |
| 309 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 318 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 310 | } | 319 | } else if (s->version == DTLS1_BAD_VER) { |
| 311 | else if (s->version == TLS1_1_VERSION) | 320 | ss->ssl_version = DTLS1_BAD_VER; |
| 312 | { | 321 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 313 | ss->ssl_version=TLS1_1_VERSION; | 322 | } else if (s->version == DTLS1_VERSION) { |
| 314 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 323 | ss->ssl_version = DTLS1_VERSION; |
| 315 | } | 324 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 316 | else if (s->version == TLS1_2_VERSION) | 325 | } else { |
| 317 | { | 326 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); |
| 318 | ss->ssl_version=TLS1_2_VERSION; | ||
| 319 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 320 | } | ||
| 321 | else if (s->version == DTLS1_BAD_VER) | ||
| 322 | { | ||
| 323 | ss->ssl_version=DTLS1_BAD_VER; | ||
| 324 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 325 | } | ||
| 326 | else if (s->version == DTLS1_VERSION) | ||
| 327 | { | ||
| 328 | ss->ssl_version=DTLS1_VERSION; | ||
| 329 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 330 | } | ||
| 331 | else | ||
| 332 | { | ||
| 333 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); | ||
| 334 | SSL_SESSION_free(ss); | 327 | SSL_SESSION_free(ss); |
| 335 | return(0); | 328 | return (0); |
| 336 | } | 329 | } |
| 337 | #ifndef OPENSSL_NO_TLSEXT | 330 | #ifndef OPENSSL_NO_TLSEXT |
| 338 | /* If RFC4507 ticket use empty session ID */ | 331 | /* If RFC4507 ticket use empty session ID */ |
| 339 | if (s->tlsext_ticket_expected) | 332 | if (s->tlsext_ticket_expected) { |
| 340 | { | ||
| 341 | ss->session_id_length = 0; | 333 | ss->session_id_length = 0; |
| 342 | goto sess_id_done; | 334 | goto sess_id_done; |
| 343 | } | 335 | } |
| 344 | #endif | 336 | #endif |
| 345 | /* Choose which callback will set the session ID */ | 337 | /* Choose which callback will set the session ID */ |
| 346 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 338 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 347 | if(s->generate_session_id) | 339 | if (s->generate_session_id) |
| 348 | cb = s->generate_session_id; | 340 | cb = s->generate_session_id; |
| 349 | else if(s->session_ctx->generate_session_id) | 341 | else if (s->session_ctx->generate_session_id) |
| 350 | cb = s->session_ctx->generate_session_id; | 342 | cb = s->session_ctx->generate_session_id; |
| 351 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 343 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 352 | /* Choose a session ID */ | 344 | /* Choose a session ID */ |
| 353 | tmp = ss->session_id_length; | 345 | tmp = ss->session_id_length; |
| 354 | if(!cb(s, ss->session_id, &tmp)) | 346 | if (!cb(s, ss->session_id, &tmp)) { |
| 355 | { | ||
| 356 | /* The callback failed */ | 347 | /* The callback failed */ |
| 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 348 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 358 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); | 349 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); |
| 359 | SSL_SESSION_free(ss); | 350 | SSL_SESSION_free(ss); |
| 360 | return(0); | 351 | return (0); |
| 361 | } | 352 | } |
| 362 | /* Don't allow the callback to set the session length to zero. | 353 | /* Don't allow the callback to set the session length to zero. |
| 363 | * nor set it higher than it was. */ | 354 | * nor set it higher than it was. */ |
| 364 | if(!tmp || (tmp > ss->session_id_length)) | 355 | if (!tmp || (tmp > ss->session_id_length)) { |
| 365 | { | ||
| 366 | /* The callback set an illegal length */ | 356 | /* The callback set an illegal length */ |
| 367 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 368 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); | 358 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); |
| 369 | SSL_SESSION_free(ss); | 359 | SSL_SESSION_free(ss); |
| 370 | return(0); | 360 | return (0); |
| 371 | } | 361 | } |
| 372 | /* If the session length was shrunk and we're SSLv2, pad it */ | 362 | /* If the session length was shrunk and we're SSLv2, pad it */ |
| 373 | if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) | 363 | if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) |
| 374 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); | 364 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); |
| 375 | else | 365 | else |
| 376 | ss->session_id_length = tmp; | 366 | ss->session_id_length = tmp; |
| 377 | /* Finally, check for a conflict */ | 367 | /* Finally, check for a conflict */ |
| 378 | if(SSL_has_matching_session_id(s, ss->session_id, | 368 | if (SSL_has_matching_session_id(s, ss->session_id, |
| 379 | ss->session_id_length)) | 369 | ss->session_id_length)) { |
| 380 | { | ||
| 381 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 370 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 382 | SSL_R_SSL_SESSION_ID_CONFLICT); | 371 | SSL_R_SSL_SESSION_ID_CONFLICT); |
| 383 | SSL_SESSION_free(ss); | 372 | SSL_SESSION_free(ss); |
| 384 | return(0); | 373 | return (0); |
| 385 | } | 374 | } |
| 386 | #ifndef OPENSSL_NO_TLSEXT | 375 | #ifndef OPENSSL_NO_TLSEXT |
| 387 | sess_id_done: | 376 | sess_id_done: |
| 388 | if (s->tlsext_hostname) { | 377 | if (s->tlsext_hostname) { |
| @@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 391 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 380 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 392 | SSL_SESSION_free(ss); | 381 | SSL_SESSION_free(ss); |
| 393 | return 0; | 382 | return 0; |
| 394 | } | ||
| 395 | } | 383 | } |
| 384 | } | ||
| 396 | #ifndef OPENSSL_NO_EC | 385 | #ifndef OPENSSL_NO_EC |
| 397 | if (s->tlsext_ecpointformatlist) | 386 | if (s->tlsext_ecpointformatlist) { |
| 398 | { | 387 | if (ss->tlsext_ecpointformatlist != NULL) |
| 399 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 388 | OPENSSL_free(ss->tlsext_ecpointformatlist); |
| 400 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) | 389 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { |
| 401 | { | ||
| 402 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 390 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 403 | SSL_SESSION_free(ss); | 391 | SSL_SESSION_free(ss); |
| 404 | return 0; | 392 | return 0; |
| 405 | } | 393 | } |
| 406 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; | 394 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; |
| 407 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 395 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
| 408 | } | 396 | } |
| 409 | if (s->tlsext_ellipticcurvelist) | 397 | if (s->tlsext_ellipticcurvelist) { |
| 410 | { | 398 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 411 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 399 | OPENSSL_free(ss->tlsext_ellipticcurvelist); |
| 412 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) | 400 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { |
| 413 | { | ||
| 414 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 401 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 415 | SSL_SESSION_free(ss); | 402 | SSL_SESSION_free(ss); |
| 416 | return 0; | 403 | return 0; |
| 417 | } | 404 | } |
| 418 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; | 405 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; |
| 419 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | 406 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); |
| 420 | } | 407 | } |
| 421 | #endif | 408 | #endif |
| 422 | #endif | 409 | #endif |
| 423 | } | 410 | } else { |
| 424 | else | 411 | ss->session_id_length = 0; |
| 425 | { | 412 | } |
| 426 | ss->session_id_length=0; | ||
| 427 | } | ||
| 428 | 413 | ||
| 429 | if (s->sid_ctx_length > sizeof ss->sid_ctx) | 414 | if (s->sid_ctx_length > sizeof ss->sid_ctx) { |
| 430 | { | ||
| 431 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 415 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 432 | SSL_SESSION_free(ss); | 416 | SSL_SESSION_free(ss); |
| 433 | return 0; | 417 | return 0; |
| 434 | } | 418 | } |
| 435 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 419 | memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); |
| 436 | ss->sid_ctx_length=s->sid_ctx_length; | 420 | ss->sid_ctx_length = s->sid_ctx_length; |
| 437 | s->session=ss; | 421 | s->session = ss; |
| 438 | ss->ssl_version=s->version; | 422 | ss->ssl_version = s->version; |
| 439 | ss->verify_result = X509_V_OK; | 423 | ss->verify_result = X509_V_OK; |
| 440 | 424 | ||
| 441 | return(1); | 425 | return (1); |
| 442 | } | 426 | } |
| 443 | 427 | ||
| 444 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this | 428 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this |
| 445 | * connection. It is only called by servers. | 429 | * connection. It is only called by servers. |
| @@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 460 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 | 444 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 |
| 461 | * if the server should issue a new session ticket (to 0 otherwise). | 445 | * if the server should issue a new session ticket (to 0 otherwise). |
| 462 | */ | 446 | */ |
| 463 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | 447 | int |
| 464 | const unsigned char *limit) | 448 | ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
| 465 | { | 449 | const unsigned char *limit) |
| 450 | { | ||
| 466 | /* This is used only by servers. */ | 451 | /* This is used only by servers. */ |
| 467 | 452 | ||
| 468 | SSL_SESSION *ret=NULL; | 453 | SSL_SESSION *ret = NULL; |
| 469 | int fatal = 0; | 454 | int fatal = 0; |
| 470 | int try_session_cache = 1; | 455 | int try_session_cache = 1; |
| 471 | #ifndef OPENSSL_NO_TLSEXT | 456 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 480 | 465 | ||
| 481 | #ifndef OPENSSL_NO_TLSEXT | 466 | #ifndef OPENSSL_NO_TLSEXT |
| 482 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ | 467 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ |
| 483 | switch (r) | 468 | switch (r) { |
| 484 | { | ||
| 485 | case -1: /* Error during processing */ | 469 | case -1: /* Error during processing */ |
| 486 | fatal = 1; | 470 | fatal = 1; |
| 487 | goto err; | 471 | goto err; |
| @@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 494 | break; | 478 | break; |
| 495 | default: | 479 | default: |
| 496 | abort(); | 480 | abort(); |
| 497 | } | 481 | } |
| 498 | #endif | 482 | #endif |
| 499 | 483 | ||
| 500 | if (try_session_cache && | 484 | if (try_session_cache && |
| 501 | ret == NULL && | 485 | ret == NULL && |
| 502 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 486 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { |
| 503 | { | ||
| 504 | SSL_SESSION data; | 487 | SSL_SESSION data; |
| 505 | data.ssl_version=s->version; | 488 | data.ssl_version = s->version; |
| 506 | data.session_id_length=len; | 489 | data.session_id_length = len; |
| 507 | if (len == 0) | 490 | if (len == 0) |
| 508 | return 0; | 491 | return 0; |
| 509 | memcpy(data.session_id,session_id,len); | 492 | memcpy(data.session_id, session_id, len); |
| 510 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 493 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 511 | ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); | 494 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); |
| 512 | if (ret != NULL) | 495 | if (ret != NULL) { |
| 513 | { | ||
| 514 | /* don't allow other threads to steal it: */ | 496 | /* don't allow other threads to steal it: */ |
| 515 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 497 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 516 | } | 498 | } |
| 517 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 499 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 518 | if (ret == NULL) | 500 | if (ret == NULL) |
| 519 | s->session_ctx->stats.sess_miss++; | 501 | s->session_ctx->stats.sess_miss++; |
| 520 | } | 502 | } |
| 521 | 503 | ||
| 522 | if (try_session_cache && | 504 | if (try_session_cache && |
| 523 | ret == NULL && | 505 | ret == NULL && |
| 524 | s->session_ctx->get_session_cb != NULL) | 506 | s->session_ctx->get_session_cb != NULL) { |
| 525 | { | 507 | int copy = 1; |
| 526 | int copy=1; | 508 | |
| 527 | 509 | if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { | |
| 528 | if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) | ||
| 529 | { | ||
| 530 | s->session_ctx->stats.sess_cb_hit++; | 510 | s->session_ctx->stats.sess_cb_hit++; |
| 531 | 511 | ||
| 532 | /* Increment reference count now if the session callback | 512 | /* Increment reference count now if the session callback |
| @@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 535 | * it must handle the reference count itself [i.e. copy == 0], | 515 | * it must handle the reference count itself [i.e. copy == 0], |
| 536 | * or things won't be thread-safe). */ | 516 | * or things won't be thread-safe). */ |
| 537 | if (copy) | 517 | if (copy) |
| 538 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 518 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 539 | 519 | ||
| 540 | /* Add the externally cached session to the internal | 520 | /* Add the externally cached session to the internal |
| 541 | * cache as well if and only if we are supposed to. */ | 521 | * cache as well if and only if we are supposed to. */ |
| 542 | if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) | 522 | if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) |
| 543 | /* The following should not return 1, otherwise, | 523 | /* The following should not return 1, otherwise, |
| 544 | * things are very strange */ | 524 | * things are very strange */ |
| 545 | SSL_CTX_add_session(s->session_ctx,ret); | 525 | SSL_CTX_add_session(s->session_ctx, ret); |
| 546 | } | ||
| 547 | } | 526 | } |
| 527 | } | ||
| 548 | 528 | ||
| 549 | if (ret == NULL) | 529 | if (ret == NULL) |
| 550 | goto err; | 530 | goto err; |
| @@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 552 | /* Now ret is non-NULL and we own one of its reference counts. */ | 532 | /* Now ret is non-NULL and we own one of its reference counts. */ |
| 553 | 533 | ||
| 554 | if (ret->sid_ctx_length != s->sid_ctx_length | 534 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 555 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) | 535 | || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { |
| 556 | { | ||
| 557 | /* We have the session requested by the client, but we don't | 536 | /* We have the session requested by the client, but we don't |
| 558 | * want to use it in this context. */ | 537 | * want to use it in this context. */ |
| 559 | goto err; /* treat like cache miss */ | 538 | goto err; /* treat like cache miss */ |
| 560 | } | 539 | } |
| 561 | 540 | ||
| 562 | if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) | 541 | if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { |
| 563 | { | ||
| 564 | /* We can't be sure if this session is being used out of | 542 | /* We can't be sure if this session is being used out of |
| 565 | * context, which is especially important for SSL_VERIFY_PEER. | 543 | * context, which is especially important for SSL_VERIFY_PEER. |
| 566 | * The application should have used SSL[_CTX]_set_session_id_context. | 544 | * The application should have used SSL[_CTX]_set_session_id_context. |
| @@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 570 | * applications to effectively disable the session cache by | 548 | * applications to effectively disable the session cache by |
| 571 | * accident without anyone noticing). | 549 | * accident without anyone noticing). |
| 572 | */ | 550 | */ |
| 573 | 551 | ||
| 574 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | 552 | SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); |
| 575 | fatal = 1; | 553 | fatal = 1; |
| 576 | goto err; | 554 | goto err; |
| 577 | } | 555 | } |
| 578 | 556 | ||
| 579 | if (ret->cipher == NULL) | 557 | if (ret->cipher == NULL) { |
| 580 | { | 558 | unsigned char buf[5], *p; |
| 581 | unsigned char buf[5],*p; | ||
| 582 | unsigned long l; | 559 | unsigned long l; |
| 583 | 560 | ||
| 584 | p=buf; | 561 | p = buf; |
| 585 | l=ret->cipher_id; | 562 | l = ret->cipher_id; |
| 586 | l2n(l,p); | 563 | l2n(l, p); |
| 587 | if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) | 564 | if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 588 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); | 565 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); |
| 589 | else | 566 | else |
| 590 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); | 567 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); |
| 591 | if (ret->cipher == NULL) | 568 | if (ret->cipher == NULL) |
| 592 | goto err; | 569 | goto err; |
| 593 | } | 570 | } |
| 594 | 571 | ||
| 595 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 572 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ |
| 596 | { | 573 | { |
| 597 | s->session_ctx->stats.sess_timeout++; | 574 | s->session_ctx->stats.sess_timeout++; |
| 598 | if (try_session_cache) | 575 | if (try_session_cache) { |
| 599 | { | ||
| 600 | /* session was from the cache, so remove it */ | 576 | /* session was from the cache, so remove it */ |
| 601 | SSL_CTX_remove_session(s->session_ctx,ret); | 577 | SSL_CTX_remove_session(s->session_ctx, ret); |
| 602 | } | ||
| 603 | goto err; | ||
| 604 | } | 578 | } |
| 579 | goto err; | ||
| 580 | } | ||
| 605 | 581 | ||
| 606 | s->session_ctx->stats.sess_hit++; | 582 | s->session_ctx->stats.sess_hit++; |
| 607 | 583 | ||
| 608 | if (s->session != NULL) | 584 | if (s->session != NULL) |
| 609 | SSL_SESSION_free(s->session); | 585 | SSL_SESSION_free(s->session); |
| 610 | s->session=ret; | 586 | s->session = ret; |
| 611 | s->verify_result = s->session->verify_result; | 587 | s->verify_result = s->session->verify_result; |
| 612 | return 1; | 588 | return 1; |
| 613 | 589 | ||
| 614 | err: | 590 | err: |
| 615 | if (ret != NULL) | 591 | if (ret != NULL) { |
| 616 | { | ||
| 617 | SSL_SESSION_free(ret); | 592 | SSL_SESSION_free(ret); |
| 618 | #ifndef OPENSSL_NO_TLSEXT | 593 | #ifndef OPENSSL_NO_TLSEXT |
| 619 | if (!try_session_cache) | 594 | if (!try_session_cache) { |
| 620 | { | ||
| 621 | /* The session was from a ticket, so we should | 595 | /* The session was from a ticket, so we should |
| 622 | * issue a ticket for the new session */ | 596 | * issue a ticket for the new session */ |
| 623 | s->tlsext_ticket_expected = 1; | 597 | s->tlsext_ticket_expected = 1; |
| 624 | } | ||
| 625 | #endif | ||
| 626 | } | 598 | } |
| 599 | #endif | ||
| 600 | } | ||
| 627 | if (fatal) | 601 | if (fatal) |
| 628 | return -1; | 602 | return -1; |
| 629 | else | 603 | else |
| 630 | return 0; | 604 | return 0; |
| 631 | } | 605 | } |
| 632 | 606 | ||
| 633 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | 607 | int |
| 634 | { | 608 | SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 635 | int ret=0; | 609 | { |
| 610 | int ret = 0; | ||
| 636 | SSL_SESSION *s; | 611 | SSL_SESSION *s; |
| 637 | 612 | ||
| 638 | /* add just 1 reference count for the SSL_CTX's session cache | 613 | /* add just 1 reference count for the SSL_CTX's session cache |
| 639 | * even though it has two ways of access: each session is in a | 614 | * even though it has two ways of access: each session is in a |
| 640 | * doubly linked list and an lhash */ | 615 | * doubly linked list and an lhash */ |
| 641 | CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); | 616 | CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 642 | /* if session c is in already in cache, we take back the increment later */ | 617 | /* if session c is in already in cache, we take back the increment later */ |
| 643 | 618 | ||
| 644 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 619 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 645 | s=lh_SSL_SESSION_insert(ctx->sessions,c); | 620 | s = lh_SSL_SESSION_insert(ctx->sessions, c); |
| 646 | 621 | ||
| 647 | /* s != NULL iff we already had a session with the given PID. | 622 | /* s != NULL iff we already had a session with the given PID. |
| 648 | * In this case, s == c should hold (then we did not really modify | 623 | * In this case, s == c should hold (then we did not really modify |
| 649 | * ctx->sessions), or we're in trouble. */ | 624 | * ctx->sessions), or we're in trouble. */ |
| 650 | if (s != NULL && s != c) | 625 | if (s != NULL && s != c) { |
| 651 | { | ||
| 652 | /* We *are* in trouble ... */ | 626 | /* We *are* in trouble ... */ |
| 653 | SSL_SESSION_list_remove(ctx,s); | 627 | SSL_SESSION_list_remove(ctx, s); |
| 654 | SSL_SESSION_free(s); | 628 | SSL_SESSION_free(s); |
| 655 | /* ... so pretend the other session did not exist in cache | 629 | /* ... so pretend the other session did not exist in cache |
| 656 | * (we cannot handle two SSL_SESSION structures with identical | 630 | * (we cannot handle two SSL_SESSION structures with identical |
| @@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | |||
| 658 | * two threads concurrently obtain the same session from an external | 632 | * two threads concurrently obtain the same session from an external |
| 659 | * cache) */ | 633 | * cache) */ |
| 660 | s = NULL; | 634 | s = NULL; |
| 661 | } | 635 | } |
| 662 | 636 | ||
| 663 | /* Put at the head of the queue unless it is already in the cache */ | 637 | /* Put at the head of the queue unless it is already in the cache */ |
| 664 | if (s == NULL) | 638 | if (s == NULL) |
| 665 | SSL_SESSION_list_add(ctx,c); | 639 | SSL_SESSION_list_add(ctx, c); |
| 666 | 640 | ||
| 667 | if (s != NULL) | 641 | if (s != NULL) { |
| 668 | { | ||
| 669 | /* existing cache entry -- decrement previously incremented reference | 642 | /* existing cache entry -- decrement previously incremented reference |
| 670 | * count because it already takes into account the cache */ | 643 | * count because it already takes into account the cache */ |
| 671 | 644 | ||
| 672 | SSL_SESSION_free(s); /* s == c */ | 645 | SSL_SESSION_free(s); /* s == c */ |
| 673 | ret=0; | 646 | ret = 0; |
| 674 | } | 647 | } else { |
| 675 | else | ||
| 676 | { | ||
| 677 | /* new cache entry -- remove old ones if cache has become too large */ | 648 | /* new cache entry -- remove old ones if cache has become too large */ |
| 678 | |||
| 679 | ret=1; | ||
| 680 | 649 | ||
| 681 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) | 650 | ret = 1; |
| 682 | { | 651 | |
| 652 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) { | ||
| 683 | while (SSL_CTX_sess_number(ctx) > | 653 | while (SSL_CTX_sess_number(ctx) > |
| 684 | SSL_CTX_sess_get_cache_size(ctx)) | 654 | SSL_CTX_sess_get_cache_size(ctx)) { |
| 685 | { | ||
| 686 | if (!remove_session_lock(ctx, | 655 | if (!remove_session_lock(ctx, |
| 687 | ctx->session_cache_tail, 0)) | 656 | ctx->session_cache_tail, 0)) |
| 688 | break; | 657 | break; |
| 689 | else | 658 | else |
| 690 | ctx->stats.sess_cache_full++; | 659 | ctx->stats.sess_cache_full++; |
| 691 | } | ||
| 692 | } | 660 | } |
| 693 | } | 661 | } |
| 694 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 695 | return(ret); | ||
| 696 | } | 662 | } |
| 663 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 664 | return (ret); | ||
| 665 | } | ||
| 697 | 666 | ||
| 698 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | 667 | int |
| 668 | SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
| 699 | { | 669 | { |
| 700 | return remove_session_lock(ctx, c, 1); | 670 | return remove_session_lock(ctx, c, 1); |
| 701 | } | 671 | } |
| 702 | 672 | ||
| 703 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | 673 | static int |
| 704 | { | 674 | remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) |
| 675 | { | ||
| 705 | SSL_SESSION *r; | 676 | SSL_SESSION *r; |
| 706 | int ret=0; | 677 | int ret = 0; |
| 707 | 678 | ||
| 708 | if ((c != NULL) && (c->session_id_length != 0)) | 679 | if ((c != NULL) && (c->session_id_length != 0)) { |
| 709 | { | 680 | if (lck) |
| 710 | if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 681 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 711 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) | 682 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { |
| 712 | { | 683 | ret = 1; |
| 713 | ret=1; | 684 | r = lh_SSL_SESSION_delete(ctx->sessions, c); |
| 714 | r=lh_SSL_SESSION_delete(ctx->sessions,c); | 685 | SSL_SESSION_list_remove(ctx, c); |
| 715 | SSL_SESSION_list_remove(ctx,c); | 686 | } |
| 716 | } | ||
| 717 | 687 | ||
| 718 | if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 688 | if (lck) |
| 689 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 719 | 690 | ||
| 720 | if (ret) | 691 | if (ret) { |
| 721 | { | 692 | r->not_resumable = 1; |
| 722 | r->not_resumable=1; | ||
| 723 | if (ctx->remove_session_cb != NULL) | 693 | if (ctx->remove_session_cb != NULL) |
| 724 | ctx->remove_session_cb(ctx,r); | 694 | ctx->remove_session_cb(ctx, r); |
| 725 | SSL_SESSION_free(r); | 695 | SSL_SESSION_free(r); |
| 726 | } | ||
| 727 | } | 696 | } |
| 728 | else | 697 | } else |
| 729 | ret=0; | 698 | ret = 0; |
| 730 | return(ret); | 699 | return (ret); |
| 731 | } | 700 | } |
| 732 | 701 | ||
| 733 | void SSL_SESSION_free(SSL_SESSION *ss) | 702 | void |
| 734 | { | 703 | SSL_SESSION_free(SSL_SESSION *ss) |
| 704 | { | ||
| 735 | int i; | 705 | int i; |
| 736 | 706 | ||
| 737 | if(ss == NULL) | 707 | if (ss == NULL) |
| 738 | return; | 708 | return; |
| 739 | 709 | ||
| 740 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); | 710 | i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); |
| 741 | #ifdef REF_PRINT | 711 | #ifdef REF_PRINT |
| 742 | REF_PRINT("SSL_SESSION",ss); | 712 | REF_PRINT("SSL_SESSION", ss); |
| 743 | #endif | 713 | #endif |
| 744 | if (i > 0) return; | 714 | if (i > 0) |
| 715 | return; | ||
| 745 | #ifdef REF_CHECK | 716 | #ifdef REF_CHECK |
| 746 | if (i < 0) | 717 | if (i < 0) { |
| 747 | { | 718 | fprintf(stderr, "SSL_SESSION_free, bad reference count\n"); |
| 748 | fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); | ||
| 749 | abort(); /* ok */ | 719 | abort(); /* ok */ |
| 750 | } | 720 | } |
| 751 | #endif | 721 | #endif |
| 752 | 722 | ||
| 753 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 723 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 754 | 724 | ||
| 755 | OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); | 725 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); |
| 756 | OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | 726 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 757 | OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | 727 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 758 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | 728 | if (ss->sess_cert != NULL) |
| 759 | if (ss->peer != NULL) X509_free(ss->peer); | 729 | ssl_sess_cert_free(ss->sess_cert); |
| 760 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); | 730 | if (ss->peer != NULL) |
| 731 | X509_free(ss->peer); | ||
| 732 | if (ss->ciphers != NULL) | ||
| 733 | sk_SSL_CIPHER_free(ss->ciphers); | ||
| 761 | #ifndef OPENSSL_NO_TLSEXT | 734 | #ifndef OPENSSL_NO_TLSEXT |
| 762 | if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); | 735 | if (ss->tlsext_hostname != NULL) |
| 763 | if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); | 736 | OPENSSL_free(ss->tlsext_hostname); |
| 737 | if (ss->tlsext_tick != NULL) | ||
| 738 | OPENSSL_free(ss->tlsext_tick); | ||
| 764 | #ifndef OPENSSL_NO_EC | 739 | #ifndef OPENSSL_NO_EC |
| 765 | ss->tlsext_ecpointformatlist_length = 0; | 740 | ss->tlsext_ecpointformatlist_length = 0; |
| 766 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 741 | if (ss->tlsext_ecpointformatlist != NULL) |
| 742 | OPENSSL_free(ss->tlsext_ecpointformatlist); | ||
| 767 | ss->tlsext_ellipticcurvelist_length = 0; | 743 | ss->tlsext_ellipticcurvelist_length = 0; |
| 768 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 744 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 745 | OPENSSL_free(ss->tlsext_ellipticcurvelist); | ||
| 769 | #endif /* OPENSSL_NO_EC */ | 746 | #endif /* OPENSSL_NO_EC */ |
| 770 | #endif | 747 | #endif |
| 771 | #ifndef OPENSSL_NO_PSK | 748 | #ifndef OPENSSL_NO_PSK |
| @@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||
| 778 | if (ss->srp_username != NULL) | 755 | if (ss->srp_username != NULL) |
| 779 | OPENSSL_free(ss->srp_username); | 756 | OPENSSL_free(ss->srp_username); |
| 780 | #endif | 757 | #endif |
| 781 | OPENSSL_cleanse(ss,sizeof(*ss)); | 758 | OPENSSL_cleanse(ss, sizeof(*ss)); |
| 782 | OPENSSL_free(ss); | 759 | OPENSSL_free(ss); |
| 783 | } | 760 | } |
| 784 | 761 | ||
| 785 | int SSL_set_session(SSL *s, SSL_SESSION *session) | 762 | int |
| 786 | { | 763 | SSL_set_session(SSL *s, SSL_SESSION *session) |
| 787 | int ret=0; | 764 | { |
| 765 | int ret = 0; | ||
| 788 | const SSL_METHOD *meth; | 766 | const SSL_METHOD *meth; |
| 789 | 767 | ||
| 790 | if (session != NULL) | 768 | if (session != NULL) { |
| 791 | { | 769 | meth = s->ctx->method->get_ssl_method(session->ssl_version); |
| 792 | meth=s->ctx->method->get_ssl_method(session->ssl_version); | ||
| 793 | if (meth == NULL) | 770 | if (meth == NULL) |
| 794 | meth=s->method->get_ssl_method(session->ssl_version); | 771 | meth = s->method->get_ssl_method(session->ssl_version); |
| 795 | if (meth == NULL) | 772 | if (meth == NULL) { |
| 796 | { | 773 | SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); |
| 797 | SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); | 774 | return (0); |
| 798 | return(0); | 775 | } |
| 799 | } | ||
| 800 | 776 | ||
| 801 | if (meth != s->method) | 777 | if (meth != s->method) { |
| 802 | { | 778 | if (!SSL_set_ssl_method(s, meth)) |
| 803 | if (!SSL_set_ssl_method(s,meth)) | 779 | return (0); |
| 804 | return(0); | 780 | } |
| 805 | } | ||
| 806 | 781 | ||
| 807 | #ifndef OPENSSL_NO_KRB5 | 782 | #ifndef OPENSSL_NO_KRB5 |
| 808 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | 783 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && |
| 809 | session->krb5_client_princ_len > 0) | 784 | session->krb5_client_princ_len > 0) { |
| 810 | { | 785 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); |
| 811 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); | 786 | memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, |
| 812 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | 787 | session->krb5_client_princ_len); |
| 813 | session->krb5_client_princ_len); | 788 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; |
| 814 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | 789 | } |
| 815 | } | ||
| 816 | #endif /* OPENSSL_NO_KRB5 */ | 790 | #endif /* OPENSSL_NO_KRB5 */ |
| 817 | 791 | ||
| 818 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | 792 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ |
| 819 | CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); | 793 | CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 820 | if (s->session != NULL) | 794 | if (s->session != NULL) |
| 821 | SSL_SESSION_free(s->session); | 795 | SSL_SESSION_free(s->session); |
| 822 | s->session=session; | 796 | s->session = session; |
| 823 | s->verify_result = s->session->verify_result; | 797 | s->verify_result = s->session->verify_result; |
| 824 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | 798 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ |
| 825 | ret=1; | 799 | ret = 1; |
| 826 | } | 800 | } else { |
| 827 | else | 801 | if (s->session != NULL) { |
| 828 | { | ||
| 829 | if (s->session != NULL) | ||
| 830 | { | ||
| 831 | SSL_SESSION_free(s->session); | 802 | SSL_SESSION_free(s->session); |
| 832 | s->session=NULL; | 803 | s->session = NULL; |
| 833 | } | 804 | } |
| 834 | 805 | ||
| 835 | meth=s->ctx->method; | 806 | meth = s->ctx->method; |
| 836 | if (meth != s->method) | 807 | if (meth != s->method) { |
| 837 | { | 808 | if (!SSL_set_ssl_method(s, meth)) |
| 838 | if (!SSL_set_ssl_method(s,meth)) | 809 | return (0); |
| 839 | return(0); | ||
| 840 | } | ||
| 841 | ret=1; | ||
| 842 | } | 810 | } |
| 843 | return(ret); | 811 | ret = 1; |
| 844 | } | 812 | } |
| 813 | return (ret); | ||
| 814 | } | ||
| 845 | 815 | ||
| 846 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) | 816 | long |
| 847 | { | 817 | SSL_SESSION_set_timeout(SSL_SESSION *s, long t) |
| 848 | if (s == NULL) return(0); | 818 | { |
| 849 | s->timeout=t; | 819 | if (s == NULL) |
| 850 | return(1); | 820 | return (0); |
| 851 | } | 821 | s->timeout = t; |
| 822 | return (1); | ||
| 823 | } | ||
| 852 | 824 | ||
| 853 | long SSL_SESSION_get_timeout(const SSL_SESSION *s) | 825 | long |
| 854 | { | 826 | SSL_SESSION_get_timeout(const SSL_SESSION *s) |
| 855 | if (s == NULL) return(0); | 827 | { |
| 856 | return(s->timeout); | 828 | if (s == NULL) |
| 857 | } | 829 | return (0); |
| 830 | return (s->timeout); | ||
| 831 | } | ||
| 858 | 832 | ||
| 859 | long SSL_SESSION_get_time(const SSL_SESSION *s) | 833 | long |
| 860 | { | 834 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 861 | if (s == NULL) return(0); | 835 | { |
| 862 | return(s->time); | 836 | if (s == NULL) |
| 863 | } | 837 | return (0); |
| 838 | return (s->time); | ||
| 839 | } | ||
| 864 | 840 | ||
| 865 | long SSL_SESSION_set_time(SSL_SESSION *s, long t) | 841 | long |
| 866 | { | 842 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 867 | if (s == NULL) return(0); | 843 | { |
| 868 | s->time=t; | 844 | if (s == NULL) |
| 869 | return(t); | 845 | return (0); |
| 870 | } | 846 | s->time = t; |
| 847 | return (t); | ||
| 848 | } | ||
| 871 | 849 | ||
| 872 | X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) | 850 | X509 |
| 873 | { | 851 | *SSL_SESSION_get0_peer(SSL_SESSION *s) |
| 852 | { | ||
| 874 | return s->peer; | 853 | return s->peer; |
| 875 | } | 854 | } |
| 876 | 855 | ||
| 877 | int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, | 856 | int |
| 878 | unsigned int sid_ctx_len) | 857 | SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, |
| 879 | { | 858 | unsigned int sid_ctx_len) |
| 880 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 859 | { |
| 881 | { | 860 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 882 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 861 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 883 | return 0; | 862 | return 0; |
| 884 | } | 863 | } |
| 885 | s->sid_ctx_length=sid_ctx_len; | 864 | s->sid_ctx_length = sid_ctx_len; |
| 886 | memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); | 865 | memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); |
| 887 | 866 | ||
| 888 | return 1; | 867 | return 1; |
| 889 | } | 868 | } |
| 890 | 869 | ||
| 891 | long SSL_CTX_set_timeout(SSL_CTX *s, long t) | 870 | long |
| 892 | { | 871 | SSL_CTX_set_timeout(SSL_CTX *s, long t) |
| 872 | { | ||
| 893 | long l; | 873 | long l; |
| 894 | if (s == NULL) return(0); | 874 | if (s == NULL) |
| 895 | l=s->session_timeout; | 875 | return (0); |
| 896 | s->session_timeout=t; | 876 | l = s->session_timeout; |
| 897 | return(l); | 877 | s->session_timeout = t; |
| 898 | } | 878 | return (l); |
| 879 | } | ||
| 899 | 880 | ||
| 900 | long SSL_CTX_get_timeout(const SSL_CTX *s) | 881 | long |
| 901 | { | 882 | SSL_CTX_get_timeout(const SSL_CTX *s) |
| 902 | if (s == NULL) return(0); | 883 | { |
| 903 | return(s->session_timeout); | 884 | if (s == NULL) |
| 904 | } | 885 | return (0); |
| 886 | return (s->session_timeout); | ||
| 887 | } | ||
| 905 | 888 | ||
| 906 | #ifndef OPENSSL_NO_TLSEXT | 889 | #ifndef OPENSSL_NO_TLSEXT |
| 907 | int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, | 890 | int |
| 908 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) | 891 | SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, |
| 909 | { | 892 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) |
| 910 | if (s == NULL) return(0); | 893 | { |
| 894 | if (s == NULL) | ||
| 895 | return (0); | ||
| 911 | s->tls_session_secret_cb = tls_session_secret_cb; | 896 | s->tls_session_secret_cb = tls_session_secret_cb; |
| 912 | s->tls_session_secret_cb_arg = arg; | 897 | s->tls_session_secret_cb_arg = arg; |
| 913 | return(1); | 898 | return (1); |
| 914 | } | 899 | } |
| 915 | 900 | ||
| 916 | int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | 901 | int |
| 917 | void *arg) | 902 | SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, |
| 918 | { | 903 | void *arg) |
| 919 | if (s == NULL) return(0); | 904 | { |
| 905 | if (s == NULL) | ||
| 906 | return (0); | ||
| 920 | s->tls_session_ticket_ext_cb = cb; | 907 | s->tls_session_ticket_ext_cb = cb; |
| 921 | s->tls_session_ticket_ext_cb_arg = arg; | 908 | s->tls_session_ticket_ext_cb_arg = arg; |
| 922 | return(1); | 909 | return (1); |
| 923 | } | 910 | } |
| 924 | 911 | ||
| 925 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) | 912 | int |
| 926 | { | 913 | SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) |
| 927 | if (s->version >= TLS1_VERSION) | 914 | { |
| 928 | { | 915 | if (s->version >= TLS1_VERSION) { |
| 929 | if (s->tlsext_session_ticket) | 916 | if (s->tlsext_session_ticket) { |
| 930 | { | ||
| 931 | OPENSSL_free(s->tlsext_session_ticket); | 917 | OPENSSL_free(s->tlsext_session_ticket); |
| 932 | s->tlsext_session_ticket = NULL; | 918 | s->tlsext_session_ticket = NULL; |
| 933 | } | 919 | } |
| 934 | 920 | ||
| 935 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); | 921 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); |
| 936 | if (!s->tlsext_session_ticket) | 922 | if (!s->tlsext_session_ticket) { |
| 937 | { | ||
| 938 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); | 923 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); |
| 939 | return 0; | 924 | return 0; |
| 940 | } | 925 | } |
| 941 | 926 | ||
| 942 | if (ext_data) | 927 | if (ext_data) { |
| 943 | { | ||
| 944 | s->tlsext_session_ticket->length = ext_len; | 928 | s->tlsext_session_ticket->length = ext_len; |
| 945 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; | 929 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; |
| 946 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); | 930 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); |
| 947 | } | 931 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | s->tlsext_session_ticket->length = 0; | 932 | s->tlsext_session_ticket->length = 0; |
| 951 | s->tlsext_session_ticket->data = NULL; | 933 | s->tlsext_session_ticket->data = NULL; |
| 952 | } | 934 | } |
| 953 | 935 | ||
| 954 | return 1; | 936 | return 1; |
| 955 | } | 937 | } |
| 956 | 938 | ||
| 957 | return 0; | 939 | return 0; |
| 958 | } | 940 | } |
| 959 | #endif /* OPENSSL_NO_TLSEXT */ | 941 | #endif /* OPENSSL_NO_TLSEXT */ |
| 960 | 942 | ||
| 961 | typedef struct timeout_param_st | 943 | typedef struct timeout_param_st { |
| 962 | { | ||
| 963 | SSL_CTX *ctx; | 944 | SSL_CTX *ctx; |
| 964 | long time; | 945 | long time; |
| 965 | LHASH_OF(SSL_SESSION) *cache; | 946 | LHASH_OF(SSL_SESSION) *cache; |
| 966 | } TIMEOUT_PARAM; | 947 | } TIMEOUT_PARAM; |
| 967 | 948 | ||
| 968 | static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 949 | static void |
| 969 | { | 950 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 951 | { | ||
| 970 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 952 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ |
| 971 | { | 953 | { |
| 972 | /* The reason we don't call SSL_CTX_remove_session() is to | 954 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 973 | * save on locking overhead */ | 955 | * save on locking overhead */ |
| 974 | (void)lh_SSL_SESSION_delete(p->cache,s); | 956 | (void)lh_SSL_SESSION_delete(p->cache, s); |
| 975 | SSL_SESSION_list_remove(p->ctx,s); | 957 | SSL_SESSION_list_remove(p->ctx, s); |
| 976 | s->not_resumable=1; | 958 | s->not_resumable = 1; |
| 977 | if (p->ctx->remove_session_cb != NULL) | 959 | if (p->ctx->remove_session_cb != NULL) |
| 978 | p->ctx->remove_session_cb(p->ctx,s); | 960 | p->ctx->remove_session_cb(p->ctx, s); |
| 979 | SSL_SESSION_free(s); | 961 | SSL_SESSION_free(s); |
| 980 | } | ||
| 981 | } | 962 | } |
| 963 | } | ||
| 982 | 964 | ||
| 983 | static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 965 | static |
| 966 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | ||
| 984 | 967 | ||
| 985 | void SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 968 | void |
| 986 | { | 969 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 970 | { | ||
| 987 | unsigned long i; | 971 | unsigned long i; |
| 988 | TIMEOUT_PARAM tp; | 972 | TIMEOUT_PARAM tp; |
| 989 | 973 | ||
| 990 | tp.ctx=s; | 974 | tp.ctx = s; |
| 991 | tp.cache=s->sessions; | 975 | tp.cache = s->sessions; |
| 992 | if (tp.cache == NULL) return; | 976 | if (tp.cache == NULL) |
| 993 | tp.time=t; | 977 | return; |
| 978 | tp.time = t; | ||
| 994 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 979 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 995 | i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | 980 | i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; |
| 996 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; | 981 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; |
| 997 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | 982 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), |
| 998 | TIMEOUT_PARAM, &tp); | 983 | TIMEOUT_PARAM, &tp); |
| 999 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; | 984 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; |
| 1000 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 985 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 1001 | } | 986 | } |
| 1002 | 987 | ||
| 1003 | int ssl_clear_bad_session(SSL *s) | 988 | int |
| 1004 | { | 989 | ssl_clear_bad_session(SSL *s) |
| 1005 | if ( (s->session != NULL) && | 990 | { |
| 991 | if ((s->session != NULL) && | ||
| 1006 | !(s->shutdown & SSL_SENT_SHUTDOWN) && | 992 | !(s->shutdown & SSL_SENT_SHUTDOWN) && |
| 1007 | !(SSL_in_init(s) || SSL_in_before(s))) | 993 | !(SSL_in_init(s) || SSL_in_before(s))) { |
| 1008 | { | 994 | SSL_CTX_remove_session(s->ctx, s->session); |
| 1009 | SSL_CTX_remove_session(s->ctx,s->session); | 995 | return (1); |
| 1010 | return(1); | 996 | } else |
| 1011 | } | 997 | return (0); |
| 1012 | else | 998 | } |
| 1013 | return(0); | ||
| 1014 | } | ||
| 1015 | 999 | ||
| 1016 | /* locked by SSL_CTX in the calling function */ | 1000 | /* locked by SSL_CTX in the calling function */ |
| 1017 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) | 1001 | static void |
| 1018 | { | 1002 | SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) |
| 1019 | if ((s->next == NULL) || (s->prev == NULL)) return; | 1003 | { |
| 1004 | if ((s->next == NULL) | ||
| 1005 | || (s->prev == NULL)) return; | ||
| 1020 | 1006 | ||
| 1021 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) | 1007 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) |
| 1022 | { /* last element in list */ | 1008 | { /* last element in list */ |
| 1023 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1009 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1024 | { /* only one element in list */ | 1010 | { /* only one element in list */ |
| 1025 | ctx->session_cache_head=NULL; | 1011 | ctx->session_cache_head = NULL; |
| 1026 | ctx->session_cache_tail=NULL; | 1012 | ctx->session_cache_tail = NULL; |
| 1027 | } | 1013 | } else { |
| 1028 | else | 1014 | ctx->session_cache_tail = s->prev; |
| 1029 | { | 1015 | s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1030 | ctx->session_cache_tail=s->prev; | ||
| 1031 | s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); | ||
| 1032 | } | ||
| 1033 | } | 1016 | } |
| 1034 | else | 1017 | } else { |
| 1035 | { | ||
| 1036 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1018 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1037 | { /* first element in list */ | 1019 | { /* first element in list */ |
| 1038 | ctx->session_cache_head=s->next; | 1020 | ctx->session_cache_head = s->next; |
| 1039 | s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1021 | s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1040 | } | 1022 | } else |
| 1041 | else | 1023 | { /* middle of list */ |
| 1042 | { /* middle of list */ | 1024 | s->next->prev = s->prev; |
| 1043 | s->next->prev=s->prev; | 1025 | s->prev->next = s->next; |
| 1044 | s->prev->next=s->next; | ||
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1047 | s->prev=s->next=NULL; | ||
| 1048 | } | 1027 | } |
| 1028 | s->prev = s->next = NULL; | ||
| 1029 | } | ||
| 1049 | 1030 | ||
| 1050 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | 1031 | static void |
| 1051 | { | 1032 | SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) |
| 1033 | { | ||
| 1052 | if ((s->next != NULL) && (s->prev != NULL)) | 1034 | if ((s->next != NULL) && (s->prev != NULL)) |
| 1053 | SSL_SESSION_list_remove(ctx,s); | 1035 | SSL_SESSION_list_remove(ctx, s); |
| 1054 | 1036 | ||
| 1055 | if (ctx->session_cache_head == NULL) | 1037 | if (ctx->session_cache_head == NULL) { |
| 1056 | { | 1038 | ctx->session_cache_head = s; |
| 1057 | ctx->session_cache_head=s; | 1039 | ctx->session_cache_tail = s; |
| 1058 | ctx->session_cache_tail=s; | 1040 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1059 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1041 | s->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1060 | s->next=(SSL_SESSION *)&(ctx->session_cache_tail); | 1042 | } else { |
| 1061 | } | 1043 | s->next = ctx->session_cache_head; |
| 1062 | else | 1044 | s->next->prev = s; |
| 1063 | { | 1045 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1064 | s->next=ctx->session_cache_head; | 1046 | ctx->session_cache_head = s; |
| 1065 | s->next->prev=s; | ||
| 1066 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | ||
| 1067 | ctx->session_cache_head=s; | ||
| 1068 | } | ||
| 1069 | } | 1047 | } |
| 1048 | } | ||
| 1070 | 1049 | ||
| 1071 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | 1050 | void |
| 1072 | int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) | 1051 | SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, |
| 1073 | { | 1052 | int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { |
| 1074 | ctx->new_session_cb=cb; | 1053 | ctx->new_session_cb = cb; |
| 1075 | } | 1054 | } |
| 1076 | 1055 | ||
| 1077 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | 1056 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) |
| 1078 | { | 1057 | { |
| 1079 | return ctx->new_session_cb; | 1058 | return ctx->new_session_cb; |
| 1080 | } | 1059 | } |
| 1081 | 1060 | ||
| 1082 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | 1061 | void |
| 1083 | void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) | 1062 | SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, |
| 1084 | { | 1063 | void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) |
| 1085 | ctx->remove_session_cb=cb; | 1064 | { |
| 1086 | } | 1065 | ctx->remove_session_cb = cb; |
| 1066 | } | ||
| 1087 | 1067 | ||
| 1088 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) | 1068 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) |
| 1089 | { | 1069 | { |
| 1090 | return ctx->remove_session_cb; | 1070 | return ctx->remove_session_cb; |
| 1091 | } | 1071 | } |
| 1092 | 1072 | ||
| 1093 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | 1073 | void |
| 1094 | SSL_SESSION *(*cb)(struct ssl_st *ssl, | 1074 | SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, |
| 1095 | unsigned char *data,int len,int *copy)) | 1075 | SSL_SESSION *(*cb)(struct ssl_st *ssl, |
| 1096 | { | 1076 | unsigned char *data, int len, int *copy)) |
| 1097 | ctx->get_session_cb=cb; | 1077 | { |
| 1098 | } | 1078 | ctx->get_session_cb = cb; |
| 1079 | } | ||
| 1099 | 1080 | ||
| 1100 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, | 1081 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, |
| 1101 | unsigned char *data,int len,int *copy) | 1082 | unsigned char *data, int len, int *copy) |
| 1102 | { | 1083 | { |
| 1103 | return ctx->get_session_cb; | 1084 | return ctx->get_session_cb; |
| 1104 | } | 1085 | } |
| 1105 | 1086 | ||
| 1106 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, | 1087 | void |
| 1107 | void (*cb)(const SSL *ssl,int type,int val)) | 1088 | SSL_CTX_set_info_callback(SSL_CTX *ctx, |
| 1108 | { | 1089 | void (*cb)(const SSL *ssl, int type, int val)) |
| 1109 | ctx->info_callback=cb; | 1090 | { |
| 1110 | } | 1091 | ctx->info_callback = cb; |
| 1092 | } | ||
| 1111 | 1093 | ||
| 1112 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) | 1094 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) |
| 1113 | { | 1095 | { |
| 1114 | return ctx->info_callback; | 1096 | return ctx->info_callback; |
| 1115 | } | 1097 | } |
| 1116 | 1098 | ||
| 1117 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | 1099 | void |
| 1118 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | 1100 | SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, |
| 1119 | { | 1101 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) |
| 1120 | ctx->client_cert_cb=cb; | 1102 | { |
| 1121 | } | 1103 | ctx->client_cert_cb = cb; |
| 1104 | } | ||
| 1122 | 1105 | ||
| 1123 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) | 1106 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) |
| 1124 | { | 1107 | { |
| 1125 | return ctx->client_cert_cb; | 1108 | return ctx->client_cert_cb; |
| 1126 | } | 1109 | } |
| 1127 | 1110 | ||
| 1128 | #ifndef OPENSSL_NO_ENGINE | 1111 | #ifndef OPENSSL_NO_ENGINE |
| 1129 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | 1112 | int |
| 1130 | { | 1113 | SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) |
| 1131 | if (!ENGINE_init(e)) | 1114 | { |
| 1132 | { | 1115 | if (!ENGINE_init(e)) { |
| 1133 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); | 1116 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); |
| 1134 | return 0; | 1117 | return 0; |
| 1135 | } | 1118 | } |
| 1136 | if(!ENGINE_get_ssl_client_cert_function(e)) | 1119 | if (!ENGINE_get_ssl_client_cert_function(e)) { |
| 1137 | { | ||
| 1138 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); | 1120 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); |
| 1139 | ENGINE_finish(e); | 1121 | ENGINE_finish(e); |
| 1140 | return 0; | 1122 | return 0; |
| 1141 | } | 1123 | } |
| 1142 | ctx->client_cert_engine = e; | 1124 | ctx->client_cert_engine = e; |
| 1143 | return 1; | 1125 | return 1; |
| 1144 | } | 1126 | } |
| 1145 | #endif | 1127 | #endif |
| 1146 | 1128 | ||
| 1147 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | 1129 | void |
| 1148 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | 1130 | SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, |
| 1149 | { | 1131 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) |
| 1150 | ctx->app_gen_cookie_cb=cb; | 1132 | { |
| 1151 | } | 1133 | ctx->app_gen_cookie_cb = cb; |
| 1134 | } | ||
| 1152 | 1135 | ||
| 1153 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | 1136 | void |
| 1154 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | 1137 | SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, |
| 1155 | { | 1138 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) |
| 1156 | ctx->app_verify_cookie_cb=cb; | 1139 | { |
| 1157 | } | 1140 | ctx->app_verify_cookie_cb = cb; |
| 1141 | } | ||
| 1158 | 1142 | ||
| 1159 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) | 1143 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) |
diff --git a/src/lib/libssl/src/ssl/ssl_stat.c b/src/lib/libssl/src/ssl/ssl_stat.c index 144b81e55f..3d9371cdd7 100644 --- a/src/lib/libssl/src/ssl/ssl_stat.c +++ b/src/lib/libssl/src/ssl/ssl_stat.c | |||
| @@ -85,311 +85,533 @@ | |||
| 85 | #include <stdio.h> | 85 | #include <stdio.h> |
| 86 | #include "ssl_locl.h" | 86 | #include "ssl_locl.h" |
| 87 | 87 | ||
| 88 | const char *SSL_state_string_long(const SSL *s) | 88 | const char |
| 89 | { | 89 | *SSL_state_string_long(const SSL *s) |
| 90 | { | ||
| 90 | const char *str; | 91 | const char *str; |
| 91 | 92 | ||
| 92 | switch (s->state) | 93 | switch (s->state) { |
| 93 | { | 94 | case SSL_ST_BEFORE: |
| 94 | case SSL_ST_BEFORE: str="before SSL initialization"; break; | 95 | str="before SSL initialization"; break; |
| 95 | case SSL_ST_ACCEPT: str="before accept initialization"; break; | 96 | case SSL_ST_ACCEPT: |
| 96 | case SSL_ST_CONNECT: str="before connect initialization"; break; | 97 | str="before accept initialization"; break; |
| 97 | case SSL_ST_OK: str="SSL negotiation finished successfully"; break; | 98 | case SSL_ST_CONNECT: |
| 98 | case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; | 99 | str="before connect initialization"; break; |
| 99 | case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; | 100 | case SSL_ST_OK: |
| 100 | case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; | 101 | str="SSL negotiation finished successfully"; break; |
| 101 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; | 102 | case SSL_ST_RENEGOTIATE: |
| 102 | case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; | 103 | str="SSL renegotiate ciphers"; break; |
| 104 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 105 | str="before/connect initialization"; break; | ||
| 106 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 107 | str="ok/connect SSL initialization"; break; | ||
| 108 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 109 | str="before/accept initialization"; break; | ||
| 110 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 111 | str="ok/accept SSL initialization"; break; | ||
| 103 | #ifndef OPENSSL_NO_SSL2 | 112 | #ifndef OPENSSL_NO_SSL2 |
| 104 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; | 113 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 105 | case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; | 114 | str="SSLv2 client start encryption"; break; |
| 106 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; | 115 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 107 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; | 116 | str="SSLv2 server start encryption"; break; |
| 108 | case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; | 117 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 109 | case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; | 118 | str="SSLv2 write client hello A"; break; |
| 110 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; | 119 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 111 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; | 120 | str="SSLv2 write client hello B"; break; |
| 112 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; | 121 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 113 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; | 122 | str="SSLv2 read server hello A"; break; |
| 114 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; | 123 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 115 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; | 124 | str="SSLv2 read server hello B"; break; |
| 116 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; | 125 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 117 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; | 126 | str="SSLv2 write client master key A"; break; |
| 118 | case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; | 127 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 119 | case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; | 128 | str="SSLv2 write client master key B"; break; |
| 120 | case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; | 129 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 121 | case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; | 130 | str="SSLv2 write client finished A"; break; |
| 122 | case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; | 131 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 123 | case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; | 132 | str="SSLv2 write client finished B"; break; |
| 124 | case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; | 133 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 125 | case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; | 134 | str="SSLv2 write client certificate A"; break; |
| 126 | case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; | 135 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 127 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; | 136 | str="SSLv2 write client certificate B"; break; |
| 128 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; | 137 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 129 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; | 138 | str="SSLv2 write client certificate C"; break; |
| 130 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; | 139 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 131 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; | 140 | str="SSLv2 write client certificate D"; break; |
| 132 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; | 141 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 133 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; | 142 | str="SSLv2 read server verify A"; break; |
| 134 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; | 143 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 135 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; | 144 | str="SSLv2 read server verify B"; break; |
| 136 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; | 145 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 137 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; | 146 | str="SSLv2 read server finished A"; break; |
| 138 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; | 147 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 139 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; | 148 | str="SSLv2 read server finished B"; break; |
| 140 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; | 149 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 141 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; | 150 | str="SSLv2 read client hello A"; break; |
| 151 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 152 | str="SSLv2 read client hello B"; break; | ||
| 153 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 154 | str="SSLv2 read client hello C"; break; | ||
| 155 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 156 | str="SSLv2 write server hello A"; break; | ||
| 157 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 158 | str="SSLv2 write server hello B"; break; | ||
| 159 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 160 | str="SSLv2 read client master key A"; break; | ||
| 161 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 162 | str="SSLv2 read client master key B"; break; | ||
| 163 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 164 | str="SSLv2 write server verify A"; break; | ||
| 165 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 166 | str="SSLv2 write server verify B"; break; | ||
| 167 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 168 | str="SSLv2 write server verify C"; break; | ||
| 169 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 170 | str="SSLv2 read client finished A"; break; | ||
| 171 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 172 | str="SSLv2 read client finished B"; break; | ||
| 173 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 174 | str="SSLv2 write server finished A"; break; | ||
| 175 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 176 | str="SSLv2 write server finished B"; break; | ||
| 177 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 178 | str="SSLv2 write request certificate A"; break; | ||
| 179 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 180 | str="SSLv2 write request certificate B"; break; | ||
| 181 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 182 | str="SSLv2 write request certificate C"; break; | ||
| 183 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 184 | str="SSLv2 write request certificate D"; break; | ||
| 185 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 186 | str="SSLv2 X509 read server certificate"; break; | ||
| 187 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 188 | str="SSLv2 X509 read client certificate"; break; | ||
| 142 | #endif | 189 | #endif |
| 143 | 190 | ||
| 144 | #ifndef OPENSSL_NO_SSL3 | 191 | #ifndef OPENSSL_NO_SSL3 |
| 145 | /* SSLv3 additions */ | 192 | /* SSLv3 additions */ |
| 146 | case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; | 193 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 147 | case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; | 194 | str="SSLv3 write client hello A"; break; |
| 148 | case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; | 195 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 149 | case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; | 196 | str="SSLv3 write client hello B"; break; |
| 150 | case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; | 197 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 151 | case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; | 198 | str="SSLv3 read server hello A"; break; |
| 152 | case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; | 199 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 153 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; | 200 | str="SSLv3 read server hello B"; break; |
| 154 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; | 201 | case SSL3_ST_CR_CERT_A: |
| 155 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; | 202 | str="SSLv3 read server certificate A"; break; |
| 156 | case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; | 203 | case SSL3_ST_CR_CERT_B: |
| 157 | case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; | 204 | str="SSLv3 read server certificate B"; break; |
| 158 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | 205 | case SSL3_ST_CR_KEY_EXCH_A: |
| 159 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | 206 | str="SSLv3 read server key exchange A"; break; |
| 160 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | 207 | case SSL3_ST_CR_KEY_EXCH_B: |
| 161 | case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; | 208 | str="SSLv3 read server key exchange B"; break; |
| 162 | case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; | 209 | case SSL3_ST_CR_CERT_REQ_A: |
| 163 | case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; | 210 | str="SSLv3 read server certificate request A"; break; |
| 164 | case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; | 211 | case SSL3_ST_CR_CERT_REQ_B: |
| 165 | case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; | 212 | str="SSLv3 read server certificate request B"; break; |
| 166 | case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; | 213 | case SSL3_ST_CR_SESSION_TICKET_A: |
| 167 | case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; | 214 | str="SSLv3 read server session ticket A";break; |
| 215 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 216 | str="SSLv3 read server session ticket B";break; | ||
| 217 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 218 | str="SSLv3 read server done A"; break; | ||
| 219 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 220 | str="SSLv3 read server done B"; break; | ||
| 221 | case SSL3_ST_CW_CERT_A: | ||
| 222 | str="SSLv3 write client certificate A"; break; | ||
| 223 | case SSL3_ST_CW_CERT_B: | ||
| 224 | str="SSLv3 write client certificate B"; break; | ||
| 225 | case SSL3_ST_CW_CERT_C: | ||
| 226 | str="SSLv3 write client certificate C"; break; | ||
| 227 | case SSL3_ST_CW_CERT_D: | ||
| 228 | str="SSLv3 write client certificate D"; break; | ||
| 229 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 230 | str="SSLv3 write client key exchange A"; break; | ||
| 231 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 232 | str="SSLv3 write client key exchange B"; break; | ||
| 233 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 234 | str="SSLv3 write certificate verify A"; break; | ||
| 235 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 236 | str="SSLv3 write certificate verify B"; break; | ||
| 168 | 237 | ||
| 169 | case SSL3_ST_CW_CHANGE_A: | 238 | case SSL3_ST_CW_CHANGE_A: |
| 170 | case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; | 239 | case SSL3_ST_SW_CHANGE_A: |
| 171 | case SSL3_ST_CW_CHANGE_B: | 240 | str="SSLv3 write change cipher spec A"; break; |
| 172 | case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; | 241 | case SSL3_ST_CW_CHANGE_B: |
| 173 | case SSL3_ST_CW_FINISHED_A: | 242 | case SSL3_ST_SW_CHANGE_B: |
| 174 | case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; | 243 | str="SSLv3 write change cipher spec B"; break; |
| 175 | case SSL3_ST_CW_FINISHED_B: | 244 | case SSL3_ST_CW_FINISHED_A: |
| 176 | case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; | 245 | case SSL3_ST_SW_FINISHED_A: |
| 177 | case SSL3_ST_CR_CHANGE_A: | 246 | str="SSLv3 write finished A"; break; |
| 178 | case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; | 247 | case SSL3_ST_CW_FINISHED_B: |
| 179 | case SSL3_ST_CR_CHANGE_B: | 248 | case SSL3_ST_SW_FINISHED_B: |
| 180 | case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; | 249 | str="SSLv3 write finished B"; break; |
| 181 | case SSL3_ST_CR_FINISHED_A: | 250 | case SSL3_ST_CR_CHANGE_A: |
| 182 | case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; | 251 | case SSL3_ST_SR_CHANGE_A: |
| 183 | case SSL3_ST_CR_FINISHED_B: | 252 | str="SSLv3 read change cipher spec A"; break; |
| 184 | case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; | 253 | case SSL3_ST_CR_CHANGE_B: |
| 254 | case SSL3_ST_SR_CHANGE_B: | ||
| 255 | str="SSLv3 read change cipher spec B"; break; | ||
| 256 | case SSL3_ST_CR_FINISHED_A: | ||
| 257 | case SSL3_ST_SR_FINISHED_A: | ||
| 258 | str="SSLv3 read finished A"; break; | ||
| 259 | case SSL3_ST_CR_FINISHED_B: | ||
| 260 | case SSL3_ST_SR_FINISHED_B: | ||
| 261 | str="SSLv3 read finished B"; break; | ||
| 185 | 262 | ||
| 186 | case SSL3_ST_CW_FLUSH: | 263 | case SSL3_ST_CW_FLUSH: |
| 187 | case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; | 264 | case SSL3_ST_SW_FLUSH: |
| 265 | str="SSLv3 flush data"; break; | ||
| 188 | 266 | ||
| 189 | case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; | 267 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 190 | case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; | 268 | str="SSLv3 read client hello A"; break; |
| 191 | case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; | 269 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 192 | case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; | 270 | str="SSLv3 read client hello B"; break; |
| 193 | case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; | 271 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 194 | case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; | 272 | str="SSLv3 read client hello C"; break; |
| 195 | case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; | 273 | case SSL3_ST_SW_HELLO_REQ_A: |
| 196 | case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; | 274 | str="SSLv3 write hello request A"; break; |
| 197 | case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; | 275 | case SSL3_ST_SW_HELLO_REQ_B: |
| 198 | case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; | 276 | str="SSLv3 write hello request B"; break; |
| 199 | case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; | 277 | case SSL3_ST_SW_HELLO_REQ_C: |
| 200 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; | 278 | str="SSLv3 write hello request C"; break; |
| 201 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; | 279 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 202 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; | 280 | str="SSLv3 write server hello A"; break; |
| 203 | case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; | 281 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 204 | case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; | 282 | str="SSLv3 write server hello B"; break; |
| 205 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; | 283 | case SSL3_ST_SW_CERT_A: |
| 206 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; | 284 | str="SSLv3 write certificate A"; break; |
| 207 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; | 285 | case SSL3_ST_SW_CERT_B: |
| 208 | case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; | 286 | str="SSLv3 write certificate B"; break; |
| 209 | case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; | 287 | case SSL3_ST_SW_KEY_EXCH_A: |
| 210 | case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; | 288 | str="SSLv3 write key exchange A"; break; |
| 211 | case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; | 289 | case SSL3_ST_SW_KEY_EXCH_B: |
| 212 | case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; | 290 | str="SSLv3 write key exchange B"; break; |
| 291 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 292 | str="SSLv3 write certificate request A"; break; | ||
| 293 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 294 | str="SSLv3 write certificate request B"; break; | ||
| 295 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 296 | str="SSLv3 write session ticket A"; break; | ||
| 297 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 298 | str="SSLv3 write session ticket B"; break; | ||
| 299 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 300 | str="SSLv3 write server done A"; break; | ||
| 301 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 302 | str="SSLv3 write server done B"; break; | ||
| 303 | case SSL3_ST_SR_CERT_A: | ||
| 304 | str="SSLv3 read client certificate A"; break; | ||
| 305 | case SSL3_ST_SR_CERT_B: | ||
| 306 | str="SSLv3 read client certificate B"; break; | ||
| 307 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 308 | str="SSLv3 read client key exchange A"; break; | ||
| 309 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 310 | str="SSLv3 read client key exchange B"; break; | ||
| 311 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 312 | str="SSLv3 read certificate verify A"; break; | ||
| 313 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 314 | str="SSLv3 read certificate verify B"; break; | ||
| 213 | #endif | 315 | #endif |
| 214 | 316 | ||
| 215 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 317 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 216 | /* SSLv2/v3 compatibility states */ | 318 | /* SSLv2/v3 compatibility states */ |
| 217 | /* client */ | 319 | /* client */ |
| 218 | case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; | 320 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 219 | case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; | 321 | str="SSLv2/v3 write client hello A"; break; |
| 220 | case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; | 322 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 221 | case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; | 323 | str="SSLv2/v3 write client hello B"; break; |
| 324 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 325 | str="SSLv2/v3 read server hello A"; break; | ||
| 326 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 327 | str="SSLv2/v3 read server hello B"; break; | ||
| 222 | /* server */ | 328 | /* server */ |
| 223 | case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; | 329 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 224 | case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; | 330 | str="SSLv2/v3 read client hello A"; break; |
| 331 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 332 | str="SSLv2/v3 read client hello B"; break; | ||
| 225 | #endif | 333 | #endif |
| 226 | 334 | ||
| 227 | /* DTLS */ | 335 | /* DTLS */ |
| 228 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; | 336 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 229 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; | 337 | str="DTLS1 read hello verify request A"; break; |
| 230 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; | 338 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 231 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; | 339 | str="DTLS1 read hello verify request B"; break; |
| 340 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 341 | str="DTLS1 write hello verify request A"; break; | ||
| 342 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 343 | str="DTLS1 write hello verify request B"; break; | ||
| 232 | 344 | ||
| 233 | default: str="unknown state"; break; | 345 | default: |
| 234 | } | 346 | str="unknown state"; break; |
| 235 | return(str); | ||
| 236 | } | 347 | } |
| 348 | return (str); | ||
| 349 | } | ||
| 237 | 350 | ||
| 238 | const char *SSL_rstate_string_long(const SSL *s) | 351 | const char |
| 239 | { | 352 | *SSL_rstate_string_long(const SSL *s) |
| 353 | { | ||
| 240 | const char *str; | 354 | const char *str; |
| 241 | 355 | ||
| 242 | switch (s->rstate) | 356 | switch (s->rstate) { |
| 243 | { | 357 | case SSL_ST_READ_HEADER: |
| 244 | case SSL_ST_READ_HEADER: str="read header"; break; | 358 | str="read header"; break; |
| 245 | case SSL_ST_READ_BODY: str="read body"; break; | 359 | case SSL_ST_READ_BODY: |
| 246 | case SSL_ST_READ_DONE: str="read done"; break; | 360 | str="read body"; break; |
| 247 | default: str="unknown"; break; | 361 | case SSL_ST_READ_DONE: |
| 248 | } | 362 | str="read done"; break; |
| 249 | return(str); | 363 | default: |
| 364 | str="unknown"; break; | ||
| 250 | } | 365 | } |
| 366 | return (str); | ||
| 367 | } | ||
| 251 | 368 | ||
| 252 | const char *SSL_state_string(const SSL *s) | 369 | const char |
| 253 | { | 370 | *SSL_state_string(const SSL *s) |
| 371 | { | ||
| 254 | const char *str; | 372 | const char *str; |
| 255 | 373 | ||
| 256 | switch (s->state) | 374 | switch (s->state) { |
| 257 | { | 375 | case SSL_ST_BEFORE: |
| 258 | case SSL_ST_BEFORE: str="PINIT "; break; | 376 | str="PINIT "; break; |
| 259 | case SSL_ST_ACCEPT: str="AINIT "; break; | 377 | case SSL_ST_ACCEPT: |
| 260 | case SSL_ST_CONNECT: str="CINIT "; break; | 378 | str="AINIT "; break; |
| 261 | case SSL_ST_OK: str="SSLOK "; break; | 379 | case SSL_ST_CONNECT: |
| 380 | str="CINIT "; break; | ||
| 381 | case SSL_ST_OK: | ||
| 382 | str="SSLOK "; break; | ||
| 262 | #ifndef OPENSSL_NO_SSL2 | 383 | #ifndef OPENSSL_NO_SSL2 |
| 263 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; | 384 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 264 | case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; | 385 | str="2CSENC"; break; |
| 265 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; | 386 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 266 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; | 387 | str="2SSENC"; break; |
| 267 | case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; | 388 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 268 | case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; | 389 | str="2SCH_A"; break; |
| 269 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; | 390 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 270 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; | 391 | str="2SCH_B"; break; |
| 271 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; | 392 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 272 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; | 393 | str="2GSH_A"; break; |
| 273 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; | 394 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 274 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; | 395 | str="2GSH_B"; break; |
| 275 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; | 396 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 276 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; | 397 | str="2SCMKA"; break; |
| 277 | case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; | 398 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 278 | case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; | 399 | str="2SCMKB"; break; |
| 279 | case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; | 400 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 280 | case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; | 401 | str="2SCF_A"; break; |
| 281 | case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; | 402 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 282 | case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; | 403 | str="2SCF_B"; break; |
| 283 | case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; | 404 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 284 | case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; | 405 | str="2SCC_A"; break; |
| 285 | case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; | 406 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 286 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; | 407 | str="2SCC_B"; break; |
| 287 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; | 408 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 288 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; | 409 | str="2SCC_C"; break; |
| 289 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; | 410 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 290 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; | 411 | str="2SCC_D"; break; |
| 291 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; | 412 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 292 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; | 413 | str="2GSV_A"; break; |
| 293 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; | 414 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 294 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; | 415 | str="2GSV_B"; break; |
| 295 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; | 416 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 296 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; | 417 | str="2GSF_A"; break; |
| 297 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; | 418 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 298 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; | 419 | str="2GSF_B"; break; |
| 299 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; | 420 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 300 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; | 421 | str="2GCH_A"; break; |
| 422 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 423 | str="2GCH_B"; break; | ||
| 424 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 425 | str="2GCH_C"; break; | ||
| 426 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 427 | str="2SSH_A"; break; | ||
| 428 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 429 | str="2SSH_B"; break; | ||
| 430 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 431 | str="2GCMKA"; break; | ||
| 432 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 433 | str="2GCMKA"; break; | ||
| 434 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 435 | str="2SSV_A"; break; | ||
| 436 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 437 | str="2SSV_B"; break; | ||
| 438 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 439 | str="2SSV_C"; break; | ||
| 440 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 441 | str="2GCF_A"; break; | ||
| 442 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 443 | str="2GCF_B"; break; | ||
| 444 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 445 | str="2SSF_A"; break; | ||
| 446 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 447 | str="2SSF_B"; break; | ||
| 448 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 449 | str="2SRC_A"; break; | ||
| 450 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 451 | str="2SRC_B"; break; | ||
| 452 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 453 | str="2SRC_C"; break; | ||
| 454 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 455 | str="2SRC_D"; break; | ||
| 456 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 457 | str="2X9GSC"; break; | ||
| 458 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 459 | str="2X9GCC"; break; | ||
| 301 | #endif | 460 | #endif |
| 302 | 461 | ||
| 303 | #ifndef OPENSSL_NO_SSL3 | 462 | #ifndef OPENSSL_NO_SSL3 |
| 304 | /* SSLv3 additions */ | 463 | /* SSLv3 additions */ |
| 305 | case SSL3_ST_SW_FLUSH: | 464 | case SSL3_ST_SW_FLUSH: |
| 306 | case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; | 465 | case SSL3_ST_CW_FLUSH: |
| 307 | case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; | 466 | str="3FLUSH"; break; |
| 308 | case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; | 467 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 309 | case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; | 468 | str="3WCH_A"; break; |
| 310 | case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; | 469 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 311 | case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; | 470 | str="3WCH_B"; break; |
| 312 | case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; | 471 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 313 | case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; | 472 | str="3RSH_A"; break; |
| 314 | case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; | 473 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 315 | case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; | 474 | str="3RSH_B"; break; |
| 316 | case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; | 475 | case SSL3_ST_CR_CERT_A: |
| 317 | case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; | 476 | str="3RSC_A"; break; |
| 318 | case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; | 477 | case SSL3_ST_CR_CERT_B: |
| 319 | case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; | 478 | str="3RSC_B"; break; |
| 320 | case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; | 479 | case SSL3_ST_CR_KEY_EXCH_A: |
| 321 | case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; | 480 | str="3RSKEA"; break; |
| 322 | case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; | 481 | case SSL3_ST_CR_KEY_EXCH_B: |
| 323 | case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; | 482 | str="3RSKEB"; break; |
| 324 | case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; | 483 | case SSL3_ST_CR_CERT_REQ_A: |
| 325 | case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; | 484 | str="3RCR_A"; break; |
| 326 | case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; | 485 | case SSL3_ST_CR_CERT_REQ_B: |
| 486 | str="3RCR_B"; break; | ||
| 487 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 488 | str="3RSD_A"; break; | ||
| 489 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 490 | str="3RSD_B"; break; | ||
| 491 | case SSL3_ST_CW_CERT_A: | ||
| 492 | str="3WCC_A"; break; | ||
| 493 | case SSL3_ST_CW_CERT_B: | ||
| 494 | str="3WCC_B"; break; | ||
| 495 | case SSL3_ST_CW_CERT_C: | ||
| 496 | str="3WCC_C"; break; | ||
| 497 | case SSL3_ST_CW_CERT_D: | ||
| 498 | str="3WCC_D"; break; | ||
| 499 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 500 | str="3WCKEA"; break; | ||
| 501 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 502 | str="3WCKEB"; break; | ||
| 503 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 504 | str="3WCV_A"; break; | ||
| 505 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 506 | str="3WCV_B"; break; | ||
| 327 | 507 | ||
| 328 | case SSL3_ST_SW_CHANGE_A: | 508 | case SSL3_ST_SW_CHANGE_A: |
| 329 | case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; | 509 | case SSL3_ST_CW_CHANGE_A: |
| 330 | case SSL3_ST_SW_CHANGE_B: | 510 | str="3WCCSA"; break; |
| 331 | case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; | 511 | case SSL3_ST_SW_CHANGE_B: |
| 332 | case SSL3_ST_SW_FINISHED_A: | 512 | case SSL3_ST_CW_CHANGE_B: |
| 333 | case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; | 513 | str="3WCCSB"; break; |
| 334 | case SSL3_ST_SW_FINISHED_B: | 514 | case SSL3_ST_SW_FINISHED_A: |
| 335 | case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; | 515 | case SSL3_ST_CW_FINISHED_A: |
| 336 | case SSL3_ST_SR_CHANGE_A: | 516 | str="3WFINA"; break; |
| 337 | case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; | 517 | case SSL3_ST_SW_FINISHED_B: |
| 338 | case SSL3_ST_SR_CHANGE_B: | 518 | case SSL3_ST_CW_FINISHED_B: |
| 339 | case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; | 519 | str="3WFINB"; break; |
| 340 | case SSL3_ST_SR_FINISHED_A: | 520 | case SSL3_ST_SR_CHANGE_A: |
| 341 | case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; | 521 | case SSL3_ST_CR_CHANGE_A: |
| 342 | case SSL3_ST_SR_FINISHED_B: | 522 | str="3RCCSA"; break; |
| 343 | case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; | 523 | case SSL3_ST_SR_CHANGE_B: |
| 524 | case SSL3_ST_CR_CHANGE_B: | ||
| 525 | str="3RCCSB"; break; | ||
| 526 | case SSL3_ST_SR_FINISHED_A: | ||
| 527 | case SSL3_ST_CR_FINISHED_A: | ||
| 528 | str="3RFINA"; break; | ||
| 529 | case SSL3_ST_SR_FINISHED_B: | ||
| 530 | case SSL3_ST_CR_FINISHED_B: | ||
| 531 | str="3RFINB"; break; | ||
| 344 | 532 | ||
| 345 | case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; | 533 | case SSL3_ST_SW_HELLO_REQ_A: |
| 346 | case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; | 534 | str="3WHR_A"; break; |
| 347 | case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; | 535 | case SSL3_ST_SW_HELLO_REQ_B: |
| 348 | case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; | 536 | str="3WHR_B"; break; |
| 349 | case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; | 537 | case SSL3_ST_SW_HELLO_REQ_C: |
| 350 | case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; | 538 | str="3WHR_C"; break; |
| 351 | case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; | 539 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 352 | case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; | 540 | str="3RCH_A"; break; |
| 353 | case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; | 541 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 354 | case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; | 542 | str="3RCH_B"; break; |
| 355 | case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; | 543 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 356 | case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; | 544 | str="3RCH_C"; break; |
| 357 | case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; | 545 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 358 | case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; | 546 | str="3WSH_A"; break; |
| 359 | case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; | 547 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 360 | case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; | 548 | str="3WSH_B"; break; |
| 361 | case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; | 549 | case SSL3_ST_SW_CERT_A: |
| 362 | case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; | 550 | str="3WSC_A"; break; |
| 363 | case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; | 551 | case SSL3_ST_SW_CERT_B: |
| 364 | case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; | 552 | str="3WSC_B"; break; |
| 365 | case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; | 553 | case SSL3_ST_SW_KEY_EXCH_A: |
| 366 | case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; | 554 | str="3WSKEA"; break; |
| 555 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 556 | str="3WSKEB"; break; | ||
| 557 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 558 | str="3WCR_A"; break; | ||
| 559 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 560 | str="3WCR_B"; break; | ||
| 561 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 562 | str="3WSD_A"; break; | ||
| 563 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 564 | str="3WSD_B"; break; | ||
| 565 | case SSL3_ST_SR_CERT_A: | ||
| 566 | str="3RCC_A"; break; | ||
| 567 | case SSL3_ST_SR_CERT_B: | ||
| 568 | str="3RCC_B"; break; | ||
| 569 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 570 | str="3RCKEA"; break; | ||
| 571 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 572 | str="3RCKEB"; break; | ||
| 573 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 574 | str="3RCV_A"; break; | ||
| 575 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 576 | str="3RCV_B"; break; | ||
| 367 | #endif | 577 | #endif |
| 368 | 578 | ||
| 369 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 579 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 370 | /* SSLv2/v3 compatibility states */ | 580 | /* SSLv2/v3 compatibility states */ |
| 371 | /* client */ | 581 | /* client */ |
| 372 | case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; | 582 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 373 | case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; | 583 | str="23WCHA"; break; |
| 374 | case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; | 584 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 375 | case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; | 585 | str="23WCHB"; break; |
| 586 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 587 | str="23RSHA"; break; | ||
| 588 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 589 | str="23RSHA"; break; | ||
| 376 | /* server */ | 590 | /* server */ |
| 377 | case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; | 591 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 378 | case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; | 592 | str="23RCHA"; break; |
| 593 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 594 | str="23RCHB"; break; | ||
| 379 | #endif | 595 | #endif |
| 380 | /* DTLS */ | 596 | /* DTLS */ |
| 381 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; | 597 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 382 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; | 598 | str="DRCHVA"; break; |
| 383 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; | 599 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 384 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; | 600 | str="DRCHVB"; break; |
| 601 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 602 | str="DWCHVA"; break; | ||
| 603 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 604 | str="DWCHVB"; break; | ||
| 385 | 605 | ||
| 386 | default: str="UNKWN "; break; | 606 | default: |
| 387 | } | 607 | str="UNKWN "; break; |
| 388 | return(str); | ||
| 389 | } | 608 | } |
| 609 | return (str); | ||
| 610 | } | ||
| 390 | 611 | ||
| 391 | const char *SSL_alert_type_string_long(int value) | 612 | const char |
| 392 | { | 613 | *SSL_alert_type_string_long(int value) |
| 614 | { | ||
| 393 | value>>=8; | 615 | value>>=8; |
| 394 | if (value == SSL3_AL_WARNING) | 616 | if (value == SSL3_AL_WARNING) |
| 395 | return("warning"); | 617 | return("warning"); |
| @@ -397,10 +619,11 @@ const char *SSL_alert_type_string_long(int value) | |||
| 397 | return("fatal"); | 619 | return("fatal"); |
| 398 | else | 620 | else |
| 399 | return("unknown"); | 621 | return("unknown"); |
| 400 | } | 622 | } |
| 401 | 623 | ||
| 402 | const char *SSL_alert_type_string(int value) | 624 | const char |
| 403 | { | 625 | *SSL_alert_type_string(int value) |
| 626 | { | ||
| 404 | value>>=8; | 627 | value>>=8; |
| 405 | if (value == SSL3_AL_WARNING) | 628 | if (value == SSL3_AL_WARNING) |
| 406 | return("W"); | 629 | return("W"); |
| @@ -408,55 +631,86 @@ const char *SSL_alert_type_string(int value) | |||
| 408 | return("F"); | 631 | return("F"); |
| 409 | else | 632 | else |
| 410 | return("U"); | 633 | return("U"); |
| 411 | } | 634 | } |
| 412 | 635 | ||
| 413 | const char *SSL_alert_desc_string(int value) | 636 | const char |
| 414 | { | 637 | *SSL_alert_desc_string(int value) |
| 638 | { | ||
| 415 | const char *str; | 639 | const char *str; |
| 416 | 640 | ||
| 417 | switch (value & 0xff) | 641 | switch (value & 0xff) { |
| 418 | { | 642 | case SSL3_AD_CLOSE_NOTIFY: |
| 419 | case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; | 643 | str="CN"; break; |
| 420 | case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; | 644 | case SSL3_AD_UNEXPECTED_MESSAGE: |
| 421 | case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; | 645 | str="UM"; break; |
| 422 | case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; | 646 | case SSL3_AD_BAD_RECORD_MAC: |
| 423 | case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; | 647 | str="BM"; break; |
| 424 | case SSL3_AD_NO_CERTIFICATE: str="NC"; break; | 648 | case SSL3_AD_DECOMPRESSION_FAILURE: |
| 425 | case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; | 649 | str="DF"; break; |
| 426 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; | 650 | case SSL3_AD_HANDSHAKE_FAILURE: |
| 427 | case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; | 651 | str="HF"; break; |
| 428 | case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; | 652 | case SSL3_AD_NO_CERTIFICATE: |
| 429 | case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; | 653 | str="NC"; break; |
| 430 | case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; | 654 | case SSL3_AD_BAD_CERTIFICATE: |
| 431 | case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; | 655 | str="BC"; break; |
| 432 | case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; | 656 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: |
| 433 | case TLS1_AD_UNKNOWN_CA: str="CA"; break; | 657 | str="UC"; break; |
| 434 | case TLS1_AD_ACCESS_DENIED: str="AD"; break; | 658 | case SSL3_AD_CERTIFICATE_REVOKED: |
| 435 | case TLS1_AD_DECODE_ERROR: str="DE"; break; | 659 | str="CR"; break; |
| 436 | case TLS1_AD_DECRYPT_ERROR: str="CY"; break; | 660 | case SSL3_AD_CERTIFICATE_EXPIRED: |
| 437 | case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; | 661 | str="CE"; break; |
| 438 | case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; | 662 | case SSL3_AD_CERTIFICATE_UNKNOWN: |
| 439 | case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; | 663 | str="CU"; break; |
| 440 | case TLS1_AD_INTERNAL_ERROR: str="IE"; break; | 664 | case SSL3_AD_ILLEGAL_PARAMETER: |
| 441 | case TLS1_AD_USER_CANCELLED: str="US"; break; | 665 | str="IP"; break; |
| 442 | case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; | 666 | case TLS1_AD_DECRYPTION_FAILED: |
| 443 | case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; | 667 | str="DC"; break; |
| 444 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; | 668 | case TLS1_AD_RECORD_OVERFLOW: |
| 445 | case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; | 669 | str="RO"; break; |
| 446 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; | 670 | case TLS1_AD_UNKNOWN_CA: |
| 447 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; | 671 | str="CA"; break; |
| 448 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; | 672 | case TLS1_AD_ACCESS_DENIED: |
| 449 | default: str="UK"; break; | 673 | str="AD"; break; |
| 450 | } | 674 | case TLS1_AD_DECODE_ERROR: |
| 451 | return(str); | 675 | str="DE"; break; |
| 676 | case TLS1_AD_DECRYPT_ERROR: | ||
| 677 | str="CY"; break; | ||
| 678 | case TLS1_AD_EXPORT_RESTRICTION: | ||
| 679 | str="ER"; break; | ||
| 680 | case TLS1_AD_PROTOCOL_VERSION: | ||
| 681 | str="PV"; break; | ||
| 682 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
| 683 | str="IS"; break; | ||
| 684 | case TLS1_AD_INTERNAL_ERROR: | ||
| 685 | str="IE"; break; | ||
| 686 | case TLS1_AD_USER_CANCELLED: | ||
| 687 | str="US"; break; | ||
| 688 | case TLS1_AD_NO_RENEGOTIATION: | ||
| 689 | str="NR"; break; | ||
| 690 | case TLS1_AD_UNSUPPORTED_EXTENSION: | ||
| 691 | str="UE"; break; | ||
| 692 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: | ||
| 693 | str="CO"; break; | ||
| 694 | case TLS1_AD_UNRECOGNIZED_NAME: | ||
| 695 | str="UN"; break; | ||
| 696 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
| 697 | str="BR"; break; | ||
| 698 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
| 699 | str="BH"; break; | ||
| 700 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | ||
| 701 | str="UP"; break; | ||
| 702 | default: | ||
| 703 | str="UK"; break; | ||
| 452 | } | 704 | } |
| 705 | return (str); | ||
| 706 | } | ||
| 453 | 707 | ||
| 454 | const char *SSL_alert_desc_string_long(int value) | 708 | const char |
| 455 | { | 709 | *SSL_alert_desc_string_long(int value) |
| 710 | { | ||
| 456 | const char *str; | 711 | const char *str; |
| 457 | 712 | ||
| 458 | switch (value & 0xff) | 713 | switch (value & 0xff) { |
| 459 | { | ||
| 460 | case SSL3_AD_CLOSE_NOTIFY: | 714 | case SSL3_AD_CLOSE_NOTIFY: |
| 461 | str="close notify"; | 715 | str="close notify"; |
| 462 | break; | 716 | break; |
| @@ -547,21 +801,26 @@ const char *SSL_alert_desc_string_long(int value) | |||
| 547 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | 801 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: |
| 548 | str="unknown PSK identity"; | 802 | str="unknown PSK identity"; |
| 549 | break; | 803 | break; |
| 550 | default: str="unknown"; break; | 804 | default: |
| 551 | } | 805 | str="unknown"; break; |
| 552 | return(str); | ||
| 553 | } | 806 | } |
| 807 | return (str); | ||
| 808 | } | ||
| 554 | 809 | ||
| 555 | const char *SSL_rstate_string(const SSL *s) | 810 | const char |
| 556 | { | 811 | *SSL_rstate_string(const SSL *s) |
| 812 | { | ||
| 557 | const char *str; | 813 | const char *str; |
| 558 | 814 | ||
| 559 | switch (s->rstate) | 815 | switch (s->rstate) { |
| 560 | { | 816 | case SSL_ST_READ_HEADER: |
| 561 | case SSL_ST_READ_HEADER:str="RH"; break; | 817 | str="RH"; break; |
| 562 | case SSL_ST_READ_BODY: str="RB"; break; | 818 | case SSL_ST_READ_BODY: |
| 563 | case SSL_ST_READ_DONE: str="RD"; break; | 819 | str="RB"; break; |
| 564 | default: str="unknown"; break; | 820 | case SSL_ST_READ_DONE: |
| 565 | } | 821 | str="RD"; break; |
| 566 | return(str); | 822 | default: |
| 823 | str="unknown"; break; | ||
| 567 | } | 824 | } |
| 825 | return (str); | ||
| 826 | } | ||
diff --git a/src/lib/libssl/src/ssl/ssl_task.c b/src/lib/libssl/src/ssl/ssl_task.c index 366204f097..25d20b06a0 100644 --- a/src/lib/libssl/src/ssl/ssl_task.c +++ b/src/lib/libssl/src/ssl/ssl_task.c | |||
| @@ -134,24 +134,28 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER(); | |||
| 134 | #include <openssl/ssl.h> | 134 | #include <openssl/ssl.h> |
| 135 | #include <openssl/err.h> | 135 | #include <openssl/err.h> |
| 136 | 136 | ||
| 137 | int verify_callback(int ok, X509 *xs, X509 *xi, int depth, | 137 | int |
| 138 | int error); | 138 | verify_callback(int ok, X509 *xs, X509 *xi, int depth, |
| 139 | BIO *bio_err=NULL; | 139 | int error); |
| 140 | BIO *bio_stdout=NULL; | 140 | BIO *bio_err = NULL; |
| 141 | BIO *bio_stdout = NULL; | ||
| 141 | BIO_METHOD *BIO_s_rtcp(); | 142 | BIO_METHOD *BIO_s_rtcp(); |
| 142 | 143 | ||
| 143 | static char *cipher=NULL; | 144 | static char *cipher = NULL; |
| 144 | int verbose=1; | 145 | int verbose = 1; |
| 145 | #ifdef FIONBIO | 146 | #ifdef FIONBIO |
| 146 | static int s_nbio=0; | 147 | static int s_nbio = 0; |
| 147 | #endif | 148 | #endif |
| 148 | #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" | 149 | #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" |
| 149 | /*************************************************************************/ | 150 | /*************************************************************************/ |
| 150 | struct rpc_msg { /* Should have member alignment inhibited */ | 151 | struct rpc_msg { /* Should have member alignment inhibited */ |
| 151 | char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ | 152 | char channel; |
| 152 | char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ | 153 | /* 'A'-app data. 'R'-remote client 'G'-global */ |
| 153 | unsigned short int length; /* Amount of data returned or max to return */ | 154 | char function; |
| 154 | char data[4092]; /* variable data */ | 155 | /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ |
| 156 | unsigned short int length; /* Amount of data returned or max to return */ | ||
| 157 | char data[4092]; | ||
| 158 | /* variable data */ | ||
| 155 | }; | 159 | }; |
| 156 | #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) | 160 | #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) |
| 157 | 161 | ||
| @@ -159,9 +163,9 @@ static $DESCRIPTOR(sysnet, "SYS$NET"); | |||
| 159 | typedef unsigned short io_channel; | 163 | typedef unsigned short io_channel; |
| 160 | 164 | ||
| 161 | struct io_status { | 165 | struct io_status { |
| 162 | unsigned short status; | 166 | unsigned short status; |
| 163 | unsigned short count; | 167 | unsigned short count; |
| 164 | unsigned long stsval; | 168 | unsigned long stsval; |
| 165 | }; | 169 | }; |
| 166 | int doit(io_channel chan, SSL_CTX *s_ctx ); | 170 | int doit(io_channel chan, SSL_CTX *s_ctx ); |
| 167 | /*****************************************************************************/ | 171 | /*****************************************************************************/ |
| @@ -169,63 +173,66 @@ int doit(io_channel chan, SSL_CTX *s_ctx ); | |||
| 169 | */ | 173 | */ |
| 170 | static int get ( io_channel chan, char *buffer, int maxlen, int *length ) | 174 | static int get ( io_channel chan, char *buffer, int maxlen, int *length ) |
| 171 | { | 175 | { |
| 172 | int status; | 176 | int status; |
| 173 | struct io_status iosb; | 177 | struct io_status iosb; |
| 174 | status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0, | 178 | status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0, |
| 175 | buffer, maxlen, 0, 0, 0, 0 ); | 179 | buffer, maxlen, 0, 0, 0, 0 ); |
| 176 | if ( (status&1) == 1 ) status = iosb.status; | 180 | if ((status&1) |
| 177 | if ( (status&1) == 1 ) *length = iosb.count; | 181 | == 1 ) status = iosb.status; |
| 178 | return status; | 182 | if ((status&1) |
| 183 | == 1 ) *length = iosb.count; | ||
| 184 | return status; | ||
| 179 | } | 185 | } |
| 180 | 186 | ||
| 181 | static int put ( io_channel chan, char *buffer, int length ) | 187 | static int put ( io_channel chan, char *buffer, int length ) |
| 182 | { | 188 | { |
| 183 | int status; | 189 | int status; |
| 184 | struct io_status iosb; | 190 | struct io_status iosb; |
| 185 | status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, | 191 | status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, |
| 186 | buffer, length, 0, 0, 0, 0 ); | 192 | buffer, length, 0, 0, 0, 0 ); |
| 187 | if ( (status&1) == 1 ) status = iosb.status; | 193 | if ((status&1) |
| 188 | return status; | 194 | == 1 ) status = iosb.status; |
| 195 | return status; | ||
| 189 | } | 196 | } |
| 190 | /***************************************************************************/ | 197 | /***************************************************************************/ |
| 191 | /* Handle operations on the 'G' channel. | 198 | /* Handle operations on the 'G' channel. |
| 192 | */ | 199 | */ |
| 193 | static int general_request ( io_channel chan, struct rpc_msg *msg, int length ) | 200 | static int general_request ( io_channel chan, struct rpc_msg *msg, int length ) { |
| 194 | { | 201 | return 48; |
| 195 | return 48; | ||
| 196 | } | 202 | } |
| 197 | /***************************************************************************/ | 203 | /***************************************************************************/ |
| 198 | int main ( int argc, char **argv ) | 204 | int main ( int argc, char **argv ) |
| 199 | { | 205 | { |
| 200 | int status, length; | 206 | int status, length; |
| 201 | io_channel chan; | 207 | io_channel chan; |
| 202 | struct rpc_msg msg; | 208 | struct rpc_msg msg; |
| 203 | 209 | ||
| 204 | char *CApath=NULL,*CAfile=NULL; | 210 | char *CApath = NULL, *CAfile = NULL; |
| 205 | int badop=0; | 211 | int badop = 0; |
| 206 | int ret=1; | 212 | int ret = 1; |
| 207 | int client_auth=0; | 213 | int client_auth = 0; |
| 208 | int server_auth=0; | 214 | int server_auth = 0; |
| 209 | SSL_CTX *s_ctx=NULL; | 215 | SSL_CTX *s_ctx = NULL; |
| 210 | /* | 216 | /* |
| 211 | * Confirm logical link with initiating client. | 217 | * Confirm logical link with initiating client. |
| 212 | */ | 218 | */ |
| 213 | LIB$INIT_TIMER(); | 219 | LIB$INIT_TIMER(); |
| 214 | status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 ); | 220 | status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 ); |
| 215 | printf("status of assign to SYS$NET: %d\n", status ); | 221 | printf("status of assign to SYS$NET: %d\n", status ); |
| 216 | /* | 222 | /* |
| 217 | * Initialize standard out and error files. | 223 | * Initialize standard out and error files. |
| 218 | */ | 224 | */ |
| 219 | if (bio_err == NULL) | 225 | if (bio_err == NULL) |
| 220 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 226 | if ((bio_err = BIO_new(BIO_s_file())) != NULL) |
| 221 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); | 227 | BIO_set_fp(bio_err, stderr, BIO_NOCLOSE); |
| 222 | if (bio_stdout == NULL) | 228 | if (bio_stdout == NULL) |
| 223 | if ((bio_stdout=BIO_new(BIO_s_file())) != NULL) | 229 | if ((bio_stdout = BIO_new(BIO_s_file())) != NULL) |
| 224 | BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE); | 230 | BIO_set_fp(bio_stdout, stdout, BIO_NOCLOSE); |
| 225 | /* | 231 | /* |
| 226 | * get the preferred cipher list and other initialization | 232 | * get the preferred cipher list and other initialization |
| 227 | */ | 233 | */ |
| 228 | if (cipher == NULL) cipher=getenv("SSL_CIPHER"); | 234 | if (cipher == NULL) |
| 235 | cipher = getenv("SSL_CIPHER"); | ||
| 229 | printf("cipher list: %s\n", cipher ? cipher : "{undefined}" ); | 236 | printf("cipher list: %s\n", cipher ? cipher : "{undefined}" ); |
| 230 | 237 | ||
| 231 | SSL_load_error_strings(); | 238 | SSL_load_error_strings(); |
| @@ -234,48 +241,53 @@ int main ( int argc, char **argv ) | |||
| 234 | /* DRM, this was the original, but there is no such thing as SSLv2() | 241 | /* DRM, this was the original, but there is no such thing as SSLv2() |
| 235 | s_ctx=SSL_CTX_new(SSLv2()); | 242 | s_ctx=SSL_CTX_new(SSLv2()); |
| 236 | */ | 243 | */ |
| 237 | s_ctx=SSL_CTX_new(SSLv2_server_method()); | 244 | s_ctx = SSL_CTX_new(SSLv2_server_method()); |
| 238 | 245 | ||
| 239 | if (s_ctx == NULL) goto end; | 246 | if (s_ctx == NULL) |
| 247 | goto end; | ||
| 240 | 248 | ||
| 241 | SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); | 249 | SSL_CTX_use_certificate_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM); |
| 242 | SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); | 250 | SSL_CTX_use_RSAPrivateKey_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM); |
| 243 | printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT ); | 251 | printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT ); |
| 244 | 252 | ||
| 245 | /* | 253 | /* |
| 246 | * Take commands from client until bad status. | 254 | * Take commands from client until bad status. |
| 247 | */ | 255 | */ |
| 248 | LIB$SHOW_TIMER(); | 256 | LIB$SHOW_TIMER(); |
| 249 | status = doit ( chan, s_ctx ); | 257 | status = doit ( chan, s_ctx ); |
| 250 | LIB$SHOW_TIMER(); | 258 | LIB$SHOW_TIMER(); |
| 251 | /* | 259 | /* |
| 252 | * do final cleanup and exit. | 260 | * do final cleanup and exit. |
| 253 | */ | 261 | */ |
| 254 | end: | 262 | end: |
| 255 | if (s_ctx != NULL) SSL_CTX_free(s_ctx); | 263 | if (s_ctx != NULL) |
| 256 | LIB$SHOW_TIMER(); | 264 | SSL_CTX_free(s_ctx); |
| 257 | return 1; | 265 | LIB$SHOW_TIMER(); |
| 266 | return 1; | ||
| 258 | } | 267 | } |
| 259 | 268 | ||
| 260 | int doit(io_channel chan, SSL_CTX *s_ctx ) | 269 | int |
| 270 | doit(io_channel chan, SSL_CTX *s_ctx ) | ||
| 261 | { | 271 | { |
| 262 | int status, length, link_state; | 272 | int status, length, link_state; |
| 263 | struct rpc_msg msg; | 273 | struct rpc_msg msg; |
| 264 | 274 | ||
| 265 | SSL *s_ssl=NULL; | 275 | SSL *s_ssl = NULL; |
| 266 | BIO *c_to_s=NULL; | 276 | BIO *c_to_s = NULL; |
| 267 | BIO *s_to_c=NULL; | 277 | BIO *s_to_c = NULL; |
| 268 | BIO *c_bio=NULL; | 278 | BIO *c_bio = NULL; |
| 269 | BIO *s_bio=NULL; | 279 | BIO *s_bio = NULL; |
| 270 | int i; | 280 | int i; |
| 271 | int done=0; | 281 | int done = 0; |
| 272 | 282 | ||
| 273 | s_ssl=SSL_new(s_ctx); | 283 | s_ssl = SSL_new(s_ctx); |
| 274 | if (s_ssl == NULL) goto err; | 284 | if (s_ssl == NULL) |
| 285 | goto err; | ||
| 275 | 286 | ||
| 276 | c_to_s=BIO_new(BIO_s_rtcp()); | 287 | c_to_s = BIO_new(BIO_s_rtcp()); |
| 277 | s_to_c=BIO_new(BIO_s_rtcp()); | 288 | s_to_c = BIO_new(BIO_s_rtcp()); |
| 278 | if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; | 289 | if ((s_to_c == NULL) |
| 290 | || (c_to_s == NULL)) goto err; | ||
| 279 | /* original, DRM 24-SEP-1997 | 291 | /* original, DRM 24-SEP-1997 |
| 280 | BIO_set_fd ( c_to_s, "", chan ); | 292 | BIO_set_fd ( c_to_s, "", chan ); |
| 281 | BIO_set_fd ( s_to_c, "", chan ); | 293 | BIO_set_fd ( s_to_c, "", chan ); |
| @@ -283,13 +295,14 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) | |||
| 283 | BIO_set_fd ( c_to_s, 0, chan ); | 295 | BIO_set_fd ( c_to_s, 0, chan ); |
| 284 | BIO_set_fd ( s_to_c, 0, chan ); | 296 | BIO_set_fd ( s_to_c, 0, chan ); |
| 285 | 297 | ||
| 286 | c_bio=BIO_new(BIO_f_ssl()); | 298 | c_bio = BIO_new(BIO_f_ssl()); |
| 287 | s_bio=BIO_new(BIO_f_ssl()); | 299 | s_bio = BIO_new(BIO_f_ssl()); |
| 288 | if ((c_bio == NULL) || (s_bio == NULL)) goto err; | 300 | if ((c_bio == NULL) |
| 301 | || (s_bio == NULL)) goto err; | ||
| 289 | 302 | ||
| 290 | SSL_set_accept_state(s_ssl); | 303 | SSL_set_accept_state(s_ssl); |
| 291 | SSL_set_bio(s_ssl,c_to_s,s_to_c); | 304 | SSL_set_bio(s_ssl, c_to_s, s_to_c); |
| 292 | BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE); | 305 | BIO_set_ssl(s_bio, s_ssl, BIO_CLOSE); |
| 293 | 306 | ||
| 294 | /* We can always do writes */ | 307 | /* We can always do writes */ |
| 295 | printf("Begin doit main loop\n"); | 308 | printf("Begin doit main loop\n"); |
| @@ -300,59 +313,65 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) | |||
| 300 | /* | 313 | /* |
| 301 | * Wait for remote end to request data action on A channel. | 314 | * Wait for remote end to request data action on A channel. |
| 302 | */ | 315 | */ |
| 303 | while ( link_state == 0 ) { | 316 | while (link_state == 0 ) { |
| 304 | status = get ( chan, (char *) &msg, sizeof(msg), &length ); | 317 | status = get ( chan, (char *) &msg, sizeof(msg), &length ); |
| 305 | if ( (status&1) == 0 ) { | 318 | if ((status&1) == 0 ) { |
| 306 | printf("Error in main loop get: %d\n", status ); | 319 | printf("Error in main loop get: %d\n", status ); |
| 307 | link_state = 3; | 320 | link_state = 3; |
| 308 | break; | 321 | break; |
| 309 | } | 322 | } |
| 310 | if ( length < RPC_HDR_SIZE ) { | 323 | if (length < RPC_HDR_SIZE ) { |
| 311 | printf("Error in main loop get size: %d\n", length ); | 324 | printf("Error in main loop get size: %d\n", length ); |
| 312 | break; | 325 | break; |
| 313 | link_state = 3; | 326 | link_state = 3; |
| 314 | } | 327 | } |
| 315 | if ( msg.channel != 'A' ) { | 328 | if (msg.channel != 'A' ) { |
| 316 | printf("Error in main loop, unexpected channel: %c\n", | 329 | printf("Error in main loop, unexpected channel: %c\n", |
| 317 | msg.channel ); | 330 | msg.channel ); |
| 318 | break; | 331 | break; |
| 319 | link_state = 3; | 332 | link_state = 3; |
| 320 | } | 333 | } |
| 321 | if ( msg.function == 'G' ) { | 334 | if (msg.function == 'G' ) { |
| 322 | link_state = 1; | 335 | link_state = 1; |
| 323 | } else if ( msg.function == 'P' ) { | 336 | } else if (msg.function == 'P' ) { |
| 324 | link_state = 2; /* write pending */ | 337 | link_state = 2; /* write pending */ |
| 325 | } else if ( msg.function == 'X' ) { | 338 | } else if (msg.function == 'X' ) { |
| 326 | link_state = 3; | 339 | link_state = 3; |
| 327 | } else { | 340 | } else { |
| 328 | link_state = 3; | 341 | link_state = 3; |
| 329 | } | 342 | } |
| 330 | } | ||
| 331 | if ( link_state == 1 ) { | ||
| 332 | i = BIO_read ( s_bio, msg.data, msg.length ); | ||
| 333 | if ( i < 0 ) link_state = 3; | ||
| 334 | else { | ||
| 335 | msg.channel = 'A'; | ||
| 336 | msg.function = 'C'; /* confirm */ | ||
| 337 | msg.length = i; | ||
| 338 | status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE ); | ||
| 339 | if ( (status&1) == 0 ) break; | ||
| 340 | link_state = 0; | ||
| 341 | } | 343 | } |
| 342 | } else if ( link_state == 2 ) { | 344 | if (link_state == 1 ) { |
| 343 | i = BIO_write ( s_bio, msg.data, msg.length ); | 345 | i = BIO_read ( s_bio, msg.data, msg.length ); |
| 344 | if ( i < 0 ) link_state = 3; | 346 | if (i < 0 ) |
| 345 | else { | 347 | link_state = 3; |
| 346 | msg.channel = 'A'; | 348 | else { |
| 347 | msg.function = 'C'; /* confirm */ | 349 | msg.channel = 'A'; |
| 348 | msg.length = 0; | 350 | msg.function = 'C'; |
| 349 | status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); | 351 | /* confirm */ |
| 350 | if ( (status&1) == 0 ) break; | 352 | msg.length = i; |
| 351 | link_state = 0; | 353 | status = put ( chan, (char *) &msg, i + RPC_HDR_SIZE ); |
| 354 | if ((status&1) | ||
| 355 | == 0 ) break; | ||
| 356 | link_state = 0; | ||
| 357 | } | ||
| 358 | } else if (link_state == 2 ) { | ||
| 359 | i = BIO_write ( s_bio, msg.data, msg.length ); | ||
| 360 | if (i < 0 ) | ||
| 361 | link_state = 3; | ||
| 362 | else { | ||
| 363 | msg.channel = 'A'; | ||
| 364 | msg.function = 'C'; | ||
| 365 | /* confirm */ | ||
| 366 | msg.length = 0; | ||
| 367 | status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); | ||
| 368 | if ((status&1) | ||
| 369 | == 0 ) break; | ||
| 370 | link_state = 0; | ||
| 371 | } | ||
| 352 | } | 372 | } |
| 353 | } | ||
| 354 | } | 373 | } |
| 355 | fprintf(stdout,"DONE\n"); | 374 | fprintf(stdout, "DONE\n"); |
| 356 | err: | 375 | err: |
| 357 | /* We have to set the BIO's to NULL otherwise they will be | 376 | /* We have to set the BIO's to NULL otherwise they will be |
| 358 | * free()ed twice. Once when th s_ssl is SSL_free()ed and | 377 | * free()ed twice. Once when th s_ssl is SSL_free()ed and |
| @@ -361,12 +380,16 @@ err: | |||
| 361 | * BIO structure and SSL_set_bio() and SSL_free() automatically | 380 | * BIO structure and SSL_set_bio() and SSL_free() automatically |
| 362 | * BIO_free non NULL entries. | 381 | * BIO_free non NULL entries. |
| 363 | * You should not normally do this or be required to do this */ | 382 | * You should not normally do this or be required to do this */ |
| 364 | s_ssl->rbio=NULL; | 383 | s_ssl->rbio = NULL; |
| 365 | s_ssl->wbio=NULL; | 384 | s_ssl->wbio = NULL; |
| 366 | 385 | ||
| 367 | if (c_to_s != NULL) BIO_free(c_to_s); | 386 | if (c_to_s != NULL) |
| 368 | if (s_to_c != NULL) BIO_free(s_to_c); | 387 | BIO_free(c_to_s); |
| 369 | if (c_bio != NULL) BIO_free(c_bio); | 388 | if (s_to_c != NULL) |
| 370 | if (s_bio != NULL) BIO_free(s_bio); | 389 | BIO_free(s_to_c); |
| 371 | return(0); | 390 | if (c_bio != NULL) |
| 391 | BIO_free(c_bio); | ||
| 392 | if (s_bio != NULL) | ||
| 393 | BIO_free(s_bio); | ||
| 394 | return (0); | ||
| 372 | } | 395 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c index 6479d52c0c..5186e396ec 100644 --- a/src/lib/libssl/src/ssl/ssl_txt.c +++ b/src/lib/libssl/src/ssl/ssl_txt.c | |||
| @@ -87,30 +87,33 @@ | |||
| 87 | #include "ssl_locl.h" | 87 | #include "ssl_locl.h" |
| 88 | 88 | ||
| 89 | #ifndef OPENSSL_NO_FP_API | 89 | #ifndef OPENSSL_NO_FP_API |
| 90 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | 90 | int |
| 91 | { | 91 | SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) |
| 92 | { | ||
| 92 | BIO *b; | 93 | BIO *b; |
| 93 | int ret; | 94 | int ret; |
| 94 | 95 | ||
| 95 | if ((b=BIO_new(BIO_s_file_internal())) == NULL) | 96 | if ((b = BIO_new(BIO_s_file_internal())) == NULL) { |
| 96 | { | 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); |
| 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); | 98 | return (0); |
| 98 | return(0); | ||
| 99 | } | ||
| 100 | BIO_set_fp(b,fp,BIO_NOCLOSE); | ||
| 101 | ret=SSL_SESSION_print(b,x); | ||
| 102 | BIO_free(b); | ||
| 103 | return(ret); | ||
| 104 | } | 99 | } |
| 100 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 101 | ret = SSL_SESSION_print(b, x); | ||
| 102 | BIO_free(b); | ||
| 103 | return (ret); | ||
| 104 | } | ||
| 105 | #endif | 105 | #endif |
| 106 | 106 | ||
| 107 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | 107 | int |
| 108 | { | 108 | SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) |
| 109 | { | ||
| 109 | unsigned int i; | 110 | unsigned int i; |
| 110 | const char *s; | 111 | const char *s; |
| 111 | 112 | ||
| 112 | if (x == NULL) goto err; | 113 | if (x == NULL) |
| 113 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | 114 | goto err; |
| 115 | if (BIO_puts(bp, "SSL-Session:\n") | ||
| 116 | <= 0) goto err; | ||
| 114 | if (x->ssl_version == SSL2_VERSION) | 117 | if (x->ssl_version == SSL2_VERSION) |
| 115 | s="SSLv2"; | 118 | s="SSLv2"; |
| 116 | else if (x->ssl_version == SSL3_VERSION) | 119 | else if (x->ssl_version == SSL3_VERSION) |
| @@ -127,122 +130,122 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 127 | s="DTLSv1-bad"; | 130 | s="DTLSv1-bad"; |
| 128 | else | 131 | else |
| 129 | s="unknown"; | 132 | s="unknown"; |
| 130 | if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; | 133 | if (BIO_printf(bp, " Protocol : %s\n", s) |
| 134 | <= 0) goto err; | ||
| 131 | 135 | ||
| 132 | if (x->cipher == NULL) | 136 | if (x->cipher == NULL) { |
| 133 | { | 137 | if (((x->cipher_id) & 0xff000000) == 0x02000000) { |
| 134 | if (((x->cipher_id) & 0xff000000) == 0x02000000) | 138 | if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) |
| 135 | { | ||
| 136 | if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) | ||
| 137 | goto err; | 139 | goto err; |
| 138 | } | 140 | } else { |
| 139 | else | 141 | if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) |
| 140 | { | ||
| 141 | if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) | ||
| 142 | goto err; | 142 | goto err; |
| 143 | } | ||
| 144 | } | 143 | } |
| 145 | else | 144 | } else { |
| 146 | { | 145 | if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) |
| 147 | if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) | ||
| 148 | goto err; | 146 | goto err; |
| 149 | } | 147 | } |
| 150 | if (BIO_puts(bp," Session-ID: ") <= 0) goto err; | 148 | if (BIO_puts(bp, " Session-ID: ") |
| 151 | for (i=0; i<x->session_id_length; i++) | 149 | <= 0) goto err; |
| 152 | { | 150 | for (i = 0; i < x->session_id_length; i++) { |
| 153 | if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; | 151 | if (BIO_printf(bp, "%02X", x->session_id[i]) |
| 154 | } | 152 | <= 0) goto err; |
| 155 | if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; | 153 | } |
| 156 | for (i=0; i<x->sid_ctx_length; i++) | 154 | if (BIO_puts(bp, "\n Session-ID-ctx: ") |
| 157 | { | 155 | <= 0) goto err; |
| 158 | if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) | 156 | for (i = 0; i < x->sid_ctx_length; i++) { |
| 157 | if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) | ||
| 159 | goto err; | 158 | goto err; |
| 160 | } | 159 | } |
| 161 | if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; | 160 | if (BIO_puts(bp, "\n Master-Key: ") |
| 162 | for (i=0; i<(unsigned int)x->master_key_length; i++) | 161 | <= 0) goto err; |
| 163 | { | 162 | for (i = 0; i < (unsigned int)x->master_key_length; i++) { |
| 164 | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | 163 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 165 | } | 164 | <= 0) goto err; |
| 166 | if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | 165 | } |
| 167 | if (x->key_arg_length == 0) | 166 | if (BIO_puts(bp, "\n Key-Arg : ") |
| 168 | { | 167 | <= 0) goto err; |
| 169 | if (BIO_puts(bp,"None") <= 0) goto err; | 168 | if (x->key_arg_length == 0) { |
| 170 | } | 169 | if (BIO_puts(bp, "None") |
| 171 | else | 170 | <= 0) goto err; |
| 172 | for (i=0; i<x->key_arg_length; i++) | 171 | } else |
| 173 | { | 172 | for (i = 0; i < x->key_arg_length; i++) { |
| 174 | if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | 173 | if (BIO_printf(bp, "%02X", x->key_arg[i]) |
| 175 | } | 174 | <= 0) goto err; |
| 175 | } | ||
| 176 | #ifndef OPENSSL_NO_KRB5 | 176 | #ifndef OPENSSL_NO_KRB5 |
| 177 | if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; | 177 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 178 | if (x->krb5_client_princ_len == 0) | 178 | <= 0) goto err; |
| 179 | { | 179 | if (x->krb5_client_princ_len == 0) { |
| 180 | if (BIO_puts(bp,"None") <= 0) goto err; | 180 | if (BIO_puts(bp, "None") |
| 181 | } | 181 | <= 0) goto err; |
| 182 | else | 182 | } else |
| 183 | for (i=0; i<x->krb5_client_princ_len; i++) | 183 | for (i = 0; i < x->krb5_client_princ_len; i++) { |
| 184 | { | 184 | if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) |
| 185 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | 185 | <= 0) goto err; |
| 186 | } | 186 | } |
| 187 | #endif /* OPENSSL_NO_KRB5 */ | 187 | #endif /* OPENSSL_NO_KRB5 */ |
| 188 | #ifndef OPENSSL_NO_PSK | 188 | #ifndef OPENSSL_NO_PSK |
| 189 | if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | 189 | if (BIO_puts(bp, "\n PSK identity: ") |
| 190 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | 190 | <= 0) goto err; |
| 191 | if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | 191 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") |
| 192 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; | 192 | <= 0) goto err; |
| 193 | if (BIO_puts(bp, "\n PSK identity hint: ") | ||
| 194 | <= 0) goto err; | ||
| 195 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") | ||
| 196 | <= 0) goto err; | ||
| 193 | #endif | 197 | #endif |
| 194 | #ifndef OPENSSL_NO_SRP | 198 | #ifndef OPENSSL_NO_SRP |
| 195 | if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err; | 199 | if (BIO_puts(bp, "\n SRP username: ") |
| 196 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; | 200 | <= 0) goto err; |
| 201 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") | ||
| 202 | <= 0) goto err; | ||
| 197 | #endif | 203 | #endif |
| 198 | #ifndef OPENSSL_NO_TLSEXT | 204 | #ifndef OPENSSL_NO_TLSEXT |
| 199 | if (x->tlsext_tick_lifetime_hint) | 205 | if (x->tlsext_tick_lifetime_hint) { |
| 200 | { | ||
| 201 | if (BIO_printf(bp, | 206 | if (BIO_printf(bp, |
| 202 | "\n TLS session ticket lifetime hint: %ld (seconds)", | 207 | "\n TLS session ticket lifetime hint: %ld (seconds)", |
| 203 | x->tlsext_tick_lifetime_hint) <=0) | 208 | x->tlsext_tick_lifetime_hint) <=0) |
| 204 | goto err; | 209 | goto err; |
| 205 | } | 210 | } |
| 206 | if (x->tlsext_tick) | 211 | if (x->tlsext_tick) { |
| 207 | { | 212 | if (BIO_puts(bp, "\n TLS session ticket:\n") |
| 208 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; | 213 | <= 0) goto err; |
| 209 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | 214 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) |
| 210 | goto err; | 215 | goto err; |
| 211 | } | 216 | } |
| 212 | #endif | 217 | #endif |
| 213 | 218 | ||
| 214 | #ifndef OPENSSL_NO_COMP | 219 | #ifndef OPENSSL_NO_COMP |
| 215 | if (x->compress_meth != 0) | 220 | if (x->compress_meth != 0) { |
| 216 | { | ||
| 217 | SSL_COMP *comp = NULL; | 221 | SSL_COMP *comp = NULL; |
| 218 | 222 | ||
| 219 | ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); | 223 | ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp); |
| 220 | if (comp == NULL) | 224 | if (comp == NULL) { |
| 221 | { | 225 | if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) |
| 222 | if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; | 226 | <= 0) goto err; |
| 227 | } else { | ||
| 228 | if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0) goto err; | ||
| 223 | } | 229 | } |
| 224 | else | 230 | } |
| 225 | { | ||
| 226 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | ||
| 227 | } | ||
| 228 | } | ||
| 229 | #endif | 231 | #endif |
| 230 | if (x->time != 0L) | 232 | if (x->time != 0L) { |
| 231 | { | 233 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) |
| 232 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; | 234 | <= 0) goto err; |
| 233 | } | 235 | } |
| 234 | if (x->timeout != 0L) | 236 | if (x->timeout != 0L) { |
| 235 | { | 237 | if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; |
| 236 | if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; | ||
| 237 | } | 238 | } |
| 238 | if (BIO_puts(bp,"\n") <= 0) goto err; | 239 | if (BIO_puts(bp, "\n") |
| 240 | <= 0) goto err; | ||
| 239 | 241 | ||
| 240 | if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; | 242 | if (BIO_puts(bp, " Verify return code: ") |
| 243 | <= 0) goto err; | ||
| 241 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, | 244 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, |
| 242 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; | 245 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; |
| 243 | 246 | ||
| 244 | return(1); | 247 | return (1); |
| 245 | err: | 248 | err: |
| 246 | return(0); | 249 | return (0); |
| 247 | } | 250 | } |
| 248 | 251 | ||
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 9c34d19725..76644bda91 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c | |||
| @@ -61,8 +61,9 @@ | |||
| 61 | #include <openssl/lhash.h> | 61 | #include <openssl/lhash.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | 63 | ||
| 64 | int SSL_library_init(void) | 64 | int |
| 65 | { | 65 | SSL_library_init(void) |
| 66 | { | ||
| 66 | 67 | ||
| 67 | #ifndef OPENSSL_NO_DES | 68 | #ifndef OPENSSL_NO_DES |
| 68 | EVP_add_cipher(EVP_des_cbc()); | 69 | EVP_add_cipher(EVP_des_cbc()); |
| @@ -104,16 +105,16 @@ int SSL_library_init(void) | |||
| 104 | #ifndef OPENSSL_NO_SEED | 105 | #ifndef OPENSSL_NO_SEED |
| 105 | EVP_add_cipher(EVP_seed_cbc()); | 106 | EVP_add_cipher(EVP_seed_cbc()); |
| 106 | #endif | 107 | #endif |
| 107 | 108 | ||
| 108 | #ifndef OPENSSL_NO_MD5 | 109 | #ifndef OPENSSL_NO_MD5 |
| 109 | EVP_add_digest(EVP_md5()); | 110 | EVP_add_digest(EVP_md5()); |
| 110 | EVP_add_digest_alias(SN_md5,"ssl2-md5"); | 111 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); |
| 111 | EVP_add_digest_alias(SN_md5,"ssl3-md5"); | 112 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); |
| 112 | #endif | 113 | #endif |
| 113 | #ifndef OPENSSL_NO_SHA | 114 | #ifndef OPENSSL_NO_SHA |
| 114 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | 115 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ |
| 115 | EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); | 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); |
| 116 | EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
| 117 | #endif | 118 | #endif |
| 118 | #ifndef OPENSSL_NO_SHA256 | 119 | #ifndef OPENSSL_NO_SHA256 |
| 119 | EVP_add_digest(EVP_sha224()); | 120 | EVP_add_digest(EVP_sha224()); |
| @@ -125,9 +126,9 @@ int SSL_library_init(void) | |||
| 125 | #endif | 126 | #endif |
| 126 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | 127 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) |
| 127 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | 128 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ |
| 128 | EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | 129 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); |
| 129 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | 130 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); |
| 130 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | 131 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); |
| 131 | #endif | 132 | #endif |
| 132 | #ifndef OPENSSL_NO_ECDSA | 133 | #ifndef OPENSSL_NO_ECDSA |
| 133 | EVP_add_digest(EVP_ecdsa()); | 134 | EVP_add_digest(EVP_ecdsa()); |
| @@ -145,6 +146,6 @@ int SSL_library_init(void) | |||
| 145 | #endif | 146 | #endif |
| 146 | /* initialize cipher/digest methods table */ | 147 | /* initialize cipher/digest methods table */ |
| 147 | ssl_load_ciphers(); | 148 | ssl_load_ciphers(); |
| 148 | return(1); | 149 | return (1); |
| 149 | } | 150 | } |
| 150 | 151 | ||
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 38540be1e5..51668db785 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -89,8 +89,7 @@ | |||
| 89 | #include <openssl/objects.h> | 89 | #include <openssl/objects.h> |
| 90 | #include <openssl/x509.h> | 90 | #include <openssl/x509.h> |
| 91 | 91 | ||
| 92 | typedef struct ssl_session_asn1_st | 92 | typedef struct ssl_session_asn1_st { |
| 93 | { | ||
| 94 | ASN1_INTEGER version; | 93 | ASN1_INTEGER version; |
| 95 | ASN1_INTEGER ssl_version; | 94 | ASN1_INTEGER ssl_version; |
| 96 | ASN1_OCTET_STRING cipher; | 95 | ASN1_OCTET_STRING cipher; |
| @@ -100,7 +99,7 @@ typedef struct ssl_session_asn1_st | |||
| 100 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 101 | ASN1_OCTET_STRING key_arg; | 100 | ASN1_OCTET_STRING key_arg; |
| 102 | #ifndef OPENSSL_NO_KRB5 | 101 | #ifndef OPENSSL_NO_KRB5 |
| 103 | ASN1_OCTET_STRING krb5_princ; | 102 | ASN1_OCTET_STRING krb5_princ; |
| 104 | #endif /* OPENSSL_NO_KRB5 */ | 103 | #endif /* OPENSSL_NO_KRB5 */ |
| 105 | ASN1_INTEGER time; | 104 | ASN1_INTEGER time; |
| 106 | ASN1_INTEGER timeout; | 105 | ASN1_INTEGER timeout; |
| @@ -117,169 +116,156 @@ typedef struct ssl_session_asn1_st | |||
| 117 | #ifndef OPENSSL_NO_SRP | 116 | #ifndef OPENSSL_NO_SRP |
| 118 | ASN1_OCTET_STRING srp_username; | 117 | ASN1_OCTET_STRING srp_username; |
| 119 | #endif /* OPENSSL_NO_SRP */ | 118 | #endif /* OPENSSL_NO_SRP */ |
| 120 | } SSL_SESSION_ASN1; | 119 | } SSL_SESSION_ASN1; |
| 121 | 120 | ||
| 122 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | 121 | int |
| 123 | { | 122 | i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| 123 | { | ||
| 124 | #define LSIZE2 (sizeof(long)*2) | 124 | #define LSIZE2 (sizeof(long)*2) |
| 125 | int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0; | 125 | int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; |
| 126 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 126 | unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; |
| 127 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; | 127 | unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; |
| 128 | #ifndef OPENSSL_NO_TLSEXT | 128 | #ifndef OPENSSL_NO_TLSEXT |
| 129 | int v6=0,v9=0,v10=0; | 129 | int v6 = 0, v9 = 0, v10 = 0; |
| 130 | unsigned char ibuf6[LSIZE2]; | 130 | unsigned char ibuf6[LSIZE2]; |
| 131 | #endif | 131 | #endif |
| 132 | #ifndef OPENSSL_NO_COMP | 132 | #ifndef OPENSSL_NO_COMP |
| 133 | unsigned char cbuf; | 133 | unsigned char cbuf; |
| 134 | int v11=0; | 134 | int v11 = 0; |
| 135 | #endif | 135 | #endif |
| 136 | #ifndef OPENSSL_NO_SRP | 136 | #ifndef OPENSSL_NO_SRP |
| 137 | int v12=0; | 137 | int v12 = 0; |
| 138 | #endif | 138 | #endif |
| 139 | long l; | 139 | long l; |
| 140 | SSL_SESSION_ASN1 a; | 140 | SSL_SESSION_ASN1 a; |
| 141 | M_ASN1_I2D_vars(in); | 141 | M_ASN1_I2D_vars(in); |
| 142 | 142 | ||
| 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) |
| 144 | return(0); | 144 | return (0); |
| 145 | 145 | ||
| 146 | /* Note that I cheat in the following 2 assignments. I know | 146 | /* Note that I cheat in the following 2 assignments. I know |
| 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set | 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set |
| 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. | 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. |
| 149 | * This is a bit evil but makes things simple, no dynamic allocation | 149 | * This is a bit evil but makes things simple, no dynamic allocation |
| 150 | * to clean up :-) */ | 150 | * to clean up :-) */ |
| 151 | a.version.length=LSIZE2; | 151 | a.version.length = LSIZE2; |
| 152 | a.version.type=V_ASN1_INTEGER; | 152 | a.version.type = V_ASN1_INTEGER; |
| 153 | a.version.data=ibuf1; | 153 | a.version.data = ibuf1; |
| 154 | ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); | 154 | ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION); |
| 155 | 155 | ||
| 156 | a.ssl_version.length=LSIZE2; | 156 | a.ssl_version.length = LSIZE2; |
| 157 | a.ssl_version.type=V_ASN1_INTEGER; | 157 | a.ssl_version.type = V_ASN1_INTEGER; |
| 158 | a.ssl_version.data=ibuf2; | 158 | a.ssl_version.data = ibuf2; |
| 159 | ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); | 159 | ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version); |
| 160 | 160 | ||
| 161 | a.cipher.type=V_ASN1_OCTET_STRING; | 161 | a.cipher.type = V_ASN1_OCTET_STRING; |
| 162 | a.cipher.data=buf; | 162 | a.cipher.data = buf; |
| 163 | 163 | ||
| 164 | if (in->cipher == NULL) | 164 | if (in->cipher == NULL) |
| 165 | l=in->cipher_id; | 165 | l = in->cipher_id; |
| 166 | else | 166 | else |
| 167 | l=in->cipher->id; | 167 | l = in->cipher->id; |
| 168 | if (in->ssl_version == SSL2_VERSION) | 168 | if (in->ssl_version == SSL2_VERSION) { |
| 169 | { | 169 | a.cipher.length = 3; |
| 170 | a.cipher.length=3; | 170 | buf[0] = ((unsigned char)(l >> 16L))&0xff; |
| 171 | buf[0]=((unsigned char)(l>>16L))&0xff; | 171 | buf[1] = ((unsigned char)(l >> 8L))&0xff; |
| 172 | buf[1]=((unsigned char)(l>> 8L))&0xff; | 172 | buf[2] = ((unsigned char)(l ))&0xff; |
| 173 | buf[2]=((unsigned char)(l ))&0xff; | 173 | } else { |
| 174 | } | 174 | a.cipher.length = 2; |
| 175 | else | 175 | buf[0] = ((unsigned char)(l >> 8L))&0xff; |
| 176 | { | 176 | buf[1] = ((unsigned char)(l ))&0xff; |
| 177 | a.cipher.length=2; | 177 | } |
| 178 | buf[0]=((unsigned char)(l>>8L))&0xff; | ||
| 179 | buf[1]=((unsigned char)(l ))&0xff; | ||
| 180 | } | ||
| 181 | 178 | ||
| 182 | #ifndef OPENSSL_NO_COMP | 179 | #ifndef OPENSSL_NO_COMP |
| 183 | if (in->compress_meth) | 180 | if (in->compress_meth) { |
| 184 | { | ||
| 185 | cbuf = (unsigned char)in->compress_meth; | 181 | cbuf = (unsigned char)in->compress_meth; |
| 186 | a.comp_id.length = 1; | 182 | a.comp_id.length = 1; |
| 187 | a.comp_id.type = V_ASN1_OCTET_STRING; | 183 | a.comp_id.type = V_ASN1_OCTET_STRING; |
| 188 | a.comp_id.data = &cbuf; | 184 | a.comp_id.data = &cbuf; |
| 189 | } | 185 | } |
| 190 | #endif | 186 | #endif |
| 191 | 187 | ||
| 192 | a.master_key.length=in->master_key_length; | 188 | a.master_key.length = in->master_key_length; |
| 193 | a.master_key.type=V_ASN1_OCTET_STRING; | 189 | a.master_key.type = V_ASN1_OCTET_STRING; |
| 194 | a.master_key.data=in->master_key; | 190 | a.master_key.data = in->master_key; |
| 195 | 191 | ||
| 196 | a.session_id.length=in->session_id_length; | 192 | a.session_id.length = in->session_id_length; |
| 197 | a.session_id.type=V_ASN1_OCTET_STRING; | 193 | a.session_id.type = V_ASN1_OCTET_STRING; |
| 198 | a.session_id.data=in->session_id; | 194 | a.session_id.data = in->session_id; |
| 199 | 195 | ||
| 200 | a.session_id_context.length=in->sid_ctx_length; | 196 | a.session_id_context.length = in->sid_ctx_length; |
| 201 | a.session_id_context.type=V_ASN1_OCTET_STRING; | 197 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 202 | a.session_id_context.data=in->sid_ctx; | 198 | a.session_id_context.data = in->sid_ctx; |
| 203 | 199 | ||
| 204 | a.key_arg.length=in->key_arg_length; | 200 | a.key_arg.length = in->key_arg_length; |
| 205 | a.key_arg.type=V_ASN1_OCTET_STRING; | 201 | a.key_arg.type = V_ASN1_OCTET_STRING; |
| 206 | a.key_arg.data=in->key_arg; | 202 | a.key_arg.data = in->key_arg; |
| 207 | 203 | ||
| 208 | #ifndef OPENSSL_NO_KRB5 | 204 | #ifndef OPENSSL_NO_KRB5 |
| 209 | if (in->krb5_client_princ_len) | 205 | if (in->krb5_client_princ_len) { |
| 210 | { | 206 | a.krb5_princ.length = in->krb5_client_princ_len; |
| 211 | a.krb5_princ.length=in->krb5_client_princ_len; | 207 | a.krb5_princ.type = V_ASN1_OCTET_STRING; |
| 212 | a.krb5_princ.type=V_ASN1_OCTET_STRING; | 208 | a.krb5_princ.data = in->krb5_client_princ; |
| 213 | a.krb5_princ.data=in->krb5_client_princ; | 209 | } |
| 214 | } | ||
| 215 | #endif /* OPENSSL_NO_KRB5 */ | 210 | #endif /* OPENSSL_NO_KRB5 */ |
| 216 | 211 | ||
| 217 | if (in->time != 0L) | 212 | if (in->time != 0L) { |
| 218 | { | 213 | a.time.length = LSIZE2; |
| 219 | a.time.length=LSIZE2; | 214 | a.time.type = V_ASN1_INTEGER; |
| 220 | a.time.type=V_ASN1_INTEGER; | 215 | a.time.data = ibuf3; |
| 221 | a.time.data=ibuf3; | 216 | ASN1_INTEGER_set(&(a.time), in->time); |
| 222 | ASN1_INTEGER_set(&(a.time),in->time); | 217 | } |
| 223 | } | ||
| 224 | 218 | ||
| 225 | if (in->timeout != 0L) | 219 | if (in->timeout != 0L) { |
| 226 | { | 220 | a.timeout.length = LSIZE2; |
| 227 | a.timeout.length=LSIZE2; | 221 | a.timeout.type = V_ASN1_INTEGER; |
| 228 | a.timeout.type=V_ASN1_INTEGER; | 222 | a.timeout.data = ibuf4; |
| 229 | a.timeout.data=ibuf4; | 223 | ASN1_INTEGER_set(&(a.timeout), in->timeout); |
| 230 | ASN1_INTEGER_set(&(a.timeout),in->timeout); | 224 | } |
| 231 | } | ||
| 232 | 225 | ||
| 233 | if (in->verify_result != X509_V_OK) | 226 | if (in->verify_result != X509_V_OK) { |
| 234 | { | 227 | a.verify_result.length = LSIZE2; |
| 235 | a.verify_result.length=LSIZE2; | 228 | a.verify_result.type = V_ASN1_INTEGER; |
| 236 | a.verify_result.type=V_ASN1_INTEGER; | 229 | a.verify_result.data = ibuf5; |
| 237 | a.verify_result.data=ibuf5; | 230 | ASN1_INTEGER_set(&a.verify_result, in->verify_result); |
| 238 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | 231 | } |
| 239 | } | ||
| 240 | 232 | ||
| 241 | #ifndef OPENSSL_NO_TLSEXT | 233 | #ifndef OPENSSL_NO_TLSEXT |
| 242 | if (in->tlsext_hostname) | 234 | if (in->tlsext_hostname) { |
| 243 | { | 235 | a.tlsext_hostname.length = strlen(in->tlsext_hostname); |
| 244 | a.tlsext_hostname.length=strlen(in->tlsext_hostname); | 236 | a.tlsext_hostname.type = V_ASN1_OCTET_STRING; |
| 245 | a.tlsext_hostname.type=V_ASN1_OCTET_STRING; | 237 | a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname; |
| 246 | a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; | 238 | } |
| 247 | } | 239 | if (in->tlsext_tick) { |
| 248 | if (in->tlsext_tick) | 240 | a.tlsext_tick.length = in->tlsext_ticklen; |
| 249 | { | 241 | a.tlsext_tick.type = V_ASN1_OCTET_STRING; |
| 250 | a.tlsext_tick.length= in->tlsext_ticklen; | 242 | a.tlsext_tick.data = (unsigned char *)in->tlsext_tick; |
| 251 | a.tlsext_tick.type=V_ASN1_OCTET_STRING; | 243 | } |
| 252 | a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; | 244 | if (in->tlsext_tick_lifetime_hint > 0) { |
| 253 | } | 245 | a.tlsext_tick_lifetime.length = LSIZE2; |
| 254 | if (in->tlsext_tick_lifetime_hint > 0) | 246 | a.tlsext_tick_lifetime.type = V_ASN1_INTEGER; |
| 255 | { | 247 | a.tlsext_tick_lifetime.data = ibuf6; |
| 256 | a.tlsext_tick_lifetime.length=LSIZE2; | 248 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); |
| 257 | a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; | 249 | } |
| 258 | a.tlsext_tick_lifetime.data=ibuf6; | ||
| 259 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | ||
| 260 | } | ||
| 261 | #endif /* OPENSSL_NO_TLSEXT */ | 250 | #endif /* OPENSSL_NO_TLSEXT */ |
| 262 | #ifndef OPENSSL_NO_PSK | 251 | #ifndef OPENSSL_NO_PSK |
| 263 | if (in->psk_identity_hint) | 252 | if (in->psk_identity_hint) { |
| 264 | { | 253 | a.psk_identity_hint.length = strlen(in->psk_identity_hint); |
| 265 | a.psk_identity_hint.length=strlen(in->psk_identity_hint); | 254 | a.psk_identity_hint.type = V_ASN1_OCTET_STRING; |
| 266 | a.psk_identity_hint.type=V_ASN1_OCTET_STRING; | 255 | a.psk_identity_hint.data = (unsigned char *)(in->psk_identity_hint); |
| 267 | a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); | 256 | } |
| 268 | } | 257 | if (in->psk_identity) { |
| 269 | if (in->psk_identity) | 258 | a.psk_identity.length = strlen(in->psk_identity); |
| 270 | { | 259 | a.psk_identity.type = V_ASN1_OCTET_STRING; |
| 271 | a.psk_identity.length=strlen(in->psk_identity); | 260 | a.psk_identity.data = (unsigned char *)(in->psk_identity); |
| 272 | a.psk_identity.type=V_ASN1_OCTET_STRING; | 261 | } |
| 273 | a.psk_identity.data=(unsigned char *)(in->psk_identity); | ||
| 274 | } | ||
| 275 | #endif /* OPENSSL_NO_PSK */ | 262 | #endif /* OPENSSL_NO_PSK */ |
| 276 | #ifndef OPENSSL_NO_SRP | 263 | #ifndef OPENSSL_NO_SRP |
| 277 | if (in->srp_username) | 264 | if (in->srp_username) { |
| 278 | { | 265 | a.srp_username.length = strlen(in->srp_username); |
| 279 | a.srp_username.length=strlen(in->srp_username); | 266 | a.srp_username.type = V_ASN1_OCTET_STRING; |
| 280 | a.srp_username.type=V_ASN1_OCTET_STRING; | 267 | a.srp_username.data = (unsigned char *)(in->srp_username); |
| 281 | a.srp_username.data=(unsigned char *)(in->srp_username); | 268 | } |
| 282 | } | ||
| 283 | #endif /* OPENSSL_NO_SRP */ | 269 | #endif /* OPENSSL_NO_SRP */ |
| 284 | 270 | ||
| 285 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 271 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| @@ -289,41 +275,41 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 289 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | 275 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 290 | #ifndef OPENSSL_NO_KRB5 | 276 | #ifndef OPENSSL_NO_KRB5 |
| 291 | if (in->krb5_client_princ_len) | 277 | if (in->krb5_client_princ_len) |
| 292 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 278 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 293 | #endif /* OPENSSL_NO_KRB5 */ | 279 | #endif /* OPENSSL_NO_KRB5 */ |
| 294 | if (in->key_arg_length > 0) | 280 | if (in->key_arg_length > 0) |
| 295 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | 281 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); |
| 296 | if (in->time != 0L) | 282 | if (in->time != 0L) |
| 297 | M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 283 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 298 | if (in->timeout != 0L) | 284 | if (in->timeout != 0L) |
| 299 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 285 | M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 300 | if (in->peer != NULL) | 286 | if (in->peer != NULL) |
| 301 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); | 287 | M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 302 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); | 288 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4); |
| 303 | if (in->verify_result != X509_V_OK) | 289 | if (in->verify_result != X509_V_OK) |
| 304 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | 290 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); |
| 305 | 291 | ||
| 306 | #ifndef OPENSSL_NO_TLSEXT | 292 | #ifndef OPENSSL_NO_TLSEXT |
| 307 | if (in->tlsext_tick_lifetime_hint > 0) | 293 | if (in->tlsext_tick_lifetime_hint > 0) |
| 308 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 294 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 309 | if (in->tlsext_tick) | 295 | if (in->tlsext_tick) |
| 310 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 296 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 311 | if (in->tlsext_hostname) | 297 | if (in->tlsext_hostname) |
| 312 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 298 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 313 | #ifndef OPENSSL_NO_COMP | 299 | #ifndef OPENSSL_NO_COMP |
| 314 | if (in->compress_meth) | 300 | if (in->compress_meth) |
| 315 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 301 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 316 | #endif | 302 | #endif |
| 317 | #endif /* OPENSSL_NO_TLSEXT */ | 303 | #endif /* OPENSSL_NO_TLSEXT */ |
| 318 | #ifndef OPENSSL_NO_PSK | 304 | #ifndef OPENSSL_NO_PSK |
| 319 | if (in->psk_identity_hint) | 305 | if (in->psk_identity_hint) |
| 320 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 306 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 321 | if (in->psk_identity) | 307 | if (in->psk_identity) |
| 322 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 308 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 323 | #endif /* OPENSSL_NO_PSK */ | 309 | #endif /* OPENSSL_NO_PSK */ |
| 324 | #ifndef OPENSSL_NO_SRP | 310 | #ifndef OPENSSL_NO_SRP |
| 325 | if (in->srp_username) | 311 | if (in->srp_username) |
| 326 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 312 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 327 | #endif /* OPENSSL_NO_SRP */ | 313 | #endif /* OPENSSL_NO_SRP */ |
| 328 | 314 | ||
| 329 | M_ASN1_I2D_seq_total(); | 315 | M_ASN1_I2D_seq_total(); |
| @@ -335,308 +321,296 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 335 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | 321 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 336 | #ifndef OPENSSL_NO_KRB5 | 322 | #ifndef OPENSSL_NO_KRB5 |
| 337 | if (in->krb5_client_princ_len) | 323 | if (in->krb5_client_princ_len) |
| 338 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 324 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 339 | #endif /* OPENSSL_NO_KRB5 */ | 325 | #endif /* OPENSSL_NO_KRB5 */ |
| 340 | if (in->key_arg_length > 0) | 326 | if (in->key_arg_length > 0) |
| 341 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | 327 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); |
| 342 | if (in->time != 0L) | 328 | if (in->time != 0L) |
| 343 | M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 329 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 344 | if (in->timeout != 0L) | 330 | if (in->timeout != 0L) |
| 345 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 331 | M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 346 | if (in->peer != NULL) | 332 | if (in->peer != NULL) |
| 347 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); | 333 | M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 348 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, | 334 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, |
| 349 | v4); | 335 | v4); |
| 350 | if (in->verify_result != X509_V_OK) | 336 | if (in->verify_result != X509_V_OK) |
| 351 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | 337 | M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); |
| 352 | #ifndef OPENSSL_NO_TLSEXT | 338 | #ifndef OPENSSL_NO_TLSEXT |
| 353 | if (in->tlsext_hostname) | 339 | if (in->tlsext_hostname) |
| 354 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 340 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 355 | #endif /* OPENSSL_NO_TLSEXT */ | 341 | #endif /* OPENSSL_NO_TLSEXT */ |
| 356 | #ifndef OPENSSL_NO_PSK | 342 | #ifndef OPENSSL_NO_PSK |
| 357 | if (in->psk_identity_hint) | 343 | if (in->psk_identity_hint) |
| 358 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 344 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 359 | if (in->psk_identity) | 345 | if (in->psk_identity) |
| 360 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 346 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 361 | #endif /* OPENSSL_NO_PSK */ | 347 | #endif /* OPENSSL_NO_PSK */ |
| 362 | #ifndef OPENSSL_NO_TLSEXT | 348 | #ifndef OPENSSL_NO_TLSEXT |
| 363 | if (in->tlsext_tick_lifetime_hint > 0) | 349 | if (in->tlsext_tick_lifetime_hint > 0) |
| 364 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 350 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 365 | if (in->tlsext_tick) | 351 | if (in->tlsext_tick) |
| 366 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 352 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 367 | #endif /* OPENSSL_NO_TLSEXT */ | 353 | #endif /* OPENSSL_NO_TLSEXT */ |
| 368 | #ifndef OPENSSL_NO_COMP | 354 | #ifndef OPENSSL_NO_COMP |
| 369 | if (in->compress_meth) | 355 | if (in->compress_meth) |
| 370 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 356 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 371 | #endif | 357 | #endif |
| 372 | #ifndef OPENSSL_NO_SRP | 358 | #ifndef OPENSSL_NO_SRP |
| 373 | if (in->srp_username) | 359 | if (in->srp_username) |
| 374 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 360 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 375 | #endif /* OPENSSL_NO_SRP */ | 361 | #endif /* OPENSSL_NO_SRP */ |
| 376 | M_ASN1_I2D_finish(); | 362 | M_ASN1_I2D_finish(); |
| 377 | } | 363 | } |
| 378 | 364 | ||
| 379 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | 365 | SSL_SESSION |
| 380 | long length) | 366 | *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
| 381 | { | 367 | long length) |
| 382 | int ssl_version=0,i; | 368 | { |
| 369 | int ssl_version = 0, i; | ||
| 383 | long id; | 370 | long id; |
| 384 | ASN1_INTEGER ai,*aip; | 371 | ASN1_INTEGER ai, *aip; |
| 385 | ASN1_OCTET_STRING os,*osp; | 372 | ASN1_OCTET_STRING os, *osp; |
| 386 | M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); | 373 | M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new); |
| 387 | 374 | ||
| 388 | aip= &ai; | 375 | aip = &ai; |
| 389 | osp= &os; | 376 | osp = &os; |
| 390 | 377 | ||
| 391 | M_ASN1_D2I_Init(); | 378 | M_ASN1_D2I_Init(); |
| 392 | M_ASN1_D2I_start_sequence(); | 379 | M_ASN1_D2I_start_sequence(); |
| 393 | 380 | ||
| 394 | ai.data=NULL; ai.length=0; | 381 | ai.data = NULL; |
| 395 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 382 | ai.length = 0; |
| 396 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 383 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 384 | if (ai.data != NULL) { | ||
| 385 | OPENSSL_free(ai.data); | ||
| 386 | ai.data = NULL; | ||
| 387 | ai.length = 0; | ||
| 388 | } | ||
| 397 | 389 | ||
| 398 | /* we don't care about the version right now :-) */ | 390 | /* we don't care about the version right now :-) */ |
| 399 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 391 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 400 | ssl_version=(int)ASN1_INTEGER_get(aip); | 392 | ssl_version = (int)ASN1_INTEGER_get(aip); |
| 401 | ret->ssl_version=ssl_version; | 393 | ret->ssl_version = ssl_version; |
| 402 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 394 | if (ai.data != NULL) { |
| 403 | 395 | OPENSSL_free(ai.data); | |
| 404 | os.data=NULL; os.length=0; | 396 | ai.data = NULL; |
| 405 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 397 | ai.length = 0; |
| 406 | if (ssl_version == SSL2_VERSION) | 398 | } |
| 407 | { | 399 | |
| 408 | if (os.length != 3) | 400 | os.data = NULL; |
| 409 | { | 401 | os.length = 0; |
| 410 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 402 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 403 | if (ssl_version == SSL2_VERSION) { | ||
| 404 | if (os.length != 3) { | ||
| 405 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 411 | goto err; | 406 | goto err; |
| 412 | } | ||
| 413 | id=0x02000000L| | ||
| 414 | ((unsigned long)os.data[0]<<16L)| | ||
| 415 | ((unsigned long)os.data[1]<< 8L)| | ||
| 416 | (unsigned long)os.data[2]; | ||
| 417 | } | 407 | } |
| 418 | else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 408 | id = 0x02000000L| |
| 419 | { | 409 | ((unsigned long)os.data[0]<<16L)| |
| 420 | if (os.length != 2) | 410 | ((unsigned long)os.data[1]<< 8L)| |
| 421 | { | 411 | (unsigned long)os.data[2]; |
| 422 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 412 | } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { |
| 413 | if (os.length != 2) { | ||
| 414 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 423 | goto err; | 415 | goto err; |
| 424 | } | ||
| 425 | id=0x03000000L| | ||
| 426 | ((unsigned long)os.data[0]<<8L)| | ||
| 427 | (unsigned long)os.data[1]; | ||
| 428 | } | 416 | } |
| 429 | else | 417 | id = 0x03000000L| |
| 430 | { | 418 | ((unsigned long)os.data[0]<<8L)| |
| 431 | c.error=SSL_R_UNKNOWN_SSL_VERSION; | 419 | (unsigned long)os.data[1]; |
| 420 | } else { | ||
| 421 | c.error = SSL_R_UNKNOWN_SSL_VERSION; | ||
| 432 | goto err; | 422 | goto err; |
| 433 | } | 423 | } |
| 434 | 424 | ||
| 435 | ret->cipher=NULL; | 425 | ret->cipher = NULL; |
| 436 | ret->cipher_id=id; | 426 | ret->cipher_id = id; |
| 437 | 427 | ||
| 438 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 428 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 439 | if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 429 | if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 440 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; | 430 | i = SSL3_MAX_SSL_SESSION_ID_LENGTH; |
| 441 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ | 431 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ |
| 442 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 432 | i = SSL2_MAX_SSL_SESSION_ID_LENGTH; |
| 443 | 433 | ||
| 444 | if (os.length > i) | 434 | if (os.length > i) |
| 445 | os.length = i; | 435 | os.length = i; |
| 446 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ | 436 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ |
| 447 | os.length = sizeof(ret->session_id); | 437 | os.length = sizeof(ret->session_id); |
| 448 | 438 | ||
| 449 | ret->session_id_length=os.length; | 439 | ret->session_id_length = os.length; |
| 450 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); | 440 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); |
| 451 | memcpy(ret->session_id,os.data,os.length); | 441 | memcpy(ret->session_id, os.data, os.length); |
| 452 | 442 | ||
| 453 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 443 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 454 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) | 444 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) |
| 455 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | 445 | ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; |
| 456 | else | 446 | else |
| 457 | ret->master_key_length=os.length; | 447 | ret->master_key_length = os.length; |
| 458 | memcpy(ret->master_key,os.data,ret->master_key_length); | 448 | memcpy(ret->master_key, os.data, ret->master_key_length); |
| 459 | 449 | ||
| 460 | os.length=0; | 450 | os.length = 0; |
| 461 | 451 | ||
| 462 | #ifndef OPENSSL_NO_KRB5 | 452 | #ifndef OPENSSL_NO_KRB5 |
| 463 | os.length=0; | 453 | os.length = 0; |
| 464 | M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); | 454 | M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); |
| 465 | if (os.data) | 455 | if (os.data) { |
| 466 | { | 456 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) |
| 467 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) | 457 | ret->krb5_client_princ_len = 0; |
| 468 | ret->krb5_client_princ_len=0; | ||
| 469 | else | 458 | else |
| 470 | ret->krb5_client_princ_len=os.length; | 459 | ret->krb5_client_princ_len = os.length; |
| 471 | memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); | 460 | memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len); |
| 472 | OPENSSL_free(os.data); | 461 | OPENSSL_free(os.data); |
| 473 | os.data = NULL; | 462 | os.data = NULL; |
| 474 | os.length = 0; | 463 | os.length = 0; |
| 475 | } | 464 | } else |
| 476 | else | 465 | ret->krb5_client_princ_len = 0; |
| 477 | ret->krb5_client_princ_len=0; | ||
| 478 | #endif /* OPENSSL_NO_KRB5 */ | 466 | #endif /* OPENSSL_NO_KRB5 */ |
| 479 | 467 | ||
| 480 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | 468 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); |
| 481 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | 469 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) |
| 482 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | 470 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; |
| 483 | else | 471 | else |
| 484 | ret->key_arg_length=os.length; | 472 | ret->key_arg_length = os.length; |
| 485 | memcpy(ret->key_arg,os.data,ret->key_arg_length); | 473 | memcpy(ret->key_arg, os.data, ret->key_arg_length); |
| 486 | if (os.data != NULL) OPENSSL_free(os.data); | 474 | if (os.data != NULL) |
| 487 | 475 | OPENSSL_free(os.data); | |
| 488 | ai.length=0; | ||
| 489 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); | ||
| 490 | if (ai.data != NULL) | ||
| 491 | { | ||
| 492 | ret->time=ASN1_INTEGER_get(aip); | ||
| 493 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 494 | } | ||
| 495 | else | ||
| 496 | ret->time=(unsigned long)time(NULL); | ||
| 497 | |||
| 498 | ai.length=0; | ||
| 499 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); | ||
| 500 | if (ai.data != NULL) | ||
| 501 | { | ||
| 502 | ret->timeout=ASN1_INTEGER_get(aip); | ||
| 503 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 504 | } | ||
| 505 | else | ||
| 506 | ret->timeout=3; | ||
| 507 | 476 | ||
| 508 | if (ret->peer != NULL) | 477 | ai.length = 0; |
| 509 | { | 478 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); |
| 479 | if (ai.data != NULL) { | ||
| 480 | ret->time = ASN1_INTEGER_get(aip); | ||
| 481 | OPENSSL_free(ai.data); | ||
| 482 | ai.data = NULL; | ||
| 483 | ai.length = 0; | ||
| 484 | } else | ||
| 485 | ret->time = (unsigned long)time(NULL); | ||
| 486 | |||
| 487 | ai.length = 0; | ||
| 488 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | ||
| 489 | if (ai.data != NULL) { | ||
| 490 | ret->timeout = ASN1_INTEGER_get(aip); | ||
| 491 | OPENSSL_free(ai.data); | ||
| 492 | ai.data = NULL; | ||
| 493 | ai.length = 0; | ||
| 494 | } else | ||
| 495 | ret->timeout = 3; | ||
| 496 | |||
| 497 | if (ret->peer != NULL) { | ||
| 510 | X509_free(ret->peer); | 498 | X509_free(ret->peer); |
| 511 | ret->peer=NULL; | 499 | ret->peer = NULL; |
| 512 | } | 500 | } |
| 513 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); | 501 | M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3); |
| 514 | 502 | ||
| 515 | os.length=0; | 503 | os.length = 0; |
| 516 | os.data=NULL; | 504 | os.data = NULL; |
| 517 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); | 505 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4); |
| 518 | 506 | ||
| 519 | if(os.data != NULL) | 507 | if (os.data != NULL) { |
| 520 | { | 508 | if (os.length > SSL_MAX_SID_CTX_LENGTH) { |
| 521 | if (os.length > SSL_MAX_SID_CTX_LENGTH) | 509 | c.error = SSL_R_BAD_LENGTH; |
| 522 | { | 510 | goto err; |
| 523 | c.error=SSL_R_BAD_LENGTH; | 511 | } else { |
| 524 | goto err; | 512 | ret->sid_ctx_length = os.length; |
| 525 | } | 513 | memcpy(ret->sid_ctx, os.data, os.length); |
| 526 | else | ||
| 527 | { | ||
| 528 | ret->sid_ctx_length=os.length; | ||
| 529 | memcpy(ret->sid_ctx,os.data,os.length); | ||
| 530 | } | ||
| 531 | OPENSSL_free(os.data); os.data=NULL; os.length=0; | ||
| 532 | } | ||
| 533 | else | ||
| 534 | ret->sid_ctx_length=0; | ||
| 535 | |||
| 536 | ai.length=0; | ||
| 537 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); | ||
| 538 | if (ai.data != NULL) | ||
| 539 | { | ||
| 540 | ret->verify_result=ASN1_INTEGER_get(aip); | ||
| 541 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 542 | } | 514 | } |
| 543 | else | 515 | OPENSSL_free(os.data); |
| 544 | ret->verify_result=X509_V_OK; | 516 | os.data = NULL; |
| 517 | os.length = 0; | ||
| 518 | } else | ||
| 519 | ret->sid_ctx_length = 0; | ||
| 520 | |||
| 521 | ai.length = 0; | ||
| 522 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5); | ||
| 523 | if (ai.data != NULL) { | ||
| 524 | ret->verify_result = ASN1_INTEGER_get(aip); | ||
| 525 | OPENSSL_free(ai.data); | ||
| 526 | ai.data = NULL; | ||
| 527 | ai.length = 0; | ||
| 528 | } else | ||
| 529 | ret->verify_result = X509_V_OK; | ||
| 545 | 530 | ||
| 546 | #ifndef OPENSSL_NO_TLSEXT | 531 | #ifndef OPENSSL_NO_TLSEXT |
| 547 | os.length=0; | 532 | os.length = 0; |
| 548 | os.data=NULL; | 533 | os.data = NULL; |
| 549 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); | 534 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); |
| 550 | if (os.data) | 535 | if (os.data) { |
| 551 | { | ||
| 552 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); | 536 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); |
| 553 | OPENSSL_free(os.data); | 537 | OPENSSL_free(os.data); |
| 554 | os.data = NULL; | 538 | os.data = NULL; |
| 555 | os.length = 0; | 539 | os.length = 0; |
| 556 | } | 540 | } else |
| 557 | else | 541 | ret->tlsext_hostname = NULL; |
| 558 | ret->tlsext_hostname=NULL; | ||
| 559 | #endif /* OPENSSL_NO_TLSEXT */ | 542 | #endif /* OPENSSL_NO_TLSEXT */ |
| 560 | 543 | ||
| 561 | #ifndef OPENSSL_NO_PSK | 544 | #ifndef OPENSSL_NO_PSK |
| 562 | os.length=0; | 545 | os.length = 0; |
| 563 | os.data=NULL; | 546 | os.data = NULL; |
| 564 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); | 547 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 7); |
| 565 | if (os.data) | 548 | if (os.data) { |
| 566 | { | ||
| 567 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); | 549 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); |
| 568 | OPENSSL_free(os.data); | 550 | OPENSSL_free(os.data); |
| 569 | os.data = NULL; | 551 | os.data = NULL; |
| 570 | os.length = 0; | 552 | os.length = 0; |
| 571 | } | 553 | } else |
| 572 | else | 554 | ret->psk_identity_hint = NULL; |
| 573 | ret->psk_identity_hint=NULL; | ||
| 574 | 555 | ||
| 575 | os.length=0; | 556 | os.length = 0; |
| 576 | os.data=NULL; | 557 | os.data = NULL; |
| 577 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8); | 558 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 8); |
| 578 | if (os.data) | 559 | if (os.data) { |
| 579 | { | ||
| 580 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); | 560 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); |
| 581 | OPENSSL_free(os.data); | 561 | OPENSSL_free(os.data); |
| 582 | os.data = NULL; | 562 | os.data = NULL; |
| 583 | os.length = 0; | 563 | os.length = 0; |
| 584 | } | 564 | } else |
| 585 | else | 565 | ret->psk_identity = NULL; |
| 586 | ret->psk_identity=NULL; | ||
| 587 | #endif /* OPENSSL_NO_PSK */ | 566 | #endif /* OPENSSL_NO_PSK */ |
| 588 | 567 | ||
| 589 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 590 | ai.length=0; | 569 | ai.length = 0; |
| 591 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | 570 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); |
| 592 | if (ai.data != NULL) | 571 | if (ai.data != NULL) { |
| 593 | { | 572 | ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip); |
| 594 | ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); | 573 | OPENSSL_free(ai.data); |
| 595 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | 574 | ai.data = NULL; |
| 596 | } | 575 | ai.length = 0; |
| 597 | else if (ret->tlsext_ticklen && ret->session_id_length) | 576 | } else if (ret->tlsext_ticklen && ret->session_id_length) |
| 598 | ret->tlsext_tick_lifetime_hint = -1; | 577 | ret->tlsext_tick_lifetime_hint = -1; |
| 599 | else | 578 | else |
| 600 | ret->tlsext_tick_lifetime_hint=0; | 579 | ret->tlsext_tick_lifetime_hint = 0; |
| 601 | os.length=0; | 580 | os.length = 0; |
| 602 | os.data=NULL; | 581 | os.data = NULL; |
| 603 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); | 582 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10); |
| 604 | if (os.data) | 583 | if (os.data) { |
| 605 | { | ||
| 606 | ret->tlsext_tick = os.data; | 584 | ret->tlsext_tick = os.data; |
| 607 | ret->tlsext_ticklen = os.length; | 585 | ret->tlsext_ticklen = os.length; |
| 608 | os.data = NULL; | 586 | os.data = NULL; |
| 609 | os.length = 0; | 587 | os.length = 0; |
| 610 | } | 588 | } else |
| 611 | else | 589 | ret->tlsext_tick = NULL; |
| 612 | ret->tlsext_tick=NULL; | ||
| 613 | #endif /* OPENSSL_NO_TLSEXT */ | 590 | #endif /* OPENSSL_NO_TLSEXT */ |
| 614 | #ifndef OPENSSL_NO_COMP | 591 | #ifndef OPENSSL_NO_COMP |
| 615 | os.length=0; | 592 | os.length = 0; |
| 616 | os.data=NULL; | 593 | os.data = NULL; |
| 617 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); | 594 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11); |
| 618 | if (os.data) | 595 | if (os.data) { |
| 619 | { | ||
| 620 | ret->compress_meth = os.data[0]; | 596 | ret->compress_meth = os.data[0]; |
| 621 | OPENSSL_free(os.data); | 597 | OPENSSL_free(os.data); |
| 622 | os.data = NULL; | 598 | os.data = NULL; |
| 623 | } | 599 | } |
| 624 | #endif | 600 | #endif |
| 625 | 601 | ||
| 626 | #ifndef OPENSSL_NO_SRP | 602 | #ifndef OPENSSL_NO_SRP |
| 627 | os.length=0; | 603 | os.length = 0; |
| 628 | os.data=NULL; | 604 | os.data = NULL; |
| 629 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12); | 605 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12); |
| 630 | if (os.data) | 606 | if (os.data) { |
| 631 | { | ||
| 632 | ret->srp_username = BUF_strndup((char *)os.data, os.length); | 607 | ret->srp_username = BUF_strndup((char *)os.data, os.length); |
| 633 | OPENSSL_free(os.data); | 608 | OPENSSL_free(os.data); |
| 634 | os.data = NULL; | 609 | os.data = NULL; |
| 635 | os.length = 0; | 610 | os.length = 0; |
| 636 | } | 611 | } else |
| 637 | else | 612 | ret->srp_username = NULL; |
| 638 | ret->srp_username=NULL; | ||
| 639 | #endif /* OPENSSL_NO_SRP */ | 613 | #endif /* OPENSSL_NO_SRP */ |
| 640 | 614 | ||
| 641 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 615 | M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); |
| 642 | } | 616 | } |
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 1aaddc351f..79eb4ee031 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -132,36 +132,36 @@ | |||
| 132 | #include <openssl/bn.h> | 132 | #include <openssl/bn.h> |
| 133 | #include "ssl_locl.h" | 133 | #include "ssl_locl.h" |
| 134 | 134 | ||
| 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) | 135 | int |
| 136 | { | 136 | SSL_get_ex_data_X509_STORE_CTX_idx(void) |
| 137 | static volatile int ssl_x509_store_ctx_idx= -1; | 137 | { |
| 138 | static volatile int ssl_x509_store_ctx_idx = -1; | ||
| 138 | int got_write_lock = 0; | 139 | int got_write_lock = 0; |
| 139 | 140 | ||
| 140 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 141 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 141 | 142 | ||
| 142 | if (ssl_x509_store_ctx_idx < 0) | 143 | if (ssl_x509_store_ctx_idx < 0) { |
| 143 | { | ||
| 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 146 | got_write_lock = 1; | 146 | got_write_lock = 1; |
| 147 | 147 | ||
| 148 | if (ssl_x509_store_ctx_idx < 0) | 148 | if (ssl_x509_store_ctx_idx < 0) { |
| 149 | { | 149 | ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( |
| 150 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | 150 | 0, "SSL for verify callback", NULL, NULL, NULL); |
| 151 | 0,"SSL for verify callback",NULL,NULL,NULL); | ||
| 152 | } | ||
| 153 | } | 151 | } |
| 152 | } | ||
| 154 | 153 | ||
| 155 | if (got_write_lock) | 154 | if (got_write_lock) |
| 156 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 155 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 157 | else | 156 | else |
| 158 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 157 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 159 | 158 | ||
| 160 | return ssl_x509_store_ctx_idx; | 159 | return ssl_x509_store_ctx_idx; |
| 161 | } | 160 | } |
| 162 | 161 | ||
| 163 | static void ssl_cert_set_default_md(CERT *cert) | 162 | static void |
| 164 | { | 163 | ssl_cert_set_default_md(CERT *cert) |
| 164 | { | ||
| 165 | /* Set digest values to defaults */ | 165 | /* Set digest values to defaults */ |
| 166 | #ifndef OPENSSL_NO_DSA | 166 | #ifndef OPENSSL_NO_DSA |
| 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); |
| @@ -173,37 +173,37 @@ static void ssl_cert_set_default_md(CERT *cert) | |||
| 173 | #ifndef OPENSSL_NO_ECDSA | 173 | #ifndef OPENSSL_NO_ECDSA |
| 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 175 | #endif | 175 | #endif |
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | CERT *ssl_cert_new(void) | 178 | CERT |
| 179 | { | 179 | *ssl_cert_new(void) |
| 180 | { | ||
| 180 | CERT *ret; | 181 | CERT *ret; |
| 181 | 182 | ||
| 182 | ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); | 183 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 183 | if (ret == NULL) | 184 | if (ret == NULL) { |
| 184 | { | 185 | SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 185 | SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); | 186 | return (NULL); |
| 186 | return(NULL); | 187 | } |
| 187 | } | 188 | memset(ret, 0, sizeof(CERT)); |
| 188 | memset(ret,0,sizeof(CERT)); | ||
| 189 | 189 | ||
| 190 | ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); | 190 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); |
| 191 | ret->references=1; | 191 | ret->references = 1; |
| 192 | ssl_cert_set_default_md(ret); | 192 | ssl_cert_set_default_md(ret); |
| 193 | return(ret); | 193 | return (ret); |
| 194 | } | 194 | } |
| 195 | 195 | ||
| 196 | CERT *ssl_cert_dup(CERT *cert) | 196 | CERT |
| 197 | { | 197 | *ssl_cert_dup(CERT *cert) |
| 198 | { | ||
| 198 | CERT *ret; | 199 | CERT *ret; |
| 199 | int i; | 200 | int i; |
| 200 | 201 | ||
| 201 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); | 202 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 202 | if (ret == NULL) | 203 | if (ret == NULL) { |
| 203 | { | ||
| 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); | 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); |
| 205 | return(NULL); | 205 | return (NULL); |
| 206 | } | 206 | } |
| 207 | 207 | ||
| 208 | memset(ret, 0, sizeof(CERT)); | 208 | memset(ret, 0, sizeof(CERT)); |
| 209 | 209 | ||
| @@ -218,77 +218,64 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 218 | ret->export_mask_a = cert->export_mask_a; | 218 | ret->export_mask_a = cert->export_mask_a; |
| 219 | 219 | ||
| 220 | #ifndef OPENSSL_NO_RSA | 220 | #ifndef OPENSSL_NO_RSA |
| 221 | if (cert->rsa_tmp != NULL) | 221 | if (cert->rsa_tmp != NULL) { |
| 222 | { | ||
| 223 | RSA_up_ref(cert->rsa_tmp); | 222 | RSA_up_ref(cert->rsa_tmp); |
| 224 | ret->rsa_tmp = cert->rsa_tmp; | 223 | ret->rsa_tmp = cert->rsa_tmp; |
| 225 | } | 224 | } |
| 226 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; | 225 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | #ifndef OPENSSL_NO_DH | 228 | #ifndef OPENSSL_NO_DH |
| 230 | if (cert->dh_tmp != NULL) | 229 | if (cert->dh_tmp != NULL) { |
| 231 | { | ||
| 232 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 230 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); |
| 233 | if (ret->dh_tmp == NULL) | 231 | if (ret->dh_tmp == NULL) { |
| 234 | { | ||
| 235 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); | 232 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); |
| 236 | goto err; | 233 | goto err; |
| 237 | } | 234 | } |
| 238 | if (cert->dh_tmp->priv_key) | 235 | if (cert->dh_tmp->priv_key) { |
| 239 | { | ||
| 240 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | 236 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); |
| 241 | if (!b) | 237 | if (!b) { |
| 242 | { | ||
| 243 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 238 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 244 | goto err; | 239 | goto err; |
| 245 | } | ||
| 246 | ret->dh_tmp->priv_key = b; | ||
| 247 | } | 240 | } |
| 248 | if (cert->dh_tmp->pub_key) | 241 | ret->dh_tmp->priv_key = b; |
| 249 | { | 242 | } |
| 243 | if (cert->dh_tmp->pub_key) { | ||
| 250 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | 244 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); |
| 251 | if (!b) | 245 | if (!b) { |
| 252 | { | ||
| 253 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 246 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 254 | goto err; | 247 | goto err; |
| 255 | } | ||
| 256 | ret->dh_tmp->pub_key = b; | ||
| 257 | } | 248 | } |
| 249 | ret->dh_tmp->pub_key = b; | ||
| 258 | } | 250 | } |
| 251 | } | ||
| 259 | ret->dh_tmp_cb = cert->dh_tmp_cb; | 252 | ret->dh_tmp_cb = cert->dh_tmp_cb; |
| 260 | #endif | 253 | #endif |
| 261 | 254 | ||
| 262 | #ifndef OPENSSL_NO_ECDH | 255 | #ifndef OPENSSL_NO_ECDH |
| 263 | if (cert->ecdh_tmp) | 256 | if (cert->ecdh_tmp) { |
| 264 | { | ||
| 265 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | 257 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); |
| 266 | if (ret->ecdh_tmp == NULL) | 258 | if (ret->ecdh_tmp == NULL) { |
| 267 | { | ||
| 268 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | 259 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); |
| 269 | goto err; | 260 | goto err; |
| 270 | } | ||
| 271 | } | 261 | } |
| 262 | } | ||
| 272 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | 263 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; |
| 273 | #endif | 264 | #endif |
| 274 | 265 | ||
| 275 | for (i = 0; i < SSL_PKEY_NUM; i++) | 266 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 276 | { | 267 | if (cert->pkeys[i].x509 != NULL) { |
| 277 | if (cert->pkeys[i].x509 != NULL) | ||
| 278 | { | ||
| 279 | ret->pkeys[i].x509 = cert->pkeys[i].x509; | 268 | ret->pkeys[i].x509 = cert->pkeys[i].x509; |
| 280 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, | 269 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, |
| 281 | CRYPTO_LOCK_X509); | 270 | CRYPTO_LOCK_X509); |
| 282 | } | 271 | } |
| 283 | 272 | ||
| 284 | if (cert->pkeys[i].privatekey != NULL) | 273 | if (cert->pkeys[i].privatekey != NULL) { |
| 285 | { | ||
| 286 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; | 274 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; |
| 287 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, | 275 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, |
| 288 | CRYPTO_LOCK_EVP_PKEY); | 276 | CRYPTO_LOCK_EVP_PKEY); |
| 289 | 277 | ||
| 290 | switch(i) | 278 | switch (i) { |
| 291 | { | ||
| 292 | /* If there was anything special to do for | 279 | /* If there was anything special to do for |
| 293 | * certain types of keys, we'd do it here. | 280 | * certain types of keys, we'd do it here. |
| 294 | * (Nothing at the moment, I think.) */ | 281 | * (Nothing at the moment, I think.) */ |
| @@ -297,11 +284,11 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 297 | case SSL_PKEY_RSA_SIGN: | 284 | case SSL_PKEY_RSA_SIGN: |
| 298 | /* We have an RSA key. */ | 285 | /* We have an RSA key. */ |
| 299 | break; | 286 | break; |
| 300 | 287 | ||
| 301 | case SSL_PKEY_DSA_SIGN: | 288 | case SSL_PKEY_DSA_SIGN: |
| 302 | /* We have a DSA key. */ | 289 | /* We have a DSA key. */ |
| 303 | break; | 290 | break; |
| 304 | 291 | ||
| 305 | case SSL_PKEY_DH_RSA: | 292 | case SSL_PKEY_DH_RSA: |
| 306 | case SSL_PKEY_DH_DSA: | 293 | case SSL_PKEY_DH_DSA: |
| 307 | /* We have a DH key. */ | 294 | /* We have a DH key. */ |
| @@ -314,21 +301,21 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 314 | default: | 301 | default: |
| 315 | /* Can't happen. */ | 302 | /* Can't happen. */ |
| 316 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | 303 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); |
| 317 | } | ||
| 318 | } | 304 | } |
| 319 | } | 305 | } |
| 320 | 306 | } | |
| 307 | |||
| 321 | /* ret->extra_certs *should* exist, but currently the own certificate | 308 | /* ret->extra_certs *should* exist, but currently the own certificate |
| 322 | * chain is held inside SSL_CTX */ | 309 | * chain is held inside SSL_CTX */ |
| 323 | 310 | ||
| 324 | ret->references=1; | 311 | ret->references = 1; |
| 325 | /* Set digests to defaults. NB: we don't copy existing values as they | 312 | /* Set digests to defaults. NB: we don't copy existing values as they |
| 326 | * will be set during handshake. | 313 | * will be set during handshake. |
| 327 | */ | 314 | */ |
| 328 | ssl_cert_set_default_md(ret); | 315 | ssl_cert_set_default_md(ret); |
| 329 | 316 | ||
| 330 | return(ret); | 317 | return (ret); |
| 331 | 318 | ||
| 332 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) | 319 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) |
| 333 | err: | 320 | err: |
| 334 | #endif | 321 | #endif |
| @@ -345,50 +332,52 @@ err: | |||
| 345 | EC_KEY_free(ret->ecdh_tmp); | 332 | EC_KEY_free(ret->ecdh_tmp); |
| 346 | #endif | 333 | #endif |
| 347 | 334 | ||
| 348 | for (i = 0; i < SSL_PKEY_NUM; i++) | 335 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 349 | { | ||
| 350 | if (ret->pkeys[i].x509 != NULL) | 336 | if (ret->pkeys[i].x509 != NULL) |
| 351 | X509_free(ret->pkeys[i].x509); | 337 | X509_free(ret->pkeys[i].x509); |
| 352 | if (ret->pkeys[i].privatekey != NULL) | 338 | if (ret->pkeys[i].privatekey != NULL) |
| 353 | EVP_PKEY_free(ret->pkeys[i].privatekey); | 339 | EVP_PKEY_free(ret->pkeys[i].privatekey); |
| 354 | } | 340 | } |
| 355 | 341 | ||
| 356 | return NULL; | 342 | return NULL; |
| 357 | } | 343 | } |
| 358 | 344 | ||
| 359 | 345 | ||
| 360 | void ssl_cert_free(CERT *c) | 346 | void |
| 361 | { | 347 | ssl_cert_free(CERT *c) |
| 348 | { | ||
| 362 | int i; | 349 | int i; |
| 363 | 350 | ||
| 364 | if(c == NULL) | 351 | if (c == NULL) |
| 365 | return; | 352 | return; |
| 366 | 353 | ||
| 367 | i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); | 354 | i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); |
| 368 | #ifdef REF_PRINT | 355 | #ifdef REF_PRINT |
| 369 | REF_PRINT("CERT",c); | 356 | REF_PRINT("CERT", c); |
| 370 | #endif | 357 | #endif |
| 371 | if (i > 0) return; | 358 | if (i > 0) |
| 359 | return; | ||
| 372 | #ifdef REF_CHECK | 360 | #ifdef REF_CHECK |
| 373 | if (i < 0) | 361 | if (i < 0) { |
| 374 | { | 362 | fprintf(stderr, "ssl_cert_free, bad reference count\n"); |
| 375 | fprintf(stderr,"ssl_cert_free, bad reference count\n"); | ||
| 376 | abort(); /* ok */ | 363 | abort(); /* ok */ |
| 377 | } | 364 | } |
| 378 | #endif | 365 | #endif |
| 379 | 366 | ||
| 380 | #ifndef OPENSSL_NO_RSA | 367 | #ifndef OPENSSL_NO_RSA |
| 381 | if (c->rsa_tmp) RSA_free(c->rsa_tmp); | 368 | if (c->rsa_tmp) |
| 369 | RSA_free(c->rsa_tmp); | ||
| 382 | #endif | 370 | #endif |
| 383 | #ifndef OPENSSL_NO_DH | 371 | #ifndef OPENSSL_NO_DH |
| 384 | if (c->dh_tmp) DH_free(c->dh_tmp); | 372 | if (c->dh_tmp) |
| 373 | DH_free(c->dh_tmp); | ||
| 385 | #endif | 374 | #endif |
| 386 | #ifndef OPENSSL_NO_ECDH | 375 | #ifndef OPENSSL_NO_ECDH |
| 387 | if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); | 376 | if (c->ecdh_tmp) |
| 377 | EC_KEY_free(c->ecdh_tmp); | ||
| 388 | #endif | 378 | #endif |
| 389 | 379 | ||
| 390 | for (i=0; i<SSL_PKEY_NUM; i++) | 380 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 391 | { | ||
| 392 | if (c->pkeys[i].x509 != NULL) | 381 | if (c->pkeys[i].x509 != NULL) |
| 393 | X509_free(c->pkeys[i].x509); | 382 | X509_free(c->pkeys[i].x509); |
| 394 | if (c->pkeys[i].privatekey != NULL) | 383 | if (c->pkeys[i].privatekey != NULL) |
| @@ -397,12 +386,13 @@ void ssl_cert_free(CERT *c) | |||
| 397 | if (c->pkeys[i].publickey != NULL) | 386 | if (c->pkeys[i].publickey != NULL) |
| 398 | EVP_PKEY_free(c->pkeys[i].publickey); | 387 | EVP_PKEY_free(c->pkeys[i].publickey); |
| 399 | #endif | 388 | #endif |
| 400 | } | ||
| 401 | OPENSSL_free(c); | ||
| 402 | } | 389 | } |
| 390 | OPENSSL_free(c); | ||
| 391 | } | ||
| 403 | 392 | ||
| 404 | int ssl_cert_inst(CERT **o) | 393 | int |
| 405 | { | 394 | ssl_cert_inst(CERT **o) |
| 395 | { | ||
| 406 | /* Create a CERT if there isn't already one | 396 | /* Create a CERT if there isn't already one |
| 407 | * (which cannot really happen, as it is initially created in | 397 | * (which cannot really happen, as it is initially created in |
| 408 | * SSL_CTX_new; but the earlier code usually allows for that one | 398 | * SSL_CTX_new; but the earlier code usually allows for that one |
| @@ -412,44 +402,42 @@ int ssl_cert_inst(CERT **o) | |||
| 412 | * s->cert being NULL, otherwise we could do without the | 402 | * s->cert being NULL, otherwise we could do without the |
| 413 | * initialization in SSL_CTX_new). | 403 | * initialization in SSL_CTX_new). |
| 414 | */ | 404 | */ |
| 415 | 405 | ||
| 416 | if (o == NULL) | 406 | if (o == NULL) { |
| 417 | { | ||
| 418 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); | 407 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); |
| 419 | return(0); | 408 | return (0); |
| 420 | } | 409 | } |
| 421 | if (*o == NULL) | 410 | if (*o == NULL) { |
| 422 | { | 411 | if ((*o = ssl_cert_new()) == NULL) { |
| 423 | if ((*o = ssl_cert_new()) == NULL) | ||
| 424 | { | ||
| 425 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); | 412 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); |
| 426 | return(0); | 413 | return (0); |
| 427 | } | ||
| 428 | } | 414 | } |
| 429 | return(1); | ||
| 430 | } | 415 | } |
| 416 | return (1); | ||
| 417 | } | ||
| 431 | 418 | ||
| 432 | 419 | ||
| 433 | SESS_CERT *ssl_sess_cert_new(void) | 420 | SESS_CERT |
| 434 | { | 421 | *ssl_sess_cert_new(void) |
| 422 | { | ||
| 435 | SESS_CERT *ret; | 423 | SESS_CERT *ret; |
| 436 | 424 | ||
| 437 | ret = OPENSSL_malloc(sizeof *ret); | 425 | ret = OPENSSL_malloc(sizeof *ret); |
| 438 | if (ret == NULL) | 426 | if (ret == NULL) { |
| 439 | { | ||
| 440 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); | 427 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 441 | return NULL; | 428 | return NULL; |
| 442 | } | 429 | } |
| 443 | 430 | ||
| 444 | memset(ret, 0 ,sizeof *ret); | 431 | memset(ret, 0 , sizeof *ret); |
| 445 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | 432 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); |
| 446 | ret->references = 1; | 433 | ret->references = 1; |
| 447 | 434 | ||
| 448 | return ret; | 435 | return ret; |
| 449 | } | 436 | } |
| 450 | 437 | ||
| 451 | void ssl_sess_cert_free(SESS_CERT *sc) | 438 | void |
| 452 | { | 439 | ssl_sess_cert_free(SESS_CERT *sc) |
| 440 | { | ||
| 453 | int i; | 441 | int i; |
| 454 | 442 | ||
| 455 | if (sc == NULL) | 443 | if (sc == NULL) |
| @@ -462,27 +450,25 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 462 | if (i > 0) | 450 | if (i > 0) |
| 463 | return; | 451 | return; |
| 464 | #ifdef REF_CHECK | 452 | #ifdef REF_CHECK |
| 465 | if (i < 0) | 453 | if (i < 0) { |
| 466 | { | 454 | fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); |
| 467 | fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); | ||
| 468 | abort(); /* ok */ | 455 | abort(); /* ok */ |
| 469 | } | 456 | } |
| 470 | #endif | 457 | #endif |
| 471 | 458 | ||
| 472 | /* i == 0 */ | 459 | /* i == 0 */ |
| 473 | if (sc->cert_chain != NULL) | 460 | if (sc->cert_chain != NULL) |
| 474 | sk_X509_pop_free(sc->cert_chain, X509_free); | 461 | sk_X509_pop_free(sc->cert_chain, X509_free); |
| 475 | for (i = 0; i < SSL_PKEY_NUM; i++) | 462 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 476 | { | ||
| 477 | if (sc->peer_pkeys[i].x509 != NULL) | 463 | if (sc->peer_pkeys[i].x509 != NULL) |
| 478 | X509_free(sc->peer_pkeys[i].x509); | 464 | X509_free(sc->peer_pkeys[i].x509); |
| 479 | #if 0 /* We don't have the peer's private key. These lines are just | 465 | #if 0 /* We don't have the peer's private key. These lines are just |
| 480 | * here as a reminder that we're still using a not-quite-appropriate | 466 | * here as a reminder that we're still using a not-quite-appropriate |
| 481 | * data structure. */ | 467 | * data structure. */ |
| 482 | if (sc->peer_pkeys[i].privatekey != NULL) | 468 | if (sc->peer_pkeys[i].privatekey != NULL) |
| 483 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); | 469 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); |
| 484 | #endif | 470 | #endif |
| 485 | } | 471 | } |
| 486 | 472 | ||
| 487 | #ifndef OPENSSL_NO_RSA | 473 | #ifndef OPENSSL_NO_RSA |
| 488 | if (sc->peer_rsa_tmp != NULL) | 474 | if (sc->peer_rsa_tmp != NULL) |
| @@ -498,34 +484,35 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 498 | #endif | 484 | #endif |
| 499 | 485 | ||
| 500 | OPENSSL_free(sc); | 486 | OPENSSL_free(sc); |
| 501 | } | 487 | } |
| 502 | 488 | ||
| 503 | int ssl_set_peer_cert_type(SESS_CERT *sc,int type) | 489 | int |
| 504 | { | 490 | ssl_set_peer_cert_type(SESS_CERT *sc, int type) |
| 491 | { | ||
| 505 | sc->peer_cert_type = type; | 492 | sc->peer_cert_type = type; |
| 506 | return(1); | 493 | return (1); |
| 507 | } | 494 | } |
| 508 | 495 | ||
| 509 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | 496 | int |
| 510 | { | 497 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) |
| 498 | { | ||
| 511 | X509 *x; | 499 | X509 *x; |
| 512 | int i; | 500 | int i; |
| 513 | X509_STORE_CTX ctx; | 501 | X509_STORE_CTX ctx; |
| 514 | 502 | ||
| 515 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | 503 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) |
| 516 | return(0); | 504 | return (0); |
| 517 | 505 | ||
| 518 | x=sk_X509_value(sk,0); | 506 | x = sk_X509_value(sk, 0); |
| 519 | if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) | 507 | if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { |
| 520 | { | 508 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); |
| 521 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | 509 | return (0); |
| 522 | return(0); | 510 | } |
| 523 | } | ||
| 524 | #if 0 | 511 | #if 0 |
| 525 | if (SSL_get_verify_depth(s) >= 0) | 512 | if (SSL_get_verify_depth(s) >= 0) |
| 526 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | 513 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); |
| 527 | #endif | 514 | #endif |
| 528 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | 515 | X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); |
| 529 | 516 | ||
| 530 | /* We need to inherit the verify parameters. These can be determined by | 517 | /* We need to inherit the verify parameters. These can be determined by |
| 531 | * the context: if its a server it will verify SSL client certificates | 518 | * the context: if its a server it will verify SSL client certificates |
| @@ -533,7 +520,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 533 | */ | 520 | */ |
| 534 | 521 | ||
| 535 | X509_STORE_CTX_set_default(&ctx, | 522 | X509_STORE_CTX_set_default(&ctx, |
| 536 | s->server ? "ssl_client" : "ssl_server"); | 523 | s->server ? "ssl_client" : "ssl_server"); |
| 537 | /* Anything non-default in "param" should overwrite anything in the | 524 | /* Anything non-default in "param" should overwrite anything in the |
| 538 | * ctx. | 525 | * ctx. |
| 539 | */ | 526 | */ |
| @@ -544,121 +531,127 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 544 | 531 | ||
| 545 | if (s->ctx->app_verify_callback != NULL) | 532 | if (s->ctx->app_verify_callback != NULL) |
| 546 | #if 1 /* new with OpenSSL 0.9.7 */ | 533 | #if 1 /* new with OpenSSL 0.9.7 */ |
| 547 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | 534 | i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); |
| 535 | |||
| 548 | #else | 536 | #else |
| 549 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ | 537 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ |
| 550 | #endif | 538 | #endif |
| 551 | else | 539 | else { |
| 552 | { | ||
| 553 | #ifndef OPENSSL_NO_X509_VERIFY | 540 | #ifndef OPENSSL_NO_X509_VERIFY |
| 554 | i=X509_verify_cert(&ctx); | 541 | i = X509_verify_cert(&ctx); |
| 555 | #else | 542 | #else |
| 556 | i=0; | 543 | i = 0; |
| 557 | ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; | 544 | ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; |
| 558 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); | 545 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); |
| 559 | #endif | 546 | #endif |
| 560 | } | 547 | } |
| 561 | 548 | ||
| 562 | s->verify_result=ctx.error; | 549 | s->verify_result = ctx.error; |
| 563 | X509_STORE_CTX_cleanup(&ctx); | 550 | X509_STORE_CTX_cleanup(&ctx); |
| 564 | 551 | ||
| 565 | return(i); | 552 | return (i); |
| 566 | } | 553 | } |
| 567 | 554 | ||
| 568 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) | 555 | static void |
| 569 | { | 556 | set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) |
| 557 | { | ||
| 570 | if (*ca_list != NULL) | 558 | if (*ca_list != NULL) |
| 571 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); | 559 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); |
| 572 | 560 | ||
| 573 | *ca_list=name_list; | 561 | *ca_list = name_list; |
| 574 | } | 562 | } |
| 575 | 563 | ||
| 576 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | 564 | STACK_OF(X509_NAME) |
| 577 | { | 565 | *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) |
| 566 | { | ||
| 578 | int i; | 567 | int i; |
| 579 | STACK_OF(X509_NAME) *ret; | 568 | STACK_OF(X509_NAME) *ret; |
| 580 | X509_NAME *name; | 569 | X509_NAME *name; |
| 581 | 570 | ||
| 582 | ret=sk_X509_NAME_new_null(); | 571 | ret = sk_X509_NAME_new_null(); |
| 583 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 572 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 584 | { | 573 | name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); |
| 585 | name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); | 574 | if ((name == NULL) || !sk_X509_NAME_push(ret, name)) { |
| 586 | if ((name == NULL) || !sk_X509_NAME_push(ret,name)) | 575 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 587 | { | 576 | return (NULL); |
| 588 | sk_X509_NAME_pop_free(ret,X509_NAME_free); | ||
| 589 | return(NULL); | ||
| 590 | } | ||
| 591 | } | 577 | } |
| 592 | return(ret); | ||
| 593 | } | 578 | } |
| 594 | 579 | return (ret); | |
| 595 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) | 580 | } |
| 596 | { | 581 | |
| 597 | set_client_CA_list(&(s->client_CA),name_list); | 582 | void |
| 598 | } | 583 | SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) |
| 599 | 584 | { | |
| 600 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) | 585 | set_client_CA_list(&(s->client_CA), name_list); |
| 601 | { | 586 | } |
| 602 | set_client_CA_list(&(ctx->client_CA),name_list); | 587 | |
| 603 | } | 588 | void |
| 604 | 589 | SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) | |
| 605 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) | 590 | { |
| 606 | { | 591 | set_client_CA_list(&(ctx->client_CA), name_list); |
| 607 | return(ctx->client_CA); | 592 | } |
| 608 | } | 593 | |
| 609 | 594 | STACK_OF(X509_NAME) | |
| 610 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) | 595 | *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) |
| 611 | { | 596 | { |
| 597 | return (ctx->client_CA); | ||
| 598 | } | ||
| 599 | |||
| 600 | STACK_OF(X509_NAME) | ||
| 601 | *SSL_get_client_CA_list(const SSL *s) | ||
| 602 | { | ||
| 612 | if (s->type == SSL_ST_CONNECT) | 603 | if (s->type == SSL_ST_CONNECT) |
| 613 | { /* we are in the client */ | 604 | { /* we are in the client */ |
| 614 | if (((s->version>>8) == SSL3_VERSION_MAJOR) && | 605 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && |
| 615 | (s->s3 != NULL)) | 606 | (s->s3 != NULL)) |
| 616 | return(s->s3->tmp.ca_names); | 607 | return (s->s3->tmp.ca_names); |
| 617 | else | 608 | else |
| 618 | return(NULL); | 609 | return (NULL); |
| 619 | } | 610 | } else { |
| 620 | else | ||
| 621 | { | ||
| 622 | if (s->client_CA != NULL) | 611 | if (s->client_CA != NULL) |
| 623 | return(s->client_CA); | 612 | return (s->client_CA); |
| 624 | else | 613 | else |
| 625 | return(s->ctx->client_CA); | 614 | return (s->ctx->client_CA); |
| 626 | } | ||
| 627 | } | 615 | } |
| 616 | } | ||
| 628 | 617 | ||
| 629 | static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) | 618 | static int |
| 630 | { | 619 | add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) |
| 620 | { | ||
| 631 | X509_NAME *name; | 621 | X509_NAME *name; |
| 632 | 622 | ||
| 633 | if (x == NULL) return(0); | 623 | if (x == NULL) |
| 634 | if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) | 624 | return (0); |
| 635 | return(0); | 625 | if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) |
| 636 | 626 | return (0); | |
| 637 | if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) | ||
| 638 | return(0); | ||
| 639 | |||
| 640 | if (!sk_X509_NAME_push(*sk,name)) | ||
| 641 | { | ||
| 642 | X509_NAME_free(name); | ||
| 643 | return(0); | ||
| 644 | } | ||
| 645 | return(1); | ||
| 646 | } | ||
| 647 | 627 | ||
| 648 | int SSL_add_client_CA(SSL *ssl,X509 *x) | 628 | if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) |
| 649 | { | 629 | return (0); |
| 650 | return(add_client_CA(&(ssl->client_CA),x)); | ||
| 651 | } | ||
| 652 | 630 | ||
| 653 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) | 631 | if (!sk_X509_NAME_push(*sk, name)) { |
| 654 | { | 632 | X509_NAME_free(name); |
| 655 | return(add_client_CA(&(ctx->client_CA),x)); | 633 | return (0); |
| 656 | } | ||
| 657 | |||
| 658 | static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 659 | { | ||
| 660 | return(X509_NAME_cmp(*a,*b)); | ||
| 661 | } | 634 | } |
| 635 | return (1); | ||
| 636 | } | ||
| 637 | |||
| 638 | int | ||
| 639 | SSL_add_client_CA(SSL *ssl, X509 *x) | ||
| 640 | { | ||
| 641 | return (add_client_CA(&(ssl->client_CA), x)); | ||
| 642 | } | ||
| 643 | |||
| 644 | int | ||
| 645 | SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) | ||
| 646 | { | ||
| 647 | return (add_client_CA(&(ctx->client_CA), x)); | ||
| 648 | } | ||
| 649 | |||
| 650 | static int | ||
| 651 | xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 652 | { | ||
| 653 | return (X509_NAME_cmp(*a, *b)); | ||
| 654 | } | ||
| 662 | 655 | ||
| 663 | #ifndef OPENSSL_NO_STDIO | 656 | #ifndef OPENSSL_NO_STDIO |
| 664 | /*! | 657 | /*! |
| @@ -669,65 +662,65 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | |||
| 669 | * \param file the file containing one or more certs. | 662 | * \param file the file containing one or more certs. |
| 670 | * \return a ::STACK containing the certs. | 663 | * \return a ::STACK containing the certs. |
| 671 | */ | 664 | */ |
| 672 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) | 665 | STACK_OF(X509_NAME) |
| 673 | { | 666 | *SSL_load_client_CA_file(const char *file) |
| 667 | { | ||
| 674 | BIO *in; | 668 | BIO *in; |
| 675 | X509 *x=NULL; | 669 | X509 *x = NULL; |
| 676 | X509_NAME *xn=NULL; | 670 | X509_NAME *xn = NULL; |
| 677 | STACK_OF(X509_NAME) *ret = NULL,*sk; | 671 | STACK_OF(X509_NAME) *ret = NULL, *sk; |
| 678 | 672 | ||
| 679 | sk=sk_X509_NAME_new(xname_cmp); | 673 | sk = sk_X509_NAME_new(xname_cmp); |
| 680 | 674 | ||
| 681 | in=BIO_new(BIO_s_file_internal()); | 675 | in = BIO_new(BIO_s_file_internal()); |
| 682 | 676 | ||
| 683 | if ((sk == NULL) || (in == NULL)) | 677 | if ((sk == NULL) || (in == NULL)) { |
| 684 | { | 678 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 685 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 686 | goto err; | 679 | goto err; |
| 687 | } | 680 | } |
| 688 | 681 | ||
| 689 | if (!BIO_read_filename(in,file)) | 682 | if (!BIO_read_filename(in, file)) |
| 690 | goto err; | 683 | goto err; |
| 691 | 684 | ||
| 692 | for (;;) | 685 | for (;;) { |
| 693 | { | 686 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 694 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 695 | break; | 687 | break; |
| 696 | if (ret == NULL) | 688 | if (ret == NULL) { |
| 697 | { | ||
| 698 | ret = sk_X509_NAME_new_null(); | 689 | ret = sk_X509_NAME_new_null(); |
| 699 | if (ret == NULL) | 690 | if (ret == NULL) { |
| 700 | { | 691 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 701 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 702 | goto err; | 692 | goto err; |
| 703 | } | ||
| 704 | } | 693 | } |
| 705 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 694 | } |
| 706 | /* check for duplicates */ | 695 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 707 | xn=X509_NAME_dup(xn); | 696 | /* check for duplicates */ |
| 708 | if (xn == NULL) goto err; | 697 | xn = X509_NAME_dup(xn); |
| 709 | if (sk_X509_NAME_find(sk,xn) >= 0) | 698 | if (xn == NULL) |
| 699 | goto err; | ||
| 700 | if (sk_X509_NAME_find(sk, xn) >= 0) | ||
| 710 | X509_NAME_free(xn); | 701 | X509_NAME_free(xn); |
| 711 | else | 702 | else { |
| 712 | { | 703 | sk_X509_NAME_push(sk, xn); |
| 713 | sk_X509_NAME_push(sk,xn); | 704 | sk_X509_NAME_push(ret, xn); |
| 714 | sk_X509_NAME_push(ret,xn); | ||
| 715 | } | ||
| 716 | } | 705 | } |
| 706 | } | ||
| 717 | 707 | ||
| 718 | if (0) | 708 | if (0) { |
| 719 | { | ||
| 720 | err: | 709 | err: |
| 721 | if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); | 710 | if (ret != NULL) |
| 722 | ret=NULL; | 711 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 723 | } | 712 | ret = NULL; |
| 724 | if (sk != NULL) sk_X509_NAME_free(sk); | 713 | } |
| 725 | if (in != NULL) BIO_free(in); | 714 | if (sk != NULL) |
| 726 | if (x != NULL) X509_free(x); | 715 | sk_X509_NAME_free(sk); |
| 716 | if (in != NULL) | ||
| 717 | BIO_free(in); | ||
| 718 | if (x != NULL) | ||
| 719 | X509_free(x); | ||
| 727 | if (ret != NULL) | 720 | if (ret != NULL) |
| 728 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 729 | return(ret); | 722 | return (ret); |
| 730 | } | 723 | } |
| 731 | #endif | 724 | #endif |
| 732 | 725 | ||
| 733 | /*! | 726 | /*! |
| @@ -739,57 +732,56 @@ err: | |||
| 739 | * certs may have been added to \c stack. | 732 | * certs may have been added to \c stack. |
| 740 | */ | 733 | */ |
| 741 | 734 | ||
| 742 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 735 | int |
| 743 | const char *file) | 736 | SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 744 | { | 737 | const char *file) |
| 738 | { | ||
| 745 | BIO *in; | 739 | BIO *in; |
| 746 | X509 *x=NULL; | 740 | X509 *x = NULL; |
| 747 | X509_NAME *xn=NULL; | 741 | X509_NAME *xn = NULL; |
| 748 | int ret=1; | 742 | int ret = 1; |
| 749 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); | 743 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); |
| 750 | 744 | ||
| 751 | oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); | 745 | oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); |
| 752 | 746 | ||
| 753 | in=BIO_new(BIO_s_file_internal()); | 747 | in = BIO_new(BIO_s_file_internal()); |
| 754 | 748 | ||
| 755 | if (in == NULL) | 749 | if (in == NULL) { |
| 756 | { | 750 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); |
| 757 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); | ||
| 758 | goto err; | 751 | goto err; |
| 759 | } | 752 | } |
| 760 | 753 | ||
| 761 | if (!BIO_read_filename(in,file)) | 754 | if (!BIO_read_filename(in, file)) |
| 762 | goto err; | 755 | goto err; |
| 763 | 756 | ||
| 764 | for (;;) | 757 | for (;;) { |
| 765 | { | 758 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 766 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 767 | break; | 759 | break; |
| 768 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 760 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 769 | xn=X509_NAME_dup(xn); | 761 | xn = X509_NAME_dup(xn); |
| 770 | if (xn == NULL) goto err; | 762 | if (xn == NULL) |
| 771 | if (sk_X509_NAME_find(stack,xn) >= 0) | 763 | goto err; |
| 764 | if (sk_X509_NAME_find(stack, xn) >= 0) | ||
| 772 | X509_NAME_free(xn); | 765 | X509_NAME_free(xn); |
| 773 | else | 766 | else |
| 774 | sk_X509_NAME_push(stack,xn); | 767 | sk_X509_NAME_push(stack, xn); |
| 775 | } | 768 | } |
| 776 | 769 | ||
| 777 | ERR_clear_error(); | 770 | ERR_clear_error(); |
| 778 | 771 | ||
| 779 | if (0) | 772 | if (0) { |
| 780 | { | ||
| 781 | err: | 773 | err: |
| 782 | ret=0; | 774 | ret = 0; |
| 783 | } | 775 | } |
| 784 | if(in != NULL) | 776 | if (in != NULL) |
| 785 | BIO_free(in); | 777 | BIO_free(in); |
| 786 | if(x != NULL) | 778 | if (x != NULL) |
| 787 | X509_free(x); | 779 | X509_free(x); |
| 788 | 780 | ||
| 789 | (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); | 781 | (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); |
| 790 | 782 | ||
| 791 | return ret; | 783 | return ret; |
| 792 | } | 784 | } |
| 793 | 785 | ||
| 794 | /*! | 786 | /*! |
| 795 | * Add a directory of certs to a stack. | 787 | * Add a directory of certs to a stack. |
| @@ -802,9 +794,10 @@ err: | |||
| 802 | * certs may have been added to \c stack. | 794 | * certs may have been added to \c stack. |
| 803 | */ | 795 | */ |
| 804 | 796 | ||
| 805 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 797 | int |
| 806 | const char *dir) | 798 | SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 807 | { | 799 | const char *dir) |
| 800 | { | ||
| 808 | OPENSSL_DIR_CTX *d = NULL; | 801 | OPENSSL_DIR_CTX *d = NULL; |
| 809 | const char *filename; | 802 | const char *filename; |
| 810 | int ret = 0; | 803 | int ret = 0; |
| @@ -813,36 +806,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 813 | 806 | ||
| 814 | /* Note that a side effect is that the CAs will be sorted by name */ | 807 | /* Note that a side effect is that the CAs will be sorted by name */ |
| 815 | 808 | ||
| 816 | while((filename = OPENSSL_DIR_read(&d, dir))) | 809 | while ((filename = OPENSSL_DIR_read(&d, dir))) { |
| 817 | { | ||
| 818 | char buf[1024]; | 810 | char buf[1024]; |
| 819 | int r; | 811 | int r; |
| 820 | 812 | ||
| 821 | if(strlen(dir)+strlen(filename)+2 > sizeof buf) | 813 | if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { |
| 822 | { | 814 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); |
| 823 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 824 | goto err; | 815 | goto err; |
| 825 | } | 816 | } |
| 826 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); | 817 | r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); |
| 827 | if (r <= 0 || r >= (int)sizeof(buf)) | 818 | if (r <= 0 || r >= (int)sizeof(buf)) |
| 828 | goto err; | 819 | goto err; |
| 829 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | 820 | if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) |
| 830 | goto err; | 821 | goto err; |
| 831 | } | 822 | } |
| 832 | 823 | ||
| 833 | if (errno) | 824 | if (errno) { |
| 834 | { | ||
| 835 | SYSerr(SYS_F_OPENDIR, errno); | 825 | SYSerr(SYS_F_OPENDIR, errno); |
| 836 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); | 826 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); |
| 837 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | 827 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); |
| 838 | goto err; | 828 | goto err; |
| 839 | } | 829 | } |
| 840 | 830 | ||
| 841 | ret = 1; | 831 | ret = 1; |
| 842 | 832 | ||
| 843 | err: | 833 | err: |
| 844 | if (d) OPENSSL_DIR_end(&d); | 834 | if (d) |
| 835 | OPENSSL_DIR_end(&d); | ||
| 845 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | 836 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); |
| 846 | return ret; | 837 | return ret; |
| 847 | } | 838 | } |
| 848 | 839 | ||
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 0aba8e048c..f37c70cf91 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -167,15 +167,15 @@ | |||
| 167 | #define SSL_ENC_NUM_IDX 14 | 167 | #define SSL_ENC_NUM_IDX 14 |
| 168 | 168 | ||
| 169 | 169 | ||
| 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { |
| 171 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL | 171 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
| 172 | }; | 172 | }; |
| 173 | 173 | ||
| 174 | #define SSL_COMP_NULL_IDX 0 | 174 | #define SSL_COMP_NULL_IDX 0 |
| 175 | #define SSL_COMP_ZLIB_IDX 1 | 175 | #define SSL_COMP_ZLIB_IDX 1 |
| 176 | #define SSL_COMP_NUM_IDX 2 | 176 | #define SSL_COMP_NUM_IDX 2 |
| 177 | 177 | ||
| 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; |
| 179 | 179 | ||
| 180 | #define SSL_MD_MD5_IDX 0 | 180 | #define SSL_MD_MD5_IDX 0 |
| 181 | #define SSL_MD_SHA1_IDX 1 | 181 | #define SSL_MD_SHA1_IDX 1 |
| @@ -187,27 +187,27 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | |||
| 187 | * defined in the | 187 | * defined in the |
| 188 | * ssl_locl.h */ | 188 | * ssl_locl.h */ |
| 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST |
| 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ | 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { |
| 191 | NULL,NULL,NULL,NULL,NULL,NULL | 191 | NULL, NULL, NULL, NULL, NULL, NULL |
| 192 | }; | 192 | }; |
| 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because | 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because |
| 194 | * implementation is engine-provided, we'll fill it only if | 194 | * implementation is engine-provided, we'll fill it only if |
| 195 | * corresponding EVP_PKEY_METHOD is found | 195 | * corresponding EVP_PKEY_METHOD is found |
| 196 | */ | 196 | */ |
| 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ | 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { |
| 198 | EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, | 198 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, |
| 199 | EVP_PKEY_HMAC,EVP_PKEY_HMAC | 199 | EVP_PKEY_HMAC, EVP_PKEY_HMAC |
| 200 | }; | 200 | }; |
| 201 | 201 | ||
| 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ | 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { |
| 203 | 0,0,0,0,0,0 | 203 | 0, 0, 0, 0, 0, 0 |
| 204 | }; | 204 | }; |
| 205 | 205 | ||
| 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { |
| 207 | SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, | 207 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, |
| 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, | 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, |
| 209 | SSL_HANDSHAKE_MAC_SHA384 | 209 | SSL_HANDSHAKE_MAC_SHA384 |
| 210 | }; | 210 | }; |
| 211 | 211 | ||
| 212 | #define CIPHER_ADD 1 | 212 | #define CIPHER_ADD 1 |
| 213 | #define CIPHER_KILL 2 | 213 | #define CIPHER_KILL 2 |
| @@ -215,376 +215,371 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | |||
| 215 | #define CIPHER_ORD 4 | 215 | #define CIPHER_ORD 4 |
| 216 | #define CIPHER_SPECIAL 5 | 216 | #define CIPHER_SPECIAL 5 |
| 217 | 217 | ||
| 218 | typedef struct cipher_order_st | 218 | typedef struct cipher_order_st { |
| 219 | { | ||
| 220 | const SSL_CIPHER *cipher; | 219 | const SSL_CIPHER *cipher; |
| 221 | int active; | 220 | int active; |
| 222 | int dead; | 221 | int dead; |
| 223 | struct cipher_order_st *next,*prev; | 222 | struct cipher_order_st *next, *prev; |
| 224 | } CIPHER_ORDER; | 223 | } CIPHER_ORDER; |
| 225 | 224 | ||
| 226 | static const SSL_CIPHER cipher_aliases[]={ | 225 | static const SSL_CIPHER cipher_aliases[] = { |
| 227 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ | 226 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ |
| 228 | {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, | 227 | {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 229 | /* "COMPLEMENTOFALL" */ | 228 | /* "COMPLEMENTOFALL" */ |
| 230 | {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, | 229 | {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 231 | 230 | ||
| 232 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ | 231 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ |
| 233 | {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, | 232 | {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 234 | 233 | ||
| 235 | /* key exchange aliases | 234 | /* key exchange aliases |
| 236 | * (some of those using only a single bit here combine | 235 | * (some of those using only a single bit here combine |
| 237 | * multiple key exchange algs according to the RFCs, | 236 | * multiple key exchange algs according to the RFCs, |
| 238 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ | 237 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ |
| 239 | {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, | 238 | {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 240 | 239 | ||
| 241 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 240 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 242 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 241 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 243 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 242 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 244 | {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, | 243 | {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 245 | {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, | 244 | {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 246 | 245 | ||
| 247 | {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, | 246 | {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 248 | 247 | ||
| 249 | {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, | 248 | {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 250 | {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, | 249 | {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 251 | {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, | 250 | {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 252 | {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, | 251 | {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 253 | {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, | 252 | {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 254 | 253 | ||
| 255 | {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, | 254 | {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 256 | {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, | 255 | {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 257 | {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, | 256 | {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 258 | 257 | ||
| 259 | /* server authentication aliases */ | 258 | /* server authentication aliases */ |
| 260 | {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, | 259 | {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 261 | {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 260 | {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 262 | {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 261 | {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 263 | {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, | 262 | {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 264 | {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, | 263 | {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 265 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 264 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 266 | {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, | 265 | {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, |
| 267 | {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, | 266 | {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 268 | {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, | 267 | {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 269 | {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, | 268 | {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 270 | {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, | 269 | {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, |
| 271 | {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, | 270 | {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 272 | {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, | 271 | {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 273 | 272 | ||
| 274 | /* aliases combining key exchange and server authentication */ | 273 | /* aliases combining key exchange and server authentication */ |
| 275 | {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 274 | {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 276 | {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 275 | {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 277 | {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 276 | {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 278 | {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, | 277 | {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 279 | {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, | 278 | {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 280 | {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, | 279 | {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 281 | {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, | 280 | {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 282 | {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, | 281 | {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 283 | {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, | 282 | {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 284 | 283 | ||
| 285 | 284 | ||
| 286 | /* symmetric encryption aliases */ | 285 | /* symmetric encryption aliases */ |
| 287 | {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, | 286 | {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, |
| 288 | {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, | 287 | {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, |
| 289 | {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, | 288 | {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, |
| 290 | {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, | 289 | {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, |
| 291 | {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, | 290 | {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, |
| 292 | {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, | 291 | {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, |
| 293 | {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 292 | {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 294 | {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, | 293 | {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, |
| 295 | {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, | 294 | {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 296 | {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, | 295 | {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, |
| 297 | {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, | 296 | {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 298 | {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, | 297 | {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, |
| 299 | {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, | 298 | {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 300 | {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, | 299 | {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 301 | 300 | ||
| 302 | /* MAC aliases */ | 301 | /* MAC aliases */ |
| 303 | {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, | 302 | {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, |
| 304 | {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 303 | {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 305 | {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 304 | {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 306 | {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, | 305 | {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, |
| 307 | {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, | 306 | {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, |
| 308 | {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, | 307 | {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, |
| 309 | {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, | 308 | {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, |
| 310 | 309 | ||
| 311 | /* protocol version aliases */ | 310 | /* protocol version aliases */ |
| 312 | {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, | 311 | {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, |
| 313 | {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, | 312 | {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, |
| 314 | {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, | 313 | {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, |
| 315 | {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, | 314 | {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, |
| 316 | 315 | ||
| 317 | /* export flag */ | 316 | /* export flag */ |
| 318 | {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 317 | {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 319 | {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 318 | {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 320 | 319 | ||
| 321 | /* strength classes */ | 320 | /* strength classes */ |
| 322 | {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, | 321 | {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, |
| 323 | {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, | 322 | {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, |
| 324 | {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, | 323 | {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, |
| 325 | {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, | 324 | {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, |
| 326 | {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, | 325 | {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, |
| 327 | /* FIPS 140-2 approved ciphersuite */ | 326 | /* FIPS 140-2 approved ciphersuite */ |
| 328 | {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, | 327 | {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, |
| 329 | }; | 328 | }; |
| 330 | /* Search for public key algorithm with given name and | 329 | /* Search for public key algorithm with given name and |
| 331 | * return its pkey_id if it is available. Otherwise return 0 | 330 | * return its pkey_id if it is available. Otherwise return 0 |
| 332 | */ | 331 | */ |
| 333 | #ifdef OPENSSL_NO_ENGINE | 332 | #ifdef OPENSSL_NO_ENGINE |
| 334 | 333 | ||
| 335 | static int get_optional_pkey_id(const char *pkey_name) | 334 | static int |
| 336 | { | 335 | get_optional_pkey_id(const char *pkey_name) |
| 336 | { | ||
| 337 | const EVP_PKEY_ASN1_METHOD *ameth; | 337 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 338 | int pkey_id=0; | 338 | int pkey_id = 0; |
| 339 | ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); | 339 | ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); |
| 340 | if (ameth) | 340 | if (ameth) { |
| 341 | { | 341 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 342 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 343 | } | ||
| 344 | return pkey_id; | ||
| 345 | } | 342 | } |
| 343 | return pkey_id; | ||
| 344 | } | ||
| 346 | 345 | ||
| 347 | #else | 346 | #else |
| 348 | 347 | ||
| 349 | static int get_optional_pkey_id(const char *pkey_name) | 348 | static int |
| 350 | { | 349 | get_optional_pkey_id(const char *pkey_name) |
| 350 | { | ||
| 351 | const EVP_PKEY_ASN1_METHOD *ameth; | 351 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 352 | ENGINE *tmpeng = NULL; | 352 | ENGINE *tmpeng = NULL; |
| 353 | int pkey_id=0; | 353 | int pkey_id = 0; |
| 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); | 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); |
| 355 | if (ameth) | 355 | if (ameth) { |
| 356 | { | 356 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 357 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 358 | } | ||
| 359 | if (tmpeng) ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | 357 | } |
| 358 | if (tmpeng) | ||
| 359 | ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | ||
| 362 | 362 | ||
| 363 | #endif | 363 | #endif |
| 364 | 364 | ||
| 365 | void ssl_load_ciphers(void) | 365 | void |
| 366 | { | 366 | ssl_load_ciphers(void) |
| 367 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 367 | { |
| 368 | EVP_get_cipherbyname(SN_des_cbc); | 368 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| 369 | EVP_get_cipherbyname(SN_des_cbc); | ||
| 369 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= | 370 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= |
| 370 | EVP_get_cipherbyname(SN_des_ede3_cbc); | 371 | EVP_get_cipherbyname(SN_des_ede3_cbc); |
| 371 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= | 372 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= |
| 372 | EVP_get_cipherbyname(SN_rc4); | 373 | EVP_get_cipherbyname(SN_rc4); |
| 373 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 374 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 374 | EVP_get_cipherbyname(SN_rc2_cbc); | 375 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 375 | #ifndef OPENSSL_NO_IDEA | 376 | #ifndef OPENSSL_NO_IDEA |
| 376 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 377 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 377 | EVP_get_cipherbyname(SN_idea_cbc); | 378 | EVP_get_cipherbyname(SN_idea_cbc); |
| 378 | #else | 379 | #else |
| 379 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | 380 | ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; |
| 380 | #endif | 381 | #endif |
| 381 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 382 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 382 | EVP_get_cipherbyname(SN_aes_128_cbc); | 383 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 383 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 384 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| 384 | EVP_get_cipherbyname(SN_aes_256_cbc); | 385 | EVP_get_cipherbyname(SN_aes_256_cbc); |
| 385 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= | 386 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= |
| 386 | EVP_get_cipherbyname(SN_camellia_128_cbc); | 387 | EVP_get_cipherbyname(SN_camellia_128_cbc); |
| 387 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | 388 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= |
| 388 | EVP_get_cipherbyname(SN_camellia_256_cbc); | 389 | EVP_get_cipherbyname(SN_camellia_256_cbc); |
| 389 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= | 390 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= |
| 390 | EVP_get_cipherbyname(SN_gost89_cnt); | 391 | EVP_get_cipherbyname(SN_gost89_cnt); |
| 391 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= | 392 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= |
| 392 | EVP_get_cipherbyname(SN_seed_cbc); | 393 | EVP_get_cipherbyname(SN_seed_cbc); |
| 393 | 394 | ||
| 394 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= | 395 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= |
| 395 | EVP_get_cipherbyname(SN_aes_128_gcm); | 396 | EVP_get_cipherbyname(SN_aes_128_gcm); |
| 396 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= | 397 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= |
| 397 | EVP_get_cipherbyname(SN_aes_256_gcm); | 398 | EVP_get_cipherbyname(SN_aes_256_gcm); |
| 398 | 399 | ||
| 399 | ssl_digest_methods[SSL_MD_MD5_IDX]= | 400 | ssl_digest_methods[SSL_MD_MD5_IDX]= |
| 400 | EVP_get_digestbyname(SN_md5); | 401 | EVP_get_digestbyname(SN_md5); |
| 401 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= | 402 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= |
| 402 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); | 403 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); |
| 403 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); | 404 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); |
| 404 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | 405 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
| 405 | EVP_get_digestbyname(SN_sha1); | 406 | EVP_get_digestbyname(SN_sha1); |
| 406 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= | 407 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= |
| 407 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); | 408 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); |
| 408 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); | 409 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); |
| 409 | ssl_digest_methods[SSL_MD_GOST94_IDX]= | 410 | ssl_digest_methods[SSL_MD_GOST94_IDX]= |
| 410 | EVP_get_digestbyname(SN_id_GostR3411_94); | 411 | EVP_get_digestbyname(SN_id_GostR3411_94); |
| 411 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) | 412 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { |
| 412 | { | ||
| 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= | 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= |
| 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); | 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); |
| 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); | 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); |
| 416 | } | 416 | } |
| 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= | 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= |
| 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); |
| 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); | 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); |
| 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { |
| 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; | 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; |
| 422 | } | 422 | } |
| 423 | 423 | ||
| 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= | 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= |
| 425 | EVP_get_digestbyname(SN_sha256); | 425 | EVP_get_digestbyname(SN_sha256); |
| 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= | 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= |
| 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); | 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); |
| 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= | 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= |
| 429 | EVP_get_digestbyname(SN_sha384); | 429 | EVP_get_digestbyname(SN_sha384); |
| 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= |
| 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); |
| 432 | } | 432 | } |
| 433 | #ifndef OPENSSL_NO_COMP | 433 | #ifndef OPENSSL_NO_COMP |
| 434 | 434 | ||
| 435 | static int sk_comp_cmp(const SSL_COMP * const *a, | 435 | static int |
| 436 | const SSL_COMP * const *b) | 436 | sk_comp_cmp(const SSL_COMP * const *a, |
| 437 | { | 437 | const SSL_COMP * const *b) |
| 438 | return((*a)->id-(*b)->id); | 438 | { |
| 439 | } | 439 | return ((*a)->id - (*b)->id); |
| 440 | } | ||
| 440 | 441 | ||
| 441 | static void load_builtin_compressions(void) | 442 | static void |
| 442 | { | 443 | load_builtin_compressions(void) |
| 444 | { | ||
| 443 | int got_write_lock = 0; | 445 | int got_write_lock = 0; |
| 444 | 446 | ||
| 445 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | 447 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); |
| 446 | if (ssl_comp_methods == NULL) | 448 | if (ssl_comp_methods == NULL) { |
| 447 | { | ||
| 448 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 449 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 449 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 450 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 450 | got_write_lock = 1; | 451 | got_write_lock = 1; |
| 451 | 452 | ||
| 452 | if (ssl_comp_methods == NULL) | 453 | if (ssl_comp_methods == NULL) { |
| 453 | { | ||
| 454 | SSL_COMP *comp = NULL; | 454 | SSL_COMP *comp = NULL; |
| 455 | 455 | ||
| 456 | MemCheck_off(); | 456 | MemCheck_off(); |
| 457 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | 457 | ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); |
| 458 | if (ssl_comp_methods != NULL) | 458 | if (ssl_comp_methods != NULL) { |
| 459 | { | 459 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 460 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 460 | if (comp != NULL) { |
| 461 | if (comp != NULL) | 461 | comp->method = COMP_zlib(); |
| 462 | { | ||
| 463 | comp->method=COMP_zlib(); | ||
| 464 | if (comp->method | 462 | if (comp->method |
| 465 | && comp->method->type == NID_undef) | 463 | && comp->method->type == NID_undef) |
| 466 | OPENSSL_free(comp); | 464 | OPENSSL_free(comp); |
| 467 | else | 465 | else { |
| 468 | { | 466 | comp->id = SSL_COMP_ZLIB_IDX; |
| 469 | comp->id=SSL_COMP_ZLIB_IDX; | 467 | comp->name = comp->method->name; |
| 470 | comp->name=comp->method->name; | 468 | sk_SSL_COMP_push(ssl_comp_methods, comp); |
| 471 | sk_SSL_COMP_push(ssl_comp_methods,comp); | ||
| 472 | } | ||
| 473 | } | 469 | } |
| 474 | sk_SSL_COMP_sort(ssl_comp_methods); | ||
| 475 | } | 470 | } |
| 476 | MemCheck_on(); | 471 | sk_SSL_COMP_sort(ssl_comp_methods); |
| 477 | } | 472 | } |
| 473 | MemCheck_on(); | ||
| 478 | } | 474 | } |
| 479 | 475 | } | |
| 476 | |||
| 480 | if (got_write_lock) | 477 | if (got_write_lock) |
| 481 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 478 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 482 | else | 479 | else |
| 483 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 480 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 484 | } | 481 | } |
| 485 | #endif | 482 | #endif |
| 486 | 483 | ||
| 487 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 484 | int |
| 488 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) | 485 | ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 489 | { | 486 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp) |
| 487 | { | ||
| 490 | int i; | 488 | int i; |
| 491 | const SSL_CIPHER *c; | 489 | const SSL_CIPHER *c; |
| 492 | 490 | ||
| 493 | c=s->cipher; | 491 | c = s->cipher; |
| 494 | if (c == NULL) return(0); | 492 | if (c == NULL) |
| 495 | if (comp != NULL) | 493 | return (0); |
| 496 | { | 494 | if (comp != NULL) { |
| 497 | SSL_COMP ctmp; | 495 | SSL_COMP ctmp; |
| 498 | #ifndef OPENSSL_NO_COMP | 496 | #ifndef OPENSSL_NO_COMP |
| 499 | load_builtin_compressions(); | 497 | load_builtin_compressions(); |
| 500 | #endif | 498 | #endif |
| 501 | 499 | ||
| 502 | *comp=NULL; | 500 | *comp = NULL; |
| 503 | ctmp.id=s->compress_meth; | 501 | ctmp.id = s->compress_meth; |
| 504 | if (ssl_comp_methods != NULL) | 502 | if (ssl_comp_methods != NULL) { |
| 505 | { | 503 | i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); |
| 506 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | ||
| 507 | if (i >= 0) | 504 | if (i >= 0) |
| 508 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | 505 | *comp = sk_SSL_COMP_value(ssl_comp_methods, i); |
| 509 | else | 506 | else |
| 510 | *comp=NULL; | 507 | *comp = NULL; |
| 511 | } | ||
| 512 | } | 508 | } |
| 509 | } | ||
| 513 | 510 | ||
| 514 | if ((enc == NULL) || (md == NULL)) return(0); | 511 | if ((enc == NULL) |
| 512 | || (md == NULL)) return (0); | ||
| 515 | 513 | ||
| 516 | switch (c->algorithm_enc) | 514 | switch (c->algorithm_enc) { |
| 517 | { | ||
| 518 | case SSL_DES: | 515 | case SSL_DES: |
| 519 | i=SSL_ENC_DES_IDX; | 516 | i = SSL_ENC_DES_IDX; |
| 520 | break; | 517 | break; |
| 521 | case SSL_3DES: | 518 | case SSL_3DES: |
| 522 | i=SSL_ENC_3DES_IDX; | 519 | i = SSL_ENC_3DES_IDX; |
| 523 | break; | 520 | break; |
| 524 | case SSL_RC4: | 521 | case SSL_RC4: |
| 525 | i=SSL_ENC_RC4_IDX; | 522 | i = SSL_ENC_RC4_IDX; |
| 526 | break; | 523 | break; |
| 527 | case SSL_RC2: | 524 | case SSL_RC2: |
| 528 | i=SSL_ENC_RC2_IDX; | 525 | i = SSL_ENC_RC2_IDX; |
| 529 | break; | 526 | break; |
| 530 | case SSL_IDEA: | 527 | case SSL_IDEA: |
| 531 | i=SSL_ENC_IDEA_IDX; | 528 | i = SSL_ENC_IDEA_IDX; |
| 532 | break; | 529 | break; |
| 533 | case SSL_eNULL: | 530 | case SSL_eNULL: |
| 534 | i=SSL_ENC_NULL_IDX; | 531 | i = SSL_ENC_NULL_IDX; |
| 535 | break; | 532 | break; |
| 536 | case SSL_AES128: | 533 | case SSL_AES128: |
| 537 | i=SSL_ENC_AES128_IDX; | 534 | i = SSL_ENC_AES128_IDX; |
| 538 | break; | 535 | break; |
| 539 | case SSL_AES256: | 536 | case SSL_AES256: |
| 540 | i=SSL_ENC_AES256_IDX; | 537 | i = SSL_ENC_AES256_IDX; |
| 541 | break; | 538 | break; |
| 542 | case SSL_CAMELLIA128: | 539 | case SSL_CAMELLIA128: |
| 543 | i=SSL_ENC_CAMELLIA128_IDX; | 540 | i = SSL_ENC_CAMELLIA128_IDX; |
| 544 | break; | 541 | break; |
| 545 | case SSL_CAMELLIA256: | 542 | case SSL_CAMELLIA256: |
| 546 | i=SSL_ENC_CAMELLIA256_IDX; | 543 | i = SSL_ENC_CAMELLIA256_IDX; |
| 547 | break; | 544 | break; |
| 548 | case SSL_eGOST2814789CNT: | 545 | case SSL_eGOST2814789CNT: |
| 549 | i=SSL_ENC_GOST89_IDX; | 546 | i = SSL_ENC_GOST89_IDX; |
| 550 | break; | 547 | break; |
| 551 | case SSL_SEED: | 548 | case SSL_SEED: |
| 552 | i=SSL_ENC_SEED_IDX; | 549 | i = SSL_ENC_SEED_IDX; |
| 553 | break; | 550 | break; |
| 554 | case SSL_AES128GCM: | 551 | case SSL_AES128GCM: |
| 555 | i=SSL_ENC_AES128GCM_IDX; | 552 | i = SSL_ENC_AES128GCM_IDX; |
| 556 | break; | 553 | break; |
| 557 | case SSL_AES256GCM: | 554 | case SSL_AES256GCM: |
| 558 | i=SSL_ENC_AES256GCM_IDX; | 555 | i = SSL_ENC_AES256GCM_IDX; |
| 559 | break; | 556 | break; |
| 560 | default: | 557 | default: |
| 561 | i= -1; | 558 | i = -1; |
| 562 | break; | 559 | break; |
| 563 | } | 560 | } |
| 564 | 561 | ||
| 565 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) | 562 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) |
| 566 | *enc=NULL; | 563 | *enc = NULL; |
| 567 | else | 564 | else { |
| 568 | { | ||
| 569 | if (i == SSL_ENC_NULL_IDX) | 565 | if (i == SSL_ENC_NULL_IDX) |
| 570 | *enc=EVP_enc_null(); | 566 | *enc = EVP_enc_null(); |
| 571 | else | 567 | else |
| 572 | *enc=ssl_cipher_methods[i]; | 568 | *enc = ssl_cipher_methods[i]; |
| 573 | } | 569 | } |
| 574 | 570 | ||
| 575 | switch (c->algorithm_mac) | 571 | switch (c->algorithm_mac) { |
| 576 | { | ||
| 577 | case SSL_MD5: | 572 | case SSL_MD5: |
| 578 | i=SSL_MD_MD5_IDX; | 573 | i = SSL_MD_MD5_IDX; |
| 579 | break; | 574 | break; |
| 580 | case SSL_SHA1: | 575 | case SSL_SHA1: |
| 581 | i=SSL_MD_SHA1_IDX; | 576 | i = SSL_MD_SHA1_IDX; |
| 582 | break; | 577 | break; |
| 583 | case SSL_SHA256: | 578 | case SSL_SHA256: |
| 584 | i=SSL_MD_SHA256_IDX; | 579 | i = SSL_MD_SHA256_IDX; |
| 585 | break; | 580 | break; |
| 586 | case SSL_SHA384: | 581 | case SSL_SHA384: |
| 587 | i=SSL_MD_SHA384_IDX; | 582 | i = SSL_MD_SHA384_IDX; |
| 588 | break; | 583 | break; |
| 589 | case SSL_GOST94: | 584 | case SSL_GOST94: |
| 590 | i = SSL_MD_GOST94_IDX; | 585 | i = SSL_MD_GOST94_IDX; |
| @@ -593,63 +588,63 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 593 | i = SSL_MD_GOST89MAC_IDX; | 588 | i = SSL_MD_GOST89MAC_IDX; |
| 594 | break; | 589 | break; |
| 595 | default: | 590 | default: |
| 596 | i= -1; | 591 | i = -1; |
| 597 | break; | 592 | break; |
| 598 | } | 593 | } |
| 599 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) | 594 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) { |
| 600 | { | 595 | *md = NULL; |
| 601 | *md=NULL; | 596 | |
| 602 | if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; | 597 | if (mac_pkey_type != NULL) |
| 603 | if (mac_secret_size!=NULL) *mac_secret_size = 0; | 598 | *mac_pkey_type = NID_undef; |
| 599 | if (mac_secret_size != NULL) | ||
| 600 | *mac_secret_size = 0; | ||
| 604 | if (c->algorithm_mac == SSL_AEAD) | 601 | if (c->algorithm_mac == SSL_AEAD) |
| 605 | mac_pkey_type = NULL; | 602 | mac_pkey_type = NULL; |
| 606 | } | 603 | } else { |
| 607 | else | 604 | *md = ssl_digest_methods[i]; |
| 608 | { | 605 | if (mac_pkey_type != NULL) |
| 609 | *md=ssl_digest_methods[i]; | 606 | *mac_pkey_type = ssl_mac_pkey_id[i]; |
| 610 | if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; | 607 | if (mac_secret_size != NULL) |
| 611 | if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; | 608 | *mac_secret_size = ssl_mac_secret_size[i]; |
| 612 | } | 609 | } |
| 613 | 610 | ||
| 614 | if ((*enc != NULL) && | 611 | if ((*enc != NULL) && |
| 615 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && | 612 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && |
| 616 | (!mac_pkey_type||*mac_pkey_type != NID_undef)) | 613 | (!mac_pkey_type || *mac_pkey_type != NID_undef)) { |
| 617 | { | ||
| 618 | const EVP_CIPHER *evp; | 614 | const EVP_CIPHER *evp; |
| 619 | 615 | ||
| 620 | if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || | 616 | if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || |
| 621 | s->ssl_version < TLS1_VERSION) | 617 | s->ssl_version < TLS1_VERSION) |
| 622 | return 1; | 618 | return 1; |
| 623 | 619 | ||
| 624 | #ifdef OPENSSL_FIPS | 620 | #ifdef OPENSSL_FIPS |
| 625 | if (FIPS_mode()) | 621 | if (FIPS_mode()) |
| 626 | return 1; | 622 | return 1; |
| 627 | #endif | 623 | #endif |
| 628 | 624 | ||
| 629 | if (c->algorithm_enc == SSL_RC4 && | 625 | if (c->algorithm_enc == SSL_RC4 && |
| 630 | c->algorithm_mac == SSL_MD5 && | 626 | c->algorithm_mac == SSL_MD5 && |
| 631 | (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) | 627 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) |
| 632 | *enc = evp, *md = NULL; | 628 | *enc = evp, *md = NULL; |
| 633 | else if (c->algorithm_enc == SSL_AES128 && | 629 | else if (c->algorithm_enc == SSL_AES128 && |
| 634 | c->algorithm_mac == SSL_SHA1 && | 630 | c->algorithm_mac == SSL_SHA1 && |
| 635 | (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | 631 | (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) |
| 636 | *enc = evp, *md = NULL; | 632 | *enc = evp, *md = NULL; |
| 637 | else if (c->algorithm_enc == SSL_AES256 && | 633 | else if (c->algorithm_enc == SSL_AES256 && |
| 638 | c->algorithm_mac == SSL_SHA1 && | 634 | c->algorithm_mac == SSL_SHA1 && |
| 639 | (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | 635 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) |
| 640 | *enc = evp, *md = NULL; | 636 | *enc = evp, *md = NULL; |
| 641 | return(1); | 637 | return (1); |
| 642 | } | 638 | } else |
| 643 | else | 639 | return (0); |
| 644 | return(0); | 640 | } |
| 645 | } | ||
| 646 | 641 | ||
| 647 | int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | 642 | int |
| 643 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | ||
| 648 | { | 644 | { |
| 649 | if (idx <0||idx>=SSL_MD_NUM_IDX) | 645 | if (idx < 0 || idx >= SSL_MD_NUM_IDX) { |
| 650 | { | ||
| 651 | return 0; | 646 | return 0; |
| 652 | } | 647 | } |
| 653 | *mask = ssl_handshake_digest_flag[idx]; | 648 | *mask = ssl_handshake_digest_flag[idx]; |
| 654 | if (*mask) | 649 | if (*mask) |
| 655 | *md = ssl_digest_methods[idx]; | 650 | *md = ssl_digest_methods[idx]; |
| @@ -661,40 +656,45 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | |||
| 661 | #define ITEM_SEP(a) \ | 656 | #define ITEM_SEP(a) \ |
| 662 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | 657 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) |
| 663 | 658 | ||
| 664 | static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 659 | static void |
| 665 | CIPHER_ORDER **tail) | 660 | ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 666 | { | 661 | CIPHER_ORDER **tail) |
| 667 | if (curr == *tail) return; | 662 | { |
| 663 | if (curr == *tail) | ||
| 664 | return; | ||
| 668 | if (curr == *head) | 665 | if (curr == *head) |
| 669 | *head=curr->next; | 666 | *head = curr->next; |
| 670 | if (curr->prev != NULL) | 667 | if (curr->prev != NULL) |
| 671 | curr->prev->next=curr->next; | 668 | curr->prev->next = curr->next; |
| 672 | if (curr->next != NULL) | 669 | if (curr->next != NULL) |
| 673 | curr->next->prev=curr->prev; | 670 | curr->next->prev = curr->prev; |
| 674 | (*tail)->next=curr; | 671 | (*tail)->next = curr; |
| 675 | curr->prev= *tail; | 672 | curr->prev= *tail; |
| 676 | curr->next=NULL; | 673 | curr->next = NULL; |
| 677 | *tail=curr; | 674 | *tail = curr; |
| 678 | } | 675 | } |
| 679 | 676 | ||
| 680 | static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 677 | static void |
| 681 | CIPHER_ORDER **tail) | 678 | ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 682 | { | 679 | CIPHER_ORDER **tail) |
| 683 | if (curr == *head) return; | 680 | { |
| 681 | if (curr == *head) | ||
| 682 | return; | ||
| 684 | if (curr == *tail) | 683 | if (curr == *tail) |
| 685 | *tail=curr->prev; | 684 | *tail = curr->prev; |
| 686 | if (curr->next != NULL) | 685 | if (curr->next != NULL) |
| 687 | curr->next->prev=curr->prev; | 686 | curr->next->prev = curr->prev; |
| 688 | if (curr->prev != NULL) | 687 | if (curr->prev != NULL) |
| 689 | curr->prev->next=curr->next; | 688 | curr->prev->next = curr->next; |
| 690 | (*head)->prev=curr; | 689 | (*head)->prev = curr; |
| 691 | curr->next= *head; | 690 | curr->next= *head; |
| 692 | curr->prev=NULL; | 691 | curr->prev = NULL; |
| 693 | *head=curr; | 692 | *head = curr; |
| 694 | } | 693 | } |
| 695 | 694 | ||
| 696 | static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) | 695 | static void |
| 697 | { | 696 | ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) |
| 697 | { | ||
| 698 | *mkey = 0; | 698 | *mkey = 0; |
| 699 | *auth = 0; | 699 | *auth = 0; |
| 700 | *enc = 0; | 700 | *enc = 0; |
| @@ -743,44 +743,45 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un | |||
| 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ | 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ |
| 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { | 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { |
| 745 | *mkey |= SSL_kGOST; | 745 | *mkey |= SSL_kGOST; |
| 746 | } | 746 | } |
| 747 | #ifdef SSL_FORBID_ENULL | 747 | #ifdef SSL_FORBID_ENULL |
| 748 | *enc |= SSL_eNULL; | 748 | *enc |= SSL_eNULL; |
| 749 | #endif | 749 | #endif |
| 750 | |||
| 751 | |||
| 752 | |||
| 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; | ||
| 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; | ||
| 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; | ||
| 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | ||
| 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | ||
| 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; | ||
| 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; | ||
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; | ||
| 773 | 750 | ||
| 774 | } | ||
| 775 | 751 | ||
| 776 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | 752 | |
| 777 | int num_of_ciphers, | 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; |
| 778 | unsigned long disabled_mkey, unsigned long disabled_auth, | 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; |
| 779 | unsigned long disabled_enc, unsigned long disabled_mac, | 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; |
| 780 | unsigned long disabled_ssl, | 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0; |
| 781 | CIPHER_ORDER *co_list, | 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; |
| 782 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; |
| 783 | { | 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; |
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; | ||
| 773 | |||
| 774 | } | ||
| 775 | |||
| 776 | static void | ||
| 777 | ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | ||
| 778 | int num_of_ciphers, | ||
| 779 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
| 780 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
| 781 | unsigned long disabled_ssl, | ||
| 782 | CIPHER_ORDER *co_list, | ||
| 783 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 784 | { | ||
| 784 | int i, co_list_num; | 785 | int i, co_list_num; |
| 785 | const SSL_CIPHER *c; | 786 | const SSL_CIPHER *c; |
| 786 | 787 | ||
| @@ -793,68 +794,64 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 793 | 794 | ||
| 794 | /* Get the initial list of ciphers */ | 795 | /* Get the initial list of ciphers */ |
| 795 | co_list_num = 0; /* actual count of ciphers */ | 796 | co_list_num = 0; /* actual count of ciphers */ |
| 796 | for (i = 0; i < num_of_ciphers; i++) | 797 | for (i = 0; i < num_of_ciphers; i++) { |
| 797 | { | ||
| 798 | c = ssl_method->get_cipher(i); | 798 | c = ssl_method->get_cipher(i); |
| 799 | /* drop those that use any of that is not available */ | 799 | /* drop those that use any of that is not available */ |
| 800 | if ((c != NULL) && c->valid && | 800 | if ((c != NULL) && c->valid && |
| 801 | #ifdef OPENSSL_FIPS | 801 | #ifdef OPENSSL_FIPS |
| 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && | 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && |
| 803 | #endif | 803 | #endif |
| 804 | !(c->algorithm_mkey & disabled_mkey) && | 804 | !(c->algorithm_mkey & disabled_mkey) && |
| 805 | !(c->algorithm_auth & disabled_auth) && | 805 | !(c->algorithm_auth & disabled_auth) && |
| 806 | !(c->algorithm_enc & disabled_enc) && | 806 | !(c->algorithm_enc & disabled_enc) && |
| 807 | !(c->algorithm_mac & disabled_mac) && | 807 | !(c->algorithm_mac & disabled_mac) && |
| 808 | !(c->algorithm_ssl & disabled_ssl)) | 808 | !(c->algorithm_ssl & disabled_ssl)) { |
| 809 | { | ||
| 810 | co_list[co_list_num].cipher = c; | 809 | co_list[co_list_num].cipher = c; |
| 811 | co_list[co_list_num].next = NULL; | 810 | co_list[co_list_num].next = NULL; |
| 812 | co_list[co_list_num].prev = NULL; | 811 | co_list[co_list_num].prev = NULL; |
| 813 | co_list[co_list_num].active = 0; | 812 | co_list[co_list_num].active = 0; |
| 814 | co_list_num++; | 813 | co_list_num++; |
| 815 | #ifdef KSSL_DEBUG | 814 | #ifdef KSSL_DEBUG |
| 816 | printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); | 815 | printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth); |
| 817 | #endif /* KSSL_DEBUG */ | 816 | #endif /* KSSL_DEBUG */ |
| 818 | /* | 817 | /* |
| 819 | if (!sk_push(ca_list,(char *)c)) goto err; | 818 | if (!sk_push(ca_list,(char *)c)) goto err; |
| 820 | */ | 819 | */ |
| 821 | } | ||
| 822 | } | 820 | } |
| 821 | } | ||
| 823 | 822 | ||
| 824 | /* | 823 | /* |
| 825 | * Prepare linked list from list entries | 824 | * Prepare linked list from list entries |
| 826 | */ | 825 | */ |
| 827 | if (co_list_num > 0) | 826 | if (co_list_num > 0) { |
| 828 | { | ||
| 829 | co_list[0].prev = NULL; | 827 | co_list[0].prev = NULL; |
| 830 | 828 | ||
| 831 | if (co_list_num > 1) | 829 | if (co_list_num > 1) { |
| 832 | { | ||
| 833 | co_list[0].next = &co_list[1]; | 830 | co_list[0].next = &co_list[1]; |
| 834 | 831 | ||
| 835 | for (i = 1; i < co_list_num - 1; i++) | 832 | for (i = 1; i < co_list_num - 1; i++) { |
| 836 | { | ||
| 837 | co_list[i].prev = &co_list[i - 1]; | 833 | co_list[i].prev = &co_list[i - 1]; |
| 838 | co_list[i].next = &co_list[i + 1]; | 834 | co_list[i].next = &co_list[i + 1]; |
| 839 | } | 835 | } |
| 840 | 836 | ||
| 841 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; | 837 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; |
| 842 | } | 838 | } |
| 843 | 839 | ||
| 844 | co_list[co_list_num - 1].next = NULL; | 840 | co_list[co_list_num - 1].next = NULL; |
| 845 | 841 | ||
| 846 | *head_p = &co_list[0]; | 842 | *head_p = &co_list[0]; |
| 847 | *tail_p = &co_list[co_list_num - 1]; | 843 | *tail_p = &co_list[co_list_num - 1]; |
| 848 | } | ||
| 849 | } | 844 | } |
| 845 | } | ||
| 850 | 846 | ||
| 851 | static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | 847 | static void |
| 852 | int num_of_group_aliases, | 848 | ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, |
| 853 | unsigned long disabled_mkey, unsigned long disabled_auth, | 849 | int num_of_group_aliases, |
| 854 | unsigned long disabled_enc, unsigned long disabled_mac, | 850 | unsigned long disabled_mkey, unsigned long disabled_auth, |
| 855 | unsigned long disabled_ssl, | 851 | unsigned long disabled_enc, unsigned long disabled_mac, |
| 856 | CIPHER_ORDER *head) | 852 | unsigned long disabled_ssl, |
| 857 | { | 853 | CIPHER_ORDER *head) |
| 854 | { | ||
| 858 | CIPHER_ORDER *ciph_curr; | 855 | CIPHER_ORDER *ciph_curr; |
| 859 | const SSL_CIPHER **ca_curr; | 856 | const SSL_CIPHER **ca_curr; |
| 860 | int i; | 857 | int i; |
| @@ -869,12 +866,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 869 | */ | 866 | */ |
| 870 | ciph_curr = head; | 867 | ciph_curr = head; |
| 871 | ca_curr = ca_list; | 868 | ca_curr = ca_list; |
| 872 | while (ciph_curr != NULL) | 869 | while (ciph_curr != NULL) { |
| 873 | { | ||
| 874 | *ca_curr = ciph_curr->cipher; | 870 | *ca_curr = ciph_curr->cipher; |
| 875 | ca_curr++; | 871 | ca_curr++; |
| 876 | ciph_curr = ciph_curr->next; | 872 | ciph_curr = ciph_curr->next; |
| 877 | } | 873 | } |
| 878 | 874 | ||
| 879 | /* | 875 | /* |
| 880 | * Now we add the available ones from the cipher_aliases[] table. | 876 | * Now we add the available ones from the cipher_aliases[] table. |
| @@ -882,8 +878,7 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 882 | * in any affected category must be supported (set in enabled_mask), | 878 | * in any affected category must be supported (set in enabled_mask), |
| 883 | * or represent a cipher strength value (will be added in any case because algorithms=0). | 879 | * or represent a cipher strength value (will be added in any case because algorithms=0). |
| 884 | */ | 880 | */ |
| 885 | for (i = 0; i < num_of_group_aliases; i++) | 881 | for (i = 0; i < num_of_group_aliases; i++) { |
| 886 | { | ||
| 887 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; | 882 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; |
| 888 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; | 883 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; |
| 889 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; | 884 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; |
| @@ -893,45 +888,46 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 893 | if (algorithm_mkey) | 888 | if (algorithm_mkey) |
| 894 | if ((algorithm_mkey & mask_mkey) == 0) | 889 | if ((algorithm_mkey & mask_mkey) == 0) |
| 895 | continue; | 890 | continue; |
| 896 | 891 | ||
| 897 | if (algorithm_auth) | 892 | if (algorithm_auth) |
| 898 | if ((algorithm_auth & mask_auth) == 0) | 893 | if ((algorithm_auth & mask_auth) == 0) |
| 899 | continue; | 894 | continue; |
| 900 | 895 | ||
| 901 | if (algorithm_enc) | 896 | if (algorithm_enc) |
| 902 | if ((algorithm_enc & mask_enc) == 0) | 897 | if ((algorithm_enc & mask_enc) == 0) |
| 903 | continue; | 898 | continue; |
| 904 | 899 | ||
| 905 | if (algorithm_mac) | 900 | if (algorithm_mac) |
| 906 | if ((algorithm_mac & mask_mac) == 0) | 901 | if ((algorithm_mac & mask_mac) == 0) |
| 907 | continue; | 902 | continue; |
| 908 | 903 | ||
| 909 | if (algorithm_ssl) | 904 | if (algorithm_ssl) |
| 910 | if ((algorithm_ssl & mask_ssl) == 0) | 905 | if ((algorithm_ssl & mask_ssl) == 0) |
| 911 | continue; | 906 | continue; |
| 912 | 907 | ||
| 913 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | 908 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); |
| 914 | ca_curr++; | 909 | ca_curr++; |
| 915 | } | 910 | } |
| 916 | 911 | ||
| 917 | *ca_curr = NULL; /* end of list */ | 912 | *ca_curr = NULL; /* end of list */ |
| 918 | } | 913 | } |
| 919 | 914 | ||
| 920 | static void ssl_cipher_apply_rule(unsigned long cipher_id, | 915 | static void |
| 921 | unsigned long alg_mkey, unsigned long alg_auth, | 916 | ssl_cipher_apply_rule(unsigned long cipher_id, |
| 922 | unsigned long alg_enc, unsigned long alg_mac, | 917 | unsigned long alg_mkey, unsigned long alg_auth, |
| 923 | unsigned long alg_ssl, | 918 | unsigned long alg_enc, unsigned long alg_mac, |
| 924 | unsigned long algo_strength, | 919 | unsigned long alg_ssl, |
| 925 | int rule, int strength_bits, | 920 | unsigned long algo_strength, |
| 926 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 921 | int rule, int strength_bits, |
| 927 | { | 922 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| 923 | { | ||
| 928 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; | 924 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; |
| 929 | const SSL_CIPHER *cp; | 925 | const SSL_CIPHER *cp; |
| 930 | int reverse = 0; | 926 | int reverse = 0; |
| 931 | 927 | ||
| 932 | #ifdef CIPHER_DEBUG | 928 | #ifdef CIPHER_DEBUG |
| 933 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", | 929 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", |
| 934 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); | 930 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); |
| 935 | #endif | 931 | #endif |
| 936 | 932 | ||
| 937 | if (rule == CIPHER_DEL) | 933 | if (rule == CIPHER_DEL) |
| @@ -940,21 +936,18 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 940 | head = *head_p; | 936 | head = *head_p; |
| 941 | tail = *tail_p; | 937 | tail = *tail_p; |
| 942 | 938 | ||
| 943 | if (reverse) | 939 | if (reverse) { |
| 944 | { | ||
| 945 | curr = tail; | 940 | curr = tail; |
| 946 | last = head; | 941 | last = head; |
| 947 | } | 942 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | curr = head; | 943 | curr = head; |
| 951 | last = tail; | 944 | last = tail; |
| 952 | } | 945 | } |
| 953 | 946 | ||
| 954 | curr2 = curr; | 947 | curr2 = curr; |
| 955 | for (;;) | 948 | for (;;) { |
| 956 | { | 949 | if ((curr == NULL) |
| 957 | if ((curr == NULL) || (curr == last)) break; | 950 | || (curr == last)) break; |
| 958 | curr = curr2; | 951 | curr = curr2; |
| 959 | curr2 = reverse ? curr->prev : curr->next; | 952 | curr2 = reverse ? curr->prev : curr->next; |
| 960 | 953 | ||
| @@ -964,13 +957,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 964 | * Selection criteria is either the value of strength_bits | 957 | * Selection criteria is either the value of strength_bits |
| 965 | * or the algorithms used. | 958 | * or the algorithms used. |
| 966 | */ | 959 | */ |
| 967 | if (strength_bits >= 0) | 960 | if (strength_bits >= 0) { |
| 968 | { | ||
| 969 | if (strength_bits != cp->strength_bits) | 961 | if (strength_bits != cp->strength_bits) |
| 970 | continue; | 962 | continue; |
| 971 | } | 963 | } else { |
| 972 | else | ||
| 973 | { | ||
| 974 | #ifdef CIPHER_DEBUG | 964 | #ifdef CIPHER_DEBUG |
| 975 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); | 965 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); |
| 976 | #endif | 966 | #endif |
| @@ -989,45 +979,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 989 | continue; | 979 | continue; |
| 990 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) | 980 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) |
| 991 | continue; | 981 | continue; |
| 992 | } | 982 | } |
| 993 | 983 | ||
| 994 | #ifdef CIPHER_DEBUG | 984 | #ifdef CIPHER_DEBUG |
| 995 | printf("Action = %d\n", rule); | 985 | printf("Action = %d\n", rule); |
| 996 | #endif | 986 | #endif |
| 997 | 987 | ||
| 998 | /* add the cipher if it has not been added yet. */ | 988 | /* add the cipher if it has not been added yet. */ |
| 999 | if (rule == CIPHER_ADD) | 989 | if (rule == CIPHER_ADD) { |
| 1000 | { | ||
| 1001 | /* reverse == 0 */ | 990 | /* reverse == 0 */ |
| 1002 | if (!curr->active) | 991 | if (!curr->active) { |
| 1003 | { | ||
| 1004 | ll_append_tail(&head, curr, &tail); | 992 | ll_append_tail(&head, curr, &tail); |
| 1005 | curr->active = 1; | 993 | curr->active = 1; |
| 1006 | } | ||
| 1007 | } | 994 | } |
| 995 | } | ||
| 1008 | /* Move the added cipher to this location */ | 996 | /* Move the added cipher to this location */ |
| 1009 | else if (rule == CIPHER_ORD) | 997 | else if (rule == CIPHER_ORD) { |
| 1010 | { | ||
| 1011 | /* reverse == 0 */ | 998 | /* reverse == 0 */ |
| 1012 | if (curr->active) | 999 | if (curr->active) { |
| 1013 | { | ||
| 1014 | ll_append_tail(&head, curr, &tail); | 1000 | ll_append_tail(&head, curr, &tail); |
| 1015 | } | ||
| 1016 | } | 1001 | } |
| 1017 | else if (rule == CIPHER_DEL) | 1002 | } else if (rule == CIPHER_DEL) { |
| 1018 | { | ||
| 1019 | /* reverse == 1 */ | 1003 | /* reverse == 1 */ |
| 1020 | if (curr->active) | 1004 | if (curr->active) { |
| 1021 | { | ||
| 1022 | /* most recently deleted ciphersuites get best positions | 1005 | /* most recently deleted ciphersuites get best positions |
| 1023 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop | 1006 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop |
| 1024 | * works in reverse to maintain the order) */ | 1007 | * works in reverse to maintain the order) */ |
| 1025 | ll_append_head(&head, curr, &tail); | 1008 | ll_append_head(&head, curr, &tail); |
| 1026 | curr->active = 0; | 1009 | curr->active = 0; |
| 1027 | } | ||
| 1028 | } | 1010 | } |
| 1029 | else if (rule == CIPHER_KILL) | 1011 | } else if (rule == CIPHER_KILL) { |
| 1030 | { | ||
| 1031 | /* reverse == 0 */ | 1012 | /* reverse == 0 */ |
| 1032 | if (head == curr) | 1013 | if (head == curr) |
| 1033 | head = curr->next; | 1014 | head = curr->next; |
| @@ -1042,16 +1023,17 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 1042 | curr->prev->next = curr->next; | 1023 | curr->prev->next = curr->next; |
| 1043 | curr->next = NULL; | 1024 | curr->next = NULL; |
| 1044 | curr->prev = NULL; | 1025 | curr->prev = NULL; |
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1027 | } | ||
| 1047 | 1028 | ||
| 1048 | *head_p = head; | 1029 | *head_p = head; |
| 1049 | *tail_p = tail; | 1030 | *tail_p = tail; |
| 1050 | } | 1031 | } |
| 1051 | 1032 | ||
| 1052 | static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | 1033 | static int |
| 1053 | CIPHER_ORDER **tail_p) | 1034 | ssl_cipher_strength_sort(CIPHER_ORDER **head_p, |
| 1054 | { | 1035 | CIPHER_ORDER **tail_p) |
| 1036 | { | ||
| 1055 | int max_strength_bits, i, *number_uses; | 1037 | int max_strength_bits, i, *number_uses; |
| 1056 | CIPHER_ORDER *curr; | 1038 | CIPHER_ORDER *curr; |
| 1057 | 1039 | ||
| @@ -1062,32 +1044,29 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1062 | */ | 1044 | */ |
| 1063 | max_strength_bits = 0; | 1045 | max_strength_bits = 0; |
| 1064 | curr = *head_p; | 1046 | curr = *head_p; |
| 1065 | while (curr != NULL) | 1047 | while (curr != NULL) { |
| 1066 | { | ||
| 1067 | if (curr->active && | 1048 | if (curr->active && |
| 1068 | (curr->cipher->strength_bits > max_strength_bits)) | 1049 | (curr->cipher->strength_bits > max_strength_bits)) |
| 1069 | max_strength_bits = curr->cipher->strength_bits; | 1050 | max_strength_bits = curr->cipher->strength_bits; |
| 1070 | curr = curr->next; | 1051 | curr = curr->next; |
| 1071 | } | 1052 | } |
| 1072 | 1053 | ||
| 1073 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); | 1054 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); |
| 1074 | if (!number_uses) | 1055 | if (!number_uses) { |
| 1075 | { | 1056 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); |
| 1076 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); | 1057 | return (0); |
| 1077 | return(0); | 1058 | } |
| 1078 | } | ||
| 1079 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); | 1059 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); |
| 1080 | 1060 | ||
| 1081 | /* | 1061 | /* |
| 1082 | * Now find the strength_bits values actually used | 1062 | * Now find the strength_bits values actually used |
| 1083 | */ | 1063 | */ |
| 1084 | curr = *head_p; | 1064 | curr = *head_p; |
| 1085 | while (curr != NULL) | 1065 | while (curr != NULL) { |
| 1086 | { | ||
| 1087 | if (curr->active) | 1066 | if (curr->active) |
| 1088 | number_uses[curr->cipher->strength_bits]++; | 1067 | number_uses[curr->cipher->strength_bits]++; |
| 1089 | curr = curr->next; | 1068 | curr = curr->next; |
| 1090 | } | 1069 | } |
| 1091 | /* | 1070 | /* |
| 1092 | * Go through the list of used strength_bits values in descending | 1071 | * Go through the list of used strength_bits values in descending |
| 1093 | * order. | 1072 | * order. |
| @@ -1097,13 +1076,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1097 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); | 1076 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); |
| 1098 | 1077 | ||
| 1099 | OPENSSL_free(number_uses); | 1078 | OPENSSL_free(number_uses); |
| 1100 | return(1); | 1079 | return (1); |
| 1101 | } | 1080 | } |
| 1102 | 1081 | ||
| 1103 | static int ssl_cipher_process_rulestr(const char *rule_str, | 1082 | static int |
| 1104 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, | 1083 | ssl_cipher_process_rulestr(const char *rule_str, |
| 1105 | const SSL_CIPHER **ca_list) | 1084 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, |
| 1106 | { | 1085 | const SSL_CIPHER **ca_list) |
| 1086 | { | ||
| 1107 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; | 1087 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; |
| 1108 | const char *l, *buf; | 1088 | const char *l, *buf; |
| 1109 | int j, multi, found, rule, retval, ok, buflen; | 1089 | int j, multi, found, rule, retval, ok, buflen; |
| @@ -1112,28 +1092,32 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1112 | 1092 | ||
| 1113 | retval = 1; | 1093 | retval = 1; |
| 1114 | l = rule_str; | 1094 | l = rule_str; |
| 1115 | for (;;) | 1095 | for (;;) { |
| 1116 | { | ||
| 1117 | ch = *l; | 1096 | ch = *l; |
| 1118 | 1097 | ||
| 1119 | if (ch == '\0') | 1098 | if (ch == '\0') |
| 1120 | break; /* done */ | 1099 | break; |
| 1100 | /* done */ | ||
| 1121 | if (ch == '-') | 1101 | if (ch == '-') |
| 1122 | { rule = CIPHER_DEL; l++; } | 1102 | { rule = CIPHER_DEL; |
| 1123 | else if (ch == '+') | 1103 | l++; |
| 1124 | { rule = CIPHER_ORD; l++; } | 1104 | } else if (ch == '+') |
| 1125 | else if (ch == '!') | 1105 | { rule = CIPHER_ORD; |
| 1126 | { rule = CIPHER_KILL; l++; } | 1106 | l++; |
| 1127 | else if (ch == '@') | 1107 | } else if (ch == '!') |
| 1128 | { rule = CIPHER_SPECIAL; l++; } | 1108 | { rule = CIPHER_KILL; |
| 1129 | else | 1109 | l++; |
| 1130 | { rule = CIPHER_ADD; } | 1110 | } else if (ch == '@') |
| 1111 | { rule = CIPHER_SPECIAL; | ||
| 1112 | l++; | ||
| 1113 | } else | ||
| 1114 | { rule = CIPHER_ADD; | ||
| 1115 | } | ||
| 1131 | 1116 | ||
| 1132 | if (ITEM_SEP(ch)) | 1117 | if (ITEM_SEP(ch)) { |
| 1133 | { | ||
| 1134 | l++; | 1118 | l++; |
| 1135 | continue; | 1119 | continue; |
| 1136 | } | 1120 | } |
| 1137 | 1121 | ||
| 1138 | alg_mkey = 0; | 1122 | alg_mkey = 0; |
| 1139 | alg_auth = 0; | 1123 | alg_auth = 0; |
| @@ -1142,52 +1126,47 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1142 | alg_ssl = 0; | 1126 | alg_ssl = 0; |
| 1143 | algo_strength = 0; | 1127 | algo_strength = 0; |
| 1144 | 1128 | ||
| 1145 | for (;;) | 1129 | for (;;) { |
| 1146 | { | ||
| 1147 | ch = *l; | 1130 | ch = *l; |
| 1148 | buf = l; | 1131 | buf = l; |
| 1149 | buflen = 0; | 1132 | buflen = 0; |
| 1150 | #ifndef CHARSET_EBCDIC | 1133 | #ifndef CHARSET_EBCDIC |
| 1151 | while ( ((ch >= 'A') && (ch <= 'Z')) || | 1134 | while (((ch >= 'A') && (ch <= 'Z')) || |
| 1152 | ((ch >= '0') && (ch <= '9')) || | 1135 | ((ch >= '0') && (ch <= '9')) || |
| 1153 | ((ch >= 'a') && (ch <= 'z')) || | 1136 | ((ch >= 'a') && (ch <= 'z')) || |
| 1154 | (ch == '-') || (ch == '.')) | 1137 | (ch == '-') || (ch == '.')) |
| 1155 | #else | 1138 | #else |
| 1156 | while ( isalnum(ch) || (ch == '-') || (ch == '.')) | 1139 | while (isalnum(ch) || (ch == '-') || (ch == '.')) |
| 1157 | #endif | 1140 | #endif |
| 1158 | { | 1141 | { |
| 1159 | ch = *(++l); | 1142 | ch = *(++l); |
| 1160 | buflen++; | 1143 | buflen++; |
| 1161 | } | 1144 | } |
| 1162 | 1145 | ||
| 1163 | if (buflen == 0) | 1146 | if (buflen == 0) { |
| 1164 | { | ||
| 1165 | /* | 1147 | /* |
| 1166 | * We hit something we cannot deal with, | 1148 | * We hit something we cannot deal with, |
| 1167 | * it is no command or separator nor | 1149 | * it is no command or separator nor |
| 1168 | * alphanumeric, so we call this an error. | 1150 | * alphanumeric, so we call this an error. |
| 1169 | */ | 1151 | */ |
| 1170 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1152 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1171 | SSL_R_INVALID_COMMAND); | 1153 | SSL_R_INVALID_COMMAND); |
| 1172 | retval = found = 0; | 1154 | retval = found = 0; |
| 1173 | l++; | 1155 | l++; |
| 1174 | break; | 1156 | break; |
| 1175 | } | 1157 | } |
| 1176 | 1158 | ||
| 1177 | if (rule == CIPHER_SPECIAL) | 1159 | if (rule == CIPHER_SPECIAL) { |
| 1178 | { | ||
| 1179 | found = 0; /* unused -- avoid compiler warning */ | 1160 | found = 0; /* unused -- avoid compiler warning */ |
| 1180 | break; /* special treatment */ | 1161 | break; /* special treatment */ |
| 1181 | } | 1162 | } |
| 1182 | 1163 | ||
| 1183 | /* check for multi-part specification */ | 1164 | /* check for multi-part specification */ |
| 1184 | if (ch == '+') | 1165 | if (ch == '+') { |
| 1185 | { | 1166 | multi = 1; |
| 1186 | multi=1; | ||
| 1187 | l++; | 1167 | l++; |
| 1188 | } | 1168 | } else |
| 1189 | else | 1169 | multi = 0; |
| 1190 | multi=0; | ||
| 1191 | 1170 | ||
| 1192 | /* | 1171 | /* |
| 1193 | * Now search for the cipher alias in the ca_list. Be careful | 1172 | * Now search for the cipher alias in the ca_list. Be careful |
| @@ -1202,126 +1181,121 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1202 | */ | 1181 | */ |
| 1203 | j = found = 0; | 1182 | j = found = 0; |
| 1204 | cipher_id = 0; | 1183 | cipher_id = 0; |
| 1205 | while (ca_list[j]) | 1184 | while (ca_list[j]) { |
| 1206 | { | ||
| 1207 | if (!strncmp(buf, ca_list[j]->name, buflen) && | 1185 | if (!strncmp(buf, ca_list[j]->name, buflen) && |
| 1208 | (ca_list[j]->name[buflen] == '\0')) | 1186 | (ca_list[j]->name[buflen] == '\0')) { |
| 1209 | { | ||
| 1210 | found = 1; | 1187 | found = 1; |
| 1211 | break; | 1188 | break; |
| 1212 | } | 1189 | } else |
| 1213 | else | ||
| 1214 | j++; | 1190 | j++; |
| 1215 | } | 1191 | } |
| 1216 | 1192 | ||
| 1217 | if (!found) | 1193 | if (!found) |
| 1218 | break; /* ignore this entry */ | 1194 | break; /* ignore this entry */ |
| 1219 | 1195 | ||
| 1220 | if (ca_list[j]->algorithm_mkey) | 1196 | if (ca_list[j]->algorithm_mkey) { |
| 1221 | { | 1197 | if (alg_mkey) { |
| 1222 | if (alg_mkey) | ||
| 1223 | { | ||
| 1224 | alg_mkey &= ca_list[j]->algorithm_mkey; | 1198 | alg_mkey &= ca_list[j]->algorithm_mkey; |
| 1225 | if (!alg_mkey) { found = 0; break; } | 1199 | if (!alg_mkey) { |
| 1200 | found = 0; | ||
| 1201 | break; | ||
| 1226 | } | 1202 | } |
| 1227 | else | 1203 | } else |
| 1228 | alg_mkey = ca_list[j]->algorithm_mkey; | 1204 | alg_mkey = ca_list[j]->algorithm_mkey; |
| 1229 | } | 1205 | } |
| 1230 | 1206 | ||
| 1231 | if (ca_list[j]->algorithm_auth) | 1207 | if (ca_list[j]->algorithm_auth) { |
| 1232 | { | 1208 | if (alg_auth) { |
| 1233 | if (alg_auth) | ||
| 1234 | { | ||
| 1235 | alg_auth &= ca_list[j]->algorithm_auth; | 1209 | alg_auth &= ca_list[j]->algorithm_auth; |
| 1236 | if (!alg_auth) { found = 0; break; } | 1210 | if (!alg_auth) { |
| 1211 | found = 0; | ||
| 1212 | break; | ||
| 1237 | } | 1213 | } |
| 1238 | else | 1214 | } else |
| 1239 | alg_auth = ca_list[j]->algorithm_auth; | 1215 | alg_auth = ca_list[j]->algorithm_auth; |
| 1240 | } | 1216 | } |
| 1241 | 1217 | ||
| 1242 | if (ca_list[j]->algorithm_enc) | 1218 | if (ca_list[j]->algorithm_enc) { |
| 1243 | { | 1219 | if (alg_enc) { |
| 1244 | if (alg_enc) | ||
| 1245 | { | ||
| 1246 | alg_enc &= ca_list[j]->algorithm_enc; | 1220 | alg_enc &= ca_list[j]->algorithm_enc; |
| 1247 | if (!alg_enc) { found = 0; break; } | 1221 | if (!alg_enc) { |
| 1222 | found = 0; | ||
| 1223 | break; | ||
| 1248 | } | 1224 | } |
| 1249 | else | 1225 | } else |
| 1250 | alg_enc = ca_list[j]->algorithm_enc; | 1226 | alg_enc = ca_list[j]->algorithm_enc; |
| 1251 | } | 1227 | } |
| 1252 | 1228 | ||
| 1253 | if (ca_list[j]->algorithm_mac) | 1229 | if (ca_list[j]->algorithm_mac) { |
| 1254 | { | 1230 | if (alg_mac) { |
| 1255 | if (alg_mac) | ||
| 1256 | { | ||
| 1257 | alg_mac &= ca_list[j]->algorithm_mac; | 1231 | alg_mac &= ca_list[j]->algorithm_mac; |
| 1258 | if (!alg_mac) { found = 0; break; } | 1232 | if (!alg_mac) { |
| 1233 | found = 0; | ||
| 1234 | break; | ||
| 1259 | } | 1235 | } |
| 1260 | else | 1236 | } else |
| 1261 | alg_mac = ca_list[j]->algorithm_mac; | 1237 | alg_mac = ca_list[j]->algorithm_mac; |
| 1262 | } | 1238 | } |
| 1263 | 1239 | ||
| 1264 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) | 1240 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { |
| 1265 | { | 1241 | if (algo_strength & SSL_EXP_MASK) { |
| 1266 | if (algo_strength & SSL_EXP_MASK) | ||
| 1267 | { | ||
| 1268 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; | 1242 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; |
| 1269 | if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } | 1243 | if (!(algo_strength & SSL_EXP_MASK)) { |
| 1244 | found = 0; | ||
| 1245 | break; | ||
| 1270 | } | 1246 | } |
| 1271 | else | 1247 | } else |
| 1272 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; | 1248 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; |
| 1273 | } | 1249 | } |
| 1274 | 1250 | ||
| 1275 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) | 1251 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { |
| 1276 | { | 1252 | if (algo_strength & SSL_STRONG_MASK) { |
| 1277 | if (algo_strength & SSL_STRONG_MASK) | ||
| 1278 | { | ||
| 1279 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | 1253 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; |
| 1280 | if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } | 1254 | if (!(algo_strength & SSL_STRONG_MASK)) { |
| 1255 | found = 0; | ||
| 1256 | break; | ||
| 1281 | } | 1257 | } |
| 1282 | else | 1258 | } else |
| 1283 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; | 1259 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; |
| 1284 | } | 1260 | } |
| 1285 | 1261 | ||
| 1286 | if (ca_list[j]->valid) | 1262 | if (ca_list[j]->valid) { |
| 1287 | { | ||
| 1288 | /* explicit ciphersuite found; its protocol version | 1263 | /* explicit ciphersuite found; its protocol version |
| 1289 | * does not become part of the search pattern!*/ | 1264 | * does not become part of the search pattern!*/ |
| 1290 | 1265 | ||
| 1291 | cipher_id = ca_list[j]->id; | 1266 | cipher_id = ca_list[j]->id; |
| 1292 | } | 1267 | } else { |
| 1293 | else | ||
| 1294 | { | ||
| 1295 | /* not an explicit ciphersuite; only in this case, the | 1268 | /* not an explicit ciphersuite; only in this case, the |
| 1296 | * protocol version is considered part of the search pattern */ | 1269 | * protocol version is considered part of the search pattern */ |
| 1297 | 1270 | ||
| 1298 | if (ca_list[j]->algorithm_ssl) | 1271 | if (ca_list[j]->algorithm_ssl) { |
| 1299 | { | 1272 | if (alg_ssl) { |
| 1300 | if (alg_ssl) | ||
| 1301 | { | ||
| 1302 | alg_ssl &= ca_list[j]->algorithm_ssl; | 1273 | alg_ssl &= ca_list[j]->algorithm_ssl; |
| 1303 | if (!alg_ssl) { found = 0; break; } | 1274 | if (!alg_ssl) { |
| 1275 | found = 0; | ||
| 1276 | break; | ||
| 1304 | } | 1277 | } |
| 1305 | else | 1278 | } else |
| 1306 | alg_ssl = ca_list[j]->algorithm_ssl; | 1279 | alg_ssl = ca_list[j]->algorithm_ssl; |
| 1307 | } | ||
| 1308 | } | 1280 | } |
| 1309 | |||
| 1310 | if (!multi) break; | ||
| 1311 | } | 1281 | } |
| 1312 | 1282 | ||
| 1283 | if (!multi) | ||
| 1284 | break; | ||
| 1285 | } | ||
| 1286 | |||
| 1313 | /* | 1287 | /* |
| 1314 | * Ok, we have the rule, now apply it | 1288 | * Ok, we have the rule, now apply it |
| 1315 | */ | 1289 | */ |
| 1316 | if (rule == CIPHER_SPECIAL) | 1290 | if (rule == CIPHER_SPECIAL) |
| 1317 | { /* special command */ | 1291 | { /* special command */ |
| 1318 | ok = 0; | 1292 | ok = 0; |
| 1319 | if ((buflen == 8) && | 1293 | if ((buflen == 8) && |
| 1320 | !strncmp(buf, "STRENGTH", 8)) | 1294 | !strncmp(buf, "STRENGTH", 8)) |
| 1321 | ok = ssl_cipher_strength_sort(head_p, tail_p); | 1295 | ok = ssl_cipher_strength_sort(head_p, tail_p); |
| 1322 | else | 1296 | else |
| 1323 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1297 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1324 | SSL_R_INVALID_COMMAND); | 1298 | SSL_R_INVALID_COMMAND); |
| 1325 | if (ok == 0) | 1299 | if (ok == 0) |
| 1326 | retval = 0; | 1300 | retval = 0; |
| 1327 | /* | 1301 | /* |
| @@ -1331,30 +1305,27 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1331 | * end or ':' is found. | 1305 | * end or ':' is found. |
| 1332 | */ | 1306 | */ |
| 1333 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1307 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1334 | l++; | 1308 | l++; |
| 1335 | } | 1309 | } else if (found) { |
| 1336 | else if (found) | ||
| 1337 | { | ||
| 1338 | ssl_cipher_apply_rule(cipher_id, | 1310 | ssl_cipher_apply_rule(cipher_id, |
| 1339 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, | 1311 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, |
| 1340 | rule, -1, head_p, tail_p); | 1312 | rule, -1, head_p, tail_p); |
| 1341 | } | 1313 | } else { |
| 1342 | else | ||
| 1343 | { | ||
| 1344 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1314 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1345 | l++; | 1315 | l++; |
| 1346 | } | 1316 | } |
| 1347 | if (*l == '\0') break; /* done */ | 1317 | if (*l == '\0') break; /* done */ |
| 1348 | } | 1318 | } |
| 1349 | 1319 | ||
| 1350 | return(retval); | 1320 | return (retval); |
| 1351 | } | 1321 | } |
| 1352 | 1322 | ||
| 1353 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | 1323 | STACK_OF(SSL_CIPHER) |
| 1354 | STACK_OF(SSL_CIPHER) **cipher_list, | 1324 | *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
| 1355 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | 1325 | STACK_OF(SSL_CIPHER) **cipher_list, |
| 1356 | const char *rule_str) | 1326 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, |
| 1357 | { | 1327 | const char *rule_str) |
| 1328 | { | ||
| 1358 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | 1329 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
| 1359 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; | 1330 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; |
| 1360 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | 1331 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
| @@ -1384,15 +1355,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1384 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | 1355 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); |
| 1385 | #endif /* KSSL_DEBUG */ | 1356 | #endif /* KSSL_DEBUG */ |
| 1386 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); | 1357 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); |
| 1387 | if (co_list == NULL) | 1358 | if (co_list == NULL) { |
| 1388 | { | 1359 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1389 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1390 | return(NULL); /* Failure */ | 1360 | return(NULL); /* Failure */ |
| 1391 | } | 1361 | } |
| 1392 | 1362 | ||
| 1393 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | 1363 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
| 1394 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | 1364 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, |
| 1395 | co_list, &head, &tail); | 1365 | co_list, &head, &tail); |
| 1396 | 1366 | ||
| 1397 | 1367 | ||
| 1398 | /* Now arrange all ciphers by preference: */ | 1368 | /* Now arrange all ciphers by preference: */ |
| @@ -1419,19 +1389,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1419 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1389 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1420 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ | 1390 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ |
| 1421 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1391 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1422 | ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1392 | ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1423 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1393 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1424 | 1394 | ||
| 1425 | /* RC4 is sort-of broken -- move the the end */ | 1395 | /* RC4 is sort-of broken -- move the the end */ |
| 1426 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1396 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1427 | 1397 | ||
| 1428 | /* Now sort by symmetric encryption strength. The above ordering remains | 1398 | /* Now sort by symmetric encryption strength. The above ordering remains |
| 1429 | * in force within each class */ | 1399 | * in force within each class */ |
| 1430 | if (!ssl_cipher_strength_sort(&head, &tail)) | 1400 | if (!ssl_cipher_strength_sort(&head, &tail)) { |
| 1431 | { | ||
| 1432 | OPENSSL_free(co_list); | 1401 | OPENSSL_free(co_list); |
| 1433 | return NULL; | 1402 | return NULL; |
| 1434 | } | 1403 | } |
| 1435 | 1404 | ||
| 1436 | /* Now disable everything (maintaining the ordering!) */ | 1405 | /* Now disable everything (maintaining the ordering!) */ |
| 1437 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1406 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| @@ -1448,15 +1417,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1448 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | 1417 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); |
| 1449 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | 1418 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; |
| 1450 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); | 1419 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); |
| 1451 | if (ca_list == NULL) | 1420 | if (ca_list == NULL) { |
| 1452 | { | ||
| 1453 | OPENSSL_free(co_list); | 1421 | OPENSSL_free(co_list); |
| 1454 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 1422 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1455 | return(NULL); /* Failure */ | 1423 | return(NULL); /* Failure */ |
| 1456 | } | 1424 | } |
| 1457 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, | 1425 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
| 1458 | disabled_mkey, disabled_auth, disabled_enc, | 1426 | disabled_mkey, disabled_auth, disabled_enc, |
| 1459 | disabled_mac, disabled_ssl, head); | 1427 | disabled_mac, disabled_ssl, head); |
| 1460 | 1428 | ||
| 1461 | /* | 1429 | /* |
| 1462 | * If the rule_string begins with DEFAULT, apply the default rule | 1430 | * If the rule_string begins with DEFAULT, apply the default rule |
| @@ -1464,14 +1432,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1464 | */ | 1432 | */ |
| 1465 | ok = 1; | 1433 | ok = 1; |
| 1466 | rule_p = rule_str; | 1434 | rule_p = rule_str; |
| 1467 | if (strncmp(rule_str,"DEFAULT",7) == 0) | 1435 | if (strncmp(rule_str, "DEFAULT", 7) == 0) { |
| 1468 | { | ||
| 1469 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | 1436 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, |
| 1470 | &head, &tail, ca_list); | 1437 | &head, &tail, ca_list); |
| 1471 | rule_p += 7; | 1438 | rule_p += 7; |
| 1472 | if (*rule_p == ':') | 1439 | if (*rule_p == ':') |
| 1473 | rule_p++; | 1440 | rule_p++; |
| 1474 | } | 1441 | } |
| 1475 | 1442 | ||
| 1476 | if (ok && (strlen(rule_p) > 0)) | 1443 | if (ok && (strlen(rule_p) > 0)) |
| 1477 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); | 1444 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); |
| @@ -1479,65 +1446,63 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1479 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ | 1446 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ |
| 1480 | 1447 | ||
| 1481 | if (!ok) | 1448 | if (!ok) |
| 1482 | { /* Rule processing failure */ | 1449 | { /* Rule processing failure */ |
| 1483 | OPENSSL_free(co_list); | 1450 | OPENSSL_free(co_list); |
| 1484 | return(NULL); | 1451 | return (NULL); |
| 1485 | } | 1452 | } |
| 1486 | 1453 | ||
| 1487 | /* | 1454 | /* |
| 1488 | * Allocate new "cipherstack" for the result, return with error | 1455 | * Allocate new "cipherstack" for the result, return with error |
| 1489 | * if we cannot get one. | 1456 | * if we cannot get one. |
| 1490 | */ | 1457 | */ |
| 1491 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) | 1458 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { |
| 1492 | { | ||
| 1493 | OPENSSL_free(co_list); | 1459 | OPENSSL_free(co_list); |
| 1494 | return(NULL); | 1460 | return (NULL); |
| 1495 | } | 1461 | } |
| 1496 | 1462 | ||
| 1497 | /* | 1463 | /* |
| 1498 | * The cipher selection for the list is done. The ciphers are added | 1464 | * The cipher selection for the list is done. The ciphers are added |
| 1499 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | 1465 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). |
| 1500 | */ | 1466 | */ |
| 1501 | for (curr = head; curr != NULL; curr = curr->next) | 1467 | for (curr = head; curr != NULL; curr = curr->next) { |
| 1502 | { | ||
| 1503 | #ifdef OPENSSL_FIPS | 1468 | #ifdef OPENSSL_FIPS |
| 1504 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | 1469 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) |
| 1505 | #else | 1470 | #else |
| 1506 | if (curr->active) | 1471 | if (curr->active) |
| 1507 | #endif | 1472 | #endif |
| 1508 | { | 1473 | { |
| 1509 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1474 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 1510 | #ifdef CIPHER_DEBUG | 1475 | #ifdef CIPHER_DEBUG |
| 1511 | printf("<%s>\n",curr->cipher->name); | 1476 | printf("<%s>\n", curr->cipher->name); |
| 1512 | #endif | 1477 | #endif |
| 1513 | } | ||
| 1514 | } | 1478 | } |
| 1479 | } | ||
| 1515 | OPENSSL_free(co_list); /* Not needed any longer */ | 1480 | OPENSSL_free(co_list); /* Not needed any longer */ |
| 1516 | 1481 | ||
| 1517 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | 1482 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); |
| 1518 | if (tmp_cipher_list == NULL) | 1483 | if (tmp_cipher_list == NULL) { |
| 1519 | { | ||
| 1520 | sk_SSL_CIPHER_free(cipherstack); | 1484 | sk_SSL_CIPHER_free(cipherstack); |
| 1521 | return NULL; | 1485 | return NULL; |
| 1522 | } | 1486 | } |
| 1523 | if (*cipher_list != NULL) | 1487 | if (*cipher_list != NULL) |
| 1524 | sk_SSL_CIPHER_free(*cipher_list); | 1488 | sk_SSL_CIPHER_free(*cipher_list); |
| 1525 | *cipher_list = cipherstack; | 1489 | *cipher_list = cipherstack; |
| 1526 | if (*cipher_list_by_id != NULL) | 1490 | if (*cipher_list_by_id != NULL) |
| 1527 | sk_SSL_CIPHER_free(*cipher_list_by_id); | 1491 | sk_SSL_CIPHER_free(*cipher_list_by_id); |
| 1528 | *cipher_list_by_id = tmp_cipher_list; | 1492 | *cipher_list_by_id = tmp_cipher_list; |
| 1529 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 1493 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); |
| 1530 | 1494 | ||
| 1531 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | 1495 | sk_SSL_CIPHER_sort(*cipher_list_by_id); |
| 1532 | return(cipherstack); | 1496 | return (cipherstack); |
| 1533 | } | 1497 | } |
| 1534 | 1498 | ||
| 1535 | char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | 1499 | char |
| 1536 | { | 1500 | *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) |
| 1537 | int is_export,pkl,kl; | 1501 | { |
| 1538 | const char *ver,*exp_str; | 1502 | int is_export, pkl, kl; |
| 1539 | const char *kx,*au,*enc,*mac; | 1503 | const char *ver, *exp_str; |
| 1540 | unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; | 1504 | const char *kx, *au, *enc, *mac; |
| 1505 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; | ||
| 1541 | #ifdef KSSL_DEBUG | 1506 | #ifdef KSSL_DEBUG |
| 1542 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; | 1507 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; |
| 1543 | #else | 1508 | #else |
| @@ -1550,13 +1515,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1550 | alg_mac = cipher->algorithm_mac; | 1515 | alg_mac = cipher->algorithm_mac; |
| 1551 | alg_ssl = cipher->algorithm_ssl; | 1516 | alg_ssl = cipher->algorithm_ssl; |
| 1552 | 1517 | ||
| 1553 | alg2=cipher->algorithm2; | 1518 | alg2 = cipher->algorithm2; |
| 1519 | |||
| 1520 | is_export = SSL_C_IS_EXPORT(cipher); | ||
| 1521 | pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1522 | kl = SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1523 | exp_str = is_export?" export":""; | ||
| 1554 | 1524 | ||
| 1555 | is_export=SSL_C_IS_EXPORT(cipher); | ||
| 1556 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1557 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1558 | exp_str=is_export?" export":""; | ||
| 1559 | |||
| 1560 | if (alg_ssl & SSL_SSLV2) | 1525 | if (alg_ssl & SSL_SSLV2) |
| 1561 | ver="SSLv2"; | 1526 | ver="SSLv2"; |
| 1562 | else if (alg_ssl & SSL_SSLV3) | 1527 | else if (alg_ssl & SSL_SSLV3) |
| @@ -1566,10 +1531,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1566 | else | 1531 | else |
| 1567 | ver="unknown"; | 1532 | ver="unknown"; |
| 1568 | 1533 | ||
| 1569 | switch (alg_mkey) | 1534 | switch (alg_mkey) { |
| 1570 | { | ||
| 1571 | case SSL_kRSA: | 1535 | case SSL_kRSA: |
| 1572 | kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; | 1536 | kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; |
| 1573 | break; | 1537 | break; |
| 1574 | case SSL_kDHr: | 1538 | case SSL_kDHr: |
| 1575 | kx="DH/RSA"; | 1539 | kx="DH/RSA"; |
| @@ -1577,11 +1541,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1577 | case SSL_kDHd: | 1541 | case SSL_kDHd: |
| 1578 | kx="DH/DSS"; | 1542 | kx="DH/DSS"; |
| 1579 | break; | 1543 | break; |
| 1580 | case SSL_kKRB5: | 1544 | case SSL_kKRB5: |
| 1581 | kx="KRB5"; | 1545 | kx="KRB5"; |
| 1582 | break; | 1546 | break; |
| 1583 | case SSL_kEDH: | 1547 | case SSL_kEDH: |
| 1584 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; | 1548 | kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
| 1585 | break; | 1549 | break; |
| 1586 | case SSL_kECDHr: | 1550 | case SSL_kECDHr: |
| 1587 | kx="ECDH/RSA"; | 1551 | kx="ECDH/RSA"; |
| @@ -1600,10 +1564,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1600 | break; | 1564 | break; |
| 1601 | default: | 1565 | default: |
| 1602 | kx="unknown"; | 1566 | kx="unknown"; |
| 1603 | } | 1567 | } |
| 1604 | 1568 | ||
| 1605 | switch (alg_auth) | 1569 | switch (alg_auth) { |
| 1606 | { | ||
| 1607 | case SSL_aRSA: | 1570 | case SSL_aRSA: |
| 1608 | au="RSA"; | 1571 | au="RSA"; |
| 1609 | break; | 1572 | break; |
| @@ -1613,10 +1576,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1613 | case SSL_aDH: | 1576 | case SSL_aDH: |
| 1614 | au="DH"; | 1577 | au="DH"; |
| 1615 | break; | 1578 | break; |
| 1616 | case SSL_aKRB5: | 1579 | case SSL_aKRB5: |
| 1617 | au="KRB5"; | 1580 | au="KRB5"; |
| 1618 | break; | 1581 | break; |
| 1619 | case SSL_aECDH: | 1582 | case SSL_aECDH: |
| 1620 | au="ECDH"; | 1583 | au="ECDH"; |
| 1621 | break; | 1584 | break; |
| 1622 | case SSL_aNULL: | 1585 | case SSL_aNULL: |
| @@ -1631,22 +1594,21 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1631 | default: | 1594 | default: |
| 1632 | au="unknown"; | 1595 | au="unknown"; |
| 1633 | break; | 1596 | break; |
| 1634 | } | 1597 | } |
| 1635 | 1598 | ||
| 1636 | switch (alg_enc) | 1599 | switch (alg_enc) { |
| 1637 | { | ||
| 1638 | case SSL_DES: | 1600 | case SSL_DES: |
| 1639 | enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; | 1601 | enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; |
| 1640 | break; | 1602 | break; |
| 1641 | case SSL_3DES: | 1603 | case SSL_3DES: |
| 1642 | enc="3DES(168)"; | 1604 | enc="3DES(168)"; |
| 1643 | break; | 1605 | break; |
| 1644 | case SSL_RC4: | 1606 | case SSL_RC4: |
| 1645 | enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") | 1607 | enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") |
| 1646 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); | 1608 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); |
| 1647 | break; | 1609 | break; |
| 1648 | case SSL_RC2: | 1610 | case SSL_RC2: |
| 1649 | enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; | 1611 | enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; |
| 1650 | break; | 1612 | break; |
| 1651 | case SSL_IDEA: | 1613 | case SSL_IDEA: |
| 1652 | enc="IDEA(128)"; | 1614 | enc="IDEA(128)"; |
| @@ -1678,10 +1640,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1678 | default: | 1640 | default: |
| 1679 | enc="unknown"; | 1641 | enc="unknown"; |
| 1680 | break; | 1642 | break; |
| 1681 | } | 1643 | } |
| 1682 | 1644 | ||
| 1683 | switch (alg_mac) | 1645 | switch (alg_mac) { |
| 1684 | { | ||
| 1685 | case SSL_MD5: | 1646 | case SSL_MD5: |
| 1686 | mac="MD5"; | 1647 | mac="MD5"; |
| 1687 | break; | 1648 | break; |
| @@ -1700,108 +1661,119 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1700 | default: | 1661 | default: |
| 1701 | mac="unknown"; | 1662 | mac="unknown"; |
| 1702 | break; | 1663 | break; |
| 1703 | } | 1664 | } |
| 1704 | 1665 | ||
| 1705 | if (buf == NULL) | 1666 | if (buf == NULL) { |
| 1706 | { | 1667 | len = 128; |
| 1707 | len=128; | 1668 | buf = OPENSSL_malloc(len); |
| 1708 | buf=OPENSSL_malloc(len); | 1669 | if (buf == NULL) |
| 1709 | if (buf == NULL) return("OPENSSL_malloc Error"); | 1670 | return("OPENSSL_malloc Error"); |
| 1710 | } | 1671 | } else if (len < 128) |
| 1711 | else if (len < 128) | 1672 | return("Buffer too small"); |
| 1712 | return("Buffer too small"); | ||
| 1713 | 1673 | ||
| 1714 | #ifdef KSSL_DEBUG | 1674 | #ifdef KSSL_DEBUG |
| 1715 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); | 1675 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); |
| 1716 | #else | 1676 | #else |
| 1717 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); | 1677 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); |
| 1718 | #endif /* KSSL_DEBUG */ | 1678 | #endif /* KSSL_DEBUG */ |
| 1719 | return(buf); | 1679 | return (buf); |
| 1720 | } | 1680 | } |
| 1721 | 1681 | ||
| 1722 | char *SSL_CIPHER_get_version(const SSL_CIPHER *c) | 1682 | char |
| 1723 | { | 1683 | *SSL_CIPHER_get_version(const SSL_CIPHER *c) |
| 1684 | { | ||
| 1724 | int i; | 1685 | int i; |
| 1725 | 1686 | ||
| 1726 | if (c == NULL) return("(NONE)"); | 1687 | if (c == NULL) |
| 1727 | i=(int)(c->id>>24L); | 1688 | return("(NONE)"); |
| 1689 | i = (int)(c->id >> 24L); | ||
| 1728 | if (i == 3) | 1690 | if (i == 3) |
| 1729 | return("TLSv1/SSLv3"); | 1691 | return("TLSv1/SSLv3"); |
| 1730 | else if (i == 2) | 1692 | else if (i == 2) |
| 1731 | return("SSLv2"); | 1693 | return("SSLv2"); |
| 1732 | else | 1694 | else |
| 1733 | return("unknown"); | 1695 | return("unknown"); |
| 1734 | } | 1696 | } |
| 1735 | 1697 | ||
| 1736 | /* return the actual cipher being used */ | 1698 | /* return the actual cipher being used */ |
| 1737 | const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) | 1699 | const char |
| 1738 | { | 1700 | *SSL_CIPHER_get_name(const SSL_CIPHER *c) |
| 1701 | { | ||
| 1739 | if (c != NULL) | 1702 | if (c != NULL) |
| 1740 | return(c->name); | 1703 | return (c->name); |
| 1741 | return("(NONE)"); | 1704 | return("(NONE)"); |
| 1742 | } | 1705 | } |
| 1743 | 1706 | ||
| 1744 | /* number of bits for symmetric cipher */ | 1707 | /* number of bits for symmetric cipher */ |
| 1745 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) | 1708 | int |
| 1746 | { | 1709 | SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) |
| 1747 | int ret=0; | 1710 | { |
| 1711 | int ret = 0; | ||
| 1748 | 1712 | ||
| 1749 | if (c != NULL) | 1713 | if (c != NULL) { |
| 1750 | { | 1714 | if (alg_bits != NULL) |
| 1751 | if (alg_bits != NULL) *alg_bits = c->alg_bits; | 1715 | *alg_bits = c->alg_bits; |
| 1752 | ret = c->strength_bits; | 1716 | ret = c->strength_bits; |
| 1753 | } | ||
| 1754 | return(ret); | ||
| 1755 | } | 1717 | } |
| 1718 | return (ret); | ||
| 1719 | } | ||
| 1756 | 1720 | ||
| 1757 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) | 1721 | unsigned long |
| 1758 | { | 1722 | SSL_CIPHER_get_id(const SSL_CIPHER *c) |
| 1723 | { | ||
| 1759 | return c->id; | 1724 | return c->id; |
| 1760 | } | 1725 | } |
| 1761 | 1726 | ||
| 1762 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | 1727 | SSL_COMP |
| 1763 | { | 1728 | *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) |
| 1729 | { | ||
| 1764 | SSL_COMP *ctmp; | 1730 | SSL_COMP *ctmp; |
| 1765 | int i,nn; | 1731 | int i, nn; |
| 1766 | 1732 | ||
| 1767 | if ((n == 0) || (sk == NULL)) return(NULL); | 1733 | if ((n == 0) |
| 1768 | nn=sk_SSL_COMP_num(sk); | 1734 | || (sk == NULL)) return (NULL); |
| 1769 | for (i=0; i<nn; i++) | 1735 | nn = sk_SSL_COMP_num(sk); |
| 1770 | { | 1736 | for (i = 0; i < nn; i++) { |
| 1771 | ctmp=sk_SSL_COMP_value(sk,i); | 1737 | ctmp = sk_SSL_COMP_value(sk, i); |
| 1772 | if (ctmp->id == n) | 1738 | if (ctmp->id == n) |
| 1773 | return(ctmp); | 1739 | return (ctmp); |
| 1774 | } | ||
| 1775 | return(NULL); | ||
| 1776 | } | 1740 | } |
| 1741 | return (NULL); | ||
| 1742 | } | ||
| 1777 | 1743 | ||
| 1778 | #ifdef OPENSSL_NO_COMP | 1744 | #ifdef OPENSSL_NO_COMP |
| 1779 | void *SSL_COMP_get_compression_methods(void) | 1745 | void |
| 1780 | { | 1746 | *SSL_COMP_get_compression_methods(void) |
| 1747 | { | ||
| 1781 | return NULL; | 1748 | return NULL; |
| 1782 | } | 1749 | } |
| 1783 | int SSL_COMP_add_compression_method(int id, void *cm) | 1750 | |
| 1784 | { | 1751 | int |
| 1752 | SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1753 | { | ||
| 1785 | return 1; | 1754 | return 1; |
| 1786 | } | 1755 | } |
| 1787 | 1756 | ||
| 1788 | const char *SSL_COMP_get_name(const void *comp) | 1757 | const char |
| 1789 | { | 1758 | *SSL_COMP_get_name(const void *comp) |
| 1759 | { | ||
| 1790 | return NULL; | 1760 | return NULL; |
| 1791 | } | 1761 | } |
| 1792 | #else | 1762 | #else |
| 1793 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | 1763 | STACK_OF(SSL_COMP) |
| 1794 | { | 1764 | *SSL_COMP_get_compression_methods(void) |
| 1765 | { | ||
| 1795 | load_builtin_compressions(); | 1766 | load_builtin_compressions(); |
| 1796 | return(ssl_comp_methods); | 1767 | return (ssl_comp_methods); |
| 1797 | } | 1768 | } |
| 1798 | 1769 | ||
| 1799 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | 1770 | int |
| 1800 | { | 1771 | SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) |
| 1772 | { | ||
| 1801 | SSL_COMP *comp; | 1773 | SSL_COMP *comp; |
| 1802 | 1774 | ||
| 1803 | if (cm == NULL || cm->type == NID_undef) | 1775 | if (cm == NULL || cm->type == NID_undef) |
| 1804 | return 1; | 1776 | return 1; |
| 1805 | 1777 | ||
| 1806 | /* According to draft-ietf-tls-compression-04.txt, the | 1778 | /* According to draft-ietf-tls-compression-04.txt, the |
| 1807 | compression number ranges should be the following: | 1779 | compression number ranges should be the following: |
| @@ -1809,45 +1781,40 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1809 | 0 to 63: methods defined by the IETF | 1781 | 0 to 63: methods defined by the IETF |
| 1810 | 64 to 192: external party methods assigned by IANA | 1782 | 64 to 192: external party methods assigned by IANA |
| 1811 | 193 to 255: reserved for private use */ | 1783 | 193 to 255: reserved for private use */ |
| 1812 | if (id < 193 || id > 255) | 1784 | if (id < 193 || id > 255) { |
| 1813 | { | 1785 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); |
| 1814 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
| 1815 | return 0; | 1786 | return 0; |
| 1816 | } | 1787 | } |
| 1817 | 1788 | ||
| 1818 | MemCheck_off(); | 1789 | MemCheck_off(); |
| 1819 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 1790 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 1820 | comp->id=id; | 1791 | comp->id = id; |
| 1821 | comp->method=cm; | 1792 | comp->method = cm; |
| 1822 | load_builtin_compressions(); | 1793 | load_builtin_compressions(); |
| 1823 | if (ssl_comp_methods | 1794 | if (ssl_comp_methods |
| 1824 | && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) | 1795 | && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { |
| 1825 | { | ||
| 1826 | OPENSSL_free(comp); | 1796 | OPENSSL_free(comp); |
| 1827 | MemCheck_on(); | 1797 | MemCheck_on(); |
| 1828 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | 1798 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); |
| 1829 | return(1); | 1799 | return (1); |
| 1830 | } | 1800 | } else if ((ssl_comp_methods == NULL) |
| 1831 | else if ((ssl_comp_methods == NULL) | 1801 | || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { |
| 1832 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) | ||
| 1833 | { | ||
| 1834 | OPENSSL_free(comp); | 1802 | OPENSSL_free(comp); |
| 1835 | MemCheck_on(); | 1803 | MemCheck_on(); |
| 1836 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | 1804 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); |
| 1837 | return(1); | 1805 | return (1); |
| 1838 | } | 1806 | } else { |
| 1839 | else | ||
| 1840 | { | ||
| 1841 | MemCheck_on(); | 1807 | MemCheck_on(); |
| 1842 | return(0); | 1808 | return (0); |
| 1843 | } | ||
| 1844 | } | 1809 | } |
| 1810 | } | ||
| 1845 | 1811 | ||
| 1846 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | 1812 | const char |
| 1847 | { | 1813 | *SSL_COMP_get_name(const COMP_METHOD *comp) |
| 1814 | { | ||
| 1848 | if (comp) | 1815 | if (comp) |
| 1849 | return comp->name; | 1816 | return comp->name; |
| 1850 | return NULL; | 1817 | return NULL; |
| 1851 | } | 1818 | } |
| 1852 | 1819 | ||
| 1853 | #endif | 1820 | #endif |
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 370fb57e3b..67ba3c7699 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
| @@ -68,543 +68,541 @@ | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) | 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) |
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) | 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) |
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA SSL_str_functs[]= | 71 | static ERR_STRING_DATA SSL_str_functs[]= { |
| 72 | { | 72 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, |
| 73 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, | 73 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, |
| 74 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, | 74 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, |
| 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | 75 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, |
| 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | 76 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, |
| 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | 77 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, |
| 78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | 78 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, |
| 79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | 79 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, |
| 80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | 80 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, |
| 81 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, | 81 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, |
| 82 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | 82 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, |
| 83 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, | 83 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, |
| 84 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | 84 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, |
| 85 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | 85 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, |
| 86 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | 86 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, |
| 87 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | 87 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, |
| 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, |
| 89 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | 89 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, |
| 90 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | 90 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, |
| 91 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, | 91 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, |
| 92 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, | 92 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, |
| 93 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | 93 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, |
| 94 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | 94 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, |
| 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, |
| 96 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | 96 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, |
| 97 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | 97 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, |
| 98 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | 98 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, |
| 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, |
| 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, |
| 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, |
| 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, |
| 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, |
| 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, |
| 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, |
| 106 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | 106 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, |
| 107 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | 107 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, |
| 108 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | 108 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, |
| 109 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | 109 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, |
| 110 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | 110 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, |
| 111 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, | 111 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, |
| 112 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, | 112 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, |
| 113 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, | 113 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, |
| 114 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, | 114 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, |
| 115 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, | 115 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, |
| 116 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, | 116 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, |
| 117 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, | 117 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, |
| 118 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, | 118 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, |
| 119 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, | 119 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, |
| 120 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, | 120 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, |
| 121 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, | 121 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, |
| 122 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, | 122 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, |
| 123 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, | 123 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, |
| 124 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, | 124 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, |
| 125 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, | 125 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, |
| 126 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, | 126 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, |
| 127 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, | 127 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, |
| 128 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, | 128 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, |
| 129 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, | 129 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, |
| 130 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, | 130 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, |
| 131 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, | 131 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, |
| 132 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, | 132 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, |
| 133 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, | 133 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, |
| 134 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, | 134 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, |
| 135 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, | 135 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, |
| 136 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, | 136 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, |
| 137 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, | 137 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, |
| 138 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, | 138 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, |
| 139 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, | 139 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, |
| 140 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, | 140 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, |
| 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, |
| 142 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, | 142 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, |
| 143 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, | 143 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, | 144 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
| 145 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, | 145 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, |
| 146 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, | 146 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, |
| 147 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, | 147 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, |
| 148 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, | 148 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
| 149 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | 149 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
| 150 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | 150 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, |
| 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, |
| 153 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | 153 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, |
| 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, |
| 156 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, | 156 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, |
| 157 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | 157 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, |
| 158 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | 158 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, |
| 159 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | 159 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, |
| 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, |
| 161 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, | 161 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, |
| 162 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | 162 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, |
| 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, |
| 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, |
| 165 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | 165 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, |
| 166 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, | 166 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, |
| 167 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | 167 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, |
| 168 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | 168 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, |
| 169 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | 169 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, |
| 170 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | 170 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, |
| 171 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, | 171 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, |
| 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, | 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, |
| 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, | 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, |
| 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, |
| 175 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, | 175 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, |
| 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, | 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, |
| 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, | 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, |
| 178 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | 178 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, |
| 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, |
| 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, | 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, |
| 181 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, | 181 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, |
| 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, |
| 183 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | 183 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, | 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, |
| 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, |
| 186 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, | 186 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, |
| 187 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | 187 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, |
| 188 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | 188 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, | 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, |
| 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, |
| 191 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, | 191 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, |
| 192 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | 192 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, |
| 193 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | 193 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, |
| 194 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | 194 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, |
| 195 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, | 195 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, |
| 196 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | 196 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, |
| 197 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | 197 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, |
| 198 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | 198 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, |
| 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, |
| 200 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, | 200 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, |
| 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, |
| 202 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | 202 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, |
| 203 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | 203 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, |
| 204 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, | 204 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, |
| 205 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, | 205 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, |
| 206 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, | 206 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, |
| 207 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, | 207 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, |
| 208 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, | 208 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, |
| 209 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, | 209 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, |
| 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, | 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, |
| 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, | 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, |
| 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, | 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, |
| 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, | 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, |
| 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, | 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, |
| 215 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, | 215 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, |
| 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, | 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, |
| 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, | 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, |
| 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, |
| 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, |
| 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, |
| 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, |
| 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, |
| 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, |
| 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, |
| 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, |
| 226 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | 226 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, |
| 227 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | 227 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, |
| 228 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | 228 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, |
| 229 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | 229 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, |
| 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, |
| 231 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, | 231 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, |
| 232 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | 232 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, |
| 233 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | 233 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, |
| 234 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | 234 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, |
| 235 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | 235 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, |
| 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, |
| 238 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, | 238 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, |
| 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, |
| 241 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, | 241 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, |
| 242 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | 242 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, |
| 244 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | 244 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, |
| 245 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | 245 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, |
| 246 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | 246 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, |
| 247 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | 247 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, |
| 248 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, | 248 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, |
| 249 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, | 249 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, |
| 250 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, | 250 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, |
| 251 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, | 251 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, |
| 252 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, | 252 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, |
| 253 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, | 253 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, |
| 254 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, | 254 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, |
| 255 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, | 255 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, |
| 256 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, | 256 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, |
| 257 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, | 257 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, |
| 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, | 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, |
| 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, | 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, |
| 260 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, | 260 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, |
| 261 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, | 261 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, |
| 262 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, | 262 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, |
| 263 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | 263 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, |
| 264 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, | 264 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, |
| 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, |
| 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, |
| 267 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | 267 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, |
| 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, |
| 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, |
| 270 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | 270 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, |
| 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, | 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, |
| 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, | 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, |
| 273 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, | 273 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, |
| 274 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, | 274 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, |
| 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, | 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, |
| 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, | 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, |
| 277 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, | 277 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, |
| 278 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, | 278 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, |
| 279 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, | 279 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, |
| 280 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, | 280 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, |
| 281 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, | 281 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, |
| 282 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, | 282 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, |
| 283 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, | 283 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, |
| 284 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, | 284 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, |
| 285 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, | 285 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, | 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, |
| 287 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, | 287 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, |
| 288 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, | 288 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, |
| 289 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, | 289 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, |
| 290 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, | 290 | {0, NULL} |
| 291 | {0,NULL} | 291 | }; |
| 292 | }; | ||
| 293 | 292 | ||
| 294 | static ERR_STRING_DATA SSL_str_reasons[]= | 293 | static ERR_STRING_DATA SSL_str_reasons[]= { |
| 295 | { | 294 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, |
| 296 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, | 295 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, |
| 297 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, | 296 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, |
| 298 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, | 297 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, |
| 299 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, | 298 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, |
| 300 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, | 299 | {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, |
| 301 | {ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, | 300 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, |
| 302 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, | 301 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, |
| 303 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, | 302 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, |
| 304 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, | 303 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, |
| 305 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, | 304 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, |
| 306 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, | 305 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, |
| 307 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, | 306 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, |
| 308 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, | 307 | {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, |
| 309 | {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, | 308 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, |
| 310 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, | 309 | {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, |
| 311 | {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, | 310 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, |
| 312 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, | 311 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, |
| 313 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, | 312 | {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, |
| 314 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, | 313 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, |
| 315 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, | 314 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, |
| 316 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, | 315 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, |
| 317 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, | 316 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, |
| 318 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, | 317 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, |
| 319 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, | 318 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, |
| 320 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, | 319 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, |
| 321 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, | 320 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, |
| 322 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, | 321 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, |
| 323 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, | 322 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, |
| 324 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, | 323 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, |
| 325 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, | 324 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, |
| 326 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, | 325 | {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, |
| 327 | {ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, | 326 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, |
| 328 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"}, | 327 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, |
| 329 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"}, | 328 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, |
| 330 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"}, | 329 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, |
| 331 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"}, | 330 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, |
| 332 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"}, | 331 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, |
| 333 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"}, | 332 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, |
| 334 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"}, | 333 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, |
| 335 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, | 334 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, |
| 336 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, | 335 | {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, |
| 337 | {ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, | 336 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, |
| 338 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, | 337 | {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, |
| 339 | {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, | 338 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, |
| 340 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, | 339 | {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, |
| 341 | {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, | 340 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, |
| 342 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, | 341 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, |
| 343 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, | 342 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, |
| 344 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, | 343 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, |
| 345 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, | 344 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, |
| 346 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, | 345 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, |
| 347 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, | 346 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, |
| 348 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | 347 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, |
| 349 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | 348 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, |
| 350 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | 349 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, |
| 351 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, | 350 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, |
| 352 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, | 351 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, |
| 353 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, | 352 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, |
| 354 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, | 353 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, |
| 355 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, | 354 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, |
| 356 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, | 355 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, |
| 357 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | 356 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, |
| 358 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | 357 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, |
| 359 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | 358 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, |
| 360 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, | 359 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, |
| 361 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | 360 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, |
| 362 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | 361 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, |
| 363 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, | 362 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, |
| 364 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, | 363 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, |
| 365 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, | 364 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, |
| 366 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, | 365 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, |
| 367 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, | 366 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, |
| 368 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, | 367 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, |
| 369 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, | 368 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, |
| 370 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, | 369 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, |
| 371 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, | 370 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, |
| 372 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, | 371 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, |
| 373 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, | 372 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, |
| 374 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | 373 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, |
| 375 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, | 374 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, |
| 376 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, | 375 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, |
| 377 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, | 376 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, |
| 378 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, | 377 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, |
| 379 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, | 378 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, |
| 380 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, | 379 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, |
| 381 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, | 380 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, |
| 382 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, | 381 | {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, |
| 383 | {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, | 382 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, |
| 384 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, | 383 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, |
| 385 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, | 384 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, |
| 386 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | 385 | {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, |
| 387 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | 386 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, |
| 388 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, | 387 | {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, |
| 389 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | 388 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, |
| 390 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, | 389 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, |
| 391 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | 390 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, |
| 392 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, | 391 | {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, |
| 393 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, | 392 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, |
| 394 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, | 393 | {ERR_REASON(SSL_R_KRB5) , "krb5"}, |
| 395 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, | 394 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, |
| 396 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, | 395 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, |
| 397 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, | 396 | {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, |
| 398 | {ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, | 397 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, |
| 399 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, | 398 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, |
| 400 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, | 399 | {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, |
| 401 | {ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, | 400 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, |
| 402 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, | 401 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, |
| 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, | 402 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, |
| 404 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, | 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, |
| 405 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, | 404 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, |
| 406 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, | 405 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, |
| 407 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, | 406 | {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, |
| 408 | {ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, | 407 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, |
| 409 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, | 408 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, |
| 410 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, | 409 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, |
| 411 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, | 410 | {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, |
| 412 | {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, | 411 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, |
| 413 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, | 412 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, |
| 414 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, | 413 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, |
| 415 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, | 414 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, |
| 416 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, | 415 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, |
| 417 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, | 416 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, |
| 418 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, | 417 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, |
| 419 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, | 418 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, |
| 420 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"}, | 419 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, |
| 421 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, | 420 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, |
| 422 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, | 421 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, |
| 423 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | 422 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, |
| 424 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | 423 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, |
| 425 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | 424 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, |
| 426 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, | 425 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, |
| 427 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, | 426 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, |
| 428 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, | 427 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, |
| 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, | 428 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, |
| 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, | 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, |
| 431 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, | 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, |
| 432 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, | 431 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, |
| 433 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, | 432 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, |
| 434 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, | 433 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, |
| 435 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, | 434 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, |
| 436 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, | 435 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, |
| 437 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, | 436 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, |
| 438 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, | 437 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, |
| 439 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, | 438 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, |
| 440 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, | 439 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, |
| 441 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, | 440 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, |
| 442 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, | 441 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, |
| 443 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, | 442 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, |
| 444 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, | 443 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, |
| 445 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, | 444 | {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, |
| 446 | {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, | 445 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, |
| 447 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, | 446 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, |
| 448 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, | 447 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, |
| 449 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, | 448 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, |
| 450 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"}, | 449 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, |
| 451 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, | 450 | {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, |
| 452 | {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, | 451 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, |
| 453 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, | 452 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, |
| 454 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, | 453 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, |
| 455 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, | 454 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, |
| 456 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, | 455 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"}, |
| 457 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, | 456 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, |
| 458 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, | 457 | {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, |
| 459 | {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, | 458 | {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, |
| 460 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, | 459 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, |
| 461 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, | 460 | {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, |
| 462 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, | 461 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, |
| 463 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, | 462 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, |
| 464 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, | 463 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, |
| 465 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, | 464 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, |
| 466 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, | 465 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, |
| 467 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, | 466 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, |
| 468 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, | 467 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, |
| 469 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, | 468 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, |
| 470 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, | 469 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, |
| 471 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, | 470 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, |
| 472 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, | 471 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, |
| 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, | 472 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, |
| 474 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, | 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, |
| 475 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, | 474 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, |
| 476 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, | 475 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, |
| 477 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, | 476 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, |
| 478 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, | 477 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, |
| 479 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, | 478 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, |
| 480 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, | 479 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, |
| 481 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, | 480 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, |
| 482 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, | 481 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, |
| 483 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, | 482 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, |
| 484 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, | 483 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, |
| 485 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, | 484 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, |
| 486 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, | 485 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, |
| 487 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, | 486 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, |
| 488 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, | 487 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, |
| 489 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, | 488 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, |
| 490 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, | 489 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, |
| 491 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, | 490 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, |
| 492 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, | 491 | {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, |
| 493 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, | 492 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, |
| 494 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"}, | 493 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, |
| 495 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, | 494 | {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, |
| 496 | {ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"}, | 495 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, |
| 497 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"}, | 496 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, |
| 498 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"}, | 497 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, |
| 499 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"}, | 498 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, |
| 500 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, | 499 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, |
| 501 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, | 500 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, |
| 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, | 501 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, |
| 503 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, | 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, |
| 504 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, | 503 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, |
| 505 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, | 504 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, |
| 506 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, | 505 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, |
| 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, | 506 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, |
| 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, | 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, |
| 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, | 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, |
| 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, | 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, |
| 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, | 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, |
| 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, | 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, |
| 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, | 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, |
| 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, | 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, |
| 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, | 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, |
| 516 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, | 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, |
| 517 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, | 516 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, |
| 518 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, | 517 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, |
| 519 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, | 518 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, |
| 520 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, | 519 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, |
| 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, | 520 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, |
| 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, | 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, |
| 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, | 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, |
| 524 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, | 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, |
| 525 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, | 524 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, |
| 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, | 525 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, |
| 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, | 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, |
| 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, | 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, |
| 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, | 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, |
| 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, | 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, |
| 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, | 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, |
| 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, | 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, |
| 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, | 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, |
| 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, | 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, |
| 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, | 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, |
| 536 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, | 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, |
| 537 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, | 536 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, |
| 538 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, | 537 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, |
| 539 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, | 538 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, |
| 540 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, | 539 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, |
| 541 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, | 540 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, |
| 542 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, | 541 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, |
| 543 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, | 542 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbearts"}, |
| 544 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"}, | 543 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, |
| 545 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"}, | 544 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, |
| 546 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"}, | 545 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, |
| 547 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, | 546 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, |
| 548 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, | 547 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, |
| 549 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, | 548 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"}, |
| 550 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, | 549 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, |
| 551 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, | 550 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, |
| 552 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, | 551 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, |
| 553 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, | 552 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, |
| 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, | 553 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, |
| 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, | 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, |
| 556 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, | 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, |
| 557 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, | 556 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, |
| 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, | 557 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, |
| 559 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, | 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, |
| 560 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, | 559 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, |
| 561 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, | 560 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, |
| 562 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, | 561 | {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, |
| 563 | {ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, | 562 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, |
| 564 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, | 563 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, |
| 565 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, | 564 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, |
| 566 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, | 565 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, |
| 567 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, | 566 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, |
| 568 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"}, | 567 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, |
| 569 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, | 568 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, |
| 570 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, | 569 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, |
| 571 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, | 570 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, |
| 572 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, | 571 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, |
| 573 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, | 572 | {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, |
| 574 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, | 573 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, |
| 575 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, | 574 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, |
| 576 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 575 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, |
| 577 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, | 576 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, |
| 578 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, | 577 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, |
| 579 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, | 578 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, |
| 580 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, | 579 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, |
| 581 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, | 580 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, |
| 582 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, | 581 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, |
| 583 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, | 582 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, |
| 584 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, | 583 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, |
| 585 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, | 584 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, |
| 586 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, | 585 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, |
| 587 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, | 586 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, |
| 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, | 587 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, |
| 589 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, | 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, |
| 590 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"}, | 589 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, |
| 591 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, | 590 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, |
| 592 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, | 591 | {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, |
| 593 | {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, | 592 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, |
| 594 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, | 593 | {0, NULL} |
| 595 | {0,NULL} | 594 | }; |
| 596 | }; | ||
| 597 | 595 | ||
| 598 | #endif | 596 | #endif |
| 599 | 597 | ||
| 600 | void ERR_load_SSL_strings(void) | 598 | void |
| 601 | { | 599 | ERR_load_SSL_strings(void) |
| 600 | { | ||
| 602 | #ifndef OPENSSL_NO_ERR | 601 | #ifndef OPENSSL_NO_ERR |
| 603 | 602 | ||
| 604 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) | 603 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { |
| 605 | { | 604 | ERR_load_strings(0, SSL_str_functs); |
| 606 | ERR_load_strings(0,SSL_str_functs); | 605 | ERR_load_strings(0, SSL_str_reasons); |
| 607 | ERR_load_strings(0,SSL_str_reasons); | ||
| 608 | } | ||
| 609 | #endif | ||
| 610 | } | 606 | } |
| 607 | #endif | ||
| 608 | } | ||
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c index ea95a5f983..cd781d38aa 100644 --- a/src/lib/libssl/ssl_err2.c +++ b/src/lib/libssl/ssl_err2.c | |||
| @@ -60,11 +60,12 @@ | |||
| 60 | #include <openssl/err.h> | 60 | #include <openssl/err.h> |
| 61 | #include <openssl/ssl.h> | 61 | #include <openssl/ssl.h> |
| 62 | 62 | ||
| 63 | void SSL_load_error_strings(void) | 63 | void |
| 64 | { | 64 | SSL_load_error_strings(void) |
| 65 | { | ||
| 65 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | ERR_load_crypto_strings(); | 67 | ERR_load_crypto_strings(); |
| 67 | ERR_load_SSL_strings(); | 68 | ERR_load_SSL_strings(); |
| 68 | #endif | 69 | #endif |
| 69 | } | 70 | } |
| 70 | 71 | ||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index d9a728493e..98764b82aa 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -160,11 +160,11 @@ | |||
| 160 | #include <openssl/engine.h> | 160 | #include <openssl/engine.h> |
| 161 | #endif | 161 | #endif |
| 162 | 162 | ||
| 163 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 163 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 164 | 164 | ||
| 165 | SSL3_ENC_METHOD ssl3_undef_enc_method={ | 165 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| 166 | /* evil casts, but these functions are only called if there's a library bug */ | 166 | /* evil casts, but these functions are only called if there's a library bug */ |
| 167 | (int (*)(SSL *,int))ssl_undefined_function, | 167 | (int (*)(SSL *, int))ssl_undefined_function, |
| 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, | 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, |
| 169 | ssl_undefined_function, | 169 | ssl_undefined_function, |
| 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, |
| @@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ | |||
| 178 | 0, /* server_finished_label_len */ | 178 | 0, /* server_finished_label_len */ |
| 179 | (int (*)(int))ssl_undefined_function, | 179 | (int (*)(int))ssl_undefined_function, |
| 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, | 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, |
| 181 | size_t, const unsigned char *, size_t, | 181 | size_t, const unsigned char *, size_t, |
| 182 | int use_context)) ssl_undefined_function, | 182 | int use_context)) ssl_undefined_function, |
| 183 | }; | 183 | }; |
| 184 | 184 | ||
| 185 | int SSL_clear(SSL *s) | 185 | int |
| 186 | { | 186 | SSL_clear(SSL *s) |
| 187 | { | ||
| 187 | 188 | ||
| 188 | if (s->method == NULL) | 189 | if (s->method == NULL) { |
| 189 | { | 190 | SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); |
| 190 | SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); | 191 | return (0); |
| 191 | return(0); | 192 | } |
| 192 | } | ||
| 193 | 193 | ||
| 194 | if (ssl_clear_bad_session(s)) | 194 | if (ssl_clear_bad_session(s)) { |
| 195 | { | ||
| 196 | SSL_SESSION_free(s->session); | 195 | SSL_SESSION_free(s->session); |
| 197 | s->session=NULL; | 196 | s->session = NULL; |
| 198 | } | 197 | } |
| 199 | 198 | ||
| 200 | s->error=0; | 199 | s->error = 0; |
| 201 | s->hit=0; | 200 | s->hit = 0; |
| 202 | s->shutdown=0; | 201 | s->shutdown = 0; |
| 203 | 202 | ||
| 204 | #if 0 /* Disabled since version 1.10 of this file (early return not | 203 | #if 0 /* Disabled since version 1.10 of this file (early return not |
| 205 | * needed because SSL_clear is not called when doing renegotiation) */ | 204 | * needed because SSL_clear is not called when doing renegotiation) */ |
| 206 | /* This is set if we are doing dynamic renegotiation so keep | 205 | /* This is set if we are doing dynamic renegotiation so keep |
| 207 | * the old cipher. It is sort of a SSL_clear_lite :-) */ | 206 | * the old cipher. It is sort of a SSL_clear_lite :-) */ |
| 208 | if (s->renegotiate) return(1); | ||
| 209 | #else | ||
| 210 | if (s->renegotiate) | 207 | if (s->renegotiate) |
| 211 | { | 208 | return (1); |
| 212 | SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); | 209 | #else |
| 210 | if (s->renegotiate) { | ||
| 211 | SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); | ||
| 213 | return 0; | 212 | return 0; |
| 214 | } | 213 | } |
| 215 | #endif | 214 | #endif |
| 216 | 215 | ||
| 217 | s->type=0; | 216 | s->type = 0; |
| 218 | 217 | ||
| 219 | s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); | 218 | s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); |
| 220 | 219 | ||
| 221 | s->version=s->method->version; | 220 | s->version = s->method->version; |
| 222 | s->client_version=s->version; | 221 | s->client_version = s->version; |
| 223 | s->rwstate=SSL_NOTHING; | 222 | s->rwstate = SSL_NOTHING; |
| 224 | s->rstate=SSL_ST_READ_HEADER; | 223 | s->rstate = SSL_ST_READ_HEADER; |
| 225 | #if 0 | 224 | #if 0 |
| 226 | s->read_ahead=s->ctx->read_ahead; | 225 | s->read_ahead = s->ctx->read_ahead; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | if (s->init_buf != NULL) | 228 | if (s->init_buf != NULL) { |
| 230 | { | ||
| 231 | BUF_MEM_free(s->init_buf); | 229 | BUF_MEM_free(s->init_buf); |
| 232 | s->init_buf=NULL; | 230 | s->init_buf = NULL; |
| 233 | } | 231 | } |
| 234 | 232 | ||
| 235 | ssl_clear_cipher_ctx(s); | 233 | ssl_clear_cipher_ctx(s); |
| 236 | ssl_clear_hash_ctx(&s->read_hash); | 234 | ssl_clear_hash_ctx(&s->read_hash); |
| 237 | ssl_clear_hash_ctx(&s->write_hash); | 235 | ssl_clear_hash_ctx(&s->write_hash); |
| 238 | 236 | ||
| 239 | s->first_packet=0; | 237 | s->first_packet = 0; |
| 240 | 238 | ||
| 241 | #if 1 | 239 | #if 1 |
| 242 | /* Check to see if we were changed into a different method, if | 240 | /* Check to see if we were changed into a different method, if |
| 243 | * so, revert back if we are not doing session-id reuse. */ | 241 | * so, revert back if we are not doing session-id reuse. */ |
| 244 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) | 242 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { |
| 245 | { | ||
| 246 | s->method->ssl_free(s); | 243 | s->method->ssl_free(s); |
| 247 | s->method=s->ctx->method; | 244 | s->method = s->ctx->method; |
| 248 | if (!s->method->ssl_new(s)) | 245 | if (!s->method->ssl_new(s)) |
| 249 | return(0); | 246 | return (0); |
| 250 | } | 247 | } else |
| 251 | else | ||
| 252 | #endif | 248 | #endif |
| 253 | s->method->ssl_clear(s); | 249 | s->method->ssl_clear(s); |
| 254 | return(1); | 250 | return (1); |
| 255 | } | 251 | } |
| 256 | 252 | ||
| 257 | /** Used to change an SSL_CTXs default SSL method type */ | 253 | /** Used to change an SSL_CTXs default SSL method type */ |
| 258 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) | 254 | int |
| 259 | { | 255 | SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) |
| 256 | { | ||
| 260 | STACK_OF(SSL_CIPHER) *sk; | 257 | STACK_OF(SSL_CIPHER) *sk; |
| 261 | 258 | ||
| 262 | ctx->method=meth; | 259 | ctx->method = meth; |
| 263 | 260 | ||
| 264 | sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), | 261 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), |
| 265 | &(ctx->cipher_list_by_id), | 262 | &(ctx->cipher_list_by_id), |
| 266 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 263 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 267 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) | 264 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { |
| 268 | { | 265 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| 269 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 266 | return (0); |
| 270 | return(0); | ||
| 271 | } | ||
| 272 | return(1); | ||
| 273 | } | 267 | } |
| 268 | return (1); | ||
| 269 | } | ||
| 274 | 270 | ||
| 275 | SSL *SSL_new(SSL_CTX *ctx) | 271 | SSL |
| 276 | { | 272 | *SSL_new(SSL_CTX *ctx) |
| 273 | { | ||
| 277 | SSL *s; | 274 | SSL *s; |
| 278 | 275 | ||
| 279 | if (ctx == NULL) | 276 | if (ctx == NULL) { |
| 280 | { | 277 | SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); |
| 281 | SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); | 278 | return (NULL); |
| 282 | return(NULL); | 279 | } |
| 283 | } | 280 | if (ctx->method == NULL) { |
| 284 | if (ctx->method == NULL) | 281 | SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); |
| 285 | { | 282 | return (NULL); |
| 286 | SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); | 283 | } |
| 287 | return(NULL); | ||
| 288 | } | ||
| 289 | 284 | ||
| 290 | s=(SSL *)OPENSSL_malloc(sizeof(SSL)); | 285 | s = (SSL *)OPENSSL_malloc(sizeof(SSL)); |
| 291 | if (s == NULL) goto err; | 286 | if (s == NULL) |
| 292 | memset(s,0,sizeof(SSL)); | 287 | goto err; |
| 288 | memset(s, 0, sizeof(SSL)); | ||
| 293 | 289 | ||
| 294 | #ifndef OPENSSL_NO_KRB5 | 290 | #ifndef OPENSSL_NO_KRB5 |
| 295 | s->kssl_ctx = kssl_ctx_new(); | 291 | s->kssl_ctx = kssl_ctx_new(); |
| 296 | #endif /* OPENSSL_NO_KRB5 */ | 292 | #endif /* OPENSSL_NO_KRB5 */ |
| 297 | 293 | ||
| 298 | s->options=ctx->options; | 294 | s->options = ctx->options; |
| 299 | s->mode=ctx->mode; | 295 | s->mode = ctx->mode; |
| 300 | s->max_cert_list=ctx->max_cert_list; | 296 | s->max_cert_list = ctx->max_cert_list; |
| 301 | 297 | ||
| 302 | if (ctx->cert != NULL) | 298 | if (ctx->cert != NULL) { |
| 303 | { | ||
| 304 | /* Earlier library versions used to copy the pointer to | 299 | /* Earlier library versions used to copy the pointer to |
| 305 | * the CERT, not its contents; only when setting new | 300 | * the CERT, not its contents; only when setting new |
| 306 | * parameters for the per-SSL copy, ssl_cert_new would be | 301 | * parameters for the per-SSL copy, ssl_cert_new would be |
| @@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 314 | s->cert = ssl_cert_dup(ctx->cert); | 309 | s->cert = ssl_cert_dup(ctx->cert); |
| 315 | if (s->cert == NULL) | 310 | if (s->cert == NULL) |
| 316 | goto err; | 311 | goto err; |
| 317 | } | 312 | } else |
| 318 | else | ||
| 319 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | 313 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ |
| 320 | 314 | ||
| 321 | s->read_ahead=ctx->read_ahead; | 315 | s->read_ahead = ctx->read_ahead; |
| 322 | s->msg_callback=ctx->msg_callback; | 316 | s->msg_callback = ctx->msg_callback; |
| 323 | s->msg_callback_arg=ctx->msg_callback_arg; | 317 | s->msg_callback_arg = ctx->msg_callback_arg; |
| 324 | s->verify_mode=ctx->verify_mode; | 318 | s->verify_mode = ctx->verify_mode; |
| 325 | #if 0 | 319 | #if 0 |
| 326 | s->verify_depth=ctx->verify_depth; | 320 | s->verify_depth = ctx->verify_depth; |
| 327 | #endif | 321 | #endif |
| 328 | s->sid_ctx_length=ctx->sid_ctx_length; | 322 | s->sid_ctx_length = ctx->sid_ctx_length; |
| 329 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | 323 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); |
| 330 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 324 | memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); |
| 331 | s->verify_callback=ctx->default_verify_callback; | 325 | s->verify_callback = ctx->default_verify_callback; |
| 332 | s->generate_session_id=ctx->generate_session_id; | 326 | s->generate_session_id = ctx->generate_session_id; |
| 333 | 327 | ||
| 334 | s->param = X509_VERIFY_PARAM_new(); | 328 | s->param = X509_VERIFY_PARAM_new(); |
| 335 | if (!s->param) | 329 | if (!s->param) |
| @@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 339 | s->purpose = ctx->purpose; | 333 | s->purpose = ctx->purpose; |
| 340 | s->trust = ctx->trust; | 334 | s->trust = ctx->trust; |
| 341 | #endif | 335 | #endif |
| 342 | s->quiet_shutdown=ctx->quiet_shutdown; | 336 | s->quiet_shutdown = ctx->quiet_shutdown; |
| 343 | s->max_send_fragment = ctx->max_send_fragment; | 337 | s->max_send_fragment = ctx->max_send_fragment; |
| 344 | 338 | ||
| 345 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 339 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 346 | s->ctx=ctx; | 340 | s->ctx = ctx; |
| 347 | #ifndef OPENSSL_NO_TLSEXT | 341 | #ifndef OPENSSL_NO_TLSEXT |
| 348 | s->tlsext_debug_cb = 0; | 342 | s->tlsext_debug_cb = 0; |
| 349 | s->tlsext_debug_arg = NULL; | 343 | s->tlsext_debug_arg = NULL; |
| @@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 354 | s->tlsext_ocsp_exts = NULL; | 348 | s->tlsext_ocsp_exts = NULL; |
| 355 | s->tlsext_ocsp_resp = NULL; | 349 | s->tlsext_ocsp_resp = NULL; |
| 356 | s->tlsext_ocsp_resplen = -1; | 350 | s->tlsext_ocsp_resplen = -1; |
| 357 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 351 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 358 | s->initial_ctx=ctx; | 352 | s->initial_ctx = ctx; |
| 359 | # ifndef OPENSSL_NO_NEXTPROTONEG | 353 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 360 | s->next_proto_negotiated = NULL; | 354 | s->next_proto_negotiated = NULL; |
| 361 | # endif | 355 | # endif |
| 362 | #endif | 356 | #endif |
| 363 | 357 | ||
| 364 | s->verify_result=X509_V_OK; | 358 | s->verify_result = X509_V_OK; |
| 365 | 359 | ||
| 366 | s->method=ctx->method; | 360 | s->method = ctx->method; |
| 367 | 361 | ||
| 368 | if (!s->method->ssl_new(s)) | 362 | if (!s->method->ssl_new(s)) |
| 369 | goto err; | 363 | goto err; |
| 370 | 364 | ||
| 371 | s->references=1; | 365 | s->references = 1; |
| 372 | s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; | 366 | s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; |
| 373 | 367 | ||
| 374 | SSL_clear(s); | 368 | SSL_clear(s); |
| 375 | 369 | ||
| 376 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 370 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 377 | 371 | ||
| 378 | #ifndef OPENSSL_NO_PSK | 372 | #ifndef OPENSSL_NO_PSK |
| 379 | s->psk_client_callback=ctx->psk_client_callback; | 373 | s->psk_client_callback = ctx->psk_client_callback; |
| 380 | s->psk_server_callback=ctx->psk_server_callback; | 374 | s->psk_server_callback = ctx->psk_server_callback; |
| 381 | #endif | 375 | #endif |
| 382 | 376 | ||
| 383 | return(s); | 377 | return (s); |
| 384 | err: | 378 | err: |
| 385 | if (s != NULL) | 379 | if (s != NULL) { |
| 386 | { | ||
| 387 | if (s->cert != NULL) | 380 | if (s->cert != NULL) |
| 388 | ssl_cert_free(s->cert); | 381 | ssl_cert_free(s->cert); |
| 389 | if (s->ctx != NULL) | 382 | if (s->ctx != NULL) |
| 390 | SSL_CTX_free(s->ctx); /* decrement reference count */ | 383 | SSL_CTX_free(s->ctx); /* decrement reference count */ |
| 391 | OPENSSL_free(s); | 384 | OPENSSL_free(s); |
| 392 | } | ||
| 393 | SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | ||
| 394 | return(NULL); | ||
| 395 | } | 385 | } |
| 386 | SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); | ||
| 387 | return (NULL); | ||
| 388 | } | ||
| 396 | 389 | ||
| 397 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | 390 | int |
| 398 | unsigned int sid_ctx_len) | 391 | SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, |
| 399 | { | 392 | unsigned int sid_ctx_len) |
| 400 | if(sid_ctx_len > sizeof ctx->sid_ctx) | 393 | { |
| 401 | { | 394 | if (sid_ctx_len > sizeof ctx->sid_ctx) { |
| 402 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 395 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 403 | return 0; | 396 | return 0; |
| 404 | } | 397 | } |
| 405 | ctx->sid_ctx_length=sid_ctx_len; | 398 | ctx->sid_ctx_length = sid_ctx_len; |
| 406 | memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); | 399 | memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); |
| 407 | 400 | ||
| 408 | return 1; | 401 | return 1; |
| 409 | } | 402 | } |
| 410 | 403 | ||
| 411 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | 404 | int |
| 412 | unsigned int sid_ctx_len) | 405 | SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, |
| 413 | { | 406 | unsigned int sid_ctx_len) |
| 414 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 407 | { |
| 415 | { | 408 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 416 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 409 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 417 | return 0; | 410 | return 0; |
| 418 | } | 411 | } |
| 419 | ssl->sid_ctx_length=sid_ctx_len; | 412 | ssl->sid_ctx_length = sid_ctx_len; |
| 420 | memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); | 413 | memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); |
| 421 | 414 | ||
| 422 | return 1; | 415 | return 1; |
| 423 | } | 416 | } |
| 424 | 417 | ||
| 425 | int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) | 418 | int |
| 426 | { | 419 | SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) |
| 420 | { | ||
| 427 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 421 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 428 | ctx->generate_session_id = cb; | 422 | ctx->generate_session_id = cb; |
| 429 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 423 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 430 | return 1; | 424 | return 1; |
| 431 | } | 425 | } |
| 432 | 426 | ||
| 433 | int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) | 427 | int |
| 434 | { | 428 | SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) |
| 429 | { | ||
| 435 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 430 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 436 | ssl->generate_session_id = cb; | 431 | ssl->generate_session_id = cb; |
| 437 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 432 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 438 | return 1; | 433 | return 1; |
| 439 | } | 434 | } |
| 440 | 435 | ||
| 441 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | 436 | int |
| 442 | unsigned int id_len) | 437 | SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, |
| 443 | { | 438 | unsigned int id_len) |
| 439 | { | ||
| 444 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how | 440 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how |
| 445 | * we can "construct" a session to give us the desired check - ie. to | 441 | * we can "construct" a session to give us the desired check - ie. to |
| 446 | * find if there's a session in the hash table that would conflict with | 442 | * find if there's a session in the hash table that would conflict with |
| @@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 448 | * use by this SSL. */ | 444 | * use by this SSL. */ |
| 449 | SSL_SESSION r, *p; | 445 | SSL_SESSION r, *p; |
| 450 | 446 | ||
| 451 | if(id_len > sizeof r.session_id) | 447 | if (id_len > sizeof r.session_id) |
| 452 | return 0; | 448 | return 0; |
| 453 | 449 | ||
| 454 | r.ssl_version = ssl->version; | 450 | r.ssl_version = ssl->version; |
| @@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 458 | * callback is calling us to check the uniqueness of a shorter ID, it | 454 | * callback is calling us to check the uniqueness of a shorter ID, it |
| 459 | * must be compared as a padded-out ID because that is what it will be | 455 | * must be compared as a padded-out ID because that is what it will be |
| 460 | * converted to when the callback has finished choosing it. */ | 456 | * converted to when the callback has finished choosing it. */ |
| 461 | if((r.ssl_version == SSL2_VERSION) && | 457 | if ((r.ssl_version == SSL2_VERSION) && |
| 462 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) | 458 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { |
| 463 | { | ||
| 464 | memset(r.session_id + id_len, 0, | 459 | memset(r.session_id + id_len, 0, |
| 465 | SSL2_SSL_SESSION_ID_LENGTH - id_len); | 460 | SSL2_SSL_SESSION_ID_LENGTH - id_len); |
| 466 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; | 461 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 467 | } | 462 | } |
| 468 | 463 | ||
| 469 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 464 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 470 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); | 465 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); |
| 471 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 466 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 472 | return (p != NULL); | 467 | return (p != NULL); |
| 473 | } | 468 | } |
| 474 | 469 | ||
| 475 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | 470 | int |
| 476 | { | 471 | SSL_CTX_set_purpose(SSL_CTX *s, int purpose) |
| 472 | { | ||
| 477 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 473 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 478 | } | 474 | } |
| 479 | 475 | ||
| 480 | int SSL_set_purpose(SSL *s, int purpose) | 476 | int |
| 481 | { | 477 | SSL_set_purpose(SSL *s, int purpose) |
| 478 | { | ||
| 482 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 479 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 483 | } | 480 | } |
| 484 | 481 | ||
| 485 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | 482 | int |
| 486 | { | 483 | SSL_CTX_set_trust(SSL_CTX *s, int trust) |
| 484 | { | ||
| 487 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 485 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 488 | } | 486 | } |
| 489 | 487 | ||
| 490 | int SSL_set_trust(SSL *s, int trust) | 488 | int |
| 491 | { | 489 | SSL_set_trust(SSL *s, int trust) |
| 490 | { | ||
| 492 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 491 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 493 | } | 492 | } |
| 494 | 493 | ||
| 495 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) | 494 | int |
| 496 | { | 495 | SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) |
| 496 | { | ||
| 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); | 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); |
| 498 | } | 498 | } |
| 499 | 499 | ||
| 500 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) | 500 | int |
| 501 | { | 501 | SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) |
| 502 | { | ||
| 502 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); | 503 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); |
| 503 | } | 504 | } |
| 504 | 505 | ||
| 505 | void SSL_free(SSL *s) | 506 | void |
| 506 | { | 507 | SSL_free(SSL *s) |
| 508 | { | ||
| 507 | int i; | 509 | int i; |
| 508 | 510 | ||
| 509 | if(s == NULL) | 511 | if (s == NULL) |
| 510 | return; | 512 | return; |
| 511 | 513 | ||
| 512 | i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); | 514 | i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); |
| 513 | #ifdef REF_PRINT | 515 | #ifdef REF_PRINT |
| 514 | REF_PRINT("SSL",s); | 516 | REF_PRINT("SSL", s); |
| 515 | #endif | 517 | #endif |
| 516 | if (i > 0) return; | 518 | if (i > 0) |
| 519 | return; | ||
| 517 | #ifdef REF_CHECK | 520 | #ifdef REF_CHECK |
| 518 | if (i < 0) | 521 | if (i < 0) { |
| 519 | { | 522 | fprintf(stderr, "SSL_free, bad reference count\n"); |
| 520 | fprintf(stderr,"SSL_free, bad reference count\n"); | ||
| 521 | abort(); /* ok */ | 523 | abort(); /* ok */ |
| 522 | } | 524 | } |
| 523 | #endif | 525 | #endif |
| 524 | 526 | ||
| 525 | if (s->param) | 527 | if (s->param) |
| @@ -527,53 +529,58 @@ void SSL_free(SSL *s) | |||
| 527 | 529 | ||
| 528 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 530 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 529 | 531 | ||
| 530 | if (s->bbio != NULL) | 532 | if (s->bbio != NULL) { |
| 531 | { | ||
| 532 | /* If the buffering BIO is in place, pop it off */ | 533 | /* If the buffering BIO is in place, pop it off */ |
| 533 | if (s->bbio == s->wbio) | 534 | if (s->bbio == s->wbio) { |
| 534 | { | 535 | s->wbio = BIO_pop(s->wbio); |
| 535 | s->wbio=BIO_pop(s->wbio); | ||
| 536 | } | ||
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio=NULL; | ||
| 539 | } | 536 | } |
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio = NULL; | ||
| 539 | } | ||
| 540 | if (s->rbio != NULL) | 540 | if (s->rbio != NULL) |
| 541 | BIO_free_all(s->rbio); | 541 | BIO_free_all(s->rbio); |
| 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) | 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) |
| 543 | BIO_free_all(s->wbio); | 543 | BIO_free_all(s->wbio); |
| 544 | 544 | ||
| 545 | if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); | 545 | if (s->init_buf != NULL) |
| 546 | BUF_MEM_free(s->init_buf); | ||
| 546 | 547 | ||
| 547 | /* add extra stuff */ | 548 | /* add extra stuff */ |
| 548 | if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); | 549 | if (s->cipher_list != NULL) |
| 549 | if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); | 550 | sk_SSL_CIPHER_free(s->cipher_list); |
| 551 | if (s->cipher_list_by_id != NULL) | ||
| 552 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
| 550 | 553 | ||
| 551 | /* Make the next call work :-) */ | 554 | /* Make the next call work :-) */ |
| 552 | if (s->session != NULL) | 555 | if (s->session != NULL) { |
| 553 | { | ||
| 554 | ssl_clear_bad_session(s); | 556 | ssl_clear_bad_session(s); |
| 555 | SSL_SESSION_free(s->session); | 557 | SSL_SESSION_free(s->session); |
| 556 | } | 558 | } |
| 557 | 559 | ||
| 558 | ssl_clear_cipher_ctx(s); | 560 | ssl_clear_cipher_ctx(s); |
| 559 | ssl_clear_hash_ctx(&s->read_hash); | 561 | ssl_clear_hash_ctx(&s->read_hash); |
| 560 | ssl_clear_hash_ctx(&s->write_hash); | 562 | ssl_clear_hash_ctx(&s->write_hash); |
| 561 | 563 | ||
| 562 | if (s->cert != NULL) ssl_cert_free(s->cert); | 564 | if (s->cert != NULL) |
| 565 | ssl_cert_free(s->cert); | ||
| 563 | /* Free up if allocated */ | 566 | /* Free up if allocated */ |
| 564 | 567 | ||
| 565 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 566 | if (s->tlsext_hostname) | 569 | if (s->tlsext_hostname) |
| 567 | OPENSSL_free(s->tlsext_hostname); | 570 | OPENSSL_free(s->tlsext_hostname); |
| 568 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | 571 | if (s->initial_ctx) |
| 572 | SSL_CTX_free(s->initial_ctx); | ||
| 569 | #ifndef OPENSSL_NO_EC | 573 | #ifndef OPENSSL_NO_EC |
| 570 | if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); | 574 | if (s->tlsext_ecpointformatlist) |
| 571 | if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); | 575 | OPENSSL_free(s->tlsext_ecpointformatlist); |
| 576 | if (s->tlsext_ellipticcurvelist) | ||
| 577 | OPENSSL_free(s->tlsext_ellipticcurvelist); | ||
| 572 | #endif /* OPENSSL_NO_EC */ | 578 | #endif /* OPENSSL_NO_EC */ |
| 573 | if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); | 579 | if (s->tlsext_opaque_prf_input) |
| 580 | OPENSSL_free(s->tlsext_opaque_prf_input); | ||
| 574 | if (s->tlsext_ocsp_exts) | 581 | if (s->tlsext_ocsp_exts) |
| 575 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 582 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, |
| 576 | X509_EXTENSION_free); | 583 | X509_EXTENSION_free); |
| 577 | if (s->tlsext_ocsp_ids) | 584 | if (s->tlsext_ocsp_ids) |
| 578 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | 585 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); |
| 579 | if (s->tlsext_ocsp_resp) | 586 | if (s->tlsext_ocsp_resp) |
| @@ -581,11 +588,13 @@ void SSL_free(SSL *s) | |||
| 581 | #endif | 588 | #endif |
| 582 | 589 | ||
| 583 | if (s->client_CA != NULL) | 590 | if (s->client_CA != NULL) |
| 584 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | 591 | sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); |
| 585 | 592 | ||
| 586 | if (s->method != NULL) s->method->ssl_free(s); | 593 | if (s->method != NULL) |
| 594 | s->method->ssl_free(s); | ||
| 587 | 595 | ||
| 588 | if (s->ctx) SSL_CTX_free(s->ctx); | 596 | if (s->ctx) |
| 597 | SSL_CTX_free(s->ctx); | ||
| 589 | 598 | ||
| 590 | #ifndef OPENSSL_NO_KRB5 | 599 | #ifndef OPENSSL_NO_KRB5 |
| 591 | if (s->kssl_ctx != NULL) | 600 | if (s->kssl_ctx != NULL) |
| @@ -598,223 +607,237 @@ void SSL_free(SSL *s) | |||
| 598 | #endif | 607 | #endif |
| 599 | 608 | ||
| 600 | #ifndef OPENSSL_NO_SRTP | 609 | #ifndef OPENSSL_NO_SRTP |
| 601 | if (s->srtp_profiles) | 610 | if (s->srtp_profiles) |
| 602 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); | 611 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); |
| 603 | #endif | 612 | #endif |
| 604 | 613 | ||
| 605 | OPENSSL_free(s); | 614 | OPENSSL_free(s); |
| 606 | } | 615 | } |
| 607 | 616 | ||
| 608 | void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) | 617 | void |
| 609 | { | 618 | SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) |
| 619 | { | ||
| 610 | /* If the output buffering BIO is still in place, remove it | 620 | /* If the output buffering BIO is still in place, remove it |
| 611 | */ | 621 | */ |
| 612 | if (s->bbio != NULL) | 622 | if (s->bbio != NULL) { |
| 613 | { | 623 | if (s->wbio == s->bbio) { |
| 614 | if (s->wbio == s->bbio) | 624 | s->wbio = s->wbio->next_bio; |
| 615 | { | 625 | s->bbio->next_bio = NULL; |
| 616 | s->wbio=s->wbio->next_bio; | ||
| 617 | s->bbio->next_bio=NULL; | ||
| 618 | } | ||
| 619 | } | 626 | } |
| 627 | } | ||
| 620 | if ((s->rbio != NULL) && (s->rbio != rbio)) | 628 | if ((s->rbio != NULL) && (s->rbio != rbio)) |
| 621 | BIO_free_all(s->rbio); | 629 | BIO_free_all(s->rbio); |
| 622 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) | 630 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) |
| 623 | BIO_free_all(s->wbio); | 631 | BIO_free_all(s->wbio); |
| 624 | s->rbio=rbio; | 632 | s->rbio = rbio; |
| 625 | s->wbio=wbio; | 633 | s->wbio = wbio; |
| 626 | } | 634 | } |
| 627 | 635 | ||
| 628 | BIO *SSL_get_rbio(const SSL *s) | 636 | BIO |
| 629 | { return(s->rbio); } | 637 | *SSL_get_rbio(const SSL *s) |
| 638 | { return (s->rbio); | ||
| 639 | } | ||
| 630 | 640 | ||
| 631 | BIO *SSL_get_wbio(const SSL *s) | 641 | BIO |
| 632 | { return(s->wbio); } | 642 | *SSL_get_wbio(const SSL *s) |
| 643 | { return (s->wbio); | ||
| 644 | } | ||
| 633 | 645 | ||
| 634 | int SSL_get_fd(const SSL *s) | 646 | int |
| 635 | { | 647 | SSL_get_fd(const SSL *s) |
| 636 | return(SSL_get_rfd(s)); | 648 | { |
| 637 | } | 649 | return (SSL_get_rfd(s)); |
| 650 | } | ||
| 638 | 651 | ||
| 639 | int SSL_get_rfd(const SSL *s) | 652 | int |
| 640 | { | 653 | SSL_get_rfd(const SSL *s) |
| 641 | int ret= -1; | 654 | { |
| 642 | BIO *b,*r; | 655 | int ret = -1; |
| 656 | BIO *b, *r; | ||
| 643 | 657 | ||
| 644 | b=SSL_get_rbio(s); | 658 | b = SSL_get_rbio(s); |
| 645 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 659 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 646 | if (r != NULL) | 660 | if (r != NULL) |
| 647 | BIO_get_fd(r,&ret); | 661 | BIO_get_fd(r, &ret); |
| 648 | return(ret); | 662 | return (ret); |
| 649 | } | 663 | } |
| 650 | 664 | ||
| 651 | int SSL_get_wfd(const SSL *s) | 665 | int |
| 652 | { | 666 | SSL_get_wfd(const SSL *s) |
| 653 | int ret= -1; | 667 | { |
| 654 | BIO *b,*r; | 668 | int ret = -1; |
| 669 | BIO *b, *r; | ||
| 655 | 670 | ||
| 656 | b=SSL_get_wbio(s); | 671 | b = SSL_get_wbio(s); |
| 657 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 672 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 658 | if (r != NULL) | 673 | if (r != NULL) |
| 659 | BIO_get_fd(r,&ret); | 674 | BIO_get_fd(r, &ret); |
| 660 | return(ret); | 675 | return (ret); |
| 661 | } | 676 | } |
| 662 | 677 | ||
| 663 | #ifndef OPENSSL_NO_SOCK | 678 | #ifndef OPENSSL_NO_SOCK |
| 664 | int SSL_set_fd(SSL *s,int fd) | 679 | int |
| 665 | { | 680 | SSL_set_fd(SSL *s, int fd) |
| 666 | int ret=0; | 681 | { |
| 667 | BIO *bio=NULL; | 682 | int ret = 0; |
| 683 | BIO *bio = NULL; | ||
| 668 | 684 | ||
| 669 | bio=BIO_new(BIO_s_socket()); | 685 | bio = BIO_new(BIO_s_socket()); |
| 670 | 686 | ||
| 671 | if (bio == NULL) | 687 | if (bio == NULL) { |
| 672 | { | 688 | SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); |
| 673 | SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); | ||
| 674 | goto err; | 689 | goto err; |
| 675 | } | ||
| 676 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 677 | SSL_set_bio(s,bio,bio); | ||
| 678 | ret=1; | ||
| 679 | err: | ||
| 680 | return(ret); | ||
| 681 | } | 690 | } |
| 691 | BIO_set_fd(bio, fd, BIO_NOCLOSE); | ||
| 692 | SSL_set_bio(s, bio, bio); | ||
| 693 | ret = 1; | ||
| 694 | err: | ||
| 695 | return (ret); | ||
| 696 | } | ||
| 682 | 697 | ||
| 683 | int SSL_set_wfd(SSL *s,int fd) | 698 | int |
| 684 | { | 699 | SSL_set_wfd(SSL *s, int fd) |
| 685 | int ret=0; | 700 | { |
| 686 | BIO *bio=NULL; | 701 | int ret = 0; |
| 702 | BIO *bio = NULL; | ||
| 687 | 703 | ||
| 688 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) | 704 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) |
| 689 | || ((int)BIO_get_fd(s->rbio,NULL) != fd)) | 705 | || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { |
| 690 | { | 706 | bio = BIO_new(BIO_s_socket()); |
| 691 | bio=BIO_new(BIO_s_socket()); | ||
| 692 | 707 | ||
| 693 | if (bio == NULL) | 708 | if (bio == NULL) |
| 694 | { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } | 709 | { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); |
| 695 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | 710 | goto err; |
| 696 | SSL_set_bio(s,SSL_get_rbio(s),bio); | ||
| 697 | } | 711 | } |
| 698 | else | 712 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 699 | SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); | 713 | SSL_set_bio(s, SSL_get_rbio(s), bio); |
| 700 | ret=1; | 714 | } else |
| 715 | SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); | ||
| 716 | ret = 1; | ||
| 701 | err: | 717 | err: |
| 702 | return(ret); | 718 | return (ret); |
| 703 | } | 719 | } |
| 704 | 720 | ||
| 705 | int SSL_set_rfd(SSL *s,int fd) | 721 | int |
| 706 | { | 722 | SSL_set_rfd(SSL *s, int fd) |
| 707 | int ret=0; | 723 | { |
| 708 | BIO *bio=NULL; | 724 | int ret = 0; |
| 725 | BIO *bio = NULL; | ||
| 709 | 726 | ||
| 710 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) | 727 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) |
| 711 | || ((int)BIO_get_fd(s->wbio,NULL) != fd)) | 728 | || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { |
| 712 | { | 729 | bio = BIO_new(BIO_s_socket()); |
| 713 | bio=BIO_new(BIO_s_socket()); | ||
| 714 | 730 | ||
| 715 | if (bio == NULL) | 731 | if (bio == NULL) { |
| 716 | { | 732 | SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); |
| 717 | SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); | ||
| 718 | goto err; | 733 | goto err; |
| 719 | } | ||
| 720 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 721 | SSL_set_bio(s,bio,SSL_get_wbio(s)); | ||
| 722 | } | 734 | } |
| 723 | else | 735 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 724 | SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); | 736 | SSL_set_bio(s, bio, SSL_get_wbio(s)); |
| 725 | ret=1; | 737 | } else |
| 738 | SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); | ||
| 739 | ret = 1; | ||
| 726 | err: | 740 | err: |
| 727 | return(ret); | 741 | return (ret); |
| 728 | } | 742 | } |
| 729 | #endif | 743 | #endif |
| 730 | 744 | ||
| 731 | 745 | ||
| 732 | /* return length of latest Finished message we sent, copy to 'buf' */ | 746 | /* return length of latest Finished message we sent, copy to 'buf' */ |
| 733 | size_t SSL_get_finished(const SSL *s, void *buf, size_t count) | 747 | size_t |
| 734 | { | 748 | SSL_get_finished(const SSL *s, void *buf, size_t count) |
| 749 | { | ||
| 735 | size_t ret = 0; | 750 | size_t ret = 0; |
| 736 | 751 | ||
| 737 | if (s->s3 != NULL) | 752 | if (s->s3 != NULL) { |
| 738 | { | ||
| 739 | ret = s->s3->tmp.finish_md_len; | 753 | ret = s->s3->tmp.finish_md_len; |
| 740 | if (count > ret) | 754 | if (count > ret) |
| 741 | count = ret; | 755 | count = ret; |
| 742 | memcpy(buf, s->s3->tmp.finish_md, count); | 756 | memcpy(buf, s->s3->tmp.finish_md, count); |
| 743 | } | ||
| 744 | return ret; | ||
| 745 | } | 757 | } |
| 758 | return ret; | ||
| 759 | } | ||
| 746 | 760 | ||
| 747 | /* return length of latest Finished message we expected, copy to 'buf' */ | 761 | /* return length of latest Finished message we expected, copy to 'buf' */ |
| 748 | size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | 762 | size_t |
| 749 | { | 763 | SSL_get_peer_finished(const SSL *s, void *buf, size_t count) |
| 764 | { | ||
| 750 | size_t ret = 0; | 765 | size_t ret = 0; |
| 751 | 766 | ||
| 752 | if (s->s3 != NULL) | 767 | if (s->s3 != NULL) { |
| 753 | { | ||
| 754 | ret = s->s3->tmp.peer_finish_md_len; | 768 | ret = s->s3->tmp.peer_finish_md_len; |
| 755 | if (count > ret) | 769 | if (count > ret) |
| 756 | count = ret; | 770 | count = ret; |
| 757 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | 771 | memcpy(buf, s->s3->tmp.peer_finish_md, count); |
| 758 | } | ||
| 759 | return ret; | ||
| 760 | } | 772 | } |
| 773 | return ret; | ||
| 774 | } | ||
| 761 | 775 | ||
| 762 | 776 | ||
| 763 | int SSL_get_verify_mode(const SSL *s) | 777 | int |
| 764 | { | 778 | SSL_get_verify_mode(const SSL *s) |
| 765 | return(s->verify_mode); | 779 | { |
| 766 | } | 780 | return (s->verify_mode); |
| 781 | } | ||
| 767 | 782 | ||
| 768 | int SSL_get_verify_depth(const SSL *s) | 783 | int |
| 769 | { | 784 | SSL_get_verify_depth(const SSL *s) |
| 785 | { | ||
| 770 | return X509_VERIFY_PARAM_get_depth(s->param); | 786 | return X509_VERIFY_PARAM_get_depth(s->param); |
| 771 | } | 787 | } |
| 772 | 788 | ||
| 773 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) | 789 | int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) |
| 774 | { | 790 | { |
| 775 | return(s->verify_callback); | 791 | return (s->verify_callback); |
| 776 | } | 792 | } |
| 777 | 793 | ||
| 778 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | 794 | int |
| 779 | { | 795 | SSL_CTX_get_verify_mode(const SSL_CTX *ctx) |
| 780 | return(ctx->verify_mode); | 796 | { |
| 781 | } | 797 | return (ctx->verify_mode); |
| 798 | } | ||
| 782 | 799 | ||
| 783 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | 800 | int |
| 784 | { | 801 | SSL_CTX_get_verify_depth(const SSL_CTX *ctx) |
| 802 | { | ||
| 785 | return X509_VERIFY_PARAM_get_depth(ctx->param); | 803 | return X509_VERIFY_PARAM_get_depth(ctx->param); |
| 786 | } | 804 | } |
| 787 | 805 | ||
| 788 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) | 806 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) |
| 789 | { | 807 | { |
| 790 | return(ctx->default_verify_callback); | 808 | return (ctx->default_verify_callback); |
| 791 | } | 809 | } |
| 792 | 810 | ||
| 793 | void SSL_set_verify(SSL *s,int mode, | 811 | void |
| 794 | int (*callback)(int ok,X509_STORE_CTX *ctx)) | 812 | SSL_set_verify(SSL *s, int mode, |
| 795 | { | 813 | int (*callback)(int ok, X509_STORE_CTX *ctx)) |
| 796 | s->verify_mode=mode; | 814 | { |
| 815 | s->verify_mode = mode; | ||
| 797 | if (callback != NULL) | 816 | if (callback != NULL) |
| 798 | s->verify_callback=callback; | 817 | s->verify_callback = callback; |
| 799 | } | 818 | } |
| 800 | 819 | ||
| 801 | void SSL_set_verify_depth(SSL *s,int depth) | 820 | void |
| 802 | { | 821 | SSL_set_verify_depth(SSL *s, int depth) |
| 822 | { | ||
| 803 | X509_VERIFY_PARAM_set_depth(s->param, depth); | 823 | X509_VERIFY_PARAM_set_depth(s->param, depth); |
| 804 | } | 824 | } |
| 805 | 825 | ||
| 806 | void SSL_set_read_ahead(SSL *s,int yes) | 826 | void |
| 807 | { | 827 | SSL_set_read_ahead(SSL *s, int yes) |
| 808 | s->read_ahead=yes; | 828 | { |
| 809 | } | 829 | s->read_ahead = yes; |
| 830 | } | ||
| 810 | 831 | ||
| 811 | int SSL_get_read_ahead(const SSL *s) | 832 | int |
| 812 | { | 833 | SSL_get_read_ahead(const SSL *s) |
| 813 | return(s->read_ahead); | 834 | { |
| 814 | } | 835 | return (s->read_ahead); |
| 836 | } | ||
| 815 | 837 | ||
| 816 | int SSL_pending(const SSL *s) | 838 | int |
| 817 | { | 839 | SSL_pending(const SSL *s) |
| 840 | { | ||
| 818 | /* SSL_pending cannot work properly if read-ahead is enabled | 841 | /* SSL_pending cannot work properly if read-ahead is enabled |
| 819 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), | 842 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), |
| 820 | * and it is impossible to fix since SSL_pending cannot report | 843 | * and it is impossible to fix since SSL_pending cannot report |
| @@ -822,264 +845,266 @@ int SSL_pending(const SSL *s) | |||
| 822 | * (Note that SSL_pending() is often used as a boolean value, | 845 | * (Note that SSL_pending() is often used as a boolean value, |
| 823 | * so we'd better not return -1.) | 846 | * so we'd better not return -1.) |
| 824 | */ | 847 | */ |
| 825 | return(s->method->ssl_pending(s)); | 848 | return (s->method->ssl_pending(s)); |
| 826 | } | 849 | } |
| 827 | 850 | ||
| 828 | X509 *SSL_get_peer_certificate(const SSL *s) | 851 | X509 |
| 829 | { | 852 | *SSL_get_peer_certificate(const SSL *s) |
| 853 | { | ||
| 830 | X509 *r; | 854 | X509 *r; |
| 831 | 855 | ||
| 832 | if ((s == NULL) || (s->session == NULL)) | 856 | if ((s == NULL) || (s->session == NULL)) |
| 833 | r=NULL; | 857 | r = NULL; |
| 834 | else | 858 | else |
| 835 | r=s->session->peer; | 859 | r = s->session->peer; |
| 836 | 860 | ||
| 837 | if (r == NULL) return(r); | 861 | if (r == NULL) |
| 862 | return (r); | ||
| 838 | 863 | ||
| 839 | CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); | 864 | CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); |
| 840 | 865 | ||
| 841 | return(r); | 866 | return (r); |
| 842 | } | 867 | } |
| 843 | 868 | ||
| 844 | STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) | 869 | STACK_OF(X509) |
| 845 | { | 870 | *SSL_get_peer_cert_chain(const SSL *s) |
| 871 | { | ||
| 846 | STACK_OF(X509) *r; | 872 | STACK_OF(X509) *r; |
| 847 | 873 | ||
| 848 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) | 874 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) |
| 849 | r=NULL; | 875 | r = NULL; |
| 850 | else | 876 | else |
| 851 | r=s->session->sess_cert->cert_chain; | 877 | r = s->session->sess_cert->cert_chain; |
| 852 | 878 | ||
| 853 | /* If we are a client, cert_chain includes the peer's own | 879 | /* If we are a client, cert_chain includes the peer's own |
| 854 | * certificate; if we are a server, it does not. */ | 880 | * certificate; |
| 855 | 881 | if we are a server, it does not. */ | |
| 856 | return(r); | 882 | |
| 857 | } | 883 | return (r); |
| 884 | } | ||
| 858 | 885 | ||
| 859 | /* Now in theory, since the calling process own 't' it should be safe to | 886 | /* Now in theory, since the calling process own 't' it should be safe to |
| 860 | * modify. We need to be able to read f without being hassled */ | 887 | * modify. We need to be able to read f without being hassled */ |
| 861 | void SSL_copy_session_id(SSL *t,const SSL *f) | 888 | void |
| 862 | { | 889 | SSL_copy_session_id(SSL *t, const SSL *f) |
| 890 | { | ||
| 863 | CERT *tmp; | 891 | CERT *tmp; |
| 864 | 892 | ||
| 865 | /* Do we need to to SSL locking? */ | 893 | /* Do we need to to SSL locking? */ |
| 866 | SSL_set_session(t,SSL_get_session(f)); | 894 | SSL_set_session(t, SSL_get_session(f)); |
| 867 | 895 | ||
| 868 | /* what if we are setup as SSLv2 but want to talk SSLv3 or | 896 | /* what if we are setup as SSLv2 but want to talk SSLv3 or |
| 869 | * vice-versa */ | 897 | * vice-versa */ |
| 870 | if (t->method != f->method) | 898 | if (t->method != f->method) { |
| 871 | { | ||
| 872 | t->method->ssl_free(t); /* cleanup current */ | 899 | t->method->ssl_free(t); /* cleanup current */ |
| 873 | t->method=f->method; /* change method */ | 900 | t->method=f->method; /* change method */ |
| 874 | t->method->ssl_new(t); /* setup new */ | 901 | t->method->ssl_new(t); /* setup new */ |
| 875 | } | ||
| 876 | |||
| 877 | tmp=t->cert; | ||
| 878 | if (f->cert != NULL) | ||
| 879 | { | ||
| 880 | CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 881 | t->cert=f->cert; | ||
| 882 | } | ||
| 883 | else | ||
| 884 | t->cert=NULL; | ||
| 885 | if (tmp != NULL) ssl_cert_free(tmp); | ||
| 886 | SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); | ||
| 887 | } | 902 | } |
| 888 | 903 | ||
| 904 | tmp = t->cert; | ||
| 905 | if (f->cert != NULL) { | ||
| 906 | CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); | ||
| 907 | t->cert = f->cert; | ||
| 908 | } else | ||
| 909 | t->cert = NULL; | ||
| 910 | if (tmp != NULL) | ||
| 911 | ssl_cert_free(tmp); | ||
| 912 | SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); | ||
| 913 | } | ||
| 914 | |||
| 889 | /* Fix this so it checks all the valid key/cert options */ | 915 | /* Fix this so it checks all the valid key/cert options */ |
| 890 | int SSL_CTX_check_private_key(const SSL_CTX *ctx) | 916 | int |
| 891 | { | 917 | SSL_CTX_check_private_key(const SSL_CTX *ctx) |
| 892 | if ( (ctx == NULL) || | 918 | { |
| 919 | if ((ctx == NULL) || | ||
| 893 | (ctx->cert == NULL) || | 920 | (ctx->cert == NULL) || |
| 894 | (ctx->cert->key->x509 == NULL)) | 921 | (ctx->cert->key->x509 == NULL)) { |
| 895 | { | 922 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 896 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | 923 | return (0); |
| 897 | return(0); | 924 | } |
| 898 | } | 925 | if (ctx->cert->key->privatekey == NULL) { |
| 899 | if (ctx->cert->key->privatekey == NULL) | 926 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); |
| 900 | { | 927 | return (0); |
| 901 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 902 | return(0); | ||
| 903 | } | ||
| 904 | return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 905 | } | 928 | } |
| 929 | return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 930 | } | ||
| 906 | 931 | ||
| 907 | /* Fix this function so that it takes an optional type parameter */ | 932 | /* Fix this function so that it takes an optional type parameter */ |
| 908 | int SSL_check_private_key(const SSL *ssl) | 933 | int |
| 909 | { | 934 | SSL_check_private_key(const SSL *ssl) |
| 910 | if (ssl == NULL) | 935 | { |
| 911 | { | 936 | if (ssl == NULL) { |
| 912 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); | 937 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); |
| 913 | return(0); | 938 | return (0); |
| 914 | } | 939 | } |
| 915 | if (ssl->cert == NULL) | 940 | if (ssl->cert == NULL) { |
| 916 | { | 941 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 917 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 918 | return 0; | 942 | return 0; |
| 919 | } | ||
| 920 | if (ssl->cert->key->x509 == NULL) | ||
| 921 | { | ||
| 922 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 923 | return(0); | ||
| 924 | } | ||
| 925 | if (ssl->cert->key->privatekey == NULL) | ||
| 926 | { | ||
| 927 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 928 | return(0); | ||
| 929 | } | ||
| 930 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 931 | ssl->cert->key->privatekey)); | ||
| 932 | } | 943 | } |
| 944 | if (ssl->cert->key->x509 == NULL) { | ||
| 945 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 946 | return (0); | ||
| 947 | } | ||
| 948 | if (ssl->cert->key->privatekey == NULL) { | ||
| 949 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 950 | return (0); | ||
| 951 | } | ||
| 952 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 953 | ssl->cert->key->privatekey)); | ||
| 954 | } | ||
| 933 | 955 | ||
| 934 | int SSL_accept(SSL *s) | 956 | int |
| 935 | { | 957 | SSL_accept(SSL *s) |
| 958 | { | ||
| 936 | if (s->handshake_func == 0) | 959 | if (s->handshake_func == 0) |
| 937 | /* Not properly initialized yet */ | 960 | /* Not properly initialized yet */ |
| 938 | SSL_set_accept_state(s); | 961 | SSL_set_accept_state(s); |
| 939 | 962 | ||
| 940 | return(s->method->ssl_accept(s)); | 963 | return (s->method->ssl_accept(s)); |
| 941 | } | 964 | } |
| 942 | 965 | ||
| 943 | int SSL_connect(SSL *s) | 966 | int |
| 944 | { | 967 | SSL_connect(SSL *s) |
| 968 | { | ||
| 945 | if (s->handshake_func == 0) | 969 | if (s->handshake_func == 0) |
| 946 | /* Not properly initialized yet */ | 970 | /* Not properly initialized yet */ |
| 947 | SSL_set_connect_state(s); | 971 | SSL_set_connect_state(s); |
| 948 | 972 | ||
| 949 | return(s->method->ssl_connect(s)); | 973 | return (s->method->ssl_connect(s)); |
| 950 | } | 974 | } |
| 951 | 975 | ||
| 952 | long SSL_get_default_timeout(const SSL *s) | 976 | long |
| 953 | { | 977 | SSL_get_default_timeout(const SSL *s) |
| 954 | return(s->method->get_timeout()); | 978 | { |
| 955 | } | 979 | return (s->method->get_timeout()); |
| 980 | } | ||
| 956 | 981 | ||
| 957 | int SSL_read(SSL *s,void *buf,int num) | 982 | int |
| 958 | { | 983 | SSL_read(SSL *s, void *buf, int num) |
| 959 | if (s->handshake_func == 0) | 984 | { |
| 960 | { | 985 | if (s->handshake_func == 0) { |
| 961 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | 986 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); |
| 962 | return -1; | 987 | return -1; |
| 963 | } | 988 | } |
| 964 | 989 | ||
| 965 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 990 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 966 | { | 991 | s->rwstate = SSL_NOTHING; |
| 967 | s->rwstate=SSL_NOTHING; | 992 | return (0); |
| 968 | return(0); | ||
| 969 | } | ||
| 970 | return(s->method->ssl_read(s,buf,num)); | ||
| 971 | } | 993 | } |
| 994 | return (s->method->ssl_read(s, buf, num)); | ||
| 995 | } | ||
| 972 | 996 | ||
| 973 | int SSL_peek(SSL *s,void *buf,int num) | 997 | int |
| 974 | { | 998 | SSL_peek(SSL *s, void *buf, int num) |
| 975 | if (s->handshake_func == 0) | 999 | { |
| 976 | { | 1000 | if (s->handshake_func == 0) { |
| 977 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); | 1001 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); |
| 978 | return -1; | 1002 | return -1; |
| 979 | } | 1003 | } |
| 980 | 1004 | ||
| 981 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 1005 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 982 | { | 1006 | return (0); |
| 983 | return(0); | ||
| 984 | } | ||
| 985 | return(s->method->ssl_peek(s,buf,num)); | ||
| 986 | } | 1007 | } |
| 1008 | return (s->method->ssl_peek(s, buf, num)); | ||
| 1009 | } | ||
| 987 | 1010 | ||
| 988 | int SSL_write(SSL *s,const void *buf,int num) | 1011 | int |
| 989 | { | 1012 | SSL_write(SSL *s, const void *buf, int num) |
| 990 | if (s->handshake_func == 0) | 1013 | { |
| 991 | { | 1014 | if (s->handshake_func == 0) { |
| 992 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); | 1015 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); |
| 993 | return -1; | 1016 | return -1; |
| 994 | } | 1017 | } |
| 995 | 1018 | ||
| 996 | if (s->shutdown & SSL_SENT_SHUTDOWN) | 1019 | if (s->shutdown & SSL_SENT_SHUTDOWN) { |
| 997 | { | 1020 | s->rwstate = SSL_NOTHING; |
| 998 | s->rwstate=SSL_NOTHING; | 1021 | SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); |
| 999 | SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); | 1022 | return (-1); |
| 1000 | return(-1); | ||
| 1001 | } | ||
| 1002 | return(s->method->ssl_write(s,buf,num)); | ||
| 1003 | } | 1023 | } |
| 1024 | return (s->method->ssl_write(s, buf, num)); | ||
| 1025 | } | ||
| 1004 | 1026 | ||
| 1005 | int SSL_shutdown(SSL *s) | 1027 | int |
| 1006 | { | 1028 | SSL_shutdown(SSL *s) |
| 1029 | { | ||
| 1007 | /* Note that this function behaves differently from what one might | 1030 | /* Note that this function behaves differently from what one might |
| 1008 | * expect. Return values are 0 for no success (yet), | 1031 | * expect. Return values are 0 for no success (yet), |
| 1009 | * 1 for success; but calling it once is usually not enough, | 1032 | * 1 for success; but calling it once is usually not enough, |
| 1010 | * even if blocking I/O is used (see ssl3_shutdown). | 1033 | * even if blocking I/O is used (see ssl3_shutdown). |
| 1011 | */ | 1034 | */ |
| 1012 | 1035 | ||
| 1013 | if (s->handshake_func == 0) | 1036 | if (s->handshake_func == 0) { |
| 1014 | { | ||
| 1015 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); | 1037 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); |
| 1016 | return -1; | 1038 | return -1; |
| 1017 | } | 1039 | } |
| 1018 | 1040 | ||
| 1019 | if ((s != NULL) && !SSL_in_init(s)) | 1041 | if ((s != NULL) && !SSL_in_init(s)) |
| 1020 | return(s->method->ssl_shutdown(s)); | 1042 | return (s->method->ssl_shutdown(s)); |
| 1021 | else | 1043 | else |
| 1022 | return(1); | 1044 | return (1); |
| 1023 | } | 1045 | } |
| 1024 | 1046 | ||
| 1025 | int SSL_renegotiate(SSL *s) | 1047 | int |
| 1026 | { | 1048 | SSL_renegotiate(SSL *s) |
| 1049 | { | ||
| 1027 | if (s->renegotiate == 0) | 1050 | if (s->renegotiate == 0) |
| 1028 | s->renegotiate=1; | 1051 | s->renegotiate = 1; |
| 1029 | 1052 | ||
| 1030 | s->new_session=1; | 1053 | s->new_session = 1; |
| 1031 | 1054 | ||
| 1032 | return(s->method->ssl_renegotiate(s)); | 1055 | return (s->method->ssl_renegotiate(s)); |
| 1033 | } | 1056 | } |
| 1034 | 1057 | ||
| 1035 | int SSL_renegotiate_abbreviated(SSL *s) | 1058 | int |
| 1036 | { | 1059 | SSL_renegotiate_abbreviated(SSL *s) |
| 1060 | { | ||
| 1037 | if (s->renegotiate == 0) | 1061 | if (s->renegotiate == 0) |
| 1038 | s->renegotiate=1; | 1062 | s->renegotiate = 1; |
| 1039 | 1063 | ||
| 1040 | s->new_session=0; | 1064 | s->new_session = 0; |
| 1041 | 1065 | ||
| 1042 | return(s->method->ssl_renegotiate(s)); | 1066 | return (s->method->ssl_renegotiate(s)); |
| 1043 | } | 1067 | } |
| 1044 | 1068 | ||
| 1045 | int SSL_renegotiate_pending(SSL *s) | 1069 | int |
| 1046 | { | 1070 | SSL_renegotiate_pending(SSL *s) |
| 1071 | { | ||
| 1047 | /* becomes true when negotiation is requested; | 1072 | /* becomes true when negotiation is requested; |
| 1048 | * false again once a handshake has finished */ | 1073 | * false again once a handshake has finished */ |
| 1049 | return (s->renegotiate != 0); | 1074 | return (s->renegotiate != 0); |
| 1050 | } | 1075 | } |
| 1051 | 1076 | ||
| 1052 | long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | 1077 | long |
| 1053 | { | 1078 | SSL_ctrl(SSL *s, int cmd, long larg, void *parg) |
| 1079 | { | ||
| 1054 | long l; | 1080 | long l; |
| 1055 | 1081 | ||
| 1056 | switch (cmd) | 1082 | switch (cmd) { |
| 1057 | { | ||
| 1058 | case SSL_CTRL_GET_READ_AHEAD: | 1083 | case SSL_CTRL_GET_READ_AHEAD: |
| 1059 | return(s->read_ahead); | 1084 | return (s->read_ahead); |
| 1060 | case SSL_CTRL_SET_READ_AHEAD: | 1085 | case SSL_CTRL_SET_READ_AHEAD: |
| 1061 | l=s->read_ahead; | 1086 | l = s->read_ahead; |
| 1062 | s->read_ahead=larg; | 1087 | s->read_ahead = larg; |
| 1063 | return(l); | 1088 | return (l); |
| 1064 | 1089 | ||
| 1065 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1090 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1066 | s->msg_callback_arg = parg; | 1091 | s->msg_callback_arg = parg; |
| 1067 | return 1; | 1092 | return 1; |
| 1068 | 1093 | ||
| 1069 | case SSL_CTRL_OPTIONS: | 1094 | case SSL_CTRL_OPTIONS: |
| 1070 | return(s->options|=larg); | 1095 | return (s->options|=larg); |
| 1071 | case SSL_CTRL_CLEAR_OPTIONS: | 1096 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1072 | return(s->options&=~larg); | 1097 | return (s->options&=~larg); |
| 1073 | case SSL_CTRL_MODE: | 1098 | case SSL_CTRL_MODE: |
| 1074 | return(s->mode|=larg); | 1099 | return (s->mode|=larg); |
| 1075 | case SSL_CTRL_CLEAR_MODE: | 1100 | case SSL_CTRL_CLEAR_MODE: |
| 1076 | return(s->mode &=~larg); | 1101 | return (s->mode &=~larg); |
| 1077 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1102 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1078 | return(s->max_cert_list); | 1103 | return (s->max_cert_list); |
| 1079 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1104 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1080 | l=s->max_cert_list; | 1105 | l = s->max_cert_list; |
| 1081 | s->max_cert_list=larg; | 1106 | s->max_cert_list = larg; |
| 1082 | return(l); | 1107 | return (l); |
| 1083 | case SSL_CTRL_SET_MTU: | 1108 | case SSL_CTRL_SET_MTU: |
| 1084 | #ifndef OPENSSL_NO_DTLS1 | 1109 | #ifndef OPENSSL_NO_DTLS1 |
| 1085 | if (larg < (long)dtls1_min_mtu()) | 1110 | if (larg < (long)dtls1_min_mtu()) |
| @@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1087 | #endif | 1112 | #endif |
| 1088 | 1113 | ||
| 1089 | if (SSL_version(s) == DTLS1_VERSION || | 1114 | if (SSL_version(s) == DTLS1_VERSION || |
| 1090 | SSL_version(s) == DTLS1_BAD_VER) | 1115 | SSL_version(s) == DTLS1_BAD_VER) { |
| 1091 | { | ||
| 1092 | s->d1->mtu = larg; | 1116 | s->d1->mtu = larg; |
| 1093 | return larg; | 1117 | return larg; |
| 1094 | } | 1118 | } |
| 1095 | return 0; | 1119 | return 0; |
| 1096 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1120 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1097 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1121 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| @@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1103 | return s->s3->send_connection_binding; | 1127 | return s->s3->send_connection_binding; |
| 1104 | else return 0; | 1128 | else return 0; |
| 1105 | default: | 1129 | default: |
| 1106 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | 1130 | return (s->method->ssl_ctrl(s, cmd, larg, parg)); |
| 1107 | } | ||
| 1108 | } | 1131 | } |
| 1132 | } | ||
| 1109 | 1133 | ||
| 1110 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | 1134 | long |
| 1111 | { | 1135 | SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 1112 | switch(cmd) | 1136 | { |
| 1113 | { | 1137 | switch (cmd) { |
| 1114 | case SSL_CTRL_SET_MSG_CALLBACK: | 1138 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1115 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1139 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1116 | return 1; | 1140 | return 1; |
| 1117 | 1141 | ||
| 1118 | default: | 1142 | default: |
| 1119 | return(s->method->ssl_callback_ctrl(s,cmd,fp)); | 1143 | return (s->method->ssl_callback_ctrl(s, cmd, fp)); |
| 1120 | } | ||
| 1121 | } | 1144 | } |
| 1145 | } | ||
| 1122 | 1146 | ||
| 1123 | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) | 1147 | LHASH_OF(SSL_SESSION) |
| 1124 | { | 1148 | *SSL_CTX_sessions(SSL_CTX *ctx) |
| 1149 | { | ||
| 1125 | return ctx->sessions; | 1150 | return ctx->sessions; |
| 1126 | } | 1151 | } |
| 1127 | 1152 | ||
| 1128 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) | 1153 | long |
| 1129 | { | 1154 | SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
| 1155 | { | ||
| 1130 | long l; | 1156 | long l; |
| 1131 | 1157 | ||
| 1132 | switch (cmd) | 1158 | switch (cmd) { |
| 1133 | { | ||
| 1134 | case SSL_CTRL_GET_READ_AHEAD: | 1159 | case SSL_CTRL_GET_READ_AHEAD: |
| 1135 | return(ctx->read_ahead); | 1160 | return (ctx->read_ahead); |
| 1136 | case SSL_CTRL_SET_READ_AHEAD: | 1161 | case SSL_CTRL_SET_READ_AHEAD: |
| 1137 | l=ctx->read_ahead; | 1162 | l = ctx->read_ahead; |
| 1138 | ctx->read_ahead=larg; | 1163 | ctx->read_ahead = larg; |
| 1139 | return(l); | 1164 | return (l); |
| 1140 | 1165 | ||
| 1141 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1166 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1142 | ctx->msg_callback_arg = parg; | 1167 | ctx->msg_callback_arg = parg; |
| 1143 | return 1; | 1168 | return 1; |
| 1144 | 1169 | ||
| 1145 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1170 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1146 | return(ctx->max_cert_list); | 1171 | return (ctx->max_cert_list); |
| 1147 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1172 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1148 | l=ctx->max_cert_list; | 1173 | l = ctx->max_cert_list; |
| 1149 | ctx->max_cert_list=larg; | 1174 | ctx->max_cert_list = larg; |
| 1150 | return(l); | 1175 | return (l); |
| 1151 | 1176 | ||
| 1152 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | 1177 | case SSL_CTRL_SET_SESS_CACHE_SIZE: |
| 1153 | l=ctx->session_cache_size; | 1178 | l = ctx->session_cache_size; |
| 1154 | ctx->session_cache_size=larg; | 1179 | ctx->session_cache_size = larg; |
| 1155 | return(l); | 1180 | return (l); |
| 1156 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | 1181 | case SSL_CTRL_GET_SESS_CACHE_SIZE: |
| 1157 | return(ctx->session_cache_size); | 1182 | return (ctx->session_cache_size); |
| 1158 | case SSL_CTRL_SET_SESS_CACHE_MODE: | 1183 | case SSL_CTRL_SET_SESS_CACHE_MODE: |
| 1159 | l=ctx->session_cache_mode; | 1184 | l = ctx->session_cache_mode; |
| 1160 | ctx->session_cache_mode=larg; | 1185 | ctx->session_cache_mode = larg; |
| 1161 | return(l); | 1186 | return (l); |
| 1162 | case SSL_CTRL_GET_SESS_CACHE_MODE: | 1187 | case SSL_CTRL_GET_SESS_CACHE_MODE: |
| 1163 | return(ctx->session_cache_mode); | 1188 | return (ctx->session_cache_mode); |
| 1164 | 1189 | ||
| 1165 | case SSL_CTRL_SESS_NUMBER: | 1190 | case SSL_CTRL_SESS_NUMBER: |
| 1166 | return(lh_SSL_SESSION_num_items(ctx->sessions)); | 1191 | return (lh_SSL_SESSION_num_items(ctx->sessions)); |
| 1167 | case SSL_CTRL_SESS_CONNECT: | 1192 | case SSL_CTRL_SESS_CONNECT: |
| 1168 | return(ctx->stats.sess_connect); | 1193 | return (ctx->stats.sess_connect); |
| 1169 | case SSL_CTRL_SESS_CONNECT_GOOD: | 1194 | case SSL_CTRL_SESS_CONNECT_GOOD: |
| 1170 | return(ctx->stats.sess_connect_good); | 1195 | return (ctx->stats.sess_connect_good); |
| 1171 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: | 1196 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: |
| 1172 | return(ctx->stats.sess_connect_renegotiate); | 1197 | return (ctx->stats.sess_connect_renegotiate); |
| 1173 | case SSL_CTRL_SESS_ACCEPT: | 1198 | case SSL_CTRL_SESS_ACCEPT: |
| 1174 | return(ctx->stats.sess_accept); | 1199 | return (ctx->stats.sess_accept); |
| 1175 | case SSL_CTRL_SESS_ACCEPT_GOOD: | 1200 | case SSL_CTRL_SESS_ACCEPT_GOOD: |
| 1176 | return(ctx->stats.sess_accept_good); | 1201 | return (ctx->stats.sess_accept_good); |
| 1177 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: | 1202 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: |
| 1178 | return(ctx->stats.sess_accept_renegotiate); | 1203 | return (ctx->stats.sess_accept_renegotiate); |
| 1179 | case SSL_CTRL_SESS_HIT: | 1204 | case SSL_CTRL_SESS_HIT: |
| 1180 | return(ctx->stats.sess_hit); | 1205 | return (ctx->stats.sess_hit); |
| 1181 | case SSL_CTRL_SESS_CB_HIT: | 1206 | case SSL_CTRL_SESS_CB_HIT: |
| 1182 | return(ctx->stats.sess_cb_hit); | 1207 | return (ctx->stats.sess_cb_hit); |
| 1183 | case SSL_CTRL_SESS_MISSES: | 1208 | case SSL_CTRL_SESS_MISSES: |
| 1184 | return(ctx->stats.sess_miss); | 1209 | return (ctx->stats.sess_miss); |
| 1185 | case SSL_CTRL_SESS_TIMEOUTS: | 1210 | case SSL_CTRL_SESS_TIMEOUTS: |
| 1186 | return(ctx->stats.sess_timeout); | 1211 | return (ctx->stats.sess_timeout); |
| 1187 | case SSL_CTRL_SESS_CACHE_FULL: | 1212 | case SSL_CTRL_SESS_CACHE_FULL: |
| 1188 | return(ctx->stats.sess_cache_full); | 1213 | return (ctx->stats.sess_cache_full); |
| 1189 | case SSL_CTRL_OPTIONS: | 1214 | case SSL_CTRL_OPTIONS: |
| 1190 | return(ctx->options|=larg); | 1215 | return (ctx->options|=larg); |
| 1191 | case SSL_CTRL_CLEAR_OPTIONS: | 1216 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1192 | return(ctx->options&=~larg); | 1217 | return (ctx->options&=~larg); |
| 1193 | case SSL_CTRL_MODE: | 1218 | case SSL_CTRL_MODE: |
| 1194 | return(ctx->mode|=larg); | 1219 | return (ctx->mode|=larg); |
| 1195 | case SSL_CTRL_CLEAR_MODE: | 1220 | case SSL_CTRL_CLEAR_MODE: |
| 1196 | return(ctx->mode&=~larg); | 1221 | return (ctx->mode&=~larg); |
| 1197 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1222 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1198 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1223 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| 1199 | return 0; | 1224 | return 0; |
| 1200 | ctx->max_send_fragment = larg; | 1225 | ctx->max_send_fragment = larg; |
| 1201 | return 1; | 1226 | return 1; |
| 1202 | default: | 1227 | default: |
| 1203 | return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); | 1228 | return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); |
| 1204 | } | ||
| 1205 | } | 1229 | } |
| 1230 | } | ||
| 1206 | 1231 | ||
| 1207 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | 1232 | long |
| 1208 | { | 1233 | SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1209 | switch(cmd) | 1234 | { |
| 1210 | { | 1235 | switch (cmd) { |
| 1211 | case SSL_CTRL_SET_MSG_CALLBACK: | 1236 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1212 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1237 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1213 | return 1; | 1238 | return 1; |
| 1214 | 1239 | ||
| 1215 | default: | 1240 | default: |
| 1216 | return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); | 1241 | return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); |
| 1217 | } | ||
| 1218 | } | 1242 | } |
| 1243 | } | ||
| 1219 | 1244 | ||
| 1220 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | 1245 | int |
| 1221 | { | 1246 | ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) |
| 1247 | { | ||
| 1222 | long l; | 1248 | long l; |
| 1223 | 1249 | ||
| 1224 | l=a->id-b->id; | 1250 | l = a->id - b->id; |
| 1225 | if (l == 0L) | 1251 | if (l == 0L) |
| 1226 | return(0); | 1252 | return (0); |
| 1227 | else | 1253 | else |
| 1228 | return((l > 0)?1:-1); | 1254 | return ((l > 0) ? 1:-1); |
| 1229 | } | 1255 | } |
| 1230 | 1256 | ||
| 1231 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 1257 | int |
| 1232 | const SSL_CIPHER * const *bp) | 1258 | ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 1233 | { | 1259 | const SSL_CIPHER * const *bp) |
| 1260 | { | ||
| 1234 | long l; | 1261 | long l; |
| 1235 | 1262 | ||
| 1236 | l=(*ap)->id-(*bp)->id; | 1263 | l = (*ap)->id - (*bp)->id; |
| 1237 | if (l == 0L) | 1264 | if (l == 0L) |
| 1238 | return(0); | 1265 | return (0); |
| 1239 | else | 1266 | else |
| 1240 | return((l > 0)?1:-1); | 1267 | return ((l > 0) ? 1:-1); |
| 1241 | } | 1268 | } |
| 1242 | 1269 | ||
| 1243 | /** return a STACK of the ciphers available for the SSL and in order of | 1270 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1244 | * preference */ | 1271 | * preference */ |
| 1245 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) | 1272 | STACK_OF(SSL_CIPHER) |
| 1246 | { | 1273 | *SSL_get_ciphers(const SSL *s) |
| 1247 | if (s != NULL) | 1274 | { |
| 1248 | { | 1275 | if (s != NULL) { |
| 1249 | if (s->cipher_list != NULL) | 1276 | if (s->cipher_list != NULL) { |
| 1250 | { | 1277 | return (s->cipher_list); |
| 1251 | return(s->cipher_list); | 1278 | } else if ((s->ctx != NULL) && |
| 1252 | } | 1279 | (s->ctx->cipher_list != NULL)) { |
| 1253 | else if ((s->ctx != NULL) && | 1280 | return (s->ctx->cipher_list); |
| 1254 | (s->ctx->cipher_list != NULL)) | ||
| 1255 | { | ||
| 1256 | return(s->ctx->cipher_list); | ||
| 1257 | } | ||
| 1258 | } | 1281 | } |
| 1259 | return(NULL); | ||
| 1260 | } | 1282 | } |
| 1283 | return (NULL); | ||
| 1284 | } | ||
| 1261 | 1285 | ||
| 1262 | /** return a STACK of the ciphers available for the SSL and in order of | 1286 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1263 | * algorithm id */ | 1287 | * algorithm id */ |
| 1264 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) | 1288 | STACK_OF(SSL_CIPHER) |
| 1265 | { | 1289 | *ssl_get_ciphers_by_id(SSL *s) |
| 1266 | if (s != NULL) | 1290 | { |
| 1267 | { | 1291 | if (s != NULL) { |
| 1268 | if (s->cipher_list_by_id != NULL) | 1292 | if (s->cipher_list_by_id != NULL) { |
| 1269 | { | 1293 | return (s->cipher_list_by_id); |
| 1270 | return(s->cipher_list_by_id); | 1294 | } else if ((s->ctx != NULL) && |
| 1271 | } | 1295 | (s->ctx->cipher_list_by_id != NULL)) { |
| 1272 | else if ((s->ctx != NULL) && | 1296 | return (s->ctx->cipher_list_by_id); |
| 1273 | (s->ctx->cipher_list_by_id != NULL)) | ||
| 1274 | { | ||
| 1275 | return(s->ctx->cipher_list_by_id); | ||
| 1276 | } | ||
| 1277 | } | 1297 | } |
| 1278 | return(NULL); | ||
| 1279 | } | 1298 | } |
| 1299 | return (NULL); | ||
| 1300 | } | ||
| 1280 | 1301 | ||
| 1281 | /** The old interface to get the same thing as SSL_get_ciphers() */ | 1302 | /** The old interface to get the same thing as SSL_get_ciphers() */ |
| 1282 | const char *SSL_get_cipher_list(const SSL *s,int n) | 1303 | const char |
| 1283 | { | 1304 | *SSL_get_cipher_list(const SSL *s, int n) |
| 1305 | { | ||
| 1284 | SSL_CIPHER *c; | 1306 | SSL_CIPHER *c; |
| 1285 | STACK_OF(SSL_CIPHER) *sk; | 1307 | STACK_OF(SSL_CIPHER) *sk; |
| 1286 | 1308 | ||
| 1287 | if (s == NULL) return(NULL); | 1309 | if (s == NULL) |
| 1288 | sk=SSL_get_ciphers(s); | 1310 | return (NULL); |
| 1311 | sk = SSL_get_ciphers(s); | ||
| 1289 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) | 1312 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) |
| 1290 | return(NULL); | 1313 | return (NULL); |
| 1291 | c=sk_SSL_CIPHER_value(sk,n); | 1314 | c = sk_SSL_CIPHER_value(sk, n); |
| 1292 | if (c == NULL) return(NULL); | 1315 | if (c == NULL) |
| 1293 | return(c->name); | 1316 | return (NULL); |
| 1294 | } | 1317 | return (c->name); |
| 1318 | } | ||
| 1295 | 1319 | ||
| 1296 | /** specify the ciphers to be used by default by the SSL_CTX */ | 1320 | /** specify the ciphers to be used by default by the SSL_CTX */ |
| 1297 | int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | 1321 | int |
| 1298 | { | 1322 | SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) |
| 1323 | { | ||
| 1299 | STACK_OF(SSL_CIPHER) *sk; | 1324 | STACK_OF(SSL_CIPHER) *sk; |
| 1300 | 1325 | ||
| 1301 | sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, | 1326 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 1302 | &ctx->cipher_list_by_id,str); | 1327 | &ctx->cipher_list_by_id, str); |
| 1303 | /* ssl_create_cipher_list may return an empty stack if it | 1328 | /* ssl_create_cipher_list may return an empty stack if it |
| 1304 | * was unable to find a cipher matching the given rule string | 1329 | * was unable to find a cipher matching the given rule string |
| 1305 | * (for example if the rule string specifies a cipher which | 1330 | * (for example if the rule string specifies a cipher which |
| @@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | |||
| 1309 | * updated. */ | 1334 | * updated. */ |
| 1310 | if (sk == NULL) | 1335 | if (sk == NULL) |
| 1311 | return 0; | 1336 | return 0; |
| 1312 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1337 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1313 | { | ||
| 1314 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1338 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1315 | return 0; | 1339 | return 0; |
| 1316 | } | ||
| 1317 | return 1; | ||
| 1318 | } | 1340 | } |
| 1341 | return 1; | ||
| 1342 | } | ||
| 1319 | 1343 | ||
| 1320 | /** specify the ciphers to be used by the SSL */ | 1344 | /** specify the ciphers to be used by the SSL */ |
| 1321 | int SSL_set_cipher_list(SSL *s,const char *str) | 1345 | int |
| 1322 | { | 1346 | SSL_set_cipher_list(SSL *s, const char *str) |
| 1347 | { | ||
| 1323 | STACK_OF(SSL_CIPHER) *sk; | 1348 | STACK_OF(SSL_CIPHER) *sk; |
| 1324 | 1349 | ||
| 1325 | sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, | 1350 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, |
| 1326 | &s->cipher_list_by_id,str); | 1351 | &s->cipher_list_by_id, str); |
| 1327 | /* see comment in SSL_CTX_set_cipher_list */ | 1352 | /* see comment in SSL_CTX_set_cipher_list */ |
| 1328 | if (sk == NULL) | 1353 | if (sk == NULL) |
| 1329 | return 0; | 1354 | return 0; |
| 1330 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1355 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1331 | { | ||
| 1332 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1356 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1333 | return 0; | 1357 | return 0; |
| 1334 | } | ||
| 1335 | return 1; | ||
| 1336 | } | 1358 | } |
| 1359 | return 1; | ||
| 1360 | } | ||
| 1337 | 1361 | ||
| 1338 | /* works well for SSLv2, not so good for SSLv3 */ | 1362 | /* works well for SSLv2, not so good for SSLv3 */ |
| 1339 | char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | 1363 | char |
| 1340 | { | 1364 | *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) |
| 1365 | { | ||
| 1341 | char *end; | 1366 | char *end; |
| 1342 | STACK_OF(SSL_CIPHER) *sk; | 1367 | STACK_OF(SSL_CIPHER) *sk; |
| 1343 | SSL_CIPHER *c; | 1368 | SSL_CIPHER *c; |
| @@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | |||
| 1346 | 1371 | ||
| 1347 | if ((s->session == NULL) || (s->session->ciphers == NULL) || | 1372 | if ((s->session == NULL) || (s->session->ciphers == NULL) || |
| 1348 | (len < 2)) | 1373 | (len < 2)) |
| 1349 | return(NULL); | 1374 | return (NULL); |
| 1350 | 1375 | ||
| 1351 | sk=s->session->ciphers; | 1376 | sk = s->session->ciphers; |
| 1352 | buf[0] = '\0'; | 1377 | buf[0] = '\0'; |
| 1353 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1378 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1354 | { | 1379 | c = sk_SSL_CIPHER_value(sk, i); |
| 1355 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1356 | end = buf + curlen; | 1380 | end = buf + curlen; |
| 1357 | if (strlcat(buf, c->name, len) >= len || | 1381 | if (strlcat(buf, c->name, len) >= len || |
| 1358 | (curlen = strlcat(buf, ":", len)) >= len) | 1382 | (curlen = strlcat(buf, ":", len)) >= len) { |
| 1359 | { | ||
| 1360 | /* remove truncated cipher from list */ | 1383 | /* remove truncated cipher from list */ |
| 1361 | *end = '\0'; | 1384 | *end = '\0'; |
| 1362 | break; | 1385 | break; |
| 1363 | } | ||
| 1364 | } | 1386 | } |
| 1387 | } | ||
| 1365 | /* remove trailing colon */ | 1388 | /* remove trailing colon */ |
| 1366 | if ((end = strrchr(buf, ':')) != NULL) | 1389 | if ((end = strrchr(buf, ':')) != NULL) |
| 1367 | *end = '\0'; | 1390 | *end = '\0'; |
| 1368 | return(buf); | 1391 | return (buf); |
| 1369 | } | 1392 | } |
| 1370 | 1393 | ||
| 1371 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | 1394 | int |
| 1372 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) | 1395 | ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, |
| 1373 | { | 1396 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) |
| 1374 | int i,j=0; | 1397 | { |
| 1398 | int i, j = 0; | ||
| 1375 | SSL_CIPHER *c; | 1399 | SSL_CIPHER *c; |
| 1376 | unsigned char *q; | 1400 | unsigned char *q; |
| 1377 | #ifndef OPENSSL_NO_KRB5 | 1401 | #ifndef OPENSSL_NO_KRB5 |
| 1378 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); | 1402 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); |
| 1379 | #endif /* OPENSSL_NO_KRB5 */ | 1403 | #endif /* OPENSSL_NO_KRB5 */ |
| 1380 | 1404 | ||
| 1381 | if (sk == NULL) return(0); | 1405 | if (sk == NULL) |
| 1382 | q=p; | 1406 | return (0); |
| 1407 | q = p; | ||
| 1383 | 1408 | ||
| 1384 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1409 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1385 | { | 1410 | c = sk_SSL_CIPHER_value(sk, i); |
| 1386 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1387 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ | 1411 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ |
| 1388 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | 1412 | if ((c->algorithm_ssl & SSL_TLSV1_2) && |
| 1389 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) | 1413 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) |
| 1390 | continue; | 1414 | continue; |
| 1391 | #ifndef OPENSSL_NO_KRB5 | 1415 | #ifndef OPENSSL_NO_KRB5 |
| 1392 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && | 1416 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && |
| 1393 | nokrb5) | 1417 | nokrb5) |
| 1394 | continue; | 1418 | continue; |
| 1395 | #endif /* OPENSSL_NO_KRB5 */ | 1419 | #endif /* OPENSSL_NO_KRB5 */ |
| 1396 | #ifndef OPENSSL_NO_PSK | 1420 | #ifndef OPENSSL_NO_PSK |
| 1397 | /* with PSK there must be client callback set */ | 1421 | /* with PSK there must be client callback set */ |
| 1398 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && | 1422 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && |
| 1399 | s->psk_client_callback == NULL) | 1423 | s->psk_client_callback == NULL) |
| 1400 | continue; | 1424 | continue; |
| 1401 | #endif /* OPENSSL_NO_PSK */ | 1425 | #endif /* OPENSSL_NO_PSK */ |
| 1402 | j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); | 1426 | j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); |
| 1403 | p+=j; | 1427 | p += j; |
| 1404 | } | 1428 | } |
| 1405 | /* If p == q, no ciphers and caller indicates an error. Otherwise | 1429 | /* If p == q, no ciphers and caller indicates an error. Otherwise |
| 1406 | * add SCSV if not renegotiating. | 1430 | * add SCSV if not renegotiating. |
| 1407 | */ | 1431 | */ |
| 1408 | if (p != q && !s->renegotiate) | 1432 | if (p != q && !s->renegotiate) { |
| 1409 | { | 1433 | static SSL_CIPHER scsv = { |
| 1410 | static SSL_CIPHER scsv = | ||
| 1411 | { | ||
| 1412 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 | 1434 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 |
| 1413 | }; | 1435 | }; |
| 1414 | j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); | 1436 | j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); |
| 1415 | p+=j; | 1437 | p += j; |
| 1416 | #ifdef OPENSSL_RI_DEBUG | 1438 | #ifdef OPENSSL_RI_DEBUG |
| 1417 | fprintf(stderr, "SCSV sent by client\n"); | 1439 | fprintf(stderr, "SCSV sent by client\n"); |
| 1418 | #endif | 1440 | #endif |
| 1419 | } | ||
| 1420 | |||
| 1421 | return(p-q); | ||
| 1422 | } | 1441 | } |
| 1423 | 1442 | ||
| 1424 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | 1443 | return (p - q); |
| 1425 | STACK_OF(SSL_CIPHER) **skp) | 1444 | } |
| 1426 | { | 1445 | |
| 1446 | STACK_OF(SSL_CIPHER) | ||
| 1447 | *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | ||
| 1448 | STACK_OF(SSL_CIPHER) **skp) | ||
| 1449 | { | ||
| 1427 | const SSL_CIPHER *c; | 1450 | const SSL_CIPHER *c; |
| 1428 | STACK_OF(SSL_CIPHER) *sk; | 1451 | STACK_OF(SSL_CIPHER) *sk; |
| 1429 | int i,n; | 1452 | int i, n; |
| 1430 | if (s->s3) | 1453 | if (s->s3) |
| 1431 | s->s3->send_connection_binding = 0; | 1454 | s->s3->send_connection_binding = 0; |
| 1432 | 1455 | ||
| 1433 | n=ssl_put_cipher_by_char(s,NULL,NULL); | 1456 | n = ssl_put_cipher_by_char(s, NULL, NULL); |
| 1434 | if ((num%n) != 0) | 1457 | if ((num % n) != 0) { |
| 1435 | { | 1458 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1436 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1459 | return (NULL); |
| 1437 | return(NULL); | 1460 | } |
| 1438 | } | ||
| 1439 | if ((skp == NULL) || (*skp == NULL)) | 1461 | if ((skp == NULL) || (*skp == NULL)) |
| 1440 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ | 1462 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ |
| 1441 | else | 1463 | else { |
| 1442 | { | ||
| 1443 | sk= *skp; | 1464 | sk= *skp; |
| 1444 | sk_SSL_CIPHER_zero(sk); | 1465 | sk_SSL_CIPHER_zero(sk); |
| 1445 | } | 1466 | } |
| 1446 | 1467 | ||
| 1447 | for (i=0; i<num; i+=n) | 1468 | for (i = 0; i < num; i += n) { |
| 1448 | { | ||
| 1449 | /* Check for SCSV */ | 1469 | /* Check for SCSV */ |
| 1450 | if (s->s3 && (n != 3 || !p[0]) && | 1470 | if (s->s3 && (n != 3 || !p[0]) && |
| 1451 | (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && | 1471 | (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && |
| 1452 | (p[n-1] == (SSL3_CK_SCSV & 0xff))) | 1472 | (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { |
| 1453 | { | ||
| 1454 | /* SCSV fatal if renegotiating */ | 1473 | /* SCSV fatal if renegotiating */ |
| 1455 | if (s->renegotiate) | 1474 | if (s->renegotiate) { |
| 1456 | { | 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); |
| 1457 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); | 1476 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); |
| 1458 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 1477 | |
| 1459 | goto err; | 1478 | goto err; |
| 1460 | } | 1479 | } |
| 1461 | s->s3->send_connection_binding = 1; | 1480 | s->s3->send_connection_binding = 1; |
| 1462 | p += n; | 1481 | p += n; |
| 1463 | #ifdef OPENSSL_RI_DEBUG | 1482 | #ifdef OPENSSL_RI_DEBUG |
| 1464 | fprintf(stderr, "SCSV received by server\n"); | 1483 | fprintf(stderr, "SCSV received by server\n"); |
| 1465 | #endif | 1484 | #endif |
| 1466 | continue; | 1485 | continue; |
| 1467 | } | 1486 | } |
| 1468 | 1487 | ||
| 1469 | c=ssl_get_cipher_by_char(s,p); | 1488 | c = ssl_get_cipher_by_char(s, p); |
| 1470 | p+=n; | 1489 | p += n; |
| 1471 | if (c != NULL) | 1490 | if (c != NULL) { |
| 1472 | { | 1491 | if (!sk_SSL_CIPHER_push(sk, c)) { |
| 1473 | if (!sk_SSL_CIPHER_push(sk,c)) | 1492 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1474 | { | ||
| 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1476 | goto err; | 1493 | goto err; |
| 1477 | } | ||
| 1478 | } | 1494 | } |
| 1479 | } | 1495 | } |
| 1496 | } | ||
| 1480 | 1497 | ||
| 1481 | if (skp != NULL) | 1498 | if (skp != NULL) |
| 1482 | *skp=sk; | 1499 | *skp = sk; |
| 1483 | return(sk); | 1500 | return (sk); |
| 1484 | err: | 1501 | err: |
| 1485 | if ((skp == NULL) || (*skp == NULL)) | 1502 | if ((skp == NULL) || (*skp == NULL)) |
| 1486 | sk_SSL_CIPHER_free(sk); | 1503 | sk_SSL_CIPHER_free(sk); |
| 1487 | return(NULL); | 1504 | return (NULL); |
| 1488 | } | 1505 | } |
| 1489 | 1506 | ||
| 1490 | 1507 | ||
| 1491 | #ifndef OPENSSL_NO_TLSEXT | 1508 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -1493,22 +1510,24 @@ err: | |||
| 1493 | * So far, only host_name types are defined (RFC 3546). | 1510 | * So far, only host_name types are defined (RFC 3546). |
| 1494 | */ | 1511 | */ |
| 1495 | 1512 | ||
| 1496 | const char *SSL_get_servername(const SSL *s, const int type) | 1513 | const char |
| 1497 | { | 1514 | *SSL_get_servername(const SSL *s, const int type) |
| 1515 | { | ||
| 1498 | if (type != TLSEXT_NAMETYPE_host_name) | 1516 | if (type != TLSEXT_NAMETYPE_host_name) |
| 1499 | return NULL; | 1517 | return NULL; |
| 1500 | 1518 | ||
| 1501 | return s->session && !s->tlsext_hostname ? | 1519 | return s->session && !s->tlsext_hostname ? |
| 1502 | s->session->tlsext_hostname : | 1520 | s->session->tlsext_hostname : |
| 1503 | s->tlsext_hostname; | 1521 | s->tlsext_hostname; |
| 1504 | } | 1522 | } |
| 1505 | 1523 | ||
| 1506 | int SSL_get_servername_type(const SSL *s) | 1524 | int |
| 1507 | { | 1525 | SSL_get_servername_type(const SSL *s) |
| 1526 | { | ||
| 1508 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) | 1527 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) |
| 1509 | return TLSEXT_NAMETYPE_host_name; | 1528 | return TLSEXT_NAMETYPE_host_name; |
| 1510 | return -1; | 1529 | return -1; |
| 1511 | } | 1530 | } |
| 1512 | 1531 | ||
| 1513 | # ifndef OPENSSL_NO_NEXTPROTONEG | 1532 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 1514 | /* SSL_select_next_proto implements the standard protocol selection. It is | 1533 | /* SSL_select_next_proto implements the standard protocol selection. It is |
| @@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s) | |||
| 1541 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or | 1560 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or |
| 1542 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. | 1561 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. |
| 1543 | */ | 1562 | */ |
| 1544 | int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) | 1563 | int |
| 1545 | { | 1564 | SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) |
| 1565 | { | ||
| 1546 | unsigned int i, j; | 1566 | unsigned int i, j; |
| 1547 | const unsigned char *result; | 1567 | const unsigned char *result; |
| 1548 | int status = OPENSSL_NPN_UNSUPPORTED; | 1568 | int status = OPENSSL_NPN_UNSUPPORTED; |
| 1549 | 1569 | ||
| 1550 | /* For each protocol in server preference order, see if we support it. */ | 1570 | /* For each protocol in server preference order, see if we support it. */ |
| 1551 | for (i = 0; i < server_len; ) | 1571 | for (i = 0; i < server_len; ) { |
| 1552 | { | 1572 | for (j = 0; j < client_len; ) { |
| 1553 | for (j = 0; j < client_len; ) | ||
| 1554 | { | ||
| 1555 | if (server[i] == client[j] && | 1573 | if (server[i] == client[j] && |
| 1556 | memcmp(&server[i+1], &client[j+1], server[i]) == 0) | 1574 | memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { |
| 1557 | { | ||
| 1558 | /* We found a match */ | 1575 | /* We found a match */ |
| 1559 | result = &server[i]; | 1576 | result = &server[i]; |
| 1560 | status = OPENSSL_NPN_NEGOTIATED; | 1577 | status = OPENSSL_NPN_NEGOTIATED; |
| 1561 | goto found; | 1578 | goto found; |
| 1562 | } | 1579 | } |
| 1563 | j += client[j]; | 1580 | j += client[j]; |
| 1564 | j++; | 1581 | j++; |
| 1565 | } | 1582 | } |
| 1566 | i += server[i]; | 1583 | i += server[i]; |
| 1567 | i++; | 1584 | i++; |
| 1568 | } | 1585 | } |
| 1569 | 1586 | ||
| 1570 | /* There's no overlap between our protocols and the server's list. */ | 1587 | /* There's no overlap between our protocols and the server's list. */ |
| 1571 | result = client; | 1588 | result = client; |
| @@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1575 | *out = (unsigned char *) result + 1; | 1592 | *out = (unsigned char *) result + 1; |
| 1576 | *outlen = result[0]; | 1593 | *outlen = result[0]; |
| 1577 | return status; | 1594 | return status; |
| 1578 | } | 1595 | } |
| 1579 | 1596 | ||
| 1580 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's | 1597 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's |
| 1581 | * requested protocol for this connection and returns 0. If the client didn't | 1598 | * requested protocol for this connection and returns 0. If the client didn't |
| @@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1585 | * from this function need not be a member of the list of supported protocols | 1602 | * from this function need not be a member of the list of supported protocols |
| 1586 | * provided by the callback. | 1603 | * provided by the callback. |
| 1587 | */ | 1604 | */ |
| 1588 | void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) | 1605 | void |
| 1589 | { | 1606 | SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) |
| 1607 | { | ||
| 1590 | *data = s->next_proto_negotiated; | 1608 | *data = s->next_proto_negotiated; |
| 1591 | if (!*data) { | 1609 | if (!*data) { |
| 1592 | *len = 0; | 1610 | *len = 0; |
| @@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un | |||
| 1604 | * | 1622 | * |
| 1605 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no | 1623 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no |
| 1606 | * such extension will be included in the ServerHello. */ | 1624 | * such extension will be included in the ServerHello. */ |
| 1607 | void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) | 1625 | void |
| 1608 | { | 1626 | SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) |
| 1627 | { | ||
| 1609 | ctx->next_protos_advertised_cb = cb; | 1628 | ctx->next_protos_advertised_cb = cb; |
| 1610 | ctx->next_protos_advertised_cb_arg = arg; | 1629 | ctx->next_protos_advertised_cb_arg = arg; |
| 1611 | } | 1630 | } |
| 1612 | 1631 | ||
| 1613 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a | 1632 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a |
| 1614 | * client needs to select a protocol from the server's provided list. |out| | 1633 | * client needs to select a protocol from the server's provided list. |out| |
| @@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co | |||
| 1620 | * The client must select a protocol. It is fatal to the connection if this | 1639 | * The client must select a protocol. It is fatal to the connection if this |
| 1621 | * callback returns a value other than SSL_TLSEXT_ERR_OK. | 1640 | * callback returns a value other than SSL_TLSEXT_ERR_OK. |
| 1622 | */ | 1641 | */ |
| 1623 | void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) | 1642 | void |
| 1624 | { | 1643 | SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) |
| 1644 | { | ||
| 1625 | ctx->next_proto_select_cb = cb; | 1645 | ctx->next_proto_select_cb = cb; |
| 1626 | ctx->next_proto_select_cb_arg = arg; | 1646 | ctx->next_proto_select_cb_arg = arg; |
| 1627 | } | 1647 | } |
| 1628 | # endif | 1648 | # endif |
| 1629 | #endif | 1649 | #endif |
| 1630 | 1650 | ||
| 1631 | int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | 1651 | int |
| 1632 | const char *label, size_t llen, const unsigned char *p, size_t plen, | 1652 | SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, |
| 1633 | int use_context) | 1653 | const char *label, size_t llen, const unsigned char *p, size_t plen, |
| 1634 | { | 1654 | int use_context) |
| 1655 | { | ||
| 1635 | if (s->version < TLS1_VERSION) | 1656 | if (s->version < TLS1_VERSION) |
| 1636 | return -1; | 1657 | return -1; |
| 1637 | 1658 | ||
| 1638 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, | 1659 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, |
| 1639 | llen, p, plen, | 1660 | llen, p, plen, |
| 1640 | use_context); | 1661 | use_context); |
| 1641 | } | 1662 | } |
| 1642 | 1663 | ||
| 1643 | static unsigned long ssl_session_hash(const SSL_SESSION *a) | 1664 | static unsigned long |
| 1644 | { | 1665 | ssl_session_hash(const SSL_SESSION *a) |
| 1666 | { | ||
| 1645 | unsigned long l; | 1667 | unsigned long l; |
| 1646 | 1668 | ||
| 1647 | l=(unsigned long) | 1669 | l = (unsigned long) |
| 1648 | ((unsigned int) a->session_id[0] )| | 1670 | ((unsigned int) a->session_id[0] )| |
| 1649 | ((unsigned int) a->session_id[1]<< 8L)| | 1671 | ((unsigned int) a->session_id[1]<< 8L)| |
| 1650 | ((unsigned long)a->session_id[2]<<16L)| | 1672 | ((unsigned long)a->session_id[2]<<16L)| |
| 1651 | ((unsigned long)a->session_id[3]<<24L); | 1673 | ((unsigned long)a->session_id[3]<<24L); |
| 1652 | return(l); | 1674 | return (l); |
| 1653 | } | 1675 | } |
| 1654 | 1676 | ||
| 1655 | /* NB: If this function (or indeed the hash function which uses a sort of | 1677 | /* NB: If this function (or indeed the hash function which uses a sort of |
| 1656 | * coarser function than this one) is changed, ensure | 1678 | * coarser function than this one) is changed, ensure |
| 1657 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being | 1679 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being |
| 1658 | * able to construct an SSL_SESSION that will collide with any existing session | 1680 | * able to construct an SSL_SESSION that will collide with any existing session |
| 1659 | * with a matching session ID. */ | 1681 | * with a matching session ID. */ |
| 1660 | static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) | 1682 | static int |
| 1661 | { | 1683 | ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) |
| 1684 | { | ||
| 1662 | if (a->ssl_version != b->ssl_version) | 1685 | if (a->ssl_version != b->ssl_version) |
| 1663 | return(1); | 1686 | return (1); |
| 1664 | if (a->session_id_length != b->session_id_length) | 1687 | if (a->session_id_length != b->session_id_length) |
| 1665 | return(1); | 1688 | return (1); |
| 1666 | return(memcmp(a->session_id,b->session_id,a->session_id_length)); | 1689 | return (memcmp(a->session_id, b->session_id, a->session_id_length)); |
| 1667 | } | 1690 | } |
| 1668 | 1691 | ||
| 1669 | /* These wrapper functions should remain rather than redeclaring | 1692 | /* These wrapper functions should remain rather than redeclaring |
| 1670 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each | 1693 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each |
| 1671 | * variable. The reason is that the functions aren't static, they're exposed via | 1694 | * variable. The reason is that the functions aren't static, they're exposed via |
| 1672 | * ssl.h. */ | 1695 | * ssl.h. */ |
| 1673 | static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) | 1696 | static |
| 1674 | static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | 1697 | IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) |
| 1698 | static | ||
| 1699 | IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | ||
| 1675 | 1700 | ||
| 1676 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | 1701 | SSL_CTX |
| 1677 | { | 1702 | *SSL_CTX_new(const SSL_METHOD *meth) |
| 1678 | SSL_CTX *ret=NULL; | 1703 | { |
| 1704 | SSL_CTX *ret = NULL; | ||
| 1679 | 1705 | ||
| 1680 | if (meth == NULL) | 1706 | if (meth == NULL) { |
| 1681 | { | 1707 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); |
| 1682 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); | 1708 | return (NULL); |
| 1683 | return(NULL); | 1709 | } |
| 1684 | } | ||
| 1685 | 1710 | ||
| 1686 | #ifdef OPENSSL_FIPS | 1711 | #ifdef OPENSSL_FIPS |
| 1687 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) | 1712 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) { |
| 1688 | { | ||
| 1689 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | 1713 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); |
| 1690 | return NULL; | 1714 | return NULL; |
| 1691 | } | 1715 | } |
| 1692 | #endif | 1716 | #endif |
| 1693 | 1717 | ||
| 1694 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | 1718 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { |
| 1695 | { | 1719 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); |
| 1696 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | ||
| 1697 | goto err; | 1720 | goto err; |
| 1698 | } | 1721 | } |
| 1699 | ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); | 1722 | ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); |
| 1700 | if (ret == NULL) | 1723 | if (ret == NULL) |
| 1701 | goto err; | 1724 | goto err; |
| 1702 | 1725 | ||
| 1703 | memset(ret,0,sizeof(SSL_CTX)); | 1726 | memset(ret, 0, sizeof(SSL_CTX)); |
| 1704 | 1727 | ||
| 1705 | ret->method=meth; | 1728 | ret->method = meth; |
| 1706 | 1729 | ||
| 1707 | ret->cert_store=NULL; | 1730 | ret->cert_store = NULL; |
| 1708 | ret->session_cache_mode=SSL_SESS_CACHE_SERVER; | 1731 | ret->session_cache_mode = SSL_SESS_CACHE_SERVER; |
| 1709 | ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; | 1732 | ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; |
| 1710 | ret->session_cache_head=NULL; | 1733 | ret->session_cache_head = NULL; |
| 1711 | ret->session_cache_tail=NULL; | 1734 | ret->session_cache_tail = NULL; |
| 1712 | 1735 | ||
| 1713 | /* We take the system default */ | 1736 | /* We take the system default */ |
| 1714 | ret->session_timeout=meth->get_timeout(); | 1737 | ret->session_timeout = meth->get_timeout(); |
| 1715 | 1738 | ||
| 1716 | ret->new_session_cb=0; | 1739 | ret->new_session_cb = 0; |
| 1717 | ret->remove_session_cb=0; | 1740 | ret->remove_session_cb = 0; |
| 1718 | ret->get_session_cb=0; | 1741 | ret->get_session_cb = 0; |
| 1719 | ret->generate_session_id=0; | 1742 | ret->generate_session_id = 0; |
| 1720 | 1743 | ||
| 1721 | memset((char *)&ret->stats,0,sizeof(ret->stats)); | 1744 | memset((char *)&ret->stats, 0, sizeof(ret->stats)); |
| 1722 | 1745 | ||
| 1723 | ret->references=1; | 1746 | ret->references = 1; |
| 1724 | ret->quiet_shutdown=0; | 1747 | ret->quiet_shutdown = 0; |
| 1725 | 1748 | ||
| 1726 | /* ret->cipher=NULL;*/ | 1749 | /* ret->cipher=NULL;*/ |
| 1727 | /* ret->s2->challenge=NULL; | 1750 | /* ret->s2->challenge=NULL; |
| 1728 | ret->master_key=NULL; | 1751 | ret->master_key=NULL; |
| 1729 | ret->key_arg=NULL; | 1752 | ret->key_arg=NULL; |
| 1730 | ret->s2->conn_id=NULL; */ | 1753 | ret->s2->conn_id=NULL; |
| 1754 | */ | ||
| 1731 | 1755 | ||
| 1732 | ret->info_callback=NULL; | 1756 | ret->info_callback = NULL; |
| 1733 | 1757 | ||
| 1734 | ret->app_verify_callback=0; | 1758 | ret->app_verify_callback = 0; |
| 1735 | ret->app_verify_arg=NULL; | 1759 | ret->app_verify_arg = NULL; |
| 1736 | 1760 | ||
| 1737 | ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; | 1761 | ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; |
| 1738 | ret->read_ahead=0; | 1762 | ret->read_ahead = 0; |
| 1739 | ret->msg_callback=0; | 1763 | ret->msg_callback = 0; |
| 1740 | ret->msg_callback_arg=NULL; | 1764 | ret->msg_callback_arg = NULL; |
| 1741 | ret->verify_mode=SSL_VERIFY_NONE; | 1765 | ret->verify_mode = SSL_VERIFY_NONE; |
| 1742 | #if 0 | 1766 | #if 0 |
| 1743 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | 1767 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ |
| 1744 | #endif | 1768 | #endif |
| 1745 | ret->sid_ctx_length=0; | 1769 | ret->sid_ctx_length = 0; |
| 1746 | ret->default_verify_callback=NULL; | 1770 | ret->default_verify_callback = NULL; |
| 1747 | if ((ret->cert=ssl_cert_new()) == NULL) | 1771 | if ((ret->cert = ssl_cert_new()) == NULL) |
| 1748 | goto err; | 1772 | goto err; |
| 1749 | 1773 | ||
| 1750 | ret->default_passwd_callback=0; | 1774 | ret->default_passwd_callback = 0; |
| 1751 | ret->default_passwd_callback_userdata=NULL; | 1775 | ret->default_passwd_callback_userdata = NULL; |
| 1752 | ret->client_cert_cb=0; | 1776 | ret->client_cert_cb = 0; |
| 1753 | ret->app_gen_cookie_cb=0; | 1777 | ret->app_gen_cookie_cb = 0; |
| 1754 | ret->app_verify_cookie_cb=0; | 1778 | ret->app_verify_cookie_cb = 0; |
| 1755 | 1779 | ||
| 1756 | ret->sessions=lh_SSL_SESSION_new(); | 1780 | ret->sessions = lh_SSL_SESSION_new(); |
| 1757 | if (ret->sessions == NULL) goto err; | 1781 | if (ret->sessions == NULL) |
| 1758 | ret->cert_store=X509_STORE_new(); | 1782 | goto err; |
| 1759 | if (ret->cert_store == NULL) goto err; | 1783 | ret->cert_store = X509_STORE_new(); |
| 1784 | if (ret->cert_store == NULL) | ||
| 1785 | goto err; | ||
| 1760 | 1786 | ||
| 1761 | ssl_create_cipher_list(ret->method, | 1787 | ssl_create_cipher_list(ret->method, |
| 1762 | &ret->cipher_list,&ret->cipher_list_by_id, | 1788 | &ret->cipher_list, &ret->cipher_list_by_id, |
| 1763 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 1789 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 1764 | if (ret->cipher_list == NULL | 1790 | if (ret->cipher_list == NULL |
| 1765 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) | 1791 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
| 1766 | { | 1792 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); |
| 1767 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); | ||
| 1768 | goto err2; | 1793 | goto err2; |
| 1769 | } | 1794 | } |
| 1770 | 1795 | ||
| 1771 | ret->param = X509_VERIFY_PARAM_new(); | 1796 | ret->param = X509_VERIFY_PARAM_new(); |
| 1772 | if (!ret->param) | 1797 | if (!ret->param) |
| 1773 | goto err; | 1798 | goto err; |
| 1774 | 1799 | ||
| 1775 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) | 1800 | if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { |
| 1776 | { | 1801 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); |
| 1777 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); | ||
| 1778 | goto err2; | 1802 | goto err2; |
| 1779 | } | 1803 | } |
| 1780 | if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) | 1804 | if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { |
| 1781 | { | 1805 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); |
| 1782 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); | ||
| 1783 | goto err2; | 1806 | goto err2; |
| 1784 | } | 1807 | } |
| 1785 | if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) | 1808 | if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { |
| 1786 | { | 1809 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); |
| 1787 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); | ||
| 1788 | goto err2; | 1810 | goto err2; |
| 1789 | } | 1811 | } |
| 1790 | 1812 | ||
| 1791 | if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) | 1813 | if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) |
| 1792 | goto err; | 1814 | goto err; |
| 1793 | 1815 | ||
| 1794 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); | 1816 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); |
| 1795 | 1817 | ||
| 1796 | ret->extra_certs=NULL; | 1818 | ret->extra_certs = NULL; |
| 1797 | /* No compression for DTLS */ | 1819 | /* No compression for DTLS */ |
| 1798 | if (meth->version != DTLS1_VERSION) | 1820 | if (meth->version != DTLS1_VERSION) |
| 1799 | ret->comp_methods=SSL_COMP_get_compression_methods(); | 1821 | ret->comp_methods = SSL_COMP_get_compression_methods(); |
| 1800 | 1822 | ||
| 1801 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; | 1823 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; |
| 1802 | 1824 | ||
| @@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1806 | /* Setup RFC4507 ticket keys */ | 1828 | /* Setup RFC4507 ticket keys */ |
| 1807 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) | 1829 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) |
| 1808 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) | 1830 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) |
| 1809 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) | 1831 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) |
| 1810 | ret->options |= SSL_OP_NO_TICKET; | 1832 | ret->options |= SSL_OP_NO_TICKET; |
| 1811 | 1833 | ||
| 1812 | ret->tlsext_status_cb = 0; | 1834 | ret->tlsext_status_cb = 0; |
| 1813 | ret->tlsext_status_arg = NULL; | 1835 | ret->tlsext_status_arg = NULL; |
| @@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1818 | # endif | 1840 | # endif |
| 1819 | #endif | 1841 | #endif |
| 1820 | #ifndef OPENSSL_NO_PSK | 1842 | #ifndef OPENSSL_NO_PSK |
| 1821 | ret->psk_identity_hint=NULL; | 1843 | ret->psk_identity_hint = NULL; |
| 1822 | ret->psk_client_callback=NULL; | 1844 | ret->psk_client_callback = NULL; |
| 1823 | ret->psk_server_callback=NULL; | 1845 | ret->psk_server_callback = NULL; |
| 1824 | #endif | 1846 | #endif |
| 1825 | #ifndef OPENSSL_NO_SRP | 1847 | #ifndef OPENSSL_NO_SRP |
| 1826 | SSL_CTX_SRP_CTX_init(ret); | 1848 | SSL_CTX_SRP_CTX_init(ret); |
| @@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1834 | ret->rbuf_freelist->len = 0; | 1856 | ret->rbuf_freelist->len = 0; |
| 1835 | ret->rbuf_freelist->head = NULL; | 1857 | ret->rbuf_freelist->head = NULL; |
| 1836 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); | 1858 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); |
| 1837 | if (!ret->wbuf_freelist) | 1859 | if (!ret->wbuf_freelist) { |
| 1838 | { | ||
| 1839 | OPENSSL_free(ret->rbuf_freelist); | 1860 | OPENSSL_free(ret->rbuf_freelist); |
| 1840 | goto err; | 1861 | goto err; |
| 1841 | } | 1862 | } |
| 1842 | ret->wbuf_freelist->chunklen = 0; | 1863 | ret->wbuf_freelist->chunklen = 0; |
| 1843 | ret->wbuf_freelist->len = 0; | 1864 | ret->wbuf_freelist->len = 0; |
| 1844 | ret->wbuf_freelist->head = NULL; | 1865 | ret->wbuf_freelist->head = NULL; |
| @@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1850 | #define eng_str(x) eng_strx(x) | 1871 | #define eng_str(x) eng_strx(x) |
| 1851 | /* Use specific client engine automatically... ignore errors */ | 1872 | /* Use specific client engine automatically... ignore errors */ |
| 1852 | { | 1873 | { |
| 1853 | ENGINE *eng; | 1874 | ENGINE *eng; |
| 1854 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1855 | if (!eng) | ||
| 1856 | { | ||
| 1857 | ERR_clear_error(); | ||
| 1858 | ENGINE_load_builtin_engines(); | ||
| 1859 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | 1875 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); |
| 1876 | if (!eng) { | ||
| 1877 | ERR_clear_error(); | ||
| 1878 | ENGINE_load_builtin_engines(); | ||
| 1879 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1860 | } | 1880 | } |
| 1861 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) | 1881 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) |
| 1862 | ERR_clear_error(); | 1882 | ERR_clear_error(); |
| 1863 | } | 1883 | } |
| 1864 | #endif | 1884 | #endif |
| 1865 | #endif | 1885 | #endif |
| @@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1868 | */ | 1888 | */ |
| 1869 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; | 1889 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; |
| 1870 | 1890 | ||
| 1871 | return(ret); | 1891 | return (ret); |
| 1872 | err: | 1892 | err: |
| 1873 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); | 1893 | SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); |
| 1874 | err2: | 1894 | err2: |
| 1875 | if (ret != NULL) SSL_CTX_free(ret); | 1895 | if (ret != NULL) |
| 1876 | return(NULL); | 1896 | SSL_CTX_free(ret); |
| 1877 | } | 1897 | return (NULL); |
| 1898 | } | ||
| 1878 | 1899 | ||
| 1879 | #if 0 | 1900 | #if 0 |
| 1880 | static void SSL_COMP_free(SSL_COMP *comp) | 1901 | static void |
| 1881 | { OPENSSL_free(comp); } | 1902 | SSL_COMP_free(SSL_COMP *comp) |
| 1903 | { OPENSSL_free(comp); | ||
| 1904 | } | ||
| 1882 | #endif | 1905 | #endif |
| 1883 | 1906 | ||
| 1884 | #ifndef OPENSSL_NO_BUF_FREELISTS | 1907 | #ifndef OPENSSL_NO_BUF_FREELISTS |
| 1885 | static void | 1908 | static void |
| 1886 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) | 1909 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) |
| 1887 | { | 1910 | { |
| 1888 | SSL3_BUF_FREELIST_ENTRY *ent, *next; | 1911 | SSL3_BUF_FREELIST_ENTRY *ent, *next; |
| 1889 | for (ent = list->head; ent; ent = next) | 1912 | for (ent = list->head; ent; ent = next) { |
| 1890 | { | ||
| 1891 | next = ent->next; | 1913 | next = ent->next; |
| 1892 | OPENSSL_free(ent); | 1914 | OPENSSL_free(ent); |
| 1893 | } | ||
| 1894 | OPENSSL_free(list); | ||
| 1895 | } | 1915 | } |
| 1916 | OPENSSL_free(list); | ||
| 1917 | } | ||
| 1896 | #endif | 1918 | #endif |
| 1897 | 1919 | ||
| 1898 | void SSL_CTX_free(SSL_CTX *a) | 1920 | void |
| 1899 | { | 1921 | SSL_CTX_free(SSL_CTX *a) |
| 1922 | { | ||
| 1900 | int i; | 1923 | int i; |
| 1901 | 1924 | ||
| 1902 | if (a == NULL) return; | 1925 | if (a == NULL) |
| 1926 | return; | ||
| 1903 | 1927 | ||
| 1904 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); | 1928 | i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); |
| 1905 | #ifdef REF_PRINT | 1929 | #ifdef REF_PRINT |
| 1906 | REF_PRINT("SSL_CTX",a); | 1930 | REF_PRINT("SSL_CTX", a); |
| 1907 | #endif | 1931 | #endif |
| 1908 | if (i > 0) return; | 1932 | if (i > 0) |
| 1933 | return; | ||
| 1909 | #ifdef REF_CHECK | 1934 | #ifdef REF_CHECK |
| 1910 | if (i < 0) | 1935 | if (i < 0) { |
| 1911 | { | 1936 | fprintf(stderr, "SSL_CTX_free, bad reference count\n"); |
| 1912 | fprintf(stderr,"SSL_CTX_free, bad reference count\n"); | ||
| 1913 | abort(); /* ok */ | 1937 | abort(); /* ok */ |
| 1914 | } | 1938 | } |
| 1915 | #endif | 1939 | #endif |
| 1916 | 1940 | ||
| 1917 | if (a->param) | 1941 | if (a->param) |
| @@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1927 | * (See ticket [openssl.org #212].) | 1951 | * (See ticket [openssl.org #212].) |
| 1928 | */ | 1952 | */ |
| 1929 | if (a->sessions != NULL) | 1953 | if (a->sessions != NULL) |
| 1930 | SSL_CTX_flush_sessions(a,0); | 1954 | SSL_CTX_flush_sessions(a, 0); |
| 1931 | 1955 | ||
| 1932 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | 1956 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); |
| 1933 | 1957 | ||
| @@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1943 | if (a->cert != NULL) | 1967 | if (a->cert != NULL) |
| 1944 | ssl_cert_free(a->cert); | 1968 | ssl_cert_free(a->cert); |
| 1945 | if (a->client_CA != NULL) | 1969 | if (a->client_CA != NULL) |
| 1946 | sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); | 1970 | sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); |
| 1947 | if (a->extra_certs != NULL) | 1971 | if (a->extra_certs != NULL) |
| 1948 | sk_X509_pop_free(a->extra_certs,X509_free); | 1972 | sk_X509_pop_free(a->extra_certs, X509_free); |
| 1949 | #if 0 /* This should never be done, since it removes a global database */ | 1973 | #if 0 /* This should never be done, since it removes a global database */ |
| 1950 | if (a->comp_methods != NULL) | 1974 | if (a->comp_methods != NULL) |
| 1951 | sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); | 1975 | sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); |
| 1952 | #else | 1976 | #else |
| 1953 | a->comp_methods = NULL; | 1977 | a->comp_methods = NULL; |
| 1954 | #endif | 1978 | #endif |
| 1955 | 1979 | ||
| 1956 | #ifndef OPENSSL_NO_SRTP | 1980 | #ifndef OPENSSL_NO_SRTP |
| 1957 | if (a->srtp_profiles) | 1981 | if (a->srtp_profiles) |
| 1958 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); | 1982 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); |
| 1959 | #endif | 1983 | #endif |
| 1960 | 1984 | ||
| 1961 | #ifndef OPENSSL_NO_PSK | 1985 | #ifndef OPENSSL_NO_PSK |
| @@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1978 | #endif | 2002 | #endif |
| 1979 | 2003 | ||
| 1980 | OPENSSL_free(a); | 2004 | OPENSSL_free(a); |
| 1981 | } | 2005 | } |
| 1982 | 2006 | ||
| 1983 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) | 2007 | void |
| 1984 | { | 2008 | SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) |
| 1985 | ctx->default_passwd_callback=cb; | 2009 | { |
| 1986 | } | 2010 | ctx->default_passwd_callback = cb; |
| 2011 | } | ||
| 1987 | 2012 | ||
| 1988 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) | 2013 | void |
| 1989 | { | 2014 | SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) |
| 1990 | ctx->default_passwd_callback_userdata=u; | 2015 | { |
| 1991 | } | 2016 | ctx->default_passwd_callback_userdata = u; |
| 2017 | } | ||
| 1992 | 2018 | ||
| 1993 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) | 2019 | void |
| 1994 | { | 2020 | SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) |
| 1995 | ctx->app_verify_callback=cb; | 2021 | { |
| 1996 | ctx->app_verify_arg=arg; | 2022 | ctx->app_verify_callback = cb; |
| 1997 | } | 2023 | ctx->app_verify_arg = arg; |
| 2024 | } | ||
| 1998 | 2025 | ||
| 1999 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) | 2026 | void |
| 2000 | { | 2027 | SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) |
| 2001 | ctx->verify_mode=mode; | 2028 | { |
| 2002 | ctx->default_verify_callback=cb; | 2029 | ctx->verify_mode = mode; |
| 2003 | } | 2030 | ctx->default_verify_callback = cb; |
| 2031 | } | ||
| 2004 | 2032 | ||
| 2005 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) | 2033 | void |
| 2006 | { | 2034 | SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) |
| 2035 | { | ||
| 2007 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | 2036 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
| 2008 | } | 2037 | } |
| 2009 | 2038 | ||
| 2010 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | 2039 | void |
| 2011 | { | 2040 | ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) |
| 2041 | { | ||
| 2012 | CERT_PKEY *cpk; | 2042 | CERT_PKEY *cpk; |
| 2013 | int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; | 2043 | int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; |
| 2014 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | 2044 | int rsa_enc_export, dh_rsa_export, dh_dsa_export; |
| 2015 | int rsa_tmp_export,dh_tmp_export,kl; | 2045 | int rsa_tmp_export, dh_tmp_export, kl; |
| 2016 | unsigned long mask_k,mask_a,emask_k,emask_a; | 2046 | unsigned long mask_k, mask_a, emask_k, emask_a; |
| 2017 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; | 2047 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; |
| 2018 | #ifndef OPENSSL_NO_ECDH | 2048 | #ifndef OPENSSL_NO_ECDH |
| 2019 | int have_ecdh_tmp; | 2049 | int have_ecdh_tmp; |
| @@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2022 | EVP_PKEY *ecc_pkey = NULL; | 2052 | EVP_PKEY *ecc_pkey = NULL; |
| 2023 | int signature_nid = 0, pk_nid = 0, md_nid = 0; | 2053 | int signature_nid = 0, pk_nid = 0, md_nid = 0; |
| 2024 | 2054 | ||
| 2025 | if (c == NULL) return; | 2055 | if (c == NULL) |
| 2056 | return; | ||
| 2026 | 2057 | ||
| 2027 | kl=SSL_C_EXPORT_PKEYLENGTH(cipher); | 2058 | kl = SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 2028 | 2059 | ||
| 2029 | #ifndef OPENSSL_NO_RSA | 2060 | #ifndef OPENSSL_NO_RSA |
| 2030 | rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); | 2061 | rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); |
| 2031 | rsa_tmp_export=(c->rsa_tmp_cb != NULL || | 2062 | rsa_tmp_export = (c->rsa_tmp_cb != NULL || |
| 2032 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); | 2063 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); |
| 2033 | #else | 2064 | #else |
| 2034 | rsa_tmp=rsa_tmp_export=0; | 2065 | rsa_tmp = rsa_tmp_export = 0; |
| 2035 | #endif | 2066 | #endif |
| 2036 | #ifndef OPENSSL_NO_DH | 2067 | #ifndef OPENSSL_NO_DH |
| 2037 | dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); | 2068 | dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); |
| 2038 | dh_tmp_export=(c->dh_tmp_cb != NULL || | 2069 | dh_tmp_export = (c->dh_tmp_cb != NULL || |
| 2039 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); | 2070 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); |
| 2040 | #else | 2071 | #else |
| 2041 | dh_tmp=dh_tmp_export=0; | 2072 | dh_tmp = dh_tmp_export = 0; |
| 2042 | #endif | 2073 | #endif |
| 2043 | 2074 | ||
| 2044 | #ifndef OPENSSL_NO_ECDH | 2075 | #ifndef OPENSSL_NO_ECDH |
| 2045 | have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); | 2076 | have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); |
| 2046 | #endif | 2077 | #endif |
| 2047 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | 2078 | cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); |
| 2048 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2079 | rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2049 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2080 | rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2050 | cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); | 2081 | cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); |
| 2051 | rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2082 | rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2052 | cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); | 2083 | cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); |
| 2053 | dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2084 | dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2054 | cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); | 2085 | cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); |
| 2055 | dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2086 | dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2056 | dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2087 | dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2057 | cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); | 2088 | cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); |
| 2058 | /* FIX THIS EAY EAY EAY */ | 2089 | /* FIX THIS EAY EAY EAY */ |
| 2059 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2090 | dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2060 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2091 | dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2061 | cpk= &(c->pkeys[SSL_PKEY_ECC]); | 2092 | cpk = &(c->pkeys[SSL_PKEY_ECC]); |
| 2062 | have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2093 | have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2063 | mask_k=0; | 2094 | mask_k = 0; |
| 2064 | mask_a=0; | 2095 | mask_a = 0; |
| 2065 | emask_k=0; | 2096 | emask_k = 0; |
| 2066 | emask_a=0; | 2097 | emask_a = 0; |
| 2098 | |||
| 2067 | 2099 | ||
| 2068 | |||
| 2069 | 2100 | ||
| 2070 | #ifdef CIPHER_DEBUG | 2101 | #ifdef CIPHER_DEBUG |
| 2071 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", | 2102 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", |
| 2072 | rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, | 2103 | rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, |
| 2073 | rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); | 2104 | rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); |
| 2074 | #endif | 2105 | #endif |
| 2075 | 2106 | ||
| 2076 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); | 2107 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); |
| 2077 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { | 2108 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { |
| 2078 | mask_k |= SSL_kGOST; | 2109 | mask_k |= SSL_kGOST; |
| @@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2091 | 2122 | ||
| 2092 | #if 0 | 2123 | #if 0 |
| 2093 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ | 2124 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ |
| 2094 | if ( (dh_tmp || dh_rsa || dh_dsa) && | 2125 | if ((dh_tmp || dh_rsa || dh_dsa) && |
| 2095 | (rsa_enc || rsa_sign || dsa_sign)) | 2126 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2096 | mask_k|=SSL_kEDH; | 2127 | mask_k|=SSL_kEDH; |
| 2097 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && | 2128 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && |
| 2098 | (rsa_enc || rsa_sign || dsa_sign)) | 2129 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2099 | emask_k|=SSL_kEDH; | 2130 | emask_k|=SSL_kEDH; |
| 2100 | #endif | 2131 | #endif |
| 2101 | 2132 | ||
| 2102 | if (dh_tmp_export) | 2133 | if (dh_tmp_export) |
| @@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2105 | if (dh_tmp) | 2136 | if (dh_tmp) |
| 2106 | mask_k|=SSL_kEDH; | 2137 | mask_k|=SSL_kEDH; |
| 2107 | 2138 | ||
| 2108 | if (dh_rsa) mask_k|=SSL_kDHr; | 2139 | if (dh_rsa) |
| 2109 | if (dh_rsa_export) emask_k|=SSL_kDHr; | 2140 | mask_k|=SSL_kDHr; |
| 2141 | if (dh_rsa_export) | ||
| 2142 | emask_k|=SSL_kDHr; | ||
| 2110 | 2143 | ||
| 2111 | if (dh_dsa) mask_k|=SSL_kDHd; | 2144 | if (dh_dsa) |
| 2112 | if (dh_dsa_export) emask_k|=SSL_kDHd; | 2145 | mask_k|=SSL_kDHd; |
| 2146 | if (dh_dsa_export) | ||
| 2147 | emask_k|=SSL_kDHd; | ||
| 2113 | 2148 | ||
| 2114 | if (rsa_enc || rsa_sign) | 2149 | if (rsa_enc || rsa_sign) { |
| 2115 | { | ||
| 2116 | mask_a|=SSL_aRSA; | 2150 | mask_a|=SSL_aRSA; |
| 2117 | emask_a|=SSL_aRSA; | 2151 | emask_a|=SSL_aRSA; |
| 2118 | } | 2152 | } |
| 2119 | 2153 | ||
| 2120 | if (dsa_sign) | 2154 | if (dsa_sign) { |
| 2121 | { | ||
| 2122 | mask_a|=SSL_aDSS; | 2155 | mask_a|=SSL_aDSS; |
| 2123 | emask_a|=SSL_aDSS; | 2156 | emask_a|=SSL_aDSS; |
| 2124 | } | 2157 | } |
| 2125 | 2158 | ||
| 2126 | mask_a|=SSL_aNULL; | 2159 | mask_a|=SSL_aNULL; |
| 2127 | emask_a|=SSL_aNULL; | 2160 | emask_a|=SSL_aNULL; |
| @@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2136 | /* An ECC certificate may be usable for ECDH and/or | 2169 | /* An ECC certificate may be usable for ECDH and/or |
| 2137 | * ECDSA cipher suites depending on the key usage extension. | 2170 | * ECDSA cipher suites depending on the key usage extension. |
| 2138 | */ | 2171 | */ |
| 2139 | if (have_ecc_cert) | 2172 | if (have_ecc_cert) { |
| 2140 | { | ||
| 2141 | /* This call populates extension flags (ex_flags) */ | 2173 | /* This call populates extension flags (ex_flags) */ |
| 2142 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | 2174 | x = (c->pkeys[SSL_PKEY_ECC]).x509; |
| 2143 | X509_check_purpose(x, -1, 0); | 2175 | X509_check_purpose(x, -1, 0); |
| 2144 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2176 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2145 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | 2177 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; |
| 2146 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2178 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2147 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | 2179 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; |
| 2148 | ecc_pkey = X509_get_pubkey(x); | 2180 | ecc_pkey = X509_get_pubkey(x); |
| 2149 | ecc_pkey_size = (ecc_pkey != NULL) ? | 2181 | ecc_pkey_size = (ecc_pkey != NULL) ? |
| 2150 | EVP_PKEY_bits(ecc_pkey) : 0; | 2182 | EVP_PKEY_bits(ecc_pkey) : 0; |
| 2151 | EVP_PKEY_free(ecc_pkey); | 2183 | EVP_PKEY_free(ecc_pkey); |
| 2152 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2184 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2153 | { | ||
| 2154 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2185 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2155 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2186 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2156 | } | 2187 | } |
| 2157 | #ifndef OPENSSL_NO_ECDH | 2188 | #ifndef OPENSSL_NO_ECDH |
| 2158 | if (ecdh_ok) | 2189 | if (ecdh_ok) { |
| 2159 | { | ||
| 2160 | 2190 | ||
| 2161 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) | 2191 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { |
| 2162 | { | ||
| 2163 | mask_k|=SSL_kECDHr; | 2192 | mask_k|=SSL_kECDHr; |
| 2164 | mask_a|=SSL_aECDH; | 2193 | mask_a|=SSL_aECDH; |
| 2165 | if (ecc_pkey_size <= 163) | 2194 | if (ecc_pkey_size <= 163) { |
| 2166 | { | ||
| 2167 | emask_k|=SSL_kECDHr; | 2195 | emask_k|=SSL_kECDHr; |
| 2168 | emask_a|=SSL_aECDH; | 2196 | emask_a|=SSL_aECDH; |
| 2169 | } | ||
| 2170 | } | 2197 | } |
| 2198 | } | ||
| 2171 | 2199 | ||
| 2172 | if (pk_nid == NID_X9_62_id_ecPublicKey) | 2200 | if (pk_nid == NID_X9_62_id_ecPublicKey) { |
| 2173 | { | ||
| 2174 | mask_k|=SSL_kECDHe; | 2201 | mask_k|=SSL_kECDHe; |
| 2175 | mask_a|=SSL_aECDH; | 2202 | mask_a|=SSL_aECDH; |
| 2176 | if (ecc_pkey_size <= 163) | 2203 | if (ecc_pkey_size <= 163) { |
| 2177 | { | ||
| 2178 | emask_k|=SSL_kECDHe; | 2204 | emask_k|=SSL_kECDHe; |
| 2179 | emask_a|=SSL_aECDH; | 2205 | emask_a|=SSL_aECDH; |
| 2180 | } | ||
| 2181 | } | 2206 | } |
| 2182 | } | 2207 | } |
| 2208 | } | ||
| 2183 | #endif | 2209 | #endif |
| 2184 | #ifndef OPENSSL_NO_ECDSA | 2210 | #ifndef OPENSSL_NO_ECDSA |
| 2185 | if (ecdsa_ok) | 2211 | if (ecdsa_ok) { |
| 2186 | { | ||
| 2187 | mask_a|=SSL_aECDSA; | 2212 | mask_a|=SSL_aECDSA; |
| 2188 | emask_a|=SSL_aECDSA; | 2213 | emask_a|=SSL_aECDSA; |
| 2189 | } | ||
| 2190 | #endif | ||
| 2191 | } | 2214 | } |
| 2215 | #endif | ||
| 2216 | } | ||
| 2192 | 2217 | ||
| 2193 | #ifndef OPENSSL_NO_ECDH | 2218 | #ifndef OPENSSL_NO_ECDH |
| 2194 | if (have_ecdh_tmp) | 2219 | if (have_ecdh_tmp) { |
| 2195 | { | ||
| 2196 | mask_k|=SSL_kEECDH; | 2220 | mask_k|=SSL_kEECDH; |
| 2197 | emask_k|=SSL_kEECDH; | 2221 | emask_k|=SSL_kEECDH; |
| 2198 | } | 2222 | } |
| 2199 | #endif | 2223 | #endif |
| 2200 | 2224 | ||
| 2201 | #ifndef OPENSSL_NO_PSK | 2225 | #ifndef OPENSSL_NO_PSK |
| @@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2205 | emask_a |= SSL_aPSK; | 2229 | emask_a |= SSL_aPSK; |
| 2206 | #endif | 2230 | #endif |
| 2207 | 2231 | ||
| 2208 | c->mask_k=mask_k; | 2232 | c->mask_k = mask_k; |
| 2209 | c->mask_a=mask_a; | 2233 | c->mask_a = mask_a; |
| 2210 | c->export_mask_k=emask_k; | 2234 | c->export_mask_k = emask_k; |
| 2211 | c->export_mask_a=emask_a; | 2235 | c->export_mask_a = emask_a; |
| 2212 | c->valid=1; | 2236 | c->valid = 1; |
| 2213 | } | 2237 | } |
| 2214 | 2238 | ||
| 2215 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | 2239 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ |
| 2216 | #define ku_reject(x, usage) \ | 2240 | #define ku_reject(x, usage) \ |
| @@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2218 | 2242 | ||
| 2219 | #ifndef OPENSSL_NO_EC | 2243 | #ifndef OPENSSL_NO_EC |
| 2220 | 2244 | ||
| 2221 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | 2245 | int |
| 2222 | { | 2246 | ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) |
| 2247 | { | ||
| 2223 | unsigned long alg_k, alg_a; | 2248 | unsigned long alg_k, alg_a; |
| 2224 | EVP_PKEY *pkey = NULL; | 2249 | EVP_PKEY *pkey = NULL; |
| 2225 | int keysize = 0; | 2250 | int keysize = 0; |
| @@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | |||
| 2229 | alg_k = cs->algorithm_mkey; | 2254 | alg_k = cs->algorithm_mkey; |
| 2230 | alg_a = cs->algorithm_auth; | 2255 | alg_a = cs->algorithm_auth; |
| 2231 | 2256 | ||
| 2232 | if (SSL_C_IS_EXPORT(cs)) | 2257 | if (SSL_C_IS_EXPORT(cs)) { |
| 2233 | { | ||
| 2234 | /* ECDH key length in export ciphers must be <= 163 bits */ | 2258 | /* ECDH key length in export ciphers must be <= 163 bits */ |
| 2235 | pkey = X509_get_pubkey(x); | 2259 | pkey = X509_get_pubkey(x); |
| 2236 | if (pkey == NULL) return 0; | 2260 | if (pkey == NULL) |
| 2261 | return 0; | ||
| 2237 | keysize = EVP_PKEY_bits(pkey); | 2262 | keysize = EVP_PKEY_bits(pkey); |
| 2238 | EVP_PKEY_free(pkey); | 2263 | EVP_PKEY_free(pkey); |
| 2239 | if (keysize > 163) return 0; | 2264 | if (keysize > 163) |
| 2240 | } | 2265 | return 0; |
| 2266 | } | ||
| 2241 | 2267 | ||
| 2242 | /* This call populates the ex_flags field correctly */ | 2268 | /* This call populates the ex_flags field correctly */ |
| 2243 | X509_check_purpose(x, -1, 0); | 2269 | X509_check_purpose(x, -1, 0); |
| 2244 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2270 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2245 | { | ||
| 2246 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2271 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2247 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2272 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2248 | } | 2273 | } |
| 2249 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) | 2274 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { |
| 2250 | { | ||
| 2251 | /* key usage, if present, must allow key agreement */ | 2275 | /* key usage, if present, must allow key agreement */ |
| 2252 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) | 2276 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { |
| 2253 | { | ||
| 2254 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); | 2277 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); |
| 2255 | return 0; | 2278 | return 0; |
| 2256 | } | 2279 | } |
| 2257 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) | 2280 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2258 | { | ||
| 2259 | /* signature alg must be ECDSA */ | 2281 | /* signature alg must be ECDSA */ |
| 2260 | if (pk_nid != NID_X9_62_id_ecPublicKey) | 2282 | if (pk_nid != NID_X9_62_id_ecPublicKey) { |
| 2261 | { | ||
| 2262 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); | 2283 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); |
| 2263 | return 0; | 2284 | return 0; |
| 2264 | } | ||
| 2265 | } | 2285 | } |
| 2266 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) | 2286 | } |
| 2267 | { | 2287 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2268 | /* signature alg must be RSA */ | 2288 | /* signature alg must be RSA */ |
| 2269 | 2289 | ||
| 2270 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) | 2290 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { |
| 2271 | { | ||
| 2272 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); | 2291 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); |
| 2273 | return 0; | 2292 | return 0; |
| 2274 | } | ||
| 2275 | } | 2293 | } |
| 2276 | } | 2294 | } |
| 2277 | if (alg_a & SSL_aECDSA) | 2295 | } |
| 2278 | { | 2296 | if (alg_a & SSL_aECDSA) { |
| 2279 | /* key usage, if present, must allow signing */ | 2297 | /* key usage, if present, must allow signing */ |
| 2280 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) | 2298 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { |
| 2281 | { | ||
| 2282 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); | 2299 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); |
| 2283 | return 0; | 2300 | return 0; |
| 2284 | } | ||
| 2285 | } | 2301 | } |
| 2286 | |||
| 2287 | return 1; /* all checks are ok */ | ||
| 2288 | } | 2302 | } |
| 2289 | 2303 | ||
| 2304 | return 1; | ||
| 2305 | /* all checks are ok */ | ||
| 2306 | } | ||
| 2307 | |||
| 2290 | #endif | 2308 | #endif |
| 2291 | 2309 | ||
| 2292 | /* THIS NEEDS CLEANING UP */ | 2310 | /* THIS NEEDS CLEANING UP */ |
| 2293 | CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | 2311 | CERT_PKEY |
| 2294 | { | 2312 | *ssl_get_server_send_pkey(const SSL *s) |
| 2295 | unsigned long alg_k,alg_a; | 2313 | { |
| 2314 | unsigned long alg_k, alg_a; | ||
| 2296 | CERT *c; | 2315 | CERT *c; |
| 2297 | int i; | 2316 | int i; |
| 2298 | 2317 | ||
| 2299 | c=s->cert; | 2318 | c = s->cert; |
| 2300 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); | 2319 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); |
| 2301 | 2320 | ||
| 2302 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2321 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 2303 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2322 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 2304 | 2323 | ||
| 2305 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) | 2324 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { |
| 2306 | { | ||
| 2307 | /* we don't need to look at SSL_kEECDH | 2325 | /* we don't need to look at SSL_kEECDH |
| 2308 | * since no certificate is needed for | 2326 | * since no certificate is needed for |
| 2309 | * anon ECDH and for authenticated | 2327 | * anon ECDH and for authenticated |
| @@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | |||
| 2315 | * checks for SSL_kECDH before RSA | 2333 | * checks for SSL_kECDH before RSA |
| 2316 | * checks ensures the correct cert is chosen. | 2334 | * checks ensures the correct cert is chosen. |
| 2317 | */ | 2335 | */ |
| 2318 | i=SSL_PKEY_ECC; | 2336 | i = SSL_PKEY_ECC; |
| 2319 | } | 2337 | } else if (alg_a & SSL_aECDSA) { |
| 2320 | else if (alg_a & SSL_aECDSA) | 2338 | i = SSL_PKEY_ECC; |
| 2321 | { | 2339 | } else if (alg_k & SSL_kDHr) |
| 2322 | i=SSL_PKEY_ECC; | 2340 | i = SSL_PKEY_DH_RSA; |
| 2323 | } | ||
| 2324 | else if (alg_k & SSL_kDHr) | ||
| 2325 | i=SSL_PKEY_DH_RSA; | ||
| 2326 | else if (alg_k & SSL_kDHd) | 2341 | else if (alg_k & SSL_kDHd) |
| 2327 | i=SSL_PKEY_DH_DSA; | 2342 | i = SSL_PKEY_DH_DSA; |
| 2328 | else if (alg_a & SSL_aDSS) | 2343 | else if (alg_a & SSL_aDSS) |
| 2329 | i=SSL_PKEY_DSA_SIGN; | 2344 | i = SSL_PKEY_DSA_SIGN; |
| 2330 | else if (alg_a & SSL_aRSA) | 2345 | else if (alg_a & SSL_aRSA) { |
| 2331 | { | ||
| 2332 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) | 2346 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) |
| 2333 | i=SSL_PKEY_RSA_SIGN; | 2347 | i = SSL_PKEY_RSA_SIGN; |
| 2334 | else | 2348 | else |
| 2335 | i=SSL_PKEY_RSA_ENC; | 2349 | i = SSL_PKEY_RSA_ENC; |
| 2336 | } | 2350 | } else if (alg_a & SSL_aKRB5) { |
| 2337 | else if (alg_a & SSL_aKRB5) | ||
| 2338 | { | ||
| 2339 | /* VRS something else here? */ | 2351 | /* VRS something else here? */ |
| 2340 | return(NULL); | 2352 | return (NULL); |
| 2341 | } | 2353 | } else if (alg_a & SSL_aGOST94) |
| 2342 | else if (alg_a & SSL_aGOST94) | 2354 | i = SSL_PKEY_GOST94; |
| 2343 | i=SSL_PKEY_GOST94; | ||
| 2344 | else if (alg_a & SSL_aGOST01) | 2355 | else if (alg_a & SSL_aGOST01) |
| 2345 | i=SSL_PKEY_GOST01; | 2356 | i = SSL_PKEY_GOST01; |
| 2346 | else /* if (alg_a & SSL_aNULL) */ | 2357 | else /* if (alg_a & SSL_aNULL) */ |
| 2347 | { | 2358 | { |
| 2348 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); | 2359 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); |
| 2349 | return(NULL); | 2360 | return (NULL); |
| 2350 | } | 2361 | } |
| 2351 | 2362 | ||
| 2352 | return c->pkeys + i; | 2363 | return c->pkeys + i; |
| 2353 | } | 2364 | } |
| 2354 | 2365 | ||
| 2355 | X509 *ssl_get_server_send_cert(const SSL *s) | 2366 | X509 |
| 2356 | { | 2367 | *ssl_get_server_send_cert(const SSL *s) |
| 2368 | { | ||
| 2357 | CERT_PKEY *cpk; | 2369 | CERT_PKEY *cpk; |
| 2358 | cpk = ssl_get_server_send_pkey(s); | 2370 | cpk = ssl_get_server_send_pkey(s); |
| 2359 | if (!cpk) | 2371 | if (!cpk) |
| 2360 | return NULL; | 2372 | return NULL; |
| 2361 | return cpk->x509; | 2373 | return cpk->x509; |
| 2362 | } | 2374 | } |
| 2363 | 2375 | ||
| 2364 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) | 2376 | EVP_PKEY |
| 2365 | { | 2377 | *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) |
| 2378 | { | ||
| 2366 | unsigned long alg_a; | 2379 | unsigned long alg_a; |
| 2367 | CERT *c; | 2380 | CERT *c; |
| 2368 | int idx = -1; | 2381 | int idx = -1; |
| 2369 | 2382 | ||
| 2370 | alg_a = cipher->algorithm_auth; | 2383 | alg_a = cipher->algorithm_auth; |
| 2371 | c=s->cert; | 2384 | c = s->cert; |
| 2372 | 2385 | ||
| 2373 | if ((alg_a & SSL_aDSS) && | 2386 | if ((alg_a & SSL_aDSS) && |
| 2374 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) | 2387 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) |
| 2375 | idx = SSL_PKEY_DSA_SIGN; | 2388 | idx = SSL_PKEY_DSA_SIGN; |
| 2376 | else if (alg_a & SSL_aRSA) | 2389 | else if (alg_a & SSL_aRSA) { |
| 2377 | { | ||
| 2378 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) | 2390 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) |
| 2379 | idx = SSL_PKEY_RSA_SIGN; | 2391 | idx = SSL_PKEY_RSA_SIGN; |
| 2380 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) | 2392 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) |
| 2381 | idx = SSL_PKEY_RSA_ENC; | 2393 | idx = SSL_PKEY_RSA_ENC; |
| 2382 | } | 2394 | } else if ((alg_a & SSL_aECDSA) && |
| 2383 | else if ((alg_a & SSL_aECDSA) && | 2395 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) |
| 2384 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | 2396 | idx = SSL_PKEY_ECC; |
| 2385 | idx = SSL_PKEY_ECC; | 2397 | if (idx == -1) { |
| 2386 | if (idx == -1) | 2398 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); |
| 2387 | { | 2399 | return (NULL); |
| 2388 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); | 2400 | } |
| 2389 | return(NULL); | ||
| 2390 | } | ||
| 2391 | if (pmd) | 2401 | if (pmd) |
| 2392 | *pmd = c->pkeys[idx].digest; | 2402 | *pmd = c->pkeys[idx].digest; |
| 2393 | return c->pkeys[idx].privatekey; | 2403 | return c->pkeys[idx].privatekey; |
| 2394 | } | 2404 | } |
| 2395 | 2405 | ||
| 2396 | void ssl_update_cache(SSL *s,int mode) | 2406 | void |
| 2397 | { | 2407 | ssl_update_cache(SSL *s, int mode) |
| 2408 | { | ||
| 2398 | int i; | 2409 | int i; |
| 2399 | 2410 | ||
| 2400 | /* If the session_id_length is 0, we are not supposed to cache it, | 2411 | /* If the session_id_length is 0, we are not supposed to cache it, |
| 2401 | * and it would be rather hard to do anyway :-) */ | 2412 | * and it would be rather hard to do anyway :-) */ |
| 2402 | if (s->session->session_id_length == 0) return; | 2413 | if (s->session->session_id_length == 0) |
| 2414 | return; | ||
| 2403 | 2415 | ||
| 2404 | i=s->session_ctx->session_cache_mode; | 2416 | i = s->session_ctx->session_cache_mode; |
| 2405 | if ((i & mode) && (!s->hit) | 2417 | if ((i & mode) && (!s->hit) |
| 2406 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | 2418 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 2407 | || SSL_CTX_add_session(s->session_ctx,s->session)) | 2419 | || SSL_CTX_add_session(s->session_ctx, s->session)) |
| 2408 | && (s->session_ctx->new_session_cb != NULL)) | 2420 | && (s->session_ctx->new_session_cb != NULL)) { |
| 2409 | { | 2421 | CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 2410 | CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); | 2422 | if (!s->session_ctx->new_session_cb(s, s->session)) |
| 2411 | if (!s->session_ctx->new_session_cb(s,s->session)) | ||
| 2412 | SSL_SESSION_free(s->session); | 2423 | SSL_SESSION_free(s->session); |
| 2413 | } | 2424 | } |
| 2414 | 2425 | ||
| 2415 | /* auto flush every 255 connections */ | 2426 | /* auto flush every 255 connections */ |
| 2416 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && | 2427 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && |
| 2417 | ((i & mode) == mode)) | 2428 | ((i & mode) == mode)) { |
| 2418 | { | 2429 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2419 | if ( (((mode & SSL_SESS_CACHE_CLIENT) | ||
| 2420 | ?s->session_ctx->stats.sess_connect_good | 2430 | ?s->session_ctx->stats.sess_connect_good |
| 2421 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) | 2431 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2422 | { | ||
| 2423 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2432 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); |
| 2424 | } | ||
| 2425 | } | 2433 | } |
| 2426 | } | 2434 | } |
| 2435 | } | ||
| 2427 | 2436 | ||
| 2428 | const SSL_METHOD *SSL_get_ssl_method(SSL *s) | 2437 | const SSL_METHOD |
| 2429 | { | 2438 | *SSL_get_ssl_method(SSL *s) |
| 2430 | return(s->method); | 2439 | { |
| 2431 | } | 2440 | return (s->method); |
| 2441 | } | ||
| 2432 | 2442 | ||
| 2433 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) | 2443 | int |
| 2434 | { | 2444 | SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) |
| 2435 | int conn= -1; | 2445 | { |
| 2436 | int ret=1; | 2446 | int conn = -1; |
| 2447 | int ret = 1; | ||
| 2437 | 2448 | ||
| 2438 | if (s->method != meth) | 2449 | if (s->method != meth) { |
| 2439 | { | ||
| 2440 | if (s->handshake_func != NULL) | 2450 | if (s->handshake_func != NULL) |
| 2441 | conn=(s->handshake_func == s->method->ssl_connect); | 2451 | conn = (s->handshake_func == s->method->ssl_connect); |
| 2442 | 2452 | ||
| 2443 | if (s->method->version == meth->version) | 2453 | if (s->method->version == meth->version) |
| 2444 | s->method=meth; | 2454 | s->method = meth; |
| 2445 | else | 2455 | else { |
| 2446 | { | ||
| 2447 | s->method->ssl_free(s); | 2456 | s->method->ssl_free(s); |
| 2448 | s->method=meth; | 2457 | s->method = meth; |
| 2449 | ret=s->method->ssl_new(s); | 2458 | ret = s->method->ssl_new(s); |
| 2450 | } | 2459 | } |
| 2451 | 2460 | ||
| 2452 | if (conn == 1) | 2461 | if (conn == 1) |
| 2453 | s->handshake_func=meth->ssl_connect; | 2462 | s->handshake_func = meth->ssl_connect; |
| 2454 | else if (conn == 0) | 2463 | else if (conn == 0) |
| 2455 | s->handshake_func=meth->ssl_accept; | 2464 | s->handshake_func = meth->ssl_accept; |
| 2456 | } | ||
| 2457 | return(ret); | ||
| 2458 | } | 2465 | } |
| 2466 | return (ret); | ||
| 2467 | } | ||
| 2459 | 2468 | ||
| 2460 | int SSL_get_error(const SSL *s,int i) | 2469 | int |
| 2461 | { | 2470 | SSL_get_error(const SSL *s, int i) |
| 2471 | { | ||
| 2462 | int reason; | 2472 | int reason; |
| 2463 | unsigned long l; | 2473 | unsigned long l; |
| 2464 | BIO *bio; | 2474 | BIO *bio; |
| 2465 | 2475 | ||
| 2466 | if (i > 0) return(SSL_ERROR_NONE); | 2476 | if (i > 0) |
| 2477 | return (SSL_ERROR_NONE); | ||
| 2467 | 2478 | ||
| 2468 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake | 2479 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake |
| 2469 | * etc, where we do encode the error */ | 2480 | * etc, where we do encode the error */ |
| 2470 | if ((l=ERR_peek_error()) != 0) | 2481 | if ((l = ERR_peek_error()) != 0) { |
| 2471 | { | ||
| 2472 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) | 2482 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) |
| 2473 | return(SSL_ERROR_SYSCALL); | 2483 | return (SSL_ERROR_SYSCALL); |
| 2474 | else | 2484 | else |
| 2475 | return(SSL_ERROR_SSL); | 2485 | return (SSL_ERROR_SSL); |
| 2476 | } | 2486 | } |
| 2477 | 2487 | ||
| 2478 | if ((i < 0) && SSL_want_read(s)) | 2488 | if ((i < 0) && SSL_want_read(s)) { |
| 2479 | { | 2489 | bio = SSL_get_rbio(s); |
| 2480 | bio=SSL_get_rbio(s); | ||
| 2481 | if (BIO_should_read(bio)) | 2490 | if (BIO_should_read(bio)) |
| 2482 | return(SSL_ERROR_WANT_READ); | 2491 | return (SSL_ERROR_WANT_READ); |
| 2483 | else if (BIO_should_write(bio)) | 2492 | else if (BIO_should_write(bio)) |
| 2484 | /* This one doesn't make too much sense ... We never try | 2493 | /* This one doesn't make too much sense ... We never try |
| 2485 | * to write to the rbio, and an application program where | 2494 | * to write to the rbio, and an application program where |
| @@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i) | |||
| 2490 | * SSL_want_write(s)) and rbio and wbio *are* the same, | 2499 | * SSL_want_write(s)) and rbio and wbio *are* the same, |
| 2491 | * this test works around that bug; so it might be safer | 2500 | * this test works around that bug; so it might be safer |
| 2492 | * to keep it. */ | 2501 | * to keep it. */ |
| 2493 | return(SSL_ERROR_WANT_WRITE); | 2502 | return (SSL_ERROR_WANT_WRITE); |
| 2494 | else if (BIO_should_io_special(bio)) | 2503 | else if (BIO_should_io_special(bio)) { |
| 2495 | { | 2504 | reason = BIO_get_retry_reason(bio); |
| 2496 | reason=BIO_get_retry_reason(bio); | ||
| 2497 | if (reason == BIO_RR_CONNECT) | 2505 | if (reason == BIO_RR_CONNECT) |
| 2498 | return(SSL_ERROR_WANT_CONNECT); | 2506 | return (SSL_ERROR_WANT_CONNECT); |
| 2499 | else if (reason == BIO_RR_ACCEPT) | 2507 | else if (reason == BIO_RR_ACCEPT) |
| 2500 | return(SSL_ERROR_WANT_ACCEPT); | 2508 | return (SSL_ERROR_WANT_ACCEPT); |
| 2501 | else | 2509 | else |
| 2502 | return(SSL_ERROR_SYSCALL); /* unknown */ | 2510 | return(SSL_ERROR_SYSCALL); /* unknown */ |
| 2503 | } | ||
| 2504 | } | 2511 | } |
| 2512 | } | ||
| 2505 | 2513 | ||
| 2506 | if ((i < 0) && SSL_want_write(s)) | 2514 | if ((i < 0) && SSL_want_write(s)) { |
| 2507 | { | 2515 | bio = SSL_get_wbio(s); |
| 2508 | bio=SSL_get_wbio(s); | ||
| 2509 | if (BIO_should_write(bio)) | 2516 | if (BIO_should_write(bio)) |
| 2510 | return(SSL_ERROR_WANT_WRITE); | 2517 | return (SSL_ERROR_WANT_WRITE); |
| 2511 | else if (BIO_should_read(bio)) | 2518 | else if (BIO_should_read(bio)) |
| 2512 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ | 2519 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ |
| 2513 | return(SSL_ERROR_WANT_READ); | 2520 | return (SSL_ERROR_WANT_READ); |
| 2514 | else if (BIO_should_io_special(bio)) | 2521 | else if (BIO_should_io_special(bio)) { |
| 2515 | { | 2522 | reason = BIO_get_retry_reason(bio); |
| 2516 | reason=BIO_get_retry_reason(bio); | ||
| 2517 | if (reason == BIO_RR_CONNECT) | 2523 | if (reason == BIO_RR_CONNECT) |
| 2518 | return(SSL_ERROR_WANT_CONNECT); | 2524 | return (SSL_ERROR_WANT_CONNECT); |
| 2519 | else if (reason == BIO_RR_ACCEPT) | 2525 | else if (reason == BIO_RR_ACCEPT) |
| 2520 | return(SSL_ERROR_WANT_ACCEPT); | 2526 | return (SSL_ERROR_WANT_ACCEPT); |
| 2521 | else | 2527 | else |
| 2522 | return(SSL_ERROR_SYSCALL); | 2528 | return (SSL_ERROR_SYSCALL); |
| 2523 | } | ||
| 2524 | } | ||
| 2525 | if ((i < 0) && SSL_want_x509_lookup(s)) | ||
| 2526 | { | ||
| 2527 | return(SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2528 | } | 2529 | } |
| 2530 | } | ||
| 2531 | if ((i < 0) && SSL_want_x509_lookup(s)) { | ||
| 2532 | return (SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2533 | } | ||
| 2529 | 2534 | ||
| 2530 | if (i == 0) | 2535 | if (i == 0) { |
| 2531 | { | 2536 | if (s->version == SSL2_VERSION) { |
| 2532 | if (s->version == SSL2_VERSION) | ||
| 2533 | { | ||
| 2534 | /* assume it is the socket being closed */ | 2537 | /* assume it is the socket being closed */ |
| 2535 | return(SSL_ERROR_ZERO_RETURN); | 2538 | return (SSL_ERROR_ZERO_RETURN); |
| 2536 | } | 2539 | } else { |
| 2537 | else | ||
| 2538 | { | ||
| 2539 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | 2540 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && |
| 2540 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) | 2541 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) |
| 2541 | return(SSL_ERROR_ZERO_RETURN); | 2542 | return (SSL_ERROR_ZERO_RETURN); |
| 2542 | } | ||
| 2543 | } | 2543 | } |
| 2544 | return(SSL_ERROR_SYSCALL); | ||
| 2545 | } | 2544 | } |
| 2545 | return (SSL_ERROR_SYSCALL); | ||
| 2546 | } | ||
| 2546 | 2547 | ||
| 2547 | int SSL_do_handshake(SSL *s) | 2548 | int |
| 2548 | { | 2549 | SSL_do_handshake(SSL *s) |
| 2549 | int ret=1; | 2550 | { |
| 2551 | int ret = 1; | ||
| 2550 | 2552 | ||
| 2551 | if (s->handshake_func == NULL) | 2553 | if (s->handshake_func == NULL) { |
| 2552 | { | 2554 | SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); |
| 2553 | SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); | 2555 | return (-1); |
| 2554 | return(-1); | 2556 | } |
| 2555 | } | ||
| 2556 | 2557 | ||
| 2557 | s->method->ssl_renegotiate_check(s); | 2558 | s->method->ssl_renegotiate_check(s); |
| 2558 | 2559 | ||
| 2559 | if (SSL_in_init(s) || SSL_in_before(s)) | 2560 | if (SSL_in_init(s) || SSL_in_before(s)) { |
| 2560 | { | 2561 | ret = s->handshake_func(s); |
| 2561 | ret=s->handshake_func(s); | ||
| 2562 | } | ||
| 2563 | return(ret); | ||
| 2564 | } | 2562 | } |
| 2563 | return (ret); | ||
| 2564 | } | ||
| 2565 | 2565 | ||
| 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so | 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so |
| 2567 | * one of these calls will reset it */ | 2567 | * one of these calls will reset it */ |
| 2568 | void SSL_set_accept_state(SSL *s) | 2568 | void |
| 2569 | { | 2569 | SSL_set_accept_state(SSL *s) |
| 2570 | s->server=1; | 2570 | { |
| 2571 | s->shutdown=0; | 2571 | s->server = 1; |
| 2572 | s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; | 2572 | s->shutdown = 0; |
| 2573 | s->handshake_func=s->method->ssl_accept; | 2573 | s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; |
| 2574 | s->handshake_func = s->method->ssl_accept; | ||
| 2574 | /* clear the current cipher */ | 2575 | /* clear the current cipher */ |
| 2575 | ssl_clear_cipher_ctx(s); | 2576 | ssl_clear_cipher_ctx(s); |
| 2576 | ssl_clear_hash_ctx(&s->read_hash); | 2577 | ssl_clear_hash_ctx(&s->read_hash); |
| 2577 | ssl_clear_hash_ctx(&s->write_hash); | 2578 | ssl_clear_hash_ctx(&s->write_hash); |
| 2578 | } | 2579 | } |
| 2579 | 2580 | ||
| 2580 | void SSL_set_connect_state(SSL *s) | 2581 | void |
| 2581 | { | 2582 | SSL_set_connect_state(SSL *s) |
| 2582 | s->server=0; | 2583 | { |
| 2583 | s->shutdown=0; | 2584 | s->server = 0; |
| 2584 | s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; | 2585 | s->shutdown = 0; |
| 2585 | s->handshake_func=s->method->ssl_connect; | 2586 | s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; |
| 2587 | s->handshake_func = s->method->ssl_connect; | ||
| 2586 | /* clear the current cipher */ | 2588 | /* clear the current cipher */ |
| 2587 | ssl_clear_cipher_ctx(s); | 2589 | ssl_clear_cipher_ctx(s); |
| 2588 | ssl_clear_hash_ctx(&s->read_hash); | 2590 | ssl_clear_hash_ctx(&s->read_hash); |
| 2589 | ssl_clear_hash_ctx(&s->write_hash); | 2591 | ssl_clear_hash_ctx(&s->write_hash); |
| 2590 | } | 2592 | } |
| 2591 | 2593 | ||
| 2592 | int ssl_undefined_function(SSL *s) | 2594 | int |
| 2593 | { | 2595 | ssl_undefined_function(SSL *s) |
| 2594 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2596 | { |
| 2595 | return(0); | 2597 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2596 | } | 2598 | return (0); |
| 2599 | } | ||
| 2597 | 2600 | ||
| 2598 | int ssl_undefined_void_function(void) | 2601 | int |
| 2599 | { | 2602 | ssl_undefined_void_function(void) |
| 2600 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2603 | { |
| 2601 | return(0); | 2604 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2602 | } | 2605 | return (0); |
| 2606 | } | ||
| 2603 | 2607 | ||
| 2604 | int ssl_undefined_const_function(const SSL *s) | 2608 | int |
| 2605 | { | 2609 | ssl_undefined_const_function(const SSL *s) |
| 2606 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2610 | { |
| 2607 | return(0); | 2611 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2608 | } | 2612 | return (0); |
| 2613 | } | ||
| 2609 | 2614 | ||
| 2610 | SSL_METHOD *ssl_bad_method(int ver) | 2615 | SSL_METHOD |
| 2611 | { | 2616 | *ssl_bad_method(int ver) |
| 2612 | SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2617 | { |
| 2613 | return(NULL); | 2618 | SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2614 | } | 2619 | return (NULL); |
| 2620 | } | ||
| 2615 | 2621 | ||
| 2616 | const char *SSL_get_version(const SSL *s) | 2622 | const char |
| 2617 | { | 2623 | *SSL_get_version(const SSL *s) |
| 2624 | { | ||
| 2618 | if (s->version == TLS1_2_VERSION) | 2625 | if (s->version == TLS1_2_VERSION) |
| 2619 | return("TLSv1.2"); | 2626 | return("TLSv1.2"); |
| 2620 | else if (s->version == TLS1_1_VERSION) | 2627 | else if (s->version == TLS1_1_VERSION) |
| @@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s) | |||
| 2627 | return("SSLv2"); | 2634 | return("SSLv2"); |
| 2628 | else | 2635 | else |
| 2629 | return("unknown"); | 2636 | return("unknown"); |
| 2630 | } | 2637 | } |
| 2631 | 2638 | ||
| 2632 | SSL *SSL_dup(SSL *s) | 2639 | SSL |
| 2633 | { | 2640 | *SSL_dup(SSL *s) |
| 2641 | { | ||
| 2634 | STACK_OF(X509_NAME) *sk; | 2642 | STACK_OF(X509_NAME) *sk; |
| 2635 | X509_NAME *xn; | 2643 | X509_NAME *xn; |
| 2636 | SSL *ret; | 2644 | SSL *ret; |
| 2637 | int i; | 2645 | int i; |
| 2638 | 2646 | ||
| 2639 | if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) | 2647 | if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) |
| 2640 | return(NULL); | 2648 | return (NULL); |
| 2641 | 2649 | ||
| 2642 | ret->version = s->version; | 2650 | ret->version = s->version; |
| 2643 | ret->type = s->type; | 2651 | ret->type = s->type; |
| 2644 | ret->method = s->method; | 2652 | ret->method = s->method; |
| 2645 | 2653 | ||
| 2646 | if (s->session != NULL) | 2654 | if (s->session != NULL) { |
| 2647 | { | ||
| 2648 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ | 2655 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ |
| 2649 | SSL_copy_session_id(ret,s); | 2656 | SSL_copy_session_id(ret, s); |
| 2650 | } | 2657 | } else { |
| 2651 | else | ||
| 2652 | { | ||
| 2653 | /* No session has been established yet, so we have to expect | 2658 | /* No session has been established yet, so we have to expect |
| 2654 | * that s->cert or ret->cert will be changed later -- | 2659 | * that s->cert or ret->cert will be changed later -- |
| 2655 | * they should not both point to the same object, | 2660 | * they should not both point to the same object, |
| @@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s) | |||
| 2659 | ret->method = s->method; | 2664 | ret->method = s->method; |
| 2660 | ret->method->ssl_new(ret); | 2665 | ret->method->ssl_new(ret); |
| 2661 | 2666 | ||
| 2662 | if (s->cert != NULL) | 2667 | if (s->cert != NULL) { |
| 2663 | { | 2668 | if (ret->cert != NULL) { |
| 2664 | if (ret->cert != NULL) | ||
| 2665 | { | ||
| 2666 | ssl_cert_free(ret->cert); | 2669 | ssl_cert_free(ret->cert); |
| 2667 | } | 2670 | } |
| 2668 | ret->cert = ssl_cert_dup(s->cert); | 2671 | ret->cert = ssl_cert_dup(s->cert); |
| 2669 | if (ret->cert == NULL) | 2672 | if (ret->cert == NULL) |
| 2670 | goto err; | 2673 | goto err; |
| 2671 | } | ||
| 2672 | |||
| 2673 | SSL_set_session_id_context(ret, | ||
| 2674 | s->sid_ctx, s->sid_ctx_length); | ||
| 2675 | } | 2674 | } |
| 2676 | 2675 | ||
| 2677 | ret->options=s->options; | 2676 | SSL_set_session_id_context(ret, |
| 2678 | ret->mode=s->mode; | 2677 | s->sid_ctx, s->sid_ctx_length); |
| 2679 | SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); | 2678 | } |
| 2680 | SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); | 2679 | |
| 2680 | ret->options = s->options; | ||
| 2681 | ret->mode = s->mode; | ||
| 2682 | SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); | ||
| 2683 | SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); | ||
| 2681 | ret->msg_callback = s->msg_callback; | 2684 | ret->msg_callback = s->msg_callback; |
| 2682 | ret->msg_callback_arg = s->msg_callback_arg; | 2685 | ret->msg_callback_arg = s->msg_callback_arg; |
| 2683 | SSL_set_verify(ret,SSL_get_verify_mode(s), | 2686 | SSL_set_verify(ret, SSL_get_verify_mode(s), |
| 2684 | SSL_get_verify_callback(s)); | 2687 | SSL_get_verify_callback(s)); |
| 2685 | SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); | 2688 | SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); |
| 2686 | ret->generate_session_id = s->generate_session_id; | 2689 | ret->generate_session_id = s->generate_session_id; |
| 2687 | 2690 | ||
| 2688 | SSL_set_info_callback(ret,SSL_get_info_callback(s)); | 2691 | SSL_set_info_callback(ret, SSL_get_info_callback(s)); |
| 2689 | 2692 | ||
| 2690 | ret->debug=s->debug; | 2693 | ret->debug = s->debug; |
| 2691 | 2694 | ||
| 2692 | /* copy app data, a little dangerous perhaps */ | 2695 | /* copy app data, a little dangerous perhaps */ |
| 2693 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) | 2696 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) |
| 2694 | goto err; | 2697 | goto err; |
| 2695 | 2698 | ||
| 2696 | /* setup rbio, and wbio */ | 2699 | /* setup rbio, and wbio */ |
| 2697 | if (s->rbio != NULL) | 2700 | if (s->rbio != NULL) { |
| 2698 | { | ||
| 2699 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) | 2701 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) |
| 2700 | goto err; | 2702 | goto err; |
| 2701 | } | 2703 | } |
| 2702 | if (s->wbio != NULL) | 2704 | if (s->wbio != NULL) { |
| 2703 | { | 2705 | if (s->wbio != s->rbio) { |
| 2704 | if (s->wbio != s->rbio) | ||
| 2705 | { | ||
| 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) | 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) |
| 2707 | goto err; | 2707 | goto err; |
| 2708 | } | 2708 | } else |
| 2709 | else | 2709 | ret->wbio = ret->rbio; |
| 2710 | ret->wbio=ret->rbio; | 2710 | } |
| 2711 | } | ||
| 2712 | ret->rwstate = s->rwstate; | 2711 | ret->rwstate = s->rwstate; |
| 2713 | ret->in_handshake = s->in_handshake; | 2712 | ret->in_handshake = s->in_handshake; |
| 2714 | ret->handshake_func = s->handshake_func; | 2713 | ret->handshake_func = s->handshake_func; |
| @@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s) | |||
| 2716 | ret->renegotiate = s->renegotiate; | 2715 | ret->renegotiate = s->renegotiate; |
| 2717 | ret->new_session = s->new_session; | 2716 | ret->new_session = s->new_session; |
| 2718 | ret->quiet_shutdown = s->quiet_shutdown; | 2717 | ret->quiet_shutdown = s->quiet_shutdown; |
| 2719 | ret->shutdown=s->shutdown; | 2718 | ret->shutdown = s->shutdown; |
| 2720 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ | 2719 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ |
| 2721 | ret->rstate=s->rstate; | 2720 | ret->rstate = s->rstate; |
| 2722 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | 2721 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ |
| 2723 | ret->hit=s->hit; | 2722 | ret->hit = s->hit; |
| 2724 | 2723 | ||
| 2725 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | 2724 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2726 | 2725 | ||
| 2727 | /* dup the cipher_list and cipher_list_by_id stacks */ | 2726 | /* dup the cipher_list and cipher_list_by_id stacks */ |
| 2728 | if (s->cipher_list != NULL) | 2727 | if (s->cipher_list != NULL) { |
| 2729 | { | 2728 | if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) |
| 2730 | if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | ||
| 2731 | goto err; | 2729 | goto err; |
| 2732 | } | 2730 | } |
| 2733 | if (s->cipher_list_by_id != NULL) | 2731 | if (s->cipher_list_by_id != NULL) |
| 2734 | if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) | 2732 | if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) |
| 2735 | == NULL) | 2733 | == NULL) |
| 2736 | goto err; | 2734 | goto err; |
| 2737 | 2735 | ||
| 2738 | /* Dup the client_CA list */ | 2736 | /* Dup the client_CA list */ |
| 2739 | if (s->client_CA != NULL) | 2737 | if (s->client_CA != NULL) { |
| 2740 | { | 2738 | if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; |
| 2741 | if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; | 2739 | ret->client_CA = sk; |
| 2742 | ret->client_CA=sk; | 2740 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 2743 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 2741 | xn = sk_X509_NAME_value(sk, i); |
| 2744 | { | 2742 | if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { |
| 2745 | xn=sk_X509_NAME_value(sk,i); | ||
| 2746 | if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) | ||
| 2747 | { | ||
| 2748 | X509_NAME_free(xn); | 2743 | X509_NAME_free(xn); |
| 2749 | goto err; | 2744 | goto err; |
| 2750 | } | ||
| 2751 | } | 2745 | } |
| 2752 | } | 2746 | } |
| 2747 | } | ||
| 2753 | 2748 | ||
| 2754 | if (0) | 2749 | if (0) { |
| 2755 | { | ||
| 2756 | err: | 2750 | err: |
| 2757 | if (ret != NULL) SSL_free(ret); | 2751 | if (ret != NULL) |
| 2758 | ret=NULL; | 2752 | SSL_free(ret); |
| 2759 | } | 2753 | ret = NULL; |
| 2760 | return(ret); | ||
| 2761 | } | 2754 | } |
| 2755 | return (ret); | ||
| 2756 | } | ||
| 2762 | 2757 | ||
| 2763 | void ssl_clear_cipher_ctx(SSL *s) | 2758 | void |
| 2764 | { | 2759 | ssl_clear_cipher_ctx(SSL *s) |
| 2765 | if (s->enc_read_ctx != NULL) | 2760 | { |
| 2766 | { | 2761 | if (s->enc_read_ctx != NULL) { |
| 2767 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); | 2762 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); |
| 2768 | OPENSSL_free(s->enc_read_ctx); | 2763 | OPENSSL_free(s->enc_read_ctx); |
| 2769 | s->enc_read_ctx=NULL; | 2764 | s->enc_read_ctx = NULL; |
| 2770 | } | 2765 | } |
| 2771 | if (s->enc_write_ctx != NULL) | 2766 | if (s->enc_write_ctx != NULL) { |
| 2772 | { | ||
| 2773 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); | 2767 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); |
| 2774 | OPENSSL_free(s->enc_write_ctx); | 2768 | OPENSSL_free(s->enc_write_ctx); |
| 2775 | s->enc_write_ctx=NULL; | 2769 | s->enc_write_ctx = NULL; |
| 2776 | } | 2770 | } |
| 2777 | #ifndef OPENSSL_NO_COMP | 2771 | #ifndef OPENSSL_NO_COMP |
| 2778 | if (s->expand != NULL) | 2772 | if (s->expand != NULL) { |
| 2779 | { | ||
| 2780 | COMP_CTX_free(s->expand); | 2773 | COMP_CTX_free(s->expand); |
| 2781 | s->expand=NULL; | 2774 | s->expand = NULL; |
| 2782 | } | 2775 | } |
| 2783 | if (s->compress != NULL) | 2776 | if (s->compress != NULL) { |
| 2784 | { | ||
| 2785 | COMP_CTX_free(s->compress); | 2777 | COMP_CTX_free(s->compress); |
| 2786 | s->compress=NULL; | 2778 | s->compress = NULL; |
| 2787 | } | ||
| 2788 | #endif | ||
| 2789 | } | 2779 | } |
| 2780 | #endif | ||
| 2781 | } | ||
| 2790 | 2782 | ||
| 2791 | /* Fix this function so that it takes an optional type parameter */ | 2783 | /* Fix this function so that it takes an optional type parameter */ |
| 2792 | X509 *SSL_get_certificate(const SSL *s) | 2784 | X509 |
| 2793 | { | 2785 | *SSL_get_certificate(const SSL *s) |
| 2786 | { | ||
| 2794 | if (s->cert != NULL) | 2787 | if (s->cert != NULL) |
| 2795 | return(s->cert->key->x509); | 2788 | return (s->cert->key->x509); |
| 2796 | else | 2789 | else |
| 2797 | return(NULL); | 2790 | return (NULL); |
| 2798 | } | 2791 | } |
| 2799 | 2792 | ||
| 2800 | /* Fix this function so that it takes an optional type parameter */ | 2793 | /* Fix this function so that it takes an optional type parameter */ |
| 2801 | EVP_PKEY *SSL_get_privatekey(SSL *s) | 2794 | EVP_PKEY |
| 2802 | { | 2795 | *SSL_get_privatekey(SSL *s) |
| 2796 | { | ||
| 2803 | if (s->cert != NULL) | 2797 | if (s->cert != NULL) |
| 2804 | return(s->cert->key->privatekey); | 2798 | return (s->cert->key->privatekey); |
| 2805 | else | 2799 | else |
| 2806 | return(NULL); | 2800 | return (NULL); |
| 2807 | } | 2801 | } |
| 2808 | 2802 | ||
| 2809 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) | 2803 | const SSL_CIPHER |
| 2810 | { | 2804 | *SSL_get_current_cipher(const SSL *s) |
| 2805 | { | ||
| 2811 | if ((s->session != NULL) && (s->session->cipher != NULL)) | 2806 | if ((s->session != NULL) && (s->session->cipher != NULL)) |
| 2812 | return(s->session->cipher); | 2807 | return (s->session->cipher); |
| 2813 | return(NULL); | 2808 | return (NULL); |
| 2814 | } | 2809 | } |
| 2815 | #ifdef OPENSSL_NO_COMP | 2810 | #ifdef OPENSSL_NO_COMP |
| 2816 | const void *SSL_get_current_compression(SSL *s) | 2811 | const void |
| 2817 | { | 2812 | *SSL_get_current_compression(SSL *s) |
| 2813 | { | ||
| 2818 | return NULL; | 2814 | return NULL; |
| 2819 | } | 2815 | } |
| 2820 | const void *SSL_get_current_expansion(SSL *s) | 2816 | |
| 2821 | { | 2817 | const void |
| 2818 | *SSL_get_current_expansion(SSL *s) | ||
| 2819 | { | ||
| 2822 | return NULL; | 2820 | return NULL; |
| 2823 | } | 2821 | } |
| 2824 | #else | 2822 | #else |
| 2825 | 2823 | ||
| 2826 | const COMP_METHOD *SSL_get_current_compression(SSL *s) | 2824 | const COMP_METHOD |
| 2827 | { | 2825 | *SSL_get_current_compression(SSL *s) |
| 2826 | { | ||
| 2828 | if (s->compress != NULL) | 2827 | if (s->compress != NULL) |
| 2829 | return(s->compress->meth); | 2828 | return (s->compress->meth); |
| 2830 | return(NULL); | 2829 | return (NULL); |
| 2831 | } | 2830 | } |
| 2832 | 2831 | ||
| 2833 | const COMP_METHOD *SSL_get_current_expansion(SSL *s) | 2832 | const COMP_METHOD |
| 2834 | { | 2833 | *SSL_get_current_expansion(SSL *s) |
| 2834 | { | ||
| 2835 | if (s->expand != NULL) | 2835 | if (s->expand != NULL) |
| 2836 | return(s->expand->meth); | 2836 | return (s->expand->meth); |
| 2837 | return(NULL); | 2837 | return (NULL); |
| 2838 | } | 2838 | } |
| 2839 | #endif | 2839 | #endif |
| 2840 | 2840 | ||
| 2841 | int ssl_init_wbio_buffer(SSL *s,int push) | 2841 | int |
| 2842 | { | 2842 | ssl_init_wbio_buffer(SSL *s, int push) |
| 2843 | { | ||
| 2843 | BIO *bbio; | 2844 | BIO *bbio; |
| 2844 | 2845 | ||
| 2845 | if (s->bbio == NULL) | 2846 | if (s->bbio == NULL) { |
| 2846 | { | 2847 | bbio = BIO_new(BIO_f_buffer()); |
| 2847 | bbio=BIO_new(BIO_f_buffer()); | 2848 | if (bbio == NULL) |
| 2848 | if (bbio == NULL) return(0); | 2849 | return (0); |
| 2849 | s->bbio=bbio; | 2850 | s->bbio = bbio; |
| 2850 | } | 2851 | } else { |
| 2851 | else | 2852 | bbio = s->bbio; |
| 2852 | { | ||
| 2853 | bbio=s->bbio; | ||
| 2854 | if (s->bbio == s->wbio) | 2853 | if (s->bbio == s->wbio) |
| 2855 | s->wbio=BIO_pop(s->wbio); | 2854 | s->wbio = BIO_pop(s->wbio); |
| 2856 | } | 2855 | } |
| 2857 | (void)BIO_reset(bbio); | 2856 | (void)BIO_reset(bbio); |
| 2858 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ | 2857 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ |
| 2859 | if (!BIO_set_read_buffer_size(bbio,1)) | 2858 | if (!BIO_set_read_buffer_size(bbio, 1)) { |
| 2860 | { | 2859 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); |
| 2861 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); | 2860 | return (0); |
| 2862 | return(0); | 2861 | } |
| 2863 | } | 2862 | if (push) { |
| 2864 | if (push) | ||
| 2865 | { | ||
| 2866 | if (s->wbio != bbio) | 2863 | if (s->wbio != bbio) |
| 2867 | s->wbio=BIO_push(bbio,s->wbio); | 2864 | s->wbio = BIO_push(bbio, s->wbio); |
| 2868 | } | 2865 | } else { |
| 2869 | else | ||
| 2870 | { | ||
| 2871 | if (s->wbio == bbio) | 2866 | if (s->wbio == bbio) |
| 2872 | s->wbio=BIO_pop(bbio); | 2867 | s->wbio = BIO_pop(bbio); |
| 2873 | } | ||
| 2874 | return(1); | ||
| 2875 | } | 2868 | } |
| 2869 | return (1); | ||
| 2870 | } | ||
| 2876 | 2871 | ||
| 2877 | void ssl_free_wbio_buffer(SSL *s) | 2872 | void |
| 2878 | { | 2873 | ssl_free_wbio_buffer(SSL *s) |
| 2879 | if (s->bbio == NULL) return; | 2874 | { |
| 2875 | if (s->bbio == NULL) | ||
| 2876 | return; | ||
| 2880 | 2877 | ||
| 2881 | if (s->bbio == s->wbio) | 2878 | if (s->bbio == s->wbio) { |
| 2882 | { | ||
| 2883 | /* remove buffering */ | 2879 | /* remove buffering */ |
| 2884 | s->wbio=BIO_pop(s->wbio); | 2880 | s->wbio = BIO_pop(s->wbio); |
| 2885 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ | 2881 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ |
| 2886 | assert(s->wbio != NULL); | 2882 | assert(s->wbio != NULL); |
| 2887 | #endif | 2883 | #endif |
| 2888 | } | 2884 | } |
| 2889 | BIO_free(s->bbio); | 2885 | BIO_free(s->bbio); |
| 2890 | s->bbio=NULL; | 2886 | s->bbio = NULL; |
| 2891 | } | 2887 | } |
| 2892 | |||
| 2893 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) | ||
| 2894 | { | ||
| 2895 | ctx->quiet_shutdown=mode; | ||
| 2896 | } | ||
| 2897 | 2888 | ||
| 2898 | int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | 2889 | void |
| 2899 | { | 2890 | SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) |
| 2900 | return(ctx->quiet_shutdown); | 2891 | { |
| 2901 | } | 2892 | ctx->quiet_shutdown = mode; |
| 2893 | } | ||
| 2902 | 2894 | ||
| 2903 | void SSL_set_quiet_shutdown(SSL *s,int mode) | 2895 | int |
| 2904 | { | 2896 | SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) |
| 2905 | s->quiet_shutdown=mode; | 2897 | { |
| 2906 | } | 2898 | return (ctx->quiet_shutdown); |
| 2899 | } | ||
| 2907 | 2900 | ||
| 2908 | int SSL_get_quiet_shutdown(const SSL *s) | 2901 | void |
| 2909 | { | 2902 | SSL_set_quiet_shutdown(SSL *s, int mode) |
| 2910 | return(s->quiet_shutdown); | 2903 | { |
| 2911 | } | 2904 | s->quiet_shutdown = mode; |
| 2905 | } | ||
| 2912 | 2906 | ||
| 2913 | void SSL_set_shutdown(SSL *s,int mode) | 2907 | int |
| 2914 | { | 2908 | SSL_get_quiet_shutdown(const SSL *s) |
| 2915 | s->shutdown=mode; | 2909 | { |
| 2916 | } | 2910 | return (s->quiet_shutdown); |
| 2911 | } | ||
| 2917 | 2912 | ||
| 2918 | int SSL_get_shutdown(const SSL *s) | 2913 | void |
| 2919 | { | 2914 | SSL_set_shutdown(SSL *s, int mode) |
| 2920 | return(s->shutdown); | 2915 | { |
| 2921 | } | 2916 | s->shutdown = mode; |
| 2917 | } | ||
| 2922 | 2918 | ||
| 2923 | int SSL_version(const SSL *s) | 2919 | int |
| 2924 | { | 2920 | SSL_get_shutdown(const SSL *s) |
| 2925 | return(s->version); | 2921 | { |
| 2926 | } | 2922 | return (s->shutdown); |
| 2923 | } | ||
| 2927 | 2924 | ||
| 2928 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) | 2925 | int |
| 2929 | { | 2926 | SSL_version(const SSL *s) |
| 2930 | return(ssl->ctx); | 2927 | { |
| 2931 | } | 2928 | return (s->version); |
| 2929 | } | ||
| 2932 | 2930 | ||
| 2933 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | 2931 | SSL_CTX |
| 2934 | { | 2932 | *SSL_get_SSL_CTX(const SSL *ssl) |
| 2933 | { | ||
| 2934 | return (ssl->ctx); | ||
| 2935 | } | ||
| 2936 | |||
| 2937 | SSL_CTX | ||
| 2938 | *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
| 2939 | { | ||
| 2935 | if (ssl->ctx == ctx) | 2940 | if (ssl->ctx == ctx) |
| 2936 | return ssl->ctx; | 2941 | return ssl->ctx; |
| 2937 | #ifndef OPENSSL_NO_TLSEXT | 2942 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | |||
| 2941 | if (ssl->cert != NULL) | 2946 | if (ssl->cert != NULL) |
| 2942 | ssl_cert_free(ssl->cert); | 2947 | ssl_cert_free(ssl->cert); |
| 2943 | ssl->cert = ssl_cert_dup(ctx->cert); | 2948 | ssl->cert = ssl_cert_dup(ctx->cert); |
| 2944 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 2949 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 2945 | if (ssl->ctx != NULL) | 2950 | if (ssl->ctx != NULL) |
| 2946 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | 2951 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ |
| 2947 | ssl->ctx = ctx; | 2952 | ssl->ctx = ctx; |
| 2948 | return(ssl->ctx); | 2953 | return (ssl->ctx); |
| 2949 | } | 2954 | } |
| 2950 | 2955 | ||
| 2951 | #ifndef OPENSSL_NO_STDIO | 2956 | #ifndef OPENSSL_NO_STDIO |
| 2952 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | 2957 | int |
| 2953 | { | 2958 | SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) |
| 2954 | return(X509_STORE_set_default_paths(ctx->cert_store)); | 2959 | { |
| 2955 | } | 2960 | return (X509_STORE_set_default_paths(ctx->cert_store)); |
| 2961 | } | ||
| 2956 | 2962 | ||
| 2957 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | 2963 | int |
| 2958 | const char *CApath) | 2964 | SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 2959 | { | 2965 | const char *CApath) |
| 2960 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); | 2966 | { |
| 2961 | } | 2967 | return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); |
| 2968 | } | ||
| 2962 | #endif | 2969 | #endif |
| 2963 | 2970 | ||
| 2964 | void SSL_set_info_callback(SSL *ssl, | 2971 | void |
| 2965 | void (*cb)(const SSL *ssl,int type,int val)) | 2972 | SSL_set_info_callback(SSL *ssl, |
| 2966 | { | 2973 | void (*cb)(const SSL *ssl, int type, int val)) |
| 2967 | ssl->info_callback=cb; | 2974 | { |
| 2968 | } | 2975 | ssl->info_callback = cb; |
| 2976 | } | ||
| 2969 | 2977 | ||
| 2970 | /* One compiler (Diab DCC) doesn't like argument names in returned | 2978 | /* One compiler (Diab DCC) doesn't like argument names in returned |
| 2971 | function pointer. */ | 2979 | function pointer. */ |
| 2972 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) | 2980 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) |
| 2973 | { | 2981 | { |
| 2974 | return ssl->info_callback; | 2982 | return ssl->info_callback; |
| 2975 | } | 2983 | } |
| 2976 | 2984 | ||
| 2977 | int SSL_state(const SSL *ssl) | 2985 | int |
| 2978 | { | 2986 | SSL_state(const SSL *ssl) |
| 2979 | return(ssl->state); | 2987 | { |
| 2980 | } | 2988 | return (ssl->state); |
| 2989 | } | ||
| 2981 | 2990 | ||
| 2982 | void SSL_set_state(SSL *ssl, int state) | 2991 | void |
| 2983 | { | 2992 | SSL_set_state(SSL *ssl, int state) |
| 2993 | { | ||
| 2984 | ssl->state = state; | 2994 | ssl->state = state; |
| 2985 | } | 2995 | } |
| 2986 | 2996 | ||
| 2987 | void SSL_set_verify_result(SSL *ssl,long arg) | 2997 | void |
| 2988 | { | 2998 | SSL_set_verify_result(SSL *ssl, long arg) |
| 2989 | ssl->verify_result=arg; | 2999 | { |
| 2990 | } | 3000 | ssl->verify_result = arg; |
| 3001 | } | ||
| 2991 | 3002 | ||
| 2992 | long SSL_get_verify_result(const SSL *ssl) | 3003 | long |
| 2993 | { | 3004 | SSL_get_verify_result(const SSL *ssl) |
| 2994 | return(ssl->verify_result); | 3005 | { |
| 2995 | } | 3006 | return (ssl->verify_result); |
| 3007 | } | ||
| 2996 | 3008 | ||
| 2997 | int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3009 | int |
| 2998 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3010 | SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 2999 | { | 3011 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3012 | { | ||
| 3000 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, | 3013 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, |
| 3001 | new_func, dup_func, free_func); | 3014 | new_func, dup_func, free_func); |
| 3002 | } | 3015 | } |
| 3003 | 3016 | ||
| 3004 | int SSL_set_ex_data(SSL *s,int idx,void *arg) | 3017 | int |
| 3005 | { | 3018 | SSL_set_ex_data(SSL *s, int idx, void *arg) |
| 3006 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3019 | { |
| 3007 | } | 3020 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3021 | } | ||
| 3008 | 3022 | ||
| 3009 | void *SSL_get_ex_data(const SSL *s,int idx) | 3023 | void |
| 3010 | { | 3024 | *SSL_get_ex_data(const SSL *s, int idx) |
| 3011 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3025 | { |
| 3012 | } | 3026 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3027 | } | ||
| 3013 | 3028 | ||
| 3014 | int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3029 | int |
| 3015 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3030 | SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 3016 | { | 3031 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3032 | { | ||
| 3017 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, | 3033 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, |
| 3018 | new_func, dup_func, free_func); | 3034 | new_func, dup_func, free_func); |
| 3019 | } | 3035 | } |
| 3020 | 3036 | ||
| 3021 | int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) | 3037 | int |
| 3022 | { | 3038 | SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) |
| 3023 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3039 | { |
| 3024 | } | 3040 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3041 | } | ||
| 3025 | 3042 | ||
| 3026 | void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) | 3043 | void |
| 3027 | { | 3044 | *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) |
| 3028 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3045 | { |
| 3029 | } | 3046 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3047 | } | ||
| 3030 | 3048 | ||
| 3031 | int ssl_ok(SSL *s) | 3049 | int |
| 3032 | { | 3050 | ssl_ok(SSL *s) |
| 3033 | return(1); | 3051 | { |
| 3034 | } | 3052 | return (1); |
| 3053 | } | ||
| 3035 | 3054 | ||
| 3036 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) | 3055 | X509_STORE |
| 3037 | { | 3056 | *SSL_CTX_get_cert_store(const SSL_CTX *ctx) |
| 3038 | return(ctx->cert_store); | 3057 | { |
| 3039 | } | 3058 | return (ctx->cert_store); |
| 3059 | } | ||
| 3040 | 3060 | ||
| 3041 | void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) | 3061 | void |
| 3042 | { | 3062 | SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) |
| 3063 | { | ||
| 3043 | if (ctx->cert_store != NULL) | 3064 | if (ctx->cert_store != NULL) |
| 3044 | X509_STORE_free(ctx->cert_store); | 3065 | X509_STORE_free(ctx->cert_store); |
| 3045 | ctx->cert_store=store; | 3066 | ctx->cert_store = store; |
| 3046 | } | 3067 | } |
| 3047 | 3068 | ||
| 3048 | int SSL_want(const SSL *s) | 3069 | int |
| 3049 | { | 3070 | SSL_want(const SSL *s) |
| 3050 | return(s->rwstate); | 3071 | { |
| 3051 | } | 3072 | return (s->rwstate); |
| 3073 | } | ||
| 3052 | 3074 | ||
| 3053 | /*! | 3075 | /*! |
| 3054 | * \brief Set the callback for generating temporary RSA keys. | 3076 | * \brief Set the callback for generating temporary RSA keys. |
| @@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s) | |||
| 3057 | */ | 3079 | */ |
| 3058 | 3080 | ||
| 3059 | #ifndef OPENSSL_NO_RSA | 3081 | #ifndef OPENSSL_NO_RSA |
| 3060 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | 3082 | void |
| 3061 | int is_export, | 3083 | SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, |
| 3062 | int keylength)) | 3084 | int is_export, |
| 3063 | { | 3085 | int keylength)) |
| 3064 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3086 | { |
| 3065 | } | 3087 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 3066 | 3088 | } | |
| 3067 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | 3089 | |
| 3068 | int is_export, | 3090 | void |
| 3069 | int keylength)) | 3091 | SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, |
| 3070 | { | 3092 | int is_export, |
| 3071 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3093 | int keylength)) |
| 3072 | } | 3094 | { |
| 3095 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
| 3096 | } | ||
| 3073 | #endif | 3097 | #endif |
| 3074 | 3098 | ||
| 3075 | #ifdef DOXYGEN | 3099 | #ifdef DOXYGEN |
| @@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | |||
| 3083 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback | 3107 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback |
| 3084 | */ | 3108 | */ |
| 3085 | 3109 | ||
| 3086 | RSA *cb(SSL *ssl,int is_export,int keylength) | 3110 | RSA |
| 3087 | {} | 3111 | *cb(SSL *ssl, int is_export, int keylength) |
| 3112 | {} | ||
| 3088 | #endif | 3113 | #endif |
| 3089 | 3114 | ||
| 3090 | /*! | 3115 | /*! |
| @@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength) | |||
| 3094 | */ | 3119 | */ |
| 3095 | 3120 | ||
| 3096 | #ifndef OPENSSL_NO_DH | 3121 | #ifndef OPENSSL_NO_DH |
| 3097 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | 3122 | void |
| 3098 | int keylength)) | 3123 | SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, |
| 3099 | { | 3124 | int keylength)) |
| 3100 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3125 | { |
| 3101 | } | 3126 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3127 | } | ||
| 3102 | 3128 | ||
| 3103 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | 3129 | void |
| 3104 | int keylength)) | 3130 | SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, |
| 3105 | { | 3131 | int keylength)) |
| 3106 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3132 | { |
| 3107 | } | 3133 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3134 | } | ||
| 3108 | #endif | 3135 | #endif |
| 3109 | 3136 | ||
| 3110 | #ifndef OPENSSL_NO_ECDH | 3137 | #ifndef OPENSSL_NO_ECDH |
| 3111 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3138 | void |
| 3112 | int keylength)) | 3139 | SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3113 | { | 3140 | int keylength)) |
| 3114 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3141 | { |
| 3115 | } | 3142 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3143 | } | ||
| 3116 | 3144 | ||
| 3117 | void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3145 | void |
| 3118 | int keylength)) | 3146 | SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3119 | { | 3147 | int keylength)) |
| 3120 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3148 | { |
| 3121 | } | 3149 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3150 | } | ||
| 3122 | #endif | 3151 | #endif |
| 3123 | 3152 | ||
| 3124 | #ifndef OPENSSL_NO_PSK | 3153 | #ifndef OPENSSL_NO_PSK |
| 3125 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) | 3154 | int |
| 3126 | { | 3155 | SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) |
| 3127 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3156 | { |
| 3128 | { | 3157 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3129 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3158 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3130 | return 0; | 3159 | return 0; |
| 3131 | } | 3160 | } |
| 3132 | if (ctx->psk_identity_hint != NULL) | 3161 | if (ctx->psk_identity_hint != NULL) |
| 3133 | OPENSSL_free(ctx->psk_identity_hint); | 3162 | OPENSSL_free(ctx->psk_identity_hint); |
| 3134 | if (identity_hint != NULL) | 3163 | if (identity_hint != NULL) { |
| 3135 | { | ||
| 3136 | ctx->psk_identity_hint = BUF_strdup(identity_hint); | 3164 | ctx->psk_identity_hint = BUF_strdup(identity_hint); |
| 3137 | if (ctx->psk_identity_hint == NULL) | 3165 | if (ctx->psk_identity_hint == NULL) |
| 3138 | return 0; | 3166 | return 0; |
| 3139 | } | 3167 | } else |
| 3140 | else | ||
| 3141 | ctx->psk_identity_hint = NULL; | 3168 | ctx->psk_identity_hint = NULL; |
| 3142 | return 1; | 3169 | return 1; |
| 3143 | } | 3170 | } |
| 3144 | 3171 | ||
| 3145 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) | 3172 | int |
| 3146 | { | 3173 | SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) |
| 3174 | { | ||
| 3147 | if (s == NULL) | 3175 | if (s == NULL) |
| 3148 | return 0; | 3176 | return 0; |
| 3149 | 3177 | ||
| 3150 | if (s->session == NULL) | 3178 | if (s->session == NULL) |
| 3151 | return 1; /* session not created yet, ignored */ | 3179 | return 1; /* session not created yet, ignored */ |
| 3152 | 3180 | ||
| 3153 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3181 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3154 | { | ||
| 3155 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3182 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3156 | return 0; | 3183 | return 0; |
| 3157 | } | 3184 | } |
| 3158 | if (s->session->psk_identity_hint != NULL) | 3185 | if (s->session->psk_identity_hint != NULL) |
| 3159 | OPENSSL_free(s->session->psk_identity_hint); | 3186 | OPENSSL_free(s->session->psk_identity_hint); |
| 3160 | if (identity_hint != NULL) | 3187 | if (identity_hint != NULL) { |
| 3161 | { | ||
| 3162 | s->session->psk_identity_hint = BUF_strdup(identity_hint); | 3188 | s->session->psk_identity_hint = BUF_strdup(identity_hint); |
| 3163 | if (s->session->psk_identity_hint == NULL) | 3189 | if (s->session->psk_identity_hint == NULL) |
| 3164 | return 0; | 3190 | return 0; |
| 3165 | } | 3191 | } else |
| 3166 | else | ||
| 3167 | s->session->psk_identity_hint = NULL; | 3192 | s->session->psk_identity_hint = NULL; |
| 3168 | return 1; | 3193 | return 1; |
| 3169 | } | 3194 | } |
| 3170 | 3195 | ||
| 3171 | const char *SSL_get_psk_identity_hint(const SSL *s) | 3196 | const char |
| 3172 | { | 3197 | *SSL_get_psk_identity_hint(const SSL *s) |
| 3198 | { | ||
| 3173 | if (s == NULL || s->session == NULL) | 3199 | if (s == NULL || s->session == NULL) |
| 3174 | return NULL; | 3200 | return NULL; |
| 3175 | return(s->session->psk_identity_hint); | 3201 | return (s->session->psk_identity_hint); |
| 3176 | } | 3202 | } |
| 3177 | 3203 | ||
| 3178 | const char *SSL_get_psk_identity(const SSL *s) | 3204 | const char |
| 3179 | { | 3205 | *SSL_get_psk_identity(const SSL *s) |
| 3206 | { | ||
| 3180 | if (s == NULL || s->session == NULL) | 3207 | if (s == NULL || s->session == NULL) |
| 3181 | return NULL; | 3208 | return NULL; |
| 3182 | return(s->session->psk_identity); | 3209 | return (s->session->psk_identity); |
| 3183 | } | 3210 | } |
| 3184 | 3211 | ||
| 3185 | void SSL_set_psk_client_callback(SSL *s, | 3212 | void |
| 3213 | SSL_set_psk_client_callback(SSL *s, | ||
| 3186 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3214 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3187 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3215 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3188 | unsigned int max_psk_len)) | 3216 | unsigned int max_psk_len)) |
| 3189 | { | 3217 | { |
| 3190 | s->psk_client_callback = cb; | 3218 | s->psk_client_callback = cb; |
| 3191 | } | 3219 | } |
| 3192 | 3220 | ||
| 3193 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | 3221 | void |
| 3222 | SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | ||
| 3194 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3223 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3195 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3224 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3196 | unsigned int max_psk_len)) | 3225 | unsigned int max_psk_len)) |
| 3197 | { | 3226 | { |
| 3198 | ctx->psk_client_callback = cb; | 3227 | ctx->psk_client_callback = cb; |
| 3199 | } | 3228 | } |
| 3200 | 3229 | ||
| 3201 | void SSL_set_psk_server_callback(SSL *s, | 3230 | void |
| 3231 | SSL_set_psk_server_callback(SSL *s, | ||
| 3202 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3232 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3203 | unsigned char *psk, unsigned int max_psk_len)) | 3233 | unsigned char *psk, unsigned int max_psk_len)) |
| 3204 | { | 3234 | { |
| 3205 | s->psk_server_callback = cb; | 3235 | s->psk_server_callback = cb; |
| 3206 | } | 3236 | } |
| 3207 | 3237 | ||
| 3208 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | 3238 | void |
| 3239 | SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | ||
| 3209 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3240 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3210 | unsigned char *psk, unsigned int max_psk_len)) | 3241 | unsigned char *psk, unsigned int max_psk_len)) |
| 3211 | { | 3242 | { |
| 3212 | ctx->psk_server_callback = cb; | 3243 | ctx->psk_server_callback = cb; |
| 3213 | } | 3244 | } |
| 3214 | #endif | 3245 | #endif |
| 3215 | 3246 | ||
| 3216 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3247 | void |
| 3217 | { | 3248 | SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 3249 | { | ||
| 3218 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3250 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3219 | } | 3251 | } |
| 3220 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3252 | |
| 3221 | { | 3253 | void |
| 3254 | SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 3255 | { | ||
| 3222 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3256 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3223 | } | 3257 | } |
| 3224 | 3258 | ||
| 3225 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer | 3259 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer |
| 3226 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if | 3260 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if |
| @@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con | |||
| 3228 | * Returns newly allocated ctx; | 3262 | * Returns newly allocated ctx; |
| 3229 | */ | 3263 | */ |
| 3230 | 3264 | ||
| 3231 | EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) | 3265 | EVP_MD_CTX |
| 3266 | *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) | ||
| 3232 | { | 3267 | { |
| 3233 | ssl_clear_hash_ctx(hash); | 3268 | ssl_clear_hash_ctx(hash); |
| 3234 | *hash = EVP_MD_CTX_create(); | 3269 | *hash = EVP_MD_CTX_create(); |
| 3235 | if (md) EVP_DigestInit_ex(*hash,md,NULL); | 3270 | if (md) |
| 3271 | EVP_DigestInit_ex(*hash, md, NULL); | ||
| 3236 | return *hash; | 3272 | return *hash; |
| 3237 | } | 3273 | } |
| 3238 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash) | 3274 | |
| 3275 | void | ||
| 3276 | ssl_clear_hash_ctx(EVP_MD_CTX **hash) | ||
| 3239 | { | 3277 | { |
| 3240 | 3278 | ||
| 3241 | if (*hash) EVP_MD_CTX_destroy(*hash); | 3279 | if (*hash) |
| 3242 | *hash=NULL; | 3280 | EVP_MD_CTX_destroy(*hash); |
| 3281 | *hash = NULL; | ||
| 3243 | } | 3282 | } |
| 3244 | 3283 | ||
| 3245 | void SSL_set_debug(SSL *s, int debug) | 3284 | void |
| 3246 | { | 3285 | SSL_set_debug(SSL *s, int debug) |
| 3286 | { | ||
| 3247 | s->debug = debug; | 3287 | s->debug = debug; |
| 3248 | } | 3288 | } |
| 3249 | 3289 | ||
| 3250 | int SSL_cache_hit(SSL *s) | 3290 | int |
| 3251 | { | 3291 | SSL_cache_hit(SSL *s) |
| 3292 | { | ||
| 3252 | return s->hit; | 3293 | return s->hit; |
| 3253 | } | 3294 | } |
| 3254 | 3295 | ||
| 3255 | IMPLEMENT_STACK_OF(SSL_CIPHER) | 3296 | IMPLEMENT_STACK_OF(SSL_CIPHER) |
| 3256 | IMPLEMENT_STACK_OF(SSL_COMP) | 3297 | IMPLEMENT_STACK_OF(SSL_COMP) |
| 3257 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, | 3298 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, |
| 3258 | ssl_cipher_id); | 3299 | ssl_cipher_id); |
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 60e7b66859..078df55f06 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c | |||
| @@ -66,135 +66,126 @@ | |||
| 66 | 66 | ||
| 67 | static int ssl_set_cert(CERT *c, X509 *x509); | 67 | static int ssl_set_cert(CERT *c, X509 *x509); |
| 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); |
| 69 | int SSL_use_certificate(SSL *ssl, X509 *x) | 69 | int |
| 70 | { | 70 | SSL_use_certificate(SSL *ssl, X509 *x) |
| 71 | if (x == NULL) | 71 | { |
| 72 | { | 72 | if (x == NULL) { |
| 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); |
| 74 | return(0); | 74 | return (0); |
| 75 | } | 75 | } |
| 76 | if (!ssl_cert_inst(&ssl->cert)) | 76 | if (!ssl_cert_inst(&ssl->cert)) { |
| 77 | { | 77 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 78 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 78 | return (0); |
| 79 | return(0); | ||
| 80 | } | ||
| 81 | return(ssl_set_cert(ssl->cert,x)); | ||
| 82 | } | 79 | } |
| 80 | return (ssl_set_cert(ssl->cert, x)); | ||
| 81 | } | ||
| 83 | 82 | ||
| 84 | #ifndef OPENSSL_NO_STDIO | 83 | #ifndef OPENSSL_NO_STDIO |
| 85 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type) | 84 | int |
| 86 | { | 85 | SSL_use_certificate_file(SSL *ssl, const char *file, int type) |
| 86 | { | ||
| 87 | int j; | 87 | int j; |
| 88 | BIO *in; | 88 | BIO *in; |
| 89 | int ret=0; | 89 | int ret = 0; |
| 90 | X509 *x=NULL; | 90 | X509 *x = NULL; |
| 91 | 91 | ||
| 92 | in=BIO_new(BIO_s_file_internal()); | 92 | in = BIO_new(BIO_s_file_internal()); |
| 93 | if (in == NULL) | 93 | if (in == NULL) { |
| 94 | { | 94 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 95 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 96 | goto end; | 95 | goto end; |
| 97 | } | 96 | } |
| 98 | 97 | ||
| 99 | if (BIO_read_filename(in,file) <= 0) | 98 | if (BIO_read_filename(in, file) <= 0) { |
| 100 | { | 99 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 101 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 102 | goto end; | 100 | goto end; |
| 103 | } | 101 | } |
| 104 | if (type == SSL_FILETYPE_ASN1) | 102 | if (type == SSL_FILETYPE_ASN1) { |
| 105 | { | 103 | j = ERR_R_ASN1_LIB; |
| 106 | j=ERR_R_ASN1_LIB; | 104 | x = d2i_X509_bio(in, NULL); |
| 107 | x=d2i_X509_bio(in,NULL); | 105 | } else if (type == SSL_FILETYPE_PEM) { |
| 108 | } | 106 | j = ERR_R_PEM_LIB; |
| 109 | else if (type == SSL_FILETYPE_PEM) | 107 | x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 110 | { | 108 | } else { |
| 111 | j=ERR_R_PEM_LIB; | 109 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 112 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 113 | } | ||
| 114 | else | ||
| 115 | { | ||
| 116 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 117 | goto end; | 110 | goto end; |
| 118 | } | 111 | } |
| 119 | 112 | ||
| 120 | if (x == NULL) | 113 | if (x == NULL) { |
| 121 | { | 114 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); |
| 122 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); | ||
| 123 | goto end; | 115 | goto end; |
| 124 | } | 116 | } |
| 125 | 117 | ||
| 126 | ret=SSL_use_certificate(ssl,x); | 118 | ret = SSL_use_certificate(ssl, x); |
| 127 | end: | 119 | end: |
| 128 | if (x != NULL) X509_free(x); | 120 | if (x != NULL) |
| 129 | if (in != NULL) BIO_free(in); | 121 | X509_free(x); |
| 130 | return(ret); | 122 | if (in != NULL) |
| 131 | } | 123 | BIO_free(in); |
| 124 | return (ret); | ||
| 125 | } | ||
| 132 | #endif | 126 | #endif |
| 133 | 127 | ||
| 134 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) | 128 | int |
| 135 | { | 129 | SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) |
| 130 | { | ||
| 136 | X509 *x; | 131 | X509 *x; |
| 137 | int ret; | 132 | int ret; |
| 138 | 133 | ||
| 139 | x=d2i_X509(NULL,&d,(long)len); | 134 | x = d2i_X509(NULL, &d,(long)len); |
| 140 | if (x == NULL) | 135 | if (x == NULL) { |
| 141 | { | 136 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 142 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 137 | return (0); |
| 143 | return(0); | 138 | } |
| 144 | } | ||
| 145 | 139 | ||
| 146 | ret=SSL_use_certificate(ssl,x); | 140 | ret = SSL_use_certificate(ssl, x); |
| 147 | X509_free(x); | 141 | X509_free(x); |
| 148 | return(ret); | 142 | return (ret); |
| 149 | } | 143 | } |
| 150 | 144 | ||
| 151 | #ifndef OPENSSL_NO_RSA | 145 | #ifndef OPENSSL_NO_RSA |
| 152 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | 146 | int |
| 153 | { | 147 | SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) |
| 148 | { | ||
| 154 | EVP_PKEY *pkey; | 149 | EVP_PKEY *pkey; |
| 155 | int ret; | 150 | int ret; |
| 156 | 151 | ||
| 157 | if (rsa == NULL) | 152 | if (rsa == NULL) { |
| 158 | { | 153 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 159 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 154 | return (0); |
| 160 | return(0); | 155 | } |
| 161 | } | 156 | if (!ssl_cert_inst(&ssl->cert)) { |
| 162 | if (!ssl_cert_inst(&ssl->cert)) | 157 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 163 | { | 158 | return (0); |
| 164 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 159 | } |
| 165 | return(0); | 160 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 166 | } | 161 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 167 | if ((pkey=EVP_PKEY_new()) == NULL) | 162 | return (0); |
| 168 | { | 163 | } |
| 169 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 170 | return(0); | ||
| 171 | } | ||
| 172 | 164 | ||
| 173 | RSA_up_ref(rsa); | 165 | RSA_up_ref(rsa); |
| 174 | EVP_PKEY_assign_RSA(pkey,rsa); | 166 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 175 | 167 | ||
| 176 | ret=ssl_set_pkey(ssl->cert,pkey); | 168 | ret = ssl_set_pkey(ssl->cert, pkey); |
| 177 | EVP_PKEY_free(pkey); | 169 | EVP_PKEY_free(pkey); |
| 178 | return(ret); | 170 | return (ret); |
| 179 | } | 171 | } |
| 180 | #endif | 172 | #endif |
| 181 | 173 | ||
| 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | 174 | static int |
| 183 | { | 175 | ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
| 176 | { | ||
| 184 | int i; | 177 | int i; |
| 185 | 178 | ||
| 186 | i=ssl_cert_type(NULL,pkey); | 179 | i = ssl_cert_type(NULL, pkey); |
| 187 | if (i < 0) | 180 | if (i < 0) { |
| 188 | { | 181 | SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 189 | SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | 182 | return (0); |
| 190 | return(0); | 183 | } |
| 191 | } | ||
| 192 | 184 | ||
| 193 | if (c->pkeys[i].x509 != NULL) | 185 | if (c->pkeys[i].x509 != NULL) { |
| 194 | { | ||
| 195 | EVP_PKEY *pktmp; | 186 | EVP_PKEY *pktmp; |
| 196 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | 187 | pktmp = X509_get_pubkey(c->pkeys[i].x509); |
| 197 | EVP_PKEY_copy_parameters(pktmp,pkey); | 188 | EVP_PKEY_copy_parameters(pktmp, pkey); |
| 198 | EVP_PKEY_free(pktmp); | 189 | EVP_PKEY_free(pktmp); |
| 199 | ERR_clear_error(); | 190 | ERR_clear_error(); |
| 200 | 191 | ||
| @@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | |||
| 203 | * for smart cards. */ | 194 | * for smart cards. */ |
| 204 | if ((pkey->type == EVP_PKEY_RSA) && | 195 | if ((pkey->type == EVP_PKEY_RSA) && |
| 205 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) | 196 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) |
| 206 | ; | 197 | ; |
| 207 | else | 198 | else |
| 208 | #endif | 199 | #endif |
| 209 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | 200 | if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { |
| 210 | { | ||
| 211 | X509_free(c->pkeys[i].x509); | 201 | X509_free(c->pkeys[i].x509); |
| 212 | c->pkeys[i].x509 = NULL; | 202 | c->pkeys[i].x509 = NULL; |
| 213 | return 0; | 203 | return 0; |
| 214 | } | ||
| 215 | } | 204 | } |
| 205 | } | ||
| 216 | 206 | ||
| 217 | if (c->pkeys[i].privatekey != NULL) | 207 | if (c->pkeys[i].privatekey != NULL) |
| 218 | EVP_PKEY_free(c->pkeys[i].privatekey); | 208 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 219 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 209 | CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 220 | c->pkeys[i].privatekey=pkey; | 210 | c->pkeys[i].privatekey = pkey; |
| 221 | c->key= &(c->pkeys[i]); | 211 | c->key = &(c->pkeys[i]); |
| 222 | 212 | ||
| 223 | c->valid=0; | 213 | c->valid = 0; |
| 224 | return(1); | 214 | return (1); |
| 225 | } | 215 | } |
| 226 | 216 | ||
| 227 | #ifndef OPENSSL_NO_RSA | 217 | #ifndef OPENSSL_NO_RSA |
| 228 | #ifndef OPENSSL_NO_STDIO | 218 | #ifndef OPENSSL_NO_STDIO |
| 229 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) | 219 | int |
| 230 | { | 220 | SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) |
| 231 | int j,ret=0; | 221 | { |
| 222 | int j, ret = 0; | ||
| 232 | BIO *in; | 223 | BIO *in; |
| 233 | RSA *rsa=NULL; | 224 | RSA *rsa = NULL; |
| 234 | 225 | ||
| 235 | in=BIO_new(BIO_s_file_internal()); | 226 | in = BIO_new(BIO_s_file_internal()); |
| 236 | if (in == NULL) | 227 | if (in == NULL) { |
| 237 | { | 228 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 238 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 239 | goto end; | 229 | goto end; |
| 240 | } | 230 | } |
| 241 | 231 | ||
| 242 | if (BIO_read_filename(in,file) <= 0) | 232 | if (BIO_read_filename(in, file) <= 0) { |
| 243 | { | 233 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 245 | goto end; | 234 | goto end; |
| 246 | } | 235 | } |
| 247 | if (type == SSL_FILETYPE_ASN1) | 236 | if (type == SSL_FILETYPE_ASN1) { |
| 248 | { | 237 | j = ERR_R_ASN1_LIB; |
| 249 | j=ERR_R_ASN1_LIB; | 238 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 250 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 239 | } else if (type == SSL_FILETYPE_PEM) { |
| 251 | } | 240 | j = ERR_R_PEM_LIB; |
| 252 | else if (type == SSL_FILETYPE_PEM) | 241 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 253 | { | 242 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 254 | j=ERR_R_PEM_LIB; | 243 | } else { |
| 255 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 256 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 257 | } | ||
| 258 | else | ||
| 259 | { | ||
| 260 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 261 | goto end; | 245 | goto end; |
| 262 | } | 246 | } |
| 263 | if (rsa == NULL) | 247 | if (rsa == NULL) { |
| 264 | { | 248 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); |
| 265 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); | ||
| 266 | goto end; | 249 | goto end; |
| 267 | } | 250 | } |
| 268 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 251 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 269 | RSA_free(rsa); | 252 | RSA_free(rsa); |
| 270 | end: | 253 | end: |
| 271 | if (in != NULL) BIO_free(in); | 254 | if (in != NULL) |
| 272 | return(ret); | 255 | BIO_free(in); |
| 273 | } | 256 | return (ret); |
| 257 | } | ||
| 274 | #endif | 258 | #endif |
| 275 | 259 | ||
| 276 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) | 260 | int |
| 277 | { | 261 | SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) |
| 262 | { | ||
| 278 | int ret; | 263 | int ret; |
| 279 | const unsigned char *p; | 264 | const unsigned char *p; |
| 280 | RSA *rsa; | 265 | RSA *rsa; |
| 281 | 266 | ||
| 282 | p=d; | 267 | p = d; |
| 283 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 268 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 284 | { | 269 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 285 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 270 | return (0); |
| 286 | return(0); | 271 | } |
| 287 | } | ||
| 288 | 272 | ||
| 289 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 273 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 290 | RSA_free(rsa); | 274 | RSA_free(rsa); |
| 291 | return(ret); | 275 | return (ret); |
| 292 | } | 276 | } |
| 293 | #endif /* !OPENSSL_NO_RSA */ | 277 | #endif /* !OPENSSL_NO_RSA */ |
| 294 | 278 | ||
| 295 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) | 279 | int |
| 296 | { | 280 | SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) |
| 281 | { | ||
| 297 | int ret; | 282 | int ret; |
| 298 | 283 | ||
| 299 | if (pkey == NULL) | 284 | if (pkey == NULL) { |
| 300 | { | 285 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 301 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 286 | return (0); |
| 302 | return(0); | 287 | } |
| 303 | } | 288 | if (!ssl_cert_inst(&ssl->cert)) { |
| 304 | if (!ssl_cert_inst(&ssl->cert)) | 289 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 305 | { | 290 | return (0); |
| 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 307 | return(0); | ||
| 308 | } | ||
| 309 | ret=ssl_set_pkey(ssl->cert,pkey); | ||
| 310 | return(ret); | ||
| 311 | } | 291 | } |
| 292 | ret = ssl_set_pkey(ssl->cert, pkey); | ||
| 293 | return (ret); | ||
| 294 | } | ||
| 312 | 295 | ||
| 313 | #ifndef OPENSSL_NO_STDIO | 296 | #ifndef OPENSSL_NO_STDIO |
| 314 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | 297 | int |
| 315 | { | 298 | SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) |
| 316 | int j,ret=0; | 299 | { |
| 300 | int j, ret = 0; | ||
| 317 | BIO *in; | 301 | BIO *in; |
| 318 | EVP_PKEY *pkey=NULL; | 302 | EVP_PKEY *pkey = NULL; |
| 319 | 303 | ||
| 320 | in=BIO_new(BIO_s_file_internal()); | 304 | in = BIO_new(BIO_s_file_internal()); |
| 321 | if (in == NULL) | 305 | if (in == NULL) { |
| 322 | { | 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 323 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 324 | goto end; | 307 | goto end; |
| 325 | } | 308 | } |
| 326 | 309 | ||
| 327 | if (BIO_read_filename(in,file) <= 0) | 310 | if (BIO_read_filename(in, file) <= 0) { |
| 328 | { | 311 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 329 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 330 | goto end; | 312 | goto end; |
| 331 | } | 313 | } |
| 332 | if (type == SSL_FILETYPE_PEM) | 314 | if (type == SSL_FILETYPE_PEM) { |
| 333 | { | 315 | j = ERR_R_PEM_LIB; |
| 334 | j=ERR_R_PEM_LIB; | 316 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 335 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 317 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 336 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | 318 | } else if (type == SSL_FILETYPE_ASN1) { |
| 337 | } | ||
| 338 | else if (type == SSL_FILETYPE_ASN1) | ||
| 339 | { | ||
| 340 | j = ERR_R_ASN1_LIB; | 319 | j = ERR_R_ASN1_LIB; |
| 341 | pkey = d2i_PrivateKey_bio(in,NULL); | 320 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 342 | } | 321 | } else { |
| 343 | else | 322 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 344 | { | ||
| 345 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 346 | goto end; | 323 | goto end; |
| 347 | } | 324 | } |
| 348 | if (pkey == NULL) | 325 | if (pkey == NULL) { |
| 349 | { | 326 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); |
| 350 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); | ||
| 351 | goto end; | 327 | goto end; |
| 352 | } | 328 | } |
| 353 | ret=SSL_use_PrivateKey(ssl,pkey); | 329 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 354 | EVP_PKEY_free(pkey); | 330 | EVP_PKEY_free(pkey); |
| 355 | end: | 331 | end: |
| 356 | if (in != NULL) BIO_free(in); | 332 | if (in != NULL) |
| 357 | return(ret); | 333 | BIO_free(in); |
| 358 | } | 334 | return (ret); |
| 335 | } | ||
| 359 | #endif | 336 | #endif |
| 360 | 337 | ||
| 361 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) | 338 | int |
| 362 | { | 339 | SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) |
| 340 | { | ||
| 363 | int ret; | 341 | int ret; |
| 364 | const unsigned char *p; | 342 | const unsigned char *p; |
| 365 | EVP_PKEY *pkey; | 343 | EVP_PKEY *pkey; |
| 366 | 344 | ||
| 367 | p=d; | 345 | p = d; |
| 368 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 346 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 369 | { | 347 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 370 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 348 | return (0); |
| 371 | return(0); | 349 | } |
| 372 | } | ||
| 373 | 350 | ||
| 374 | ret=SSL_use_PrivateKey(ssl,pkey); | 351 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 375 | EVP_PKEY_free(pkey); | 352 | EVP_PKEY_free(pkey); |
| 376 | return(ret); | 353 | return (ret); |
| 354 | } | ||
| 355 | |||
| 356 | int | ||
| 357 | SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | ||
| 358 | { | ||
| 359 | if (x == NULL) { | ||
| 360 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); | ||
| 361 | return (0); | ||
| 377 | } | 362 | } |
| 378 | 363 | if (!ssl_cert_inst(&ctx->cert)) { | |
| 379 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | 364 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 380 | { | 365 | return (0); |
| 381 | if (x == NULL) | ||
| 382 | { | ||
| 383 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | ||
| 384 | return(0); | ||
| 385 | } | ||
| 386 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 387 | { | ||
| 388 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 389 | return(0); | ||
| 390 | } | ||
| 391 | return(ssl_set_cert(ctx->cert, x)); | ||
| 392 | } | 366 | } |
| 367 | return (ssl_set_cert(ctx->cert, x)); | ||
| 368 | } | ||
| 393 | 369 | ||
| 394 | static int ssl_set_cert(CERT *c, X509 *x) | 370 | static int |
| 395 | { | 371 | ssl_set_cert(CERT *c, X509 *x) |
| 372 | { | ||
| 396 | EVP_PKEY *pkey; | 373 | EVP_PKEY *pkey; |
| 397 | int i; | 374 | int i; |
| 398 | 375 | ||
| 399 | pkey=X509_get_pubkey(x); | 376 | pkey = X509_get_pubkey(x); |
| 400 | if (pkey == NULL) | 377 | if (pkey == NULL) { |
| 401 | { | 378 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); |
| 402 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); | 379 | return (0); |
| 403 | return(0); | 380 | } |
| 404 | } | ||
| 405 | 381 | ||
| 406 | i=ssl_cert_type(x,pkey); | 382 | i = ssl_cert_type(x, pkey); |
| 407 | if (i < 0) | 383 | if (i < 0) { |
| 408 | { | 384 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 409 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 410 | EVP_PKEY_free(pkey); | 385 | EVP_PKEY_free(pkey); |
| 411 | return(0); | 386 | return (0); |
| 412 | } | 387 | } |
| 413 | 388 | ||
| 414 | if (c->pkeys[i].privatekey != NULL) | 389 | if (c->pkeys[i].privatekey != NULL) { |
| 415 | { | 390 | EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); |
| 416 | EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); | ||
| 417 | ERR_clear_error(); | 391 | ERR_clear_error(); |
| 418 | 392 | ||
| 419 | #ifndef OPENSSL_NO_RSA | 393 | #ifndef OPENSSL_NO_RSA |
| @@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x) | |||
| 421 | * for smart cards. */ | 395 | * for smart cards. */ |
| 422 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | 396 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && |
| 423 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | 397 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & |
| 424 | RSA_METHOD_FLAG_NO_CHECK)) | 398 | RSA_METHOD_FLAG_NO_CHECK)) |
| 425 | ; | 399 | ; |
| 426 | else | 400 | else |
| 427 | #endif /* OPENSSL_NO_RSA */ | 401 | #endif /* OPENSSL_NO_RSA */ |
| 428 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | 402 | if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { |
| 429 | { | ||
| 430 | /* don't fail for a cert/key mismatch, just free | 403 | /* don't fail for a cert/key mismatch, just free |
| 431 | * current private key (when switching to a different | 404 | * current private key (when switching to a different |
| 432 | * cert & key, first this function should be used, | 405 | * cert & key, first this function should be used, |
| 433 | * then ssl_set_pkey */ | 406 | * then ssl_set_pkey */ |
| 434 | EVP_PKEY_free(c->pkeys[i].privatekey); | 407 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 435 | c->pkeys[i].privatekey=NULL; | 408 | c->pkeys[i].privatekey = NULL; |
| 436 | /* clear error queue */ | 409 | /* clear error queue */ |
| 437 | ERR_clear_error(); | 410 | ERR_clear_error(); |
| 438 | } | ||
| 439 | } | 411 | } |
| 412 | } | ||
| 440 | 413 | ||
| 441 | EVP_PKEY_free(pkey); | 414 | EVP_PKEY_free(pkey); |
| 442 | 415 | ||
| 443 | if (c->pkeys[i].x509 != NULL) | 416 | if (c->pkeys[i].x509 != NULL) |
| 444 | X509_free(c->pkeys[i].x509); | 417 | X509_free(c->pkeys[i].x509); |
| 445 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 418 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 446 | c->pkeys[i].x509=x; | 419 | c->pkeys[i].x509 = x; |
| 447 | c->key= &(c->pkeys[i]); | 420 | c->key = &(c->pkeys[i]); |
| 448 | 421 | ||
| 449 | c->valid=0; | 422 | c->valid = 0; |
| 450 | return(1); | 423 | return (1); |
| 451 | } | 424 | } |
| 452 | 425 | ||
| 453 | #ifndef OPENSSL_NO_STDIO | 426 | #ifndef OPENSSL_NO_STDIO |
| 454 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) | 427 | int |
| 455 | { | 428 | SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) |
| 429 | { | ||
| 456 | int j; | 430 | int j; |
| 457 | BIO *in; | 431 | BIO *in; |
| 458 | int ret=0; | 432 | int ret = 0; |
| 459 | X509 *x=NULL; | 433 | X509 *x = NULL; |
| 460 | 434 | ||
| 461 | in=BIO_new(BIO_s_file_internal()); | 435 | in = BIO_new(BIO_s_file_internal()); |
| 462 | if (in == NULL) | 436 | if (in == NULL) { |
| 463 | { | 437 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 464 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 465 | goto end; | 438 | goto end; |
| 466 | } | 439 | } |
| 467 | 440 | ||
| 468 | if (BIO_read_filename(in,file) <= 0) | 441 | if (BIO_read_filename(in, file) <= 0) { |
| 469 | { | 442 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 470 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 471 | goto end; | 443 | goto end; |
| 472 | } | 444 | } |
| 473 | if (type == SSL_FILETYPE_ASN1) | 445 | if (type == SSL_FILETYPE_ASN1) { |
| 474 | { | 446 | j = ERR_R_ASN1_LIB; |
| 475 | j=ERR_R_ASN1_LIB; | 447 | x = d2i_X509_bio(in, NULL); |
| 476 | x=d2i_X509_bio(in,NULL); | 448 | } else if (type == SSL_FILETYPE_PEM) { |
| 477 | } | 449 | j = ERR_R_PEM_LIB; |
| 478 | else if (type == SSL_FILETYPE_PEM) | 450 | x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 479 | { | 451 | } else { |
| 480 | j=ERR_R_PEM_LIB; | 452 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 481 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 482 | } | ||
| 483 | else | ||
| 484 | { | ||
| 485 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 486 | goto end; | 453 | goto end; |
| 487 | } | 454 | } |
| 488 | 455 | ||
| 489 | if (x == NULL) | 456 | if (x == NULL) { |
| 490 | { | 457 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); |
| 491 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); | ||
| 492 | goto end; | 458 | goto end; |
| 493 | } | 459 | } |
| 494 | 460 | ||
| 495 | ret=SSL_CTX_use_certificate(ctx,x); | 461 | ret = SSL_CTX_use_certificate(ctx, x); |
| 496 | end: | 462 | end: |
| 497 | if (x != NULL) X509_free(x); | 463 | if (x != NULL) |
| 498 | if (in != NULL) BIO_free(in); | 464 | X509_free(x); |
| 499 | return(ret); | 465 | if (in != NULL) |
| 500 | } | 466 | BIO_free(in); |
| 467 | return (ret); | ||
| 468 | } | ||
| 501 | #endif | 469 | #endif |
| 502 | 470 | ||
| 503 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) | 471 | int |
| 504 | { | 472 | SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) |
| 473 | { | ||
| 505 | X509 *x; | 474 | X509 *x; |
| 506 | int ret; | 475 | int ret; |
| 507 | 476 | ||
| 508 | x=d2i_X509(NULL,&d,(long)len); | 477 | x = d2i_X509(NULL, &d,(long)len); |
| 509 | if (x == NULL) | 478 | if (x == NULL) { |
| 510 | { | 479 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 511 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 480 | return (0); |
| 512 | return(0); | 481 | } |
| 513 | } | ||
| 514 | 482 | ||
| 515 | ret=SSL_CTX_use_certificate(ctx,x); | 483 | ret = SSL_CTX_use_certificate(ctx, x); |
| 516 | X509_free(x); | 484 | X509_free(x); |
| 517 | return(ret); | 485 | return (ret); |
| 518 | } | 486 | } |
| 519 | 487 | ||
| 520 | #ifndef OPENSSL_NO_RSA | 488 | #ifndef OPENSSL_NO_RSA |
| 521 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) | 489 | int |
| 522 | { | 490 | SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) |
| 491 | { | ||
| 523 | int ret; | 492 | int ret; |
| 524 | EVP_PKEY *pkey; | 493 | EVP_PKEY *pkey; |
| 525 | 494 | ||
| 526 | if (rsa == NULL) | 495 | if (rsa == NULL) { |
| 527 | { | 496 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 528 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 497 | return (0); |
| 529 | return(0); | 498 | } |
| 530 | } | 499 | if (!ssl_cert_inst(&ctx->cert)) { |
| 531 | if (!ssl_cert_inst(&ctx->cert)) | 500 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 532 | { | 501 | return (0); |
| 533 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 502 | } |
| 534 | return(0); | 503 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 535 | } | 504 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 536 | if ((pkey=EVP_PKEY_new()) == NULL) | 505 | return (0); |
| 537 | { | 506 | } |
| 538 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 539 | return(0); | ||
| 540 | } | ||
| 541 | 507 | ||
| 542 | RSA_up_ref(rsa); | 508 | RSA_up_ref(rsa); |
| 543 | EVP_PKEY_assign_RSA(pkey,rsa); | 509 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 544 | 510 | ||
| 545 | ret=ssl_set_pkey(ctx->cert, pkey); | 511 | ret = ssl_set_pkey(ctx->cert, pkey); |
| 546 | EVP_PKEY_free(pkey); | 512 | EVP_PKEY_free(pkey); |
| 547 | return(ret); | 513 | return (ret); |
| 548 | } | 514 | } |
| 549 | 515 | ||
| 550 | #ifndef OPENSSL_NO_STDIO | 516 | #ifndef OPENSSL_NO_STDIO |
| 551 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 517 | int |
| 552 | { | 518 | SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 553 | int j,ret=0; | 519 | { |
| 520 | int j, ret = 0; | ||
| 554 | BIO *in; | 521 | BIO *in; |
| 555 | RSA *rsa=NULL; | 522 | RSA *rsa = NULL; |
| 556 | 523 | ||
| 557 | in=BIO_new(BIO_s_file_internal()); | 524 | in = BIO_new(BIO_s_file_internal()); |
| 558 | if (in == NULL) | 525 | if (in == NULL) { |
| 559 | { | 526 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 560 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 561 | goto end; | 527 | goto end; |
| 562 | } | 528 | } |
| 563 | 529 | ||
| 564 | if (BIO_read_filename(in,file) <= 0) | 530 | if (BIO_read_filename(in, file) <= 0) { |
| 565 | { | 531 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 566 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 567 | goto end; | 532 | goto end; |
| 568 | } | 533 | } |
| 569 | if (type == SSL_FILETYPE_ASN1) | 534 | if (type == SSL_FILETYPE_ASN1) { |
| 570 | { | 535 | j = ERR_R_ASN1_LIB; |
| 571 | j=ERR_R_ASN1_LIB; | 536 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 572 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 537 | } else if (type == SSL_FILETYPE_PEM) { |
| 573 | } | 538 | j = ERR_R_PEM_LIB; |
| 574 | else if (type == SSL_FILETYPE_PEM) | 539 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 575 | { | 540 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 576 | j=ERR_R_PEM_LIB; | 541 | } else { |
| 577 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 542 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 578 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 579 | } | ||
| 580 | else | ||
| 581 | { | ||
| 582 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 583 | goto end; | 543 | goto end; |
| 584 | } | 544 | } |
| 585 | if (rsa == NULL) | 545 | if (rsa == NULL) { |
| 586 | { | 546 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); |
| 587 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); | ||
| 588 | goto end; | 547 | goto end; |
| 589 | } | 548 | } |
| 590 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 549 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 591 | RSA_free(rsa); | 550 | RSA_free(rsa); |
| 592 | end: | 551 | end: |
| 593 | if (in != NULL) BIO_free(in); | 552 | if (in != NULL) |
| 594 | return(ret); | 553 | BIO_free(in); |
| 595 | } | 554 | return (ret); |
| 555 | } | ||
| 596 | #endif | 556 | #endif |
| 597 | 557 | ||
| 598 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) | 558 | int |
| 599 | { | 559 | SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) |
| 560 | { | ||
| 600 | int ret; | 561 | int ret; |
| 601 | const unsigned char *p; | 562 | const unsigned char *p; |
| 602 | RSA *rsa; | 563 | RSA *rsa; |
| 603 | 564 | ||
| 604 | p=d; | 565 | p = d; |
| 605 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 566 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 606 | { | 567 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 607 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 568 | return (0); |
| 608 | return(0); | 569 | } |
| 609 | } | ||
| 610 | 570 | ||
| 611 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 571 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 612 | RSA_free(rsa); | 572 | RSA_free(rsa); |
| 613 | return(ret); | 573 | return (ret); |
| 614 | } | 574 | } |
| 615 | #endif /* !OPENSSL_NO_RSA */ | 575 | #endif /* !OPENSSL_NO_RSA */ |
| 616 | 576 | ||
| 617 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | 577 | int |
| 618 | { | 578 | SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) |
| 619 | if (pkey == NULL) | 579 | { |
| 620 | { | 580 | if (pkey == NULL) { |
| 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 581 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 622 | return(0); | 582 | return (0); |
| 623 | } | ||
| 624 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 625 | { | ||
| 626 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 627 | return(0); | ||
| 628 | } | ||
| 629 | return(ssl_set_pkey(ctx->cert,pkey)); | ||
| 630 | } | 583 | } |
| 584 | if (!ssl_cert_inst(&ctx->cert)) { | ||
| 585 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 586 | return (0); | ||
| 587 | } | ||
| 588 | return (ssl_set_pkey(ctx->cert, pkey)); | ||
| 589 | } | ||
| 631 | 590 | ||
| 632 | #ifndef OPENSSL_NO_STDIO | 591 | #ifndef OPENSSL_NO_STDIO |
| 633 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 592 | int |
| 634 | { | 593 | SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 635 | int j,ret=0; | 594 | { |
| 595 | int j, ret = 0; | ||
| 636 | BIO *in; | 596 | BIO *in; |
| 637 | EVP_PKEY *pkey=NULL; | 597 | EVP_PKEY *pkey = NULL; |
| 638 | 598 | ||
| 639 | in=BIO_new(BIO_s_file_internal()); | 599 | in = BIO_new(BIO_s_file_internal()); |
| 640 | if (in == NULL) | 600 | if (in == NULL) { |
| 641 | { | 601 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 642 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 643 | goto end; | 602 | goto end; |
| 644 | } | 603 | } |
| 645 | 604 | ||
| 646 | if (BIO_read_filename(in,file) <= 0) | 605 | if (BIO_read_filename(in, file) <= 0) { |
| 647 | { | 606 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 648 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 649 | goto end; | 607 | goto end; |
| 650 | } | 608 | } |
| 651 | if (type == SSL_FILETYPE_PEM) | 609 | if (type == SSL_FILETYPE_PEM) { |
| 652 | { | 610 | j = ERR_R_PEM_LIB; |
| 653 | j=ERR_R_PEM_LIB; | 611 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 654 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 612 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 655 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | 613 | } else if (type == SSL_FILETYPE_ASN1) { |
| 656 | } | ||
| 657 | else if (type == SSL_FILETYPE_ASN1) | ||
| 658 | { | ||
| 659 | j = ERR_R_ASN1_LIB; | 614 | j = ERR_R_ASN1_LIB; |
| 660 | pkey = d2i_PrivateKey_bio(in,NULL); | 615 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 661 | } | 616 | } else { |
| 662 | else | 617 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 663 | { | ||
| 664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 665 | goto end; | 618 | goto end; |
| 666 | } | 619 | } |
| 667 | if (pkey == NULL) | 620 | if (pkey == NULL) { |
| 668 | { | 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); |
| 669 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); | ||
| 670 | goto end; | 622 | goto end; |
| 671 | } | 623 | } |
| 672 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 624 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 673 | EVP_PKEY_free(pkey); | 625 | EVP_PKEY_free(pkey); |
| 674 | end: | 626 | end: |
| 675 | if (in != NULL) BIO_free(in); | 627 | if (in != NULL) |
| 676 | return(ret); | 628 | BIO_free(in); |
| 677 | } | 629 | return (ret); |
| 630 | } | ||
| 678 | #endif | 631 | #endif |
| 679 | 632 | ||
| 680 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | 633 | int |
| 681 | long len) | 634 | SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, |
| 682 | { | 635 | long len) |
| 636 | { | ||
| 683 | int ret; | 637 | int ret; |
| 684 | const unsigned char *p; | 638 | const unsigned char *p; |
| 685 | EVP_PKEY *pkey; | 639 | EVP_PKEY *pkey; |
| 686 | 640 | ||
| 687 | p=d; | 641 | p = d; |
| 688 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 642 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 689 | { | 643 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 690 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 644 | return (0); |
| 691 | return(0); | 645 | } |
| 692 | } | ||
| 693 | 646 | ||
| 694 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 647 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 695 | EVP_PKEY_free(pkey); | 648 | EVP_PKEY_free(pkey); |
| 696 | return(ret); | 649 | return (ret); |
| 697 | } | 650 | } |
| 698 | 651 | ||
| 699 | 652 | ||
| 700 | #ifndef OPENSSL_NO_STDIO | 653 | #ifndef OPENSSL_NO_STDIO |
| @@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | |||
| 702 | * possibly followed by a sequence of CA certificates that should be | 655 | * possibly followed by a sequence of CA certificates that should be |
| 703 | * sent to the peer in the Certificate message. | 656 | * sent to the peer in the Certificate message. |
| 704 | */ | 657 | */ |
| 705 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | 658 | int |
| 706 | { | 659 | SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) |
| 660 | { | ||
| 707 | BIO *in; | 661 | BIO *in; |
| 708 | int ret=0; | 662 | int ret = 0; |
| 709 | X509 *x=NULL; | 663 | X509 *x = NULL; |
| 710 | 664 | ||
| 711 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | 665 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ |
| 712 | 666 | ||
| 713 | in = BIO_new(BIO_s_file_internal()); | 667 | in = BIO_new(BIO_s_file_internal()); |
| 714 | if (in == NULL) | 668 | if (in == NULL) { |
| 715 | { | 669 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); |
| 716 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); | ||
| 717 | goto end; | 670 | goto end; |
| 718 | } | 671 | } |
| 719 | 672 | ||
| 720 | if (BIO_read_filename(in,file) <= 0) | 673 | if (BIO_read_filename(in, file) <= 0) { |
| 721 | { | 674 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); |
| 722 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); | ||
| 723 | goto end; | 675 | goto end; |
| 724 | } | 676 | } |
| 725 | 677 | ||
| 726 | x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, | 678 | x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, |
| 727 | ctx->default_passwd_callback_userdata); | 679 | ctx->default_passwd_callback_userdata); |
| 728 | if (x == NULL) | 680 | if (x == NULL) { |
| 729 | { | 681 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); |
| 730 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); | ||
| 731 | goto end; | 682 | goto end; |
| 732 | } | 683 | } |
| 733 | 684 | ||
| 734 | ret = SSL_CTX_use_certificate(ctx, x); | 685 | ret = SSL_CTX_use_certificate(ctx, x); |
| 735 | 686 | ||
| 736 | if (ERR_peek_error() != 0) | 687 | if (ERR_peek_error() != 0) |
| 737 | ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ | 688 | ret = 0; |
| 738 | if (ret) | 689 | /* Key/certificate mismatch doesn't imply ret==0 ... */ |
| 739 | { | 690 | if (ret) { |
| 740 | /* If we could set up our certificate, now proceed to | 691 | /* If we could set up our certificate, now proceed to |
| 741 | * the CA certificates. | 692 | * the CA certificates. |
| 742 | */ | 693 | */ |
| 743 | X509 *ca; | 694 | X509 *ca; |
| 744 | int r; | 695 | int r; |
| 745 | unsigned long err; | 696 | unsigned long err; |
| 746 | 697 | ||
| 747 | if (ctx->extra_certs != NULL) | 698 | if (ctx->extra_certs != NULL) { |
| 748 | { | ||
| 749 | sk_X509_pop_free(ctx->extra_certs, X509_free); | 699 | sk_X509_pop_free(ctx->extra_certs, X509_free); |
| 750 | ctx->extra_certs = NULL; | 700 | ctx->extra_certs = NULL; |
| 751 | } | 701 | } |
| 752 | 702 | ||
| 753 | while ((ca = PEM_read_bio_X509(in, NULL, | 703 | while ((ca = PEM_read_bio_X509(in, NULL, |
| 754 | ctx->default_passwd_callback, | 704 | ctx->default_passwd_callback, |
| 755 | ctx->default_passwd_callback_userdata)) | 705 | ctx->default_passwd_callback_userdata)) |
| 756 | != NULL) | 706 | != NULL) { |
| 757 | { | ||
| 758 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | 707 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); |
| 759 | if (!r) | 708 | if (!r) { |
| 760 | { | ||
| 761 | X509_free(ca); | 709 | X509_free(ca); |
| 762 | ret = 0; | 710 | ret = 0; |
| 763 | goto end; | 711 | goto end; |
| 764 | } | 712 | } |
| 765 | /* Note that we must not free r if it was successfully | 713 | /* Note that we must not free r if it was successfully |
| 766 | * added to the chain (while we must free the main | 714 | * added to the chain (while we must free the main |
| 767 | * certificate, since its reference count is increased | 715 | * certificate, since its reference count is increased |
| 768 | * by SSL_CTX_use_certificate). */ | 716 | * by SSL_CTX_use_certificate). */ |
| 769 | } | 717 | } |
| 770 | /* When the while loop ends, it's usually just EOF. */ | 718 | /* When the while loop ends, it's usually just EOF. */ |
| 771 | err = ERR_peek_last_error(); | 719 | err = ERR_peek_last_error(); |
| 772 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) | 720 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) |
| 773 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 774 | else | 722 | else |
| 775 | ret = 0; /* some real error */ | 723 | ret = 0; /* some real error */ |
| 776 | } | 724 | } |
| 777 | 725 | ||
| 778 | end: | 726 | end: |
| 779 | if (x != NULL) X509_free(x); | 727 | if (x != NULL) |
| 780 | if (in != NULL) BIO_free(in); | 728 | X509_free(x); |
| 781 | return(ret); | 729 | if (in != NULL) |
| 782 | } | 730 | BIO_free(in); |
| 731 | return (ret); | ||
| 732 | } | ||
| 783 | #endif | 733 | #endif |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index ad40fadd02..b29115862b 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -144,68 +144,74 @@ | |||
| 144 | #include "ssl_locl.h" | 144 | #include "ssl_locl.h" |
| 145 | 145 | ||
| 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); |
| 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); |
| 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); | 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); |
| 149 | 149 | ||
| 150 | SSL_SESSION *SSL_get_session(const SSL *ssl) | 150 | SSL_SESSION |
| 151 | *SSL_get_session(const SSL *ssl) | ||
| 151 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ | 152 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ |
| 152 | { | 153 | { |
| 153 | return(ssl->session); | 154 | return (ssl->session); |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 156 | SSL_SESSION *SSL_get1_session(SSL *ssl) | 157 | SSL_SESSION |
| 158 | *SSL_get1_session(SSL *ssl) | ||
| 157 | /* variant of SSL_get_session: caller really gets something */ | 159 | /* variant of SSL_get_session: caller really gets something */ |
| 158 | { | 160 | { |
| 159 | SSL_SESSION *sess; | 161 | SSL_SESSION *sess; |
| 160 | /* Need to lock this all up rather than just use CRYPTO_add so that | 162 | /* Need to lock this all up rather than just use CRYPTO_add so that |
| 161 | * somebody doesn't free ssl->session between when we check it's | 163 | * somebody doesn't free ssl->session between when we check it's |
| 162 | * non-null and when we up the reference count. */ | 164 | * non-null and when we up the reference count. */ |
| 163 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); | 165 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); |
| 164 | sess = ssl->session; | 166 | sess = ssl->session; |
| 165 | if(sess) | 167 | if (sess) |
| 166 | sess->references++; | 168 | sess->references++; |
| 167 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); | 169 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); |
| 168 | return(sess); | 170 | return (sess); |
| 169 | } | 171 | } |
| 170 | 172 | ||
| 171 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 173 | int |
| 172 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | 174 | SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 173 | { | 175 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 176 | { | ||
| 174 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, | 177 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, |
| 175 | new_func, dup_func, free_func); | 178 | new_func, dup_func, free_func); |
| 176 | } | 179 | } |
| 177 | 180 | ||
| 178 | int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | 181 | int |
| 179 | { | 182 | SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) |
| 180 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 183 | { |
| 181 | } | 184 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 185 | } | ||
| 182 | 186 | ||
| 183 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) | 187 | void |
| 184 | { | 188 | *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) |
| 185 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 189 | { |
| 186 | } | 190 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 191 | } | ||
| 187 | 192 | ||
| 188 | SSL_SESSION *SSL_SESSION_new(void) | 193 | SSL_SESSION |
| 189 | { | 194 | *SSL_SESSION_new(void) |
| 195 | { | ||
| 190 | SSL_SESSION *ss; | 196 | SSL_SESSION *ss; |
| 191 | 197 | ||
| 192 | ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); | 198 | ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); |
| 193 | if (ss == NULL) | 199 | if (ss == NULL) { |
| 194 | { | 200 | SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); |
| 195 | SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); | 201 | return (0); |
| 196 | return(0); | 202 | } |
| 197 | } | 203 | memset(ss, 0, sizeof(SSL_SESSION)); |
| 198 | memset(ss,0,sizeof(SSL_SESSION)); | ||
| 199 | 204 | ||
| 200 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 201 | ss->references=1; | 206 | ss->references = 1; |
| 202 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 203 | ss->time=(unsigned long)time(NULL); | 208 | ss->time = (unsigned long)time(NULL); |
| 204 | ss->prev=NULL; | 209 | ss->prev = NULL; |
| 205 | ss->next=NULL; | 210 | ss->next = NULL; |
| 206 | ss->compress_meth=0; | 211 | ss->compress_meth = 0; |
| 207 | #ifndef OPENSSL_NO_TLSEXT | 212 | #ifndef OPENSSL_NO_TLSEXT |
| 208 | ss->tlsext_hostname = NULL; | 213 | ss->tlsext_hostname = NULL; |
| 214 | |||
| 209 | #ifndef OPENSSL_NO_EC | 215 | #ifndef OPENSSL_NO_EC |
| 210 | ss->tlsext_ecpointformatlist_length = 0; | 216 | ss->tlsext_ecpointformatlist_length = 0; |
| 211 | ss->tlsext_ecpointformatlist = NULL; | 217 | ss->tlsext_ecpointformatlist = NULL; |
| @@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void) | |||
| 215 | #endif | 221 | #endif |
| 216 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 222 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 217 | #ifndef OPENSSL_NO_PSK | 223 | #ifndef OPENSSL_NO_PSK |
| 218 | ss->psk_identity_hint=NULL; | 224 | ss->psk_identity_hint = NULL; |
| 219 | ss->psk_identity=NULL; | 225 | ss->psk_identity = NULL; |
| 220 | #endif | 226 | #endif |
| 221 | #ifndef OPENSSL_NO_SRP | 227 | #ifndef OPENSSL_NO_SRP |
| 222 | ss->srp_username=NULL; | 228 | ss->srp_username = NULL; |
| 223 | #endif | 229 | #endif |
| 224 | return(ss); | 230 | return (ss); |
| 225 | } | 231 | } |
| 226 | 232 | ||
| 227 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | 233 | const unsigned char |
| 228 | { | 234 | *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) |
| 229 | if(len) | 235 | { |
| 236 | if (len) | ||
| 230 | *len = s->session_id_length; | 237 | *len = s->session_id_length; |
| 231 | return s->session_id; | 238 | return s->session_id; |
| 232 | } | 239 | } |
| 233 | 240 | ||
| 234 | unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | 241 | unsigned int |
| 235 | { | 242 | SSL_SESSION_get_compress_id(const SSL_SESSION *s) |
| 243 | { | ||
| 236 | return s->compress_meth; | 244 | return s->compress_meth; |
| 237 | } | 245 | } |
| 238 | 246 | ||
| 239 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 | 247 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 |
| 240 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly | 248 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly |
| @@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | |||
| 246 | * store that many sessions is perhaps a more interesting question ... */ | 254 | * store that many sessions is perhaps a more interesting question ... */ |
| 247 | 255 | ||
| 248 | #define MAX_SESS_ID_ATTEMPTS 10 | 256 | #define MAX_SESS_ID_ATTEMPTS 10 |
| 249 | static int def_generate_session_id(const SSL *ssl, unsigned char *id, | 257 | static int |
| 250 | unsigned int *id_len) | 258 | def_generate_session_id(const SSL *ssl, unsigned char *id, |
| 259 | unsigned int *id_len) | ||
| 251 | { | 260 | { |
| 252 | unsigned int retry = 0; | 261 | unsigned int retry = 0; |
| 253 | do | 262 | do |
| 254 | if (RAND_pseudo_bytes(id, *id_len) <= 0) | 263 | if (RAND_pseudo_bytes(id, *id_len) <= 0) |
| 255 | return 0; | 264 | return 0; |
| 256 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | 265 | while (SSL_has_matching_session_id(ssl, id, *id_len) && |
| 257 | (++retry < MAX_SESS_ID_ATTEMPTS)); | 266 | (++retry < MAX_SESS_ID_ATTEMPTS)); |
| 258 | if(retry < MAX_SESS_ID_ATTEMPTS) | 267 | if (retry < MAX_SESS_ID_ATTEMPTS) |
| 259 | return 1; | 268 | return 1; |
| 260 | /* else - woops a session_id match */ | 269 | /* else - woops a session_id match */ |
| 261 | /* XXX We should also check the external cache -- | 270 | /* XXX We should also check the external cache -- |
| @@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, | |||
| 269 | return 0; | 278 | return 0; |
| 270 | } | 279 | } |
| 271 | 280 | ||
| 272 | int ssl_get_new_session(SSL *s, int session) | 281 | int |
| 273 | { | 282 | ssl_get_new_session(SSL *s, int session) |
| 283 | { | ||
| 274 | /* This gets used by clients and servers. */ | 284 | /* This gets used by clients and servers. */ |
| 275 | 285 | ||
| 276 | unsigned int tmp; | 286 | unsigned int tmp; |
| 277 | SSL_SESSION *ss=NULL; | 287 | SSL_SESSION *ss = NULL; |
| 278 | GEN_SESSION_CB cb = def_generate_session_id; | 288 | GEN_SESSION_CB cb = def_generate_session_id; |
| 279 | 289 | ||
| 280 | if ((ss=SSL_SESSION_new()) == NULL) return(0); | 290 | if ((ss = SSL_SESSION_new()) == NULL) return (0); |
| 281 | 291 | ||
| 282 | /* If the context has a default timeout, use it */ | 292 | /* If the context has a default timeout, use it */ |
| 283 | if (s->session_ctx->session_timeout == 0) | 293 | if (s->session_ctx->session_timeout == 0) |
| 284 | ss->timeout=SSL_get_default_timeout(s); | 294 | ss->timeout = SSL_get_default_timeout(s); |
| 285 | else | 295 | else |
| 286 | ss->timeout=s->session_ctx->session_timeout; | 296 | ss->timeout = s->session_ctx->session_timeout; |
| 287 | 297 | ||
| 288 | if (s->session != NULL) | 298 | if (s->session != NULL) { |
| 289 | { | ||
| 290 | SSL_SESSION_free(s->session); | 299 | SSL_SESSION_free(s->session); |
| 291 | s->session=NULL; | 300 | s->session = NULL; |
| 292 | } | 301 | } |
| 293 | 302 | ||
| 294 | if (session) | 303 | if (session) { |
| 295 | { | 304 | if (s->version == SSL2_VERSION) { |
| 296 | if (s->version == SSL2_VERSION) | 305 | ss->ssl_version = SSL2_VERSION; |
| 297 | { | 306 | ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 298 | ss->ssl_version=SSL2_VERSION; | 307 | } else if (s->version == SSL3_VERSION) { |
| 299 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; | 308 | ss->ssl_version = SSL3_VERSION; |
| 300 | } | 309 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 301 | else if (s->version == SSL3_VERSION) | 310 | } else if (s->version == TLS1_VERSION) { |
| 302 | { | 311 | ss->ssl_version = TLS1_VERSION; |
| 303 | ss->ssl_version=SSL3_VERSION; | 312 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 304 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 313 | } else if (s->version == TLS1_1_VERSION) { |
| 305 | } | 314 | ss->ssl_version = TLS1_1_VERSION; |
| 306 | else if (s->version == TLS1_VERSION) | 315 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 307 | { | 316 | } else if (s->version == TLS1_2_VERSION) { |
| 308 | ss->ssl_version=TLS1_VERSION; | 317 | ss->ssl_version = TLS1_2_VERSION; |
| 309 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 318 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 310 | } | 319 | } else if (s->version == DTLS1_BAD_VER) { |
| 311 | else if (s->version == TLS1_1_VERSION) | 320 | ss->ssl_version = DTLS1_BAD_VER; |
| 312 | { | 321 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 313 | ss->ssl_version=TLS1_1_VERSION; | 322 | } else if (s->version == DTLS1_VERSION) { |
| 314 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 323 | ss->ssl_version = DTLS1_VERSION; |
| 315 | } | 324 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 316 | else if (s->version == TLS1_2_VERSION) | 325 | } else { |
| 317 | { | 326 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); |
| 318 | ss->ssl_version=TLS1_2_VERSION; | ||
| 319 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 320 | } | ||
| 321 | else if (s->version == DTLS1_BAD_VER) | ||
| 322 | { | ||
| 323 | ss->ssl_version=DTLS1_BAD_VER; | ||
| 324 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 325 | } | ||
| 326 | else if (s->version == DTLS1_VERSION) | ||
| 327 | { | ||
| 328 | ss->ssl_version=DTLS1_VERSION; | ||
| 329 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 330 | } | ||
| 331 | else | ||
| 332 | { | ||
| 333 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); | ||
| 334 | SSL_SESSION_free(ss); | 327 | SSL_SESSION_free(ss); |
| 335 | return(0); | 328 | return (0); |
| 336 | } | 329 | } |
| 337 | #ifndef OPENSSL_NO_TLSEXT | 330 | #ifndef OPENSSL_NO_TLSEXT |
| 338 | /* If RFC4507 ticket use empty session ID */ | 331 | /* If RFC4507 ticket use empty session ID */ |
| 339 | if (s->tlsext_ticket_expected) | 332 | if (s->tlsext_ticket_expected) { |
| 340 | { | ||
| 341 | ss->session_id_length = 0; | 333 | ss->session_id_length = 0; |
| 342 | goto sess_id_done; | 334 | goto sess_id_done; |
| 343 | } | 335 | } |
| 344 | #endif | 336 | #endif |
| 345 | /* Choose which callback will set the session ID */ | 337 | /* Choose which callback will set the session ID */ |
| 346 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 338 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 347 | if(s->generate_session_id) | 339 | if (s->generate_session_id) |
| 348 | cb = s->generate_session_id; | 340 | cb = s->generate_session_id; |
| 349 | else if(s->session_ctx->generate_session_id) | 341 | else if (s->session_ctx->generate_session_id) |
| 350 | cb = s->session_ctx->generate_session_id; | 342 | cb = s->session_ctx->generate_session_id; |
| 351 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 343 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 352 | /* Choose a session ID */ | 344 | /* Choose a session ID */ |
| 353 | tmp = ss->session_id_length; | 345 | tmp = ss->session_id_length; |
| 354 | if(!cb(s, ss->session_id, &tmp)) | 346 | if (!cb(s, ss->session_id, &tmp)) { |
| 355 | { | ||
| 356 | /* The callback failed */ | 347 | /* The callback failed */ |
| 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 348 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 358 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); | 349 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); |
| 359 | SSL_SESSION_free(ss); | 350 | SSL_SESSION_free(ss); |
| 360 | return(0); | 351 | return (0); |
| 361 | } | 352 | } |
| 362 | /* Don't allow the callback to set the session length to zero. | 353 | /* Don't allow the callback to set the session length to zero. |
| 363 | * nor set it higher than it was. */ | 354 | * nor set it higher than it was. */ |
| 364 | if(!tmp || (tmp > ss->session_id_length)) | 355 | if (!tmp || (tmp > ss->session_id_length)) { |
| 365 | { | ||
| 366 | /* The callback set an illegal length */ | 356 | /* The callback set an illegal length */ |
| 367 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 368 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); | 358 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); |
| 369 | SSL_SESSION_free(ss); | 359 | SSL_SESSION_free(ss); |
| 370 | return(0); | 360 | return (0); |
| 371 | } | 361 | } |
| 372 | /* If the session length was shrunk and we're SSLv2, pad it */ | 362 | /* If the session length was shrunk and we're SSLv2, pad it */ |
| 373 | if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) | 363 | if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) |
| 374 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); | 364 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); |
| 375 | else | 365 | else |
| 376 | ss->session_id_length = tmp; | 366 | ss->session_id_length = tmp; |
| 377 | /* Finally, check for a conflict */ | 367 | /* Finally, check for a conflict */ |
| 378 | if(SSL_has_matching_session_id(s, ss->session_id, | 368 | if (SSL_has_matching_session_id(s, ss->session_id, |
| 379 | ss->session_id_length)) | 369 | ss->session_id_length)) { |
| 380 | { | ||
| 381 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 370 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 382 | SSL_R_SSL_SESSION_ID_CONFLICT); | 371 | SSL_R_SSL_SESSION_ID_CONFLICT); |
| 383 | SSL_SESSION_free(ss); | 372 | SSL_SESSION_free(ss); |
| 384 | return(0); | 373 | return (0); |
| 385 | } | 374 | } |
| 386 | #ifndef OPENSSL_NO_TLSEXT | 375 | #ifndef OPENSSL_NO_TLSEXT |
| 387 | sess_id_done: | 376 | sess_id_done: |
| 388 | if (s->tlsext_hostname) { | 377 | if (s->tlsext_hostname) { |
| @@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 391 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 380 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 392 | SSL_SESSION_free(ss); | 381 | SSL_SESSION_free(ss); |
| 393 | return 0; | 382 | return 0; |
| 394 | } | ||
| 395 | } | 383 | } |
| 384 | } | ||
| 396 | #ifndef OPENSSL_NO_EC | 385 | #ifndef OPENSSL_NO_EC |
| 397 | if (s->tlsext_ecpointformatlist) | 386 | if (s->tlsext_ecpointformatlist) { |
| 398 | { | 387 | if (ss->tlsext_ecpointformatlist != NULL) |
| 399 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 388 | OPENSSL_free(ss->tlsext_ecpointformatlist); |
| 400 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) | 389 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { |
| 401 | { | ||
| 402 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 390 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 403 | SSL_SESSION_free(ss); | 391 | SSL_SESSION_free(ss); |
| 404 | return 0; | 392 | return 0; |
| 405 | } | 393 | } |
| 406 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; | 394 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; |
| 407 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 395 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
| 408 | } | 396 | } |
| 409 | if (s->tlsext_ellipticcurvelist) | 397 | if (s->tlsext_ellipticcurvelist) { |
| 410 | { | 398 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 411 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 399 | OPENSSL_free(ss->tlsext_ellipticcurvelist); |
| 412 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) | 400 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { |
| 413 | { | ||
| 414 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 401 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 415 | SSL_SESSION_free(ss); | 402 | SSL_SESSION_free(ss); |
| 416 | return 0; | 403 | return 0; |
| 417 | } | 404 | } |
| 418 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; | 405 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; |
| 419 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | 406 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); |
| 420 | } | 407 | } |
| 421 | #endif | 408 | #endif |
| 422 | #endif | 409 | #endif |
| 423 | } | 410 | } else { |
| 424 | else | 411 | ss->session_id_length = 0; |
| 425 | { | 412 | } |
| 426 | ss->session_id_length=0; | ||
| 427 | } | ||
| 428 | 413 | ||
| 429 | if (s->sid_ctx_length > sizeof ss->sid_ctx) | 414 | if (s->sid_ctx_length > sizeof ss->sid_ctx) { |
| 430 | { | ||
| 431 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 415 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 432 | SSL_SESSION_free(ss); | 416 | SSL_SESSION_free(ss); |
| 433 | return 0; | 417 | return 0; |
| 434 | } | 418 | } |
| 435 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 419 | memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); |
| 436 | ss->sid_ctx_length=s->sid_ctx_length; | 420 | ss->sid_ctx_length = s->sid_ctx_length; |
| 437 | s->session=ss; | 421 | s->session = ss; |
| 438 | ss->ssl_version=s->version; | 422 | ss->ssl_version = s->version; |
| 439 | ss->verify_result = X509_V_OK; | 423 | ss->verify_result = X509_V_OK; |
| 440 | 424 | ||
| 441 | return(1); | 425 | return (1); |
| 442 | } | 426 | } |
| 443 | 427 | ||
| 444 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this | 428 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this |
| 445 | * connection. It is only called by servers. | 429 | * connection. It is only called by servers. |
| @@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 460 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 | 444 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 |
| 461 | * if the server should issue a new session ticket (to 0 otherwise). | 445 | * if the server should issue a new session ticket (to 0 otherwise). |
| 462 | */ | 446 | */ |
| 463 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | 447 | int |
| 464 | const unsigned char *limit) | 448 | ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
| 465 | { | 449 | const unsigned char *limit) |
| 450 | { | ||
| 466 | /* This is used only by servers. */ | 451 | /* This is used only by servers. */ |
| 467 | 452 | ||
| 468 | SSL_SESSION *ret=NULL; | 453 | SSL_SESSION *ret = NULL; |
| 469 | int fatal = 0; | 454 | int fatal = 0; |
| 470 | int try_session_cache = 1; | 455 | int try_session_cache = 1; |
| 471 | #ifndef OPENSSL_NO_TLSEXT | 456 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 480 | 465 | ||
| 481 | #ifndef OPENSSL_NO_TLSEXT | 466 | #ifndef OPENSSL_NO_TLSEXT |
| 482 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ | 467 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ |
| 483 | switch (r) | 468 | switch (r) { |
| 484 | { | ||
| 485 | case -1: /* Error during processing */ | 469 | case -1: /* Error during processing */ |
| 486 | fatal = 1; | 470 | fatal = 1; |
| 487 | goto err; | 471 | goto err; |
| @@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 494 | break; | 478 | break; |
| 495 | default: | 479 | default: |
| 496 | abort(); | 480 | abort(); |
| 497 | } | 481 | } |
| 498 | #endif | 482 | #endif |
| 499 | 483 | ||
| 500 | if (try_session_cache && | 484 | if (try_session_cache && |
| 501 | ret == NULL && | 485 | ret == NULL && |
| 502 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 486 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { |
| 503 | { | ||
| 504 | SSL_SESSION data; | 487 | SSL_SESSION data; |
| 505 | data.ssl_version=s->version; | 488 | data.ssl_version = s->version; |
| 506 | data.session_id_length=len; | 489 | data.session_id_length = len; |
| 507 | if (len == 0) | 490 | if (len == 0) |
| 508 | return 0; | 491 | return 0; |
| 509 | memcpy(data.session_id,session_id,len); | 492 | memcpy(data.session_id, session_id, len); |
| 510 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 493 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 511 | ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); | 494 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); |
| 512 | if (ret != NULL) | 495 | if (ret != NULL) { |
| 513 | { | ||
| 514 | /* don't allow other threads to steal it: */ | 496 | /* don't allow other threads to steal it: */ |
| 515 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 497 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 516 | } | 498 | } |
| 517 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 499 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 518 | if (ret == NULL) | 500 | if (ret == NULL) |
| 519 | s->session_ctx->stats.sess_miss++; | 501 | s->session_ctx->stats.sess_miss++; |
| 520 | } | 502 | } |
| 521 | 503 | ||
| 522 | if (try_session_cache && | 504 | if (try_session_cache && |
| 523 | ret == NULL && | 505 | ret == NULL && |
| 524 | s->session_ctx->get_session_cb != NULL) | 506 | s->session_ctx->get_session_cb != NULL) { |
| 525 | { | 507 | int copy = 1; |
| 526 | int copy=1; | 508 | |
| 527 | 509 | if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { | |
| 528 | if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) | ||
| 529 | { | ||
| 530 | s->session_ctx->stats.sess_cb_hit++; | 510 | s->session_ctx->stats.sess_cb_hit++; |
| 531 | 511 | ||
| 532 | /* Increment reference count now if the session callback | 512 | /* Increment reference count now if the session callback |
| @@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 535 | * it must handle the reference count itself [i.e. copy == 0], | 515 | * it must handle the reference count itself [i.e. copy == 0], |
| 536 | * or things won't be thread-safe). */ | 516 | * or things won't be thread-safe). */ |
| 537 | if (copy) | 517 | if (copy) |
| 538 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 518 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 539 | 519 | ||
| 540 | /* Add the externally cached session to the internal | 520 | /* Add the externally cached session to the internal |
| 541 | * cache as well if and only if we are supposed to. */ | 521 | * cache as well if and only if we are supposed to. */ |
| 542 | if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) | 522 | if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) |
| 543 | /* The following should not return 1, otherwise, | 523 | /* The following should not return 1, otherwise, |
| 544 | * things are very strange */ | 524 | * things are very strange */ |
| 545 | SSL_CTX_add_session(s->session_ctx,ret); | 525 | SSL_CTX_add_session(s->session_ctx, ret); |
| 546 | } | ||
| 547 | } | 526 | } |
| 527 | } | ||
| 548 | 528 | ||
| 549 | if (ret == NULL) | 529 | if (ret == NULL) |
| 550 | goto err; | 530 | goto err; |
| @@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 552 | /* Now ret is non-NULL and we own one of its reference counts. */ | 532 | /* Now ret is non-NULL and we own one of its reference counts. */ |
| 553 | 533 | ||
| 554 | if (ret->sid_ctx_length != s->sid_ctx_length | 534 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 555 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) | 535 | || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { |
| 556 | { | ||
| 557 | /* We have the session requested by the client, but we don't | 536 | /* We have the session requested by the client, but we don't |
| 558 | * want to use it in this context. */ | 537 | * want to use it in this context. */ |
| 559 | goto err; /* treat like cache miss */ | 538 | goto err; /* treat like cache miss */ |
| 560 | } | 539 | } |
| 561 | 540 | ||
| 562 | if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) | 541 | if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { |
| 563 | { | ||
| 564 | /* We can't be sure if this session is being used out of | 542 | /* We can't be sure if this session is being used out of |
| 565 | * context, which is especially important for SSL_VERIFY_PEER. | 543 | * context, which is especially important for SSL_VERIFY_PEER. |
| 566 | * The application should have used SSL[_CTX]_set_session_id_context. | 544 | * The application should have used SSL[_CTX]_set_session_id_context. |
| @@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 570 | * applications to effectively disable the session cache by | 548 | * applications to effectively disable the session cache by |
| 571 | * accident without anyone noticing). | 549 | * accident without anyone noticing). |
| 572 | */ | 550 | */ |
| 573 | 551 | ||
| 574 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | 552 | SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); |
| 575 | fatal = 1; | 553 | fatal = 1; |
| 576 | goto err; | 554 | goto err; |
| 577 | } | 555 | } |
| 578 | 556 | ||
| 579 | if (ret->cipher == NULL) | 557 | if (ret->cipher == NULL) { |
| 580 | { | 558 | unsigned char buf[5], *p; |
| 581 | unsigned char buf[5],*p; | ||
| 582 | unsigned long l; | 559 | unsigned long l; |
| 583 | 560 | ||
| 584 | p=buf; | 561 | p = buf; |
| 585 | l=ret->cipher_id; | 562 | l = ret->cipher_id; |
| 586 | l2n(l,p); | 563 | l2n(l, p); |
| 587 | if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) | 564 | if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 588 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); | 565 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); |
| 589 | else | 566 | else |
| 590 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); | 567 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); |
| 591 | if (ret->cipher == NULL) | 568 | if (ret->cipher == NULL) |
| 592 | goto err; | 569 | goto err; |
| 593 | } | 570 | } |
| 594 | 571 | ||
| 595 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 572 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ |
| 596 | { | 573 | { |
| 597 | s->session_ctx->stats.sess_timeout++; | 574 | s->session_ctx->stats.sess_timeout++; |
| 598 | if (try_session_cache) | 575 | if (try_session_cache) { |
| 599 | { | ||
| 600 | /* session was from the cache, so remove it */ | 576 | /* session was from the cache, so remove it */ |
| 601 | SSL_CTX_remove_session(s->session_ctx,ret); | 577 | SSL_CTX_remove_session(s->session_ctx, ret); |
| 602 | } | ||
| 603 | goto err; | ||
| 604 | } | 578 | } |
| 579 | goto err; | ||
| 580 | } | ||
| 605 | 581 | ||
| 606 | s->session_ctx->stats.sess_hit++; | 582 | s->session_ctx->stats.sess_hit++; |
| 607 | 583 | ||
| 608 | if (s->session != NULL) | 584 | if (s->session != NULL) |
| 609 | SSL_SESSION_free(s->session); | 585 | SSL_SESSION_free(s->session); |
| 610 | s->session=ret; | 586 | s->session = ret; |
| 611 | s->verify_result = s->session->verify_result; | 587 | s->verify_result = s->session->verify_result; |
| 612 | return 1; | 588 | return 1; |
| 613 | 589 | ||
| 614 | err: | 590 | err: |
| 615 | if (ret != NULL) | 591 | if (ret != NULL) { |
| 616 | { | ||
| 617 | SSL_SESSION_free(ret); | 592 | SSL_SESSION_free(ret); |
| 618 | #ifndef OPENSSL_NO_TLSEXT | 593 | #ifndef OPENSSL_NO_TLSEXT |
| 619 | if (!try_session_cache) | 594 | if (!try_session_cache) { |
| 620 | { | ||
| 621 | /* The session was from a ticket, so we should | 595 | /* The session was from a ticket, so we should |
| 622 | * issue a ticket for the new session */ | 596 | * issue a ticket for the new session */ |
| 623 | s->tlsext_ticket_expected = 1; | 597 | s->tlsext_ticket_expected = 1; |
| 624 | } | ||
| 625 | #endif | ||
| 626 | } | 598 | } |
| 599 | #endif | ||
| 600 | } | ||
| 627 | if (fatal) | 601 | if (fatal) |
| 628 | return -1; | 602 | return -1; |
| 629 | else | 603 | else |
| 630 | return 0; | 604 | return 0; |
| 631 | } | 605 | } |
| 632 | 606 | ||
| 633 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | 607 | int |
| 634 | { | 608 | SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 635 | int ret=0; | 609 | { |
| 610 | int ret = 0; | ||
| 636 | SSL_SESSION *s; | 611 | SSL_SESSION *s; |
| 637 | 612 | ||
| 638 | /* add just 1 reference count for the SSL_CTX's session cache | 613 | /* add just 1 reference count for the SSL_CTX's session cache |
| 639 | * even though it has two ways of access: each session is in a | 614 | * even though it has two ways of access: each session is in a |
| 640 | * doubly linked list and an lhash */ | 615 | * doubly linked list and an lhash */ |
| 641 | CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); | 616 | CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 642 | /* if session c is in already in cache, we take back the increment later */ | 617 | /* if session c is in already in cache, we take back the increment later */ |
| 643 | 618 | ||
| 644 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 619 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 645 | s=lh_SSL_SESSION_insert(ctx->sessions,c); | 620 | s = lh_SSL_SESSION_insert(ctx->sessions, c); |
| 646 | 621 | ||
| 647 | /* s != NULL iff we already had a session with the given PID. | 622 | /* s != NULL iff we already had a session with the given PID. |
| 648 | * In this case, s == c should hold (then we did not really modify | 623 | * In this case, s == c should hold (then we did not really modify |
| 649 | * ctx->sessions), or we're in trouble. */ | 624 | * ctx->sessions), or we're in trouble. */ |
| 650 | if (s != NULL && s != c) | 625 | if (s != NULL && s != c) { |
| 651 | { | ||
| 652 | /* We *are* in trouble ... */ | 626 | /* We *are* in trouble ... */ |
| 653 | SSL_SESSION_list_remove(ctx,s); | 627 | SSL_SESSION_list_remove(ctx, s); |
| 654 | SSL_SESSION_free(s); | 628 | SSL_SESSION_free(s); |
| 655 | /* ... so pretend the other session did not exist in cache | 629 | /* ... so pretend the other session did not exist in cache |
| 656 | * (we cannot handle two SSL_SESSION structures with identical | 630 | * (we cannot handle two SSL_SESSION structures with identical |
| @@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | |||
| 658 | * two threads concurrently obtain the same session from an external | 632 | * two threads concurrently obtain the same session from an external |
| 659 | * cache) */ | 633 | * cache) */ |
| 660 | s = NULL; | 634 | s = NULL; |
| 661 | } | 635 | } |
| 662 | 636 | ||
| 663 | /* Put at the head of the queue unless it is already in the cache */ | 637 | /* Put at the head of the queue unless it is already in the cache */ |
| 664 | if (s == NULL) | 638 | if (s == NULL) |
| 665 | SSL_SESSION_list_add(ctx,c); | 639 | SSL_SESSION_list_add(ctx, c); |
| 666 | 640 | ||
| 667 | if (s != NULL) | 641 | if (s != NULL) { |
| 668 | { | ||
| 669 | /* existing cache entry -- decrement previously incremented reference | 642 | /* existing cache entry -- decrement previously incremented reference |
| 670 | * count because it already takes into account the cache */ | 643 | * count because it already takes into account the cache */ |
| 671 | 644 | ||
| 672 | SSL_SESSION_free(s); /* s == c */ | 645 | SSL_SESSION_free(s); /* s == c */ |
| 673 | ret=0; | 646 | ret = 0; |
| 674 | } | 647 | } else { |
| 675 | else | ||
| 676 | { | ||
| 677 | /* new cache entry -- remove old ones if cache has become too large */ | 648 | /* new cache entry -- remove old ones if cache has become too large */ |
| 678 | |||
| 679 | ret=1; | ||
| 680 | 649 | ||
| 681 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) | 650 | ret = 1; |
| 682 | { | 651 | |
| 652 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) { | ||
| 683 | while (SSL_CTX_sess_number(ctx) > | 653 | while (SSL_CTX_sess_number(ctx) > |
| 684 | SSL_CTX_sess_get_cache_size(ctx)) | 654 | SSL_CTX_sess_get_cache_size(ctx)) { |
| 685 | { | ||
| 686 | if (!remove_session_lock(ctx, | 655 | if (!remove_session_lock(ctx, |
| 687 | ctx->session_cache_tail, 0)) | 656 | ctx->session_cache_tail, 0)) |
| 688 | break; | 657 | break; |
| 689 | else | 658 | else |
| 690 | ctx->stats.sess_cache_full++; | 659 | ctx->stats.sess_cache_full++; |
| 691 | } | ||
| 692 | } | 660 | } |
| 693 | } | 661 | } |
| 694 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 695 | return(ret); | ||
| 696 | } | 662 | } |
| 663 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 664 | return (ret); | ||
| 665 | } | ||
| 697 | 666 | ||
| 698 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | 667 | int |
| 668 | SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
| 699 | { | 669 | { |
| 700 | return remove_session_lock(ctx, c, 1); | 670 | return remove_session_lock(ctx, c, 1); |
| 701 | } | 671 | } |
| 702 | 672 | ||
| 703 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | 673 | static int |
| 704 | { | 674 | remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) |
| 675 | { | ||
| 705 | SSL_SESSION *r; | 676 | SSL_SESSION *r; |
| 706 | int ret=0; | 677 | int ret = 0; |
| 707 | 678 | ||
| 708 | if ((c != NULL) && (c->session_id_length != 0)) | 679 | if ((c != NULL) && (c->session_id_length != 0)) { |
| 709 | { | 680 | if (lck) |
| 710 | if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 681 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 711 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) | 682 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { |
| 712 | { | 683 | ret = 1; |
| 713 | ret=1; | 684 | r = lh_SSL_SESSION_delete(ctx->sessions, c); |
| 714 | r=lh_SSL_SESSION_delete(ctx->sessions,c); | 685 | SSL_SESSION_list_remove(ctx, c); |
| 715 | SSL_SESSION_list_remove(ctx,c); | 686 | } |
| 716 | } | ||
| 717 | 687 | ||
| 718 | if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 688 | if (lck) |
| 689 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 719 | 690 | ||
| 720 | if (ret) | 691 | if (ret) { |
| 721 | { | 692 | r->not_resumable = 1; |
| 722 | r->not_resumable=1; | ||
| 723 | if (ctx->remove_session_cb != NULL) | 693 | if (ctx->remove_session_cb != NULL) |
| 724 | ctx->remove_session_cb(ctx,r); | 694 | ctx->remove_session_cb(ctx, r); |
| 725 | SSL_SESSION_free(r); | 695 | SSL_SESSION_free(r); |
| 726 | } | ||
| 727 | } | 696 | } |
| 728 | else | 697 | } else |
| 729 | ret=0; | 698 | ret = 0; |
| 730 | return(ret); | 699 | return (ret); |
| 731 | } | 700 | } |
| 732 | 701 | ||
| 733 | void SSL_SESSION_free(SSL_SESSION *ss) | 702 | void |
| 734 | { | 703 | SSL_SESSION_free(SSL_SESSION *ss) |
| 704 | { | ||
| 735 | int i; | 705 | int i; |
| 736 | 706 | ||
| 737 | if(ss == NULL) | 707 | if (ss == NULL) |
| 738 | return; | 708 | return; |
| 739 | 709 | ||
| 740 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); | 710 | i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); |
| 741 | #ifdef REF_PRINT | 711 | #ifdef REF_PRINT |
| 742 | REF_PRINT("SSL_SESSION",ss); | 712 | REF_PRINT("SSL_SESSION", ss); |
| 743 | #endif | 713 | #endif |
| 744 | if (i > 0) return; | 714 | if (i > 0) |
| 715 | return; | ||
| 745 | #ifdef REF_CHECK | 716 | #ifdef REF_CHECK |
| 746 | if (i < 0) | 717 | if (i < 0) { |
| 747 | { | 718 | fprintf(stderr, "SSL_SESSION_free, bad reference count\n"); |
| 748 | fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); | ||
| 749 | abort(); /* ok */ | 719 | abort(); /* ok */ |
| 750 | } | 720 | } |
| 751 | #endif | 721 | #endif |
| 752 | 722 | ||
| 753 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 723 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 754 | 724 | ||
| 755 | OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); | 725 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); |
| 756 | OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | 726 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 757 | OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | 727 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 758 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | 728 | if (ss->sess_cert != NULL) |
| 759 | if (ss->peer != NULL) X509_free(ss->peer); | 729 | ssl_sess_cert_free(ss->sess_cert); |
| 760 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); | 730 | if (ss->peer != NULL) |
| 731 | X509_free(ss->peer); | ||
| 732 | if (ss->ciphers != NULL) | ||
| 733 | sk_SSL_CIPHER_free(ss->ciphers); | ||
| 761 | #ifndef OPENSSL_NO_TLSEXT | 734 | #ifndef OPENSSL_NO_TLSEXT |
| 762 | if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); | 735 | if (ss->tlsext_hostname != NULL) |
| 763 | if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); | 736 | OPENSSL_free(ss->tlsext_hostname); |
| 737 | if (ss->tlsext_tick != NULL) | ||
| 738 | OPENSSL_free(ss->tlsext_tick); | ||
| 764 | #ifndef OPENSSL_NO_EC | 739 | #ifndef OPENSSL_NO_EC |
| 765 | ss->tlsext_ecpointformatlist_length = 0; | 740 | ss->tlsext_ecpointformatlist_length = 0; |
| 766 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 741 | if (ss->tlsext_ecpointformatlist != NULL) |
| 742 | OPENSSL_free(ss->tlsext_ecpointformatlist); | ||
| 767 | ss->tlsext_ellipticcurvelist_length = 0; | 743 | ss->tlsext_ellipticcurvelist_length = 0; |
| 768 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 744 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 745 | OPENSSL_free(ss->tlsext_ellipticcurvelist); | ||
| 769 | #endif /* OPENSSL_NO_EC */ | 746 | #endif /* OPENSSL_NO_EC */ |
| 770 | #endif | 747 | #endif |
| 771 | #ifndef OPENSSL_NO_PSK | 748 | #ifndef OPENSSL_NO_PSK |
| @@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||
| 778 | if (ss->srp_username != NULL) | 755 | if (ss->srp_username != NULL) |
| 779 | OPENSSL_free(ss->srp_username); | 756 | OPENSSL_free(ss->srp_username); |
| 780 | #endif | 757 | #endif |
| 781 | OPENSSL_cleanse(ss,sizeof(*ss)); | 758 | OPENSSL_cleanse(ss, sizeof(*ss)); |
| 782 | OPENSSL_free(ss); | 759 | OPENSSL_free(ss); |
| 783 | } | 760 | } |
| 784 | 761 | ||
| 785 | int SSL_set_session(SSL *s, SSL_SESSION *session) | 762 | int |
| 786 | { | 763 | SSL_set_session(SSL *s, SSL_SESSION *session) |
| 787 | int ret=0; | 764 | { |
| 765 | int ret = 0; | ||
| 788 | const SSL_METHOD *meth; | 766 | const SSL_METHOD *meth; |
| 789 | 767 | ||
| 790 | if (session != NULL) | 768 | if (session != NULL) { |
| 791 | { | 769 | meth = s->ctx->method->get_ssl_method(session->ssl_version); |
| 792 | meth=s->ctx->method->get_ssl_method(session->ssl_version); | ||
| 793 | if (meth == NULL) | 770 | if (meth == NULL) |
| 794 | meth=s->method->get_ssl_method(session->ssl_version); | 771 | meth = s->method->get_ssl_method(session->ssl_version); |
| 795 | if (meth == NULL) | 772 | if (meth == NULL) { |
| 796 | { | 773 | SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); |
| 797 | SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); | 774 | return (0); |
| 798 | return(0); | 775 | } |
| 799 | } | ||
| 800 | 776 | ||
| 801 | if (meth != s->method) | 777 | if (meth != s->method) { |
| 802 | { | 778 | if (!SSL_set_ssl_method(s, meth)) |
| 803 | if (!SSL_set_ssl_method(s,meth)) | 779 | return (0); |
| 804 | return(0); | 780 | } |
| 805 | } | ||
| 806 | 781 | ||
| 807 | #ifndef OPENSSL_NO_KRB5 | 782 | #ifndef OPENSSL_NO_KRB5 |
| 808 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | 783 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && |
| 809 | session->krb5_client_princ_len > 0) | 784 | session->krb5_client_princ_len > 0) { |
| 810 | { | 785 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); |
| 811 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); | 786 | memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, |
| 812 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | 787 | session->krb5_client_princ_len); |
| 813 | session->krb5_client_princ_len); | 788 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; |
| 814 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | 789 | } |
| 815 | } | ||
| 816 | #endif /* OPENSSL_NO_KRB5 */ | 790 | #endif /* OPENSSL_NO_KRB5 */ |
| 817 | 791 | ||
| 818 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | 792 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ |
| 819 | CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); | 793 | CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 820 | if (s->session != NULL) | 794 | if (s->session != NULL) |
| 821 | SSL_SESSION_free(s->session); | 795 | SSL_SESSION_free(s->session); |
| 822 | s->session=session; | 796 | s->session = session; |
| 823 | s->verify_result = s->session->verify_result; | 797 | s->verify_result = s->session->verify_result; |
| 824 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | 798 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ |
| 825 | ret=1; | 799 | ret = 1; |
| 826 | } | 800 | } else { |
| 827 | else | 801 | if (s->session != NULL) { |
| 828 | { | ||
| 829 | if (s->session != NULL) | ||
| 830 | { | ||
| 831 | SSL_SESSION_free(s->session); | 802 | SSL_SESSION_free(s->session); |
| 832 | s->session=NULL; | 803 | s->session = NULL; |
| 833 | } | 804 | } |
| 834 | 805 | ||
| 835 | meth=s->ctx->method; | 806 | meth = s->ctx->method; |
| 836 | if (meth != s->method) | 807 | if (meth != s->method) { |
| 837 | { | 808 | if (!SSL_set_ssl_method(s, meth)) |
| 838 | if (!SSL_set_ssl_method(s,meth)) | 809 | return (0); |
| 839 | return(0); | ||
| 840 | } | ||
| 841 | ret=1; | ||
| 842 | } | 810 | } |
| 843 | return(ret); | 811 | ret = 1; |
| 844 | } | 812 | } |
| 813 | return (ret); | ||
| 814 | } | ||
| 845 | 815 | ||
| 846 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) | 816 | long |
| 847 | { | 817 | SSL_SESSION_set_timeout(SSL_SESSION *s, long t) |
| 848 | if (s == NULL) return(0); | 818 | { |
| 849 | s->timeout=t; | 819 | if (s == NULL) |
| 850 | return(1); | 820 | return (0); |
| 851 | } | 821 | s->timeout = t; |
| 822 | return (1); | ||
| 823 | } | ||
| 852 | 824 | ||
| 853 | long SSL_SESSION_get_timeout(const SSL_SESSION *s) | 825 | long |
| 854 | { | 826 | SSL_SESSION_get_timeout(const SSL_SESSION *s) |
| 855 | if (s == NULL) return(0); | 827 | { |
| 856 | return(s->timeout); | 828 | if (s == NULL) |
| 857 | } | 829 | return (0); |
| 830 | return (s->timeout); | ||
| 831 | } | ||
| 858 | 832 | ||
| 859 | long SSL_SESSION_get_time(const SSL_SESSION *s) | 833 | long |
| 860 | { | 834 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 861 | if (s == NULL) return(0); | 835 | { |
| 862 | return(s->time); | 836 | if (s == NULL) |
| 863 | } | 837 | return (0); |
| 838 | return (s->time); | ||
| 839 | } | ||
| 864 | 840 | ||
| 865 | long SSL_SESSION_set_time(SSL_SESSION *s, long t) | 841 | long |
| 866 | { | 842 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 867 | if (s == NULL) return(0); | 843 | { |
| 868 | s->time=t; | 844 | if (s == NULL) |
| 869 | return(t); | 845 | return (0); |
| 870 | } | 846 | s->time = t; |
| 847 | return (t); | ||
| 848 | } | ||
| 871 | 849 | ||
| 872 | X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) | 850 | X509 |
| 873 | { | 851 | *SSL_SESSION_get0_peer(SSL_SESSION *s) |
| 852 | { | ||
| 874 | return s->peer; | 853 | return s->peer; |
| 875 | } | 854 | } |
| 876 | 855 | ||
| 877 | int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, | 856 | int |
| 878 | unsigned int sid_ctx_len) | 857 | SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, |
| 879 | { | 858 | unsigned int sid_ctx_len) |
| 880 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 859 | { |
| 881 | { | 860 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 882 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 861 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 883 | return 0; | 862 | return 0; |
| 884 | } | 863 | } |
| 885 | s->sid_ctx_length=sid_ctx_len; | 864 | s->sid_ctx_length = sid_ctx_len; |
| 886 | memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); | 865 | memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); |
| 887 | 866 | ||
| 888 | return 1; | 867 | return 1; |
| 889 | } | 868 | } |
| 890 | 869 | ||
| 891 | long SSL_CTX_set_timeout(SSL_CTX *s, long t) | 870 | long |
| 892 | { | 871 | SSL_CTX_set_timeout(SSL_CTX *s, long t) |
| 872 | { | ||
| 893 | long l; | 873 | long l; |
| 894 | if (s == NULL) return(0); | 874 | if (s == NULL) |
| 895 | l=s->session_timeout; | 875 | return (0); |
| 896 | s->session_timeout=t; | 876 | l = s->session_timeout; |
| 897 | return(l); | 877 | s->session_timeout = t; |
| 898 | } | 878 | return (l); |
| 879 | } | ||
| 899 | 880 | ||
| 900 | long SSL_CTX_get_timeout(const SSL_CTX *s) | 881 | long |
| 901 | { | 882 | SSL_CTX_get_timeout(const SSL_CTX *s) |
| 902 | if (s == NULL) return(0); | 883 | { |
| 903 | return(s->session_timeout); | 884 | if (s == NULL) |
| 904 | } | 885 | return (0); |
| 886 | return (s->session_timeout); | ||
| 887 | } | ||
| 905 | 888 | ||
| 906 | #ifndef OPENSSL_NO_TLSEXT | 889 | #ifndef OPENSSL_NO_TLSEXT |
| 907 | int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, | 890 | int |
| 908 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) | 891 | SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, |
| 909 | { | 892 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) |
| 910 | if (s == NULL) return(0); | 893 | { |
| 894 | if (s == NULL) | ||
| 895 | return (0); | ||
| 911 | s->tls_session_secret_cb = tls_session_secret_cb; | 896 | s->tls_session_secret_cb = tls_session_secret_cb; |
| 912 | s->tls_session_secret_cb_arg = arg; | 897 | s->tls_session_secret_cb_arg = arg; |
| 913 | return(1); | 898 | return (1); |
| 914 | } | 899 | } |
| 915 | 900 | ||
| 916 | int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | 901 | int |
| 917 | void *arg) | 902 | SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, |
| 918 | { | 903 | void *arg) |
| 919 | if (s == NULL) return(0); | 904 | { |
| 905 | if (s == NULL) | ||
| 906 | return (0); | ||
| 920 | s->tls_session_ticket_ext_cb = cb; | 907 | s->tls_session_ticket_ext_cb = cb; |
| 921 | s->tls_session_ticket_ext_cb_arg = arg; | 908 | s->tls_session_ticket_ext_cb_arg = arg; |
| 922 | return(1); | 909 | return (1); |
| 923 | } | 910 | } |
| 924 | 911 | ||
| 925 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) | 912 | int |
| 926 | { | 913 | SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) |
| 927 | if (s->version >= TLS1_VERSION) | 914 | { |
| 928 | { | 915 | if (s->version >= TLS1_VERSION) { |
| 929 | if (s->tlsext_session_ticket) | 916 | if (s->tlsext_session_ticket) { |
| 930 | { | ||
| 931 | OPENSSL_free(s->tlsext_session_ticket); | 917 | OPENSSL_free(s->tlsext_session_ticket); |
| 932 | s->tlsext_session_ticket = NULL; | 918 | s->tlsext_session_ticket = NULL; |
| 933 | } | 919 | } |
| 934 | 920 | ||
| 935 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); | 921 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); |
| 936 | if (!s->tlsext_session_ticket) | 922 | if (!s->tlsext_session_ticket) { |
| 937 | { | ||
| 938 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); | 923 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); |
| 939 | return 0; | 924 | return 0; |
| 940 | } | 925 | } |
| 941 | 926 | ||
| 942 | if (ext_data) | 927 | if (ext_data) { |
| 943 | { | ||
| 944 | s->tlsext_session_ticket->length = ext_len; | 928 | s->tlsext_session_ticket->length = ext_len; |
| 945 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; | 929 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; |
| 946 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); | 930 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); |
| 947 | } | 931 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | s->tlsext_session_ticket->length = 0; | 932 | s->tlsext_session_ticket->length = 0; |
| 951 | s->tlsext_session_ticket->data = NULL; | 933 | s->tlsext_session_ticket->data = NULL; |
| 952 | } | 934 | } |
| 953 | 935 | ||
| 954 | return 1; | 936 | return 1; |
| 955 | } | 937 | } |
| 956 | 938 | ||
| 957 | return 0; | 939 | return 0; |
| 958 | } | 940 | } |
| 959 | #endif /* OPENSSL_NO_TLSEXT */ | 941 | #endif /* OPENSSL_NO_TLSEXT */ |
| 960 | 942 | ||
| 961 | typedef struct timeout_param_st | 943 | typedef struct timeout_param_st { |
| 962 | { | ||
| 963 | SSL_CTX *ctx; | 944 | SSL_CTX *ctx; |
| 964 | long time; | 945 | long time; |
| 965 | LHASH_OF(SSL_SESSION) *cache; | 946 | LHASH_OF(SSL_SESSION) *cache; |
| 966 | } TIMEOUT_PARAM; | 947 | } TIMEOUT_PARAM; |
| 967 | 948 | ||
| 968 | static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 949 | static void |
| 969 | { | 950 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 951 | { | ||
| 970 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 952 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ |
| 971 | { | 953 | { |
| 972 | /* The reason we don't call SSL_CTX_remove_session() is to | 954 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 973 | * save on locking overhead */ | 955 | * save on locking overhead */ |
| 974 | (void)lh_SSL_SESSION_delete(p->cache,s); | 956 | (void)lh_SSL_SESSION_delete(p->cache, s); |
| 975 | SSL_SESSION_list_remove(p->ctx,s); | 957 | SSL_SESSION_list_remove(p->ctx, s); |
| 976 | s->not_resumable=1; | 958 | s->not_resumable = 1; |
| 977 | if (p->ctx->remove_session_cb != NULL) | 959 | if (p->ctx->remove_session_cb != NULL) |
| 978 | p->ctx->remove_session_cb(p->ctx,s); | 960 | p->ctx->remove_session_cb(p->ctx, s); |
| 979 | SSL_SESSION_free(s); | 961 | SSL_SESSION_free(s); |
| 980 | } | ||
| 981 | } | 962 | } |
| 963 | } | ||
| 982 | 964 | ||
| 983 | static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 965 | static |
| 966 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | ||
| 984 | 967 | ||
| 985 | void SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 968 | void |
| 986 | { | 969 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 970 | { | ||
| 987 | unsigned long i; | 971 | unsigned long i; |
| 988 | TIMEOUT_PARAM tp; | 972 | TIMEOUT_PARAM tp; |
| 989 | 973 | ||
| 990 | tp.ctx=s; | 974 | tp.ctx = s; |
| 991 | tp.cache=s->sessions; | 975 | tp.cache = s->sessions; |
| 992 | if (tp.cache == NULL) return; | 976 | if (tp.cache == NULL) |
| 993 | tp.time=t; | 977 | return; |
| 978 | tp.time = t; | ||
| 994 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 979 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 995 | i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | 980 | i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; |
| 996 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; | 981 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; |
| 997 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | 982 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), |
| 998 | TIMEOUT_PARAM, &tp); | 983 | TIMEOUT_PARAM, &tp); |
| 999 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; | 984 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; |
| 1000 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 985 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 1001 | } | 986 | } |
| 1002 | 987 | ||
| 1003 | int ssl_clear_bad_session(SSL *s) | 988 | int |
| 1004 | { | 989 | ssl_clear_bad_session(SSL *s) |
| 1005 | if ( (s->session != NULL) && | 990 | { |
| 991 | if ((s->session != NULL) && | ||
| 1006 | !(s->shutdown & SSL_SENT_SHUTDOWN) && | 992 | !(s->shutdown & SSL_SENT_SHUTDOWN) && |
| 1007 | !(SSL_in_init(s) || SSL_in_before(s))) | 993 | !(SSL_in_init(s) || SSL_in_before(s))) { |
| 1008 | { | 994 | SSL_CTX_remove_session(s->ctx, s->session); |
| 1009 | SSL_CTX_remove_session(s->ctx,s->session); | 995 | return (1); |
| 1010 | return(1); | 996 | } else |
| 1011 | } | 997 | return (0); |
| 1012 | else | 998 | } |
| 1013 | return(0); | ||
| 1014 | } | ||
| 1015 | 999 | ||
| 1016 | /* locked by SSL_CTX in the calling function */ | 1000 | /* locked by SSL_CTX in the calling function */ |
| 1017 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) | 1001 | static void |
| 1018 | { | 1002 | SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) |
| 1019 | if ((s->next == NULL) || (s->prev == NULL)) return; | 1003 | { |
| 1004 | if ((s->next == NULL) | ||
| 1005 | || (s->prev == NULL)) return; | ||
| 1020 | 1006 | ||
| 1021 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) | 1007 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) |
| 1022 | { /* last element in list */ | 1008 | { /* last element in list */ |
| 1023 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1009 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1024 | { /* only one element in list */ | 1010 | { /* only one element in list */ |
| 1025 | ctx->session_cache_head=NULL; | 1011 | ctx->session_cache_head = NULL; |
| 1026 | ctx->session_cache_tail=NULL; | 1012 | ctx->session_cache_tail = NULL; |
| 1027 | } | 1013 | } else { |
| 1028 | else | 1014 | ctx->session_cache_tail = s->prev; |
| 1029 | { | 1015 | s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1030 | ctx->session_cache_tail=s->prev; | ||
| 1031 | s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); | ||
| 1032 | } | ||
| 1033 | } | 1016 | } |
| 1034 | else | 1017 | } else { |
| 1035 | { | ||
| 1036 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1018 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1037 | { /* first element in list */ | 1019 | { /* first element in list */ |
| 1038 | ctx->session_cache_head=s->next; | 1020 | ctx->session_cache_head = s->next; |
| 1039 | s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1021 | s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1040 | } | 1022 | } else |
| 1041 | else | 1023 | { /* middle of list */ |
| 1042 | { /* middle of list */ | 1024 | s->next->prev = s->prev; |
| 1043 | s->next->prev=s->prev; | 1025 | s->prev->next = s->next; |
| 1044 | s->prev->next=s->next; | ||
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1047 | s->prev=s->next=NULL; | ||
| 1048 | } | 1027 | } |
| 1028 | s->prev = s->next = NULL; | ||
| 1029 | } | ||
| 1049 | 1030 | ||
| 1050 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | 1031 | static void |
| 1051 | { | 1032 | SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) |
| 1033 | { | ||
| 1052 | if ((s->next != NULL) && (s->prev != NULL)) | 1034 | if ((s->next != NULL) && (s->prev != NULL)) |
| 1053 | SSL_SESSION_list_remove(ctx,s); | 1035 | SSL_SESSION_list_remove(ctx, s); |
| 1054 | 1036 | ||
| 1055 | if (ctx->session_cache_head == NULL) | 1037 | if (ctx->session_cache_head == NULL) { |
| 1056 | { | 1038 | ctx->session_cache_head = s; |
| 1057 | ctx->session_cache_head=s; | 1039 | ctx->session_cache_tail = s; |
| 1058 | ctx->session_cache_tail=s; | 1040 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1059 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1041 | s->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1060 | s->next=(SSL_SESSION *)&(ctx->session_cache_tail); | 1042 | } else { |
| 1061 | } | 1043 | s->next = ctx->session_cache_head; |
| 1062 | else | 1044 | s->next->prev = s; |
| 1063 | { | 1045 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1064 | s->next=ctx->session_cache_head; | 1046 | ctx->session_cache_head = s; |
| 1065 | s->next->prev=s; | ||
| 1066 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | ||
| 1067 | ctx->session_cache_head=s; | ||
| 1068 | } | ||
| 1069 | } | 1047 | } |
| 1048 | } | ||
| 1070 | 1049 | ||
| 1071 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | 1050 | void |
| 1072 | int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) | 1051 | SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, |
| 1073 | { | 1052 | int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { |
| 1074 | ctx->new_session_cb=cb; | 1053 | ctx->new_session_cb = cb; |
| 1075 | } | 1054 | } |
| 1076 | 1055 | ||
| 1077 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | 1056 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) |
| 1078 | { | 1057 | { |
| 1079 | return ctx->new_session_cb; | 1058 | return ctx->new_session_cb; |
| 1080 | } | 1059 | } |
| 1081 | 1060 | ||
| 1082 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | 1061 | void |
| 1083 | void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) | 1062 | SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, |
| 1084 | { | 1063 | void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) |
| 1085 | ctx->remove_session_cb=cb; | 1064 | { |
| 1086 | } | 1065 | ctx->remove_session_cb = cb; |
| 1066 | } | ||
| 1087 | 1067 | ||
| 1088 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) | 1068 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) |
| 1089 | { | 1069 | { |
| 1090 | return ctx->remove_session_cb; | 1070 | return ctx->remove_session_cb; |
| 1091 | } | 1071 | } |
| 1092 | 1072 | ||
| 1093 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | 1073 | void |
| 1094 | SSL_SESSION *(*cb)(struct ssl_st *ssl, | 1074 | SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, |
| 1095 | unsigned char *data,int len,int *copy)) | 1075 | SSL_SESSION *(*cb)(struct ssl_st *ssl, |
| 1096 | { | 1076 | unsigned char *data, int len, int *copy)) |
| 1097 | ctx->get_session_cb=cb; | 1077 | { |
| 1098 | } | 1078 | ctx->get_session_cb = cb; |
| 1079 | } | ||
| 1099 | 1080 | ||
| 1100 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, | 1081 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, |
| 1101 | unsigned char *data,int len,int *copy) | 1082 | unsigned char *data, int len, int *copy) |
| 1102 | { | 1083 | { |
| 1103 | return ctx->get_session_cb; | 1084 | return ctx->get_session_cb; |
| 1104 | } | 1085 | } |
| 1105 | 1086 | ||
| 1106 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, | 1087 | void |
| 1107 | void (*cb)(const SSL *ssl,int type,int val)) | 1088 | SSL_CTX_set_info_callback(SSL_CTX *ctx, |
| 1108 | { | 1089 | void (*cb)(const SSL *ssl, int type, int val)) |
| 1109 | ctx->info_callback=cb; | 1090 | { |
| 1110 | } | 1091 | ctx->info_callback = cb; |
| 1092 | } | ||
| 1111 | 1093 | ||
| 1112 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) | 1094 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) |
| 1113 | { | 1095 | { |
| 1114 | return ctx->info_callback; | 1096 | return ctx->info_callback; |
| 1115 | } | 1097 | } |
| 1116 | 1098 | ||
| 1117 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | 1099 | void |
| 1118 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | 1100 | SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, |
| 1119 | { | 1101 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) |
| 1120 | ctx->client_cert_cb=cb; | 1102 | { |
| 1121 | } | 1103 | ctx->client_cert_cb = cb; |
| 1104 | } | ||
| 1122 | 1105 | ||
| 1123 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) | 1106 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) |
| 1124 | { | 1107 | { |
| 1125 | return ctx->client_cert_cb; | 1108 | return ctx->client_cert_cb; |
| 1126 | } | 1109 | } |
| 1127 | 1110 | ||
| 1128 | #ifndef OPENSSL_NO_ENGINE | 1111 | #ifndef OPENSSL_NO_ENGINE |
| 1129 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | 1112 | int |
| 1130 | { | 1113 | SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) |
| 1131 | if (!ENGINE_init(e)) | 1114 | { |
| 1132 | { | 1115 | if (!ENGINE_init(e)) { |
| 1133 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); | 1116 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); |
| 1134 | return 0; | 1117 | return 0; |
| 1135 | } | 1118 | } |
| 1136 | if(!ENGINE_get_ssl_client_cert_function(e)) | 1119 | if (!ENGINE_get_ssl_client_cert_function(e)) { |
| 1137 | { | ||
| 1138 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); | 1120 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); |
| 1139 | ENGINE_finish(e); | 1121 | ENGINE_finish(e); |
| 1140 | return 0; | 1122 | return 0; |
| 1141 | } | 1123 | } |
| 1142 | ctx->client_cert_engine = e; | 1124 | ctx->client_cert_engine = e; |
| 1143 | return 1; | 1125 | return 1; |
| 1144 | } | 1126 | } |
| 1145 | #endif | 1127 | #endif |
| 1146 | 1128 | ||
| 1147 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | 1129 | void |
| 1148 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | 1130 | SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, |
| 1149 | { | 1131 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) |
| 1150 | ctx->app_gen_cookie_cb=cb; | 1132 | { |
| 1151 | } | 1133 | ctx->app_gen_cookie_cb = cb; |
| 1134 | } | ||
| 1152 | 1135 | ||
| 1153 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | 1136 | void |
| 1154 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | 1137 | SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, |
| 1155 | { | 1138 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) |
| 1156 | ctx->app_verify_cookie_cb=cb; | 1139 | { |
| 1157 | } | 1140 | ctx->app_verify_cookie_cb = cb; |
| 1141 | } | ||
| 1158 | 1142 | ||
| 1159 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) | 1143 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) |
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c index 144b81e55f..3d9371cdd7 100644 --- a/src/lib/libssl/ssl_stat.c +++ b/src/lib/libssl/ssl_stat.c | |||
| @@ -85,311 +85,533 @@ | |||
| 85 | #include <stdio.h> | 85 | #include <stdio.h> |
| 86 | #include "ssl_locl.h" | 86 | #include "ssl_locl.h" |
| 87 | 87 | ||
| 88 | const char *SSL_state_string_long(const SSL *s) | 88 | const char |
| 89 | { | 89 | *SSL_state_string_long(const SSL *s) |
| 90 | { | ||
| 90 | const char *str; | 91 | const char *str; |
| 91 | 92 | ||
| 92 | switch (s->state) | 93 | switch (s->state) { |
| 93 | { | 94 | case SSL_ST_BEFORE: |
| 94 | case SSL_ST_BEFORE: str="before SSL initialization"; break; | 95 | str="before SSL initialization"; break; |
| 95 | case SSL_ST_ACCEPT: str="before accept initialization"; break; | 96 | case SSL_ST_ACCEPT: |
| 96 | case SSL_ST_CONNECT: str="before connect initialization"; break; | 97 | str="before accept initialization"; break; |
| 97 | case SSL_ST_OK: str="SSL negotiation finished successfully"; break; | 98 | case SSL_ST_CONNECT: |
| 98 | case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; | 99 | str="before connect initialization"; break; |
| 99 | case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; | 100 | case SSL_ST_OK: |
| 100 | case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; | 101 | str="SSL negotiation finished successfully"; break; |
| 101 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; | 102 | case SSL_ST_RENEGOTIATE: |
| 102 | case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; | 103 | str="SSL renegotiate ciphers"; break; |
| 104 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 105 | str="before/connect initialization"; break; | ||
| 106 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 107 | str="ok/connect SSL initialization"; break; | ||
| 108 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 109 | str="before/accept initialization"; break; | ||
| 110 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 111 | str="ok/accept SSL initialization"; break; | ||
| 103 | #ifndef OPENSSL_NO_SSL2 | 112 | #ifndef OPENSSL_NO_SSL2 |
| 104 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; | 113 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 105 | case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; | 114 | str="SSLv2 client start encryption"; break; |
| 106 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; | 115 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 107 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; | 116 | str="SSLv2 server start encryption"; break; |
| 108 | case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; | 117 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 109 | case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; | 118 | str="SSLv2 write client hello A"; break; |
| 110 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; | 119 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 111 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; | 120 | str="SSLv2 write client hello B"; break; |
| 112 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; | 121 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 113 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; | 122 | str="SSLv2 read server hello A"; break; |
| 114 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; | 123 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 115 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; | 124 | str="SSLv2 read server hello B"; break; |
| 116 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; | 125 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 117 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; | 126 | str="SSLv2 write client master key A"; break; |
| 118 | case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; | 127 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 119 | case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; | 128 | str="SSLv2 write client master key B"; break; |
| 120 | case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; | 129 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 121 | case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; | 130 | str="SSLv2 write client finished A"; break; |
| 122 | case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; | 131 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 123 | case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; | 132 | str="SSLv2 write client finished B"; break; |
| 124 | case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; | 133 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 125 | case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; | 134 | str="SSLv2 write client certificate A"; break; |
| 126 | case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; | 135 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 127 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; | 136 | str="SSLv2 write client certificate B"; break; |
| 128 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; | 137 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 129 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; | 138 | str="SSLv2 write client certificate C"; break; |
| 130 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; | 139 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 131 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; | 140 | str="SSLv2 write client certificate D"; break; |
| 132 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; | 141 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 133 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; | 142 | str="SSLv2 read server verify A"; break; |
| 134 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; | 143 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 135 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; | 144 | str="SSLv2 read server verify B"; break; |
| 136 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; | 145 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 137 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; | 146 | str="SSLv2 read server finished A"; break; |
| 138 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; | 147 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 139 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; | 148 | str="SSLv2 read server finished B"; break; |
| 140 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; | 149 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 141 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; | 150 | str="SSLv2 read client hello A"; break; |
| 151 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 152 | str="SSLv2 read client hello B"; break; | ||
| 153 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 154 | str="SSLv2 read client hello C"; break; | ||
| 155 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 156 | str="SSLv2 write server hello A"; break; | ||
| 157 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 158 | str="SSLv2 write server hello B"; break; | ||
| 159 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 160 | str="SSLv2 read client master key A"; break; | ||
| 161 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 162 | str="SSLv2 read client master key B"; break; | ||
| 163 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 164 | str="SSLv2 write server verify A"; break; | ||
| 165 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 166 | str="SSLv2 write server verify B"; break; | ||
| 167 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 168 | str="SSLv2 write server verify C"; break; | ||
| 169 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 170 | str="SSLv2 read client finished A"; break; | ||
| 171 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 172 | str="SSLv2 read client finished B"; break; | ||
| 173 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 174 | str="SSLv2 write server finished A"; break; | ||
| 175 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 176 | str="SSLv2 write server finished B"; break; | ||
| 177 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 178 | str="SSLv2 write request certificate A"; break; | ||
| 179 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 180 | str="SSLv2 write request certificate B"; break; | ||
| 181 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 182 | str="SSLv2 write request certificate C"; break; | ||
| 183 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 184 | str="SSLv2 write request certificate D"; break; | ||
| 185 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 186 | str="SSLv2 X509 read server certificate"; break; | ||
| 187 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 188 | str="SSLv2 X509 read client certificate"; break; | ||
| 142 | #endif | 189 | #endif |
| 143 | 190 | ||
| 144 | #ifndef OPENSSL_NO_SSL3 | 191 | #ifndef OPENSSL_NO_SSL3 |
| 145 | /* SSLv3 additions */ | 192 | /* SSLv3 additions */ |
| 146 | case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; | 193 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 147 | case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; | 194 | str="SSLv3 write client hello A"; break; |
| 148 | case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; | 195 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 149 | case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; | 196 | str="SSLv3 write client hello B"; break; |
| 150 | case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; | 197 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 151 | case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; | 198 | str="SSLv3 read server hello A"; break; |
| 152 | case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; | 199 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 153 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; | 200 | str="SSLv3 read server hello B"; break; |
| 154 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; | 201 | case SSL3_ST_CR_CERT_A: |
| 155 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; | 202 | str="SSLv3 read server certificate A"; break; |
| 156 | case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; | 203 | case SSL3_ST_CR_CERT_B: |
| 157 | case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; | 204 | str="SSLv3 read server certificate B"; break; |
| 158 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | 205 | case SSL3_ST_CR_KEY_EXCH_A: |
| 159 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | 206 | str="SSLv3 read server key exchange A"; break; |
| 160 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | 207 | case SSL3_ST_CR_KEY_EXCH_B: |
| 161 | case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; | 208 | str="SSLv3 read server key exchange B"; break; |
| 162 | case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; | 209 | case SSL3_ST_CR_CERT_REQ_A: |
| 163 | case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; | 210 | str="SSLv3 read server certificate request A"; break; |
| 164 | case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; | 211 | case SSL3_ST_CR_CERT_REQ_B: |
| 165 | case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; | 212 | str="SSLv3 read server certificate request B"; break; |
| 166 | case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; | 213 | case SSL3_ST_CR_SESSION_TICKET_A: |
| 167 | case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; | 214 | str="SSLv3 read server session ticket A";break; |
| 215 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 216 | str="SSLv3 read server session ticket B";break; | ||
| 217 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 218 | str="SSLv3 read server done A"; break; | ||
| 219 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 220 | str="SSLv3 read server done B"; break; | ||
| 221 | case SSL3_ST_CW_CERT_A: | ||
| 222 | str="SSLv3 write client certificate A"; break; | ||
| 223 | case SSL3_ST_CW_CERT_B: | ||
| 224 | str="SSLv3 write client certificate B"; break; | ||
| 225 | case SSL3_ST_CW_CERT_C: | ||
| 226 | str="SSLv3 write client certificate C"; break; | ||
| 227 | case SSL3_ST_CW_CERT_D: | ||
| 228 | str="SSLv3 write client certificate D"; break; | ||
| 229 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 230 | str="SSLv3 write client key exchange A"; break; | ||
| 231 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 232 | str="SSLv3 write client key exchange B"; break; | ||
| 233 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 234 | str="SSLv3 write certificate verify A"; break; | ||
| 235 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 236 | str="SSLv3 write certificate verify B"; break; | ||
| 168 | 237 | ||
| 169 | case SSL3_ST_CW_CHANGE_A: | 238 | case SSL3_ST_CW_CHANGE_A: |
| 170 | case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; | 239 | case SSL3_ST_SW_CHANGE_A: |
| 171 | case SSL3_ST_CW_CHANGE_B: | 240 | str="SSLv3 write change cipher spec A"; break; |
| 172 | case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; | 241 | case SSL3_ST_CW_CHANGE_B: |
| 173 | case SSL3_ST_CW_FINISHED_A: | 242 | case SSL3_ST_SW_CHANGE_B: |
| 174 | case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; | 243 | str="SSLv3 write change cipher spec B"; break; |
| 175 | case SSL3_ST_CW_FINISHED_B: | 244 | case SSL3_ST_CW_FINISHED_A: |
| 176 | case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; | 245 | case SSL3_ST_SW_FINISHED_A: |
| 177 | case SSL3_ST_CR_CHANGE_A: | 246 | str="SSLv3 write finished A"; break; |
| 178 | case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; | 247 | case SSL3_ST_CW_FINISHED_B: |
| 179 | case SSL3_ST_CR_CHANGE_B: | 248 | case SSL3_ST_SW_FINISHED_B: |
| 180 | case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; | 249 | str="SSLv3 write finished B"; break; |
| 181 | case SSL3_ST_CR_FINISHED_A: | 250 | case SSL3_ST_CR_CHANGE_A: |
| 182 | case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; | 251 | case SSL3_ST_SR_CHANGE_A: |
| 183 | case SSL3_ST_CR_FINISHED_B: | 252 | str="SSLv3 read change cipher spec A"; break; |
| 184 | case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; | 253 | case SSL3_ST_CR_CHANGE_B: |
| 254 | case SSL3_ST_SR_CHANGE_B: | ||
| 255 | str="SSLv3 read change cipher spec B"; break; | ||
| 256 | case SSL3_ST_CR_FINISHED_A: | ||
| 257 | case SSL3_ST_SR_FINISHED_A: | ||
| 258 | str="SSLv3 read finished A"; break; | ||
| 259 | case SSL3_ST_CR_FINISHED_B: | ||
| 260 | case SSL3_ST_SR_FINISHED_B: | ||
| 261 | str="SSLv3 read finished B"; break; | ||
| 185 | 262 | ||
| 186 | case SSL3_ST_CW_FLUSH: | 263 | case SSL3_ST_CW_FLUSH: |
| 187 | case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; | 264 | case SSL3_ST_SW_FLUSH: |
| 265 | str="SSLv3 flush data"; break; | ||
| 188 | 266 | ||
| 189 | case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; | 267 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 190 | case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; | 268 | str="SSLv3 read client hello A"; break; |
| 191 | case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; | 269 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 192 | case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; | 270 | str="SSLv3 read client hello B"; break; |
| 193 | case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; | 271 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 194 | case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; | 272 | str="SSLv3 read client hello C"; break; |
| 195 | case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; | 273 | case SSL3_ST_SW_HELLO_REQ_A: |
| 196 | case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; | 274 | str="SSLv3 write hello request A"; break; |
| 197 | case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; | 275 | case SSL3_ST_SW_HELLO_REQ_B: |
| 198 | case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; | 276 | str="SSLv3 write hello request B"; break; |
| 199 | case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; | 277 | case SSL3_ST_SW_HELLO_REQ_C: |
| 200 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; | 278 | str="SSLv3 write hello request C"; break; |
| 201 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; | 279 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 202 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; | 280 | str="SSLv3 write server hello A"; break; |
| 203 | case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; | 281 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 204 | case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; | 282 | str="SSLv3 write server hello B"; break; |
| 205 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; | 283 | case SSL3_ST_SW_CERT_A: |
| 206 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; | 284 | str="SSLv3 write certificate A"; break; |
| 207 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; | 285 | case SSL3_ST_SW_CERT_B: |
| 208 | case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; | 286 | str="SSLv3 write certificate B"; break; |
| 209 | case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; | 287 | case SSL3_ST_SW_KEY_EXCH_A: |
| 210 | case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; | 288 | str="SSLv3 write key exchange A"; break; |
| 211 | case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; | 289 | case SSL3_ST_SW_KEY_EXCH_B: |
| 212 | case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; | 290 | str="SSLv3 write key exchange B"; break; |
| 291 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 292 | str="SSLv3 write certificate request A"; break; | ||
| 293 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 294 | str="SSLv3 write certificate request B"; break; | ||
| 295 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 296 | str="SSLv3 write session ticket A"; break; | ||
| 297 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 298 | str="SSLv3 write session ticket B"; break; | ||
| 299 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 300 | str="SSLv3 write server done A"; break; | ||
| 301 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 302 | str="SSLv3 write server done B"; break; | ||
| 303 | case SSL3_ST_SR_CERT_A: | ||
| 304 | str="SSLv3 read client certificate A"; break; | ||
| 305 | case SSL3_ST_SR_CERT_B: | ||
| 306 | str="SSLv3 read client certificate B"; break; | ||
| 307 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 308 | str="SSLv3 read client key exchange A"; break; | ||
| 309 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 310 | str="SSLv3 read client key exchange B"; break; | ||
| 311 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 312 | str="SSLv3 read certificate verify A"; break; | ||
| 313 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 314 | str="SSLv3 read certificate verify B"; break; | ||
| 213 | #endif | 315 | #endif |
| 214 | 316 | ||
| 215 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 317 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 216 | /* SSLv2/v3 compatibility states */ | 318 | /* SSLv2/v3 compatibility states */ |
| 217 | /* client */ | 319 | /* client */ |
| 218 | case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; | 320 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 219 | case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; | 321 | str="SSLv2/v3 write client hello A"; break; |
| 220 | case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; | 322 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 221 | case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; | 323 | str="SSLv2/v3 write client hello B"; break; |
| 324 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 325 | str="SSLv2/v3 read server hello A"; break; | ||
| 326 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 327 | str="SSLv2/v3 read server hello B"; break; | ||
| 222 | /* server */ | 328 | /* server */ |
| 223 | case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; | 329 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 224 | case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; | 330 | str="SSLv2/v3 read client hello A"; break; |
| 331 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 332 | str="SSLv2/v3 read client hello B"; break; | ||
| 225 | #endif | 333 | #endif |
| 226 | 334 | ||
| 227 | /* DTLS */ | 335 | /* DTLS */ |
| 228 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; | 336 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 229 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; | 337 | str="DTLS1 read hello verify request A"; break; |
| 230 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; | 338 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 231 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; | 339 | str="DTLS1 read hello verify request B"; break; |
| 340 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 341 | str="DTLS1 write hello verify request A"; break; | ||
| 342 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 343 | str="DTLS1 write hello verify request B"; break; | ||
| 232 | 344 | ||
| 233 | default: str="unknown state"; break; | 345 | default: |
| 234 | } | 346 | str="unknown state"; break; |
| 235 | return(str); | ||
| 236 | } | 347 | } |
| 348 | return (str); | ||
| 349 | } | ||
| 237 | 350 | ||
| 238 | const char *SSL_rstate_string_long(const SSL *s) | 351 | const char |
| 239 | { | 352 | *SSL_rstate_string_long(const SSL *s) |
| 353 | { | ||
| 240 | const char *str; | 354 | const char *str; |
| 241 | 355 | ||
| 242 | switch (s->rstate) | 356 | switch (s->rstate) { |
| 243 | { | 357 | case SSL_ST_READ_HEADER: |
| 244 | case SSL_ST_READ_HEADER: str="read header"; break; | 358 | str="read header"; break; |
| 245 | case SSL_ST_READ_BODY: str="read body"; break; | 359 | case SSL_ST_READ_BODY: |
| 246 | case SSL_ST_READ_DONE: str="read done"; break; | 360 | str="read body"; break; |
| 247 | default: str="unknown"; break; | 361 | case SSL_ST_READ_DONE: |
| 248 | } | 362 | str="read done"; break; |
| 249 | return(str); | 363 | default: |
| 364 | str="unknown"; break; | ||
| 250 | } | 365 | } |
| 366 | return (str); | ||
| 367 | } | ||
| 251 | 368 | ||
| 252 | const char *SSL_state_string(const SSL *s) | 369 | const char |
| 253 | { | 370 | *SSL_state_string(const SSL *s) |
| 371 | { | ||
| 254 | const char *str; | 372 | const char *str; |
| 255 | 373 | ||
| 256 | switch (s->state) | 374 | switch (s->state) { |
| 257 | { | 375 | case SSL_ST_BEFORE: |
| 258 | case SSL_ST_BEFORE: str="PINIT "; break; | 376 | str="PINIT "; break; |
| 259 | case SSL_ST_ACCEPT: str="AINIT "; break; | 377 | case SSL_ST_ACCEPT: |
| 260 | case SSL_ST_CONNECT: str="CINIT "; break; | 378 | str="AINIT "; break; |
| 261 | case SSL_ST_OK: str="SSLOK "; break; | 379 | case SSL_ST_CONNECT: |
| 380 | str="CINIT "; break; | ||
| 381 | case SSL_ST_OK: | ||
| 382 | str="SSLOK "; break; | ||
| 262 | #ifndef OPENSSL_NO_SSL2 | 383 | #ifndef OPENSSL_NO_SSL2 |
| 263 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; | 384 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 264 | case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; | 385 | str="2CSENC"; break; |
| 265 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; | 386 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 266 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; | 387 | str="2SSENC"; break; |
| 267 | case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; | 388 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 268 | case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; | 389 | str="2SCH_A"; break; |
| 269 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; | 390 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 270 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; | 391 | str="2SCH_B"; break; |
| 271 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; | 392 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 272 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; | 393 | str="2GSH_A"; break; |
| 273 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; | 394 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 274 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; | 395 | str="2GSH_B"; break; |
| 275 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; | 396 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 276 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; | 397 | str="2SCMKA"; break; |
| 277 | case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; | 398 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 278 | case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; | 399 | str="2SCMKB"; break; |
| 279 | case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; | 400 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 280 | case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; | 401 | str="2SCF_A"; break; |
| 281 | case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; | 402 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 282 | case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; | 403 | str="2SCF_B"; break; |
| 283 | case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; | 404 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 284 | case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; | 405 | str="2SCC_A"; break; |
| 285 | case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; | 406 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 286 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; | 407 | str="2SCC_B"; break; |
| 287 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; | 408 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 288 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; | 409 | str="2SCC_C"; break; |
| 289 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; | 410 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 290 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; | 411 | str="2SCC_D"; break; |
| 291 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; | 412 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 292 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; | 413 | str="2GSV_A"; break; |
| 293 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; | 414 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 294 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; | 415 | str="2GSV_B"; break; |
| 295 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; | 416 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 296 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; | 417 | str="2GSF_A"; break; |
| 297 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; | 418 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 298 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; | 419 | str="2GSF_B"; break; |
| 299 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; | 420 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 300 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; | 421 | str="2GCH_A"; break; |
| 422 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 423 | str="2GCH_B"; break; | ||
| 424 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 425 | str="2GCH_C"; break; | ||
| 426 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 427 | str="2SSH_A"; break; | ||
| 428 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 429 | str="2SSH_B"; break; | ||
| 430 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 431 | str="2GCMKA"; break; | ||
| 432 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 433 | str="2GCMKA"; break; | ||
| 434 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 435 | str="2SSV_A"; break; | ||
| 436 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 437 | str="2SSV_B"; break; | ||
| 438 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 439 | str="2SSV_C"; break; | ||
| 440 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 441 | str="2GCF_A"; break; | ||
| 442 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 443 | str="2GCF_B"; break; | ||
| 444 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 445 | str="2SSF_A"; break; | ||
| 446 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 447 | str="2SSF_B"; break; | ||
| 448 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 449 | str="2SRC_A"; break; | ||
| 450 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 451 | str="2SRC_B"; break; | ||
| 452 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 453 | str="2SRC_C"; break; | ||
| 454 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 455 | str="2SRC_D"; break; | ||
| 456 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 457 | str="2X9GSC"; break; | ||
| 458 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 459 | str="2X9GCC"; break; | ||
| 301 | #endif | 460 | #endif |
| 302 | 461 | ||
| 303 | #ifndef OPENSSL_NO_SSL3 | 462 | #ifndef OPENSSL_NO_SSL3 |
| 304 | /* SSLv3 additions */ | 463 | /* SSLv3 additions */ |
| 305 | case SSL3_ST_SW_FLUSH: | 464 | case SSL3_ST_SW_FLUSH: |
| 306 | case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; | 465 | case SSL3_ST_CW_FLUSH: |
| 307 | case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; | 466 | str="3FLUSH"; break; |
| 308 | case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; | 467 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 309 | case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; | 468 | str="3WCH_A"; break; |
| 310 | case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; | 469 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 311 | case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; | 470 | str="3WCH_B"; break; |
| 312 | case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; | 471 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 313 | case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; | 472 | str="3RSH_A"; break; |
| 314 | case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; | 473 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 315 | case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; | 474 | str="3RSH_B"; break; |
| 316 | case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; | 475 | case SSL3_ST_CR_CERT_A: |
| 317 | case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; | 476 | str="3RSC_A"; break; |
| 318 | case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; | 477 | case SSL3_ST_CR_CERT_B: |
| 319 | case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; | 478 | str="3RSC_B"; break; |
| 320 | case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; | 479 | case SSL3_ST_CR_KEY_EXCH_A: |
| 321 | case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; | 480 | str="3RSKEA"; break; |
| 322 | case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; | 481 | case SSL3_ST_CR_KEY_EXCH_B: |
| 323 | case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; | 482 | str="3RSKEB"; break; |
| 324 | case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; | 483 | case SSL3_ST_CR_CERT_REQ_A: |
| 325 | case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; | 484 | str="3RCR_A"; break; |
| 326 | case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; | 485 | case SSL3_ST_CR_CERT_REQ_B: |
| 486 | str="3RCR_B"; break; | ||
| 487 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 488 | str="3RSD_A"; break; | ||
| 489 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 490 | str="3RSD_B"; break; | ||
| 491 | case SSL3_ST_CW_CERT_A: | ||
| 492 | str="3WCC_A"; break; | ||
| 493 | case SSL3_ST_CW_CERT_B: | ||
| 494 | str="3WCC_B"; break; | ||
| 495 | case SSL3_ST_CW_CERT_C: | ||
| 496 | str="3WCC_C"; break; | ||
| 497 | case SSL3_ST_CW_CERT_D: | ||
| 498 | str="3WCC_D"; break; | ||
| 499 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 500 | str="3WCKEA"; break; | ||
| 501 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 502 | str="3WCKEB"; break; | ||
| 503 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 504 | str="3WCV_A"; break; | ||
| 505 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 506 | str="3WCV_B"; break; | ||
| 327 | 507 | ||
| 328 | case SSL3_ST_SW_CHANGE_A: | 508 | case SSL3_ST_SW_CHANGE_A: |
| 329 | case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; | 509 | case SSL3_ST_CW_CHANGE_A: |
| 330 | case SSL3_ST_SW_CHANGE_B: | 510 | str="3WCCSA"; break; |
| 331 | case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; | 511 | case SSL3_ST_SW_CHANGE_B: |
| 332 | case SSL3_ST_SW_FINISHED_A: | 512 | case SSL3_ST_CW_CHANGE_B: |
| 333 | case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; | 513 | str="3WCCSB"; break; |
| 334 | case SSL3_ST_SW_FINISHED_B: | 514 | case SSL3_ST_SW_FINISHED_A: |
| 335 | case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; | 515 | case SSL3_ST_CW_FINISHED_A: |
| 336 | case SSL3_ST_SR_CHANGE_A: | 516 | str="3WFINA"; break; |
| 337 | case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; | 517 | case SSL3_ST_SW_FINISHED_B: |
| 338 | case SSL3_ST_SR_CHANGE_B: | 518 | case SSL3_ST_CW_FINISHED_B: |
| 339 | case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; | 519 | str="3WFINB"; break; |
| 340 | case SSL3_ST_SR_FINISHED_A: | 520 | case SSL3_ST_SR_CHANGE_A: |
| 341 | case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; | 521 | case SSL3_ST_CR_CHANGE_A: |
| 342 | case SSL3_ST_SR_FINISHED_B: | 522 | str="3RCCSA"; break; |
| 343 | case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; | 523 | case SSL3_ST_SR_CHANGE_B: |
| 524 | case SSL3_ST_CR_CHANGE_B: | ||
| 525 | str="3RCCSB"; break; | ||
| 526 | case SSL3_ST_SR_FINISHED_A: | ||
| 527 | case SSL3_ST_CR_FINISHED_A: | ||
| 528 | str="3RFINA"; break; | ||
| 529 | case SSL3_ST_SR_FINISHED_B: | ||
| 530 | case SSL3_ST_CR_FINISHED_B: | ||
| 531 | str="3RFINB"; break; | ||
| 344 | 532 | ||
| 345 | case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; | 533 | case SSL3_ST_SW_HELLO_REQ_A: |
| 346 | case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; | 534 | str="3WHR_A"; break; |
| 347 | case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; | 535 | case SSL3_ST_SW_HELLO_REQ_B: |
| 348 | case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; | 536 | str="3WHR_B"; break; |
| 349 | case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; | 537 | case SSL3_ST_SW_HELLO_REQ_C: |
| 350 | case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; | 538 | str="3WHR_C"; break; |
| 351 | case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; | 539 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 352 | case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; | 540 | str="3RCH_A"; break; |
| 353 | case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; | 541 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 354 | case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; | 542 | str="3RCH_B"; break; |
| 355 | case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; | 543 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 356 | case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; | 544 | str="3RCH_C"; break; |
| 357 | case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; | 545 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 358 | case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; | 546 | str="3WSH_A"; break; |
| 359 | case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; | 547 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 360 | case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; | 548 | str="3WSH_B"; break; |
| 361 | case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; | 549 | case SSL3_ST_SW_CERT_A: |
| 362 | case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; | 550 | str="3WSC_A"; break; |
| 363 | case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; | 551 | case SSL3_ST_SW_CERT_B: |
| 364 | case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; | 552 | str="3WSC_B"; break; |
| 365 | case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; | 553 | case SSL3_ST_SW_KEY_EXCH_A: |
| 366 | case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; | 554 | str="3WSKEA"; break; |
| 555 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 556 | str="3WSKEB"; break; | ||
| 557 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 558 | str="3WCR_A"; break; | ||
| 559 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 560 | str="3WCR_B"; break; | ||
| 561 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 562 | str="3WSD_A"; break; | ||
| 563 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 564 | str="3WSD_B"; break; | ||
| 565 | case SSL3_ST_SR_CERT_A: | ||
| 566 | str="3RCC_A"; break; | ||
| 567 | case SSL3_ST_SR_CERT_B: | ||
| 568 | str="3RCC_B"; break; | ||
| 569 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 570 | str="3RCKEA"; break; | ||
| 571 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 572 | str="3RCKEB"; break; | ||
| 573 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 574 | str="3RCV_A"; break; | ||
| 575 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 576 | str="3RCV_B"; break; | ||
| 367 | #endif | 577 | #endif |
| 368 | 578 | ||
| 369 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 579 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 370 | /* SSLv2/v3 compatibility states */ | 580 | /* SSLv2/v3 compatibility states */ |
| 371 | /* client */ | 581 | /* client */ |
| 372 | case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; | 582 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 373 | case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; | 583 | str="23WCHA"; break; |
| 374 | case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; | 584 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 375 | case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; | 585 | str="23WCHB"; break; |
| 586 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 587 | str="23RSHA"; break; | ||
| 588 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 589 | str="23RSHA"; break; | ||
| 376 | /* server */ | 590 | /* server */ |
| 377 | case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; | 591 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 378 | case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; | 592 | str="23RCHA"; break; |
| 593 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 594 | str="23RCHB"; break; | ||
| 379 | #endif | 595 | #endif |
| 380 | /* DTLS */ | 596 | /* DTLS */ |
| 381 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; | 597 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 382 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; | 598 | str="DRCHVA"; break; |
| 383 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; | 599 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 384 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; | 600 | str="DRCHVB"; break; |
| 601 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 602 | str="DWCHVA"; break; | ||
| 603 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 604 | str="DWCHVB"; break; | ||
| 385 | 605 | ||
| 386 | default: str="UNKWN "; break; | 606 | default: |
| 387 | } | 607 | str="UNKWN "; break; |
| 388 | return(str); | ||
| 389 | } | 608 | } |
| 609 | return (str); | ||
| 610 | } | ||
| 390 | 611 | ||
| 391 | const char *SSL_alert_type_string_long(int value) | 612 | const char |
| 392 | { | 613 | *SSL_alert_type_string_long(int value) |
| 614 | { | ||
| 393 | value>>=8; | 615 | value>>=8; |
| 394 | if (value == SSL3_AL_WARNING) | 616 | if (value == SSL3_AL_WARNING) |
| 395 | return("warning"); | 617 | return("warning"); |
| @@ -397,10 +619,11 @@ const char *SSL_alert_type_string_long(int value) | |||
| 397 | return("fatal"); | 619 | return("fatal"); |
| 398 | else | 620 | else |
| 399 | return("unknown"); | 621 | return("unknown"); |
| 400 | } | 622 | } |
| 401 | 623 | ||
| 402 | const char *SSL_alert_type_string(int value) | 624 | const char |
| 403 | { | 625 | *SSL_alert_type_string(int value) |
| 626 | { | ||
| 404 | value>>=8; | 627 | value>>=8; |
| 405 | if (value == SSL3_AL_WARNING) | 628 | if (value == SSL3_AL_WARNING) |
| 406 | return("W"); | 629 | return("W"); |
| @@ -408,55 +631,86 @@ const char *SSL_alert_type_string(int value) | |||
| 408 | return("F"); | 631 | return("F"); |
| 409 | else | 632 | else |
| 410 | return("U"); | 633 | return("U"); |
| 411 | } | 634 | } |
| 412 | 635 | ||
| 413 | const char *SSL_alert_desc_string(int value) | 636 | const char |
| 414 | { | 637 | *SSL_alert_desc_string(int value) |
| 638 | { | ||
| 415 | const char *str; | 639 | const char *str; |
| 416 | 640 | ||
| 417 | switch (value & 0xff) | 641 | switch (value & 0xff) { |
| 418 | { | 642 | case SSL3_AD_CLOSE_NOTIFY: |
| 419 | case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; | 643 | str="CN"; break; |
| 420 | case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; | 644 | case SSL3_AD_UNEXPECTED_MESSAGE: |
| 421 | case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; | 645 | str="UM"; break; |
| 422 | case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; | 646 | case SSL3_AD_BAD_RECORD_MAC: |
| 423 | case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; | 647 | str="BM"; break; |
| 424 | case SSL3_AD_NO_CERTIFICATE: str="NC"; break; | 648 | case SSL3_AD_DECOMPRESSION_FAILURE: |
| 425 | case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; | 649 | str="DF"; break; |
| 426 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; | 650 | case SSL3_AD_HANDSHAKE_FAILURE: |
| 427 | case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; | 651 | str="HF"; break; |
| 428 | case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; | 652 | case SSL3_AD_NO_CERTIFICATE: |
| 429 | case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; | 653 | str="NC"; break; |
| 430 | case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; | 654 | case SSL3_AD_BAD_CERTIFICATE: |
| 431 | case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; | 655 | str="BC"; break; |
| 432 | case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; | 656 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: |
| 433 | case TLS1_AD_UNKNOWN_CA: str="CA"; break; | 657 | str="UC"; break; |
| 434 | case TLS1_AD_ACCESS_DENIED: str="AD"; break; | 658 | case SSL3_AD_CERTIFICATE_REVOKED: |
| 435 | case TLS1_AD_DECODE_ERROR: str="DE"; break; | 659 | str="CR"; break; |
| 436 | case TLS1_AD_DECRYPT_ERROR: str="CY"; break; | 660 | case SSL3_AD_CERTIFICATE_EXPIRED: |
| 437 | case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; | 661 | str="CE"; break; |
| 438 | case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; | 662 | case SSL3_AD_CERTIFICATE_UNKNOWN: |
| 439 | case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; | 663 | str="CU"; break; |
| 440 | case TLS1_AD_INTERNAL_ERROR: str="IE"; break; | 664 | case SSL3_AD_ILLEGAL_PARAMETER: |
| 441 | case TLS1_AD_USER_CANCELLED: str="US"; break; | 665 | str="IP"; break; |
| 442 | case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; | 666 | case TLS1_AD_DECRYPTION_FAILED: |
| 443 | case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; | 667 | str="DC"; break; |
| 444 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; | 668 | case TLS1_AD_RECORD_OVERFLOW: |
| 445 | case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; | 669 | str="RO"; break; |
| 446 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; | 670 | case TLS1_AD_UNKNOWN_CA: |
| 447 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; | 671 | str="CA"; break; |
| 448 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; | 672 | case TLS1_AD_ACCESS_DENIED: |
| 449 | default: str="UK"; break; | 673 | str="AD"; break; |
| 450 | } | 674 | case TLS1_AD_DECODE_ERROR: |
| 451 | return(str); | 675 | str="DE"; break; |
| 676 | case TLS1_AD_DECRYPT_ERROR: | ||
| 677 | str="CY"; break; | ||
| 678 | case TLS1_AD_EXPORT_RESTRICTION: | ||
| 679 | str="ER"; break; | ||
| 680 | case TLS1_AD_PROTOCOL_VERSION: | ||
| 681 | str="PV"; break; | ||
| 682 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
| 683 | str="IS"; break; | ||
| 684 | case TLS1_AD_INTERNAL_ERROR: | ||
| 685 | str="IE"; break; | ||
| 686 | case TLS1_AD_USER_CANCELLED: | ||
| 687 | str="US"; break; | ||
| 688 | case TLS1_AD_NO_RENEGOTIATION: | ||
| 689 | str="NR"; break; | ||
| 690 | case TLS1_AD_UNSUPPORTED_EXTENSION: | ||
| 691 | str="UE"; break; | ||
| 692 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: | ||
| 693 | str="CO"; break; | ||
| 694 | case TLS1_AD_UNRECOGNIZED_NAME: | ||
| 695 | str="UN"; break; | ||
| 696 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
| 697 | str="BR"; break; | ||
| 698 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
| 699 | str="BH"; break; | ||
| 700 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | ||
| 701 | str="UP"; break; | ||
| 702 | default: | ||
| 703 | str="UK"; break; | ||
| 452 | } | 704 | } |
| 705 | return (str); | ||
| 706 | } | ||
| 453 | 707 | ||
| 454 | const char *SSL_alert_desc_string_long(int value) | 708 | const char |
| 455 | { | 709 | *SSL_alert_desc_string_long(int value) |
| 710 | { | ||
| 456 | const char *str; | 711 | const char *str; |
| 457 | 712 | ||
| 458 | switch (value & 0xff) | 713 | switch (value & 0xff) { |
| 459 | { | ||
| 460 | case SSL3_AD_CLOSE_NOTIFY: | 714 | case SSL3_AD_CLOSE_NOTIFY: |
| 461 | str="close notify"; | 715 | str="close notify"; |
| 462 | break; | 716 | break; |
| @@ -547,21 +801,26 @@ const char *SSL_alert_desc_string_long(int value) | |||
| 547 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | 801 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: |
| 548 | str="unknown PSK identity"; | 802 | str="unknown PSK identity"; |
| 549 | break; | 803 | break; |
| 550 | default: str="unknown"; break; | 804 | default: |
| 551 | } | 805 | str="unknown"; break; |
| 552 | return(str); | ||
| 553 | } | 806 | } |
| 807 | return (str); | ||
| 808 | } | ||
| 554 | 809 | ||
| 555 | const char *SSL_rstate_string(const SSL *s) | 810 | const char |
| 556 | { | 811 | *SSL_rstate_string(const SSL *s) |
| 812 | { | ||
| 557 | const char *str; | 813 | const char *str; |
| 558 | 814 | ||
| 559 | switch (s->rstate) | 815 | switch (s->rstate) { |
| 560 | { | 816 | case SSL_ST_READ_HEADER: |
| 561 | case SSL_ST_READ_HEADER:str="RH"; break; | 817 | str="RH"; break; |
| 562 | case SSL_ST_READ_BODY: str="RB"; break; | 818 | case SSL_ST_READ_BODY: |
| 563 | case SSL_ST_READ_DONE: str="RD"; break; | 819 | str="RB"; break; |
| 564 | default: str="unknown"; break; | 820 | case SSL_ST_READ_DONE: |
| 565 | } | 821 | str="RD"; break; |
| 566 | return(str); | 822 | default: |
| 823 | str="unknown"; break; | ||
| 567 | } | 824 | } |
| 825 | return (str); | ||
| 826 | } | ||
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index 6479d52c0c..5186e396ec 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c | |||
| @@ -87,30 +87,33 @@ | |||
| 87 | #include "ssl_locl.h" | 87 | #include "ssl_locl.h" |
| 88 | 88 | ||
| 89 | #ifndef OPENSSL_NO_FP_API | 89 | #ifndef OPENSSL_NO_FP_API |
| 90 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | 90 | int |
| 91 | { | 91 | SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) |
| 92 | { | ||
| 92 | BIO *b; | 93 | BIO *b; |
| 93 | int ret; | 94 | int ret; |
| 94 | 95 | ||
| 95 | if ((b=BIO_new(BIO_s_file_internal())) == NULL) | 96 | if ((b = BIO_new(BIO_s_file_internal())) == NULL) { |
| 96 | { | 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); |
| 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); | 98 | return (0); |
| 98 | return(0); | ||
| 99 | } | ||
| 100 | BIO_set_fp(b,fp,BIO_NOCLOSE); | ||
| 101 | ret=SSL_SESSION_print(b,x); | ||
| 102 | BIO_free(b); | ||
| 103 | return(ret); | ||
| 104 | } | 99 | } |
| 100 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 101 | ret = SSL_SESSION_print(b, x); | ||
| 102 | BIO_free(b); | ||
| 103 | return (ret); | ||
| 104 | } | ||
| 105 | #endif | 105 | #endif |
| 106 | 106 | ||
| 107 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | 107 | int |
| 108 | { | 108 | SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) |
| 109 | { | ||
| 109 | unsigned int i; | 110 | unsigned int i; |
| 110 | const char *s; | 111 | const char *s; |
| 111 | 112 | ||
| 112 | if (x == NULL) goto err; | 113 | if (x == NULL) |
| 113 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | 114 | goto err; |
| 115 | if (BIO_puts(bp, "SSL-Session:\n") | ||
| 116 | <= 0) goto err; | ||
| 114 | if (x->ssl_version == SSL2_VERSION) | 117 | if (x->ssl_version == SSL2_VERSION) |
| 115 | s="SSLv2"; | 118 | s="SSLv2"; |
| 116 | else if (x->ssl_version == SSL3_VERSION) | 119 | else if (x->ssl_version == SSL3_VERSION) |
| @@ -127,122 +130,122 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 127 | s="DTLSv1-bad"; | 130 | s="DTLSv1-bad"; |
| 128 | else | 131 | else |
| 129 | s="unknown"; | 132 | s="unknown"; |
| 130 | if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; | 133 | if (BIO_printf(bp, " Protocol : %s\n", s) |
| 134 | <= 0) goto err; | ||
| 131 | 135 | ||
| 132 | if (x->cipher == NULL) | 136 | if (x->cipher == NULL) { |
| 133 | { | 137 | if (((x->cipher_id) & 0xff000000) == 0x02000000) { |
| 134 | if (((x->cipher_id) & 0xff000000) == 0x02000000) | 138 | if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) |
| 135 | { | ||
| 136 | if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) | ||
| 137 | goto err; | 139 | goto err; |
| 138 | } | 140 | } else { |
| 139 | else | 141 | if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) |
| 140 | { | ||
| 141 | if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) | ||
| 142 | goto err; | 142 | goto err; |
| 143 | } | ||
| 144 | } | 143 | } |
| 145 | else | 144 | } else { |
| 146 | { | 145 | if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) |
| 147 | if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) | ||
| 148 | goto err; | 146 | goto err; |
| 149 | } | 147 | } |
| 150 | if (BIO_puts(bp," Session-ID: ") <= 0) goto err; | 148 | if (BIO_puts(bp, " Session-ID: ") |
| 151 | for (i=0; i<x->session_id_length; i++) | 149 | <= 0) goto err; |
| 152 | { | 150 | for (i = 0; i < x->session_id_length; i++) { |
| 153 | if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; | 151 | if (BIO_printf(bp, "%02X", x->session_id[i]) |
| 154 | } | 152 | <= 0) goto err; |
| 155 | if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; | 153 | } |
| 156 | for (i=0; i<x->sid_ctx_length; i++) | 154 | if (BIO_puts(bp, "\n Session-ID-ctx: ") |
| 157 | { | 155 | <= 0) goto err; |
| 158 | if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) | 156 | for (i = 0; i < x->sid_ctx_length; i++) { |
| 157 | if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) | ||
| 159 | goto err; | 158 | goto err; |
| 160 | } | 159 | } |
| 161 | if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; | 160 | if (BIO_puts(bp, "\n Master-Key: ") |
| 162 | for (i=0; i<(unsigned int)x->master_key_length; i++) | 161 | <= 0) goto err; |
| 163 | { | 162 | for (i = 0; i < (unsigned int)x->master_key_length; i++) { |
| 164 | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | 163 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 165 | } | 164 | <= 0) goto err; |
| 166 | if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | 165 | } |
| 167 | if (x->key_arg_length == 0) | 166 | if (BIO_puts(bp, "\n Key-Arg : ") |
| 168 | { | 167 | <= 0) goto err; |
| 169 | if (BIO_puts(bp,"None") <= 0) goto err; | 168 | if (x->key_arg_length == 0) { |
| 170 | } | 169 | if (BIO_puts(bp, "None") |
| 171 | else | 170 | <= 0) goto err; |
| 172 | for (i=0; i<x->key_arg_length; i++) | 171 | } else |
| 173 | { | 172 | for (i = 0; i < x->key_arg_length; i++) { |
| 174 | if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | 173 | if (BIO_printf(bp, "%02X", x->key_arg[i]) |
| 175 | } | 174 | <= 0) goto err; |
| 175 | } | ||
| 176 | #ifndef OPENSSL_NO_KRB5 | 176 | #ifndef OPENSSL_NO_KRB5 |
| 177 | if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; | 177 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 178 | if (x->krb5_client_princ_len == 0) | 178 | <= 0) goto err; |
| 179 | { | 179 | if (x->krb5_client_princ_len == 0) { |
| 180 | if (BIO_puts(bp,"None") <= 0) goto err; | 180 | if (BIO_puts(bp, "None") |
| 181 | } | 181 | <= 0) goto err; |
| 182 | else | 182 | } else |
| 183 | for (i=0; i<x->krb5_client_princ_len; i++) | 183 | for (i = 0; i < x->krb5_client_princ_len; i++) { |
| 184 | { | 184 | if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) |
| 185 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | 185 | <= 0) goto err; |
| 186 | } | 186 | } |
| 187 | #endif /* OPENSSL_NO_KRB5 */ | 187 | #endif /* OPENSSL_NO_KRB5 */ |
| 188 | #ifndef OPENSSL_NO_PSK | 188 | #ifndef OPENSSL_NO_PSK |
| 189 | if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | 189 | if (BIO_puts(bp, "\n PSK identity: ") |
| 190 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | 190 | <= 0) goto err; |
| 191 | if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | 191 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") |
| 192 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; | 192 | <= 0) goto err; |
| 193 | if (BIO_puts(bp, "\n PSK identity hint: ") | ||
| 194 | <= 0) goto err; | ||
| 195 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") | ||
| 196 | <= 0) goto err; | ||
| 193 | #endif | 197 | #endif |
| 194 | #ifndef OPENSSL_NO_SRP | 198 | #ifndef OPENSSL_NO_SRP |
| 195 | if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err; | 199 | if (BIO_puts(bp, "\n SRP username: ") |
| 196 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; | 200 | <= 0) goto err; |
| 201 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") | ||
| 202 | <= 0) goto err; | ||
| 197 | #endif | 203 | #endif |
| 198 | #ifndef OPENSSL_NO_TLSEXT | 204 | #ifndef OPENSSL_NO_TLSEXT |
| 199 | if (x->tlsext_tick_lifetime_hint) | 205 | if (x->tlsext_tick_lifetime_hint) { |
| 200 | { | ||
| 201 | if (BIO_printf(bp, | 206 | if (BIO_printf(bp, |
| 202 | "\n TLS session ticket lifetime hint: %ld (seconds)", | 207 | "\n TLS session ticket lifetime hint: %ld (seconds)", |
| 203 | x->tlsext_tick_lifetime_hint) <=0) | 208 | x->tlsext_tick_lifetime_hint) <=0) |
| 204 | goto err; | 209 | goto err; |
| 205 | } | 210 | } |
| 206 | if (x->tlsext_tick) | 211 | if (x->tlsext_tick) { |
| 207 | { | 212 | if (BIO_puts(bp, "\n TLS session ticket:\n") |
| 208 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; | 213 | <= 0) goto err; |
| 209 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | 214 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) |
| 210 | goto err; | 215 | goto err; |
| 211 | } | 216 | } |
| 212 | #endif | 217 | #endif |
| 213 | 218 | ||
| 214 | #ifndef OPENSSL_NO_COMP | 219 | #ifndef OPENSSL_NO_COMP |
| 215 | if (x->compress_meth != 0) | 220 | if (x->compress_meth != 0) { |
| 216 | { | ||
| 217 | SSL_COMP *comp = NULL; | 221 | SSL_COMP *comp = NULL; |
| 218 | 222 | ||
| 219 | ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); | 223 | ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp); |
| 220 | if (comp == NULL) | 224 | if (comp == NULL) { |
| 221 | { | 225 | if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) |
| 222 | if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; | 226 | <= 0) goto err; |
| 227 | } else { | ||
| 228 | if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0) goto err; | ||
| 223 | } | 229 | } |
| 224 | else | 230 | } |
| 225 | { | ||
| 226 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | ||
| 227 | } | ||
| 228 | } | ||
| 229 | #endif | 231 | #endif |
| 230 | if (x->time != 0L) | 232 | if (x->time != 0L) { |
| 231 | { | 233 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) |
| 232 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; | 234 | <= 0) goto err; |
| 233 | } | 235 | } |
| 234 | if (x->timeout != 0L) | 236 | if (x->timeout != 0L) { |
| 235 | { | 237 | if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; |
| 236 | if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; | ||
| 237 | } | 238 | } |
| 238 | if (BIO_puts(bp,"\n") <= 0) goto err; | 239 | if (BIO_puts(bp, "\n") |
| 240 | <= 0) goto err; | ||
| 239 | 241 | ||
| 240 | if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; | 242 | if (BIO_puts(bp, " Verify return code: ") |
| 243 | <= 0) goto err; | ||
| 241 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, | 244 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, |
| 242 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; | 245 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; |
| 243 | 246 | ||
| 244 | return(1); | 247 | return (1); |
| 245 | err: | 248 | err: |
| 246 | return(0); | 249 | return (0); |
| 247 | } | 250 | } |
| 248 | 251 | ||